- cilium (crds have to go first in bootstrap)
- prometheus
- coredns
- kubelet-csr-approver
- spegel
- cert-manager (nginx must wait)
- external-dns
- cloudflared
- nginx-internal
- nginx-external
- snapshot-controller
- volsync
- reloader
- descheduler
- node-feature-discovery
- k8tz
- openebs
- grafana
- rook-ceph + rook-ceph-cluster
- loki
- external-secrets
- postgres
- postgres-ui
- keycloak
- gatus
[ ] Why doesn't cilium agent run on axolotl?
[ ] persistence [ ] annotations [ ] resources [ ] securityContext [ ] separate default.yaml and kubernetes.yaml SOPS (track static vs dynamic) [ ] bootstrap images on k3s agents for traefik and forgejo [ ] VLANs [ ] instructions for setting up new nodes [ ] Create a repair command for nix after macOS update per this working solution
[ ] rke2 [ ] network bonding [ ] Pushover [ ] add tristanschrader.com redirect and email obfuscation deactivation to opentofu [ ] add keycloak client creation to opentofu [ ] add firefly multi-user configuration to terraform [ ] remove extra fields from external-secrets
[ ] fix rook-ceph OSDs to be correctly distributed
[ ] Why does nix.mkIf create infinite recursion? [ ] Why does moduleWithSystem lib.mkIf create infinite recursion? [ ] Why does mkDomainOption give "deprecationMessage missing"
Apply these annotations to services that need the oauth2-proxy
annotations."nginx.ingress.kubernetes.io/auth-url" = "https://oauth2-proxy.${domain}/oauth2/auth?allowed_groups=/family";
annotations."nginx.ingress.kubernetes.io/auth-signin" = "https://oauth2-proxy.${domain}/oauth2/start?rd=$scheme://$host$request_uri";