From 1a63685700c252f5190fcc8f89debf15887e8b8d Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Mon, 26 May 2025 23:01:00 +0200 Subject: [PATCH 1/9] schedule traefik ingress nodes on masters as well --- traefik/values.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/traefik/values.yaml b/traefik/values.yaml index 58f4396..0660022 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -53,6 +53,14 @@ ingressRoute: tls: secretName: traefik-tls-key +tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + logs: general: level: INFO From 3c9e160c0c63985da97f031e7ef99c406d24308c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 27 May 2025 11:01:46 +0000 Subject: [PATCH 2/9] Update Helm release longhorn to v1.9.0 --- app-files/core-deployments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index e03f54e..4b63cf9 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -70,7 +70,7 @@ spec: sources: - repoURL: https://charts.longhorn.io chart: longhorn - targetRevision: 1.8.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/ + targetRevision: 1.9.0 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/ helm: releaseName: longhorn valueFiles: From 5361698988afb02767a9c1e3671dc7b2ed3215bf Mon Sep 17 00:00:00 2001 From: renovate Date: Tue, 27 May 2025 18:05:20 +0000 Subject: [PATCH 3/9] DASHBOARD STAGING: update image tag to staging-556 (done automagically via Woodpecker pipeline) --- dashboard/overlays/staging/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/overlays/staging/kustomization.yaml b/dashboard/overlays/staging/kustomization.yaml index d5bae29..c915099 100644 --- a/dashboard/overlays/staging/kustomization.yaml +++ b/dashboard/overlays/staging/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard - newTag: staging-552 + newTag: staging-556 namespace: dashboard-staging patches: - patch: |- From 437761b22b79a55bce39fd2304112ba6e0e28665 Mon Sep 17 00:00:00 2001 From: renovate Date: Tue, 27 May 2025 18:09:06 +0000 Subject: [PATCH 4/9] DASHBOARD: update image tag to 559 (done automagically via Woodpecker pipeline) --- dashboard/overlays/prod/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dashboard/overlays/prod/kustomization.yaml b/dashboard/overlays/prod/kustomization.yaml index 2052192..df94983 100644 --- a/dashboard/overlays/prod/kustomization.yaml +++ b/dashboard/overlays/prod/kustomization.yaml @@ -5,5 +5,5 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/dashboard newName: git.ar21.de/yolokube/dashboard - newTag: "553" + newTag: "559" namespace: dashboard From 8449839a9894b01b9f2836608d465cf8a34606bd Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Tue, 27 May 2025 21:27:28 +0200 Subject: [PATCH 5/9] add fip-controller --- app-files/core-deployments.yaml | 20 ++++++++ fip-controller/0-namespace.yaml | 5 ++ fip-controller/1-rbac.yaml | 43 +++++++++++++++++ fip-controller/2-configmap.yaml | 10 ++++ fip-controller/3-secret.env.yaml | 44 +++++++++++++++++ fip-controller/4-deployment.yaml | 71 ++++++++++++++++++++++++++++ fip-controller/kustomization.yaml | 10 ++++ fip-controller/secret-generator.yaml | 11 +++++ 8 files changed, 214 insertions(+) create mode 100644 fip-controller/0-namespace.yaml create mode 100644 fip-controller/1-rbac.yaml create mode 100644 fip-controller/2-configmap.yaml create mode 100644 fip-controller/3-secret.env.yaml create mode 100644 fip-controller/4-deployment.yaml create mode 100644 fip-controller/kustomization.yaml create mode 100644 fip-controller/secret-generator.yaml diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index e03f54e..43809a3 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -503,3 +503,23 @@ spec: automated: selfHeal: true prune: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: fip-controller + namespace: argocd +spec: + project: default + sources: + - repoURL: https://git.ar21.de/yolokube/core-deployments.git + targetRevision: HEAD + path: fip-controller + destination: + server: https://kubernetes.default.svc + namespace: fip-controller + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: false diff --git a/fip-controller/0-namespace.yaml b/fip-controller/0-namespace.yaml new file mode 100644 index 0000000..184c4eb --- /dev/null +++ b/fip-controller/0-namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: fip-controller diff --git a/fip-controller/1-rbac.yaml b/fip-controller/1-rbac.yaml new file mode 100644 index 0000000..eaf6895 --- /dev/null +++ b/fip-controller/1-rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fip-controller + namespace: fip-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fip-controller +rules: + - apiGroups: + - "" + resources: + - nodes + - pods + verbs: + - get + - list + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "update" + - "create" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fip-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fip-controller +subjects: + - kind: ServiceAccount + name: fip-controller + namespace: fip-controller diff --git a/fip-controller/2-configmap.yaml b/fip-controller/2-configmap.yaml new file mode 100644 index 0000000..55a4842 --- /dev/null +++ b/fip-controller/2-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: hcloud-fip-controller +data: + config.json: | + { + "floating_ip_label_selector": "cluster_name==yolokube", + "lease_duration": 30 + } diff --git a/fip-controller/3-secret.env.yaml b/fip-controller/3-secret.env.yaml new file mode 100644 index 0000000..a1bc6ad --- /dev/null +++ b/fip-controller/3-secret.env.yaml @@ -0,0 +1,44 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hcloud-fip-controller +stringData: + HCLOUD_API_TOKEN: ENC[AES256_GCM,data:w9KJ4PNwP93yxO5WfHy18mCjgS2eUkwi27NFVPBdlnY6TmrxdGh4F7r5gdlWCZdaR58DSmTz4joW2K5K9TOnzg==,iv:2p5zhCqQ4Z6nfbIuXLidgTIa9rfaL1UjeDxZN7/49G8=,tag:uRP/4A2FOy1Hxy15Da7jbQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVmRsRHUxWWUrWlQyaFBh + NWl0bm1VWlBFZFYwR2hkalhVSk1aeG1ZOFZzCjlqZHg2eW1SNDhUcS9FZWVITTNY + YWhuUVRHb3VyYUl3YmV5ZElHaS9henMKLS0tIHYwTENXUjVmUktXNkE4eFBieXlV + TjV1dFlRaForN0E2eXpsQ0FuZ1R1T0UKg8TzYSd+uT8YUcDeDkHvpX2HelTFTxbx + dYtBGiCDJoU7K3Gd/JHsnwPfhojOIJ4dvye35CkXf4/oMG6I2WEpjw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eS9LMmpMbjZzMkQxYm9D + eVYxQ3o2L2ZqMGRJaGMyeXVpcU1qNVppN2pNCnAzK2dSdkFPblBvWG50dWtXdlhs + YndHR0M4TXhHOElIaHgybUl1bDVPb1UKLS0tIDJOaTNXUEdkazlXS2Y4M2hWSW8z + TkZCOGNSTjkwZlJHZys3cnBnUWNFRW8KrOX56AFms2yjAmkerJZRQ1UsW4ID98rb + bQAD2UQhVSKwLjqnu0/FCCAMfL9IsRUfbG7grzURHQKp1QyK+U6ZMQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dUcxV2FDdTVMRzdUaXNs + REpWRnhPeHpNMllaeTc1ZXlVYmF2bVpZTHlzCmNKbERXY1FhRDE0L1RIbHNab1pL + cTA2OHQyT1JYYTNmaDY5dE1RL0pCTmsKLS0tIHJLYVRxRk1xS0llQ0t2M0pIcytn + VWRqclRmL1VkaTBNemliTmFSeVBkYmcKZFm/dDryjdEtd/6YmiVt60eGf9/WgIZ9 + W9yAW+Menbi3j9HG4ZTahASBfOjwV0iw0TJHCyDxXLgGH2ifPPMqNQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-27T19:26:05Z" + mac: ENC[AES256_GCM,data:qqYEFU1EmK8hbMOJG3cvIQfNwpc6IB78F8Vyg8pJJZXBZoBElL/uTUw6P7Afp2S/8aq5+oqndB7zv4LYZqiSNK43BORXB8/ffT/P2qBv5lKDgtZrma7txbWiMgGN6jkrjcNnKdLxh+PMWrkz4Drxy6sv9jHuB+W6R5efid5V/1M=,iv:1W8l/UzTL5OoRpKBP7IDGjto1qtA+A7qbzY0ZX9qT7Q=,tag:jXL3TiLt/RqNYNIh+/IQRg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.4 diff --git a/fip-controller/4-deployment.yaml b/fip-controller/4-deployment.yaml new file mode 100644 index 0000000..0fefa44 --- /dev/null +++ b/fip-controller/4-deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fip-controller + namespace: fip-controller +spec: + replicas: 3 + selector: + matchLabels: + app: fip-controller + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + template: + metadata: + labels: + app: fip-controller + spec: + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - fip-controller + topologyKey: kubernetes.io/hostname + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + serviceAccountName: fip-controller + containers: + - name: fip-controller + image: yolokube/hcloud-fip-controller:v0.6.0 # cbeneke/hcloud-fip-controller:v0.4.0 + imagePullPolicy: IfNotPresent + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - secretRef: + name: hcloud-fip-controller + volumeMounts: + - name: config + mountPath: /app/config + volumes: + - name: config + configMap: + name: hcloud-fip-controller diff --git a/fip-controller/kustomization.yaml b/fip-controller/kustomization.yaml new file mode 100644 index 0000000..d6015a6 --- /dev/null +++ b/fip-controller/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml +resources: + - ./0-namespace.yaml + - ./1-rbac.yaml + - ./2-configmap.yaml + - ./4-deployment.yaml diff --git a/fip-controller/secret-generator.yaml b/fip-controller/secret-generator.yaml new file mode 100644 index 0000000..7d9f42a --- /dev/null +++ b/fip-controller/secret-generator.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./3-secret.enc.yaml From 4f1e4f47bbccedf72b71b2c74bfbe09bb4b9cfd0 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Tue, 27 May 2025 21:30:09 +0200 Subject: [PATCH 6/9] please the linter --- fip-controller/1-rbac.yaml | 1 + fip-controller/2-configmap.yaml | 1 + fip-controller/3-secret.env.yaml | 1 + fip-controller/4-deployment.yaml | 25 +++++++++++++------------ 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/fip-controller/1-rbac.yaml b/fip-controller/1-rbac.yaml index eaf6895..d3458da 100644 --- a/fip-controller/1-rbac.yaml +++ b/fip-controller/1-rbac.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/fip-controller/2-configmap.yaml b/fip-controller/2-configmap.yaml index 55a4842..0b1aef2 100644 --- a/fip-controller/2-configmap.yaml +++ b/fip-controller/2-configmap.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: diff --git a/fip-controller/3-secret.env.yaml b/fip-controller/3-secret.env.yaml index a1bc6ad..3dea629 100644 --- a/fip-controller/3-secret.env.yaml +++ b/fip-controller/3-secret.env.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Secret metadata: diff --git a/fip-controller/4-deployment.yaml b/fip-controller/4-deployment.yaml index 0fefa44..8917d41 100644 --- a/fip-controller/4-deployment.yaml +++ b/fip-controller/4-deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -28,23 +29,23 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - fip-controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - fip-controller + topologyKey: kubernetes.io/hostname nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists serviceAccountName: fip-controller containers: - name: fip-controller - image: yolokube/hcloud-fip-controller:v0.6.0 # cbeneke/hcloud-fip-controller:v0.4.0 + image: yolokube/hcloud-fip-controller:v0.6.0 imagePullPolicy: IfNotPresent env: - name: NODE_NAME @@ -61,7 +62,7 @@ spec: fieldPath: metadata.namespace envFrom: - secretRef: - name: hcloud-fip-controller + name: hcloud-fip-controller volumeMounts: - name: config mountPath: /app/config From 91ca5000ccc550c832d0a975562870a59ead24f1 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Tue, 27 May 2025 21:37:52 +0200 Subject: [PATCH 7/9] fix typo in file name --- fip-controller/{3-secret.env.yaml => 3-secret.enc.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename fip-controller/{3-secret.env.yaml => 3-secret.enc.yaml} (100%) diff --git a/fip-controller/3-secret.env.yaml b/fip-controller/3-secret.enc.yaml similarity index 100% rename from fip-controller/3-secret.env.yaml rename to fip-controller/3-secret.enc.yaml From 8661161ccade9cc9ee27b191a261410105a672c9 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Tue, 27 May 2025 21:40:00 +0200 Subject: [PATCH 8/9] fix fip-controller deployment --- fip-controller/4-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fip-controller/4-deployment.yaml b/fip-controller/4-deployment.yaml index 8917d41..1b11f2e 100644 --- a/fip-controller/4-deployment.yaml +++ b/fip-controller/4-deployment.yaml @@ -35,7 +35,7 @@ spec: operator: In values: - fip-controller - topologyKey: kubernetes.io/hostname + topologyKey: kubernetes.io/hostname nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: From 10f8bf3235f9657d2b731a043f7509f0e6087ab0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 27 May 2025 20:02:00 +0000 Subject: [PATCH 9/9] Update Helm release longhorn to v1.9.0 --- app-files/core-deployments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 43809a3..8423276 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -70,7 +70,7 @@ spec: sources: - repoURL: https://charts.longhorn.io chart: longhorn - targetRevision: 1.8.1 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/ + targetRevision: 1.9.0 # see Infos below, the CSI snapshotter needs to be updated too <-- version association can be found here: https://longhorn.io/docs/latest/snapshots-and-backups/csi-snapshot-support/enable-csi-snapshot-support/ helm: releaseName: longhorn valueFiles: