Huge upgraqde to everything
This commit is contained in:
parent
10d7936625
commit
6c83d67c9c
@ -10,20 +10,13 @@ releases:
|
||||
installed: true
|
||||
- <<: *cilium
|
||||
installed: true
|
||||
|
||||
- <<: *local-path-provisioner
|
||||
|
||||
- <<: *zot
|
||||
installed: true
|
||||
- <<: *chartmuseum
|
||||
installed: false
|
||||
- <<: *keel
|
||||
- <<: *drone
|
||||
installed: true
|
||||
namespace: drone-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *drone-runner-docker
|
||||
installed: true
|
||||
namespace: drone-service
|
||||
createNamespace: false
|
||||
- <<: *traefik
|
||||
|
||||
- <<: *argocd
|
||||
installed: true
|
||||
@ -45,21 +38,6 @@ releases:
|
||||
namespace: funkwhale-application
|
||||
createNamespace: false
|
||||
|
||||
- <<: *prometheus
|
||||
installed: true
|
||||
namespace: monitoring-system
|
||||
createNamespace: true
|
||||
|
||||
- <<: *loki
|
||||
installed: false
|
||||
namespace: monitoring-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *promtail
|
||||
installed: true
|
||||
namespace: monitoring-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *bitwarden
|
||||
installed: false
|
||||
namespace: bitwarden-application
|
||||
@ -95,17 +73,16 @@ releases:
|
||||
namespace: woodpecker-ci
|
||||
createNamespace: true
|
||||
|
||||
|
||||
- <<: *istio-gateway-resources
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *vaultwarden
|
||||
createNamespace: true
|
||||
installed: true
|
||||
namespace: vaultwarden-application
|
||||
|
||||
- <<: *vaultwardentest
|
||||
createNamespace: false
|
||||
installed: true
|
||||
namespace: applications
|
||||
|
||||
- <<: *openvpn-xor
|
||||
installed: true
|
||||
namespace: openvpn-service
|
||||
@ -113,12 +90,7 @@ releases:
|
||||
|
||||
- <<: *docker-mailserver
|
||||
installed: true
|
||||
namespace: mail-service
|
||||
createNamespace: true
|
||||
|
||||
- <<: *tandoor
|
||||
installed: false
|
||||
namespace: tandoor-application
|
||||
namespace: applications
|
||||
createNamespace: true
|
||||
|
||||
- <<: *mailu
|
||||
|
27
badhouseplants/values/secrets.vaultwardentest.yaml
Normal file
27
badhouseplants/values/secrets.vaultwardentest.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
vaultwarden:
|
||||
smtp:
|
||||
username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str]
|
||||
password:
|
||||
value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str]
|
||||
adminToken:
|
||||
value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr
|
||||
R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C
|
||||
M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI
|
||||
a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS
|
||||
hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-06T15:15:43Z"
|
||||
mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
@ -1,18 +1,4 @@
|
||||
---
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: argocd-http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
kind: http
|
||||
hostname: argo.badhouseplants.net
|
||||
service: argocd-server
|
||||
port: 80
|
||||
|
||||
controller:
|
||||
resources:
|
||||
limits:
|
||||
@ -48,18 +34,35 @@ dex:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
||||
redis:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
||||
global:
|
||||
domain: argo.badhouseplants.net
|
||||
|
||||
server:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
ingressClassName: traefik
|
||||
tls: true
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
extraArgs:
|
||||
- --insecure
|
||||
servicePort:
|
||||
servicePortHttp: 80
|
||||
servicePortHttps: 80
|
||||
|
||||
repoServer:
|
||||
metrics:
|
||||
@ -71,6 +74,8 @@ repoServer:
|
||||
- name: regcred
|
||||
|
||||
configs:
|
||||
params:
|
||||
server.insecure: true
|
||||
rbac:
|
||||
policy.default: role:readonly
|
||||
scopes: "[email, group]"
|
||||
|
@ -1,125 +1,67 @@
|
||||
istio-gateway:
|
||||
traefik:
|
||||
enabled: true
|
||||
gateways:
|
||||
- name: badhouseplants-email
|
||||
servers:
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: smtp
|
||||
number: 25
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: pop3
|
||||
number: 110
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: imap
|
||||
number: 143
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: smtps
|
||||
number: 465
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: submission
|
||||
number: 587
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: imaps
|
||||
number: 993
|
||||
protocol: TCP
|
||||
- hosts:
|
||||
- "*"
|
||||
port:
|
||||
name: pop3s
|
||||
number: 995
|
||||
protocol: TCP
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: docker-mailserver-smpt
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
tcpRoutes:
|
||||
- name: docker-mailserver-smtp
|
||||
service: docker-mailserver
|
||||
hostname: badhouseplants.net
|
||||
port_match: 25
|
||||
match: HostSNI(`*`)
|
||||
entrypoint: smtp
|
||||
port: 25
|
||||
- name: docker-mailserver-smpts
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 465
|
||||
hostname: badhouseplants.net
|
||||
- name: docker-mailserver-smtps
|
||||
match: HostSNI(`*`)
|
||||
service: docker-mailserver
|
||||
entrypoint: smtps
|
||||
port: 465
|
||||
- name: docker-mailserver-smpt-startls
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
hostname: badhouseplants.net
|
||||
port_match: 587
|
||||
match: HostSNI(`*`)
|
||||
service: docker-mailserver
|
||||
entrypoint: smtp-startls
|
||||
port: 587
|
||||
- name: docker-mailserver-imap
|
||||
kind: tcp
|
||||
hostname: badhouseplants.net
|
||||
gateway: badhouseplants-email
|
||||
port_match: 143
|
||||
match: HostSNI(`*`)
|
||||
service: docker-mailserver
|
||||
entrypoint: imap
|
||||
port: 143
|
||||
- name: docker-mailserver-imaps
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
hostname: badhouseplants.net
|
||||
port_match: 993
|
||||
match: HostSNI(`*`)
|
||||
service: docker-mailserver
|
||||
entrypoint: imaps
|
||||
port: 993
|
||||
- name: docker-mailserver-pop3
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 110
|
||||
hostname: badhouseplants.net
|
||||
match: HostSNI(`*`)
|
||||
service: docker-mailserver
|
||||
entrypoint: pop3
|
||||
port: 110
|
||||
- name: docker-mailserver-pop3s
|
||||
kind: tcp
|
||||
gateway: badhouseplants-email
|
||||
port_match: 993
|
||||
hostname: badhouseplants.net
|
||||
match: HostSNI(`*`)
|
||||
service: docker-mailserver
|
||||
entrypoint: pop3s
|
||||
port: 993
|
||||
- name: docker-mailserver-rainloop
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: mail.badhouseplants.net
|
||||
service: docker-mailserver-rainloop
|
||||
port: 80
|
||||
|
||||
rainloop:
|
||||
enabled: true
|
||||
ingress:
|
||||
enabled: false
|
||||
enabled: true
|
||||
hosts:
|
||||
- mail.badhouseplants.net
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
tls:
|
||||
- secretName: mail-tls-secret
|
||||
hosts:
|
||||
- mail.badhouseplants.net
|
||||
|
||||
demoMode:
|
||||
enabled: false
|
||||
domains:
|
||||
- badhouseplants.net
|
||||
- mail.badhouseplants.net
|
||||
ssl:
|
||||
issuer:
|
||||
name: badhouseplants-issuer
|
||||
kind: ClusterIssuer
|
||||
dnsname: badhouseplants.net
|
||||
dns01provider: cloudflare
|
||||
useExisting: false
|
||||
useExisting: true
|
||||
existingName: mail-tls-secret
|
||||
pod:
|
||||
dockermailserver:
|
||||
enable_fail2ban: "0"
|
||||
|
@ -30,6 +30,22 @@ celery:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 75Mi
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
host: funkwhale.badhouseplants.net
|
||||
protocol: http
|
||||
|
||||
tls:
|
||||
- secretName: funkwhale-tls-secret
|
||||
hosts:
|
||||
- funkwhale.badhouseplants.net
|
||||
|
||||
extraEnv:
|
||||
FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
|
||||
FUNKWHALE_PROTOCOL: https
|
||||
@ -39,8 +55,7 @@ persistence:
|
||||
size: 10Gi
|
||||
s3:
|
||||
enabled: false
|
||||
ingress:
|
||||
enabled: false
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||
|
@ -1,25 +1,5 @@
|
||||
---
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: gitea-http
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: git.badhouseplants.net
|
||||
service: gitea-http
|
||||
port: 3000
|
||||
- name: gitea-ssh
|
||||
kind: tcp
|
||||
gateway: istio-system/badhouseplants-ssh
|
||||
hostname: "*"
|
||||
port_match: 22
|
||||
service: gitea-ssh
|
||||
port: 22
|
||||
# ------------------------------------------
|
||||
# -- Database extension is used to manage
|
||||
# -- database with db-operator
|
||||
# ------------------------------------------
|
||||
@ -27,9 +7,27 @@ ext-database:
|
||||
enabled: true
|
||||
name: gitea-postgres16
|
||||
instance: postgres16
|
||||
|
||||
# ------------------------------------------
|
||||
# -- Kubernetes related values
|
||||
# ------------------------------------------
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: git.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: gitea-tls-secret
|
||||
hosts:
|
||||
- git.badhouseplants.net
|
||||
replicaCount: 1
|
||||
clusterDomain: cluster.local
|
||||
|
||||
@ -47,8 +45,6 @@ persistence:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
# ------------------------------------------
|
||||
# -- Main Gitea settings
|
||||
# ------------------------------------------
|
||||
@ -125,3 +121,21 @@ postgresql-ha:
|
||||
enabled: false
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
|
||||
extraDeploy:
|
||||
- |
|
||||
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}-ssh
|
||||
spec:
|
||||
entryPoints:
|
||||
- git-ssh
|
||||
routes:
|
||||
- match: HostSNI(`git.badhouseplants.net`)
|
||||
services:
|
||||
- name: "{{ include "gitea.fullname" . }}-ssh"
|
||||
port: 22
|
||||
nativeLB: true
|
||||
{{- end }}
|
||||
|
3
badhouseplants/values/values.local-path-provisioner.yaml
Normal file
3
badhouseplants/values/values.local-path-provisioner.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
storageClass:
|
||||
create: true
|
||||
defaultClass: false
|
@ -1,81 +1,64 @@
|
||||
---
|
||||
certificate:
|
||||
# ------------------------------------------
|
||||
# -- Database extension is used to manage
|
||||
# -- database with db-operator
|
||||
# ------------------------------------------
|
||||
ext-database:
|
||||
enabled: true
|
||||
certificate:
|
||||
- name: mailu
|
||||
secretName: mailu-certificate
|
||||
issuer:
|
||||
kind: ClusterIssuer
|
||||
name: badhouseplants-issuer
|
||||
dnsNames:
|
||||
- badhouseplants.net
|
||||
- "email.badhouseplants.net"
|
||||
name: mailu-postgres16
|
||||
instance: postgres16
|
||||
extraDatabase:
|
||||
enabled: true
|
||||
name: roundcube-postgres16
|
||||
instance: postgres16
|
||||
|
||||
# ------------------------------------------
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
traefik:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: mailu-web
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: email.badhouseplants.net
|
||||
tcpRoutes:
|
||||
- name: mailu-smtp
|
||||
service: mailu-front
|
||||
port: 80
|
||||
- name: mailu-smpt
|
||||
kind: tcp
|
||||
gateway: badhouseplants-mail
|
||||
service: mailu-front
|
||||
hostname: email.badhousplants.net
|
||||
port_match: 25
|
||||
match: HostSNI(`*`)
|
||||
entrypoint: smtp
|
||||
port: 25
|
||||
- name: mailu-smpts
|
||||
kind: tcp
|
||||
gateway: badhouseplants-mail
|
||||
port_match: 465
|
||||
hostname: email.badhousplants.net
|
||||
- name: mailu-smtps
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: smtps
|
||||
port: 465
|
||||
- name: mailu-smpt-startls
|
||||
kind: tcp
|
||||
gateway: badhouseplants-mail
|
||||
hostname: email.badhousplants.net
|
||||
port_match: 587
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: smtp-startls
|
||||
port: 587
|
||||
- name: mailu-imap
|
||||
kind: tcp
|
||||
hostname: email.badhousplants.net
|
||||
gateway: badhouseplants-mail
|
||||
port_match: 143
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: imap
|
||||
port: 143
|
||||
- name: mailu-imaps
|
||||
kind: tcp
|
||||
gateway: badhouseplants-mail
|
||||
hostname: email.badhousplants.net
|
||||
port_match: 993
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: imaps
|
||||
port: 993
|
||||
- name: mailu-pop3
|
||||
kind: tcp
|
||||
gateway: badhouseplants-mail
|
||||
port_match: 110
|
||||
hostname: email.badhousplants.net
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: pop3
|
||||
port: 110
|
||||
- name: mailu-pop3s
|
||||
kind: tcp
|
||||
gateway: badhouseplants-mail
|
||||
port_match: 993
|
||||
hostname: email.badhousplants.net
|
||||
match: HostSNI(`*`)
|
||||
service: mailu-front
|
||||
entrypoint: pop3s
|
||||
port: 993
|
||||
subnet: 10.244.0.0/16
|
||||
sessionCookieSecure: true
|
||||
hostnames:
|
||||
- post.badhouseplants.net
|
||||
- badhouseplants.net
|
||||
- email.badhouseplants.net
|
||||
domain: badhouseplants.net
|
||||
persistence:
|
||||
single_pvc: false
|
||||
@ -85,13 +68,17 @@ limits:
|
||||
tls:
|
||||
outboundLevel: secure
|
||||
ingress:
|
||||
enabled: false
|
||||
tls: false
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
tls: true
|
||||
annotations:
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
tlsFlavorOverride: mail
|
||||
selfSigned: false
|
||||
existingSecret: mailu-certificate
|
||||
realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local
|
||||
realIpHeader: "X-Envoy-External-Address"
|
||||
realIpFrom: traefik.kube-system.svc.cluster.local
|
||||
realIpHeader: "X-Real-IP"
|
||||
front:
|
||||
hostPort:
|
||||
enabled: false
|
||||
@ -150,16 +137,18 @@ roundcube:
|
||||
mysql:
|
||||
enabled: false
|
||||
postgresql:
|
||||
enabled: false
|
||||
## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically.
|
||||
externalDatabase:
|
||||
## @param externalDatabase.enabled Set to true to use an external database
|
||||
enabled: true
|
||||
auth:
|
||||
enablePostgresUser: true
|
||||
username: mailu
|
||||
database: mailu
|
||||
persistence:
|
||||
enabled: false
|
||||
storageClass: ""
|
||||
accessMode: ReadWriteOnce
|
||||
size: 2Gi
|
||||
type: postgresql
|
||||
existingSecret: mailu-postgres16-creds
|
||||
existingSecretDatabaseKey: POSTGRES_DB
|
||||
existingSecretUsernameKey: POSTGRES_USER
|
||||
existingSecretPasswordKey: POSTGRES_PASSWORD
|
||||
host: postgres16-postgresql.database-service.svc.cluster.local
|
||||
port: 5432
|
||||
rspamd:
|
||||
resources:
|
||||
requests:
|
||||
@ -181,3 +170,10 @@ webmail:
|
||||
accessModes: [ReadWriteOnce]
|
||||
claimNameOverride: ""
|
||||
annotations: {}
|
||||
global:
|
||||
database:
|
||||
roundcube:
|
||||
database: applications-roundcube-postgres16
|
||||
username: applications-roundcube-postgres16
|
||||
existingSecret: roundcube-postgres16-creds
|
||||
existingSecretPasswordKey: POSTGRES_PASSWORD
|
||||
|
@ -19,6 +19,39 @@ istio:
|
||||
service: minio
|
||||
port: 9000
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: ~
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
path: /
|
||||
hosts:
|
||||
- s3.badhouseplants.net
|
||||
tls:
|
||||
- secretName: s3-tls-secret
|
||||
hosts:
|
||||
- s3.badhouseplants.net
|
||||
consoleIngress:
|
||||
enabled: true
|
||||
ingressClassName: ~
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
path: /
|
||||
hosts:
|
||||
- minio.badhouseplants.net
|
||||
tls:
|
||||
- secretName: minio-tls-secret
|
||||
hosts:
|
||||
- minio.badhouseplants.net
|
||||
|
||||
rootUser: 'overlord'
|
||||
replicas: 1
|
||||
mode: standalone
|
||||
|
@ -1,10 +1,6 @@
|
||||
namespaces:
|
||||
- name: longhorn-system
|
||||
- name: cert-manager
|
||||
- name: minio-service
|
||||
- name: metallb-system
|
||||
- name: reflector-system
|
||||
- name: drone-service
|
||||
- name: argo-system
|
||||
- name: nrodionov-application
|
||||
- name: minecraft-application
|
||||
@ -15,18 +11,16 @@ namespaces:
|
||||
https://ci.badhouseplants.net/repos/15
|
||||
- name: gitea-service
|
||||
- name: funkwhale-application
|
||||
- name: monitoring-system
|
||||
- name: bitwarden-application
|
||||
- name: database-service
|
||||
- name: mail-service
|
||||
- name: istio-system
|
||||
- name: vaultwarden-application
|
||||
- name: woodpecker-ci
|
||||
- name: openvpn-service
|
||||
- name: tandoor-application
|
||||
- name: badhouseplants-main
|
||||
labels:
|
||||
istio-injection: enabled
|
||||
- name: badhouseplants-preview
|
||||
- name: mailu-application
|
||||
- name: kube-services
|
||||
- name: applications
|
@ -17,7 +17,20 @@ ext-database:
|
||||
enabled: true
|
||||
name: nrodionov-mysql
|
||||
instance: mysql
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
pathType: ImplementationSpecific
|
||||
hostname: dev.nrodionov.info
|
||||
path: /
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
tls: true
|
||||
tlsWwwPrefix: false
|
||||
selfSigned: false
|
||||
wordpressBlogName: Николай Николаевич Родионов
|
||||
wordpressUsername: admin
|
||||
wordpressFirstName: Nikolai
|
||||
|
@ -3,17 +3,26 @@
|
||||
# -- Istio extenstion. Just because I'm
|
||||
# -- not using ingress nginx
|
||||
# ------------------------------------------
|
||||
istio:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: openvpn-tcp-xor
|
||||
gateway: istio-system/badhouseplants-vpn
|
||||
kind: tcp
|
||||
port_match: 1194
|
||||
hostname: "*"
|
||||
service: openvpn-xor
|
||||
port: 1194
|
||||
# istio:
|
||||
# enabled: true
|
||||
# istio:
|
||||
# - name: openvpn-tcp-xor
|
||||
# gateway: istio-system/badhouseplants-vpn
|
||||
# kind: tcp
|
||||
# port_match: 1194
|
||||
# hostname: "*"
|
||||
# service: openvpn-xor
|
||||
# port: 1194
|
||||
# ------------------------------------------
|
||||
traefik:
|
||||
enabled: true
|
||||
tcpRoutes:
|
||||
- name: openvpn-xor
|
||||
service: openvpn-xor
|
||||
match: HostSNI(`*`)
|
||||
entrypoint: openvpn
|
||||
port: 1194
|
||||
|
||||
storage:
|
||||
class: longhorn
|
||||
size: 512Mi
|
||||
|
78
badhouseplants/values/values.traefik.yaml
Normal file
78
badhouseplants/values/values.traefik.yaml
Normal file
@ -0,0 +1,78 @@
|
||||
globalArguments:
|
||||
- "--serversTransport.insecureSkipVerify=true"
|
||||
service:
|
||||
spec:
|
||||
externalTrafficPolicy: Local
|
||||
ports:
|
||||
git-ssh:
|
||||
port: 22
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 22
|
||||
protocol: TCP
|
||||
openvpn:
|
||||
port: 1194
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 1194
|
||||
protocol: TCP
|
||||
valve-server:
|
||||
port: 27015
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 27015
|
||||
protocol: UDP
|
||||
valve-rcon:
|
||||
port: 27015
|
||||
expose:
|
||||
default: true
|
||||
exposedPort: 27015
|
||||
protocol: TCP
|
||||
smtp:
|
||||
port: 25
|
||||
protocol: TCP
|
||||
exposedPort: 25
|
||||
expose:
|
||||
default: true
|
||||
smtps:
|
||||
port: 465
|
||||
protocol: TCP
|
||||
exposedPort: 465
|
||||
expose:
|
||||
default: true
|
||||
smtp-startls:
|
||||
port: 587
|
||||
protocol: TCP
|
||||
exposedPort: 587
|
||||
expose:
|
||||
default: true
|
||||
imap:
|
||||
port: 143
|
||||
protocol: TCP
|
||||
exposedPort: 143
|
||||
expose:
|
||||
default: true
|
||||
imaps:
|
||||
port: 993
|
||||
protocol: TCP
|
||||
exposedPort: 993
|
||||
expose:
|
||||
default: true
|
||||
pop3:
|
||||
port: 110
|
||||
protocol: TCP
|
||||
exposedPort: 110
|
||||
expose:
|
||||
default: true
|
||||
pop3s:
|
||||
port: 995
|
||||
protocol: TCP
|
||||
exposedPort: 995
|
||||
expose:
|
||||
default: true
|
||||
minecraft:
|
||||
port: 25565
|
||||
protocol: TCP
|
||||
exposedPort: 25565
|
||||
expose:
|
||||
default: true
|
@ -61,3 +61,20 @@ vaultwarden:
|
||||
enabled: false
|
||||
logfile: "/data/vaultwarden.log"
|
||||
loglevel: "warn"
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: vault.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: vault-tls-secret
|
||||
hosts:
|
||||
- vault.badhouseplants.net
|
||||
|
58
badhouseplants/values/values.vaultwardentest.yaml
Normal file
58
badhouseplants/values/values.vaultwardentest.yaml
Normal file
@ -0,0 +1,58 @@
|
||||
service:
|
||||
port: 8080
|
||||
vaultwarden:
|
||||
smtp:
|
||||
host: mail.badhouseplants.net
|
||||
security: "starttls"
|
||||
port: 587
|
||||
from: vaulttest@badhouseplants.net
|
||||
fromName: Vault Warden
|
||||
authMechanism: "Plain"
|
||||
acceptInvalidHostnames: "false"
|
||||
acceptInvalidCerts: "false"
|
||||
debug: false
|
||||
domain: https://vaulttest.badhouseplants.net
|
||||
websocket:
|
||||
enabled: true
|
||||
address: "0.0.0.0"
|
||||
port: 3012
|
||||
rocket:
|
||||
port: "8080"
|
||||
workers: "10"
|
||||
webVaultEnabled: "true"
|
||||
signupsAllowed: false
|
||||
invitationsAllowed: true
|
||||
signupDomains: "https://vaulttest.badhouseplants.net"
|
||||
signupsVerify: "true"
|
||||
showPassHint: "false"
|
||||
# database:
|
||||
# existingSecret: vaultwarden-postgres16-creds
|
||||
# existingSecretKey: CONNECTION_STRING
|
||||
# connectionRetries: 15
|
||||
# maxConnections: 10
|
||||
storage:
|
||||
enabled: false
|
||||
# size: 1Gi
|
||||
# class: longhorn
|
||||
# dataDir: /data
|
||||
logging:
|
||||
enabled: false
|
||||
logfile: "/data/vaultwarden.log"
|
||||
loglevel: "warn"
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: vaulttest.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: vault-tls-secret
|
||||
hosts:
|
||||
- vaulttest.badhouseplants.net
|
@ -18,6 +18,22 @@ ext-database:
|
||||
credentials:
|
||||
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
|
||||
server:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
hosts:
|
||||
- host: ci.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
tls:
|
||||
- secretName: woodpecker-tls-secret
|
||||
hosts:
|
||||
- ci.badhouseplants.net
|
||||
#image:
|
||||
# registry: git.badhouseplants.net
|
||||
# repository: allanger/woodpecker-server
|
||||
|
@ -1,12 +1,21 @@
|
||||
istio:
|
||||
ingress:
|
||||
enabled: true
|
||||
istio:
|
||||
- name: zot
|
||||
kind: http
|
||||
gateway: istio-system/badhouseplants-net
|
||||
hostname: registry.badhouseplants.net
|
||||
service: zot
|
||||
port: 5000
|
||||
className: ~
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
kubernetes.io/tls-acme: "true"
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
kubernetes.io/ingress.global-static-ip-name: ""
|
||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||
pathtype: ImplementationSpecific
|
||||
hosts:
|
||||
- host: registry.badhouseplants.net
|
||||
paths:
|
||||
- path: /
|
||||
tls:
|
||||
- secretName: zot-secret-tls
|
||||
hosts:
|
||||
- registry.badhouseplants.net
|
||||
strategy:
|
||||
type: Recreate
|
||||
service:
|
||||
|
@ -23,3 +23,28 @@ ext-database:
|
||||
secret: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
- |
|
||||
{{- if (.Values.extraDatabase).enabled }}
|
||||
---
|
||||
apiVersion: kinda.rocks/v1beta1
|
||||
kind: Database
|
||||
metadata:
|
||||
name: "{{ .Values.extraDatabase.name }}"
|
||||
spec:
|
||||
secretName: "{{ .Values.extraDatabase.name }}-creds"
|
||||
instance: "{{ .Values.extraDatabase.instance }}"
|
||||
deletionProtected: true
|
||||
backup:
|
||||
enable: false
|
||||
cron: 0 0 * * *
|
||||
{{- if .Values.extraDatabase.credentials }}
|
||||
credentials:
|
||||
templates:
|
||||
{{- range $key, $value := .Values.extraDatabase.credentials }}
|
||||
- name: {{ $key }}
|
||||
template: {{ $value }}
|
||||
secret: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
20
common/values.tcp-route.yaml
Normal file
20
common/values.tcp-route.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
traefik:
|
||||
templates:
|
||||
- |
|
||||
{{ range .Values.tcpRoutes }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
entryPoints:
|
||||
- {{ .entrypoint }}
|
||||
routes:
|
||||
- match: {{ .match }}
|
||||
services:
|
||||
- name: {{ .service }}
|
||||
nativeLB: true
|
||||
port: {{ .port }}
|
||||
{{- end }}
|
13
common/values.tcproute.yaml
Normal file
13
common/values.tcproute.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
tcproute:
|
||||
templates:
|
||||
- |
|
||||
---
|
||||
{{ range .Values.routes }}
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" .Release.Name .name }}
|
||||
spec:
|
||||
{{ tpl (.routes | toYaml | indent 2 | toString) $ }}
|
||||
{{ end }}
|
@ -7,6 +7,21 @@ releases:
|
||||
namespace: openvpn-service
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-base
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-gateway
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istiod
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
bases:
|
||||
- ../environments.yaml
|
||||
- ../repositories.yaml
|
||||
|
@ -95,6 +95,10 @@ buckets:
|
||||
policy: none
|
||||
purge: false
|
||||
versioning: false
|
||||
- name: velero-test
|
||||
policy: none
|
||||
purge: false
|
||||
versioning: false
|
||||
- name: restic
|
||||
policy: none
|
||||
purge: false
|
||||
|
@ -11,24 +11,9 @@ releases:
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-base
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istio-gateway
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *istiod
|
||||
installed: true
|
||||
namespace: istio-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *cert-manager
|
||||
installed: true
|
||||
namespace: cert-manager
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *minio
|
||||
@ -38,17 +23,17 @@ releases:
|
||||
|
||||
- <<: *metallb
|
||||
installed: true
|
||||
namespace: metallb-system
|
||||
createNamespace: true
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *reflector
|
||||
installed: true
|
||||
namespace: reflector-system
|
||||
createNamespace: true
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
- <<: *metallb-resources
|
||||
installed: true
|
||||
namespace: metallb-system
|
||||
namespace: kube-system
|
||||
createNamespace: false
|
||||
|
||||
helmfiles:
|
||||
|
@ -31,7 +31,7 @@ metadata:
|
||||
namespace: debug
|
||||
spec:
|
||||
rules:
|
||||
- host: httpbin.rocks
|
||||
- host: "httpbin.badhouseplants.net"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
|
18
manifests/httpo1-cluster-issuer.yaml
Normal file
18
manifests/httpo1-cluster-issuer.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: cluster-issuer
|
||||
app.kubernetes.io/name: acme-cluster-issuer
|
||||
name: badhouseplants-issuer-http01
|
||||
spec:
|
||||
acme:
|
||||
email: allanger@zohomail.com
|
||||
preferredChain: ""
|
||||
privateKeySecretRef:
|
||||
name: badhouseplants-issuer-htt01-account-key
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
ingressClassName: traefik
|
@ -1,4 +1,3 @@
|
||||
---
|
||||
templates:
|
||||
# ---------------------------
|
||||
# -- Hooks
|
||||
@ -49,6 +48,14 @@ templates:
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
||||
|
||||
ext-tcp-routes:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
version: 2.0.0
|
||||
alias: traefik
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml'
|
||||
|
||||
ext-istio-resource:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -56,6 +63,7 @@ templates:
|
||||
alias: istio
|
||||
values:
|
||||
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
|
||||
|
||||
ext-certificate:
|
||||
dependencies:
|
||||
- chart: bedag/raw
|
||||
@ -137,25 +145,24 @@ templates:
|
||||
cert-manager: &cert-manager
|
||||
name: cert-manager
|
||||
chart: jetstack/cert-manager
|
||||
version: 1.14.5
|
||||
version: 1.15.0
|
||||
set:
|
||||
- name: installCRDs
|
||||
value: true
|
||||
longhorn: &longhorn
|
||||
name: longhorn
|
||||
chart: longhorn/longhorn
|
||||
version: 1.6.1
|
||||
version: 1.6.2
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
argocd: &argocd
|
||||
name: argocd
|
||||
chart: argo/argo-cd
|
||||
version: 6.9.3
|
||||
version: 7.1.3
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
monitoring-common:
|
||||
labels:
|
||||
@ -170,7 +177,6 @@ templates:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: crd-management-hook
|
||||
- template: ext-istio-resource
|
||||
|
||||
loki: &loki
|
||||
name: loki
|
||||
@ -231,10 +237,10 @@ templates:
|
||||
openvpn-xor: &openvpn-xor
|
||||
name: openvpn-xor
|
||||
chart: allanger-gitea/openvpn-xor
|
||||
version: 1.3.0
|
||||
version: 1.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-istio-resource
|
||||
- template: ext-tcp-routes
|
||||
|
||||
openvpn: &openvpn
|
||||
name: openvpn
|
||||
@ -242,7 +248,6 @@ templates:
|
||||
version: 1.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-istio-resource
|
||||
# ----------------------------
|
||||
# -- Drone
|
||||
# ----------------------------
|
||||
@ -256,7 +261,6 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: drone-common
|
||||
|
||||
drone-runner-docker: &drone-runner-docker
|
||||
@ -271,21 +275,19 @@ templates:
|
||||
woodpecker-ci: &woodpecker-ci
|
||||
name: woodpecker-ci
|
||||
chart: woodpecker/woodpecker
|
||||
version: 1.3.0
|
||||
version: 1.4.0
|
||||
inherit:
|
||||
- template: ext-database
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
nrodionov: &nrodionov
|
||||
name: nrodionov
|
||||
chart: bitnami/wordpress
|
||||
version: 22.2.11
|
||||
version: 22.4.10
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
minio: &minio
|
||||
name: minio
|
||||
@ -294,16 +296,14 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
gitea: &gitea
|
||||
name: gitea
|
||||
chart: gitea/gitea
|
||||
version: 10.1.4
|
||||
version: 10.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
funkwhale: &funkwhale
|
||||
@ -313,7 +313,6 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
bitwarden: &bitwarden
|
||||
@ -323,12 +322,11 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
redis: &redis
|
||||
name: redis
|
||||
chart: bitnami/redis
|
||||
version: 19.3.3
|
||||
version: 19.5.3
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -336,7 +334,7 @@ templates:
|
||||
postgres16: &postgres16
|
||||
name: postgres16
|
||||
chart: bitnami/postgresql
|
||||
version: 15.3.3
|
||||
version: 15.5.5
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -357,7 +355,7 @@ templates:
|
||||
mysql: &mysql
|
||||
name: mysql
|
||||
chart: bitnami/mysql
|
||||
version: 10.2.4
|
||||
version: 11.1.2
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
@ -368,8 +366,7 @@ templates:
|
||||
version: 2.3.1
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: ext-istio-gateway
|
||||
- template: ext-istio-resource
|
||||
- template: ext-tcp-routes
|
||||
|
||||
vaultwarden: &vaultwarden
|
||||
name: vaultwarden
|
||||
@ -378,9 +375,16 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
vaultwarden-test: &vaultwardentest
|
||||
name: vaultwardentest
|
||||
chart: allanger-gitea/vaultwarden
|
||||
version: 1.2.0
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
|
||||
reflector: &reflector
|
||||
name: reflector
|
||||
chart: emberstack/reflector
|
||||
@ -393,8 +397,9 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-certificate
|
||||
- template: ext-tcp-routes
|
||||
- template: ext-database
|
||||
|
||||
tandoor: &tandoor
|
||||
name: tandoor
|
||||
@ -403,13 +408,12 @@ templates:
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
- template: ext-database
|
||||
|
||||
coredns: &coredns
|
||||
name: coredns
|
||||
chart: coredns/coredns
|
||||
version: 1.29.0
|
||||
version: 1.31.0
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
@ -417,7 +421,7 @@ templates:
|
||||
cilium: &cilium
|
||||
name: cilium
|
||||
chart: cilium/cilium
|
||||
version: 1.15.5
|
||||
version: 1.15.6
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
@ -426,23 +430,14 @@ templates:
|
||||
zot: &zot
|
||||
name: zot
|
||||
chart: zot/zot
|
||||
version: 0.1.54
|
||||
createNamespace: false
|
||||
namespace: kube-services
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
chartmuseum: &chartmuseum
|
||||
name: chartmuseum
|
||||
chart: chartmuseum/chartmuseum
|
||||
version: 3.10.2
|
||||
version: 0.1.56
|
||||
createNamespace: false
|
||||
namespace: kube-services
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
- template: default-env-secrets
|
||||
- template: ext-istio-resource
|
||||
|
||||
keel: &keel
|
||||
name: keel
|
||||
chart: keel/keel
|
||||
@ -450,4 +445,20 @@ templates:
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
|
||||
traefik: &traefik
|
||||
name: traefik
|
||||
chart: traefik/traefik
|
||||
version: 28.2.0
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
local-path-provisioner: &local-path-provisioner
|
||||
name: local-path-provisioner
|
||||
chart: local-path-provisioner/local-path-provisioner
|
||||
createNamespace: false
|
||||
namespace: kube-system
|
||||
inherit:
|
||||
- template: default-env-values
|
||||
|
||||
|
@ -31,8 +31,8 @@ repositories:
|
||||
url: https://constin.github.io/vaultwarden-helm/
|
||||
- name: db-operator
|
||||
url: https://db-operator.github.io/charts
|
||||
- name: allanger-gitea
|
||||
url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||
# - name: allanger-gitea
|
||||
# url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||
- name: badhouseplants
|
||||
url: https://badhouseplants.github.io/helm-charts/
|
||||
- name: woodpecker
|
||||
@ -59,3 +59,7 @@ repositories:
|
||||
url: https://chartmuseum.github.io/charts
|
||||
- name: keel
|
||||
url: https://charts.keel.sh
|
||||
- name: traefik
|
||||
url: https://traefik.github.io/charts
|
||||
- name: local-path-provisioner
|
||||
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26
|
||||
|
Reference in New Issue
Block a user