Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add e2e workflow to validate flux bootstrap #1636

Merged
merged 3 commits into from
Apr 17, 2023
Merged

feat: add e2e workflow to validate flux bootstrap #1636

merged 3 commits into from
Apr 17, 2023

Conversation

xunholy
Copy link
Owner

@xunholy xunholy commented Apr 17, 2023

No description provided.

@github-actions
Copy link
Contributor

kustomize build Success

Show Output
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: actions-runner-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: backup-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: crossplane-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: game-servers
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: home-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    istio-injection: enabled
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: istio-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: istio-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: kube-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: litmus
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: network-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: nginx-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: observability
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: openebs
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    access: openfaas-system
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas
    role: openfaas-system
  name: openfaas
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas-fn
    role: openfaas-fn
  name: openfaas-fn
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: rook-ceph
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: security-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: traefik-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: velero
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-cpu
  namespace: network-system
spec:
  limits:
  - default:
      cpu: 0.2
    defaultRequest:
      cpu: 0.1
    type: Container
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-memory
  namespace: network-system
spec:
  limits:
  - default:
      memory: 256Mi
    defaultRequest:
      memory: 128Mi
    type: Container
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: actions-runner-controller
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: actions-runner-controller-runners
  namespace: flux-system
spec:
  dependsOn:
  - name: actions-runner-controller
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/runners
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cert-manager-clusterissuers
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/issuers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium
  namespace: flux-system
spec:
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium-config
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflare-ddns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflare-ddns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflared
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflared/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: coredns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/coredns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane-providers
  namespace: flux-system
spec:
  dependsOn:
  - name: crossplane
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/providers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cstor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/cstor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: descheduler
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/descheduler/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex-k8s-authenticator
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex-k8s-authenticator/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: echo-server
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/echo-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: external-dns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/external-dns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flagger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/flagger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-monitoring
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/monitoring
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-notifications
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/notifications
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flux-system-repositories
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/repositories
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-webhooks
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/flux-system/addons/webhooks
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: gatekeeper
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/gatekeeper/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: grafana
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/grafana/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: home-assistant
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/home-assistant/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-base
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/istio-system/istio-base/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-cni
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-base
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istio-cni/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: istio-gateway
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-ingress/istio-gateway/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istiod
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-cni
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istiod/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jaeger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/jaeger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jellyfin
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/jellyfin/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kiali
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kiali/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kube-prometheus-stack
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kube-prometheus-stack/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kyverno
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/kyverno/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: loki
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/loki/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: mayastor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/mayastor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/metallb/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb-config
  namespace: flux-system
spec:
  dependsOn:
  - name: metallb
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/metallb/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: metrics-server
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/metrics-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: mosquitto
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/mosquitto/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: nginx-ingress
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/nginx-ingress/nginx-ingress/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: node-feature-discovery
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/node-feature-discovery/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: oauth2-proxy
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/oauth2-proxy/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: otel
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/otel/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: overseerr
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/overseerr/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: plex
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/plex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: reloader
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/reloader/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: sealed-secrets
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/kube-system/sealed-secrets/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: secret-store-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/secret-store-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: tetragon
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/tetragon/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: tf-controller
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/tf-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: thanos
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/thanos/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: velero
  namespace: flux-system
spec:
  interval: 5m
  path: ./namespaces/base/velero/velero/app
  prune: true
  sourceRef:
    kind: OCIRepository
    name: cluster
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: volsync
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/backup-system/volsync/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: vpa
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/vpa/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: weave-gitops
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/weave-gitops/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: zigbee2mqtt
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/zigbee2mqtt/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: game-servers
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: home-assistant
  namespace: home-system
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 1883
    to:
    - podSelector:
        matchLabels:
          name: mosquitto
  - ports:
    - port: 1900
      protocol: UDP
    - port: 5353
      protocol: UDP
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: istio-ingress
      podSelector:
        matchLabels:
          app: istio-ingressgateway
    ports:
    - port: 8123
    - port: 12321
  podSelector:
    matchLabels:
      name: home-assistant
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: mosquitto
  namespace: home-system
spec:
  egress: []
  ingress:
  - from:
    - podSelector:
        matchLabels:
          name: zigbee2mqtt
    ports:
    - port: 1883
  - from:
    - podSelector:
        matchLabels:
          name: home-assistant
    ports:
    - port: 1883
  podSelector:
    matchLabels:
      name: mosquitto
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: istio-ingressgateway
  namespace: istio-ingress
spec:
  ingress:
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 8443
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: network-system
      podSelector:
        matchLabels:
          app: dex-k8s-authenticator
    ports:
    - port: 8443
  podSelector:
    matchLabels:
      app: istio-ingressgateway
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: nginx-ingress
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: velero
  namespace: velero
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 443
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - ports:
    - port: 5757
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openebs
      podSelector:
        matchLabels:
          name: cvc-operator
  - {}
  podSelector:
    matchLabels:
      name: velero
  policyTypes:
  - Egress

Workflow: Lint, Action: __karancode_kustomize-github-action_2, Build Directory: k8s/namespaces/overlays/cluster-1/

Signed-off-by: Michael Fornaro <[email protected]>
@xunholy xunholy merged commit 0247d91 into main Apr 17, 2023
@xunholy xunholy deleted the e2e branch April 17, 2023 23:28
@github-actions
Copy link
Contributor

kustomize build Success

Show Output
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: actions-runner-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: backup-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: crossplane-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: game-servers
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: home-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    istio-injection: enabled
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: istio-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: istio-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: kube-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: litmus
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: network-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: nginx-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: observability
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: openebs
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    access: openfaas-system
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas
    role: openfaas-system
  name: openfaas
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas-fn
    role: openfaas-fn
  name: openfaas-fn
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: rook-ceph
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: security-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: traefik-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: velero
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-cpu
  namespace: network-system
spec:
  limits:
  - default:
      cpu: 0.2
    defaultRequest:
      cpu: 0.1
    type: Container
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-memory
  namespace: network-system
spec:
  limits:
  - default:
      memory: 256Mi
    defaultRequest:
      memory: 128Mi
    type: Container
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: actions-runner-controller
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: actions-runner-controller-runners
  namespace: flux-system
spec:
  dependsOn:
  - name: actions-runner-controller
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/runners
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cert-manager-clusterissuers
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/issuers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium
  namespace: flux-system
spec:
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium-config
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflare-ddns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflare-ddns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflared
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflared/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: coredns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/coredns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane-providers
  namespace: flux-system
spec:
  dependsOn:
  - name: crossplane
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/providers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cstor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/cstor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: descheduler
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/descheduler/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex-k8s-authenticator
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex-k8s-authenticator/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: echo-server
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/echo-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: external-dns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/external-dns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flagger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/flagger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-monitoring
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/monitoring
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-notifications
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/notifications
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flux-system-repositories
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/repositories
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-webhooks
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/flux-system/addons/webhooks
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: gatekeeper
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/gatekeeper/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: grafana
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/grafana/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: home-assistant
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/home-assistant/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-base
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/istio-system/istio-base/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-cni
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-base
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istio-cni/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: istio-gateway
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-ingress/istio-gateway/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istiod
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-cni
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istiod/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jaeger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/jaeger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jellyfin
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/jellyfin/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kiali
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kiali/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kube-prometheus-stack
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kube-prometheus-stack/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kyverno
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/kyverno/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: loki
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/loki/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: mayastor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/mayastor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/metallb/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb-config
  namespace: flux-system
spec:
  dependsOn:
  - name: metallb
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/metallb/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: metrics-server
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/metrics-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: mosquitto
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/mosquitto/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: nginx-ingress
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/nginx-ingress/nginx-ingress/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: node-feature-discovery
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/node-feature-discovery/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: oauth2-proxy
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/oauth2-proxy/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: otel
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/otel/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: overseerr
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/overseerr/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: plex
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/plex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: reloader
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/reloader/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: sealed-secrets
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/kube-system/sealed-secrets/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: secret-store-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/secret-store-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: tetragon
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/tetragon/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: tf-controller
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/tf-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: thanos
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/thanos/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: velero
  namespace: flux-system
spec:
  interval: 5m
  path: ./namespaces/base/velero/velero/app
  prune: true
  sourceRef:
    kind: OCIRepository
    name: cluster
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: volsync
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/backup-system/volsync/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: vpa
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/vpa/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: weave-gitops
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/weave-gitops/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: zigbee2mqtt
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/zigbee2mqtt/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: game-servers
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: home-assistant
  namespace: home-system
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 1883
    to:
    - podSelector:
        matchLabels:
          name: mosquitto
  - ports:
    - port: 1900
      protocol: UDP
    - port: 5353
      protocol: UDP
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: istio-ingress
      podSelector:
        matchLabels:
          app: istio-ingressgateway
    ports:
    - port: 8123
    - port: 12321
  podSelector:
    matchLabels:
      name: home-assistant
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: mosquitto
  namespace: home-system
spec:
  egress: []
  ingress:
  - from:
    - podSelector:
        matchLabels:
          name: zigbee2mqtt
    ports:
    - port: 1883
  - from:
    - podSelector:
        matchLabels:
          name: home-assistant
    ports:
    - port: 1883
  podSelector:
    matchLabels:
      name: mosquitto
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: istio-ingressgateway
  namespace: istio-ingress
spec:
  ingress:
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 8443
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: network-system
      podSelector:
        matchLabels:
          app: dex-k8s-authenticator
    ports:
    - port: 8443
  podSelector:
    matchLabels:
      app: istio-ingressgateway
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: nginx-ingress
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: velero
  namespace: velero
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 443
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - ports:
    - port: 5757
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openebs
      podSelector:
        matchLabels:
          name: cvc-operator
  - {}
  podSelector:
    matchLabels:
      name: velero
  policyTypes:
  - Egress

Workflow: Lint, Action: __karancode_kustomize-github-action_2, Build Directory: k8s/namespaces/overlays/cluster-1/

@github-actions
Copy link
Contributor

kustomize build Success

Show Output
apiVersion: v1
kind: Namespace
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-tenant
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
    toolkit.fluxcd.io/tenant: kube-guardian
  name: xdp-log
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-reconciler
  namespace: kube-guardian-tenant
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: gotk:kube-guardian-tenant:reconciler
- kind: ServiceAccount
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-tenant-reconciler
  namespace: xdp-log
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: gotk:kube-guardian-tenant:reconciler
- kind: ServiceAccount
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kube-guardian-tenant
  namespace: kube-guardian-tenant
spec:
  interval: 5m
  path: ./k8s/base/kube-guardian
  prune: true
  serviceAccountName: kube-guardian
  sourceRef:
    kind: GitRepository
    name: kube-guardian-tenant
    namespace: flux-system
  wait: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-policy
  namespace: xdp-log
spec:
  egress: []
  ingress: []
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: kube-guardian-tenant
  namespace: flux-system
spec:
  interval: 1m0s
  ref:
    branch: main
  secretRef:
    name: flux-system
  url: https://github.com/kube-guardian/guardian-controller.git

Workflow: Lint, Action: __karancode_kustomize-github-action_3, Build Directory: k8s/tenants/overlays/cluster-1/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant