chore(deps): update helm release renovate to v39.220.3

charts/metallb-resources/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: metallb-resources
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

charts/metallb-resources/templates/ip_address_pool.tpl

@@ -1,7 +0,0 @@
-apiVersion: metallb.io/v1beta1
-kind: IPAddressPool
-metadata:
-  name: {{ include "metallb-resources.fullname" . }}
-spec:
-  addresses:
-  - {{ .Values.addresses}}

charts/metallb-resources/values.yaml

@@ -1 +0,0 @@
-addresses: 1.1.1.1-1.1.1.1

charts/namespaces/kustomize/flux-system.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-system
+  labels:
+    name: flux-system

charts/namespaces/kustomize/giantswarm-flux.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: giantswarm-flux
+  labels:
+    name: giantswarm-flux

charts/namespaces/kustomize/giantswarm.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: giantswarm
+  labels:
+    name: giantswarm

charts/namespaces/kustomize/kustomization.yaml

@@ -0,0 +1,5 @@
+resources:
+  - ./giantswarm-flux.yml
+  - ./giantswarm.yml
+  - ./monitoring.yml
+  - ./org-giantswarm.yml

charts/namespaces/kustomize/monitoring.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  labels:
+    name: monitoring

charts/namespaces/kustomize/org-giantswarm.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: org-giantswarm
+  labels:
+    name: org-giantswarm

charts/root/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: root
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.5
+appVersion: "1.16.0"

charts/root/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "metallb-resources.name" -}}
+{{- define "root.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "metallb-resources.fullname" -}}
+{{- define "root.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "metallb-resources.chart" -}}
+{{- define "root.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "metallb-resources.labels" -}}
-helm.sh/chart: {{ include "metallb-resources.chart" . }}
-{{ include "metallb-resources.selectorLabels" . }}
+{{- define "root.labels" -}}
+helm.sh/chart: {{ include "root.chart" . }}
+{{ include "root.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "metallb-resources.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
+{{- define "root.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "root.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "metallb-resources.serviceAccountName" -}}
+{{- define "root.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

charts/root/templates/root.yaml

@@ -0,0 +1,25 @@
+{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: root
+spec:
+  interval: 30s
+  url: {{ .Values.url }}
+  ref:
+    branch: {{ .Values.branch }}
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: root
+spec:
+  interval: 30s
+  targetNamespace: flux-system
+  sourceRef:
+    kind: GitRepository
+    name: root
+  path: "."
+  prune: false
+  timeout: 1m
+{{- end }}

charts/root/templates/self.yaml

@@ -0,0 +1,25 @@
+{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: root-self
+spec:
+  interval: 30s
+  url: {{ .Values.self.url }}
+  ref:
+    branch: {{ .Values.self.branch }}
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: root-self
+spec:
+  interval: 30s
+  targetNamespace: flux-system
+  sourceRef:
+    kind: GitRepository
+    name: root-self
+  path: "."
+  prune: false
+  timeout: 1m
+{{- end }}

charts/root/values.yaml

@@ -0,0 +1,5 @@
+url: https://git.badhouseplants.net/giantswarm/cluster-example.git
+branch: main
+self:
+  url: git@git.badhouseplants.net:giantswarm/root-config.git
+  branch: master

charts/tf-ocloud/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/tf-ocloud/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: helm-library
+  repository: oci://ghcr.io/allanger/allangers-helm-library
+  version: 0.1.4
+digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
+generated: "2024-10-16T20:01:59.337767+02:00"

charts/tf-ocloud/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: tf-ocloud
+type: application
+version: 0.1.0
+appVersion: 0.1.5
+maintainers:
+  - name: allanger
+    email: allanger@zohomail.com
+    url: https://badhouseplants.net
+dependencies:
+  - name: helm-library
+    version: 0.2.3
+    repository: oci://ghcr.io/allanger/allangers-helm-library
+annotations:
+  allowed_workload_kinds: "Deployment"

charts/tf-ocloud/templates/install.yaml

@@ -0,0 +1,3 @@
+{{ include "lib.component.workload" . }}
+{{ include "lib.component.files" . }}
+{{ include "lib.component.env" . }}

charts/tf-ocloud/values.yaml

@@ -0,0 +1,67 @@
+---
+workload:
+  kind: Deployment
+  strategy:
+    type: RollingUpdate
+  securityContext: {}
+  containers:
+    tf:
+      securityContext: {}
+      image:
+        registry: zot.badhouseplants.net
+        repository: badhouseplants/terraform-ocloud
+        tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
+        pullPolicy: Always
+      envFrom:
+        - main
+      mounts:
+        files:
+          ocloudkey:
+            path: /src/key.pem
+            subPath: key.pem
+          publickey:
+            path: /src/public_key
+            subPath: public-key
+          privatekey:
+            path: /src/ssh_key
+            subPath: ssh-key
+          tfvars:
+            path: /src/terraform.tfvars
+            subPath: terraform.tfvars
+        extraVolumes:
+          dottf:
+            path: /src/.terraform
+
+extraVolumes:
+  dottf:
+    emptyDir: {}
+
+files:
+  ocloudkey:
+    enabled: true
+    sensitive: false
+    remove: []
+    entries:
+      key.pem:
+        data: dummy
+  publickey:
+    enabled: true
+    sensitive: false
+    remove: []
+    entries:
+      public-key:
+        data: dummy
+  privatekey:
+    enabled: true
+    sensitive: false
+    remove: []
+    entries:
+      ssh-key:
+        data: dummy
+  tfvars:
+    enabled: true
+    sensitive: false
+    remove: []
+    entries:
+      terraform.tfvars:
+        data: dummy

common/environments.yaml

@@ -2,7 +2,7 @@ environments:
   badhouseplants:
     kubeContext: badhouseplants
     values:
-      #- ./common/values/values.badhouseplants.yaml
+      - ./common/values/values.badhouseplants.yaml
       - base:
           enabled: true
       - velero:

common/values/values.etersoft.yaml

@@ -1,2 +1 @@
-registry: registry.ru.badhouseplants.net/containers
-registry_url: registry.ru.badhouseplants.net
+registry: registry.ru.badhouseplants.net

helmfiles/base.yaml

@@ -1,7 +1,7 @@
 releases:
   # -- This one must be executed with --take-ownership at least once
   - name: namespaces
-    chart: ./charts/namespaces
+    chart: ./charts/namespaces/chart
     namespace: kube-system
     createNamespace: false
     inherit:

helmfiles/system.yaml

@@ -11,12 +11,6 @@ repositories:
     url: https://charts.jetstack.io
   - name: metallb
     url: https://metallb.github.io/metallb
-  - name: traefik
-    url: https://traefik.github.io/charts
-  - name: local-path-provisioner
-    url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
-  - name: kyverno
-    url: https://kyverno.github.io/kyverno/
 
 releases:
   - name: coredns
@@ -56,66 +50,7 @@ releases:
     inherit:
       - template: common-values
 
-  - name: local-path-provisioner
-    chart: local-path-provisioner/local-path-provisioner
-    namespace: kube-system
-    inherit:
-      - template: common-values-tpl
-
-  - name: kyverno
-    chart: kyverno/kyverno
-    namespace: kyverno
-    version: 3.3.7
-    needs:
-      - kube-system/cilium
-    inherit:
-      - template: common-values-tpl
-
-  - name: kyverno-policies
-    chart: kyverno/kyverno-policies
-    namespace: kyverno
-    version: 3.3.4
-    needs:
-      - kyverno/kyverno
-
-  - name: custom-kyverno-policies
-    chart: ./kustomizations/kyverno/{{ .Environment.Name }}
-    namespace: kyverno
-    needs:
-      - kyverno/kyverno
-
-  - name: metallb
-    chart: metallb/metallb
-    namespace: kube-system
-    condition: base.enabled
-    version: 0.14.9
-    needs:
-      - registry/cluster-mirror
-    inherit:
-      - template: common-values
-      - template: common-values-tpl
-
-  - name: metallb-resources
-    chart: ./charts/metallb-resources
-    version: 2.0.0
-    condition: base.enabled
-    namespace: kube-system
-    needs:
-      - kube-system/metallb
-    inherit:
-      - template: env-values
-
-  - name: traefik
-    chart: traefik/traefik
-    version: 34.4.1
-    condition: base.enabled
-    namespace: kube-system
-    inherit:
-      - template: common-values-tpl
-      - template: common-values
-      - template: env-values
-
-  - name: cluster-mirror
+  - name: zot
     chart: zot/zot
     version: 0.1.67
     createNamespace: false
@@ -132,6 +67,17 @@ releases:
     version: 3.12.2
     namespace: kube-system
     needs:
-      - registry/cluster-mirror
+      - registry/zot
     inherit:
       - template: common-values-tpl
+
+  - name: metallb
+    chart: metallb/metallb
+    namespace: kube-system
+    condition: base.enabled
+    version: 0.14.9
+    needs:
+      - registry/zot
+    inherit:
+      - template: common-values
+      - template: common-values-tpl

installations/pipelines/helmfile.yaml

@@ -20,7 +20,7 @@ releases:
   - name: renovate-gitea
     chart: renovate/renovate
     namespace: pipelines
-    version: 39.220.4
+    version: 39.220.3
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -28,7 +28,7 @@ releases:
     chart: renovate/renovate
     installed: false
     namespace: pipelines
-    version: 39.220.4
+    version: 39.220.3
     inherit:
       - template: default-env-values
       - template: default-env-secrets

installations/system/helmfile.yaml

@@ -29,11 +29,77 @@ repositories:
     url: https://zotregistry.dev/helm-charts/
 
 releases:
+  - name: cert-manager
+    chart: jetstack/cert-manager
+    version: v1.17.1
+    namespace: kube-system
+    condition: base.enabled
+    missingFileHandler: Warn
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: default-common-values
+      - template: default-env-values
+
+  - name: issuer
+    chart: '{{ requiredEnv "PWD" }}/charts/issuer'
+    namespace: kube-public
+    missingFileHandler: Warn
+    condition: base.enabled
+    needs:
+      - kube-system/cert-manager
+    inherit:
+      - template: default-common-values
+      - template: default-env-values
+
+  - name: metrics-server
+    chart: metrics-server/metrics-server
+    version: 3.12.2
+    namespace: kube-system
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: default-common-values
+
+  - name: metallb
+    chart: metallb/metallb
+    namespace: kube-system
+    condition: base.enabled
+    version: 0.14.9
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: default-common-values
+
+  - name: metallb-resources
+    chart: bedag/raw
+    version: 2.0.0
+    condition: base.enabled
+    namespace: kube-system
+    needs:
+      - kube-system/metallb
+    inherit:
+      - template: ext-metallb
+      - template: default-env-values
+
+  - name: traefik
+    chart: traefik/traefik
+    version: 34.4.1
+    condition: base.enabled
+    namespace: kube-system
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: default-common-values
+      - template: default-env-values
+
   - name: velero
     chart: vmware-tanzu/velero
     namespace: velero
     version: 8.5.0
     condition: velero.enabled
+    needs:
+      - kube-system/cilium
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -44,6 +110,18 @@ releases:
     condition: openebs.enabled
     namespace: kube-system
     version: 4.2.0
+    needs:
+      - kube-system/cilium
+    inherit:
+      - template: default-env-values
+
+  # -- Not versions since it's idnstalled from git
+  - name: local-path-provisioner
+    chart: local-path-provisioner/local-path-provisioner
+    condition: localpath.enabled
+    namespace: kube-system
+    needs:
+      - kube-system/cilium
     inherit:
       - template: default-env-values
 
@@ -72,3 +150,13 @@ releases:
       - template: default-env-values
     needs:
       - istio-system/istio-base
+
+  - name: zot-mirror
+    chart: zot/zot
+    version: 0.1.67
+    createNamespace: false
+    installed: true
+    namespace: kube-system
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets

values/badhouseplants/kube-system/namespaces/values.yaml

@@ -3,7 +3,6 @@ namespaces:
   - name: kube-system
     defaultRegcred: true
   - name: kyverno
-    defaultRegcred: true
   - name: velero
   - name: observability
   - name: databases

values/common/kube-system/cert-manager/values.gotmpl

@@ -3,17 +3,22 @@ global:
   imagePullSecrets:
     - name: regcred
 image:
-  repository: {{ .Values.registry }}/jetstack/cert-manager-controller
+  repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller
+  pullPolicy: Always
 cainjector:
   image:
-    repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector
+    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector
+    pullPolicy: Always
 webhook:
   image:
-    repository: {{ .Values.registry }}/jetstack/cert-manager-webhook
+    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook
+    pullPolicy: Always
 acmesolver:
   image:
-    repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver
+    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver
+    pullPolicy: Always
 startupapicheck:
   image:
-    repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck
+    repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck
+    pullPolicy: Always
 {{- end }}

values/common/kube-system/cilium/values.gotmpl

@@ -2,15 +2,15 @@
 imagePullSecrets:
   - name: regcred
 image:
-  repository: {{ .Values.registry }}/cilium/cilium
+  repository: {{ .Values.registry }}/quay/cilium/cilium
   useDigest: false
 envoy:
   image:
-    repository: {{ .Values.registry }}/cilium/cilium-envoy
+    repository: {{ .Values.registry }}/quay/cilium/cilium-envoy
     useDigest: false
 operator:
   image:
-    repository: {{ .Values.registry }}/cilium/operator
+    repository: {{ .Values.registry }}/quay/cilium/operator
     useDigest: false
 hubble:
   tls:

values/common/kube-system/coredns/values.gotmpl

@@ -1,6 +1,6 @@
 {{- if not (env "HELMFILE_BOOTSTRAP") }}
 image:
-  repository: {{ .Values.registry }}/coredns/coredns
+  repository: {{ .Values.registry }}/dockerhub/coredns/coredns
   pullSecrets:
     - name: regcred
 {{- end }}

values/common/kube-system/local-path-provisioner/values.gotmpl

@@ -1,17 +0,0 @@
-{{- if not (env "HELMFILE_BOOTSTRAP") }}
-image:
-  repository: {{ .Values.registry }}/rancher/local-path-provisioner
-
-helperImage:
-  repository: {{ .Values.registry }}/library/busybox
-
-imagePullSecrets:
-  - name: regcred
-{{- end }}
-
-storageClass:
-  create: true
-  defaultClass: true
-  defaultVolumeType: local
-  reclaimPolicy: Delete
-  volumeBindingMode: Immediate

values/common/kube-system/metallb/values.gotmpl

@@ -1,15 +1,13 @@
-{{- if not (env "HELMFILE_BOOTSTRAP") }}
 imagePullSecrets:
   - name: regcred
 
 controller:
   image:
-    repository: {{ .Values.registry }}/metallb/controller
+    repository: {{ .Values.registry }}/quay/metallb/controller
 
 speaker:
   image:
-    repository: {{ .Values.registry }}/metallb/speaker
+    repository: {{ .Values.registry }}/quay/metallb/speaker
   frr:
     image:
-      repository: {{ .Values.registry }}/frrouting/frr
-{{- end }}
+      repository: {{ .Values.registry }}/quay/frrouting/frr

values/common/kube-system/metallb/values.yaml

@@ -3,20 +3,17 @@ controller:
   logLevel: warn
   strategy:
     type: RollingUpdate
-
   securityContext:
     runAsNonRoot: true
     # nobody
     runAsUser: 65534
     fsGroup: 65534
-
   resources:
     requests:
       cpu: 20m
-      memory: 150Mi
+      memory: 100Mi
     limits:
-      memory: 150Mi
-
+      memory: 100Mi
   livenessProbe:
     enabled: true
     failureThreshold: 3
@@ -40,9 +37,9 @@ speaker:
   resources:
     requests:
       cpu: 30m
-      memory: 350Mi
+      memory: 300Mi
     limits:
-      memory: 350Mi
+      memory: 300Mi
   livenessProbe:
     enabled: true
     failureThreshold: 3

values/common/kube-system/metrics-server/values.gotmpl

@@ -1,5 +1,5 @@
 image:
-  repository: {{ .Values.registry }}/metrics-server/metrics-server
+  repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server
 imagePullSecrets:
   - name: regcred
 apiService:

values/common/kube-system/traefik/values.gotmpl

@@ -1,8 +0,0 @@
-{{- if not (env "HELMFILE_BOOTSTRAP") }}
-deployment:
-  imagePullSecrets:
-    - name: regcred
-
-image:
-  registry: {{ .Values.registry }}/library
-{{- end }}

values/common/kyverno/kyverno/values.gotmpl

@@ -1,7 +0,0 @@
-{{- if not (env "HELMFILE_BOOTSTRAP") }}
-global:
-  image:
-    registry: {{ .Values.registry }}
-  imagePullSecrets:
-    - name: regcred
-{{- end }}

values/common/registry/zot/values.gotmpl

@@ -12,13 +12,13 @@ ingress:
     cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
   pathtype: Prefix
   hosts:
-    - host: {{ .Values.registry_url }}
+    - host: {{ .Values.registry }}
       paths:
         - path: /
   tls:
-    - secretName: {{ .Values.registry_url }}
+    - secretName: {{ .Values.registry }}
       hosts:
-        - {{ .Values.registry_url }}
+        - {{ .Values.registry }}
 service:
   type: ClusterIP
 persistence: true
@@ -28,8 +28,6 @@ pvc:
     velero.io/exclude-from-backup: true
 mountConfig: true
 mountSecret: true
-strategy:
-  type: Recreate
 configFiles:
   config.json: |-
     {
@@ -60,7 +58,7 @@ configFiles:
       "http": {
         "address": "0.0.0.0",
         "port": "5000",
-        "externalUrl": "https://{{ .Values.registry_url }}",
+        "externalUrl": "https://{{ .Values.registry }}",
         "auth": {
           "htpasswd": {
             "path": "/secret/htpasswd"
@@ -94,7 +92,7 @@ configFiles:
         }
       },
       "log": {
-        "level": "warn"
+        "level": "info"
       },
       "extensions": {
         "scrub": {
@@ -114,38 +112,13 @@ configFiles:
           "registries": [
             {
               "urls": [
-                "https://quay.io"
-              ],
-              "content": [
-                {
-                  "prefix": "**",
-                  "destination": "/containers"
-                }
-              ],
-              "onDemand": true,
-              "tlsVerify": true
-            },
-            {
-              "urls": [
-                "https://ghcr.io"
-              ],
-              "content": [
-                {
-                  "prefix": "**",
-                  "destination": "/containers"
-                }
-              ],
-              "onDemand": true,
-              "tlsVerify": true
-            },
-            {
-              "urls": [
+                "https://docker.io/library",
                 "https://docker.io"
               ],
               "content": [
                 {
                   "prefix": "**",
-                  "destination": "/containers"
+                  "destination": "/dockerhub"
                 }
               ],
               "onDemand": true,
@@ -158,7 +131,20 @@ configFiles:
               "content": [
                 {
                   "prefix": "**",
-                  "destination": "/containers"
+                  "destination": "/k8s"
+                }
+              ],
+              "onDemand": true,
+              "tlsVerify": true
+            },
+            {
+              "urls": [
+                "https://quay.io"
+              ],
+              "content": [
+                {
+                  "prefix": "**",
+                  "destination": "/quay"
                 }
               ],
               "onDemand": true,

values/common/values.traefik.yaml

@@ -1,11 +1,13 @@
 globalArguments:
   - "--serversTransport.insecureSkipVerify=true"
   - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
-
 ports:
   web:
     redirections:
       port: websecure
-
 deployment:
   replicas: 2
+  imagePullSecrets:
+    - name: regcred
+image:
+  registry: registry.badhouseplants.net/dockerhub/library

values/etersoft/kube-system/metallb-resources/values.yaml

@@ -1 +0,0 @@
-addresses: 91.232.225.63-91.232.225.63

values/etersoft/kube-system/namespaces/values.yaml

@@ -4,5 +4,3 @@ namespaces:
     defaultRegcred: true
   - name: applications
   - name: platform
-  - name: kyverno
-    defaultRegcred: true

values/etersoft/values.local-path-provisioner.yaml

@@ -0,0 +1,6 @@
+storageClass:
+  create: true
+  defaultClass: true
+  defaultVolumeType: local
+  reclaimPolicy: Delete
+  volumeBindingMode: Immediate

values/etersoft/values.traefik.yaml

@@ -1,8 +1,3 @@
-providers:
-  kubernetesCRD:
-    allowExternalNameServices: true
-    enabled: true
-
 ports:
   openvpn:
     port: 1194
@@ -22,3 +17,7 @@ ports:
       default: true
     exposedPort: 27016
     protocol: TCP
+providers: # @schema additionalProperties: false
+  kubernetesCRD:
+    enabled: true
+    allowExternalNameServices: true