Compare commits
	
		
			2 Commits
		
	
	
		
			prepare-ar
			...
			fix-check-
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 9d43635ef6 | ||
|   | 240400097f | 
| @@ -93,9 +93,10 @@ type: docker | ||||
| name: Check helmfiles | ||||
| trigger: | ||||
|   event: | ||||
|     - cron | ||||
|   cron: | ||||
|     - daily | ||||
|     #    - cron | ||||
|     - push | ||||
|       #  cron: | ||||
|       #    - daily | ||||
|  | ||||
| steps: | ||||
|   - name: Check badhouseplants | ||||
| @@ -105,6 +106,8 @@ steps: | ||||
|       SOPS_AGE_KEY: | ||||
|         from_secret: SOPS_AGE_KEY | ||||
|     commands: | ||||
|       - helmfile -e badhouseplants fetch | ||||
|       - helmfile -e badhouseplants list | ||||
|       - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl | ||||
|       - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl | ||||
|  | ||||
|   | ||||
							
								
								
									
										1
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								Makefile
									
									
									
									
									
								
							| @@ -2,4 +2,3 @@ create_crb: | ||||
| 	kubectl create clusterrolebinding drone-deployer-workaround \ | ||||
| 		--clusterrole=cluster-admin  \ | ||||
|   	--serviceaccount=drone-service:default | ||||
|  | ||||
|   | ||||
| @@ -5,42 +5,42 @@ releases: | ||||
|   - <<: *drone | ||||
|     installed: true | ||||
|     namespace: drone-service | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *drone-runner-docker | ||||
|     installed: true | ||||
|     namespace: drone-service | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *longhorn | ||||
|     installed: false | ||||
|     installed: true | ||||
|     namespace: longhorn-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *argocd | ||||
|     installed: true | ||||
|     namespace: argo-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *nrodionov | ||||
|     installed: true | ||||
|     namespace: nrodionov-application | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *minecraft | ||||
|     installed: true | ||||
|     namespace: minecraft-application | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *gitea | ||||
|     installed: true | ||||
|     namespace: gitea-service | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *funkwhale | ||||
|     installed: true | ||||
|     namespace: funkwhale-application | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *prometheus | ||||
|     installed: true | ||||
| @@ -50,12 +50,12 @@ releases: | ||||
|   - <<: *loki | ||||
|     installed: false | ||||
|     namespace: monitoring-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *promtail | ||||
|     installed: false | ||||
|     namespace: monitoring-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *bitwarden | ||||
|     installed: true | ||||
| @@ -67,7 +67,7 @@ releases: | ||||
|     namespace: database-service | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *postgres16 | ||||
|   - <<: *postgres | ||||
|     installed: true | ||||
|     namespace: database-service | ||||
|     createNamespace: true | ||||
| @@ -87,11 +87,6 @@ releases: | ||||
|     namespace: database-service | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *docker-mailserver | ||||
|     installed: true | ||||
|     namespace: mail-service | ||||
|     createNamespace: true | ||||
|  | ||||
|  | ||||
| bases: | ||||
|   - ../environments.yaml | ||||
|   | ||||
| @@ -1,7 +1,5 @@ | ||||
| env: | ||||
|     ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str] | ||||
| smtp: | ||||
|     password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
| @@ -17,8 +15,8 @@ sops: | ||||
|             dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1 | ||||
|             amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-15T12:20:48Z" | ||||
|     mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str] | ||||
|     lastmodified: "2023-07-16T18:40:43Z" | ||||
|     mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
|     version: 3.7.3 | ||||
| @@ -3,10 +3,6 @@ dbinstances: | ||||
|         secrets: | ||||
|             adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] | ||||
|             adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] | ||||
|     postgres16: | ||||
|         secrets: | ||||
|             adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] | ||||
|             adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] | ||||
|     mysql: | ||||
|         secrets: | ||||
|             adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] | ||||
| @@ -26,8 +22,8 @@ sops: | ||||
|             Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 | ||||
|             OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-04T02:28:20Z" | ||||
|     mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] | ||||
|     lastmodified: "2023-07-30T15:07:28Z" | ||||
|     mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.0 | ||||
|     version: 3.7.3 | ||||
|   | ||||
| @@ -1,7 +1,7 @@ | ||||
| djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] | ||||
| postgresql: | ||||
|     auth: | ||||
|         password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] | ||||
|         password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] | ||||
| redis: | ||||
|     auth: | ||||
|         password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] | ||||
| @@ -20,8 +20,8 @@ sops: | ||||
|             dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA | ||||
|             GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-04T18:47:37Z" | ||||
|     mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] | ||||
|     lastmodified: "2023-07-29T20:22:20Z" | ||||
|     mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.0 | ||||
|     version: 3.7.3 | ||||
|   | ||||
| @@ -4,9 +4,9 @@ gitea: | ||||
|         password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] | ||||
|     config: | ||||
|         mailer: | ||||
|             PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] | ||||
|             ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] | ||||
|         database: | ||||
|             PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] | ||||
|             PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str] | ||||
|         session: | ||||
|             PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] | ||||
|         cache: | ||||
| @@ -33,8 +33,8 @@ sops: | ||||
|             Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN | ||||
|             WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-15T09:58:05Z" | ||||
|     mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] | ||||
|     lastmodified: "2023-07-29T20:30:31Z" | ||||
|     mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.1 | ||||
|     version: 3.7.3 | ||||
|   | ||||
| @@ -1,24 +0,0 @@ | ||||
| global: | ||||
|     postgresql: | ||||
|         auth: | ||||
|             postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] | ||||
| sops: | ||||
|     kms: [] | ||||
|     gcp_kms: [] | ||||
|     azure_kv: [] | ||||
|     hc_vault: [] | ||||
|     age: | ||||
|         - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 | ||||
|           enc: | | ||||
|             -----BEGIN AGE ENCRYPTED FILE----- | ||||
|             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 | ||||
|             VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi | ||||
|             bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns | ||||
|             Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 | ||||
|             OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== | ||||
|             -----END AGE ENCRYPTED FILE----- | ||||
|     lastmodified: "2023-10-04T02:27:48Z" | ||||
|     mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] | ||||
|     pgp: [] | ||||
|     unencrypted_suffix: _unencrypted | ||||
|     version: 3.8.0 | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: argocd-http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: argo.badhouseplants.net | ||||
|       service: argocd-server | ||||
|   | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: bitwarden-http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: bitwarden.badhouseplants.net | ||||
|       service: bitwarden-vaultwarden | ||||
| @@ -17,24 +17,21 @@ istio: | ||||
|   pathType: Prefix | ||||
|  | ||||
| env: | ||||
|  | ||||
|   SIGNUPS_ALLOWED: false | ||||
|   DOMAIN: "https://bitwarden.badhouseplants.net" | ||||
|   # YUBICO_CLIENT_ID | ||||
|   # YUBICO_SECRET_KEY | ||||
|   # DATA_FOLDER | ||||
|   # DATABASE_URL | ||||
|   # ATTACHMENTS_FOLDER | ||||
|   # ICON_CACHE_FOLDER | ||||
|   # ROCKET_LIMITS | ||||
|   # ROCKET_WORKERS | ||||
|   WEB_VAULT_ENABLED: true | ||||
|  | ||||
| persistence: | ||||
|   enabled: true | ||||
|   accessMode: ReadWriteOnce | ||||
|   size: 800Mi | ||||
|   storageClass: longhorn | ||||
|  | ||||
| smtp: | ||||
|   host: badhouseplants.net | ||||
|   security: "starttls" | ||||
|   port: 587 | ||||
|   from: bitwarden@badhouseplants.net | ||||
|   fromName: bitwarden | ||||
|   username: | ||||
|     value: overlord@badhouseplants.net | ||||
|   authMechanism: "Plain" | ||||
|   acceptInvalidHostnames: "false" | ||||
|   acceptInvalidCerts: "false" | ||||
|   storageClass: longhorn | ||||
| @@ -10,16 +10,6 @@ dbinstances: | ||||
|     generic: | ||||
|       host: postgres-postgresql | ||||
|       port: 5432 | ||||
|   postgres16: | ||||
|     monitoring: | ||||
|       enabled: false | ||||
|     adminSecretRef: | ||||
|       Name: postgres16-secret | ||||
|       Namespace: database-service | ||||
|     engine: postgres | ||||
|     generic: | ||||
|       host: postgres16-postgresql | ||||
|       port: 5432 | ||||
|   mysql: | ||||
|     monitoring: | ||||
|       enabled: false | ||||
|   | ||||
| @@ -1,129 +0,0 @@ | ||||
| istio-gateway: | ||||
|   enabled: true | ||||
|   gateways: | ||||
|     - name: badhouseplants-email | ||||
|       servers: | ||||
|         - hosts: | ||||
|             - "*" | ||||
|           port: | ||||
|             name: smtp | ||||
|             number: 25 | ||||
|             protocol: TCP | ||||
|         - hosts: | ||||
|             - "*" | ||||
|           port: | ||||
|             name: pop3 | ||||
|             number: 110 | ||||
|             protocol: TCP | ||||
|         - hosts: | ||||
|             - "*" | ||||
|           port: | ||||
|             name: imap | ||||
|             number: 143 | ||||
|             protocol: TCP | ||||
|         - hosts: | ||||
|             - "*" | ||||
|           port: | ||||
|             name: smtps | ||||
|             number: 465 | ||||
|             protocol: TCP | ||||
|         - hosts: | ||||
|             - "*" | ||||
|           port: | ||||
|             name: submission | ||||
|             number: 587 | ||||
|             protocol: TCP | ||||
|         - hosts: | ||||
|             - "*" | ||||
|           port: | ||||
|             name: imaps | ||||
|             number: 993 | ||||
|             protocol: TCP | ||||
|         - hosts: | ||||
|             - "*" | ||||
|           port: | ||||
|             name: pop3s | ||||
|             number: 995 | ||||
|             protocol: TCP | ||||
| istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: docker-mailserver-smpt | ||||
|       kind: tcp | ||||
|       gateway: badhouseplants-email | ||||
|       service: docker-mailserver | ||||
|       hostname: badhouseplants.net | ||||
|       port_match: 25 | ||||
|       port: 25 | ||||
|     - name: docker-mailserver-smpts | ||||
|       kind: tcp | ||||
|       gateway: badhouseplants-email | ||||
|       port_match: 465 | ||||
|       hostname: badhouseplants.net | ||||
|       service: docker-mailserver | ||||
|       port: 465 | ||||
|     - name: docker-mailserver-smpt-startls | ||||
|       kind: tcp | ||||
|       gateway: badhouseplants-email | ||||
|       hostname: badhouseplants.net | ||||
|       port_match: 587 | ||||
|       service: docker-mailserver | ||||
|       port: 587 | ||||
|     - name: docker-mailserver-imap | ||||
|       kind: tcp | ||||
|       hostname: badhouseplants.net | ||||
|       gateway: badhouseplants-email | ||||
|       port_match: 143 | ||||
|       service: docker-mailserver | ||||
|       port: 143 | ||||
|     - name: docker-mailserver-imaps | ||||
|       kind: tcp | ||||
|       gateway: badhouseplants-email | ||||
|       hostname: badhouseplants.net | ||||
|       port_match: 993 | ||||
|       service: docker-mailserver | ||||
|       port: 993 | ||||
|     - name: docker-mailserver-pop3 | ||||
|       kind: tcp | ||||
|       gateway: badhouseplants-email | ||||
|       port_match: 110 | ||||
|       hostname: badhouseplants.net | ||||
|       service: docker-mailserver | ||||
|       port: 110 | ||||
|     - name: docker-mailserver-pop3s | ||||
|       kind: tcp | ||||
|       gateway: badhouseplants-email | ||||
|       port_match: 993 | ||||
|       hostname: badhouseplants.net | ||||
|       service: docker-mailserver | ||||
|       port: 993 | ||||
|     - name: docker-mailserver-rainloop | ||||
|       kind: http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       hostname: mail.badhouseplants.net | ||||
|       service: docker-mailserver-rainloop | ||||
|       port: 80 | ||||
|  | ||||
| rainloop: | ||||
|   enabled: true | ||||
|   ingress: | ||||
|     enabled: false | ||||
| demoMode: | ||||
|   enabled: false | ||||
| domains: | ||||
|   - badhouseplants.net | ||||
|   - mail.badhouseplants.net | ||||
| ssl: | ||||
|   issuer: | ||||
|     name: badhouseplants-issuer | ||||
|     kind: ClusterIssuer | ||||
|   dnsname: badhouseplants.net | ||||
|   dns01provider: cloudflare | ||||
|   useExisting: false | ||||
| pod: | ||||
|   dockermailserver: | ||||
|     enable_fail2ban: "0" | ||||
|     ssl_type: manual | ||||
| service: | ||||
|   type: ClusterIP | ||||
| spfTestsDisabled: true | ||||
| @@ -6,7 +6,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: drone-http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: drone.badhouseplants.net | ||||
|       service: drone | ||||
|   | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: funkwhale-http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: funkwhale.badhouseplants.net | ||||
|       service: funkwhale | ||||
| @@ -15,8 +15,8 @@ istio: | ||||
|  | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: funkwhale-postgres16 | ||||
|   instance: postgres16 | ||||
|   name: funkwhale-postgres | ||||
|   instance: postgres | ||||
|  | ||||
| replicaCount: 1 | ||||
| celery: | ||||
| @@ -43,10 +43,10 @@ ingress: | ||||
|   enabled: false | ||||
| postgresql: | ||||
|   enabled: false | ||||
|   host: postgres16-postgresql.database-service.svc.cluster.local | ||||
|   host: postgres-postgresql.database-service.svc.cluster.local | ||||
|   auth: | ||||
|     username: funkwhale-application-funkwhale-postgres16 | ||||
|     database: funkwhale-application-funkwhale-postgres16 | ||||
|     username: funkwhale-application-funkwhale-postgres | ||||
|     database: funkwhale-application-funkwhale-postgres | ||||
|  | ||||
| redis: | ||||
|   enabled: false | ||||
|   | ||||
| @@ -8,13 +8,13 @@ istio: | ||||
|   istio: | ||||
|     - name: gitea-http | ||||
|       kind: http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       hostname: git.badhouseplants.net | ||||
|       service: gitea-http | ||||
|       port: 3000 | ||||
|     - name: gitea-ssh | ||||
|       kind: tcp | ||||
|       gateway: istio-system/badhouseplants-ssh | ||||
|       gateway: badhouseplants-ssh | ||||
|       hostname: "*" | ||||
|       port_match: 22 | ||||
|       service: gitea-ssh | ||||
| @@ -25,8 +25,8 @@ istio: | ||||
| # ------------------------------------------ | ||||
| ext-database: | ||||
|   enabled: true | ||||
|   name: gitea-postgres16 | ||||
|   instance: postgres16 | ||||
|   name: gitea-postgres | ||||
|   instance: postgres | ||||
| # ------------------------------------------ | ||||
| # -- Kubernetes related values | ||||
| # ------------------------------------------ | ||||
| @@ -43,7 +43,7 @@ resources: | ||||
|  | ||||
| persistence: | ||||
|   enabled: true | ||||
|   size: 8Gi | ||||
|   size: 6Gi | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|  | ||||
| @@ -61,9 +61,9 @@ gitea: | ||||
|   config: | ||||
|     database: | ||||
|       DB_TYPE: postgres | ||||
|       HOST: postgres16-postgresql.database-service.svc.cluster.local | ||||
|       NAME: gitea-service-gitea-postgres16 | ||||
|       USER: gitea-service-gitea-postgres16 | ||||
|       HOST: postgres-postgresql.database-service.svc.cluster.local | ||||
|       NAME: gitea-service-gitea-postgres | ||||
|       USER: gitea-service-gitea-postgres | ||||
|     APP_NAME: Bad Houseplants Gitea | ||||
|     ui: | ||||
|       meta: | ||||
| @@ -101,13 +101,6 @@ gitea: | ||||
|       ADAPTER: redis | ||||
|     queue: | ||||
|       TYPE: redis | ||||
|     mailer: | ||||
|       ENABLED: true | ||||
|       FROM: gitea@badhouseplants.net | ||||
|       PROTOCOL: smtp+startls | ||||
|       SMTP_ADDR: badhouseplants.net | ||||
|       SMTP_PORT: 587 | ||||
|       USER: overlord@badhouseplants.net | ||||
| service: | ||||
|   ssh: | ||||
|     type: ClusterIP | ||||
| @@ -119,4 +112,4 @@ service: | ||||
| postgresql-ha: | ||||
|   enabled: false | ||||
| redis-cluster: | ||||
|   enabled: false | ||||
|   enabled: false | ||||
| @@ -1,69 +0,0 @@ | ||||
| istio-gateway: | ||||
|   enabled: true | ||||
|   gateways: | ||||
|     - name: badhouseplants-net | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - badhouseplants.net | ||||
|           - '*.badhouseplants.net' | ||||
|           port: | ||||
|             name: http | ||||
|             number: 80 | ||||
|             protocol: HTTP2 | ||||
|           tls: | ||||
|             httpsRedirect: true | ||||
|         - hosts: | ||||
|           - badhouseplants.net | ||||
|           - '*.badhouseplants.net' | ||||
|           port: | ||||
|             name: https | ||||
|             number: 443 | ||||
|             protocol: HTTPS | ||||
|           tls: | ||||
|             credentialName: badhouseplants-wildcard-tls | ||||
|             mode: SIMPLE | ||||
|     - name: nrodionov-info | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - nrodionov.info | ||||
|           - dev.nrodionov.info | ||||
|           port: | ||||
|             name: http | ||||
|             number: 80 | ||||
|             protocol: HTTP2 | ||||
|           tls: | ||||
|             httpsRedirect: false | ||||
|         - hosts: | ||||
|           - nrodionov.info | ||||
|           - dev.nrodionov.info | ||||
|           port: | ||||
|             name: https | ||||
|             number: 443 | ||||
|             protocol: HTTPS | ||||
|           tls: | ||||
|             credentialName: nrodionov-wildcard-tls | ||||
|             mode: SIMPLE | ||||
|     - name: badhouseplants-vpn | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - '*' | ||||
|           port: | ||||
|             name: tcp | ||||
|             number: 1194 | ||||
|             protocol: TCP | ||||
|     - name: badhouseplants-ssh | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - '*' | ||||
|           port: | ||||
|             name: ssh | ||||
|             number: 22 | ||||
|             protocol: TCP | ||||
|     - name: badhouseplants-minecraft | ||||
|       servers: | ||||
|         - hosts: | ||||
|           - '*' | ||||
|           port: | ||||
|             name: minecraft | ||||
|             number: 25565 | ||||
|             protocol: TCP | ||||
| @@ -1,3 +1,4 @@ | ||||
| --- | ||||
| service: | ||||
|   type: LoadBalancer | ||||
|   ports: | ||||
| @@ -21,6 +22,10 @@ service: | ||||
|       port: 1194 | ||||
|       protocol: TCP | ||||
|       targetPort: 1194 | ||||
|     - name: tcp | ||||
|       port: 25 | ||||
|       protocol: TCP | ||||
|       targetPort: 25 | ||||
|     # ----------- | ||||
|     # -- Email | ||||
|     # ----------- | ||||
|   | ||||
| @@ -5,9 +5,9 @@ defaultSettings: | ||||
|   guaranteedReplicaManagerCPU: 6 | ||||
|   storageOverProvisioningPercentage: 300 | ||||
|   storageMinimalAvailablePercentage: 5 | ||||
|   defaultDataPath: /media/longhorn | ||||
|   defaultDataPath: /media-longhorn | ||||
| csi: | ||||
|   kubeletRootDir: /var/lib/kubelet | ||||
|   kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet | ||||
| persistence: | ||||
|   defaultClassReplicaCount: 3 | ||||
|   defaultClassReplicaCount: 1 | ||||
| enablePSP: false | ||||
|   | ||||
| @@ -21,7 +21,7 @@ istio: | ||||
|       kind: http | ||||
|       gateway: badhouseplants-net | ||||
|       hostname: email.badhouseplants.net | ||||
|       service: mailu-fr ont | ||||
|       service: mailu-front | ||||
|       port: 80 | ||||
|     # - name: mailu-smpt | ||||
|       # kind: tcp | ||||
|   | ||||
| @@ -1,4 +0,0 @@ | ||||
| ext-ipaddresspool: | ||||
|   enabled: true | ||||
|   name: badhouseplants-addresspool | ||||
|   addresses: 195.201.250.50-195.201.250.50 | ||||
| @@ -18,7 +18,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: minecraft-tcp | ||||
|       gateway: istio-system/badhouseplants-minecraft | ||||
|       gateway: badhouseplants-minecraft | ||||
|       kind: tcp | ||||
|       port_match: 25565 | ||||
|       hostname: "*" | ||||
| @@ -110,7 +110,7 @@ mcbackup: | ||||
| # -- Install Plugins | ||||
| # --------------------------------------------- | ||||
| initContainers: | ||||
|   - name: 0-install-prometheus-exporter | ||||
|   - name: install-prometheus-exporter | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - curl | ||||
| @@ -122,7 +122,7 @@ initContainers: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|         readOnly: false | ||||
|   - name: 0-install-password-plugin | ||||
|   - name: install-password-plugin | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - curl | ||||
| @@ -134,7 +134,7 @@ initContainers: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|         readOnly: false | ||||
|   - name: 0-install-gravity-control-plugin | ||||
|   - name: install-gravity-control-plugin | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - curl | ||||
| @@ -146,29 +146,6 @@ initContainers: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|         readOnly: false | ||||
|   - name: 0-install-fast-minecart-plugin | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - curl | ||||
|       - -L | ||||
|       - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar | ||||
|       - -o | ||||
|       - /data/plugins/FastMinecarts.jar | ||||
|     volumeMounts: | ||||
|       - name: plugins | ||||
|         mountPath: /data/plugins | ||||
|   - name: 1-add-plugins-to-minecraft | ||||
|     image: alpine/curl | ||||
|     command: | ||||
|       - sh  | ||||
|       - -c  | ||||
|       - cp -r /in /out/plugins | ||||
|     volumeMounts: | ||||
|       - name: plugins | ||||
|         mountPath: /in | ||||
|         readOnly: false | ||||
|       - name: datadir | ||||
|         mountPath: /out | ||||
| extraVolumes: | ||||
|   - volumeMounts: | ||||
|       - name: plugins | ||||
|   | ||||
| @@ -7,13 +7,13 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: minio-http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: minio.badhouseplants.net | ||||
|       service: minio-console | ||||
|       port: 9001 | ||||
|     - name: s3-http | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: s3.badhouseplants.net | ||||
|       service: minio | ||||
|   | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: nrodionov-http | ||||
|       gateway: istio-system/nrodionov-info | ||||
|       gateway: nrodionov-info | ||||
|       kind: http | ||||
|       hostname: dev.nrodionov.info | ||||
|       service: nrodionov-wordpress | ||||
|   | ||||
| @@ -7,17 +7,24 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: openvpn-tcp | ||||
|       gateway: istio-system/badhouseplants-vpn | ||||
|       gateway: badhouseplants-vpn | ||||
|       kind: tcp | ||||
|       port_match: 1194 | ||||
|       hostname: "*" | ||||
|       service: openvpn | ||||
|       port: 1194 | ||||
|     - name: openvpn-tcp-fake-port | ||||
|       gateway: badhouseplants-vpn | ||||
|       kind: tcp | ||||
|       port_match: 25 | ||||
|       hostname: "*" | ||||
|       service: openvpn | ||||
|       port: 1194 | ||||
| # ------------------------------------------ | ||||
| image: | ||||
|   tag: v2.6.5-xor-4.0.0beta08 | ||||
| storage: | ||||
|   class: default | ||||
|   class: longhorn | ||||
|   size: 512Mi | ||||
|  | ||||
| openvpn: | ||||
|   | ||||
| @@ -1,10 +0,0 @@ | ||||
| architecture: standalone | ||||
|  | ||||
| auth: | ||||
|   database: postgres | ||||
|  | ||||
| persistence: | ||||
|   size: 1Gi | ||||
|  | ||||
| metrics: | ||||
|   enabled: false | ||||
| @@ -7,7 +7,7 @@ istio: | ||||
|   enabled: true | ||||
|   istio: | ||||
|     - name: grafana-https | ||||
|       gateway: istio-system/badhouseplants-net | ||||
|       gateway: badhouseplants-net | ||||
|       kind: http | ||||
|       hostname: "grafana.badhouseplants.net" | ||||
|       service: prometheus-grafana | ||||
|   | ||||
| @@ -1,144 +0,0 @@ | ||||
| # This is a YAML-formatted file. | ||||
| # Declare variables to be passed into your templates. | ||||
|  | ||||
| # -- Namespace of the main rook operator | ||||
| operatorNamespace: rook-ceph | ||||
|  | ||||
| # -- The metadata.name of the CephCluster CR | ||||
| # @default -- The same as the namespace | ||||
| clusterName: | ||||
|  | ||||
| # -- Optional override of the target kubernetes version | ||||
| kubeVersion: | ||||
|  | ||||
| # -- Cluster ceph.conf override | ||||
| configOverride: | ||||
| # configOverride: | | ||||
| #   [global] | ||||
| #   mon_allow_pool_delete = true | ||||
| #   osd_pool_default_size = 3 | ||||
| #   osd_pool_default_min_size = 2 | ||||
|  | ||||
| # Installs a debugging toolbox deployment | ||||
| toolbox: | ||||
|   # -- Enable Ceph debugging pod deployment. See [toolbox](../Troubleshooting/ceph-toolbox.md) | ||||
|   enabled: false | ||||
|   # -- Toolbox image, defaults to the image used by the Ceph cluster | ||||
|   image: #quay.io/ceph/ceph:v17.2.6 | ||||
|   # -- Toolbox tolerations | ||||
|   tolerations: [] | ||||
|   # -- Toolbox affinity | ||||
|   affinity: {} | ||||
|   # -- Toolbox container security context | ||||
|   containerSecurityContext: | ||||
|     runAsNonRoot: true | ||||
|     runAsUser: 2016 | ||||
|     runAsGroup: 2016 | ||||
|     capabilities: | ||||
|       drop: ["ALL"] | ||||
|   # -- Toolbox resources | ||||
|   resources: | ||||
|     limits: | ||||
|       cpu: "500m" | ||||
|       memory: "1Gi" | ||||
|     requests: | ||||
|       cpu: "100m" | ||||
|       memory: "128Mi" | ||||
|   # -- Set the priority class for the toolbox if desired | ||||
|   priorityClassName: | ||||
|  | ||||
| monitoring: | ||||
|   # -- Enable Prometheus integration, will also create necessary RBAC rules to allow Operator to create ServiceMonitors. | ||||
|   # Monitoring requires Prometheus to be pre-installed | ||||
|   enabled: false | ||||
|   # -- Whether to create the Prometheus rules for Ceph alerts | ||||
|   createPrometheusRules: false | ||||
|   # -- The namespace in which to create the prometheus rules, if different from the rook cluster namespace. | ||||
|   # If you have multiple rook-ceph clusters in the same k8s cluster, choose the same namespace (ideally, namespace with prometheus | ||||
|   # deployed) to set rulesNamespaceOverride for all the clusters. Otherwise, you will get duplicate alerts with multiple alert definitions. | ||||
|   rulesNamespaceOverride: | ||||
|   # Monitoring settings for external clusters: | ||||
|   # externalMgrEndpoints: <list of endpoints> | ||||
|   # externalMgrPrometheusPort: <port> | ||||
|   # allow adding custom labels and annotations to the prometheus rule | ||||
|   prometheusRule: | ||||
|     # -- Labels applied to PrometheusRule | ||||
|     labels: {} | ||||
|     # -- Annotations applied to PrometheusRule | ||||
|     annotations: {} | ||||
|  | ||||
| # -- Create & use PSP resources. Set this to the same value as the rook-ceph chart. | ||||
| pspEnable: false | ||||
|  | ||||
| # imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts. | ||||
| # imagePullSecrets: | ||||
| # - name: my-registry-secret | ||||
|  | ||||
| # All values below are taken from the CephCluster CRD | ||||
| # -- Cluster configuration. | ||||
| # @default -- See [below](#ceph-cluster-spec) | ||||
| cephClusterSpec: | ||||
|   resources: | ||||
|     mgr: | ||||
|       limits: | ||||
|         memory: "1Gi" | ||||
|       requests: | ||||
|         cpu: "200m" | ||||
|         memory: "512Mi" | ||||
|     mon: | ||||
|       limits: | ||||
|         memory: "2Gi" | ||||
|       requests: | ||||
|         cpu: "250m" | ||||
|         memory: "1Gi" | ||||
|     osd: | ||||
|       requests: | ||||
|         cpu: "200m" | ||||
|         memory: "4Gi" | ||||
|     prepareosd: | ||||
|       # limits: It is not recommended to set limits on the OSD prepare job | ||||
|       #         since it's a one-time burst for memory that must be allowed to | ||||
|       #         complete without an OOM kill.  Note however that if a k8s | ||||
|       #         limitRange guardrail is defined external to Rook, the lack of | ||||
|       #         a limit here may result in a sync failure, in which case a | ||||
|       #         limit should be added.  1200Mi may suffice for up to 15Ti | ||||
|       #         OSDs ; for larger devices 2Gi may be required. | ||||
|       #         cf. https://github.com/rook/rook/pull/11103 | ||||
|       requests: | ||||
|         cpu: "500m" | ||||
|         memory: "50Mi" | ||||
|     mgr-sidecar: | ||||
|       limits: | ||||
|         cpu: "500m" | ||||
|         memory: "100Mi" | ||||
|       requests: | ||||
|         cpu: "100m" | ||||
|         memory: "40Mi" | ||||
|     crashcollector: | ||||
|       limits: | ||||
|         cpu: "500m" | ||||
|         memory: "60Mi" | ||||
|       requests: | ||||
|         cpu: "100m" | ||||
|         memory: "60Mi" | ||||
|     logcollector: | ||||
|       limits: | ||||
|         cpu: "500m" | ||||
|         memory: "1Gi" | ||||
|       requests: | ||||
|         cpu: "100m" | ||||
|         memory: "100Mi" | ||||
|     cleanup: | ||||
|       limits: | ||||
|         cpu: "500m" | ||||
|         memory: "1Gi" | ||||
|       requests: | ||||
|         cpu: "500m" | ||||
|         memory: "100Mi" | ||||
|     exporter: | ||||
|       limits: | ||||
|         cpu: "250m" | ||||
|         memory: "128Mi" | ||||
|       requests: | ||||
|         cpu: "50m" | ||||
|         memory: "50Mi" | ||||
| @@ -1,14 +0,0 @@ | ||||
| --- | ||||
| ext-ipaddresspool: | ||||
|   templates: | ||||
|     - | | ||||
|         --- | ||||
|         apiVersion: metallb.io/v1beta1 | ||||
|         kind: IPAddressPool | ||||
|         metadata: | ||||
|           name: "{{ .Values.name }}" | ||||
|         spec: | ||||
|           addresses: | ||||
|             - "{{ .Values.addresses }}" | ||||
|           autoAssign: true | ||||
|           avoidBuggyIPs: false | ||||
| @@ -1,16 +0,0 @@ | ||||
| --- | ||||
| istio-gateway: | ||||
|   templates: | ||||
|     - | | ||||
|         {{ range .Values.gateways }} | ||||
|         --- | ||||
|         apiVersion: networking.istio.io/v1beta1 | ||||
|         kind: Gateway | ||||
|         metadata: | ||||
|           name: {{ .name }} | ||||
|         spec: | ||||
|           selector:  | ||||
|             istio: ingressgateway | ||||
|           servers: | ||||
|         {{ toYaml .servers | indent 4 }} | ||||
|         {{ end }} | ||||
| @@ -10,7 +10,7 @@ istio: | ||||
|           name: {{ .name }} | ||||
|         spec: | ||||
|           gateways: | ||||
|           - "{{ .gateway }}" | ||||
|           - "istio-system/{{ .gateway }}" | ||||
|           hosts: | ||||
|           -  {{ .hostname | quote }} | ||||
|           {{- if eq  .kind "http" }} | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| environments: | ||||
|   badhouseplants: | ||||
|     kubeContext: badhouseplants-arm | ||||
|     kubeContext: badhouseplants | ||||
|   etersoft: | ||||
|     kubeContext: etersoft | ||||
|   | ||||
| @@ -1,4 +0,0 @@ | ||||
| ext-ipaddresspool: | ||||
|   enabled: true | ||||
|   name: etersoft-addresspool | ||||
|   addresses: 91.232.225.63-91.232.225.63 | ||||
| @@ -7,53 +7,44 @@ bases: | ||||
|  | ||||
| releases: | ||||
|   - <<: *metrics-server | ||||
|     installed: false | ||||
|     installed: true | ||||
|     namespace: kube-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *istio-base | ||||
|     installed: true | ||||
|     namespace: istio-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|    | ||||
|   - <<: *istio-gateway | ||||
|     installed: true | ||||
|     namespace: istio-system | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *istio-gateway-resources | ||||
|     installed: true | ||||
|     namespace: istio-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *istiod | ||||
|     installed: true | ||||
|     namespace: istio-system | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *cert-manager | ||||
|     installed: true | ||||
|     namespace: cert-manager | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *minio | ||||
|     installed: true | ||||
|     namespace: minio-service | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|  | ||||
|   - <<: *openvpn | ||||
|     installed: true | ||||
|     namespace: openvpn-service | ||||
|     createNamespace: true | ||||
|     createNamespace: false | ||||
|    | ||||
|   - <<: *metallb | ||||
|     installed: true | ||||
|     namespace: metallb-system | ||||
|     createNamespace: true | ||||
|  | ||||
|   - <<: *metallb-resources | ||||
|     installed: true | ||||
|     namespace: metallb-system | ||||
|  | ||||
| helmfiles: | ||||
|   - path: {{.Environment.Name }}/helmfile.yaml | ||||
|   | ||||
							
								
								
									
										0
									
								
								message_file.tpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								message_file.tpl
									
									
									
									
									
										Normal file
									
								
							
							
								
								
									
										161
									
								
								releases.yaml
									
									
									
									
									
								
							
							
						
						
									
										161
									
								
								releases.yaml
									
									
									
									
									
								
							| @@ -41,14 +41,6 @@ templates: | ||||
|   # ---------------------------- | ||||
|   # -- Extensions | ||||
|   # ---------------------------- | ||||
|   ext-istio-gateway: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
|         version: 2.0.0 | ||||
|         alias: istio-gateway | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' | ||||
|  | ||||
|   ext-istio-resource: | ||||
|     dependencies: | ||||
|       - chart: bedag/raw | ||||
| @@ -87,32 +79,15 @@ templates: | ||||
|       alias: ext-database | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.database.yaml' | ||||
|  | ||||
|   ext-ipaddresspool: | ||||
|     dependencies: | ||||
|     - chart: bedag/raw | ||||
|       version: 2.0.0 | ||||
|       alias: ext-ipaddresspool | ||||
|     values: | ||||
|       - '{{ requiredEnv "PWD" }}/common/values.ipaddresspool.yaml' | ||||
|  | ||||
|   # ------------------------------------------------------------------- | ||||
|   # ---------------------------- | ||||
|   # -- Releases | ||||
|   # ------------------------------------------------------------------- | ||||
|   # ---------------------------- | ||||
|   # -- System | ||||
|   # -- This is what has to be installed first. Without those releases | ||||
|   # --  cluster can't function | ||||
|   # ------------------------------------------------------------------- | ||||
|   common-system: | ||||
|     labels: | ||||
|       layer: system | ||||
|  | ||||
|   # ---------------------------- | ||||
|   metrics-server: &metrics-server | ||||
|     name: metrics-server | ||||
|     chart: metrics-server/metrics-server | ||||
|     version: 3.11.0 | ||||
|     inherit: | ||||
|       - template: common-system | ||||
|     values: | ||||
|       - common/values.{{ .Release.Name }}.yaml | ||||
|  | ||||
| @@ -120,89 +95,25 @@ templates: | ||||
|     name: metallb | ||||
|     chart: metallb/metallb | ||||
|     version: 0.13.11 | ||||
|     inherit: | ||||
|       - template: common-system | ||||
|  | ||||
|   metallb-resources: &metallb-resources | ||||
|     name: metallb-resources | ||||
|     chart: bedag/raw | ||||
|     version: 2.0.0 | ||||
|     needs:  | ||||
|       - metallb | ||||
|     inherit:  | ||||
|       - template: default-env-values | ||||
|       - template: ext-ipaddresspool | ||||
|       - template: common-system | ||||
|  | ||||
|   cert-manager: &cert-manager | ||||
|     name: cert-manager | ||||
|     chart: jetstack/cert-manager | ||||
|     version: 1.13.1 | ||||
|     inherit:  | ||||
|       - template: common-system | ||||
|     version: 1.13.0 | ||||
|     set: | ||||
|       - name: installCRDs | ||||
|         value: true | ||||
|    | ||||
|   longhorn: &longhorn | ||||
|     name: longhorn | ||||
|     chart: longhorn/longhorn | ||||
|     version: 1.5.1 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: common-system | ||||
|  | ||||
|   # ---------------------------- | ||||
|   # -- Istio | ||||
|   # ---------------------------- | ||||
|   common-istio: | ||||
|     labels: | ||||
|       bundle: istio | ||||
|     version: 1.19.3 | ||||
|     inherit:  | ||||
|       - template: common-system | ||||
|  | ||||
|   istio-base: &istio-base | ||||
|     name: istio-base | ||||
|     chart: istio/base | ||||
|     inherit: | ||||
|       - template: crd-management-hook | ||||
|       - template: common-istio | ||||
|  | ||||
|   istio-gateway: &istio-gateway | ||||
|     name: istio-ingressgateway | ||||
|     chart: istio/gateway | ||||
|     needs: | ||||
|       - istio-base | ||||
|       - metallb-system/metallb-resources | ||||
|     inherit: | ||||
|       - template: common-istio | ||||
|       - template: default-env-values | ||||
|  | ||||
|   istiod: &istiod | ||||
|     name: istiod | ||||
|     chart: istio/istiod | ||||
|     needs: | ||||
|       - istio-base | ||||
|     inherit: | ||||
|       - template: common-istio | ||||
|       - template: default-env-values | ||||
|  | ||||
|   istio-gateway-resources: &istio-gateway-resources | ||||
|     name: istio-gateway-resources | ||||
|     chart: bedag/raw | ||||
|     version: 2.0.0 | ||||
|     needs: | ||||
|       - istio-base | ||||
|     inherit: | ||||
|       - template: ext-istio-gateway | ||||
|       - template: default-env-values | ||||
|       - template: common-system | ||||
|  | ||||
|   argocd: &argocd | ||||
|     name: argocd | ||||
|     chart: argo/argo-cd | ||||
|     version: 5.46.8 | ||||
|     version: 5.46.7 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
| @@ -215,7 +126,7 @@ templates: | ||||
|   prometheus: &prometheus | ||||
|     name: prometheus | ||||
|     chart: prometheus-community/kube-prometheus-stack | ||||
|     version: 51.6.1 | ||||
|     version: 51.2.0 | ||||
|     inherit: | ||||
|       - template: monitoring-common | ||||
|       - template: default-env-values | ||||
| @@ -226,7 +137,7 @@ templates: | ||||
|   loki: &loki | ||||
|     name: loki | ||||
|     chart: grafana/loki | ||||
|     version: 5.29.0 | ||||
|     version: 5.23.0 | ||||
|     inherit: | ||||
|       - template: monitoring-common | ||||
|       - template: default-env-values | ||||
| @@ -238,6 +149,34 @@ templates: | ||||
|     inherit: | ||||
|       - template: monitoring-common | ||||
|       - template: default-env-values | ||||
|   # ---------------------------- | ||||
|   # -- Istio | ||||
|   # ---------------------------- | ||||
|   istio-common: | ||||
|     labels: | ||||
|       bundle: istio | ||||
|     version: 1.19.0 | ||||
|  | ||||
|   istio-base: &istio-base | ||||
|     name: istio-base | ||||
|     chart: istio/base | ||||
|     inherit: | ||||
|       - template: crd-management-hook | ||||
|       - template: istio-common | ||||
|  | ||||
|   istio-gateway: &istio-gateway | ||||
|     name: istio-ingressgateway | ||||
|     chart: istio/gateway | ||||
|     inherit: | ||||
|       - template: istio-common | ||||
|       - template: default-env-values | ||||
|  | ||||
|   istiod: &istiod | ||||
|     name: istiod | ||||
|     chart: istio/istiod | ||||
|     inherit: | ||||
|       - template: istio-common | ||||
|       - template: default-env-values | ||||
|  | ||||
|   # ---------------------------- | ||||
|   # -- Applications | ||||
| @@ -277,7 +216,7 @@ templates: | ||||
|   nrodionov: &nrodionov | ||||
|     name: nrodionov | ||||
|     chart: bitnami/wordpress | ||||
|     version: 18.0.4 | ||||
|     version: 17.1.11 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
| @@ -287,7 +226,7 @@ templates: | ||||
|   minio: &minio | ||||
|     name: minio | ||||
|     chart: minio/minio | ||||
|     version: 5.0.14 | ||||
|     version: 5.0.13 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
| @@ -296,7 +235,7 @@ templates: | ||||
|   minecraft: &minecraft | ||||
|     name: minecraft | ||||
|     chart: minecraft-server-charts/minecraft | ||||
|     version: 4.11.0 | ||||
|     version: 4.10.0 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
| @@ -305,7 +244,7 @@ templates: | ||||
|   gitea: &gitea | ||||
|     name: gitea | ||||
|     chart: gitea/gitea | ||||
|     version: 9.5.0 | ||||
|     version: 9.4.0 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
| @@ -344,15 +283,15 @@ templates: | ||||
|   redis: &redis | ||||
|     name: redis | ||||
|     chart: bitnami/redis | ||||
|     version: 18.1.5 | ||||
|     version: 18.1.0 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
|  | ||||
|   postgres16: &postgres16 | ||||
|     name: postgres16 | ||||
|   postgres: &postgres | ||||
|     name: postgres | ||||
|     chart: bitnami/postgresql | ||||
|     version: 13.1.4 | ||||
|     version: 12.12.7 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
| @@ -360,7 +299,7 @@ templates: | ||||
|   db-operator: &db-operator | ||||
|     name: db-operator | ||||
|     chart: db-operator/db-operator | ||||
|     version: 1.11.1 | ||||
|     version: 1.11.0 | ||||
|  | ||||
|   db-instances: &db-instances | ||||
|     name: db-instances | ||||
| @@ -373,17 +312,7 @@ templates: | ||||
|   mysql: &mysql | ||||
|     name: mysql | ||||
|     chart: bitnami/mysql | ||||
|     version: 9.12.5 | ||||
|     version: 9.12.3 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: default-env-secrets | ||||
|  | ||||
|   docker-mailserver: &docker-mailserver | ||||
|     name: docker-mailserver | ||||
|     chart: allanger-gitea/docker-mailserver | ||||
|     version: 2.1.3 | ||||
|     inherit: | ||||
|       - template: default-env-values | ||||
|       - template: ext-istio-gateway | ||||
|       - template: ext-istio-resource | ||||
|  | ||||
|   | ||||
| @@ -1,39 +0,0 @@ | ||||
| #!/bin/bash | ||||
| export PGHOST=$OLD_PGHOST | ||||
| export PGPASSWORD=$OLD_PGPASSWORD | ||||
| export PGDATABASE=$OLD_PGDATABASE | ||||
| DUMP_FILE=/tmp/$PGDATABASE.dump | ||||
| pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv | ||||
|  | ||||
| export PGHOST=$NEW_PGHOST | ||||
| export PGPASSWORD=$NEW_PGPASSWORD | ||||
| export PGDATABASE=$NEW_PGDATABASE | ||||
| pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv | ||||
|  | ||||
| psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\"" | ||||
| psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\"" | ||||
| psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\"" | ||||
|  | ||||
| rm -f /tmp/output | ||||
|  | ||||
| psql -c "\ | ||||
| SELECT format(\ | ||||
|   'ALTER TABLE %I.%I.%I OWNER TO %I;',\ | ||||
|   table_catalog,\ | ||||
|   table_schema,\ | ||||
|   table_name,\ | ||||
|   '${PGDATABASE}')\ | ||||
| FROM information_schema.tables \ | ||||
| WHERE table_schema='public'" | grep ALTER > /tmp/output | ||||
|  | ||||
| psql -c "\ | ||||
| SELECT format(\ | ||||
|   'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\ | ||||
|   sequence_catalog,\ | ||||
|   sequence_schema,\ | ||||
|   sequence_name,\ | ||||
|   '${PGDATABASE}')\ | ||||
| FROM information_schema.sequences \ | ||||
| WHERE sequence_schema='public'" | grep ALTER >> /tmp/output | ||||
|  | ||||
| psql -c "$(cat /tmp/output)" | ||||
		Reference in New Issue
	
	Block a user