Fix the cluster
This commit is contained in:
parent
896e939c2d
commit
9cf8656ba5
@ -1,10 +1,10 @@
|
|||||||
djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str]
|
djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str]
|
||||||
postgresql:
|
postgresql:
|
||||||
auth:
|
auth:
|
||||||
password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str]
|
password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str]
|
||||||
redis:
|
redis:
|
||||||
auth:
|
auth:
|
||||||
password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str]
|
password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -14,14 +14,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG
|
||||||
TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL
|
MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ
|
||||||
VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y
|
WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3
|
||||||
dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
|
S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX
|
||||||
GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
|
E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-10-04T18:47:37Z"
|
lastmodified: "2024-01-26T15:39:00Z"
|
||||||
mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str]
|
mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.0
|
version: 3.8.1
|
||||||
|
@ -1,23 +1,23 @@
|
|||||||
gitea:
|
gitea:
|
||||||
admin:
|
admin:
|
||||||
username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str]
|
username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str]
|
||||||
password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
|
password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str]
|
||||||
config:
|
config:
|
||||||
mailer:
|
mailer:
|
||||||
PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str]
|
PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str]
|
||||||
database:
|
database:
|
||||||
PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str]
|
PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str]
|
||||||
session:
|
session:
|
||||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str]
|
PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str]
|
||||||
cache:
|
cache:
|
||||||
HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str]
|
HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str]
|
||||||
queue:
|
queue:
|
||||||
CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str]
|
CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str]
|
||||||
oauth:
|
oauth:
|
||||||
- name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str]
|
- name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str]
|
||||||
provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str]
|
provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str]
|
||||||
key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str]
|
key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str]
|
||||||
secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str]
|
secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -27,14 +27,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6
|
||||||
QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu
|
VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv
|
||||||
LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4
|
MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu
|
||||||
Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
|
YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns
|
||||||
WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
|
xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-10-15T09:58:05Z"
|
lastmodified: "2024-01-26T15:39:40Z"
|
||||||
mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str]
|
mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
global:
|
||||||
|
dnsService: "coredns"
|
||||||
singleBinary:
|
singleBinary:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
persistence:
|
persistence:
|
||||||
|
@ -1,13 +1,14 @@
|
|||||||
defaultSettings:
|
defaultSettings:
|
||||||
backupTarget: s3://longhorn@us-east1/backupstore
|
backupTarget: s3://longhorn@us-east1/backupstore
|
||||||
backupTargetCredentialSecret: aws-secret
|
backupTargetCredentialSecret: aws-secret
|
||||||
guaranteedEngineManagerCPU: 6
|
guaranteedEngineManagerCPU: 6
|
||||||
guaranteedReplicaManagerCPU: 6
|
guaranteedReplicaManagerCPU: 6
|
||||||
storageOverProvisioningPercentage: 300
|
storageOverProvisioningPercentage: 300
|
||||||
storageMinimalAvailablePercentage: 5
|
storageMinimalAvailablePercentage: 5
|
||||||
defaultDataPath: /media-longhorn
|
storageReservedPercentageForDefaultDisk: 1
|
||||||
|
defaultDataPath: /media/longhorn
|
||||||
csi:
|
csi:
|
||||||
kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
|
kubeletRootDir: /var/lib/kubelet/
|
||||||
persistence:
|
persistence:
|
||||||
defaultClassReplicaCount: 1
|
defaultClassReplicaCount: 1
|
||||||
enablePSP: false
|
enablePSP: false
|
||||||
|
@ -34,7 +34,6 @@ server:
|
|||||||
WOODPECKER_HOST: "https://ci.badhouseplants.net"
|
WOODPECKER_HOST: "https://ci.badhouseplants.net"
|
||||||
WOODPECKER_ESCALATE: true
|
WOODPECKER_ESCALATE: true
|
||||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
||||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
|
|
||||||
extraSecretNamesForEnvFrom:
|
extraSecretNamesForEnvFrom:
|
||||||
- woodpecker-postgres16-creds
|
- woodpecker-postgres16-creds
|
||||||
agent:
|
agent:
|
||||||
@ -49,7 +48,7 @@ agent:
|
|||||||
WOODPECKER_SERVER: woodpecker-ci-server:9000
|
WOODPECKER_SERVER: woodpecker-ci-server:9000
|
||||||
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
|
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
|
||||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
||||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath
|
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
create: true
|
create: true
|
||||||
rbac:
|
rbac:
|
||||||
|
23
system/charts/namespaces/chart/.helmignore
Normal file
23
system/charts/namespaces/chart/.helmignore
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*.orig
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
24
system/charts/namespaces/chart/Chart.yaml
Normal file
24
system/charts/namespaces/chart/Chart.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: namespaces
|
||||||
|
description: A Helm chart for Kubernetes
|
||||||
|
|
||||||
|
# A chart can be either an 'application' or a 'library' chart.
|
||||||
|
#
|
||||||
|
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||||
|
# to be deployed.
|
||||||
|
#
|
||||||
|
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||||
|
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||||
|
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||||
|
type: application
|
||||||
|
|
||||||
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
|
# to the chart and its templates, including the app version.
|
||||||
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
|
version: 0.1.0
|
||||||
|
|
||||||
|
# This is the version number of the application being deployed. This version number should be
|
||||||
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
|
# It is recommended to use it with quotes.
|
||||||
|
appVersion: "1.16.0"
|
43
system/charts/namespaces/chart/templates/_helpers.tpl
Normal file
43
system/charts/namespaces/chart/templates/_helpers.tpl
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride }}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||||
|
{{- if contains $name .Release.Name }}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "namespaces.chart" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
18
system/charts/namespaces/chart/templates/namespaces.yaml
Normal file
18
system/charts/namespaces/chart/templates/namespaces.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{{- if .Values.namespaces }}
|
||||||
|
{{- range $ns := .Values.namespaces }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: {{ $ns.name }}
|
||||||
|
labels:
|
||||||
|
{{- include "namespaces.labels" $ | nindent 4 }}
|
||||||
|
{{- with $ns.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with $ns.annotations}}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
20
system/charts/namespaces/chart/values.yaml
Normal file
20
system/charts/namespaces/chart/values.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
namespaces:
|
||||||
|
- name: giantswarm-flux
|
||||||
|
labels:
|
||||||
|
name: giantswarm-flux
|
||||||
|
- name: giantswarm
|
||||||
|
labels:
|
||||||
|
name: giantswarm
|
||||||
|
- name: monitoring
|
||||||
|
labels:
|
||||||
|
name: monitoring
|
||||||
|
- name: org-giantswarm
|
||||||
|
labels:
|
||||||
|
name: org-giantswarm
|
||||||
|
- name: flux-system
|
||||||
|
labels:
|
||||||
|
name: flux-system
|
||||||
|
- name: flux-giantswarm
|
||||||
|
labels:
|
||||||
|
name: flux-giantswarm
|
||||||
|
- name: policy-exception
|
6
system/charts/namespaces/kustomize/flux-system.yml
Normal file
6
system/charts/namespaces/kustomize/flux-system.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
labels:
|
||||||
|
name: flux-system
|
6
system/charts/namespaces/kustomize/giantswarm-flux.yml
Normal file
6
system/charts/namespaces/kustomize/giantswarm-flux.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: giantswarm-flux
|
||||||
|
labels:
|
||||||
|
name: giantswarm-flux
|
6
system/charts/namespaces/kustomize/giantswarm.yml
Normal file
6
system/charts/namespaces/kustomize/giantswarm.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: giantswarm
|
||||||
|
labels:
|
||||||
|
name: giantswarm
|
5
system/charts/namespaces/kustomize/kustomization.yaml
Normal file
5
system/charts/namespaces/kustomize/kustomization.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
resources:
|
||||||
|
- ./giantswarm-flux.yml
|
||||||
|
- ./giantswarm.yml
|
||||||
|
- ./monitoring.yml
|
||||||
|
- ./org-giantswarm.yml
|
6
system/charts/namespaces/kustomize/monitoring.yml
Normal file
6
system/charts/namespaces/kustomize/monitoring.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: monitoring
|
||||||
|
labels:
|
||||||
|
name: monitoring
|
6
system/charts/namespaces/kustomize/org-giantswarm.yml
Normal file
6
system/charts/namespaces/kustomize/org-giantswarm.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: org-giantswarm
|
||||||
|
labels:
|
||||||
|
name: org-giantswarm
|
23
system/charts/root/.helmignore
Normal file
23
system/charts/root/.helmignore
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*.orig
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
6
system/charts/root/Chart.yaml
Normal file
6
system/charts/root/Chart.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: root
|
||||||
|
description: A Helm chart for Kubernetes
|
||||||
|
type: application
|
||||||
|
version: 0.1.5
|
||||||
|
appVersion: "1.16.0"
|
62
system/charts/root/templates/_helpers.tpl
Normal file
62
system/charts/root/templates/_helpers.tpl
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "root.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "root.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride }}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||||
|
{{- if contains $name .Release.Name }}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "root.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "root.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "root.chart" . }}
|
||||||
|
{{ include "root.selectorLabels" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Selector labels
|
||||||
|
*/}}
|
||||||
|
{{- define "root.selectorLabels" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "root.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "root.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
25
system/charts/root/templates/root.yaml
Normal file
25
system/charts/root/templates/root.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: root
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
url: {{ .Values.url }}
|
||||||
|
ref:
|
||||||
|
branch: {{ .Values.branch }}
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: root
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
targetNamespace: flux-system
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: root
|
||||||
|
path: "."
|
||||||
|
prune: false
|
||||||
|
timeout: 1m
|
||||||
|
{{- end }}
|
25
system/charts/root/templates/self.yaml
Normal file
25
system/charts/root/templates/self.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: root-self
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
url: {{ .Values.self.url }}
|
||||||
|
ref:
|
||||||
|
branch: {{ .Values.self.branch }}
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: root-self
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
targetNamespace: flux-system
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: root-self
|
||||||
|
path: "."
|
||||||
|
prune: false
|
||||||
|
timeout: 1m
|
||||||
|
{{- end }}
|
5
system/charts/root/values.yaml
Normal file
5
system/charts/root/values.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
|
||||||
|
branch: main
|
||||||
|
self:
|
||||||
|
url: git@git.badhouseplants.net:giantswarm/root-config.git
|
||||||
|
branch: master
|
51
system/helmfile.yaml
Normal file
51
system/helmfile.yaml
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
repositories:
|
||||||
|
- name: projectcalico
|
||||||
|
url: https://docs.tigera.io/calico/charts
|
||||||
|
- name: coredns
|
||||||
|
url: https://coredns.github.io/helm
|
||||||
|
- name: flannel
|
||||||
|
url: https://flannel-io.github.io/flannel/
|
||||||
|
- name: cilium
|
||||||
|
url: https://helm.cilium.io/
|
||||||
|
- name: hcloud
|
||||||
|
url: https://charts.hetzner.cloud
|
||||||
|
|
||||||
|
releases:
|
||||||
|
- name: namespaces
|
||||||
|
chart: ./charts/namespaces/chart
|
||||||
|
namespace: kube-public
|
||||||
|
createNamespace: false
|
||||||
|
values:
|
||||||
|
- ./values/namespaces.yaml
|
||||||
|
|
||||||
|
- name: hccm
|
||||||
|
chart: hcloud/hcloud-cloud-controller-manager
|
||||||
|
needs:
|
||||||
|
- kube-public/namespaces
|
||||||
|
namespace: kube-system
|
||||||
|
version: 1.19.0
|
||||||
|
installed: false
|
||||||
|
createNamespace: false
|
||||||
|
values:
|
||||||
|
- ./values/hcloud.yaml
|
||||||
|
|
||||||
|
- name: coredns
|
||||||
|
needs:
|
||||||
|
- kube-public/namespaces
|
||||||
|
chart: coredns/coredns
|
||||||
|
installed: true
|
||||||
|
version: 1.29.0
|
||||||
|
namespace: kube-system
|
||||||
|
values:
|
||||||
|
- ./values/coredns.yaml
|
||||||
|
|
||||||
|
- name: cilium
|
||||||
|
chart: cilium/cilium
|
||||||
|
version: 1.14.6
|
||||||
|
installed: true
|
||||||
|
createNamespace: false
|
||||||
|
namespace: kube-system
|
||||||
|
needs:
|
||||||
|
- kube-public/namespaces
|
||||||
|
values:
|
||||||
|
- ./values/cilium.yaml
|
12
system/values/calico.yaml
Normal file
12
system/values/calico.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
installation:
|
||||||
|
enabled: true
|
||||||
|
spec:
|
||||||
|
calicoNetwork:
|
||||||
|
bgp: Enabled
|
||||||
|
nodeAddressAutodetectionV4:
|
||||||
|
interface: ens11
|
||||||
|
ipPools:
|
||||||
|
- cidr: 10.50.0.0/16
|
||||||
|
encapsulation: VXLANCrossSubnet
|
||||||
|
natOutgoing: Enabled
|
||||||
|
nodeSelector: all()
|
11
system/values/cilium.yaml
Normal file
11
system/values/cilium.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
operator:
|
||||||
|
replicas: 1
|
||||||
|
endpointRoutes:
|
||||||
|
# -- Enable use of per endpoint routes instead of routing via
|
||||||
|
# the cilium_host interface.
|
||||||
|
enabled: true
|
||||||
|
policyEnforcementMode: never
|
||||||
|
ipam:
|
||||||
|
ciliumNodeUpdateRate: "15s"
|
||||||
|
operator:
|
||||||
|
clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"]
|
32
system/values/coredns.yaml
Normal file
32
system/values/coredns.yaml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
service:
|
||||||
|
clusterIP: 10.43.0.10
|
||||||
|
|
||||||
|
servers:
|
||||||
|
- zones:
|
||||||
|
- zone: .
|
||||||
|
port: 53
|
||||||
|
plugins:
|
||||||
|
- name: errors
|
||||||
|
# Serves a /health endpoint on :8080, required for livenessProbe
|
||||||
|
- name: health
|
||||||
|
configBlock: |-
|
||||||
|
lameduck 5s
|
||||||
|
# Serves a /ready endpoint on :8181, required for readinessProbe
|
||||||
|
- name: ready
|
||||||
|
# Required to query kubernetes API for data
|
||||||
|
- name: kubernetes
|
||||||
|
parameters: cluster.local in-addr.arpa ip6.arpa
|
||||||
|
configBlock: |-
|
||||||
|
pods insecure
|
||||||
|
fallthrough in-addr.arpa ip6.arpa
|
||||||
|
ttl 30
|
||||||
|
# Serves a /metrics endpoint on :9153, required for serviceMonitor
|
||||||
|
- name: prometheus
|
||||||
|
parameters: 0.0.0.0:9153
|
||||||
|
- name: forward
|
||||||
|
parameters: . 1.1.1.1 1.0.0.1
|
||||||
|
- name: cache
|
||||||
|
parameters: 30
|
||||||
|
- name: loop
|
||||||
|
- name: reload
|
||||||
|
- name: loadbalance
|
22
system/values/namespaces.yaml
Normal file
22
system/values/namespaces.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
namespaces:
|
||||||
|
- name: longhorn-system
|
||||||
|
- name: cert-manager
|
||||||
|
- name: minio-service
|
||||||
|
- name: metallb-system
|
||||||
|
- name: reflector-system
|
||||||
|
- name: drone-service
|
||||||
|
- name: argo-system
|
||||||
|
- name: nrodionov-application
|
||||||
|
- name: minecraft-application
|
||||||
|
- name: gitea-service
|
||||||
|
- name: funkwhale-application
|
||||||
|
- name: monitoring-system
|
||||||
|
- name: bitwarden-application
|
||||||
|
- name: database-service
|
||||||
|
- name: mail-service
|
||||||
|
- name: istio-system
|
||||||
|
- name: vaultwarden-application
|
||||||
|
- name: woodpecker-ci
|
||||||
|
- name: openvpn-service
|
||||||
|
- name: tandoor-application
|
||||||
|
- name: badhouseplants-main
|
Reference in New Issue
Block a user