maintenance: cleanup k3s traefik and wger attrs
This commit is contained in:
parent
9474ab97f2
commit
671d4d5dce
@ -2,7 +2,7 @@
|
|||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak-realm-settings-24
|
name: keycloak-realm-settings-25
|
||||||
namespace: sso
|
namespace: sso
|
||||||
spec:
|
spec:
|
||||||
backoffLimit: 0
|
backoffLimit: 0
|
||||||
@ -234,6 +234,22 @@ spec:
|
|||||||
"permissions": {"view": ["admin"], "edit": ["admin"]},
|
"permissions": {"view": ["admin"], "edit": ["admin"]},
|
||||||
"validations": {"length": {"max": 64}},
|
"validations": {"length": {"max": 64}},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "wger_password",
|
||||||
|
"displayName": "Wger Password",
|
||||||
|
"multivalued": False,
|
||||||
|
"annotations": {"group": "user-metadata"},
|
||||||
|
"permissions": {"view": ["admin"], "edit": ["admin"]},
|
||||||
|
"validations": {"length": {"max": 255}},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "wger_password_updated_at",
|
||||||
|
"displayName": "Wger Password Updated At",
|
||||||
|
"multivalued": False,
|
||||||
|
"annotations": {"group": "user-metadata"},
|
||||||
|
"permissions": {"view": ["admin"], "edit": ["admin"]},
|
||||||
|
"validations": {"length": {"max": 64}},
|
||||||
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
def has_attr(name: str) -> bool:
|
def has_attr(name: str) -> bool:
|
||||||
|
|||||||
26
services/maintenance/k3s-traefik-cleanup-job.yaml
Normal file
26
services/maintenance/k3s-traefik-cleanup-job.yaml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# services/maintenance/k3s-traefik-cleanup-job.yaml
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: k3s-traefik-cleanup
|
||||||
|
namespace: maintenance
|
||||||
|
spec:
|
||||||
|
backoffLimit: 1
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
serviceAccountName: k3s-traefik-cleanup
|
||||||
|
restartPolicy: Never
|
||||||
|
containers:
|
||||||
|
- name: cleanup
|
||||||
|
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||||
|
command: ["/usr/bin/env", "bash"]
|
||||||
|
args: ["/scripts/k3s_traefik_cleanup.sh"]
|
||||||
|
volumeMounts:
|
||||||
|
- name: script
|
||||||
|
mountPath: /scripts
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: script
|
||||||
|
configMap:
|
||||||
|
name: k3s-traefik-cleanup-script
|
||||||
|
defaultMode: 0555
|
||||||
41
services/maintenance/k3s-traefik-cleanup-rbac.yaml
Normal file
41
services/maintenance/k3s-traefik-cleanup-rbac.yaml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# services/maintenance/k3s-traefik-cleanup-rbac.yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: k3s-traefik-cleanup
|
||||||
|
namespace: maintenance
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: k3s-traefik-cleanup
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["helm.cattle.io"]
|
||||||
|
resources: ["helmcharts", "helmchartconfigs"]
|
||||||
|
verbs: ["get", "list", "delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["services", "serviceaccounts"]
|
||||||
|
verbs: ["get", "list", "delete"]
|
||||||
|
- apiGroups: ["apps"]
|
||||||
|
resources: ["deployments"]
|
||||||
|
verbs: ["get", "list", "delete"]
|
||||||
|
- apiGroups: ["rbac.authorization.k8s.io"]
|
||||||
|
resources: ["clusterroles", "clusterrolebindings"]
|
||||||
|
verbs: ["get", "list", "delete"]
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: k3s-traefik-cleanup
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: k3s-traefik-cleanup
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: k3s-traefik-cleanup
|
||||||
|
namespace: maintenance
|
||||||
@ -4,9 +4,11 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- disable-k3s-traefik-serviceaccount.yaml
|
- disable-k3s-traefik-serviceaccount.yaml
|
||||||
|
- k3s-traefik-cleanup-rbac.yaml
|
||||||
- node-nofile-serviceaccount.yaml
|
- node-nofile-serviceaccount.yaml
|
||||||
- pod-cleaner-rbac.yaml
|
- pod-cleaner-rbac.yaml
|
||||||
- disable-k3s-traefik-daemonset.yaml
|
- disable-k3s-traefik-daemonset.yaml
|
||||||
|
- k3s-traefik-cleanup-job.yaml
|
||||||
- node-nofile-daemonset.yaml
|
- node-nofile-daemonset.yaml
|
||||||
- pod-cleaner-cronjob.yaml
|
- pod-cleaner-cronjob.yaml
|
||||||
- node-image-sweeper-serviceaccount.yaml
|
- node-image-sweeper-serviceaccount.yaml
|
||||||
@ -20,6 +22,12 @@ configMapGenerator:
|
|||||||
- disable_k3s_traefik.sh=scripts/disable_k3s_traefik.sh
|
- disable_k3s_traefik.sh=scripts/disable_k3s_traefik.sh
|
||||||
options:
|
options:
|
||||||
disableNameSuffixHash: true
|
disableNameSuffixHash: true
|
||||||
|
- name: k3s-traefik-cleanup-script
|
||||||
|
namespace: maintenance
|
||||||
|
files:
|
||||||
|
- k3s_traefik_cleanup.sh=scripts/k3s_traefik_cleanup.sh
|
||||||
|
options:
|
||||||
|
disableNameSuffixHash: true
|
||||||
- name: node-nofile-script
|
- name: node-nofile-script
|
||||||
namespace: maintenance
|
namespace: maintenance
|
||||||
files:
|
files:
|
||||||
|
|||||||
10
services/maintenance/scripts/k3s_traefik_cleanup.sh
Executable file
10
services/maintenance/scripts/k3s_traefik_cleanup.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
kubectl -n kube-system delete helmchart traefik traefik-crd --ignore-not-found
|
||||||
|
kubectl -n kube-system delete deployment traefik --ignore-not-found
|
||||||
|
kubectl -n kube-system delete service traefik --ignore-not-found
|
||||||
|
kubectl -n kube-system delete serviceaccount traefik helm-traefik helm-traefik-crd --ignore-not-found
|
||||||
|
|
||||||
|
kubectl delete clusterrole traefik-ingress-controller traefik-kube-system --ignore-not-found
|
||||||
|
kubectl delete clusterrolebinding helm-kube-system-traefik helm-kube-system-traefik-crd traefik-ingress-controller traefik-kube-system --ignore-not-found
|
||||||
Loading…
x
Reference in New Issue
Block a user