TESTING

.pre-commit-config.yaml

@@ -21,9 +21,7 @@ repos:
     hooks:
       - id: kubeconform
 
-  # Linting does not work with external values.yaml
-  # TODO: Include url to schema in values.yaml and validate based on that?
-  # - repo: https://github.com/tarioch/flux-check-hook
-  #   rev: v0.8.0
-  #   hooks:
-  #     - id: check-flux-helm-values
+  - repo: https://github.com/tarioch/flux-check-hook
+    rev: v0.8.0
+    hooks:
+      - id: check-flux-helm-values

apps/grafana/release.yaml

@@ -65,12 +65,6 @@ spec:
       enabled: true
       existingSecret: grafana-ldap-toml
 
-    sidecar:
-      datasources:
-        enabled: true
-        searchNamespace: ALL
-        labelValue: "1"
-
     extraSecretMounts:
       - name: postgres-app-mount
         secretName: postgres-app

apps/whoami.yaml

@@ -49,7 +49,7 @@ apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: whoami
-  namespace: default
+  namespace: defaulti
 spec:
   entryPoints:
     - websecure

clusters/titan.lan.huizinga.dev/apps/siranga.yaml

@@ -4,7 +4,7 @@ metadata:
   name: siranga
   namespace: flux-system
 spec:
-  interval: 15m0s
+  interval: 1m0s
   url: oci://git.huizinga.dev/dreaded_x/siranga/manifests
   ref:
     tag: latest
@@ -36,20 +36,6 @@ spec:
     secretRef:
       name: sops-gpg
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
-  name: siranga
-  namespace: flux-system
-spec:
-  type: generic
-  secretRef:
-    name: receiver
-  resources:
-    - apiVersion: source.toolkit.fluxcd.io/v1beta2
-      kind: OCIRepository
-      name: siranga
----
 apiVersion: notification.toolkit.fluxcd.io/v1beta3
 kind: Provider
 metadata:

clusters/titan.lan.huizinga.dev/flux-system/ingress.yaml

@@ -1,23 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: flux-webhook
-  namespace: flux-system
-  annotations:
-    traefik.ingress.kubernetes.io/router.entryPoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-spec:
-  ingressClassName: traefik
-  rules:
-    - host: flux.${domain}
-      http:
-        paths:
-          - backend:
-              service:
-                name: webhook-receiver
-                port:
-                  number: 80
-            path: /
-            pathType: Prefix
-  tls:
-    - secretName: ${domain//./-}-tls

clusters/titan.lan.huizinga.dev/flux-system/kustomization.yaml

@@ -1,11 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./gotk-components.yaml
-  - ./gotk-sync.yaml
-  - ./config-map-domain-vars.yaml
-  - ./ingress.yaml
-  - ./secret-receiver.yaml
-  - ./receiver.yaml
+  - gotk-components.yaml
+  - gotk-sync.yaml
 patches:
-  - path: patches.yaml
+  - path: sops-overlay.yaml

clusters/titan.lan.huizinga.dev/flux-system/receiver.yaml

@@ -1,16 +0,0 @@
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
-  name: flux-infra
-  namespace: flux-system
-spec:
-  type: github
-  events:
-    - "ping"
-    - "push"
-  secretRef:
-    name: receiver
-  resources:
-    - apiVersion: source.toolkit.fluxcd.io/v1
-      kind: GitRepository
-      name: flux-system

clusters/titan.lan.huizinga.dev/flux-system/secret-receiver.yaml

@@ -1,54 +0,0 @@
-apiVersion: v1
-data:
-    token: ENC[AES256_GCM,data:Nd4t7LkkCe9pd/ilITlwZpmpF+oRmMfIbgbEiAzTK+OWUb4q37bBzGvhc3V70soS7XmpU13lJwo=,iv:qMoW9dsDauSEsw7GjuCSmsCy3k54jt5x/nngSdGiErg=,tag:ZTkP8IGT+DOJLfO+gIX2xg==,type:str]
-kind: Secret
-metadata:
-    name: receiver
-    namespace: flux-system
-sops:
-    lastmodified: "2025-04-23T17:01:23Z"
-    mac: ENC[AES256_GCM,data:blRYui9FBvet9nuOUEPaMLLzD6CvX7pDZQEtQV5jLfKqLWEBFXUA13zqTrxtH1slGOzif1xshGqjOgsxREvEdb4Y8uSfoWSPuhkPI4WuRESjyYsVHUlP0fOIdE/CNc/xT4wTxxsvZ46ShGCMZ/QN29XsQ04nwHaEsTmYMqtgsBM=,iv:Km0FIruKN+N0Hsat4QaTBCCAHMQz5IiYkTKG2IGILUI=,tag:A1v4kEs46vz2Cm9ZN5Qw1g==,type:str]
-    pgp:
-        - created_at: "2025-04-23T17:01:23Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA7pKPTYH5bqOARAAwZ69AwI2iTOboLpzZmW41EngGkhPKGghGFssiyfWbXqR
-            dtNG+wG371TF9nUMoLagJEqTUGRVX8xznG7R68QhVd85C1iswrNJjZ55nnJKf0IN
-            aRcLp3xsZuWPefOFadaJglRtgLnmCtPNur1TmPXR4V94ycOe1wBTSbvheTs73h6M
-            LBfRBruv2ttJsrcmI2az57KgOrIQnPu/z/NSEbc2GM3CU7/Z9ChWt+b5WEyv/7Sp
-            Sp0ohmC9HputBFGueC6Hw08+152C8yn3BpJhMhiWcCEryNiwKawf/n2UFJ8gk86/
-            5CkRX1CWRtz8nRIfmiwU5IBd5aMXhK684/1lTtdshHGEhSbaGA9N6lK70vdrfVl+
-            euaQkqyCy2sFkhz0EvcK+PTGxnueQ4UuO01l5yRG/ZUdjzYVh9fpx3RoMnJaBctx
-            l63LUG+xXSwR0xy4JIkrWyFDwIyGAebxbtQ8QUeLkmMzHyUx8tOL0qfKd8qkEFwg
-            eJWh0guYllSldgP5h7bJXOTej3ZrP9yC1WY3z2wHu+415/eCpwucFCu/A5QnJXnA
-            YLTE2CIwdDpj5XjjwQwmTNpBgfQ/csHJua40CURJbsYhk4HfqbHNdjEc5kkem/3L
-            PrtA/d59iwy3Vjkn1xmrcX+od3qXRFVDwMjaCleAXi3dnsfN619j8PrZh2bkUyHU
-            aAEJAhD1hSP/yZbfctLVNBCXT3HE8bLlAp82zYsqwx7UJWOhv4saodU1Zm13CWdk
-            nlbN8v3w5o19Xo85rt4YB091dGliTAAQ2CfvsCLRO4ZjO6N2F4KSCSTO0jLSJkce
-            hly9/ZsJAtXB
-            =GCZA
-            -----END PGP MESSAGE-----
-          fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
-        - created_at: "2025-04-23T17:01:23Z"
-          enc: |-
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA51kG++kLewoARAA5IO7TXG5xkv+mlSwFBDbldn5jPy9E1+HbZHp+4CmRquI
-            ONPEeDZgh3n+Fr87OMUKMKfgdEpjdE+l80rCmF7zgaVNqLscRcLJ17k14XfbpsrG
-            wsp5gsvymGh6sllUopetugvzd6gdxEianuhKU6DYJMM+X/nPTDsa5wHazRzPQxS/
-            8zp9tlPWt0HkZelBKXmLoYofZBakZOqZstQvhB0SSjC0BVpQN5WIfh1ES6uoBxhY
-            ddA0R34r1jwXWDE2UqD1Rx12H3TzUxdPGGw5rQKsEZSuEwxfxqjUAsn29ARR88qU
-            FlvSsy+FW7/6HeTcxwS1IMyZfNwRKQYLkzcwqf+OsrrjqTSBPCt8rcMoDVH3vxdf
-            wazu/vqoM1mwkUlogEF/M/SITEO9nJzrkAihAr6OJgfTJqi8RJffxoXQ8gAfan2J
-            wYMkcTxPNnskyZMUr2onotdnqdVSMgR2vwnsvIfSWUSx4eMpK8wO2xQm60hAXNHx
-            QCVcTz7sMDu6nD3xsvJs5D67YnkrLuqnuNeHQqSsREPv132kKIpEhAZop0MYk8ld
-            798jafK8xCzasbIZqDRzSqUUK/Z/J4EN8A4zRY5EtcbXdKHpKkUYuX/Sb7y2FAQR
-            JMV3uqLxJoz4mqUM0VJBt77Del5YQ5LeqE8aHMBDNtfjAdmK/2xg7BuGuromZYzS
-            XgFxwGfX791vSkUJ/z+7Nf3QmAKBXOuEYaYJbcZ5pFbKKdcfI8iEfL7utVQ59U2k
-            4BLB7aChrp8J795YQna+YgPybK5NR00FX6qLJiZAp56MdcvncJ8s42/epRWRusk=
-            =8ak0
-            -----END PGP MESSAGE-----
-          fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
-    encrypted_regex: ^(data|stringData)$
-    version: 3.10.1

clusters/titan.lan.huizinga.dev/flux-system/sops-overlay.yaml

@@ -10,7 +10,3 @@ spec:
     provider: sops
     secretRef:
       name: sops-gpg
-  postBuild:
-    substituteFrom:
-      - kind: ConfigMap
-        name: domain-vars

clusters/titan.lan.huizinga.dev/infra/akri.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/akri/akri
+  path: ./infra/akri
   prune: true
   timeout: 2m
   sourceRef:

clusters/titan.lan.huizinga.dev/infra/authelia-controller.yaml

@@ -4,7 +4,7 @@ metadata:
   name: authelia-controller
   namespace: flux-system
 spec:
-  interval: 15m0s
+  interval: 1m0s
   url: oci://git.huizinga.dev/dreaded_x/authelia-controller/manifests
   ref:
     tag: edge
@@ -23,20 +23,6 @@ spec:
     name: authelia-controller
   wait: true
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
-  name: authelia-controller
-  namespace: flux-system
-spec:
-  type: generic
-  secretRef:
-    name: receiver
-  resources:
-    - apiVersion: source.toolkit.fluxcd.io/v1beta2
-      kind: OCIRepository
-      name: authelia-controller
----
 apiVersion: notification.toolkit.fluxcd.io/v1beta3
 kind: Provider
 metadata:

clusters/titan.lan.huizinga.dev/infra/authelia.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/authelia/authelia
+  path: ./infra/authelia
   dependsOn:
     - name: traefik
     - name: cnpg

clusters/titan.lan.huizinga.dev/infra/cert-manager.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/cert-manager/cert-manager
+  path: ./infra/cert-manager
   prune: true
   timeout: 2m
   sourceRef:

clusters/titan.lan.huizinga.dev/infra/cnpg.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/cnpg/cnpg
+  path: ./infra/cnpg
   dependsOn:
     - name: topolvm
   prune: true

clusters/titan.lan.huizinga.dev/infra/kube-vip.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/kube-vip/kube-vip
+  path: ./infra/kube-vip
   dependsOn:
     - name: kyverno-policies
   prune: true

clusters/titan.lan.huizinga.dev/infra/kustomization.yaml

@@ -1,21 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - ./../../../infra/akri
-  - ./../../../infra/authelia
-  - ./../../../infra/cert-manager
-  - ./../../../infra/cnpg
-  - ./../../../infra/descheduler.yaml
-  - ./../../../infra/dragonflydb.yaml
-  - ./../../../infra/external-snapshotter.yaml
-  - ./../../../infra/intel-device-plugins.yaml
-  - ./../../../infra/kube-vip
-  - ./../../../infra/kyverno
-  - ./../../../infra/lldap
-  - ./../../../infra/loki
-  - ./../../../infra/node-feature-discovery
-  - ./../../../infra/rook-ceph
-  - ./../../../infra/topolvm
-  - ./../../../infra/traefik
-  - ./../../../infra/velero

clusters/titan.lan.huizinga.dev/infra/kyverno-policies.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/kyverno/kyverno-policies
+  path: ./infra/kyverno-policies
   dependsOn:
     - name: kyverno
   prune: true

clusters/titan.lan.huizinga.dev/infra/kyverno.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/kyverno/kyverno
+  path: ./infra/kyverno
   prune: true
   timeout: 2m
   sourceRef:

clusters/titan.lan.huizinga.dev/infra/letsencrypt.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/cert-manager/letsencrypt
+  path: ./infra/letsencrypt
   dependsOn:
     - name: cert-manager
   prune: true

clusters/titan.lan.huizinga.dev/infra/lldap-controller.yaml

@@ -4,7 +4,7 @@ metadata:
   name: lldap-controller
   namespace: flux-system
 spec:
-  interval: 15m0s
+  interval: 1m0s
   url: oci://git.huizinga.dev/dreaded_x/lldap-controller/manifests
   ref:
     tag: edge
@@ -23,20 +23,6 @@ spec:
     name: lldap-controller
   wait: true
 ---
-apiVersion: notification.toolkit.fluxcd.io/v1
-kind: Receiver
-metadata:
-  name: lldap-controller
-  namespace: flux-system
-spec:
-  type: generic
-  secretRef:
-    name: receiver
-  resources:
-    - apiVersion: source.toolkit.fluxcd.io/v1beta2
-      kind: OCIRepository
-      name: lldap-controller
----
 apiVersion: notification.toolkit.fluxcd.io/v1beta3
 kind: Provider
 metadata:

clusters/titan.lan.huizinga.dev/infra/lldap.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/lldap/lldap
+  path: ./infra/lldap
   dependsOn:
     - name: traefik
     - name: cnpg

clusters/titan.lan.huizinga.dev/infra/node-feature-discovery-rules.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/node-feature-discovery/node-feature-discovery-rules
+  path: ./infra/node-feature-discovery-rules
   prune: true
   timeout: 2m
   sourceRef:

clusters/titan.lan.huizinga.dev/infra/node-feature-discovery.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/node-feature-discovery/node-feature-discovery
+  path: ./infra/node-feature-discovery
   prune: true
   timeout: 2m
   sourceRef:

clusters/titan.lan.huizinga.dev/infra/rook-ceph-cluster.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/rook-ceph/rook-ceph-cluster
+  path: ./infra/rook-ceph-cluster
   dependsOn:
     - name: rook-ceph
   prune: true

clusters/titan.lan.huizinga.dev/infra/rook-ceph.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/rook-ceph/rook-ceph
+  path: ./infra/rook-ceph
   prune: true
   timeout: 2m
   sourceRef:

clusters/titan.lan.huizinga.dev/infra/topolvm.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/topolvm/topolvm
+  path: ./infra/topolvm
   dependsOn:
     - name: cert-manager
   prune: true

clusters/titan.lan.huizinga.dev/infra/traefik-middleware.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/traefik/traefik-middleware
+  path: ./infra/traefik-middleware
   dependsOn:
     - name: traefik
   prune: true

clusters/titan.lan.huizinga.dev/infra/traefik.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/traefik/traefik
+  path: ./infra/traefik
   dependsOn:
     - name: letsencrypt
   prune: true

clusters/titan.lan.huizinga.dev/infra/velero.yaml

@@ -7,7 +7,7 @@ metadata:
     alert: flux-infra
 spec:
   interval: 15m
-  path: ./infra/velero/velero
+  path: ./infra/velero
   dependsOn:
     - name: external-snapshotter
   prune: true

infra/akri/akri/kustomization.yaml

@@ -1,15 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: akri
-resources:
-  - ./namespace.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: akri-values
-    files:
-      - ./values.yaml

infra/akri/kustomization.yaml

@@ -1,4 +1,15 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: akri
 resources:
-  - ./akri.yaml
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: akri-values
+    files:
+      - ./values.yaml

infra/authelia/authelia/kustomization.yaml

@@ -1,18 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: authelia
-resources:
-  - ./namespace.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-  - ./service-user.yaml
-  - ../../../common/postgres
-  - ../../../common/dragonflydb
-
-configurations:
-  - ../../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: authelia-values
-    files:
-      - ./values.yaml

infra/authelia/kustomization.yaml

@@ -1,5 +1,18 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: authelia
 resources:
-  - ./authelia-controller.yaml
-  - ./authelia.yaml
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+  - ./service-user.yaml
+  - ../../common/postgres
+  - ../../common/dragonflydb
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: authelia-values
+    files:
+      - ./values.yaml

infra/cert-manager/cert-manager/kustomization.yaml

@@ -1,15 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: cert-manager
-resources:
-  - ./namespace.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: cert-manager-values
-    files:
-      - ./values.yaml

infra/cert-manager/kustomization.yaml

@@ -1,5 +1,15 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: cert-manager
 resources:
-  - ./cert-manager.yaml
-  - ./letsencrypt.yaml
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: cert-manager-values
+    files:
+      - ./values.yaml

infra/cnpg/cnpg/kustomization.yaml

@@ -1,14 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: cnpg-system
-resources:
-  - ./namespace.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-configurations:
-  - ../../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: cnpg-values
-    files:
-      - ./values.yaml

infra/cnpg/kustomization.yaml

@@ -1,4 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: cnpg-system
 resources:
-  - ./cnpg.yaml
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: cnpg-values
+    files:
+      - ./values.yaml

infra/kube-vip/kube-vip/kustomization.yaml

@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kube-system
-resources:
-  - ./service-account.yaml
-  - ./cluster-role.yaml
-  - ./cluster-role-binding.yaml
-  - ./daemon-set.yaml
-
-  - https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/refs/tags/v0.0.11/manifest/kube-vip-cloud-controller.yaml
-  - ./config-map-kubevip.yaml

infra/kube-vip/kustomization.yaml

@@ -1,4 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: kube-system
 resources:
-  - ./kube-vip.yaml
+  - ./service-account.yaml
+  - ./cluster-role.yaml
+  - ./cluster-role-binding.yaml
+  - ./daemon-set.yaml
+
+  - https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/refs/tags/v0.0.11/manifest/kube-vip-cloud-controller.yaml
+  - ./config-map-kubevip.yaml

infra/kyverno/kustomization.yaml

@@ -1,5 +1,15 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: kyverno
 resources:
-  - ./kyverno-policies.yaml
-  - ./kyverno.yaml
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
+
+configurations:
+  - ../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: kyverno-values
+    files:
+      - ./values.yaml

infra/kyverno/kyverno/kustomization.yaml

@@ -1,15 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kyverno
-resources:
-  - ./namespace.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: kyverno-values
-    files:
-      - ./values.yaml

infra/lldap/kustomization.yaml

@@ -1,5 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: lldap
 resources:
-  - ./lldap-controller.yaml
-  - ./lldap.yaml
+  - ./namespace.yaml
+  - ./secret-lldap-credentials.yaml
+  - ./deployment.yaml
+  - ./service.yaml
+  - ./ingress-route.yaml
+  - ../../common/postgres

infra/lldap/lldap/kustomization.yaml

@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: lldap
-resources:
-  - ./namespace.yaml
-  - ./secret-lldap-credentials.yaml
-  - ./deployment.yaml
-  - ./service.yaml
-  - ./ingress-route.yaml
-  - ../../../common/postgres

infra/loki/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./loki.yaml
-  - ./promtail.yaml

infra/loki/loki.yaml

@@ -1,18 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: loki
-  namespace: flux-system
-  labels:
-    alert: flux-infra
-spec:
-  interval: 15m
-  path: ./infra/loki/loki
-  dependsOn:
-    - name: rook-ceph
-  prune: true
-  timeout: 2m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  wait: true

infra/loki/loki/helm-release.yaml

@@ -1,18 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: loki
-spec:
-  chart:
-    spec:
-      chart: loki
-      reconcileStrategy: ChartVersion
-      sourceRef:
-        kind: HelmRepository
-        name: grafana
-      version: 6.29.0
-  interval: 15m
-  timeout: 5m
-  valuesFrom:
-    - kind: ConfigMap
-      name: loki-values

infra/loki/loki/helm-repository.yaml

@@ -1,7 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: grafana
-spec:
-  interval: 15m
-  url: https://grafana.github.io/helm-charts

infra/loki/loki/kustomization.yaml

@@ -1,22 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: loki
-resources:
-  - ./namespace.yaml
-  - ./object-bucket-claim.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
-
-configurations:
-  - ../../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: loki-values
-    files:
-      - ./values.yaml
-  - name: grafana-datasource
-    options:
-      labels:
-        grafana_datasource: "1"
-    files:
-      - ./loki-datasource.yaml

infra/loki/loki/loki-datasource.yaml

@@ -1,8 +0,0 @@
-apiVersion: 1
-datasources:
-  - name: Loki
-    type: loki
-    access: proxy
-    url: http://loki-gateway.loki.svc.cluster.local
-    uid: "loki"
-    jsonData: {}

infra/loki/loki/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: loki

infra/loki/loki/object-bucket-claim.yaml

@@ -1,7 +0,0 @@
-apiVersion: objectbucket.io/v1alpha1
-kind: ObjectBucketClaim
-metadata:
-  name: loki-bucket
-spec:
-  generateBucketName: loki
-  storageClassName: ceph-bucket

infra/loki/loki/values.yaml

@@ -1,75 +0,0 @@
-loki:
-  auth_enabled: false
-
-  schemaConfig:
-    configs:
-      - from: "2024-04-01"
-        store: tsdb
-        object_store: s3
-        schema: v13
-        index:
-          prefix: index_
-          period: 24h
-
-  limits_config:
-    split_queries_by_interval: "1h"
-    retention_period: 672h # 28 days retention
-  query_scheduler:
-    max_outstanding_requests_per_tenant: 2048
-
-  storage:
-    type: s3
-    bucketNames:
-      chunks: "${BUCKET_NAME}"
-      ruler: "${BUCKET_NAME}"
-      admin: "${BUCKET_NAME}"
-    s3:
-      # s3 URL can be used to specify the endpoint, access key, secret key, and bucket name this works well for S3 compatible storages or if you are hosting Loki on-premises and want to use S3 as the storage backend. Either use the s3 URL or the individual fields below (AWS endpoint, region, secret).
-      # s3: s3://access_key:secret_access_key@custom_endpoint/bucket_name
-      # AWS endpoint URL
-      endpoint: "${BUCKET_HOST}"
-      # AWS region where the S3 bucket is located
-      region: "${BUCKET_REGION}"
-      # AWS secret access key
-      secretAccessKey: "${AWS_SECRET_ACCESS_KEY}"
-      # AWS access key ID
-      accessKeyId: "${AWS_ACCESS_KEY_ID}"
-      # AWS signature version (e.g., v2 or v4)
-      # signatureVersion: <your-signature-version>
-      # Forces the path style for S3 (true/false)
-      s3ForcePathStyle: true
-      # Allows insecure (HTTP) connections (true/false)
-      insecure: true
-      # HTTP configuration settings
-      # http_config: {}
-
-backend:
-  replicas: 2
-
-  extraArgs:
-    - -config.expand-env=true
-  extraEnvFrom:
-    - secretRef:
-        name: loki-bucket
-    - configMapRef:
-        name: loki-bucket
-read:
-  replicas: 2
-
-  extraArgs:
-    - -config.expand-env=true
-  extraEnvFrom:
-    - secretRef:
-        name: loki-bucket
-    - configMapRef:
-        name: loki-bucket
-write:
-  replicas: 2
-
-  extraArgs:
-    - -config.expand-env=true
-  extraEnvFrom:
-    - secretRef:
-        name: loki-bucket
-    - configMapRef:
-        name: loki-bucket

infra/loki/promtail.yaml

@@ -1,18 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: promtail
-  namespace: flux-system
-  labels:
-    alert: flux-infra
-spec:
-  interval: 15m
-  path: ./infra/loki/promtail
-  dependsOn:
-    - name: loki
-  prune: true
-  timeout: 2m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  wait: true

infra/loki/promtail/helm-release.yaml

@@ -1,18 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: promtail
-spec:
-  chart:
-    spec:
-      chart: promtail
-      reconcileStrategy: ChartVersion
-      sourceRef:
-        kind: HelmRepository
-        name: grafana
-      version: 6.16.6
-  interval: 15m
-  timeout: 5m
-  valuesFrom:
-    - kind: ConfigMap
-      name: promtail-values

infra/loki/promtail/kustomization.yaml

@@ -1,13 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: loki
-resources:
-  - ./helm-release.yaml
-
-configurations:
-  - ../../../common/name-reference/helm-release.yaml
-
-configMapGenerator:
-  - name: promtail-values
-    files:
-      - ./values.yaml

infra/loki/promtail/values.yaml

@@ -1,14 +0,0 @@
-initContainer:
-  # -- Specifies whether the init container for setting inotify max user instances is to be enabled
-  - name: init
-    # -- Docker registry, image and tag for the init container image
-    image: docker.io/busybox:1.33
-    # -- Docker image pull policy for the init container image
-    imagePullPolicy: IfNotPresent
-    # -- The inotify max user instances to configure
-    command:
-      - sh
-      - -c
-      - sysctl -w fs.inotify.max_user_instances=512
-    securityContext:
-      privileged: true