kacerr/home-kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gitops: assorted leftovers and fixes

Browse Source
This commit is contained in:
Jan Novak
2026-01-14 14:49:54 +01:00
parent 76e3ff9d03
commit 36f447c39c
6 changed files with 46 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gitops/home-kubernetes/external-secrets/cloudsecretstore-vault.yaml
View File

@@ -6,13 +6,13 @@ metadata:
spec:
provider:
vault:
server: "https://vault.hrajfrisbee.cz:8200"
server: "https://vault.hrajfrisbee.cz"
path: "secret"
version: "v2"
auth:
appRole:
path: "approle"
roleId: "8833d0f8-d35d-d7ea-658b-c27837d121ab" # or reference a secret
roleId: "864e352d-2064-2bf9-2c73-dbd676a95368" # or reference a secret
secretRef:
name: vault-approle
key: secret-id

4
gitops/home-kubernetes/external-secrets/secret-approle.yaml
View File

@@ -6,5 +6,5 @@ metadata:
annotations:
kustomize.toolkit.fluxcd.io/reconcile: disabled
type: Opaque
data:
secret-id: # --- find me in keepass bro ---
stringData:
secret-id: --- fill in the secret_id ---

2
gitops/home-kubernetes/kube-system-overrides/configmap_coredns.yaml
View File

@@ -17,7 +17,7 @@ data:
ttl 30
}
hosts {
192.168.0.30 vault.hrajfrisbee.cz
# 192.168.0.30 vault.hrajfrisbee.cz
fallthrough
}
prometheus :9153

24
gitops/home-kubernetes/tetragon/helmrelease.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: tetragon
namespace: kube-system
spec:
interval: 1h
chart:
spec:
chart: tetragon
version: "1.6.0"
sourceRef:
kind: HelmRepository
name: cilium
namespace: flux-system
values:
export:
stdout:
enabledEvents:
- PROCESS_EXEC
- PROCESS_EXIT
- PROCESS_TRACEPOINT # required for oom tracepoint
tetragon:
btf: /sys/kernel/btf/vmlinux

16
gitops/home-kubernetes/tetragon/tracing_policy-oomkill.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: oom-kill
spec:
tracepoints:
- subsystem: oom
# event: oom_kill
event: mark_victim
args:
- index: 4
type: int32
label: killed_pid
- index: 5
type: string
label: killed_comm