Compare commits
2 Commits
main
...
try-argo-a
Author | SHA1 | Date | |
---|---|---|---|
06c11576f5 | |||
60e57f3b45 |
@ -2,6 +2,15 @@
|
|||||||
{{ readFile "../releases.yaml" }}
|
{{ readFile "../releases.yaml" }}
|
||||||
|
|
||||||
releases:
|
releases:
|
||||||
|
- <<: *istio-base
|
||||||
|
installed: false
|
||||||
|
namespace: istio-system
|
||||||
|
createNamespace: false
|
||||||
|
|
||||||
|
- <<: *istiod
|
||||||
|
installed: false
|
||||||
|
namespace: istio-system
|
||||||
|
createNamespace: false
|
||||||
- <<: *namespaces
|
- <<: *namespaces
|
||||||
installed: true
|
installed: true
|
||||||
- <<: *roles
|
- <<: *roles
|
||||||
@ -10,9 +19,9 @@ releases:
|
|||||||
installed: true
|
installed: true
|
||||||
- <<: *cilium
|
- <<: *cilium
|
||||||
installed: true
|
installed: true
|
||||||
|
- <<: *authentik
|
||||||
- <<: *local-path-provisioner
|
- <<: *local-path-provisioner
|
||||||
|
- <<: *mailu
|
||||||
- <<: *zot
|
- <<: *zot
|
||||||
installed: true
|
installed: true
|
||||||
- <<: *keel
|
- <<: *keel
|
||||||
@ -20,7 +29,7 @@ releases:
|
|||||||
|
|
||||||
- <<: *argocd
|
- <<: *argocd
|
||||||
installed: true
|
installed: true
|
||||||
namespace: argo-system
|
namespace: platform
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *nrodionov
|
- <<: *nrodionov
|
||||||
@ -30,7 +39,7 @@ releases:
|
|||||||
|
|
||||||
- <<: *gitea
|
- <<: *gitea
|
||||||
installed: true
|
installed: true
|
||||||
namespace: gitea-service
|
namespace: applications
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *funkwhale
|
- <<: *funkwhale
|
||||||
@ -53,6 +62,9 @@ releases:
|
|||||||
namespace: database-service
|
namespace: database-service
|
||||||
createNamespace: true
|
createNamespace: true
|
||||||
|
|
||||||
|
- <<: *postgres16-gitea
|
||||||
|
namespace: databases
|
||||||
|
createNamespace: false
|
||||||
- <<: *db-operator
|
- <<: *db-operator
|
||||||
installed: true
|
installed: true
|
||||||
namespace: database-service
|
namespace: database-service
|
||||||
@ -70,7 +82,7 @@ releases:
|
|||||||
|
|
||||||
- <<: *woodpecker-ci
|
- <<: *woodpecker-ci
|
||||||
installed: true
|
installed: true
|
||||||
namespace: woodpecker-ci
|
namespace: platform
|
||||||
createNamespace: true
|
createNamespace: true
|
||||||
|
|
||||||
- <<: *vaultwarden
|
- <<: *vaultwarden
|
||||||
@ -89,15 +101,10 @@ releases:
|
|||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *docker-mailserver
|
- <<: *docker-mailserver
|
||||||
installed: true
|
installed: false
|
||||||
namespace: applications
|
namespace: applications
|
||||||
createNamespace: true
|
createNamespace: true
|
||||||
|
|
||||||
- <<: *mailu
|
|
||||||
installed: false
|
|
||||||
namespace: mailu-application
|
|
||||||
createNamespace: false
|
|
||||||
|
|
||||||
- <<: *longhorn
|
- <<: *longhorn
|
||||||
installed: true
|
installed: true
|
||||||
namespace: longhorn-system
|
namespace: longhorn-system
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
configs:
|
configs:
|
||||||
cm:
|
cm:
|
||||||
dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str]
|
dex.config: ENC[AES256_GCM,data:LCLzkdGS1CqPGPCpkf/Zqqk046aUlc1fiptooZnHN6qlJaSa18O2I6/t2sCZ+4V/5nkX5jX8EYpQ+S5gzqwnVdCfmgLNZMXHMM6MtRRvlX3sBxygT8KfQQN/aPb2A/n/sebDYV5P5ykzNAzbGLjJ5fc6Nz/QJTaPIBvHrez5VQZY3NBkP4fXb8gRYD3yw9mA4V0wXlW2sDlPmvnGMcj/RTvJGWhbtX/pWMSaLHBPoAR7wp/sTUDzkcRSvfANimzyXe8B5Zz+Xgo4bUV9T8lr5+rdxAYOlP0deg2lBR7mXr86JqVhLZp2Y8v6DNO3MgBmXzpbkIhg8hc7Tbe6I5+mqIZpIc7YPFJM7DhOB+QFAa3WHhcdwGcIkcECNipMcYDu0KBA1CSLlyVgsQLHPTubEp/8/0kC9HkZt+63dIlmR4IEnGVmUPMYmwym5Palsl3BN1LrTsA4WRIJwG4Ac4jUNCZiNF8rQu7CPa9a/mf+6NdVSJ/L9Gt1THnkzbN8xGK0CyEHWmrJ1drzC61SCfXIHxWMQn9NOegOtBkqjo6AE8KdmBmpqYqZW70t9iWFUN/wjfgwmNSM+JgUOE0s8A0B7oP+YS2gqQvbCmcP5CoPhtFwV4oNj+ZY+0dRjMF0EIh3pTsZUJhMuOK7W/fV3DpNGf7mT0WcrHd3nsgvbu+sijuM9I7ljvBGYJegvva8YP1g6OjJLckvC/nFt8Acfsqb6TaJhsEvpEQgg84Mn9vniW5zNhpIitkQVZ/DjZ0+cw5B8hWWZ65w66Xu0H4IR0RjEyuC8rDjEvdvBlKC22HiBoJvfASBlBrokIxj6YTp6je+xo7FOctmZfMOqm/yeydHJlR3z6NAY1tTnvn8VzLtXqFjwwC8wIoC944HnpZniXc1OAuIH1InIlSm9UC8eP29szuWufwPdInX2W3lE4bcJlmDMk1XxhA3dgh+HBNtZlSOuoG6ZkW/TinWHTx1GWqZ9nXNYbCptBdwCljc2TAmZzW37ZfovnYin5vaPUZQEX4Zq5fuF3YHHediwiVDbLAV2E+P0h2L4qWLFSEDzTXuI+/jsLN2a9TbuDEGBMZ5LL9tk+7A026Hw7yqkNiCjh7sIQ4OmQaIjPAeuKAUBY4jLomLCQOQfDdBbB7XLtpOJPwnM2EW1QVCPKC+WDHG+cv6ha4a4L0zsbS6VJvngfl2YKtZJrzrorBtH/enQuE/PPEal4eBrZ6DDuh0VKmnQbu4mdnrHc+06mMdBEEft3k+D5IoFUgEROoWFQ3DeY11gYCXzt0XMxYBs31S4jdbRmIe7kXsZmtZZPk=,iv:FwR1dU7UqgS9aqpNej3SbBnpAR5bqTwqxrn8SaowZrE=,tag:DlPZlqrfUKfpCZMz4/r1MQ==,type:str]
|
||||||
credentialTemplates:
|
credentialTemplates:
|
||||||
ssh-creds:
|
ssh-creds:
|
||||||
sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str]
|
sshPrivateKey: ENC[AES256_GCM,data:eC93yjQa8Id4Ub69bS5P3MlLKKgt9ZJCIT4vEIsW8yBrq+zvhGmf/sNBL/wmX+mSdxgGpbEuC75Oo0pHZMx7NFgifOIAqbdeSMBj4mw3pJqK4GLPxbEQ4sn07cs/AR1/pvbzPO18cwzrTEgKQdat2RGqJJWNmw/YcWQ9uUGYGyYIK81Mbz28QaeK9SaMAYRPB0Awh/liMVL1oOm1dTsn5BAUvEA7Co0NIcK0CkemKeBUq+WGJDKfmiApa6sWek1F4UB7wbhUR9el2zd2P0TPnuO4HO+B6tRSupQ7honmWFRKkRuC/og6xklTU1W9V/6sRAgG/raHlNwcmWozLrf3TGYSuYWWKQjabvQ9DiKsqcMyMmpisd3H9zkI+GQE0d2ORGTInf8KU6iLaLAzNeO6k1OVkrIw0EMN0fP6hN3bHT7aCHLZwFYkJoWLlRo15MNxNvaut2uCrbt9bN/vlmELLMgUX+7p+xtFhmRngZ8dZ1jO2Geqv3osCPOgspvqOOhvRwomfWxyzonpZTVe6JdH6VO7SV40G0vycMPK4WoqTcoLF845DV0TtdaSdyNea9FK6VDfj7+B2251Sqohs7eu1LlWKvO/58isZvLcCnn2HsTbcvnyJQBnTlwrpmB5U7T1rMINs8qer73eo/GpxoSMuYCcJpjdQCdcADgpIqCN9nWj6A2iidk5QqaHaXGUnV5TsNOmu65/DBgCU7WVqRIiUFC3nPzeALgBscmMCrqYJFB8UushleJsvq9yj9xXlhbYFCp2kmx0kMQG7R8dr0pjDePeVYnqjd8kxaVsQNfsHLohoxIjAHFfekDSnApQju07jPHngODe1SDqc5pxXJ1b1Nonefz80ZZhfFXcCEoUb3Njgr2OIftaeBP0EbOa28OheFxXIPm63d5WsolDPpfX2TiiQfFhxpcAzzHXSdweJfUAjes5AARCoJ0HD66qMkZ8QfbTHJQgBTOH6fqdlJJv2OdaTMhsEA9YZEF9xKdczME1qrCgNJvQdGYid7+uSzHIZyU/c4gxW7BZJdtVZzE0my2DgVYpvj3yhSz94wAUUMUOW1lJLde4zbXpgy+WY2WS4dhlvN9tBBRUgnvrBLizJCXUB75DqABYdkmyjx6STWZB42f2r2o5FasvDcjpsTjgjlujN/eTYTllRTAHlzBIE3BNsl/8w3S82eJX0VqqLvvSokRWplbPsTeoaChNhJdlbLDqVUprRLkU7C6zg7EvFYxiKnZ3KsbtL/0cLbWps7B0Oz9W9Kz2QXK7DYQy5PFovRJvrspdqPI4R4FhtggXvy8Cvj3cb6FS1h8y9d+Uf9JYGB+FvXvcr2b+ZWCEKINvArJ7Aeg7Thd5/9ptTaAxXzUG6QEWajigA5jYahDPSAEv3nLnaTS/YOCstR/uhsyTvi2ggrP2S7LN/l8Sbw1pFVdH+E1JcrVE+MP8+KQtkXLB4ggfVYC6w3OG0zNjOYsy402bLjsdz8SDgXJAedb3B097ODkHt/ZFkH70C3MOTWFrREAnQ3W2TlffJtMYfwG+6uenxu5mQ49kXQIu5qN4NzVKYuK+ly/KWAlC53ldxOeS17EjcKdqptpPadJsysm/jwX/9BFbalYcKSRgHb04pFsaL+AtSEGneqjPQBs2Z1ab7IAwEfw67aR9x7+m8FKmtkpaBzATWyf2OL0aL6dYCZ8B/Fagr9tUXWNsROBeChhiBXp+S/1JK4rsIdUEM2UleIJSjNooSJBHsz24NddfhgeTczawCSeL81OkQy1Qav770IDdFI3kNx2nKsg9d+0si+00e9JczvyaWuwgd4nJdtLevcY87/m0qgpedmyz4GPhOydvY3/07J7NWJ7vGLUqBVsbGqLqqdnXZM0z2DLYrCtwmpv0HuLZbljwsbVm2nQHvhjHrxD43MW1DN22zpAWq08hed+z1E9hBXlo/MCsltXkdW93rb440Zu4HTsPET5P1ZO+gNNIqb0oDMMLj/9WKLUospTR0S73xhRUx8CQF+PP6MP0EO0KeCoz26rY342YPkohAjKWCBhqo/6YkyQMv8VhAfF7QU74AG0F3oyPU1mMnOWavdB27nxFbsBfyVV0ccbmba2+huQmv3Hur+wEjAzHlHdESEbYQLk7efbIzh8zjiHiFHuCY1yvWoiSv0mqipTdqL1bN1yDckidSkZCzny2+PmB3rYdKiyBBmNBWwhFAAWO7EHx1N4D7tZg88pDEZNKQuUsoL1Fi5L+LQX5Y0Wm85v5R/w4OV0QSfkaU4Y1WhVAGlFjjJeDWm6f9jekYAhEL2R9bNcGOS4x17mhp735H9Ukr5lC6Iqa3r+TMaSfHdqPGqXeqpDFsBcja2LyafpiuH5fYOMiQqjRWPy1/1ASWTL/9osN+ZSD9z5cJ+qBDO15VG4DBeRAVU8415wnQf67FM8PD8HbNzdV1wAHY/wNMKbonFoLm9zn3fRDNIeb9HMynXK8i0cxlogRh4OSnysPLawJzmJyBxsiuBoUzw5dMpfrp79UOTmuRutDvtgKkQyR6Ko6qmAPUYnTLvrTSWY9uH7VLXpgwBfKZ+++Tdfo1p+cl1TObBYX4NYywFLy0HO2+I7YRse7MyrVEzEn/vE03E6rWmY/oTuNBREsH9vuJl9rPdiP9KEVL6uoRvsC2wQ6e5ar0TcUyMr96s3MtNTR9ZgXuKqoZrs38+4DTpV0rUhdVXtGKLE+OUH3+yVD+AcCFZ0/CuUz1FDlRdYCrPRD+cWlxKVCrS4aNV1KmdNl5DBE/G4gdf9u4MQoiTItJ6tX22eugJ6/EY366HR+vvh3u5NjhW8uG0KHMtjzSV75uxNC/1v5qeh90oaL+bKKgHBKHbs8zQX4o8Vf6m6zjQOCnPSyWFLVrQciXCDqjVafdI/SLCNxDKfTe0ZQLVzkNcjNK3S7H63E5jq5swPKB8npoZ3atscHgaa46wQgo4QumZdczDxzB/aMmTPpOB4cHydwTSy91Iv6QqjuWxaUdqCNrzMquo5HPKB5IdcsTpeW7iO403Qr/xhB3/eNPWU6LfjWN+hjnTdwt//8B6mOIYSuXY/OguR1XzabcxhqV9XDzuS6qE0iX0+FrZjuoBIdbZGs7hmDtG12/OITOciqcfeVU208SNx5/ROTiJx6XBrIcPdTsKAR2TIq6JG9P35cme9kSuEnJFjBDmvlD267arJ+LV+3MUZmt1qZriRfP4tmdlmkQ59s8QfZVW/L7s5DSWUFgXCpNn6Lazdejj3Ywun1bo62tM3DHcSUdDh3kfskiHEJ1lAuEZtFDJ8EPLMQ1eocowaKAiUJwod8ROih6G6S1qEifOCB1ns67CpQ/flfn3fBKtGiYvKb0993i5PLYuM5Aqs/9vo6QgKc8LHQuKLbNREs/Lvae6jLtzanNjSFIdITOAr1Ktlhp0ZzhnD/tvgkBex3Kx7u7Izlz90nvpG0hw8siXuRNfQTu6zyN+CmxXTS3SJPlQ==,iv:Azu/spL2e3S8phNkdvub23q5EGC32VLNtkbLHfzFRJ8=,tag:YyaUvje5hIf+GqCmjPubfQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -13,14 +13,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbTJ4Q2lkWnp2Um5ZYjVZ
|
||||||
MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0
|
SjRmU1g2SVd6NCtMZEkyL2hHemlBSGhlMGh3ClVUckVtM3dlYU1IYXNSdVV2Ymd2
|
||||||
V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3
|
U0FSQlJvUkthclRFWnB4ck9FY0lKdVEKLS0tIGZQT1c5VTZEWExGZ3duZEI3cExC
|
||||||
THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4
|
RDA2Rzl4eG5UdVNKRFpFMThtNnl2aE0K7IaaTNZIGTTdck/xPGGYYdZTZBEzGZ3U
|
||||||
DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA==
|
iAZLLL+Aons4oSO2NRL7P/Bxx9n6eyXQsYVzo+FkM/Wzz3ReiKaVjA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-22T23:43:36Z"
|
lastmodified: "2024-06-27T15:57:41Z"
|
||||||
mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str]
|
mac: ENC[AES256_GCM,data:OlIN1jNrcc3MWjaeD4IWUYJi+PA+RDf+KgD3XnttSPPqXX7iBwV0tSpoZ4tXsJSfAGzXTauOC3goFWH/uPHDJVyxFt0SrB0+sW4/YN7MPPzxmYo63XkEgA/3fmMSpZkUEitTwZOUGhSVWgHwBXJ6UGGZ0yRqb47w8VlVlbOt6zg=,iv:eZWX5LFA5E0aGCkTuwUbC5hWrzE9LW2ejR7amXsIAEo=,tag:xcUwqLpeS0wtrWmw+D2oWQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
24
badhouseplants/values/secrets.authentik.yaml
Normal file
24
badhouseplants/values/secrets.authentik.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
authentik:
|
||||||
|
email:
|
||||||
|
password: ENC[AES256_GCM,data:j5JFI7KqO2dOjl0xi4KhvnF04tc=,iv:/YH+XId24X69lRXrp73ZhKGOcuEtXn/ZvqlJwMTgdRk=,tag:YBh/slhCstFpXxE4y05Viw==,type:str]
|
||||||
|
secret_key: ENC[AES256_GCM,data:zbs2HX75h3rITd/JRPVa60AhrWgDp/syWFttnadRyDJFFM4/6YFOUhJNcGGQis6Tz5Q=,iv:1iYOTqBU3WHNPBa5TpSwi6+h6IT8Joc6Z4c2UKY7xQ8=,tag:DcRfBP69i17zKFobMA3WFQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGK0hPSEY4d3N4QS9aM0h3
|
||||||
|
NXRYZ1BMdXozVzdJWmlzWnIySXBwcHVrVUhrClgvRENGTHdJMnVsTjdSN2NseUtT
|
||||||
|
cjJ0emRObHdXTUhDejhhVEI1U0xvNlkKLS0tIHh2NGhzbGZDMm9ObDVxN1NYYS9u
|
||||||
|
WlhXbFVQbFZUNFlGWEhoVktxUXRuZUUKJNSS+vhG5McKrxvqCIT9dGivcReZOud7
|
||||||
|
HEReDoZcf0+7c4JgnrcT0AvvTR5fHPnfveTkwHym3LHMYbZnIPueig==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-30T18:36:34Z"
|
||||||
|
mac: ENC[AES256_GCM,data:djXTiatawc1OuJ5VqfbR8wS2xKrvVZigGLyQa7tx6/zbgcP2yLQJvcYeZj6zHhQasFzaiNbD05Qz+9Td0ysxZuAnajQ+CaulnIOhy/FhaiiQFtqFTR7xEsFIiUBxTPEJkhVNlKTxzjJ1AX2dagiov75otC6jbueQqYTXaGGcdko=,iv:oWbWTUqlM1zQ7zfC5FZkNJJ8RxvM9+fvTWobgJCmLQE=,tag:7Jb9XBBq1OI0ghqOqxiJJA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
@ -1,8 +1,12 @@
|
|||||||
dbinstances:
|
dbinstances:
|
||||||
|
postgres16-gitea:
|
||||||
|
secrets:
|
||||||
|
adminUser: ENC[AES256_GCM,data:vMINVc9s2Es=,iv:Ry5so0+WPntFh6c3nMojw5b4vONdq+Ys5F7256psGaw=,tag:YbWaWwZ5SiYMOSXQ9n9t8A==,type:str]
|
||||||
|
adminPassword: ENC[AES256_GCM,data:xqlIJgMylef69LEC1M8s16UPCnaPlZuokO+rBPWC11ruBEkBD2FHOEvkCMsGcnPldmQ=,iv:WBO4LFIFGU8q9rWxFYdUac650QxOfmOT0b0PmOsdVZU=,tag:QpFfVINvBkrWW0+pPyj6Og==,type:str]
|
||||||
postgres16:
|
postgres16:
|
||||||
secrets:
|
secrets:
|
||||||
adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str]
|
adminUser: ENC[AES256_GCM,data:NsrkusJt+1c=,iv:MA8vXZRhOeO8XilEgpwiqvoJbNjghTcl4CJmHE5mjR0=,tag:awYDx0rT2HCIm6zDvG5L4w==,type:str]
|
||||||
adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str]
|
adminPassword: ENC[AES256_GCM,data:cgEW0YTi5MRgGEVAfCvRjPmzLtzy,iv:I7+VS6pZGUrd9To8+eX7EoIoQg099kaYeWXMXKfkS50=,tag:n9LgvnvSa3JjyB+gwT3lQw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -12,14 +16,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSG10ditaUG8rTlhaVUhs
|
||||||
RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx
|
cXJHQ2JXaW9IalZHN21ZZGQrZzZ1T1FOWlRRCkZOc2JmNDh5M3YzSXNTa3R2U2hj
|
||||||
Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho
|
ckVRVklsRlh1RlFES3JDdjBPSkxVN2sKLS0tIHVzL2VQbnFnUklyamNvN1VmUW5W
|
||||||
d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq
|
d0xSNVM5OWxzbW9YRUE1ZEhZZ3dtR1EKI01GcMKUlu6mU237nGipXghGB/sduRjn
|
||||||
Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg==
|
AKpwYgh9IN55ZrDRUsZOHBkded5IlQAwcmbJIjxJi1Ce5XMSQnKF4Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-17T01:05:06Z"
|
lastmodified: "2024-06-28T15:55:32Z"
|
||||||
mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str]
|
mac: ENC[AES256_GCM,data:reAQfZlF8N/0BiMFe0ayCzNmHTpPECKSdpTKACA4MFbCu7BHoPJjnn+rOwvonIGoZE2BVQx4pyKjWSLkRyog9EBg2/5VMh+jm5VjgrK5ztbK1RpSQV5pnQaQXDgT7VFAx1WYpg+gfgO2JxA5vHgvRlarjzPp0AJdoo3MmvCoHBg=,iv:S2f8fqMGq76dsGUK4fYLTWcFdv2mMq580Lih79Rfc68=,tag:fOvKeOl/sMFb9bQhHy/GeA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
@ -1,23 +1,23 @@
|
|||||||
gitea:
|
gitea:
|
||||||
admin:
|
admin:
|
||||||
username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str]
|
username: ENC[AES256_GCM,data:rcTmdLge12Q=,iv:NI5oBD3KpfrHmqy4YAfjf2Zw+NJxhqXnFlxy+Ht+TIg=,tag:i58IbKkc/RKQdsESQToCHg==,type:str]
|
||||||
password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str]
|
password: ENC[AES256_GCM,data:RJ4jO8+d5zR4s/7QNzw3IdEZw6Q=,iv:e/Uuth+rdWYLxQhdDaKiLV9eGyDh3c2o6ObHsnUT6FQ=,tag:cE/ZNadxTTRt/XW9oYMfaQ==,type:str]
|
||||||
config:
|
config:
|
||||||
mailer:
|
mailer:
|
||||||
PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str]
|
PASSWD: ENC[AES256_GCM,data:vxpdjf8RmLzi9sfAAl6rWXR9B+A=,iv:n+Yc4d8NJBHx26PSXoI/LMFXlXzWalNuRmNKeV3bPB0=,tag:KTpMNFB8DKneRhWdlG8pEw==,type:str]
|
||||||
database:
|
database:
|
||||||
PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str]
|
PASSWD: ENC[AES256_GCM,data:Lfhx3j4Q1i9srZ8yQ9PwuOCQz/0q2qo=,iv:MW6XyuG4L/2KjuK5glWMF9nYBlbsAHn0NJqlR0le+Lk=,tag:N3ZBuovYISutMY8SIfvwbg==,type:str]
|
||||||
session:
|
session:
|
||||||
PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str]
|
PROVIDER_CONFIG: ENC[AES256_GCM,data:oocuP9ddSMRKvsdWKsuc++yNwyy2g4jxhfYSHmXFlE8DB4YN2hcnR8cADunwjr+dmdbUsuazzasCGVJNTn590ftZ4+8T0lDOZlHeQb9MbAXfu6u3J0hw7sKSuzqgDMmFyFP4etfflqzl6nvJjGp8xPv0ZHTaYk8lZSh357VjSg==,iv:/zCwb49eglEN9z5ui61njFHNwliSjgEx8Jf4Nea0rp0=,tag:t3O7Mib4WzdLFWEpDWdJfA==,type:str]
|
||||||
cache:
|
cache:
|
||||||
HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str]
|
HOST: ENC[AES256_GCM,data:h8WMw/IcWae/rfVv2UeCOSavjmq2P+kiGRA59SGRiSowFnqh57FIoVxLFIiqfsOqt5GrJh5H9WKAawDPsEBRhCdy0ciB0O5t/t7aBWZ4+YV5noWQTvfQB39vqAp3EXGhYAo5qsdEk8x0shFs3LbO0nnrFYggmZbHErsiHsnv1g==,iv:tIm03iYdmwWOQpIOMfUuF+GeAGbtrVgxStn0fzN2TE4=,tag:xo5hB0u/ybwoR38pK5BMqg==,type:str]
|
||||||
queue:
|
queue:
|
||||||
CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str]
|
CONN_STR: ENC[AES256_GCM,data:dZNUXJYpGAD9AyFoK9q4r1sawQTJN4Jd8pRn4ArWzgWZlPIqtqsIZyuS/v+JTzLf3ovjEQoBtm1lSBoXrtkWfeny5KmCoWZRvT6/SmBgpO0RjkdSEGwo9GTnWbcgK0uzjg2hQojUKBLkIsxSv9h/ZEGUQ5dSd8Hb+y09hvcGVw==,iv:b0SuaiixzJ719GOShswZqj5qgaHqtjyeKAGbxlo155w=,tag:e5hmBEvZEQ3WTALHkoVUSA==,type:str]
|
||||||
oauth:
|
oauth:
|
||||||
- name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str]
|
- name: ENC[AES256_GCM,data:Zm+sSCp0,iv:aZfvNxE0Y6urfByvpM+oA2CH+zZfFaaRL2KPVu11FQQ=,tag:uRArqbkp7SIebztUS+nDxA==,type:str]
|
||||||
provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str]
|
provider: ENC[AES256_GCM,data:EI+yEwyd,iv:QqZObgWEUiXvdMn0VCm/lpzReTIeucWhh5aB8yQ2JeQ=,tag:hD72fCo7+h3LNIlQ3NAcJg==,type:str]
|
||||||
key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str]
|
key: ENC[AES256_GCM,data:gM8p5PONOwdM9g+ZvM9INkJY3NI=,iv:ibQyiXIuXPJTmixintxbc/BsMID1vh28QNvdsDbI5Fw=,tag:KGB/MDQRXdAiJ1wauyRs5g==,type:str]
|
||||||
secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str]
|
secret: ENC[AES256_GCM,data:Rmgl2K4n1TM1jd25bOM0VmjaM45kHlH9AHMbHCl/zQX7x8BwHG+Jkw==,iv:D9KHktqo7FQJ+tlJLAVlOuceGNKU3eAFSQv8fj8WKWE=,tag:NfTNy8fX3vsF/OgZVQnt+A==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -27,14 +27,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5oQmlrdFVQd1VNaHBM
|
||||||
M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5
|
dDlkYWVZR3dQRkxOYlhHek9PRmZZNm1pVXdzCjgvVkpOUnhNZll2QXNiY1Jyenhn
|
||||||
TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC
|
Uk9XSWtiK3FWSzJ0NHV5c3lCdDN1VEkKLS0tIEY2dTNNQS84M2xFeUZETCsxT0Vr
|
||||||
OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X
|
Z1NYdXFpdXlBSzNIeXEzYlNJZXRkZ2sKr5Wifcy7HNLYwhD8rPkHKwsaTZXDm9sn
|
||||||
RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg==
|
gJnlmBIzz73oHB0Tw07YiRWkZd3JNgFCuWm03x+F72Yk4QAvUq/q3w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-09T09:32:40Z"
|
lastmodified: "2024-06-28T16:06:23Z"
|
||||||
mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str]
|
mac: ENC[AES256_GCM,data:RKe1RMx1A9k2/41QOoQn+TK0dCmSZ0h9jBlkqOWT5lPLzWHJudv7BpZOTgBcHEExmNLYgFJvevUDpwC04ZMrvZ5VCPnlLZbEGzutpYi3/Ieu3Yc/XeWGYUW++yErzzHSP47IA+NxHba2MiBIOWW7txkm+3oUeMbKLLQ5ILvAQyY=,iv:HYpyrOMaa5VrQd/ZtOk47wJoOHjZmMqqazJZ0hQ5wp0=,tag:VNKstOYqHUzpNme3yBtUkQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
24
badhouseplants/values/secrets.postgres16-gitea.yaml
Normal file
24
badhouseplants/values/secrets.postgres16-gitea.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
global:
|
||||||
|
postgresql:
|
||||||
|
auth:
|
||||||
|
postgresPassword: ENC[AES256_GCM,data:4hWLoVdIKbRllUcRcLrnTmn49sZTfT8WJVf7np+eycp1tvPuxvr+1LuZUSFsmBH1l5Q=,iv:5TyazJWw5AeaUPq2uBLu6h5GjGIZzUDosaclTk+0Sp8=,tag:07IYy3U+ZFd3PZ41fN9Wug==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cUM5SnJIZGVXSXJsSkRS
|
||||||
|
dDZsWWJmODMxQ0JYQUVVNEJ0djhtWjdTNXg4ClYzZ2JFeXZicHRobUt0NHJDcXBn
|
||||||
|
NkZ2Q2JpaXIzdEUwODlLbUdwaUJiRkUKLS0tIFhMbnFRaHgxTXhXM3lLUEpRb3hS
|
||||||
|
aHltWVpVMUZQMUxNZlVFb1JEbFdKcVUK1dMISCWCZo+XJTp3ECToue5Q3I9lfGoT
|
||||||
|
yxVkq+M3UZUkAkJ/dMZBOCqAuaSdCCa1NqN6J3IlFaxGLasEDffHaA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-28T15:56:26Z"
|
||||||
|
mac: ENC[AES256_GCM,data:EyeLowunCJcO8Gzd314Gjc434g170R56OyGNG4iywfoaCsY6Kd5EJm7PeEPKsLx+f4M5vfxSD+pkJUABa1MALXgveHZXdiINg1MgpcOw02r2lYIN21ywSz/UJKxz0xZsWaJTnCkVfG2aHmOEFAlcm8wtalctzSeI0qB5RvSkJ8U=,iv:K5SEFucGJPPhl5vWIEjc7Ptx3sv44aXw/2PDMKv6H4s=,tag:LZm7C1M6bB++YUbqC3YYPg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
64
badhouseplants/values/values.authentik.yaml
Normal file
64
badhouseplants/values/values.authentik.yaml
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
---
|
||||||
|
# ------------------------------------------
|
||||||
|
# -- Database extension is used to manage
|
||||||
|
# -- database with db-operator
|
||||||
|
# ------------------------------------------
|
||||||
|
ext-database:
|
||||||
|
enabled: true
|
||||||
|
name: authentik-postgres16
|
||||||
|
instance: postgres16
|
||||||
|
credentials:
|
||||||
|
host: "{{ .Hostname }}"
|
||||||
|
username: "{{ .Username }}"
|
||||||
|
password: "{{ .Password }}"
|
||||||
|
database: "{{ .Database }}"
|
||||||
|
authentik:
|
||||||
|
email:
|
||||||
|
host: email.badhouseplants.net
|
||||||
|
port: 587
|
||||||
|
username: bot@badhouseplants.net
|
||||||
|
use_tls: false
|
||||||
|
use_ssl: false
|
||||||
|
timeout: 30
|
||||||
|
from: bot@badhouseplants.net
|
||||||
|
postgresql:
|
||||||
|
host: file:///postgres-creds/host
|
||||||
|
user: file:///postgres-creds/username
|
||||||
|
password: file:///postgres-creds/password
|
||||||
|
name: file:///postgres-creds/database
|
||||||
|
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
|
||||||
|
# This sends anonymous usage-data, stack traces on errors and
|
||||||
|
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
|
||||||
|
error_reporting:
|
||||||
|
enabled: false
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
server:
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- authentik.badhouseplants.net
|
||||||
|
tls:
|
||||||
|
- secretName: authentik-tls-secret
|
||||||
|
hosts:
|
||||||
|
- authentik.badhouseplants.net
|
||||||
|
volumes:
|
||||||
|
- name: postgres-creds
|
||||||
|
secret:
|
||||||
|
secretName: authentik-postgres16-creds
|
||||||
|
volumeMounts:
|
||||||
|
- name: postgres-creds
|
||||||
|
mountPath: /postgres-creds
|
||||||
|
readOnly: true
|
||||||
|
worker:
|
||||||
|
volumes:
|
||||||
|
- name: postgres-creds
|
||||||
|
secret:
|
||||||
|
secretName: authentik-postgres16-creds
|
||||||
|
volumeMounts:
|
||||||
|
- name: postgres-creds
|
||||||
|
mountPath: /postgres-creds
|
||||||
|
readOnly: true
|
||||||
|
|
@ -1,5 +1,15 @@
|
|||||||
---
|
---
|
||||||
dbinstances:
|
dbinstances:
|
||||||
|
postgres16-gitea:
|
||||||
|
monitoring:
|
||||||
|
enabled: false
|
||||||
|
adminSecretRef:
|
||||||
|
Name: postgres16-gitea-secret
|
||||||
|
Namespace: databases
|
||||||
|
engine: postgres
|
||||||
|
generic:
|
||||||
|
host: postgres16-gitea-postgresql.databases.svc.cluster.local
|
||||||
|
port: 5432
|
||||||
postgres16:
|
postgres16:
|
||||||
monitoring:
|
monitoring:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -33,6 +33,7 @@ celery:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
@ -1,4 +1,12 @@
|
|||||||
---
|
---
|
||||||
|
traefik:
|
||||||
|
enabled: true
|
||||||
|
tcpRoutes:
|
||||||
|
- name: gitea-ssh
|
||||||
|
service: gitea-ssh
|
||||||
|
match: HostSNI(`*`)
|
||||||
|
entrypoint: ssh
|
||||||
|
port: 22
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
# -- Database extension is used to manage
|
# -- Database extension is used to manage
|
||||||
# -- database with db-operator
|
# -- database with db-operator
|
||||||
@ -6,7 +14,7 @@
|
|||||||
ext-database:
|
ext-database:
|
||||||
enabled: true
|
enabled: true
|
||||||
name: gitea-postgres16
|
name: gitea-postgres16
|
||||||
instance: postgres16
|
instance: postgres16-gitea
|
||||||
|
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
# -- Kubernetes related values
|
# -- Kubernetes related values
|
||||||
@ -19,6 +27,7 @@ ingress:
|
|||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
hosts:
|
hosts:
|
||||||
- host: git.badhouseplants.net
|
- host: git.badhouseplants.net
|
||||||
paths:
|
paths:
|
||||||
@ -33,11 +42,11 @@ clusterDomain: cluster.local
|
|||||||
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 300m
|
cpu: 512m
|
||||||
memory: 512Mi
|
memory: 1024Mi
|
||||||
requests:
|
requests:
|
||||||
cpu: 50m
|
cpu: 512m
|
||||||
memory: 128Mi
|
memory: 256Mi
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
enabled: true
|
enabled: true
|
||||||
@ -57,9 +66,9 @@ gitea:
|
|||||||
config:
|
config:
|
||||||
database:
|
database:
|
||||||
DB_TYPE: postgres
|
DB_TYPE: postgres
|
||||||
HOST: postgres16-postgresql.database-service.svc.cluster.local
|
HOST: postgres16-gitea-postgresql.databases.svc.cluster.local
|
||||||
NAME: gitea-service-gitea-postgres16
|
NAME: applications-gitea-postgres16
|
||||||
USER: gitea-service-gitea-postgres16
|
USER: applications-gitea-postgres16
|
||||||
APP_NAME: Bad Houseplants Gitea
|
APP_NAME: Bad Houseplants Gitea
|
||||||
ui:
|
ui:
|
||||||
meta:
|
meta:
|
||||||
@ -105,10 +114,12 @@ gitea:
|
|||||||
SMTP_PORT: 587
|
SMTP_PORT: 587
|
||||||
USER: overlord@badhouseplants.net
|
USER: overlord@badhouseplants.net
|
||||||
indexer:
|
indexer:
|
||||||
REPO_INDEXER_ENABLED: true
|
REPO_INDEXER_ENABLED: false
|
||||||
REPO_INDEXER_PATH: indexers/repos.bleve
|
REPO_INDEXER_PATH: indexers/repos.bleve
|
||||||
MAX_FILE_SIZE: 1048576
|
MAX_FILE_SIZE: 1048576
|
||||||
REPO_INDEXER_EXCLUDE: resources/bin/**
|
REPO_INDEXER_EXCLUDE: resources/bin/**
|
||||||
|
picture:
|
||||||
|
ENABLE_FEDERATED_AVATAR: false
|
||||||
service:
|
service:
|
||||||
ssh:
|
ssh:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
---
|
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
# -- Database extension is used to manage
|
# -- Database extension is used to manage
|
||||||
# -- database with db-operator
|
# -- database with db-operator
|
||||||
@ -57,14 +57,17 @@ traefik:
|
|||||||
subnet: 10.244.0.0/16
|
subnet: 10.244.0.0/16
|
||||||
sessionCookieSecure: true
|
sessionCookieSecure: true
|
||||||
hostnames:
|
hostnames:
|
||||||
- badhouseplants.net
|
|
||||||
- email.badhouseplants.net
|
- email.badhouseplants.net
|
||||||
|
extraTls:
|
||||||
|
- hosts:
|
||||||
|
- badhouseplants.net
|
||||||
|
secretName: mailu-root-domain
|
||||||
domain: badhouseplants.net
|
domain: badhouseplants.net
|
||||||
persistence:
|
persistence:
|
||||||
single_pvc: false
|
single_pvc: false
|
||||||
limits:
|
limits:
|
||||||
messageRatelimit:
|
messageRatelimit:
|
||||||
value: "10/day"
|
value: "100/day"
|
||||||
tls:
|
tls:
|
||||||
outboundLevel: secure
|
outboundLevel: secure
|
||||||
ingress:
|
ingress:
|
||||||
@ -76,12 +79,18 @@ ingress:
|
|||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
tlsFlavorOverride: mail
|
tlsFlavorOverride: mail
|
||||||
realIpFrom: traefik.kube-system.svc.cluster.local
|
# realIpFrom: traefik.kube-system.svc.cluster.local
|
||||||
realIpHeader: "X-Real-IP"
|
# realIpHeader: "X-Real-IP"
|
||||||
front:
|
front:
|
||||||
hostPort:
|
hostPort:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
extraEnvVars:
|
||||||
|
- name: PROXY_PROTOCOL
|
||||||
|
value: "mail"
|
||||||
|
- name: REAL_IP_FROM
|
||||||
|
value: "10.244.0.0/16,10.43.0.0/16"
|
||||||
admin:
|
admin:
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@ -89,7 +98,15 @@ admin:
|
|||||||
cpu: 70m
|
cpu: 70m
|
||||||
limits:
|
limits:
|
||||||
memory: 700Mi
|
memory: 700Mi
|
||||||
cpu: 400m
|
cpu: 600m
|
||||||
|
startupProbe:
|
||||||
|
enabled: true
|
||||||
|
failureThreshold: 10
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 5
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
size: 1Gi
|
size: 1Gi
|
||||||
redis:
|
redis:
|
||||||
|
@ -28,6 +28,7 @@ ingress:
|
|||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
path: /
|
path: /
|
||||||
hosts:
|
hosts:
|
||||||
- s3.badhouseplants.net
|
- s3.badhouseplants.net
|
||||||
@ -44,6 +45,7 @@ consoleIngress:
|
|||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
path: /
|
path: /
|
||||||
hosts:
|
hosts:
|
||||||
- minio.badhouseplants.net
|
- minio.badhouseplants.net
|
||||||
|
@ -1,23 +1,18 @@
|
|||||||
namespaces:
|
namespaces:
|
||||||
- name: longhorn-system
|
- name: longhorn-system
|
||||||
- name: minio-service
|
- name: minio-service
|
||||||
- name: argo-system
|
|
||||||
- name: nrodionov-application
|
- name: nrodionov-application
|
||||||
- name: minecraft-application
|
|
||||||
annotations:
|
|
||||||
badohouseplants.net/git-repo: |
|
|
||||||
https://git.badhouseplants.net/badhouseplants/minecraft-helmfile
|
|
||||||
badhouseplants.net/ci: |
|
|
||||||
https://ci.badhouseplants.net/repos/15
|
|
||||||
- name: gitea-service
|
|
||||||
- name: funkwhale-application
|
- name: funkwhale-application
|
||||||
- name: database-service
|
- name: database-service
|
||||||
- name: mail-service
|
|
||||||
- name: vaultwarden-application
|
- name: vaultwarden-application
|
||||||
- name: woodpecker-ci
|
|
||||||
- name: openvpn-service
|
- name: openvpn-service
|
||||||
- name: badhouseplants-main
|
- name: badhouseplants-main
|
||||||
labels:
|
labels:
|
||||||
istio-injection: enabled
|
istio-injection: enabled
|
||||||
- name: badhouseplants-preview
|
- name: badhouseplants-preview
|
||||||
- name: kube-services
|
- name: kube-services
|
||||||
|
- name: databases
|
||||||
|
- name: applications
|
||||||
|
- name: development
|
||||||
|
- name: platform
|
||||||
|
- name: games
|
||||||
|
35
badhouseplants/values/values.postgres16-gitea.yaml
Normal file
35
badhouseplants/values/values.postgres16-gitea.yaml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
architecture: standalone
|
||||||
|
|
||||||
|
auth:
|
||||||
|
database: postgres
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
size: 1Gi
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
primary:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
ephemeral-storage: 1Gi
|
||||||
|
memory: 512Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
ephemeral-storage: 50Mi
|
||||||
|
memory: 256Mi
|
||||||
|
podSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
fsGroupChangePolicy: Always
|
||||||
|
sysctls: []
|
||||||
|
supplementalGroups: []
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
seLinuxOptions: {}
|
||||||
|
runAsNonRoot: false
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop: ["ALL"]
|
||||||
|
seccompProfile:
|
||||||
|
type: "RuntimeDefault"
|
@ -9,6 +9,14 @@ persistence:
|
|||||||
metrics:
|
metrics:
|
||||||
enabled: false
|
enabled: false
|
||||||
primary:
|
primary:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
ephemeral-storage: 1Gi
|
||||||
|
memory: 512Mi
|
||||||
|
requests:
|
||||||
|
cpu: 512m
|
||||||
|
ephemeral-storage: 50Mi
|
||||||
|
memory: 128Mi
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
enabled: true
|
enabled: true
|
||||||
fsGroupChangePolicy: Always
|
fsGroupChangePolicy: Always
|
||||||
|
@ -6,4 +6,14 @@ roles:
|
|||||||
- apiGroups: ["*"]
|
- apiGroups: ["*"]
|
||||||
resources: ["*"]
|
resources: ["*"]
|
||||||
verbs: ["*"]
|
verbs: ["*"]
|
||||||
namespace: ["minecraft-application"]
|
namespace:
|
||||||
|
- minecraft-application
|
||||||
|
- name: minecraft-admin
|
||||||
|
namespace: games
|
||||||
|
kind: Role
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["*"]
|
||||||
|
resources: ["*"]
|
||||||
|
verbs: ["*"]
|
||||||
|
namespace:
|
||||||
|
- games
|
||||||
|
@ -4,7 +4,10 @@ service:
|
|||||||
spec:
|
spec:
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
ports:
|
ports:
|
||||||
git-ssh:
|
web:
|
||||||
|
redirectTo:
|
||||||
|
port: websecure
|
||||||
|
ssh:
|
||||||
port: 22
|
port: 22
|
||||||
expose:
|
expose:
|
||||||
default: true
|
default: true
|
||||||
|
@ -64,6 +64,7 @@ vaultwarden:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
@ -22,7 +22,7 @@ vaultwarden:
|
|||||||
webVaultEnabled: "true"
|
webVaultEnabled: "true"
|
||||||
signupsAllowed: true
|
signupsAllowed: true
|
||||||
invitationsAllowed: true
|
invitationsAllowed: true
|
||||||
signupDomains: "https://vaulttest.badhouseplants.net"
|
signupDomains: "test.test"
|
||||||
signupsVerify: false
|
signupsVerify: false
|
||||||
showPassHint: true
|
showPassHint: true
|
||||||
# database:
|
# database:
|
||||||
@ -43,6 +43,7 @@ ingress:
|
|||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
@ -2,15 +2,6 @@
|
|||||||
# -- Istio extenstion. Just because I'm
|
# -- Istio extenstion. Just because I'm
|
||||||
# -- not using ingress nginx
|
# -- not using ingress nginx
|
||||||
# ------------------------------------------
|
# ------------------------------------------
|
||||||
istio:
|
|
||||||
enabled: true
|
|
||||||
istio:
|
|
||||||
- name: woodpecker-server-http
|
|
||||||
gateway: istio-system/badhouseplants-net
|
|
||||||
kind: http
|
|
||||||
hostname: ci.badhouseplants.net
|
|
||||||
service: woodpecker-ci-server
|
|
||||||
port: 80
|
|
||||||
ext-database:
|
ext-database:
|
||||||
enabled: true
|
enabled: true
|
||||||
name: woodpecker-postgres16
|
name: woodpecker-postgres16
|
||||||
@ -26,6 +17,7 @@ server:
|
|||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
hosts:
|
hosts:
|
||||||
- host: ci.badhouseplants.net
|
- host: ci.badhouseplants.net
|
||||||
paths:
|
paths:
|
||||||
@ -34,11 +26,6 @@ server:
|
|||||||
- secretName: woodpecker-tls-secret
|
- secretName: woodpecker-tls-secret
|
||||||
hosts:
|
hosts:
|
||||||
- ci.badhouseplants.net
|
- ci.badhouseplants.net
|
||||||
#image:
|
|
||||||
# registry: git.badhouseplants.net
|
|
||||||
# repository: allanger/woodpecker-server
|
|
||||||
# pullPolicy: Always
|
|
||||||
# tag: icon
|
|
||||||
enabled: true
|
enabled: true
|
||||||
env:
|
env:
|
||||||
WOODPECKER_GITEA: true
|
WOODPECKER_GITEA: true
|
||||||
@ -49,21 +36,16 @@ server:
|
|||||||
WOODPECKER_ADMIN: "woodpecker,allanger"
|
WOODPECKER_ADMIN: "woodpecker,allanger"
|
||||||
WOODPECKER_HOST: "https://ci.badhouseplants.net"
|
WOODPECKER_HOST: "https://ci.badhouseplants.net"
|
||||||
WOODPECKER_ESCALATE: true
|
WOODPECKER_ESCALATE: true
|
||||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
WOODPECKER_BACKEND_K8S_NAMESPACE: platform
|
||||||
extraSecretNamesForEnvFrom:
|
extraSecretNamesForEnvFrom:
|
||||||
- woodpecker-postgres16-creds
|
- woodpecker-postgres16-creds
|
||||||
agent:
|
agent:
|
||||||
#image:
|
|
||||||
# registry: git.badhouseplants.net
|
|
||||||
# repository: allanger/woodpecker-agent
|
|
||||||
# pullPolicy: Always
|
|
||||||
# tag: dev
|
|
||||||
enabled: true
|
enabled: true
|
||||||
extraSecretNamesForEnvFrom: []
|
extraSecretNamesForEnvFrom: []
|
||||||
env:
|
env:
|
||||||
WOODPECKER_SERVER: woodpecker-ci-server:9000
|
WOODPECKER_SERVER: woodpecker-ci-server:9000
|
||||||
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
|
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi
|
||||||
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci
|
WOODPECKER_BACKEND_K8S_NAMESPACE: platform
|
||||||
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
|
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
create: true
|
create: true
|
||||||
|
@ -2,6 +2,7 @@ ingress:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: ~
|
className: ~
|
||||||
annotations:
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
@ -19,7 +19,7 @@ ext-database:
|
|||||||
templates:
|
templates:
|
||||||
{{- range $key, $value := .Values.credentials }}
|
{{- range $key, $value := .Values.credentials }}
|
||||||
- name: {{ $key }}
|
- name: {{ $key }}
|
||||||
template: {{ $value }}
|
template: {{ $value | quote }}
|
||||||
secret: true
|
secret: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -8,17 +8,17 @@ releases:
|
|||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *istio-base
|
- <<: *istio-base
|
||||||
installed: true
|
installed: false
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *istio-gateway
|
- <<: *istio-gateway
|
||||||
installed: true
|
installed: false
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
- <<: *istiod
|
- <<: *istiod
|
||||||
installed: true
|
installed: false
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
|
||||||
|
14
manifests/argo-apps/app.yaml
Normal file
14
manifests/argo-apps/app.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: vaultflux
|
||||||
|
namespace: argo-system
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: git@git.badhouseplants.net:badhouseplants/k8s-cluster-config.git
|
||||||
|
targetRevision: try-argo-and-flux
|
||||||
|
path: manifests/debug/istio
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: default
|
@ -7,22 +7,22 @@ metadata:
|
|||||||
name: debug
|
name: debug
|
||||||
---
|
---
|
||||||
# httpbin.yaml
|
# httpbin.yaml
|
||||||
apiVersion: networking.istio.io/v1alpha3
|
#apiVersion: networking.istio.io/v1alpha3
|
||||||
kind: VirtualService
|
#kind: VirtualService
|
||||||
metadata:
|
#metadata:
|
||||||
name: httpbin
|
# name: httpbin
|
||||||
namespace: debug
|
# namespace: debug
|
||||||
spec:
|
#spec:
|
||||||
hosts:
|
# hosts:
|
||||||
- "httpbin.badhouseplants.net"
|
# - "httpbin.badhouseplants.net"
|
||||||
gateways:
|
# gateways:
|
||||||
- istio-system/badhouseplants-net
|
# - istio-system/badhouseplants-net
|
||||||
http:
|
# http:
|
||||||
- route:
|
# - route:
|
||||||
- destination:
|
# - destination:
|
||||||
port:
|
# port:
|
||||||
number: 8000
|
# number: 8000
|
||||||
host: httpbin
|
# host: httpbin
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
@ -79,3 +79,19 @@ spec:
|
|||||||
name: httpbin
|
name: httpbin
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8000
|
- containerPort: 8000
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: ubuntu
|
||||||
|
namespace: argo-system
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: git@git.badhouseplants.net:badhouseplants/k8s-cluster-config.git
|
||||||
|
targetRevision: try-argo-and-flux
|
||||||
|
path: manifests/debug/ubuntu
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: default
|
||||||
|
52
manifests/helm-releases/podinfo.yaml
Normal file
52
manifests/helm-releases/podinfo.yaml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: podinfo
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
url: https://git.badhouseplants.net/api/packages/allanger/helm
|
||||||
|
---
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: podinfo
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 10m
|
||||||
|
timeout: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: vaultwarden
|
||||||
|
version: '1.2.0'
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: podinfo
|
||||||
|
interval: 5m
|
||||||
|
releaseName: vaultflux
|
||||||
|
install:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
upgrade:
|
||||||
|
remediation:
|
||||||
|
retries: 3
|
||||||
|
test:
|
||||||
|
enable: true
|
||||||
|
driftDetection:
|
||||||
|
mode: enabled
|
||||||
|
ignore:
|
||||||
|
- paths: ["/spec/replicas"]
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patches:
|
||||||
|
- target:
|
||||||
|
labelSelector: app.kubernetes.io/instance=vaultflux
|
||||||
|
patch: |
|
||||||
|
- op: add
|
||||||
|
path: "/metadata/labels/argocd.argoproj.io~1instances"
|
||||||
|
value: vaultflux
|
||||||
|
values:
|
||||||
|
replicaCount: 2
|
@ -145,9 +145,9 @@ templates:
|
|||||||
cert-manager: &cert-manager
|
cert-manager: &cert-manager
|
||||||
name: cert-manager
|
name: cert-manager
|
||||||
chart: jetstack/cert-manager
|
chart: jetstack/cert-manager
|
||||||
version: 1.15.0
|
version: 1.15.1
|
||||||
set:
|
set:
|
||||||
- name: installCRDs
|
- name: crds.enabled
|
||||||
value: true
|
value: true
|
||||||
longhorn: &longhorn
|
longhorn: &longhorn
|
||||||
name: longhorn
|
name: longhorn
|
||||||
@ -159,7 +159,7 @@ templates:
|
|||||||
argocd: &argocd
|
argocd: &argocd
|
||||||
name: argocd
|
name: argocd
|
||||||
chart: argo/argo-cd
|
chart: argo/argo-cd
|
||||||
version: 7.1.3
|
version: 7.3.3
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -199,7 +199,7 @@ templates:
|
|||||||
istio-common:
|
istio-common:
|
||||||
labels:
|
labels:
|
||||||
bundle: istio
|
bundle: istio
|
||||||
version: 1.22.0
|
version: 1.22.2
|
||||||
|
|
||||||
istio-base: &istio-base
|
istio-base: &istio-base
|
||||||
name: istio-base
|
name: istio-base
|
||||||
@ -251,26 +251,7 @@ templates:
|
|||||||
# ----------------------------
|
# ----------------------------
|
||||||
# -- Drone
|
# -- Drone
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
drone-common:
|
|
||||||
labels:
|
|
||||||
bundle: drone
|
|
||||||
drone: &drone
|
|
||||||
name: drone
|
|
||||||
chart: drone/drone
|
|
||||||
version: 0.6.5
|
|
||||||
inherit:
|
|
||||||
- template: default-env-values
|
|
||||||
- template: default-env-secrets
|
|
||||||
- template: drone-common
|
|
||||||
|
|
||||||
drone-runner-docker: &drone-runner-docker
|
|
||||||
name: drone-runner-docker
|
|
||||||
chart: drone/drone-runner-docker
|
|
||||||
version: 0.6.2
|
|
||||||
inherit:
|
|
||||||
- template: default-env-values
|
|
||||||
- template: default-env-secrets
|
|
||||||
- template: drone-common
|
|
||||||
|
|
||||||
woodpecker-ci: &woodpecker-ci
|
woodpecker-ci: &woodpecker-ci
|
||||||
name: woodpecker-ci
|
name: woodpecker-ci
|
||||||
@ -284,7 +265,7 @@ templates:
|
|||||||
nrodionov: &nrodionov
|
nrodionov: &nrodionov
|
||||||
name: nrodionov
|
name: nrodionov
|
||||||
chart: bitnami/wordpress
|
chart: bitnami/wordpress
|
||||||
version: 22.4.10
|
version: 22.4.16
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -304,6 +285,7 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
|
- template: ext-tcp-routes
|
||||||
- template: ext-database
|
- template: ext-database
|
||||||
|
|
||||||
funkwhale: &funkwhale
|
funkwhale: &funkwhale
|
||||||
@ -326,15 +308,27 @@ templates:
|
|||||||
redis: &redis
|
redis: &redis
|
||||||
name: redis
|
name: redis
|
||||||
chart: bitnami/redis
|
chart: bitnami/redis
|
||||||
version: 19.5.3
|
version: 19.6.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
|
|
||||||
postgres16: &postgres16
|
postgres16: &postgres16
|
||||||
|
labels:
|
||||||
|
bundle: postgres
|
||||||
name: postgres16
|
name: postgres16
|
||||||
chart: bitnami/postgresql
|
chart: bitnami/postgresql
|
||||||
version: 15.5.5
|
version: 15.5.11
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
- template: default-env-secrets
|
||||||
|
|
||||||
|
postgres16-gitea: &postgres16-gitea
|
||||||
|
labels:
|
||||||
|
bundle: postgres
|
||||||
|
name: postgres16-gitea
|
||||||
|
chart: bitnami/postgresql
|
||||||
|
version: 15.5.11
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -342,12 +336,12 @@ templates:
|
|||||||
db-operator: &db-operator
|
db-operator: &db-operator
|
||||||
name: db-operator
|
name: db-operator
|
||||||
chart: db-operator/db-operator
|
chart: db-operator/db-operator
|
||||||
version: 1.25.0
|
version: 1.27.1
|
||||||
|
|
||||||
db-instances: &db-instances
|
db-instances: &db-instances
|
||||||
name: db-instances
|
name: db-instances
|
||||||
chart: db-operator/db-instances
|
chart: db-operator/db-instances
|
||||||
version: 2.3.1
|
version: 2.3.4
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -355,7 +349,7 @@ templates:
|
|||||||
mysql: &mysql
|
mysql: &mysql
|
||||||
name: mysql
|
name: mysql
|
||||||
chart: bitnami/mysql
|
chart: bitnami/mysql
|
||||||
version: 11.1.2
|
version: 11.1.4
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -363,7 +357,7 @@ templates:
|
|||||||
docker-mailserver: &docker-mailserver
|
docker-mailserver: &docker-mailserver
|
||||||
name: docker-mailserver
|
name: docker-mailserver
|
||||||
chart: allanger-gitea/docker-mailserver
|
chart: allanger-gitea/docker-mailserver
|
||||||
version: 2.3.1
|
version: 2.4.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: ext-tcp-routes
|
- template: ext-tcp-routes
|
||||||
@ -393,7 +387,8 @@ templates:
|
|||||||
mailu: &mailu
|
mailu: &mailu
|
||||||
name: mailu
|
name: mailu
|
||||||
chart: mailu/mailu
|
chart: mailu/mailu
|
||||||
version: 1.5.0
|
namespace: applications
|
||||||
|
version: 2.0.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -462,3 +457,13 @@ templates:
|
|||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
|
|
||||||
|
authentik: &authentik
|
||||||
|
name: authentik
|
||||||
|
chart: goauthentik/authentik
|
||||||
|
version: 2024.6.0
|
||||||
|
namespace: applications
|
||||||
|
createNamespace: false
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
- template: default-env-secrets
|
||||||
|
- template: ext-database
|
||||||
|
@ -63,3 +63,5 @@ repositories:
|
|||||||
url: https://traefik.github.io/charts
|
url: https://traefik.github.io/charts
|
||||||
- name: local-path-provisioner
|
- name: local-path-provisioner
|
||||||
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26
|
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26
|
||||||
|
- name: goauthentik
|
||||||
|
url: https://charts.goauthentik.io/
|
||||||
|
@ -2,17 +2,21 @@
|
|||||||
export PGHOST=$OLD_PGHOST
|
export PGHOST=$OLD_PGHOST
|
||||||
export PGPASSWORD=$OLD_PGPASSWORD
|
export PGPASSWORD=$OLD_PGPASSWORD
|
||||||
export PGDATABASE=$OLD_PGDATABASE
|
export PGDATABASE=$OLD_PGDATABASE
|
||||||
|
export PGPORT=$OLD_PGPORT
|
||||||
|
export PGUSER=$OLD_PGUSER
|
||||||
DUMP_FILE=/tmp/$PGDATABASE.dump
|
DUMP_FILE=/tmp/$PGDATABASE.dump
|
||||||
pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
|
#pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
|
||||||
|
#
|
||||||
export PGHOST=$NEW_PGHOST
|
#export PGHOST=$NEW_PGHOST
|
||||||
export PGPASSWORD=$NEW_PGPASSWORD
|
#export PGPASSWORD=$NEW_PGPASSWORD
|
||||||
export PGDATABASE=$NEW_PGDATABASE
|
#export PGDATABASE=$NEW_PGDATABASE
|
||||||
pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
|
#export PGPORT=$NEW_PGPORT
|
||||||
|
#export PGUSER=$NEW_PGUSER
|
||||||
psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
|
#pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
|
||||||
psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
|
#
|
||||||
psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
|
#psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
|
||||||
|
#psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
|
||||||
|
#psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
|
||||||
|
|
||||||
rm -f /tmp/output
|
rm -f /tmp/output
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user