Huge upgraqde to everything

This commit is contained in:
Nikolai Rodionov 2024-06-15 12:20:06 +02:00
parent 10d7936625
commit 6c83d67c9c
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
27 changed files with 619 additions and 323 deletions

View File

@ -10,20 +10,13 @@ releases:
installed: true installed: true
- <<: *cilium - <<: *cilium
installed: true installed: true
- <<: *local-path-provisioner
- <<: *zot - <<: *zot
installed: true installed: true
- <<: *chartmuseum
installed: false
- <<: *keel - <<: *keel
- <<: *drone - <<: *traefik
installed: true
namespace: drone-service
createNamespace: false
- <<: *drone-runner-docker
installed: true
namespace: drone-service
createNamespace: false
- <<: *argocd - <<: *argocd
installed: true installed: true
@ -45,21 +38,6 @@ releases:
namespace: funkwhale-application namespace: funkwhale-application
createNamespace: false createNamespace: false
- <<: *prometheus
installed: true
namespace: monitoring-system
createNamespace: true
- <<: *loki
installed: false
namespace: monitoring-system
createNamespace: false
- <<: *promtail
installed: true
namespace: monitoring-system
createNamespace: false
- <<: *bitwarden - <<: *bitwarden
installed: false installed: false
namespace: bitwarden-application namespace: bitwarden-application
@ -95,16 +73,15 @@ releases:
namespace: woodpecker-ci namespace: woodpecker-ci
createNamespace: true createNamespace: true
- <<: *istio-gateway-resources
installed: true
namespace: istio-system
createNamespace: false
- <<: *vaultwarden - <<: *vaultwarden
createNamespace: true createNamespace: true
installed: true installed: true
namespace: vaultwarden-application namespace: vaultwarden-application
- <<: *vaultwardentest
createNamespace: false
installed: true
namespace: applications
- <<: *openvpn-xor - <<: *openvpn-xor
installed: true installed: true
@ -113,12 +90,7 @@ releases:
- <<: *docker-mailserver - <<: *docker-mailserver
installed: true installed: true
namespace: mail-service namespace: applications
createNamespace: true
- <<: *tandoor
installed: false
namespace: tandoor-application
createNamespace: true createNamespace: true
- <<: *mailu - <<: *mailu

View File

@ -0,0 +1,27 @@
vaultwarden:
smtp:
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
password:
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
adminToken:
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-06T15:15:43Z"
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View File

@ -1,18 +1,4 @@
--- ---
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: argocd-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: argo.badhouseplants.net
service: argocd-server
port: 80
controller: controller:
resources: resources:
limits: limits:
@ -48,18 +34,35 @@ dex:
enabled: false enabled: false
serviceMonitor: serviceMonitor:
enabled: false enabled: false
redis: redis:
metrics: metrics:
enabled: false enabled: false
serviceMonitor: serviceMonitor:
enabled: false enabled: false
global:
domain: argo.badhouseplants.net
server: server:
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
ingressClassName: traefik
tls: true
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: false enabled: false
extraArgs: extraArgs:
- --insecure - --insecure
servicePort:
servicePortHttp: 80
servicePortHttps: 80
repoServer: repoServer:
metrics: metrics:
@ -71,6 +74,8 @@ repoServer:
- name: regcred - name: regcred
configs: configs:
params:
server.insecure: true
rbac: rbac:
policy.default: role:readonly policy.default: role:readonly
scopes: "[email, group]" scopes: "[email, group]"

View File

@ -1,125 +1,67 @@
istio-gateway: traefik:
enabled: true enabled: true
gateways: tcpRoutes:
- name: badhouseplants-email - name: docker-mailserver-smtp
servers:
- hosts:
- "*"
port:
name: smtp
number: 25
protocol: TCP
- hosts:
- "*"
port:
name: pop3
number: 110
protocol: TCP
- hosts:
- "*"
port:
name: imap
number: 143
protocol: TCP
- hosts:
- "*"
port:
name: smtps
number: 465
protocol: TCP
- hosts:
- "*"
port:
name: submission
number: 587
protocol: TCP
- hosts:
- "*"
port:
name: imaps
number: 993
protocol: TCP
- hosts:
- "*"
port:
name: pop3s
number: 995
protocol: TCP
istio:
enabled: true
istio:
- name: docker-mailserver-smpt
kind: tcp
gateway: badhouseplants-email
service: docker-mailserver service: docker-mailserver
hostname: badhouseplants.net match: HostSNI(`*`)
port_match: 25 entrypoint: smtp
port: 25 port: 25
- name: docker-mailserver-smpts - name: docker-mailserver-smtps
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
port_match: 465
hostname: badhouseplants.net
service: docker-mailserver service: docker-mailserver
entrypoint: smtps
port: 465 port: 465
- name: docker-mailserver-smpt-startls - name: docker-mailserver-smpt-startls
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
hostname: badhouseplants.net
port_match: 587
service: docker-mailserver service: docker-mailserver
entrypoint: smtp-startls
port: 587 port: 587
- name: docker-mailserver-imap - name: docker-mailserver-imap
kind: tcp match: HostSNI(`*`)
hostname: badhouseplants.net
gateway: badhouseplants-email
port_match: 143
service: docker-mailserver service: docker-mailserver
entrypoint: imap
port: 143 port: 143
- name: docker-mailserver-imaps - name: docker-mailserver-imaps
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
hostname: badhouseplants.net
port_match: 993
service: docker-mailserver service: docker-mailserver
entrypoint: imaps
port: 993 port: 993
- name: docker-mailserver-pop3 - name: docker-mailserver-pop3
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
port_match: 110
hostname: badhouseplants.net
service: docker-mailserver service: docker-mailserver
entrypoint: pop3
port: 110 port: 110
- name: docker-mailserver-pop3s - name: docker-mailserver-pop3s
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-email
port_match: 993
hostname: badhouseplants.net
service: docker-mailserver service: docker-mailserver
entrypoint: pop3s
port: 993 port: 993
- name: docker-mailserver-rainloop
kind: http
gateway: istio-system/badhouseplants-net
hostname: mail.badhouseplants.net
service: docker-mailserver-rainloop
port: 80
rainloop: rainloop:
enabled: true enabled: true
ingress: ingress:
enabled: false enabled: true
hosts:
- mail.badhouseplants.net
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls:
- secretName: mail-tls-secret
hosts:
- mail.badhouseplants.net
demoMode: demoMode:
enabled: false enabled: false
domains: domains:
- badhouseplants.net - badhouseplants.net
- mail.badhouseplants.net - mail.badhouseplants.net
ssl: ssl:
issuer: useExisting: true
name: badhouseplants-issuer existingName: mail-tls-secret
kind: ClusterIssuer
dnsname: badhouseplants.net
dns01provider: cloudflare
useExisting: false
pod: pod:
dockermailserver: dockermailserver:
enable_fail2ban: "0" enable_fail2ban: "0"

View File

@ -30,6 +30,22 @@ celery:
requests: requests:
cpu: 10m cpu: 10m
memory: 75Mi memory: 75Mi
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
host: funkwhale.badhouseplants.net
protocol: http
tls:
- secretName: funkwhale-tls-secret
hosts:
- funkwhale.badhouseplants.net
extraEnv: extraEnv:
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
FUNKWHALE_PROTOCOL: https FUNKWHALE_PROTOCOL: https
@ -39,8 +55,7 @@ persistence:
size: 10Gi size: 10Gi
s3: s3:
enabled: false enabled: false
ingress:
enabled: false
postgresql: postgresql:
enabled: false enabled: false
host: postgres16-postgresql.database-service.svc.cluster.local host: postgres16-postgresql.database-service.svc.cluster.local

View File

@ -1,25 +1,5 @@
--- ---
# ------------------------------------------ # ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: gitea-http
kind: http
gateway: istio-system/badhouseplants-net
hostname: git.badhouseplants.net
service: gitea-http
port: 3000
- name: gitea-ssh
kind: tcp
gateway: istio-system/badhouseplants-ssh
hostname: "*"
port_match: 22
service: gitea-ssh
port: 22
# ------------------------------------------
# -- Database extension is used to manage # -- Database extension is used to manage
# -- database with db-operator # -- database with db-operator
# ------------------------------------------ # ------------------------------------------
@ -27,9 +7,27 @@ ext-database:
enabled: true enabled: true
name: gitea-postgres16 name: gitea-postgres16
instance: postgres16 instance: postgres16
# ------------------------------------------ # ------------------------------------------
# -- Kubernetes related values # -- Kubernetes related values
# ------------------------------------------ # ------------------------------------------
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: git.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls-secret
hosts:
- git.badhouseplants.net
replicaCount: 1 replicaCount: 1
clusterDomain: cluster.local clusterDomain: cluster.local
@ -47,8 +45,6 @@ persistence:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
ingress:
enabled: false
# ------------------------------------------ # ------------------------------------------
# -- Main Gitea settings # -- Main Gitea settings
# ------------------------------------------ # ------------------------------------------
@ -125,3 +121,21 @@ postgresql-ha:
enabled: false enabled: false
redis-cluster: redis-cluster:
enabled: false enabled: false
extraDeploy:
- |
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ include "gitea.fullname" . }}-ssh
spec:
entryPoints:
- git-ssh
routes:
- match: HostSNI(`git.badhouseplants.net`)
services:
- name: "{{ include "gitea.fullname" . }}-ssh"
port: 22
nativeLB: true
{{- end }}

View File

@ -0,0 +1,3 @@
storageClass:
create: true
defaultClass: false

View File

@ -1,81 +1,64 @@
--- ---
certificate: # ------------------------------------------
# -- Database extension is used to manage
# -- database with db-operator
# ------------------------------------------
ext-database:
enabled: true enabled: true
certificate: name: mailu-postgres16
- name: mailu instance: postgres16
secretName: mailu-certificate extraDatabase:
issuer: enabled: true
kind: ClusterIssuer name: roundcube-postgres16
name: badhouseplants-issuer instance: postgres16
dnsNames:
- badhouseplants.net
- "email.badhouseplants.net"
# ------------------------------------------ # ------------------------------------------
# -- Istio extenstion. Just because I'm # -- Istio extenstion. Just because I'm
# -- not using ingress nginx # -- not using ingress nginx
# ------------------------------------------ # ------------------------------------------
istio: traefik:
enabled: true enabled: true
istio: tcpRoutes:
- name: mailu-web - name: mailu-smtp
kind: http
gateway: istio-system/badhouseplants-net
hostname: email.badhouseplants.net
service: mailu-front service: mailu-front
port: 80 match: HostSNI(`*`)
- name: mailu-smpt entrypoint: smtp
kind: tcp
gateway: badhouseplants-mail
service: mailu-front
hostname: email.badhousplants.net
port_match: 25
port: 25 port: 25
- name: mailu-smpts - name: mailu-smtps
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-mail
port_match: 465
hostname: email.badhousplants.net
service: mailu-front service: mailu-front
entrypoint: smtps
port: 465 port: 465
- name: mailu-smpt-startls - name: mailu-smpt-startls
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-mail
hostname: email.badhousplants.net
port_match: 587
service: mailu-front service: mailu-front
entrypoint: smtp-startls
port: 587 port: 587
- name: mailu-imap - name: mailu-imap
kind: tcp match: HostSNI(`*`)
hostname: email.badhousplants.net
gateway: badhouseplants-mail
port_match: 143
service: mailu-front service: mailu-front
entrypoint: imap
port: 143 port: 143
- name: mailu-imaps - name: mailu-imaps
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-mail
hostname: email.badhousplants.net
port_match: 993
service: mailu-front service: mailu-front
entrypoint: imaps
port: 993 port: 993
- name: mailu-pop3 - name: mailu-pop3
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-mail
port_match: 110
hostname: email.badhousplants.net
service: mailu-front service: mailu-front
entrypoint: pop3
port: 110 port: 110
- name: mailu-pop3s - name: mailu-pop3s
kind: tcp match: HostSNI(`*`)
gateway: badhouseplants-mail
port_match: 993
hostname: email.badhousplants.net
service: mailu-front service: mailu-front
entrypoint: pop3s
port: 993 port: 993
subnet: 10.244.0.0/16 subnet: 10.244.0.0/16
sessionCookieSecure: true sessionCookieSecure: true
hostnames: hostnames:
- post.badhouseplants.net - badhouseplants.net
- email.badhouseplants.net
domain: badhouseplants.net domain: badhouseplants.net
persistence: persistence:
single_pvc: false single_pvc: false
@ -85,13 +68,17 @@ limits:
tls: tls:
outboundLevel: secure outboundLevel: secure
ingress: ingress:
enabled: false enabled: true
tls: false ingressClassName: traefik
tls: true
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tlsFlavorOverride: mail tlsFlavorOverride: mail
selfSigned: false realIpFrom: traefik.kube-system.svc.cluster.local
existingSecret: mailu-certificate realIpHeader: "X-Real-IP"
realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local
realIpHeader: "X-Envoy-External-Address"
front: front:
hostPort: hostPort:
enabled: false enabled: false
@ -150,16 +137,18 @@ roundcube:
mysql: mysql:
enabled: false enabled: false
postgresql: postgresql:
enabled: false
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
externalDatabase:
## @param externalDatabase.enabled Set to true to use an external database
enabled: true enabled: true
auth: type: postgresql
enablePostgresUser: true existingSecret: mailu-postgres16-creds
username: mailu existingSecretDatabaseKey: POSTGRES_DB
database: mailu existingSecretUsernameKey: POSTGRES_USER
persistence: existingSecretPasswordKey: POSTGRES_PASSWORD
enabled: false host: postgres16-postgresql.database-service.svc.cluster.local
storageClass: "" port: 5432
accessMode: ReadWriteOnce
size: 2Gi
rspamd: rspamd:
resources: resources:
requests: requests:
@ -181,3 +170,10 @@ webmail:
accessModes: [ReadWriteOnce] accessModes: [ReadWriteOnce]
claimNameOverride: "" claimNameOverride: ""
annotations: {} annotations: {}
global:
database:
roundcube:
database: applications-roundcube-postgres16
username: applications-roundcube-postgres16
existingSecret: roundcube-postgres16-creds
existingSecretPasswordKey: POSTGRES_PASSWORD

View File

@ -19,6 +19,39 @@ istio:
service: minio service: minio
port: 9000 port: 9000
ingress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
path: /
hosts:
- s3.badhouseplants.net
tls:
- secretName: s3-tls-secret
hosts:
- s3.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: ~
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
path: /
hosts:
- minio.badhouseplants.net
tls:
- secretName: minio-tls-secret
hosts:
- minio.badhouseplants.net
rootUser: 'overlord' rootUser: 'overlord'
replicas: 1 replicas: 1
mode: standalone mode: standalone

View File

@ -1,10 +1,6 @@
namespaces: namespaces:
- name: longhorn-system - name: longhorn-system
- name: cert-manager
- name: minio-service - name: minio-service
- name: metallb-system
- name: reflector-system
- name: drone-service
- name: argo-system - name: argo-system
- name: nrodionov-application - name: nrodionov-application
- name: minecraft-application - name: minecraft-application
@ -15,18 +11,16 @@ namespaces:
https://ci.badhouseplants.net/repos/15 https://ci.badhouseplants.net/repos/15
- name: gitea-service - name: gitea-service
- name: funkwhale-application - name: funkwhale-application
- name: monitoring-system
- name: bitwarden-application - name: bitwarden-application
- name: database-service - name: database-service
- name: mail-service - name: mail-service
- name: istio-system
- name: vaultwarden-application - name: vaultwarden-application
- name: woodpecker-ci - name: woodpecker-ci
- name: openvpn-service - name: openvpn-service
- name: tandoor-application
- name: badhouseplants-main - name: badhouseplants-main
labels: labels:
istio-injection: enabled istio-injection: enabled
- name: badhouseplants-preview - name: badhouseplants-preview
- name: mailu-application - name: mailu-application
- name: kube-services - name: kube-services
- name: applications

View File

@ -17,7 +17,20 @@ ext-database:
enabled: true enabled: true
name: nrodionov-mysql name: nrodionov-mysql
instance: mysql instance: mysql
ingress:
enabled: true
pathType: ImplementationSpecific
hostname: dev.nrodionov.info
path: /
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
tls: true
tlsWwwPrefix: false
selfSigned: false
wordpressBlogName: Николай Николаевич Родионов wordpressBlogName: Николай Николаевич Родионов
wordpressUsername: admin wordpressUsername: admin
wordpressFirstName: Nikolai wordpressFirstName: Nikolai

View File

@ -3,17 +3,26 @@
# -- Istio extenstion. Just because I'm # -- Istio extenstion. Just because I'm
# -- not using ingress nginx # -- not using ingress nginx
# ------------------------------------------ # ------------------------------------------
istio: # istio:
enabled: true # enabled: true
istio: # istio:
- name: openvpn-tcp-xor # - name: openvpn-tcp-xor
gateway: istio-system/badhouseplants-vpn # gateway: istio-system/badhouseplants-vpn
kind: tcp # kind: tcp
port_match: 1194 # port_match: 1194
hostname: "*" # hostname: "*"
service: openvpn-xor # service: openvpn-xor
port: 1194 # port: 1194
# ------------------------------------------ # ------------------------------------------
traefik:
enabled: true
tcpRoutes:
- name: openvpn-xor
service: openvpn-xor
match: HostSNI(`*`)
entrypoint: openvpn
port: 1194
storage: storage:
class: longhorn class: longhorn
size: 512Mi size: 512Mi

View File

@ -0,0 +1,78 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
service:
spec:
externalTrafficPolicy: Local
ports:
git-ssh:
port: 22
expose:
default: true
exposedPort: 22
protocol: TCP
openvpn:
port: 1194
expose:
default: true
exposedPort: 1194
protocol: TCP
valve-server:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: UDP
valve-rcon:
port: 27015
expose:
default: true
exposedPort: 27015
protocol: TCP
smtp:
port: 25
protocol: TCP
exposedPort: 25
expose:
default: true
smtps:
port: 465
protocol: TCP
exposedPort: 465
expose:
default: true
smtp-startls:
port: 587
protocol: TCP
exposedPort: 587
expose:
default: true
imap:
port: 143
protocol: TCP
exposedPort: 143
expose:
default: true
imaps:
port: 993
protocol: TCP
exposedPort: 993
expose:
default: true
pop3:
port: 110
protocol: TCP
exposedPort: 110
expose:
default: true
pop3s:
port: 995
protocol: TCP
exposedPort: 995
expose:
default: true
minecraft:
port: 25565
protocol: TCP
exposedPort: 25565
expose:
default: true

View File

@ -61,3 +61,20 @@ vaultwarden:
enabled: false enabled: false
logfile: "/data/vaultwarden.log" logfile: "/data/vaultwarden.log"
loglevel: "warn" loglevel: "warn"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vault.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault-tls-secret
hosts:
- vault.badhouseplants.net

View File

@ -0,0 +1,58 @@
service:
port: 8080
vaultwarden:
smtp:
host: mail.badhouseplants.net
security: "starttls"
port: 587
from: vaulttest@badhouseplants.net
fromName: Vault Warden
authMechanism: "Plain"
acceptInvalidHostnames: "false"
acceptInvalidCerts: "false"
debug: false
domain: https://vaulttest.badhouseplants.net
websocket:
enabled: true
address: "0.0.0.0"
port: 3012
rocket:
port: "8080"
workers: "10"
webVaultEnabled: "true"
signupsAllowed: false
invitationsAllowed: true
signupDomains: "https://vaulttest.badhouseplants.net"
signupsVerify: "true"
showPassHint: "false"
# database:
# existingSecret: vaultwarden-postgres16-creds
# existingSecretKey: CONNECTION_STRING
# connectionRetries: 15
# maxConnections: 10
storage:
enabled: false
# size: 1Gi
# class: longhorn
# dataDir: /data
logging:
enabled: false
logfile: "/data/vaultwarden.log"
loglevel: "warn"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: vaulttest.badhouseplants.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: vault-tls-secret
hosts:
- vaulttest.badhouseplants.net

View File

@ -18,6 +18,22 @@ ext-database:
credentials: credentials:
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
server: server:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
hosts:
- host: ci.badhouseplants.net
paths:
- path: /
tls:
- secretName: woodpecker-tls-secret
hosts:
- ci.badhouseplants.net
#image: #image:
# registry: git.badhouseplants.net # registry: git.badhouseplants.net
# repository: allanger/woodpecker-server # repository: allanger/woodpecker-server

View File

@ -1,12 +1,21 @@
istio: ingress:
enabled: true enabled: true
istio: className: ~
- name: zot annotations:
kind: http kubernetes.io/ingress.class: traefik
gateway: istio-system/badhouseplants-net kubernetes.io/tls-acme: "true"
hostname: registry.badhouseplants.net kubernetes.io/ingress.allow-http: "false"
service: zot kubernetes.io/ingress.global-static-ip-name: ""
port: 5000 cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: ImplementationSpecific
hosts:
- host: registry.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot-secret-tls
hosts:
- registry.badhouseplants.net
strategy: strategy:
type: Recreate type: Recreate
service: service:

View File

@ -23,3 +23,28 @@ ext-database:
secret: true secret: true
{{- end }} {{- end }}
{{- end }} {{- end }}
- |
{{- if (.Values.extraDatabase).enabled }}
---
apiVersion: kinda.rocks/v1beta1
kind: Database
metadata:
name: "{{ .Values.extraDatabase.name }}"
spec:
secretName: "{{ .Values.extraDatabase.name }}-creds"
instance: "{{ .Values.extraDatabase.instance }}"
deletionProtected: true
backup:
enable: false
cron: 0 0 * * *
{{- if .Values.extraDatabase.credentials }}
credentials:
templates:
{{- range $key, $value := .Values.extraDatabase.credentials }}
- name: {{ $key }}
template: {{ $value }}
secret: true
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,20 @@
---
traefik:
templates:
- |
{{ range .Values.tcpRoutes }}
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ .name }}
spec:
entryPoints:
- {{ .entrypoint }}
routes:
- match: {{ .match }}
services:
- name: {{ .service }}
nativeLB: true
port: {{ .port }}
{{- end }}

View File

@ -0,0 +1,13 @@
---
tcproute:
templates:
- |
---
{{ range .Values.routes }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ printf "%s-%s" .Release.Name .name }}
spec:
{{ tpl (.routes | toYaml | indent 2 | toString) $ }}
{{ end }}

View File

@ -7,6 +7,21 @@ releases:
namespace: openvpn-service namespace: openvpn-service
createNamespace: false createNamespace: false
- <<: *istio-base
installed: true
namespace: istio-system
createNamespace: false
- <<: *istio-gateway
installed: true
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: false
bases: bases:
- ../environments.yaml - ../environments.yaml
- ../repositories.yaml - ../repositories.yaml

View File

@ -95,6 +95,10 @@ buckets:
policy: none policy: none
purge: false purge: false
versioning: false versioning: false
- name: velero-test
policy: none
purge: false
versioning: false
- name: restic - name: restic
policy: none policy: none
purge: false purge: false

View File

@ -11,24 +11,9 @@ releases:
namespace: kube-system namespace: kube-system
createNamespace: false createNamespace: false
- <<: *istio-base
installed: true
namespace: istio-system
createNamespace: false
- <<: *istio-gateway
installed: true
namespace: istio-system
createNamespace: false
- <<: *istiod
installed: true
namespace: istio-system
createNamespace: false
- <<: *cert-manager - <<: *cert-manager
installed: true installed: true
namespace: cert-manager namespace: kube-system
createNamespace: false createNamespace: false
- <<: *minio - <<: *minio
@ -38,17 +23,17 @@ releases:
- <<: *metallb - <<: *metallb
installed: true installed: true
namespace: metallb-system namespace: kube-system
createNamespace: true createNamespace: false
- <<: *reflector - <<: *reflector
installed: true installed: true
namespace: reflector-system namespace: kube-system
createNamespace: true createNamespace: false
- <<: *metallb-resources - <<: *metallb-resources
installed: true installed: true
namespace: metallb-system namespace: kube-system
createNamespace: false createNamespace: false
helmfiles: helmfiles:

View File

@ -31,7 +31,7 @@ metadata:
namespace: debug namespace: debug
spec: spec:
rules: rules:
- host: httpbin.rocks - host: "httpbin.badhouseplants.net"
http: http:
paths: paths:
- path: / - path: /

View File

@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
labels:
app.kubernetes.io/instance: cluster-issuer
app.kubernetes.io/name: acme-cluster-issuer
name: badhouseplants-issuer-http01
spec:
acme:
email: allanger@zohomail.com
preferredChain: ""
privateKeySecretRef:
name: badhouseplants-issuer-htt01-account-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: traefik

View File

@ -1,4 +1,3 @@
---
templates: templates:
# --------------------------- # ---------------------------
# -- Hooks # -- Hooks
@ -49,6 +48,14 @@ templates:
values: values:
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
ext-tcp-routes:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: traefik
values:
- '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml'
ext-istio-resource: ext-istio-resource:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
@ -56,6 +63,7 @@ templates:
alias: istio alias: istio
values: values:
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml' - '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
ext-certificate: ext-certificate:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
@ -137,25 +145,24 @@ templates:
cert-manager: &cert-manager cert-manager: &cert-manager
name: cert-manager name: cert-manager
chart: jetstack/cert-manager chart: jetstack/cert-manager
version: 1.14.5 version: 1.15.0
set: set:
- name: installCRDs - name: installCRDs
value: true value: true
longhorn: &longhorn longhorn: &longhorn
name: longhorn name: longhorn
chart: longhorn/longhorn chart: longhorn/longhorn
version: 1.6.1 version: 1.6.2
inherit: inherit:
- template: default-env-values - template: default-env-values
argocd: &argocd argocd: &argocd
name: argocd name: argocd
chart: argo/argo-cd chart: argo/argo-cd
version: 6.9.3 version: 7.1.3
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
monitoring-common: monitoring-common:
labels: labels:
@ -170,7 +177,6 @@ templates:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: crd-management-hook - template: crd-management-hook
- template: ext-istio-resource
loki: &loki loki: &loki
name: loki name: loki
@ -231,10 +237,10 @@ templates:
openvpn-xor: &openvpn-xor openvpn-xor: &openvpn-xor
name: openvpn-xor name: openvpn-xor
chart: allanger-gitea/openvpn-xor chart: allanger-gitea/openvpn-xor
version: 1.3.0 version: 1.2.0
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: ext-istio-resource - template: ext-tcp-routes
openvpn: &openvpn openvpn: &openvpn
name: openvpn name: openvpn
@ -242,7 +248,6 @@ templates:
version: 1.2.0 version: 1.2.0
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: ext-istio-resource
# ---------------------------- # ----------------------------
# -- Drone # -- Drone
# ---------------------------- # ----------------------------
@ -256,7 +261,6 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
- template: drone-common - template: drone-common
drone-runner-docker: &drone-runner-docker drone-runner-docker: &drone-runner-docker
@ -271,21 +275,19 @@ templates:
woodpecker-ci: &woodpecker-ci woodpecker-ci: &woodpecker-ci
name: woodpecker-ci name: woodpecker-ci
chart: woodpecker/woodpecker chart: woodpecker/woodpecker
version: 1.3.0 version: 1.4.0
inherit: inherit:
- template: ext-database - template: ext-database
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
nrodionov: &nrodionov nrodionov: &nrodionov
name: nrodionov name: nrodionov
chart: bitnami/wordpress chart: bitnami/wordpress
version: 22.2.11 version: 22.4.10
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
minio: &minio minio: &minio
name: minio name: minio
@ -294,16 +296,14 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
gitea: &gitea gitea: &gitea
name: gitea name: gitea
chart: gitea/gitea chart: gitea/gitea
version: 10.1.4 version: 10.2.0
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
- template: ext-database - template: ext-database
funkwhale: &funkwhale funkwhale: &funkwhale
@ -313,7 +313,6 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
- template: ext-database - template: ext-database
bitwarden: &bitwarden bitwarden: &bitwarden
@ -323,12 +322,11 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
redis: &redis redis: &redis
name: redis name: redis
chart: bitnami/redis chart: bitnami/redis
version: 19.3.3 version: 19.5.3
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -336,7 +334,7 @@ templates:
postgres16: &postgres16 postgres16: &postgres16
name: postgres16 name: postgres16
chart: bitnami/postgresql chart: bitnami/postgresql
version: 15.3.3 version: 15.5.5
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -357,7 +355,7 @@ templates:
mysql: &mysql mysql: &mysql
name: mysql name: mysql
chart: bitnami/mysql chart: bitnami/mysql
version: 10.2.4 version: 11.1.2
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -368,8 +366,7 @@ templates:
version: 2.3.1 version: 2.3.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: ext-istio-gateway - template: ext-tcp-routes
- template: ext-istio-resource
vaultwarden: &vaultwarden vaultwarden: &vaultwarden
name: vaultwarden name: vaultwarden
@ -378,9 +375,16 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
- template: ext-database - template: ext-database
vaultwarden-test: &vaultwardentest
name: vaultwardentest
chart: allanger-gitea/vaultwarden
version: 1.2.0
inherit:
- template: default-env-values
- template: default-env-secrets
reflector: &reflector reflector: &reflector
name: reflector name: reflector
chart: emberstack/reflector chart: emberstack/reflector
@ -393,8 +397,9 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
- template: ext-certificate - template: ext-certificate
- template: ext-tcp-routes
- template: ext-database
tandoor: &tandoor tandoor: &tandoor
name: tandoor name: tandoor
@ -403,13 +408,12 @@ templates:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource
- template: ext-database - template: ext-database
coredns: &coredns coredns: &coredns
name: coredns name: coredns
chart: coredns/coredns chart: coredns/coredns
version: 1.29.0 version: 1.31.0
namespace: kube-system namespace: kube-system
inherit: inherit:
- template: default-env-values - template: default-env-values
@ -417,7 +421,7 @@ templates:
cilium: &cilium cilium: &cilium
name: cilium name: cilium
chart: cilium/cilium chart: cilium/cilium
version: 1.15.5 version: 1.15.6
createNamespace: false createNamespace: false
namespace: kube-system namespace: kube-system
inherit: inherit:
@ -426,23 +430,14 @@ templates:
zot: &zot zot: &zot
name: zot name: zot
chart: zot/zot chart: zot/zot
version: 0.1.54 version: 0.1.56
createNamespace: false
namespace: kube-services
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-istio-resource
chartmuseum: &chartmuseum
name: chartmuseum
chart: chartmuseum/chartmuseum
version: 3.10.2
createNamespace: false createNamespace: false
namespace: kube-services namespace: kube-services
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource - template: ext-istio-resource
keel: &keel keel: &keel
name: keel name: keel
chart: keel/keel chart: keel/keel
@ -450,4 +445,20 @@ templates:
createNamespace: false createNamespace: false
namespace: kube-system namespace: kube-system
traefik: &traefik
name: traefik
chart: traefik/traefik
version: 28.2.0
createNamespace: false
namespace: kube-system
inherit:
- template: default-env-values
local-path-provisioner: &local-path-provisioner
name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
createNamespace: false
namespace: kube-system
inherit:
- template: default-env-values

View File

@ -31,8 +31,8 @@ repositories:
url: https://constin.github.io/vaultwarden-helm/ url: https://constin.github.io/vaultwarden-helm/
- name: db-operator - name: db-operator
url: https://db-operator.github.io/charts url: https://db-operator.github.io/charts
- name: allanger-gitea # - name: allanger-gitea
url: https://git.badhouseplants.net/api/packages/allanger/helm # url: https://git.badhouseplants.net/api/packages/allanger/helm
- name: badhouseplants - name: badhouseplants
url: https://badhouseplants.github.io/helm-charts/ url: https://badhouseplants.github.io/helm-charts/
- name: woodpecker - name: woodpecker
@ -59,3 +59,7 @@ repositories:
url: https://chartmuseum.github.io/charts url: https://chartmuseum.github.io/charts
- name: keel - name: keel
url: https://charts.keel.sh url: https://charts.keel.sh
- name: traefik
url: https://traefik.github.io/charts
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26