feat: add kustomize-controller sops decryption#1079
Open
slipperypenguin wants to merge 2 commits intomainfrom
Open
feat: add kustomize-controller sops decryption#1079slipperypenguin wants to merge 2 commits intomainfrom
slipperypenguin wants to merge 2 commits intomainfrom
Conversation
Owner
slipperypenguin
commented
Feb 17, 2026
slipperypenguin
commented
- ref: feat: add kustomize-controller sops decryption onedr0p/cluster-template#1969
igloo-bot
bot
added
area/kubernetes
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: actions-runner-system/actions-runner-controller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: actions-runner-system/actions-runner-controller
@@ -8,16 +8,12 @@
name: actions-runner-controller
namespace: actions-runner-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: actions-runner-controller
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword-store
namespace: external-secrets
interval: 30m
path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: actions-runner-system/actions-runner-controller-runners
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: actions-runner-system/actions-runner-controller-runners
@@ -8,16 +8,12 @@
name: actions-runner-controller-runners
namespace: actions-runner-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: actions-runner-controller-runners
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 30m
path: ./kubernetes/apps/actions-runner-system/actions-runner-controller/runners
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: cert-manager/cert-manager
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: cert-manager/cert-manager
@@ -8,16 +8,12 @@
name: cert-manager
namespace: cert-manager
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cert-manager
- decryption:
- provider: sops
- secretRef:
- name: sops-age
healthCheckExprs:
- apiVersion: cert-manager.io/v1
current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True')
failed: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'False')
kind: ClusterIssuer
healthChecks:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/echo-server
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/echo-server
@@ -8,16 +8,12 @@
name: echo-server
namespace: default
spec:
commonMetadata:
labels:
app.kubernetes.io/name: echo-server
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/default/echo-server/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/flame
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/flame
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: flame
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/default/flame/app
postBuild:
substitute:
APP: flame
VOLSYNC_CAPACITY: 1Gi
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/home-assistant
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/home-assistant
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: home-assistant
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/manyfold
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/manyfold
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: manyfold
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword-store
namespace: external-secrets
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/n8n
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/n8n
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: n8n
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword-store
namespace: external-secrets
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/readeck
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/readeck
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: readeck
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
path: ./kubernetes/apps/default/readeck/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/thelounge
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/thelounge
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: thelounge
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
path: ./kubernetes/apps/default/thelounge/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/webhook
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: default/webhook
@@ -8,16 +8,12 @@
name: webhook
namespace: default
spec:
commonMetadata:
labels:
app.kubernetes.io/name: webhook
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/default/webhook/app
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: external-secrets/external-secrets
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: external-secrets/external-secrets
@@ -8,16 +8,12 @@
name: external-secrets
namespace: external-secrets
spec:
commonMetadata:
labels:
app.kubernetes.io/name: external-secrets
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/external-secrets/external-secrets/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: external-secrets/onepassword
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: external-secrets/onepassword
@@ -8,16 +8,12 @@
name: onepassword
namespace: external-secrets
spec:
commonMetadata:
labels:
app.kubernetes.io/name: onepassword
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/external-secrets/onepassword/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: external-secrets/onepassword-store
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: external-secrets/onepassword-store
@@ -8,16 +8,12 @@
name: onepassword-store
namespace: external-secrets
spec:
commonMetadata:
labels:
app.kubernetes.io/name: onepassword-store
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword
namespace: external-secrets
interval: 1h
path: ./kubernetes/apps/external-secrets/onepassword/store
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-instance
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-instance
@@ -8,16 +8,12 @@
name: flux-instance
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: flux-instance
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: flux-operator
namespace: flux-system
interval: 1h
path: ./kubernetes/apps/flux-system/flux-instance/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-operator
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/flux-operator
@@ -8,16 +8,12 @@
name: flux-operator
namespace: flux-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: flux-operator
- decryption:
- provider: sops
- secretRef:
- name: sops-age
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
name: flux-operator
namespace: flux-system
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/amd-device-plugin
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/amd-device-plugin
@@ -8,16 +8,12 @@
name: amd-device-plugin
namespace: kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: amd-device-plugin
- decryption:
- provider: sops
- secretRef:
- name: sops-age
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
name: amd-device-plugin
namespace: kube-system
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/cilium
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/cilium
@@ -8,16 +8,12 @@
name: cilium
namespace: kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cilium
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/kube-system/cilium/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/cilium-gateway
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/cilium-gateway
@@ -8,16 +8,12 @@
name: cilium-gateway
namespace: kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cilium-gateway
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: cert-manager
namespace: cert-manager
interval: 1h
path: ./kubernetes/apps/kube-system/cilium/gateway
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/coredns
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/coredns
@@ -8,16 +8,12 @@
name: coredns
namespace: kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: coredns
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/kube-system/coredns/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/metrics-server
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/metrics-server
@@ -8,16 +8,12 @@
name: metrics-server
namespace: kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: metrics-server
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/kube-system/metrics-server/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/reloader
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/reloader
@@ -8,16 +8,12 @@
name: reloader
namespace: kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: reloader
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/kube-system/reloader/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/spegel
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: kube-system/spegel
@@ -8,16 +8,12 @@
name: spegel
namespace: kube-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: spegel
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/kube-system/spegel/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: network/cloudflare-dns
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: network/cloudflare-dns
@@ -8,16 +8,12 @@
name: cloudflare-dns
namespace: network
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cloudflare-dns
- decryption:
- provider: sops
- secretRef:
- name: sops-age
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
name: cloudflare-dns
namespace: network
- apiVersion: apiextensions.k8s.io/v1
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: network/cloudflare-tunnel
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: network/cloudflare-tunnel
@@ -8,16 +8,12 @@
name: cloudflare-tunnel
namespace: network
spec:
commonMetadata:
labels:
app.kubernetes.io/name: cloudflare-tunnel
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: cloudflare-dns
namespace: network
interval: 1h
path: ./kubernetes/apps/network/cloudflare-tunnel/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: network/unifi-dns
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: network/unifi-dns
@@ -8,16 +8,12 @@
name: unifi-dns
namespace: network
spec:
commonMetadata:
labels:
app.kubernetes.io/name: unifi-dns
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword-store
namespace: external-secrets
interval: 1h
path: ./kubernetes/apps/network/unifi-dns/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/alloy
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/alloy
@@ -8,16 +8,12 @@
name: alloy
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: alloy
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/observability/alloy/app
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/blackbox-exporter
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/blackbox-exporter
@@ -8,16 +8,12 @@
name: blackbox-exporter
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: blackbox-exporter
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/observability/blackbox-exporter/app
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/gatus
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/gatus
@@ -8,16 +8,12 @@
name: gatus
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: gatus
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword-store
namespace: external-secrets
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/grafana
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/grafana
@@ -8,16 +8,12 @@
name: grafana
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: grafana
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/observability/grafana/app
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/jellyfin-json-exporter
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/jellyfin-json-exporter
@@ -8,16 +8,12 @@
name: jellyfin-json-exporter
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: jellyfin-json-exporter
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword-store
namespace: external-secrets
- name: kube-prometheus-stack
namespace: observability
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/kube-prometheus-stack
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/kube-prometheus-stack
@@ -8,16 +8,12 @@
name: kube-prometheus-stack
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: kube-prometheus-stack
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: openebs
namespace: openebs-system
- name: onepassword
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/loki
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/loki
@@ -8,16 +8,12 @@
name: loki
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: loki
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: openebs
namespace: openebs-system
interval: 1h
path: ./kubernetes/apps/observability/loki/app
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/unpoller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: observability/unpoller
@@ -8,16 +8,12 @@
name: unpoller
namespace: observability
spec:
commonMetadata:
labels:
app.kubernetes.io/name: unpoller
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/observability/unpoller/app
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: openebs-system/openebs
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: openebs-system/openebs
@@ -8,16 +8,12 @@
name: openebs
namespace: openebs-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: openebs
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 30m
path: ./kubernetes/apps/openebs-system/openebs/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: rook-ceph/rook-ceph
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: rook-ceph/rook-ceph
@@ -5,16 +5,12 @@
labels:
kustomize.toolkit.fluxcd.io/name: cluster-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: rook-ceph
namespace: rook-ceph
spec:
- decryption:
- provider: sops
- secretRef:
- name: sops-age
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
name: rook-ceph-operator
namespace: rook-ceph
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: rook-ceph/rook-ceph-cluster
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: rook-ceph/rook-ceph-cluster
@@ -5,16 +5,12 @@
labels:
kustomize.toolkit.fluxcd.io/name: cluster-apps
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: rook-ceph-cluster
namespace: rook-ceph
spec:
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph
namespace: rook-ceph
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/autobrr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/autobrr
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: autobrr
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/bazarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/bazarr
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: bazarr
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/jellyfin
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/jellyfin
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: jellyfin
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: openebs
namespace: openebs-system
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/jellyseerr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/jellyseerr
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: jellyseerr
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
path: ./kubernetes/apps/servarr/jellyseerr/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/prowlarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/prowlarr
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: prowlarr
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/qbittorrent
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/qbittorrent
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: qbittorrent
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/qui
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/qui
@@ -7,16 +7,12 @@
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: qui
namespace: servarr
spec:
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/radarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/radarr
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: radarr
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/recyclarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/recyclarr
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: recyclarr
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: onepassword-store
namespace: external-secrets
interval: 1h
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/sabnzbd
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/sabnzbd
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: sabnzbd
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
path: ./kubernetes/apps/servarr/sabnzbd/app
postBuild:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/sonarr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/sonarr
@@ -10,16 +10,12 @@
spec:
commonMetadata:
labels:
app.kubernetes.io/name: sonarr
components:
- ../../../../components/volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
- name: openebs
namespace: openebs-system
- name: onepassword-store
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/unpackerr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: servarr/unpackerr
@@ -8,16 +8,12 @@
name: unpackerr
namespace: servarr
spec:
commonMetadata:
labels:
app.kubernetes.io/name: unpackerr
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: onepassword-store
namespace: external-secrets
interval: 1h
path: ./kubernetes/apps/servarr/unpackerr/app
prune: true
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: system-upgrade/tuppr
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: system-upgrade/tuppr
@@ -8,16 +8,12 @@
name: tuppr
namespace: system-upgrade
spec:
commonMetadata:
labels:
app.kubernetes.io/name: tuppr
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 1h
path: ./kubernetes/apps/system-upgrade/tuppr/app
prune: true
sourceRef:
kind: GitRepository
name: flux-system
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: system-upgrade/tuppr-upgrades
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: system-upgrade/tuppr-upgrades
@@ -8,16 +8,12 @@
name: tuppr-upgrades
namespace: system-upgrade
spec:
commonMetadata:
labels:
app.kubernetes.io/name: tuppr-upgrades
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: tuppr
interval: 1h
path: ./kubernetes/apps/system-upgrade/tuppr/upgrades
prune: true
sourceRef:
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: volsync-system/snapshot-controller
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: volsync-system/snapshot-controller
@@ -8,16 +8,12 @@
name: snapshot-controller
namespace: volsync-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: snapshot-controller
- decryption:
- provider: sops
- secretRef:
- name: sops-age
interval: 30m
path: ./kubernetes/apps/volsync-system/snapshot-controller/app
postBuild:
substituteFrom:
- kind: Secret
name: cluster-secrets
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: volsync-system/volsync
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: volsync-system/volsync
@@ -8,16 +8,12 @@
name: volsync
namespace: volsync-system
spec:
commonMetadata:
labels:
app.kubernetes.io/name: volsync
- decryption:
- provider: sops
- secretRef:
- name: sops-age
dependsOn:
- name: snapshot-controller
namespace: volsync-system
- name: openebs
namespace: openebs-system
healthChecks:
--- kubernetes/apps/flux-system/flux-instance/app Kustomization: flux-system/flux-instance HelmRelease: flux-system/flux-instance
+++ kubernetes/apps/flux-system/flux-instance/app Kustomization: flux-system/flux-instance HelmRelease: flux-system/flux-instance
@@ -23,8 +23,8 @@
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
valuesFrom:
- kind: ConfigMap
- name: flux-instance-values-8g4b88f2gb
+ name: flux-instance-values-569mg7fc6b
--- kubernetes/apps/flux-system/flux-instance/app Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-values-8g4b88f2gb
+++ kubernetes/apps/flux-system/flux-instance/app Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-values-8g4b88f2gb
@@ -1,113 +0,0 @@
----
-apiVersion: v1
-data:
- values.yaml: |
- ---
- instance:
- distribution:
- # renovate: datasource=github-releases depName=controlplaneio-fluxcd/distribution
- version: 2.7.5
- cluster:
- networkPolicy: false
- components:
- - source-controller
- - kustomize-controller
- - helm-controller
- - notification-controller
- sync:
- kind: GitRepository
- url: "https://github.com/slipperypenguin/igloo.git"
- ref: "refs/heads/main"
- path: kubernetes/flux/cluster
- commonMetadata:
- labels:
- app.kubernetes.io/name: flux
- kustomize:
- patches:
- - # Increase the number of workers
- patch: |
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --concurrent=10
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --requeue-dependency=5s
- target:
- kind: Deployment
- name: (kustomize-controller|helm-controller|source-controller)
- - # Increase the memory limits
- patch: |
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: all
- spec:
- template:
- spec:
- containers:
- - name: manager
- resources:
- limits:
- memory: 2Gi
- target:
- kind: Deployment
- name: (kustomize-controller|helm-controller|source-controller)
- - # Enable in-memory kustomize builds
- patch: |
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --concurrent=20
- - op: replace
- path: /spec/template/spec/volumes/0
- value:
- name: temp
- emptyDir:
- medium: Memory
- target:
- kind: Deployment
- name: kustomize-controller
- - # Enable Helm repositories caching
- patch: |
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --helm-cache-max-size=10
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --helm-cache-ttl=60m
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --helm-cache-purge-interval=5m
- target:
- kind: Deployment
- name: source-controller
- - # Flux near OOM detection for Helm
- patch: |
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --feature-gates=OOMWatch=true
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --oom-watch-memory-threshold=95
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --oom-watch-interval=500ms
- target:
- kind: Deployment
- name: helm-controller
- - # Disable chart digest tracking
- patch: |
- - op: add
- path: /spec/template/spec/containers/0/args/-
- value: --feature-gates=DisableChartDigestTracking=true
- target:
- kind: Deployment
- name: helm-controller
-kind: ConfigMap
-metadata:
- labels:
- app.kubernetes.io/name: flux-instance
- kustomize.toolkit.fluxcd.io/name: flux-instance
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: flux-instance-values-8g4b88f2gb
- namespace: flux-system
-
--- kubernetes/apps/flux-system/flux-instance/app Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-values-569mg7fc6b
+++ kubernetes/apps/flux-system/flux-instance/app Kustomization: flux-system/flux-instance ConfigMap: flux-system/flux-instance-values-569mg7fc6b
@@ -0,0 +1,129 @@
+---
+apiVersion: v1
+data:
+ values.yaml: |
+ ---
+ instance:
+ distribution:
+ # renovate: datasource=github-releases depName=controlplaneio-fluxcd/distribution
+ version: 2.7.5
+ cluster:
+ networkPolicy: false
+ components:
+ - source-controller
+ - kustomize-controller
+ - helm-controller
+ - notification-controller
+ sync:
+ kind: GitRepository
+ url: "https://github.com/slipperypenguin/igloo.git"
+ ref: "refs/heads/main"
+ path: kubernetes/flux/cluster
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: flux
+ kustomize:
+ patches:
+ - # Increase the number of workers
+ patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --requeue-dependency=5s
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - # Increase the memory limits
+ patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: all
+ spec:
+ template:
+ spec:
+ containers:
+ - name: manager
+ resources:
+ limits:
+ memory: 2Gi
+ target:
+ kind: Deployment
+ name: (kustomize-controller|helm-controller|source-controller)
+ - # Enable in-memory kustomize builds
+ patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --concurrent=20
+ - op: replace
+ path: /spec/template/spec/volumes/0
+ value:
+ name: temp
+ emptyDir:
+ medium: Memory
+ target:
+ kind: Deployment
+ name: kustomize-controller
+ - # Enable Helm repositories caching
+ patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-max-size=10
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-ttl=60m
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --helm-cache-purge-interval=5m
+ target:
+ kind: Deployment
+ name: source-controller
+ - # Flux near OOM detection for Helm
+ patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --feature-gates=OOMWatch=true
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-memory-threshold=95
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --oom-watch-interval=500ms
+ target:
+ kind: Deployment
+ name: helm-controller
+ - # Disable chart digest tracking
+ patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --feature-gates=DisableChartDigestTracking=true
+ target:
+ kind: Deployment
+ name: helm-controller
+ - # Controller-level SOPS decryption
+ patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --sops-age-secret=sops-age
+ target:
+ kind: Deployment
+ name: kustomize-controller
+ - # Watch configmaps and secrets attached to HelmReleases and Kustomizations
+ patch: |-
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --watch-configs-label-selector=owner!=helm
+ target:
+ kind: Deployment
+ name: (helm-controller|kustomize-controller)
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/name: flux-instance
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: flux-instance-values-569mg7fc6b
+ namespace: flux-system
+ |
--- HelmRelease: flux-system/flux-instance FluxInstance: flux-system/flux
+++ HelmRelease: flux-system/flux-instance FluxInstance: flux-system/flux
@@ -98,12 +98,26 @@
- op: add
path: /spec/template/spec/containers/0/args/-
value: --feature-gates=DisableChartDigestTracking=true
target:
kind: Deployment
name: helm-controller
+ - patch: |
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --sops-age-secret=sops-age
+ target:
+ kind: Deployment
+ name: kustomize-controller
+ - patch: |-
+ - op: add
+ path: /spec/template/spec/containers/0/args/-
+ value: --watch-configs-label-selector=owner!=helm
+ target:
+ kind: Deployment
+ name: (helm-controller|kustomize-controller)
sync:
kind: GitRepository
interval: 1m
url: https://github.com/slipperypenguin/igloo.git
ref: refs/heads/main
path: kubernetes/flux/cluster |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.