Update Helm release longhorn to v1.9.0

Reviewed-on: #1011

app-files/core-deployments.yaml

@@ -503,3 +503,23 @@ spec:
     automated:
       selfHeal: true
       prune: true
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: fip-controller
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://git.ar21.de/yolokube/core-deployments.git
+      targetRevision: HEAD
+      path: fip-controller
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: fip-controller
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: false

dashboard/overlays/prod/kustomization.yaml

@@ -5,5 +5,5 @@ kind: Kustomization
 images:
 - name: git.ar21.de/yolokube/dashboard
   newName: git.ar21.de/yolokube/dashboard
-  newTag: "553"
+  newTag: "559"
 namespace: dashboard

dashboard/overlays/staging/kustomization.yaml

@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: git.ar21.de/yolokube/dashboard
   newName: git.ar21.de/yolokube/dashboard
-  newTag: staging-552
+  newTag: staging-556
 namespace: dashboard-staging
 patches:
 - patch: |-

fip-controller/0-namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: fip-controller

fip-controller/1-rbac.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fip-controller
+  namespace: fip-controller
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fip-controller
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - pods
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - "leases"
+    verbs:
+      - "get"
+      - "list"
+      - "update"
+      - "create"
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fip-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fip-controller
+subjects:
+  - kind: ServiceAccount
+    name: fip-controller
+    namespace: fip-controller

fip-controller/2-configmap.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hcloud-fip-controller
+data:
+  config.json: |
+    {
+      "floating_ip_label_selector": "cluster_name==yolokube",
+      "lease_duration": 30
+    }

fip-controller/3-secret.enc.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: hcloud-fip-controller
+stringData:
+    HCLOUD_API_TOKEN: ENC[AES256_GCM,data:w9KJ4PNwP93yxO5WfHy18mCjgS2eUkwi27NFVPBdlnY6TmrxdGh4F7r5gdlWCZdaR58DSmTz4joW2K5K9TOnzg==,iv:2p5zhCqQ4Z6nfbIuXLidgTIa9rfaL1UjeDxZN7/49G8=,tag:uRP/4A2FOy1Hxy15Da7jbQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVmRsRHUxWWUrWlQyaFBh
+            NWl0bm1VWlBFZFYwR2hkalhVSk1aeG1ZOFZzCjlqZHg2eW1SNDhUcS9FZWVITTNY
+            YWhuUVRHb3VyYUl3YmV5ZElHaS9henMKLS0tIHYwTENXUjVmUktXNkE4eFBieXlV
+            TjV1dFlRaForN0E2eXpsQ0FuZ1R1T0UKg8TzYSd+uT8YUcDeDkHvpX2HelTFTxbx
+            dYtBGiCDJoU7K3Gd/JHsnwPfhojOIJ4dvye35CkXf4/oMG6I2WEpjw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2eS9LMmpMbjZzMkQxYm9D
+            eVYxQ3o2L2ZqMGRJaGMyeXVpcU1qNVppN2pNCnAzK2dSdkFPblBvWG50dWtXdlhs
+            YndHR0M4TXhHOElIaHgybUl1bDVPb1UKLS0tIDJOaTNXUEdkazlXS2Y4M2hWSW8z
+            TkZCOGNSTjkwZlJHZys3cnBnUWNFRW8KrOX56AFms2yjAmkerJZRQ1UsW4ID98rb
+            bQAD2UQhVSKwLjqnu0/FCCAMfL9IsRUfbG7grzURHQKp1QyK+U6ZMQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dUcxV2FDdTVMRzdUaXNs
+            REpWRnhPeHpNMllaeTc1ZXlVYmF2bVpZTHlzCmNKbERXY1FhRDE0L1RIbHNab1pL
+            cTA2OHQyT1JYYTNmaDY5dE1RL0pCTmsKLS0tIHJLYVRxRk1xS0llQ0t2M0pIcytn
+            VWRqclRmL1VkaTBNemliTmFSeVBkYmcKZFm/dDryjdEtd/6YmiVt60eGf9/WgIZ9
+            W9yAW+Menbi3j9HG4ZTahASBfOjwV0iw0TJHCyDxXLgGH2ifPPMqNQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-05-27T19:26:05Z"
+    mac: ENC[AES256_GCM,data:qqYEFU1EmK8hbMOJG3cvIQfNwpc6IB78F8Vyg8pJJZXBZoBElL/uTUw6P7Afp2S/8aq5+oqndB7zv4LYZqiSNK43BORXB8/ffT/P2qBv5lKDgtZrma7txbWiMgGN6jkrjcNnKdLxh+PMWrkz4Drxy6sv9jHuB+W6R5efid5V/1M=,iv:1W8l/UzTL5OoRpKBP7IDGjto1qtA+A7qbzY0ZX9qT7Q=,tag:jXL3TiLt/RqNYNIh+/IQRg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.4

fip-controller/4-deployment.yaml

@@ -0,0 +1,72 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fip-controller
+  namespace: fip-controller
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: fip-controller
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+        app: fip-controller
+    spec:
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/master
+          operator: Exists
+          effect: NoSchedule
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values:
+                      - fip-controller
+              topologyKey: kubernetes.io/hostname
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: Exists
+      serviceAccountName: fip-controller
+      containers:
+        - name: fip-controller
+          image: yolokube/hcloud-fip-controller:v0.6.0
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          envFrom:
+            - secretRef:
+                name: hcloud-fip-controller
+          volumeMounts:
+            - name: config
+              mountPath: /app/config
+      volumes:
+        - name: config
+          configMap:
+            name: hcloud-fip-controller

fip-controller/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+generators:
+  - ./secret-generator.yaml
+resources:
+  - ./0-namespace.yaml
+  - ./1-rbac.yaml
+  - ./2-configmap.yaml
+  - ./4-deployment.yaml

fip-controller/secret-generator.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        path: ksops
+files:
+  - ./3-secret.enc.yaml

traefik/values.yaml

@@ -53,6 +53,14 @@ ingressRoute:
     tls:
       secretName: traefik-tls-key
 
+tolerations:
+  - key: node-role.kubernetes.io/control-plane
+    operator: Exists
+    effect: NoSchedule
+  - key: node-role.kubernetes.io/master
+    operator: Exists
+    effect: NoSchedule
+
 logs:
   general:
     level: INFO