gitops: assorted leftovers and fixes

2026-01-14 14:49:54 +01:00
parent 76e3ff9d03
commit 36f447c39c
6 changed files with 46 additions and 6 deletions
--- a/gitops/home-kubernetes/external-secrets/cloudsecretstore-vault.yaml
+++ b/gitops/home-kubernetes/external-secrets/cloudsecretstore-vault.yaml
@@ -6,13 +6,13 @@ metadata:
 spec:
  provider:
    vault:
-      server: "https://vault.hrajfrisbee.cz:8200"
+      server: "https://vault.hrajfrisbee.cz"
      path: "secret"
      version: "v2"
      auth:
        appRole:
          path: "approle"
-          roleId: "8833d0f8-d35d-d7ea-658b-c27837d121ab"  # or reference a secret
+          roleId: "864e352d-2064-2bf9-2c73-dbd676a95368"  # or reference a secret
          secretRef:
            name: vault-approle
            key: secret-id
--- a/gitops/home-kubernetes/external-secrets/secret-approle.yaml
+++ b/gitops/home-kubernetes/external-secrets/secret-approle.yaml
@@ -6,5 +6,5 @@ metadata:
  annotations:
    kustomize.toolkit.fluxcd.io/reconcile: disabled  
 type: Opaque
-data:
+stringData:
-  secret-id: # --- find me in keepass bro ---
+  secret-id: --- fill in the secret_id ---
--- a/gitops/home-kubernetes/kube-system-overrides/configmap_coredns.yaml
+++ b/gitops/home-kubernetes/kube-system-overrides/configmap_coredns.yaml
@@ -17,7 +17,7 @@ data:
           ttl 30
        }
        hosts {
-           192.168.0.30 vault.hrajfrisbee.cz
+           # 192.168.0.30 vault.hrajfrisbee.cz
           fallthrough
        }        
        prometheus :9153
--- a/gitops/home-kubernetes/tetragon/helmrelease.yaml
+++ b/gitops/home-kubernetes/tetragon/helmrelease.yaml
@@ -0,0 +1,24 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: tetragon
  namespace: kube-system
 spec:
  interval: 1h
  chart:
    spec:
      chart: tetragon
      version: "1.6.0"
      sourceRef:
        kind: HelmRepository
        name: cilium
        namespace: flux-system
  values:
    export:
      stdout:
        enabledEvents:
          - PROCESS_EXEC
          - PROCESS_EXIT
          - PROCESS_TRACEPOINT # required for oom tracepoint
    tetragon:
      btf: /sys/kernel/btf/vmlinux
--- a/gitops/home-kubernetes/tetragon/tracing_policy-oomkill.yaml
+++ b/gitops/home-kubernetes/tetragon/tracing_policy-oomkill.yaml
@@ -0,0 +1,16 @@
 apiVersion: cilium.io/v1alpha1
 kind: TracingPolicy
 metadata:
  name: oom-kill
 spec:
  tracepoints:
    - subsystem: oom
      # event: oom_kill
      event: mark_victim
      args:
        - index: 4
          type: int32
          label: killed_pid
        - index: 5
          type: string
          label: killed_comm