Initial commit

kubernetes/system/cilium/pool.yaml

@@ -0,0 +1,7 @@
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: "local-pool"
+spec:
+  blocks:
+  - cidr: "10.1.2.187/32"

kubernetes/system/csi-driver-nfs/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: csi-driver-nfs
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+secretGenerator:
+  - name: csi-driver-nfs-values
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/system/csi-driver-nfs/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

kubernetes/system/csi-driver-nfs/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: csi-driver-nfs
+  labels:
+    pod-security.kubernetes.io/enforce: privileged

kubernetes/system/csi-driver-nfs/release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: csi-driver-nfs
+  namespace: csi-driver-nfs
+spec:
+  interval: 1m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: csi-driver-nfs
+        namespace: csi-driver-nfs
+      chart: csi-driver-nfs
+      interval: 1m
+  valuesFrom:
+    - kind: Secret
+      name: csi-driver-nfs-values

kubernetes/system/csi-driver-nfs/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: csi-driver-nfs
+  namespace: csi-driver-nfs
+spec:
+  interval: 1m
+  url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts

kubernetes/system/csi-driver-nfs/values.yaml

@@ -0,0 +1,49 @@
+storageClass:
+    create: true
+    name: nfs-csi
+    annotations:
+        storageclass.kubernetes.io/is-default-class: "true"
+    parameters:
+        server: truenas.local
+        share: /mnt/fast_app_data/kube/
+        subDir: ${pvc.metadata.namespace}/${pvc.metadata.name}
+    reclaimPolicy: Delete
+    mountOptions:
+        - noatime
+        - nfsvers=4.1
+driver:
+    mountPermissions: 0
+feature:
+    enableFSGroupPolicy: true
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-22T13:26:31Z"
+    mac: ENC[AES256_GCM,data:ceN4v+5tV5iCU3jld/INz689kJpF/v7ChIVObD+4FL5KiaRb0DToygiAzgo5BvbmCL9cudrZ1qtXLSe47PMxBrS2DOzuFfp3nlBfhIc1vyl9IwMJJrdM3VWmTKMQUcjbMpb0bnD0P6S230+DU+lB9Sx+2prCzRpGl1tTEkXjrYo=,iv:dEMp7H/5Ry/uQR5OuweSwUF6h4Cbjm3Dq+ZD2rCxvGI=,tag:NF1wMICn+c2SXoI15ugsdg==,type:str]
+    pgp:
+        - created_at: "2025-03-22T13:26:31Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7uy4qQr71wiAQ/+PxuU+B8+VPXqQ8jHkIxCN3cplCGMbyv+lgaiBGUSb3Dl
+            pfwircBKOYUwobYeCBKL8aGVkvE0AtJ3oAE0sGcLCk5vTggAzU3UctiS79cYCJlu
+            MoCzfLUonYgG9UBMWhNURE6BPXw8kj5YAmoyFx67pVlgc+6DfloH8crcm7puIMAe
+            qNcKKDw4H6VY3mBJqKElbRwHdPDMQuOXyViZYGTNbtQTpO9P9wlGNjOrL5weYT/q
+            t/WDIUjBYO133KDrbBGUq/jPfk0NnGICBYqF7qoEG+1G+Brw8VnRgNNH8UvvqA4/
+            rGKtvkXFYf563qVPNVeoYvnQG6YSTr4VYfiW1Ru8SvSpsZVJu2Xqhg0ga9JVuLn8
+            6qFp0Dd2UmskEoHz7HOk9jV712/EzATvEGY8o/LFIR/EVNlLaOQug10GQxQ9MFX4
+            qfVnnFkNlNW288n6f5fEpCrn1vOllftMbQDeev20qJUXTwVxsammdGUMDoWW7t2U
+            bf42OIJicrJ+msOSohN1zFafwb09njnpiAP3jJ9kwBACByRaSp9I6p0w1CU2xN0x
+            J31hRI5ByDQ4ZcTLDNPQmE9bpTy3sfVEiv0EalPAqevxR70CkQEFJZoxIuKxBAaC
+            O49TIuEfudcL6431m6W29EEW7V944ojKMvEWSx9HgJIfJ8wqU8S4wBcDFy1SoJTU
+            ZgEJAhB0f09p6f5t6umTqrzGKiHGPrAwlvErbdUTwH3gdk6j3YJCyYR1xzZCFdzW
+            lMa4kXu3v3wndGU1FteUE3HKkoRPttBg4sf1ekJvICv4HXfADCRar5Hf0CtbHVzB
+            sH6aWEmtVQ==
+            =1kP6
+            -----END PGP MESSAGE-----
+          fp: DC6910268E657FF70BA7EC289974494E76938DDC
+    encrypted_regex: ^(password|ssh-key|api-key|user|username|privateKey|apiKey|extraArgs.*|extraEnvVars|.*secret.*|key|.*Password|.*\.ya?ml)$
+    version: 3.9.4

kubernetes/system/external-dns/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: external-dns
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+secretGenerator:
+  - name: external-dns-values
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/system/external-dns/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

kubernetes/system/external-dns/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-dns

kubernetes/system/external-dns/release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: external-dns
+  namespace: external-dns
+spec:
+  interval: 1m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: external-dns
+        namespace: external-dns
+      chart: external-dns
+      interval: 1m
+  valuesFrom:
+    - kind: Secret
+      name: external-dns-values

kubernetes/system/external-dns/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: external-dns
+  namespace: external-dns
+spec:
+  interval: 1m
+  url: https://kubernetes-sigs.github.io/external-dns/

kubernetes/system/external-dns/values.yaml

@@ -0,0 +1,44 @@
+provider:
+    name: pihole
+registry: noop
+policy: upsert-only
+sources:
+    - ingress
+domainFilters:
+    - .local
+extraArgs:
+    - ENC[AES256_GCM,data:OjceEFEsSdsu8L0cXiJpzXK99e/3qWOTGonYGJ0nCYOWkvQ=,iv:p4NBmSQEcbZ9KlPX6SRE9BszmbamJoDvfHRop3muG+U=,tag:ygCzPPLfpwRX6dYQOQ+z8w==,type:str]
+    - ENC[AES256_GCM,data:HwTgdSrgGbW6Rfq8IdiCPmQNcmeoeb9/HS4=,iv:96u90ODzbS9xcxR9ZM75GYTcklE93mW9zXtStj6vZU4=,tag:Ye+KzC5M5eiy6+qzvKtP9g==,type:str]
+    - ENC[AES256_GCM,data:8+M1yWuV6w2yom3Jiz9WZ2h5g7wO/O3z,iv:bFoZpe+rdZpFBs0ZtzPCQw+CW2Zhvc77dNGfk47SmnU=,tag:L3XWx/eMlkvAo2wK0MyYcA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-22T13:26:30Z"
+    mac: ENC[AES256_GCM,data:MpvLwjJaIiWXACFarrL/rdAXGqUjEYtrN5X6RnlBL5tmrOJQDnlGo54A4GDTaPjyc1/Wy6gz0sL07Neb8UpzRCqp58l6DQJOEvB7YiYVXpakwQXcHqvVUjBAGyiFdMe31QT577zsA9GB/wOmUDfdWlyTRnKVJUj5PGsZlQIPGgk=,iv:t42wJNK6YAfTTvWbdEGfy75+qY2IneId6/qiOCkYZx8=,tag:xl/R6CukyGJMkKAkWLQp3Q==,type:str]
+    pgp:
+        - created_at: "2025-03-22T13:26:30Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7uy4qQr71wiARAAiylUaDcKIUVjfap79CyDI5TZpMi6xy9wDuvBb5xQj2pH
+            m81D0FKnvo+jyZBKhQe4j0tlH3mdbWWDJHmWkqygMSh9qRijYgyaUGCsSBFJ1A1f
+            3kbO5nDcB2hkGkp7WeghqDNLWoEQCZRx0ofsmId54YiQ9hAWG5yugoftJRSic0r1
+            my+qlENrV5ylt6ejLW62DrdcuYdahdtwzdUYWsKSLNO+7I67+8sx3aOTrzTMlFxv
+            eGnJDX2lcStDrk10KcvyHXOSTemo5Qyd4WCnEd6ushzSdBjxge3vJMowVMNOHyqf
+            gqMCvXflsgrQCd4YiNTkzRhsUHxGi0SaTUEXWpZxRva5dw53fnQGm0/2oTBmbXyo
+            3iorrU770jt3C09+/Wodae4DqZ6mnE/0UnkfuBn8gdaSN9HEVRtqx4gHqghZaQtB
+            V2/7ApyVqhmPPKHaqDN9+XzM1t41rmkdwqOJqC8jhtQo6UynhWGR4TPlzhkg9U1n
+            dhLB4InBy9llX+XyHm94S9T//MtFyX+x5UxU9SwobL2NnONTi55Jct2B9eB7Evpo
+            PHCd8gNpZsUnXPFdh0VWR/mrnivm+ZXGLeWyDAbUgio2pQS+EgcwdbN3jKIPJsny
+            iZiak87ZUrPXcqRCESlyfRUwMDx8Y6MeEnqGWMrHM2OqQzbGjM/DyyOMCTelovjU
+            aAEJAhAFOZyeSq7uAxcdCyYc0iPIUNSQyWc/F6T9C9XOxusvCMcovFaJd1n7dYfD
+            2iI+We5xiT3Ns9S8QZl92SarYnQ3+YFZO+9fao2bVTaW59OxClKPHKH3nctGvSli
+            CQQl/7bFyATK
+            =ZZjJ
+            -----END PGP MESSAGE-----
+          fp: DC6910268E657FF70BA7EC289974494E76938DDC
+    encrypted_regex: ^(password|ssh-key|api-key|user|username|privateKey|apiKey|extraArgs.*|extraEnvVars|.*secret.*|key|.*Password|.*\.ya?ml)$
+    version: 3.9.4

kubernetes/system/traefik/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: traefik
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+secretGenerator:
+  - name: traefik-values
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml

kubernetes/system/traefik/kustomizeconfig.yaml

@@ -0,0 +1,6 @@
+nameReference:
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

kubernetes/system/traefik/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: traefik

kubernetes/system/traefik/release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: traefik
+spec:
+  interval: 1m
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: traefik
+        namespace: traefik
+      chart: traefik
+      interval: 1m
+  valuesFrom:
+    - kind: Secret
+      name: traefik-values

kubernetes/system/traefik/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: traefik
+  namespace: traefik
+spec:
+  interval: 1m
+  url: https://traefik.github.io/charts

kubernetes/system/traefik/values.yaml

@@ -0,0 +1,42 @@
+ingressClass:
+    enabled: true
+    isDefaultClass: true
+ports:
+    web:
+        forwardedHeaders:
+            trustedIPs:
+                - 127.0.0.1/32
+                # nginx-proxy
+                - 10.1.2.11/32
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-22T13:26:30Z"
+    mac: ENC[AES256_GCM,data:PMUHyPCnIhmUo5N1mdoMhDLXaFN6Cl0IGuq8EG3MGtY5X1g1QboL5nI5o25evFbuXdZn9KB2AqgzPZBxykhVpz8W+mj987g4VeDJ7sU/OnJibHSo+ibqoo0NvQaAMukWevqI7fAQZoyI3PZi07mMGYw23h2cmaJmsuAuDnQ0CvA=,iv:RRV/BF7OXFmBJX5lXZjrG4+4jjbjzMrR8BByMo5hfwA=,tag:+lVLSfdjHeJjA3dKMiRIGA==,type:str]
+    pgp:
+        - created_at: "2025-03-22T13:26:30Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7uy4qQr71wiAQ/8DGnKyC/pNGEAuuxcZjoLQhK8TJ3NgNQ3HBVLGpbVBb3S
+            P/n94oPwwEbWXpdq1/MapFgaiAP3kXyv308c0CeIICQvg9xFeXK7/o/X3ucJu/YV
+            TiMsBUCAIWKrN4lmNr3wgnMDQiRs9myzgmzJv3KOpbQr5cYnrT51spWCD2Nnt6Xm
+            HfLyZrxGscW0lrRi6jeg/7lts3HYEs75i8xUS95pj5/a+7i83sfpaAFdkGcxV6Vq
+            285Ys7S86Hrp2T0QkADHMJMXmbeTV18Psfy2v9SXgqeRMq1XHQDn+nPPkYY0kmhs
+            7xVEwGHYLkKuyNmTm+ygsQAVGd/kCeqO+hsdKRtmJ5f4vh0w1ePftScqbfEwNuDl
+            ygEVUIoVhDYdUKnjwqjgiOxsx3Y6+RS4g3vg6gNWk1HunM24bzkFRP4w1lVYB07n
+            hDcQeP0bqo7hopJjvM0VtXbSJq81duBup9DyyPaXOf30p0c+l9it4XdoeR7JaZ/y
+            nJ22POfQYCoJyKpgdB/eReLd/2MqLhdnsCUTd+CNTS1+nCz1M4JziagXU9CspnqP
+            sCYylw6aC9XfzScZldpysdqes1/1ZC9F2QeL6ZO66IRV3xBk/5eSsyZ275DRZYAj
+            P4jf1UhA4U0LQoVPAjh9cA8SLm29MgfEwoFSLGx6wsJ//ibxMIlxku9gkiRRTkPU
+            aAEJAhCQKhc7EsDKh7GgrlPh0763p+CuZR7yMp2W1kY9nU/w/802SgYEyLdPW1aY
+            gG3zMpt1roTOQI7D0jM7NjcYOLeOHWR0ac00wqv3S7I9+4tXOxuHyTX6Og19Z3GV
+            OUgA2wzhUFtj
+            =2DEs
+            -----END PGP MESSAGE-----
+          fp: DC6910268E657FF70BA7EC289974494E76938DDC
+    encrypted_regex: ^(password|ssh-key|api-key|user|username|privateKey|apiKey|extraArgs.*|extraEnvVars|.*secret.*|key|.*Password|.*\.ya?ml)$
+    version: 3.9.4