yolokube/core-deployments
yolokube/core-deployments
2
3
Fork 0
Code Issues 2 Pull requests 39 Projects Wiki Activity

Compare commits

base: yolokube:3c9e160c0c63985da97f031e7ef99c406d24308c
Branches Tags
yolokube:main
yolokube:renovate/quay.io-thanos-thanos-0.x
yolokube:609_dashboard_prod
yolokube:608_dashboard_staging
yolokube:298_fail2ban_prometheus_exporter
yolokube:125_traefik-certmanager_prod
yolokube:296_fail2ban_prometheus_exporter
yolokube:178_country_geo_location
yolokube:123_traefik-certmanager_prod
yolokube:175_country_geo_location
yolokube:69_apt-version-exporter_prod
yolokube:294_fail2ban_prometheus_exporter
yolokube:renovate/kube-prometheus-stack-75.x
yolokube:607_dashboard_staging
yolokube:606_dashboard_prod
yolokube:605_dashboard_staging
yolokube:renovate/traefik-36.x
yolokube:604_dashboard_prod
yolokube:603_dashboard_staging
yolokube:602_dashboard_prod
yolokube:601_dashboard_staging
yolokube:renovate/cilium-1.x
yolokube:renovate/https-github.com-kubernetes-csi-external-snapshotter.git-8.x
yolokube:renovate/argo-cd-8.x
yolokube:renovate/cert-manager-1.x
yolokube:120_traefik-certmanager_prod
yolokube:600_dashboard_prod
yolokube:599_dashboard_staging
yolokube:renovate/ghcr.io-goauthentik-proxy-2025.x
yolokube:598_dashboard_staging
yolokube:597_dashboard_prod
yolokube:596_dashboard_staging
yolokube:renovate/ghcr.io-woodpecker-ci-helm-woodpecker-3.x
yolokube:594_dashboard_prod
yolokube:593_dashboard_staging
yolokube:592_dashboard_prod
yolokube:591_dashboard_staging
yolokube:renovate/kube-prometheus-stack-73.x
yolokube:589_dashboard_staging
yolokube:587_dashboard_staging
..
compare: yolokube:10f8bf3235f9657d2b731a043f7509f0e6087ab0
Branches Tags
yolokube:renovate/quay.io-thanos-thanos-0.x
yolokube:609_dashboard_prod
yolokube:608_dashboard_staging
yolokube:298_fail2ban_prometheus_exporter
yolokube:125_traefik-certmanager_prod
yolokube:296_fail2ban_prometheus_exporter
yolokube:178_country_geo_location
yolokube:123_traefik-certmanager_prod
yolokube:175_country_geo_location
yolokube:69_apt-version-exporter_prod
yolokube:294_fail2ban_prometheus_exporter
yolokube:renovate/kube-prometheus-stack-75.x
yolokube:607_dashboard_staging
yolokube:606_dashboard_prod
yolokube:605_dashboard_staging
yolokube:renovate/traefik-36.x
yolokube:604_dashboard_prod
yolokube:603_dashboard_staging
yolokube:602_dashboard_prod
yolokube:601_dashboard_staging
yolokube:renovate/cilium-1.x
yolokube:renovate/https-github.com-kubernetes-csi-external-snapshotter.git-8.x
yolokube:renovate/argo-cd-8.x
yolokube:renovate/cert-manager-1.x
yolokube:120_traefik-certmanager_prod
yolokube:600_dashboard_prod
yolokube:599_dashboard_staging
yolokube:renovate/ghcr.io-goauthentik-proxy-2025.x
yolokube:598_dashboard_staging
yolokube:597_dashboard_prod
yolokube:596_dashboard_staging
yolokube:renovate/ghcr.io-woodpecker-ci-helm-woodpecker-3.x
yolokube:594_dashboard_prod
yolokube:593_dashboard_staging
yolokube:592_dashboard_prod
yolokube:591_dashboard_staging
yolokube:renovate/kube-prometheus-stack-73.x
yolokube:main
yolokube:589_dashboard_staging
yolokube:587_dashboard_staging

14 commits
3c9e160c0c ... 10f8bf3235

Author SHA1 Message Date
Renovate Bot
10f8bf3235
Update Helm release longhorn to v1.9.0
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 20:02:00 +00:00
Aaron Riedel
bcb54ffdae Merge pull request 'fix fip-controller deployment' (#1011) from ar-fix-deployment into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details 
Reviewed-on: #1011
 2025-05-27 21:40:14 +02:00
Aaron Riedel
8661161cca
fix fip-controller deployment
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 21:40:00 +02:00
Aaron Riedel
3dec976bb2 Merge pull request 'fix typo in file name' (#1010) from ar-fix-typo into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details 
Reviewed-on: #1010
 2025-05-27 21:38:08 +02:00
Aaron Riedel
91ca5000cc
fix typo in file name
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 21:37:52 +02:00
Aaron Riedel
2064ddf036 Merge pull request 'add fip-controller' (#1009) from add-fip-controller into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details 
Reviewed-on: #1009
 2025-05-27 21:33:22 +02:00
Aaron Riedel
4f1e4f47bb
please the linter
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 21:33:08 +02:00
Aaron Riedel
8449839a98
add fip-controller
Some checks failed
ci/woodpecker/push/yamllint Pipeline failed
Details
2025-05-27 21:27:28 +02:00
Aaron Riedel
7fde2126c2 Merge pull request 'schedule traefik ingress nodes on masters as well' (#1002) from ar-traefik-on-master into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details 
Reviewed-on: #1002
 2025-05-27 21:07:21 +02:00
Woodpecker CI
27dc7dc9d6 Merge pull request 'DASHBOARD: update image tag to 559' (#1006) from 559_dashboard_prod into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 21:07:10 +02:00
Woodpecker CI
ed765bfd6b Merge pull request 'DASHBOARD STAGING: update image tag to 556' (#1004) from 556_dashboard_staging into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 21:07:01 +02:00
renovate
437761b22b DASHBOARD: update image tag to 559 (done automagically via Woodpecker pipeline)
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 18:09:06 +00:00
renovate
5361698988 DASHBOARD STAGING: update image tag to staging-556 (done automagically via Woodpecker pipeline)
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-27 18:05:20 +00:00
Aaron Riedel
1a63685700
schedule traefik ingress nodes on masters as well
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2025-05-26 23:01:00 +02:00
11 changed files with 228 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

20
app-files/core-deployments.yaml
View file

@ -503,3 +503,23 @@ spec:
automated:
selfHeal: true
prune: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: fip-controller
namespace: argocd
spec:
project: default
sources:
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: fip-controller
destination:
server: https://kubernetes.default.svc
namespace: fip-controller
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: false

2
dashboard/overlays/prod/kustomization.yaml
View file

@ -5,5 +5,5 @@ kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: "553"
newTag: "559"
namespace: dashboard

2
dashboard/overlays/staging/kustomization.yaml
View file

@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: staging-552
newTag: staging-556
namespace: dashboard-staging
patches:
- patch: |-

5
fip-controller/0-namespace.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fip-controller

44
fip-controller/1-rbac.yaml Normal file
View file

@ -0,0 +1,44 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: fip-controller
namespace: fip-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fip-controller
rules:
- apiGroups:
- ""
resources:
- nodes
- pods
verbs:
- get
- list
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs:
- "get"
- "list"
- "update"
- "create"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fip-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fip-controller
subjects:
- kind: ServiceAccount
name: fip-controller
namespace: fip-controller

11
fip-controller/2-configmap.yaml Normal file
View file

@ -0,0 +1,11 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: hcloud-fip-controller
data:
config.json: |
{
"floating_ip_label_selector": "cluster_name==yolokube",
"lease_duration": 30
}

45
fip-controller/3-secret.enc.yaml Normal file
View file

@ -0,0 +1,45 @@
---
apiVersion: v1
kind: Secret
metadata:
name: hcloud-fip-controller
stringData:
HCLOUD_API_TOKEN: ENC[AES256_GCM,data:w9KJ4PNwP93yxO5WfHy18mCjgS2eUkwi27NFVPBdlnY6TmrxdGh4F7r5gdlWCZdaR58DSmTz4joW2K5K9TOnzg==,iv:2p5zhCqQ4Z6nfbIuXLidgTIa9rfaL1UjeDxZN7/49G8=,tag:uRP/4A2FOy1Hxy15Da7jbQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVmRsRHUxWWUrWlQyaFBh
NWl0bm1VWlBFZFYwR2hkalhVSk1aeG1ZOFZzCjlqZHg2eW1SNDhUcS9FZWVITTNY
YWhuUVRHb3VyYUl3YmV5ZElHaS9henMKLS0tIHYwTENXUjVmUktXNkE4eFBieXlV
TjV1dFlRaForN0E2eXpsQ0FuZ1R1T0UKg8TzYSd+uT8YUcDeDkHvpX2HelTFTxbx
dYtBGiCDJoU7K3Gd/JHsnwPfhojOIJ4dvye35CkXf4/oMG6I2WEpjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eS9LMmpMbjZzMkQxYm9D
eVYxQ3o2L2ZqMGRJaGMyeXVpcU1qNVppN2pNCnAzK2dSdkFPblBvWG50dWtXdlhs
YndHR0M4TXhHOElIaHgybUl1bDVPb1UKLS0tIDJOaTNXUEdkazlXS2Y4M2hWSW8z
TkZCOGNSTjkwZlJHZys3cnBnUWNFRW8KrOX56AFms2yjAmkerJZRQ1UsW4ID98rb
bQAD2UQhVSKwLjqnu0/FCCAMfL9IsRUfbG7grzURHQKp1QyK+U6ZMQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dUcxV2FDdTVMRzdUaXNs
REpWRnhPeHpNMllaeTc1ZXlVYmF2bVpZTHlzCmNKbERXY1FhRDE0L1RIbHNab1pL
cTA2OHQyT1JYYTNmaDY5dE1RL0pCTmsKLS0tIHJLYVRxRk1xS0llQ0t2M0pIcytn
VWRqclRmL1VkaTBNemliTmFSeVBkYmcKZFm/dDryjdEtd/6YmiVt60eGf9/WgIZ9
W9yAW+Menbi3j9HG4ZTahASBfOjwV0iw0TJHCyDxXLgGH2ifPPMqNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-27T19:26:05Z"
mac: ENC[AES256_GCM,data:qqYEFU1EmK8hbMOJG3cvIQfNwpc6IB78F8Vyg8pJJZXBZoBElL/uTUw6P7Afp2S/8aq5+oqndB7zv4LYZqiSNK43BORXB8/ffT/P2qBv5lKDgtZrma7txbWiMgGN6jkrjcNnKdLxh+PMWrkz4Drxy6sv9jHuB+W6R5efid5V/1M=,iv:1W8l/UzTL5OoRpKBP7IDGjto1qtA+A7qbzY0ZX9qT7Q=,tag:jXL3TiLt/RqNYNIh+/IQRg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4

72
fip-controller/4-deployment.yaml Normal file
View file

@ -0,0 +1,72 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fip-controller
namespace: fip-controller
spec:
replicas: 3
selector:
matchLabels:
app: fip-controller
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
template:
metadata:
labels:
app: fip-controller
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- fip-controller
topologyKey: kubernetes.io/hostname
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
serviceAccountName: fip-controller
containers:
- name: fip-controller
image: yolokube/hcloud-fip-controller:v0.6.0
imagePullPolicy: IfNotPresent
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: hcloud-fip-controller
volumeMounts:
- name: config
mountPath: /app/config
volumes:
- name: config
configMap:
name: hcloud-fip-controller

10
fip-controller/kustomization.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ./secret-generator.yaml
resources:
- ./0-namespace.yaml
- ./1-rbac.yaml
- ./2-configmap.yaml
- ./4-deployment.yaml

11
fip-controller/secret-generator.yaml Normal file
View file

@ -0,0 +1,11 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./3-secret.enc.yaml

8
traefik/values.yaml
View file

@ -53,6 +53,14 @@ ingressRoute:
tls:
secretName: traefik-tls-key
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
logs:
general:
level: INFO