rohow
122 行
4.0 KiB
YAML
122 行
4.0 KiB
YAML
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
kind: Kustomization
|
|
metadata:
|
|
name: infra-net
|
|
spec:
|
|
patches:
|
|
- target:
|
|
kind: HelmRelease
|
|
name: ingress-nginx
|
|
patch: |
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: ingress-nginx
|
|
spec:
|
|
values:
|
|
controller:
|
|
nodeSelector:
|
|
svccontroller.k3s.cattle.io/enablelb: "true"
|
|
tolerations:
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
dnsPolicy: "None"
|
|
dnsConfig:
|
|
nameservers:
|
|
- "169.254.20.10"
|
|
- "10.43.0.10"
|
|
maxmindLicenseKey: "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"
|
|
defaultBackend:
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: topology.kubernetes.io/region
|
|
operator: In
|
|
values:
|
|
- "cn-sh"
|
|
- "cn-hk"
|
|
- target:
|
|
kind: HelmRelease
|
|
name: crowdsec
|
|
patch: |
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: crowdsec
|
|
spec:
|
|
values:
|
|
lapi:
|
|
env:
|
|
- name: DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: cnpg17-cluster-hk-app
|
|
key: password
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 1
|
|
preference:
|
|
matchExpressions:
|
|
- key: topology.kubernetes.io/region
|
|
operator: In
|
|
values:
|
|
- cn-hk
|
|
config:
|
|
config.yaml.local: |
|
|
db_config:
|
|
type: postgresql
|
|
host: cnpg17-cluster-hk-rw.infra-data
|
|
port: 5432
|
|
db_name: crowdsec
|
|
user: app
|
|
password: ${DB_PASSWORD}
|
|
sslmode: require
|
|
api:
|
|
server:
|
|
auto_registration:
|
|
enabled: true
|
|
token: "${REGISTRATION_TOKEN}"
|
|
allowed_ranges:
|
|
- "127.0.0.1/32"
|
|
- "192.168.0.0/16"
|
|
- "172.16.0.0/12"
|
|
- "10.0.0.0/8"
|
|
agent:
|
|
affinity:
|
|
podAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: loki
|
|
topologyKey: kubernetes.io/hostname
|
|
namespaceSelector: {}
|
|
appsec:
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 1
|
|
preference:
|
|
matchExpressions:
|
|
- key: topology.kubernetes.io/region
|
|
operator: In
|
|
values:
|
|
- cn-hk
|
|
- target:
|
|
kind: HelmRelease
|
|
name: tailscale-derp-hk
|
|
patch: |
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: tailscale-derp-hk
|
|
spec:
|
|
values:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: tchk
|