init

talos-k8s-flux/soft/bitnami.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: bitnami-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://mirror.yandex.ru/helm/charts.bitnami.com/

talos-k8s-flux/soft/coroot.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: coroot-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://coroot.github.io/helm-charts

talos-k8s-flux/soft/cpng.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cnpg-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://cloudnative-pg.github.io/charts
+---

talos-k8s-flux/soft/ingress-nginx.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: ingress-nginx-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kubernetes.github.io/ingress-nginx
+---

talos-k8s-flux/soft/kyverno.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: kyverno-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kyverno.github.io/kyverno/
+---

talos-k8s-flux/soft/kyverno/policies.yaml

@@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v1
+kind: Policy
+metadata:
+  name: require-labels
+  namespace: kyverno
+  annotations:
+    meta.helm.sh/release-name: kyverno
+    meta.helm.sh/release-namespace: flux-system
+  labels:
+    app.kubernetes.io/managed-by: Helm
+spec:
+  validationFailureAction: audit
+  background: true
+  rules:
+    - name: require-labels
+      match:
+        any:
+        - resources:
+            kinds:
+            - Pod
+      validate:
+        message: "Label 'app.kubernetes.io/name' is required"
+        pattern:
+          metadata:
+            labels:
+              app.kubernetes.io/name: "?*"

talos-k8s-flux/soft/loki.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: grafana-charts
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://grafana.github.io/helm-charts
+---

talos-k8s-flux/soft/metrics-server.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: metrics-server-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kubernetes-sigs.github.io/metrics-server/
+---

talos-k8s-flux/soft/monitoring.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: monitoring-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://prometheus-community.github.io/helm-charts
+---

talos-k8s-flux/soft/nfs-provisioner.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: nfs-provisioner-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner
+---

talos-k8s-flux/soft/pgadmin.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: pgadmin-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://helm.runix.net

talos-k8s-flux/soft/piraeus.yaml

@@ -0,0 +1,12 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: piraeus-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  ref:
+    branch: v2
+  timeout: 60s
+  url: https://github.com/piraeusdatastore/piraeus-operator.git
+---

talos-k8s-flux/soft/piraeus/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- piraeus-operator.yaml
+- piraeus-cluster.yaml

talos-k8s-flux/soft/piraeus/piraeus-cluster.yaml

@@ -0,0 +1,83 @@
+apiVersion: piraeus.io/v1
+kind: LinstorCluster
+metadata:
+  name: linstorcluster
+spec: {}
+  # nodeAffinity:
+  #   nodeSelectorTerms:
+  #     - matchExpressions:
+  #         - key: node-role.kubernetes.io/control-plane
+  #           operator: DoesNotExist
+---
+
+apiVersion: piraeus.io/v1
+kind: LinstorSatelliteConfiguration
+metadata:
+  name: talos-loader-override
+spec:
+  podTemplate:
+    spec:
+      initContainers:
+        - name: drbd-shutdown-guard
+          $patch: delete
+        - name: drbd-module-loader
+          $patch: delete
+      volumes:
+        - name: run-systemd-system
+          $patch: delete
+        - name: run-drbd-shutdown-guard
+          $patch: delete
+        - name: systemd-bus-socket
+          $patch: delete
+        - name: lib-modules
+          $patch: delete
+        - name: usr-src
+          $patch: delete
+        - name: etc-lvm-backup
+          hostPath:
+            path: /var/etc/lvm/backup
+            type: DirectoryOrCreate
+        - name: etc-lvm-archive
+          hostPath:
+            path: /var/etc/lvm/archive
+            type: DirectoryOrCreate
+---
+
+# apiVersion: piraeus.io/v1
+# kind: LinstorSatelliteConfiguration
+# metadata:
+#   name: storage-pool
+# spec:
+#   storagePools:
+#     - name: pool1
+#       lvmThinPool:
+#         volumeGroup: vg1
+#         thinPool: thin
+#       source:
+#         hostDevices:
+#           - /dev/sdb
+# ---
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: piraeus-storage
+  # annotations:
+  #   storageclass.kubernetes.io/is-default-class: "true"
+provisioner: linstor.csi.linbit.com
+allowVolumeExpansion: true
+volumeBindingMode: WaitForFirstConsumer
+parameters:
+  linstor.csi.linbit.com/storagePool: pool1
+---
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: piraeus-storage-replicated
+provisioner: linstor.csi.linbit.com
+allowVolumeExpansion: true
+volumeBindingMode: WaitForFirstConsumer
+parameters:
+  linstor.csi.linbit.com/storagePool: pool1
+  linstor.csi.linbit.com/placementCount: "2"

talos-k8s-flux/soft/piraeus/piraeus-operator.yaml

@@ -0,0 +1,23 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: piraeus
+  namespace: flux-system
+spec:
+  interval: 1h
+  install:
+    createNamespace: true
+  targetNamespace: piraeus-datastore
+  chart:
+    spec:
+      chart: charts/piraeus
+      version: 2.8.1
+      sourceRef:
+        kind: GitRepository
+        name: piraeus-repo
+        namespace: flux-system
+      interval: 60m
+  values:
+    fullnameOverride: piraeus
+    installCRDs: true
+---

talos-k8s-flux/soft/stakater.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: stakater-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://stakater.github.io/stakater-charts
+---

talos-k8s-flux/soft/vault-secrets-webhook.yaml

@@ -0,0 +1,22 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: vault-secrets-webhook
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-webhook
+  ref:
+    tag: 1.21.4
+---
+
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: vault-operator
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://github.com/bank-vaults/vault-operator.git
+  ref:
+    tag: v1.22.6