Showing preview only (2,015K chars total). Download the full file or copy to clipboard to get everything.
Repository: xunholy/k8s-gitops
Branch: main
Commit: 98d45949a862
Files: 1068
Total size: 1.7 MB
Directory structure:
gitextract_vikb4s18/
├── .archive/
│ └── kubernetes/
│ ├── apps/
│ │ └── base/
│ │ └── flux-system/
│ │ └── repositories/
│ │ ├── git/
│ │ │ └── archive/
│ │ │ └── origin-ca-issuer-chart.yaml
│ │ └── helm/
│ │ └── archive/
│ │ ├── actions-runner-controller.yaml
│ │ ├── backube-charts.yaml
│ │ ├── bitnami-charts.yaml
│ │ ├── cilium-chart.yaml
│ │ ├── coredns-charts.yaml
│ │ ├── crossplane-charts.yaml
│ │ ├── csi-driver-nfs-chart.yaml
│ │ ├── descheduler-chart.yaml
│ │ ├── emberstack-charts.yaml
│ │ ├── emqx-charts.yaml
│ │ ├── external-dns-chart.yaml
│ │ ├── falco-security-charts.yaml
│ │ ├── flagger-charts.yaml
│ │ ├── grafana-charts.yaml
│ │ ├── jaegertracing-charts.yaml
│ │ ├── jetstack-charts.yaml
│ │ ├── kiali-charts.yaml
│ │ ├── kubefed-charts.yaml
│ │ ├── kubereboot-charts.yaml
│ │ ├── kubernetes-stable-charts.yaml
│ │ ├── kyverno-charts.yaml
│ │ ├── litmuschaos-charts.yaml
│ │ ├── mayastor-chart.yaml
│ │ ├── metallb-charts.yaml
│ │ ├── metrics-server-chart.yaml
│ │ ├── node-feature-discovery-chart.yaml
│ │ ├── oauth2-proxy-chart.yaml
│ │ ├── openebs-charts.yaml
│ │ ├── openfaas-charts.yaml
│ │ ├── otel-charts.yaml
│ │ ├── postfinance-charts.yaml
│ │ ├── rook-ceph.yaml
│ │ ├── sealed-secrets-charts.yaml
│ │ ├── secrets-store-csi-driver-chart.yaml
│ │ ├── stakater-charts.yaml
│ │ ├── traefik-charts.yaml
│ │ ├── vernemq-charts.yaml
│ │ ├── vmware-charts.yaml
│ │ └── xunholy-charts.yaml
│ ├── bazarr/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── ocirepository.yaml
│ │ │ ├── pvc.yaml
│ │ │ ├── resources/
│ │ │ │ └── subcleaner.sh
│ │ │ └── secret.enc.age.yaml
│ │ └── ks.yaml
│ ├── blocky/
│ │ ├── app/
│ │ │ ├── configs/
│ │ │ │ └── config.yml
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── cert-manager-csi-driver/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── cloudflare-ddns/
│ │ ├── app/
│ │ │ ├── deployment.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── secret.enc.yaml
│ │ └── ks.yaml
│ ├── coredns/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── cross-seed/
│ │ ├── app/
│ │ │ ├── externalsecret.yaml
│ │ │ ├── helmrelease.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── ocirepository.yaml
│ │ └── ks.yaml
│ ├── csi-driver-nfs/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── emqx/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ ├── cluster/
│ │ │ ├── cluster.yaml
│ │ │ ├── httproute.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── podmonitor.yaml
│ │ │ └── secret.enc.age.yaml
│ │ └── ks.yaml
│ ├── external-dns-unifi/
│ │ ├── app/
│ │ │ ├── externalsecret.yaml
│ │ │ ├── helmrelease.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── ocirepository.yaml
│ │ │ └── values.yaml
│ │ └── ks.yaml
│ ├── goldilocks/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── istio-csr/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── issuer.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── istio-ingress/
│ │ ├── README.md
│ │ ├── bedrock-broadcaster/
│ │ │ ├── app/
│ │ │ │ ├── certificates.yaml
│ │ │ │ ├── gateway.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ ├── github/
│ │ │ ├── httproute.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── service.yaml
│ │ ├── istio-gateway/
│ │ │ ├── app/
│ │ │ │ ├── authorization-policy.yaml
│ │ │ │ ├── certificates.yaml
│ │ │ │ ├── gateway.yaml
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── plex/
│ │ ├── httproute.yaml
│ │ └── kustomization.yaml
│ ├── istio-system/
│ │ ├── README.md
│ │ ├── flagger/
│ │ │ ├── app/
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ ├── istio-base/
│ │ │ ├── app/
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ ├── istio-cni/
│ │ │ ├── app/
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ ├── istiod/
│ │ │ ├── app/
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── podmonitor.yaml
│ │ │ └── ks.yaml
│ │ ├── kustomization.yaml
│ │ └── namespace.yaml
│ ├── jaeger/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── k8s-gateway/
│ │ ├── app/
│ │ │ ├── Corefile
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── kiali/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── kubefed/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── kured/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── litmus/
│ │ ├── kustomization.yaml
│ │ ├── litmus/
│ │ │ ├── app/
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ ├── httproute.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ ├── litmus-core/
│ │ │ ├── app/
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── ks.yaml
│ │ └── namespace.yaml
│ ├── loki-stack/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── metallb/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ ├── config/
│ │ │ ├── ipaddresspool.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── node-feature-discovery/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── networkpolicy.yaml
│ │ └── ks.yaml
│ ├── openclaw/
│ │ ├── app/
│ │ │ ├── backendtrafficpolicy.yaml
│ │ │ ├── configmap.yaml
│ │ │ ├── externalsecret.yaml
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── pvc.yaml
│ │ │ ├── replicationsource.yaml
│ │ │ └── volsync-externalsecret.yaml
│ │ └── ks.yaml
│ ├── openebs-system/
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── openebs/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── openfaas/
│ │ ├── README.md
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ ├── networkpolicy.yaml
│ │ └── openfaas/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── openfaas-fn/
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── networkpolicy.yaml
│ ├── origin-ca-issuer/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── plex/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── reloader/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── sealed-secrets/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── secret-store-csi-driver/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── snmp-exporter/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── speedtest/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── tf-controller/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ ├── ks.yaml
│ │ └── terraform/
│ │ └── gcp/
│ │ ├── secret.enc.age.yaml
│ │ └── terraform.yaml
│ ├── thanos/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── httproute.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── secret.enc.age.yaml
│ │ └── ks.yaml
│ ├── traefik-ingress/
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── traefik/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ └── kustomization.yaml
│ │ └── ks.yaml
│ ├── velero/
│ │ ├── kustomization.yaml
│ │ ├── namespace.yaml
│ │ └── velero/
│ │ ├── app/
│ │ │ ├── helmrelease.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── secret.enc.age.yaml
│ │ └── ks.yaml
│ └── vmangos/
│ ├── README.md
│ ├── app/
│ │ ├── dnsendpoint.yaml
│ │ ├── helmrelease.yaml
│ │ ├── kustomization.yaml
│ │ ├── pvc-data.yaml
│ │ ├── pvc-database.yaml
│ │ ├── replicationsource.yaml
│ │ ├── tcproutes.yaml
│ │ └── volsync-externalsecret.yaml
│ └── ks.yaml
├── .claude/
│ └── agents/
│ ├── README.md
│ ├── dependency-mapper.md
│ ├── flux-troubleshooter.md
│ ├── gitops-deployer.md
│ ├── resource-optimizer.md
│ └── security-auditor.md
├── .gitattributes
├── .github/
│ ├── CODEOWNERS
│ ├── CODE_OF_CONDUCT.md
│ ├── CONTRIBUTING.md
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yaml
│ │ └── feature_request.yaml
│ ├── pull_request_template.md
│ ├── renovate.json5
│ └── workflows/
│ ├── azerothcore.yaml
│ ├── cmangos-registration.yaml
│ ├── cmangos.yaml
│ ├── dex-k8s-authenticator.yaml
│ ├── flux-local.yaml
│ ├── oci.yaml
│ ├── oidc.yaml
│ ├── render-talos-manifests.yaml
│ ├── renovate.yaml
│ ├── terraform.yaml
│ └── test-e2e.yaml
├── .gitignore
├── .pre-commit-config.yaml
├── .renovate/
│ ├── autoMerge.json5
│ ├── changelogs.json5
│ ├── customManagers.json5
│ ├── grafanaDashboards.json5
│ ├── groups.json5
│ ├── labels.json5
│ └── semanticCommits.json5
├── .sops.yaml
├── .sourceignore
├── .taskfiles/
│ ├── bootstrap/
│ │ └── Taskfile.yaml
│ ├── core/
│ │ └── Taskfile.yaml
│ ├── flux/
│ │ └── Taskfile.yaml
│ └── talos/
│ └── Taskfile.yaml
├── .yamllint.yaml
├── CLAUDE.md
├── LICENSE
├── README.md
├── Taskfile.yml
├── docs/
│ └── index.html
├── hack/
│ ├── cf-terraforming.sh
│ ├── delete-all.sh
│ ├── finalizer-pods.sh
│ ├── finalizer.sh
│ ├── openebs.sh
│ ├── restart.sh
│ └── update.sh
├── kubernetes/
│ ├── apps/
│ │ ├── base/
│ │ │ ├── actions-runner-system/
│ │ │ │ ├── gha-runner-scale-set/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ └── rbac.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── gha-runner-scale-set-controller/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── namespace.yaml
│ │ │ ├── ai-system/
│ │ │ │ ├── kagent/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── values.enc.age.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ ├── crds/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kgateway/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ ├── crds/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kmcp/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── values.enc.age.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ ├── crds/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── n8n/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── helmrepository.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── values.enc.age.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── ollama/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── open-webui/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── crossplane-system/
│ │ │ │ ├── crossplane/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ ├── ks.yaml
│ │ │ │ │ ├── packages/
│ │ │ │ │ │ └── gitops/
│ │ │ │ │ │ ├── composition.yaml
│ │ │ │ │ │ ├── crossplane.yaml
│ │ │ │ │ │ └── definition.yaml
│ │ │ │ │ └── providers/
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── provider.yaml
│ │ │ │ ├── examples/
│ │ │ │ │ ├── example.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── providerconfig.yaml
│ │ │ │ │ └── secret.enc.age.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── namespace.yaml
│ │ │ ├── democratic-csi/
│ │ │ │ ├── democratic-csi/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── secret.enc.age.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── namespace.yaml
│ │ │ ├── development/
│ │ │ │ ├── backstage/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── open-feature-operator/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── vcluster/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── external-secrets/
│ │ │ │ ├── external-secrets/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── pdb.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ └── onepassword/
│ │ │ │ ├── app/
│ │ │ │ │ ├── clustersecretstore.yaml
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── flux-system/
│ │ │ │ ├── artifact-generator/
│ │ │ │ │ ├── artifactgenerator.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── flux-instance/
│ │ │ │ │ ├── extras/
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── podmonitor.yaml
│ │ │ │ │ │ ├── prometheusrule.yaml
│ │ │ │ │ │ ├── receiver.yaml
│ │ │ │ │ │ └── secret.enc.age.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── repositories/
│ │ │ │ ├── git/
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ ├── helm/
│ │ │ │ │ ├── backstage-charts.yaml
│ │ │ │ │ ├── crowdsec-charts.yaml
│ │ │ │ │ ├── democratic-csi-charts.yaml
│ │ │ │ │ ├── dex-chart.yaml
│ │ │ │ │ ├── fairwinds-charts.yaml
│ │ │ │ │ ├── fluxcd-kustomize-mutating-webhook-chart.yaml
│ │ │ │ │ ├── gatekeeper-charts.yaml
│ │ │ │ │ ├── harbor-charts.yaml
│ │ │ │ │ ├── ingress-nginx-chart.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── loft-charts.yaml
│ │ │ │ │ ├── minecraft-server-charts.yaml
│ │ │ │ │ ├── ollama-charts.yaml
│ │ │ │ │ ├── open-webui-charts.yaml
│ │ │ │ │ └── openfeature-charts.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── oci/
│ │ │ │ ├── bjw-charts.yaml
│ │ │ │ ├── controlplaneio-charts.yaml
│ │ │ │ ├── gha-runner-scale-set-charts.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── prometheus-community-charts.yaml
│ │ │ │ └── xentra-charts.yaml
│ │ │ ├── game-servers/
│ │ │ │ ├── adminer/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── azerothcore/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── dnsendpoint.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-client-data.yaml
│ │ │ │ │ │ ├── pvc-cores.yaml
│ │ │ │ │ │ ├── pvc-database.yaml
│ │ │ │ │ │ ├── realm-config-job.yaml
│ │ │ │ │ │ ├── realmlist.sql
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── resources/
│ │ │ │ │ │ │ ├── Dockerfile
│ │ │ │ │ │ │ └── fifo-wrapper.sh
│ │ │ │ │ │ ├── tcproutes.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── cmangos/
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── achievements-migration-job.yaml
│ │ │ │ │ │ ├── attunement-migration-job.yaml
│ │ │ │ │ │ ├── barber-migration-job.yaml
│ │ │ │ │ │ ├── dnsendpoint.yaml
│ │ │ │ │ │ ├── dualspec-migration-job.yaml
│ │ │ │ │ │ ├── externalsecret-database.yaml
│ │ │ │ │ │ ├── hardcore-migration-job.yaml
│ │ │ │ │ │ ├── hearthstone-cd-migration-job.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── lookup-gm-security-migration-job.yaml
│ │ │ │ │ │ ├── mangos-string-517-migration-job.yaml
│ │ │ │ │ │ ├── prometheusrule.yaml
│ │ │ │ │ │ ├── pvc-cores.yaml
│ │ │ │ │ │ ├── pvc-data.yaml
│ │ │ │ │ │ ├── pvc-database.yaml
│ │ │ │ │ │ ├── pvc-logs.yaml
│ │ │ │ │ │ ├── realm-address-migration-job.yaml
│ │ │ │ │ │ ├── realm-pvp-migration-job.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── tcproutes.yaml
│ │ │ │ │ │ ├── trainingdummies-migration-job.yaml
│ │ │ │ │ │ ├── transmog-migration-job.yaml
│ │ │ │ │ │ ├── twink-vendor-migration-job.yaml
│ │ │ │ │ │ ├── vip-master-spell-migration-job.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── cmangos-ptr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── db-init-job.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-cores.yaml
│ │ │ │ │ │ ├── pvc-data.yaml
│ │ │ │ │ │ ├── pvc-logs.yaml
│ │ │ │ │ │ ├── realm-row-migration-job.yaml
│ │ │ │ │ │ └── tcproute.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── emberstone-portal/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret-soap.yaml
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ └── resources/
│ │ │ │ │ │ ├── bot_filter.php
│ │ │ │ │ │ ├── config.php
│ │ │ │ │ │ ├── footer.php
│ │ │ │ │ │ ├── header.php
│ │ │ │ │ │ ├── howtoconnect.php
│ │ │ │ │ │ ├── main.php
│ │ │ │ │ │ └── posts.php
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── enemy-territory/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── configmap.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── secret.enc.age.yaml
│ │ │ │ │ │ └── udproute.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── minecraft/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── config/
│ │ │ │ │ │ │ └── geysermc.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── secret.enc.age.yaml
│ │ │ │ │ │ ├── tcproute.yaml
│ │ │ │ │ │ ├── values.enc.age.yaml
│ │ │ │ │ │ ├── values.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── minecraft-bedrock/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── udproute.yaml
│ │ │ │ │ │ ├── values.enc.age.yaml
│ │ │ │ │ │ ├── values.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── minecraft-bedrock-broadcaster/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── udproute.yaml
│ │ │ │ │ │ ├── values.enc.age.yaml
│ │ │ │ │ │ ├── values.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── minecraft-pixelmon/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── minecraft-proxy/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── minecraft-rcon-web/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── secret.enc.age.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── minecraft-router/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── minecraft-witherstorm/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── namespace.yaml
│ │ │ ├── harbor/
│ │ │ │ ├── harbor/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── namespace.yaml
│ │ │ ├── home-system/
│ │ │ │ ├── autobrr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── bazarr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── home-assistant/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── jellyseerr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── mosquitto/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── prowlarr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── qbittorrent/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── qui/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── radarr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── recyclarr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── resources/
│ │ │ │ │ │ │ └── recyclarr.yml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── sabnzbd/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── resources/
│ │ │ │ │ │ │ └── xseed.sh
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── smtp-relay/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── sonarr/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── tautulli/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── zigbee2mqtt/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── pvc-ceph.yaml
│ │ │ │ │ ├── pvc.yaml
│ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kguardian/
│ │ │ │ ├── kguardian/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── auditnetworkpolicy-baseline.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── pvc-database.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── namespace.yaml
│ │ │ ├── kube-system/
│ │ │ │ ├── cilium/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── loadbalancer.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── descheduler/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── keda/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kubelet-csr-approver/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── metrics-server/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── priorityclass.yaml
│ │ │ │ ├── reflector/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── snapshot-controller/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── spegel/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── tetragon/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── network-system/
│ │ │ │ ├── README.md
│ │ │ │ ├── cert-manager/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── clusterissuer-prod.yaml
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── prometheusrule.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── cloudflare-tunnel/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── dnsendpoint.yaml
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── dex/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── dex-k8s-authenticator/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── clusterrolebinding.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── resources/
│ │ │ │ │ │ ├── Dockerfile
│ │ │ │ │ │ ├── dex-auth.go
│ │ │ │ │ │ ├── entrypoint.sh
│ │ │ │ │ │ ├── go.mod
│ │ │ │ │ │ ├── go.sum
│ │ │ │ │ │ ├── html/
│ │ │ │ │ │ │ └── static/
│ │ │ │ │ │ │ ├── main.css
│ │ │ │ │ │ │ ├── snippets.js
│ │ │ │ │ │ │ ├── styles.css
│ │ │ │ │ │ │ ├── tabs.css
│ │ │ │ │ │ │ └── tooltips.js
│ │ │ │ │ │ ├── main.go
│ │ │ │ │ │ ├── templates/
│ │ │ │ │ │ │ ├── error.html
│ │ │ │ │ │ │ ├── id-token-tab.html
│ │ │ │ │ │ │ ├── index.html
│ │ │ │ │ │ │ ├── kubeconfig.html
│ │ │ │ │ │ │ ├── linux-mac-common.html
│ │ │ │ │ │ │ ├── linux-tab.html
│ │ │ │ │ │ │ ├── mac-tab.html
│ │ │ │ │ │ │ └── windows-tab.html
│ │ │ │ │ │ └── templates.go
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── echo-server/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── envoy-gateway/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── certificates.yaml
│ │ │ │ │ │ ├── envoy.yaml
│ │ │ │ │ │ ├── gatewayclass.yaml
│ │ │ │ │ │ ├── gateways.yaml
│ │ │ │ │ │ ├── grafanadashboards.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproutes.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── monitors.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── pdb.yaml
│ │ │ │ │ │ └── policies.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── external-dns/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── pdb.yaml
│ │ │ │ │ │ ├── prometheusrule.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── external-dns-unifi/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── multus/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── rbac.yaml
│ │ │ │ │ ├── ks.yaml
│ │ │ │ │ └── networks/
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── network.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ └── oauth2-proxy/
│ │ │ │ ├── app/
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── ocirepository.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── nginx-ingress/
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ └── nginx-ingress/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── observability/
│ │ │ │ ├── blackbox-exporter/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── probes.yaml
│ │ │ │ │ │ └── values.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── grafana/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ ├── instance/
│ │ │ │ │ │ ├── grafana.yaml
│ │ │ │ │ │ ├── grafanadatasource.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── replicationsource.yaml
│ │ │ │ │ │ ├── servicemonitor.yaml
│ │ │ │ │ │ └── volsync-externalsecret.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kromgo/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ │ └── resources/
│ │ │ │ │ │ └── config.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kube-prometheus-stack/
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── alertmanager-replicationsource.yaml
│ │ │ │ │ │ ├── alertmanager-volsync-externalsecret.yaml
│ │ │ │ │ │ ├── alertmanagerconfig.yaml
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ │ ├── prometheus-replicationsource.yaml
│ │ │ │ │ │ ├── prometheus-volsync-externalsecret.yaml
│ │ │ │ │ │ ├── resources/
│ │ │ │ │ │ │ └── flux-metrics.yaml
│ │ │ │ │ │ ├── scrapeconfig.yaml
│ │ │ │ │ │ └── silence-watchdog.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── loki/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ ├── otel/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── silence-operator/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── vpa/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── preview-system/
│ │ │ │ ├── app/
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── resourceset.yaml
│ │ │ │ │ └── resourcesetinputprovider.yaml
│ │ │ │ ├── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ └── namespace.yaml
│ │ │ ├── rook-ceph/
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── namespace.yaml
│ │ │ │ └── rook-ceph/
│ │ │ │ ├── app/
│ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ ├── pdb.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ ├── cluster/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ ├── ocirepository.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── security-system/
│ │ │ │ ├── crowdsec/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── falco/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── falco-exporter/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── gatekeeper/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── podmonitor.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── kyverno/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── ocirepository.yaml
│ │ │ │ │ └── ks.yaml
│ │ │ │ └── namespace.yaml
│ │ │ └── volsync-system/
│ │ │ ├── kopia/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── httproute.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── kustomization.yaml
│ │ │ ├── namespace.yaml
│ │ │ └── volsync/
│ │ │ ├── app/
│ │ │ │ ├── grafanadashboard.yaml
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ ├── mutatingadmissionpolicy.yaml
│ │ │ │ ├── ocirepository.yaml
│ │ │ │ ├── prometheusrule.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── ks.yaml
│ │ │ └── maintenance/
│ │ │ ├── kopiamaintenance.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── mutatingadmissionpolicy.yaml
│ │ └── overlays/
│ │ └── cluster-00/
│ │ └── kustomization.yaml
│ ├── bootstrap/
│ │ └── helmfile.yaml
│ ├── clusters/
│ │ └── cluster-00/
│ │ ├── flux-system/
│ │ │ ├── flux-instance/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ └── ks.yaml
│ │ │ ├── flux-operator/
│ │ │ │ ├── app/
│ │ │ │ │ ├── helmrelease.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ └── ks.yaml
│ │ │ └── kustomize-mutating-webhook/
│ │ │ ├── app/
│ │ │ │ ├── helmrelease.yaml
│ │ │ │ ├── kustomization.yaml
│ │ │ │ ├── kustomizeconfig.yaml
│ │ │ │ └── values.yaml
│ │ │ └── ks.yaml
│ │ ├── ks.yaml
│ │ └── secrets/
│ │ ├── .sops.pub.asc
│ │ ├── cluster-config.yaml
│ │ ├── cluster-secrets.enc.age.yaml
│ │ ├── github-auth.enc.age.yaml
│ │ └── sops-age.encrypted.yaml
│ ├── components/
│ │ ├── common/
│ │ │ ├── alerts/
│ │ │ │ ├── github/
│ │ │ │ │ ├── alerts.yaml
│ │ │ │ │ ├── externalsecret.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ └── provider.yaml
│ │ │ │ └── kustomization.yaml
│ │ │ └── kustomization.yaml
│ │ └── volsync/
│ │ ├── externalsecret.yaml
│ │ ├── kustomization.yaml
│ │ ├── pvc.yaml
│ │ ├── replicationdestination.yaml
│ │ └── replicationsource.yaml
│ └── tenants/
│ └── .gitkeep
├── talos/
│ ├── README.md
│ ├── generated/
│ │ ├── controlplane.enc.age.yaml
│ │ └── talosconfig.enc.age.yaml
│ ├── integrations/
│ │ ├── cert-approver/
│ │ │ ├── .gitignore
│ │ │ ├── README.md
│ │ │ ├── cert-approver.yaml
│ │ │ ├── kustomization.yaml
│ │ │ └── transformers.yaml
│ │ └── cilium/
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── cilium.yaml
│ │ ├── kustomization.yaml
│ │ └── transformers.yaml
│ └── patches/
│ ├── iscsi.yaml
│ ├── metric-server.yaml
│ └── metrics.yaml
├── terraform/
│ └── gcp/
│ ├── README.md
│ ├── _backend.tf
│ ├── _provider.tf
│ ├── install.sh
│ ├── sops.tf
│ ├── thanos.tf
│ ├── variables.tf
│ └── velero.tf
└── wrangler.toml
================================================
FILE CONTENTS
================================================
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/git/archive/origin-ca-issuer-chart.yaml
================================================
---
# TODO: Once the chart is published use HelmRepository
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: origin-ca-issuer-chart-git
namespace: flux-system
spec:
interval: 10m
url: https://github.com/cloudflare/origin-ca-issuer
ref:
branch: trunk
ignore: |
# exclude all
/*
# include charts directory
!/deploy/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/actions-runner-controller.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: actions-runner-controller
namespace: flux-system
spec:
interval: 2h
url: https://actions-runner-controller.github.io/actions-runner-controller
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/backube-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: backube-charts
namespace: flux-system
spec:
interval: 2h
url: https://backube.github.io/helm-charts/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/bitnami-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: bitnami-charts
namespace: flux-system
spec:
interval: 2h
url: https://charts.bitnami.com/bitnami
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/cilium-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cilium-chart
namespace: flux-system
spec:
interval: 2h
url: https://helm.cilium.io/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/coredns-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: coredns-charts
namespace: flux-system
spec:
interval: 2h
url: https://coredns.github.io/helm
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/crossplane-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: crossplane-charts
namespace: flux-system
spec:
interval: 2h
url: https://charts.crossplane.io/stable
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/csi-driver-nfs-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: csi-driver-nfs-chart
namespace: flux-system
spec:
interval: 2h
url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/descheduler-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: descheduler-chart
namespace: flux-system
spec:
interval: 2h
url: https://kubernetes-sigs.github.io/descheduler
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/emberstack-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: emberstack-charts
namespace: flux-system
spec:
interval: 2h
url: https://emberstack.github.io/helm-charts/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/emqx-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: emqx-charts
namespace: flux-system
spec:
interval: 2h
url: https://repos.emqx.io/charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/external-dns-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: external-dns-chart
namespace: flux-system
spec:
interval: 2h
url: https://kubernetes-sigs.github.io/external-dns
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/falco-security-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: falco-security-charts
namespace: flux-system
spec:
interval: 2h
url: https://falcosecurity.github.io/charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/flagger-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: flagger-charts
namespace: flux-system
spec:
interval: 2h
url: https://flagger.app
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/grafana-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: grafana-charts
namespace: flux-system
spec:
interval: 2h
url: https://grafana.github.io/helm-charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/jaegertracing-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: jaegertracing-charts
namespace: flux-system
spec:
interval: 2h
url: https://jaegertracing.github.io/helm-charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/jetstack-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: jetstack-charts
namespace: flux-system
spec:
interval: 2h
url: https://charts.jetstack.io/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kiali-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: kiali-charts
namespace: flux-system
spec:
interval: 2h
url: https://kiali.org/helm-charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kubefed-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: kubefed-charts
namespace: flux-system
spec:
interval: 2h
url: https://raw.githubusercontent.com/kubernetes-sigs/kubefed/master/charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kubereboot-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: kubereboot-charts
namespace: flux-system
spec:
interval: 2h
url: https://kubereboot.github.io/charts/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kubernetes-stable-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: kubernetes-stable-charts
namespace: flux-system
spec:
interval: 2h
url: https://charts.helm.sh/stable
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kyverno-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: kyverno-charts
namespace: flux-system
spec:
interval: 2h
url: https://kyverno.github.io/kyverno/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/litmuschaos-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: litmuschaos-charts
namespace: flux-system
spec:
interval: 2h
url: https://litmuschaos.github.io/litmus-helm/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/mayastor-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: mayastor-chart
namespace: flux-system
spec:
interval: 2h
url: https://openebs.github.io/mayastor-extensions/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/metallb-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: metallb-charts
namespace: flux-system
spec:
interval: 2h
url: https://metallb.github.io/metallb
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/metrics-server-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: metrics-server-chart
namespace: flux-system
spec:
interval: 2h
url: https://kubernetes-sigs.github.io/metrics-server
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/node-feature-discovery-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: node-feature-discovery-chart
namespace: flux-system
spec:
interval: 2h
url: https://kubernetes-sigs.github.io/node-feature-discovery/charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/oauth2-proxy-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: oauth2-proxy-chart
namespace: flux-system
spec:
interval: 2h
url: https://oauth2-proxy.github.io/manifests
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/openebs-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: openebs-chart
namespace: flux-system
spec:
interval: 2h
url: https://openebs.github.io/openebs
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/openfaas-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: openfaas-charts
namespace: flux-system
spec:
interval: 2h
url: https://openfaas.github.io/faas-netes/
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/otel-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: otel-charts
namespace: flux-system
spec:
interval: 2h
url: https://open-telemetry.github.io/opentelemetry-helm-charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/postfinance-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: postfinance-charts
namespace: flux-system
spec:
interval: 2h
url: https://postfinance.github.io/kubelet-csr-approver
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/rook-ceph.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: rook-ceph
namespace: flux-system
spec:
interval: 2h
url: https://charts.rook.io/release
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/sealed-secrets-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: sealed-secrets-charts
namespace: flux-system
spec:
interval: 2h
url: https://bitnami-labs.github.io/sealed-secrets
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/secrets-store-csi-driver-chart.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: secrets-store-csi-driver-chart
namespace: flux-system
spec:
interval: 2h
url: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/stakater-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: stakater-charts
namespace: flux-system
spec:
interval: 2h
url: https://stakater.github.io/stakater-charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/traefik-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik-charts
namespace: flux-system
spec:
interval: 2h
url: https://helm.traefik.io/traefik
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/vernemq-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: vernemq-charts
namespace: flux-system
spec:
interval: 2h
url: https://vernemq.github.io/docker-vernemq
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/vmware-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: vmware-charts
namespace: flux-system
spec:
interval: 2h
url: https://vmware-tanzu.github.io/helm-charts
================================================
FILE: .archive/kubernetes/apps/base/flux-system/repositories/helm/archive/xunholy-charts.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: xunholy-charts
namespace: flux-system
spec:
interval: 3m
url: https://xunholy.github.io/charts
timeout: 3m
================================================
FILE: .archive/kubernetes/bazarr/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.jsonapiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app bazarr
namespace: home-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: bazarr
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
controllers:
*app :
containers:
app:
image:
repository: ghcr.io/home-operations/bazarr
tag: 1.5.6@sha256:79fc37491f55c7e24427bcd669bce3df2d7415ca432a47ce9d53cc5988af8411
env:
TZ: Australia/Melbourne
envFrom:
- secretRef:
name: bazarr-secret
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /health
port: &port 6767
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 10
securityContext: &securityContext
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 1Gi
subcleaner:
image:
repository: registry.k8s.io/git-sync/git-sync
tag: v4.6.0@sha256:228a26d5f55ac5ae9c51635812570ba0073e0b1e0bd8fc3a653a0523b918c092
env:
GITSYNC_REPO: https://github.com/KBlixt/subcleaner
GITSYNC_REF: master
GITSYNC_PERIOD: 24h
GITSYNC_ROOT: /subcleaner
resources:
requests:
cpu: 10m
limits:
memory: 128Mi
securityContext: *securityContext
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: *app
ports:
http:
port: *port
persistence:
config:
existingClaim: bazarr
config-cache:
type: emptyDir
globalMounts:
- path: /config/cache
config-log:
type: emptyDir
globalMounts:
- path: /config/log
media:
type: nfs
server: expanse.internal
path: /mnt/tank/media
globalMounts:
- path: /media
scripts:
type: configMap
name: bazarr-scripts
defaultMode: 0775
globalMounts:
- path: /scripts/subcleaner.sh
subPath: subcleaner.sh
readOnly: true
subcleaner:
type: emptyDir
tmp:
type: emptyDir
================================================
FILE: .archive/kubernetes/bazarr/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: bazarr
namespace: home-system
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'bazarr.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: bazarr
port: 6767
weight: 100
================================================
FILE: .archive/kubernetes/bazarr/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: home-system
resources:
- helmrelease.yaml
- httproute.yaml
- ocirepository.yaml
- pvc.yaml
- secret.enc.age.yaml
configMapGenerator:
- name: bazarr-scripts
namespace: home-system
files:
- subcleaner.sh=./resources/subcleaner.sh
generatorOptions:
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled
================================================
FILE: .archive/kubernetes/bazarr/app/ocirepository.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: bazarr
spec:
interval: 5m
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
ref:
tag: 4.6.2
url: oci://ghcr.io/bjw-s-labs/helm/app-template
================================================
FILE: .archive/kubernetes/bazarr/app/pvc.yaml
================================================
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr
namespace: home-system
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
storageClassName: truenas-iscsi-csi
================================================
FILE: .archive/kubernetes/bazarr/app/resources/subcleaner.sh
================================================
#!/usr/bin/env bash
printf "Cleaning subtitles for '%s' ...\n" "$1"
python3 /subcleaner/subcleaner/subcleaner.py "$1" -s
case $1 in
*movies*) section="1";;
*shows*) section="2";;
esac
if [[ -n "$section" ]]; then
printf "Refreshing Plex section '%s' for '%s' ...\n" "$section" "$(dirname "$1")"
/usr/bin/curl -I -X GET -G \
--data-urlencode "path=$(dirname "$1")" \
--data-urlencode "X-Plex-Token=${PLEX_TOKEN}" \
--no-progress-meter \
"http://plex.home-system.svc.cluster.local:32400/library/sections/${section}/refresh"
fi
================================================
FILE: .archive/kubernetes/bazarr/app/secret.enc.age.yaml
================================================
apiVersion: v1
kind: Secret
metadata:
name: bazarr-secret
namespace: home-system
type: Opaque
stringData:
PLEX_TOKEN: ENC[AES256_GCM,data:dH2SinyDwDsQ+h10nspxcXemmXI=,iv:6w7IHfDLw5C0gctPWGsM3Mgqt2F34Mt3xoePexq66d0=,tag:vb+DOOM57tL6oqo5zt/NaA==,type:str]
sops:
age:
- recipient: age19gj66fq5v2veu940ftyj4pkw0w5tgxgddlyqnd00pnjzyndevurqx70g4t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VnhsL2ZxY0ppaW53NFBL
S0RtaDZ5TUNHZGNjSXExM0FIV05Ma0Q5SEVjCkJldmE5YTFVNWllOHUzd1JMeEpP
bEFMOFlISitOZ0lXTHBuZFlaOWRQalUKLS0tIGVsMXg1QkZzb0ptb2ZWaUZiV0pa
TmU2TWRFZHFNQ29ZQTJxL012b1ZzZHcKkIRCY6beY1rlDhs49KHLCa2HiSu5J8b7
usWq6F+jrdkeYWyN3zjTNrdfJ5isoS4m22y4Cr9JJCmahk1zBiSoUg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-22T01:43:27Z"
mac: ENC[AES256_GCM,data:N9t7RbEcsvowgLnBeIoG3U6IIJ28XMVVHy6vVEmS6ZSVWyQKZf36TSH6fI6eIduftjkDo3WkyyZXMonQCm1nrsCmaT/JEx2zKcbUe6zsRyi7TAfCKl46bSJbR8QC82v36Fhfo3bKH0yUJ/lZpR5gfQo6UPQXh83rnJVBN97C4q8=,iv:Q2GJ50FGfWv1y4qExZAvCqDKQz5nJ4oFSL7Pa1LpdRc=,tag:BA3vB5awv/oSz2J/VmHL2g==,type:str]
encrypted_regex: ^(data|stringData)$
mac_only_encrypted: true
version: 3.11.0
================================================
FILE: .archive/kubernetes/bazarr/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app bazarr
namespace: home-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/home-system/bazarr/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: democratic-csi
namespace: democratic-csi
targetNamespace: home-system
================================================
FILE: .archive/kubernetes/blocky/app/configs/config.yml
================================================
---
# https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-tls/#how-it-works
upstream:
default:
- tcp-tls:one.one.one.one:853
- tcp-tls:dns.quad9.net:853
bootstrapDns: tcp+udp:1.1.1.1
# customDNS:
# customTTL: 1h
# filterUnmappedTypes: true
# mapping:
# ${CLUSTER_DOMAIN}: ${CLUSTER_LB_COREDNS}
# conditional:
# mapping:
# cluster.local: 10.96.0.10
# ${CLUSTER_DOMAIN}: ${CLUSTER_LB_COREDNS}
# .: ${GATEWAY_IP}
blocking:
blackLists:
suspicious:
- https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
- https://v.firebog.net/hosts/static/w3kbl.txt
ads:
- https://adaway.org/hosts.txt
- https://v.firebog.net/hosts/AdguardDNS.txt
- https://v.firebog.net/hosts/Admiral.txt
- https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- https://v.firebog.net/hosts/Easylist.txt
- https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
- https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
trackers:
- https://v.firebog.net/hosts/Easyprivacy.txt
- https://v.firebog.net/hosts/Prigent-Ads.txt
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
- https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
misc:
- https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
- https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
- https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
- https://v.firebog.net/hosts/Prigent-Crypto.txt
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
- https://phishing.army/download/phishing_army_blocklist_extended.txt
- https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
- https://v.firebog.net/hosts/RPiList-Malware.txt
- https://v.firebog.net/hosts/RPiList-Phishing.txt
- https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
- https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts
whiteLists:
suspicious:
- https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
ads:
- https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
trackers:
- https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
misc:
- https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
clientGroupsBlock:
default:
- suspicious
- ads
- trackers
- misc
# clientLookup:
# upstream: ${GATEWAY_IP}
caching:
minTime: 5m
prefetching: true
redis:
required: true
address: redis-master
sentinelAddresses:
- redis-node-0.redis-headless.databases.svc.cluster.local:26379
- redis-node-1.redis-headless.databases.svc.cluster.local:26379
- redis-node-2.redis-headless.databases.svc.cluster.local:26379
prometheus:
enable: true
path: /metrics
httpPort: 4000
logLevel: info
================================================
FILE: .archive/kubernetes/blocky/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.jsonapiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app blocky
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: app-template
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
controllers:
blocky:
replicas: 1
strategy: RollingUpdate
containers:
app:
image:
repository: ghcr.io/0xerr0r/blocky
tag: v0.26
env:
TZ: Australia/Melbourne
HTTP_PORT: &port 4000
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /healthz
port: *port
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { add: [NET_BIND_SERVICE], drop: ["ALL"] }
seccompProfile:
type: RuntimeDefault
resources:
requests:
cpu: 10m
limits:
memory: 128Mi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: &uid
runAsGroup: *uid
fsGroup: *uid
fsGroupChangePolicy: Always
seccompProfile: { type: RuntimeDefault }
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app
service:
app:
controller: *app
ports:
http:
port: *port
dns:
controller: *app
type: LoadBalancer
annotations:
io.cilium/lb-ipam-ips: ${CLUSTER_LB_BLOCKY}
ports:
dns-tcp:
port: &DNSPort 53
protocol: TCP
dns-udp:
port: *DNSPort
protocol: UDP
serviceMonitor:
app:
serviceName: *app
endpoints:
- port: http
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
================================================
FILE: .archive/kubernetes/blocky/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
configMapGenerator:
- name: blocky
files:
- ./configs/config.yml
================================================
FILE: .archive/kubernetes/blocky/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: blocky
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/blocky/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/cert-manager-csi-driver/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app cert-manager-csi-driver
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: cert-manager-csi-driver
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
================================================
FILE: .archive/kubernetes/cert-manager-csi-driver/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: network-system
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/cert-manager-csi-driver/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cert-manager-csi-driver
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/cert-manager-csi-driver/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/cloudflare-ddns/app/deployment.yaml
================================================
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cloudflare-ddns
name: cloudflare-ddns
namespace: network-system
spec:
replicas: 1
selector:
matchLabels:
app: cloudflare-ddns
template:
metadata:
annotations:
sidecar.istio.io/inject: 'false'
labels:
app: cloudflare-ddns
spec:
containers:
- env:
- name: CF_APITOKEN
valueFrom:
secretKeyRef:
key: api-token
name: cloudflare-ddns
- name: CF_ZONES
valueFrom:
secretKeyRef:
key: zones
name: cloudflare-ddns
- name: CF_HOSTS
valueFrom:
secretKeyRef:
key: hosts
name: cloudflare-ddns
- name: CF_RECORDTYPES
valueFrom:
secretKeyRef:
key: record-types
name: cloudflare-ddns
# https://github.com/docker-hotio/docker-cloudflare-ddns#log-levels
- name: LOG_LEVEL
value: '3'
- name: INTERVAL
value: '300'
image: ghcr.io/hotio/cloudflareddns:latest
name: cloudflare-ddns
# Resources allocated based on Robusta KRR output
resources:
limits:
memory: 64Mi
requests:
cpu: 20m
memory: 10Mi
================================================
FILE: .archive/kubernetes/cloudflare-ddns/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- secret.enc.yaml
================================================
FILE: .archive/kubernetes/cloudflare-ddns/app/secret.enc.yaml
================================================
apiVersion: v1
data:
api-token: ENC[AES256_GCM,data:d5RH6/yKHPhv0zGikfuG3pdP2Y6ur9Mv6XqOvsMD30v3NxmspWQnGNjBQFrqye4/Yo5WSWghl5A=,iv:tobryj4KN8o9qppDPUjxG9JVvqJl1WZHh5lCoMqSCt4=,tag:QwFTnMMVfJbY/h/Q4wsI0w==,type:str]
hosts: ENC[AES256_GCM,data:9yq6mOUZrtG+XDHAqqLkFexrtD5oh6uY,iv:uf/1XBs8fzvYAzf04PHWN2/12MKCRp4JOqIeMjA2/J4=,tag:jNYBkT+A6lZMTYOguR+OKQ==,type:str]
record-types: ENC[AES256_GCM,data:XofIqigyWOL1HvMP,iv:4nbLHk9Qki0mmwMIO/+lijx2hyte5HFZh2y5ibMCbEo=,tag:16/OYVoOT6rKKckXCi2tww==,type:str]
zones: ENC[AES256_GCM,data:z7baA7qAHRmFTbKcD3+71rTVWFRRnxzz,iv:8LyGmFciAoRp214zSgNOKybqSVImxR751mCCwFusQ00=,tag:1rlS3nv/akKUfFJcQeObFQ==,type:str]
kind: Secret
metadata:
creationTimestamp: null
name: cloudflare-ddns
namespace: network-system
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-09-19T23:59:15Z"
mac: ENC[AES256_GCM,data:R1+ZOUSq4rZIezK9Nr7/gUp3dtOdMyr1/+JAgwV9YvgAJGZkdHgmsAtP/bLsXyEeFRdxYxT5+2Rfw5GjzV3PUAFn5DSc/CwMDhyOj6dUzL+Z218YEb/rGLJI/RJl71e+WWMQ6JQ7h+c7EXWZbHU97KMuomEBHZc6+O990/XLkec=,iv:2umk1CDEimyR5/QrSksrPYO8ZudL6WHSex537lH7hYc=,tag:DsW8h3xKwbQiNUBDYum7Sw==,type:str]
pgp:
- created_at: "2021-09-19T23:59:13Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAx42lmLHwoZwAQ/+PigSeQN7F83kI0auxNzhPlixPM/aoQqqbPmLCuCaJK24
XLc/iT2diZtN502Q5wbplDEIjfHx8wV0s5c5/Iigx2vCRqxWesRCv+l/PoKIucRU
g93kYJHDJEMeopRZSsmY6V0MbZY2n8URfYDkCRXRgjY7SKAm3aKeIzdarOBqISzW
abgBMh6i+mCK60XtGPtEEDmrcO0EIpOCsV4OXI+YZ7/M/ktKpg9WJ56k3s/nI0fb
x92n5/QifKGwNiPGca1N1/yHUt8O+sbB1juOmnahPvqY0Y6D3rzMTLM7/Iv+/5xR
oBd7J+f5OGIhLRc5ZXmUOlQb6JCJrN800lAiZSHvIVqAUILtxFYXoO6njR/prUWW
8ibo0mlPE+PJMzeaIWJiR/y0WM6k+Uns8T+PioLS9byK2welCGSN7Un8UPiX77TN
huGj/LDLi+1Bp97tIpvT5N50ysWV3LP+0Ga7pDSXUYrUA6qNct3hM7hS86vt5xGD
y3DR7BP1dpPNvAlSYE/grWt/vLyX96FRXwFsiJFsR62SJAwod1QV1O+m8gIFrHnz
mBeVFljZysAJtChlxBRU1OlX9+ROBQINUs9cYvvsS4WkcNhefj9icE2jFwHx4dqs
VdQu3rP3GOIORzZDxFOsQU4yaGOGh18hqiVPItolI87KZgLOxZyJouCJZg72JdHS
XgGEgNa6pwu0IUqUQ/16WA0by+Ej9O5LZgKRU2usZHdOt9y/sLGtpYg+N6SDDMzF
JfC/dzuz5FYutSuhAm9lScl71ejigKODDMRGoROsjHSYciyQYnJNFkmSh3w0C5E=
=frjn
-----END PGP MESSAGE-----
fp: 0635B8D34037A9453003FB7B93CAA682FF4C9014
encrypted_regex: ^(data|stringData)$
version: 3.7.1
================================================
FILE: .archive/kubernetes/cloudflare-ddns/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cloudflare-ddns
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/cloudflare-ddns/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/coredns/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app coredns
namespace: network-system
spec:
interval: 1h
releaseName: coredns
chartRef:
kind: OCIRepository
name: coredns
namespace: flux-system
dependsOn:
- name: cilium
namespace: kube-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
# Resources allocated based on Robusta KRR output
resources:
limits:
memory: 128Mi
requests:
cpu: 24m
memory: 128Mi
# Custom image bundled with external plugins; currently not in use.
# This image is reusable and can be viewed with the available plugins here https://github.com/xUnholy/coredns
# image:
# repository: xunholy/coredns
# tag: '1.8.0-rc.7'
# pullPolicy: Always
rbac:
create: true
replicaCount: 1
# In this mode CoreDNS is deployed as any kubernetes app in user specified namespace.
# The CoreDNS service can be exposed outside the cluster by using using either the NodePort or LoadBalancer type of service.
# This mode is chosen by setting isClusterService to false
isClusterService: false
serviceType: LoadBalancer
service:
annotations:
io.cilium/lb-ipam-ips: ${CLUSTER_LB_COREDNS}
externalTrafficPolicy: Cluster
# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options
servers:
- zones:
- zone: .
scheme: dns://
- zone: raspbernetes.com.
scheme: dns://
port: 53
plugins:
- name: log
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
# Forward everything else to Cloudflare DNS
# Note: plugin/forward: this plugin can only be used once per Server Block
- name: forward
parameters: . 1.1.1.1
configBlock: |-
except raspbernetes.com *.raspbernetes.com
- name: file
parameters: /etc/coredns/raspbernetes.db raspbernetes.com
# Set up cache
- name: cache
parameters: 30
# Detects simple forwarding loops and halts the CoreDNS process if a loop is found.
- name: loop
# Allows automatic reload of a changed Corefile.
- name: reload
# The loadbalance will act as a round-robin DNS load balancer by randomizing the order of A, AAAA, and MX records in the answer.
- name: loadbalance
prometheus:
# Set this to true to create Service for Prometheus metrics
service:
enabled: true
# Disabled due to service monitor resources being created statically to remove chart dependencies.
monitor:
enabled: false
# configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
# api.raspbernetes.com - https://www.talos.dev/v1.7/introduction/prodnotes/#dns-records
zoneFiles:
- filename: raspbernetes.db
domain: raspbernetes.com
contents: |
${CLUSTER_DOMAIN}. IN SOA ns.dns.raspbernetes.com. hostmaster.raspbernetes.com. 1610541154 7200 1800 86400 30
${CLUSTER_DOMAIN}. IN NS ns.dns.raspbernetes.com.
${CLUSTER_DOMAIN}. IN A ${CLUSTER_LB_ISTIO_INGRESS_GATEWAY}
et.${CLUSTER_DOMAIN}. IN A ${CLUSTER_LB_NGINX_INGRESS_GATEWAY}
api.${CLUSTER_DOMAIN}. IN A 192.168.50.101
api.${CLUSTER_DOMAIN}. IN A 192.168.50.102
api.${CLUSTER_DOMAIN}. IN A 192.168.50.103
*.${CLUSTER_DOMAIN}. IN CNAME ${CLUSTER_DOMAIN}.
plex.${CLUSTER_DOMAIN}. IN A expanse.internal
================================================
FILE: .archive/kubernetes/coredns/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/coredns/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: coredns
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/coredns/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/cross-seed/app/externalsecret.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: cross-seed
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword
target:
name: cross-seed-secret
template:
data:
config.js: |-
function fetchIndexers(baseUrl, apiKey, tag){
const buffer = require('child_process').execSync(`curl -fsSL "$${baseUrl}/api/v1/tag/detail?apikey=$${apiKey}"`);
const response = JSON.parse(buffer.toString('utf8'));
const indexerIds = response.filter(t => t.label === tag)[0]?.indexerIds ?? [];
const indexers = indexerIds.map(i => `$${baseUrl}/$${i}/api?apikey=$${apiKey}`);
console.log(`Loaded $${indexers.length} indexers from Prowlarr`);
return indexers;
}
module.exports = {
action: "inject",
apiKey: "{{.CROSS_SEED_API_KEY}}",
blockList: ["category:manual"],
linkCategory: "cross-seed",
linkDirs: ["/media/Downloads/qbittorrent/complete/cross-seed"],
linkType: "hardlink",
matchMode: "partial",
port: Number(process.env.CROSS_SEED_PORT),
skipRecheck: true,
radarr: ["http://radarr.home-system.svc.cluster.local/?apikey={{ .RADARR_API_KEY }}"],
sonarr: ["http://sonarr.home-system.svc.cluster.local/?apikey={{ .SONARR_API_KEY }}"],
torrentClients: ["qbittorrent:http://qbittorrent.home-system.svc.cluster.local"],
torznab: fetchIndexers("http://prowlarr.home-system.svc.cluster.local", "{{.PROWLARR_API_KEY}}", "cross-seed"),
useClientTorrents: true
};
dataFrom:
- extract:
key: cross-seed
- extract:
key: prowlarr
- extract:
key: radarr
- extract:
key: sonarr
================================================
FILE: .archive/kubernetes/cross-seed/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app cross-seed
namespace: home-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: cross-seed
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
dependsOn:
- name: qbittorrent
namespace: home-system
values:
controllers:
*app :
type: statefulset
containers:
app:
image:
repository: ghcr.io/cross-seed/cross-seed
tag: 6.13.7@sha256:a1fed512261fd968c55cb03c51cff9c6620aa76a34b3b591afca95c890aa8225
env:
TZ: Australia/Melbourne
CROSS_SEED_PORT: &port 80
args: ["daemon"]
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /api/ping
port: *port
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 512Mi
statefulset:
volumeClaimTemplates:
- name: config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
service:
app:
ports:
http:
port: *port
persistence:
secret-file:
type: secret
name: cross-seed-secret
globalMounts:
- path: /config/config.js
subPath: config.js
media:
type: nfs
server: expanse.internal
path: /mnt/tank/media
globalMounts:
- path: /media/Downloads
subPath: Downloads
================================================
FILE: .archive/kubernetes/cross-seed/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- externalsecret.yaml
- helmrelease.yaml
- ocirepository.yaml
================================================
FILE: .archive/kubernetes/cross-seed/app/ocirepository.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: cross-seed
spec:
interval: 5m
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
ref:
tag: 4.6.2
url: oci://ghcr.io/bjw-s-labs/helm/app-template
================================================
FILE: .archive/kubernetes/cross-seed/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cross-seed
namespace: home-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/home-system/cross-seed/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: democratic-csi
namespace: democratic-csi
targetNamespace: home-system
================================================
FILE: .archive/kubernetes/csi-driver-nfs/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app csi-driver-nfs
namespace: kube-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: csi-driver-nfs
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
controller:
replicas: 1
storageClass:
create: true
name: nfs-slow
parameters:
server: expanse.internal
share: /mnt/tank/media
mountOptions:
- nfsvers=4.2
- nconnect=16
- hard
- noatime
reclaimPolicy: Delete
volumeBindingMode: Immediate
================================================
FILE: .archive/kubernetes/csi-driver-nfs/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/csi-driver-nfs/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: csi-driver-nfs
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/kube-system/csi-driver-nfs/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: kube-system
================================================
FILE: .archive/kubernetes/emqx/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app emqx
namespace: home-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: emqx-operator
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
fullnameOverride: emqx
replicaCount: 1
image:
repository: ghcr.io/emqx/emqx-operator
================================================
FILE: .archive/kubernetes/emqx/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/emqx/cluster/cluster.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/apps.emqx.io/emqx_v2beta1.json
apiVersion: apps.emqx.io/v2beta1
kind: EMQX
metadata:
name: emqx
namespace: home-system
spec:
image: public.ecr.aws/emqx/emqx:5.8.9
config:
data: |
authentication {
backend = "built_in_database"
mechanism = "password_based"
password_hash_algorithm {
name = "bcrypt"
}
user_id_type = "username"
bootstrap_file = "/opt/init-user.json"
bootstrap_type = "plain"
}
authorization {
sources = [
{
type = built_in_database
enable = true
}
]
no_match: "deny"
}
coreTemplate:
spec:
replicas: 2
envFrom:
- secretRef:
name: emqx-secret
extraVolumeMounts:
- name: init-user
mountPath: /opt/init-user.json
subPath: init-user.json
readOnly: true
extraVolumes:
- name: init-user
secret:
secretName: emqx-init-user-secret
listenersServiceTemplate:
metadata:
annotations:
lbipam.cilium.io/ips: ${CLUSTER_LB_EMQX}
spec:
type: LoadBalancer
================================================
FILE: .archive/kubernetes/emqx/cluster/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: emqx
namespace: home-system
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'emqx.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: emqx-dashboard
port: 18083
weight: 100
================================================
FILE: .archive/kubernetes/emqx/cluster/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml
- httproute.yaml
- podmonitor.yaml
- secret.enc.age.yaml
================================================
FILE: .archive/kubernetes/emqx/cluster/podmonitor.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: emqx
namespace: home-system
spec:
selector:
matchLabels:
apps.emqx.io/instance: emqx
apps.emqx.io/managed-by: emqx-operator
podMetricsEndpoints:
- port: dashboard
path: /api/v5/prometheus/stats
relabelings:
- action: replace
# user-defined cluster name, requires unique
replacement: emqx5
targetLabel: cluster
- action: replace
# fix value, don't modify
replacement: emqx
targetLabel: from
- action: replace
# fix value, don't modify
sourceLabels: ['pod']
targetLabel: "instance"
================================================
FILE: .archive/kubernetes/emqx/cluster/secret.enc.age.yaml
================================================
apiVersion: v1
kind: Secret
metadata:
name: emqx-secret
namespace: home-system
type: Opaque
stringData:
EMQX_DASHBOARD__DEFAULT_USERNAME: ENC[AES256_GCM,data:ihBafEA=,iv:ZsTN9ZkWbkAkOfJkyQ/85SwQeW2tUXy52lxZvwRU3rY=,tag:LDJoYBZ0FLdi60vYLfjHKQ==,type:str]
EMQX_DASHBOARD__DEFAULT_PASSWORD: ENC[AES256_GCM,data:zoqmRZU=,iv:c1mAE/ypSwRT1x8dNLPAfd39y8JV486FAbXpryWv68I=,tag:ZjF14CBmx/tCz7O/Hl+aHg==,type:str]
sops:
age:
- recipient: age19gj66fq5v2veu940ftyj4pkw0w5tgxgddlyqnd00pnjzyndevurqx70g4t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZDdDZS9IYlZJRjJ2aDBm
b3QybC82dkdxemtRcGtnaGdCem53dW5yQzF3CnNMV2t3WGRVNll6ckZrcXdPK2Zo
YzNUQ1FQSWZwc2xOVXRIWG42ZU5GdjQKLS0tIGw3NDBGYlNaM25ZYytDMXFlRFZ4
aHc3U1doVzhodDhleWlYbjlNNXpwSlEKqPoYWY4e3dK8DhJl3JUqJHFbLJ1pI9LC
mOGYY84o+4FDg8cPM1JLQQaDYtX91wwZ7QFJBbS17Nk/hbW7L9qLKw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-22T01:43:27Z"
mac: ENC[AES256_GCM,data:fA2cdvaefWGTYM2/B3e71694vvMZvw6lrm9N8jqovz6eKq8D1EmA+ER/xut4BVuU4bqKS+9286j+HVzs88vWM4pTZ6eiNy6lNNqXVpEbGkUiYfAFEdLj5W0IW/3K5AN8VcEQP+/YuDXktph5am4YbUqr6YTkXhk1kFFy5ChWo1A=,iv:Ea+zQloY9kg40Kpxi065HytlwNfC18/hlLBk5PyUUNQ=,tag:loic+lRLpTpn5wKFA0Zn4w==,type:str]
encrypted_regex: ^(data|stringData)$
mac_only_encrypted: true
version: 3.11.0
---
apiVersion: v1
kind: Secret
metadata:
name: emqx-init-user-secret
namespace: home-system
type: Opaque
stringData:
init-user.json: ENC[AES256_GCM,data:7qW1ulUq49TviINOXeMngtqoYxbZM2kNPz6/kp8wN9cZIhsss685cwfLiEOiRAJFfwYplOpujy7fdXaDVBk7Xk1L,iv:b2wIxpECr/TV5uDzLkx4dt9mZAjkQKCDzYOCSN6evPE=,tag:z0G3hi0oCqq8cf8PgvdI5Q==,type:str]
sops:
age:
- recipient: age19gj66fq5v2veu940ftyj4pkw0w5tgxgddlyqnd00pnjzyndevurqx70g4t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZDdDZS9IYlZJRjJ2aDBm
b3QybC82dkdxemtRcGtnaGdCem53dW5yQzF3CnNMV2t3WGRVNll6ckZrcXdPK2Zo
YzNUQ1FQSWZwc2xOVXRIWG42ZU5GdjQKLS0tIGw3NDBGYlNaM25ZYytDMXFlRFZ4
aHc3U1doVzhodDhleWlYbjlNNXpwSlEKqPoYWY4e3dK8DhJl3JUqJHFbLJ1pI9LC
mOGYY84o+4FDg8cPM1JLQQaDYtX91wwZ7QFJBbS17Nk/hbW7L9qLKw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-22T01:43:27Z"
mac: ENC[AES256_GCM,data:fA2cdvaefWGTYM2/B3e71694vvMZvw6lrm9N8jqovz6eKq8D1EmA+ER/xut4BVuU4bqKS+9286j+HVzs88vWM4pTZ6eiNy6lNNqXVpEbGkUiYfAFEdLj5W0IW/3K5AN8VcEQP+/YuDXktph5am4YbUqr6YTkXhk1kFFy5ChWo1A=,iv:Ea+zQloY9kg40Kpxi065HytlwNfC18/hlLBk5PyUUNQ=,tag:loic+lRLpTpn5wKFA0Zn4w==,type:str]
encrypted_regex: ^(data|stringData)$
mac_only_encrypted: true
version: 3.11.0
================================================
FILE: .archive/kubernetes/emqx/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: emqx
namespace: home-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/home-system/emqx/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: home-system
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: emqx-cluster
namespace: home-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/home-system/emqx/cluster"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: home-system
================================================
FILE: .archive/kubernetes/external-dns-unifi/app/externalsecret.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: external-dns-unifi
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword
target:
name: external-dns-unifi
template:
data:
UNIFI_API_KEY: "{{ .UNIFI_API_KEY }}"
dataFrom:
- extract:
key: unifi
================================================
FILE: .archive/kubernetes/external-dns-unifi/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app external-dns-unifi
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: external-dns-unifi
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
valuesFrom:
- kind: ConfigMap
name: external-dns-unifi-values
================================================
FILE: .archive/kubernetes/external-dns-unifi/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- externalsecret.yaml
- helmrelease.yaml
- ocirepository.yaml
configMapGenerator:
- name: external-dns-unifi-values
namespace: network-system
files:
- values.yaml=./values.yaml
================================================
FILE: .archive/kubernetes/external-dns-unifi/app/ocirepository.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: external-dns-unifi
namespace: network-system
spec:
interval: 5m
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
ref:
tag: 1.21.1
url: oci://ghcr.io/home-operations/charts-mirror/external-dns
================================================
FILE: .archive/kubernetes/external-dns-unifi/app/values.yaml
================================================
fullnameOverride: external-dns-unifi
provider:
name: webhook
webhook:
image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0
env:
- name: UNIFI_HOST
value: https://192.168.1.1
- name: UNIFI_API_KEY
valueFrom:
secretKeyRef:
name: &secret external-dns-unifi
key: UNIFI_API_KEY
livenessProbe:
httpGet:
path: /healthz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
triggerLoopOnEvent: true
policy: sync
sources:
- crd
- istio-virtualservice
txtPrefix: k8s.
domainFilters:
- ${CLUSTER_DOMAIN}
serviceMonitor:
enabled: true
================================================
FILE: .archive/kubernetes/external-dns-unifi/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: external-dns-unifi
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/external-dns-unifi/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/goldilocks/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app goldilocks
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: goldilocks
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
================================================
FILE: .archive/kubernetes/goldilocks/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: goldilocks
namespace: observability
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'goldilocks.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: goldilocks-dashboard
port: 80
weight: 100
================================================
FILE: .archive/kubernetes/goldilocks/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- httproute.yaml
================================================
FILE: .archive/kubernetes/goldilocks/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: goldilocks
namespace: observability
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/observability/goldilocks/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: istiod
namespace: istio-system
targetNamespace: observability
================================================
FILE: .archive/kubernetes/istio-csr/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app istio-csr
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: cert-manager-istio-csr
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
dependsOn:
- name: cert-manager
namespace: network-system
values:
app:
certmanager:
# -- Don't delete created CertificateRequests once they have been signed.
preserveCertificateRequests: false
issuer:
# -- Issuer name set on created CertificateRequests for both istio-csr's
# serving certificate and incoming gRPC CSRs.
name: istio-ca
# -- Issuer kind set on created CertificateRequests for both istio-csr's
# serving certificate and incoming gRPC CSRs.
kind: Issuer
# -- Issuer group name set on created CertificateRequests for both
# istio-csr's serving certificate and incoming gRPC CSRs.
group: cert-manager.io
tls:
# -- An optional file location to a PEM encoded root CA that the root CA
# ConfigMap in all namespaces will be populated with. If empty, the CA
# returned from cert-manager for the serving certificate will be used.
# rootCAFile: /etc/tls/root-cert.pem
# rootCAFile: /etc/tls/root-cert.pem
# -- The DNS names to request for the server's serving certificate which is
# presented to istio-agents. istio-agents must route to istio-csr using one
# of these DNS names.
certificateDNSNames:
- cert-manager-istio-csr.network-system.svc
istio:
# -- The istio revisions that are currently installed in the cluster.
# Changing this field will modify the DNS names that will be requested for
# the istiod certificate. The common name for the istiod certificate is
# hard coded to the `default` revision DNS name.
# Some issuers may require that the common name on certificates match one
# of the DNS names. If 1. Your issuer has this constraint, and 2. You are
# not using `default` as a revision, add the `default` revision here
# anyway. The resulting certificate will include a DNS name that won't be
# used, but will pass this constraint.
revisions:
- default
- canary
# volumes:
# - name: root-ca
# configMap:
# name: istio-ca-root-cert
# volumeMounts:
# - name: root-ca
# mountPath: /etc/tls
================================================
FILE: .archive/kubernetes/istio-csr/app/issuer.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/clusterissuer_v1.json
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned
spec:
selfSigned: {}
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: istio-ca
namespace: istio-system
spec:
isCA: true
duration: 2160h # 90d
secretName: istio-ca
commonName: istio-ca
subject:
organizations:
- cluster.local
issuerRef:
name: selfsigned
kind: ClusterIssuer
group: cert-manager.io
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/issuer_v1.json
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: istio-ca
namespace: istio-system
spec:
ca:
secretName: istio-ca
================================================
FILE: .archive/kubernetes/istio-csr/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- issuer.yaml
================================================
FILE: .archive/kubernetes/istio-csr/ks.yaml
================================================
# TODO: Investigate the best way to enable this through using the helm charts.
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: istio-csr
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/istio-csr/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: cert-manager
namespace: network-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/istio-ingress/README.md
================================================
# Istio
> Note: This is still heavily a WIP
Step 1: Download specific istio version
```bash
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.5 sh -
```
Step 2: Generate operator manifests
```bash
helm template manifests/charts/istio-operator/ \
--set hub=docker.io/querycapistio \
--set tag=1.6.5 \
--set operatorNamespace=istio-operator \
--set istioNamespace=istio-system
```
Alternatively install using the following command:
```bash
istioctl operator init --hub docker.io/querycapistio --tag 1.6.5
```
Step 3: Apply IstioOperator resource
Step 4: Edit deployments to include `arm64` in affinity
# Canary
```bash
helm template manifests/charts/istio-operator/ \
--set hub=docker.io/querycapistio \
--set tag=1.6.5 \
--set operatorNamespace=istio-operator \
--set istioNamespace=istio-system \
--set revision=canary > bla.yaml
```
## Demo Deployment
A demo application to test Istio sidecar injection
```bash
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: curl
name: curl
namespace: test
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: curl
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: curl
spec:
containers:
- image: curlimages/curl
imagePullPolicy: Always
name: curl
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
command: ["sleep", "9999999"]
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
```
================================================
FILE: .archive/kubernetes/istio-ingress/bedrock-broadcaster/app/certificates.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bedrock-broadcaster-com-le
namespace: istio-ingress
spec:
# The secret name where cert-manager should store the signed certificate
secretName: bedrock-broadcaster-com-le
duration: 2160h0m0s # 90d
renewBefore: 360h0m0s # 15d
# cert-manager regenerates a new private key on each issuance
# https://cert-manager.io/docs/usage/certificate/#rotation-private-key
privateKey:
rotationPolicy: Always
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: ${BEDROCK_BROADCASTER_DOMAIN}
dnsNames:
- ${BEDROCK_BROADCASTER_DOMAIN}
- '*.${BEDROCK_BROADCASTER_DOMAIN}'
================================================
FILE: .archive/kubernetes/istio-ingress/bedrock-broadcaster/app/gateway.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/networking.istio.io/gateway_v1beta1.json
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: bedrock-broadcaster-ingressgateway
namespace: istio-ingress
spec:
selector:
app: istio-gateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- '${BEDROCK_BROADCASTER_DOMAIN}'
- '*.${BEDROCK_BROADCASTER_DOMAIN}'
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- '${BEDROCK_BROADCASTER_DOMAIN}'
- '*.${BEDROCK_BROADCASTER_DOMAIN}'
tls:
credentialName: bedrock-broadcaster-com-le
mode: SIMPLE
minProtocolVersion: TLSV1_2
maxProtocolVersion: TLSV1_3
================================================
FILE: .archive/kubernetes/istio-ingress/bedrock-broadcaster/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- certificates.yaml
- gateway.yaml
================================================
FILE: .archive/kubernetes/istio-ingress/bedrock-broadcaster/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: bedrock-broadcaster-istio-gateway
namespace: istio-ingress
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/istio-ingress/bedrock-broadcaster/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: istio-ingress
dependsOn:
- name: istiod
namespace: istio-system
- name: cert-manager
namespace: network-system
================================================
FILE: .archive/kubernetes/istio-ingress/github/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: github
namespace: istio-ingress
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- '${CLUSTER_DOMAIN}'
rules:
- matches:
- path:
type: Exact
value: /
filters:
- type: URLRewrite
urlRewrite:
path:
type: ReplacePrefixMatch
replacePrefixMatch: /k8s-gitops
hostname: xunholy.github.io
backendRefs:
- kind: Service
name: xunholy-github-io
port: 443
================================================
FILE: .archive/kubernetes/istio-ingress/github/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- httproute.yaml
- service.yaml
================================================
FILE: .archive/kubernetes/istio-ingress/github/service.yaml
================================================
---
# External service definition for xunholy.github.io
apiVersion: v1
kind: Service
metadata:
name: xunholy-github-io
namespace: istio-ingress
spec:
type: ExternalName
externalName: xunholy.github.io
ports:
- name: https
port: 443
protocol: TCP
================================================
FILE: .archive/kubernetes/istio-ingress/istio-gateway/app/authorization-policy.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/security.istio.io/authorizationpolicy_v1beta1.json
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: ext-authz
namespace: istio-system
spec:
# The selector applies to the ingress gateway in the istio-ingress namespace.
selector:
matchLabels:
app: istio-gateway
# The action "CUSTOM" delegates the access control to an external authorizer, this is different from
# the ALLOW/DENY action that enforces the access control right inside the proxy.
action: CUSTOM
# The provider specifies the name of the external authorizer defined in the meshconfig, which tells where and how to
# talk to the external auth service.
provider:
name: 'oauth2-proxy'
# The rule specifies that the access control is triggered only if the request path has the prefix "/admin/".
# This allows you to easily enable or disable the external authorization based on the requests, avoiding the external
# check request if it is not needed.
rules:
- to:
- operation:
hosts:
- 'sealed-secrets.raspbernetes.com'
- 'alert-manager.raspbernetes.com'
- 'prometheus.raspbernetes.com'
================================================
FILE: .archive/kubernetes/istio-ingress/istio-gateway/app/certificates.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: raspbernetes-com-le
namespace: istio-ingress
spec:
# The secret name where cert-manager should store the signed certificate
secretName: raspbernetes-com-le
duration: 2160h0m0s # 90d
renewBefore: 360h0m0s # 15d
# cert-manager regenerates a new private key on each issuance
# https://cert-manager.io/docs/usage/certificate/#rotation-private-key
privateKey:
rotationPolicy: Always
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: ${CLUSTER_DOMAIN}
dnsNames:
- ${CLUSTER_DOMAIN}
- '*.${CLUSTER_DOMAIN}'
================================================
FILE: .archive/kubernetes/istio-ingress/istio-gateway/app/gateway.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/networking.istio.io/gateway_v1beta1.json
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: istio-ingressgateway
namespace: istio-ingress
spec:
selector:
app: istio-gateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- '${CLUSTER_DOMAIN}'
- '*.${CLUSTER_DOMAIN}'
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- '${CLUSTER_DOMAIN}'
- '*.${CLUSTER_DOMAIN}'
tls:
credentialName: raspbernetes-com-le
mode: SIMPLE
minProtocolVersion: TLSV1_2
maxProtocolVersion: TLSV1_3
================================================
FILE: .archive/kubernetes/istio-ingress/istio-gateway/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-gateway
namespace: istio-ingress
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: istio-gateway
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: warn
maxHistory: 3
values:
podDisruptionBudget:
minAvailable: 1
unhealthyPodEvictionPolicy: AlwaysAllow
priorityClassName: "platform-cluster-critical"
service:
annotations:
io.cilium/lb-ipam-ips: ${CLUSTER_LB_ISTIO_INGRESS_GATEWAY}
affinity:
# This podAntiAffinity ensures ingress controllers are not scheduled on the same node
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: istio
operator: In
values:
- ingressgateway
topologyKey: kubernetes.io/hostname
================================================
FILE: .archive/kubernetes/istio-ingress/istio-gateway/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../github
- authorization-policy.yaml
- certificates.yaml
- gateway.yaml
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/istio-ingress/istio-gateway/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: istio-gateway
namespace: istio-ingress
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/istio-ingress/istio-gateway/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: istio-ingress
dependsOn:
- name: istiod
namespace: istio-system
- name: cert-manager
namespace: network-system
================================================
FILE: .archive/kubernetes/istio-ingress/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: istio-ingress
resources:
- namespace.yaml
================================================
FILE: .archive/kubernetes/istio-ingress/namespace.yaml
================================================
---
apiVersion: v1
kind: Namespace
metadata:
name: istio-ingress
labels:
goldilocks.fairwinds.com/enabled: "true"
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
================================================
FILE: .archive/kubernetes/istio-ingress/plex/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: plex
namespace: istio-ingress
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'plex.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- kind: Service
name: plex-external
port: 32400
weight: 100
---
# External service definition for Plex
apiVersion: v1
kind: Service
metadata:
name: plex-external
namespace: istio-ingress
spec:
type: ExternalName
externalName: expanse.internal
ports:
- name: tcp
port: 32400
protocol: TCP
================================================
FILE: .archive/kubernetes/istio-ingress/plex/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: istio-ingress
resources:
- httproute.yaml
================================================
FILE: .archive/kubernetes/istio-system/README.md
================================================
# Istio
> Note: This is still heavily a WIP
Step 1: Download specific istio version
```bash
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.6.5 sh -
```
Step 2: Generate operator manifests
```bash
helm template manifests/charts/istio-operator/ \
--set hub=docker.io/querycapistio \
--set tag=1.6.5 \
--set operatorNamespace=istio-operator \
--set istioNamespace=istio-system
```
Alternatively install using the following command:
```bash
istioctl operator init --hub docker.io/querycapistio --tag 1.6.5
```
Step 3: Apply IstioOperator resource
Step 4: Edit deployments to include `arm64` in affinity
# Canary
```bash
helm template manifests/charts/istio-operator/ \
--set hub=docker.io/querycapistio \
--set tag=1.6.5 \
--set operatorNamespace=istio-operator \
--set istioNamespace=istio-system \
--set revision=canary > bla.yaml
```
## Demo Deployment
A demo application to test Istio sidecar injection
```bash
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: curl
name: curl
namespace: test
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: curl
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: curl
spec:
containers:
- image: curlimages/curl
imagePullPolicy: Always
name: curl
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
command: ["sleep", "9999999"]
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
```
================================================
FILE: .archive/kubernetes/istio-system/flagger/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: flagger
namespace: istio-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: flagger
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
meshProvider: istio
metricsServer: http://kube-prometheus-stack-prometheus.observability.svc.cluster.local:9090
================================================
FILE: .archive/kubernetes/istio-system/flagger/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/istio-system/flagger/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flagger
namespace: istio-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/istio-system/flagger/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: istio-system
dependsOn:
- name: istiod
namespace: istio-system
================================================
FILE: .archive/kubernetes/istio-system/istio-base/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-base
namespace: istio-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: istio-base
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: warn
maxHistory: 3
postRenderers:
- kustomize:
patches:
- target:
version: v1
kind: ValidatingWebhookConfiguration
name: istiod-default-validator
patch: |
- op: add
path: /metadata/annotations/helm.toolkit.fluxcd.io~1driftDetection
value: disabled
================================================
FILE: .archive/kubernetes/istio-system/istio-base/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/istio-system/istio-base/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: istio-base
namespace: istio-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/istio-system/istio-base/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: istio-system
================================================
FILE: .archive/kubernetes/istio-system/istio-cni/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istio-cni
namespace: istio-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: istio-cni
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: warn
maxHistory: 3
# TODO: These resources need more data points to be considered accurate.
# values:
# cni:
# # Resources allocated based on Robusta KRR output
# resources:
# requests:
# cpu: 50m
# memory: 512Mi
================================================
FILE: .archive/kubernetes/istio-system/istio-cni/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/istio-system/istio-cni/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: istio-cni
namespace: istio-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/istio-system/istio-cni/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: istio-system
dependsOn:
- name: istio-base
namespace: istio-system
================================================
FILE: .archive/kubernetes/istio-system/istiod/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: istiod
namespace: istio-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: istiod
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: warn
maxHistory: 3
values:
pilot:
autoscaleEnabled: true
autoscaleMin: 1
autoscaleMax: 3
replicaCount: 1
rollingMaxSurge: 100%
rollingMaxUnavailable: 25%
# Resources allocated based on Robusta KRR output
resources:
requests:
cpu: 100m
memory: 500Mi
meshConfig:
defaultConfig:
gatewayTopology:
# Always forward the XFCC header in the request, regardless of whether the client connection is mTLS.
forwardClientCertDetails: ALWAYS_FORWARD_ONLY
accessLogFile: /dev/stdout
trustDomain: cluster.local
extensionProviders:
- name: oauth2-proxy
envoyExtAuthzHttp:
service: oauth2-proxy.network-system.svc.cluster.local
port: 80
includeHeadersInCheck: ["authorization", "cookie"]
headersToUpstreamOnAllow:
[
"authorization",
"path",
"x-auth-request-user",
"x-auth-request-email",
"x-auth-request-access-token",
]
headersToDownstreamOnDeny: ["content-type", "set-cookie"]
postRenderers:
- kustomize:
patches:
- target:
version: v1
kind: ValidatingWebhookConfiguration
name: istio-validator-istio-system
patch: |
- op: add
path: /metadata/annotations/helm.toolkit.fluxcd.io~1driftDetection
value: disabled
================================================
FILE: .archive/kubernetes/istio-system/istiod/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: istio-system
resources:
- helmrelease.yaml
- podmonitor.yaml
================================================
FILE: .archive/kubernetes/istio-system/istiod/app/podmonitor.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: envoy-stats-monitor
namespace: istio-system
labels:
monitoring: istio-proxies
release: istio
spec:
selector:
matchExpressions:
- {key: istio-prometheus-ignore, operator: DoesNotExist}
namespaceSelector:
any: true
jobLabel: envoy-stats
podMetricsEndpoints:
- path: /stats/prometheus
interval: 15s
relabelings:
- action: keep
sourceLabels: [__meta_kubernetes_pod_container_name]
regex: "istio-proxy"
- action: keep
sourceLabels: [__meta_kubernetes_pod_annotationpresent_prometheus_io_scrape]
- action: replace
regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
replacement: '[$2]:$1'
sourceLabels:
- __meta_kubernetes_pod_annotation_prometheus_io_port
- __meta_kubernetes_pod_ip
targetLabel: __address__
- action: replace
regex: (\d+);((([0-9]+?)(\.|$)){4})
replacement: $2:$1
sourceLabels:
- __meta_kubernetes_pod_annotation_prometheus_io_port
- __meta_kubernetes_pod_ip
targetLabel: __address__
- action: labeldrop
regex: "__meta_kubernetes_pod_label_(.+)"
- sourceLabels: [__meta_kubernetes_namespace]
action: replace
targetLabel: namespace
- sourceLabels: [__meta_kubernetes_pod_name]
action: replace
targetLabel: pod
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/servicemonitor_v1.json
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: istio-component-monitor
namespace: istio-system
labels:
monitoring: istio-components
release: istio
spec:
jobLabel: istio
targetLabels: [app]
selector:
matchExpressions:
- {key: istio, operator: In, values: [pilot]}
namespaceSelector:
any: true
endpoints:
- port: http-monitoring
interval: 15s
================================================
FILE: .archive/kubernetes/istio-system/istiod/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: istiod
namespace: istio-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/istio-system/istiod/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: istio-system
dependsOn:
- name: istio-cni
namespace: istio-system
================================================
FILE: .archive/kubernetes/istio-system/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: istio-system
components:
- ../../../components/common
resources:
- namespace.yaml
================================================
FILE: .archive/kubernetes/istio-system/namespace.yaml
================================================
---
apiVersion: v1
kind: Namespace
metadata:
name: istio-system
labels:
goldilocks.fairwinds.com/enabled: "true"
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
================================================
FILE: .archive/kubernetes/jaeger/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: jaeger
namespace: observability
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: jaeger
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
provisionDataStore:
cassandra: false
allInOne:
enabled: true
storage:
type: none
agent:
enabled: false
collector:
enabled: false
query:
enabled: false
================================================
FILE: .archive/kubernetes/jaeger/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: jaeger
namespace: observability
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'jaeger.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: jaeger-query
port: 16686
weight: 100
================================================
FILE: .archive/kubernetes/jaeger/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- httproute.yaml
================================================
FILE: .archive/kubernetes/jaeger/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: jaeger
namespace: observability
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/observability/jaeger/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: observability
================================================
FILE: .archive/kubernetes/k8s-gateway/app/Corefile
================================================
.:1053 {
errors
log
health {
lameduck 5s
}
ready
k8s_gateway raspbernetes.com {
apex k8s-gateway.network
resources Ingress Service
ttl 300
}
prometheus 0.0.0.0:9153
loop
reload
loadbalance
}
================================================
FILE: .archive/kubernetes/k8s-gateway/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.jsonapiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app k8s-gateway
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: app-template
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
image:
repository: quay.io/oriedge/k8s_gateway
tag: v0.4.0
pullPolicy: IfNotPresent
args: ["-conf", "/etc/coredns/Corefile"]
serviceAccount:
create: true
name: *app
service:
main:
type: LoadBalancer
externalTrafficPolicy: Local
annotations:
io.cilium/lb-ipam-ips: ${CLUSTER_LB_K8S_GATEWAY}
ports:
http:
enabled: false
dns:
enabled: true
port: 53
targetPort: 1053
protocol: UDP
serviceMonitor:
main:
enabled: true
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
persistence:
config:
enabled: true
type: configMap
name: k8s-gateway-configmap
subPath: Corefile
mountPath: /etc/coredns/Corefile
readOnly: true
probes:
readiness:
custom: true
spec:
httpGet:
path: /ready
port: 8181
scheme: HTTP
liveness:
custom: true
spec:
httpGet:
path: /health
port: 8080
scheme: HTTP
startup:
custom: true
spec:
httpGet:
path: /ready
port: 8181
scheme: HTTP
================================================
FILE: .archive/kubernetes/k8s-gateway/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
configMapGenerator:
- name: k8s-gateway-configmap
files:
- ./Corefile
================================================
FILE: .archive/kubernetes/k8s-gateway/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: k8s-gateway
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/k8s-gateway/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/kiali/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kiali-server
namespace: observability
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: kiali-server
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
dependsOn:
- name: kube-prometheus-stack
namespace: observability
values:
istio_namespace: istio-system
# Required as discussed here https://kiali.io/docs/configuration/p8s-jaeger-grafana/
external_services:
istio:
root_namespace: istio-system
prometheus:
url: "http://kube-prometheus-stack-prometheus.observability.svc.cluster.local:9090/"
tracing:
# Enabled by default. Kiali will anyway fallback to disabled if
# Jaeger is unreachable.
enabled: true
in_cluster_url: 'http://jaeger-query.observability.svc.cluster.local:16685/jaeger'
use_grpc: true
# Public facing URL of Jaeger
url: 'https://jaeger.${CLUSTER_DOMAIN}/jaeger'
grafana:
enabled: true
in_cluster_url: 'http://grafana.observability.svc.cluster.local/'
# Public facing URL of Grafana
url: 'https://grafana.${CLUSTER_DOMAIN}/grafana'
================================================
FILE: .archive/kubernetes/kiali/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: kiali
namespace: observability
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'kiali.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: kiali
port: 20001
weight: 100
================================================
FILE: .archive/kubernetes/kiali/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- httproute.yaml
================================================
FILE: .archive/kubernetes/kiali/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: kiali
namespace: observability
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/observability/kiali/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: observability
================================================
FILE: .archive/kubernetes/kubefed/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kubefed
namespace: kube-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: kubefed
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
# Default values for kubefed.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## Configuration values for kubefed controllermanager deployment.
##
controllermanager:
controller:
repository: kubespheredev
image: kubefed
tag: v0.8.1-multi-arch
imagePullPolicy: IfNotPresent
logLevel: 2
forceRedeployment: false
env: {}
resources:
limits:
memory: 512Mi
requests:
cpu: 100m
memory: 64Mi
webhook:
repository: kubespheredev
image: kubefed
tag: v0.8.1-multi-arch
imagePullPolicy: IfNotPresent
logLevel: 8
forceRedeployment: false
env: {}
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
certManager:
enabled: false
rootCertificate:
organizations: []
dnsNames:
- ca.webhook.kubefed
commonName: ca.webhook.kubefed
postInstallJob:
repository: bitnami
image: kubectl
tag: 1.17.16
imagePullPolicy: IfNotPresent
================================================
FILE: .archive/kubernetes/kubefed/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/kubefed/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: kubefed
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/kube-system/kubefed/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: kube-system
================================================
FILE: .archive/kubernetes/kured/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kured
namespace: kube-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: kured
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
service:
create: true
metrics:
create: true
================================================
FILE: .archive/kubernetes/kured/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/kured/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: kured
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/kube-system/kured/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: kube-system
================================================
FILE: .archive/kubernetes/litmus/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
================================================
FILE: .archive/kubernetes/litmus/litmus/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: litmus
namespace: litmus
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: litmus
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
portal:
server:
authServer:
env:
DEX_SERVER: "true"
OIDC_ISSUER: "dex.network-system.svc.cluster.local"
CALLBACK_URL: "litmus-frontend-service.litmus.svc.cluster.local"
================================================
FILE: .archive/kubernetes/litmus/litmus/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: chaos-center
namespace: litmus
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'chaos-center.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: litmus-frontend-service
port: 9091
weight: 100
================================================
FILE: .archive/kubernetes/litmus/litmus/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- httproute.yaml
================================================
FILE: .archive/kubernetes/litmus/litmus/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: litmus
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/litmus/litmus/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: istiod
namespace: istio-system
targetNamespace: litmus
================================================
FILE: .archive/kubernetes/litmus/litmus-core/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: litmus-core
namespace: litmus
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: litmus-core
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
nameOverride: "litmus-core"
fullnameOverride: "litmus-core"
exporter:
enabled: true
================================================
FILE: .archive/kubernetes/litmus/litmus-core/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/litmus/litmus-core/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: litmus-core
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/litmus/litmus-core/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: litmus
================================================
FILE: .archive/kubernetes/litmus/namespace.yaml
================================================
---
apiVersion: v1
kind: Namespace
metadata:
name: litmus
labels:
goldilocks.fairwinds.com/enabled: "true"
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
================================================
FILE: .archive/kubernetes/loki-stack/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: loki-stack
namespace: observability
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: loki-stack
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
loki:
enabled: true
rbac:
pspEnabled: false
serviceMonitor:
enabled: true
promtail:
enabled: true
serviceMonitor:
enabled: true
fluent-bit:
enabled: false
grafana:
enabled: false
prometheus:
enabled: false
test_pod:
enabled: false
================================================
FILE: .archive/kubernetes/loki-stack/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/loki-stack/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: loki-stack
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/observability/loki-stack/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: observability
================================================
FILE: .archive/kubernetes/metallb/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app metallb
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: metallb
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
prometheus:
serviceAccount: "kube-prometheus-stack-prometheus"
namespace: "observability"
serviceMonitor:
enabled: true
prometheusRule:
enabled: true
================================================
FILE: .archive/kubernetes/metallb/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/metallb/config/ipaddresspool.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/metallb.io/ipaddresspool_v1beta1.json
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: metallb-l2-pool
namespace: network-system
spec:
addresses:
- '${CLUSTER_LB_ADDRESSES}'
avoidBuggyIPs: true
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/metallb.io/l2advertisement_v1beta1.json
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: metallb-l2
namespace: network-system
spec:
ipAddressPools:
- metallb-l2-pool
# ---
# apiVersion: metallb.io/v1beta1
# kind: IPAddressPool
# metadata:
# name: metallb-bgp-pool
# namespace: network-system
# spec:
# addresses:
# - 192.168.50.190/32
# avoidBuggyIPs: true
# ---
# apiVersion: metallb.io/v1beta1
# kind: BGPAdvertisement
# metadata:
# name: example
# namespace: network-system
# spec:
# ipAddressPools:
# - metallb-bgp-pool
# ---
# apiVersion: metallb.io/v1beta2
# kind: BGPPeer
# metadata:
# name: metallb-bgp
# namespace: network-system
# spec:
# myASN: 64512
# peerASN: 64512
# peerAddress: 192.168.50.1
# bfdProfile: bfdprofile
# ---
# # https://metallb.universe.tf/configuration/#enabling-bfd-support-for-bgp-sessions
# apiVersion: metallb.io/v1beta1
# kind: BFDProfile
# metadata:
# name: bfdprofile
# namespace: network-system
# spec:
# receiveInterval: 380
# transmitInterval: 270
================================================
FILE: .archive/kubernetes/metallb/config/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ipaddresspool.yaml
================================================
FILE: .archive/kubernetes/metallb/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: metallb
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/metallb/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: network-system
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: metallb-config
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/network-system/metallb/config"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: metallb
namespace: network-system
targetNamespace: network-system
================================================
FILE: .archive/kubernetes/node-feature-discovery/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app node-feature-discovery
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: node-feature-discovery
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
master:
replicaCount: 1
worker:
config:
core:
labelSources: ["pci", "system", "usb"]
# TODO: Retest Zigbee USB device
# sources:
# usb:
# deviceClassWhitelist:
# - '02'
# - '03'
# - '0e'
# - 'ef'
# - 'fe'
# - 'ff'
# deviceLabelFields:
# - 'class'
# - 'vendor'
# - 'device'
# custom:
# - name: 'zigbee'
# matchOn:
# - usbId:
# class: ['ff']
# vendor: ['1a86']
# device: ['7523']
prometheus:
enable: true
================================================
FILE: .archive/kubernetes/node-feature-discovery/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
# - networkpolicy.yaml
================================================
FILE: .archive/kubernetes/node-feature-discovery/app/networkpolicy.yaml
================================================
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: node-feature-discovery
namespace: network-system
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: node-feature-discovery
policyTypes:
- Egress
egress:
# Egress traffic to kube-apiserver svc
- to:
- ipBlock:
cidr: 10.96.0.1/32
ports:
- protocol: TCP
port: 443
# Egress traffic to kube-apiserver endpoints
- to:
- ipBlock:
cidr: 192.168.50.114/32
- ipBlock:
cidr: 192.168.50.115/32
- ipBlock:
cidr: 192.168.50.116/32
ports:
- protocol: TCP
port: 6443
================================================
FILE: .archive/kubernetes/node-feature-discovery/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: node-feature-discovery
namespace: network-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: network-system
path: "./apps/base/network-system/node-feature-discovery/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/openclaw/app/backendtrafficpolicy.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: BackendTrafficPolicy
metadata:
name: openclaw
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: HTTPRoute
name: openclaw
# Compression is intentionally omitted here. Because mergeType is unset, this
# route-level policy fully replaces the global gateway-level BackendTrafficPolicy,
# effectively disabling Zstd/Brotli/Gzip compression that would buffer SSE/WebSocket
# streaming AI responses. If mergeType is ever added, compression will leak back in.
timeout:
http:
# Disable request timeout for long-running AI streaming responses
requestTimeout: "0s"
# Match upstream idle timeout to OpenClaw's llm.idleTimeoutSeconds (300s) and
# allow headroom for extended thinking phases (Opus can pause >60s between tokens)
connectionIdleTimeout: 3600s
# Disable retries - retrying a streaming AI request mid-stream causes
# duplicate responses and wasted API usage
retry:
numRetries: 0
tcpKeepalive:
probes: 3
idleTime: 20m
interval: 60s
================================================
FILE: .archive/kubernetes/openclaw/app/configmap.yaml
================================================
---
apiVersion: v1
kind: ConfigMap
metadata:
name: openclaw-config
data:
openclaw.json: |
{
"gateway": {
"port": 18789,
"mode": "local",
"bind": "lan",
"trustedProxies": ["10.244.0.0/16", "10.96.0.0/12"],
"auth": {
"mode": "token"
},
"controlUi": {
"allowedOrigins": ["https://openclaw.${CLUSTER_DOMAIN}"],
"dangerouslyDisableDeviceAuth": true
}
},
"browser": {
"enabled": true
},
"agents": {
"defaults": {
"workspace": "/home/node/.openclaw/workspace",
"model": {
"primary": "openai/claude-opus-4",
"fallbacks": [
"openai/claude-sonnet-4"
]
},
"userTimezone": "UTC",
"timeoutSeconds": 600,
"maxConcurrent": 3,
"llm": {
"idleTimeoutSeconds": 300
},
"contextPruning": {
"mode": "cache-ttl",
"ttl": "1h",
"keepLastAssistants": 3,
"softTrimRatio": 0.3,
"hardClearRatio": 0.5
}
},
"list": [
{
"id": "main",
"default": true,
"identity": {
"name": "OpenClaw"
}
}
]
},
"session": {
"scope": "per-sender",
"store": "/home/node/.openclaw/sessions",
"reset": {
"mode": "idle",
"idleMinutes": 60
},
"maintenance": {
"mode": "enforce",
"pruneAfter": "30d",
"maxEntries": 500,
"rotateBytes": "10mb",
"maxDiskBytes": "2gb",
"highWaterBytes": "1.6gb"
}
},
"logging": {
"level": "info",
"consoleLevel": "info",
"consoleStyle": "compact",
"redactSensitive": "tools"
},
"cron": {
"enabled": true,
"maxConcurrentRuns": 2,
"sessionRetention": "24h"
},
"tools": {
"profile": "full",
"web": {
"search": {
"enabled": true,
"provider": "duckduckgo"
},
"fetch": {
"enabled": true
}
}
}
}
================================================
FILE: .archive/kubernetes/openclaw/app/externalsecret.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: openclaw
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword
target:
name: openclaw-secret
template:
data:
ANTHROPIC_API_KEY: "{{ .ANTHROPIC_API_KEY }}"
OPENAI_API_KEY: "{{ .OPENAI_API_KEY }}"
OPENCLAW_GATEWAY_TOKEN: "{{ .OPENCLAW_GATEWAY_TOKEN }}"
OPENCLAW_GATEWAY_PASSWORD: "{{ .OPENCLAW_GATEWAY_PASSWORD }}"
.credentials.json: "{{ .CLAUDE_CODE_CREDENTIALS }}"
dataFrom:
- extract:
key: openclaw
================================================
FILE: .archive/kubernetes/openclaw/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app openclaw
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: app-template
namespace: flux-system
values:
controllers:
*app :
initContainers:
install-proxy:
image:
repository: node
tag: 24-slim
command: ["/bin/sh"]
args:
- "-c"
- |
export NPM_CONFIG_PREFIX=/opt/proxy
npm install -g claude-max-api-proxy@1.0.0 @anthropic-ai/claude-code@2.1.83
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
memory: 1Gi
containers:
app:
image:
repository: ghcr.io/openclaw/openclaw
tag: 2026.5.18
command: ["/bin/sh"]
args:
- "-c"
- |
exec node dist/index.js gateway --bind lan
env:
TZ: ${CLUSTER_TIMEZONE}
OPENAI_BASE_URL: http://localhost:3456/v1
envFrom:
- secretRef:
name: openclaw-secret
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
probes:
startup:
enabled: true
custom: true
spec:
httpGet:
path: /healthz
port: 18789
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 30
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /readyz
port: 18789
periodSeconds: 10
failureThreshold: 3
liveness:
enabled: true
custom: true
spec:
httpGet:
path: /healthz
port: 18789
periodSeconds: 30
failureThreshold: 5
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
memory: 4Gi
claude-max-api:
image:
repository: node
tag: 24-slim
command: ["/bin/sh"]
args:
- "-c"
- |
export NPM_CONFIG_PREFIX=/opt/proxy
export PATH=/opt/proxy/bin:$PATH
exec node /opt/proxy/lib/node_modules/claude-max-api-proxy/dist/server/standalone.js
env:
HOME: /home/node
CLAUDE_CONFIG_DIR: /tmp/.claude
envFrom:
- secretRef:
name: openclaw-secret
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
probes:
startup:
enabled: true
custom: true
spec:
exec:
command: ["node", "-e", "require('http').get('http://127.0.0.1:3456/health',r=>{ process.exit(r.statusCode===200?0:1) }).on('error',()=>process.exit(1))"]
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 30
readiness:
enabled: true
custom: true
spec:
exec:
command: ["node", "-e", "require('http').get('http://127.0.0.1:3456/health',r=>{ process.exit(r.statusCode===200?0:1) }).on('error',()=>process.exit(1))"]
periodSeconds: 10
failureThreshold: 3
liveness:
enabled: true
custom: true
spec:
exec:
command: ["node", "-e", "require('http').get('http://127.0.0.1:3456/health',r=>{ process.exit(r.statusCode===200?0:1) }).on('error',()=>process.exit(1))"]
periodSeconds: 30
failureThreshold: 5
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 1Gi
codeserver:
image:
repository: ghcr.io/coder/code-server
tag: 4.118.0
args:
- "--auth"
- "none"
- "--user-data-dir"
- "/home/node/.vscode"
- "--extensions-dir"
- "/home/node/.vscode"
- "--port"
- "12321"
- "/home/node/.openclaw/workspace"
resources:
requests:
cpu: 10m
limits:
memory: 1Gi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: *app
ports:
http:
appProtocol: kubernetes.io/ws
port: 18789
codeserver:
port: 12321
persistence:
data:
existingClaim: openclaw-data
globalMounts:
- path: /home/node/.openclaw
config:
type: configMap
name: openclaw-config
globalMounts:
- path: /home/node/.openclaw/openclaw.json
subPath: openclaw.json
proxy-install:
type: emptyDir
advancedMounts:
*app :
install-proxy:
- path: /opt/proxy
claude-max-api:
- path: /opt/proxy
readOnly: true
npm-cache:
type: emptyDir
advancedMounts:
*app :
install-proxy:
- path: /home/node/.npm
tmp:
type: emptyDir
globalMounts:
- path: /tmp
================================================
FILE: .archive/kubernetes/openclaw/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: openclaw
annotations:
external-dns.alpha.kubernetes.io/external: "true"
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'openclaw.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: openclaw
port: 18789
weight: 100
timeouts:
request: "0s"
================================================
FILE: .archive/kubernetes/openclaw/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- externalsecret.yaml
- pvc.yaml
- configmap.yaml
- httproute.yaml
- backendtrafficpolicy.yaml
- replicationsource.yaml
- volsync-externalsecret.yaml
================================================
FILE: .archive/kubernetes/openclaw/app/pvc.yaml
================================================
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openclaw-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 10Gi
================================================
FILE: .archive/kubernetes/openclaw/app/replicationsource.yaml
================================================
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: openclaw
spec:
sourcePVC: openclaw-data
trigger:
schedule: "0 * * * *"
kopia:
accessModes:
- ReadWriteOnce
cacheAccessModes:
- ReadWriteOnce
cacheCapacity: 5Gi
cacheStorageClassName: ceph-block
compression: zstd-fastest
copyMethod: Snapshot
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
parallelism: 2
repository: openclaw-volsync-secret
retain:
hourly: 24
daily: 7
storageClassName: ceph-block
volumeSnapshotClassName: csi-ceph-blockpool
================================================
FILE: .archive/kubernetes/openclaw/app/volsync-externalsecret.yaml
================================================
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: openclaw-volsync
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword
target:
name: openclaw-volsync-secret
template:
data:
KOPIA_FS_PATH: /repository
KOPIA_PASSWORD: "{{ .KOPIA_PASSWORD }}"
KOPIA_REPOSITORY: filesystem:///repository
dataFrom:
- extract:
key: volsync-template
================================================
FILE: .archive/kubernetes/openclaw/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: openclaw
namespace: ai-system
spec:
path: "./apps/base/ai-system/openclaw/app"
wait: false
dependsOn:
- name: external-secrets
namespace: external-secrets
- name: rook-ceph-cluster
namespace: rook-ceph
- name: volsync
namespace: volsync-system
targetNamespace: ai-system
sourceRef:
kind: ExternalArtifact
name: openclaw
namespace: flux-system
================================================
FILE: .archive/kubernetes/openebs-system/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
================================================
FILE: .archive/kubernetes/openebs-system/namespace.yaml
================================================
---
apiVersion: v1
kind: Namespace
metadata:
name: openebs-system
labels:
goldilocks.fairwinds.com/enabled: "true"
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
================================================
FILE: .archive/kubernetes/openebs-system/openebs/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: openebs
namespace: openebs-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: openebs
namespace: flux-system
install:
timeout: 30m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
engines:
local:
lvm:
enabled: false
zfs:
enabled: false
mayastor:
csi:
node:
initContainers:
enabled: false
================================================
FILE: .archive/kubernetes/openebs-system/openebs/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/openebs-system/openebs/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: openebs
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: openebs-system
path: "./apps/base/openebs-system/openebs/app"
prune: false
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/openfaas/README.md
================================================
# OpenFaaS
================================================
FILE: .archive/kubernetes/openfaas/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
# - networkpolicy.yaml
================================================
FILE: .archive/kubernetes/openfaas/namespace.yaml
================================================
---
apiVersion: v1
kind: Namespace
metadata:
name: openfaas
labels:
goldilocks.fairwinds.com/enabled: "true"
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
================================================
FILE: .archive/kubernetes/openfaas/networkpolicy.yaml
================================================
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-allow-all
namespace: openfaas
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
# Ingress traffic from any pod in current namespace will be allowed
- from:
- podSelector: {}
# Ingress traffic from any pod in the cluster will be allowed
- {}
# Allow ingress from any endpoint only to any pods but only specific port(s)
- from:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 443
egress:
# Egress flows to Kubernetes DNS will be allowed but only specific port(s).
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Egress traffic to any pod in current namespace will be allowed
- {}
# Egress traffic to any endpoint outside of the cluster will be allowed.
- to:
- ipBlock:
cidr: 0.0.0.0/0
# Egress traffic to any pod in current namespace will be allowed
- to:
- podSelector: {}
================================================
FILE: .archive/kubernetes/openfaas/openfaas/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: openfaas
namespace: openfaas
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: openfaas
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
basic_auth: false
gateway:
directFunctions: true
oauth2Plugin:
enabled: false
operator:
create: false
prometheus:
create: false
alertmanager:
create: false
basicAuthPlugin:
replicas: 1
ingressOperator:
create: false
================================================
FILE: .archive/kubernetes/openfaas/openfaas/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/openfaas/openfaas/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: openfaas
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: openfaas
path: "./apps/base/openfaas/openfaas/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/openfaas-fn/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
# - networkpolicy.yaml
================================================
FILE: .archive/kubernetes/openfaas-fn/namespace.yaml
================================================
---
apiVersion: v1
kind: Namespace
metadata:
name: openfaas-fn
labels:
goldilocks.fairwinds.com/enabled: "true"
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
================================================
FILE: .archive/kubernetes/openfaas-fn/networkpolicy.yaml
================================================
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-allow-all
namespace: openfaas-fn
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
# Ingress traffic from any pod in current namespace will be allowed
- from:
- podSelector: {}
# Ingress traffic from any pod in the cluster will be allowed
- {}
# Allow ingress from any endpoint only to any pods but only specific port(s)
- from:
- ipBlock:
cidr: 0.0.0.0/0
ports:
- port: 443
egress:
# Egress flows to Kubernetes DNS will be allowed but only specific port(s).
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# Egress traffic to any pod in current namespace will be allowed
- {}
# Egress traffic to any endpoint outside of the cluster will be allowed.
- to:
- ipBlock:
cidr: 0.0.0.0/0
# Egress traffic to any pod in current namespace will be allowed
- to:
- podSelector: {}
================================================
FILE: .archive/kubernetes/origin-ca-issuer/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app origin-ca-issuer
namespace: network-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: origin-ca-issuer
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
dependsOn:
- name: cert-manager
namespace: network-system
values:
controller:
image:
repository: cloudflare/origin-ca-issuer
tag: v0.14.1
================================================
FILE: .archive/kubernetes/origin-ca-issuer/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/v0.6.0/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml
================================================
FILE: .archive/kubernetes/origin-ca-issuer/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: origin-ca-issuer
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: network-system
path: "./apps/base/network-system/origin-ca-issuer/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/plex/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.jsonapiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app plex
namespace: home-system
spec:
interval: 30m
chartRef:
kind: OCIRepository
name: app-template
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
controllers:
*app :
containers:
app:
image:
repository: ghcr.io/home-operations/plex
tag: 1.43.2.10687@sha256:29aea09831a2b008ffa36b9d71b52aaf1fa3feeedec5f0211c991de01a70f645
env:
TZ: Australia/Melbourne
PLEX_ADVERTISE_URL: https://plex.${CLUSTER_DOMAIN}:443,http://${CLUSTER_LB_PLEX}:32400
PLEX_NO_AUTH_NETWORKS: 192.168.50.0/24
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /identity
port: 32400
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
memory: 16Gi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: [44]
seccompProfile: { type: RuntimeDefault }
nodeSelector:
intel.feature.node.kubernetes.io/gpu: "true"
service:
app:
controller: plex
type: LoadBalancer
annotations:
lbipam.cilium.io/ips: ${CLUSTER_LB_PLEX}
ports:
http:
port: 32400
persistence:
config:
# existingClaim: plex
# TODO: If setting up Plex for the first time, you'll want to add the globalMounts section
type: emptyDir
globalMounts:
- path: /config/Library/Application Support/Plex Media Server
# Separate PVC for cache to avoid backing up cache files
cache:
type: emptyDir
globalMounts:
- path: /config/Library/Application Support/Plex Media Server/Cache
logs:
type: emptyDir
globalMounts:
- path: /config/Library/Application Support/Plex Media Server/Logs
tmp:
type: emptyDir
transcode:
type: emptyDir
media:
type: nfs
server: expanse.internal
path: /mnt/tank/media
globalMounts:
- path: /media
readOnly: true
================================================
FILE: .archive/kubernetes/plex/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: plex
namespace: home-system
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'plex.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: plex
port: 32400
weight: 100
================================================
FILE: .archive/kubernetes/plex/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- httproute.yaml
================================================
FILE: .archive/kubernetes/plex/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: plex
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: home-system
path: "./apps/base/home-system/plex/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/reloader/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app reloader
namespace: kube-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: reloader
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
reloader:
readOnlyRootFileSystem: true
================================================
FILE: .archive/kubernetes/reloader/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/reloader/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: reloader
namespace: kube-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: kube-system
path: "./apps/base/kube-system/reloader/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/sealed-secrets/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: sealed-secrets
namespace: kube-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: sealed-secrets
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
networkPolicy:
enabled: true
metrics:
serviceMonitor:
enabled: true
================================================
FILE: .archive/kubernetes/sealed-secrets/app/httproute.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: sealed-secrets
namespace: kube-system
spec:
parentRefs:
- name: envoy-external
namespace: network-system
sectionName: https
- name: envoy-internal
namespace: network-system
sectionName: https
hostnames:
- 'sealed-secrets.${CLUSTER_DOMAIN}'
rules:
- backendRefs:
- name: sealed-secrets
port: 8080
weight: 100
================================================
FILE: .archive/kubernetes/sealed-secrets/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
- httproute.yaml
================================================
FILE: .archive/kubernetes/sealed-secrets/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: sealed-secrets
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: kube-system
path: "./apps/base/kube-system/sealed-secrets/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: istiod
namespace: istio-system
================================================
FILE: .archive/kubernetes/secret-store-csi-driver/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: secret-store-csi-driver
namespace: kube-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: secret-store-csi-driver
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
logFormatJSON: true
## Install RBAC roles and bindings required for K8S Secrets syncing if true
syncSecret:
enabled: true
## Enable secret rotation feature [alpha]
enableSecretRotation: true
================================================
FILE: .archive/kubernetes/secret-store-csi-driver/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/secret-store-csi-driver/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: secret-store-csi-driver
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: kube-system
path: "./apps/base/kube-system/secret-store-csi-driver/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/snmp-exporter/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app snmp-exporter
namespace: observability
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: snmp-exporter
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
dependsOn:
- name: kube-prometheus-stack
namespace: observability
values:
fullnameOverride: *app
================================================
FILE: .archive/kubernetes/snmp-exporter/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: observability
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/snmp-exporter/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: snmp-exporter
namespace: observability
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: observability
path: "./apps/base/observability/snmp-exporter/app"
prune: true
wait: true
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/speedtest/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.jsonapiVersion: helm.toolkit.fluxcd.io/v2
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: speedtest
namespace: observability
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: app-template
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
image:
repository: ghcr.io/miguelndecarvalho/speedtest-exporter
tag: v3.5.4
resources:
requests:
cpu: 15m
memory: 64M
limits:
memory: 128M
service:
main:
ports:
http:
enabled: false
metrics:
enabled: true
protocol: TCP
port: 9798
================================================
FILE: .archive/kubernetes/speedtest/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/speedtest/ks.yaml
================================================
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: speedtest
namespace: observability
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
targetNamespace: observability
path: "./apps/base/observability/speedtest/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
================================================
FILE: .archive/kubernetes/tf-controller/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: tf-controller
namespace: flux-system
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: tf-controller
namespace: flux-system
install:
timeout: 10m
replace: true
crds: CreateReplace
createNamespace: true
strategy:
name: RetryOnFailure
retryInterval: 5m
upgrade:
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
cleanupOnFail: true
crds: CreateReplace
test:
enable: true
rollback:
recreate: true
force: true
cleanupOnFail: true
uninstall:
keepHistory: false
driftDetection:
mode: enabled
maxHistory: 3
values:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
================================================
FILE: .archive/kubernetes/tf-controller/app/kustomization.yaml
================================================
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrelease.yaml
================================================
FILE: .archive/kubernetes/tf-controller/ks.yaml
================================================
---
# Note: Arm64 support is currently not supported https://github.com/weaveworks/tf-controller/issues/453
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: tf-controller
namespace: flux-system
spec:
decryption:
provider: sops
interval: 30m
retryInterval: 1m
timeout: 3m
path: "./apps/base/flux-system/tf-controller/app"
prune: true
wait: false
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
targetNamespace: flux-system
================================================
FILE: .archive/kubernetes/tf-controller/terraform/gcp/secret.enc.age.yaml
================================================
apiVersion: v1
kind: Secret
metadata:
name: gcp-creds
namespace: flux-system
data:
key: ENC[AES256_GCM,data:qdGhNr5VLi+zCbeBzVwXo+ppH3wjWw6GJLHVDAfR0PFoD4yWi4B70tFiRTVujZDX1bariGS70e9L+HzI3q3LtZsMa3p/68HjPrEtLhjUxm7HiSpep0bJMbwhc/um+FZ3v4inoMK24UC54QP+nr0qXhqww3HYvqtkD7w2QriekYsfM0q8KgprZubvx6ZoAKUbSUKHsuUmSDL+79AfTV7pmQImU6eUawsJHGGkaoHybhJzT/fxrUlktV2fduY9Sf04wotGGQJ2SdeOlLAJonF1oquzGUfTUiO9cYiA69kM1oRn2VhF/OQIvfvG6ExkxvbGJP0jyEftlSF/F567RILI7PTRfIf8DIf8qN47TSzu3mbvMBcDLKPO5JzTuK6Vry+xcx7GsVouUvhSMaB3UkzxgkbhSXNfk9QR6M2m8RpIIBpbyWUECwH6xbCfAinSYGhgwIN18fOjdkmdXp9olwbfge+ksyH69ONNVvOzoA36gFeSD6MlXjOXKohXe7VQXzEkpdm3bP7dmVVAyBxHd7aBfcjNroPBuhgeFNtj4uG3GgKaB0MI+gHwx5kdXPzhywVHnDqgsRyZ6ru5FsGzX/aeIvtnSNd5Okp7Mm+YbZvF8JvBa6IRaMXRjE0VMuET3LnN0fYs8W9ChvPHD3ZLXeGBrzmM2UBAi55HMqtrrMKXY9ahVXDIxrkoFKxIkSEqw1Q3DeI4MJKQoKE8h1U73Jy2liUwiPl4sPC5HiFsR7cu2LkaD1YM9j4ps/edYHZjl7uSPBk2HgGXP6SaMoYRM1ZlgfXIGbJx74+8gm3gl6Db01KCJALIhcJ6sw8z/AZBMmO8lmxrV4iTYU9VaJjiYnZXGTgFZlrr56Z8PVbTok+PE0A08YRLPouBwuW2eSkhmwGSdX/Qp4End9sGseURYJf+LDPMdqaTBmW8KTZJ+3MgOXcJYKOQmjG5QCkP1CQDacVVyaBFGKELEHr0wD2bwVzokluC2z3OPEOvTbaE/kMlCXafTwq08fgN6pvNrqam1DXrEq1O4X3TZE3qfJagePYWg/tF+nbmA1HrZyNvO8IwHreaNA2BhX+MQDOJ9Qumu++7F9oIzwahv9eoSZJCeFynOcooEIEt4RW6GeZE2GGmFGsexGWbeeL1eXoS5SW8cs+Z7JF+kNmwABHyXnAPDKU1Z1GYQ+FMmqPVLWtaQU7u5In8DwrwhUbzsKaBzIAslwtEUJDA/6CTbUMfvYbY7J3EfwyssXun0Wl+SkEWEWHkwybQQvSWn2mjM7XWAfNk9iA9XBVBnnHwZG97Zjq6ozWnyw++Zi3/EFTyrrGiQNyqMZa5UHGgumVd2ArLCsoNZR8jdwYKfJJ/6KGutrJEosaJ1TUiNE9UHKX/4PA0qz7c27t71JhqckDJNtZd7ShXXlmLWO6cGuCtMeasFpOD7W8USEppC+JEOMtE+mQ9qdgLMu49z+FWuDl8w0dun8ZZxBlhv9ePIwZiGOnXnS2t7EQeSO8FEoTiKXwgfZOLt8hs8sFPF55Xz6GwaGytakuFniFpZru/cUM6DFh6lYy+2xrwznJ3rVSZYTf/zXO2YhjUY53v5EptOKgICaZKGgZ14KPNT9eH3j+YrGuCCinxDk3UKUTIz0UGtVaYp+g6bxTcNqYOgeAHaStbqh3eqvfyboSRrPFipH6HpEJgVVWuPF3b2UOjIO4m1Hj4F9gQ20SKoeKg8ZzTTrA6iMgPwICZ95aMpS425MrCzZYjInaWYeT9bGNBcGhbAJgHnkHWooMgW3+0OrXEJMM/rkLdCt3iFifp+lbhg6i1VZ22p0IDIhtybfCJpiJJdIaeTVEhU2xi4xbF0w2ZKb/p6eR+LUm9mlmbrXZMhauMG9gMCLqXPUrihX+v5TiauAB4Wu8/tQdS7SfHhc79xunCcvWI9c/NijMKgJOvRMjo/eNQDKvV9kWhNhj5IuIzh7i1XKRtQzIx1CM/uBfzd04DF2RdMUKguc1L9ryyUMnBGF8ly0xTfhciOU25tCk9MaPoSOyPEYy1nBu+80LS5sl7PnrrEEPGGBr5+hvU90UEY+62zINnrpPb3bkdTtkwOuna/j2tNCsgu31AomMXTFdWzDzgZhvXZ82I0Tvg+9YS2NO9MV5BglAfczBhRKSjY/AdoCp2kylk4k0ybdTNjAhqLpoinorKBT3/x9r1uvspxhhCnmk7preQzyVUkFqRw5WIT5eKvVb3tO6RN8rl6wVzsEtrTZJMHmQrHNu6G9w8/e4ildA2pFVhIBJH/Dq3A8ZV5BaYHfsclLqRfdsPJPBqCPvr+s3I66JDjKi2XmWa58htYPPN8iOuFxvrCszHoaRMksSl9EU11QVMUtfYCe6jEhJKp6xeetolhlgbQKvoIrOUXcXfOAF00IqyspCNwVXNeSvlMbKkpt7BP3qncITpCqiAyTYTC/cgS+nuk9LAoGkcr9XIqXaeZ0hdQBHKB4B7Au9//803aN+KFO5dBrcbaKpE1QyZrqVt6YLOEGrcNWAVmndBHL9MPM6KwJgWFePe+H8thfGqHKl6z18/cEeVYNG8A9vXpkmIDb82FxbsL5ZnfXKBZQoNnT8Vc21mITBsaqL0/F4rMMTle0Q9ws9TVa6ObKhf3U+B65QjwhycQedA/2yI+62eDvbSwI9t6yZBtiTJklRQXGyN+SJdnbRrf1rU+jKzSa5aefGw+yCq+JHRCv7/yXHfMLtT99k1mFsXBSpBOVu39I/6Sq36srCFija6uQAirdIy0XRWjEWQ5WqB/wef53wYuB2Xlx2J6+Gg7+rI8PW2COc6gnfB87LQM9VPfuuEKjTlXc09UkL0xzTCW1wXZgxBkXqHDecdjALgHvA4kkGMTZmX0lgvbLxZ2Z6ntRWZdf37ZED4E5+OTnW5w/3jfOoeQCbXYr0GQBWjd+iZzBFL4G0YXjmioDBuRyZkTSp944LiaiRgwryIYPqg0mlFa/OLCRN+XfIpTqmG378GQbrVFaqNLRbjHo3a5Qzeq6cIt1cXL/n47HPT8OMKM0oJXaP62/bfWWpXoDEpxNttc84tWh/ahS4SsSFQqtP03bohxwRG6zDXHH8JMV5JRU6heeV2q6/sGF2Hw79Yi/OnmWQl9O1fbQ5VSH9e3Ewh5rvI18ig3ZcXoXtUiqInlvNMJaLq/SKuDptYEyW3J3s+BU3Kjro7V9rrLn3g8kawjjN5ghrXfa84Jc0tvCoMSRF7toxaHNhFSIwiNkXSdVUOQVOyyXd72AdHr6Q94JF0/Z8oC6JaL/f4XyGLWyBtxn5lAG1Kq3F38eA5X1RsjOYZaMCqg07VmqEWOldqvFtelNQMUmv5u+zGRxeasVt3r1UPF2/cppCLo1qLitblDgzCAG+Nud2RR9C/KiC4O6M82G6VXt5akpkXbmBmSPY9dfHBPi4dcD7P6BXanZnmUFA1xaD4/6gNzco33IVaH+lDkF18hLZQf26TgrH7OTc7us/vytmCNkTfjMErASzKLyGBsSLpPhjkpcMRfURg47DIF8n8UoJOZzAF/gvBJjCye8YdFIQ0ZDJlLJ68rBcEAc5EzfQzh1Ipkz7N7GYfhs9L5TD0VCxzV6wyMi1InexmSwPfha15ULnbZ7qbs0REsDEYE6lkOWJJqd1WeMKJkU4/mqDu4+Y3EXWmKpEVsLBd+ZpkzqK+MPH5OHjzjR9nFjoVeYFes+vcPRE3Vs+fpEaxc5XccdAHYYkraihh3biM2N1KFSyqRAcscK5I7d80lF8gR6fS0Yf4wBeH7/RSFqBgLYX1mxGsYHDb75Kn3aa+t0cZRMpCQ8asbhilJ/AXgsM65AjaasSTR3SZUqwrMlkI9x4iVrHUuqWNM8tXlPP3fZ3SsyKmWAsokrPBSBIiMZOszfDSb/tCmL4+lajXkPl9YToB+yBe8t2Sgd2ED/eGQmE4I4kTK9CHj2P0LfMyMxq9STnmd5TCzvnqVE1GLfXf5uRbrSBHFtwUtW+KdGvgycYPAAnjrQhOcNTplHwMAvpzCNc238OUuILJnI6/oswzI8hwyiYImbR/AaKxpxcaGhjN3nIUc2+aE/YidWU8tIJQc049vSeKjEv1egMTWrejMd6rrFEPjhgdN2O20uM=,iv:GqDvJ/YmQ3d5UWclUb45nWT29fxBd/UFKA6dNZYW/tM=,tag:KZF6B10+fA69KRfgpJJEmw==,type:str]
sops:
age:
- recipient: age19gj66fq5v2veu940ftyj4pkw0w5tgxgddlyqnd00pnjzyndevurqx70g4t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMUplWU5qaCtnTFZQUFRq
T0xRWWFuMmlqemt6YSswdCs1WnVrQlVIMGpNCndwQ3QweXRUb09TQjhTQ01wTldn
djZzRXAwMU9kYmhRL1hmVDFlcVpIYUUKLS0tIHZ1YXF6RXVManZJMHVZK1FJV3d2
cG56R1VxS2JWVzViZkQrNjNUMEZ0Mk0KeFmBCFu3ZMXo0gU+3hK+AGvQzo0GOcLB
JboZWaQRDbETJR9YL3k+Lyg6S7+7ab2wHuayRrEAN3l7rvvfqxSkAA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-22T01:43:27Z"
mac: ENC[AES256_GCM,data:1AjpdP2JMhQAD5hby0FaTmX4P3wnwAFUd1od7I18hfqI8MJ39VITpvH8eEMBs8CBKnrLQ0cDTcmxj/sVpBKFKIzjJ3g11ZY/9U3/W4g3xKdZcIA3gmDwmLGh7X8WNtRmGmCIygs2I4jBCD+ZIILw5GEmXgAlzO1rjgPBiGpPil8=,iv:PlFJtVew4s4Sf8eVRvCQbg0XhpCy1bQnkE3tUo1iH5g=,tag:Dz9fA6KajDrYgOrHEJ2hEQ==,type:str]
encrypted_regex: ^(data|stringData)$
mac_only_encrypted: true
version: 3.11.0
================================================
FILE: .archive/kubernetes/tf-controller/terraform/gcp/terraform.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/infra.contrib.fluxcd.io/terraform_v1alpha1.json
apiVersion: infra.contrib.fluxcd.io/v1alpha1
kind: Terraform
metadata:
name: storage
namespace: flux-system
spec:
interval: 12h
path: ./terraform
sourceRef:
kind: OCIRepository
name: flux-system
namespace: flux-system
runnerPodTemplate:
spec:
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
valueFrom:
secretKeyRef:
name: gcp-creds
key: key
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
================================================
FILE: .archive/kubernetes/thanos/app/helmrelease.yaml
================================================
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: thanos
namespace: observability
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: thanos
namespace: flux-syst
gitextract_vikb4s18/ ├── .archive/ │ └── kubernetes/ │ ├── apps/ │ │ └── base/ │ │ └── flux-system/ │ │ └── repositories/ │ │ ├── git/ │ │ │ └── archive/ │ │ │ └── origin-ca-issuer-chart.yaml │ │ └── helm/ │ │ └── archive/ │ │ ├── actions-runner-controller.yaml │ │ ├── backube-charts.yaml │ │ ├── bitnami-charts.yaml │ │ ├── cilium-chart.yaml │ │ ├── coredns-charts.yaml │ │ ├── crossplane-charts.yaml │ │ ├── csi-driver-nfs-chart.yaml │ │ ├── descheduler-chart.yaml │ │ ├── emberstack-charts.yaml │ │ ├── emqx-charts.yaml │ │ ├── external-dns-chart.yaml │ │ ├── falco-security-charts.yaml │ │ ├── flagger-charts.yaml │ │ ├── grafana-charts.yaml │ │ ├── jaegertracing-charts.yaml │ │ ├── jetstack-charts.yaml │ │ ├── kiali-charts.yaml │ │ ├── kubefed-charts.yaml │ │ ├── kubereboot-charts.yaml │ │ ├── kubernetes-stable-charts.yaml │ │ ├── kyverno-charts.yaml │ │ ├── litmuschaos-charts.yaml │ │ ├── mayastor-chart.yaml │ │ ├── metallb-charts.yaml │ │ ├── metrics-server-chart.yaml │ │ ├── node-feature-discovery-chart.yaml │ │ ├── oauth2-proxy-chart.yaml │ │ ├── openebs-charts.yaml │ │ ├── openfaas-charts.yaml │ │ ├── otel-charts.yaml │ │ ├── postfinance-charts.yaml │ │ ├── rook-ceph.yaml │ │ ├── sealed-secrets-charts.yaml │ │ ├── secrets-store-csi-driver-chart.yaml │ │ ├── stakater-charts.yaml │ │ ├── traefik-charts.yaml │ │ ├── vernemq-charts.yaml │ │ ├── vmware-charts.yaml │ │ └── xunholy-charts.yaml │ ├── bazarr/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── ocirepository.yaml │ │ │ ├── pvc.yaml │ │ │ ├── resources/ │ │ │ │ └── subcleaner.sh │ │ │ └── secret.enc.age.yaml │ │ └── ks.yaml │ ├── blocky/ │ │ ├── app/ │ │ │ ├── configs/ │ │ │ │ └── config.yml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── cert-manager-csi-driver/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── cloudflare-ddns/ │ │ ├── app/ │ │ │ ├── deployment.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.enc.yaml │ │ └── ks.yaml │ ├── coredns/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── cross-seed/ │ │ ├── app/ │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── ocirepository.yaml │ │ └── ks.yaml │ ├── csi-driver-nfs/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── emqx/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── cluster/ │ │ │ ├── cluster.yaml │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── podmonitor.yaml │ │ │ └── secret.enc.age.yaml │ │ └── ks.yaml │ ├── external-dns-unifi/ │ │ ├── app/ │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── ocirepository.yaml │ │ │ └── values.yaml │ │ └── ks.yaml │ ├── goldilocks/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── istio-csr/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── issuer.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── istio-ingress/ │ │ ├── README.md │ │ ├── bedrock-broadcaster/ │ │ │ ├── app/ │ │ │ │ ├── certificates.yaml │ │ │ │ ├── gateway.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── github/ │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ ├── istio-gateway/ │ │ │ ├── app/ │ │ │ │ ├── authorization-policy.yaml │ │ │ │ ├── certificates.yaml │ │ │ │ ├── gateway.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── plex/ │ │ ├── httproute.yaml │ │ └── kustomization.yaml │ ├── istio-system/ │ │ ├── README.md │ │ ├── flagger/ │ │ │ ├── app/ │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── istio-base/ │ │ │ ├── app/ │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── istio-cni/ │ │ │ ├── app/ │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── istiod/ │ │ │ ├── app/ │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── podmonitor.yaml │ │ │ └── ks.yaml │ │ ├── kustomization.yaml │ │ └── namespace.yaml │ ├── jaeger/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── k8s-gateway/ │ │ ├── app/ │ │ │ ├── Corefile │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kiali/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kubefed/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kured/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── litmus/ │ │ ├── kustomization.yaml │ │ ├── litmus/ │ │ │ ├── app/ │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── httproute.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ ├── litmus-core/ │ │ │ ├── app/ │ │ │ │ ├── helmrelease.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── ks.yaml │ │ └── namespace.yaml │ ├── loki-stack/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── metallb/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── config/ │ │ │ ├── ipaddresspool.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── node-feature-discovery/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── networkpolicy.yaml │ │ └── ks.yaml │ ├── openclaw/ │ │ ├── app/ │ │ │ ├── backendtrafficpolicy.yaml │ │ │ ├── configmap.yaml │ │ │ ├── externalsecret.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ ├── replicationsource.yaml │ │ │ └── volsync-externalsecret.yaml │ │ └── ks.yaml │ ├── openebs-system/ │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── openebs/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── openfaas/ │ │ ├── README.md │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ ├── networkpolicy.yaml │ │ └── openfaas/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── openfaas-fn/ │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── networkpolicy.yaml │ ├── origin-ca-issuer/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── plex/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── reloader/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── sealed-secrets/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── secret-store-csi-driver/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── snmp-exporter/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── speedtest/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── tf-controller/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── terraform/ │ │ └── gcp/ │ │ ├── secret.enc.age.yaml │ │ └── terraform.yaml │ ├── thanos/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.enc.age.yaml │ │ └── ks.yaml │ ├── traefik-ingress/ │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── traefik/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── velero/ │ │ ├── kustomization.yaml │ │ ├── namespace.yaml │ │ └── velero/ │ │ ├── app/ │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret.enc.age.yaml │ │ └── ks.yaml │ └── vmangos/ │ ├── README.md │ ├── app/ │ │ ├── dnsendpoint.yaml │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ ├── pvc-data.yaml │ │ ├── pvc-database.yaml │ │ ├── replicationsource.yaml │ │ ├── tcproutes.yaml │ │ └── volsync-externalsecret.yaml │ └── ks.yaml ├── .claude/ │ └── agents/ │ ├── README.md │ ├── dependency-mapper.md │ ├── flux-troubleshooter.md │ ├── gitops-deployer.md │ ├── resource-optimizer.md │ └── security-auditor.md ├── .gitattributes ├── .github/ │ ├── CODEOWNERS │ ├── CODE_OF_CONDUCT.md │ ├── CONTRIBUTING.md │ ├── ISSUE_TEMPLATE/ │ │ ├── bug_report.yaml │ │ └── feature_request.yaml │ ├── pull_request_template.md │ ├── renovate.json5 │ └── workflows/ │ ├── azerothcore.yaml │ ├── cmangos-registration.yaml │ ├── cmangos.yaml │ ├── dex-k8s-authenticator.yaml │ ├── flux-local.yaml │ ├── oci.yaml │ ├── oidc.yaml │ ├── render-talos-manifests.yaml │ ├── renovate.yaml │ ├── terraform.yaml │ └── test-e2e.yaml ├── .gitignore ├── .pre-commit-config.yaml ├── .renovate/ │ ├── autoMerge.json5 │ ├── changelogs.json5 │ ├── customManagers.json5 │ ├── grafanaDashboards.json5 │ ├── groups.json5 │ ├── labels.json5 │ └── semanticCommits.json5 ├── .sops.yaml ├── .sourceignore ├── .taskfiles/ │ ├── bootstrap/ │ │ └── Taskfile.yaml │ ├── core/ │ │ └── Taskfile.yaml │ ├── flux/ │ │ └── Taskfile.yaml │ └── talos/ │ └── Taskfile.yaml ├── .yamllint.yaml ├── CLAUDE.md ├── LICENSE ├── README.md ├── Taskfile.yml ├── docs/ │ └── index.html ├── hack/ │ ├── cf-terraforming.sh │ ├── delete-all.sh │ ├── finalizer-pods.sh │ ├── finalizer.sh │ ├── openebs.sh │ ├── restart.sh │ └── update.sh ├── kubernetes/ │ ├── apps/ │ │ ├── base/ │ │ │ ├── actions-runner-system/ │ │ │ │ ├── gha-runner-scale-set/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ └── rbac.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── gha-runner-scale-set-controller/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── namespace.yaml │ │ │ ├── ai-system/ │ │ │ │ ├── kagent/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── values.enc.age.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── crds/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kgateway/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── crds/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kmcp/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── values.enc.age.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ ├── crds/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── n8n/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── helmrepository.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── values.enc.age.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ ├── ollama/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── open-webui/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── crossplane-system/ │ │ │ │ ├── crossplane/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ ├── ks.yaml │ │ │ │ │ ├── packages/ │ │ │ │ │ │ └── gitops/ │ │ │ │ │ │ ├── composition.yaml │ │ │ │ │ │ ├── crossplane.yaml │ │ │ │ │ │ └── definition.yaml │ │ │ │ │ └── providers/ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── provider.yaml │ │ │ │ ├── examples/ │ │ │ │ │ ├── example.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── providerconfig.yaml │ │ │ │ │ └── secret.enc.age.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── namespace.yaml │ │ │ ├── democratic-csi/ │ │ │ │ ├── democratic-csi/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── secret.enc.age.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── namespace.yaml │ │ │ ├── development/ │ │ │ │ ├── backstage/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ ├── open-feature-operator/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── vcluster/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── external-secrets/ │ │ │ │ ├── external-secrets/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── pdb.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ └── onepassword/ │ │ │ │ ├── app/ │ │ │ │ │ ├── clustersecretstore.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── flux-system/ │ │ │ │ ├── artifact-generator/ │ │ │ │ │ ├── artifactgenerator.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── flux-instance/ │ │ │ │ │ ├── extras/ │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── podmonitor.yaml │ │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ │ ├── receiver.yaml │ │ │ │ │ │ └── secret.enc.age.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── repositories/ │ │ │ │ ├── git/ │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── helm/ │ │ │ │ │ ├── backstage-charts.yaml │ │ │ │ │ ├── crowdsec-charts.yaml │ │ │ │ │ ├── democratic-csi-charts.yaml │ │ │ │ │ ├── dex-chart.yaml │ │ │ │ │ ├── fairwinds-charts.yaml │ │ │ │ │ ├── fluxcd-kustomize-mutating-webhook-chart.yaml │ │ │ │ │ ├── gatekeeper-charts.yaml │ │ │ │ │ ├── harbor-charts.yaml │ │ │ │ │ ├── ingress-nginx-chart.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── loft-charts.yaml │ │ │ │ │ ├── minecraft-server-charts.yaml │ │ │ │ │ ├── ollama-charts.yaml │ │ │ │ │ ├── open-webui-charts.yaml │ │ │ │ │ └── openfeature-charts.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── oci/ │ │ │ │ ├── bjw-charts.yaml │ │ │ │ ├── controlplaneio-charts.yaml │ │ │ │ ├── gha-runner-scale-set-charts.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── prometheus-community-charts.yaml │ │ │ │ └── xentra-charts.yaml │ │ │ ├── game-servers/ │ │ │ │ ├── adminer/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── azerothcore/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-client-data.yaml │ │ │ │ │ │ ├── pvc-cores.yaml │ │ │ │ │ │ ├── pvc-database.yaml │ │ │ │ │ │ ├── realm-config-job.yaml │ │ │ │ │ │ ├── realmlist.sql │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── resources/ │ │ │ │ │ │ │ ├── Dockerfile │ │ │ │ │ │ │ └── fifo-wrapper.sh │ │ │ │ │ │ ├── tcproutes.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── cmangos/ │ │ │ │ │ ├── README.md │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── achievements-migration-job.yaml │ │ │ │ │ │ ├── attunement-migration-job.yaml │ │ │ │ │ │ ├── barber-migration-job.yaml │ │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ │ ├── dualspec-migration-job.yaml │ │ │ │ │ │ ├── externalsecret-database.yaml │ │ │ │ │ │ ├── hardcore-migration-job.yaml │ │ │ │ │ │ ├── hearthstone-cd-migration-job.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── lookup-gm-security-migration-job.yaml │ │ │ │ │ │ ├── mangos-string-517-migration-job.yaml │ │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ │ ├── pvc-cores.yaml │ │ │ │ │ │ ├── pvc-data.yaml │ │ │ │ │ │ ├── pvc-database.yaml │ │ │ │ │ │ ├── pvc-logs.yaml │ │ │ │ │ │ ├── realm-address-migration-job.yaml │ │ │ │ │ │ ├── realm-pvp-migration-job.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── tcproutes.yaml │ │ │ │ │ │ ├── trainingdummies-migration-job.yaml │ │ │ │ │ │ ├── transmog-migration-job.yaml │ │ │ │ │ │ ├── twink-vendor-migration-job.yaml │ │ │ │ │ │ ├── vip-master-spell-migration-job.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── cmangos-ptr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── db-init-job.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-cores.yaml │ │ │ │ │ │ ├── pvc-data.yaml │ │ │ │ │ │ ├── pvc-logs.yaml │ │ │ │ │ │ ├── realm-row-migration-job.yaml │ │ │ │ │ │ └── tcproute.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── emberstone-portal/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret-soap.yaml │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── resources/ │ │ │ │ │ │ ├── bot_filter.php │ │ │ │ │ │ ├── config.php │ │ │ │ │ │ ├── footer.php │ │ │ │ │ │ ├── header.php │ │ │ │ │ │ ├── howtoconnect.php │ │ │ │ │ │ ├── main.php │ │ │ │ │ │ └── posts.php │ │ │ │ │ └── ks.yaml │ │ │ │ ├── enemy-territory/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── configmap.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── secret.enc.age.yaml │ │ │ │ │ │ └── udproute.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── minecraft/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── config/ │ │ │ │ │ │ │ └── geysermc.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── secret.enc.age.yaml │ │ │ │ │ │ ├── tcproute.yaml │ │ │ │ │ │ ├── values.enc.age.yaml │ │ │ │ │ │ ├── values.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── minecraft-bedrock/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── udproute.yaml │ │ │ │ │ │ ├── values.enc.age.yaml │ │ │ │ │ │ ├── values.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── minecraft-bedrock-broadcaster/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── udproute.yaml │ │ │ │ │ │ ├── values.enc.age.yaml │ │ │ │ │ │ ├── values.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── minecraft-pixelmon/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── minecraft-proxy/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── minecraft-rcon-web/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── secret.enc.age.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── minecraft-router/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── minecraft-witherstorm/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── namespace.yaml │ │ │ ├── harbor/ │ │ │ │ ├── harbor/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── namespace.yaml │ │ │ ├── home-system/ │ │ │ │ ├── autobrr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── bazarr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── home-assistant/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── jellyseerr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── mosquitto/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ ├── prowlarr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── qbittorrent/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── qui/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── radarr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── recyclarr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── resources/ │ │ │ │ │ │ │ └── recyclarr.yml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── sabnzbd/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── resources/ │ │ │ │ │ │ │ └── xseed.sh │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── smtp-relay/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── sonarr/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── tautulli/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── zigbee2mqtt/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── pvc-ceph.yaml │ │ │ │ │ ├── pvc.yaml │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kguardian/ │ │ │ │ ├── kguardian/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── auditnetworkpolicy-baseline.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── pvc-database.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── namespace.yaml │ │ │ ├── kube-system/ │ │ │ │ ├── cilium/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── loadbalancer.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── descheduler/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── keda/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kubelet-csr-approver/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── metrics-server/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ ├── priorityclass.yaml │ │ │ │ ├── reflector/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── snapshot-controller/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── spegel/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── tetragon/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── network-system/ │ │ │ │ ├── README.md │ │ │ │ ├── cert-manager/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── clusterissuer-prod.yaml │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── cloudflare-tunnel/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── dnsendpoint.yaml │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── dex/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── README.md │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── dex-k8s-authenticator/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── resources/ │ │ │ │ │ │ ├── Dockerfile │ │ │ │ │ │ ├── dex-auth.go │ │ │ │ │ │ ├── entrypoint.sh │ │ │ │ │ │ ├── go.mod │ │ │ │ │ │ ├── go.sum │ │ │ │ │ │ ├── html/ │ │ │ │ │ │ │ └── static/ │ │ │ │ │ │ │ ├── main.css │ │ │ │ │ │ │ ├── snippets.js │ │ │ │ │ │ │ ├── styles.css │ │ │ │ │ │ │ ├── tabs.css │ │ │ │ │ │ │ └── tooltips.js │ │ │ │ │ │ ├── main.go │ │ │ │ │ │ ├── templates/ │ │ │ │ │ │ │ ├── error.html │ │ │ │ │ │ │ ├── id-token-tab.html │ │ │ │ │ │ │ ├── index.html │ │ │ │ │ │ │ ├── kubeconfig.html │ │ │ │ │ │ │ ├── linux-mac-common.html │ │ │ │ │ │ │ ├── linux-tab.html │ │ │ │ │ │ │ ├── mac-tab.html │ │ │ │ │ │ │ └── windows-tab.html │ │ │ │ │ │ └── templates.go │ │ │ │ │ └── ks.yaml │ │ │ │ ├── echo-server/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── envoy-gateway/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── certificates.yaml │ │ │ │ │ │ ├── envoy.yaml │ │ │ │ │ │ ├── gatewayclass.yaml │ │ │ │ │ │ ├── gateways.yaml │ │ │ │ │ │ ├── grafanadashboards.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproutes.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── monitors.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── pdb.yaml │ │ │ │ │ │ └── policies.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── external-dns/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── pdb.yaml │ │ │ │ │ │ ├── prometheusrule.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── external-dns-unifi/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── multus/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── rbac.yaml │ │ │ │ │ ├── ks.yaml │ │ │ │ │ └── networks/ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── network.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ └── oauth2-proxy/ │ │ │ │ ├── app/ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── ocirepository.yaml │ │ │ │ └── ks.yaml │ │ │ ├── nginx-ingress/ │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ └── nginx-ingress/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── observability/ │ │ │ │ ├── blackbox-exporter/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── probes.yaml │ │ │ │ │ │ └── values.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── grafana/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ ├── instance/ │ │ │ │ │ │ ├── grafana.yaml │ │ │ │ │ │ ├── grafanadatasource.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── replicationsource.yaml │ │ │ │ │ │ ├── servicemonitor.yaml │ │ │ │ │ │ └── volsync-externalsecret.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kromgo/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ │ └── resources/ │ │ │ │ │ │ └── config.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kube-prometheus-stack/ │ │ │ │ │ ├── README.md │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── alertmanager-replicationsource.yaml │ │ │ │ │ │ ├── alertmanager-volsync-externalsecret.yaml │ │ │ │ │ │ ├── alertmanagerconfig.yaml │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ │ ├── prometheus-replicationsource.yaml │ │ │ │ │ │ ├── prometheus-volsync-externalsecret.yaml │ │ │ │ │ │ ├── resources/ │ │ │ │ │ │ │ └── flux-metrics.yaml │ │ │ │ │ │ ├── scrapeconfig.yaml │ │ │ │ │ │ └── silence-watchdog.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── loki/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ ├── otel/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── silence-operator/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── vpa/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ks.yaml │ │ │ ├── preview-system/ │ │ │ │ ├── app/ │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── resourceset.yaml │ │ │ │ │ └── resourcesetinputprovider.yaml │ │ │ │ ├── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── namespace.yaml │ │ │ ├── rook-ceph/ │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── namespace.yaml │ │ │ │ └── rook-ceph/ │ │ │ │ ├── app/ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ ├── pdb.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── cluster/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ ├── ocirepository.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── security-system/ │ │ │ │ ├── crowdsec/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── falco/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── falco-exporter/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── gatekeeper/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── podmonitor.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kyverno/ │ │ │ │ │ ├── app/ │ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ocirepository.yaml │ │ │ │ │ └── ks.yaml │ │ │ │ └── namespace.yaml │ │ │ └── volsync-system/ │ │ │ ├── kopia/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── httproute.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── namespace.yaml │ │ │ └── volsync/ │ │ │ ├── app/ │ │ │ │ ├── grafanadashboard.yaml │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ ├── mutatingadmissionpolicy.yaml │ │ │ │ ├── ocirepository.yaml │ │ │ │ ├── prometheusrule.yaml │ │ │ │ └── values.yaml │ │ │ ├── ks.yaml │ │ │ └── maintenance/ │ │ │ ├── kopiamaintenance.yaml │ │ │ ├── kustomization.yaml │ │ │ └── mutatingadmissionpolicy.yaml │ │ └── overlays/ │ │ └── cluster-00/ │ │ └── kustomization.yaml │ ├── bootstrap/ │ │ └── helmfile.yaml │ ├── clusters/ │ │ └── cluster-00/ │ │ ├── flux-system/ │ │ │ ├── flux-instance/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ ├── flux-operator/ │ │ │ │ ├── app/ │ │ │ │ │ ├── helmrelease.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ │ └── values.yaml │ │ │ │ └── ks.yaml │ │ │ └── kustomize-mutating-webhook/ │ │ │ ├── app/ │ │ │ │ ├── helmrelease.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── kustomizeconfig.yaml │ │ │ │ └── values.yaml │ │ │ └── ks.yaml │ │ ├── ks.yaml │ │ └── secrets/ │ │ ├── .sops.pub.asc │ │ ├── cluster-config.yaml │ │ ├── cluster-secrets.enc.age.yaml │ │ ├── github-auth.enc.age.yaml │ │ └── sops-age.encrypted.yaml │ ├── components/ │ │ ├── common/ │ │ │ ├── alerts/ │ │ │ │ ├── github/ │ │ │ │ │ ├── alerts.yaml │ │ │ │ │ ├── externalsecret.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── provider.yaml │ │ │ │ └── kustomization.yaml │ │ │ └── kustomization.yaml │ │ └── volsync/ │ │ ├── externalsecret.yaml │ │ ├── kustomization.yaml │ │ ├── pvc.yaml │ │ ├── replicationdestination.yaml │ │ └── replicationsource.yaml │ └── tenants/ │ └── .gitkeep ├── talos/ │ ├── README.md │ ├── generated/ │ │ ├── controlplane.enc.age.yaml │ │ └── talosconfig.enc.age.yaml │ ├── integrations/ │ │ ├── cert-approver/ │ │ │ ├── .gitignore │ │ │ ├── README.md │ │ │ ├── cert-approver.yaml │ │ │ ├── kustomization.yaml │ │ │ └── transformers.yaml │ │ └── cilium/ │ │ ├── .gitignore │ │ ├── README.md │ │ ├── cilium.yaml │ │ ├── kustomization.yaml │ │ └── transformers.yaml │ └── patches/ │ ├── iscsi.yaml │ ├── metric-server.yaml │ └── metrics.yaml ├── terraform/ │ └── gcp/ │ ├── README.md │ ├── _backend.tf │ ├── _provider.tf │ ├── install.sh │ ├── sops.tf │ ├── thanos.tf │ ├── variables.tf │ └── velero.tf └── wrangler.toml
SYMBOL INDEX (36 symbols across 6 files)
FILE: kubernetes/apps/base/game-servers/emberstone-portal/app/resources/bot_filter.php
function portal_bot_account_ids (line 24) | function portal_bot_account_ids()
function portal_apply_bot_filter (line 44) | function portal_apply_bot_filter($qb)
function portal_online_count (line 54) | function portal_online_count($realm)
function portal_online_players (line 64) | function portal_online_players($realm)
function portal_recent_activity (line 83) | function portal_recent_activity($realm, $windowSeconds = 2592000)
function portal_highest_level_char (line 103) | function portal_highest_level_char($realm)
function portal_format_last_seen (line 120) | function portal_format_last_seen($row)
function portal_top_playtime (line 138) | function portal_top_playtime($realm)
function portal_top_killers (line 150) | function portal_top_killers($realm)
function portal_top_honorpoints (line 184) | function portal_top_honorpoints($realm)
function portal_top_arenapoints (line 226) | function portal_top_arenapoints($realm)
function portal_top_arenateams (line 247) | function portal_top_arenateams($realm)
FILE: kubernetes/apps/base/game-servers/emberstone-portal/app/resources/config.php
function portal_compute_srp6 (line 182) | function portal_compute_srp6($username, $password, $server_core) {
function portal_create_mirror_account (line 202) | function portal_create_mirror_account($exp_config, $username, $password,...
FILE: kubernetes/apps/base/network-system/dex-k8s-authenticator/app/resources/dex-auth.go
constant exampleAppState (line 18) | exampleAppState = "Vgn2lp5QnymFtLntKX5dM8k773PwcM87T4hQtiESC1q8wkUBgw5D3...
method oauth2Config (line 20) | func (cluster *Cluster) oauth2Config() *oauth2.Config {
method handleIndex (line 31) | func (config *Config) handleIndex(w http.ResponseWriter, r *http.Request) {
method handleLogin (line 40) | func (cluster *Cluster) handleLogin(w http.ResponseWriter, r *http.Reque...
method handleCallback (line 51) | func (cluster *Cluster) handleCallback(w http.ResponseWriter, r *http.Re...
FILE: kubernetes/apps/base/network-system/dex-k8s-authenticator/app/resources/html/static/tooltips.js
function clearTooltip (line 2) | function clearTooltip(e){e.currentTarget.setAttribute('class','btn');e.c...
function showTooltip (line 3) | function showTooltip(elem,msg){elem.setAttribute('class','btn tooltipped...
function fallbackMessage (line 4) | function fallbackMessage(action){var actionMsg='';var actionKey=(action=...
FILE: kubernetes/apps/base/network-system/dex-k8s-authenticator/app/resources/main.go
type debugTransport (line 32) | type debugTransport struct
method RoundTrip (line 36) | func (d debugTransport) RoundTrip(req *http.Request) (*http.Response, ...
type Cluster (line 58) | type Cluster struct
type Config (line 84) | type Config struct
function substituteEnvVars (line 100) | func substituteEnvVars(text string) string {
function start_app (line 114) | func start_app(config Config) {
function substituteEnvVarsRecursive (line 302) | func substituteEnvVarsRecursive(copy, original reflect.Value) {
function initConfig (line 375) | func initConfig() {
function init (line 411) | func init() {
function main (line 423) | func main() {
FILE: kubernetes/apps/base/network-system/dex-k8s-authenticator/app/resources/templates.go
function renderIndex (line 17) | func renderIndex(w http.ResponseWriter, config *Config) {
type templateData (line 26) | type templateData struct
method renderToken (line 49) | func (cluster *Cluster) renderToken(w http.ResponseWriter,
method renderHTMLError (line 100) | func (cluster *Cluster) renderHTMLError(w http.ResponseWriter, errorMsg ...
Condensed preview — 1068 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (1,945K chars).
[
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/git/archive/origin-ca-issuer-chart.yaml",
"chars": 372,
"preview": "---\n# TODO: Once the chart is published use HelmRepository\napiVersion: source.toolkit.fluxcd.io/v1\nkind: GitRepository\nm"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/actions-runner-controller.yaml",
"chars": 354,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/backube-charts.yaml",
"chars": 312,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/bitnami-charts.yaml",
"chars": 308,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/cilium-chart.yaml",
"chars": 295,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/coredns-charts.yaml",
"chars": 304,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/crossplane-charts.yaml",
"chars": 312,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/csi-driver-nfs-chart.yaml",
"chars": 352,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/descheduler-chart.yaml",
"chars": 322,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/emberstack-charts.yaml",
"chars": 318,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/emqx-charts.yaml",
"chars": 294,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/external-dns-chart.yaml",
"chars": 324,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/falco-security-charts.yaml",
"chars": 319,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/flagger-charts.yaml",
"chars": 293,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/grafana-charts.yaml",
"chars": 311,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/jaegertracing-charts.yaml",
"chars": 323,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/jetstack-charts.yaml",
"chars": 302,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kiali-charts.yaml",
"chars": 301,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kubefed-charts.yaml",
"chars": 345,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kubereboot-charts.yaml",
"chars": 313,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kubernetes-stable-charts.yaml",
"chars": 313,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/kyverno-charts.yaml",
"chars": 308,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/litmuschaos-charts.yaml",
"chars": 320,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/mayastor-chart.yaml",
"chars": 320,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/metallb-charts.yaml",
"chars": 307,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/metrics-server-chart.yaml",
"chars": 328,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/node-feature-discovery-chart.yaml",
"chars": 351,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/oauth2-proxy-chart.yaml",
"chars": 318,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/openebs-charts.yaml",
"chars": 306,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/openfaas-charts.yaml",
"chars": 313,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/otel-charts.yaml",
"chars": 329,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/postfinance-charts.yaml",
"chars": 328,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/rook-ceph.yaml",
"chars": 299,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/sealed-secrets-charts.yaml",
"chars": 326,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/secrets-store-csi-driver-chart.yaml",
"chars": 355,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/stakater-charts.yaml",
"chars": 317,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/traefik-charts.yaml",
"chars": 305,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/vernemq-charts.yaml",
"chars": 314,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/vmware-charts.yaml",
"chars": 315,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/apps/base/flux-system/repositories/helm/archive/xunholy-charts.yaml",
"chars": 320,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1beta2"
},
{
"path": ".archive/kubernetes/bazarr/app/helmrelease.yaml",
"chars": 3720,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/s"
},
{
"path": ".archive/kubernetes/bazarr/app/httproute.yaml",
"chars": 552,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/bazarr/app/kustomization.yaml",
"chars": 497,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/bazarr/app/ocirepository.yaml",
"chars": 402,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json\n"
},
{
"path": ".archive/kubernetes/bazarr/app/pvc.yaml",
"chars": 220,
"preview": "---\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: bazarr\n namespace: home-system\nspec:\n accessModes: [\""
},
{
"path": ".archive/kubernetes/bazarr/app/resources/subcleaner.sh",
"chars": 580,
"preview": "#!/usr/bin/env bash\n\nprintf \"Cleaning subtitles for '%s' ...\\n\" \"$1\"\npython3 /subcleaner/subcleaner/subcleaner.py \"$1\" -"
},
{
"path": ".archive/kubernetes/bazarr/app/secret.enc.age.yaml",
"chars": 1217,
"preview": "apiVersion: v1\nkind: Secret\nmetadata:\n name: bazarr-secret\n namespace: home-system\ntype: Opaque\nstringData:\n PLEX_TOK"
},
{
"path": ".archive/kubernetes/bazarr/ks.yaml",
"chars": 607,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/blocky/app/configs/config.yml",
"chars": 3556,
"preview": "---\n# https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-tls/#how-it-works\nupstream:\n default:\n - tcp-tls"
},
{
"path": ".archive/kubernetes/blocky/app/helmrelease.yaml",
"chars": 3092,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/s"
},
{
"path": ".archive/kubernetes/blocky/app/kustomization.yaml",
"chars": 254,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/blocky/ks.yaml",
"chars": 538,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/cert-manager-csi-driver/app/helmrelease.yaml",
"chars": 861,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/cert-manager-csi-driver/app/kustomization.yaml",
"chars": 202,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/cert-manager-csi-driver/ks.yaml",
"chars": 572,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/cloudflare-ddns/app/deployment.yaml",
"chars": 1494,
"preview": "---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: cloudflare-ddns\n name: cloudflare-ddns\n namespac"
},
{
"path": ".archive/kubernetes/cloudflare-ddns/app/kustomization.yaml",
"chars": 195,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/cloudflare-ddns/app/secret.enc.yaml",
"chars": 2465,
"preview": "apiVersion: v1\ndata:\n api-token: ENC[AES256_GCM,data:d5RH6/yKHPhv0zGikfuG3pdP2Y6ur9Mv6XqOvsMD30v3NxmspWQnGNjBQFrqye4/"
},
{
"path": ".archive/kubernetes/cloudflare-ddns/ks.yaml",
"chars": 556,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/coredns/app/helmrelease.yaml",
"chars": 4962,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/coredns/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/coredns/ks.yaml",
"chars": 540,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/cross-seed/app/externalsecret.yaml",
"chars": 1956,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json\napiV"
},
{
"path": ".archive/kubernetes/cross-seed/app/helmrelease.yaml",
"chars": 2827,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-templ"
},
{
"path": ".archive/kubernetes/cross-seed/app/kustomization.yaml",
"chars": 223,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/cross-seed/app/ocirepository.yaml",
"chars": 406,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json\n"
},
{
"path": ".archive/kubernetes/cross-seed/ks.yaml",
"chars": 610,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/csi-driver-nfs/app/helmrelease.yaml",
"chars": 1184,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/csi-driver-nfs/app/kustomization.yaml",
"chars": 199,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/csi-driver-nfs/ks.yaml",
"chars": 545,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/emqx/app/helmrelease.yaml",
"chars": 942,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/emqx/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/emqx/cluster/cluster.yaml",
"chars": 1244,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/apps.emqx.io/emqx_v2beta1.json\napiVersion: apps"
},
{
"path": ".archive/kubernetes/emqx/cluster/httproute.yaml",
"chars": 557,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/emqx/cluster/kustomization.yaml",
"chars": 235,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/emqx/cluster/podmonitor.yaml",
"chars": 818,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json\napiVer"
},
{
"path": ".archive/kubernetes/emqx/cluster/secret.enc.age.yaml",
"chars": 2662,
"preview": "apiVersion: v1\nkind: Secret\nmetadata:\n name: emqx-secret\n namespace: home-system\ntype: Opaque\nstringData:\n EMQX_DASHB"
},
{
"path": ".archive/kubernetes/emqx/ks.yaml",
"chars": 1064,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/external-dns-unifi/app/externalsecret.yaml",
"chars": 441,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json\napiV"
},
{
"path": ".archive/kubernetes/external-dns-unifi/app/helmrelease.yaml",
"chars": 903,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json"
},
{
"path": ".archive/kubernetes/external-dns-unifi/app/kustomization.yaml",
"chars": 355,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/external-dns-unifi/app/ocirepository.yaml",
"chars": 457,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json\n"
},
{
"path": ".archive/kubernetes/external-dns-unifi/app/values.yaml",
"chars": 894,
"preview": "fullnameOverride: external-dns-unifi\nprovider:\n name: webhook\n webhook:\n image:\n repository: ghcr.io/kashalls/"
},
{
"path": ".archive/kubernetes/external-dns-unifi/ks.yaml",
"chars": 562,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/goldilocks/app/helmrelease.yaml",
"chars": 807,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/goldilocks/app/httproute.yaml",
"chars": 574,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/goldilocks/app/kustomization.yaml",
"chars": 195,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/goldilocks/ks.yaml",
"chars": 605,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/istio-csr/app/helmrelease.yaml",
"chars": 3130,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/istio-csr/app/issuer.yaml",
"chars": 887,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/clusterissuer_v1.json\napiVersio"
},
{
"path": ".archive/kubernetes/istio-csr/app/kustomization.yaml",
"chars": 192,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-csr/ks.yaml",
"chars": 693,
"preview": "# TODO: Investigate the best way to enable this through using the helm charts.\n---\n# yaml-language-server: $schema=https"
},
{
"path": ".archive/kubernetes/istio-ingress/README.md",
"chars": 1726,
"preview": "# Istio\n\n> Note: This is still heavily a WIP\n\nStep 1: Download specific istio version\n\n```bash\ncurl -L https://istio.io/"
},
{
"path": ".archive/kubernetes/istio-ingress/bedrock-broadcaster/app/certificates.yaml",
"chars": 884,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json\napiVersion:"
},
{
"path": ".archive/kubernetes/istio-ingress/bedrock-broadcaster/app/gateway.yaml",
"chars": 841,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/networking.istio.io/gateway_v1beta1.json\napiVer"
},
{
"path": ".archive/kubernetes/istio-ingress/bedrock-broadcaster/app/kustomization.yaml",
"chars": 194,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-ingress/bedrock-broadcaster/ks.yaml",
"chars": 695,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/istio-ingress/github/httproute.yaml",
"chars": 842,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/istio-ingress/github/kustomization.yaml",
"chars": 191,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-ingress/github/service.yaml",
"chars": 272,
"preview": "---\n# External service definition for xunholy.github.io\napiVersion: v1\nkind: Service\nmetadata:\n name: xunholy-github-io"
},
{
"path": ".archive/kubernetes/istio-ingress/istio-gateway/app/authorization-policy.yaml",
"chars": 1254,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/security.istio.io/authorizationpolicy_v1beta1.j"
},
{
"path": ".archive/kubernetes/istio-ingress/istio-gateway/app/certificates.yaml",
"chars": 834,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json\napiVersion:"
},
{
"path": ".archive/kubernetes/istio-ingress/istio-gateway/app/gateway.yaml",
"chars": 772,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/networking.istio.io/gateway_v1beta1.json\napiVer"
},
{
"path": ".archive/kubernetes/istio-ingress/istio-gateway/app/helmrelease.yaml",
"chars": 1500,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/istio-ingress/istio-gateway/app/kustomization.yaml",
"chars": 262,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-ingress/istio-gateway/ks.yaml",
"chars": 669,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/istio-ingress/kustomization.yaml",
"chars": 199,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-ingress/namespace.yaml",
"chars": 269,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: istio-ingress\n labels:\n goldilocks.fairwinds.com/enabled: \"true"
},
{
"path": ".archive/kubernetes/istio-ingress/plex/httproute.yaml",
"chars": 836,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/istio-ingress/plex/kustomization.yaml",
"chars": 199,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-system/README.md",
"chars": 1726,
"preview": "# Istio\n\n> Note: This is still heavily a WIP\n\nStep 1: Download specific istio version\n\n```bash\ncurl -L https://istio.io/"
},
{
"path": ".archive/kubernetes/istio-system/flagger/app/helmrelease.yaml",
"chars": 952,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/istio-system/flagger/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-system/flagger/ks.yaml",
"chars": 596,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/istio-system/istio-base/app/helmrelease.yaml",
"chars": 1178,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/istio-system/istio-base/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-system/istio-base/ks.yaml",
"chars": 541,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/istio-system/istio-cni/app/helmrelease.yaml",
"chars": 1065,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/istio-system/istio-cni/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-system/istio-cni/ks.yaml",
"chars": 605,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/istio-system/istiod/app/helmrelease.yaml",
"chars": 2340,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/istio-system/istiod/app/kustomization.yaml",
"chars": 220,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-system/istiod/app/podmonitor.yaml",
"chars": 2031,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/podmonitor_v1.json\napiVer"
},
{
"path": ".archive/kubernetes/istio-system/istiod/ks.yaml",
"chars": 597,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/istio-system/kustomization.yaml",
"chars": 242,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/istio-system/namespace.yaml",
"chars": 268,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: istio-system\n labels:\n goldilocks.fairwinds.com/enabled: \"true\""
},
{
"path": ".archive/kubernetes/jaeger/app/helmrelease.yaml",
"chars": 1042,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/jaeger/app/httproute.yaml",
"chars": 561,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/jaeger/app/kustomization.yaml",
"chars": 195,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/jaeger/ks.yaml",
"chars": 535,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/k8s-gateway/app/Corefile",
"chars": 230,
"preview": ".:1053 {\n errors\n log\n health {\n lameduck 5s\n }\n ready\n k8s_gateway raspbernetes.com {\n apex k8s-gateway.ne"
},
{
"path": ".archive/kubernetes/k8s-gateway/app/helmrelease.yaml",
"chars": 2331,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/s"
},
{
"path": ".archive/kubernetes/k8s-gateway/app/kustomization.yaml",
"chars": 259,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/k8s-gateway/ks.yaml",
"chars": 545,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/kiali/app/helmrelease.yaml",
"chars": 1784,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/kiali/app/httproute.yaml",
"chars": 552,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/kiali/app/kustomization.yaml",
"chars": 195,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/kiali/ks.yaml",
"chars": 533,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/kubefed/app/helmrelease.yaml",
"chars": 2065,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/kubefed/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/kubefed/ks.yaml",
"chars": 531,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/kured/app/helmrelease.yaml",
"chars": 891,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/kured/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/kured/ks.yaml",
"chars": 527,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/litmus/kustomization.yaml",
"chars": 174,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/litmus/litmus/app/helmrelease.yaml",
"chars": 1057,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/litmus/litmus/app/httproute.yaml",
"chars": 576,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/litmus/litmus/app/kustomization.yaml",
"chars": 195,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/litmus/litmus/ks.yaml",
"chars": 581,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/litmus/litmus-core/app/helmrelease.yaml",
"chars": 936,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/litmus/litmus-core/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/litmus/litmus-core/ks.yaml",
"chars": 529,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/litmus/namespace.yaml",
"chars": 262,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: litmus\n labels:\n goldilocks.fairwinds.com/enabled: \"true\"\n k"
},
{
"path": ".archive/kubernetes/loki-stack/app/helmrelease.yaml",
"chars": 1172,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/loki-stack/app/kustomization.yaml",
"chars": 175,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/loki-stack/ks.yaml",
"chars": 542,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/metallb/app/helmrelease.yaml",
"chars": 1033,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/metallb/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/metallb/config/ipaddresspool.yaml",
"chars": 1423,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/metallb.io/ipaddresspool_v1beta1.json\napiVersio"
},
{
"path": ".archive/kubernetes/metallb/config/kustomization.yaml",
"chars": 178,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/metallb/ks.yaml",
"chars": 1155,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/node-feature-discovery/app/helmrelease.yaml",
"chars": 1608,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/node-feature-discovery/app/kustomization.yaml",
"chars": 201,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/node-feature-discovery/app/networkpolicy.yaml",
"chars": 697,
"preview": "---\napiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: node-feature-discovery\n namespace: network-s"
},
{
"path": ".archive/kubernetes/node-feature-discovery/ks.yaml",
"chars": 570,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/openclaw/app/backendtrafficpolicy.yaml",
"chars": 1206,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.envoyproxy.io/backendtrafficpolicy_v1al"
},
{
"path": ".archive/kubernetes/openclaw/app/configmap.yaml",
"chars": 2281,
"preview": "---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: openclaw-config\ndata:\n openclaw.json: |\n {\n \"gateway\": {\n "
},
{
"path": ".archive/kubernetes/openclaw/app/externalsecret.yaml",
"chars": 681,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json\napiV"
},
{
"path": ".archive/kubernetes/openclaw/app/helmrelease.yaml",
"chars": 6587,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-templ"
},
{
"path": ".archive/kubernetes/openclaw/app/httproute.yaml",
"chars": 641,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/openclaw/app/kustomization.yaml",
"chars": 340,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/openclaw/app/pvc.yaml",
"chars": 198,
"preview": "---\napiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: openclaw-data\nspec:\n accessModes:\n - ReadWriteOnce\n"
},
{
"path": ".archive/kubernetes/openclaw/app/replicationsource.yaml",
"chars": 645,
"preview": "---\napiVersion: volsync.backube/v1alpha1\nkind: ReplicationSource\nmetadata:\n name: openclaw\nspec:\n sourcePVC: openclaw-"
},
{
"path": ".archive/kubernetes/openclaw/app/volsync-externalsecret.yaml",
"chars": 431,
"preview": "---\napiVersion: external-secrets.io/v1\nkind: ExternalSecret\nmetadata:\n name: openclaw-volsync\nspec:\n secretStoreRef:\n "
},
{
"path": ".archive/kubernetes/openclaw/ks.yaml",
"chars": 616,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/openebs-system/kustomization.yaml",
"chars": 174,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/openebs-system/namespace.yaml",
"chars": 270,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: openebs-system\n labels:\n goldilocks.fairwinds.com/enabled: \"tru"
},
{
"path": ".archive/kubernetes/openebs-system/openebs/app/helmrelease.yaml",
"chars": 1028,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/openebs-system/openebs/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/openebs-system/openebs/ks.yaml",
"chars": 538,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/openfaas/README.md",
"chars": 11,
"preview": "# OpenFaaS\n"
},
{
"path": ".archive/kubernetes/openfaas/kustomization.yaml",
"chars": 198,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/openfaas/namespace.yaml",
"chars": 264,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: openfaas\n labels:\n goldilocks.fairwinds.com/enabled: \"true\"\n "
},
{
"path": ".archive/kubernetes/openfaas/networkpolicy.yaml",
"chars": 1255,
"preview": "---\napiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-allow-all\n namespace: openfaas\nspec:"
},
{
"path": ".archive/kubernetes/openfaas/openfaas/app/helmrelease.yaml",
"chars": 1120,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/openfaas/openfaas/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/openfaas/openfaas/ks.yaml",
"chars": 527,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/openfaas-fn/kustomization.yaml",
"chars": 198,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/openfaas-fn/namespace.yaml",
"chars": 267,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: openfaas-fn\n labels:\n goldilocks.fairwinds.com/enabled: \"true\"\n"
},
{
"path": ".archive/kubernetes/openfaas-fn/networkpolicy.yaml",
"chars": 1258,
"preview": "---\napiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-allow-all\n namespace: openfaas-fn\nsp"
},
{
"path": ".archive/kubernetes/origin-ca-issuer/app/helmrelease.yaml",
"chars": 1025,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/origin-ca-issuer/app/kustomization.yaml",
"chars": 312,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/origin-ca-issuer/ks.yaml",
"chars": 555,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/plex/app/helmrelease.yaml",
"chars": 3649,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/s"
},
{
"path": ".archive/kubernetes/plex/app/httproute.yaml",
"chars": 547,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json\napi"
},
{
"path": ".archive/kubernetes/plex/app/kustomization.yaml",
"chars": 195,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/plex/ks.yaml",
"chars": 526,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
},
{
"path": ".archive/kubernetes/reloader/app/helmrelease.yaml",
"chars": 887,
"preview": "---\n# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json\napiV"
},
{
"path": ".archive/kubernetes/reloader/app/kustomization.yaml",
"chars": 176,
"preview": "---\n# yaml-language-server: $schema=https://json.schemastore.org/kustomization\napiVersion: kustomize.config.k8s.io/v1bet"
},
{
"path": ".archive/kubernetes/reloader/ks.yaml",
"chars": 533,
"preview": "---\n# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-"
}
]
// ... and 868 more files (download for full content)
About this extraction
This page contains the full source code of the xunholy/k8s-gitops GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 1068 files (1.7 MB), approximately 531.4k tokens, and a symbol index with 36 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.