Failed sync attempt to 2.1.0: one or more objects failed to apply,
reason: Deployment.apps "reloader-reloader" is invalid:
spec.template.metadata.labels: Invalid value:
map[string]string{"app.kubernetes.io/instance":"reloader",
"app.kubernetes.io/managed-by":"Helm",
"app.kubernetes.io/name":"reloader",
"app.kubernetes.io/version":"v1.4.0", "group":"com.stakater.platform",
"helm.sh/chart":"reloader-2.1.0", "provider":"stakater",
"version":"v1.4.0"}: `selector` does not match template `labels`
(retried 5 times).
This reverts commit db1f33df6d28da34a973678ff576032a445dd39f.
		
	
k-space.ee infrastructure
Kubernetes manifests, Ansible playbooks, and documentation for K-SPACE services.
- Repo is deployed with ArgoCD. For kubectlaccess, see CLUSTER.md.
- Debugging Kubernetes on Wiki
- Need help? → #kube
Jump to docs: inventory-app / cameras / doors / list of apps // all infra / network / retro / non-infra
Tip: Search the repo for kind: xyz for examples.
Supporting services
- Build Git repositories with Woodpecker.
- Passmower: Authz with kind: OIDCClient(orkind: OIDCMiddlewareClient1 ).
- Traefik2 : Expose services with kind: Service+kind: Ingress(TLS and DNS included).
Additional
- bind: Manage additional DNS records with kind: DNSEndpoint.
- Prometheus: Collect metrics with kind: PodMonitor(alerts withkind: PrometheusRule).
- Slack bots and Kubernetes CLUSTER.md itself.
Network
All nodes are in Infra VLAN 21. Routing is implemented with BGP, all nodes and the router make a full-mesh. Both Serice LB IPs and Pod IPs are advertised to the router. Router does NAT for outbound pod traffic. See the Calico installation for Kube side and Routing / BGP in the router. Static routes for 193.40.103.36/30 have been added in pve nodes to make them communicating with Passmower via Traefik more stable - otherwise packets coming back to the PVE are routed directly via VLAN 21 internal IPs by the worker nodes, breaking TCP.
Databases / -stores:
- KeyDB: kind: KeydbClaim(replaces Redis3 )
- Dragonfly: kind: Dragonfly(replaces Redis3 )
- Longhorn: storageClassName: longhorn(filesystem storage)
- Mongo4 : kind: MongoDBCommunity(NAS*inventory-mongodb)
- Minio S3: kind: MinioBucketClaimwithclass: dedicated(NAS*:class: external)
- MariaDB*: search for mysql,mariadb5 (replaces MySQL)
- Postgres*: hardcoded to harbor/application.yml
* External, hosted directly on nas.k-space.ee
This page is referenced by wiki front page as the technical documentation for infra.
- 
Applications should use OpenID Connect ( kind: OIDCClient) for authentication, whereever possible. If not possible, usekind: OIDCMiddlewareClientclient, which will provide authentication via a Traefik middleware (traefik.ingress.kubernetes.io/router.middlewares: passmower-proxmox@kubernetescrd). Sometimes you might use both for extra security. ↩︎
- 
No nginx annotations! Use kind: Ingressinstead.IngressRouteis not used as it doesn't supportexternal-dnsout of the box. ↩︎
- 
Redis has been replaced as redis-operatori couldn't handle itself: didn't reconcile after reboots, master URI was empty, and clients complained about missing masters. ArgoCD still hosts its own Redis. ↩︎ 
- 
Mongo problems: Incompatible with rawfile csi (wiredtiger.wt corrupts), complicated resizing (PVCs from statefulset PVC template). ↩︎ 
- 
As of 2024-07-30 used by auth, authelia, bitwarden, etherpad, freescout, git, grafana, nextcloud, wiki, woodpecker ↩︎