maintenance: cleanup k3s traefik and wger attrs

2026-01-16 09:27:22 -03:00 · 2026-01-16 09:27:22 -03:00 · 671d4d5dce
commit 671d4d5dce
parent 9474ab97f2
5 changed files with 102 additions and 1 deletions
--- a/services/keycloak/realm-settings-job.yaml
+++ b/services/keycloak/realm-settings-job.yaml
@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: keycloak-realm-settings-24
+  name: keycloak-realm-settings-25
  namespace: sso
 spec:
  backoffLimit: 0
@ -234,6 +234,22 @@ spec:
                          "permissions": {"view": ["admin"], "edit": ["admin"]},
                          "validations": {"length": {"max": 64}},
                      },
+                      {
+                          "name": "wger_password",
+                          "displayName": "Wger Password",
+                          "multivalued": False,
+                          "annotations": {"group": "user-metadata"},
+                          "permissions": {"view": ["admin"], "edit": ["admin"]},
+                          "validations": {"length": {"max": 255}},
+                      },
+                      {
+                          "name": "wger_password_updated_at",
+                          "displayName": "Wger Password Updated At",
+                          "multivalued": False,
+                          "annotations": {"group": "user-metadata"},
+                          "permissions": {"view": ["admin"], "edit": ["admin"]},
+                          "validations": {"length": {"max": 64}},
+                      },
                  ]

                  def has_attr(name: str) -> bool:
--- a/services/maintenance/k3s-traefik-cleanup-job.yaml
+++ b/services/maintenance/k3s-traefik-cleanup-job.yaml
@ -0,0 +1,26 @@
+# services/maintenance/k3s-traefik-cleanup-job.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: k3s-traefik-cleanup
+  namespace: maintenance
+spec:
+  backoffLimit: 1
+  template:
+    spec:
+      serviceAccountName: k3s-traefik-cleanup
+      restartPolicy: Never
+      containers:
+        - name: cleanup
+          image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
+          command: ["/usr/bin/env", "bash"]
+          args: ["/scripts/k3s_traefik_cleanup.sh"]
+          volumeMounts:
+            - name: script
+              mountPath: /scripts
+              readOnly: true
+      volumes:
+        - name: script
+          configMap:
+            name: k3s-traefik-cleanup-script
+            defaultMode: 0555
--- a/services/maintenance/k3s-traefik-cleanup-rbac.yaml
+++ b/services/maintenance/k3s-traefik-cleanup-rbac.yaml
@ -0,0 +1,41 @@
+# services/maintenance/k3s-traefik-cleanup-rbac.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: k3s-traefik-cleanup
+  namespace: maintenance
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: k3s-traefik-cleanup
+rules:
+  - apiGroups: ["helm.cattle.io"]
+    resources: ["helmcharts", "helmchartconfigs"]
+    verbs: ["get", "list", "delete"]
+  - apiGroups: [""]
+    resources: ["services", "serviceaccounts"]
+    verbs: ["get", "list", "delete"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "delete"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["clusterroles", "clusterrolebindings"]
+    verbs: ["get", "list", "delete"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k3s-traefik-cleanup
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k3s-traefik-cleanup
+subjects:
+  - kind: ServiceAccount
+    name: k3s-traefik-cleanup
+    namespace: maintenance
--- a/services/maintenance/kustomization.yaml
+++ b/services/maintenance/kustomization.yaml
@ -4,9 +4,11 @@ kind: Kustomization
 resources:
  - namespace.yaml
  - disable-k3s-traefik-serviceaccount.yaml
+  - k3s-traefik-cleanup-rbac.yaml
  - node-nofile-serviceaccount.yaml
  - pod-cleaner-rbac.yaml
  - disable-k3s-traefik-daemonset.yaml
+  - k3s-traefik-cleanup-job.yaml
  - node-nofile-daemonset.yaml
  - pod-cleaner-cronjob.yaml
  - node-image-sweeper-serviceaccount.yaml
@ -20,6 +22,12 @@ configMapGenerator:
      - disable_k3s_traefik.sh=scripts/disable_k3s_traefik.sh
    options:
      disableNameSuffixHash: true
+  - name: k3s-traefik-cleanup-script
+    namespace: maintenance
+    files:
+      - k3s_traefik_cleanup.sh=scripts/k3s_traefik_cleanup.sh
+    options:
+      disableNameSuffixHash: true
  - name: node-nofile-script
    namespace: maintenance
    files:
--- a/services/maintenance/scripts/k3s_traefik_cleanup.sh
+++ b/services/maintenance/scripts/k3s_traefik_cleanup.sh
@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+kubectl -n kube-system delete helmchart traefik traefik-crd --ignore-not-found
+kubectl -n kube-system delete deployment traefik --ignore-not-found
+kubectl -n kube-system delete service traefik --ignore-not-found
+kubectl -n kube-system delete serviceaccount traefik helm-traefik helm-traefik-crd --ignore-not-found
+
+kubectl delete clusterrole traefik-ingress-controller traefik-kube-system --ignore-not-found
+kubectl delete clusterrolebinding helm-kube-system-traefik helm-kube-system-traefik-crd traefik-ingress-controller traefik-kube-system --ignore-not-found