badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

cleanup

This commit is contained in:
Massaki Archambault 2021-08-26 12:42:44 -04:00
parent 648f018e53
commit b9c69e3f4b
20 changed files with 15 additions and 573 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
kustomize/bases/cert-manager/cert-manager-namespace.patch
View File

@ -1,158 +0,0 @@
--- a 2020-08-10 23:13:10.083362050 -0400
+++ b 2020-08-10 23:14:00.823784738 -0400
@@ -19,7 +19,7 @@
metadata:
name: certificaterequests.cert-manager.io
annotations:
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -54,7 +54,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
webhookClientConfig:
service:
- namespace: 'cert-manager'
+ namespace: kube-system
name: 'cert-manager-webhook'
path: /convert
names:
@@ -585,7 +585,7 @@
metadata:
name: certificates.cert-manager.io
annotations:
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -623,7 +623,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
webhookClientConfig:
service:
- namespace: 'cert-manager'
+ namespace: kube-system
name: 'cert-manager-webhook'
path: /convert
names:
@@ -1797,7 +1797,7 @@
metadata:
name: challenges.acme.cert-manager.io
annotations:
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -1831,7 +1831,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
webhookClientConfig:
service:
- namespace: 'cert-manager'
+ namespace: kube-system
name: 'cert-manager-webhook'
path: /convert
names:
@@ -6260,7 +6260,7 @@
metadata:
name: clusterissuers.cert-manager.io
annotations:
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -6291,7 +6291,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
webhookClientConfig:
service:
- namespace: 'cert-manager'
+ namespace: kube-system
name: 'cert-manager-webhook'
path: /convert
names:
@@ -12084,7 +12084,7 @@
metadata:
name: issuers.cert-manager.io
annotations:
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -12115,7 +12115,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
webhookClientConfig:
service:
- namespace: 'cert-manager'
+ namespace: kube-system
name: 'cert-manager-webhook'
path: /convert
names:
@@ -17905,7 +17905,7 @@
metadata:
name: orders.acme.cert-manager.io
annotations:
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -17940,7 +17940,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
webhookClientConfig:
service:
- namespace: 'cert-manager'
+ namespace: kube-system
name: 'cert-manager-webhook'
path: /convert
names:
@@ -18515,11 +18515,6 @@
after it is initially set.
type: string
---
-apiVersion: v1
-kind: Namespace
-metadata:
- name: cert-manager
----
# Source: cert-manager/templates/cainjector-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
@@ -19100,7 +19095,7 @@
subjects:
- kind: ServiceAccount
name: cert-manager-cainjector
- namespace: cert-manager
+ namespace: kube-system
---
# Source: cert-manager/templates/rbac.yaml
# grant cert-manager permission to manage the leaderelection configmap in the
@@ -19125,7 +19120,7 @@
- apiGroup: ""
kind: ServiceAccount
name: cert-manager
- namespace: cert-manager
+ namespace: kube-system
---
# Source: cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
@@ -19148,7 +19143,7 @@
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook
- namespace: cert-manager
+ namespace: kube-system
---
# Source: cert-manager/templates/service.yaml
apiVersion: v1
@@ -19338,7 +19333,7 @@
- --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
- - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc
+ - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.kube-system.svc
ports:
- name: https
containerPort: 10250

9
kustomize/bases/cert-manager/cert-manager.yaml
View File

@ -1,9 +0,0 @@
apiVersion: badjware/v1
kind: RemoteResources
metadata:
name: cert-manager
resources:
- url: https://github.com/jetstack/cert-manager/releases/download/v0.16.1/cert-manager.yaml
sha256: 75e7cc1fb42f759860ab896aaa404c0d8c8d5896274d3739eccb193ed1075dd9
# patches:
# - cert-manager-namespace.patch

2
kustomize/bases/cert-manager/kustomization.yaml
View File

@ -1,2 +0,0 @@
generators:
- cert-manager.yaml

3
kustomize/bases/drone/drone-runner-deployment.yaml
View File

@ -35,6 +35,9 @@ spec:
resources: resources:
requests: requests:
cpu: 2000m cpu: 2000m
memory: 2Gi
limits:
cpu: 4000m
memory: 4Gi memory: 4Gi
--- ---
kind: Role kind: Role

3
kustomize/bases/drone/drone-server-deployment.yaml
View File

@ -49,6 +49,9 @@ spec:
resources: resources:
requests: requests:
cpu: 500m cpu: 500m
memory: 500Mi
limits:
cpu: 1000m
memory: 1Gi memory: 1Gi
--- ---
apiVersion: v1 apiVersion: v1

3
kustomize/bases/gitea/gitea-deployment.yaml
View File

@ -62,6 +62,9 @@ spec:
resources: resources:
requests: requests:
cpu: 500m cpu: 500m
memory: 750Mi
limits:
cpu: 1000m
memory: 1Gi memory: 1Gi
volumeMounts: volumeMounts:
- name: gitea-pv - name: gitea-pv

3
kustomize/bases/grafana/grafana-deployment.yaml
View File

@ -68,6 +68,9 @@ spec:
requests: requests:
cpu: 250m cpu: 250m
memory: 750Mi memory: 750Mi
limits:
cpu: 500m
memory: 1Gi
volumeMounts: volumeMounts:
- name: grafana-datasources - name: grafana-datasources
mountPath: /etc/grafana/provisioning/datasources mountPath: /etc/grafana/provisioning/datasources

5
kustomize/bases/ingress-nginx/kustomization.yaml
View File

@ -1,5 +0,0 @@
generators:
- nginx-ingress-controller.yaml
patchesStrategicMerge:
- nginx-ingress-controller-daemonset-patch.yaml

9
kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset-patch.yaml
View File

@ -1,9 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ingress-nginx-controller
namespace: kube-system
spec:
template:
spec:
hostNetwork: true

11
kustomize/bases/ingress-nginx/nginx-ingress-controller-daemonset.patch
View File

@ -1,11 +0,0 @@
--- a 2020-08-02 10:51:40.867697750 -0400
+++ b 2020-08-02 10:54:35.864444036 -0400
@@ -301,7 +291,7 @@
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
metadata:
labels:
helm.sh/chart: ingress-nginx-2.0.3

347
kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch
View File

@ -1,347 +0,0 @@
--- a 2020-08-10 23:16:01.598069317 -0400
+++ b 2020-08-10 23:16:35.401656793 -0400
@@ -1,14 +1,4 @@
-
-apiVersion: v1
-kind: Namespace
-metadata:
- name: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/instance: ingress-nginx
-
----
-# Source: ingress-nginx/templates/controller-serviceaccount.yaml
+# Source: kube-system/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
@@ -20,9 +10,9 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
- namespace: ingress-nginx
+ namespace: kube-system
---
-# Source: ingress-nginx/templates/controller-configmap.yaml
+# Source: kube-system/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
@@ -34,10 +24,10 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
- namespace: ingress-nginx
+ namespace: kube-system
data:
---
-# Source: ingress-nginx/templates/clusterrole.yaml
+# Source: kube-system/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -48,7 +38,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
name: ingress-nginx
- namespace: ingress-nginx
+ namespace: kube-system
rules:
- apiGroups:
- ''
@@ -108,7 +98,7 @@
- list
- watch
---
-# Source: ingress-nginx/templates/clusterrolebinding.yaml
+# Source: kube-system/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -119,7 +109,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
name: ingress-nginx
- namespace: ingress-nginx
+ namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@@ -127,9 +117,9 @@
subjects:
- kind: ServiceAccount
name: ingress-nginx
- namespace: ingress-nginx
+ namespace: kube-system
---
-# Source: ingress-nginx/templates/controller-role.yaml
+# Source: kube-system/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -141,7 +131,7 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
- namespace: ingress-nginx
+ namespace: kube-system
rules:
- apiGroups:
- ''
@@ -224,7 +214,7 @@
- create
- patch
---
-# Source: ingress-nginx/templates/controller-rolebinding.yaml
+# Source: kube-system/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
@@ -236,7 +226,7 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
- namespace: ingress-nginx
+ namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -244,9 +234,9 @@
subjects:
- kind: ServiceAccount
name: ingress-nginx
- namespace: ingress-nginx
+ namespace: kube-system
---
-# Source: ingress-nginx/templates/controller-service-webhook.yaml
+# Source: kube-system/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
@@ -258,7 +248,7 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission
- namespace: ingress-nginx
+ namespace: kube-system
spec:
type: ClusterIP
ports:
@@ -270,7 +260,7 @@
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
-# Source: ingress-nginx/templates/controller-service.yaml
+# Source: kube-system/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
@@ -282,7 +272,7 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
- namespace: ingress-nginx
+ namespace: kube-system
spec:
type: NodePort
ports:
@@ -299,7 +289,7 @@
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
-# Source: ingress-nginx/templates/controller-deployment.yaml
+# Source: kube-system/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
@@ -311,7 +301,7 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
- namespace: ingress-nginx
+ namespace: kube-system
spec:
selector:
matchLabels:
@@ -341,7 +331,7 @@
- /nginx-ingress-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- - --configmap=ingress-nginx/ingress-nginx-controller
+ - --configmap=kube-system/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
@@ -407,7 +397,7 @@
secret:
secretName: ingress-nginx-admission
---
-# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
+# Source: kube-system/templates/admission-webhooks/validating-webhook.yaml
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
@@ -419,7 +409,7 @@
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission
- namespace: ingress-nginx
+ namespace: kube-system
webhooks:
- name: validate.nginx.ingress.kubernetes.io
rules:
@@ -436,11 +426,11 @@
failurePolicy: Fail
clientConfig:
service:
- namespace: ingress-nginx
+ namespace: kube-system
name: ingress-nginx-controller-admission
path: /extensions/v1beta1/ingresses
---
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
+# Source: kube-system/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -455,7 +445,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
- namespace: ingress-nginx
+ namespace: kube-system
rules:
- apiGroups:
- admissionregistration.k8s.io
@@ -465,7 +455,7 @@
- get
- update
---
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+# Source: kube-system/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -480,7 +470,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
- namespace: ingress-nginx
+ namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@@ -488,9 +478,9 @@
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
- namespace: ingress-nginx
+ namespace: kube-system
---
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
+# Source: kube-system/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:
@@ -505,7 +495,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
- namespace: ingress-nginx
+ namespace: kube-system
spec:
template:
metadata:
@@ -524,8 +514,8 @@
imagePullPolicy: IfNotPresent
args:
- create
- - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc
- - --namespace=ingress-nginx
+ - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.kube-system.svc
+ - --namespace=kube-system
- --secret-name=ingress-nginx-admission
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
@@ -533,7 +523,7 @@
runAsNonRoot: true
runAsUser: 2000
---
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+# Source: kube-system/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:
@@ -548,7 +538,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
- namespace: ingress-nginx
+ namespace: kube-system
spec:
template:
metadata:
@@ -568,7 +558,7 @@
args:
- patch
- --webhook-name=ingress-nginx-admission
- - --namespace=ingress-nginx
+ - --namespace=kube-system
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
@@ -578,7 +568,7 @@
runAsNonRoot: true
runAsUser: 2000
---
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
+# Source: kube-system/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -593,7 +583,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
- namespace: ingress-nginx
+ namespace: kube-system
rules:
- apiGroups:
- ''
@@ -603,7 +593,7 @@
- get
- create
---
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
+# Source: kube-system/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
@@ -618,7 +608,7 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
- namespace: ingress-nginx
+ namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -626,9 +616,9 @@
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
- namespace: ingress-nginx
+ namespace: kube-system
---
-# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
+# Source: kube-system/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
@@ -643,4 +633,4 @@
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: admission-webhook
- namespace: ingress-nginx
+ namespace: kube-system

10
kustomize/bases/ingress-nginx/nginx-ingress-controller.yaml
View File

@ -1,10 +0,0 @@
apiVersion: badjware/v1
kind: RemoteResources
metadata:
name: nginx-ingress-controller
resources:
- url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/baremetal/deploy.yaml
sha256: b51736bb5cf846902ef5870d7d34e5627050ad8452850fdae0ab59fab54e69b6
patches:
- nginx-ingress-controller-daemonset.patch
- nginx-ingress-controller-namespace.patch

2
kustomize/bases/prometheus/prometheus.yaml
View File

@ -12,6 +12,8 @@ spec:
monitor: prometheus monitor: prometheus
resources: resources:
requests: requests:
cpu: 1000m
memory: 3Gi memory: 3Gi
limits: limits:
cpu: 2000m
memory: 4Gi memory: 4Gi

4
kustomize/namespaces/cert-manager/kustomization.yaml
View File

@ -1,4 +0,0 @@
bases:
- ../../bases/cert-manager
namespace: cert-manager

1
kustomize/namespaces/gitea/kustomization.yaml
View File

@ -1,7 +1,6 @@
bases: bases:
- ../../bases/gitea - ../../bases/gitea
- ../../bases/drone - ../../bases/drone
# - ../../base/postgres
resources: resources:
- namespace.yaml - namespace.yaml

1
kustomize/namespaces/grafana/kustomization.yaml
View File

@ -1,6 +1,5 @@
bases: bases:
- ../../bases/grafana - ../../bases/grafana
# - ../../base/postgres
resources: resources:
- namespace.yaml - namespace.yaml

1
kustomize/namespaces/kube-system/kustomization.yaml
View File

@ -1,5 +1,4 @@
bases: bases:
- ../../bases/traefik - ../../bases/traefik
# - ../../bases/ingress-nginx
namespace: kube-system namespace: kube-system

1
kustomize/namespaces/monitoring/kustomization.yaml
View File

@ -2,7 +2,6 @@ bases:
- ../../bases/prometheus - ../../bases/prometheus
- ../../bases/node-exporter - ../../bases/node-exporter
- ../../bases/kube-state-metrics - ../../bases/kube-state-metrics
# - ../../base/postgres
resources: resources:
- namespace.yaml - namespace.yaml

1
kustomize/overlays/dev-cluster/kustomization.yaml
View File

@ -1,7 +1,6 @@
bases: bases:
- ../../namespaces/kube-system - ../../namespaces/kube-system
- ../../namespaces/operators - ../../namespaces/operators
# - ../../namespaces/cert-manager
# allow "kubectl apply -l managed-by=cluster --prune ..." # allow "kubectl apply -l managed-by=cluster --prune ..."
commonlabels: commonlabels:

14
kustomize/overlays/dev/kustomization.yaml
View File

@ -5,9 +5,6 @@ bases:
- ../../namespaces/monitoring - ../../namespaces/monitoring
# - ../../namespaces/nextcloud # - ../../namespaces/nextcloud
# resources:
# - cert-manager/clusterissuer.yaml
images: images:
- name: gitea/gitea - name: gitea/gitea
newtag: 1.15.0 newtag: 1.15.0
@ -19,11 +16,6 @@ images:
newtag: 1.0.0-beta.9 newtag: 1.0.0-beta.9
secretGenerator: secretGenerator:
# - name: digitalocean-api-key
# type: Opaque
# namespace: cert-manager
# literals:
# - access-token=${ssm:/prod/digitalocean/api_token}
- name: drone-secret - name: drone-secret
type: Opaque type: Opaque
namespace: gitea namespace: gitea
@ -44,8 +36,4 @@ commonlabels:
managed-by: kustomize managed-by: kustomize
transformers: transformers:
- transformers/placeholders.yaml - transformers/placeholders.yaml
# - transformers/ssm-secrets.yaml
# configurations:
# - cert-manager/kustomizeconfig.yaml