From b9c69e3f4bfab4c27c382c28e3086b95189dcdad Mon Sep 17 00:00:00 2001 From: Massaki Archambault Date: Thu, 26 Aug 2021 12:42:44 -0400 Subject: [PATCH] cleanup --- .../cert-manager/cert-manager-namespace.patch | 158 -------- .../bases/cert-manager/cert-manager.yaml | 9 - .../bases/cert-manager/kustomization.yaml | 2 - .../bases/drone/drone-runner-deployment.yaml | 3 + .../bases/drone/drone-server-deployment.yaml | 3 + kustomize/bases/gitea/gitea-deployment.yaml | 3 + .../bases/grafana/grafana-deployment.yaml | 3 + .../bases/ingress-nginx/kustomization.yaml | 5 - ...nx-ingress-controller-daemonset-patch.yaml | 9 - .../nginx-ingress-controller-daemonset.patch | 11 - .../nginx-ingress-controller-namespace.patch | 347 ------------------ .../nginx-ingress-controller.yaml | 10 - kustomize/bases/prometheus/prometheus.yaml | 2 + .../cert-manager/kustomization.yaml | 4 - kustomize/namespaces/gitea/kustomization.yaml | 1 - .../namespaces/grafana/kustomization.yaml | 1 - .../namespaces/kube-system/kustomization.yaml | 1 - .../namespaces/monitoring/kustomization.yaml | 1 - .../overlays/dev-cluster/kustomization.yaml | 1 - kustomize/overlays/dev/kustomization.yaml | 14 +- 20 files changed, 15 insertions(+), 573 deletions(-) delete mode 100644 kustomize/bases/cert-manager/cert-manager-namespace.patch delete mode 100644 kustomize/bases/cert-manager/cert-manager.yaml delete mode 100644 kustomize/bases/cert-manager/kustomization.yaml delete mode 100644 kustomize/bases/ingress-nginx/kustomization.yaml delete mode 100644 kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset-patch.yaml delete mode 100644 kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset.patch delete mode 100644 kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch delete mode 100644 kustomize/bases/ingress-nginx/nginx-ingress-controller.yaml delete mode 100644 kustomize/namespaces/cert-manager/kustomization.yaml diff --git a/kustomize/bases/cert-manager/cert-manager-namespace.patch b/kustomize/bases/cert-manager/cert-manager-namespace.patch deleted file mode 100644 index 2b93e3b..0000000 --- a/kustomize/bases/cert-manager/cert-manager-namespace.patch +++ /dev/null @@ -1,158 +0,0 @@ ---- a 2020-08-10 23:13:10.083362050 -0400 -+++ b 2020-08-10 23:14:00.823784738 -0400 -@@ -19,7 +19,7 @@ - metadata: - name: certificaterequests.cert-manager.io - annotations: -- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' -+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' - labels: - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' -@@ -54,7 +54,7 @@ - # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. - webhookClientConfig: - service: -- namespace: 'cert-manager' -+ namespace: kube-system - name: 'cert-manager-webhook' - path: /convert - names: -@@ -585,7 +585,7 @@ - metadata: - name: certificates.cert-manager.io - annotations: -- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' -+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' - labels: - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' -@@ -623,7 +623,7 @@ - # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. - webhookClientConfig: - service: -- namespace: 'cert-manager' -+ namespace: kube-system - name: 'cert-manager-webhook' - path: /convert - names: -@@ -1797,7 +1797,7 @@ - metadata: - name: challenges.acme.cert-manager.io - annotations: -- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' -+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' - labels: - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' -@@ -1831,7 +1831,7 @@ - # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. - webhookClientConfig: - service: -- namespace: 'cert-manager' -+ namespace: kube-system - name: 'cert-manager-webhook' - path: /convert - names: -@@ -6260,7 +6260,7 @@ - metadata: - name: clusterissuers.cert-manager.io - annotations: -- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' -+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' - labels: - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' -@@ -6291,7 +6291,7 @@ - # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. - webhookClientConfig: - service: -- namespace: 'cert-manager' -+ namespace: kube-system - name: 'cert-manager-webhook' - path: /convert - names: -@@ -12084,7 +12084,7 @@ - metadata: - name: issuers.cert-manager.io - annotations: -- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' -+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' - labels: - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' -@@ -12115,7 +12115,7 @@ - # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. - webhookClientConfig: - service: -- namespace: 'cert-manager' -+ namespace: kube-system - name: 'cert-manager-webhook' - path: /convert - names: -@@ -17905,7 +17905,7 @@ - metadata: - name: orders.acme.cert-manager.io - annotations: -- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' -+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' - labels: - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' -@@ -17940,7 +17940,7 @@ - # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. - webhookClientConfig: - service: -- namespace: 'cert-manager' -+ namespace: kube-system - name: 'cert-manager-webhook' - path: /convert - names: -@@ -18515,11 +18515,6 @@ - after it is initially set. - type: string - --- --apiVersion: v1 --kind: Namespace --metadata: -- name: cert-manager ----- - # Source: cert-manager/templates/cainjector-serviceaccount.yaml - apiVersion: v1 - kind: ServiceAccount -@@ -19100,7 +19095,7 @@ - subjects: - - kind: ServiceAccount - name: cert-manager-cainjector -- namespace: cert-manager -+ namespace: kube-system - --- - # Source: cert-manager/templates/rbac.yaml - # grant cert-manager permission to manage the leaderelection configmap in the -@@ -19125,7 +19120,7 @@ - - apiGroup: "" - kind: ServiceAccount - name: cert-manager -- namespace: cert-manager -+ namespace: kube-system - --- - # Source: cert-manager/templates/webhook-rbac.yaml - apiVersion: rbac.authorization.k8s.io/v1beta1 -@@ -19148,7 +19143,7 @@ - - apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook -- namespace: cert-manager -+ namespace: kube-system - --- - # Source: cert-manager/templates/service.yaml - apiVersion: v1 -@@ -19338,7 +19333,7 @@ - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca -- - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc -+ - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.kube-system.svc - ports: - - name: https - containerPort: 10250 diff --git a/kustomize/bases/cert-manager/cert-manager.yaml b/kustomize/bases/cert-manager/cert-manager.yaml deleted file mode 100644 index f64aba1..0000000 --- a/kustomize/bases/cert-manager/cert-manager.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: badjware/v1 -kind: RemoteResources -metadata: - name: cert-manager -resources: - - url: https://github.com/jetstack/cert-manager/releases/download/v0.16.1/cert-manager.yaml - sha256: 75e7cc1fb42f759860ab896aaa404c0d8c8d5896274d3739eccb193ed1075dd9 - # patches: - # - cert-manager-namespace.patch \ No newline at end of file diff --git a/kustomize/bases/cert-manager/kustomization.yaml b/kustomize/bases/cert-manager/kustomization.yaml deleted file mode 100644 index e6297a1..0000000 --- a/kustomize/bases/cert-manager/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -generators: - - cert-manager.yaml \ No newline at end of file diff --git a/kustomize/bases/drone/drone-runner-deployment.yaml b/kustomize/bases/drone/drone-runner-deployment.yaml index 95e70c9..33b40b5 100644 --- a/kustomize/bases/drone/drone-runner-deployment.yaml +++ b/kustomize/bases/drone/drone-runner-deployment.yaml @@ -35,6 +35,9 @@ spec: resources: requests: cpu: 2000m + memory: 2Gi + limits: + cpu: 4000m memory: 4Gi --- kind: Role diff --git a/kustomize/bases/drone/drone-server-deployment.yaml b/kustomize/bases/drone/drone-server-deployment.yaml index 197a8ea..1c2da85 100644 --- a/kustomize/bases/drone/drone-server-deployment.yaml +++ b/kustomize/bases/drone/drone-server-deployment.yaml @@ -49,6 +49,9 @@ spec: resources: requests: cpu: 500m + memory: 500Mi + limits: + cpu: 1000m memory: 1Gi --- apiVersion: v1 diff --git a/kustomize/bases/gitea/gitea-deployment.yaml b/kustomize/bases/gitea/gitea-deployment.yaml index fb31e3b..09a78d4 100644 --- a/kustomize/bases/gitea/gitea-deployment.yaml +++ b/kustomize/bases/gitea/gitea-deployment.yaml @@ -62,6 +62,9 @@ spec: resources: requests: cpu: 500m + memory: 750Mi + limits: + cpu: 1000m memory: 1Gi volumeMounts: - name: gitea-pv diff --git a/kustomize/bases/grafana/grafana-deployment.yaml b/kustomize/bases/grafana/grafana-deployment.yaml index f81f233..6af296c 100644 --- a/kustomize/bases/grafana/grafana-deployment.yaml +++ b/kustomize/bases/grafana/grafana-deployment.yaml @@ -68,6 +68,9 @@ spec: requests: cpu: 250m memory: 750Mi + limits: + cpu: 500m + memory: 1Gi volumeMounts: - name: grafana-datasources mountPath: /etc/grafana/provisioning/datasources diff --git a/kustomize/bases/ingress-nginx/kustomization.yaml b/kustomize/bases/ingress-nginx/kustomization.yaml deleted file mode 100644 index 28a327d..0000000 --- a/kustomize/bases/ingress-nginx/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -generators: - - nginx-ingress-controller.yaml - -patchesStrategicMerge: - - nginx-ingress-controller-daemonset-patch.yaml \ No newline at end of file diff --git a/kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset-patch.yaml b/kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset-patch.yaml deleted file mode 100644 index 356d554..0000000 --- a/kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset-patch.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: ingress-nginx-controller - namespace: kube-system -spec: - template: - spec: - hostNetwork: true \ No newline at end of file diff --git a/kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset.patch b/kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset.patch deleted file mode 100644 index 51f780f..0000000 --- a/kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a 2020-08-02 10:51:40.867697750 -0400 -+++ b 2020-08-02 10:54:35.864444036 -0400 -@@ -301,7 +291,7 @@ - --- - # Source: ingress-nginx/templates/controller-deployment.yaml - apiVersion: apps/v1 --kind: Deployment -+kind: DaemonSet - metadata: - labels: - helm.sh/chart: ingress-nginx-2.0.3 diff --git a/kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch b/kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch deleted file mode 100644 index a88efcb..0000000 --- a/kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch +++ /dev/null @@ -1,347 +0,0 @@ ---- a 2020-08-10 23:16:01.598069317 -0400 -+++ b 2020-08-10 23:16:35.401656793 -0400 -@@ -1,14 +1,4 @@ -- --apiVersion: v1 --kind: Namespace --metadata: -- name: ingress-nginx -- labels: -- app.kubernetes.io/name: ingress-nginx -- app.kubernetes.io/instance: ingress-nginx -- ----- --# Source: ingress-nginx/templates/controller-serviceaccount.yaml -+# Source: kube-system/templates/controller-serviceaccount.yaml - apiVersion: v1 - kind: ServiceAccount - metadata: -@@ -20,9 +10,9 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx -- namespace: ingress-nginx -+ namespace: kube-system - --- --# Source: ingress-nginx/templates/controller-configmap.yaml -+# Source: kube-system/templates/controller-configmap.yaml - apiVersion: v1 - kind: ConfigMap - metadata: -@@ -34,10 +24,10 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller -- namespace: ingress-nginx -+ namespace: kube-system - data: - --- --# Source: ingress-nginx/templates/clusterrole.yaml -+# Source: kube-system/templates/clusterrole.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: -@@ -48,7 +38,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - name: ingress-nginx -- namespace: ingress-nginx -+ namespace: kube-system - rules: - - apiGroups: - - '' -@@ -108,7 +98,7 @@ - - list - - watch - --- --# Source: ingress-nginx/templates/clusterrolebinding.yaml -+# Source: kube-system/templates/clusterrolebinding.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: -@@ -119,7 +109,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - name: ingress-nginx -- namespace: ingress-nginx -+ namespace: kube-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -@@ -127,9 +117,9 @@ - subjects: - - kind: ServiceAccount - name: ingress-nginx -- namespace: ingress-nginx -+ namespace: kube-system - --- --# Source: ingress-nginx/templates/controller-role.yaml -+# Source: kube-system/templates/controller-role.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: -@@ -141,7 +131,7 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx -- namespace: ingress-nginx -+ namespace: kube-system - rules: - - apiGroups: - - '' -@@ -224,7 +214,7 @@ - - create - - patch - --- --# Source: ingress-nginx/templates/controller-rolebinding.yaml -+# Source: kube-system/templates/controller-rolebinding.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: -@@ -236,7 +226,7 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx -- namespace: ingress-nginx -+ namespace: kube-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role -@@ -244,9 +234,9 @@ - subjects: - - kind: ServiceAccount - name: ingress-nginx -- namespace: ingress-nginx -+ namespace: kube-system - --- --# Source: ingress-nginx/templates/controller-service-webhook.yaml -+# Source: kube-system/templates/controller-service-webhook.yaml - apiVersion: v1 - kind: Service - metadata: -@@ -258,7 +248,7 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller-admission -- namespace: ingress-nginx -+ namespace: kube-system - spec: - type: ClusterIP - ports: -@@ -270,7 +260,7 @@ - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - --- --# Source: ingress-nginx/templates/controller-service.yaml -+# Source: kube-system/templates/controller-service.yaml - apiVersion: v1 - kind: Service - metadata: -@@ -282,7 +272,7 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller -- namespace: ingress-nginx -+ namespace: kube-system - spec: - type: NodePort - ports: -@@ -299,7 +289,7 @@ - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/component: controller - --- --# Source: ingress-nginx/templates/controller-deployment.yaml -+# Source: kube-system/templates/controller-deployment.yaml - apiVersion: apps/v1 - kind: DaemonSet - metadata: -@@ -311,7 +301,7 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: controller - name: ingress-nginx-controller -- namespace: ingress-nginx -+ namespace: kube-system - spec: - selector: - matchLabels: -@@ -341,7 +331,7 @@ - - /nginx-ingress-controller - - --election-id=ingress-controller-leader - - --ingress-class=nginx -- - --configmap=ingress-nginx/ingress-nginx-controller -+ - --configmap=kube-system/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key -@@ -407,7 +397,7 @@ - secret: - secretName: ingress-nginx-admission - --- --# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml -+# Source: kube-system/templates/admission-webhooks/validating-webhook.yaml - apiVersion: admissionregistration.k8s.io/v1beta1 - kind: ValidatingWebhookConfiguration - metadata: -@@ -419,7 +409,7 @@ - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook - name: ingress-nginx-admission -- namespace: ingress-nginx -+ namespace: kube-system - webhooks: - - name: validate.nginx.ingress.kubernetes.io - rules: -@@ -436,11 +426,11 @@ - failurePolicy: Fail - clientConfig: - service: -- namespace: ingress-nginx -+ namespace: kube-system - name: ingress-nginx-controller-admission - path: /extensions/v1beta1/ingresses - --- --# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml -+# Source: kube-system/templates/admission-webhooks/job-patch/clusterrole.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: -@@ -455,7 +445,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook -- namespace: ingress-nginx -+ namespace: kube-system - rules: - - apiGroups: - - admissionregistration.k8s.io -@@ -465,7 +455,7 @@ - - get - - update - --- --# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml -+# Source: kube-system/templates/admission-webhooks/job-patch/clusterrolebinding.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: -@@ -480,7 +470,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook -- namespace: ingress-nginx -+ namespace: kube-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -@@ -488,9 +478,9 @@ - subjects: - - kind: ServiceAccount - name: ingress-nginx-admission -- namespace: ingress-nginx -+ namespace: kube-system - --- --# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml -+# Source: kube-system/templates/admission-webhooks/job-patch/job-createSecret.yaml - apiVersion: batch/v1 - kind: Job - metadata: -@@ -505,7 +495,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook -- namespace: ingress-nginx -+ namespace: kube-system - spec: - template: - metadata: -@@ -524,8 +514,8 @@ - imagePullPolicy: IfNotPresent - args: - - create -- - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc -- - --namespace=ingress-nginx -+ - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.kube-system.svc -+ - --namespace=kube-system - - --secret-name=ingress-nginx-admission - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission -@@ -533,7 +523,7 @@ - runAsNonRoot: true - runAsUser: 2000 - --- --# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml -+# Source: kube-system/templates/admission-webhooks/job-patch/job-patchWebhook.yaml - apiVersion: batch/v1 - kind: Job - metadata: -@@ -548,7 +538,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook -- namespace: ingress-nginx -+ namespace: kube-system - spec: - template: - metadata: -@@ -568,7 +558,7 @@ - args: - - patch - - --webhook-name=ingress-nginx-admission -- - --namespace=ingress-nginx -+ - --namespace=kube-system - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail -@@ -578,7 +568,7 @@ - runAsNonRoot: true - runAsUser: 2000 - --- --# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml -+# Source: kube-system/templates/admission-webhooks/job-patch/role.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: -@@ -593,7 +583,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook -- namespace: ingress-nginx -+ namespace: kube-system - rules: - - apiGroups: - - '' -@@ -603,7 +593,7 @@ - - get - - create - --- --# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml -+# Source: kube-system/templates/admission-webhooks/job-patch/rolebinding.yaml - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: -@@ -618,7 +608,7 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook -- namespace: ingress-nginx -+ namespace: kube-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role -@@ -626,9 +616,9 @@ - subjects: - - kind: ServiceAccount - name: ingress-nginx-admission -- namespace: ingress-nginx -+ namespace: kube-system - --- --# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml -+# Source: kube-system/templates/admission-webhooks/job-patch/serviceaccount.yaml - apiVersion: v1 - kind: ServiceAccount - metadata: -@@ -643,4 +633,4 @@ - app.kubernetes.io/version: 0.32.0 - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: admission-webhook -- namespace: ingress-nginx -+ namespace: kube-system diff --git a/kustomize/bases/ingress-nginx/nginx-ingress-controller.yaml b/kustomize/bases/ingress-nginx/nginx-ingress-controller.yaml deleted file mode 100644 index 1898470..0000000 --- a/kustomize/bases/ingress-nginx/nginx-ingress-controller.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: badjware/v1 -kind: RemoteResources -metadata: - name: nginx-ingress-controller -resources: - - url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml - sha256: b51736bb5cf846902ef5870d7d34e5627050ad8452850fdae0ab59fab54e69b6 - patches: - - nginx-ingress-controller-daemonset.patch - - nginx-ingress-controller-namespace.patch \ No newline at end of file diff --git a/kustomize/bases/prometheus/prometheus.yaml b/kustomize/bases/prometheus/prometheus.yaml index 30a21a0..b8da35d 100644 --- a/kustomize/bases/prometheus/prometheus.yaml +++ b/kustomize/bases/prometheus/prometheus.yaml @@ -12,6 +12,8 @@ spec: monitor: prometheus resources: requests: + cpu: 1000m memory: 3Gi limits: + cpu: 2000m memory: 4Gi \ No newline at end of file diff --git a/kustomize/namespaces/cert-manager/kustomization.yaml b/kustomize/namespaces/cert-manager/kustomization.yaml deleted file mode 100644 index 8042cfa..0000000 --- a/kustomize/namespaces/cert-manager/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -bases: - - ../../bases/cert-manager - -namespace: cert-manager diff --git a/kustomize/namespaces/gitea/kustomization.yaml b/kustomize/namespaces/gitea/kustomization.yaml index 4791ff2..a4813a9 100644 --- a/kustomize/namespaces/gitea/kustomization.yaml +++ b/kustomize/namespaces/gitea/kustomization.yaml @@ -1,7 +1,6 @@ bases: - ../../bases/gitea - ../../bases/drone - # - ../../base/postgres resources: - namespace.yaml diff --git a/kustomize/namespaces/grafana/kustomization.yaml b/kustomize/namespaces/grafana/kustomization.yaml index ae10ff8..2720799 100644 --- a/kustomize/namespaces/grafana/kustomization.yaml +++ b/kustomize/namespaces/grafana/kustomization.yaml @@ -1,6 +1,5 @@ bases: - ../../bases/grafana - # - ../../base/postgres resources: - namespace.yaml diff --git a/kustomize/namespaces/kube-system/kustomization.yaml b/kustomize/namespaces/kube-system/kustomization.yaml index da556c7..55db8dc 100644 --- a/kustomize/namespaces/kube-system/kustomization.yaml +++ b/kustomize/namespaces/kube-system/kustomization.yaml @@ -1,5 +1,4 @@ bases: - ../../bases/traefik - # - ../../bases/ingress-nginx namespace: kube-system diff --git a/kustomize/namespaces/monitoring/kustomization.yaml b/kustomize/namespaces/monitoring/kustomization.yaml index 71d5dca..552571f 100644 --- a/kustomize/namespaces/monitoring/kustomization.yaml +++ b/kustomize/namespaces/monitoring/kustomization.yaml @@ -2,7 +2,6 @@ bases: - ../../bases/prometheus - ../../bases/node-exporter - ../../bases/kube-state-metrics - # - ../../base/postgres resources: - namespace.yaml diff --git a/kustomize/overlays/dev-cluster/kustomization.yaml b/kustomize/overlays/dev-cluster/kustomization.yaml index 5c80f23..8b01f9a 100644 --- a/kustomize/overlays/dev-cluster/kustomization.yaml +++ b/kustomize/overlays/dev-cluster/kustomization.yaml @@ -1,7 +1,6 @@ bases: - ../../namespaces/kube-system - ../../namespaces/operators - # - ../../namespaces/cert-manager # allow "kubectl apply -l managed-by=cluster --prune ..." commonlabels: diff --git a/kustomize/overlays/dev/kustomization.yaml b/kustomize/overlays/dev/kustomization.yaml index 3ca7106..7007e83 100644 --- a/kustomize/overlays/dev/kustomization.yaml +++ b/kustomize/overlays/dev/kustomization.yaml @@ -5,9 +5,6 @@ bases: - ../../namespaces/monitoring # - ../../namespaces/nextcloud -# resources: -# - cert-manager/clusterissuer.yaml - images: - name: gitea/gitea newtag: 1.15.0 @@ -19,11 +16,6 @@ images: newtag: 1.0.0-beta.9 secretGenerator: -# - name: digitalocean-api-key -# type: Opaque -# namespace: cert-manager -# literals: -# - access-token=${ssm:/prod/digitalocean/api_token} - name: drone-secret type: Opaque namespace: gitea @@ -44,8 +36,4 @@ commonlabels: managed-by: kustomize transformers: - - transformers/placeholders.yaml - # - transformers/ssm-secrets.yaml - -# configurations: -# - cert-manager/kustomizeconfig.yaml + - transformers/placeholders.yaml \ No newline at end of file