yolokube/core-deployments
yolokube/core-deployments
2
3
Fork 0
Code Issues 2 Pull requests 4 Projects Wiki Activity

add fip-controller
Some checks failed
ci/woodpecker/push/yamllint Pipeline failed
Details

Browse source
This commit is contained in:
Aaron Riedel 2025-05-27 21:27:28 +02:00
parent 7fde2126c2
commit 8449839a98
Signed by: aaron
GPG key ID: 643004654D40D577
8 changed files with 214 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
app-files/core-deployments.yaml
View file

@ -503,3 +503,23 @@ spec:
automated: automated:
selfHeal: true selfHeal: true
prune: true prune: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: fip-controller
namespace: argocd
spec:
project: default
sources:
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: fip-controller
destination:
server: https://kubernetes.default.svc
namespace: fip-controller
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: false

5
fip-controller/0-namespace.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fip-controller

43
fip-controller/1-rbac.yaml Normal file
View file

@ -0,0 +1,43 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: fip-controller
namespace: fip-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fip-controller
rules:
- apiGroups:
- ""
resources:
- nodes
- pods
verbs:
- get
- list
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs:
- "get"
- "list"
- "update"
- "create"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fip-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fip-controller
subjects:
- kind: ServiceAccount
name: fip-controller
namespace: fip-controller

10
fip-controller/2-configmap.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: hcloud-fip-controller
data:
config.json: |
{
"floating_ip_label_selector": "cluster_name==yolokube",
"lease_duration": 30
}

44
fip-controller/3-secret.env.yaml Normal file
View file

@ -0,0 +1,44 @@
apiVersion: v1
kind: Secret
metadata:
name: hcloud-fip-controller
stringData:
HCLOUD_API_TOKEN: ENC[AES256_GCM,data:w9KJ4PNwP93yxO5WfHy18mCjgS2eUkwi27NFVPBdlnY6TmrxdGh4F7r5gdlWCZdaR58DSmTz4joW2K5K9TOnzg==,iv:2p5zhCqQ4Z6nfbIuXLidgTIa9rfaL1UjeDxZN7/49G8=,tag:uRP/4A2FOy1Hxy15Da7jbQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVmRsRHUxWWUrWlQyaFBh
NWl0bm1VWlBFZFYwR2hkalhVSk1aeG1ZOFZzCjlqZHg2eW1SNDhUcS9FZWVITTNY
YWhuUVRHb3VyYUl3YmV5ZElHaS9henMKLS0tIHYwTENXUjVmUktXNkE4eFBieXlV
TjV1dFlRaForN0E2eXpsQ0FuZ1R1T0UKg8TzYSd+uT8YUcDeDkHvpX2HelTFTxbx
dYtBGiCDJoU7K3Gd/JHsnwPfhojOIJ4dvye35CkXf4/oMG6I2WEpjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eS9LMmpMbjZzMkQxYm9D
eVYxQ3o2L2ZqMGRJaGMyeXVpcU1qNVppN2pNCnAzK2dSdkFPblBvWG50dWtXdlhs
YndHR0M4TXhHOElIaHgybUl1bDVPb1UKLS0tIDJOaTNXUEdkazlXS2Y4M2hWSW8z
TkZCOGNSTjkwZlJHZys3cnBnUWNFRW8KrOX56AFms2yjAmkerJZRQ1UsW4ID98rb
bQAD2UQhVSKwLjqnu0/FCCAMfL9IsRUfbG7grzURHQKp1QyK+U6ZMQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dUcxV2FDdTVMRzdUaXNs
REpWRnhPeHpNMllaeTc1ZXlVYmF2bVpZTHlzCmNKbERXY1FhRDE0L1RIbHNab1pL
cTA2OHQyT1JYYTNmaDY5dE1RL0pCTmsKLS0tIHJLYVRxRk1xS0llQ0t2M0pIcytn
VWRqclRmL1VkaTBNemliTmFSeVBkYmcKZFm/dDryjdEtd/6YmiVt60eGf9/WgIZ9
W9yAW+Menbi3j9HG4ZTahASBfOjwV0iw0TJHCyDxXLgGH2ifPPMqNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-27T19:26:05Z"
mac: ENC[AES256_GCM,data:qqYEFU1EmK8hbMOJG3cvIQfNwpc6IB78F8Vyg8pJJZXBZoBElL/uTUw6P7Afp2S/8aq5+oqndB7zv4LYZqiSNK43BORXB8/ffT/P2qBv5lKDgtZrma7txbWiMgGN6jkrjcNnKdLxh+PMWrkz4Drxy6sv9jHuB+W6R5efid5V/1M=,iv:1W8l/UzTL5OoRpKBP7IDGjto1qtA+A7qbzY0ZX9qT7Q=,tag:jXL3TiLt/RqNYNIh+/IQRg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4

71
fip-controller/4-deployment.yaml Normal file
View file

@ -0,0 +1,71 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: fip-controller
namespace: fip-controller
spec:
replicas: 3
selector:
matchLabels:
app: fip-controller
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
template:
metadata:
labels:
app: fip-controller
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- fip-controller
topologyKey: kubernetes.io/hostname
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
serviceAccountName: fip-controller
containers:
- name: fip-controller
image: yolokube/hcloud-fip-controller:v0.6.0 # cbeneke/hcloud-fip-controller:v0.4.0
imagePullPolicy: IfNotPresent
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: hcloud-fip-controller
volumeMounts:
- name: config
mountPath: /app/config
volumes:
- name: config
configMap:
name: hcloud-fip-controller

10
fip-controller/kustomization.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ./secret-generator.yaml
resources:
- ./0-namespace.yaml
- ./1-rbac.yaml
- ./2-configmap.yaml
- ./4-deployment.yaml

11
fip-controller/secret-generator.yaml Normal file
View file

@ -0,0 +1,11 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./3-secret.enc.yaml