infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

Compare commits

base: infra:bab05add079f92c2c8a51b50763ae50e59f49b2e
Branches Tags
infra:master infra:updatebot/music-assistant infra:updatebot/paperless-ngx infra:updatebot/home-assistant infra:jenkins-buildroot infra:xactmon-doc infra:etcd infra:dch-webhooks-secrets
..
compare: infra:3b4e57afcce136ab7c25abc252e2ea2f53549307
Branches Tags
infra:updatebot/music-assistant infra:updatebot/paperless-ngx infra:updatebot/home-assistant infra:master infra:jenkins-buildroot infra:xactmon-doc infra:etcd infra:dch-webhooks-secrets

3 Commits
bab05add07 ... 3b4e57afcc

Author SHA1 Message Date
bot
3b4e57afcc zigbee2mqtt: Update to 2.5.1 2025-07-05 11:32:11 +00:00
bot
cbf1bd5ff4 piper: Update to 1.6.2 2025-07-05 11:32:11 +00:00
bot
d51e6d3096 home-assistant: Update to 2025.7.1 2025-07-05 11:32:11 +00:00
17 changed files with 16 additions and 163 deletions
Expand all files Collapse all files

1
20125/config.yml
View File

@@ -14,7 +14,6 @@ system_wide:
- job: dns_recursive - job: dns_recursive
- job: kubelet - job: kubelet
- job: kubernetes - job: kubernetes
- job: minio-backups
- instance: db0.pyrocufflink.blue - instance: db0.pyrocufflink.blue
- instance: gw1.pyrocufflink.blue - instance: gw1.pyrocufflink.blue
- instance: vmhost0.pyrocufflink.blue - instance: vmhost0.pyrocufflink.blue

15
ansible/kustomization.yaml
View File

@@ -1,19 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
transformers:
- |
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: namespace-transformer
namespace: ansible
unsetOnly: true
setRoleBindingSubjects: allServiceAccounts
fieldSpecs:
- path: metadata/namespace
create: true
labels: labels:
- pairs: - pairs:
app.kubernetes.io/instance: ansible app.kubernetes.io/instance: ansible
@@ -22,6 +9,8 @@ labels:
- pairs: - pairs:
app.kubernetes.io/part-of: ansible app.kubernetes.io/part-of: ansible
namespace: ansible
resources: resources:
- ../dch-root-ca - ../dch-root-ca
- ../ssh-host-keys - ../ssh-host-keys

109
ansible/rbac.yaml
View File

@@ -23,112 +23,3 @@ subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: dch-webhooks name: dch-webhooks
namespace: default namespace: default
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: host-provisioner
labels:
app.kubernetes.io/name: host-provisioner
app.kubernetes.io/component: host-provisioner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: host-provisioner
namespace: kube-public
annotations:
kubernetes.io/description: >-
Allows the host-provisioner to access the _cluster-info_ ConfigMap,
which it uses to get the connection details for the Kubernetes API
server, including the issuing CA certificate, to pass to `kubeadm
join` on a new worker node.
rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
resourceNames:
- cluster-info
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: host-provisioner
annotations:
kubernetes.io/description: >-
Allows the host-provisioner to manipulate labels, taints, etc. on
nodes it adds to the cluster.
rules:
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: host-provisioner
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: host-provisioner
subjects:
- kind: ServiceAccount
name: host-provisioner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: host-provisioner
namespace: kube-system
annotations:
kubernetes.io/description: >-
Allows the host-provisioner to create bootstrap tokens in order to
add new nodes to the Kubernetes cluster.
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- create
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: host-provisioner
namespace: kube-public
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: host-provisioner
subjects:
- kind: ServiceAccount
name: host-provisioner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: host-provisioner
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: host-provisioner
subjects:
- kind: ServiceAccount
name: host-provisioner

1
authelia/configuration.yml
View File

@@ -123,7 +123,6 @@ identity_providers:
redirect_uris: redirect_uris:
- https://burp.pyrocufflink.blue:9090/oauth_callback - https://burp.pyrocufflink.blue:9090/oauth_callback
- https://minio.backups.pyrocufflink.blue/oauth_callback - https://minio.backups.pyrocufflink.blue/oauth_callback
claims_policy: default
- client_id: step-ca - client_id: step-ca
client_name: step-ca client_name: step-ca
public: true public: true

4
dch-webhooks/ansible-job.yaml
View File

@@ -90,15 +90,11 @@ spec:
- mountPath: /tmp - mountPath: /tmp
name: tmp name: tmp
subPath: tmp subPath: tmp
- mountPath: /var/tmp
name: tmp
subPath: tmp
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
fsGroup: 1000 fsGroup: 1000
serviceAccountName: host-provisioner
volumes: volumes:
- name: dch-root-ca - name: dch-root-ca
configMap: configMap:

2
firefly-iii/kustomization.yaml
View File

@@ -55,4 +55,4 @@ patches:
defaultMode: 0640 defaultMode: 0640
images: images:
- name: docker.io/fireflyiii/core - name: docker.io/fireflyiii/core
newTag: version-6.2.20 newTag: version-6.2.19

10
home-assistant/kustomization.yaml
View File

@@ -157,13 +157,9 @@ images:
newTag: 2.5.0 newTag: 2.5.0
- name: docker.io/rhasspy/wyoming-piper - name: docker.io/rhasspy/wyoming-piper
newTag: 1.6.2 newTag: 1.6.2
- name: ghcr.io/koenkk/zigbee2mqtt
newTag: 2.4.0
- name: ghcr.io/zwave-js/zwave-js-ui
newTag: 10.7.0
- name: docker.io/library/eclipse-mosquitto
newTag: 2.0.22
- name: docker.io/koenkk/zigbee2mqtt - name: docker.io/koenkk/zigbee2mqtt
newTag: 2.5.1 newTag: 2.5.1
- name: docker.io/zwavejs/zwave-js-ui - name: docker.io/zwavejs/zwave-js-ui
newTag: 10.9.0 newTag: 10.7.0
- name: docker.io/library/eclipse-mosquitto
newTag: 2.0.21

2
home-assistant/zigbee2mqtt.yaml
View File

@@ -60,7 +60,7 @@ spec:
effect: NoExecute effect: NoExecute
containers: containers:
- name: zigbee2mqtt - name: zigbee2mqtt
image: ghcr.io/koenkk/zigbee2mqtt:1.33.1 image: docker.io/koenkk/zigbee2mqtt:1.33.1
envFrom: envFrom:
- configMapRef: - configMapRef:
name: zigbee2mqtt name: zigbee2mqtt

2
home-assistant/zwavejs2mqtt.yaml
View File

@@ -62,7 +62,7 @@ spec:
effect: NoExecute effect: NoExecute
containers: containers:
- name: zwavejs2mqtt - name: zwavejs2mqtt
image: ghcr.io/zwave-js/zwave-js-ui:9.1.2 image: docker.io/zwavejs/zwave-js-ui:9.1.2
ports: ports:
- containerPort: 8091 - containerPort: 8091
name: http name: http

4
updatebot/config.yml
View File

@@ -25,13 +25,13 @@ projects:
namespace: rhasspy namespace: rhasspy
repository: wyoming-piper repository: wyoming-piper
- name: zigbee2mqtt - name: zigbee2mqtt
image: ghcr.io/koenkk/zigbee2mqtt image: docker.io/koenkk/zigbee2mqtt
source: source:
kind: github kind: github
organization: Koenkk organization: Koenkk
repo: zigbee2mqtt repo: zigbee2mqtt
- name: zwavejs2mqtt - name: zwavejs2mqtt
image: ghcr.io/zwave-js/zwave-js-ui image: docker.io/zwavejs/zwave-js-ui
source: source:
kind: github kind: github
organization: zwave-js organization: zwave-js

2
victoria-metrics/alertmanager.yaml
View File

@@ -36,7 +36,7 @@ spec:
spec: spec:
containers: containers:
- name: alertmanager - name: alertmanager
image: quay.io/prometheus/alertmanager:v0.26.0 image: docker.io/prom/alertmanager:v0.26.0
ports: ports:
- containerPort: 9093 - containerPort: 9093
name: http name: http

17
victoria-metrics/scrape.yml
View File

@@ -456,20 +456,3 @@ scrape_configs:
- source_labels: - source_labels:
- __meta_dns_name - __meta_dns_name
target_label: instance target_label: instance
- job_name: minio-backups
metrics_path: /minio/v2/metrics/cluster
scheme: https
tls_config:
ca_file: /run/dch-ca/dch-root-ca.crt
dns_sd_configs:
- names:
- s3.backups.pyrocufflink.blue
type: A
port: 443
relabel_configs:
- source_labels: [__meta_dns_name, __meta_dns_srv_record_port]
separator: ':'
target_label: __address__
- source_labels: [__address__]
target_label: instance

2
victoria-metrics/vmagent.yaml
View File

@@ -91,7 +91,7 @@ spec:
spec: spec:
containers: containers:
- name: vmagent - name: vmagent
image: quay.io/victoriametrics/vmagent:v1.96.0 image: docker.io/victoriametrics/vmagent:v1.96.0
args: args:
- -envflag.enable=true - -envflag.enable=true
- -envflag.prefix=vmagent_ - -envflag.prefix=vmagent_

2
victoria-metrics/vmalert.yaml
View File

@@ -34,7 +34,7 @@ spec:
spec: spec:
containers: containers:
- name: vmalert - name: vmalert
image: quay.io/victoriametrics/vmalert:v1.96.0 image: docker.io/victoriametrics/vmalert:v1.96.0
args: args:
- -envflag.enable=true - -envflag.enable=true
- -envflag.prefix=vmalert_ - -envflag.prefix=vmalert_

2
victoria-metrics/vminsert.yaml
View File

@@ -34,7 +34,7 @@ spec:
spec: spec:
containers: containers:
- name: vminsert - name: vminsert
image: quay.io/victoriametrics/vminsert:v1.96.0-cluster image: docker.io/victoriametrics/vminsert:v1.96.0-cluster
args: args:
- -envflag.enable=true - -envflag.enable=true
- -envflag.prefix=vminsert_ - -envflag.prefix=vminsert_

2
victoria-metrics/vmselect.yaml
View File

@@ -34,7 +34,7 @@ spec:
spec: spec:
containers: containers:
- name: vmselect - name: vmselect
image: quay.io/victoriametrics/vmselect:v1.96.0-cluster image: docker.io/victoriametrics/vmselect:v1.96.0-cluster
args: args:
- -envflag.enable=true - -envflag.enable=true
- -envflag.prefix=vmselect_ - -envflag.prefix=vmselect_

2
victoria-metrics/vmstorage.yaml
View File

@@ -50,7 +50,7 @@ spec:
weight: 1 weight: 1
containers: containers:
- name: vmstorage - name: vmstorage
image: quay.io/victoriametrics/vmstorage:v1.98.0-cluster image: docker.io/victoriametrics/vmstorage:v1.96.0-cluster
args: args:
- -envflag.enable=true - -envflag.enable=true
- -envflag.prefix=vmstorage_ - -envflag.prefix=vmstorage_