Compare commits

..

14 commits

Author SHA1 Message Date
10f8bf3235
Update Helm release longhorn to v1.9.0
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 20:02:00 +00:00
bcb54ffdae Merge pull request 'fix fip-controller deployment' (#1011) from ar-fix-deployment into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Reviewed-on: #1011
2025-05-27 21:40:14 +02:00
8661161cca
fix fip-controller deployment
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 21:40:00 +02:00
3dec976bb2 Merge pull request 'fix typo in file name' (#1010) from ar-fix-typo into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Reviewed-on: #1010
2025-05-27 21:38:08 +02:00
91ca5000cc
fix typo in file name
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 21:37:52 +02:00
2064ddf036 Merge pull request 'add fip-controller' (#1009) from add-fip-controller into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Reviewed-on: #1009
2025-05-27 21:33:22 +02:00
4f1e4f47bb
please the linter
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 21:33:08 +02:00
8449839a98
add fip-controller
Some checks failed
ci/woodpecker/push/yamllint Pipeline failed
2025-05-27 21:27:28 +02:00
7fde2126c2 Merge pull request 'schedule traefik ingress nodes on masters as well' (#1002) from ar-traefik-on-master into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Reviewed-on: #1002
2025-05-27 21:07:21 +02:00
27dc7dc9d6 Merge pull request 'DASHBOARD: update image tag to 559' (#1006) from 559_dashboard_prod into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 21:07:10 +02:00
ed765bfd6b Merge pull request 'DASHBOARD STAGING: update image tag to 556' (#1004) from 556_dashboard_staging into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 21:07:01 +02:00
437761b22b DASHBOARD: update image tag to 559 (done automagically via Woodpecker pipeline)
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 18:09:06 +00:00
5361698988 DASHBOARD STAGING: update image tag to staging-556 (done automagically via Woodpecker pipeline)
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-27 18:05:20 +00:00
1a63685700
schedule traefik ingress nodes on masters as well
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
2025-05-26 23:01:00 +02:00
11 changed files with 228 additions and 2 deletions

View file

@ -503,3 +503,23 @@ spec:
automated:
selfHeal: true
prune: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: fip-controller
namespace: argocd
spec:
project: default
sources:
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: fip-controller
destination:
server: https://kubernetes.default.svc
namespace: fip-controller
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: false

View file

@ -5,5 +5,5 @@ kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: "553"
newTag: "559"
namespace: dashboard

View file

@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: staging-552
newTag: staging-556
namespace: dashboard-staging
patches:
- patch: |-

View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fip-controller

View file

@ -0,0 +1,44 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: fip-controller
namespace: fip-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: fip-controller
rules:
- apiGroups:
- ""
resources:
- nodes
- pods
verbs:
- get
- list
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs:
- "get"
- "list"
- "update"
- "create"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: fip-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fip-controller
subjects:
- kind: ServiceAccount
name: fip-controller
namespace: fip-controller

View file

@ -0,0 +1,11 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: hcloud-fip-controller
data:
config.json: |
{
"floating_ip_label_selector": "cluster_name==yolokube",
"lease_duration": 30
}

View file

@ -0,0 +1,45 @@
---
apiVersion: v1
kind: Secret
metadata:
name: hcloud-fip-controller
stringData:
HCLOUD_API_TOKEN: ENC[AES256_GCM,data:w9KJ4PNwP93yxO5WfHy18mCjgS2eUkwi27NFVPBdlnY6TmrxdGh4F7r5gdlWCZdaR58DSmTz4joW2K5K9TOnzg==,iv:2p5zhCqQ4Z6nfbIuXLidgTIa9rfaL1UjeDxZN7/49G8=,tag:uRP/4A2FOy1Hxy15Da7jbQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVmRsRHUxWWUrWlQyaFBh
NWl0bm1VWlBFZFYwR2hkalhVSk1aeG1ZOFZzCjlqZHg2eW1SNDhUcS9FZWVITTNY
YWhuUVRHb3VyYUl3YmV5ZElHaS9henMKLS0tIHYwTENXUjVmUktXNkE4eFBieXlV
TjV1dFlRaForN0E2eXpsQ0FuZ1R1T0UKg8TzYSd+uT8YUcDeDkHvpX2HelTFTxbx
dYtBGiCDJoU7K3Gd/JHsnwPfhojOIJ4dvye35CkXf4/oMG6I2WEpjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eS9LMmpMbjZzMkQxYm9D
eVYxQ3o2L2ZqMGRJaGMyeXVpcU1qNVppN2pNCnAzK2dSdkFPblBvWG50dWtXdlhs
YndHR0M4TXhHOElIaHgybUl1bDVPb1UKLS0tIDJOaTNXUEdkazlXS2Y4M2hWSW8z
TkZCOGNSTjkwZlJHZys3cnBnUWNFRW8KrOX56AFms2yjAmkerJZRQ1UsW4ID98rb
bQAD2UQhVSKwLjqnu0/FCCAMfL9IsRUfbG7grzURHQKp1QyK+U6ZMQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dUcxV2FDdTVMRzdUaXNs
REpWRnhPeHpNMllaeTc1ZXlVYmF2bVpZTHlzCmNKbERXY1FhRDE0L1RIbHNab1pL
cTA2OHQyT1JYYTNmaDY5dE1RL0pCTmsKLS0tIHJLYVRxRk1xS0llQ0t2M0pIcytn
VWRqclRmL1VkaTBNemliTmFSeVBkYmcKZFm/dDryjdEtd/6YmiVt60eGf9/WgIZ9
W9yAW+Menbi3j9HG4ZTahASBfOjwV0iw0TJHCyDxXLgGH2ifPPMqNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-27T19:26:05Z"
mac: ENC[AES256_GCM,data:qqYEFU1EmK8hbMOJG3cvIQfNwpc6IB78F8Vyg8pJJZXBZoBElL/uTUw6P7Afp2S/8aq5+oqndB7zv4LYZqiSNK43BORXB8/ffT/P2qBv5lKDgtZrma7txbWiMgGN6jkrjcNnKdLxh+PMWrkz4Drxy6sv9jHuB+W6R5efid5V/1M=,iv:1W8l/UzTL5OoRpKBP7IDGjto1qtA+A7qbzY0ZX9qT7Q=,tag:jXL3TiLt/RqNYNIh+/IQRg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4

View file

@ -0,0 +1,72 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fip-controller
namespace: fip-controller
spec:
replicas: 3
selector:
matchLabels:
app: fip-controller
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
template:
metadata:
labels:
app: fip-controller
spec:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- fip-controller
topologyKey: kubernetes.io/hostname
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
serviceAccountName: fip-controller
containers:
- name: fip-controller
image: yolokube/hcloud-fip-controller:v0.6.0
imagePullPolicy: IfNotPresent
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: hcloud-fip-controller
volumeMounts:
- name: config
mountPath: /app/config
volumes:
- name: config
configMap:
name: hcloud-fip-controller

View file

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ./secret-generator.yaml
resources:
- ./0-namespace.yaml
- ./1-rbac.yaml
- ./2-configmap.yaml
- ./4-deployment.yaml

View file

@ -0,0 +1,11 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./3-secret.enc.yaml

View file

@ -53,6 +53,14 @@ ingressRoute:
tls:
secretName: traefik-tls-key
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
logs:
general:
level: INFO