diff --git a/.github/workflows/k8s-deploy.yml b/.github/workflows/k8s-deploy.yml index a698aea..4809682 100644 --- a/.github/workflows/k8s-deploy.yml +++ b/.github/workflows/k8s-deploy.yml @@ -28,35 +28,63 @@ jobs: # initialize empty log of kube operations echo -n '' > /tmp/kube.log + echo -n '' > /tmp/kube.err - name: 'Apply manifests: CRD resources' run: | if [ -d ./_/CustomResourceDefinition ]; then - kubectl apply -Rf ./_/CustomResourceDefinition | tee -a /tmp/kube.log + # Capture errors and add context + dir_errors=$(kubectl apply -Rf ./_/CustomResourceDefinition 2>&1 1>>/tmp/kube.log || true) + + # Filter and append errors with context if meaningful + filtered_errors=$(echo "$dir_errors" | \ + grep -v "Warning: Use tokens from the TokenRequest API" | \ + grep -v "^Error: exit status [0-9]*$" | \ + grep -v "^[[:space:]]*$" || true) + + if [ -n "$filtered_errors" ] && echo "$filtered_errors" | grep -q '[^[:space:]]' 2>/dev/null; then + echo "=== CRD Resources ===" >> /tmp/kube.err + echo "$filtered_errors" >> /tmp/kube.err + echo "" >> /tmp/kube.err + fi fi - name: 'Apply manifests: non-CRD global resources' run: | if [ -d ./_ ]; then - ( - find _ \ - -maxdepth 1 \ - -mindepth 1 \ - -type d \ - -not -name 'CustomResourceDefinition' \ - -print0 \ - | sort -z \ - | xargs -r0 -n 1 kubectl apply -Rf - ) | tee -a /tmp/kube.log + find _ \ + -maxdepth 1 \ + -mindepth 1 \ + -type d \ + -not -name 'CustomResourceDefinition' \ + -print0 \ + | sort -z \ + | while IFS= read -r -d '' dir; do + # Capture errors and add context per directory + dir_errors=$(kubectl apply -Rf "$dir" 2>&1 1>>/tmp/kube.log || true) + + # Filter and append errors with context if meaningful + filtered_errors=$(echo "$dir_errors" | \ + grep -v "Warning: Use tokens from the TokenRequest API" | \ + grep -v "^Error: exit status [0-9]*$" | \ + grep -v "^[[:space:]]*$" || true) + + if [ -n "$filtered_errors" ] && echo "$filtered_errors" | grep -q '[^[:space:]]' 2>/dev/null; then + echo "=== Directory: $dir ===" >> /tmp/kube.err + echo "$filtered_errors" >> /tmp/kube.err + echo "" >> /tmp/kube.err + fi + done fi - name: 'Apply manifests: generated regcred secrets' run: | - # apply a copy of regcred secret for every deployed namespace while IFS= read -r namespace; do namespace="$(basename "${namespace}")" - cat <&1 1>>/tmp/kube.log || true apiVersion: v1 kind: Secret metadata: @@ -66,20 +94,46 @@ jobs: data: .dockerconfigjson: ${{ secrets.DOCKER_CONFIG_BASE64 }} EOF + ) + + # Filter and append errors with context if meaningful + filtered_errors=$(echo "$secret_errors" | \ + grep -v "Warning: Use tokens from the TokenRequest API" | \ + grep -v "^Error: exit status [0-9]*$" | \ + grep -v "^[[:space:]]*$" || true) + + if [ -n "$filtered_errors" ] && echo "$filtered_errors" | grep -q '[^[:space:]]' 2>/dev/null; then + echo "=== Regcred Secret: $namespace ===" >> /tmp/kube.err + echo "$filtered_errors" >> /tmp/kube.err + echo "" >> /tmp/kube.err + fi done <<< "$(find . -maxdepth 1 -type d -not -name '_' -not -name '.*')" - name: 'Apply manifests: namespaced resources' run: | - ( - find . \ - -maxdepth 1 \ - -type d \ - -not -name '_' \ - -not -name '.*' \ - -print0 \ - | sort -z \ - | xargs -r0 -n 1 kubectl apply -Rf - ) | tee -a /tmp/kube.log + find . \ + -maxdepth 1 \ + -type d \ + -not -name '_' \ + -not -name '.*' \ + -print0 \ + | sort -z \ + | while IFS= read -r -d '' dir; do + # Capture errors and add context per directory + dir_errors=$(kubectl apply -Rf "$dir" 2>&1 1>>/tmp/kube.log || true) + + # Filter and append errors with context if meaningful + filtered_errors=$(echo "$dir_errors" | \ + grep -v "Warning: Use tokens from the TokenRequest API" | \ + grep -v "^Error: exit status [0-9]*$" | \ + grep -v "^[[:space:]]*$" || true) + + if [ -n "$filtered_errors" ] && echo "$filtered_errors" | grep -q '[^[:space:]]' 2>/dev/null; then + echo "=== Directory: $dir ===" >> /tmp/kube.err + echo "$filtered_errors" >> /tmp/kube.err + echo "" >> /tmp/kube.err + fi + done - name: 'Apply manifests: deleted resources' run: | @@ -90,10 +144,27 @@ jobs: kind="${kind_name%%/*}" name="${kind_name##*/}" + # Capture errors for this deletion if [ "${namespace}" == "_" ]; then - kubectl delete $kind $name | tee -a /tmp/kube.log + delete_errors=$(kubectl delete $kind $name 2>&1 1>>/tmp/kube.log || true) else - kubectl -n $namespace delete $kind $name | tee -a /tmp/kube.log + delete_errors=$(kubectl -n $namespace delete $kind $name 2>&1 1>>/tmp/kube.log || true) + fi + + # Filter and append errors with context if meaningful + filtered_errors=$(echo "$delete_errors" | \ + grep -v "Warning: Use tokens from the TokenRequest API" | \ + grep -v "^Error: exit status [0-9]*$" | \ + grep -v "^[[:space:]]*$" || true) + + if [ -n "$filtered_errors" ] && echo "$filtered_errors" | grep -q '[^[:space:]]' 2>/dev/null; then + if [ "${namespace}" == "_" ]; then + echo "=== Deleting: $kind/$name ===" >> /tmp/kube.err + else + echo "=== Deleting: $namespace/$kind/$name ===" >> /tmp/kube.err + fi + echo "$filtered_errors" >> /tmp/kube.err + echo "" >> /tmp/kube.err fi done @@ -113,6 +184,17 @@ jobs: EOF )" + # Conditionally append error output if it has meaningful content + if [ -s /tmp/kube.err ]; then + comment_body="${comment_body} + + ## Errors/Warnings + + \`\`\` + $(cat /tmp/kube.err) + \`\`\`" + fi + ## get most recent merged PR echo diff --git a/.github/workflows/k8s-prepare.yml b/.github/workflows/k8s-prepare.yml index 3363ba1..93ec47b 100644 --- a/.github/workflows/k8s-prepare.yml +++ b/.github/workflows/k8s-prepare.yml @@ -33,15 +33,34 @@ jobs: - name: Generate diff run: | - ( - find . \ - -maxdepth 1 \ - -type d \ - -not -name '.*' \ - -print0 \ - | sort -z \ - | xargs -r0 -n 1 kubectl diff -Rf || true - ) > /tmp/kube.diff + # Initialize output files + echo -n '' > /tmp/kube.diff + echo -n '' > /tmp/kube.err + + # Process each directory + find . \ + -maxdepth 1 \ + -type d \ + -not -name '.*' \ + -print0 \ + | sort -z \ + | while IFS= read -r -d '' dir; do + # Run kubectl diff: stdout to file, capture stderr in variable + dir_errors=$(kubectl diff -Rf "$dir" 2>&1 1>>/tmp/kube.diff || true) + + # Filter out known warnings, exit status messages, and blank lines + filtered_errors=$(echo "$dir_errors" | \ + grep -v "Warning: Use tokens from the TokenRequest API" | \ + grep -v "^Error: exit status [0-9]*$" | \ + grep -v "^[[:space:]]*$" || true) + + # If there are meaningful errors, append with prefix + if [ -n "$filtered_errors" ] && echo "$filtered_errors" | grep -q '[^[:space:]]' 2>/dev/null; then + echo "=== Directory: $dir ===" >> /tmp/kube.err + echo "$filtered_errors" >> /tmp/kube.err + echo "" >> /tmp/kube.err + fi + done - name: Create/update pull request env: @@ -63,6 +82,17 @@ jobs: EOF )" + # Conditionally append error output if it has meaningful content + if [ -s /tmp/kube.err ]; then + pr_body="${pr_body} + + ## Errors/Warnings + + \`\`\` + $(cat /tmp/kube.err) + \`\`\`" + fi + ## generate initial commit for base if needed if ! git ls-remote --exit-code --heads origin "${BRANCH_DEPLOY}"; then diff --git a/_/ClusterIssuer/letsencrypt-prod.yaml b/_/ClusterIssuer/letsencrypt-prod.yaml index 9acd13d..97494cc 100644 --- a/_/ClusterIssuer/letsencrypt-prod.yaml +++ b/_/ClusterIssuer/letsencrypt-prod.yaml @@ -7,7 +7,7 @@ spec: email: services@codeforphilly.org privateKeySecretRef: name: letsencrypt-prod - server: 'https://acme-v02.api.letsencrypt.org/directory' + server: https://acme-v02.api.letsencrypt.org/directory solvers: - http01: ingress: diff --git a/_/ClusterIssuer/letsencrypt-staging.yaml b/_/ClusterIssuer/letsencrypt-staging.yaml index 6e9457a..575aefd 100644 --- a/_/ClusterIssuer/letsencrypt-staging.yaml +++ b/_/ClusterIssuer/letsencrypt-staging.yaml @@ -7,7 +7,7 @@ spec: email: services@codeforphilly.org privateKeySecretRef: name: letsencrypt-staging - server: 'https://acme-staging-v02.api.letsencrypt.org/directory' + server: https://acme-staging-v02.api.letsencrypt.org/directory solvers: - http01: ingress: diff --git a/_/ClusterRole/cert-manager-controller-approve:cert-manager-io.yaml b/_/ClusterRole/cert-manager-controller-approve:cert-manager-io.yaml index fe3e84d..9a3bb4f 100644 --- a/_/ClusterRole/cert-manager-controller-approve:cert-manager-io.yaml +++ b/_/ClusterRole/cert-manager-controller-approve:cert-manager-io.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-controller-approve:cert-manager-io' + name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: - cert-manager.io diff --git a/_/ClusterRole/cert-manager-webhook:subjectaccessreviews.yaml b/_/ClusterRole/cert-manager-webhook:subjectaccessreviews.yaml index 8394848..6c68b43 100644 --- a/_/ClusterRole/cert-manager-webhook:subjectaccessreviews.yaml +++ b/_/ClusterRole/cert-manager-webhook:subjectaccessreviews.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-webhook:subjectaccessreviews' + name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: - authorization.k8s.io diff --git a/_/ClusterRole/ingress-nginx-admission.yaml b/_/ClusterRole/ingress-nginx-admission.yaml index 8ef6647..5688db5 100644 --- a/_/ClusterRole/ingress-nginx-admission.yaml +++ b/_/ClusterRole/ingress-nginx-admission.yaml @@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - helm.sh/hook: 'pre-install,pre-upgrade,post-install,post-upgrade' - helm.sh/hook-delete-policy: 'before-hook-creation,hook-succeeded' + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx diff --git a/_/ClusterRole/system:aggregated-metrics-reader.yaml b/_/ClusterRole/system:aggregated-metrics-reader.yaml index da05973..7c45230 100644 --- a/_/ClusterRole/system:aggregated-metrics-reader.yaml +++ b/_/ClusterRole/system:aggregated-metrics-reader.yaml @@ -6,7 +6,7 @@ metadata: rbac.authorization.k8s.io/aggregate-to-admin: 'true' rbac.authorization.k8s.io/aggregate-to-edit: 'true' rbac.authorization.k8s.io/aggregate-to-view: 'true' - name: 'system:aggregated-metrics-reader' + name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io diff --git a/_/ClusterRole/system:metrics-server.yaml b/_/ClusterRole/system:metrics-server.yaml index fda6a6b..6d770bc 100644 --- a/_/ClusterRole/system:metrics-server.yaml +++ b/_/ClusterRole/system:metrics-server.yaml @@ -3,7 +3,7 @@ kind: ClusterRole metadata: labels: k8s-app: metrics-server - name: 'system:metrics-server' + name: system:metrics-server rules: - apiGroups: - '' diff --git a/_/ClusterRoleBinding/cert-manager-controller-approve:cert-manager-io.yaml b/_/ClusterRoleBinding/cert-manager-controller-approve:cert-manager-io.yaml index f060ac6..7834974 100644 --- a/_/ClusterRoleBinding/cert-manager-controller-approve:cert-manager-io.yaml +++ b/_/ClusterRoleBinding/cert-manager-controller-approve:cert-manager-io.yaml @@ -9,11 +9,11 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-controller-approve:cert-manager-io' + name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: 'cert-manager-controller-approve:cert-manager-io' + name: cert-manager-controller-approve:cert-manager-io subjects: - kind: ServiceAccount name: cert-manager diff --git a/_/ClusterRoleBinding/cert-manager-webhook:subjectaccessreviews.yaml b/_/ClusterRoleBinding/cert-manager-webhook:subjectaccessreviews.yaml index be27bb5..a13e167 100644 --- a/_/ClusterRoleBinding/cert-manager-webhook:subjectaccessreviews.yaml +++ b/_/ClusterRoleBinding/cert-manager-webhook:subjectaccessreviews.yaml @@ -9,11 +9,11 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-webhook:subjectaccessreviews' + name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: 'cert-manager-webhook:subjectaccessreviews' + name: cert-manager-webhook:subjectaccessreviews subjects: - apiGroup: '' kind: ServiceAccount diff --git a/_/ClusterRoleBinding/ingress-nginx-admission.yaml b/_/ClusterRoleBinding/ingress-nginx-admission.yaml index f97c358..91c7233 100644 --- a/_/ClusterRoleBinding/ingress-nginx-admission.yaml +++ b/_/ClusterRoleBinding/ingress-nginx-admission.yaml @@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - helm.sh/hook: 'pre-install,pre-upgrade,post-install,post-upgrade' - helm.sh/hook-delete-policy: 'before-hook-creation,hook-succeeded' + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx diff --git a/_/ClusterRoleBinding/metrics-server:system:auth-delegator.yaml b/_/ClusterRoleBinding/metrics-server:system:auth-delegator.yaml index 376ebad..5d5437e 100644 --- a/_/ClusterRoleBinding/metrics-server:system:auth-delegator.yaml +++ b/_/ClusterRoleBinding/metrics-server:system:auth-delegator.yaml @@ -3,11 +3,11 @@ kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server - name: 'metrics-server:system:auth-delegator' + name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: 'system:auth-delegator' + name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server diff --git a/_/ClusterRoleBinding/system:metrics-server.yaml b/_/ClusterRoleBinding/system:metrics-server.yaml index 0cc6c00..8de39d7 100644 --- a/_/ClusterRoleBinding/system:metrics-server.yaml +++ b/_/ClusterRoleBinding/system:metrics-server.yaml @@ -3,11 +3,11 @@ kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server - name: 'system:metrics-server' + name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: 'system:metrics-server' + name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server diff --git a/_/CustomResourceDefinition/certificaterequests.cert-manager.io.yaml b/_/CustomResourceDefinition/certificaterequests.cert-manager.io.yaml index cc33413..24b6ff3 100644 --- a/_/CustomResourceDefinition/certificaterequests.cert-manager.io.yaml +++ b/_/CustomResourceDefinition/certificaterequests.cert-manager.io.yaml @@ -24,13 +24,13 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: '.status.conditions[?(@.type=="Approved")].status' + - jsonPath: .status.conditions[?(@.type=="Approved")].status name: Approved type: string - - jsonPath: '.status.conditions[?(@.type=="Denied")].status' + - jsonPath: .status.conditions[?(@.type=="Denied")].status name: Denied type: string - - jsonPath: '.status.conditions[?(@.type=="Ready")].status' + - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .spec.issuerRef.name @@ -39,7 +39,7 @@ spec: - jsonPath: .spec.username name: Requestor type: string - - jsonPath: '.status.conditions[?(@.type=="Ready")].message' + - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status priority: 1 type: string diff --git a/_/CustomResourceDefinition/certificates.cert-manager.io.yaml b/_/CustomResourceDefinition/certificates.cert-manager.io.yaml index 4369ce2..4423c39 100644 --- a/_/CustomResourceDefinition/certificates.cert-manager.io.yaml +++ b/_/CustomResourceDefinition/certificates.cert-manager.io.yaml @@ -24,7 +24,7 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: '.status.conditions[?(@.type=="Ready")].status' + - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .spec.secretName @@ -34,7 +34,7 @@ spec: name: Issuer priority: 1 type: string - - jsonPath: '.status.conditions[?(@.type=="Ready")].message' + - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status priority: 1 type: string diff --git a/_/CustomResourceDefinition/challenges.acme.cert-manager.io.yaml b/_/CustomResourceDefinition/challenges.acme.cert-manager.io.yaml index b845fd1..ce5e9fe 100644 --- a/_/CustomResourceDefinition/challenges.acme.cert-manager.io.yaml +++ b/_/CustomResourceDefinition/challenges.acme.cert-manager.io.yaml @@ -681,7 +681,7 @@ spec: Support for other resources is Implementation-Specific. maxLength: 63 minLength: 1 - pattern: '^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$' + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: |- @@ -701,7 +701,7 @@ spec: Support: Core maxLength: 63 minLength: 1 - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: >- @@ -1875,7 +1875,7 @@ spec: type: object type: object imagePullSecrets: - description: 'If specified, the pod''s imagePullSecrets' + description: If specified, the pod's imagePullSecrets items: description: >- LocalObjectReference contains enough @@ -1910,10 +1910,10 @@ spec: priorityClassName. type: string serviceAccountName: - description: 'If specified, the pod''s service account' + description: If specified, the pod's service account type: string tolerations: - description: 'If specified, the pod''s tolerations.' + description: If specified, the pod's tolerations. items: description: >- The pod this Toleration is attached to diff --git a/_/CustomResourceDefinition/clusterissuers.cert-manager.io.yaml b/_/CustomResourceDefinition/clusterissuers.cert-manager.io.yaml index 7a6673a..3169e55 100644 --- a/_/CustomResourceDefinition/clusterissuers.cert-manager.io.yaml +++ b/_/CustomResourceDefinition/clusterissuers.cert-manager.io.yaml @@ -21,10 +21,10 @@ spec: scope: Cluster versions: - additionalPrinterColumns: - - jsonPath: '.status.conditions[?(@.type=="Ready")].status' + - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - - jsonPath: '.status.conditions[?(@.type=="Ready")].message' + - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status priority: 1 type: string @@ -822,7 +822,7 @@ spec: Support for other resources is Implementation-Specific. maxLength: 63 minLength: 1 - pattern: '^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$' + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: |- @@ -842,7 +842,7 @@ spec: Support: Core maxLength: 63 minLength: 1 - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: >- @@ -2021,7 +2021,7 @@ spec: type: object type: object imagePullSecrets: - description: 'If specified, the pod''s imagePullSecrets' + description: If specified, the pod's imagePullSecrets items: description: >- LocalObjectReference contains enough @@ -2056,10 +2056,10 @@ spec: priorityClassName. type: string serviceAccountName: - description: 'If specified, the pod''s service account' + description: If specified, the pod's service account type: string tolerations: - description: 'If specified, the pod''s tolerations.' + description: If specified, the pod's tolerations. items: description: >- The pod this Toleration is attached to @@ -2604,7 +2604,7 @@ spec: - Unknown type: string type: - description: 'Type of the condition, known values are (`Ready`).' + description: Type of the condition, known values are (`Ready`). type: string required: - status diff --git a/_/CustomResourceDefinition/issuers.cert-manager.io.yaml b/_/CustomResourceDefinition/issuers.cert-manager.io.yaml index b104e7f..57b3416 100644 --- a/_/CustomResourceDefinition/issuers.cert-manager.io.yaml +++ b/_/CustomResourceDefinition/issuers.cert-manager.io.yaml @@ -21,10 +21,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: '.status.conditions[?(@.type=="Ready")].status' + - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - - jsonPath: '.status.conditions[?(@.type=="Ready")].message' + - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status priority: 1 type: string @@ -821,7 +821,7 @@ spec: Support for other resources is Implementation-Specific. maxLength: 63 minLength: 1 - pattern: '^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$' + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: description: |- @@ -841,7 +841,7 @@ spec: Support: Core maxLength: 63 minLength: 1 - pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$' + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: description: >- @@ -2020,7 +2020,7 @@ spec: type: object type: object imagePullSecrets: - description: 'If specified, the pod''s imagePullSecrets' + description: If specified, the pod's imagePullSecrets items: description: >- LocalObjectReference contains enough @@ -2055,10 +2055,10 @@ spec: priorityClassName. type: string serviceAccountName: - description: 'If specified, the pod''s service account' + description: If specified, the pod's service account type: string tolerations: - description: 'If specified, the pod''s tolerations.' + description: If specified, the pod's tolerations. items: description: >- The pod this Toleration is attached to @@ -2601,7 +2601,7 @@ spec: - Unknown type: string type: - description: 'Type of the condition, known values are (`Ready`).' + description: Type of the condition, known values are (`Ready`). type: string required: - status diff --git a/cert-manager/Deployment/cert-manager-cainjector.yaml b/cert-manager/Deployment/cert-manager-cainjector.yaml index 7b38270..3c4f612 100644 --- a/cert-manager/Deployment/cert-manager-cainjector.yaml +++ b/cert-manager/Deployment/cert-manager-cainjector.yaml @@ -38,7 +38,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: 'quay.io/jetstack/cert-manager-cainjector:v1.10.1' + image: quay.io/jetstack/cert-manager-cainjector:v1.10.1 imagePullPolicy: IfNotPresent name: cert-manager-cainjector securityContext: diff --git a/cert-manager/Deployment/cert-manager-webhook.yaml b/cert-manager/Deployment/cert-manager-webhook.yaml index 71a6183..c504f7a 100644 --- a/cert-manager/Deployment/cert-manager-webhook.yaml +++ b/cert-manager/Deployment/cert-manager-webhook.yaml @@ -44,7 +44,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: 'quay.io/jetstack/cert-manager-webhook:v1.10.1' + image: quay.io/jetstack/cert-manager-webhook:v1.10.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/cert-manager/Deployment/cert-manager.yaml b/cert-manager/Deployment/cert-manager.yaml index 592fc82..fff451b 100644 --- a/cert-manager/Deployment/cert-manager.yaml +++ b/cert-manager/Deployment/cert-manager.yaml @@ -46,7 +46,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: 'quay.io/jetstack/cert-manager-controller:v1.10.1' + image: quay.io/jetstack/cert-manager-controller:v1.10.1 imagePullPolicy: IfNotPresent name: cert-manager-controller ports: diff --git a/cert-manager/Role/cert-manager-webhook:dynamic-serving.yaml b/cert-manager/Role/cert-manager-webhook:dynamic-serving.yaml index 27fee13..156f369 100644 --- a/cert-manager/Role/cert-manager-webhook:dynamic-serving.yaml +++ b/cert-manager/Role/cert-manager-webhook:dynamic-serving.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-webhook:dynamic-serving' + name: cert-manager-webhook:dynamic-serving namespace: cert-manager rules: - apiGroups: diff --git a/cert-manager/RoleBinding/cert-manager-webhook:dynamic-serving.yaml b/cert-manager/RoleBinding/cert-manager-webhook:dynamic-serving.yaml index 7d89da5..baebb46 100644 --- a/cert-manager/RoleBinding/cert-manager-webhook:dynamic-serving.yaml +++ b/cert-manager/RoleBinding/cert-manager-webhook:dynamic-serving.yaml @@ -9,12 +9,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-webhook:dynamic-serving' + name: cert-manager-webhook:dynamic-serving namespace: cert-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'cert-manager-webhook:dynamic-serving' + name: cert-manager-webhook:dynamic-serving subjects: - apiGroup: '' kind: ServiceAccount diff --git a/chime/Deployment/chime.yaml b/chime/Deployment/chime.yaml index a035aee..aac9f10 100644 --- a/chime/Deployment/chime.yaml +++ b/chime/Deployment/chime.yaml @@ -22,7 +22,7 @@ spec: app.kubernetes.io/name: chime spec: containers: - - image: 'ghcr.io/codeforphilly/chime/penn-chime:1.1.5' + - image: ghcr.io/codeforphilly/chime/penn-chime:1.1.5 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/choose-native-plants/Deployment/choose-native-plants.yaml b/choose-native-plants/Deployment/choose-native-plants.yaml index e85ec02..1ed2a1e 100644 --- a/choose-native-plants/Deployment/choose-native-plants.yaml +++ b/choose-native-plants/Deployment/choose-native-plants.yaml @@ -40,7 +40,7 @@ spec: envFrom: - secretRef: name: pac-api - image: 'mongo:5.0.6' + image: mongo:5.0.6 imagePullPolicy: IfNotPresent name: choose-native-plants-db ports: @@ -182,7 +182,7 @@ spec: name: pac-api - secretRef: name: linode-storage - image: 'ghcr.io/codeforphilly/pa-wildflower-selector/app:2.0.7' + image: ghcr.io/codeforphilly/pa-wildflower-selector/app:2.0.7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/code-for-philly/CronJob/code-for-philly-backups.yaml b/code-for-philly/CronJob/code-for-philly-backups.yaml index 671fcf3..8dd6773 100644 --- a/code-for-philly/CronJob/code-for-philly-backups.yaml +++ b/code-for-philly/CronJob/code-for-philly-backups.yaml @@ -95,7 +95,7 @@ spec: envFrom: - secretRef: name: restic - image: 'lachlanevenson/k8s-kubectl:v1.18.16' + image: lachlanevenson/k8s-kubectl:v1.18.16 imagePullPolicy: IfNotPresent name: kubectl restartPolicy: Never diff --git a/code-for-philly/Deployment/code-for-philly.yaml b/code-for-philly/Deployment/code-for-philly.yaml index 0b678fe..25b8038 100644 --- a/code-for-philly/Deployment/code-for-philly.yaml +++ b/code-for-philly/Deployment/code-for-philly.yaml @@ -72,7 +72,7 @@ spec: name: saml2 - secretRef: name: slack - image: 'ghcr.io/codeforphilly/codeforphilly.org:1.3.12' + image: ghcr.io/codeforphilly/codeforphilly.org:1.3.12 imagePullPolicy: Always name: code-for-philly-site ports: diff --git a/code-for-philly/SealedSecret/saml2.yaml b/code-for-philly/SealedSecret/saml2.yaml index 09305e9..c2a5859 100644 --- a/code-for-philly/SealedSecret/saml2.yaml +++ b/code-for-philly/SealedSecret/saml2.yaml @@ -7,12 +7,12 @@ metadata: spec: encryptedData: SAML2_CERTIFICATE: >- - AgDf7uat+gJ43sfQ3yR7zj1541x9QvnuoFxvseoE+iX7N2wmy2czmBNhWbSJtYQvQeKSnqceRTnl4cSe+8q++ZCIBub/SG7odRVwdMIW/O7Cl1LkWyoBBoig1bqLtTjcbx6lr9udUws61fQulC816oPy19sd2NuounZIngfwJbtqjIwQt8j13R9lnKB+uL+M3g0U5AxzT64umcLhWQo2kOT+BoLTbWUUNBER+8KSpWlhJsQ2V93NvlTxMrxqnVZktU4kRhz6MHo+NjJDW/2cqJjUp/tCWEmNN/aZ/1zy8+XfsiaaiZb8VDm68mzHs+EQQ3v6SEvuI496m8SK4MTKnU/bMj6o/nmHKLCdo/VHnFZFLRF5d0nbm1qhPxjFRAb9j5BdFDm4gTa8FPsoIOheYTzpCfUIgqiDbCf7h8zJBulOZeG/LzqSIhXuPz6l+No+u2uFFeU5MqNyLjOviz7NNsDaTO79I0jAVVWy+Nxznw+FBAQR897MUPxCnK5Ju5FgnkY+9Eh4e+80oUuiFX3RYPYcd2YGoyOYAL2pgR3ZcuY1ToJ53txFD2P6vcbipl0+VqKuSyhosgewmKmbjWwEiILlkHM3H6rrHGswnVHLGriNuYNHf6VWCzY/t/sytaC6MiN8IURe5cafWAlDyj+nw3MsGK/UrpGxi3RrCYiH7irR0jxaO1v36wdDG3+H9PZ16V2ElRhDnp7b17OJi+ZFL+F/Y7KSIgpDE02Eht8qBIpkE6mtKPHbgol9kFnqyBQDfspDB6ogN8Ypt+OyEjpPQuBMXY03t7Hzu5hq8Wg7OYdueCETRDQ+diutNcbuoXallQ/TIwDbtH8EMq0jbf8PuK781A4hIvN4W9jd3GNSbxBD2jpP5z33tgirh/E8j+crSs7Ac5GXjvG/YLwWXWswfFQ2h5VA94S7voDmxUhKp5Bysa9E+5ZJi8ixkKefLU6ExyeVpG17cDBL8m80UBu1GORboUWCvSomhivzL0r2I0W1G52WTA6D5eepwt0Jyb6TkbUxiU+TxgPJhZIHG5Owx1kbqYNmdI2hpPTHHFos1R3oTv2UtAEhYrh4jgfLtnnHShn/rrPbmHJ6KA5SwNgbIiZyD4jQyoQ58o/sz7LEnsEGDTuc7OuXZcme7GyETgaq+qlcOSbwSixkQ0Zf0GDg/vVmBr/IcXelubEKBbzpTD1jUA2jPWXaOnc+B74op9XEVTgtRq8F68EGnRqBnJ+oyBD3uifUmiIp1UX/EXuU5cRAlLI73LPY6sjicYECfmPRPl6OrgmqHcUU1ZLNIF7w9AhXvHyY8L3AdEu0OAouGp1X3kYuEdTVhlHzSF8uQAmmwOx6a1Y8BKdKKZlm+RDZBbG10fo34cUfhYGyh5pteQWRLDTdr3iDJ6TGVvLx4kPc7UsUE4uN+Um2tAAEWpFt3ZQidWSwoTZNp183TCx9W0CI1ExreKD+U/jnpFg4ICKaql87MERdD+3KtUvSvgBllbeyNb5FSVL2FU5+kD+Q07M7wRRGyN2gFZHodb1u6NBV3P7phJn5xyVcyHM4x+Ca8AOEqXWD13146Z5Z45Tf0VF6oHU4U87Uqd6EXUJfimxJYgz3RQBHNq/9HpN/6pAKstMJtunz46LKrVJKxYI5NJy8biTQj3iaQ+RPj3grbJ2CWy8eEilIdaAxTksCTyPmWDUve/EK7gspBeYbZhDQAGUrzu97BPvIFgT4IyLzzdRNdf+fvk+yg4+ywyWexJiOVjhoCasWN+B9gku9UyIxFdFcXCH/bL8IrVptPVvOkVTuEW9ab1MhspqkYaLYrSvfiqJwPSuv3upCim+dXKHKfr8z50EvHmjzsjnoBlVEPzT9iyLd+gowMQXpddr+Mw== + AgBuZgYlXl57syUUKWaZfZJ6kteixBLGJxeal52rUQJKmn2Rlur7k98mJ5vco6pNHf+DFzHgFjHk7qOnGWQAFBDuD9J+LrJ4b/MmXud82iatwu2ezMNH9f9r1WCkZCo8/ccdkksgxnaTX8PYqZoSl6BRaMghRznzk1f9t3dI4rhuMARiQ5oqvw8GmTcBCZLhSyPhTrO50GnSIwMHo+Q8RBgsQvLIEN88EcDgo2VI+y3UuuQqcKMVO3gUA5G7Z6QOboXrdSJz7wj8bX3W5rs3lLxUxoUcMN04U5GjEI2SBP9s5zsX90EpnQMU9g+BKpwk8B+JPOK9hqMWYFSR78D1VGmlSnS9NWyktJq+eUF5nrO39/eDMcbJ+bMomuo4QPlVyasoWNhudTvNBi5T9bZ7m1R6Rz1VQUxkUCiuICtih9AoghWO6Ca9Ig78ceWMJmav8e8AxqwKBac6Iple9qxgGp/lc07by78KJ0tGsVzSpPgxsze+GEztc5trPxxf+bKyG+iwc6caICPORoO5mLuuwwN+pcnnwvm9v/w+k93kkPbn/u7mfcXn4QSWeQTvHcjGA/qjLMAIaJTLeDHCQ3mwi8MYieAAmZbITcktNsgwl7wpNvSklCel/YcTU4H+Hk7NvKHZLL1aGfWMVwCwOTgQSTgIioy4NQnZT+FYkU650p5MGl6Dnfd0waYSFTRh1ku7tRBWKttfjFZCo44wwjjLZH+GitEz1ddFZmp05yM2zQjRUIaSLOyw43ixi5DlUMMR2+NGcGZs6sqHLdqnKKYQ+AEL8cfxo8CEVfUcmyhTENuMIfjNMTxlZaJUGXnhlk9QpmztLac1FZ5IMm0vYQNnJ2th5P5pceqE64VYZb/hFtb3klypkU5ioh9BU+yM/m5XGyGzHFKhtCafhe4D2Ka/mPV8FwqGORi8lrKTM1w0OOAOGRNlth03JZ1HmJkzNsFYZKwJtzXRGOEbssIxY8F2Y0Qfhmidgg7li4ZWto+jGTqItv2w8sFTEpsBulKqP9aMILZvk4zn57HBuO9NC53ZNt0rZF1giADzMC9MBmd/D9xbFk7iqDrkP47Mq+crsjTpey9TpVqL2JbUliT0pmoaF3pO8R5BgtmMb7akurEMoU+ZaWGeAeN7L4TWGscOpPEfd+UCneDX+duBvvZ2f2VZQd7gGxrxM9+noDm31qjlgUzWfzHtjJGN5ta0I+L+DasrXiwHl0MZtjcn/UEe4o/JcTK2ychtFoWQ0WNbN1/1jxLh5ytATt3C5SpmGYxoU4CatM718GAyTSlrLc2Z82zLCH0vMRPszO6A1fj0hVVOM2xWdcsooxAYbHD3mGsHffE5vKNUihTqKHtw7TKor6v64WqAGISpKk3SFThqNI2QAZVnuG2Fqy7CObXbNWS/PCoO9gWpioVfN563csLe7vD+/N5o+3+EJfQ1ZzrYIzSsW4hZxlm7TrqxsfPgy3LtiLU1PuSblXdMJPsQwA67Yr29fObgtBwahSaZyRoixuw978ZeNH3yWU0rpNOm51g5038FefCXw573PbJazR0bRoKmCpMzGxpD/TOzQsRc6eyFAXlofrrMC+an1BMIQAqKyB3y+NLOzo5mbQcwgmMb3IagpRFZMcC4Q++ygk+4RdYryPA3L3mOQNFAvL8bWJ9KHXCUJ2cqcD37nwQSkyGD4GNTrDaLqyslAHerW1uqIO5o2942V4axs777gLV+Ts4p2U+L5KkY+yzKlEfEvEaHMzPqjvGm+gfC6GAwUKOB8Wr99/QNkcl1hnjZ+kGkp2SUTH+FaoSWqHvucfgm5GOB4c74iMT5Bv/3BxlJuouHlYTD7+tOKkgg/4Pl45s07kTuVVymXYgcna1boXj0MZqw9m2Cw2I6snCtbR26/L6Wx1Gb2N1kVteeeOYHXJyT+ttU0HAnHJHt7okwCnrgItvF8RKfUvKNNCPOxUi48QpCcK4lgcpFqxc12i72HkBYFFMHZKMOol6m1hOm+5Hd/+yi05dTGtkKmE4GA3hqXo88QaY/Pm+9rEXTXd/5ojo7mPay6I8Aev3VAlazD8HHG4SV7H33Z4vUloZZ5HnTxd1Qn1c1uzdrbuO5RW33HbS+yFocAxP3KeFm6xNKKn4Ki7ewXthtgk3BivByzyL+OuB5s+7ivwC8Jwt18vpNGV8xtub382Ciw+F0+cj/K+vaHdRykTriYOOMmMzfXd0qwQF77GI+6lmvNccJIqjJcgNtGIk17Nbh7vHBvFo8/jIJ4Vrr6PyDJPM86bDxZhY5O64sFzlKiRWvUjaoLPUxnUu81VkK9+6wlEQWdwSu+Bh+Rxw4s6qn3qlbr8uImBBHpwwjfkXlOefyS8kbAK0figrEBcr34IhjYkEvFm+pVOfDvtgaQVrBPiTmPr/358Vtu76fDG3lrHs9ol0m+8BeCULEdM05CIYkXIsyRLkj3bhHno9+44p3EfEVffdhWh2VetBacHaKpzSq04IjfYDru66GROhqyOW8HaSPnblGjFPYWeKDVy6hS6VvHuNix1/4hw== SAML2_PRIVATE_KEY: >- - AgBlEaQzgvxdnuYzQrRe8GkuBDcpkXAqqU0GuDn1feyOljbZ+ru0ru7ZWbHJcUCEQ25aa89lZJS95rCLAW8gyPmqzC8HOKWO3T7q9RpW0GNbj2Gf6XZosRUJnydTkPEJpgxruu4XNbRfz1B9KlA+maVKio7eJyNdwXzTc+4YDt6MvaqJ4vCVOO/RyNkL0jw5u1p1fj5+IDITELpBWEtIX4m9p2Ig9ugB7PqKagJj/1fCWk/ipAzRS0pqXi+AkXGQVqt1iQIkSOYWfSElET0O4iOAPFPw0LJcit9YC7mbz9qhmtDvue91kOBb7tq7+BnFIyjDUOiSMIwTEWQ5vGEM867Pk302za+NhWY4utk0DU6f6xQugj0iJa/iOEYc5oar0D7cHJUjGNhaOOdlb1dKf4h0T00dJk38/YyTpmsjqORpftolTMBMGszQO+Pt+Wjm24ukpqcynZsRMMoyC4dwIp1Lr3qHesfmrC1xL/rfnI8U+xEPvduTASBv73W7U/Cje9TFJV259aRyltsCd60mY5yiDn59QhFS8/vO4QH5J1RHSTLyhJDUxzvlg2frB52HXtDpz+u0onIsdHQl7JYyClJ45cxVJhW/5L3BPyUxaD/stZP6xQ2vv3ov+xP63kW79mtbHfCMENtJSnoxNsvIEXUY1AtRd6Q9IwUONCrGTFK9N9fCv7GFPBQAma9Tm0EF0HXU7FEk1Au7F97SHilc2PcMS1nx/gg+JfBBJs+DGRsHRNrB+s3Pv8VM2XfWLhX3nzSy8gyi6FZrTRRzTx6jp50n3uKtqzy9A8mMI+YqpC+5dKsUbikIJM6bELmcI6MD+cdYVf0HZ9HhFPe9nW/TGKSP2eJy4FNeheO7gB5ewF9K3Ydva2Lq78QkysBa3NNdEjEeXspeZ1x1X0r7XKS+tJHW3kXSSzGxVBlcGlgIEP6ld9P3Fs7z1/TIMViQM1zGZtmkTC0zkwxjdwBCcOc0s6Ucvlvjlb9cW28/UIfiivDyfLAkHHK19kERCV27tBB2jyPuEo98tO9BindPdgUiWgJRumWn4tC48Zq/DuffJe7r6fpc+O8zknFw8+q7EWGk2rYYnGoKePgA4/QKNsUOpCmgoAawJTbTsZhyW9vY8dkyBrV4Y2vtC1D0Aa62qnGOvIGr5sStgW/0PjYNLvku3uxCLs5Cnt42SEmD3mG9olnJ4kfMNthqzuRig7D5QDbkv2XLdJgmWfKAcyps9gGCszH6otWy1GW+nJV8sA/kuLm7X7im9LaUThC7UXmjrtVUjt2qYR/+uH6fFdClKHzIN+T4IiUCDgjzggmITutrDLebMaJF8V557uEWt7aBYTdYQqBu6MdCBn02GgFNmUZCuYZ8hc7hR4uigCfn6dA/Y0EX8SlOKu0r8W0qF7b1QEDq//J/EfSfv1tMer+JIs4s8AYSq5z70kkecAJp5jJdaIGKVMOhadISxQlzf7pMEPSjqhKiQryyuN4Zz7FqJo6+eqbA54iZt9taFn4J4DV4qk64wC/KRV3bx8xkldkdI9nEkTAKICFRN1domeGWXgo4sAhOhMf2UMceNOxcasXkPGa9lHksNawHA7lhvOHAew096gKCmJocAS2OaaxAkNKX+eCWge7pdz+hWUqp8D2ujnkrYmhOjY73WqZTToso2tAnynjm06psI+4Z2sFeE7u1t70hJs3P8mFFcdpj+fb28OnJgjfq+07jfDiGPdTyw/OR8IZSLHtCJplt2wX4FuO7l8lcw442oygkJxRh/FYIFGbtcIokX4VFDF6NXAdTWYmoh26PJG74SVw+B/tJp7014JYHzei5gT0eOxhkCd2O//gognUajCQFFCewYJNF70alNz6ZGrRXJc5+ky2fHI3zPmAMJP7nBcYWnx6msnk= + AgCNGL6rrPUMmMSIuRPR2Xc/hVBE4ziad0AH056U5tFEJ7XDTRwsfeHIfR6VH4KwdZEKIF+rmVJ5pGbSqBMbP/wxZHAiGqpXZgL0FunpwShDS5rGwbS1WkP32iprheJ6XlHjoT4GoqEzMuOb9eS23Vy1utvIrwvIORN8nXdhRKRd4fZaaWQPnvcna+YHog41016MLOwWXp98y1T2EtMduTGrc/EE2fNsBIwRzQRmDQExJDP+jQvssMtsyciVhgGLx3KJLLq0IeIrd9W5p6Malr+K0OqRpUZmnj7fTEsfC6svW7sglmF4n+DqkvBayE9XWrY4iHVdEyv9Y/ZFMHjB3MNCQb3oNZQMaMf4sUlieUR2GxcVbjcqIRSPpfQTvfhQUTMyhDW5WLiPKwbauYzYyVMMxW1h6F4Yndo1KJQyCMdMfsX1pNtVBiIqb6aEj5kvVdUYtLBJiCSvewlT4xoRKqsNUW7UY/GpCG1it+26AO4K5UrO17vxLVDWnKXC4haxHer3qvVJfYY3BJ8UwDkpSWslMbFa3TgPLIY4+c2R29bAhSP2uSw/73WFIEY9BgDtcemGPum9J/7Kmw8qQS3t3FKZOoaVuuQQAflEX71mSdY1CBsDeEChozBMAs0RTjx1VidFnX9T/OKLQz8ZAp1pm7U4E7X2BNjhAVlyNdVQbLszzzxQtIDk+O1XdxxmdbGunIOYIAi35HL2sqZo1E+O+v5sqUE6qO+PRIiWKexpyjnz8IBDPLt/1N19AAXlMoegu7ewk+HI1e1ngyDXEAHqfZboVchs8AjiYnV/nx1Ze+lnTqQ2f1cVqf0OmnH9eEjnSbUrKlwgD0kyFKDqHAQAjbpzn3z5kd4N5fhCS/drAOqzTIzA/a9ntgmJcof/dN1WqN087R8RQUVu9Aqt/A2Ak9UYq00Dfc3OeKZ3aLmBb/bAfaPJj1TTb4bCMuCSC3mkqZq+xpbzdmIYJ/dPuCWFRLH4FnReSWotxsXKSKCkFFnn8ZMj+b17JV/rmkheuUDx14ssE546r9HZjlPVqY7dkLV2IEpRauE2DwVxlRgvdFAllvkpas4N6Nj0NgnSd9gA0X9TDQw+qMljUuyfy2iedcyAc4IEfIrFW2keIVjqBbBtyAfSV6L2M8DZ34dZcYqFtazYWu4GeDykRxCusLNBfLMZqEnlRt87/LHU5Y3rlRwohIbOOg5VO6kXKcqgvMb434dGObK0p7BRFOm2npZOCG5CCr6bdr9PymFLewPK0ktb9hx/rv7DhwlD7g23lJUerEUBC6+q0CWLDD4eeufGXFEpSO1MdK1vD0KoVihdp6JCHZv5wZc7cV62meLAciX5vmp3Oj7LEQf1d9q9zDf0JhrMafibL7zIYilj0TW/pzQvBt63tdRxkIscX7lSu/hMHFedd53dHucsvzrq8xrGt7vCtYEoma9qdor4CjiMX7YYlaRW5bXwlu6TTim0gbA8ZBVqpwVakephYSDlyiV+enwPVOEEdTI9GMSKx1FCyoU+nFYPKROuAYkKWTUUH3OI9EXuiVD+hN74UbxpsCmx7j3bFt3TPFDk1VaeBh+THLvUDwg8W0i/4SIeAGStCFeHNHNWMrVFL8B4p3jGxUBvGbrSXFhNp7eUTmlr5JCsG2CnsmHF089v4pyfrUQgb4eDevcMkp+j8CNCGqgnylv8gKmgTrJoWVXDXglC97ukmp3o6OW7anyQQbMt8BGrcX2rC3E+j+QcmPIol9DAbp+CnoqHt+N/45bH26eah9Dgfbu9BM/Owra/3yfkhu/yT9OqogY933cIfwSX2zhW5VR1xjnzGQM8xgZlbtJdbqeTtth9AqHAPkGKdKliF3BfXZqdYJK0iIlDo8Lg8GsTTYDOb9QV3aHGCDTXBYDxoB5JU1Nv/pTHcrHOjKIAp4XM/LVSXt+RiRBl+q+Eu9moZV28pRoISFremoAaZu60fQw1ZMxwApZ4OrgAb77HiHUB+4JXfB8LZ802EyYQXEPBx+e919tc7lNApiX+vw54aWqJniERnfbhPe3OutZxPwyqJBqVR2BF5rGL8/YGBe5N+ZmJaBZRNIDde9EuPUlskVx0hxmYOBedNmJcafHrsCjdD/+9afU7FV6d6RmAeS/sUvV3EXo53YSmKM6wf1tx6TAk5tSoTHFHJLNMAEECNuA5dNbG3OYQon+/ILL+t330bbvSEIS/igKWkSUQ/31X8uV/JZm+rVsTXpE5rXyUVakSzpAMfNqOhr5kWxFWzMa/+euonvY8TOyNw6dY3sI1ZuqS/3IUBQDd3EX27EI+hcQUKX5IQzugu+H6xftAJocvL9rXLBxA56iW+j1AKVawv7O6s8OPXMxdKzexaJ+qTZarLCrlNDUPbyZ0JyTjdmc06Ns8MD4THJtCR/xlGcaCfsY6ixOCSkG4Q1iZx3CByW9Dfd68f3AZmRyuk9P0Z97DN1KwrPWnVLLFDH3L/Wf2A7WnhLNIwtG2gM3mJR4s2WeBEu7BnOKJiFKt8N8w/rAEJaCUINvkEQb5yIw1/WXoAFWERxc/FUemsl8giElPfcZl77dU4evuAXcfug8LQL7UVrf0KwEbzd6ICpWBRVAcIe+pZPj+y6u2NR4EcQlKvEY2TfnxT8WunZdj0jllh4T5SR/isuqlf7WtLniAGkXmgLrqte/Wn6FPRj6pa9A41Q1DZIw8bSqrW5VtbmRnVqgv7FwJTQ9XyNjlAafeZZytvywYdVd4mkGNj1Ca+kWP3JPCSAt9lr2w6mh41MGVyGnvKeAooLcRNTiO9C9FJ/2lqlsxkM9ITKzTyvyaWJFfGWFhVDzoYNA3Rbriawd+2DhE7pCEBRu/KBzqiBn49lzonfycg5EpNh4dHwdIOgimk0I1ioZ79+cYAuNFLIquaf7yEpC7pz2UU4kIkIyenjzEi9XTm2tFa2QpZa1iYL98CsrX89ZTfRw3IrbLcLrGi/1QesP7BJ5IPAcmxGNtIAM= template: - data: null metadata: creationTimestamp: null name: saml2 namespace: code-for-philly + type: Opaque diff --git a/echo-http/Deployment/echo-http.yaml b/echo-http/Deployment/echo-http.yaml index a97e7a9..9f5dcff 100644 --- a/echo-http/Deployment/echo-http.yaml +++ b/echo-http/Deployment/echo-http.yaml @@ -14,7 +14,7 @@ spec: app: echo-http spec: containers: - - image: 'mendhak/http-https-echo:17' + - image: mendhak/http-https-echo:17 name: echo-http ports: - containerPort: 8080 diff --git a/grafana/Deployment/grafana.yaml b/grafana/Deployment/grafana.yaml index 3599c26..bd6fdf9 100644 --- a/grafana/Deployment/grafana.yaml +++ b/grafana/Deployment/grafana.yaml @@ -49,7 +49,7 @@ spec: value: /var/lib/grafana/plugins - name: GF_PATHS_PROVISIONING value: /etc/grafana/provisioning - image: 'grafana/grafana:9.2.5' + image: grafana/grafana:9.2.5 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 10 @@ -86,7 +86,7 @@ spec: - '-R' - '472:472' - /var/lib/grafana - image: 'busybox:1.31.1' + image: busybox:1.31.1 imagePullPolicy: IfNotPresent name: init-chown-data securityContext: @@ -103,7 +103,7 @@ spec: command: - /bin/sh env: null - image: 'curlimages/curl:7.85.0' + image: curlimages/curl:7.85.0 imagePullPolicy: IfNotPresent name: download-dashboards volumeMounts: diff --git a/hairpin-proxy/Deployment/hairpin-proxy-controller.yaml b/hairpin-proxy/Deployment/hairpin-proxy-controller.yaml index 052768a..44c138e 100644 --- a/hairpin-proxy/Deployment/hairpin-proxy-controller.yaml +++ b/hairpin-proxy/Deployment/hairpin-proxy-controller.yaml @@ -21,7 +21,7 @@ spec: value: coredns-custom - name: COREDNS_IMPORT_CONFIG value: 'true' - image: 'ghcr.io/jarvusinnovations/hairpin-proxy/controller:0.3.0' + image: ghcr.io/jarvusinnovations/hairpin-proxy/controller:0.3.0 name: main resources: limits: diff --git a/hairpin-proxy/Deployment/hairpin-proxy-haproxy.yaml b/hairpin-proxy/Deployment/hairpin-proxy-haproxy.yaml index b93af99..20ba8a9 100644 --- a/hairpin-proxy/Deployment/hairpin-proxy-haproxy.yaml +++ b/hairpin-proxy/Deployment/hairpin-proxy-haproxy.yaml @@ -16,7 +16,7 @@ spec: app: hairpin-proxy-haproxy spec: containers: - - image: 'ghcr.io/jarvusinnovations/hairpin-proxy/haproxy:0.3.0' + - image: ghcr.io/jarvusinnovations/hairpin-proxy/haproxy:0.3.0 name: main resources: limits: diff --git a/ingress-nginx/Job/ingress-nginx-admission-create.yaml b/ingress-nginx/Job/ingress-nginx-admission-create.yaml index 4346535..a349d29 100644 --- a/ingress-nginx/Job/ingress-nginx-admission-create.yaml +++ b/ingress-nginx/Job/ingress-nginx-admission-create.yaml @@ -2,8 +2,8 @@ apiVersion: batch/v1 kind: Job metadata: annotations: - helm.sh/hook: 'pre-install,pre-upgrade' - helm.sh/hook-delete-policy: 'before-hook-creation,hook-succeeded' + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx diff --git a/ingress-nginx/Job/ingress-nginx-admission-patch.yaml b/ingress-nginx/Job/ingress-nginx-admission-patch.yaml index 55859bd..b659902 100644 --- a/ingress-nginx/Job/ingress-nginx-admission-patch.yaml +++ b/ingress-nginx/Job/ingress-nginx-admission-patch.yaml @@ -2,8 +2,8 @@ apiVersion: batch/v1 kind: Job metadata: annotations: - helm.sh/hook: 'post-install,post-upgrade' - helm.sh/hook-delete-policy: 'before-hook-creation,hook-succeeded' + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx diff --git a/ingress-nginx/Role/ingress-nginx-admission.yaml b/ingress-nginx/Role/ingress-nginx-admission.yaml index 75c6385..74ee310 100644 --- a/ingress-nginx/Role/ingress-nginx-admission.yaml +++ b/ingress-nginx/Role/ingress-nginx-admission.yaml @@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - helm.sh/hook: 'pre-install,pre-upgrade,post-install,post-upgrade' - helm.sh/hook-delete-policy: 'before-hook-creation,hook-succeeded' + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx diff --git a/ingress-nginx/RoleBinding/ingress-nginx-admission.yaml b/ingress-nginx/RoleBinding/ingress-nginx-admission.yaml index 9478139..5e34d21 100644 --- a/ingress-nginx/RoleBinding/ingress-nginx-admission.yaml +++ b/ingress-nginx/RoleBinding/ingress-nginx-admission.yaml @@ -2,8 +2,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - helm.sh/hook: 'pre-install,pre-upgrade,post-install,post-upgrade' - helm.sh/hook-delete-policy: 'before-hook-creation,hook-succeeded' + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx diff --git a/ingress-nginx/ServiceAccount/ingress-nginx-admission.yaml b/ingress-nginx/ServiceAccount/ingress-nginx-admission.yaml index 9d5070c..fbf1eee 100644 --- a/ingress-nginx/ServiceAccount/ingress-nginx-admission.yaml +++ b/ingress-nginx/ServiceAccount/ingress-nginx-admission.yaml @@ -2,8 +2,8 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - helm.sh/hook: 'pre-install,pre-upgrade,post-install,post-upgrade' - helm.sh/hook-delete-policy: 'before-hook-creation,hook-succeeded' + helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: app.kubernetes.io/component: admission-webhook app.kubernetes.io/instance: ingress-nginx diff --git a/kube-system/Deployment/metrics-server.yaml b/kube-system/Deployment/metrics-server.yaml index 23a1f08..2b1d939 100644 --- a/kube-system/Deployment/metrics-server.yaml +++ b/kube-system/Deployment/metrics-server.yaml @@ -25,7 +25,7 @@ spec: - '--kubelet-use-node-status-port' - '--metric-resolution=15s' - '--kubelet-insecure-tls' - image: 'k8s.gcr.io/metrics-server/metrics-server:v0.6.2' + image: k8s.gcr.io/metrics-server/metrics-server:v0.6.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/kube-system/Role/cert-manager-cainjector:leaderelection.yaml b/kube-system/Role/cert-manager-cainjector:leaderelection.yaml index 986d6cc..aea3115 100644 --- a/kube-system/Role/cert-manager-cainjector:leaderelection.yaml +++ b/kube-system/Role/cert-manager-cainjector:leaderelection.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-cainjector:leaderelection' + name: cert-manager-cainjector:leaderelection namespace: kube-system rules: - apiGroups: diff --git a/kube-system/Role/cert-manager:leaderelection.yaml b/kube-system/Role/cert-manager:leaderelection.yaml index d53f07b..1cfc88c 100644 --- a/kube-system/Role/cert-manager:leaderelection.yaml +++ b/kube-system/Role/cert-manager:leaderelection.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager:leaderelection' + name: cert-manager:leaderelection namespace: kube-system rules: - apiGroups: diff --git a/kube-system/RoleBinding/cert-manager-cainjector:leaderelection.yaml b/kube-system/RoleBinding/cert-manager-cainjector:leaderelection.yaml index 2153962..01ddf7e 100644 --- a/kube-system/RoleBinding/cert-manager-cainjector:leaderelection.yaml +++ b/kube-system/RoleBinding/cert-manager-cainjector:leaderelection.yaml @@ -9,12 +9,12 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager-cainjector:leaderelection' + name: cert-manager-cainjector:leaderelection namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'cert-manager-cainjector:leaderelection' + name: cert-manager-cainjector:leaderelection subjects: - kind: ServiceAccount name: cert-manager-cainjector diff --git a/kube-system/RoleBinding/cert-manager:leaderelection.yaml b/kube-system/RoleBinding/cert-manager:leaderelection.yaml index 08681f1..55151e2 100644 --- a/kube-system/RoleBinding/cert-manager:leaderelection.yaml +++ b/kube-system/RoleBinding/cert-manager:leaderelection.yaml @@ -9,12 +9,12 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/version: v1.10.1 helm.sh/chart: cert-manager-v1.10.1 - name: 'cert-manager:leaderelection' + name: cert-manager:leaderelection namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: 'cert-manager:leaderelection' + name: cert-manager:leaderelection subjects: - apiGroup: '' kind: ServiceAccount diff --git a/loki/DaemonSet/promtail.yaml b/loki/DaemonSet/promtail.yaml index e42d337..0b12667 100644 --- a/loki/DaemonSet/promtail.yaml +++ b/loki/DaemonSet/promtail.yaml @@ -30,7 +30,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: 'docker.io/grafana/promtail:2.6.1' + image: docker.io/grafana/promtail:2.6.1 imagePullPolicy: IfNotPresent name: promtail ports: diff --git a/loki/StatefulSet/loki.yaml b/loki/StatefulSet/loki.yaml index 339fc07..109ce4f 100644 --- a/loki/StatefulSet/loki.yaml +++ b/loki/StatefulSet/loki.yaml @@ -33,7 +33,7 @@ spec: - args: - '-config.file=/etc/loki/loki.yaml' env: null - image: 'grafana/loki:2.6.1' + image: grafana/loki:2.6.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/prometheus/DaemonSet/prometheus-node-exporter.yaml b/prometheus/DaemonSet/prometheus-node-exporter.yaml index 4e9b791..fe04a26 100644 --- a/prometheus/DaemonSet/prometheus-node-exporter.yaml +++ b/prometheus/DaemonSet/prometheus-node-exporter.yaml @@ -30,7 +30,7 @@ spec: - '--path.sysfs=/host/sys' - '--path.rootfs=/host/root' - '--web.listen-address=:9100' - image: 'quay.io/prometheus/node-exporter:v1.3.1' + image: quay.io/prometheus/node-exporter:v1.3.1 imagePullPolicy: IfNotPresent name: prometheus-node-exporter ports: diff --git a/prometheus/Deployment/prometheus-alertmanager.yaml b/prometheus/Deployment/prometheus-alertmanager.yaml index f506037..6f3b0a9 100644 --- a/prometheus/Deployment/prometheus-alertmanager.yaml +++ b/prometheus/Deployment/prometheus-alertmanager.yaml @@ -40,7 +40,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP - image: 'quay.io/prometheus/alertmanager:v0.24.0' + image: quay.io/prometheus/alertmanager:v0.24.0 imagePullPolicy: IfNotPresent name: prometheus-alertmanager ports: @@ -61,7 +61,7 @@ spec: - args: - '--volume-dir=/etc/config' - '--webhook-url=http://127.0.0.1:9093/-/reload' - image: 'jimmidyson/configmap-reload:v0.5.0' + image: jimmidyson/configmap-reload:v0.5.0 imagePullPolicy: IfNotPresent name: prometheus-alertmanager-configmap-reload resources: {} diff --git a/prometheus/Deployment/prometheus-kube-state-metrics.yaml b/prometheus/Deployment/prometheus-kube-state-metrics.yaml index 10c254a..01844bc 100644 --- a/prometheus/Deployment/prometheus-kube-state-metrics.yaml +++ b/prometheus/Deployment/prometheus-kube-state-metrics.yaml @@ -33,7 +33,7 @@ spec: - '--port=8080' - >- --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,leases,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments - image: 'registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.6.0' + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.6.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/prometheus/Deployment/prometheus-pushgateway.yaml b/prometheus/Deployment/prometheus-pushgateway.yaml index cfaf8ae..0e14be5 100644 --- a/prometheus/Deployment/prometheus-pushgateway.yaml +++ b/prometheus/Deployment/prometheus-pushgateway.yaml @@ -27,7 +27,7 @@ spec: spec: containers: - args: null - image: 'prom/pushgateway:v1.4.3' + image: prom/pushgateway:v1.4.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/prometheus/Deployment/prometheus-server.yaml b/prometheus/Deployment/prometheus-server.yaml index 69541cd..d7a8bdd 100644 --- a/prometheus/Deployment/prometheus-server.yaml +++ b/prometheus/Deployment/prometheus-server.yaml @@ -32,7 +32,7 @@ spec: - args: - '--volume-dir=/etc/config' - '--webhook-url=http://127.0.0.1:9090/-/reload' - image: 'jimmidyson/configmap-reload:v0.5.0' + image: jimmidyson/configmap-reload:v0.5.0 imagePullPolicy: IfNotPresent name: prometheus-server-configmap-reload resources: {} @@ -47,7 +47,7 @@ spec: - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--web.enable-lifecycle' - image: 'quay.io/prometheus/prometheus:v2.39.1' + image: quay.io/prometheus/prometheus:v2.39.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/sealed-secrets/Deployment/sealed-secrets.yaml b/sealed-secrets/Deployment/sealed-secrets.yaml index f300735..0410bb9 100644 --- a/sealed-secrets/Deployment/sealed-secrets.yaml +++ b/sealed-secrets/Deployment/sealed-secrets.yaml @@ -27,7 +27,7 @@ spec: - sealed-secrets-key command: - controller - image: 'docker.io/bitnami/sealed-secrets-controller:v0.19.2' + image: docker.io/bitnami/sealed-secrets-controller:v0.19.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/sealed-secrets/Role/sealed-secrets-service-proxier.yaml b/sealed-secrets/Role/sealed-secrets-service-proxier.yaml index f4a10ca..e24f865 100644 --- a/sealed-secrets/Role/sealed-secrets-service-proxier.yaml +++ b/sealed-secrets/Role/sealed-secrets-service-proxier.yaml @@ -22,7 +22,7 @@ rules: - '' resourceNames: - 'http:sealed-secrets:' - - 'http:sealed-secrets:http' + - http:sealed-secrets:http - sealed-secrets resources: - services/proxy diff --git a/sealed-secrets/RoleBinding/sealed-secrets-service-proxier.yaml b/sealed-secrets/RoleBinding/sealed-secrets-service-proxier.yaml index 008d1cc..75360e3 100644 --- a/sealed-secrets/RoleBinding/sealed-secrets-service-proxier.yaml +++ b/sealed-secrets/RoleBinding/sealed-secrets-service-proxier.yaml @@ -16,4 +16,4 @@ roleRef: subjects: - apiGroup: rbac.authorization.k8s.io kind: Group - name: 'system:authenticated' + name: system:authenticated diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-analytics.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-analytics.yaml index bd7c9d3..0a30da1 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-analytics.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-analytics.yaml @@ -66,7 +66,7 @@ spec: value: $(DB_SCHEMA) - name: LOGFLARE_FEATURE_FLAG_OVERRIDE value: $(FEATURE_FLAG_OVERRIDE) - image: 'supabase/logflare:1.10.0' + image: supabase/logflare:1.10.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -99,7 +99,7 @@ spec: name: postgres - name: DB_PORT value: '5432' - image: 'postgres:15-alpine' + image: postgres:15-alpine imagePullPolicy: IfNotPresent name: init-db securityContext: {} diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-auth.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-auth.yaml index 59bb605..b0fe546 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-auth.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-auth.yaml @@ -22,7 +22,7 @@ spec: containers: - env: - name: API_EXTERNAL_URL - value: 'https://squadquest-supabase.live.k8s.phl.io' + value: https://squadquest-supabase.live.k8s.phl.io - name: DB_DRIVER value: postgres - name: DB_PORT @@ -60,7 +60,7 @@ spec: - name: GOTRUE_MAILER_URLPATHS_RECOVERY value: /auth/v1/verify - name: GOTRUE_SITE_URL - value: 'https://squadquest-supabase.live.k8s.phl.io' + value: https://squadquest-supabase.live.k8s.phl.io - name: GOTRUE_SMS_AUTOCONFIRM value: 'false' - name: GOTRUE_SMTP_ADMIN_EMAIL @@ -110,7 +110,7 @@ spec: secretKeyRef: key: password name: postmark - image: 'supabase/gotrue:v2.164.0' + image: supabase/gotrue:v2.164.0 imagePullPolicy: IfNotPresent name: supabase-auth ports: @@ -139,7 +139,7 @@ spec: name: postgres - name: DB_PORT value: '5432' - image: 'postgres:15-alpine' + image: postgres:15-alpine imagePullPolicy: IfNotPresent name: init-db securityContext: {} diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-db.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-db.yaml index d0ee31b..d1d89f2 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-db.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-db.yaml @@ -54,7 +54,7 @@ spec: secretKeyRef: key: database name: postgres - image: 'supabase/postgres:15.6.1.143' + image: supabase/postgres:15.6.1.143 imagePullPolicy: IfNotPresent livenessProbe: exec: @@ -101,7 +101,7 @@ spec: command: - /bin/sh - '-c' - image: 'supabase/postgres:15.6.1.143' + image: supabase/postgres:15.6.1.143 imagePullPolicy: IfNotPresent name: init-db volumeMounts: diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-functions.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-functions.yaml index 138c290..0c33fbd 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-functions.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-functions.yaml @@ -68,7 +68,7 @@ spec: - name: POSTGRES_BACKEND_URL value: >- $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL) - image: 'supabase/edge-runtime:v1.65.3' + image: supabase/edge-runtime:v1.65.3 imagePullPolicy: IfNotPresent name: supabase-functions securityContext: {} diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-imgproxy.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-imgproxy.yaml index c469ae6..70983b7 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-imgproxy.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-imgproxy.yaml @@ -29,7 +29,7 @@ spec: value: / - name: IMGPROXY_USE_ETAG value: 'true' - image: 'darthsim/imgproxy:v3' + image: darthsim/imgproxy:v3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-kong.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-kong.yaml index ceb4a33..fb1ef87 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-kong.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-kong.yaml @@ -30,7 +30,7 @@ spec: - name: KONG_DECLARATIVE_CONFIG value: /usr/local/kong/kong.yml - name: KONG_DNS_ORDER - value: 'LAST,A,CNAME' + value: LAST,A,CNAME - name: KONG_LOG_LEVEL value: warn - name: KONG_NGINX_PROXY_PROXY_BUFFERS @@ -38,7 +38,7 @@ spec: - name: KONG_NGINX_PROXY_PROXY_BUFFER_SIZE value: 160k - name: KONG_PLUGINS - value: 'request-transformer,cors,key-auth,acl,basic-auth' + value: request-transformer,cors,key-auth,acl,basic-auth - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: @@ -59,7 +59,7 @@ spec: secretKeyRef: key: password name: dashboard - image: 'kong:2.8.5' + image: kong:2.8.5 imagePullPolicy: IfNotPresent name: supabase-kong ports: @@ -77,14 +77,14 @@ spec: serviceAccountName: squadquest-supabase-supabase-kong volumes: - configMap: - defaultMode: 511 + defaultMode: 777 items: - key: template.yml path: template.yml name: squadquest-supabase-supabase-kong name: config - configMap: - defaultMode: 511 + defaultMode: 777 items: - key: wrapper.sh path: wrapper.sh diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-meta.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-meta.yaml index d1e3eb9..f155766 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-meta.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-meta.yaml @@ -55,7 +55,7 @@ spec: value: $(DB_PASSWORD) - name: PG_META_DB_SSL_MODE value: $(DB_SSL) - image: 'supabase/postgres-meta:v0.84.3' + image: supabase/postgres-meta:v0.84.3 imagePullPolicy: IfNotPresent name: supabase-meta ports: diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-realtime.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-realtime.yaml index 1104522..0a1c1fa 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-realtime.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-realtime.yaml @@ -74,7 +74,7 @@ spec: secretKeyRef: key: secret name: jwt - image: 'supabase/realtime:v2.33.61' + image: supabase/realtime:v2.33.61 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -108,7 +108,7 @@ spec: name: postgres - name: DB_PORT value: '5432' - image: 'postgres:15-alpine' + image: postgres:15-alpine imagePullPolicy: IfNotPresent name: init-db securityContext: {} diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-rest.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-rest.yaml index 97c5f06..6a72ecf 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-rest.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-rest.yaml @@ -34,7 +34,7 @@ spec: - name: PGRST_DB_ANON_ROLE value: anon - name: PGRST_DB_SCHEMAS - value: 'public,storage,graphql_public' + value: public,storage,graphql_public - name: PGRST_DB_USE_LEGACY_GUCS value: 'false' - name: DB_HOST @@ -67,7 +67,7 @@ spec: secretKeyRef: key: secret name: jwt - image: 'postgrest/postgrest:v12.2.3' + image: postgrest/postgrest:v12.2.3 imagePullPolicy: IfNotPresent name: supabase-rest ports: diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-storage.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-storage.yaml index de2f68e..9116bf4 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-storage.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-storage.yaml @@ -50,7 +50,7 @@ spec: - name: DB_HOST value: squadquest-supabase-supabase-db - name: POSTGREST_URL - value: 'http://squadquest-supabase-supabase-rest:3000' + value: http://squadquest-supabase-supabase-rest:3000 - name: DB_PASSWORD valueFrom: secretKeyRef: @@ -85,8 +85,8 @@ spec: key: serviceKey name: jwt - name: IMGPROXY_URL - value: 'http://squadquest-supabase-supabase-imgproxy:5001' - image: 'supabase/storage-api:v1.13.3' + value: http://squadquest-supabase-supabase-imgproxy:5001 + image: supabase/storage-api:v1.13.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -123,7 +123,7 @@ spec: name: postgres - name: DB_PORT value: '5432' - image: 'postgres:15-alpine' + image: postgres:15-alpine imagePullPolicy: IfNotPresent name: init-db restartPolicy: Always diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-studio.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-studio.yaml index 3c8822d..4df4890 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-studio.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-studio.yaml @@ -32,11 +32,11 @@ spec: - name: STUDIO_PORT value: '3000' - name: SUPABASE_PUBLIC_URL - value: 'http://example.com' + value: http://example.com - name: SUPABASE_URL - value: 'http://squadquest-supabase-supabase-kong:8000' + value: http://squadquest-supabase-supabase-kong:8000 - name: STUDIO_PG_META_URL - value: 'http://squadquest-supabase-supabase-meta:8080' + value: http://squadquest-supabase-supabase-meta:8080 - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: @@ -48,13 +48,13 @@ spec: key: serviceKey name: jwt - name: LOGFLARE_URL - value: 'http://squadquest-supabase-supabase-analytics:4000' + value: http://squadquest-supabase-supabase-analytics:4000 - name: LOGFLARE_API_KEY valueFrom: secretKeyRef: key: apiKey name: logflare - image: 'supabase/studio:20241111-d7c6eb1' + image: supabase/studio:20241111-d7c6eb1 imagePullPolicy: IfNotPresent name: supabase-studio ports: diff --git a/squadquest-supabase/Deployment/squadquest-supabase-supabase-vector.yaml b/squadquest-supabase/Deployment/squadquest-supabase-supabase-vector.yaml index 042deaf..b3ef4be 100644 --- a/squadquest-supabase/Deployment/squadquest-supabase-supabase-vector.yaml +++ b/squadquest-supabase/Deployment/squadquest-supabase-supabase-vector.yaml @@ -36,7 +36,7 @@ spec: secretKeyRef: key: apiKey name: logflare - image: 'timberio/vector:0.42.X-alpine' + image: timberio/vector:0.42.X-alpine imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -64,6 +64,6 @@ spec: path: /var/log/pods name: pod-logs - configMap: - defaultMode: 511 + defaultMode: 777 name: squadquest-supabase-supabase-vector-config name: vector-config diff --git a/squadquest-supabase/Job/squadquest-supabase-test-db.yaml b/squadquest-supabase/Job/squadquest-supabase-test-db.yaml index 547501c..20877e8 100644 --- a/squadquest-supabase/Job/squadquest-supabase-test-db.yaml +++ b/squadquest-supabase/Job/squadquest-supabase-test-db.yaml @@ -32,7 +32,7 @@ spec: name: postgres - name: DB_PORT value: '5432' - image: 'postgres:15-alpine' + image: postgres:15-alpine imagePullPolicy: IfNotPresent name: test-db restartPolicy: Never diff --git a/third-places/Deployment/third-places-frontend.yaml b/third-places/Deployment/third-places-frontend.yaml index c695db5..67a2be2 100644 --- a/third-places/Deployment/third-places-frontend.yaml +++ b/third-places/Deployment/third-places-frontend.yaml @@ -25,7 +25,7 @@ spec: app.kubernetes.io/name: third-places spec: containers: - - image: 'ghcr.io/codeforphilly/third-places/frontend:0.1.11' + - image: ghcr.io/codeforphilly/third-places/frontend:0.1.11 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/third-places/Deployment/third-places.yaml b/third-places/Deployment/third-places.yaml index ba27e81..3ef433b 100644 --- a/third-places/Deployment/third-places.yaml +++ b/third-places/Deployment/third-places.yaml @@ -27,7 +27,7 @@ spec: containers: - args: - runserver - - '0.0.0.0:80' + - 0.0.0.0:80 command: - python3 - manage.py @@ -53,7 +53,7 @@ spec: secretKeyRef: key: POSTGRES_PASSWORD name: postgresql - image: 'ghcr.io/codeforphilly/third-places:0.1.11' + image: ghcr.io/codeforphilly/third-places:0.1.11 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/third-places/StatefulSet/third-places-postgresql.yaml b/third-places/StatefulSet/third-places-postgresql.yaml index a0dc032..554d9df 100644 --- a/third-places/StatefulSet/third-places-postgresql.yaml +++ b/third-places/StatefulSet/third-places-postgresql.yaml @@ -29,7 +29,7 @@ spec: - envFrom: - secretRef: name: postgresql - image: 'postgis/postgis:13-3.1' + image: postgis/postgis:13-3.1 livenessProbe: initialDelaySeconds: 15 periodSeconds: 20 diff --git a/vaultwarden/CronJob/vaultwarden-backups.yaml b/vaultwarden/CronJob/vaultwarden-backups.yaml index 4889ffd..512b07c 100644 --- a/vaultwarden/CronJob/vaultwarden-backups.yaml +++ b/vaultwarden/CronJob/vaultwarden-backups.yaml @@ -102,7 +102,7 @@ spec: envFrom: - secretRef: name: restic - image: 'ghcr.io/jarvusinnovations/restic-toolkit:1.3.0' + image: ghcr.io/jarvusinnovations/restic-toolkit:1.3.0 imagePullPolicy: IfNotPresent name: restic-toolkit volumeMounts: diff --git a/vaultwarden/Deployment/vaultwarden.yaml b/vaultwarden/Deployment/vaultwarden.yaml index 39efb15..2ed43b4 100644 --- a/vaultwarden/Deployment/vaultwarden.yaml +++ b/vaultwarden/Deployment/vaultwarden.yaml @@ -53,7 +53,7 @@ spec: key: database-url name: database-url - name: DOMAIN - value: 'https://vaultwarden.phl.io' + value: https://vaultwarden.phl.io - name: ADMIN_TOKEN valueFrom: secretKeyRef: @@ -77,7 +77,7 @@ spec: secretKeyRef: key: smtp-password name: smtp-postmark - image: 'vaultwarden/server:1.33.2' + image: vaultwarden/server:1.33.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/vaultwarden/Ingress/vaultwarden-legacy.yaml b/vaultwarden/Ingress/vaultwarden-legacy.yaml index 8bc69af..6757ed9 100644 --- a/vaultwarden/Ingress/vaultwarden-legacy.yaml +++ b/vaultwarden/Ingress/vaultwarden-legacy.yaml @@ -4,7 +4,7 @@ metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/permanent-redirect: 'https://vaultwarden.phl.io$request_uri' + nginx.ingress.kubernetes.io/permanent-redirect: https://vaultwarden.phl.io$request_uri nginx.ingress.kubernetes.io/rewrite-target: / labels: app.kubernetes.io/instance: vaultwarden diff --git a/vaultwarden/StatefulSet/vaultwarden-postgresql.yaml b/vaultwarden/StatefulSet/vaultwarden-postgresql.yaml index 0af40c4..81b5756 100644 --- a/vaultwarden/StatefulSet/vaultwarden-postgresql.yaml +++ b/vaultwarden/StatefulSet/vaultwarden-postgresql.yaml @@ -27,7 +27,7 @@ spec: - envFrom: - secretRef: name: postgresql - image: 'postgres:13' + image: postgres:13 livenessProbe: initialDelaySeconds: 15 periodSeconds: 20