kryptonian.dev / k8s-cluster
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Hmm

Skyler Mäntysaari c9ff52b6 e6cf08e5

+76 -30
+1 -1
k8s/nebula/apps/ci/kustomization.yaml
··· 4 4 resources: 5 5 - ns.yaml 6 6 - github-actions 7 - - forgejo-actions/ks.yaml 7 + # - forgejo-actions/ks.yaml 8 8 # - buildkitd/ks.yaml
+24
k8s/nebula/apps/monitoring/grafana/app/int-ingress.yaml
··· 1 + apiVersion: networking.k8s.io/v1 2 + kind: Ingress 3 + metadata: 4 + annotations: 5 + meta.helm.sh/release-name: grafana 6 + meta.helm.sh/release-namespace: monitoring 7 + name: grafana-int 8 + namespace: monitoring 9 + spec: 10 + ingressClassName: internal-nginx 11 + rules: 12 + - host: grafana.skylab.fi 13 + http: 14 + paths: 15 + - backend: 16 + service: 17 + name: grafana 18 + port: 19 + number: 80 20 + path: / 21 + pathType: Prefix 22 + tls: 23 + - hosts: 24 + - grafana.skylab.fi
+12 -12
k8s/nebula/apps/monitoring/kromgo/app/hr.yaml
··· 80 80 ports: 81 81 http: 82 82 port: *port 83 - ingress: 84 - main: 85 - className: external-nginx 83 + 84 + route: 85 + app: 86 + hostnames: [ "{{ .Release.Name }}.skylab.fi" ] 86 87 annotations: 87 88 external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" 88 89 external-dns.alpha.kubernetes.io/target: ingress-cf.skylab.fi 89 - hosts: 90 - - host: &host "{{ .Release.Name }}.skylab.fi" 91 - paths: 92 - - path: / 93 - service: 94 - identifier: app 95 - port: http 96 - tls: 97 - - hosts: [*host] 90 + parentRefs: 91 + - name: envoy-external 92 + namespace: networking 93 + sectionName: https 94 + rules: 95 + - backendRefs: 96 + - name: *app 97 + port: *port 98 98 # int: 99 99 # className: internal-nginx 100 100 # hosts:
+12 -17
k8s/nebula/apps/monitoring/scrutiny/scrutiny/hr.yaml
··· 3 3 apiVersion: helm.toolkit.fluxcd.io/v2beta2 4 4 kind: HelmRelease 5 5 metadata: 6 - name: scrutiny 6 + name: &app scrutiny 7 7 namespace: monitoring 8 8 spec: 9 9 interval: 30m ··· 85 85 startup: 86 86 enabled: false 87 87 88 - 89 - ingress: 90 - main: 91 - className: internal-nginx 92 - hosts: 93 - - host: &host "scrutiny.skylab.fi" 94 - paths: 95 - - path: / 96 - pathType: Prefix 97 - service: 98 - identifier: scrutiny 99 - port: 8080 100 - tls: 101 - - hosts: 102 - - *host 103 - 88 + route: 89 + app: 90 + hostnames: [ "scrutiny.skylab.fi" ] 91 + parentRefs: 92 + - name: envoy-internal 93 + namespace: networking 94 + sectionName: https 95 + rules: 96 + - backendRefs: 97 + - name: *app 98 + port: *port 104 99 105 100 service: 106 101 scrutiny:
+27
k8s/nebula/talos/authentik.sh
··· 1 + #!/bin/bash 2 + 3 + 4 + KUBE_API=$(kubectl config view --minify --output jsonpath="{.clusters[*].cluster.server}") 5 + NAMESPACE=security 6 + SECRET_NAME=$(kubectl get serviceaccount authentik-remote-cluster -o jsonpath='{.secrets[0].name}' 2>/dev/null || echo -n authentik-remote-cluster) 7 + KUBE_CA=$(kubectl -n $NAMESPACE get secret/$SECRET_NAME -o jsonpath='{.data.ca\.crt}') 8 + KUBE_TOKEN=$(kubectl -n $NAMESPACE get secret/$SECRET_NAME -o jsonpath='{.data.token}' | base64 --decode) 9 + 10 + echo "apiVersion: v1 11 + kind: Config 12 + clusters: 13 + - name: default-cluster 14 + cluster: 15 + certificate-authority-data: ${KUBE_CA} 16 + server: ${KUBE_API} 17 + contexts: 18 + - name: default-context 19 + context: 20 + cluster: default-cluster 21 + namespace: $NAMESPACE 22 + user: authentik-user 23 + current-context: default-context 24 + users: 25 + - name: authentik-user 26 + user: 27 + token: ${KUBE_TOKEN}"