From 671d4d5dce5666f444861d4aaba5b3d4358a2ce8 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Fri, 16 Jan 2026 09:27:22 -0300 Subject: [PATCH] maintenance: cleanup k3s traefik and wger attrs --- services/keycloak/realm-settings-job.yaml | 18 +++++++- .../maintenance/k3s-traefik-cleanup-job.yaml | 26 ++++++++++++ .../maintenance/k3s-traefik-cleanup-rbac.yaml | 41 +++++++++++++++++++ services/maintenance/kustomization.yaml | 8 ++++ .../scripts/k3s_traefik_cleanup.sh | 10 +++++ 5 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 services/maintenance/k3s-traefik-cleanup-job.yaml create mode 100644 services/maintenance/k3s-traefik-cleanup-rbac.yaml create mode 100755 services/maintenance/scripts/k3s_traefik_cleanup.sh diff --git a/services/keycloak/realm-settings-job.yaml b/services/keycloak/realm-settings-job.yaml index e276c52..0bd78b5 100644 --- a/services/keycloak/realm-settings-job.yaml +++ b/services/keycloak/realm-settings-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: keycloak-realm-settings-24 + name: keycloak-realm-settings-25 namespace: sso spec: backoffLimit: 0 @@ -234,6 +234,22 @@ spec: "permissions": {"view": ["admin"], "edit": ["admin"]}, "validations": {"length": {"max": 64}}, }, + { + "name": "wger_password", + "displayName": "Wger Password", + "multivalued": False, + "annotations": {"group": "user-metadata"}, + "permissions": {"view": ["admin"], "edit": ["admin"]}, + "validations": {"length": {"max": 255}}, + }, + { + "name": "wger_password_updated_at", + "displayName": "Wger Password Updated At", + "multivalued": False, + "annotations": {"group": "user-metadata"}, + "permissions": {"view": ["admin"], "edit": ["admin"]}, + "validations": {"length": {"max": 64}}, + }, ] def has_attr(name: str) -> bool: diff --git a/services/maintenance/k3s-traefik-cleanup-job.yaml b/services/maintenance/k3s-traefik-cleanup-job.yaml new file mode 100644 index 0000000..33fa7be --- /dev/null +++ b/services/maintenance/k3s-traefik-cleanup-job.yaml @@ -0,0 +1,26 @@ +# services/maintenance/k3s-traefik-cleanup-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: k3s-traefik-cleanup + namespace: maintenance +spec: + backoffLimit: 1 + template: + spec: + serviceAccountName: k3s-traefik-cleanup + restartPolicy: Never + containers: + - name: cleanup + image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131 + command: ["/usr/bin/env", "bash"] + args: ["/scripts/k3s_traefik_cleanup.sh"] + volumeMounts: + - name: script + mountPath: /scripts + readOnly: true + volumes: + - name: script + configMap: + name: k3s-traefik-cleanup-script + defaultMode: 0555 diff --git a/services/maintenance/k3s-traefik-cleanup-rbac.yaml b/services/maintenance/k3s-traefik-cleanup-rbac.yaml new file mode 100644 index 0000000..3b33da7 --- /dev/null +++ b/services/maintenance/k3s-traefik-cleanup-rbac.yaml @@ -0,0 +1,41 @@ +# services/maintenance/k3s-traefik-cleanup-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: k3s-traefik-cleanup + namespace: maintenance + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: k3s-traefik-cleanup +rules: + - apiGroups: ["helm.cattle.io"] + resources: ["helmcharts", "helmchartconfigs"] + verbs: ["get", "list", "delete"] + - apiGroups: [""] + resources: ["services", "serviceaccounts"] + verbs: ["get", "list", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "delete"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles", "clusterrolebindings"] + verbs: ["get", "list", "delete"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: k3s-traefik-cleanup +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: k3s-traefik-cleanup +subjects: + - kind: ServiceAccount + name: k3s-traefik-cleanup + namespace: maintenance diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml index 23d3f85..8251b27 100644 --- a/services/maintenance/kustomization.yaml +++ b/services/maintenance/kustomization.yaml @@ -4,9 +4,11 @@ kind: Kustomization resources: - namespace.yaml - disable-k3s-traefik-serviceaccount.yaml + - k3s-traefik-cleanup-rbac.yaml - node-nofile-serviceaccount.yaml - pod-cleaner-rbac.yaml - disable-k3s-traefik-daemonset.yaml + - k3s-traefik-cleanup-job.yaml - node-nofile-daemonset.yaml - pod-cleaner-cronjob.yaml - node-image-sweeper-serviceaccount.yaml @@ -20,6 +22,12 @@ configMapGenerator: - disable_k3s_traefik.sh=scripts/disable_k3s_traefik.sh options: disableNameSuffixHash: true + - name: k3s-traefik-cleanup-script + namespace: maintenance + files: + - k3s_traefik_cleanup.sh=scripts/k3s_traefik_cleanup.sh + options: + disableNameSuffixHash: true - name: node-nofile-script namespace: maintenance files: diff --git a/services/maintenance/scripts/k3s_traefik_cleanup.sh b/services/maintenance/scripts/k3s_traefik_cleanup.sh new file mode 100755 index 0000000..179d172 --- /dev/null +++ b/services/maintenance/scripts/k3s_traefik_cleanup.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -euo pipefail + +kubectl -n kube-system delete helmchart traefik traefik-crd --ignore-not-found +kubectl -n kube-system delete deployment traefik --ignore-not-found +kubectl -n kube-system delete service traefik --ignore-not-found +kubectl -n kube-system delete serviceaccount traefik helm-traefik helm-traefik-crd --ignore-not-found + +kubectl delete clusterrole traefik-ingress-controller traefik-kube-system --ignore-not-found +kubectl delete clusterrolebinding helm-kube-system-traefik helm-kube-system-traefik-crd traefik-ingress-controller traefik-kube-system --ignore-not-found