smana / demo-cloud-native-ref Goto Github PK
View Code? Open in Web Editor NEWOpiniated Cloud Native Platform Reference
Home Page: https://blog.ogenki.io
Opiniated Cloud Native Platform Reference
Home Page: https://blog.ogenki.io
We are starting to adopt this work as a starting point for our k8s infra. I'm wondering if there's anyone else in the same situation and might benefit from a slack (or similar) to discuss issues and share advice.
The terraform provider has changed for the flux bootstrapping.
See here.
I'm currently working on this branch but for now I can see the nodes starting but they are not added to the cluster.
A Pull Request is waiting for validation here: goharbor/harbor#18686
I got this error even though the port-forward to the same service works fine:
upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: delayed connect error: 110
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
crds/base/actions-runner-controller/source.yaml
actions-runner-controller gha-runner-scale-set-0.9.2
crds/base/external-secrets/source.yaml
external-secrets v0.9.19
crds/base/gateway-api/source.yaml
gateway-api v1.0.0
crds/base/kyverno/source.yaml
kyverno v1.12.4
crds/base/prometheus-operator/helmrelease.yaml
prometheus-operator-crds 12.0.0
flux-config/base/capacitor/source.yaml
infrastructure/base/aws-load-balancer-controller/helmrelease.yaml
infrastructure/base/crossplane/controller/release.yaml
infrastructure/base/external-dns/helmrelease.yaml
observability/base/kube-prometheus-stack/helmrelease.yaml
kube-prometheus-stack 60.4.0
observability/base/loki/helmrelease.yaml
observability/base/vector-agent/helmrelease.yaml
security/base/cert-manager/helmrelease.yaml
cert-manager v1.15.0
security/base/external-secrets/helmrelease.yaml
external-secrets 0.9.19
security/base/kyverno/helmrelease-controller.yaml
kyverno 3.2.5
security/base/kyverno/helmrelease-policies.yaml
kyverno-policies 3.2.4
tooling/base/arc/controller-helmrelease.yaml
tooling/base/arc/default-scale-set-helmrelease.yaml
tooling/base/harbor/harbor-helmrelease.yaml
harbor 1.15.0
tooling/base/harbor/redis-helmrelease.yaml
redis 19.5.5
.github/workflows/ci.yaml
actions/checkout v4
arduino/setup-task v1
actions/checkout v4
dagger/dagger-for-github v5
dagger/dagger-for-github v5
.github/workflows/pr-agent.yaml
security/base/vault-snapshot/snapshot-cronjob.yaml
smana/vault-snapshot v0.1.0
crds/base/actions-runner-controller/crds.yaml
Kustomization kustomize.toolkit.fluxcd.io/v1
crds/base/actions-runner-controller/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
crds/base/actions-runner-controller/source.yaml
GitRepository source.toolkit.fluxcd.io/v1
crds/base/cert-manager/crds.yaml
CustomResourceDefinition apiextensions.k8s.io/v1
CustomResourceDefinition apiextensions.k8s.io/v1
CustomResourceDefinition apiextensions.k8s.io/v1
CustomResourceDefinition apiextensions.k8s.io/v1
CustomResourceDefinition apiextensions.k8s.io/v1
CustomResourceDefinition apiextensions.k8s.io/v1
crds/base/cert-manager/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
crds/base/external-secrets/crds.yaml
Kustomization kustomize.toolkit.fluxcd.io/v1
crds/base/external-secrets/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
crds/base/external-secrets/source.yaml
GitRepository source.toolkit.fluxcd.io/v1
crds/base/gateway-api/crds.yaml
Kustomization kustomize.toolkit.fluxcd.io/v1
crds/base/gateway-api/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
crds/base/gateway-api/source.yaml
GitRepository source.toolkit.fluxcd.io/v1
crds/base/kyverno/crds.yaml
Kustomization kustomize.toolkit.fluxcd.io/v1
crds/base/kyverno/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
crds/base/kyverno/source.yaml
GitRepository source.toolkit.fluxcd.io/v1
crds/base/prometheus-operator/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
crds/base/prometheus-operator/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
crds/base/prometheus-operator/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
flux-config/base/capacitor/capacitor.yaml
Kustomization kustomize.toolkit.fluxcd.io/v1
flux-config/base/capacitor/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
flux-config/base/capacitor/source.yaml
OCIRepository source.toolkit.fluxcd.io/v1beta2
flux-config/base/prometheus/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
flux-config/mycluster-0/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/base/aws-load-balancer-controller/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
infrastructure/base/aws-load-balancer-controller/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/base/aws-load-balancer-controller/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
infrastructure/base/crossplane/configuration/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/base/crossplane/controller/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/base/crossplane/controller/release.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
infrastructure/base/crossplane/controller/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
infrastructure/base/crossplane/providers/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/base/crossplane/providers/provider-ec2.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/provider-eks.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/provider-iam.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/provider-kms.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/provider-kubernetes.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/provider-rds.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/provider-s3.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/provider-sql.yaml
Provider pkg.crossplane.io/v1
infrastructure/base/crossplane/providers/rbac-provider-kubernetes.yaml
ClusterRole rbac.authorization.k8s.io/v1
ClusterRoleBinding rbac.authorization.k8s.io/v1
infrastructure/base/external-dns/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
infrastructure/base/external-dns/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/base/external-dns/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
infrastructure/base/gapi/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/mycluster-0/crossplane/configuration/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/mycluster-0/crossplane/controller/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/mycluster-0/crossplane/providers/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
infrastructure/mycluster-0/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
namespaces/base/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
observability/base/kube-prometheus-stack/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
observability/base/kube-prometheus-stack/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
observability/base/loki/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
observability/base/loki/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
observability/base/loki/s3-bucket.yaml
Bucket s3.aws.upbound.io/v1beta1
observability/base/loki/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
observability/base/vector-agent/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
observability/base/vector-agent/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
observability/base/vector-agent/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
observability/mycluster-0/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
security/base/cert-manager/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
security/base/cert-manager/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
security/base/cert-manager/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
security/base/epis/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
security/base/external-secrets/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
security/base/external-secrets/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
security/base/external-secrets/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
security/base/kyverno/helmrelease-controller.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
security/base/kyverno/helmrelease-policies.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
security/base/kyverno/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
security/base/kyverno/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
security/base/vault-snapshot/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
security/base/vault-snapshot/s3-bucket.yaml
Bucket s3.aws.upbound.io/v1beta1
security/base/vault-snapshot/snapshot-cronjob.yaml
smana/vault-snapshot v0.1.0
CronJob batch/v1
security/mycluster-0/external-secrets/helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
security/mycluster-0/external-secrets/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
security/mycluster-0/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
tooling/base/arc/controller-helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
tooling/base/arc/default-scale-set-helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
tooling/base/arc/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
tooling/base/arc/source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
tooling/base/harbor/bitnami-source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
tooling/base/harbor/harbor-helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
tooling/base/harbor/harbor-source.yaml
HelmRepository source.toolkit.fluxcd.io/v1
tooling/base/harbor/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
tooling/base/harbor/redis-helmrelease.yaml
HelmRelease helm.toolkit.fluxcd.io/v2
tooling/base/harbor/s3-bucket.yaml
Bucket s3.aws.upbound.io/v1beta1
tooling/mycluster-0/kustomization.yaml
Kustomization kustomize.config.k8s.io/v1beta1
terraform/eks/helm.tf
terraform/eks/irsa.tf
terraform-aws-modules/iam/aws 5.39.1
terraform-aws-modules/iam/aws 5.39.1
terraform/eks/karpenter.tf
terraform-aws-modules/eks/aws ~> 20.0
terraform/eks/kubernetes.tf
bitnami/kubectl 1.30.2
terraform/eks/main.tf
terraform-aws-modules/eks/aws ~> 20
terraform/eks/providers.tf
terraform/eks/versions.tf
aws ~> 5.0
flux 1.3.0
github ~> 6.0
helm >= 2.7
http >= 3.4
kubectl >= 2.0.0
kubernetes >= 2.20
random ~> 3.5
tls 4.0.5
hashicorp/terraform ~> 1.4
terraform/network/network.tf
terraform-aws-modules/vpc/aws ~> 5.0
terraform/network/providers.tf
terraform/network/route53.tf
terraform-aws-modules/route53/aws ~> 3.0
terraform/network/tailscale.tf
Smana/tailscale-subnet-router/aws 1.0.5
terraform/network/versions.tf
aws ~> 5.0
random ~> 3.5
tailscale ~> 0.16
hashicorp/terraform ~> 1.4
terraform/vault/cluster/autoscaling_group.tf
terraform-aws-modules/autoscaling/aws ~> 7.3
terraform/vault/cluster/providers.tf
terraform/vault/cluster/versions.tf
aws ~> 5.0
cloudinit ~> 2.3
hashicorp/terraform ~> 1.4
terraform/vault/management/providers.tf
terraform/vault/management/versions.tf
aws ~> 5.0
vault ~> 4.0
hashicorp/terraform ~> 1.4
.tflint.hcl
terraform-linters/tflint-ruleset-aws 0.32.0
Issue being followed in Cilium repositiory cilium/cilium#32616.
We now should be able to put annotations into the loadbalancer.
https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayInfrastructure
When starting the tailscale client, we notice that the DNS resolution doesn't work properly:
The first request returns a result but subsequents one fail.
Issue described here.
The main reason is to access to private resources from the runners.
We'd also like to share the Dagger cache volume.
Currently we're using task
with the pre-commit project.
The most straightforward option would be to run the pre-commit into a Dagger module.
This will allow to add a condition on the DB port.
Since recent provider changes, the composition doesn't seem to work fine. The RDS instance doesn't start with the API group v1beta2 and we have to specify explicitly the identifier.
Refer to crossplane-contrib/provider-upjet-aws#1138
Currently, there's already an IRSA composition. Athough it works fine, EKS Pod Identity is an evolution that simplifies the management of IAM permissions in Kubernetes. Indeed it is now possible to define it with Crossplane following this change.
However be careful because it requires recent AWS SDK versions.
Hashicorp Vault licensing changed from MPL to BSL last year. A team has forked Vault and intends to release soon under the original MPL license under the name OpenBao.
Allows continued use of Vault-like service without being pinned to old versions.
As above
As above
We need to wait til OpenBao put out an initial release.
Waiting for cilium/cilium#32492
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.