small improvements

SETUP.md

@@ -2,7 +2,7 @@
 ## Install nfs-subdir-external-provisioner
 ```bash
 helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
-    --set nfs.server=192.168.15.61 \
+    --set nfs.server=<NFS_SERVER> \
     --set nfs.path=/export/config \
     --set storageClass.name=nfs-client \
     --set storageClass.pathPattern='${.PVC.namespace}/${.PVC.annotations.nfs.io/storage-path}'
@@ -52,14 +52,20 @@ kubectl apply -f metallb-system/address-pool.yaml
 ```bash
 kubectl create namespace cert-manager
 kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
+```
 
-# Create the private key for local CA
+Create the private key for local CA:
+```bash
 openssl genrsa -out ca.key 4096
+```
 
-# Create the root certificate, valid for 10 years
+Create the root certificate (valid for 10 years):
+```bash
 openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt -subj "/CN=Homelab CA"
-
+```
-# Create secret and ClusterIssuer
+  
-kubectl create secret tls internal-ca-secret -cert=ca.crt --key=ca.key -n cert-manager
+Create secret and ClusterIssuer
-kubectl apply -f cert-manager/cluster-issuer.yaml
+```bash
+kubectl create secret tls internal-ca-secret --cert=ca.crt --key=ca.key -n cert-manager
+kubectl apply -f certs/internal-issuer.yaml
 ```

dev/gitea-runner.yaml

@@ -27,7 +27,7 @@ data:
       capacity: 4
       timeout: 1h
       labels:
-        - "ubuntu-arm64:docker://docker.gitea.com/runner-images:ubuntu-latest-slim"
+        - "ubuntu-arm64:docker://docker.gitea.com/runner-images:ubuntu-latest"
 ---
 # PersistentVolumeClaim for AMD64
 apiVersion: v1
@@ -176,7 +176,7 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
-              - key: kubernetes.io/arch
+              - key: kubernetes.io/hostname
                 operator: In
                 values:
-                - arm64
+                - nexus

infra/README.md

@@ -0,0 +1,3 @@
+```bash
+kubectl create secret generic beszel-key --from-literal=SECRET-KEY=<KEY> -n infra
+```

infra/beszel-agent.yaml

@@ -22,22 +22,10 @@ spec:
             secretKeyRef:
               name: beszel-key
               key: SECRET-KEY
-        image: henrygd/beszel-agent:latest
+        image: henrygd/beszel-agent:0.12.10
         imagePullPolicy: Always
         name: beszel-agent
         ports:
           - containerPort: 45876
             hostPort: 45876
-      restartPolicy: Always
+      restartPolicy: Always
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-        operator: Exists
-  updateStrategy:
-    rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 100%
-    type: RollingUpdate

infra/beszel.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: beszel
-          image: henrygd/beszel:latest
+          image: ghcr.io/henrygd/beszel/beszel:0.12.10
           imagePullPolicy: Always
           env:
             - name: PUID