Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): pin dependencies #1638

Merged
merged 1 commit into from
Apr 18, 2023
Merged

chore(deps): pin dependencies #1638

merged 1 commit into from
Apr 18, 2023

Conversation

jarvis-plus-bot[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
InsonusK/get-latest-release action pinDigest -> f8686e4
JamesIves/github-pages-deploy-action action pinDigest -> ba14867
actions/checkout action pinDigest -> 8e5e7e5
actions/github-script action pinDigest -> deb7ae9
actions/setup-python action pinDigest -> d27e3f3
azure/setup-kubectl action pinDigest -> 901a10e
docker/build-push-action action pinDigest -> 3b5e802
docker/login-action action pinDigest -> f4ef78c
docker/setup-buildx-action action pinDigest -> 4b4e9c3
docker/setup-qemu-action action pinDigest -> e81a89b
google-github-actions/auth action pinDigest -> e8df18b
google-github-actions/setup-gcloud action pinDigest -> 62d4898
hashicorp/setup-terraform action pinDigest -> 633666f
helm/kind-action action pinDigest -> d8ccf8f
imjasonh/setup-crane action pinDigest -> 00c9e93
karancode/kustomize-github-action action pinDigest -> 883a86e
oxsecurity/megalinter action pinDigest -> 93700f8
release-drafter/release-drafter action pinDigest -> 569eb7e
renovatebot/github-action action pinDigest -> 95cbcd7
robinraju/release-downloader action pinDigest -> 768b85c
suzuki-shunsuke/github-action-renovate-config-validator action pinDigest -> b7cd2b5
tibdex/github-app-token action pinDigest -> b625283
timheuer/base64-to-file action pinDigest -> 48657ba

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@jarvis-plus-bot jarvis-plus-bot bot requested a review from xunholy as a code owner April 18, 2023 01:06
@github-actions
Copy link
Contributor

kustomize build Success

Show Output 
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: actions-runner-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: backup-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: crossplane-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: development
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: game-servers
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: home-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    istio-injection: enabled
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: istio-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: istio-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: kube-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: litmus
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: network-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: nginx-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: observability
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: openebs
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    access: openfaas-system
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas
    role: openfaas-system
  name: openfaas
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas-fn
    role: openfaas-fn
  name: openfaas-fn
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: rook-ceph
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: security-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: traefik-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: velero
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-cpu
  namespace: network-system
spec:
  limits:
  - default:
      cpu: 0.2
    defaultRequest:
      cpu: 0.1
    type: Container
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-memory
  namespace: network-system
spec:
  limits:
  - default:
      memory: 256Mi
    defaultRequest:
      memory: 128Mi
    type: Container
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: actions-runner-controller
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: actions-runner-controller-runners
  namespace: flux-system
spec:
  dependsOn:
  - name: actions-runner-controller
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/runners
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cert-manager-clusterissuers
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/issuers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium
  namespace: flux-system
spec:
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium-config
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflare-ddns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflare-ddns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflared
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflared/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: coredns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/coredns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane-providers
  namespace: flux-system
spec:
  dependsOn:
  - name: crossplane
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/providers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cstor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/cstor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: descheduler
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/descheduler/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex-k8s-authenticator
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex-k8s-authenticator/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: echo-server
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/echo-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: external-dns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/external-dns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flagger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/flagger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-monitoring
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/monitoring
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-notifications
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/notifications
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flux-system-repositories
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/repositories
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-webhooks
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/flux-system/addons/webhooks
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: gatekeeper
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/gatekeeper/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: grafana
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/grafana/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: home-assistant
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/home-assistant/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-base
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/istio-system/istio-base/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-cni
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-base
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istio-cni/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: istio-gateway
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-ingress/istio-gateway/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istiod
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-cni
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istiod/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jaeger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/jaeger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jellyfin
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/jellyfin/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kiali
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kiali/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kube-prometheus-stack
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kube-prometheus-stack/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kubernetes-schemas
  namespace: flux-system
spec:
  interval: 5m
  path: ./namespaces/base/development/kubernetes-schemas/app
  prune: true
  sourceRef:
    kind: OCIRepository
    name: cluster
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kyverno
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/kyverno/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: loki
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/loki/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: mayastor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/mayastor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/metallb/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb-config
  namespace: flux-system
spec:
  dependsOn:
  - name: metallb
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/metallb/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: metrics-server
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/metrics-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: mosquitto
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/mosquitto/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: nginx-ingress
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/nginx-ingress/nginx-ingress/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: node-feature-discovery
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/node-feature-discovery/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: oauth2-proxy
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/oauth2-proxy/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: otel
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/otel/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: overseerr
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/overseerr/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: plex
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/plex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: reloader
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/reloader/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: sealed-secrets
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/kube-system/sealed-secrets/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: secret-store-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/secret-store-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: tetragon
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/tetragon/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: tf-controller
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/tf-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: thanos
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/thanos/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: velero
  namespace: flux-system
spec:
  interval: 5m
  path: ./namespaces/base/velero/velero/app
  prune: true
  sourceRef:
    kind: OCIRepository
    name: cluster
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: volsync
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/backup-system/volsync/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: vpa
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/vpa/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: weave-gitops
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/weave-gitops/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: zigbee2mqtt
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/zigbee2mqtt/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: game-servers
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: home-assistant
  namespace: home-system
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 1883
    to:
    - podSelector:
        matchLabels:
          name: mosquitto
  - ports:
    - port: 1900
      protocol: UDP
    - port: 5353
      protocol: UDP
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: istio-ingress
      podSelector:
        matchLabels:
          app: istio-ingressgateway
    ports:
    - port: 8123
    - port: 12321
  podSelector:
    matchLabels:
      name: home-assistant
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: mosquitto
  namespace: home-system
spec:
  egress: []
  ingress:
  - from:
    - podSelector:
        matchLabels:
          name: zigbee2mqtt
    ports:
    - port: 1883
  - from:
    - podSelector:
        matchLabels:
          name: home-assistant
    ports:
    - port: 1883
  podSelector:
    matchLabels:
      name: mosquitto
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: istio-ingressgateway
  namespace: istio-ingress
spec:
  ingress:
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 8443
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: network-system
      podSelector:
        matchLabels:
          app: dex-k8s-authenticator
    ports:
    - port: 8443
  podSelector:
    matchLabels:
      app: istio-ingressgateway
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: nginx-ingress
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: velero
  namespace: velero
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 443
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - ports:
    - port: 5757
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openebs
      podSelector:
        matchLabels:
          name: cvc-operator
  - {}
  podSelector:
    matchLabels:
      name: velero
  policyTypes:
  - Egress

Workflow: Lint, Action: __karancode_kustomize-github-action_2, Build Directory: k8s/namespaces/overlays/cluster-1/

@github-actions
Copy link
Contributor

kustomize build Success

Show Output 
apiVersion: v1
kind: Namespace
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-tenant
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
    toolkit.fluxcd.io/tenant: kube-guardian
  name: xdp-log
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-reconciler
  namespace: kube-guardian-tenant
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: gotk:kube-guardian-tenant:reconciler
- kind: ServiceAccount
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-tenant-reconciler
  namespace: xdp-log
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: gotk:kube-guardian-tenant:reconciler
- kind: ServiceAccount
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kube-guardian-tenant
  namespace: kube-guardian-tenant
spec:
  interval: 5m
  path: ./k8s/base/kube-guardian
  prune: true
  serviceAccountName: kube-guardian
  sourceRef:
    kind: GitRepository
    name: kube-guardian-tenant
    namespace: flux-system
  wait: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-policy
  namespace: xdp-log
spec:
  egress: []
  ingress: []
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: kube-guardian-tenant
  namespace: flux-system
spec:
  interval: 1m0s
  ref:
    branch: main
  secretRef:
    name: flux-system
  url: https://github.com/kube-guardian/guardian-controller.git

Workflow: Lint, Action: __karancode_kustomize-github-action_3, Build Directory: k8s/tenants/overlays/cluster-1/

@jarvis-plus-bot
Copy link
Contributor Author

jarvis-plus-bot bot commented Apr 18, 2023
edited
Loading

🦙 MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Elapsed time
❌ ACTION actionlint 11 7 0.28s
⚠️ MARKDOWN markdownlint 1 43 0.79s
⚠️ REPOSITORY checkov yes 466 44.08s
✅ REPOSITORY dustilock yes no 0.27s
✅ REPOSITORY git_diff yes no 0.08s
✅ REPOSITORY secretlint yes no 4.25s
⚠️ REPOSITORY trivy yes 1 152.67s
✅ SPELL misspell 12 0 0.07s
⚠️ YAML prettier 11 1 1.08s
✅ YAML yamllint 11 0 0.39s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@jarvis-plus-bot
chore(deps): pin dependencies
ce9e1bb 
Signed-off-by: Jarvis Plus Bot <112913195+jarvis-plus-bot[bot]@users.noreply.github.com>
@github-actions
Copy link
Contributor

kustomize build Success

Show Output 
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: actions-runner-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: backup-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: crossplane-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: development
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: game-servers
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: home-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    istio-injection: enabled
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: istio-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: istio-system
---
apiVersion: v1
kind: Namespace
metadata:
  name: kube-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: litmus
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: network-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: nginx-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: observability
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: openebs
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    access: openfaas-system
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas
    role: openfaas-system
  name: openfaas
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    namespace: openfaas-fn
    role: openfaas-fn
  name: openfaas-fn
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: rook-ceph
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: security-system
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: traefik-ingress
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
  name: velero
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-cpu
  namespace: network-system
spec:
  limits:
  - default:
      cpu: 0.2
    defaultRequest:
      cpu: 0.1
    type: Container
---
apiVersion: v1
kind: LimitRange
metadata:
  name: default-memory
  namespace: network-system
spec:
  limits:
  - default:
      memory: 256Mi
    defaultRequest:
      memory: 128Mi
    type: Container
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: actions-runner-controller
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: actions-runner-controller-runners
  namespace: flux-system
spec:
  dependsOn:
  - name: actions-runner-controller
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/actions-runner-system/actions-runner-controller/runners
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cert-manager-clusterissuers
  namespace: flux-system
spec:
  dependsOn:
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager/issuers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cert-manager-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cert-manager-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium
  namespace: flux-system
spec:
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cilium-config
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./k8s/namespaces/base/kube-system/cilium/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflare-ddns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflare-ddns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: cloudflared
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/cloudflared/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: coredns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/coredns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: crossplane-providers
  namespace: flux-system
spec:
  dependsOn:
  - name: crossplane
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/crossplane-system/crossplane/providers
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: cstor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/cstor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: descheduler
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/descheduler/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: dex-k8s-authenticator
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/dex-k8s-authenticator/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: echo-server
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/echo-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: external-dns
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/external-dns/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flagger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/flagger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-monitoring
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/monitoring
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-notifications
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/notifications
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: flux-system-repositories
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/addons/repositories
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: flux-system-webhooks
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/flux-system/addons/webhooks
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: gatekeeper
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/gatekeeper/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: grafana
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/grafana/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: home-assistant
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/home-assistant/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-base
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/istio-system/istio-base/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istio-cni
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-base
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istio-cni/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: istio-gateway
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  - name: cert-manager
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-ingress/istio-gateway/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: istiod
  namespace: flux-system
spec:
  dependsOn:
  - name: istio-cni
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/istio-system/istiod/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jaeger
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/jaeger/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: jellyfin
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/jellyfin/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kiali
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kiali/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kube-prometheus-stack
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/kube-prometheus-stack/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: kubernetes-schemas
  namespace: flux-system
spec:
  interval: 5m
  path: ./namespaces/base/development/kubernetes-schemas/app
  prune: true
  sourceRef:
    kind: OCIRepository
    name: cluster
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kyverno
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/security-system/kyverno/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: loki
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/loki/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: mayastor
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/openebs/mayastor/app
  prune: false
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 10m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/metallb/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: metallb-config
  namespace: flux-system
spec:
  dependsOn:
  - name: metallb
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/metallb/config
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: metrics-server
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/metrics-server/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: mosquitto
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/mosquitto/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: nginx-ingress
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/nginx-ingress/nginx-ingress/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: node-feature-discovery
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/network-system/node-feature-discovery/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: oauth2-proxy
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/network-system/oauth2-proxy/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: otel
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/otel/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: overseerr
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/overseerr/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: plex
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/home-system/plex/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: reloader
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/reloader/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: sealed-secrets
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/kube-system/sealed-secrets/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: secret-store-csi-driver
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/secret-store-csi-driver/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: tetragon
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/kube-system/tetragon/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: tf-controller
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/tf-controller/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: thanos
  namespace: flux-system
spec:
  dependsOn:
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/observability/thanos/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: velero
  namespace: flux-system
spec:
  interval: 5m
  path: ./namespaces/base/velero/velero/app
  prune: true
  sourceRef:
    kind: OCIRepository
    name: cluster
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: volsync
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/backup-system/volsync/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: vpa
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/observability/vpa/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: weave-gitops
  namespace: flux-system
spec:
  interval: 30m
  path: ./namespaces/base/flux-system/weave-gitops/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  labels:
    substitution.flux/enabled: true
  name: zigbee2mqtt
  namespace: flux-system
spec:
  dependsOn:
  - name: cstor
    namespace: flux-system
  - name: istiod
    namespace: flux-system
  interval: 30m
  path: ./namespaces/base/home-system/zigbee2mqtt/app
  prune: true
  retryInterval: 1m
  sourceRef:
    kind: OCIRepository
    name: cluster
  timeout: 3m
  wait: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: game-servers
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: home-assistant
  namespace: home-system
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 1883
    to:
    - podSelector:
        matchLabels:
          name: mosquitto
  - ports:
    - port: 1900
      protocol: UDP
    - port: 5353
      protocol: UDP
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: istio-ingress
      podSelector:
        matchLabels:
          app: istio-ingressgateway
    ports:
    - port: 8123
    - port: 12321
  podSelector:
    matchLabels:
      name: home-assistant
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: mosquitto
  namespace: home-system
spec:
  egress: []
  ingress:
  - from:
    - podSelector:
        matchLabels:
          name: zigbee2mqtt
    ports:
    - port: 1883
  - from:
    - podSelector:
        matchLabels:
          name: home-assistant
    ports:
    - port: 1883
  podSelector:
    matchLabels:
      name: mosquitto
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: istio-ingressgateway
  namespace: istio-ingress
spec:
  ingress:
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 8443
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: network-system
      podSelector:
        matchLabels:
          app: dex-k8s-authenticator
    ports:
    - port: 8443
  podSelector:
    matchLabels:
      app: istio-ingressgateway
  policyTypes:
  - Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-allow-all
  namespace: nginx-ingress
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - {}
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - to:
    - ipBlock:
        cidr: 10.144.15.153/32
  - to:
    - podSelector: {}
  ingress:
  - from:
    - podSelector: {}
  - {}
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - port: 443
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: velero
  namespace: velero
spec:
  egress:
  - ports:
    - port: 53
      protocol: UDP
    - port: 53
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: kube-system
      podSelector:
        matchLabels:
          k8s-app: kube-dns
  - ports:
    - port: 443
    to:
    - ipBlock:
        cidr: 0.0.0.0/0
  - ports:
    - port: 5757
      protocol: TCP
    to:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: openebs
      podSelector:
        matchLabels:
          name: cvc-operator
  - {}
  podSelector:
    matchLabels:
      name: velero
  policyTypes:
  - Egress

Workflow: Lint, Action: __karancode_kustomize-github-action_2, Build Directory: k8s/namespaces/overlays/cluster-1/

@github-actions
Copy link
Contributor

kustomize build Success

Show Output 
apiVersion: v1
kind: Namespace
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-tenant
---
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kustomize.toolkit.fluxcd.io/prune: disabled
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
    toolkit.fluxcd.io/tenant: kube-guardian
  name: xdp-log
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-reconciler
  namespace: kube-guardian-tenant
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: gotk:kube-guardian-tenant:reconciler
- kind: ServiceAccount
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    toolkit.fluxcd.io/tenant: kube-guardian
  name: kube-guardian-tenant-reconciler
  namespace: xdp-log
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: gotk:kube-guardian-tenant:reconciler
- kind: ServiceAccount
  name: kube-guardian
  namespace: kube-guardian-tenant
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: kube-guardian-tenant
  namespace: kube-guardian-tenant
spec:
  interval: 5m
  path: ./k8s/base/kube-guardian
  prune: true
  serviceAccountName: kube-guardian
  sourceRef:
    kind: GitRepository
    name: kube-guardian-tenant
    namespace: flux-system
  wait: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-policy
  namespace: xdp-log
spec:
  egress: []
  ingress: []
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: kube-guardian-tenant
  namespace: flux-system
spec:
  interval: 1m0s
  ref:
    branch: main
  secretRef:
    name: flux-system
  url: https://github.com/kube-guardian/guardian-controller.git

Workflow: Lint, Action: __karancode_kustomize-github-action_3, Build Directory: k8s/tenants/overlays/cluster-1/

@xunholy xunholy merged commit d560b31 into main Apr 18, 2023
@xunholy xunholy deleted the renovate/pin-dependencies branch April 18, 2023 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xunholy xunholy Awaiting requested review from xunholy xunholy is a code owner

Assignees
No one assigned
Labels
renovate/github-action renovate/github-release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@xunholy