Updates after the disaster recovery
This commit is contained in:
parent
9c7e44e757
commit
b1f183d712
@ -2,7 +2,6 @@
|
|||||||
# -- Check da helm pipeline
|
# -- Check da helm pipeline
|
||||||
# ----------------------------------------------
|
# ----------------------------------------------
|
||||||
when:
|
when:
|
||||||
- event: push
|
|
||||||
- event: cron
|
- event: cron
|
||||||
cron: nightly
|
cron: nightly
|
||||||
steps:
|
steps:
|
||||||
|
4
Makefile
4
Makefile
@ -1,4 +0,0 @@
|
|||||||
create_crb:
|
|
||||||
kubectl create clusterrolebinding drone-deployer-workaround \
|
|
||||||
--clusterrole=cluster-admin \
|
|
||||||
--serviceaccount=drone-service:default
|
|
@ -2,6 +2,12 @@
|
|||||||
{{ readFile "../releases.yaml" }}
|
{{ readFile "../releases.yaml" }}
|
||||||
|
|
||||||
releases:
|
releases:
|
||||||
|
- <<: *namespaces
|
||||||
|
installed: true
|
||||||
|
- <<: *coredns
|
||||||
|
installed: true
|
||||||
|
- <<: *cilium
|
||||||
|
installed: true
|
||||||
- <<: *drone
|
- <<: *drone
|
||||||
installed: true
|
installed: true
|
||||||
namespace: drone-service
|
namespace: drone-service
|
||||||
@ -114,7 +120,7 @@ releases:
|
|||||||
createNamespace: true
|
createNamespace: true
|
||||||
|
|
||||||
- <<: *mailu
|
- <<: *mailu
|
||||||
installed: true
|
installed: false
|
||||||
namespace: mailu-application
|
namespace: mailu-application
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
bases:
|
bases:
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str]
|
djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
|
||||||
postgresql:
|
postgresql:
|
||||||
auth:
|
auth:
|
||||||
password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str]
|
password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
|
||||||
redis:
|
redis:
|
||||||
auth:
|
auth:
|
||||||
password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str]
|
password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -14,14 +14,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
|
||||||
NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3
|
dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
|
||||||
Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB
|
SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
|
||||||
ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5
|
ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
|
||||||
M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ==
|
nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-01-31T18:41:30Z"
|
lastmodified: "2024-02-09T09:33:11Z"
|
||||||
mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str]
|
mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
@ -1,23 +1,23 @@
|
|||||||
gitea:
|
gitea:
|
||||||
admin:
|
admin:
|
||||||
username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str]
|
username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str]
|
||||||
password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str]
|
password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str]
|
||||||
config:
|
config:
|
||||||
mailer:
|
mailer:
|
||||||
PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str]
|
PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str]
|
||||||
database:
|
database:
|
||||||
PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str]
|
PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str]
|
||||||
session:
|
session:
|
||||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str]
|
PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str]
|
||||||
cache:
|
cache:
|
||||||
HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str]
|
HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str]
|
||||||
queue:
|
queue:
|
||||||
CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str]
|
CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str]
|
||||||
oauth:
|
oauth:
|
||||||
- name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str]
|
- name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str]
|
||||||
provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str]
|
provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str]
|
||||||
key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str]
|
key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str]
|
||||||
secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str]
|
secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -27,14 +27,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ
|
||||||
OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy
|
M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5
|
||||||
Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3
|
TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC
|
||||||
YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI
|
OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X
|
||||||
nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w==
|
RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-01-30T18:17:44Z"
|
lastmodified: "2024-02-09T09:32:40Z"
|
||||||
mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str]
|
mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
@ -1,21 +1,21 @@
|
|||||||
secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str]
|
secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str]
|
||||||
initialAccount:
|
initialAccount:
|
||||||
enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool]
|
enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool]
|
||||||
username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str]
|
username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str]
|
||||||
domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str]
|
domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str]
|
||||||
password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str]
|
password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str]
|
||||||
postgresql:
|
postgresql:
|
||||||
auth:
|
auth:
|
||||||
password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str]
|
password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str]
|
||||||
postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str]
|
postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str]
|
||||||
secretKeys:
|
secretKeys:
|
||||||
adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str]
|
adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str]
|
||||||
replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str]
|
replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str]
|
||||||
userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str]
|
userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str]
|
||||||
global:
|
global:
|
||||||
database:
|
database:
|
||||||
roundcube:
|
roundcube:
|
||||||
password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str]
|
password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -25,14 +25,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS
|
||||||
Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96
|
L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu
|
||||||
a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5
|
Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj
|
||||||
S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9
|
aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i
|
||||||
wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA==
|
l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-02T07:57:08Z"
|
lastmodified: "2024-02-04T09:30:41Z"
|
||||||
mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str]
|
mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
10
badhouseplants/values/values.cilium.yaml
Normal file
10
badhouseplants/values/values.cilium.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
operator:
|
||||||
|
replicas: 1
|
||||||
|
endpointRoutes:
|
||||||
|
# -- Enable use of per endpoint routes instead of routing via
|
||||||
|
# the cilium_host interface.
|
||||||
|
enabled: true
|
||||||
|
ipam:
|
||||||
|
ciliumNodeUpdateRate: "15s"
|
||||||
|
operator:
|
||||||
|
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]
|
32
badhouseplants/values/values.coredns.yaml
Normal file
32
badhouseplants/values/values.coredns.yaml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
service:
|
||||||
|
clusterIP: 10.43.0.10
|
||||||
|
|
||||||
|
servers:
|
||||||
|
- zones:
|
||||||
|
- zone: .
|
||||||
|
port: 53
|
||||||
|
plugins:
|
||||||
|
- name: errors
|
||||||
|
# Serves a /health endpoint on :8080, required for livenessProbe
|
||||||
|
- name: health
|
||||||
|
configBlock: |-
|
||||||
|
lameduck 5s
|
||||||
|
# Serves a /ready endpoint on :8181, required for readinessProbe
|
||||||
|
- name: ready
|
||||||
|
# Required to query kubernetes API for data
|
||||||
|
- name: kubernetes
|
||||||
|
parameters: cluster.local in-addr.arpa ip6.arpa
|
||||||
|
configBlock: |-
|
||||||
|
pods insecure
|
||||||
|
fallthrough in-addr.arpa ip6.arpa
|
||||||
|
ttl 30
|
||||||
|
# Serves a /metrics endpoint on :9153, required for serviceMonitor
|
||||||
|
- name: prometheus
|
||||||
|
parameters: 0.0.0.0:9153
|
||||||
|
- name: forward
|
||||||
|
parameters: . 1.1.1.1 1.0.0.1
|
||||||
|
- name: cache
|
||||||
|
parameters: 30
|
||||||
|
- name: loop
|
||||||
|
- name: reload
|
||||||
|
- name: loadbalance
|
@ -1,5 +1,6 @@
|
|||||||
service:
|
service:
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
|
externalTrafficPolicy: Local
|
||||||
ports:
|
ports:
|
||||||
- name: minecraft
|
- name: minecraft
|
||||||
port: 25565
|
port: 25565
|
||||||
|
@ -19,7 +19,7 @@ istio:
|
|||||||
istio:
|
istio:
|
||||||
- name: mailu-web
|
- name: mailu-web
|
||||||
kind: http
|
kind: http
|
||||||
gateway: badhouseplants-net
|
gateway: istio-system/badhouseplants-net
|
||||||
hostname: email.badhouseplants.net
|
hostname: email.badhouseplants.net
|
||||||
service: mailu-front
|
service: mailu-front
|
||||||
port: 80
|
port: 80
|
||||||
@ -91,7 +91,7 @@ ingress:
|
|||||||
selfSigned: false
|
selfSigned: false
|
||||||
existingSecret: mailu-certificate
|
existingSecret: mailu-certificate
|
||||||
realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local
|
realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local
|
||||||
realIpHeader: "X-Forwarded-For"
|
realIpHeader: "X-Envoy-External-Address"
|
||||||
front:
|
front:
|
||||||
hostPort:
|
hostPort:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
5
badhouseplants/values/values.metallb-resources.yaml
Normal file
5
badhouseplants/values/values.metallb-resources.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
metallb:
|
||||||
|
enabled: true
|
||||||
|
ippools:
|
||||||
|
- name: fuji
|
||||||
|
addresses: 195.201.249.91-195.201.249.91
|
@ -1,11 +1,23 @@
|
|||||||
---
|
namespaces:
|
||||||
ns:
|
- name: longhorn-system
|
||||||
|
- name: cert-manager
|
||||||
|
- name: minio-service
|
||||||
|
- name: metallb-system
|
||||||
|
- name: reflector-system
|
||||||
|
- name: drone-service
|
||||||
|
- name: argo-system
|
||||||
|
- name: nrodionov-application
|
||||||
|
- name: minecraft-application
|
||||||
|
- name: gitea-service
|
||||||
|
- name: funkwhale-application
|
||||||
- name: monitoring-system
|
- name: monitoring-system
|
||||||
templates:
|
- name: bitwarden-application
|
||||||
- |
|
- name: database-service
|
||||||
{{ range .Values.ns }}
|
- name: mail-service
|
||||||
apiVersion: v1
|
- name: istio-system
|
||||||
kind: Namespace
|
- name: vaultwarden-application
|
||||||
metadata:
|
- name: woodpecker-ci
|
||||||
name: {{ .name }}
|
- name: openvpn-service
|
||||||
{{ end }}
|
- name: tandoor-application
|
||||||
|
- name: badhouseplants-main
|
||||||
|
- name: mailu-application
|
||||||
|
@ -87,6 +87,7 @@ prometheus:
|
|||||||
storage: 12Gi
|
storage: 12Gi
|
||||||
|
|
||||||
grafana:
|
grafana:
|
||||||
|
assertNoLeakedSecrets: false
|
||||||
persistence:
|
persistence:
|
||||||
enabled: true
|
enabled: true
|
||||||
size: 2Gi
|
size: 2Gi
|
||||||
|
23
charts/namespaces/chart/.helmignore
Normal file
23
charts/namespaces/chart/.helmignore
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*.orig
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
24
charts/namespaces/chart/Chart.yaml
Normal file
24
charts/namespaces/chart/Chart.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: namespaces
|
||||||
|
description: A Helm chart for Kubernetes
|
||||||
|
|
||||||
|
# A chart can be either an 'application' or a 'library' chart.
|
||||||
|
#
|
||||||
|
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||||
|
# to be deployed.
|
||||||
|
#
|
||||||
|
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||||
|
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||||
|
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||||
|
type: application
|
||||||
|
|
||||||
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
|
# to the chart and its templates, including the app version.
|
||||||
|
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||||
|
version: 0.1.0
|
||||||
|
|
||||||
|
# This is the version number of the application being deployed. This version number should be
|
||||||
|
# incremented each time you make changes to the application. Versions are not expected to
|
||||||
|
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||||
|
# It is recommended to use it with quotes.
|
||||||
|
appVersion: "1.16.0"
|
43
charts/namespaces/chart/templates/_helpers.tpl
Normal file
43
charts/namespaces/chart/templates/_helpers.tpl
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride }}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||||
|
{{- if contains $name .Release.Name }}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "namespaces.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "namespaces.chart" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
18
charts/namespaces/chart/templates/namespaces.yaml
Normal file
18
charts/namespaces/chart/templates/namespaces.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{{- if .Values.namespaces }}
|
||||||
|
{{- range $ns := .Values.namespaces }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: {{ $ns.name }}
|
||||||
|
labels:
|
||||||
|
{{- include "namespaces.labels" $ | nindent 4 }}
|
||||||
|
{{- with $ns.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with $ns.annotations}}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
20
charts/namespaces/chart/values.yaml
Normal file
20
charts/namespaces/chart/values.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
namespaces:
|
||||||
|
- name: giantswarm-flux
|
||||||
|
labels:
|
||||||
|
name: giantswarm-flux
|
||||||
|
- name: giantswarm
|
||||||
|
labels:
|
||||||
|
name: giantswarm
|
||||||
|
- name: monitoring
|
||||||
|
labels:
|
||||||
|
name: monitoring
|
||||||
|
- name: org-giantswarm
|
||||||
|
labels:
|
||||||
|
name: org-giantswarm
|
||||||
|
- name: flux-system
|
||||||
|
labels:
|
||||||
|
name: flux-system
|
||||||
|
- name: flux-giantswarm
|
||||||
|
labels:
|
||||||
|
name: flux-giantswarm
|
||||||
|
- name: policy-exception
|
6
charts/namespaces/kustomize/flux-system.yml
Normal file
6
charts/namespaces/kustomize/flux-system.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: flux-system
|
||||||
|
labels:
|
||||||
|
name: flux-system
|
6
charts/namespaces/kustomize/giantswarm-flux.yml
Normal file
6
charts/namespaces/kustomize/giantswarm-flux.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: giantswarm-flux
|
||||||
|
labels:
|
||||||
|
name: giantswarm-flux
|
6
charts/namespaces/kustomize/giantswarm.yml
Normal file
6
charts/namespaces/kustomize/giantswarm.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: giantswarm
|
||||||
|
labels:
|
||||||
|
name: giantswarm
|
5
charts/namespaces/kustomize/kustomization.yaml
Normal file
5
charts/namespaces/kustomize/kustomization.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
resources:
|
||||||
|
- ./giantswarm-flux.yml
|
||||||
|
- ./giantswarm.yml
|
||||||
|
- ./monitoring.yml
|
||||||
|
- ./org-giantswarm.yml
|
6
charts/namespaces/kustomize/monitoring.yml
Normal file
6
charts/namespaces/kustomize/monitoring.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: monitoring
|
||||||
|
labels:
|
||||||
|
name: monitoring
|
6
charts/namespaces/kustomize/org-giantswarm.yml
Normal file
6
charts/namespaces/kustomize/org-giantswarm.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: org-giantswarm
|
||||||
|
labels:
|
||||||
|
name: org-giantswarm
|
23
charts/root/.helmignore
Normal file
23
charts/root/.helmignore
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*.orig
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
6
charts/root/Chart.yaml
Normal file
6
charts/root/Chart.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: root
|
||||||
|
description: A Helm chart for Kubernetes
|
||||||
|
type: application
|
||||||
|
version: 0.1.5
|
||||||
|
appVersion: "1.16.0"
|
62
charts/root/templates/_helpers.tpl
Normal file
62
charts/root/templates/_helpers.tpl
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "root.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "root.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride }}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||||
|
{{- if contains $name .Release.Name }}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "root.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "root.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "root.chart" . }}
|
||||||
|
{{ include "root.selectorLabels" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Selector labels
|
||||||
|
*/}}
|
||||||
|
{{- define "root.selectorLabels" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "root.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "root.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
25
charts/root/templates/root.yaml
Normal file
25
charts/root/templates/root.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: root
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
url: {{ .Values.url }}
|
||||||
|
ref:
|
||||||
|
branch: {{ .Values.branch }}
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: root
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
targetNamespace: flux-system
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: root
|
||||||
|
path: "."
|
||||||
|
prune: false
|
||||||
|
timeout: 1m
|
||||||
|
{{- end }}
|
25
charts/root/templates/self.yaml
Normal file
25
charts/root/templates/self.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: GitRepository
|
||||||
|
metadata:
|
||||||
|
name: root-self
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
url: {{ .Values.self.url }}
|
||||||
|
ref:
|
||||||
|
branch: {{ .Values.self.branch }}
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
|
kind: Kustomization
|
||||||
|
metadata:
|
||||||
|
name: root-self
|
||||||
|
spec:
|
||||||
|
interval: 30s
|
||||||
|
targetNamespace: flux-system
|
||||||
|
sourceRef:
|
||||||
|
kind: GitRepository
|
||||||
|
name: root-self
|
||||||
|
path: "."
|
||||||
|
prune: false
|
||||||
|
timeout: 1m
|
||||||
|
{{- end }}
|
5
charts/root/values.yaml
Normal file
5
charts/root/values.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
|
||||||
|
branch: main
|
||||||
|
self:
|
||||||
|
url: git@git.badhouseplants.net:giantswarm/root-config.git
|
||||||
|
branch: master
|
14
common/values.metallb.yaml
Normal file
14
common/values.metallb.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
metallb:
|
||||||
|
templates:
|
||||||
|
- |
|
||||||
|
{{ range .Values.ippools }}
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: IPAddressPool
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
spec:
|
||||||
|
addresses:
|
||||||
|
- {{ .addresses }}
|
||||||
|
{{ end }}
|
27
crd.yaml
Normal file
27
crd.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
templates:
|
||||||
|
# ---------------------------
|
||||||
|
# -- Hooks
|
||||||
|
# ---------------------------
|
||||||
|
crd-management-hook:
|
||||||
|
hooks:
|
||||||
|
- events: ["preapply"]
|
||||||
|
showlogs: true
|
||||||
|
command: "sh"
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|
||||||
|
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|
||||||
|
|| true
|
||||||
|
- events: ["prepare"]
|
||||||
|
showlogs: true
|
||||||
|
command: "sh"
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
|
||||||
|
- events: ["postuninstall"]
|
||||||
|
showlogs: true
|
||||||
|
command: "sh"
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
|
@ -1,7 +0,0 @@
|
|||||||
# Restic
|
|
||||||
|
|
||||||
We are using restic for backing up the Minecraft server
|
|
||||||
|
|
||||||
## How to restore
|
|
||||||
|
|
||||||
TODO: Describe the restoration process
|
|
@ -1,21 +1,21 @@
|
|||||||
rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str]
|
rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str]
|
||||||
users:
|
users:
|
||||||
- accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str]
|
- accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str]
|
||||||
secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str]
|
secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str]
|
||||||
policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str]
|
policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str]
|
||||||
- accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str]
|
- accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str]
|
||||||
secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str]
|
secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str]
|
||||||
policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str]
|
policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str]
|
||||||
oidc:
|
#ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment]
|
||||||
enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool]
|
#ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment]
|
||||||
configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str]
|
#ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment]
|
||||||
clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str]
|
#ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment]
|
||||||
clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str]
|
#ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment]
|
||||||
claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str]
|
#ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment]
|
||||||
redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str]
|
#ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment]
|
||||||
comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str]
|
#ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment]
|
||||||
claimPrefix: ""
|
#ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment]
|
||||||
scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str]
|
#ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -25,14 +25,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6
|
||||||
QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I
|
MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U
|
||||||
R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa
|
SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX
|
||||||
UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
|
ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg
|
||||||
vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
|
mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-11-04T19:00:41Z"
|
lastmodified: "2024-02-04T08:44:29Z"
|
||||||
mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str]
|
mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
5
etersoft/values/values.metallb-resources.yaml
Normal file
5
etersoft/values/values.metallb-resources.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
metallb:
|
||||||
|
enabled: true
|
||||||
|
ippools:
|
||||||
|
- name: etersoft
|
||||||
|
addresses: 91.232.225.63-91.232.225.63
|
@ -18,6 +18,16 @@ istio:
|
|||||||
hostname: s3.e.badhouseplants.net
|
hostname: s3.e.badhouseplants.net
|
||||||
service: minio
|
service: minio
|
||||||
port: 9000
|
port: 9000
|
||||||
|
image:
|
||||||
|
repository: quay.io/minio/minio
|
||||||
|
tag: RELEASE.2024-01-11T07-46-16Z-cpuv1
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
mcImage:
|
||||||
|
repository: quay.io/minio/mc
|
||||||
|
tag: RELEASE.2024-01-11T05-49-32Z-cpuv1
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
rootUser: 'overlord'
|
rootUser: 'overlord'
|
||||||
replicas: 1
|
replicas: 1
|
||||||
mode: standalone
|
mode: standalone
|
||||||
|
56
extensions.yaml
Normal file
56
extensions.yaml
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
templates:
|
||||||
|
# ----------------------------
|
||||||
|
# -- Extensions
|
||||||
|
# ----------------------------
|
||||||
|
ext-istio-gateway:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: istio-gateway
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
||||||
|
|
||||||
|
ext-istio-resource:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: istio
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
|
||||||
|
ext-certificate:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: certificate
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
|
||||||
|
ext-metallb:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: metallb
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
|
||||||
|
service-monitor:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: service-monitor
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
|
||||||
|
namespace:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: ns
|
||||||
|
inherit:
|
||||||
|
- template: default-common-values
|
||||||
|
- template: default-env-values
|
||||||
|
|
||||||
|
ext-database:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: ext-database
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'
|
@ -51,5 +51,10 @@ releases:
|
|||||||
namespace: longhorn-system
|
namespace: longhorn-system
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
|
- <<: *metallb-resources
|
||||||
|
installed: true
|
||||||
|
namespace: metallb-system
|
||||||
|
createNamespace: false
|
||||||
|
|
||||||
helmfiles:
|
helmfiles:
|
||||||
- path: {{.Environment.Name }}/helmfile.yaml
|
- path: {{.Environment.Name }}/helmfile.yaml
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: namespace-manager
|
|
||||||
subjects:
|
|
||||||
- kind: User
|
|
||||||
name: badhousplants
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: namespace-manager
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: namespace-manager
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["namespaces"]
|
|
||||||
verbs: ["get", "watch", "list", "create", "delete"]
|
|
@ -14,9 +14,9 @@ metadata:
|
|||||||
namespace: debug
|
namespace: debug
|
||||||
spec:
|
spec:
|
||||||
hosts:
|
hosts:
|
||||||
- "httpbin.e.badhouseplants.net"
|
- "httpbin.badhouseplants.net"
|
||||||
gateways:
|
gateways:
|
||||||
- istio-system/e-badhouseplants-net
|
- istio-system/badhouseplants-net
|
||||||
http:
|
http:
|
||||||
- route:
|
- route:
|
||||||
- destination:
|
- destination:
|
||||||
|
11
manifests/new-ip.yaml
Normal file
11
manifests/new-ip.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
# Source: raw/charts/metallb/templates/resources.yaml
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: IPAddressPool
|
||||||
|
metadata:
|
||||||
|
name: etersoft
|
||||||
|
spec:
|
||||||
|
addresses:
|
||||||
|
- 91.232.225.63-91.232.225.63
|
||||||
|
|
@ -63,7 +63,13 @@ templates:
|
|||||||
alias: certificate
|
alias: certificate
|
||||||
values:
|
values:
|
||||||
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
|
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
|
||||||
|
ext-metallb:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: metallb
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
|
||||||
service-monitor:
|
service-monitor:
|
||||||
dependencies:
|
dependencies:
|
||||||
- chart: bedag/raw
|
- chart: bedag/raw
|
||||||
@ -92,6 +98,14 @@ templates:
|
|||||||
# ----------------------------
|
# ----------------------------
|
||||||
# -- System
|
# -- System
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
|
namespaces: &namespaces
|
||||||
|
name: namespaces
|
||||||
|
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
|
||||||
|
namespace: kube-public
|
||||||
|
createNamespace: false
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
|
||||||
metrics-server: &metrics-server
|
metrics-server: &metrics-server
|
||||||
name: metrics-server
|
name: metrics-server
|
||||||
chart: metrics-server/metrics-server
|
chart: metrics-server/metrics-server
|
||||||
@ -102,12 +116,20 @@ templates:
|
|||||||
metallb: &metallb
|
metallb: &metallb
|
||||||
name: metallb
|
name: metallb
|
||||||
chart: metallb/metallb
|
chart: metallb/metallb
|
||||||
version: 0.13.12
|
version: 0.14.3
|
||||||
|
|
||||||
|
metallb-resources: &metallb-resources
|
||||||
|
name: metallb-resources
|
||||||
|
chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
inherit:
|
||||||
|
- template: ext-metallb
|
||||||
|
- template: default-env-values
|
||||||
|
|
||||||
cert-manager: &cert-manager
|
cert-manager: &cert-manager
|
||||||
name: cert-manager
|
name: cert-manager
|
||||||
chart: jetstack/cert-manager
|
chart: jetstack/cert-manager
|
||||||
version: 1.13.3
|
version: 1.14.1
|
||||||
set:
|
set:
|
||||||
- name: installCRDs
|
- name: installCRDs
|
||||||
value: true
|
value: true
|
||||||
@ -121,7 +143,7 @@ templates:
|
|||||||
argocd: &argocd
|
argocd: &argocd
|
||||||
name: argocd
|
name: argocd
|
||||||
chart: argo/argo-cd
|
chart: argo/argo-cd
|
||||||
version: 5.52.1
|
version: 5.53.13
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -134,7 +156,7 @@ templates:
|
|||||||
prometheus: &prometheus
|
prometheus: &prometheus
|
||||||
name: prometheus
|
name: prometheus
|
||||||
chart: prometheus-community/kube-prometheus-stack
|
chart: prometheus-community/kube-prometheus-stack
|
||||||
version: 55.7.0
|
version: 56.6.1
|
||||||
inherit:
|
inherit:
|
||||||
- template: monitoring-common
|
- template: monitoring-common
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
@ -145,7 +167,7 @@ templates:
|
|||||||
loki: &loki
|
loki: &loki
|
||||||
name: loki
|
name: loki
|
||||||
chart: grafana/loki
|
chart: grafana/loki
|
||||||
version: 5.41.5
|
version: 5.42.2
|
||||||
inherit:
|
inherit:
|
||||||
- template: monitoring-common
|
- template: monitoring-common
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
@ -153,7 +175,7 @@ templates:
|
|||||||
promtail: &promtail
|
promtail: &promtail
|
||||||
name: promtail
|
name: promtail
|
||||||
chart: grafana/promtail
|
chart: grafana/promtail
|
||||||
version: 6.15.3
|
version: 6.15.5
|
||||||
inherit:
|
inherit:
|
||||||
- template: monitoring-common
|
- template: monitoring-common
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
@ -241,7 +263,7 @@ templates:
|
|||||||
woodpecker-ci: &woodpecker-ci
|
woodpecker-ci: &woodpecker-ci
|
||||||
name: woodpecker-ci
|
name: woodpecker-ci
|
||||||
chart: woodpecker/woodpecker
|
chart: woodpecker/woodpecker
|
||||||
version: 1.0.3
|
version: 1.1.1
|
||||||
inherit:
|
inherit:
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
@ -251,7 +273,7 @@ templates:
|
|||||||
nrodionov: &nrodionov
|
nrodionov: &nrodionov
|
||||||
name: nrodionov
|
name: nrodionov
|
||||||
chart: bitnami/wordpress
|
chart: bitnami/wordpress
|
||||||
version: 19.0.4
|
version: 19.2.3
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -261,7 +283,7 @@ templates:
|
|||||||
minio: &minio
|
minio: &minio
|
||||||
name: minio
|
name: minio
|
||||||
chart: minio/minio
|
chart: minio/minio
|
||||||
version: 5.0.14
|
version: 5.0.15
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -279,7 +301,7 @@ templates:
|
|||||||
gitea: &gitea
|
gitea: &gitea
|
||||||
name: gitea
|
name: gitea
|
||||||
chart: gitea/gitea
|
chart: gitea/gitea
|
||||||
version: 10.0.2
|
version: 10.1.1
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -308,7 +330,7 @@ templates:
|
|||||||
redis: &redis
|
redis: &redis
|
||||||
name: redis
|
name: redis
|
||||||
chart: bitnami/redis
|
chart: bitnami/redis
|
||||||
version: 18.6.3
|
version: 18.12.1
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -316,7 +338,7 @@ templates:
|
|||||||
postgres16: &postgres16
|
postgres16: &postgres16
|
||||||
name: postgres16
|
name: postgres16
|
||||||
chart: bitnami/postgresql
|
chart: bitnami/postgresql
|
||||||
version: 13.3.1
|
version: 14.0.1
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -324,7 +346,7 @@ templates:
|
|||||||
db-operator: &db-operator
|
db-operator: &db-operator
|
||||||
name: db-operator
|
name: db-operator
|
||||||
chart: db-operator/db-operator
|
chart: db-operator/db-operator
|
||||||
version: 1.16.2
|
version: 1.18.0
|
||||||
|
|
||||||
db-instances: &db-instances
|
db-instances: &db-instances
|
||||||
name: db-instances
|
name: db-instances
|
||||||
@ -337,7 +359,7 @@ templates:
|
|||||||
mysql: &mysql
|
mysql: &mysql
|
||||||
name: mysql
|
name: mysql
|
||||||
chart: bitnami/mysql
|
chart: bitnami/mysql
|
||||||
version: 9.17.1
|
version: 9.19.1
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -376,13 +398,29 @@ templates:
|
|||||||
- template: ext-istio-resource
|
- template: ext-istio-resource
|
||||||
- template: ext-certificate
|
- template: ext-certificate
|
||||||
|
|
||||||
|
|
||||||
tandoor: &tandoor
|
tandoor: &tandoor
|
||||||
name: tandoor
|
name: tandoor
|
||||||
chart: gabe565/tandoor
|
chart: gabe565/tandoor
|
||||||
version: 0.8.11
|
version: 0.8.12
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
- template: ext-istio-resource
|
- template: ext-istio-resource
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
|
|
||||||
|
coredns: &coredns
|
||||||
|
name: coredns
|
||||||
|
chart: coredns/coredns
|
||||||
|
version: 1.29.0
|
||||||
|
namespace: kube-system
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
|
||||||
|
cilium: &cilium
|
||||||
|
name: cilium
|
||||||
|
chart: cilium/cilium
|
||||||
|
version: 1.14.6
|
||||||
|
createNamespace: false
|
||||||
|
namespace: kube-system
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
@ -47,3 +47,7 @@ repositories:
|
|||||||
url: https://charts.gabe565.com
|
url: https://charts.gabe565.com
|
||||||
- name: mailu
|
- name: mailu
|
||||||
url: https://mailu.github.io/helm-charts/
|
url: https://mailu.github.io/helm-charts/
|
||||||
|
- name: coredns
|
||||||
|
url: https://coredns.github.io/helm
|
||||||
|
- name: cilium
|
||||||
|
url: https://helm.cilium.io/
|
||||||
|
10
system/values/values.cilium.yaml
Normal file
10
system/values/values.cilium.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
operator:
|
||||||
|
replicas: 1
|
||||||
|
endpointRoutes:
|
||||||
|
# -- Enable use of per endpoint routes instead of routing via
|
||||||
|
# the cilium_host interface.
|
||||||
|
enabled: true
|
||||||
|
ipam:
|
||||||
|
ciliumNodeUpdateRate: "15s"
|
||||||
|
operator:
|
||||||
|
clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]
|
32
system/values/values.coredns.yaml
Normal file
32
system/values/values.coredns.yaml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
service:
|
||||||
|
clusterIP: 10.43.0.10
|
||||||
|
|
||||||
|
servers:
|
||||||
|
- zones:
|
||||||
|
- zone: .
|
||||||
|
port: 53
|
||||||
|
plugins:
|
||||||
|
- name: errors
|
||||||
|
# Serves a /health endpoint on :8080, required for livenessProbe
|
||||||
|
- name: health
|
||||||
|
configBlock: |-
|
||||||
|
lameduck 5s
|
||||||
|
# Serves a /ready endpoint on :8181, required for readinessProbe
|
||||||
|
- name: ready
|
||||||
|
# Required to query kubernetes API for data
|
||||||
|
- name: kubernetes
|
||||||
|
parameters: cluster.local in-addr.arpa ip6.arpa
|
||||||
|
configBlock: |-
|
||||||
|
pods insecure
|
||||||
|
fallthrough in-addr.arpa ip6.arpa
|
||||||
|
ttl 30
|
||||||
|
# Serves a /metrics endpoint on :9153, required for serviceMonitor
|
||||||
|
- name: prometheus
|
||||||
|
parameters: 0.0.0.0:9153
|
||||||
|
- name: forward
|
||||||
|
parameters: . 1.1.1.1 1.0.0.1
|
||||||
|
- name: cache
|
||||||
|
parameters: 30
|
||||||
|
- name: loop
|
||||||
|
- name: reload
|
||||||
|
- name: loadbalance
|
23
system/values/values.namespaces.yaml
Normal file
23
system/values/values.namespaces.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
namespaces:
|
||||||
|
- name: longhorn-system
|
||||||
|
- name: cert-manager
|
||||||
|
- name: minio-service
|
||||||
|
- name: metallb-system
|
||||||
|
- name: reflector-system
|
||||||
|
- name: drone-service
|
||||||
|
- name: argo-system
|
||||||
|
- name: nrodionov-application
|
||||||
|
- name: minecraft-application
|
||||||
|
- name: gitea-service
|
||||||
|
- name: funkwhale-application
|
||||||
|
- name: monitoring-system
|
||||||
|
- name: bitwarden-application
|
||||||
|
- name: database-service
|
||||||
|
- name: mail-service
|
||||||
|
- name: istio-system
|
||||||
|
- name: vaultwarden-application
|
||||||
|
- name: woodpecker-ci
|
||||||
|
- name: openvpn-service
|
||||||
|
- name: tandoor-application
|
||||||
|
- name: badhouseplants-main
|
||||||
|
- name: mailu-application
|
25
templates/crd-hook.yaml
Normal file
25
templates/crd-hook.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
templates:
|
||||||
|
crd-management-hook:
|
||||||
|
hooks:
|
||||||
|
- events: ["preapply"]
|
||||||
|
showlogs: true
|
||||||
|
command: "sh"
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \
|
||||||
|
|| helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \
|
||||||
|
|| true
|
||||||
|
- events: ["prepare"]
|
||||||
|
showlogs: true
|
||||||
|
command: "sh"
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
|
||||||
|
- events: ["postuninstall"]
|
||||||
|
showlogs: true
|
||||||
|
command: "sh"
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
|
56
templates/extensions.yaml
Normal file
56
templates/extensions.yaml
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
templates:
|
||||||
|
# ----------------------------
|
||||||
|
# -- Extensions
|
||||||
|
# ----------------------------
|
||||||
|
ext-istio-gateway:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: istio-gateway
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
|
||||||
|
|
||||||
|
ext-istio-resource:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: istio
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
|
||||||
|
ext-certificate:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: certificate
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
|
||||||
|
ext-metallb:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: metallb
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
|
||||||
|
service-monitor:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: service-monitor
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
|
||||||
|
namespace:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: ns
|
||||||
|
inherit:
|
||||||
|
- template: default-common-values
|
||||||
|
- template: default-env-values
|
||||||
|
|
||||||
|
ext-database:
|
||||||
|
dependencies:
|
||||||
|
- chart: bedag/raw
|
||||||
|
version: 2.0.0
|
||||||
|
alias: ext-database
|
||||||
|
values:
|
||||||
|
- '{{ requiredEnv "PWD" }}/common/values.database.yaml'
|
Reference in New Issue
Block a user