further trim down the ingress ressource to the bare minimum

argo/cm.yaml

@@ -14,3 +14,10 @@ data:
         hs = {}
         hs.status = "Healthy"
         return hs
+  resource.exclusions: |
+    - apiGroups:
+      - "*"
+      kinds:
+      - "CiliumIdentity"
+      clusters:
+      - https://kubernetes.default.svc

argo/ingress.yaml

@@ -5,8 +5,6 @@ metadata:
   name: argocd-ingress
   namespace: argocd
   annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
     nginx.org/ssl-services: "argocd-server"
 spec:
   rules:

examples/example-deployment.yaml

@@ -67,9 +67,7 @@ kind: Ingress
 metadata:
   name: example-ingress
   namespace: example
-  annotations:
+  #annotations:
-    spec.ingressClassName: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
     # Use for Basic auth:
     #nginx.org/basic-auth-secret: example-basic-auth-secret
     # Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):

grafana/ingress.yaml

@@ -4,10 +4,6 @@ kind: Ingress
 metadata:
   name: grafana-ingress
   namespace: grafana
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
-    #nginx.org/ssl-services: "grafana"
 spec:
   rules:
   - host: "grafana.apps.yolokube.de"

prometheus/ingress.yaml

@@ -5,10 +5,7 @@ metadata:
   name: prometheus-ingress
   namespace: prometheus
   annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
     nginx.org/basic-auth-secret: prometheus-basic-auth-secret
-    #nginx.org/ssl-services: "prometheus-server"
 spec:
   rules:
   - host: "prometheus.apps.yolokube.de"
@@ -28,10 +25,7 @@ metadata:
   name: alertmanager-ingress
   namespace: prometheus
   annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
     nginx.org/basic-auth-secret: prometheus-basic-auth-secret
-    #nginx.org/ssl-services: "prometheus-server"
 spec:
   rules:
   - host: "alertmanager.apps.yolokube.de"

storage/dashboard.yaml

@@ -1,21 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: rook-dashboard-ingress
-  namespace: rook-ceph
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
-spec:
-  rules:
-  - host: "rook.apps.yolokube.de"
-    http:
-      paths:
-      - pathType: Prefix
-        path: "/"
-        backend:
-          service:
-            name: rook-ceph-mgr-dashboard
-            port:
-              number: 80

storage/storageclass.yaml

@@ -1,126 +0,0 @@
-### Create Block Storage
----
-apiVersion: ceph.rook.io/v1
-kind: CephBlockPool
-metadata:
-  name: replicapool
-  namespace: rook-ceph
-spec:
-  failureDomain: host
-  replicated:
-    size: 3
-  quotas:
-    maxSize: "10Gi"
----
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-   name: rook-ceph-block
-   annotations:
-    storageclass.kubernetes.io/is-default-class: "true"
-# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
-provisioner: rook-ceph.rbd.csi.ceph.com
-parameters:
-    # clusterID is the namespace where the rook cluster is running
-    clusterID: rook-ceph
-    # Ceph pool into which the RBD image shall be created
-    pool: replicapool
-
-    # (optional) mapOptions is a comma-separated list of map options.
-    # For krbd options refer
-    # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
-    # For nbd options refer
-    # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
-    # mapOptions: lock_on_read,queue_depth=1024
-
-    # (optional) unmapOptions is a comma-separated list of unmap options.
-    # For krbd options refer
-    # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
-    # For nbd options refer
-    # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
-    # unmapOptions: force
-
-    # RBD image format. Defaults to "2".
-    imageFormat: "2"
-
-    # RBD image features
-    # Available for imageFormat: "2". Older releases of CSI RBD
-    # support only the `layering` feature. The Linux kernel (KRBD) supports the
-    # full complement of features as of 5.4
-    # `layering` alone corresponds to Ceph's bitfield value of "2" ;
-    # `layering` + `fast-diff` + `object-map` + `deep-flatten` + `exclusive-lock` together
-    # correspond to Ceph's OR'd bitfield value of "63". Here we use
-    # a symbolic, comma-separated format:
-    # For 5.4 or later kernels:
-    #imageFeatures: layering,fast-diff,object-map,deep-flatten,exclusive-lock
-    # For 5.3 or earlier kernels:
-    imageFeatures: layering
-
-    # The secrets contain Ceph admin credentials.
-    csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
-    csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
-    csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
-    csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
-    csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
-    csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
-
-    # Specify the filesystem type of the volume. If not specified, csi-provisioner
-    # will set default as `ext4`. Note that `xfs` is not recommended due to potential deadlock
-    # in hyperconverged settings where the volume is mounted on the same node as the osds.
-    csi.storage.k8s.io/fstype: ext4
-
-# Delete the rbd volume when a PVC is deleted
-reclaimPolicy: Delete
-
-# Optional, if you want to add dynamic resize for PVC.
-# For now only ext3, ext4, xfs resize support provided, like in Kubernetes itself.
-allowVolumeExpansion: true
-
----
-### Create Shared Filesystem
-apiVersion: ceph.rook.io/v1
-kind: CephFilesystem
-metadata:
-  name: rook-ceph-fs
-  namespace: rook-ceph
-spec:
-  metadataPool:
-    replicated:
-      size: 3
-  dataPools:
-    - name: cephfs-pool
-      replicated:
-        size: 3
-  preserveFilesystemOnDelete: true
-  metadataServer:
-    activeCount: 1
-    activeStandby: true
----
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: rook-cephfs
-# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
-provisioner: rook-ceph.cephfs.csi.ceph.com
-parameters:
-  # clusterID is the namespace where the rook cluster is running
-  # If you change this namespace, also change the namespace below where the secret namespaces are defined
-  clusterID: rook-ceph
-
-  # CephFS filesystem name into which the volume shall be created
-  fsName: rook-ceph-fs
-
-  # Ceph pool into which the volume shall be created
-  # Required for provisionVolume: "true"
-  pool: cephfs-pool
-
-  # The secrets contain Ceph admin credentials. These are generated automatically by the operator
-  # in the same namespace as the cluster.
-  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
-  csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
-  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
-  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
-  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
-  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
-
-reclaimPolicy: Delete

storage/values.yaml

@@ -1,7 +0,0 @@
-toolbox:
-  enabled: true
-cephClusterSpec:
-  dashboard:
-    port: 80
-    ssl: false
-  removeOSDsIfOutAndSafeToRemove: true

tests/test-ingress.yaml

@@ -37,9 +37,6 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: helloworld-ingress
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
 spec:
   rules:
   - host: "lb1.yolokube.de"
@@ -100,9 +97,6 @@ kind: Ingress
 metadata:
   name: test1-ingress
   namespace: aaron-test
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    ingress.kubernetes.io/ssl-redirect: "false"
 spec:
   rules:
   - host: "test1.apps.yolokube.de"
@@ -157,9 +151,6 @@ kind: Ingress
 metadata:
   name: test2-ingress
   namespace: aaron-test
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    ingress.kubernetes.io/ssl-redirect: "false"
 spec:
   rules:
   - host: "test2.apps.yolokube.de"

tests/test-storage.yaml

@@ -68,9 +68,6 @@ kind: Ingress
 metadata:
   name: paste-ingress
   namespace: paste
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    ingress.kubernetes.io/ssl-redirect: "false"
 spec:
   rules:
   - host: "paste.apps.yolokube.de"