fix(kyak): downgrade redis

Signed-off-by: Tyler Witlin <[email protected]>

.envrc

@@ -1,3 +1,4 @@
 #shellcheck disable=SC2148,SC2155
 export KUBECTL_EXTERNAL_DIFF="dyff between --omit-header --set-exit-code"
 export SOPS_AGE_KEY_FILE=$(expand_path ~/.config/sops/age/keys.txt)
+export KUBECONFIG="$(expand_path ./kubernetes/kyak/kubeconfig):$(expand_path ./kubernetes/sol/kubeconfig)"

.gitignore

@@ -10,6 +10,6 @@ Thumbs.db
 *.pub
 *.key
 *.pem
-kubeconfig*
+kubeconfig
 config.xml
 charts/

Taskfile.yml

@@ -2,17 +2,22 @@
 # yaml-language-server: $schema=https://taskfile.dev/schema.json
 version: "3"
 
+vars:
+  ANSIBLE_DIR: "{{.ROOT_DIR}}/ansible"
+  KUBERNETES_DIR: "{{.ROOT_DIR}}/kubernetes"
+  TERRAFORM_DIR: "{{.ROOT_DIR}}/terraform"
+
+env:
+  KUBECONFIG: "{{.KUBERNETES_DIR}}/kubernetes/main/kubeconfig:{{.KUBERNETES_DIR}}/kubernetes/storage/kubeconfig"
+  SOPS_AGE_KEY_FILE: "{{.ROOT_DIR}}/age.key"
+
 includes:
-  ansible:
-    taskfile: .taskfiles/Ansible/Taskfile.yaml
-  external-secrets:
-    taskfile: .taskfiles/ExternalSecrets/Taskfile.yaml
-  flux:
-    taskfile: .taskfiles/Flux/Taskfile.yaml
-  kubernetes:
-    taskfile: .taskfiles/Kubernetes/Taskfile.yaml
-  volsync:
-    taskfile: .taskfiles/VolSync/Taskfile.yaml
+  ansible: .taskfiles/Ansible/Taskfile.yaml
+  external-secrets: .taskfiles/ExternalSecrets/Taskfile.yaml
+  flux: .taskfiles/Flux/Taskfile.yaml
+  kubernetes: .taskfiles/Kubernetes/Taskfile.yaml
+  # sops: .taskfiles/Sops/Taskfile.yaml
+  volsync: .taskfiles/VolSync/Taskfile.yaml
 
 tasks:
 

kubernetes/kyak/apps/database/redis/app/helmrelease.yaml

@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
@@ -10,12 +10,11 @@ spec:
   chart:
     spec:
       chart: redis
-      version: 18.7.1
+      version: 18.6.3
       sourceRef:
         kind: HelmRepository
         name: bitnami
         namespace: flux-system
-  maxHistory: 2
   install:
     remediation:
       retries: 3

kubernetes/kyak/apps/flux-system/addons/app/monitoring/podmonitor.yaml

@@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
   name: flux-system
+  namespace: flux-system
   labels:
     app.kubernetes.io/part-of: flux
     app.kubernetes.io/component: monitoring
@@ -25,7 +26,7 @@ spec:
   podMetricsEndpoints:
     - port: http-prom
       relabelings:
-        # https://github.com/prometheus-operator/prometheus-operator/issues/4816
+        # Ref: https://github.com/prometheus-operator/prometheus-operator/issues/4816
         - sourceLabels: [__meta_kubernetes_pod_phase]
           action: keep
           regex: Running

kubernetes/kyak/apps/flux-system/addons/app/monitoring/prometheusrule.yaml

@@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
   name: flux-rules
+  namespace: flux-system
 spec:
   groups:
     - name: flux.rules

kubernetes/kyak/apps/flux-system/addons/app/notifications/alert-manager/notification.yaml

@@ -6,7 +6,7 @@ metadata:
   name: alert-manager
 spec:
   type: alertmanager
-  address: http://alertmanager-operated.monitoring.svc.cluster.local:9093/api/v2/alerts/
+  address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/notification.toolkit.fluxcd.io/alert_v1beta3.json
 apiVersion: notification.toolkit.fluxcd.io/v1beta3

kubernetes/kyak/apps/monitoring/kromgo/app/resources/config.yaml

@@ -1,4 +1,5 @@
 ---
+# yaml-language-server: $schema=https://github.com/kashalls/kromgo/raw/main/config.schema.json
 metrics:
   - name: cluster_node_count
     query: count(count by (node) (kube_node_status_condition{kubernetes_node=~"k8s-[0-9]+", condition="Ready"}))

kubernetes/kyak/flux/config/flux.yaml

@@ -37,7 +37,7 @@ spec:
         group: networking.k8s.io
         kind: NetworkPolicy
     # Increase the number of reconciliations that can be performed in parallel and bump the resources limits
-    # https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
+    # Ref: https://fluxcd.io/flux/cheatsheets/bootstrap/#increase-the-number-of-workers
     - patch: |
         - op: add
           path: /spec/template/spec/containers/0/args/-
@@ -71,7 +71,7 @@ spec:
         kind: Deployment
         name: (kustomize-controller|helm-controller|source-controller)
     # Enable in-memory-kustomize builds
-    # https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds
+    # Ref: https://fluxcd.io/flux/installation/configuration/vertical-scaling/#enable-in-memory-kustomize-builds
     - patch: |
         - op: replace
           path: /spec/template/spec/volumes/0
@@ -83,7 +83,7 @@ spec:
         kind: Deployment
         name: kustomize-controller
     # Enable Helm near OOM detection
-    # https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
+    # Ref: https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-helm-near-oom-detection
     - patch: |
         - op: add
           path: /spec/template/spec/containers/0/args/-
@@ -98,10 +98,10 @@ spec:
         kind: Deployment
         name: helm-controller
     # Enable notifications for 3rd party Flux controllers such as tf-controller
-    # https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-notifications-for-third-party-controllers
+    # Ref: https://fluxcd.io/flux/cheatsheets/bootstrap/#enable-notifications-for-third-party-controllers
     - patch: |
         - op: add
-          path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/eventSources/items/properties/kind/enum/-
+          path: /spec/versions/2/schema/openAPIV3Schema/properties/spec/properties/eventSources/items/properties/kind/enum/-
           value: Terraform
       target:
         kind: CustomResourceDefinition

kubernetes/kyak/flux/repositories/git/kustomization.yaml

@@ -2,6 +2,4 @@
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources:
-  - ./kubernetes-csi-addons.yaml
-  - ./local-path-provisioner.yaml
+resources: []

kubernetes/sol/flux/vars/cluster-secrets.sops.env

@@ -1,10 +1,10 @@
-SECRET_PUBLIC_DOMAIN=ENC[AES256_GCM,data:+upzWr8yAZg=,iv:07ZPOPHffpUhUa3b8GVpRUEfDUgAKRQ8e5dSftuw3Tk=,tag:+p+KjxjhVoLopdhRdZVkKw==,type:str]
-SECRET_PRIVATE_DOMAIN=ENC[AES256_GCM,data:gTGIgjOvAQ==,iv:jTuVxfkyueCygP5CZg+gUdLNDTbyIBjZgwL+6KMjlM8=,tag:Vk2RW64x2M2G6iZBrQMwug==,type:str]
-SECRET_EMAIL=ENC[AES256_GCM,data:7hUuEmZyLEqlpat3lxjL0La0QURd,iv:K91R8I1R6kW5G1uxnObUWRc719uHiWxwJXn3a0nxXJk=,tag:2LZG+YHqCfuMEONuhRo8Tw==,type:str]
-SECRET_CLOUDFLARE_ACCOUNT_ID=ENC[AES256_GCM,data:BA14gnoiH96N9WBSQEqAHlG2ZkyD6napMSB78YRW9co=,iv:pbd1aMNpbd7uGOllcW02gUE4qsERRRyIskYlUMiZTpo=,tag:ClWM5Sl2KGMIutwDrBDvzg==,type:str]
-sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaGh0UytLekk3cVlvKzVK\nQ0tER0huV0JHb1dISWpYdVd2VFlGdHNYYjFjCmJKMDkvWW0yYlE2bHROZkh1NWtC\nZkRFNGlxYkFGSGMvQ3hSZXFZSTA0d1kKLS0tIE9obUhqR3BMS1dWMk8vZzhtQUdH\ndklNUGlzTTZHTTRtY0lWUDlYVlRSZEEKqMi9QU8ASN9qkquL11QhZd7HOOvHvuxt\npAeVn8dGikRrqPdFe8bXb+W66MwwDZQ05mOjExXwZ0Lw0m4+eT/I5A==\n-----END AGE ENCRYPTED FILE-----\n
+SECRET_PUBLIC_DOMAIN=ENC[AES256_GCM,data:dEINlHHF9l0=,iv:dkgoWcjVpuJYKCzuhWgnDkEOhy+TQOEDkKOBV/i+jeU=,tag:96QrhZO+ORrood8RspCz6Q==,type:str]
+SECRET_PRIVATE_DOMAIN=ENC[AES256_GCM,data:v9Fozo4aoQ==,iv:zRZQ612IPN1N3VFG2exT3lg15hQ+So0n0F2RfV6Bxqw=,tag:yVMtAVjuMezDs4Lrh0sevg==,type:str]
+SECRET_EMAIL=ENC[AES256_GCM,data:p4GpnBR7dAfwLSHh5CnDYmmRMKly,iv:fmKmcsEOwG85wu9uDrDBc7veDaL/MPFYxGwqFh0fRY0=,tag:GT9Et9IATYQt7qLt9zQ5lw==,type:str]
+SECRET_CLOUDFLARE_ACCOUNT_ID=ENC[AES256_GCM,data:P4qTnoV3F8+ia6GHGU78D09zP3qnTCnfoMCLcn+RkQI=,iv:9Oe8su0nOO4gDaYzHHYRFDHcf0GpLsKlRm0xp2JGlpM=,tag:d3uH/SvtH0jIYJMgN1srwQ==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYzI2M2l6eVE1RU8yRjdH\nRGNiTnRDWmdHUWJCY2ptZWRKRndLQStjTkdVCktzU0dVckdpUUYwd2JDTzV5STkw\nRWlqcmZVU200WXBmR3dsTStKVTRTUWcKLS0tIEdGOGwwUHNQVHRZZkpLM2d5a0xO\ndUVvQy9Cb0hKVHBSc0lsMkZhV0NNekUKL1ggQY8CN/K0HYQZfEsCCcRZBPA7Cxwk\nwm9ifi60Ofi0icEreVARPi6IV7D3WjtL3c3CecBEQHclG5LE0PujcA==\n-----END AGE ENCRYPTED FILE-----\n
 sops_age__list_0__map_recipient=age1986cspgjd7xhdwfwmyplc5jsjk43gewedu7s3sr7gwwhrdp7rgzq6t4ax9
-sops_lastmodified=2023-11-26T15:49:02Z
-sops_mac=ENC[AES256_GCM,data:Lc9hxfWBuWhUzYrfNgHGmDyylvYhcY2qjuKO0T4A3Q3e9u6PO8WwkTbKIYDKJ7VN2y4Oshzua1ODCA9na3A3JnpdXyh2pmzhy1gehCbsW8cr3b8/f1XqKQAS2yUiOB8avUjvq2j/hgsDo8FmMXpzZ3mIxCnD4lKVLtH6/QJ3y4I=,iv:NRLSffgiP//FYFfg6w8MiWU1QW/K+gG3GuweqT/5CaI=,tag:FM8kubTVCY2BUtr3XhWKew==,type:str]
+sops_lastmodified=2023-12-31T05:14:19Z
+sops_mac=ENC[AES256_GCM,data:DfbUV4yDFqCvsiq6gYNwpQ/lwAAUmtfxn6ujXJKJAa00ELq8wlvqRB2DR10lt8aNUG2yf8cGXS7kgUhX02tCHs1O2FvSs+WXDFcUdDcmLigoJkl2pK5tHdeaZ9CwlYuGb0BmZmcFFxmzm3oHPgXxq1WvzMf2HGjOph4yBnZZTB0=,iv:02F22vcVivJ1o0W+QjfBYlP4V4g9htApsbQk7pToOLs=,tag:L3wGRarWwDKUr8lqCpmezA==,type:str]
 sops_unencrypted_suffix=_unencrypted
 sops_version=3.8.1