studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(local): kustomize render passes cleanly

Browse Source 
- Remove base/mesh from local overlay (Linkerd installed via CLI in local-up.sh)
- Fix LiveKit namespace: chart doesn't set .Release.Namespace, add explicit patches
- Fix release names: livekit-server and cloudnative-pg match chart names (avoid double-prefix)
- Disable hydra-maester (not needed for local dev)
- Add memory limits for cloudnative-pg operator and livekit-server deployments
- Remove non-functional values-ory.yaml patch (DOMAIN_SUFFIX handled by sed in local-up.sh)
- Gitignore **/charts/ (kustomize helm cache, generated artifact)
This commit is contained in:
Sienna Meridian Satterwhite
2026-02-28 14:00:31 +00:00
parent 5d9bd7b067
commit 886c4221b2
6 changed files with 84 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -2,3 +2,5 @@ secrets/local/
*.pem *.pem
*-key.pem *-key.pem
.DS_Store .DS_Store
# kustomize helm chart download cache
**/charts/

4
base/data/kustomization.yaml
View File

@@ -12,10 +12,10 @@ resources:
- opensearch-service.yaml - opensearch-service.yaml
helmCharts: helmCharts:
# CloudNativePG operator — chart name: cloudnative-pg
# helm repo add cnpg https://cloudnative-pg.github.io/charts # helm repo add cnpg https://cloudnative-pg.github.io/charts
# releaseName=cloudnative-pg matches chart name → operator Deployment is named `cloudnative-pg`
- name: cloudnative-pg - name: cloudnative-pg
repo: https://cloudnative-pg.github.io/charts repo: https://cloudnative-pg.github.io/charts
version: "0.27.1" version: "0.27.1"
releaseName: cnpg releaseName: cloudnative-pg
namespace: data namespace: data

38
base/media/kustomization.yaml
View File

@@ -7,11 +7,45 @@ resources:
- namespace.yaml - namespace.yaml
helmCharts: helmCharts:
# chart name is `livekit-server`, not `livekit-helm`
# helm repo add livekit https://helm.livekit.io # helm repo add livekit https://helm.livekit.io
# releaseName=livekit-server matches chart name → Helm deduplicates the prefix,
# so resources are named `livekit-server` instead of `livekit-livekit-server`.
- name: livekit-server - name: livekit-server
repo: https://helm.livekit.io repo: https://helm.livekit.io
version: "1.9.0" version: "1.9.0"
releaseName: livekit releaseName: livekit-server
namespace: media namespace: media
valuesFile: livekit-values.yaml valuesFile: livekit-values.yaml
# The livekit-server chart does not set .Release.Namespace in its templates,
# so kustomize's namespace field doesn't inject it automatically.
# Patch namespace onto each chart-rendered resource explicitly.
patches:
- patch: |
- op: add
path: /metadata/namespace
value: media
target:
kind: Deployment
name: livekit-server
- patch: |
- op: add
path: /metadata/namespace
value: media
target:
kind: Service
name: livekit-server
- patch: |
- op: add
path: /metadata/namespace
value: media
target:
kind: Service
name: livekit-server-turn
- patch: |
- op: add
path: /metadata/namespace
value: media
target:
kind: ConfigMap
name: livekit-server

5
base/ory/hydra-values.yaml
View File

@@ -2,6 +2,11 @@
# DOMAIN_SUFFIX is replaced by overlay patches. # DOMAIN_SUFFIX is replaced by overlay patches.
# DSN and system secrets come from the overlay-specific Secret. # DSN and system secrets come from the overlay-specific Secret.
# Disable the maester controller — it manages OAuth2Client CRDs which we don't use locally.
# OAuth2 clients are registered directly via the Hydra admin API.
maester:
enabled: false
hydra: hydra:
config: config:
dsn: "postgresql://hydra:$(HYDRA_DB_PASSWORD)@postgres-rw.data.svc.cluster.local:5432/hydra_db" dsn: "postgresql://hydra:$(HYDRA_DB_PASSWORD)@postgres-rw.data.svc.cluster.local:5432/hydra_db"

24
overlays/local/kustomization.yaml
View File

@@ -3,9 +3,15 @@ kind: Kustomization
# Local dev overlay — targets Lima VM running k3s on macOS # Local dev overlay — targets Lima VM running k3s on macOS
# Deploy with: kubectl apply -k overlays/local/ # Deploy with: kubectl apply -k overlays/local/
#
# NOTE: base/mesh (Linkerd) is excluded here. Linkerd is bootstrapped
# separately by scripts/local-up.sh via the Linkerd CLI, which avoids
# the identity cert bootstrapping problem at kustomize render time.
#
# DOMAIN_SUFFIX substitution: local-up.sh pipes `kustomize build | sed` to
# replace DOMAIN_SUFFIX with <LIMA_IP>.sslip.io before kubectl apply.
resources: resources:
- ../../base/mesh
- ../../base/ingress - ../../base/ingress
- ../../base/ory - ../../base/ory
- ../../base/data - ../../base/data
@@ -15,23 +21,11 @@ resources:
- ../../base/devtools - ../../base/devtools
patches: patches:
# sslip.io domain suffix derived from Lima VM IP # Disable rustls-acme; add hostPort for TURN relay range on Lima VM
- path: values-domain.yaml
target:
kind: ConfigMap
name: pingora-config
# Disable rustls-acme; mount mkcert cert; enable hostPort for Lima
- path: values-pingora.yaml - path: values-pingora.yaml
target: target:
kind: Deployment kind: Deployment
name: pingora name: pingora
# Swap redirect URIs to *.sslip.io for Kratos and Hydra # Apply §10.7 memory limits to all Deployments
- path: values-ory.yaml
target:
kind: ConfigMap
labelSelector: "app.kubernetes.io/part-of=ory"
# Apply §10.7 memory limits across all Deployments
- path: values-resources.yaml - path: values-resources.yaml

30
overlays/local/values-resources.yaml
View File

@@ -3,6 +3,36 @@
# #
# Applied as a strategic merge patch. Each stanza targets one Deployment by name. # Applied as a strategic merge patch. Each stanza targets one Deployment by name.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cloudnative-pg
namespace: data
spec:
template:
spec:
containers:
- name: manager
resources:
limits:
memory: 256Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: livekit-server
namespace: media
spec:
template:
spec:
containers:
- name: livekit-server
resources:
limits:
memory: 128Mi
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment