gwg313/homelab-gitops
1
0
Fork 0
mirror of https://github.com/gwg313/homelab-gitops.git synced 2026-06-05 19:51:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add cicd exclude to resource limits

Browse source 
Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
gwg313 2026-05-22 22:33:09 -04:00
parent 3cd820c135
commit d3da92bbb8
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
5 changed files with 8 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apps/harbor/values.yaml
View file

@ -1,5 +1,7 @@
harbor: harbor:
externalURL: https://registry.gwg313.xyz externalURL: https://registry.gwg313.xyz
updateStrategy:
type: Recreate
nginx: nginx:
replicas: 0 replicas: 0
@ -21,8 +23,6 @@ harbor:
memory: 128Mi memory: 128Mi
core: core:
updateStrategy:
type: Recreate
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
@ -32,8 +32,6 @@ harbor:
memory: 512Mi memory: 512Mi
jobservice: jobservice:
updateStrategy:
type: Recreate
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

1
apps/tekton/kustomization.yaml
View file

@ -4,3 +4,4 @@ kind: Kustomization
resources: resources:
- https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml - https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
- https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml - https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
- https://raw.githubusercontent.com/openshift-pipelines/pipelines-as-code/stable/release.k8s.yaml

5
management/platform-apps/kyverno-policies.yaml
View file

@ -18,8 +18,3 @@ spec:
automated: automated:
prune: true prune: true
selfHeal: true selfHeal: true
syncOptions:
- CreateNamespace=false
- ServerSideApply=true
- Replace=true # <-- Policies have immutable fields so this helps deal with updates
- Force=true

3
platform/kyverno/policies/generate-ns-network-baseline.yaml
View file

@ -5,6 +5,8 @@ metadata:
annotations: annotations:
policies.kyverno.io/title: Inject Namespace Baseline CNP policies.kyverno.io/title: Inject Namespace Baseline CNP
policies.kyverno.io/description: Automatically provisions a local default-deny + DNS egress CNP inside new application namespaces. policies.kyverno.io/description: Automatically provisions a local default-deny + DNS egress CNP inside new application namespaces.
argocd.argoproj.io/sync-options: Force=true,Replace=true
spec: spec:
background: true background: true
rules: rules:
@ -32,6 +34,7 @@ spec:
- monitoring - monitoring
- tekton-pipelines-resolvers - tekton-pipelines-resolvers
- tekton-pipelines - tekton-pipelines
- pipelines-as-code
generate: generate:
apiVersion: cilium.io/v2 apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy kind: CiliumNetworkPolicy

2
platform/kyverno/policies/require-requests-limits.yaml
View file

@ -36,6 +36,8 @@ spec:
- monitoring - monitoring
- tekton-pipelines-resolvers - tekton-pipelines-resolvers
- tekton-pipelines - tekton-pipelines
- pipelines-as-code
- cicd
validate: validate:
message: "Resource discipline violation: Containers must declare cpu/memory requests and limits." message: "Resource discipline violation: Containers must declare cpu/memory requests and limits."
pattern: pattern: