diff --git a/.taskfiles/Proxmox/Taskfile.yaml b/.taskfiles/Proxmox/Taskfile.yaml index ce406f7f71..2eb29af9a7 100644 --- a/.taskfiles/Proxmox/Taskfile.yaml +++ b/.taskfiles/Proxmox/Taskfile.yaml @@ -18,37 +18,37 @@ tasks: start-staging: desc: Start staging cluster cmds: - - for: { var: ALL_VMS, split: " " } + - for: {var: ALL_VMS, split: " "} task: start-vm-{{.ITEM}} stop-staging: desc: Stop staging cluster cmds: - - for: { var: ALL_VMS, split: " " } + - for: {var: ALL_VMS, split: " "} task: stop-vm-{{.ITEM}} unmount-staging-cdrom: desc: Unmount staging cluster CD-ROM drives cmds: - - for: { var: ALL_VMS, split: " " } + - for: {var: ALL_VMS, split: " "} task: unmount-cdrom-{{.ITEM}} destroy-staging: desc: Destroy staging cluster cmds: - - for: { var: ALL_VMS, split: " " } + - for: {var: ALL_VMS, split: " "} task: destroy-vm-{{.ITEM}} create-staging: desc: Create staging cluster cmds: - - for: { var: CP_VMS, split: " " } + - for: {var: CP_VMS, split: " "} task: create-cp-vm-{{.ITEM}} wait-for-startup: internal: true cmds: - - for: { var: ALL_VMS, split: " " } + - for: {var: ALL_VMS, split: " "} task: wait-for-startup-{{.ITEM}} start-vm-*-*-*: diff --git a/.taskfiles/kubernetes/Taskfile.yaml b/.taskfiles/kubernetes/Taskfile.yaml index 04f36421ce..06c543914d 100644 --- a/.taskfiles/kubernetes/Taskfile.yaml +++ b/.taskfiles/kubernetes/Taskfile.yaml @@ -18,7 +18,7 @@ tasks: approve-certs: desc: Approve pending certs on startup cmds: - - for: { var: CERTS } + - for: {var: CERTS} cmd: kubectl --kubeconfig {{.KUBERNETES_DIR}}/{{.cluster}}/kubeconfig --context {{.cluster}} certificate approve {{.ITEM}} vars: CERTS: diff --git a/.taskfiles/postgres/Taskfile.yaml b/.taskfiles/postgres/Taskfile.yaml index a7badb4d74..e0c0e93629 100644 --- a/.taskfiles/postgres/Taskfile.yaml +++ b/.taskfiles/postgres/Taskfile.yaml @@ -415,13 +415,13 @@ tasks: cmds: - flux --context main suspend helmrelease -n {{.NAMESPACE}} {{.HELMRELEASE}} - flux --context main suspend kustomization {{.KUSTOMIZATION}} - - for: { var: SERVICES } + - for: {var: SERVICES} cmd: kubectl --context main scale --replicas=0 -n {{.NAMESPACE}} {{.ITEM}} _up: desc: Bring a service up cmds: - - for: { var: SERVICES } + - for: {var: SERVICES} cmd: kubectl --context main scale --replicas={{.REPLICAS}} -n {{.NAMESPACE}} {{.ITEM}} - flux --context main resume helmrelease -n {{.NAMESPACE}} {{.HELMRELEASE}} - flux --context main resume kustomization {{.KUSTOMIZATION}} diff --git a/kubernetes/main/apps/cert-manager/cert-manager/app/prometheus-rules.yaml b/kubernetes/main/apps/cert-manager/cert-manager/app/prometheus-rules.yaml index 3c12482118..70a3aafa35 100644 --- a/kubernetes/main/apps/cert-manager/cert-manager/app/prometheus-rules.yaml +++ b/kubernetes/main/apps/cert-manager/cert-manager/app/prometheus-rules.yaml @@ -15,7 +15,8 @@ spec: labels: severity: critical annotations: - description: "New certificates will not be able to be minted, and existing + description: + "New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back." runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerabsent summary: "Cert Manager has dissapeared from Prometheus service discovery." @@ -30,11 +31,13 @@ spec: labels: severity: warning annotations: - description: "The domain that this cert covers will be unavailable after + description: + "The domain that this cert covers will be unavailable after {{ $value | humanizeDuration }}. Clients using endpoints that this cert protects will start to fail in {{ $value | humanizeDuration }}." runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertexpirysoon - summary: "The cert {{ $labels.name }} is {{ $value | humanizeDuration }} + summary: + "The cert {{ $labels.name }} is {{ $value | humanizeDuration }} from expiry, it should have renewed over a week ago." - alert: CertManagerCertNotReady expr: | @@ -44,7 +47,8 @@ spec: labels: severity: critical annotations: - description: "This certificate has not been ready to serve traffic for at least + description: + "This certificate has not been ready to serve traffic for at least 10m. If the cert is being renewed or there is another valid cert, the ingress controller _may_ be able to serve that instead." runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagercertnotready @@ -57,7 +61,8 @@ spec: labels: severity: critical annotations: - description: "Depending on the rate limit, cert-manager may be unable to generate + description: + "Depending on the rate limit, cert-manager may be unable to generate certificates for up to a week." runbook_url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/master/RUNBOOK.md#certmanagerhittingratelimits summary: "Cert manager hitting LetsEncrypt rate limits." diff --git a/kubernetes/main/apps/dbms/dragonfly-operator/app/helm-release.yaml b/kubernetes/main/apps/dbms/dragonfly-operator/app/helm-release.yaml index 1eef4b7b5a..e1ca7642a4 100644 --- a/kubernetes/main/apps/dbms/dragonfly-operator/app/helm-release.yaml +++ b/kubernetes/main/apps/dbms/dragonfly-operator/app/helm-release.yaml @@ -37,7 +37,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} probes: liveness: enabled: true diff --git a/kubernetes/main/apps/external-secrets/onepassword-connect/app/helm-release.yaml b/kubernetes/main/apps/external-secrets/onepassword-connect/app/helm-release.yaml index 442c489ebe..e23fdbbf4f 100644 --- a/kubernetes/main/apps/external-secrets/onepassword-connect/app/helm-release.yaml +++ b/kubernetes/main/apps/external-secrets/onepassword-connect/app/helm-release.yaml @@ -66,7 +66,7 @@ spec: securityContext: &securityContext allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} resources: &resources requests: cpu: 10m @@ -114,7 +114,7 @@ spec: runAsGroup: 999 fsGroup: 999 fsGroupChangePolicy: OnRootMismatch - seccompProfile: { type: RuntimeDefault } + seccompProfile: {type: RuntimeDefault} service: api: controller: onepassword-connect diff --git a/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml b/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml index 84d0b4aa1b..90c80130c7 100644 --- a/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml +++ b/kubernetes/main/apps/kube-system/cilium/app/helm-values.yaml @@ -60,5 +60,17 @@ securityContext: privileged: true capabilities: ciliumAgent: - [CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID] + [ + CHOWN, + KILL, + NET_ADMIN, + NET_RAW, + IPC_LOCK, + SYS_ADMIN, + SYS_RESOURCE, + DAC_OVERRIDE, + FOWNER, + SETGID, + SETUID + ] cleanCiliumState: [NET_ADMIN, SYS_ADMIN, SYS_RESOURCE] diff --git a/kubernetes/main/apps/media/bazarr/app/helm-release.yaml b/kubernetes/main/apps/media/bazarr/app/helm-release.yaml index 1bc5d48e65..6ca05e1f49 100644 --- a/kubernetes/main/apps/media/bazarr/app/helm-release.yaml +++ b/kubernetes/main/apps/media/bazarr/app/helm-release.yaml @@ -56,7 +56,7 @@ spec: securityContext: &securityContext allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} resources: requests: cpu: 10m @@ -84,7 +84,7 @@ spec: runAsNonRoot: true fsGroup: 2000 fsGroupChangePolicy: OnRootMismatch - seccompProfile: { type: RuntimeDefault } + seccompProfile: {type: RuntimeDefault} service: app: controller: bazarr diff --git a/kubernetes/main/apps/media/lidarr/app/helm-release.yaml b/kubernetes/main/apps/media/lidarr/app/helm-release.yaml index b2893ff46d..b184782b74 100644 --- a/kubernetes/main/apps/media/lidarr/app/helm-release.yaml +++ b/kubernetes/main/apps/media/lidarr/app/helm-release.yaml @@ -34,7 +34,7 @@ spec: runAsGroup: 2000 fsGroup: 2000 fsGroupChangePolicy: OnRootMismatch - seccompProfile: { type: RuntimeDefault } + seccompProfile: {type: RuntimeDefault} controllers: lidarr: annotations: @@ -80,7 +80,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} service: app: controller: lidarr diff --git a/kubernetes/main/apps/media/prowlarr/app/helm-release.yaml b/kubernetes/main/apps/media/prowlarr/app/helm-release.yaml index 319ae160f0..020b58ab3d 100644 --- a/kubernetes/main/apps/media/prowlarr/app/helm-release.yaml +++ b/kubernetes/main/apps/media/prowlarr/app/helm-release.yaml @@ -34,7 +34,7 @@ spec: runAsGroup: 2000 fsGroup: 2000 fsGroupChangePolicy: OnRootMismatch - seccompProfile: { type: RuntimeDefault } + seccompProfile: {type: RuntimeDefault} controllers: prowlarr: annotations: @@ -80,7 +80,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} service: app: controller: prowlarr diff --git a/kubernetes/main/apps/media/radarr-4k/app/helm-release.yaml b/kubernetes/main/apps/media/radarr-4k/app/helm-release.yaml index 4aa4c5cd50..ff63e4aae8 100644 --- a/kubernetes/main/apps/media/radarr-4k/app/helm-release.yaml +++ b/kubernetes/main/apps/media/radarr-4k/app/helm-release.yaml @@ -92,7 +92,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} service: app: controller: radarr-4k diff --git a/kubernetes/main/apps/media/radarr/app/helm-release.yaml b/kubernetes/main/apps/media/radarr/app/helm-release.yaml index e975ff64f2..cc8002ac79 100644 --- a/kubernetes/main/apps/media/radarr/app/helm-release.yaml +++ b/kubernetes/main/apps/media/radarr/app/helm-release.yaml @@ -92,7 +92,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} service: app: controller: radarr diff --git a/kubernetes/main/apps/media/sonarr/app/helm-release.yaml b/kubernetes/main/apps/media/sonarr/app/helm-release.yaml index 45242d65ff..35c3697e09 100644 --- a/kubernetes/main/apps/media/sonarr/app/helm-release.yaml +++ b/kubernetes/main/apps/media/sonarr/app/helm-release.yaml @@ -91,7 +91,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} service: app: controller: sonarr diff --git a/kubernetes/main/apps/observability/gatus/app/helm-release.yaml b/kubernetes/main/apps/observability/gatus/app/helm-release.yaml index 05278897ff..c73c9bcfb7 100644 --- a/kubernetes/main/apps/observability/gatus/app/helm-release.yaml +++ b/kubernetes/main/apps/observability/gatus/app/helm-release.yaml @@ -80,12 +80,12 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} resources: *resources pod: dnsConfig: options: - - { name: ndots, value: "1" } + - {name: ndots, value: "1"} securityContext: runAsUser: 2000 runAsGroup: 2000 diff --git a/kubernetes/main/apps/observability/grafana/app/helm-release.yaml b/kubernetes/main/apps/observability/grafana/app/helm-release.yaml index e7d894e1e1..d54972e75a 100644 --- a/kubernetes/main/apps/observability/grafana/app/helm-release.yaml +++ b/kubernetes/main/apps/observability/grafana/app/helm-release.yaml @@ -444,7 +444,7 @@ spec: gnetId: 20204 revision: 1 datasource: - - { name: DS_PROMETHEUS, value: Prometheus } + - {name: DS_PROMETHEUS, value: Prometheus} node-feature-discovery: url: https://raw.githubusercontent.com/kubernetes-sigs/node-feature-discovery/master/examples/grafana-dashboard.json datasource: Prometheus diff --git a/kubernetes/main/apps/observability/kromgo/app/helm-release.yaml b/kubernetes/main/apps/observability/kromgo/app/helm-release.yaml index f00acc3899..258223eeaf 100644 --- a/kubernetes/main/apps/observability/kromgo/app/helm-release.yaml +++ b/kubernetes/main/apps/observability/kromgo/app/helm-release.yaml @@ -44,7 +44,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} resources: limits: &resources memory: 64Mi diff --git a/kubernetes/main/apps/observability/kromgo/app/resources/config.yaml b/kubernetes/main/apps/observability/kromgo/app/resources/config.yaml index 9f370ec7a9..77136b7b45 100644 --- a/kubernetes/main/apps/observability/kromgo/app/resources/config.yaml +++ b/kubernetes/main/apps/observability/kromgo/app/resources/config.yaml @@ -28,42 +28,42 @@ metrics: title: CPU suffix: "%" colors: - - { color: "green", min: 0, max: 35 } - - { color: "orange", min: 36, max: 75 } - - { color: "red", min: 76, max: 9999 } + - {color: "green", min: 0, max: 35} + - {color: "orange", min: 36, max: 75} + - {color: "red", min: 76, max: 9999} - name: cluster_memory_usage query: round(sum(node_memory_MemTotal_bytes{kubernetes_node=~"k8s-[0-9]+"} - node_memory_MemAvailable_bytes{kubernetes_node=~"k8s-[0-9]+"}) / sum(node_memory_MemTotal_bytes{kubernetes_node=~"k8s-[0-9]+"}) * 100, 0.1) title: Memory suffix: "%" colors: - - { color: green, min: 0, max: 35 } - - { color: orange, min: 36, max: 75 } - - { color: red, min: 76, max: 9999 } + - {color: green, min: 0, max: 35} + - {color: orange, min: 36, max: 75} + - {color: red, min: 76, max: 9999} - name: cluster_power_usage query: round(unpoller_device_outlet_ac_power_consumption, 0.1) title: Power suffix: "w" colors: - - { color: "green", min: 0, max: 400 } - - { color: "orange", min: 401, max: 750 } - - { color: "red", min: 751, max: 9999 } + - {color: "green", min: 0, max: 400} + - {color: "orange", min: 401, max: 750} + - {color: "red", min: 751, max: 9999} - name: cluster_age_days query: round((time() - min(kube_node_created{node=~"k8s-[0-9]+"}) ) / 86400) title: Age suffix: "d" colors: - - { color: "green", min: 0, max: 180 } - - { color: "orange", min: 181, max: 360 } - - { color: "red", min: 361, max: 9999 } + - {color: "green", min: 0, max: 180} + - {color: "orange", min: 181, max: 360} + - {color: "red", min: 361, max: 9999} - name: cluster_uptime_days query: round(avg(node_time_seconds{kubernetes_node=~"k8s-[0-9]+"} - node_boot_time_seconds{kubernetes_node=~"k8s-[0-9]+"}) / 86400) title: Uptime suffix: "d" colors: - - { color: "green", min: 0, max: 180 } - - { color: "orange", min: 181, max: 360 } - - { color: "red", min: 361, max: 9999 } + - {color: "green", min: 0, max: 180} + - {color: "orange", min: 181, max: 360} + - {color: "red", min: 361, max: 9999} diff --git a/kubernetes/main/apps/observability/kube-prometheus-stack/app/alertmanager-config.yaml b/kubernetes/main/apps/observability/kube-prometheus-stack/app/alertmanager-config.yaml index 718866f6b3..0c9a7389c6 100644 --- a/kubernetes/main/apps/observability/kube-prometheus-stack/app/alertmanager-config.yaml +++ b/kubernetes/main/apps/observability/kube-prometheus-stack/app/alertmanager-config.yaml @@ -13,9 +13,16 @@ spec: repeatInterval: 5m routes: - receiver: "null" - matchers: [{ name: alertname, value: InfoInhibitor|Watchdog|CPUThrottlingHigh, matchType: =~ }] + matchers: + [ + { + name: alertname, + value: InfoInhibitor|Watchdog|CPUThrottlingHigh, + matchType: =~ + } + ] - receiver: discord - matchers: [{ name: severity, value: critical|warning, matchType: =~ }] + matchers: [{name: severity, value: critical|warning, matchType: =~}] continue: true receivers: - name: "null" @@ -60,13 +67,13 @@ spec: {{- end }} {{- end }} inhibitRules: - - sourceMatch: [{ name: severity, value: critical, matchType: = }] - targetMatch: [{ name: severity, value: warning|info, matchType: =~ }] + - sourceMatch: [{name: severity, value: critical, matchType: =}] + targetMatch: [{name: severity, value: warning|info, matchType: =~}] equal: ["namespace", "alertname"] - - sourceMatch: [{ name: severity, value: warning, matchType: = }] - targetMatch: [{ name: severity, value: info, matchType: = }] + - sourceMatch: [{name: severity, value: warning, matchType: =}] + targetMatch: [{name: severity, value: info, matchType: =}] equal: ["namespace", "alertname"] - - sourceMatch: [{ name: alertname, value: InfoInhibitor, matchType: = }] - targetMatch: [{ name: severity, value: info, matchType: = }] + - sourceMatch: [{name: alertname, value: InfoInhibitor, matchType: =}] + targetMatch: [{name: severity, value: info, matchType: =}] equal: ["namespace"] - - targetMatch: [{ name: alertname, value: InfoInhibitor, matchType: = }] + - targetMatch: [{name: alertname, value: InfoInhibitor, matchType: =}] diff --git a/kubernetes/main/apps/observability/loki/app/service-monitor.yaml b/kubernetes/main/apps/observability/loki/app/service-monitor.yaml index b753d199b3..737ed5daae 100644 --- a/kubernetes/main/apps/observability/loki/app/service-monitor.yaml +++ b/kubernetes/main/apps/observability/loki/app/service-monitor.yaml @@ -14,10 +14,10 @@ spec: - observability selector: matchExpressions: - - { key: app.kubernetes.io/component, operator: In, values: [read] } - - { key: app.kubernetes.io/instance, operator: In, values: [*app] } - - { key: app.kubernetes.io/name, operator: In, values: [*app] } - - { key: prometheus.io/service-monitor, operator: NotIn, values: ["false"] } + - {key: app.kubernetes.io/component, operator: In, values: [read]} + - {key: app.kubernetes.io/instance, operator: In, values: [*app]} + - {key: app.kubernetes.io/name, operator: In, values: [*app]} + - {key: prometheus.io/service-monitor, operator: NotIn, values: ["false"]} matchLabels: <<: *labels diff --git a/kubernetes/main/apps/observability/unifi-poller/app/helm-release.yaml b/kubernetes/main/apps/observability/unifi-poller/app/helm-release.yaml index dfc4a76e7c..78485dd4b9 100644 --- a/kubernetes/main/apps/observability/unifi-poller/app/helm-release.yaml +++ b/kubernetes/main/apps/observability/unifi-poller/app/helm-release.yaml @@ -32,7 +32,7 @@ spec: runAsNonRoot: true runAsUser: 65534 runAsGroup: 65534 - seccompProfile: { type: RuntimeDefault } + seccompProfile: {type: RuntimeDefault} controllers: unpoller: annotations: @@ -62,7 +62,7 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} resources: requests: cpu: 10m diff --git a/kubernetes/main/apps/self-hosted/changedetection/app/helm-release.yaml b/kubernetes/main/apps/self-hosted/changedetection/app/helm-release.yaml index 85ef23bbd0..e27e797df6 100644 --- a/kubernetes/main/apps/self-hosted/changedetection/app/helm-release.yaml +++ b/kubernetes/main/apps/self-hosted/changedetection/app/helm-release.yaml @@ -44,16 +44,16 @@ spec: tag: latest@sha256:57d19e414d9fe4ae9d2ab12ba768c97f38d51246c5b31af55a009205c136012f pullPolicy: IfNotPresent env: - - { name: SCREEN_WIDTH, value: "1920" } - - { name: SCREEN_HEIGHT, value: "1024" } - - { name: SCREEN_DEPTH, value: "16" } - - { name: ENABLE_DEBUGGER, value: "false" } - - { name: PREBOOT_CHROME, value: "true" } - - { name: CONNECTION_TIMEOUT, value: "300000" } - - { name: MAX_CONCURRENT_SESSIONS, value: "10" } - - { name: CHROME_REFRESH_TIME, value: "600000" } - - { name: DEFAULT_BLOCK_ADS, value: "true" } - - { name: DEFAULT_STEALTH, value: "true" } + - {name: SCREEN_WIDTH, value: "1920"} + - {name: SCREEN_HEIGHT, value: "1024"} + - {name: SCREEN_DEPTH, value: "16"} + - {name: ENABLE_DEBUGGER, value: "false"} + - {name: PREBOOT_CHROME, value: "true"} + - {name: CONNECTION_TIMEOUT, value: "300000"} + - {name: MAX_CONCURRENT_SESSIONS, value: "10"} + - {name: CHROME_REFRESH_TIME, value: "600000"} + - {name: DEFAULT_BLOCK_ADS, value: "true"} + - {name: DEFAULT_STEALTH, value: "true"} service: main: controller: main diff --git a/kubernetes/main/apps/system/node-feature-discovery/rules/google-coral-device.yaml b/kubernetes/main/apps/system/node-feature-discovery/rules/google-coral-device.yaml index b968368b85..31599e0aec 100644 --- a/kubernetes/main/apps/system/node-feature-discovery/rules/google-coral-device.yaml +++ b/kubernetes/main/apps/system/node-feature-discovery/rules/google-coral-device.yaml @@ -13,4 +13,4 @@ spec: matchFeatures: - feature: usb.device matchExpressions: - vendor: { op: In, value: ["1a6e", "18d1"] } + vendor: {op: In, value: ["1a6e", "18d1"]} diff --git a/kubernetes/main/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml b/kubernetes/main/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml index 40d7a8e378..31921d2d86 100644 --- a/kubernetes/main/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml +++ b/kubernetes/main/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml @@ -12,5 +12,5 @@ spec: matchFeatures: - feature: pci.device matchExpressions: - class: { op: In, value: ["0300", "0380"] } - vendor: { op: In, value: ["8086"] } + class: {op: In, value: ["0300", "0380"]} + vendor: {op: In, value: ["8086"]} diff --git a/kubernetes/staging/apps/external-secrets/onepassword-connect/app/helm-release.yaml b/kubernetes/staging/apps/external-secrets/onepassword-connect/app/helm-release.yaml index 7573ddf1d6..5b2987a12d 100644 --- a/kubernetes/staging/apps/external-secrets/onepassword-connect/app/helm-release.yaml +++ b/kubernetes/staging/apps/external-secrets/onepassword-connect/app/helm-release.yaml @@ -66,7 +66,7 @@ spec: securityContext: &securityContext allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: {drop: ["ALL"]} resources: &resources requests: cpu: 10m @@ -114,7 +114,7 @@ spec: runAsGroup: 999 fsGroup: 999 fsGroupChangePolicy: OnRootMismatch - seccompProfile: { type: RuntimeDefault } + seccompProfile: {type: RuntimeDefault} service: app: controller: onepassword-connect diff --git a/kubernetes/staging/apps/kube-system/cilium/app/helm-values.yaml b/kubernetes/staging/apps/kube-system/cilium/app/helm-values.yaml index dd97f8bc00..20b6ea7ec2 100644 --- a/kubernetes/staging/apps/kube-system/cilium/app/helm-values.yaml +++ b/kubernetes/staging/apps/kube-system/cilium/app/helm-values.yaml @@ -60,5 +60,17 @@ securityContext: privileged: true capabilities: ciliumAgent: - [CHOWN, KILL, NET_ADMIN, NET_RAW, IPC_LOCK, SYS_ADMIN, SYS_RESOURCE, DAC_OVERRIDE, FOWNER, SETGID, SETUID] + [ + CHOWN, + KILL, + NET_ADMIN, + NET_RAW, + IPC_LOCK, + SYS_ADMIN, + SYS_RESOURCE, + DAC_OVERRIDE, + FOWNER, + SETGID, + SETUID + ] cleanCiliumState: [NET_ADMIN, SYS_ADMIN, SYS_RESOURCE] diff --git a/kubernetes/staging/apps/system/node-feature-discovery/rules/google-coral-device.yaml b/kubernetes/staging/apps/system/node-feature-discovery/rules/google-coral-device.yaml index b968368b85..31599e0aec 100644 --- a/kubernetes/staging/apps/system/node-feature-discovery/rules/google-coral-device.yaml +++ b/kubernetes/staging/apps/system/node-feature-discovery/rules/google-coral-device.yaml @@ -13,4 +13,4 @@ spec: matchFeatures: - feature: usb.device matchExpressions: - vendor: { op: In, value: ["1a6e", "18d1"] } + vendor: {op: In, value: ["1a6e", "18d1"]} diff --git a/kubernetes/staging/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml b/kubernetes/staging/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml index 40d7a8e378..31921d2d86 100644 --- a/kubernetes/staging/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml +++ b/kubernetes/staging/apps/system/node-feature-discovery/rules/intel-gpu-plugin.yaml @@ -12,5 +12,5 @@ spec: matchFeatures: - feature: pci.device matchExpressions: - class: { op: In, value: ["0300", "0380"] } - vendor: { op: In, value: ["8086"] } + class: {op: In, value: ["0300", "0380"]} + vendor: {op: In, value: ["8086"]} diff --git a/kubernetes/staging/bootstrap/helmfile.yaml b/kubernetes/staging/bootstrap/helmfile.yaml index 6dc8bdb483..e3bb4162cb 100644 --- a/kubernetes/staging/bootstrap/helmfile.yaml +++ b/kubernetes/staging/bootstrap/helmfile.yaml @@ -61,8 +61,7 @@ releases: version: 0.13.0 values: - ../apps/flux-system/flux-operator/app/helm-values.yaml - needs: - system/spegel + needs: system/spegel - name: flux-instance namespace: flux-system