badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Add oauth to MinIO (#35)

Browse Source 
I want to use OAuth everywhere it's possible, so I need to create accounts in gitea only

Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/35
This commit is contained in:
Nikolai Rodionov 2023-03-13 07:41:49 +00:00
parent 1553a906d8
commit db538f7181
4 changed files with 66 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
badhouseplants/helmfile.yaml
View File

@ -46,5 +46,5 @@ bases:
- ../environments.yaml
- ../repositories.yaml
helmfiles:
- namespaces.yaml
#helmfiles:
# - namespaces.yaml

16
badhouseplants/values/secrets.minio.yaml
View File

@ -2,7 +2,17 @@ rootPassword: ENC[AES256_GCM,data:7baD0HwMztU27TymEWp+Ad1s8Zc=,iv:CXiTBEGU1tr99i
users:
- accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str]
secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str]
policy: ENC[AES256_GCM,data:B7CQsSUaq3B/gO/X,iv:Z4DTTXk5TO288lIrjbvXQXsUt44WjvGLMGxXmnEnHGU=,tag:pvK4zoZGBbpithTBYVDKfQ==,type:str]
policy: ENC[AES256_GCM,data:szr/D/u/ng0=,iv:jzm7Q4zdKQpNV0FgJ4jA9CuN7r912ySBJHmxKeQGS2I=,tag:cKarFmhIbBEtslSxOc4mcA==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:lK45+A==,iv:NcoTJPt4XZGRlVRwpsmuI5nu66cGVksQBRAwRval5JY=,tag:kjtPLITQLBOqjF3IaJAL8w==,type:bool]
configUrl: ENC[AES256_GCM,data:ZNVvWPlFPA1xgfysavsEusfxE2ySIM9FYatYqfWPnUrHKMtCxYlrn1ip3nTYL2JHvjM3yltLBNbqWMCGlgtw,iv:p1F2DqCFaKvjYKhMieFytnMuggrec8DmBzDATLTVe+8=,tag:3EtpPSyRlGThov5OcZfV+g==,type:str]
clientId: ENC[AES256_GCM,data:kO7PkjN+5GqZCxChvtbTQb/5zo7nVxfh7MZqbDoJLIKMEfth,iv:ti3Xlc3sRVOVGtxGw/pT5iBy5rBqV2v+MhiNF3Krb9U=,tag:3LUDIkq08zGmvjJtSnE/jA==,type:str]
clientSecret: ENC[AES256_GCM,data:PVe+8SlNrznBiFVNpuQXIcuPkUXyUJ7DObZpRvlgA8JjUHXTy3VY7soyJVBZEMfYbNjSLLcKcWM=,iv:fbh2RcQdPf3jUt2AOI3xp09SSEaWzI4rLGZmlZY46uM=,tag:wvEBkkPsXoQXAP7fN1iDMA==,type:str]
claimName: ENC[AES256_GCM,data:K7IO7TyaAUr4U80Ni5Xt/bma,iv:R8RQLttCNMHpAit+3OQ/STXo7u6xqQ1+RYgGLpJTpn4=,tag:3Wsh7TNnh1V0GrqjF/4Uiw==,type:str]
redirectUri: ENC[AES256_GCM,data:+Q8cNCvslAcO4m7VJwNe/CpEntyHfuHOrHqqtlrDILkfc0IRAA8aSbZwbA2v+So=,iv:GwzNILyqLuAYUQFKbt5WE+VCdOzSTBmGCAHcCAnzxXk=,tag:p9/86/r2DfT1mkQu+aQJfQ==,type:str]
comment: ENC[AES256_GCM,data:TO3kA0i503ZA+EFhKa2AZw==,iv:Cl3NvvgXz71AaCgMl062urNtcBtgk832vtxTs9MJwik=,tag:JwerK2q1L7xMv/NIoWkESw==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:kyewug7Dv2UOcsc8UWe1ssepra8uBW7uYw==,iv:RfQQiwBWWSd9DSgSlYZFwyZy2xaizMuVjeCZAws3ddM=,tag:jnegIPBviRTPi4kwM1jexQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -18,8 +28,8 @@ sops:
NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y
zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-19T20:48:11Z"
mac: ENC[AES256_GCM,data:MTcZ//5+uC+yFp+TmLhqdGIBpcaW96HpfUZeIUZijOffss401/XMOYprIILTPRq2B8kaCW2jp8hkL3oFDxSce0BGeqdRsFOlRL9vbtpyBPTUoGBnr6u/HK1G09zqtlsA/RZTvpBNoKrfdSvoWwoFIjs5oWPbi1f44gkgAl85ENM=,iv:07nSOo1F63sPgadSHtdI9JjtKjH/F9ThFW4sxWVGTxs=,tag:fFOO4sT6EFsAKje5llEUqg==,type:str]
lastmodified: "2023-03-12T10:17:38Z"
mac: ENC[AES256_GCM,data:I6DCLZNMl3LuGif/mDDNKKODZ6O/CSYty0+N60Xw4go2mH9J8/PPX0fEYL0ilRG2VDLuZ86RTiPCwAtUXVrtu1jzlkajbZPytWMpURZk+4m2XxXSDrTHNt6KJglF29DhENCkVXeZ75fHSKOS0yliZ+Q/90Ye18FJSlvVUy6HSfM=,iv:4y4pU0OTK6c2Oj5LvoJALtcn5TJ7OQFNys2swbYkodU=,tag:GSPQ64Ntu/oYnz6BfWXOTg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

47
badhouseplants/values/values.minio.yaml
View File

@ -1,3 +1,4 @@
---
rootUser: 'overlord'
replicas: 1
mode: standalone
@ -24,13 +25,51 @@ resources:
requests:
memory: 2Gi
buckets:
- name: allanger
policy: none
- name: badhouseplants-net
policy: download
purge: false
versioning: true
versioning: false
- name: badhouseplants-net-main
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
policies:
- name: allanger
statements:
- resources:
- 'arn:aws:s3:::*'
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: badhouseplants:owners
statements:
- resources:
- 'arn:aws:s3:::*'
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: badhouseplants
statements:
- resources:
- 'arn:aws:s3:::badhouseplants'
actions:
- "s3:*"
- resources:
- 'arn:aws:s3:::badhouseplants/*'
actions:
- "s3:*"

16
releases.yaml
View File

@ -58,14 +58,14 @@ templates:
metrics-server: &metrics-server
name: metrics-server
chart: metrics-server/metrics-server
version: 3.8.3
version: 3.8.4
values:
- common/values.{{ .Release.Name }}.yaml
cert-manager: &cert-manager
name: cert-manager
chart: jetstack/cert-manager
version: 1.10.1
version: 1.11.0
set:
- name: installCRDs
value: true
@ -79,7 +79,7 @@ templates:
argocd: &argocd
name: argocd
chart: argo/argo-cd
version: 5.23.3
version: 5.25.0
inherit:
- template: default-env-values
- template: default-env-secrets
@ -89,7 +89,7 @@ templates:
istio-common:
labels:
bundle: istio
version: 1.16.1
version: 1.17.1
istio-base: &istio-base
name: istio-base
@ -141,7 +141,7 @@ templates:
nrodionov: &nrodionov
name: nrodionov
chart: bitnami/wordpress
version: 15.2.22
version: 15.2.51
inherit:
- template: default-env-values
- template: default-env-secrets
@ -149,7 +149,7 @@ templates:
minio: &minio
name: minio
chart: minio/minio
version: 5.0.4
version: 5.0.7
inherit:
- template: default-env-values
- template: default-env-secrets
@ -157,14 +157,14 @@ templates:
minecraft: &minecraft
name: minecraft
chart: minecraft-server-charts/minecraft
version: 4.4.0
version: 4.6.0
inherit:
- template: default-env-values
gitea: &gitea
name: gitea
chart: gitea/gitea
version: 7.0.2
version: 7.0.4
inherit:
- template: default-env-values
- template: default-env-secrets