feat: yeet csr-approver

.taskfiles/talos/Taskfile.yaml

@@ -18,7 +18,7 @@ tasks:
     cmds:
       - task: down
       - talosctl apply-config --nodes {{.HOSTNAME}} --mode={{.MODE}} --file {{.CLUSTER_DIR}}/talos/clusterconfig/{{.CLUSTER}}-{{.HOSTNAME}}.yaml
-      - talosctl --nodes {{.HOSTNAME}} health --wait-timeout=10m --server=false
+      - talosctl --nodes {{.HOSTNAME}} health
       - task: up
     vars:
       MODE: '{{.MODE | default "auto"}}'
@@ -68,7 +68,7 @@ tasks:
     cmds:
       - task: down
       - talosctl --nodes {{.HOSTNAME}} reboot
-      - talosctl --nodes {{.HOSTNAME}} health --wait-timeout=10m --server=false
+      - talosctl --nodes {{.HOSTNAME}} health
       - task: up
     requires:
       vars: [CLUSTER, HOSTNAME]

kubernetes/main/apps/kube-system/kustomization.yaml

@@ -8,5 +8,4 @@ resources:
   # Flux-Kustomizations
   - ./cilium/ks.yaml
   - ./coredns/ks.yaml
-  - ./kubelet-csr-approver/ks.yaml
   - ./metrics-server/ks.yaml

kubernetes/main/apps/kube-system/metrics-server/app/helmrelease.yaml

@@ -25,9 +25,11 @@ spec:
   values:
     replicas: 2
     args:
+      - --kubelet-insecure-tls
       - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
       - --kubelet-use-node-status-port
-      - --metric-resolution=15s
+      - --metric-resolution=10s
+      - --kubelet-request-timeout=2s
     metrics:
       enabled: true
     serviceMonitor:

kubernetes/main/bootstrap/apps/helmfile.yaml

@@ -49,16 +49,9 @@ releases:
           helm.toolkit.fluxcd.io/namespace: *namespace
     needs: ["kube-system/cilium"]
 
-  - name: kubelet-csr-approver
-    namespace: kube-system
-    chart: postfinance/kubelet-csr-approver
-    version: 1.2.4
-    values: ["../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
-    needs: ["kube-system/coredns"]
-
   - name: spegel
     namespace: kube-system
     chart: oci://ghcr.io/spegel-org/helm-charts/spegel
     version: v0.0.28
     values: ["../../apps/kube-system/spegel/app/helm-values.yaml"]
-    needs: ["kube-system/kubelet-csr-approver"]
+    needs: ["kube-system/coredns"]

kubernetes/main/talos/talconfig.yaml

@@ -192,10 +192,6 @@ patches:
   - |-
     machine:
       kubelet:
-        extraArgs:
-          image-gc-low-threshold: 50
-          image-gc-high-threshold: 55
-          rotate-server-certificates: true
         nodeIP:
           validSubnets:
             - "10.69.1.0/24"

kubernetes/shared/repos/helm/kustomization.yaml

@@ -20,7 +20,6 @@ resources:
   - ./metrics-server.yaml
   - ./openebs.yaml
   - ./piraeus.yaml
-  - ./postfinance.yaml
   - ./prometheus-community.yaml
   - ./spegel.yaml
   - ./stakater.yaml

kubernetes/utility/apps/kube-system/kustomization.yaml

@@ -8,5 +8,4 @@ resources:
   # Flux-Kustomizations
   - ./cilium/ks.yaml
   - ./coredns/ks.yaml
-  - ./kubelet-csr-approver/ks.yaml
   - ./metrics-server/ks.yaml

kubernetes/utility/apps/kube-system/metrics-server/app/helmrelease.yaml

@@ -27,7 +27,8 @@ spec:
       - --kubelet-insecure-tls
       - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
       - --kubelet-use-node-status-port
-      - --metric-resolution=15s
+      - --metric-resolution=10s
+      - --kubelet-request-timeout=2s
     metrics:
       enabled: true
     serviceMonitor:

kubernetes/utility/bootstrap/apps/helmfile.yaml

@@ -48,11 +48,3 @@ releases:
           helm.toolkit.fluxcd.io/name: *name
           helm.toolkit.fluxcd.io/namespace: *namespace
     needs: ["kube-system/cilium"]
-
-  - name: kubelet-csr-approver
-    namespace: kube-system
-    chart: postfinance/kubelet-csr-approver
-    version: 1.2.4
-    values: ["../../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"]
-    needs: ["kube-system/coredns"]
-

kubernetes/utility/talos/talconfig.yaml

@@ -78,10 +78,6 @@ patches:
   - |-
     machine:
       kubelet:
-        extraArgs:
-          image-gc-low-threshold: 50
-          image-gc-high-threshold: 55
-          rotate-server-certificates: true
         nodeIP:
           validSubnets:
             - "10.69.1.0/24"