Updates after the disaster recovery

This commit is contained in:
Nikolai Rodionov 2024-02-08 19:58:31 +01:00
parent 9c7e44e757
commit b1f183d712
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
50 changed files with 795 additions and 135 deletions

View File

@ -2,7 +2,6 @@
# -- Check da helm pipeline # -- Check da helm pipeline
# ---------------------------------------------- # ----------------------------------------------
when: when:
- event: push
- event: cron - event: cron
cron: nightly cron: nightly
steps: steps:

View File

@ -1,4 +0,0 @@
create_crb:
kubectl create clusterrolebinding drone-deployer-workaround \
--clusterrole=cluster-admin \
--serviceaccount=drone-service:default

View File

@ -2,6 +2,12 @@
{{ readFile "../releases.yaml" }} {{ readFile "../releases.yaml" }}
releases: releases:
- <<: *namespaces
installed: true
- <<: *coredns
installed: true
- <<: *cilium
installed: true
- <<: *drone - <<: *drone
installed: true installed: true
namespace: drone-service namespace: drone-service
@ -114,7 +120,7 @@ releases:
createNamespace: true createNamespace: true
- <<: *mailu - <<: *mailu
installed: true installed: false
namespace: mailu-application namespace: mailu-application
createNamespace: false createNamespace: false
bases: bases:

View File

@ -1,10 +1,10 @@
djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str] djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
postgresql: postgresql:
auth: auth:
password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str] password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
redis: redis:
auth: auth:
password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str] password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,14 +14,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3 dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5 ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ== nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-31T18:41:30Z" lastmodified: "2024-02-09T09:33:11Z"
mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str] mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -1,23 +1,23 @@
gitea: gitea:
admin: admin:
username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str] username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str]
password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str] password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str]
config: config:
mailer: mailer:
PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str] PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str]
database: database:
PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str] PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str]
session: session:
PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str] PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str]
cache: cache:
HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str] HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str]
queue: queue:
CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str] CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str]
oauth: oauth:
- name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str] - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str]
provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str] provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str]
key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str] key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str]
secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str] secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -27,14 +27,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ
OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5
Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3 TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC
YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X
nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w== RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T18:17:44Z" lastmodified: "2024-02-09T09:32:40Z"
mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str] mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -1,21 +1,21 @@
secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str] secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str]
initialAccount: initialAccount:
enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool] enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool]
username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str] username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str]
domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str] domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str]
password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str] password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str]
postgresql: postgresql:
auth: auth:
password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str] password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str]
postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str] postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str]
secretKeys: secretKeys:
adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str] adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str]
replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str] replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str]
userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str] userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str]
global: global:
database: database:
roundcube: roundcube:
password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str] password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -25,14 +25,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS
Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96 L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu
a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5 Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj
S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9 aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i
wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA== l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-02T07:57:08Z" lastmodified: "2024-02-04T09:30:41Z"
mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str] mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -0,0 +1,10 @@
operator:
replicas: 1
endpointRoutes:
# -- Enable use of per endpoint routes instead of routing via
# the cilium_host interface.
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]

View File

@ -0,0 +1,32 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

View File

@ -1,5 +1,6 @@
service: service:
type: LoadBalancer type: LoadBalancer
externalTrafficPolicy: Local
ports: ports:
- name: minecraft - name: minecraft
port: 25565 port: 25565

View File

@ -19,7 +19,7 @@ istio:
istio: istio:
- name: mailu-web - name: mailu-web
kind: http kind: http
gateway: badhouseplants-net gateway: istio-system/badhouseplants-net
hostname: email.badhouseplants.net hostname: email.badhouseplants.net
service: mailu-front service: mailu-front
port: 80 port: 80
@ -91,7 +91,7 @@ ingress:
selfSigned: false selfSigned: false
existingSecret: mailu-certificate existingSecret: mailu-certificate
realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local
realIpHeader: "X-Forwarded-For" realIpHeader: "X-Envoy-External-Address"
front: front:
hostPort: hostPort:
enabled: false enabled: false

View File

@ -0,0 +1,5 @@
metallb:
enabled: true
ippools:
- name: fuji
addresses: 195.201.249.91-195.201.249.91

View File

@ -1,11 +1,23 @@
--- namespaces:
ns: - name: longhorn-system
- name: cert-manager
- name: minio-service
- name: metallb-system
- name: reflector-system
- name: drone-service
- name: argo-system
- name: nrodionov-application
- name: minecraft-application
- name: gitea-service
- name: funkwhale-application
- name: monitoring-system - name: monitoring-system
templates: - name: bitwarden-application
- | - name: database-service
{{ range .Values.ns }} - name: mail-service
apiVersion: v1 - name: istio-system
kind: Namespace - name: vaultwarden-application
metadata: - name: woodpecker-ci
name: {{ .name }} - name: openvpn-service
{{ end }} - name: tandoor-application
- name: badhouseplants-main
- name: mailu-application

View File

@ -87,6 +87,7 @@ prometheus:
storage: 12Gi storage: 12Gi
grafana: grafana:
assertNoLeakedSecrets: false
persistence: persistence:
enabled: true enabled: true
size: 2Gi size: 2Gi

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,24 @@
apiVersion: v2
name: namespaces
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "namespaces.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "namespaces.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "namespaces.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "namespaces.labels" -}}
helm.sh/chart: {{ include "namespaces.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

View File

@ -0,0 +1,18 @@
{{- if .Values.namespaces }}
{{- range $ns := .Values.namespaces }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ $ns.name }}
labels:
{{- include "namespaces.labels" $ | nindent 4 }}
{{- with $ns.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $ns.annotations}}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,20 @@
namespaces:
- name: giantswarm-flux
labels:
name: giantswarm-flux
- name: giantswarm
labels:
name: giantswarm
- name: monitoring
labels:
name: monitoring
- name: org-giantswarm
labels:
name: org-giantswarm
- name: flux-system
labels:
name: flux-system
- name: flux-giantswarm
labels:
name: flux-giantswarm
- name: policy-exception

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

View File

@ -0,0 +1,5 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

23
charts/root/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/root/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml Normal file
View File

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

View File

@ -0,0 +1,14 @@
---
metallb:
templates:
- |
{{ range .Values.ippools }}
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ .name }}
spec:
addresses:
- {{ .addresses }}
{{ end }}

27
crd.yaml Normal file
View File

@ -0,0 +1,27 @@
templates:
# ---------------------------
# -- Hooks
# ---------------------------
crd-management-hook:
hooks:
- events: ["preapply"]
showlogs: true
command: "sh"
args:
- -c
- |
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|| true
- events: ["prepare"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
- events: ["postuninstall"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"

View File

@ -1,7 +0,0 @@
# Restic
We are using restic for backing up the Minecraft server
## How to restore
TODO: Describe the restoration process

View File

@ -1,21 +1,21 @@
rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str]
users: users:
- accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str]
secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str]
policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str]
- accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str]
secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str]
policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str]
oidc: #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment]
enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment]
configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment]
clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment]
clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment]
claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment]
redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment]
comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment]
claimPrefix: "" #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment]
scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -25,14 +25,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6
QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U
R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX
UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg
vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-04T19:00:41Z" lastmodified: "2024-02-04T08:44:29Z"
mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View File

@ -0,0 +1,5 @@
metallb:
enabled: true
ippools:
- name: etersoft
addresses: 91.232.225.63-91.232.225.63

View File

@ -18,6 +18,16 @@ istio:
hostname: s3.e.badhouseplants.net hostname: s3.e.badhouseplants.net
service: minio service: minio
port: 9000 port: 9000
image:
repository: quay.io/minio/minio
tag: RELEASE.2024-01-11T07-46-16Z-cpuv1
pullPolicy: IfNotPresent
mcImage:
repository: quay.io/minio/mc
tag: RELEASE.2024-01-11T05-49-32Z-cpuv1
pullPolicy: IfNotPresent
rootUser: 'overlord' rootUser: 'overlord'
replicas: 1 replicas: 1
mode: standalone mode: standalone

56
extensions.yaml Normal file
View File

@ -0,0 +1,56 @@
templates:
# ----------------------------
# -- Extensions
# ----------------------------
ext-istio-gateway:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio-gateway
values:
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
ext-istio-resource:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio
values:
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
ext-certificate:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: certificate
values:
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
ext-metallb:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: metallb
values:
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
service-monitor:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: service-monitor
values:
- '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
namespace:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ns
inherit:
- template: default-common-values
- template: default-env-values
ext-database:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'

View File

@ -51,5 +51,10 @@ releases:
namespace: longhorn-system namespace: longhorn-system
createNamespace: false createNamespace: false
- <<: *metallb-resources
installed: true
namespace: metallb-system
createNamespace: false
helmfiles: helmfiles:
- path: {{.Environment.Name }}/helmfile.yaml - path: {{.Environment.Name }}/helmfile.yaml

View File

@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: namespace-manager
subjects:
- kind: User
name: badhousplants
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: namespace-manager
apiGroup: rbac.authorization.k8s.io

View File

@ -1,8 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: namespace-manager
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "watch", "list", "create", "delete"]

View File

@ -14,9 +14,9 @@ metadata:
namespace: debug namespace: debug
spec: spec:
hosts: hosts:
- "httpbin.e.badhouseplants.net" - "httpbin.badhouseplants.net"
gateways: gateways:
- istio-system/e-badhouseplants-net - istio-system/badhouseplants-net
http: http:
- route: - route:
- destination: - destination:

11
manifests/new-ip.yaml Normal file
View File

@ -0,0 +1,11 @@
---
# Source: raw/charts/metallb/templates/resources.yaml
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: etersoft
spec:
addresses:
- 91.232.225.63-91.232.225.63

View File

@ -63,7 +63,13 @@ templates:
alias: certificate alias: certificate
values: values:
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
ext-metallb:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: metallb
values:
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
service-monitor: service-monitor:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw
@ -92,6 +98,14 @@ templates:
# ---------------------------- # ----------------------------
# -- System # -- System
# ---------------------------- # ----------------------------
namespaces: &namespaces
name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
metrics-server: &metrics-server metrics-server: &metrics-server
name: metrics-server name: metrics-server
chart: metrics-server/metrics-server chart: metrics-server/metrics-server
@ -102,12 +116,20 @@ templates:
metallb: &metallb metallb: &metallb
name: metallb name: metallb
chart: metallb/metallb chart: metallb/metallb
version: 0.13.12 version: 0.14.3
metallb-resources: &metallb-resources
name: metallb-resources
chart: bedag/raw
version: 2.0.0
inherit:
- template: ext-metallb
- template: default-env-values
cert-manager: &cert-manager cert-manager: &cert-manager
name: cert-manager name: cert-manager
chart: jetstack/cert-manager chart: jetstack/cert-manager
version: 1.13.3 version: 1.14.1
set: set:
- name: installCRDs - name: installCRDs
value: true value: true
@ -121,7 +143,7 @@ templates:
argocd: &argocd argocd: &argocd
name: argocd name: argocd
chart: argo/argo-cd chart: argo/argo-cd
version: 5.52.1 version: 5.53.13
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -134,7 +156,7 @@ templates:
prometheus: &prometheus prometheus: &prometheus
name: prometheus name: prometheus
chart: prometheus-community/kube-prometheus-stack chart: prometheus-community/kube-prometheus-stack
version: 55.7.0 version: 56.6.1
inherit: inherit:
- template: monitoring-common - template: monitoring-common
- template: default-env-values - template: default-env-values
@ -145,7 +167,7 @@ templates:
loki: &loki loki: &loki
name: loki name: loki
chart: grafana/loki chart: grafana/loki
version: 5.41.5 version: 5.42.2
inherit: inherit:
- template: monitoring-common - template: monitoring-common
- template: default-env-values - template: default-env-values
@ -153,7 +175,7 @@ templates:
promtail: &promtail promtail: &promtail
name: promtail name: promtail
chart: grafana/promtail chart: grafana/promtail
version: 6.15.3 version: 6.15.5
inherit: inherit:
- template: monitoring-common - template: monitoring-common
- template: default-env-values - template: default-env-values
@ -241,7 +263,7 @@ templates:
woodpecker-ci: &woodpecker-ci woodpecker-ci: &woodpecker-ci
name: woodpecker-ci name: woodpecker-ci
chart: woodpecker/woodpecker chart: woodpecker/woodpecker
version: 1.0.3 version: 1.1.1
inherit: inherit:
- template: ext-database - template: ext-database
- template: default-env-values - template: default-env-values
@ -251,7 +273,7 @@ templates:
nrodionov: &nrodionov nrodionov: &nrodionov
name: nrodionov name: nrodionov
chart: bitnami/wordpress chart: bitnami/wordpress
version: 19.0.4 version: 19.2.3
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -261,7 +283,7 @@ templates:
minio: &minio minio: &minio
name: minio name: minio
chart: minio/minio chart: minio/minio
version: 5.0.14 version: 5.0.15
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -279,7 +301,7 @@ templates:
gitea: &gitea gitea: &gitea
name: gitea name: gitea
chart: gitea/gitea chart: gitea/gitea
version: 10.0.2 version: 10.1.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -308,7 +330,7 @@ templates:
redis: &redis redis: &redis
name: redis name: redis
chart: bitnami/redis chart: bitnami/redis
version: 18.6.3 version: 18.12.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -316,7 +338,7 @@ templates:
postgres16: &postgres16 postgres16: &postgres16
name: postgres16 name: postgres16
chart: bitnami/postgresql chart: bitnami/postgresql
version: 13.3.1 version: 14.0.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -324,7 +346,7 @@ templates:
db-operator: &db-operator db-operator: &db-operator
name: db-operator name: db-operator
chart: db-operator/db-operator chart: db-operator/db-operator
version: 1.16.2 version: 1.18.0
db-instances: &db-instances db-instances: &db-instances
name: db-instances name: db-instances
@ -337,7 +359,7 @@ templates:
mysql: &mysql mysql: &mysql
name: mysql name: mysql
chart: bitnami/mysql chart: bitnami/mysql
version: 9.17.1 version: 9.19.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -376,13 +398,29 @@ templates:
- template: ext-istio-resource - template: ext-istio-resource
- template: ext-certificate - template: ext-certificate
tandoor: &tandoor tandoor: &tandoor
name: tandoor name: tandoor
chart: gabe565/tandoor chart: gabe565/tandoor
version: 0.8.11 version: 0.8.12
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource - template: ext-istio-resource
- template: ext-database - template: ext-database
coredns: &coredns
name: coredns
chart: coredns/coredns
version: 1.29.0
namespace: kube-system
inherit:
- template: default-env-values
cilium: &cilium
name: cilium
chart: cilium/cilium
version: 1.14.6
createNamespace: false
namespace: kube-system
inherit:
- template: default-env-values

View File

@ -47,3 +47,7 @@ repositories:
url: https://charts.gabe565.com url: https://charts.gabe565.com
- name: mailu - name: mailu
url: https://mailu.github.io/helm-charts/ url: https://mailu.github.io/helm-charts/
- name: coredns
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/

View File

@ -0,0 +1,10 @@
operator:
replicas: 1
endpointRoutes:
# -- Enable use of per endpoint routes instead of routing via
# the cilium_host interface.
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]

View File

@ -0,0 +1,32 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

View File

@ -0,0 +1,23 @@
namespaces:
- name: longhorn-system
- name: cert-manager
- name: minio-service
- name: metallb-system
- name: reflector-system
- name: drone-service
- name: argo-system
- name: nrodionov-application
- name: minecraft-application
- name: gitea-service
- name: funkwhale-application
- name: monitoring-system
- name: bitwarden-application
- name: database-service
- name: mail-service
- name: istio-system
- name: vaultwarden-application
- name: woodpecker-ci
- name: openvpn-service
- name: tandoor-application
- name: badhouseplants-main
- name: mailu-application

25
templates/crd-hook.yaml Normal file
View File

@ -0,0 +1,25 @@
---
templates:
crd-management-hook:
hooks:
- events: ["preapply"]
showlogs: true
command: "sh"
args:
- -c
- |
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|| true
- events: ["prepare"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
- events: ["postuninstall"]
showlogs: true
command: "sh"
args:
- -c
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"

56
templates/extensions.yaml Normal file
View File

@ -0,0 +1,56 @@
templates:
# ----------------------------
# -- Extensions
# ----------------------------
ext-istio-gateway:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio-gateway
values:
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
ext-istio-resource:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: istio
values:
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
ext-certificate:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: certificate
values:
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
ext-metallb:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: metallb
values:
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
service-monitor:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: service-monitor
values:
- '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
namespace:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ns
inherit:
- template: default-common-values
- template: default-env-values
ext-database:
dependencies:
- chart: bedag/raw
version: 2.0.0
alias: ext-database
values:
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'