From 652c922b644a833dcbdd2e93e0e699624f618898 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sun, 28 Dec 2025 03:16:49 +0530 Subject: [PATCH 1/9] add helmRepo and helmRelease for prometheus --- .../prometheus/prometheus-release.yml | 27 +++++++++++++++++++ .../monitoring/prometheus/prometheus-repo.yml | 9 +++++++ 2 files changed, 36 insertions(+) create mode 100644 clusters/ipv6/monitoring/prometheus/prometheus-release.yml create mode 100644 clusters/ipv6/monitoring/prometheus/prometheus-repo.yml diff --git a/clusters/ipv6/monitoring/prometheus/prometheus-release.yml b/clusters/ipv6/monitoring/prometheus/prometheus-release.yml new file mode 100644 index 0000000..5078b8c --- /dev/null +++ b/clusters/ipv6/monitoring/prometheus/prometheus-release.yml @@ -0,0 +1,27 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: prometheus + namespace: monitoring +spec: + interval: 6h + chart: + spec: + chart: prometheus + version: "27.52.0" + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + interval: 6h + install: + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + values: + service: + enabled: true + type: ClusterIP diff --git a/clusters/ipv6/monitoring/prometheus/prometheus-repo.yml b/clusters/ipv6/monitoring/prometheus/prometheus-repo.yml new file mode 100644 index 0000000..1546c10 --- /dev/null +++ b/clusters/ipv6/monitoring/prometheus/prometheus-repo.yml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: prometheus-community + namespace: flux-system +spec: + interval: 6h + url: https://prometheus-community.github.io/helm-charts From ec63e1e636a80fb358714f5406796969f90c6caa Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sun, 28 Dec 2025 06:25:49 +0530 Subject: [PATCH 2/9] add .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ddd7229 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/tmp-pod.yml +/Dockerfile From 141e9b9e7a6896537ce43603042c152e0a99ab4e Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sun, 28 Dec 2025 06:26:04 +0530 Subject: [PATCH 3/9] add renovatebot --- .gitea/workflows/renovate.yml | 23 +++++++++++++++++++++++ config.js | 14 ++++++++++++++ renovate.json | 21 +++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 .gitea/workflows/renovate.yml create mode 100644 config.js create mode 100644 renovate.json diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml new file mode 100644 index 0000000..06d258a --- /dev/null +++ b/.gitea/workflows/renovate.yml @@ -0,0 +1,23 @@ +name: renovate + +on: + schedule: + - cron: "@daily" + workflow_dispatch: + +jobs: + renovate: + runs-on: ubuntu-latest + container: + image: renovate/renovate:42.64.1 + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Run Renovate + env: + RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} + GITHUB_COM_TOKEN: ${{ secrets.PAT_TOKEN }} + run: | + renovate diff --git a/config.js b/config.js new file mode 100644 index 0000000..d80ce42 --- /dev/null +++ b/config.js @@ -0,0 +1,14 @@ +module.exports = { + platform: 'gitea', + endpoint: 'https://gitea.akshun-lab.cc/api/v1', + gitAuthor: 'Renovate Bot ', + username: 'renovate', + autodiscover: false, + onboardingConfig: { + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: ['config:recommended'] + }, + optimizeForDisabled: true, + persistRepoData: true, + repositories: ["aggarwalakshun/ipv6-k3s"], +} diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..fe210d7 --- /dev/null +++ b/renovate.json @@ -0,0 +1,21 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ], + "prHourlyLimit": 0, + "ignorePaths": [ + "**/disabled/**", + "**/.gitea/workflows/**" + ], + "flux": { + "managerFilePatterns": [ + "/\\.yml$/" + ] + }, + "kubernetes": { + "managerFilePatterns": [ + "/\\.yml$/" + ] + } +} From 4c1f1c7d51f83957b3007360fbc66975ae26a690 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Sun, 28 Dec 2025 06:26:16 +0530 Subject: [PATCH 4/9] add kubeconform workflow --- .gitea/workflows/kubeconform.yml | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 .gitea/workflows/kubeconform.yml diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml new file mode 100644 index 0000000..f6d0823 --- /dev/null +++ b/.gitea/workflows/kubeconform.yml @@ -0,0 +1,84 @@ +name: Validate Kubernetes Manifests + +on: + push: + paths: + - '**.yml' + - '**.yaml' + - '!.gitea/workflows/**' + - '!clusters/default/system-upgrade/crd.yml' + +jobs: + kubeconform: + runs-on: ubuntu-latest + container: + image: gitea.akshun-lab.cc/aggarwalakshun/kube-tools:1.1.0 + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v47 + with: + files: | + **.yml + !.gitea/workflows/** + !clusters/default/system-upgrade/crd.yml + + - name: Validate Manifests + if: steps.changed-files.outputs.any_changed == 'true' + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} + shell: bash + run: | + set -o pipefail + + declare -A SCHEMA_MAP=( + ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json" + ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json" + ["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json" + ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json" + ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json" + ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" + ["Plan"]="upgrade.cattle.io/plan_v1.json" + ) + + EXIT_CODE=0 + + for file in ${ALL_CHANGED_FILES}; do + [ -z "$file" ] && continue + echo "=== Validating: $file ===" + + yq e -o=json '. as $item ireduce ([]; . + [$item])' "$file" | \ + jq -c '.[] | select(.kind != null)' | \ + while read -r manifest; do + KIND=$(echo "$manifest" | jq -r '.kind // ""') + + if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then + echo "Found $KIND - using custom schema" + SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" + + if ! echo "$manifest" | kubeconform \ + -schema-location "$SCHEMA_URL" \ + -output json \ + -; then + EXIT_CODE=1 + fi + else + echo "Validating with default schemas" + if ! echo "$manifest" | kubeconform \ + -schema-location default \ + -output json \ + -; then + EXIT_CODE=1 + fi + fi + done + + echo "" + done + + exit $EXIT_CODE From 5b371f54cba909dd2512631b97473482716e7b82 Mon Sep 17 00:00:00 2001 From: Akshun Aggarwal Date: Sun, 28 Dec 2025 00:57:04 +0000 Subject: [PATCH 5/9] Delete .gitignore --- .gitignore | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index ddd7229..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/tmp-pod.yml -/Dockerfile From ff813db60b6ee729a523c25c8eb58226f1552ad3 Mon Sep 17 00:00:00 2001 From: Akshun Aggarwal Date: Sun, 28 Dec 2025 00:57:11 +0000 Subject: [PATCH 6/9] Delete renovate.json --- renovate.json | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 renovate.json diff --git a/renovate.json b/renovate.json deleted file mode 100644 index fe210d7..0000000 --- a/renovate.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:recommended" - ], - "prHourlyLimit": 0, - "ignorePaths": [ - "**/disabled/**", - "**/.gitea/workflows/**" - ], - "flux": { - "managerFilePatterns": [ - "/\\.yml$/" - ] - }, - "kubernetes": { - "managerFilePatterns": [ - "/\\.yml$/" - ] - } -} From d502813dd09a6bf6e499b04cc6a8c7bc1b6e8a03 Mon Sep 17 00:00:00 2001 From: Akshun Aggarwal Date: Sun, 28 Dec 2025 00:57:19 +0000 Subject: [PATCH 7/9] Delete config.js --- config.js | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 config.js diff --git a/config.js b/config.js deleted file mode 100644 index d80ce42..0000000 --- a/config.js +++ /dev/null @@ -1,14 +0,0 @@ -module.exports = { - platform: 'gitea', - endpoint: 'https://gitea.akshun-lab.cc/api/v1', - gitAuthor: 'Renovate Bot ', - username: 'renovate', - autodiscover: false, - onboardingConfig: { - $schema: 'https://docs.renovatebot.com/renovate-schema.json', - extends: ['config:recommended'] - }, - optimizeForDisabled: true, - persistRepoData: true, - repositories: ["aggarwalakshun/ipv6-k3s"], -} From 59f45e8082cec7968e1231354e63302cf4f1fbb9 Mon Sep 17 00:00:00 2001 From: Akshun Aggarwal Date: Sun, 28 Dec 2025 00:57:28 +0000 Subject: [PATCH 8/9] Delete .gitea/workflows/renovate.yml --- .gitea/workflows/renovate.yml | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 .gitea/workflows/renovate.yml diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml deleted file mode 100644 index 06d258a..0000000 --- a/.gitea/workflows/renovate.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: renovate - -on: - schedule: - - cron: "@daily" - workflow_dispatch: - -jobs: - renovate: - runs-on: ubuntu-latest - container: - image: renovate/renovate:42.64.1 - - steps: - - name: Checkout repository - uses: actions/checkout@v6 - - - name: Run Renovate - env: - RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} - GITHUB_COM_TOKEN: ${{ secrets.PAT_TOKEN }} - run: | - renovate From 6879bae7717eed75f34dc849fa15613ca1110ed0 Mon Sep 17 00:00:00 2001 From: Akshun Aggarwal Date: Sun, 28 Dec 2025 00:57:34 +0000 Subject: [PATCH 9/9] Delete .gitea/workflows/kubeconform.yml --- .gitea/workflows/kubeconform.yml | 84 -------------------------------- 1 file changed, 84 deletions(-) delete mode 100644 .gitea/workflows/kubeconform.yml diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml deleted file mode 100644 index f6d0823..0000000 --- a/.gitea/workflows/kubeconform.yml +++ /dev/null @@ -1,84 +0,0 @@ -name: Validate Kubernetes Manifests - -on: - push: - paths: - - '**.yml' - - '**.yaml' - - '!.gitea/workflows/**' - - '!clusters/default/system-upgrade/crd.yml' - -jobs: - kubeconform: - runs-on: ubuntu-latest - container: - image: gitea.akshun-lab.cc/aggarwalakshun/kube-tools:1.1.0 - steps: - - name: Checkout code - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - - name: Get changed files - id: changed-files - uses: tj-actions/changed-files@v47 - with: - files: | - **.yml - !.gitea/workflows/** - !clusters/default/system-upgrade/crd.yml - - - name: Validate Manifests - if: steps.changed-files.outputs.any_changed == 'true' - env: - ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} - shell: bash - run: | - set -o pipefail - - declare -A SCHEMA_MAP=( - ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json" - ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json" - ["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json" - ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json" - ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json" - ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" - ["Plan"]="upgrade.cattle.io/plan_v1.json" - ) - - EXIT_CODE=0 - - for file in ${ALL_CHANGED_FILES}; do - [ -z "$file" ] && continue - echo "=== Validating: $file ===" - - yq e -o=json '. as $item ireduce ([]; . + [$item])' "$file" | \ - jq -c '.[] | select(.kind != null)' | \ - while read -r manifest; do - KIND=$(echo "$manifest" | jq -r '.kind // ""') - - if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then - echo "Found $KIND - using custom schema" - SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}" - - if ! echo "$manifest" | kubeconform \ - -schema-location "$SCHEMA_URL" \ - -output json \ - -; then - EXIT_CODE=1 - fi - else - echo "Validating with default schemas" - if ! echo "$manifest" | kubeconform \ - -schema-location default \ - -output json \ - -; then - EXIT_CODE=1 - fi - fi - done - - echo "" - done - - exit $EXIT_CODE