diff --git a/bootstrap/cluster-resources/in-cluster/machineregistration.elemental.yaml b/bootstrap/cluster-resources/in-cluster/machineregistration.elemental.yaml deleted file mode 100644 index ced6625..0000000 --- a/bootstrap/cluster-resources/in-cluster/machineregistration.elemental.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: elemental.cattle.io/v1beta1 -kind: MachineRegistration -metadata: - name: elemental-registration-1 - namespace: fleet-default -# annotations: key: string -# labels: key: string -spec: - machineName: "s-${System Information/SKU Number}" - machineInventoryLabels: - elemental.cattle.io/manufacturer: "${System Information/Manufacturer}" - elemental.cattle.io/productName: "${System Information/Product Name}" - elemental.cattle.io/serialNumber: "${System Information/Serial Number}" - elemental.cattle.io/machineUUID: "${System Information/UUID}" - elemental.cattle.io/cpuTotalCores: "${System Data/CPU/TotalCores}" - elemental.cattle.io/cpuTotalThreads: "${System Data/CPU/TotalThreads}" - elemental.cattle.io/totalMemoryBytes: "${System Data/Memory/TotalPhysicalBytes}" - elemental.cattle.io/numDisks: "${System Data/Storage/TotalDisks}" - elemental.cattle.io/cpuFamily: "${System Data/Processor Information/Family}" - - config: - cloud-config: - users: - - name: root - passwd: $6$rounds=4096$eiYhELdUc5UdA3uR$0PnKGqB6yE1eO9Y7VjcClgF0Ew.u4vuCWcXG/J9TXo6zEGht2zy74wzJ0/FTNuFwNeOOfsx2J3L1ENsdHTNFa1 - - name: davad - passwd: "$6$rounds=4096$aGOOJFIH3nPaWmMD$d6qPla9cmX4kHIPLDK79QnQGUtipxHqWzuXfykWpVJLOy7vpcg8DqHhGS/C6qFKGjlQi1z9Jkj6Nwmd9ANcG61" - sudo: ["ALL=(ALL) NOPASSWD:ALL"] - ssh_authorized_keys: - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoxe01++NcPfnk5809M0mL+76Qn6CwPHCxpWX5yhepM david@tyr - - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqPa07VmSLavCX7+Mh9RhGjUu5q90FF4IA0U0k+Wj5Z davad@eir - - elemental: - install: - device-selector: - - key: Name - operator: In - values: - - /dev/sda - - /dev/vda - - /dev/nvme0 - - key: Size - operator: Gt - values: - - 25Gi - reboot: true - poweroff: false - eject-cd: true - snapshotter: - type: btrfs - reset: - enabled: true - reset-oem: true - reset-persistent: true - poweroff: false - reboot: true diff --git a/bootstrap/crossplane.yaml b/bootstrap/crossplane.yaml deleted file mode 100644 index 868dc44..0000000 --- a/bootstrap/crossplane.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - creationTimestamp: null - name: crossplane - namespace: argocd -spec: - destination: - namespace: argocd - server: https://kubernetes.default.svc - ignoreDifferences: - - group: argoproj.io - jsonPointers: - - /status - kind: Application - project: default - source: - path: bootstrap/crossplane - repoURL: ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git - syncPolicy: - automated: - allowEmpty: true - prune: true - selfHeal: true - syncOptions: - - allowEmpty=true -status: - health: {} - summary: {} - sync: - comparedTo: - destination: {} - source: - repoURL: "" - status: "" diff --git a/bootstrap/crossplane/helm-values.yaml b/bootstrap/crossplane/helm-values.yaml deleted file mode 100644 index fc1f679..0000000 --- a/bootstrap/crossplane/helm-values.yaml +++ /dev/null @@ -1,214 +0,0 @@ -# helm-docs renders these comments into markdown. Use markdown formatting where -# appropiate. -# -# -- The number of Crossplane pod `replicas` to deploy. -replicas: 1 - -# -- The number of Crossplane ReplicaSets to retain. -revisionHistoryLimit: null - -# -- The deployment strategy for the Crossplane and RBAC Manager pods. -deploymentStrategy: RollingUpdate - -image: - # -- Repository for the Crossplane pod image. - repository: xpkg.upbound.io/crossplane/crossplane - # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. - tag: "" - # -- The image pull policy used for Crossplane and RBAC Manager pods. - pullPolicy: IfNotPresent - -# -- Add `nodeSelectors` to the Crossplane pod deployment. -nodeSelector: {} -# -- Add `tolerations` to the Crossplane pod deployment. -tolerations: [] -# -- Add `affinities` to the Crossplane pod deployment. -affinity: {} -# -- Add `topologySpreadConstraints` to the Crossplane pod deployment. -topologySpreadConstraints: [] - -# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`. -hostNetwork: false - -# -- Specify the `dnsPolicy` to be used by the Crossplane pod. -dnsPolicy: "" - -# -- Add custom `labels` to the Crossplane pod deployment. -customLabels: {} - -# -- Add custom `annotations` to the Crossplane pod deployment. -customAnnotations: {} - -serviceAccount: - # -- Specifies whether Crossplane ServiceAccount should be created - create: true - # -- Provide the name of an already created Crossplane ServiceAccount. Required when `serviceAccount.create` is `false` - name: "" - # -- Add custom `annotations` to the Crossplane ServiceAccount. - customAnnotations: {} - -# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod. -leaderElection: true -# -- Add custom arguments to the Crossplane pod. -args: [] - -provider: - # -- A list of Provider packages to install. - packages: - # - ghcr.io/crossplane-contrib/provider-aws-iam:v1.20.1 - - ghcr.io/crossplane-contrib/provider-aws-route53:v1.20.1 - - ghcr.io/crossplane-contrib/provider-aws-s3:v1.20.1 - -configuration: - # -- A list of Configuration packages to install. - packages: [] - -function: - # -- A list of Function packages to install - packages: [] - -# -- The imagePullSecret names to add to the Crossplane ServiceAccount. -imagePullSecrets: [] - -registryCaBundleConfig: - # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. - name: "" - # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. - key: "" - -service: - # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true - customAnnotations: {} - -webhooks: - # -- Enable webhooks for Crossplane and installed Provider packages. - enabled: true - # -- The port the webhook server listens on. - port: "" - -rbacManager: - # -- Deploy the RBAC Manager pod and its required roles. - deploy: true - # -- Don't install aggregated Crossplane ClusterRoles. - skipAggregatedClusterRoles: false - # -- The number of RBAC Manager pod `replicas` to deploy. - replicas: 1 - # -- The number of RBAC Manager ReplicaSets to retain. - revisionHistoryLimit: null - # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod. - leaderElection: true - # -- Add custom arguments to the RBAC Manager pod. - args: [] - # -- Add `nodeSelectors` to the RBAC Manager pod deployment. - nodeSelector: {} - # -- Add `tolerations` to the RBAC Manager pod deployment. - tolerations: [] - # -- Add `affinities` to the RBAC Manager pod deployment. - affinity: {} - # -- Add `topologySpreadConstraints` to the RBAC Manager pod deployment. - topologySpreadConstraints: [] - -packageManager: - # -- Enable automatic dependency version downgrades. This configuration is only used when `--enable-dependency-version-upgrades` flag is passed. - enableAutomaticDependencyDowngrade: false - -# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods. -priorityClassName: "" - -resourcesCrossplane: - limits: - # -- CPU resource limits for the Crossplane pod. - cpu: 500m - # -- Memory resource limits for the Crossplane pod. - memory: 1024Mi - requests: - # -- CPU resource requests for the Crossplane pod. - cpu: 100m - # -- Memory resource requests for the Crossplane pod. - memory: 256Mi - -securityContextCrossplane: - # -- The user ID used by the Crossplane pod. - runAsUser: 65532 - # -- The group ID used by the Crossplane pod. - runAsGroup: 65532 - # -- Enable `allowPrivilegeEscalation` for the Crossplane pod. - allowPrivilegeEscalation: false - # -- Set the Crossplane pod root file system as read-only. - readOnlyRootFilesystem: true - -packageCache: - # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development. - medium: "" - # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory. - sizeLimit: 20Mi - # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume. - pvc: "" - # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume. - configMap: "" - -resourcesRBACManager: - limits: - # -- CPU resource limits for the RBAC Manager pod. - cpu: 100m - # -- Memory resource limits for the RBAC Manager pod. - memory: 512Mi - requests: - # -- CPU resource requests for the RBAC Manager pod. - cpu: 100m - # -- Memory resource requests for the RBAC Manager pod. - memory: 256Mi - -securityContextRBACManager: - # -- The user ID used by the RBAC Manager pod. - runAsUser: 65532 - # -- The group ID used by the RBAC Manager pod. - runAsGroup: 65532 - # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod. - allowPrivilegeEscalation: false - # -- Set the RBAC Manager pod root file system as read-only. - readOnlyRootFilesystem: true - -metrics: - # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods. - enabled: false - # -- The port the metrics server listens on. - port: "" - -readiness: - # -- The port the readyz server listens on. - port: "" - -# -- Add custom environmental variables to the Crossplane pod deployment. -# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. -extraEnvVarsCrossplane: {} - -# -- Add custom environmental variables to the RBAC Manager pod deployment. -# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. -extraEnvVarsRBACManager: {} - -# -- Add a custom `securityContext` to the Crossplane pod. -podSecurityContextCrossplane: {} - -# -- Add a custom `securityContext` to the RBAC Manager pod. -podSecurityContextRBACManager: {} - -# -- Add custom `volumes` to the Crossplane pod. -extraVolumesCrossplane: {} - -# -- Add custom `volumeMounts` to the Crossplane pod. -extraVolumeMountsCrossplane: {} - -# -- To add arbitrary Kubernetes Objects during a Helm Install -extraObjects: [] - # - apiVersion: pkg.crossplane.io/v1alpha1 - # kind: ControllerConfig - # metadata: - # name: aws-config - # annotations: - # eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example - # helm.sh/hook: post-install - # spec: - # podSecurityContext: - # fsGroup: 2000 - diff --git a/bootstrap/crossplane/kustomization.yaml b/bootstrap/crossplane/kustomization.yaml deleted file mode 100644 index 699d7c1..0000000 --- a/bootstrap/crossplane/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -helmCharts: - - name: crossplane - repo: https://charts.crossplane.io/stable - version: 1.19.0 - namespace: crossplane-system - releaseName: crossplane - valuesFile: helm-values.yaml - -resources: - - ns.yaml - - secret-generator.yaml - - providerconfig.yaml diff --git a/bootstrap/crossplane/ns.yaml b/bootstrap/crossplane/ns.yaml deleted file mode 100644 index 12cfd26..0000000 --- a/bootstrap/crossplane/ns.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: crossplane-system - labels: - name: crossplane-system - diff --git a/bootstrap/crossplane/providerconfig.yaml b/bootstrap/crossplane/providerconfig.yaml deleted file mode 100644 index 1f7d8af..0000000 --- a/bootstrap/crossplane/providerconfig.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: aws.upbound.io/v1beta1 -kind: ProviderConfig -metadata: - name: default -spec: - credentials: - source: Secret - secretRef: - namespace: crossplane-system - name: aws-secret - key: creds - - assumeRole: - roleARN: "arn:aws:iam::000654387266:role/crossplane" - diff --git a/bootstrap/crossplane/secret-generator.yaml b/bootstrap/crossplane/secret-generator.yaml deleted file mode 100644 index a677408..0000000 --- a/bootstrap/crossplane/secret-generator.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - # Specify a name - name: crossplane-secrets - annotations: - config.kubernetes.io/function: | - exec: - # if the binary is in your PATH, you can do - path: ksops - # otherwise, path should be relative to manifest files, like - # path: ../../../ksops -files: - - ./secret.aws.enc.yaml diff --git a/bootstrap/crossplane/secret.aws.enc.yaml b/bootstrap/crossplane/secret.aws.enc.yaml deleted file mode 100644 index 53e949a..0000000 --- a/bootstrap/crossplane/secret.aws.enc.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: aws-secret - namespace: crossplane-system -data: - creds: ENC[AES256_GCM,data:/O+OEz7rayPa7zoDbmU8fIrhfQDmDjGpwGZ6TC0+xabwYURlsGRKzPL55vAB2eOhO1yfTCGLFEEm9GMI9niukOqf4O3c31bYXSY4roFna1fpv/fCDimyAQ77vGlYOgKw9agw0xEsqzBvbZdXqTCCVbRbVkWG6zLPkVYEEW12mS0rP3IaavIT+bO/oZSW9IDfA45/RcSXdhxnBe4GWYYYXs0tvLs=,iv:VbBQ1fMe7+wNyTQXTi4yjSBxDMu+EJnuzsNwFOteUso=,tag:pmSkRDxRxcf66miw9w7ypg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaFZEY2NwZVJOLzRrUEtx - andUa2NBQkhlVE5Xd3hmclBkV1Jadkc1RGtjCjVsSWdMSjlNYWNPWmdxZUN2VWVx - eXI5OWtGb0kvRENkNW0xVWZCUEVhdmsKLS0tIG1YUkdUSFBSN3BnRHZYbCtoUTJu - WE04a1llSndObHBEUFVkZldNZ1VPdkkK+BqNrTGwJL7+694cU6hIzh8rBSF2iIKf - btmDLQdRpRglPN4eMKMR/rb00uMF5RHKm8YycTCHfzSOx6ZAEsFQ+w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-01T17:13:29Z" - mac: ENC[AES256_GCM,data:5+iGPT8W9I0GJ3ZEwkVtBDm9EbrYEXQCGwijR5GJUU6HETSS7hvZ7SwEXZmBQ/BGKpPG7nLbggUl4oE8VVD5JeUfMnHs1MzL6RabSRuHZXd3UfrYE7bGxwb0kmosa5/2uvYBz/IR7T1Y6mCG0LY8+CMGw02VdKcyTsvvmex9bmc=,iv:NYB6gLjawUUeV7u0eaScD2eVgPedPpc2bB5KuWR7cxQ=,tag:SKINL/5pZiq3o/qywbuE8Q==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.9.2