platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

treewide: Format with shellcheck, jsonlint and yamllint

Browse Source
This commit is contained in:
Moritz Jörg
2025-12-29 12:41:13 +01:00
parent d7e4fb43cb
commit f81a4b2732
53 changed files with 313 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files
attic/templates/kyverno.yaml
+3 -3
View File
@@ -46,19 +46,19 @@ spec:
{{ end }}
cleanupController:
resources:
limits:
limits:
memory: {{ .Values.kyverno.resources.cleanupController.memory }}
requests:
memory: {{ .Values.kyverno.resources.cleanupController.memory }}
reportsController:
resources:
limits:
limits:
memory: {{ .Values.kyverno.resources.reportsController.memory }}
requests:
memory: {{ .Values.kyverno.resources.reportsController.memory }}
backgroundController:
resources:
limits:
limits:
memory: {{ .Values.kyverno.resources.backgroundController.memory }}
requests:
memory: {{ .Values.kyverno.resources.backgroundController.memory }}
attic/templates/linkerd.yaml
+4 -4
View File
@@ -27,17 +27,17 @@ spec:
scheme: {{ .Values.linkerd.secretScheme }}
{{- if .Values.linkerd.identityIssuerPEM }}
tls:
crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }}
crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }}
{{- end }}
policyValidator:
externalSecret: true
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
proxyInjector:
externalSecret: true
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
profileValidator:
externalSecret: true
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
project: sys
syncPolicy:
attic/templates/metricserver.yaml
+1 -1
View File
@@ -16,7 +16,7 @@ spec:
helm:
values: |
containerPort: 10250
resources:
resources:
requests:
cpu: 100m
memory: 200Mi
attic/templates/otel-collector.yaml
+1 -1
View File
@@ -53,7 +53,7 @@ spec:
endpoint: "tempo.tempo.svc:4317"
tls:
insecure: true
##
##
otlphttp/metrics:
endpoint: http://prom-prometheus.prometheus:9090/api/v1/otlp
tls:
attic/templates/policies/generate-external-admin-rolebinding.yaml
+2 -2
View File
@@ -12,8 +12,8 @@ metadata:
policies.kyverno.io/minversion: 1.7.0
kyverno.io/kubernetes-version: "1.23"
policies.kyverno.io/description: >-
Customers should not have full admin permissions on their own namespaces.
This policy will generate a RoleBinding, binding their group_id to
Customers should not have full admin permissions on their own namespaces.
This policy will generate a RoleBinding, binding their group_id to
the Cluster-Admin clusterrole. This will still only apply to the namespace as
the resource is a rolebinding, not clusterrolebinding.
This policy should not trigger on any namespaces with label component=sys
attic/templates/policies/prometheus-add-folder-to-default-dashboards.yaml
+1 -1
View File
@@ -24,7 +24,7 @@ spec:
grafana_folder: Prometheus-stack
targets:
- apiVersion: v1
kind: ConfigMap
kind: ConfigMap
name: "{{`{{ request.object.metadata.name }}`}}"
name: generate-dashboard-folder-annotation
skipBackgroundRequests: true
attic/templates/policies/sync-regcred.yaml
+1 -1
View File
@@ -13,7 +13,7 @@ metadata:
is time consuming and error prone. This policy will copy a
Secret called `regcred` which exists in the `default` Namespace to
new Namespaces when they are created. It will also push updates to
the copied Secrets should the source Secret be changed.
the copied Secrets should the source Secret be changed.
spec:
rules:
- name: sync-image-pull-secret
attic/templates/policies/whitelist-internal-ingresses.yaml
+3 -3
View File
@@ -9,12 +9,12 @@ metadata:
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Ingress
policies.kyverno.io/description: >-
Ingresses with the label "internal=true" should be whitelisted.
If no whitelist exists, add the default values, otherwise append
Ingresses with the label "internal=true" should be whitelisted.
If no whitelist exists, add the default values, otherwise append
whitelist to the already existing ones
spec:
mutateExistingOnPolicyUpdate: false
#precondition: has whitelist annotation or
#precondition: has whitelist annotation or
rules:
- name: ensure-nginx-whitelist-exists
match:
attic/templates/resources/dashboards/rabbitmq.yaml
+13 -13
View File
@@ -32,7 +32,7 @@ data:
}
],
"__elements":{
},
"__requires":[
{
@@ -70,7 +70,7 @@ data:
"limit":100,
"matchAny":false,
"tags":[
],
"type":"dashboard"
},
@@ -83,7 +83,7 @@ data:
"graphTooltip":0,
"id":null,
"links":[
],
"liveNow":false,
"panels":[
@@ -130,7 +130,7 @@ data:
}
},
"mappings":[
],
"thresholds":{
"mode":"absolute",
@@ -195,7 +195,7 @@ data:
"options":{
"legend":{
"calcs":[
],
"displayMode":"list",
"placement":"bottom",
@@ -255,7 +255,7 @@ data:
"multi":false,
"name":"DS_PROMETHEUS",
"options":[
],
"query":"prometheus",
"refresh":1,
@@ -266,7 +266,7 @@ data:
},
{
"current":{
},
"datasource":{
"type":"prometheus",
@@ -279,7 +279,7 @@ data:
"multi":false,
"name":"namespace",
"options":[
],
"query":{
"query":"label_values(rabbitmq_identity_info, namespace)",
@@ -296,7 +296,7 @@ data:
},
{
"current":{
},
"datasource":{
"type":"prometheus",
@@ -309,7 +309,7 @@ data:
"multi":false,
"name":"rabbitmq_cluster",
"options":[
],
"query":{
"query":"label_values(rabbitmq_identity_info{namespace=\"$namespace\"}, rabbitmq_cluster)",
@@ -326,7 +326,7 @@ data:
},
{
"current":{
},
"datasource":{
"type":"prometheus",
@@ -339,7 +339,7 @@ data:
"multi":false,
"name":"queue",
"options":[
],
"query":{
"query":"query_result(rabbitmq_detailed_queue_messages{namespace=\"$namespace\"} * on (instance, job) group_left(rabbitmq_cluster) rabbitmq_identity_info{namespace=\"$namespace\", rabbitmq_cluster=\"$rabbitmq_cluster\"})",
@@ -361,7 +361,7 @@ data:
"to":"now"
},
"timepicker":{
},
"timezone":"",
"title":"RabbitMQ-Queue",
attic/templates/resources/kube-proxy-rbac.yaml
+1 -1
View File
@@ -37,7 +37,7 @@ rules:
resources:
- events
verbs: ["*"]
- nonResourceURLs: ["*"]
verbs: ["*"]
- apiGroups:
attic/templates/resources/pre-cert-manager.yaml
+3 -3
View File
@@ -139,8 +139,8 @@ spec:
resources: {}
securityContext:
allowPrivilegeEscalation: false
command:
- "/bin/sh"
command:
- "/bin/sh"
- -c
- /tmp/renew-certs/renew-certs.sh
volumeMounts:
@@ -216,7 +216,7 @@ metadata:
name: default-deny-egress
namespace: cert-manager
spec:
podSelector:
podSelector:
matchLabels:
block-egress: "true"
policyTypes:
attic/templates/resources/pre-gitlab-runner.yaml
+3 -3
View File
@@ -42,8 +42,8 @@ spec:
resources: {}
securityContext:
allowPrivilegeEscalation: false
command:
- "/bin/sh"
command:
- "/bin/sh"
- -c
- /tmp/renew-certs/renew-certs.sh
volumeMounts:
@@ -119,7 +119,7 @@ metadata:
name: default-deny-egress
namespace: gitlab
spec:
podSelector:
podSelector:
matchLabels:
block-egress: "true"
policyTypes: