badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:rook-ceph-arm
Branches Tags
badhouseplants:main badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn
..
compare: badhouseplants:invalid.config
Branches Tags
badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:main badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn

1 Commits
rook-ceph- ... invalid.co

Author SHA1 Message Date
Nikolai Rodionov
328363c319 Try invalid config 2023-12-13 22:23:56 +01:00
14 changed files with 45 additions and 416 deletions
Expand all files Collapse all files

2
.woodpecker/.helmfile.yml
View File

@ -15,7 +15,7 @@ steps:
commands: commands:
- mkdir $HOME/.kube - mkdir $HOME/.kube
- echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
- helmfile -e $ENVIRONMENT diff --suppress-secrets - helmfile -e $ENVIRONMENT diff --suppress-secrets
apply: apply:
image: ghcr.io/helmfile/helmfile:canary image: ghcr.io/helmfile/helmfile:canary
secrets: [sops_age_key, kubeconfig_content] secrets: [sops_age_key, kubeconfig_content]

40
badhouseplants/helmfile.yaml
View File

@ -5,42 +5,42 @@ releases:
- <<: *drone - <<: *drone
installed: true installed: true
namespace: drone-service namespace: drone-service
createNamespace: true createNamespace: false
- <<: *drone-runner-docker - <<: *drone-runner-docker
installed: true installed: true
namespace: drone-service namespace: drone-service
createNamespace: true createNamespace: false
- <<: *longhorn - <<: *longhorn
installed: true installed: true
namespace: longhorn-system namespace: longhorn-system
createNamespace: true createNamespace: false
- <<: *argocd - <<: *argocd
installed: true installed: true
namespace: argo-system namespace: argo-system
createNamespace: true createNamespace: false
- <<: *nrodionov - <<: *nrodionov
installed: true installed: true
namespace: nrodionov-application namespace: nrodionov-application
createNamespace: true createNamespace: false
- <<: *minecraft - <<: *minecraft
installed: true installed: true
namespace: minecraft-application namespace: minecraft-application
createNamespace: true createNamespace: false
- <<: *gitea - <<: *gitea
installed: true installed: true
namespace: gitea-service namespace: gitea-service
createNamespace: true createNamespace: false
- <<: *funkwhale - <<: *funkwhale
installed: true installed: true
namespace: funkwhale-application namespace: funkwhale-application
createNamespace: true createNamespace: false
- <<: *prometheus - <<: *prometheus
installed: true installed: true
@ -50,11 +50,16 @@ releases:
- <<: *loki - <<: *loki
installed: true installed: true
namespace: monitoring-system namespace: monitoring-system
createNamespace: true createNamespace: false
- <<: *promtail - <<: *promtail
installed: true installed: true
namespace: monitoring-system namespace: monitoring-system
createNamespace: false
- <<: *bitwarden
installed: false
namespace: bitwarden-application
createNamespace: true createNamespace: true
- <<: *redis - <<: *redis
@ -77,6 +82,11 @@ releases:
namespace: database-service namespace: database-service
createNamespace: true createNamespace: true
- <<: *mysql
installed: false
namespace: database-service
createNamespace: true
- <<: *docker-mailserver - <<: *docker-mailserver
installed: true installed: true
namespace: mail-service namespace: mail-service
@ -85,7 +95,7 @@ releases:
- <<: *istio-gateway-resources - <<: *istio-gateway-resources
installed: true installed: true
namespace: istio-system namespace: istio-system
createNamespace: true createNamespace: false
- <<: *vaultwarden - <<: *vaultwarden
createNamespace: true createNamespace: true
@ -97,16 +107,6 @@ releases:
namespace: woodpecker-ci namespace: woodpecker-ci
createNamespace: true createNamespace: true
- <<: *rook-ceph
installed: true
namespace: rook-ceph
createNamespace: true
- <<: *rook-ceph-cluster
installed: true
namespace: rook-ceph-cluster
createNamespace: true
bases: bases:
- ../environments.yaml - ../environments.yaml
- ../repositories.yaml - ../repositories.yaml

6
badhouseplants/values/secrets.vaultwarden.yaml
View File

@ -2,7 +2,7 @@ vaultwarden:
smtp: smtp:
username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
password: password:
value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str]
adminToken: adminToken:
value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
sops: sops:
@ -20,8 +20,8 @@ sops:
U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-25T19:33:37Z" lastmodified: "2023-10-20T07:01:25Z"
mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

2
badhouseplants/values/values.istio-gateway-resources.yaml
View File

@ -76,7 +76,7 @@ istio-gateway:
- '*' - '*'
port: port:
name: ssh name: ssh
number: 2022 number: 22
protocol: TCP protocol: TCP
- name: badhouseplants-minecraft - name: badhouseplants-minecraft
servers: servers:

6
badhouseplants/values/values.istio-ingressgateway.yaml
View File

@ -6,7 +6,7 @@ service:
protocol: TCP protocol: TCP
targetPort: 25565 targetPort: 25565
- name: ssh-gitea - name: ssh-gitea
port: 2222 port: 22
protocol: TCP protocol: TCP
targetPort: 22 targetPort: 22
- name: http2 - name: http2
@ -21,6 +21,10 @@ service:
port: 1194 port: 1194
protocol: TCP protocol: TCP
targetPort: 1194 targetPort: 1194
- name: tcp
port: 25
protocol: TCP
targetPort: 25
# ----------- # -----------
# -- Email # -- Email
# ----------- # -----------

6
badhouseplants/values/values.redis.yaml
View File

@ -1,11 +1,7 @@
metrics: metrics:
enabled: false enabled: false
secretAnnotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application"
architecture: standalone architecture: standalone
master: master:
persistence: persistence:
enabled: false enabled: false

96
badhouseplants/values/values.rook-ceph-cluster.yaml
View File

@ -1,96 +0,0 @@
cephFileSystems:
- name: ceph-filesystem
spec:
metadataPool:
replicated:
size: 3
dataPools:
- failureDomain: host
replicated:
size: 3
name: data0
metadataServer:
activeCount: 1
activeStandby: true
resources:
limits:
cpu: "200m"
memory: "256Mi"
requests:
cpu: "50m"
memory: "128Mi"
priorityClassName: system-cluster-critical
storageClass:
enabled: true
isDefault: false
name: ceph-filesystem
pool: data0
reclaimPolicy: Delete
allowVolumeExpansion: true
volumeBindingMode: "Immediate"
mountOptions: []
parameters:
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
csi.storage.k8s.io/fstype: ext4
cephObjectStores: []
# - name: ceph-objectstore
# spec:
# metadataPool:
# failureDomain: host
# replicated:
# size: 3
# dataPool:
# failureDomain: host
# erasureCoded:
# dataChunks: 2
# codingChunks: 1
# preservePoolsOnDelete: true
# gateway:
# port: 80
# resources:
# limits:
# cpu: "150m"
# memory: "256Mi"
# requests:
# cpu: "50m"
# memory: "128Mi"
# instances: 1
# priorityClassName: system-cluster-critical
# storageClass:
# enabled: true
# name: ceph-bucket
# reclaimPolicy: Delete
# volumeBindingMode: "Immediate"
# parameters:
# region: us-east-1
# ingress:
# enabled: false
cephClusterSpec:
resources:
mgr:
limits:
cpu: "200m"
memory: "512Mi"
requests:
cpu: "100m"
memory: "128Mi"
mon:
limits:
cpu: "200m"
memory: "512Mi"
requests:
cpu: "100m"
memory: "128Mi"
osd:
limits:
cpu: "200m"
memory: "2Gi"
requests:
cpu: "100m"
memory: "256Mi"

215
badhouseplants/values/values.rook-ceph.yaml
View File

@ -1,215 +0,0 @@
---
csi:
csiRBDProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-resizer
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-snapshotter
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-rbdplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-omap-generator
resource:
requests:
memory: 12Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI RBD plugin resource requirement list
# @default -- see values.yaml
csiRBDPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-rbdplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI CephFS provisioner resource requirement list
# @default -- see values.yaml
csiCephFSProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-resizer
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-snapshotter
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-cephfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI CephFS plugin resource requirement list
# @default -- see values.yaml
csiCephFSPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-cephfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : liveness-prometheus
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI NFS provisioner resource requirement list
# @default -- see values.yaml
csiNFSProvisionerResource: |
- name : csi-provisioner
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 200m
- name : csi-nfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-attacher
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
# -- CEPH CSI NFS plugin resource requirement list
# @default -- see values.yaml
csiNFSPluginResource: |
- name : driver-registrar
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m
- name : csi-nfsplugin
resource:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 256Mi
cpu: 50m

11
badhouseplants/values/values.woodpecker-ci.yaml
View File

@ -18,11 +18,6 @@ ext-database:
credentials: credentials:
WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
server: server:
#image:
# registry: git.badhouseplants.net
# repository: allanger/woodpecker-server
# pullPolicy: Always
# tag: icon
enabled: true enabled: true
env: env:
WOODPECKER_GITEA: true WOODPECKER_GITEA: true
@ -38,10 +33,14 @@ server:
extraSecretNamesForEnvFrom: extraSecretNamesForEnvFrom:
- woodpecker-postgres16-creds - woodpecker-postgres16-creds
agent: agent:
image: image:
# -- The image registry
registry: git.badhouseplants.net registry: git.badhouseplants.net
# -- The image repository
repository: allanger/woodpecker-agent repository: allanger/woodpecker-agent
# -- The pull policy for the image
pullPolicy: Always pullPolicy: Always
# -- Overrides the image tag whose default is the chart appVersion.
tag: dev tag: dev
enabled: true enabled: true
extraSecretNamesForEnvFrom: [] extraSecretNamesForEnvFrom: []

2
environments.yaml
View File

@ -1,5 +1,5 @@
environments: environments:
badhouseplants: badhouseplants:
kubeContext: badhouseplants-arm kubeContext: badhouseplants
etersoft: etersoft:
kubeContext: etersoft kubeContext: etersoft

19
helmfile.yaml
View File

@ -9,47 +9,42 @@ releases:
- <<: *metrics-server - <<: *metrics-server
installed: true installed: true
namespace: kube-system namespace: kube-system
createNamespace: true createNamespace: false
- <<: *istio-base - <<: *istio-base
installed: true installed: true
namespace: istio-system namespace: istio-system
createNamespace: true createNamespace: false
- <<: *istio-gateway - <<: *istio-gateway
installed: true installed: true
namespace: istio-system namespace: istio-system
createNamespace: true createNamespace: false
- <<: *istiod - <<: *istiod
installed: true installed: true
namespace: istio-system namespace: istio-system
createNamespace: true createNamespace: false
- <<: *cert-manager - <<: *cert-manager
installed: true installed: true
namespace: cert-manager namespace: cert-manager
createNamespace: true createNamespace: false
- <<: *minio - <<: *minio
installed: true installed: true
namespace: minio-service namespace: minio-service
createNamespace: true createNamespace: false
- <<: *openvpn - <<: *openvpn
installed: true installed: true
namespace: openvpn-service namespace: openvpn-service
createNamespace: true createNamespace: false
- <<: *metallb - <<: *metallb
installed: true installed: true
namespace: metallb-system namespace: metallb-system
createNamespace: true createNamespace: true
- <<: *reflector
installed: true
namespace: reflector-system
createNamespace: true
helmfiles: helmfiles:
- path: {{.Environment.Name }}/helmfile.yaml - path: {{.Environment.Name }}/helmfile.yaml

19
releases.yaml
View File

@ -352,22 +352,3 @@ templates:
- template: default-env-secrets - template: default-env-secrets
- template: ext-istio-resource - template: ext-istio-resource
- template: ext-database - template: ext-database
reflector: &reflector
name: reflector
chart: emberstack/reflector
version: 7.1.216
rook-ceph: &rook-ceph
name: rook-ceph
chart: rook/rook-ceph
version: v1.13.1
inherit:
- template: default-env-values
rook-ceph-cluster: &rook-ceph-cluster
name: rook-ceph-cluster
chart: rook/rook-ceph-cluster
version: v1.13.1
inherit:
- template: default-env-values

7
repositories.yaml
View File

@ -1,3 +1,4 @@
---
repositories: repositories:
- name: metrics-server - name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/ url: https://kubernetes-sigs.github.io/metrics-server/
@ -39,9 +40,3 @@ repositories:
url: https://badhouseplants.github.io/helm-charts/ url: https://badhouseplants.github.io/helm-charts/
- name: woodpecker - name: woodpecker
url: https://woodpecker-ci.org url: https://woodpecker-ci.org
- name: firefly-iii
url: https://firefly-iii.github.io/kubernetes/
- name: emberstack
url: https://emberstack.github.io/helm-charts
- name: rook
url: https://charts.rook.io/release

30
test/test.yaml
View File

@ -1,30 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-test
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: Pod
metadata:
name: pvc-test
spec:
restartPolicy: Never
volumes:
- name: vol
persistentVolumeClaim:
claimName: pvc-test
containers:
- name: pv-recycler
image: ubuntu
command: ["/bin/sh", "-c", "sleep 10000"]
volumeMounts:
- name: vol
mountPath: /data