diff --git a/stages/base/helmfile.yaml b/stages/base/helmfile.yaml index 6c9d463..572f424 100644 --- a/stages/base/helmfile.yaml +++ b/stages/base/helmfile.yaml @@ -3,8 +3,8 @@ repositories: url: https://metallb.github.io/metallb - name: ingress-nginx url: https://kubernetes.github.io/ingress-nginx - - name: csi-driver-nfs - url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts + - name: proxmox-csi-plugin + url: oci://ghcr.io/sergelogvinov/charts/proxmox-csi-plugin - name: jetstack url: https://charts.jetstack.io - name: mojo2600 @@ -23,10 +23,12 @@ releases: version: 4.12.0 values: - ./values/ingress-nginx.values.yaml - - name: csi-driver-nfs - namespace: kube-system - chart: csi-driver-nfs/csi-driver-nfs - version: v4.9.0 + - name: proxmox-csi-plugin + namespace: proxmox-csi + chart: proxmox-csi-plugin/proxmox-csi-plugin + version: 0.3.5 + values: + - ./values/proxmox-csi-plugin.values.yaml.gotmpl - name: cert-manager namespace: cert-manager chart: jetstack/cert-manager diff --git a/stages/base/kustomize/csi-driver-nfs.yaml b/stages/base/kustomize/csi-driver-nfs.yaml deleted file mode 100644 index 1a2a64e..0000000 --- a/stages/base/kustomize/csi-driver-nfs.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: nfs-csi - annotations: - storageclass.kubernetes.io/is-default-class: "true" -provisioner: nfs.csi.k8s.io -parameters: - server: 192.168.1.180 - share: /mnt/nas -reclaimPolicy: Delete -volumeBindingMode: Immediate -allowVolumeExpansion: true -mountOptions: - - nfsvers=4.1 \ No newline at end of file diff --git a/stages/base/values/proxmox-csi-plugin.values.yaml.gotmpl b/stages/base/values/proxmox-csi-plugin.values.yaml.gotmpl new file mode 100644 index 0000000..fa857b5 --- /dev/null +++ b/stages/base/values/proxmox-csi-plugin.values.yaml.gotmpl @@ -0,0 +1,35 @@ +config: + clusters: + - url: https://192.168.1.151:8006/api2/json + insecure: true + token_id: "kubernetes-csi@pve!csi" + token_secret: "key" + region: cluster-1 + +# Deploy Node CSI driver only on proxmox nodes +node: + nodeSelector: + # It will work only with Talos CCM, remove it overwise + node.cloudprovider.kubernetes.io/platform: nocloud + tolerations: + - operator: Exists + +# Deploy CSI controller only on control-plane nodes +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +# Define storage classes +# See https://pve.proxmox.com/wiki/Storage +storageClass: + - name: proxmox-data-xfs + storage: data + reclaimPolicy: Delete + fstype: xfs + - name: proxmox-data + storage: data + reclaimPolicy: Delete + fstype: ext4 + cache: writethrough \ No newline at end of file diff --git a/stages/identity/values/authentik.values.yaml.gotmpl b/stages/identity/values/authentik.values.yaml.gotmpl index d47f7ab..2e2038b 100644 --- a/stages/identity/values/authentik.values.yaml.gotmpl +++ b/stages/identity/values/authentik.values.yaml.gotmpl @@ -1,12 +1,7 @@ postgresql: - image: - debug: true enabled: true auth: password: {{ readFile "../.envs/.authentik-postgresql" }} - resources: - limits: - hugepages-2Mi: "512Mi" volumePermissions: enabled: true @@ -18,18 +13,18 @@ authentik: redis: enabled: true -# -# server: -# ingress: -# ingressClassName: nginx -# enabled: true -# hosts: -# - idp.kropcloud.net -# annotations: -# nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -# nginx.ingress.kubernetes.io/backend-protocol: "HTTP" -# cert-manager.io/cluster-issuer: cloudflare-issuer -# tls: -# - hosts: -# - idp.kropcloud.net -# secretName: authentik-tls + +server: + ingress: + ingressClassName: nginx + enabled: true + hosts: + - idp.kropcloud.net + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + cert-manager.io/cluster-issuer: cloudflare-issuer + tls: + - hosts: + - idp.kropcloud.net + secretName: authentik-tls