v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

Add 'flux/' from commit '57e0c3e15534303076055628a469603c385f383a'

Browse source 
git-subtree-dir: flux
git-subtree-mainline: 4d0b7496d6
git-subtree-split: 57e0c3e155
This commit is contained in:
Vivian 2021-11-21 13:40:18 +01:00
parent 4d0b7496d6 57e0c3e155
commit eda5075f08
49 changed files with 7057 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
flux/README.md Normal file
View file

@ -0,0 +1,20 @@
# Kubernetes Cluster
This is my personal Kubernetes Cluster. [Flux] watches this git repo and reconciles and changes made to the cluster.
## Directory structure
The main directory is `cluster`, it contains the following subdirectories in the order that flux will apply them:
* **base**: the entrypoint for Flux
* **crds**: contains the CRDs that are needed for anything running in the cluster, these get applied earlier to make sure they exist
* **core**: important core infrastructure applications, grouped by namespace, that should never be pruned
* **apps**: common applications that are allowed to be pruned by flux
## Bootstrap
The cluster was bootstrapped using the following command:
```
flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller
```
## References
Heavily inspired by: [onedr0p's cluster](https://github.com/onedr0p/home-cluster)
[Flux]: https://github.com/fluxcd/flux2

2
flux/bootstrap.sh Executable file
View file

@ -0,0 +1,2 @@
#!/bin/sh
flux bootstrap git --url=ssh://git@git.xirion.net:2222/olympus/flux.git --branch=main --path=cluster/base/ --ssh-key-algorithm=ed25519 --components-extra=image-reflector-controller,image-automation-controller

5
flux/cluster/apps/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- networking
- presidential-paradise

4
flux/cluster/apps/networking/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- traefik

67
flux/cluster/apps/networking/traefik/helm-release.yaml Normal file
View file

@ -0,0 +1,67 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik
namespace: networking
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://helm.traefik.io/traefik
chart: traefik
version: 10.6.2
sourceRef:
kind: HelmRepository
name: traefik-charts
namespace: flux-system
interval: 5m
values:
image:
name: traefik
deployment:
kind: Deployment
replicas: 2
service:
enabled: true
type: LoadBalancer
spec:
externalIPs:
- 10.42.42.150
externalTrafficPolicy: Local
logs:
general:
level: WARN
ingressClass:
enabled: true
isDefaultClass: true
fallbackApiVersion: v1
globalArguments:
- "--providers.kubernetesingress.ingressclass=traefik"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.42.42.0/23"
additionalArguments:
- "--providers.kubernetesingress.ingressendpoint.ip=10.42.42.150"
ports:
traefik:
port: 9000
expose: true
web:
port: 8000
exposedPort: 8000
expose: true
websecure:
port: 8443
exposedPort: 8443
expose: true
pilot:
enabled: false
experimental:
plugins:
enabled: false
affinity: {}
resources:
requests:
memory: 100Mi
cpu: 500m
limits:
memory: 500Mi

4
flux/cluster/apps/networking/traefik/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

55
flux/cluster/apps/presidential-paradise/0x76dev/0x76.yaml Normal file
View file

@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: x76dev
namespace: presidential-paradise
labels:
app: x76dev
spec:
replicas: 1
selector:
matchLabels:
app: x76dev
template:
metadata:
labels:
app: x76dev
spec:
containers:
- name: x76dev
image: registry.xirion.net/library/0x76.dev
ports:
- containerPort: 8080
imagePullSecrets:
- name: xirion-registry-creds
---
apiVersion: v1
kind: Service
metadata:
name: x76dev-service
namespace: presidential-paradise
spec:
selector:
app: x76dev
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: x76dev-ingress
namespace: presidential-paradise
spec:
ingressClassName: "traefik"
rules:
- host: "0x76.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: x76dev-service
port:
number: 8080

4
flux/cluster/apps/presidential-paradise/0x76dev/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- 0x76.yaml

7
flux/cluster/apps/presidential-paradise/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- xirion-registry-creds.yaml
- 0x76dev
- wooloofanclub
- zookeeper

4
flux/cluster/apps/presidential-paradise/wooloofanclub/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- wooloo.yaml

98
flux/cluster/apps/presidential-paradise/wooloofanclub/wooloo.yaml Normal file
View file

@ -0,0 +1,98 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wooloofan-club
namespace: presidential-paradise
labels:
app: wooloofan-club
spec:
replicas: 1
selector:
matchLabels:
app: wooloofan-club
template:
metadata:
labels:
app: wooloofan-club
spec:
containers:
- name: wooloofan-club
image: 0x76/wooloofan.club
ports:
- containerPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wooloofan-club-whoami
namespace: presidential-paradise
labels:
app: wooloofan-club-whoami
spec:
replicas: 1
selector:
matchLabels:
app: wooloofan-club-whoami
template:
metadata:
labels:
app: wooloofan-club-whoami
spec:
containers:
- name: wooloofan-club-whoami
image: containous/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: wooloofan-club-service
namespace: presidential-paradise
spec:
selector:
app: wooloofan-club
ports:
- protocol: TCP
port: 80
---
apiVersion: v1
kind: Service
metadata:
name: wooloofan-club-whoami-service
namespace: presidential-paradise
spec:
selector:
app: wooloofan-club-whoami
ports:
- protocol: TCP
port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wooloofan-club-ingress
namespace: presidential-paradise
spec:
ingressClassName: "traefik"
rules:
- host: "wooloofan.club"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wooloofan-club-service
port:
number: 80
- host: "whoami.wooloofan.club"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wooloofan-club-whoami-service
port:
number: 80

19
flux/cluster/apps/presidential-paradise/xirion-registry-creds.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: xirion-registry-creds
namespace: presidential-paradise
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: xirion-registry-creds
template:
type: kubernetes.io/dockerconfigjson
data:
- secretKey: .dockerconfigjson
remoteRef:
key: xirion-registry-creds
property: dockerconfigjson

53
flux/cluster/apps/presidential-paradise/zookeeper/deployment.yaml Normal file
View file

@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: zookeeper
namespace: presidential-paradise
labels:
app: zookeeper
spec:
replicas: 1
selector:
matchLabels:
app: zookeeper
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 34%
maxUnavailable: 34%
template:
metadata:
name: zookeeper
labels:
app: zookeeper
spec:
imagePullSecrets:
- name: xirion-registry-creds
containers:
- name: zookeeper
image: registry.xirion.net/library/zookeeper:0.3.1 # {"$imagepolicy": "flux-system:zookeeper"}
ports:
- name: web
containerPort: 8085
- name: epmd
containerPort: 4369
envFrom:
- secretRef:
name: zookeeper
env:
- name: LANG
value: C.UTF-8
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_NAME
value: zookeeper-private.presidential-paradise.svc.cluster.local
resources: {}
securityContext:
privileged: false
procMount: Default
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
terminationGracePeriodSeconds: 30

33
flux/cluster/apps/presidential-paradise/zookeeper/external-secret.yaml Normal file
View file

@ -0,0 +1,33 @@
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: zookeeper
namespace: presidential-paradise
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: zookeeper
data:
- secretKey: DISCORD_APP_ID
remoteRef:
key: presidential-paradise/zookeeper
property: discord_app_id
- secretKey: DISCORD_PUBLIC_KEY
remoteRef:
key: presidential-paradise/zookeeper
property: discord_public_key
- secretKey: DISCORD_TOKEN
remoteRef:
key: presidential-paradise/zookeeper
property: discord_token
- secretKey: TWITTER_TOKEN
remoteRef:
key: presidential-paradise/zookeeper
property: twitter_token
- secretKey: RELEASE_COOKIE
remoteRef:
key: presidential-paradise/zookeeper
property: erlang_cookie

18
flux/cluster/apps/presidential-paradise/zookeeper/ingress.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: zookeeper
namespace: presidential-paradise
spec:
rules:
- host: "zookeeper.0x76.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: zookeeper
port:
number: 8085

7
flux/cluster/apps/presidential-paradise/zookeeper/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secret.yaml
- deployment.yaml
- svc.yaml
- ingress.yaml

27
flux/cluster/apps/presidential-paradise/zookeeper/svc.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: zookeeper-private
namespace: presidential-paradise
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
targetPort: epmd
protocol: TCP
selector:
app: zookeeper
---
apiVersion: v1
kind: Service
metadata:
name: zookeeper
namespace: presidential-paradise
spec:
ports:
- name: http
targetPort: web
port: 8085
selector:
app: zookeeper

15
flux/cluster/base/apps.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: core
path: ./cluster/apps
prune: true
sourceRef:
kind: GitRepository
name: flux-system

15
flux/cluster/base/core.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: core
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: crds
path: ./cluster/core
prune: false
sourceRef:
kind: GitRepository
name: flux-system

13
flux/cluster/base/crds.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: crds
namespace: flux-system
spec:
interval: 10m0s
path: ./cluster/crds
prune: false
sourceRef:
kind: GitRepository
name: flux-system

10
flux/cluster/base/flux-system/charts/helm/external-secrets-charts.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: external-secrets-charts
namespace: flux-system
spec:
interval: 15m0s
url: https://charts.external-secrets.io

7
flux/cluster/base/flux-system/charts/helm/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- metallb-charts.yaml
- traefik-charts.yaml
- external-secrets-charts.yaml

10
flux/cluster/base/flux-system/charts/helm/metallb-charts.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: metallb-charts
namespace: flux-system
spec:
interval: 15m0s
url: https://metallb.github.io/metallb

10
flux/cluster/base/flux-system/charts/helm/traefik-charts.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: traefik-charts
namespace: flux-system
spec:
interval: 15m
url: https://helm.traefik.io/traefik
timeout: 3m

5
flux/cluster/base/flux-system/charts/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm

6234
flux/cluster/base/flux-system/gotk-components.yaml Normal file
View file

File diff suppressed because it is too large Load diff

27
flux/cluster/base/flux-system/gotk-sync.yaml Normal file
View file

@ -0,0 +1,27 @@
# This manifest was generated by flux. DO NOT EDIT.
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
ref:
branch: main
secretRef:
name: flux-system
url: ssh://git@git.xirion.net:2222/olympus/flux.git
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./cluster/base
prune: true
sourceRef:
kind: GitRepository
name: flux-system

24
flux/cluster/base/flux-system/image-update-automation/image-update-automation.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 1m0s
sourceRef:
kind: GitRepository
name: flux-system
git:
checkout:
ref:
branch: main
commit:
author:
email: fluxcdbot@users.noreply.github.com
name: fluxcdbot
messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}'
push:
branch: main
update:
path: ./cluster/
strategy: Setters

5
flux/cluster/base/flux-system/image-update-automation/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- image-update-automation.yaml
- zookeeper.yaml

22
flux/cluster/base/flux-system/image-update-automation/zookeeper.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageRepository
metadata:
name: zookeeper
namespace: flux-system
spec:
image: registry.xirion.net/library/zookeeper
interval: 1m0s
secretRef:
name: xirion-registry-creds
---
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImagePolicy
metadata:
name: zookeeper
namespace: flux-system
spec:
imageRepositoryRef:
name: zookeeper
policy:
semver:
range: "*"

8
flux/cluster/base/flux-system/kustomization.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
- xirion-registry-creds.yaml
- image-update-automation
- charts

19
flux/cluster/base/flux-system/xirion-registry-creds.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: xirion-registry-creds
namespace: flux-system
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: xirion-registry-creds
template:
type: kubernetes.io/dockerconfigjson
data:
- secretKey: .dockerconfigjson
remoteRef:
key: xirion-registry-creds
property: dockerconfigjson

24
flux/cluster/core/external-secrets/external-secrets/helm-release.yaml Normal file
View file

@ -0,0 +1,24 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: external-secrets
namespace: external-secrets
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://charts.external-secrets.io
chart: external-secrets
version: 0.3.7
sourceRef:
kind: HelmRepository
name: external-secrets-charts
namespace: flux-system
interval: 5m
values:
installCRDs: false
install:
crds: Skip
upgrade:
crds: Skip

6
flux/cluster/core/external-secrets/external-secrets/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- vault-secret-store.yaml

26
flux/cluster/core/external-secrets/external-secrets/vault-secret-store.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1alpha1
kind: ClusterSecretStore
metadata:
name: vault
namespace: external-secrets
spec:
provider:
vault:
server: "http://10.42.42.6:8200"
path: "k8s"
version: "v2"
auth:
# VaultAppRole authenticates with Vault using the
# App Role auth mechanism
# https://www.vaultproject.io/docs/auth/approle
appRole:
# Path where the App Role authentication backend is mounted
path: "approle"
# RoleID configured in the App Role authentication backend
roleId: "bb841a0e-45c1-9dab-36f0-f72647d6aff0"
# Reference to a key in a K8 Secret that contains the App Role SecretId
# (not commited in git)
secretRef:
name: "vault-secret-id"
namespace: "external-secrets"
key: "secret-id"

5
flux/cluster/core/external-secrets/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secrets

7
flux/cluster/core/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces
- networking
- external-secrets

5
flux/cluster/core/namespaces/external-secrets.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: external-secrets

7
flux/cluster/core/namespaces/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- presidential-paradise.yaml
- networking.yaml
- external-secrets.yaml

5
flux/cluster/core/namespaces/networking.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: networking

6
flux/cluster/core/namespaces/presidential-paradise.yaml Normal file
View file

@ -0,0 +1,6 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: presidential-paradise

5
flux/cluster/core/networking/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- metallb

31
flux/cluster/core/networking/metallb/helm-release.yaml Normal file
View file

@ -0,0 +1,31 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: metallb
namespace: networking
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://metallb.github.io/metallb
chart: metallb
version: 0.10.3
sourceRef:
kind: HelmRepository
name: metallb-charts
namespace: flux-system
interval: 5m
values:
configInline:
address-pools:
- name: default
protocol: layer2
addresses:
- 10.42.42.150-192.168.42.200
speaker:
tolerations:
- effect: "NoExecute"
operator: "Exists"
- effect: "NoSchedule"
operator: "Exists"

5
flux/cluster/core/networking/metallb/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

31
flux/cluster/crds/external-secrets/crds.yaml Normal file
View file

@ -0,0 +1,31 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: external-secrets-crd-source
namespace: flux-system
spec:
interval: 30m
url: https://github.com/external-secrets/external-secrets.git
ref:
# renovate: registryUrl=https://charts.external-secrets.io chart=external-secrets
tag: v0.3.7
ignore: |
# exclude all
/*
# path to crds
!/deploy/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: external-secrets-crds
namespace: flux-system
spec:
interval: 15m
prune: false
wait: true
sourceRef:
kind: GitRepository
name: external-secrets-crd-source

4
flux/cluster/crds/external-secrets/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds.yaml

5
flux/cluster/crds/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- traefik
- external-secrets

30
flux/cluster/crds/traefik/crds.yaml Normal file
View file

@ -0,0 +1,30 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: traefik-crd-source
namespace: flux-system
spec:
interval: 30m
url: https://github.com/traefik/traefik-helm-chart.git
ref:
# renovate: registryUrl=https://helm.traefik.io/traefik chart=traefik
tag: v10.6.2
ignore: |
# exclude all
/*
# path to crds
!/traefik/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: traefik-crds
namespace: flux-system
spec:
interval: 15m
prune: false
wait: true
sourceRef:
kind: GitRepository
name: traefik-crd-source

4
flux/cluster/crds/traefik/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds.yaml