Huge upgraqde to everything
This commit is contained in:
parent
10d7936625
commit
6c83d67c9c
@ -10,20 +10,13 @@ releases:
|
|||||||
installed: true
|
installed: true
|
||||||
- <<: *cilium
|
- <<: *cilium
|
||||||
installed: true
|
installed: true
|
||||||
|
|
||||||
|
- <<: *local-path-provisioner
|
||||||
|
|
||||||
- <<: *zot
|
- <<: *zot
|
||||||
installed: true
|
installed: true
|
||||||
- <<: *chartmuseum
|
|
||||||
installed: false
|
|
||||||
- <<: *keel
|
- <<: *keel
|
||||||
- <<: *drone
|
- <<: *traefik
|
||||||
installed: true
|
|
||||||
namespace: drone-service
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *drone-runner-docker
|
|
||||||
installed: true
|
|
||||||
namespace: drone-service
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *argocd
|
- <<: *argocd
|
||||||
installed: true
|
installed: true
|
||||||
@ -45,21 +38,6 @@ releases:
|
|||||||
namespace: funkwhale-application
|
namespace: funkwhale-application
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *prometheus
|
|
||||||
installed: true
|
|
||||||
namespace: monitoring-system
|
|
||||||
createNamespace: true
|
|
||||||
|
|
||||||
- <<: *loki
|
|
||||||
installed: false
|
|
||||||
namespace: monitoring-system
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *promtail
|
|
||||||
installed: true
|
|
||||||
namespace: monitoring-system
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *bitwarden
|
- <<: *bitwarden
|
||||||
installed: false
|
installed: false
|
||||||
namespace: bitwarden-application
|
namespace: bitwarden-application
|
||||||
@ -95,16 +73,15 @@ releases:
|
|||||||
namespace: woodpecker-ci
|
namespace: woodpecker-ci
|
||||||
createNamespace: true
|
createNamespace: true
|
||||||
|
|
||||||
|
|
||||||
- <<: *istio-gateway-resources
|
|
||||||
installed: true
|
|
||||||
namespace: istio-system
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *vaultwarden
|
- <<: *vaultwarden
|
||||||
createNamespace: true
|
createNamespace: true
|
||||||
installed: true
|
installed: true
|
||||||
namespace: vaultwarden-application
|
namespace: vaultwarden-application
|
||||||
|
|
||||||
|
- <<: *vaultwardentest
|
||||||
|
createNamespace: false
|
||||||
|
installed: true
|
||||||
|
namespace: applications
|
||||||
|
|
||||||
- <<: *openvpn-xor
|
- <<: *openvpn-xor
|
||||||
installed: true
|
installed: true
|
||||||
@ -113,12 +90,7 @@ releases:
|
|||||||
|
|
||||||
- <<: *docker-mailserver
|
- <<: *docker-mailserver
|
||||||
installed: true
|
installed: true
|
||||||
namespace: mail-service
|
namespace: applications
|
||||||
createNamespace: true
|
|
||||||
|
|
||||||
- <<: *tandoor
|
|
||||||
installed: false
|
|
||||||
namespace: tandoor-application
|
|
||||||
createNamespace: true
|
createNamespace: true
|
||||||
|
|
||||||
- <<: *mailu
|
- <<: *mailu
|
||||||
|
27
badhouseplants/values/secrets.vaultwardentest.yaml
Normal file
27
badhouseplants/values/secrets.vaultwardentest.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
vaultwarden:
|
||||||
|
smtp:
|
||||||
|
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
|
||||||
|
password:
|
||||||
|
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
|
||||||
|
adminToken:
|
||||||
|
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
|
||||||
|
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
|
||||||
|
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
|
||||||
|
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
|
||||||
|
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-06T15:15:43Z"
|
||||||
|
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
@ -1,18 +1,4 @@
|
|||||||
---
|
---
|
||||||
# ------------------------------------------
|
|
||||||
# -- Istio extenstion. Just because I'm
|
|
||||||
# -- not using ingress nginx
|
|
||||||
# ------------------------------------------
|
|
||||||
istio:
|
|
||||||
enabled: true
|
|
||||||
istio:
|
|
||||||
- name: argocd-http
|
|
||||||
gateway: istio-system/badhouseplants-net
|
|
||||||
kind: http
|
|
||||||
hostname: argo.badhouseplants.net
|
|
||||||
service: argocd-server
|
|
||||||
port: 80
|
|
||||||
|
|
||||||
controller:
|
controller:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
@ -48,18 +34,35 @@ dex:
|
|||||||
enabled: false
|
enabled: false
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
global:
|
||||||
|
domain: argo.badhouseplants.net
|
||||||
|
|
||||||
server:
|
server:
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
ingressClassName: traefik
|
||||||
|
tls: true
|
||||||
metrics:
|
metrics:
|
||||||
enabled: true
|
enabled: true
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
extraArgs:
|
extraArgs:
|
||||||
- --insecure
|
- --insecure
|
||||||
|
servicePort:
|
||||||
|
servicePortHttp: 80
|
||||||
|
servicePortHttps: 80
|
||||||
|
|
||||||
repoServer:
|
repoServer:
|
||||||
metrics:
|
metrics:
|
||||||
@ -71,6 +74,8 @@ repoServer:
|
|||||||
- name: regcred
|
- name: regcred
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
|
params:
|
||||||
|
server.insecure: true
|
||||||
rbac:
|
rbac:
|
||||||
policy.default: role:readonly
|
policy.default: role:readonly
|
||||||
scopes: "[email, group]"
|
scopes: "[email, group]"
|
||||||
|
@ -1,125 +1,67 @@
|
|||||||
istio-gateway:
|
traefik:
|
||||||
enabled: true
|
enabled: true
|
||||||
gateways:
|
tcpRoutes:
|
||||||
- name: badhouseplants-email
|
- name: docker-mailserver-smtp
|
||||||
servers:
|
|
||||||
- hosts:
|
|
||||||
- "*"
|
|
||||||
port:
|
|
||||||
name: smtp
|
|
||||||
number: 25
|
|
||||||
protocol: TCP
|
|
||||||
- hosts:
|
|
||||||
- "*"
|
|
||||||
port:
|
|
||||||
name: pop3
|
|
||||||
number: 110
|
|
||||||
protocol: TCP
|
|
||||||
- hosts:
|
|
||||||
- "*"
|
|
||||||
port:
|
|
||||||
name: imap
|
|
||||||
number: 143
|
|
||||||
protocol: TCP
|
|
||||||
- hosts:
|
|
||||||
- "*"
|
|
||||||
port:
|
|
||||||
name: smtps
|
|
||||||
number: 465
|
|
||||||
protocol: TCP
|
|
||||||
- hosts:
|
|
||||||
- "*"
|
|
||||||
port:
|
|
||||||
name: submission
|
|
||||||
number: 587
|
|
||||||
protocol: TCP
|
|
||||||
- hosts:
|
|
||||||
- "*"
|
|
||||||
port:
|
|
||||||
name: imaps
|
|
||||||
number: 993
|
|
||||||
protocol: TCP
|
|
||||||
- hosts:
|
|
||||||
- "*"
|
|
||||||
port:
|
|
||||||
name: pop3s
|
|
||||||
number: 995
|
|
||||||
protocol: TCP
|
|
||||||
istio:
|
|
||||||
enabled: true
|
|
||||||
istio:
|
|
||||||
- name: docker-mailserver-smpt
|
|
||||||
kind: tcp
|
|
||||||
gateway: badhouseplants-email
|
|
||||||
service: docker-mailserver
|
service: docker-mailserver
|
||||||
hostname: badhouseplants.net
|
match: HostSNI(`*`)
|
||||||
port_match: 25
|
entrypoint: smtp
|
||||||
port: 25
|
port: 25
|
||||||
- name: docker-mailserver-smpts
|
- name: docker-mailserver-smtps
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-email
|
|
||||||
port_match: 465
|
|
||||||
hostname: badhouseplants.net
|
|
||||||
service: docker-mailserver
|
service: docker-mailserver
|
||||||
|
entrypoint: smtps
|
||||||
port: 465
|
port: 465
|
||||||
- name: docker-mailserver-smpt-startls
|
- name: docker-mailserver-smpt-startls
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-email
|
|
||||||
hostname: badhouseplants.net
|
|
||||||
port_match: 587
|
|
||||||
service: docker-mailserver
|
service: docker-mailserver
|
||||||
|
entrypoint: smtp-startls
|
||||||
port: 587
|
port: 587
|
||||||
- name: docker-mailserver-imap
|
- name: docker-mailserver-imap
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
hostname: badhouseplants.net
|
|
||||||
gateway: badhouseplants-email
|
|
||||||
port_match: 143
|
|
||||||
service: docker-mailserver
|
service: docker-mailserver
|
||||||
|
entrypoint: imap
|
||||||
port: 143
|
port: 143
|
||||||
- name: docker-mailserver-imaps
|
- name: docker-mailserver-imaps
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-email
|
|
||||||
hostname: badhouseplants.net
|
|
||||||
port_match: 993
|
|
||||||
service: docker-mailserver
|
service: docker-mailserver
|
||||||
|
entrypoint: imaps
|
||||||
port: 993
|
port: 993
|
||||||
- name: docker-mailserver-pop3
|
- name: docker-mailserver-pop3
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-email
|
|
||||||
port_match: 110
|
|
||||||
hostname: badhouseplants.net
|
|
||||||
service: docker-mailserver
|
service: docker-mailserver
|
||||||
|
entrypoint: pop3
|
||||||
port: 110
|
port: 110
|
||||||
- name: docker-mailserver-pop3s
|
- name: docker-mailserver-pop3s
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-email
|
|
||||||
port_match: 993
|
|
||||||
hostname: badhouseplants.net
|
|
||||||
service: docker-mailserver
|
service: docker-mailserver
|
||||||
|
entrypoint: pop3s
|
||||||
port: 993
|
port: 993
|
||||||
- name: docker-mailserver-rainloop
|
|
||||||
kind: http
|
|
||||||
gateway: istio-system/badhouseplants-net
|
|
||||||
hostname: mail.badhouseplants.net
|
|
||||||
service: docker-mailserver-rainloop
|
|
||||||
port: 80
|
|
||||||
|
|
||||||
rainloop:
|
rainloop:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- mail.badhouseplants.net
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
tls:
|
||||||
|
- secretName: mail-tls-secret
|
||||||
|
hosts:
|
||||||
|
- mail.badhouseplants.net
|
||||||
|
|
||||||
demoMode:
|
demoMode:
|
||||||
enabled: false
|
enabled: false
|
||||||
domains:
|
domains:
|
||||||
- badhouseplants.net
|
- badhouseplants.net
|
||||||
- mail.badhouseplants.net
|
- mail.badhouseplants.net
|
||||||
ssl:
|
ssl:
|
||||||
issuer:
|
useExisting: true
|
||||||
name: badhouseplants-issuer
|
existingName: mail-tls-secret
|
||||||
kind: ClusterIssuer
|
|
||||||
dnsname: badhouseplants.net
|
|
||||||
dns01provider: cloudflare
|
|
||||||
useExisting: false
|
|
||||||
pod:
|
pod:
|
||||||
dockermailserver:
|
dockermailserver:
|
||||||
enable_fail2ban: "0"
|
enable_fail2ban: "0"
|
||||||
|
@ -30,6 +30,22 @@ celery:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: 10m
|
||||||
memory: 75Mi
|
memory: 75Mi
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
host: funkwhale.badhouseplants.net
|
||||||
|
protocol: http
|
||||||
|
|
||||||
|
tls:
|
||||||
|
- secretName: funkwhale-tls-secret
|
||||||
|
hosts:
|
||||||
|
- funkwhale.badhouseplants.net
|
||||||
|
|
||||||
extraEnv:
|
extraEnv:
|
||||||
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
|
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
|
||||||
FUNKWHALE_PROTOCOL: https
|
FUNKWHALE_PROTOCOL: https
|
||||||
@ -39,8 +55,7 @@ persistence:
|
|||||||
size: 10Gi
|
size: 10Gi
|
||||||
s3:
|
s3:
|
||||||
enabled: false
|
enabled: false
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
postgresql:
|
postgresql:
|
||||||
enabled: false
|
enabled: false
|
||||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||||
|
@ -1,25 +1,5 @@
|
|||||||
---
|
---
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
# -- Istio extenstion. Just because I'm
|
|
||||||
# -- not using ingress nginx
|
|
||||||
# ------------------------------------------
|
|
||||||
istio:
|
|
||||||
enabled: true
|
|
||||||
istio:
|
|
||||||
- name: gitea-http
|
|
||||||
kind: http
|
|
||||||
gateway: istio-system/badhouseplants-net
|
|
||||||
hostname: git.badhouseplants.net
|
|
||||||
service: gitea-http
|
|
||||||
port: 3000
|
|
||||||
- name: gitea-ssh
|
|
||||||
kind: tcp
|
|
||||||
gateway: istio-system/badhouseplants-ssh
|
|
||||||
hostname: "*"
|
|
||||||
port_match: 22
|
|
||||||
service: gitea-ssh
|
|
||||||
port: 22
|
|
||||||
# ------------------------------------------
|
|
||||||
# -- Database extension is used to manage
|
# -- Database extension is used to manage
|
||||||
# -- database with db-operator
|
# -- database with db-operator
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
@ -27,9 +7,27 @@ ext-database:
|
|||||||
enabled: true
|
enabled: true
|
||||||
name: gitea-postgres16
|
name: gitea-postgres16
|
||||||
instance: postgres16
|
instance: postgres16
|
||||||
|
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
# -- Kubernetes related values
|
# -- Kubernetes related values
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
hosts:
|
||||||
|
- host: git.badhouseplants.net
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- secretName: gitea-tls-secret
|
||||||
|
hosts:
|
||||||
|
- git.badhouseplants.net
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
clusterDomain: cluster.local
|
clusterDomain: cluster.local
|
||||||
|
|
||||||
@ -47,8 +45,6 @@ persistence:
|
|||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
# -- Main Gitea settings
|
# -- Main Gitea settings
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
@ -125,3 +121,21 @@ postgresql-ha:
|
|||||||
enabled: false
|
enabled: false
|
||||||
redis-cluster:
|
redis-cluster:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
extraDeploy:
|
||||||
|
- |
|
||||||
|
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: IngressRouteTCP
|
||||||
|
metadata:
|
||||||
|
name: {{ include "gitea.fullname" . }}-ssh
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- git-ssh
|
||||||
|
routes:
|
||||||
|
- match: HostSNI(`git.badhouseplants.net`)
|
||||||
|
services:
|
||||||
|
- name: "{{ include "gitea.fullname" . }}-ssh"
|
||||||
|
port: 22
|
||||||
|
nativeLB: true
|
||||||
|
{{- end }}
|
||||||
|
3
badhouseplants/values/values.local-path-provisioner.yaml
Normal file
3
badhouseplants/values/values.local-path-provisioner.yaml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
storageClass:
|
||||||
|
create: true
|
||||||
|
defaultClass: false
|
@ -1,81 +1,64 @@
|
|||||||
---
|
---
|
||||||
certificate:
|
# ------------------------------------------
|
||||||
|
# -- Database extension is used to manage
|
||||||
|
# -- database with db-operator
|
||||||
|
# ------------------------------------------
|
||||||
|
ext-database:
|
||||||
enabled: true
|
enabled: true
|
||||||
certificate:
|
name: mailu-postgres16
|
||||||
- name: mailu
|
instance: postgres16
|
||||||
secretName: mailu-certificate
|
extraDatabase:
|
||||||
issuer:
|
enabled: true
|
||||||
kind: ClusterIssuer
|
name: roundcube-postgres16
|
||||||
name: badhouseplants-issuer
|
instance: postgres16
|
||||||
dnsNames:
|
|
||||||
- badhouseplants.net
|
|
||||||
- "email.badhouseplants.net"
|
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
# -- Istio extenstion. Just because I'm
|
# -- Istio extenstion. Just because I'm
|
||||||
# -- not using ingress nginx
|
# -- not using ingress nginx
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
istio:
|
traefik:
|
||||||
enabled: true
|
enabled: true
|
||||||
istio:
|
tcpRoutes:
|
||||||
- name: mailu-web
|
- name: mailu-smtp
|
||||||
kind: http
|
|
||||||
gateway: istio-system/badhouseplants-net
|
|
||||||
hostname: email.badhouseplants.net
|
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
port: 80
|
match: HostSNI(`*`)
|
||||||
- name: mailu-smpt
|
entrypoint: smtp
|
||||||
kind: tcp
|
|
||||||
gateway: badhouseplants-mail
|
|
||||||
service: mailu-front
|
|
||||||
hostname: email.badhousplants.net
|
|
||||||
port_match: 25
|
|
||||||
port: 25
|
port: 25
|
||||||
- name: mailu-smpts
|
- name: mailu-smtps
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-mail
|
|
||||||
port_match: 465
|
|
||||||
hostname: email.badhousplants.net
|
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
|
entrypoint: smtps
|
||||||
port: 465
|
port: 465
|
||||||
- name: mailu-smpt-startls
|
- name: mailu-smpt-startls
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-mail
|
|
||||||
hostname: email.badhousplants.net
|
|
||||||
port_match: 587
|
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
|
entrypoint: smtp-startls
|
||||||
port: 587
|
port: 587
|
||||||
- name: mailu-imap
|
- name: mailu-imap
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
hostname: email.badhousplants.net
|
|
||||||
gateway: badhouseplants-mail
|
|
||||||
port_match: 143
|
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
|
entrypoint: imap
|
||||||
port: 143
|
port: 143
|
||||||
- name: mailu-imaps
|
- name: mailu-imaps
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-mail
|
|
||||||
hostname: email.badhousplants.net
|
|
||||||
port_match: 993
|
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
|
entrypoint: imaps
|
||||||
port: 993
|
port: 993
|
||||||
- name: mailu-pop3
|
- name: mailu-pop3
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-mail
|
|
||||||
port_match: 110
|
|
||||||
hostname: email.badhousplants.net
|
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
|
entrypoint: pop3
|
||||||
port: 110
|
port: 110
|
||||||
- name: mailu-pop3s
|
- name: mailu-pop3s
|
||||||
kind: tcp
|
match: HostSNI(`*`)
|
||||||
gateway: badhouseplants-mail
|
|
||||||
port_match: 993
|
|
||||||
hostname: email.badhousplants.net
|
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
|
entrypoint: pop3s
|
||||||
port: 993
|
port: 993
|
||||||
subnet: 10.244.0.0/16
|
subnet: 10.244.0.0/16
|
||||||
sessionCookieSecure: true
|
sessionCookieSecure: true
|
||||||
hostnames:
|
hostnames:
|
||||||
- post.badhouseplants.net
|
- badhouseplants.net
|
||||||
|
- email.badhouseplants.net
|
||||||
domain: badhouseplants.net
|
domain: badhouseplants.net
|
||||||
persistence:
|
persistence:
|
||||||
single_pvc: false
|
single_pvc: false
|
||||||
@ -85,13 +68,17 @@ limits:
|
|||||||
tls:
|
tls:
|
||||||
outboundLevel: secure
|
outboundLevel: secure
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: true
|
||||||
tls: false
|
ingressClassName: traefik
|
||||||
|
tls: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
tlsFlavorOverride: mail
|
tlsFlavorOverride: mail
|
||||||
selfSigned: false
|
realIpFrom: traefik.kube-system.svc.cluster.local
|
||||||
existingSecret: mailu-certificate
|
realIpHeader: "X-Real-IP"
|
||||||
realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local
|
|
||||||
realIpHeader: "X-Envoy-External-Address"
|
|
||||||
front:
|
front:
|
||||||
hostPort:
|
hostPort:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -150,16 +137,18 @@ roundcube:
|
|||||||
mysql:
|
mysql:
|
||||||
enabled: false
|
enabled: false
|
||||||
postgresql:
|
postgresql:
|
||||||
|
enabled: false
|
||||||
|
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
|
||||||
|
externalDatabase:
|
||||||
|
## @param externalDatabase.enabled Set to true to use an external database
|
||||||
enabled: true
|
enabled: true
|
||||||
auth:
|
type: postgresql
|
||||||
enablePostgresUser: true
|
existingSecret: mailu-postgres16-creds
|
||||||
username: mailu
|
existingSecretDatabaseKey: POSTGRES_DB
|
||||||
database: mailu
|
existingSecretUsernameKey: POSTGRES_USER
|
||||||
persistence:
|
existingSecretPasswordKey: POSTGRES_PASSWORD
|
||||||
enabled: false
|
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||||
storageClass: ""
|
port: 5432
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 2Gi
|
|
||||||
rspamd:
|
rspamd:
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@ -181,3 +170,10 @@ webmail:
|
|||||||
accessModes: [ReadWriteOnce]
|
accessModes: [ReadWriteOnce]
|
||||||
claimNameOverride: ""
|
claimNameOverride: ""
|
||||||
annotations: {}
|
annotations: {}
|
||||||
|
global:
|
||||||
|
database:
|
||||||
|
roundcube:
|
||||||
|
database: applications-roundcube-postgres16
|
||||||
|
username: applications-roundcube-postgres16
|
||||||
|
existingSecret: roundcube-postgres16-creds
|
||||||
|
existingSecretPasswordKey: POSTGRES_PASSWORD
|
||||||
|
@ -19,6 +19,39 @@ istio:
|
|||||||
service: minio
|
service: minio
|
||||||
port: 9000
|
port: 9000
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: ~
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
path: /
|
||||||
|
hosts:
|
||||||
|
- s3.badhouseplants.net
|
||||||
|
tls:
|
||||||
|
- secretName: s3-tls-secret
|
||||||
|
hosts:
|
||||||
|
- s3.badhouseplants.net
|
||||||
|
consoleIngress:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: ~
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
path: /
|
||||||
|
hosts:
|
||||||
|
- minio.badhouseplants.net
|
||||||
|
tls:
|
||||||
|
- secretName: minio-tls-secret
|
||||||
|
hosts:
|
||||||
|
- minio.badhouseplants.net
|
||||||
|
|
||||||
rootUser: 'overlord'
|
rootUser: 'overlord'
|
||||||
replicas: 1
|
replicas: 1
|
||||||
mode: standalone
|
mode: standalone
|
||||||
|
@ -1,10 +1,6 @@
|
|||||||
namespaces:
|
namespaces:
|
||||||
- name: longhorn-system
|
- name: longhorn-system
|
||||||
- name: cert-manager
|
|
||||||
- name: minio-service
|
- name: minio-service
|
||||||
- name: metallb-system
|
|
||||||
- name: reflector-system
|
|
||||||
- name: drone-service
|
|
||||||
- name: argo-system
|
- name: argo-system
|
||||||
- name: nrodionov-application
|
- name: nrodionov-application
|
||||||
- name: minecraft-application
|
- name: minecraft-application
|
||||||
@ -15,18 +11,16 @@ namespaces:
|
|||||||
https://ci.badhouseplants.net/repos/15
|
https://ci.badhouseplants.net/repos/15
|
||||||
- name: gitea-service
|
- name: gitea-service
|
||||||
- name: funkwhale-application
|
- name: funkwhale-application
|
||||||
- name: monitoring-system
|
|
||||||
- name: bitwarden-application
|
- name: bitwarden-application
|
||||||
- name: database-service
|
- name: database-service
|
||||||
- name: mail-service
|
- name: mail-service
|
||||||
- name: istio-system
|
|
||||||
- name: vaultwarden-application
|
- name: vaultwarden-application
|
||||||
- name: woodpecker-ci
|
- name: woodpecker-ci
|
||||||
- name: openvpn-service
|
- name: openvpn-service
|
||||||
- name: tandoor-application
|
|
||||||
- name: badhouseplants-main
|
- name: badhouseplants-main
|
||||||
labels:
|
labels:
|
||||||
istio-injection: enabled
|
istio-injection: enabled
|
||||||
- name: badhouseplants-preview
|
- name: badhouseplants-preview
|
||||||
- name: mailu-application
|
- name: mailu-application
|
||||||
- name: kube-services
|
- name: kube-services
|
||||||
|
- name: applications
|
@ -17,7 +17,20 @@ ext-database:
|
|||||||
enabled: true
|
enabled: true
|
||||||
name: nrodionov-mysql
|
name: nrodionov-mysql
|
||||||
instance: mysql
|
instance: mysql
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
pathType: ImplementationSpecific
|
||||||
|
hostname: dev.nrodionov.info
|
||||||
|
path: /
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
tls: true
|
||||||
|
tlsWwwPrefix: false
|
||||||
|
selfSigned: false
|
||||||
wordpressBlogName: Николай Николаевич Родионов
|
wordpressBlogName: Николай Николаевич Родионов
|
||||||
wordpressUsername: admin
|
wordpressUsername: admin
|
||||||
wordpressFirstName: Nikolai
|
wordpressFirstName: Nikolai
|
||||||
|
@ -3,17 +3,26 @@
|
|||||||
# -- Istio extenstion. Just because I'm
|
# -- Istio extenstion. Just because I'm
|
||||||
# -- not using ingress nginx
|
# -- not using ingress nginx
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
istio:
|
# istio:
|
||||||
enabled: true
|
# enabled: true
|
||||||
istio:
|
# istio:
|
||||||
- name: openvpn-tcp-xor
|
# - name: openvpn-tcp-xor
|
||||||
gateway: istio-system/badhouseplants-vpn
|
# gateway: istio-system/badhouseplants-vpn
|
||||||
kind: tcp
|
# kind: tcp
|
||||||
port_match: 1194
|
# port_match: 1194
|
||||||
hostname: "*"
|
# hostname: "*"
|
||||||
service: openvpn-xor
|
# service: openvpn-xor
|
||||||
port: 1194
|
# port: 1194
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
|
traefik:
|
||||||
|
enabled: true
|
||||||
|
tcpRoutes:
|
||||||
|
- name: openvpn-xor
|
||||||
|
service: openvpn-xor
|
||||||
|
match: HostSNI(`*`)
|
||||||
|
entrypoint: openvpn
|
||||||
|
port: 1194
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
class: longhorn
|
class: longhorn
|
||||||
size: 512Mi
|
size: 512Mi
|
||||||
|
78
badhouseplants/values/values.traefik.yaml
Normal file
78
badhouseplants/values/values.traefik.yaml
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
globalArguments:
|
||||||
|
- "--serversTransport.insecureSkipVerify=true"
|
||||||
|
service:
|
||||||
|
spec:
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
ports:
|
||||||
|
git-ssh:
|
||||||
|
port: 22
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
exposedPort: 22
|
||||||
|
protocol: TCP
|
||||||
|
openvpn:
|
||||||
|
port: 1194
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
exposedPort: 1194
|
||||||
|
protocol: TCP
|
||||||
|
valve-server:
|
||||||
|
port: 27015
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
exposedPort: 27015
|
||||||
|
protocol: UDP
|
||||||
|
valve-rcon:
|
||||||
|
port: 27015
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
exposedPort: 27015
|
||||||
|
protocol: TCP
|
||||||
|
smtp:
|
||||||
|
port: 25
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 25
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
smtps:
|
||||||
|
port: 465
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 465
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
smtp-startls:
|
||||||
|
port: 587
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 587
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
imap:
|
||||||
|
port: 143
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 143
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
imaps:
|
||||||
|
port: 993
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 993
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
pop3:
|
||||||
|
port: 110
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 110
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
pop3s:
|
||||||
|
port: 995
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 995
|
||||||
|
expose:
|
||||||
|
default: true
|
||||||
|
minecraft:
|
||||||
|
port: 25565
|
||||||
|
protocol: TCP
|
||||||
|
exposedPort: 25565
|
||||||
|
expose:
|
||||||
|
default: true
|
@ -61,3 +61,20 @@ vaultwarden:
|
|||||||
enabled: false
|
enabled: false
|
||||||
logfile: "/data/vaultwarden.log"
|
logfile: "/data/vaultwarden.log"
|
||||||
loglevel: "warn"
|
loglevel: "warn"
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
hosts:
|
||||||
|
- host: vault.badhouseplants.net
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- secretName: vault-tls-secret
|
||||||
|
hosts:
|
||||||
|
- vault.badhouseplants.net
|
||||||
|
58
badhouseplants/values/values.vaultwardentest.yaml
Normal file
58
badhouseplants/values/values.vaultwardentest.yaml
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
service:
|
||||||
|
port: 8080
|
||||||
|
vaultwarden:
|
||||||
|
smtp:
|
||||||
|
host: mail.badhouseplants.net
|
||||||
|
security: "starttls"
|
||||||
|
port: 587
|
||||||
|
from: vaulttest@badhouseplants.net
|
||||||
|
fromName: Vault Warden
|
||||||
|
authMechanism: "Plain"
|
||||||
|
acceptInvalidHostnames: "false"
|
||||||
|
acceptInvalidCerts: "false"
|
||||||
|
debug: false
|
||||||
|
domain: https://vaulttest.badhouseplants.net
|
||||||
|
websocket:
|
||||||
|
enabled: true
|
||||||
|
address: "0.0.0.0"
|
||||||
|
port: 3012
|
||||||
|
rocket:
|
||||||
|
port: "8080"
|
||||||
|
workers: "10"
|
||||||
|
webVaultEnabled: "true"
|
||||||
|
signupsAllowed: false
|
||||||
|
invitationsAllowed: true
|
||||||
|
signupDomains: "https://vaulttest.badhouseplants.net"
|
||||||
|
signupsVerify: "true"
|
||||||
|
showPassHint: "false"
|
||||||
|
# database:
|
||||||
|
# existingSecret: vaultwarden-postgres16-creds
|
||||||
|
# existingSecretKey: CONNECTION_STRING
|
||||||
|
# connectionRetries: 15
|
||||||
|
# maxConnections: 10
|
||||||
|
storage:
|
||||||
|
enabled: false
|
||||||
|
# size: 1Gi
|
||||||
|
# class: longhorn
|
||||||
|
# dataDir: /data
|
||||||
|
logging:
|
||||||
|
enabled: false
|
||||||
|
logfile: "/data/vaultwarden.log"
|
||||||
|
loglevel: "warn"
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
hosts:
|
||||||
|
- host: vaulttest.badhouseplants.net
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- secretName: vault-tls-secret
|
||||||
|
hosts:
|
||||||
|
- vaulttest.badhouseplants.net
|
@ -18,6 +18,22 @@ ext-database:
|
|||||||
credentials:
|
credentials:
|
||||||
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
||||||
server:
|
server:
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
hosts:
|
||||||
|
- host: ci.badhouseplants.net
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
tls:
|
||||||
|
- secretName: woodpecker-tls-secret
|
||||||
|
hosts:
|
||||||
|
- ci.badhouseplants.net
|
||||||
#image:
|
#image:
|
||||||
# registry: git.badhouseplants.net
|
# registry: git.badhouseplants.net
|
||||||
# repository: allanger/woodpecker-server
|
# repository: allanger/woodpecker-server
|
||||||
|
@ -1,12 +1,21 @@
|
|||||||
istio:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
istio:
|
className: ~
|
||||||
- name: zot
|
annotations:
|
||||||
kind: http
|
kubernetes.io/ingress.class: traefik
|
||||||
gateway: istio-system/badhouseplants-net
|
kubernetes.io/tls-acme: "true"
|
||||||
hostname: registry.badhouseplants.net
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
service: zot
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
port: 5000
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
pathtype: ImplementationSpecific
|
||||||
|
hosts:
|
||||||
|
- host: registry.badhouseplants.net
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
tls:
|
||||||
|
- secretName: zot-secret-tls
|
||||||
|
hosts:
|
||||||
|
- registry.badhouseplants.net
|
||||||
strategy:
|
strategy:
|
||||||
type: Recreate
|
type: Recreate
|
||||||
service:
|
service:
|
||||||
|
@ -23,3 +23,28 @@ ext-database:
|
|||||||
secret: true
|
secret: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
- |
|
||||||
|
{{- if (.Values.extraDatabase).enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: kinda.rocks/v1beta1
|
||||||
|
kind: Database
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Values.extraDatabase.name }}"
|
||||||
|
spec:
|
||||||
|
secretName: "{{ .Values.extraDatabase.name }}-creds"
|
||||||
|
instance: "{{ .Values.extraDatabase.instance }}"
|
||||||
|
deletionProtected: true
|
||||||
|
backup:
|
||||||
|
enable: false
|
||||||
|
cron: 0 0 * * *
|
||||||
|
{{- if .Values.extraDatabase.credentials }}
|
||||||
|
credentials:
|
||||||
|
templates:
|
||||||
|
{{- range $key, $value := .Values.extraDatabase.credentials }}
|
||||||
|
- name: {{ $key }}
|
||||||
|
template: {{ $value }}
|
||||||
|
secret: true
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
20
common/values.tcp-route.yaml
Normal file
20
common/values.tcp-route.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
traefik:
|
||||||
|
templates:
|
||||||
|
- |
|
||||||
|
{{ range .Values.tcpRoutes }}
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: IngressRouteTCP
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- {{ .entrypoint }}
|
||||||
|
routes:
|
||||||
|
- match: {{ .match }}
|
||||||
|
services:
|
||||||
|
- name: {{ .service }}
|
||||||
|
nativeLB: true
|
||||||
|
port: {{ .port }}
|
||||||
|
{{- end }}
|
13
common/values.tcproute.yaml
Normal file
13
common/values.tcproute.yaml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
tcproute:
|
||||||
|
templates:
|
||||||
|
- |
|
||||||
|
---
|
||||||
|
{{ range .Values.routes }}
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: IngressRouteTCP
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-%s" .Release.Name .name }}
|
||||||
|
spec:
|
||||||
|
{{ tpl (.routes | toYaml | indent 2 | toString) $ }}
|
||||||
|
{{ end }}
|
@ -7,6 +7,21 @@ releases:
|
|||||||
namespace: openvpn-service
|
namespace: openvpn-service
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
|
- <<: *istio-base
|
||||||
|
installed: true
|
||||||
|
namespace: istio-system
|
||||||
|
createNamespace: false
|
||||||
|
|
||||||
|
- <<: *istio-gateway
|
||||||
|
installed: true
|
||||||
|
namespace: istio-system
|
||||||
|
createNamespace: false
|
||||||
|
|
||||||
|
- <<: *istiod
|
||||||
|
installed: true
|
||||||
|
namespace: istio-system
|
||||||
|
createNamespace: false
|
||||||
|
|
||||||
bases:
|
bases:
|
||||||
- ../environments.yaml
|
- ../environments.yaml
|
||||||
- ../repositories.yaml
|
- ../repositories.yaml
|
||||||
|
@ -95,6 +95,10 @@ buckets:
|
|||||||
policy: none
|
policy: none
|
||||||
purge: false
|
purge: false
|
||||||
versioning: false
|
versioning: false
|
||||||
|
- name: velero-test
|
||||||
|
policy: none
|
||||||
|
purge: false
|
||||||
|
versioning: false
|
||||||
- name: restic
|
- name: restic
|
||||||
policy: none
|
policy: none
|
||||||
purge: false
|
purge: false
|
||||||
|
@ -11,24 +11,9 @@ releases:
|
|||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *istio-base
|
|
||||||
installed: true
|
|
||||||
namespace: istio-system
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *istio-gateway
|
|
||||||
installed: true
|
|
||||||
namespace: istio-system
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *istiod
|
|
||||||
installed: true
|
|
||||||
namespace: istio-system
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *cert-manager
|
- <<: *cert-manager
|
||||||
installed: true
|
installed: true
|
||||||
namespace: cert-manager
|
namespace: kube-system
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *minio
|
- <<: *minio
|
||||||
@ -38,17 +23,17 @@ releases:
|
|||||||
|
|
||||||
- <<: *metallb
|
- <<: *metallb
|
||||||
installed: true
|
installed: true
|
||||||
namespace: metallb-system
|
namespace: kube-system
|
||||||
createNamespace: true
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *reflector
|
- <<: *reflector
|
||||||
installed: true
|
installed: true
|
||||||
namespace: reflector-system
|
namespace: kube-system
|
||||||
createNamespace: true
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *metallb-resources
|
- <<: *metallb-resources
|
||||||
installed: true
|
installed: true
|
||||||
namespace: metallb-system
|
namespace: kube-system
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
helmfiles:
|
helmfiles:
|
||||||
|
@ -31,7 +31,7 @@ metadata:
|
|||||||
namespace: debug
|
namespace: debug
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: httpbin.rocks
|
- host: "httpbin.badhouseplants.net"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
|
18
manifests/httpo1-cluster-issuer.yaml
Normal file
18
manifests/httpo1-cluster-issuer.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/instance: cluster-issuer
|
||||||
|
app.kubernetes.io/name: acme-cluster-issuer
|
||||||
|
name: badhouseplants-issuer-http01
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
email: allanger@zohomail.com
|
||||||
|
preferredChain: ""
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: badhouseplants-issuer-htt01-account-key
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
solvers:
|
||||||
|
- http01:
|
||||||
|
ingress:
|
||||||
|
ingressClassName: traefik
|
@ -1,4 +1,3 @@
|
|||||||
---
|
|
||||||
templates:
|
templates:
|
||||||
# ---------------------------
|
# ---------------------------
|
||||||
# -- Hooks
|
# -- Hooks
|
||||||
@ -49,6 +48,14 @@ templates:
|
|||||||
values:
|
values:
|
||||||
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
||||||
|
|
||||||
|
ext-tcp-routes:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: traefik
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml'
|
||||||
|
|
||||||
ext-istio-resource:
|
ext-istio-resource:
|
||||||
dependencies:
|
dependencies:
|
||||||
- chart: bedag/raw
|
- chart: bedag/raw
|
||||||
@ -56,6 +63,7 @@ templates:
|
|||||||
alias: istio
|
alias: istio
|
||||||
values:
|
values:
|
||||||
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
|
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
|
||||||
|
|
||||||
ext-certificate:
|
ext-certificate:
|
||||||
dependencies:
|
dependencies:
|
||||||
- chart: bedag/raw
|
- chart: bedag/raw
|
||||||
@ -137,25 +145,24 @@ templates:
|
|||||||
cert-manager: &cert-manager
|
cert-manager: &cert-manager
|
||||||
name: cert-manager
|
name: cert-manager
|
||||||
chart: jetstack/cert-manager
|
chart: jetstack/cert-manager
|
||||||
version: 1.14.5
|
version: 1.15.0
|
||||||
set:
|
set:
|
||||||
- name: installCRDs
|
- name: installCRDs
|
||||||
value: true
|
value: true
|
||||||
longhorn: &longhorn
|
longhorn: &longhorn
|
||||||
name: longhorn
|
name: longhorn
|
||||||
chart: longhorn/longhorn
|
chart: longhorn/longhorn
|
||||||
version: 1.6.1
|
version: 1.6.2
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
|
|
||||||
argocd: &argocd
|
argocd: &argocd
|
||||||
name: argocd
|
name: argocd
|
||||||
chart: argo/argo-cd
|
chart: argo/argo-cd
|
||||||
version: 6.9.3
|
version: 7.1.3
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
|
|
||||||
monitoring-common:
|
monitoring-common:
|
||||||
labels:
|
labels:
|
||||||
@ -170,7 +177,6 @@ templates:
|
|||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: crd-management-hook
|
- template: crd-management-hook
|
||||||
- template: ext-istio-resource
|
|
||||||
|
|
||||||
loki: &loki
|
loki: &loki
|
||||||
name: loki
|
name: loki
|
||||||
@ -231,10 +237,10 @@ templates:
|
|||||||
openvpn-xor: &openvpn-xor
|
openvpn-xor: &openvpn-xor
|
||||||
name: openvpn-xor
|
name: openvpn-xor
|
||||||
chart: allanger-gitea/openvpn-xor
|
chart: allanger-gitea/openvpn-xor
|
||||||
version: 1.3.0
|
version: 1.2.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: ext-istio-resource
|
- template: ext-tcp-routes
|
||||||
|
|
||||||
openvpn: &openvpn
|
openvpn: &openvpn
|
||||||
name: openvpn
|
name: openvpn
|
||||||
@ -242,7 +248,6 @@ templates:
|
|||||||
version: 1.2.0
|
version: 1.2.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: ext-istio-resource
|
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
# -- Drone
|
# -- Drone
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
@ -256,7 +261,6 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
- template: drone-common
|
- template: drone-common
|
||||||
|
|
||||||
drone-runner-docker: &drone-runner-docker
|
drone-runner-docker: &drone-runner-docker
|
||||||
@ -271,21 +275,19 @@ templates:
|
|||||||
woodpecker-ci: &woodpecker-ci
|
woodpecker-ci: &woodpecker-ci
|
||||||
name: woodpecker-ci
|
name: woodpecker-ci
|
||||||
chart: woodpecker/woodpecker
|
chart: woodpecker/woodpecker
|
||||||
version: 1.3.0
|
version: 1.4.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
|
|
||||||
nrodionov: &nrodionov
|
nrodionov: &nrodionov
|
||||||
name: nrodionov
|
name: nrodionov
|
||||||
chart: bitnami/wordpress
|
chart: bitnami/wordpress
|
||||||
version: 22.2.11
|
version: 22.4.10
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
|
|
||||||
minio: &minio
|
minio: &minio
|
||||||
name: minio
|
name: minio
|
||||||
@ -294,16 +296,14 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
|
|
||||||
gitea: &gitea
|
gitea: &gitea
|
||||||
name: gitea
|
name: gitea
|
||||||
chart: gitea/gitea
|
chart: gitea/gitea
|
||||||
version: 10.1.4
|
version: 10.2.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
|
|
||||||
funkwhale: &funkwhale
|
funkwhale: &funkwhale
|
||||||
@ -313,7 +313,6 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
|
|
||||||
bitwarden: &bitwarden
|
bitwarden: &bitwarden
|
||||||
@ -323,12 +322,11 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
|
|
||||||
redis: &redis
|
redis: &redis
|
||||||
name: redis
|
name: redis
|
||||||
chart: bitnami/redis
|
chart: bitnami/redis
|
||||||
version: 19.3.3
|
version: 19.5.3
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -336,7 +334,7 @@ templates:
|
|||||||
postgres16: &postgres16
|
postgres16: &postgres16
|
||||||
name: postgres16
|
name: postgres16
|
||||||
chart: bitnami/postgresql
|
chart: bitnami/postgresql
|
||||||
version: 15.3.3
|
version: 15.5.5
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -357,7 +355,7 @@ templates:
|
|||||||
mysql: &mysql
|
mysql: &mysql
|
||||||
name: mysql
|
name: mysql
|
||||||
chart: bitnami/mysql
|
chart: bitnami/mysql
|
||||||
version: 10.2.4
|
version: 11.1.2
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -368,8 +366,7 @@ templates:
|
|||||||
version: 2.3.1
|
version: 2.3.1
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: ext-istio-gateway
|
- template: ext-tcp-routes
|
||||||
- template: ext-istio-resource
|
|
||||||
|
|
||||||
vaultwarden: &vaultwarden
|
vaultwarden: &vaultwarden
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
@ -378,9 +375,16 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
|
|
||||||
|
vaultwarden-test: &vaultwardentest
|
||||||
|
name: vaultwardentest
|
||||||
|
chart: allanger-gitea/vaultwarden
|
||||||
|
version: 1.2.0
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
- template: default-env-secrets
|
||||||
|
|
||||||
reflector: &reflector
|
reflector: &reflector
|
||||||
name: reflector
|
name: reflector
|
||||||
chart: emberstack/reflector
|
chart: emberstack/reflector
|
||||||
@ -393,8 +397,9 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
- template: ext-certificate
|
- template: ext-certificate
|
||||||
|
- template: ext-tcp-routes
|
||||||
|
- template: ext-database
|
||||||
|
|
||||||
tandoor: &tandoor
|
tandoor: &tandoor
|
||||||
name: tandoor
|
name: tandoor
|
||||||
@ -403,13 +408,12 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
|
|
||||||
coredns: &coredns
|
coredns: &coredns
|
||||||
name: coredns
|
name: coredns
|
||||||
chart: coredns/coredns
|
chart: coredns/coredns
|
||||||
version: 1.29.0
|
version: 1.31.0
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
@ -417,7 +421,7 @@ templates:
|
|||||||
cilium: &cilium
|
cilium: &cilium
|
||||||
name: cilium
|
name: cilium
|
||||||
chart: cilium/cilium
|
chart: cilium/cilium
|
||||||
version: 1.15.5
|
version: 1.15.6
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
inherit:
|
inherit:
|
||||||
@ -426,23 +430,14 @@ templates:
|
|||||||
zot: &zot
|
zot: &zot
|
||||||
name: zot
|
name: zot
|
||||||
chart: zot/zot
|
chart: zot/zot
|
||||||
version: 0.1.54
|
version: 0.1.56
|
||||||
createNamespace: false
|
|
||||||
namespace: kube-services
|
|
||||||
inherit:
|
|
||||||
- template: default-env-values
|
|
||||||
- template: default-env-secrets
|
|
||||||
- template: ext-istio-resource
|
|
||||||
chartmuseum: &chartmuseum
|
|
||||||
name: chartmuseum
|
|
||||||
chart: chartmuseum/chartmuseum
|
|
||||||
version: 3.10.2
|
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
namespace: kube-services
|
namespace: kube-services
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
- template: ext-istio-resource
|
||||||
|
|
||||||
keel: &keel
|
keel: &keel
|
||||||
name: keel
|
name: keel
|
||||||
chart: keel/keel
|
chart: keel/keel
|
||||||
@ -450,4 +445,20 @@ templates:
|
|||||||
createNamespace: false
|
createNamespace: false
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
|
||||||
|
traefik: &traefik
|
||||||
|
name: traefik
|
||||||
|
chart: traefik/traefik
|
||||||
|
version: 28.2.0
|
||||||
|
createNamespace: false
|
||||||
|
namespace: kube-system
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
|
||||||
|
local-path-provisioner: &local-path-provisioner
|
||||||
|
name: local-path-provisioner
|
||||||
|
chart: local-path-provisioner/local-path-provisioner
|
||||||
|
createNamespace: false
|
||||||
|
namespace: kube-system
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
|
||||||
|
@ -31,8 +31,8 @@ repositories:
|
|||||||
url: https://constin.github.io/vaultwarden-helm/
|
url: https://constin.github.io/vaultwarden-helm/
|
||||||
- name: db-operator
|
- name: db-operator
|
||||||
url: https://db-operator.github.io/charts
|
url: https://db-operator.github.io/charts
|
||||||
- name: allanger-gitea
|
# - name: allanger-gitea
|
||||||
url: https://git.badhouseplants.net/api/packages/allanger/helm
|
# url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||||
- name: badhouseplants
|
- name: badhouseplants
|
||||||
url: https://badhouseplants.github.io/helm-charts/
|
url: https://badhouseplants.github.io/helm-charts/
|
||||||
- name: woodpecker
|
- name: woodpecker
|
||||||
@ -59,3 +59,7 @@ repositories:
|
|||||||
url: https://chartmuseum.github.io/charts
|
url: https://chartmuseum.github.io/charts
|
||||||
- name: keel
|
- name: keel
|
||||||
url: https://charts.keel.sh
|
url: https://charts.keel.sh
|
||||||
|
- name: traefik
|
||||||
|
url: https://traefik.github.io/charts
|
||||||
|
- name: local-path-provisioner
|
||||||
|
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26
|
||||||
|
Reference in New Issue
Block a user