apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: infra-net spec: patches: - target: kind: HelmRelease name: ingress-nginx patch: | apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress-nginx spec: values: controller: nodeSelector: svccontroller.k3s.cattle.io/enablelb: "true" tolerations: - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" dnsPolicy: "None" dnsConfig: nameservers: - "169.254.20.10" - "10.43.0.10" maxmindLicenseKey: "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" defaultBackend: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/region operator: In values: - "cn-sh" - "cn-hk" - target: kind: HelmRelease name: crowdsec patch: | apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: crowdsec spec: values: agent: affinity: podAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/name: loki topologyKey: kubernetes.io/hostname namespaceSelector: {} appsec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: topology.kubernetes.io/region operator: In values: - cn-hk lapi: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: topology.kubernetes.io/region operator: In values: - cn-hk - target: kind: HelmRelease name: tailscale-derp-hk patch: | apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: tailscale-derp-hk spec: values: nodeSelector: kubernetes.io/hostname: tchk