diff --git a/bootstrap/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml b/bootstrap/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml index 633b9a4..daa867a 100644 --- a/bootstrap/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml +++ b/bootstrap/inventory/prod/group_vars/k8s-cluster/k8s-cluster.yml @@ -11,18 +11,18 @@ kube_kubeadm_apiserver_extra_args: # the kubernetes normally puts in /srv/kubernetes. # This puts them in a sane location and namespace. # Editing those values will almost surely break something. -kube_config_dir: /etc/kubernetes -kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" -kube_manifest_dir: "{{ kube_config_dir }}/manifests" +# kube_config_dir: /etc/kubernetes +# kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" +# kube_manifest_dir: "{{ kube_config_dir }}/manifests" -# This is where all the cert scripts and certs will be located -kube_cert_dir: "{{ kube_config_dir }}/ssl" +# # This is where all the cert scripts and certs will be located +# kube_cert_dir: "{{ kube_config_dir }}/ssl" -# This is where all of the bearer tokens will be stored -kube_token_dir: "{{ kube_config_dir }}/tokens" +# # This is where all of the bearer tokens will be stored +# kube_token_dir: "{{ kube_config_dir }}/tokens" -# This is where to save basic auth file -kube_users_dir: "{{ kube_config_dir }}/users" +# # This is where to save basic auth file +# kube_users_dir: "{{ kube_config_dir }}/users" kube_api_anonymous_auth: true @@ -32,21 +32,21 @@ kube_version: v1.27.10 # kubernetes image repo define #kube_image_repo: "k8s.gcr.io" -# Where the binaries will be downloaded. -# Note: ensure that you've enough disk space (about 1G) -local_release_dir: "/tmp/releases" -# Random shifts for retrying failed ops like pushing/downloading -retry_stagger: 5 +# # Where the binaries will be downloaded. +# # Note: ensure that you've enough disk space (about 1G) +# local_release_dir: "/tmp/releases" +# # Random shifts for retrying failed ops like pushing/downloading +# retry_stagger: 5 -# This is the group that the cert creation scripts chgrp the -# cert files to. Not really changeable... -kube_cert_group: kube-cert +# # This is the group that the cert creation scripts chgrp the +# # cert files to. Not really changeable... +# kube_cert_group: kube-cert -# Cluster Loglevel configuration -kube_log_level: 2 +# # Cluster Loglevel configuration +# kube_log_level: 2 -# Directory where credentials will be stored -credentials_dir: "{{ inventory_dir }}/credentials" +# # Directory where credentials will be stored +# credentials_dir: "{{ inventory_dir }}/credentials" # Users to create for basic auth in Kubernetes API via HTTP # Optionally add groups for user @@ -93,28 +93,28 @@ kube_network_plugin: flannel #kube_network_plugin: calico -# Setting multi_networking to true will install Multus: https://github.com/intel/multus-cni -kube_network_plugin_multus: false +# # Setting multi_networking to true will install Multus: https://github.com/intel/multus-cni +# kube_network_plugin_multus: false -# Kubernetes internal network for services, unused block of space. -kube_service_addresses: 10.233.0.0/18 +# # Kubernetes internal network for services, unused block of space. +# kube_service_addresses: 10.233.0.0/18 # internal network. When used, it will assign IP # addresses from this range to individual pods. # This network must be unused in your network infrastructure! kube_pods_subnet: 10.233.64.0/18 -# internal network node size allocation (optional). This is the size allocated -# to each node on your network. With these defaults you should have -# room for 4096 nodes with 254 pods per node. -kube_network_node_prefix: 24 +# # internal network node size allocation (optional). This is the size allocated +# # to each node on your network. With these defaults you should have +# # room for 4096 nodes with 254 pods per node. +# kube_network_node_prefix: 24 -# The port the API Server will be listening on. -kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" -kube_apiserver_port: 6443 # (https) -# kube_apiserver_insecure_port: 8080 # (http) -# Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true -kube_apiserver_insecure_port: 0 # (disabled) +# # The port the API Server will be listening on. +# kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" +# kube_apiserver_port: 6443 # (https) +# # kube_apiserver_insecure_port: 8080 # (http) +# # Set to 0 to disable insecure port - Requires RBAC in authorization_modes and kube_api_anonymous_auth: true +# kube_apiserver_insecure_port: 0 # (disabled) # Kube-proxy proxyMode configuration. # Can be ipvs, iptables diff --git a/k8s/README.md b/k8s/README.md index d931f81..e30fa9a 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -85,14 +85,14 @@ Switching to [Bitnami chart](https://artifacthub.io/packages/helm/bitnami/minio) Links: -* [minio-console.haumdaucher.de](minio-console.haumdaucher.de) -* [minio.haumdaucher.de](minio.haumdaucher.de) +* [minio-console.haumdaucher.de](https://minio-console.haumdaucher.de) +* [minio.haumdaucher.de](https://minio.haumdaucher.de) ```sh helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update # 11.02.2024: Removed and reinstalled due to upgrade problem -helm upgrade --install -f minio/minio.secret.yaml --namespace minio --create-namespace minio bitnami/minio --version 13.4.5 +helm upgrade --install -f minio/minio.secret.yaml --namespace minio --create-namespace minio bitnami/minio --version 14.8.1 ``` ## velero diff --git a/k8s/home-assistant/home-assistant.yaml b/k8s/home-assistant/home-assistant.yaml index d1cafe2..971f3aa 100644 --- a/k8s/home-assistant/home-assistant.yaml +++ b/k8s/home-assistant/home-assistant.yaml @@ -79,15 +79,14 @@ configuration: automation: !include automations.yaml script: !include scripts.yaml scene: !include scenes.yaml - # moritz custom config - prometheus: - namespace: hass + # # moritz custom config influxdb: host: influxdb-influxdb2.influxdb.svc.cluster.local port: 80 - database: default - username: admin - password: enaiY9yaiWi6ahv0phoph3FaiphoGh + api_version: 2 + bucket: default + organization: influxdata + token: enaiY9yaiWi6ahv0phoph3FaiphoGh ssl: false verify_ssl: false max_retries: 3