Skip to content

feat: Move all deployments to atlas#91

Open
max06 wants to merge 21 commits into
mainfrom
move-everything
Open

feat: Move all deployments to atlas#91
max06 wants to merge 21 commits into
mainfrom
move-everything

Conversation

@max06
Copy link
Copy Markdown
Owner

@max06 max06 commented May 10, 2026

No description provided.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 10, 2026
edited
Loading

ATLAS Review

Changes detected in 147 resource(s) across 18 release(s).
Please review before merging.

Note

Some diffs were truncated to fit the PR comment size limit. See the job summary for the full output.

Affected releases

cyrannus/helios / argocd / argocd (1 resources)
Secret/argocd-cluster-mgmt (new) (24 lines) 
--- baseline/cyrannus/helios/argocd/argocd/Secret_argocd-cluster-mgmt.yml
+++ current/cyrannus/helios/argocd/argocd/Secret_argocd-cluster-mgmt.yml
@@ -0,0 +1,20 @@
+---
+# Source: argo-cd/templates/patched_resources.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    managed-by: argocd.argoproj.io
+  labels:
+    argocd.argoproj.io/instance: helios-argocd
+    argocd.argoproj.io/secret-type: cluster
+    clusterGroup: cyrannus
+    clusterId: mgmt
+  name: argocd-cluster-mgmt
+  namespace: argocd
+stringData:
+  config: |
+    {"tlsClientConfig":{"insecure":false}}
+  name: cyrannus-helios
+  server: https://kubernetes.default.svc
+type: Opaque
\ No newline at end of file
cyrannus/helios / rancher-to-argocd-controller / rancher-to-argocd-controller (6 resources)
ClusterRoleBinding/rancher-to-argocd-controller (new) (20 lines) 
--- baseline/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/ClusterRoleBinding_rancher-to-argocd-controller.yml
+++ current/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/ClusterRoleBinding_rancher-to-argocd-controller.yml
@@ -0,0 +1,16 @@
+---
+# Source: chart/templates/kustomized.yaml
+# Source: chart/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-to-argocd-controller
+  namespace: argocd
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-to-argocd-controller
+subjects:
+  - kind: ServiceAccount
+    name: rancher-to-argocd-controller
+    namespace: argocd
\ No newline at end of file
ClusterRole/rancher-to-argocd-controller (new) (22 lines) 
--- baseline/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/ClusterRole_rancher-to-argocd-controller.yml
+++ current/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/ClusterRole_rancher-to-argocd-controller.yml
@@ -0,0 +1,18 @@
+---
+# Source: chart/templates/kustomized.yaml
+# Source: chart/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-to-argocd-controller
+rules:
+  - apiGroups:
+      - management.cattle.io
+    resources:
+      - clusters
+      - users
+      - tokens
+    verbs:
+      - get
+      - watch
+      - list
\ No newline at end of file
Deployment/rancher-to-argocd-controller (new) (37 lines) 
--- baseline/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/Deployment_rancher-to-argocd-controller.yml
+++ current/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/Deployment_rancher-to-argocd-controller.yml
@@ -0,0 +1,33 @@
+---
+# Source: chart/templates/kustomized.yaml
+# Source: chart/templates/kustomized.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: rancher-to-argocd-controller
+  name: rancher-to-argocd-controller
+  namespace: argocd
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rancher-to-argocd-controller
+  template:
+    metadata:
+      labels:
+        app: rancher-to-argocd-controller
+    spec:
+      containers:
+        - env:
+            - name: ENVIRONMENT_ID
+              value: cyrannus
+            - name: RANCHER_URI
+              value: https://rancher.max06.net
+            - name: ENABLE_HOOK_RANCHER_CLUSTERS_TO_ARGOCD_CLUSTERS
+              value: "true"
+            - name: RANCHER_CLUSTERS_TO_ARGOCD_CLUSTERS_CLUSTER_NAME_EXCLUDE_REGEX
+              value: ^helios$
+          image: travisghansen/rancher-to-argocd-controller:v0.4.3
+          name: rancher-to-argocd-controller-cyrannus
+      serviceAccountName: rancher-to-argocd-controller
\ No newline at end of file
RoleBinding/rancher-to-argocd-controller (new) (20 lines) 
--- baseline/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/RoleBinding_rancher-to-argocd-controller.yml
+++ current/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/RoleBinding_rancher-to-argocd-controller.yml
@@ -0,0 +1,16 @@
+---
+# Source: chart/templates/kustomized.yaml
+# Source: chart/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rancher-to-argocd-controller
+  namespace: argocd
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rancher-to-argocd-controller
+subjects:
+  - kind: ServiceAccount
+    name: rancher-to-argocd-controller
+    namespace: argocd
\ No newline at end of file
Role/rancher-to-argocd-controller (new) (25 lines) 
--- baseline/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/Role_rancher-to-argocd-controller.yml
+++ current/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/Role_rancher-to-argocd-controller.yml
@@ -0,0 +1,21 @@
+---
+# Source: chart/templates/kustomized.yaml
+# Source: chart/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: rancher-to-argocd-controller
+  namespace: argocd
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - list
+      - create
+      - update
+      - patch
+      - delete
\ No newline at end of file
ServiceAccount/rancher-to-argocd-controller (new) (12 lines) 
--- baseline/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/ServiceAccount_rancher-to-argocd-controller.yml
+++ current/cyrannus/helios/rancher-to-argocd-controller/rancher-to-argocd-controller/ServiceAccount_rancher-to-argocd-controller.yml
@@ -0,0 +1,8 @@
+---
+# Source: chart/templates/kustomized.yaml
+# Source: chart/templates/kustomized.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-to-argocd-controller
+  namespace: argocd
\ No newline at end of file
cyrannus/picon / cilium-config / cilium-config (2 resources)
CiliumL2AnnouncementPolicy/internal-policy (new) (19 lines) 
--- baseline/cyrannus/picon/cilium-config/cilium-config/CiliumL2AnnouncementPolicy_internal-policy.yml
+++ current/cyrannus/picon/cilium-config/cilium-config/CiliumL2AnnouncementPolicy_internal-policy.yml
@@ -0,0 +1,15 @@
+---
+# Source: raw/templates/resources.yaml
+apiVersion: cilium.io/v2alpha1
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  labels:
+    app.kubernetes.io/instance: cilium-config
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: cilium-config-raw
+    app.kubernetes.io/version: 1.0.0
+    helm.sh/chart: raw-2.0.2
+  name: internal-policy
+spec:
+  externalIPs: true
+  loadBalancerIPs: true
\ No newline at end of file
CiliumLoadBalancerIPPool/internal-pool (new) (19 lines) 
--- baseline/cyrannus/picon/cilium-config/cilium-config/CiliumLoadBalancerIPPool_internal-pool.yml
+++ current/cyrannus/picon/cilium-config/cilium-config/CiliumLoadBalancerIPPool_internal-pool.yml
@@ -0,0 +1,15 @@
+---
+# Source: raw/templates/resources.yaml
+apiVersion: cilium.io/v2alpha1
+kind: CiliumLoadBalancerIPPool
+metadata:
+  labels:
+    app.kubernetes.io/instance: cilium-config
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: cilium-config-raw
+    app.kubernetes.io/version: 1.0.0
+    helm.sh/chart: raw-2.0.2
+  name: internal-pool
+spec:
+  blocks:
+    - cidr: 192.168.30.240/28
\ No newline at end of file
cyrannus/picon / external-services / proxmox-external-service (2 resources)
IngressRoute/proxmox (new) (30 lines) 
--- baseline/cyrannus/picon/external-services/proxmox-external-service/IngressRoute_proxmox.yml
+++ current/cyrannus/picon/external-services/proxmox-external-service/IngressRoute_proxmox.yml
@@ -0,0 +1,26 @@
+---
+# Source: raw/templates/resources.yaml
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/target: 192.168.30.241
+  labels:
+    app.kubernetes.io/instance: proxmox-external-service
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: proxmox-external-service-raw
+    app.kubernetes.io/version: 1.0.0
+    helm.sh/chart: raw-2.0.2
+  name: proxmox
+spec:
+  entryPoints:
+    - webinternal
+  routes:
+    - kind: Rule
+      match: Host(`proxmox.REDAC.RED`)
+      services:
+        - name: proxmox
+          passHostHeader: false
+          port: 8006
+          scheme: https
+          serversTransport: traefik-insecure@kubernetescrd
\ No newline at end of file
Service/proxmox (new) (23 lines) 
--- baseline/cyrannus/picon/external-services/proxmox-external-service/Service_proxmox.yml
+++ current/cyrannus/picon/external-services/proxmox-external-service/Service_proxmox.yml
@@ -0,0 +1,19 @@
+---
+# Source: raw/templates/resources.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: proxmox-external-service
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: proxmox-external-service-raw
+    app.kubernetes.io/version: 1.0.0
+    helm.sh/chart: raw-2.0.2
+  name: proxmox
+spec:
+  externalName: srv-pm01.srv.hive.internal
+  ports:
+    - name: http
+      port: 8006
+      targetPort: 8006
+  type: ExternalName
\ No newline at end of file
cyrannus/picon / home-assistant / home-assistant (8 resources)
ConfigMap/hass-configuration (new) (30 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/ConfigMap_hass-configuration.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/ConfigMap_hass-configuration.yml
@@ -0,0 +1,26 @@
+---
+# Source: home-assistant/templates/configmap-hass-config.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hass-configuration
+  namespace: home-assistant
+data:
+  configuration.yaml: |-
+    # Loads default set of integrations. Do not remove.
+    default_config:
+
+    http:
+      use_x_forwarded_for: true
+      trusted_proxies:
+        - "10.0.0.0/8"
+        - "172.16.0.0/12"
+        - "192.168.0.0/16"
+        - "127.0.0.0/8"
+    # Load frontend themes from the themes folder
+    frontend:
+      themes: !include_dir_merge_named themes
+
+    automation: !include automations.yaml
+    script: !include scripts.yaml
+    scene: !include scenes.yaml
\ No newline at end of file
ConfigMap/init-script (new) (64 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/ConfigMap_init-script.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/ConfigMap_init-script.yml
@@ -0,0 +1,60 @@
+---
+# Source: home-assistant/templates/configmap-init-script.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: init-script
+  namespace: home-assistant
+data:
+  init.sh: |-
+    #!/bin/bash
+    set -e
+
+    # Check if the configuration file exists
+    if [ ! -f /config/configuration.yaml ]; then
+      echo "Configuration file not found, creating a new one"
+      cp /config-templates/configuration.yaml /config/configuration.yaml
+    fi
+
+    # Check if the force init is enabled
+    forceInit="true"
+    if [ "$forceInit" = "true" ]; then
+      echo "Force init is enabled, overwriting the configuration file"
+      current_time=$(date +%Y%m%d_%H%M%S)
+      echo "Backup the current configuration file to configuration.yaml.$current_time"
+      cp /config/configuration.yaml /config/configuration.yaml.$current_time
+      echo "Before cleanup - all backup files:"
+      ls -l /config/configuration.yaml.*
+      echo "Cleaning up - keeping only 10 most recent backups..."
+      ls -t /config/configuration.yaml.* 2>/dev/null | tail -n +11 | xargs -r rm
+      echo "After cleanup - remaining backup files:"
+      ls -l /config/configuration.yaml.*
+      echo "The current configuration file will be merged with the default configuration file with this content:"
+      cat /config-templates/configuration.yaml
+      if [[ ! -s /config/configuration.yaml ]]; then
+        # If /config/configuration.yaml is empty, use the content of /config-templates/configuration.yaml
+        cat /config-templates/configuration.yaml > /config/configuration.yaml
+      else
+        # Perform the merge operation if /config/configuration.yaml is not empty
+        yq eval-all --inplace 'select(fileIndex == 0) *d select(fileIndex == 1)' /config/configuration.yaml /config-templates/configuration.yaml
+      fi
+    fi
+
+    # Check if the automations file exists
+    if [ ! -f /config/automations.yaml ]; then
+      echo "Automations file not found, creating a new one"
+      touch /config/automations.yaml
+      echo "[]" >> /config/automations.yaml
+    fi
+
+    # Check if the scripts file exists
+    if [ ! -f /config/scripts.yaml ]; then
+      echo "Scripts file not found, creating a new one"
+      touch /config/scripts.yaml
+    fi
+
+    # Check if the scenes file exists
+    if [ ! -f /config/scenes.yaml ]; then
+      echo "Scenes file not found, creating a new one"
+      touch /config/scenes.yaml
+    fi
\ No newline at end of file
Ingress/home-assistant (new) (28 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/Ingress_home-assistant.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/Ingress_home-assistant.yml
@@ -0,0 +1,24 @@
+---
+# Source: home-assistant/templates/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: home-assistant
+  labels:
+    helm.sh/chart: home-assistant-0.3.37
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
+    app.kubernetes.io/version: "2025.12.5"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  rules:
+    - host: "home.REDAC.RED"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: home-assistant
+                port:
+                  number: 8080
\ No newline at end of file
Pod/home-assistant-test-connection (new) (25 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/Pod_home-assistant-test-connection.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/Pod_home-assistant-test-connection.yml
@@ -0,0 +1,21 @@
+---
+# Source: home-assistant/templates/tests/test-connection.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "home-assistant-test-connection"
+  labels:
+    helm.sh/chart: home-assistant-0.3.37
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
+    app.kubernetes.io/version: "2025.12.5"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['home-assistant:8080']
+  restartPolicy: Never
\ No newline at end of file
ServiceAccount/home-assistant (new) (16 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/ServiceAccount_home-assistant.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/ServiceAccount_home-assistant.yml
@@ -0,0 +1,12 @@
+---
+# Source: home-assistant/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: home-assistant
+  labels:
+    helm.sh/chart: home-assistant-0.3.37
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
+    app.kubernetes.io/version: "2025.12.5"
+    app.kubernetes.io/managed-by: Helm
\ No newline at end of file
Service/home-assistant-codeserver (new) (26 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/Service_home-assistant-codeserver.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/Service_home-assistant-codeserver.yml
@@ -0,0 +1,22 @@
+---
+# Source: home-assistant/templates/service-codeserver.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant-codeserver
+  labels:
+    helm.sh/chart: home-assistant-0.3.37
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
+    app.kubernetes.io/version: "2025.12.5"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 12321
+      targetPort: codeserver
+      protocol: TCP
+      name: codeserver
+  selector:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
\ No newline at end of file
Service/home-assistant (new) (26 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/Service_home-assistant.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/Service_home-assistant.yml
@@ -0,0 +1,22 @@
+---
+# Source: home-assistant/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant
+  labels:
+    helm.sh/chart: home-assistant-0.3.37
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
+    app.kubernetes.io/version: "2025.12.5"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
\ No newline at end of file
StatefulSet/home-assistant (new) (119 lines) 
--- baseline/cyrannus/picon/home-assistant/home-assistant/StatefulSet_home-assistant.yml
+++ current/cyrannus/picon/home-assistant/home-assistant/StatefulSet_home-assistant.yml
@@ -0,0 +1,115 @@
+---
+# Source: home-assistant/templates/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: home-assistant
+  labels:
+    helm.sh/chart: home-assistant-0.3.37
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: home-assistant
+    app.kubernetes.io/version: "2025.12.5"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  serviceName: home-assistant
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: home-assistant
+      app.kubernetes.io/instance: home-assistant
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: home-assistant
+        app.kubernetes.io/instance: home-assistant
+      annotations:
+        checksum/init-script: 495e927a6986fb8e0bd38f54c81c5cb25cabad179b8c61e53db1ed6405f8007b
+        checksum/hass-configuration: 0af5a9561ed391386c20d32521db05c7a98c528285ce5526fb9dcf2bc19dfb38
+    spec:
+      serviceAccountName: home-assistant
+      securityContext: {}
+      containers:
+        - name: home-assistant
+          securityContext: {}
+          image: "ghcr.io/home-assistant/home-assistant:2025.12.5"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8123
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /
+              port: http
+              scheme: HTTP
+            periodSeconds: 20
+            successThreshold: 1
+            timeoutSeconds: 2
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /
+              port: http
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          volumeMounts:
+            - mountPath: /config
+              name: home-assistant
+        - name: codeserver
+          securityContext: {}
+          args:
+            - --auth
+            - none
+            - --user-data-dir
+            - "/config/.vscode"
+            - --extensions-dir
+            - "/config/.vscode"
+            - --port
+            - "12321"
+            - "/config"
+          image: "ghcr.io/coder/code-server:4.105.1"
+          imagePullPolicy: "IfNotPresent"
+          ports:
+            - containerPort: 12321
+              name: codeserver
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /config
+              name: home-assistant
+      initContainers:
+        - name: setup-config
+          image: mikefarah/yq:4
+          securityContext:
+            runAsUser: 0
+          command:
+            - /bin/sh
+            - -c
+          args:
+            - /bin/sh /mnt/init/init.sh
+          volumeMounts:
+            - name: init-volume
+              mountPath: /mnt/init/init.sh
+              subPath: init.sh
+            - name: config-volume
+              mountPath: /config-templates
+            - mountPath: /config
+              name: home-assistant
+      volumes:
+        - name: init-volume
+          configMap:
+            name: init-script
+        - name: config-volume
+          configMap:
+            name: hass-configuration
+  volumeClaimTemplates:
+    - metadata:
+        name: home-assistant
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi
\ No newline at end of file
cyrannus/picon / httpbin / httpbin (5 resources)
Deployment/httpbin-httpbingo (new) (48 lines) 
--- baseline/cyrannus/picon/httpbin/httpbin/Deployment_httpbin-httpbingo.yml
+++ current/cyrannus/picon/httpbin/httpbin/Deployment_httpbin-httpbingo.yml
@@ -0,0 +1,44 @@
+---
+# Source: httpbingo/templates/patched_resources.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: httpbin
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: httpbingo
+    app.kubernetes.io/version: v2.2.2
+    helm.sh/chart: httpbingo-0.1.1
+  name: httpbin-httpbingo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: httpbin
+      app.kubernetes.io/name: httpbingo
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: httpbin
+        app.kubernetes.io/name: httpbingo
+    spec:
+      containers:
+        - image: mccutchen/go-httpbin:2.19
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          name: httpbingo
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources: {}
+          securityContext: {}
+      securityContext: {}
+      serviceAccountName: httpbin-httpbingo
\ No newline at end of file
Ingress/httpbin-httpbingo (new) (31 lines) 
--- baseline/cyrannus/picon/httpbin/httpbin/Ingress_httpbin-httpbingo.yml
+++ current/cyrannus/picon/httpbin/httpbin/Ingress_httpbin-httpbingo.yml
@@ -0,0 +1,27 @@
+---
+# Source: httpbingo/templates/patched_resources.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+  labels:
+    app.kubernetes.io/instance: httpbin
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: httpbingo
+    app.kubernetes.io/version: v2.2.2
+    helm.sh/chart: httpbingo-0.1.1
+  name: httpbin-httpbingo
+namespace: httpbin
+spec:
+  rules:
+    - host: httpbin.REDAC.RED
+      http:
+        paths:
+          - backend:
+              service:
+                name: httpbin-httpbingo
+                port:
+                  number: 80
+            path: /
+            pathType: ImplementationSpecific
\ No newline at end of file
Pod/httpbin-httpbingo-test-connection (new) (27 lines) 
--- baseline/cyrannus/picon/httpbin/httpbin/Pod_httpbin-httpbingo-test-connection.yml
+++ current/cyrannus/picon/httpbin/httpbin/Pod_httpbin-httpbingo-test-connection.yml
@@ -0,0 +1,23 @@
+---
+# Source: httpbingo/templates/patched_resources.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    helm.sh/hook: test
+  labels:
+    app.kubernetes.io/instance: httpbin
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: httpbingo
+    app.kubernetes.io/version: v2.2.2
+    helm.sh/chart: httpbingo-0.1.1
+  name: httpbin-httpbingo-test-connection
+spec:
+  containers:
+    - args:
+        - httpbin-httpbingo:80
+      command:
+        - wget
+      image: busybox
+      name: wget
+  restartPolicy: Never
\ No newline at end of file
ServiceAccount/httpbin-httpbingo (new) (16 lines) 
--- baseline/cyrannus/picon/httpbin/httpbin/ServiceAccount_httpbin-httpbingo.yml
+++ current/cyrannus/picon/httpbin/httpbin/ServiceAccount_httpbin-httpbingo.yml
@@ -0,0 +1,12 @@
+---
+# Source: httpbingo/templates/patched_resources.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: httpbin
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: httpbingo
+    app.kubernetes.io/version: v2.2.2
+    helm.sh/chart: httpbingo-0.1.1
+  name: httpbin-httpbingo
\ No newline at end of file
Service/httpbin-httpbingo (new) (26 lines) 
--- baseline/cyrannus/picon/httpbin/httpbin/Service_httpbin-httpbingo.yml
+++ current/cyrannus/picon/httpbin/httpbin/Service_httpbin-httpbingo.yml
@@ -0,0 +1,22 @@
+---
+# Source: httpbingo/templates/patched_resources.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: httpbin
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: httpbingo
+    app.kubernetes.io/version: v2.2.2
+    helm.sh/chart: httpbingo-0.1.1
+  name: httpbin-httpbingo
+spec:
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+  selector:
+    app.kubernetes.io/instance: httpbin
+    app.kubernetes.io/name: httpbingo
+  type: ClusterIP
\ No newline at end of file
cyrannus/picon / kubevirt-operator / kubevirt-cr (1 resources)
KubeVirt/kubevirt (new) (35 lines) 
--- baseline/cyrannus/picon/kubevirt-operator/kubevirt-cr/KubeVirt_kubevirt.yml
+++ current/cyrannus/picon/kubevirt-operator/kubevirt-cr/KubeVirt_kubevirt.yml
@@ -0,0 +1,31 @@
+---
+# Source: kustomize/templates/kustomized.yaml
+# Source: kustomize/templates/kustomized.yaml
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+  name: kubevirt
+  namespace: kubevirt
+spec:
+  certificateRotateStrategy: {}
+  configuration:
+    developerConfiguration:
+      featureGates: []
+    vmRolloutStrategy: LiveUpdate
+  customizeComponents: {}
+  imagePullPolicy: IfNotPresent
+  infra:
+    nodePlacement:
+      tolerations:
+        - key: node-role.kubernetes.io/etcd
+          operator: Exists
+  workloadUpdateStrategy:
+    workloadUpdateMethods:
+      - LiveMigrate
+  workloads:
+    nodePlacement:
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+        - key: node-role.kubernetes.io/etcd
+          operator: Exists
\ No newline at end of file
cyrannus/picon / kubevirt-operator / kubevirt-operator (10 resources)
ClusterRoleBinding/kubevirt-operator (new) (21 lines) 
--- baseline/cyrannus/picon/kubevirt-operator/kubevirt-operator/ClusterRoleBinding_kubevirt-operator.yml
+++ current/cyrannus/picon/kubevirt-operator/kubevirt-operator/ClusterRoleBinding_kubevirt-operator.yml
@@ -0,0 +1,17 @@
+---
+# Source: kustomize/templates/kustomized.yaml
+# Source: kustomize/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubevirt-operator
+subjects:
+  - kind: ServiceAccount
+    name: kubevirt-operator
+    namespace: kubevirt-operator
\ No newline at end of file
ClusterRole/kubevirt-operator (new) (1136 lines) 
--- baseline/cyrannus/picon/kubevirt-operator/kubevirt-operator/ClusterRole_kubevirt-operator.yml
+++ current/cyrannus/picon/kubevirt-operator/kubevirt-operator/ClusterRole_kubevirt-operator.yml
@@ -0,0 +1,1132 @@
+---
+# Source: kustomize/templates/kustomized.yaml
+# Source: kustomize/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator
+rules:
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+      - services
+      - endpoints
+      - pods/exec
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - patch
+      - delete
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - controllerrevisions
+    verbs:
+      - watch
+      - list
+      - create
+      - delete
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+      - daemonsets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+      - roles
+      - rolebindings
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+      - update
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - patch
+  - apiGroups:
+      - security.openshift.io
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - privileged
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - kubevirt-handler
+      - kubevirt-controller
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - validatingwebhookconfigurations
+      - mutatingwebhookconfigurations
+      - validatingadmissionpolicybindings
+      - validatingadmissionpolicies
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - update
+      - patch
+  - apiGroups:
+      - apiregistration.k8s.io
+    resources:
+      - apiservices
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - update
+      - patch
+  - apiGroups:
+      - monitoring.coreos.com
+    resources:
+      - servicemonitors
+      - prometheusrules
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - delete
+      - patch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines
+      - virtualmachineinstances
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - get
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines/status
+    verbs:
+      - patch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachineinstancemigrations
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - patch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachineinstancepresets
+    verbs:
+      - watch
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - limitranges
+    verbs:
+      - watch
+      - list
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - snapshot.kubevirt.io
+    resources:
+      - virtualmachinesnapshots
+      - virtualmachinerestores
+      - virtualmachinesnapshotcontents
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - cdi.kubevirt.io
+    resources:
+      - datasources
+      - datavolumes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - instancetype.kubevirt.io
+    resources:
+      - virtualmachineinstancetypes
+      - virtualmachineclusterinstancetypes
+      - virtualmachinepreferences
+      - virtualmachineclusterpreferences
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - migrations.kubevirt.io
+    resources:
+      - migrationpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - controllerrevisions
+    verbs:
+      - create
+      - list
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+  - apiGroups:
+      - policy
+    resources:
+      - poddisruptionbudgets
+    verbs:
+      - get
+      - list
+      - watch
+      - delete
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - configmaps
+      - endpoints
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+      - delete
+      - update
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - update
+      - create
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - pods/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods/eviction
+    verbs:
+      - create
+  - apiGroups:
+      - ""
+    resources:
+      - pods/status
+    verbs:
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets
+    verbs:
+      - list
+  - apiGroups:
+      - apps
+    resources:
+      - controllerrevisions
+    verbs:
+      - watch
+      - list
+      - create
+      - delete
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+      - patch
+  - apiGroups:
+      - snapshot.kubevirt.io
+    resources:
+      - virtualmachinesnapshots
+      - virtualmachinesnapshots/status
+      - virtualmachinesnapshots/finalizers
+      - virtualmachinesnapshotcontents
+      - virtualmachinesnapshotcontents/status
+      - virtualmachinesnapshotcontents/finalizers
+      - virtualmachinerestores
+      - virtualmachinerestores/status
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+      - patch
+  - apiGroups:
+      - export.kubevirt.io
+    resources:
+      - virtualmachineexports
+      - virtualmachineexports/status
+      - virtualmachineexports/finalizers
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+      - patch
+  - apiGroups:
+      - pool.kubevirt.io
+    resources:
+      - virtualmachinepools
+      - virtualmachinepools/finalizers
+      - virtualmachinepools/status
+      - virtualmachinepools/scale
+    verbs:
+      - watch
+      - list
+      - create
+      - delete
+      - update
+      - patch
+      - get
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines/finalizers
+      - virtualmachineinstances/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachines/stop
+      - virtualmachineinstances/addvolume
+      - virtualmachineinstances/removevolume
+      - virtualmachineinstances/freeze
+      - virtualmachineinstances/unfreeze
+      - virtualmachineinstances/reset
+      - virtualmachineinstances/softreboot
+      - virtualmachineinstances/sev/setupsession
+      - virtualmachineinstances/sev/injectlaunchsecret
+    verbs:
+      - update
+  - apiGroups:
+      - cdi.kubevirt.io
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - k8s.cni.cncf.io
+    resources:
+      - network-attachment-definitions
+    verbs:
+      - get
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+  - apiGroups:
+      - snapshot.storage.k8s.io
+    resources:
+      - volumesnapshotclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - snapshot.storage.k8s.io
+    resources:
+      - volumesnapshots
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - storage.k8s.io
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - instancetype.kubevirt.io
+    resources:
+      - virtualmachineinstancetypes
+      - virtualmachineclusterinstancetypes
+      - virtualmachinepreferences
+      - virtualmachineclusterpreferences
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - migrations.kubevirt.io
+    resources:
+      - migrationpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - clone.kubevirt.io
+    resources:
+      - virtualmachineclones
+      - virtualmachineclones/status
+      - virtualmachineclones/finalizers
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - resourcequotas
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - create
+      - get
+      - delete
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachineinstances
+    verbs:
+      - update
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - patch
+      - list
+      - watch
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - migrations.kubevirt.io
+    resources:
+      - migrationpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - export.kubevirt.io
+    resources:
+      - virtualmachineexports
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - version
+      - guestfs
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachineinstances/console
+      - virtualmachineinstances/vnc
+      - virtualmachineinstances/vnc/screenshot
+      - virtualmachineinstances/portforward
+      - virtualmachineinstances/guestosinfo
+      - virtualmachineinstances/filesystemlist
+      - virtualmachineinstances/userlist
+      - virtualmachineinstances/sev/fetchcertchain
+      - virtualmachineinstances/sev/querylaunchmeasurement
+      - virtualmachineinstances/usbredir
+    verbs:
+      - get
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachineinstances/pause
+      - virtualmachineinstances/unpause
+      - virtualmachineinstances/addvolume
+      - virtualmachineinstances/removevolume
+      - virtualmachineinstances/freeze
+      - virtualmachineinstances/unfreeze
+      - virtualmachineinstances/softreboot
+      - virtualmachineinstances/reset
+      - virtualmachineinstances/sev/setupsession
+      - virtualmachineinstances/sev/injectlaunchsecret
+    verbs:
+      - update
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachines/expand-spec
+      - virtualmachines/portforward
+    verbs:
+      - get
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachines/start
+      - virtualmachines/stop
+      - virtualmachines/restart
+      - virtualmachines/addvolume
+      - virtualmachines/removevolume
+      - virtualmachines/memorydump
+    verbs:
+      - update
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - expand-vm-spec
+    verbs:
+      - update
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines
+      - virtualmachineinstances
+      - virtualmachineinstancepresets
+      - virtualmachineinstancereplicasets
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachineinstancemigrations
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - snapshot.kubevirt.io
+    resources:
+      - virtualmachinesnapshots
+      - virtualmachinesnapshotcontents
+      - virtualmachinerestores
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
+  - apiGroups:
+      - export.kubevirt.io
+    resources:
+      - virtualmachineexports
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
+  - apiGroups:
+      - clone.kubevirt.io
+    resources:
+      - virtualmachineclones
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
+  - apiGroups:
+      - instancetype.kubevirt.io
+    resources:
+      - virtualmachineinstancetypes
+      - virtualmachineclusterinstancetypes
+      - virtualmachinepreferences
+      - virtualmachineclusterpreferences
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
+  - apiGroups:
+      - pool.kubevirt.io
+    resources:
+      - virtualmachinepools
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
+  - apiGroups:
+      - migrations.kubevirt.io
+    resources:
+      - migrationpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachineinstances/console
+      - virtualmachineinstances/vnc
+      - virtualmachineinstances/vnc/screenshot
+      - virtualmachineinstances/portforward
+      - virtualmachineinstances/guestosinfo
+      - virtualmachineinstances/filesystemlist
+      - virtualmachineinstances/userlist
+      - virtualmachineinstances/sev/fetchcertchain
+      - virtualmachineinstances/sev/querylaunchmeasurement
+      - virtualmachineinstances/usbredir
+    verbs:
+      - get
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachineinstances/pause
+      - virtualmachineinstances/unpause
+      - virtualmachineinstances/addvolume
+      - virtualmachineinstances/removevolume
+      - virtualmachineinstances/freeze
+      - virtualmachineinstances/unfreeze
+      - virtualmachineinstances/softreboot
+      - virtualmachineinstances/reset
+      - virtualmachineinstances/sev/setupsession
+      - virtualmachineinstances/sev/injectlaunchsecret
+    verbs:
+      - update
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachines/expand-spec
+      - virtualmachines/portforward
+    verbs:
+      - get
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachines/start
+      - virtualmachines/stop
+      - virtualmachines/restart
+      - virtualmachines/addvolume
+      - virtualmachines/removevolume
+      - virtualmachines/memorydump
+    verbs:
+      - update
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - expand-vm-spec
+    verbs:
+      - update
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines
+      - virtualmachineinstances
+      - virtualmachineinstancepresets
+      - virtualmachineinstancereplicasets
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachineinstancemigrations
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - snapshot.kubevirt.io
+    resources:
+      - virtualmachinesnapshots
+      - virtualmachinesnapshotcontents
+      - virtualmachinerestores
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - export.kubevirt.io
+    resources:
+      - virtualmachineexports
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - clone.kubevirt.io
+    resources:
+      - virtualmachineclones
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - instancetype.kubevirt.io
+    resources:
+      - virtualmachineinstancetypes
+      - virtualmachineclusterinstancetypes
+      - virtualmachinepreferences
+      - virtualmachineclusterpreferences
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - pool.kubevirt.io
+    resources:
+      - virtualmachinepools
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - migrations.kubevirt.io
+    resources:
+      - migrationpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachines/expand-spec
+      - virtualmachineinstances/guestosinfo
+      - virtualmachineinstances/filesystemlist
+      - virtualmachineinstances/userlist
+      - virtualmachineinstances/sev/fetchcertchain
+      - virtualmachineinstances/sev/querylaunchmeasurement
+    verbs:
+      - get
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - expand-vm-spec
+    verbs:
+      - update
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines
+      - virtualmachineinstances
+      - virtualmachineinstancepresets
+      - virtualmachineinstancereplicasets
+      - virtualmachineinstancemigrations
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - snapshot.kubevirt.io
+    resources:
+      - virtualmachinesnapshots
+      - virtualmachinesnapshotcontents
+      - virtualmachinerestores
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - export.kubevirt.io
+    resources:
+      - virtualmachineexports
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - clone.kubevirt.io
+    resources:
+      - virtualmachineclones
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - instancetype.kubevirt.io
+    resources:
+      - virtualmachineinstancetypes
+      - virtualmachineclusterinstancetypes
+      - virtualmachinepreferences
+      - virtualmachineclusterpreferences
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - pool.kubevirt.io
+    resources:
+      - virtualmachinepools
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - migrations.kubevirt.io
+    resources:
+      - migrationpolicies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - instancetype.kubevirt.io
+    resources:
+      - virtualmachineclusterinstancetypes
+      - virtualmachineclusterpreferences
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - subresources.kubevirt.io
+    resources:
+      - virtualmachines/migrate
+    verbs:
+      - update
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachineinstancemigrations
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
\ No newline at end of file
ClusterRole/kubevirt.io:operator (new) (28 lines) 
--- baseline/cyrannus/picon/kubevirt-operator/kubevirt-operator/ClusterRole_kubevirt.io:operator.yml
+++ current/cyrannus/picon/kubevirt-operator/kubevirt-operator/ClusterRole_kubevirt.io:operator.yml
@@ -0,0 +1,24 @@
+---
+# Source: kustomize/templates/kustomized.yaml
+# Source: kustomize/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    operator.kubevirt.io: ""
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+  name: kubevirt.io:operator
+rules:
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - kubevirts
+    verbs:
+      - get
+      - delete
+      - create
+      - update
+      - patch
+      - list
+      - watch
+      - deletecollection
\ No newline at end of file

  • CustomResourceDefinition/kubevirts.kubevirt (new) (6240 lines, truncated)

  • Deployment/virt-operator (new) (112 lines, truncated)

Namespace/kubevirt-operator (new) (14 lines) 
--- baseline/cyrannus/picon/kubevirt-operator/kubevirt-operator/Namespace_kubevirt-operator.yml
+++ current/cyrannus/picon/kubevirt-operator/kubevirt-operator/Namespace_kubevirt-operator.yml
@@ -0,0 +1,10 @@
+---
+# Source: kustomize/templates/kustomized.yaml
+# Source: kustomize/templates/kustomized.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubevirt.io: ""
+    pod-security.kubernetes.io/enforce: privileged
+  name: kubevirt-operator
\ No newline at end of file
PriorityClass/kubevirt-cluster-critical (new) (14 lines) 
--- baseline/cyrannus/picon/kubevirt-operator/kubevirt-operator/PriorityClass_kubevirt-cluster-critical.yml
+++ current/cyrannus/picon/kubevirt-operator/kubevirt-operator/PriorityClass_kubevirt-cluster-critical.yml
@@ -0,0 +1,10 @@
+---
+# Source: kustomize/templates/kustomized.yaml
+# Source: kustomize/templates/kustomized.yaml
+apiVersion: scheduling.k8s.io/v1
+description: This priority class should be used for core kubevirt components only.
+globalDefault: false
+kind: PriorityClass
+metadata:
+  name: kubevirt-cluster-critical
+value: 1000000000
\ No newline at end of file
RoleBinding/kubevirt-operator-rolebinding (new) (22 lines) 
--- baseline/cyrannus/picon/kubevirt-operator/kubevirt-operator/RoleBinding_kubevirt-operator-rolebinding.yml
+++ current/cyrannus/picon/kubevirt-operator/kubevirt-operator/RoleBinding_kubevirt-operator-rolebinding.yml
@@ -0,0 +1,18 @@
+---
+# Source: kustomize/templates/kustomized.yaml
+# Source: kustomize/templates/kustomized.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    kubevirt.io: ""
+  name: kubevirt-operator-rolebinding
+  namespace: kubevirt-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubevirt-operator
+subjects:
+  - kind: ServiceAccount
+    name: kubevirt-operator
+    namespace: kubevirt-operator
\ No newline at end of file

  • Role/kubevirt-operator (new) (137 lines, truncated)

  • ServiceAccount/kubevirt-operator (new) (14 lines, truncated)

cyrannus/picon / longhorn-system / longhorn (44 resources)

  • ClusterRoleBinding/longhorn-bind (new) (24 lines, truncated)

  • ClusterRoleBinding/longhorn-support-bundle (new) (24 lines, truncated)

  • ClusterRole/longhorn-role (new) (77 lines, truncated)

  • ConfigMap/longhorn-default-resource (new) (19 lines, truncated)

  • ConfigMap/longhorn-default-setting (new) (21 lines, truncated)

  • ConfigMap/longhorn-storageclass (new) (39 lines, truncated)

  • CustomResourceDefinition/backingimagedatasources.longhorn (new) (140 lines, truncated)

  • CustomResourceDefinition/backingimagemanagers.longhorn (new) (144 lines, truncated)

  • CustomResourceDefinition/backingimages.longhorn (new) (182 lines, truncated)

  • CustomResourceDefinition/backupbackingimages.longhorn (new) (168 lines, truncated)

  • CustomResourceDefinition/backups.longhorn (new) (193 lines, truncated)

  • CustomResourceDefinition/backuptargets.longhorn (new) (138 lines, truncated)

  • CustomResourceDefinition/backupvolumes.longhorn (new) (147 lines, truncated)

  • CustomResourceDefinition/engineimages.longhorn (new) (153 lines, truncated)

  • CustomResourceDefinition/engines.longhorn (new) (356 lines, truncated)

  • CustomResourceDefinition/instancemanagers.longhorn (new) (314 lines, truncated)

  • CustomResourceDefinition/nodes.longhorn (new) (228 lines, truncated)

  • CustomResourceDefinition/orphans.longhorn (new) (123 lines, truncated)

  • CustomResourceDefinition/recurringjobs.longhorn (new) (142 lines, truncated)

  • CustomResourceDefinition/replicas.longhorn (new) (233 lines, truncated)

  • CustomResourceDefinition/settings.longhorn (new) (86 lines, truncated)

  • CustomResourceDefinition/sharemanagers.longhorn (new) (89 lines, truncated)

  • CustomResourceDefinition/snapshots.longhorn (new) (137 lines, truncated)

  • CustomResourceDefinition/supportbundles.longhorn (new) (136 lines, truncated)

  • CustomResourceDefinition/systembackups.longhorn (new) (140 lines, truncated)

  • CustomResourceDefinition/systemrestores.longhorn (new) (113 lines, truncated)

  • CustomResourceDefinition/volumeattachments.longhorn (new) (145 lines, truncated)

  • CustomResourceDefinition/volumes.longhorn (new) (361 lines, truncated)

  • DaemonSet/longhorn-manager (new) (132 lines, truncated)

  • Deployment/longhorn-driver-deployer (new) (77 lines, truncated)

  • Deployment/longhorn-ui (new) (73 lines, truncated)

  • Job/longhorn-post-upgrade (new) (48 lines, truncated)

  • Job/longhorn-pre-upgrade (new) (56 lines, truncated)

  • Job/longhorn-uninstall (new) (49 lines, truncated)

  • PriorityClass/longhorn-critical (new) (20 lines, truncated)

  • RoleBinding/longhorn (new) (19 lines, truncated)

  • Role/longhorn (new) (39 lines, truncated)

  • ServiceAccount/longhorn-service-account (new) (17 lines, truncated)

  • ServiceAccount/longhorn-support-bundle (new) (17 lines, truncated)

  • ServiceAccount/longhorn-ui-service-account (new) (17 lines, truncated)

  • Service/longhorn-admission-webhook (new) (26 lines, truncated)

  • Service/longhorn-backend (new) (26 lines, truncated)

  • Service/longhorn-frontend (new) (27 lines, truncated)

  • Service/longhorn-recovery-backend (new) (26 lines, truncated)

cyrannus/picon / n8n / n8n (8 resources)

  • ConfigMap/n8n-app-config (new) (21 lines, truncated)

  • Deployment/n8n (new) (78 lines, truncated)

  • Ingress/n8n (new) (22 lines, truncated)

  • PersistentVolumeClaim/n8n (new) (23 lines, truncated)

  • Pod/n8n-test-connection (new) (29 lines, truncated)

  • Secret/n8n-app-secret (new) (20 lines, truncated)

  • ServiceAccount/n8n (new) (17 lines, truncated)

  • Service/n8n (new) (28 lines, truncated)

cyrannus/picon / ollama-deepseek-r1 / ollama-deepseek-r1-8b (1 resources)
  • Model/deepseek-r1-8b (new) (17 lines, truncated)
cyrannus/picon / ollama-operator / ollama-operator (12 resources)

  • ClusterRoleBinding/ollama-operator-manager-rolebinding (new) (26 lines, truncated)

  • ClusterRoleBinding/ollama-operator-proxy-rolebinding (new) (26 lines, truncated)

  • ClusterRole/ollama-operator-manager-role (new) (93 lines, truncated)

  • ClusterRole/ollama-operator-metrics-reader (new) (23 lines, truncated)

  • ClusterRole/ollama-operator-proxy-role (new) (31 lines, truncated)

  • CustomResourceDefinition/models.ollama.ayaka (new) (8059 lines, truncated)

  • Deployment/ollama-operator-controller-manager (new) (92 lines, truncated)

  • Namespace/ollama-operator-system (new) (19 lines, truncated)

  • RoleBinding/ollama-operator-leader-election-rolebinding (new) (27 lines, truncated)

  • Role/ollama-operator-leader-election-role (new) (51 lines, truncated)

  • ServiceAccount/ollama-operator-controller-manager (new) (15 lines, truncated)

  • Service/ollama-operator-controller-manager-metrics-service (new) (28 lines, truncated)

cyrannus/picon / ollama-phi-mini / ollama-phi-mini (1 resources)
  • Model/phi-mini (new) (17 lines, truncated)
cyrannus/picon / open-webui / open-webui (8 resources)

  • Deployment/open-webui-pipelines (new) (53 lines, truncated)

  • PersistentVolumeClaim/open-webui-pipelines (new) (20 lines, truncated)

  • PersistentVolumeClaim/open-webui (new) (20 lines, truncated)

  • ServiceAccount/existing-sa (new) (19 lines, truncated)

  • ServiceAccount/open-webui-pipelines (new) (18 lines, truncated)

  • Service/open-webui-pipelines (new) (28 lines, truncated)

  • Service/open-webui (new) (28 lines, truncated)

  • StatefulSet/open-webui (new) (70 lines, truncated)

cyrannus/picon/open-webui/open-webui / open-webui / charts (4 resources)

  • Deployment/open-webui-pipelines (new) (53 lines, truncated)

  • PersistentVolumeClaim/open-webui-pipelines (new) (20 lines, truncated)

  • ServiceAccount/open-webui-pipelines (new) (18 lines, truncated)

  • Service/open-webui-pipelines (new) (28 lines, truncated)

cyrannus/picon / pihole / pihole (7 resources)

  • ConfigMap/pihole-custom-dnsmasq (new) (20 lines, truncated)

  • Deployment/pihole (new) (158 lines, truncated)

  • Ingress/pihole (new) (27 lines, truncated)

  • PersistentVolumeClaim/pihole (new) (22 lines, truncated)

  • Secret/pihole-password (new) (18 lines, truncated)

  • Service/pihole-dns (new) (33 lines, truncated)

  • Service/pihole-web (new) (33 lines, truncated)

cyrannus/picon / traefik / traefik (17 resources)

  • ClusterRoleBinding/traefik-traefik (new) (23 lines, truncated)

  • ClusterRole/traefik-traefik (new) (88 lines, truncated)

  • Deployment/traefik (new) (147 lines, truncated)

  • Endpoints/external-traefik (new) (19 lines, truncated)

  • Endpoints/syno (new) (17 lines, truncated)

  • IngressClass/traefik (new) (19 lines, truncated)

  • IngressRoute/catch-all-fallback (new) (25 lines, truncated)

  • IngressRoute/minio (new) (22 lines, truncated)

  • IngressRoute/traefik-dashboard (new) (27 lines, truncated)

  • Middleware/internal (new) (16 lines, truncated)

  • ServersTransport/insecure (new) (13 lines, truncated)

  • ServiceAccount/traefik (new) (17 lines, truncated)

  • Service/external-traefik (new) (19 lines, truncated)

  • Service/syno (new) (16 lines, truncated)

  • Service/traefik-public (new) (36 lines, truncated)

  • Service/traefik (new) (32 lines, truncated)

  • TLSStore/default (new) (19 lines, truncated)

cyrannus/picon / traefik / traefik-crds (10 resources)

  • CustomResourceDefinition/ingressroutes.traefik (new) (443 lines, truncated)

  • CustomResourceDefinition/ingressroutetcps.traefik (new) (249 lines, truncated)

  • CustomResourceDefinition/ingressrouteudps.traefik (new) (118 lines, truncated)

  • CustomResourceDefinition/middlewares.traefik (new) (1180 lines, truncated)

  • CustomResourceDefinition/middlewaretcps.traefik (new) (96 lines, truncated)

  • CustomResourceDefinition/serverstransports.traefik (new) (163 lines, truncated)

  • CustomResourceDefinition/serverstransporttcps.traefik (new) (153 lines, truncated)

  • CustomResourceDefinition/tlsoptions.traefik (new) (123 lines, truncated)

  • CustomResourceDefinition/tlsstores.traefik (new) (102 lines, truncated)

  • CustomResourceDefinition/traefikservices.traefik (new) (978 lines, truncated)

Generated by ATLAS Review — Re-run

max06 and others added 18 commits May 10, 2026 18:45
@max06
Update keys
0f2cb14
@max06
Move pihole
99cfef4
@max06 @claude
feat: Remove hello-world deployment
529639f 
No longer needed — httpbin covers traffic routing tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move open-webui to atlas
497c9fc 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move longhorn to atlas
03cad34 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move kubevirt-operator to atlas
fa039d9 
Includes both kubevirt-operator and kubevirt-cr templates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move ollama-operator to atlas
7e60a2a 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move ollama-deepseek-r1 to atlas
8b0ba2e 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move ollama-phi-mini to atlas
175f688 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move home-assistant to atlas
b6a4267 
Also removes bogus storageClass: Host() line (copy-paste error).

Note: clusters/cyrannus/picon/apps/home-assistant/values.sops.yaml
should be deleted manually (contains only primary_domain, now global).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move httpbin to atlas
ccab450 
Note: clusters/cyrannus/picon/apps/httpbin/values.sops.yaml
should be deleted manually (contains only primary_domain, now global).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move n8n to atlas
c009b12 
Note: remove primary_domain from
clusters/cyrannus/picon/apps/n8n/values.sops.yaml manually
(redundant with global). Keep encryption_key and license_activation_key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move cilium-config to atlas
07d60d3 
Extracts the self-contained cluster-level helmfile into a proper
app template at apps/cilium-config/.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Move external-services to atlas
af745b8 
Uses named instance pattern with inline values. Host now uses
primary_domain from the global hierarchy instead of hardcoded domain.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
feat: Enable rancher-to-argocd-controller on helios via atlas
7220311 
Renames _deployment.yaml to deployment.yaml (was disabled),
removes old helmfile reference, renames app template to .gotmpl.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06 @claude
chore: Remove legacy files and unused app templates
1adbcad 
Removes:
- appSets.yaml.gotmpl (old ApplicationSet definitions, replaced by atlas)
- values.yaml (top-level values from old system)
- Pipfile, Pipfile.lock, main.py (abandoned CDK8s/Python experiment)
- apps/test-local-chart, apps/test-plain, apps/test-upstream-chart
  (unused test templates)
- testing/ (unused experiment)
- bases/, experimental/, loose yaml files (untracked, already deleted)
- apps/vm-template, apps/hello-world (untracked, already deleted)

Kept: apps/homepage, apps/rancher, apps/virtual-machine (future use)
Kept: switch-config.yaml (rancher-token for downstream clusters)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@max06
chore: Remove duplicate secrets
892f893
@max06
Last fixes
5d33d6a
Repository owner deleted a comment May 10, 2026
@max06 max06 force-pushed the move-everything branch from 228c823 to 0a31b35 Compare May 10, 2026 22:26
@max06 max06 force-pushed the move-everything branch from 0a31b35 to bcea9aa Compare May 10, 2026 22:28
@max06 @claude
fix: Add missing namespace to app templates
ae1f204 
Templates without explicit namespace: ollama-deepseek-r1-8b,
ollama-operator, ollama-phi-mini, open-webui, pihole, virtual-machine.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@max06