diff --git a/installations/applications/helmfile.yaml b/installations/applications/helmfile.yaml index 9bfac1b..d87f82c 100644 --- a/installations/applications/helmfile.yaml +++ b/installations/applications/helmfile.yaml @@ -23,6 +23,8 @@ repositories: url: https://bedag.github.io/helm-charts/ - name: grafana url: https://grafana.github.io/helm-charts + - name: bitnami + url: https://charts.bitnami.com/bitnami releases: - name: authentik diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 9c391d4..1f5f733 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -71,12 +71,8 @@ releases: namespace: kube-system needs: - kube-system/cilium - set: - - name: crds.enabled - value: true - values: - - networkPolicy: - enabled: true + inherit: + - template: default-env-values - name: issuer chart: '{{ requiredEnv "PWD" }}/charts/issuer' @@ -101,6 +97,8 @@ releases: version: 0.14.7 needs: - kube-system/cilium + inherit: + - template: default-env-values - name: metallb-resources chart: bedag/raw diff --git a/values/badhouseplants/values.authentik.yaml b/values/badhouseplants/values.authentik.yaml index 5ef4894..d26459a 100644 --- a/values/badhouseplants/values.authentik.yaml +++ b/values/badhouseplants/values.authentik.yaml @@ -55,7 +55,19 @@ server: - name: postgres-creds mountPath: /postgres-creds readOnly: true + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + memory: 512Mi worker: + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + memory: 512Mi volumes: - name: postgres-creds secret: diff --git a/values/badhouseplants/values.cert-manager.yaml b/values/badhouseplants/values.cert-manager.yaml new file mode 100644 index 0000000..8a8fe73 --- /dev/null +++ b/values/badhouseplants/values.cert-manager.yaml @@ -0,0 +1,25 @@ +crds: + enabled: true +networkPolicy: + enabled: true +resources: + requests: + cpu: 30m + memory: 100Mi + limits: + memory: 100Mi +cainjector: + resources: + requests: + cpu: 20m + memory: 150Mi + limits: + memory: 150Mi +webhook: + resources: + requests: + cpu: 50m + memory: 150Mi + limits: + memory: 150Mi + diff --git a/values/badhouseplants/values.metallb.yaml b/values/badhouseplants/values.metallb.yaml new file mode 100644 index 0000000..784ac2c --- /dev/null +++ b/values/badhouseplants/values.metallb.yaml @@ -0,0 +1,71 @@ +controller: + enabled: true + logLevel: warn + image: + repository: quay.io/metallb/controller + tag: + pullPolicy: + strategy: + type: RollingUpdate + securityContext: + runAsNonRoot: true + # nobody + runAsUser: 65534 + fsGroup: 65534 + resources: + requests: + cpu: 20m + memory: 100Mi + limits: + memory: 100Mi + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + +speaker: + enabled: true + logLevel: warn + tolerateMaster: true + image: + repository: quay.io/metallb/speaker + tag: + pullPolicy: + securityContext: {} + resources: + requests: + cpu: 30m + memory: 130Mi + limits: + memory: 130Mi + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + startupProbe: + enabled: true + failureThreshold: 30 + periodSeconds: 5 +crds: + enabled: true + validationFailurePolicy: Fail diff --git a/values/badhouseplants/values.rook-ceph.yaml b/values/badhouseplants/values.rook-ceph.yaml index 2c89a19..931a1e1 100644 --- a/values/badhouseplants/values.rook-ceph.yaml +++ b/values/badhouseplants/values.rook-ceph.yaml @@ -1,5 +1,6 @@ --- csi: + enableRbdDriver: false csiRBDProvisionerResource: | - name : csi-provisioner resource: