Keep migrating things

charts/metallb-resources/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: metallb-resources
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/metallb-resources/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "root.name" -}}
+{{- define "metallb-resources.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "root.fullname" -}}
+{{- define "metallb-resources.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "root.chart" -}}
+{{- define "metallb-resources.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "root.labels" -}}
-helm.sh/chart: {{ include "root.chart" . }}
-{{ include "root.selectorLabels" . }}
+{{- define "metallb-resources.labels" -}}
+helm.sh/chart: {{ include "metallb-resources.chart" . }}
+{{ include "metallb-resources.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "root.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "root.name" . }}
+{{- define "metallb-resources.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "root.serviceAccountName" -}}
+{{- define "metallb-resources.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

charts/metallb-resources/templates/ip_address_pool.tpl

@@ -0,0 +1,7 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: {{ include "metallb-resources.fullname" . }}
+spec:
+  addresses:
+  - {{ .Values.addresses}}

charts/metallb-resources/values.yaml

@@ -0,0 +1 @@
+addresses: 1.1.1.1-1.1.1.1

charts/namespaces/kustomize/flux-system.yml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: flux-system
-  labels:
-    name: flux-system

charts/namespaces/kustomize/giantswarm-flux.yml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: giantswarm-flux
-  labels:
-    name: giantswarm-flux

charts/namespaces/kustomize/giantswarm.yml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: giantswarm
-  labels:
-    name: giantswarm

charts/namespaces/kustomize/kustomization.yaml

@@ -1,5 +0,0 @@
-resources:
-  - ./giantswarm-flux.yml
-  - ./giantswarm.yml
-  - ./monitoring.yml
-  - ./org-giantswarm.yml

charts/namespaces/kustomize/monitoring.yml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: monitoring
-  labels:
-    name: monitoring

charts/namespaces/kustomize/org-giantswarm.yml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: org-giantswarm
-  labels:
-    name: org-giantswarm

charts/root/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v2
-name: root
-description: A Helm chart for Kubernetes
-type: application
-version: 0.1.5
-appVersion: "1.16.0"

charts/root/templates/root.yaml

@@ -1,25 +0,0 @@
-{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: root
-spec:
-  interval: 30s
-  url: {{ .Values.url }}
-  ref:
-    branch: {{ .Values.branch }}
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: root
-spec:
-  interval: 30s
-  targetNamespace: flux-system
-  sourceRef:
-    kind: GitRepository
-    name: root
-  path: "."
-  prune: false
-  timeout: 1m
-{{- end }}

charts/root/templates/self.yaml

@@ -1,25 +0,0 @@
-{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: root-self
-spec:
-  interval: 30s
-  url: {{ .Values.self.url }}
-  ref:
-    branch: {{ .Values.self.branch }}
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: root-self
-spec:
-  interval: 30s
-  targetNamespace: flux-system
-  sourceRef:
-    kind: GitRepository
-    name: root-self
-  path: "."
-  prune: false
-  timeout: 1m
-{{- end }}

charts/root/values.yaml

@@ -1,5 +0,0 @@
-url: https://git.badhouseplants.net/giantswarm/cluster-example.git
-branch: main
-self:
-  url: git@git.badhouseplants.net:giantswarm/root-config.git
-  branch: master

charts/tf-ocloud/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

charts/tf-ocloud/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: helm-library
-  repository: oci://ghcr.io/allanger/allangers-helm-library
-  version: 0.1.4
-digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
-generated: "2024-10-16T20:01:59.337767+02:00"

charts/tf-ocloud/Chart.yaml

@@ -1,15 +0,0 @@
-apiVersion: v2
-name: tf-ocloud
-type: application
-version: 0.1.0
-appVersion: 0.1.5
-maintainers:
-  - name: allanger
-    email: allanger@zohomail.com
-    url: https://badhouseplants.net
-dependencies:
-  - name: helm-library
-    version: 0.2.3
-    repository: oci://ghcr.io/allanger/allangers-helm-library
-annotations:
-  allowed_workload_kinds: "Deployment"

charts/tf-ocloud/templates/install.yaml

@@ -1,3 +0,0 @@
-{{ include "lib.component.workload" . }}
-{{ include "lib.component.files" . }}
-{{ include "lib.component.env" . }}

charts/tf-ocloud/values.yaml

@@ -1,67 +0,0 @@
----
-workload:
-  kind: Deployment
-  strategy:
-    type: RollingUpdate
-  securityContext: {}
-  containers:
-    tf:
-      securityContext: {}
-      image:
-        registry: zot.badhouseplants.net
-        repository: badhouseplants/terraform-ocloud
-        tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
-        pullPolicy: Always
-      envFrom:
-        - main
-      mounts:
-        files:
-          ocloudkey:
-            path: /src/key.pem
-            subPath: key.pem
-          publickey:
-            path: /src/public_key
-            subPath: public-key
-          privatekey:
-            path: /src/ssh_key
-            subPath: ssh-key
-          tfvars:
-            path: /src/terraform.tfvars
-            subPath: terraform.tfvars
-        extraVolumes:
-          dottf:
-            path: /src/.terraform
-
-extraVolumes:
-  dottf:
-    emptyDir: {}
-
-files:
-  ocloudkey:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      key.pem:
-        data: dummy
-  publickey:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      public-key:
-        data: dummy
-  privatekey:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      ssh-key:
-        data: dummy
-  tfvars:
-    enabled: true
-    sensitive: false
-    remove: []
-    entries:
-      terraform.tfvars:
-        data: dummy

common/environments.yaml

@@ -2,7 +2,7 @@ environments:
   badhouseplants:
     kubeContext: badhouseplants
     values:
-      - ./common/values/values.badhouseplants.yaml
+      #- ./common/values/values.badhouseplants.yaml
       - base:
           enabled: true
       - velero:

common/values/values.etersoft.yaml

@@ -1 +1,2 @@
-registry: registry.ru.badhouseplants.net
+registry: registry.ru.badhouseplants.net/containers
+registry_url: registry.ru.badhouseplants.net

helmfiles/base.yaml

@@ -1,7 +1,7 @@
 releases:
   # -- This one must be executed with --take-ownership at least once
   - name: namespaces
-    chart: ./charts/namespaces/chart
+    chart: ./charts/namespaces
     namespace: kube-system
     createNamespace: false
     inherit:

helmfiles/system.yaml

@@ -11,6 +11,12 @@ repositories:
     url: https://charts.jetstack.io
   - name: metallb
     url: https://metallb.github.io/metallb
+  - name: traefik
+    url: https://traefik.github.io/charts
+  - name: local-path-provisioner
+    url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
+  - name: kyverno
+    url: https://kyverno.github.io/kyverno/
 
 releases:
   - name: coredns
@@ -50,7 +56,66 @@ releases:
     inherit:
       - template: common-values
 
-  - name: zot
+  - name: local-path-provisioner
+    chart: local-path-provisioner/local-path-provisioner
+    namespace: kube-system
+    inherit:
+      - template: common-values-tpl
+
+  - name: kyverno
+    chart: kyverno/kyverno
+    namespace: kyverno
+    version: 3.3.7
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: common-values-tpl
+
+  - name: kyverno-policies
+    chart: kyverno/kyverno-policies
+    namespace: kyverno
+    version: 3.3.4
+    needs:
+      - kyverno/kyverno
+
+  - name: custom-kyverno-policies
+    chart: ./kustomizations/kyverno/{{ .Environment.Name }}
+    namespace: kyverno
+    needs:
+      - kyverno/kyverno
+
+  - name: metallb
+    chart: metallb/metallb
+    namespace: kube-system
+    condition: base.enabled
+    version: 0.14.9
+    needs:
+      - registry/cluster-mirror
+    inherit:
+      - template: common-values
+      - template: common-values-tpl
+
+  - name: metallb-resources
+    chart: ./charts/metallb-resources
+    version: 2.0.0
+    condition: base.enabled
+    namespace: kube-system
+    needs:
+      - kube-system/metallb
+    inherit:
+      - template: env-values
+
+  - name: traefik
+    chart: traefik/traefik
+    version: 34.4.1
+    condition: base.enabled
+    namespace: kube-system
+    inherit:
+      - template: common-values-tpl
+      - template: common-values
+      - template: env-values
+
+  - name: cluster-mirror
     chart: zot/zot
     version: 0.1.67
     createNamespace: false
@@ -67,17 +132,6 @@ releases:
     version: 3.12.2
     namespace: kube-system
     needs:
-      - registry/zot
+      - registry/cluster-mirror
     inherit:
       - template: common-values-tpl
-
-  - name: metallb
-    chart: metallb/metallb
-    namespace: kube-system
-    condition: base.enabled
-    version: 0.14.9
-    needs:
-      - registry/zot
-    inherit:
-      - template: common-values
-      - template: common-values-tpl

installations/system/helmfile.yaml

@@ -29,77 +29,11 @@ repositories:
     url: https://zotregistry.dev/helm-charts/
 
 releases:
-  - name: cert-manager
-    chart: jetstack/cert-manager
-    version: v1.17.1
-    namespace: kube-system
-    condition: base.enabled
-    missingFileHandler: Warn
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-      - template: default-env-values
-
-  - name: issuer
-    chart: '{{ requiredEnv "PWD" }}/charts/issuer'
-    namespace: kube-public
-    missingFileHandler: Warn
-    condition: base.enabled
-    needs:
-      - kube-system/cert-manager
-    inherit:
-      - template: default-common-values
-      - template: default-env-values
-
-  - name: metrics-server
-    chart: metrics-server/metrics-server
-    version: 3.12.2
-    namespace: kube-system
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-
-  - name: metallb
-    chart: metallb/metallb
-    namespace: kube-system
-    condition: base.enabled
-    version: 0.14.9
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-
-  - name: metallb-resources
-    chart: bedag/raw
-    version: 2.0.0
-    condition: base.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/metallb
-    inherit:
-      - template: ext-metallb
-      - template: default-env-values
-
-  - name: traefik
-    chart: traefik/traefik
-    version: 34.4.1
-    condition: base.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-common-values
-      - template: default-env-values
-
   - name: velero
     chart: vmware-tanzu/velero
     namespace: velero
     version: 8.5.0
     condition: velero.enabled
-    needs:
-      - kube-system/cilium
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -110,18 +44,6 @@ releases:
     condition: openebs.enabled
     namespace: kube-system
     version: 4.2.0
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: default-env-values
-
-  # -- Not versions since it's idnstalled from git
-  - name: local-path-provisioner
-    chart: local-path-provisioner/local-path-provisioner
-    condition: localpath.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/cilium
     inherit:
       - template: default-env-values
 
@@ -150,13 +72,3 @@ releases:
       - template: default-env-values
     needs:
       - istio-system/istio-base
-
-  - name: zot-mirror
-    chart: zot/zot
-    version: 0.1.67
-    createNamespace: false
-    installed: true
-    namespace: kube-system
-    inherit:
-      - template: default-env-values
-      - template: default-env-secrets

values/badhouseplants/kube-system/namespaces/values.yaml

@@ -3,6 +3,7 @@ namespaces:
   - name: kube-system
     defaultRegcred: true
   - name: kyverno
+    defaultRegcred: true
   - name: velero
   - name: observability
   - name: databases

values/common/kube-system/cert-manager/values.gotmpl

@@ -3,22 +3,17 @@ global:
   imagePullSecrets:
     - name: regcred
 image:
-  repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller
-  pullPolicy: Always
+  repository: {{ .Values.registry }}/jetstack/cert-manager-controller
 cainjector:
   image:
-    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector
-    pullPolicy: Always
+    repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector
 webhook:
   image:
-    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook
-    pullPolicy: Always
+    repository: {{ .Values.registry }}/jetstack/cert-manager-webhook
 acmesolver:
   image:
-    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver
-    pullPolicy: Always
+    repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver
 startupapicheck:
   image:
-    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck
-    pullPolicy: Always
+    repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck
 {{- end }}

values/common/kube-system/cilium/values.gotmpl

@@ -2,15 +2,15 @@
 imagePullSecrets:
   - name: regcred
 image:
-  repository: {{ .Values.registry }}/quay/cilium/cilium
+  repository: {{ .Values.registry }}/cilium/cilium
   useDigest: false
 envoy:
   image:
-    repository: {{ .Values.registry }}/quay/cilium/cilium-envoy
+    repository: {{ .Values.registry }}/cilium/cilium-envoy
     useDigest: false
 operator:
   image:
-    repository: {{ .Values.registry }}/quay/cilium/operator
+    repository: {{ .Values.registry }}/cilium/operator
     useDigest: false
 hubble:
   tls:

values/common/kube-system/coredns/values.gotmpl

@@ -1,6 +1,6 @@
 {{- if not (env "HELMFILE_BOOTSTRAP") }}
 image:
-  repository: {{ .Values.registry }}/dockerhub/coredns/coredns
+  repository: {{ .Values.registry }}/coredns/coredns
   pullSecrets:
     - name: regcred
 {{- end }}

values/common/kube-system/local-path-provisioner/values.gotmpl

@@ -0,0 +1,17 @@
+{{- if not (env "HELMFILE_BOOTSTRAP") }}
+image:
+  repository: {{ .Values.registry }}/rancher/local-path-provisioner
+
+helperImage:
+  repository: {{ .Values.registry }}/library/busybox
+
+imagePullSecrets:
+  - name: regcred
+{{- end }}
+
+storageClass:
+  create: true
+  defaultClass: true
+  defaultVolumeType: local
+  reclaimPolicy: Delete
+  volumeBindingMode: Immediate

values/common/kube-system/metallb/values.gotmpl

@@ -1,13 +1,15 @@
+{{- if not (env "HELMFILE_BOOTSTRAP") }}
 imagePullSecrets:
   - name: regcred
 
 controller:
   image:
-    repository: {{ .Values.registry }}/quay/metallb/controller
+    repository: {{ .Values.registry }}/metallb/controller
 
 speaker:
   image:
-    repository: {{ .Values.registry }}/quay/metallb/speaker
+    repository: {{ .Values.registry }}/metallb/speaker
   frr:
     image:
-      repository: {{ .Values.registry }}/quay/frrouting/frr
+      repository: {{ .Values.registry }}/frrouting/frr
+{{- end }}

values/common/kube-system/metallb/values.yaml

@@ -3,17 +3,20 @@ controller:
   logLevel: warn
   strategy:
     type: RollingUpdate
+
   securityContext:
     runAsNonRoot: true
     # nobody
     runAsUser: 65534
     fsGroup: 65534
+
   resources:
     requests:
       cpu: 20m
-      memory: 100Mi
+      memory: 150Mi
     limits:
-      memory: 100Mi
+      memory: 150Mi
+
   livenessProbe:
     enabled: true
     failureThreshold: 3
@@ -37,9 +40,9 @@ speaker:
   resources:
     requests:
       cpu: 30m
-      memory: 300Mi
+      memory: 350Mi
     limits:
-      memory: 300Mi
+      memory: 350Mi
   livenessProbe:
     enabled: true
     failureThreshold: 3

values/common/kube-system/metrics-server/values.gotmpl

@@ -1,5 +1,5 @@
 image:
-  repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server
+  repository: {{ .Values.registry }}/metrics-server/metrics-server
 imagePullSecrets:
   - name: regcred
 apiService:

values/common/kube-system/traefik/values.gotmpl

@@ -0,0 +1,8 @@
+{{- if not (env "HELMFILE_BOOTSTRAP") }}
+deployment:
+  imagePullSecrets:
+    - name: regcred
+
+image:
+  registry: {{ .Values.registry }}/library
+{{- end }}

values/common/kube-system/traefik/values.yaml

@@ -1,13 +1,11 @@
 globalArguments:
   - "--serversTransport.insecureSkipVerify=true"
   - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
+
 ports:
   web:
     redirections:
       port: websecure
+
 deployment:
   replicas: 2
-  imagePullSecrets:
-    - name: regcred
-image:
-  registry: registry.badhouseplants.net/dockerhub/library

values/common/kyverno/kyverno/values.gotmpl

@@ -0,0 +1,7 @@
+{{- if not (env "HELMFILE_BOOTSTRAP") }}
+global:
+  image:
+    registry: {{ .Values.registry }}
+  imagePullSecrets:
+    - name: regcred
+{{- end }}

values/common/registry/cluster-mirror/values.gotmpl

@@ -12,13 +12,13 @@ ingress:
     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
   pathtype: Prefix
   hosts:
-    - host: {{ .Values.registry }}
+    - host: {{ .Values.registry_url }}
       paths:
         - path: /
   tls:
-    - secretName: {{ .Values.registry }}
+    - secretName: {{ .Values.registry_url }}
       hosts:
-        - {{ .Values.registry }}
+        - {{ .Values.registry_url }}
 service:
   type: ClusterIP
 persistence: true
@@ -28,6 +28,8 @@ pvc:
     velero.io/exclude-from-backup: true
 mountConfig: true
 mountSecret: true
+strategy:
+  type: Recreate
 configFiles:
   config.json: |-
     {
@@ -58,7 +60,7 @@ configFiles:
       "http": {
         "address": "0.0.0.0",
         "port": "5000",
-        "externalUrl": "https://{{ .Values.registry }}",
+        "externalUrl": "https://{{ .Values.registry_url }}",
         "auth": {
           "htpasswd": {
             "path": "/secret/htpasswd"
@@ -92,7 +94,7 @@ configFiles:
         }
       },
       "log": {
-        "level": "info"
+        "level": "warn"
       },
       "extensions": {
         "scrub": {
@@ -112,13 +114,38 @@ configFiles:
           "registries": [
             {
               "urls": [
-                "https://docker.io/library",
+                "https://quay.io"
+              ],
+              "content": [
+                {
+                  "prefix": "**",
+                  "destination": "/containers"
+                }
+              ],
+              "onDemand": true,
+              "tlsVerify": true
+            },
+            {
+              "urls": [
+                "https://ghcr.io"
+              ],
+              "content": [
+                {
+                  "prefix": "**",
+                  "destination": "/containers"
+                }
+              ],
+              "onDemand": true,
+              "tlsVerify": true
+            },
+            {
+              "urls": [
                 "https://docker.io"
               ],
               "content": [
                 {
                   "prefix": "**",
-                  "destination": "/dockerhub"
+                  "destination": "/containers"
                 }
               ],
               "onDemand": true,
@@ -131,20 +158,7 @@ configFiles:
               "content": [
                 {
                   "prefix": "**",
-                  "destination": "/k8s"
-                }
-              ],
-              "onDemand": true,
-              "tlsVerify": true
-            },
-            {
-              "urls": [
-                "https://quay.io"
-              ],
-              "content": [
-                {
-                  "prefix": "**",
-                  "destination": "/quay"
+                  "destination": "/containers"
                 }
               ],
               "onDemand": true,

values/etersoft/kube-system/metallb-resources/values.yaml

@@ -0,0 +1 @@
+addresses: 91.232.225.63-91.232.225.63

values/etersoft/kube-system/namespaces/values.yaml

@@ -4,3 +4,5 @@ namespaces:
     defaultRegcred: true
   - name: applications
   - name: platform
+  - name: kyverno
+    defaultRegcred: true

values/etersoft/kube-system/traefik/values.yaml

@@ -1,3 +1,8 @@
+providers:
+  kubernetesCRD:
+    allowExternalNameServices: true
+    enabled: true
+
 ports:
   openvpn:
     port: 1194
@@ -17,7 +22,3 @@ ports:
       default: true
     exposedPort: 27016
     protocol: TCP
-providers: # @schema additionalProperties: false
-  kubernetesCRD:
-    enabled: true
-    allowExternalNameServices: true

values/etersoft/values.local-path-provisioner.yaml

@@ -1,6 +0,0 @@
-storageClass:
-  create: true
-  defaultClass: true
-  defaultVolumeType: local
-  reclaimPolicy: Delete
-  volumeBindingMode: Immediate