badhouseplants/k8s-cluster-config
Archived
4
0
Fork 0
Code Issues 6 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:upgrading-openvpn
Branches Tags
badhouseplants:main badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn
..
compare: badhouseplants:fix-check-da-helm
Branches Tags
badhouseplants:renovate/configure badhouseplants:try-argo-and-flux badhouseplants:fail-kust badhouseplants:main badhouseplants:add-dependencies badhouseplants:refactor-helmfiles badhouseplants:rook-ceph-arm badhouseplants:invalid.config badhouseplants:try-elementor badhouseplants:prepare-arm-cluster badhouseplants:try-tekton badhouseplants:fix-check-da-helm badhouseplants:try-arm badhouseplants:upgrading-openvpn

31 Commits
upgrading- ... fix-check-

Author SHA1 Message Date
Nikolai Rodionov
9d43635ef6 debug: Try running helmfile list 2023-09-27 05:12:47 +02:00
Nikolai Rodionov
240400097f debug: Try running helmfile list 2023-09-27 05:08:46 +02:00
Nikolai Rodionov
4843cdbedb chore: Upgrade releases 2023-09-26 06:48:37 +02:00
Nikolai Rodionov
357dba4476 Disable backups for minecraft 2023-09-23 16:51:07 +02:00
Nikolai Rodionov
4739b983bc Upgrade db-operator 2023-09-23 15:30:12 +02:00
Nikolai Rodionov
a941f7df16 Remove drone runner from the etersoft cluster 2023-09-22 10:29:40 +02:00
Nikolai Rodionov
63968337e2 add telegram notifications for outdated charts 2023-09-20 21:52:07 +02:00
Nikolai Rodionov
8cfd4bf88d Use another redis db for funkwhale 2023-09-14 10:28:18 +02:00
Nikolai Rodionov
1d5e6f6d93 chore: Upgrade releases 2023-09-12 10:39:42 +02:00
Nikolai Rodionov
af236d75a1 chore: Update MetalLB 2023-09-09 05:06:14 +02:00
Nikolai Rodionov
b149d953f3 chore: Some updates that are not critical 2023-09-09 00:39:02 +02:00
Nikolai Rodionov
2cae97fccb chore: Update drone 2023-09-09 00:08:38 +02:00
Nikolai Rodionov
a68bf4502a Update minecraft config and Paper 2023-09-07 00:31:47 +02:00
Nikolai Rodionov
39893c3390 chore: Fix gitea version 2023-09-03 11:15:21 +02:00
Nikolai Rodionov
1c50200fa2 chore: Upgrade releases 2023-09-03 11:13:25 +02:00
Nikolai Rodionov
0d4f0c1053 Update backup setup 2023-08-24 21:35:08 +02:00
Nikolai Rodionov
2d8bb5ff39 Downgrade openvpn 2023-08-24 21:34:15 +02:00
Nikolai Rodionov
6aaeb5db0d Add 'faster minecarts' to Minecraft again 2023-08-22 23:51:31 +02:00
Nikolai Rodionov
162b2dd602 Add 'faster minecarts' to Minecraft 2023-08-22 23:46:39 +02:00
Nikolai Rodionov
8183029ebd Update outdated releases 2023-08-19 09:15:58 +02:00
Nikolai Rodionov
bb6617b58c Update OpenVPN 2023-08-19 09:14:35 +02:00
Nikolai Rodionov
39160f7e66 Update db-operator chart to 1.10.0 2023-08-17 11:10:47 +02:00
Nikolai Rodionov
e3760ca400 Migrate to the new openvpn setup 2023-08-16 20:55:56 +02:00
Nikolai Rodionov
15bbc19939 minecraft: Override server properties 2023-08-15 17:41:10 +02:00
Nikolai Rodionov
5ac35a5a60 Fix the name of restic repo 2023-08-15 17:27:55 +02:00
Nikolai Rodionov
12c1a0ca31 Enable default secrets for minecraft 2023-08-15 17:25:31 +02:00
Nikolai Rodionov
b755239823 Enable restic backups for minecraft 2023-08-15 15:40:59 +02:00
Nikolai Rodionov
ced4bcd4c5 Add new bucket to minio and setup rcon 2023-08-15 14:53:20 +02:00
RNRod
e3848a49cc install gravity control plugin for minecraft server 2023-08-14 18:42:56 +02:00
Nikolai Rodionov
3643ea788b chore: Upgrade outdated releases 2023-08-14 11:31:49 +02:00
Nikolai Rodionov
77429c2c36 Setup a new XOR patched VPN 2023-08-09 21:15:25 +02:00
18 changed files with 167 additions and 83 deletions
Expand all files Collapse all files

23
.drone.yml
View File

@ -93,9 +93,10 @@ type: docker
name: Check helmfiles
trigger:
event:
- cron
cron:
- daily
# - cron
- push
# cron:
# - daily
steps:
- name: Check badhouseplants
@ -105,4 +106,18 @@ steps:
SOPS_AGE_KEY:
from_secret: SOPS_AGE_KEY
commands:
- cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o
- helmfile -e badhouseplants fetch
- helmfile -e badhouseplants list
- echo "Hey, bud, some helm releases are outdated:" > message_file.tpl
- cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl
- name: Send telegram notification
when:
status:
- failure
image: appleboy/drone-telegram
settings:
token:
from_secret: TELEGRAM_TOKEN
to: 131601077
message_file: message_file.tpl

7
badhouseplants/helmfile.yaml
View File

@ -7,6 +7,11 @@ releases:
namespace: drone-service
createNamespace: false
- <<: *drone-runner-docker
installed: true
namespace: drone-service
createNamespace: false
- <<: *longhorn
installed: true
namespace: longhorn-system
@ -87,5 +92,3 @@ bases:
- ../environments.yaml
- ../repositories.yaml
#helmfiles:
# - namespaces.yaml

28
badhouseplants/values/secrets.minecraft.yaml Normal file
View File

@ -0,0 +1,28 @@
minecraftServer:
rcon:
password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str]
mcbackup:
resticEnvs:
RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-15T15:32:19Z"
mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

1
badhouseplants/values/values.funkwhale.yaml
View File

@ -53,3 +53,4 @@ redis:
host: redis-master.database-service.svc.cluster.local
auth:
enabled: true
database: 3

6
badhouseplants/values/values.istio-ingressgateway.yaml
View File

@ -22,10 +22,10 @@ service:
port: 1194
protocol: TCP
targetPort: 1194
- name: ovpn2
port: 1195
- name: tcp
port: 25
protocol: TCP
targetPort: 1195
targetPort: 25
# -----------
# -- Email
# -----------

50
badhouseplants/values/values.minecraft.yaml
View File

@ -30,10 +30,11 @@ istio:
image:
tag: java17-graalvm-ce
pullPolicy: Always
resources:
requests:
memory: 512Mi
cpu: 50m
memory: 3Gi
cpu: 256m
limits:
memory: 3Gi
@ -42,6 +43,7 @@ lifecycle:
- bash
- -c
- for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345
readinessProbe:
command:
- mc-health
@ -50,7 +52,9 @@ readinessProbe:
timeoutSeconds: 10
livenessProbe:
timeoutSeconds: 10
minecraftServer:
overrideServerProperties: true
eula: "TRUE"
onlineMode: false
difficulty: hard
@ -58,10 +62,14 @@ minecraftServer:
version: 1.20.1
maxWorldSize: 90000
type: "PAPER"
paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar
paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar
gameMode: survival
pvp: true
memory: 2512M
rcon:
enabled: true
withGeneratedPassword: false
port: 25575
serviceType: ClusterIP
extraPorts:
- name: metrics
containerPort: 9225
@ -79,6 +87,28 @@ persistence:
dataDir:
enabled: true
Size: 15Gi
mcbackup:
enabled: false
backupInterval: 2h
pauseIfNoPlayers: "false"
pruneBackupsDays: 2
rconRetries: 5
rconRetryInterval: 10s
excludes: "*.jar,cache,logs"
backupMethod: restic
resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
resticAdditionalTags: "mc_backups"
pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
resources:
requests:
memory: 512Mi
cpu: 100m
persistence:
backupDir:
enabled: false
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: install-prometheus-exporter
image: alpine/curl
@ -104,6 +134,18 @@ initContainers:
- name: plugins
mountPath: /data/plugins
readOnly: false
- name: install-gravity-control-plugin
image: alpine/curl
command:
- curl
- -L
- https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar
- -o
- /data/plugins/GravityControl-1.3.0.jar
volumeMounts:
- name: plugins
mountPath: /data/plugins
readOnly: false
extraVolumes:
- volumeMounts:
- name: plugins

1
badhouseplants/values/values.mysql.yaml
View File

@ -4,4 +4,3 @@ primary:
auth:
createDatabase: false

27
badhouseplants/values/values.openvpn.yaml
View File

@ -9,14 +9,35 @@ istio:
- name: openvpn-tcp
gateway: badhouseplants-vpn
kind: tcp
port_match: 1195
port_match: 1194
hostname: "*"
service: openvpn
port: 1194
- name: openvpn-tcp-fake-port
gateway: badhouseplants-vpn
kind: tcp
port_match: 25
hostname: "*"
service: openvpn
port: 1194
# ------------------------------------------
image:
tag: v2.6.5-xor-4.0.0beta08
storage:
class: longhorn
size: 512Mi
storageClassName: longhorn
openvpn:
server: "tcp://195.201.250.50:1195"
proto: tcp
host: 195.201.250.50
easyrsa:
cn: Bad Houseplants
country: Germany
province: NRW
city: Duesseldorf
org: Bad Houseplants
email: allanger@zohomail.com
service:
type: ClusterIP
port: 1194

7
docs/restic.md Normal file
View File

@ -0,0 +1,7 @@
# Restic
We are using restic for backing up the Minecraft server
## How to restore
TODO: Describe the restoration process

5
etersoft/helmfile.yaml
View File

@ -0,0 +1,5 @@
---
bases:
- ../environments.yaml
- ../repositories.yaml

22
etersoft/values/secrets.drone-runner-docker.yaml
View File

@ -1,22 +0,0 @@
env:
DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5
Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi
aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ
em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh
DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-21T09:27:21Z"
mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

16
etersoft/values/values.drone-runner-docker.yaml
View File

@ -1,16 +0,0 @@
---
env:
DRONE_RPC_HOST: drone.badhouseplants.net
DRONE_RPC_PROTO: https
DRONE_NAMESPACE_DEFAULT: drone-service
rbac:
buildNamespaces:
- drone-service
dind:
resources:
limits:
cpu: 2000m
memory: 2024Mi
requests:
cpu: 100m
memory: 512Mi

6
etersoft/values/values.minio.yaml
View File

@ -71,6 +71,8 @@ policies:
- resources:
- 'arn:aws:s3:::longhorn/*'
- 'arn:aws:s3:::longhorn'
- 'arn:aws:s3:::restic/*'
- 'arn:aws:s3:::restic'
actions:
- "s3:DeleteObject"
- "s3:GetObject"
@ -81,6 +83,10 @@ buckets:
policy: none
purge: false
versioning: false
- name: restic
policy: none
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false

4
etersoft/values/values.openvpn.yaml
View File

@ -14,7 +14,9 @@ istio:
service: openvpn
port: 1194
storageClassName: microk8s-hostpath
storage:
class: microk8s-hostpath
size: 5Gi
openvpn:
server: "tcp://91.232.225.63:1194"
service:

6
helmfile.yaml
View File

@ -46,11 +46,5 @@ releases:
namespace: metallb-system
createNamespace: true
- <<: *drone-runner-docker
installed: true
namespace: drone-service
createNamespace: false
helmfiles:
- path: {{.Environment.Name }}/helmfile.yaml

0
message_file.tpl Normal file
View File

37
releases.yaml
View File

@ -94,12 +94,12 @@ templates:
metallb: &metallb
name: metallb
chart: metallb/metallb
version: 0.13.10
version: 0.13.11
cert-manager: &cert-manager
name: cert-manager
chart: jetstack/cert-manager
version: 1.12.3
version: 1.13.0
set:
- name: installCRDs
value: true
@ -113,7 +113,7 @@ templates:
argocd: &argocd
name: argocd
chart: argo/argo-cd
version: 5.42.2
version: 5.46.7
inherit:
- template: default-env-values
- template: default-env-secrets
@ -126,7 +126,7 @@ templates:
prometheus: &prometheus
name: prometheus
chart: prometheus-community/kube-prometheus-stack
version: 48.3.1
version: 51.2.0
inherit:
- template: monitoring-common
- template: default-env-values
@ -137,7 +137,7 @@ templates:
loki: &loki
name: loki
chart: grafana/loki
version: 5.10.0
version: 5.23.0
inherit:
- template: monitoring-common
- template: default-env-values
@ -145,7 +145,7 @@ templates:
promtail: &promtail
name: promtail
chart: grafana/promtail
version: 6.14.1
version: 6.15.2
inherit:
- template: monitoring-common
- template: default-env-values
@ -155,7 +155,7 @@ templates:
istio-common:
labels:
bundle: istio
version: 1.18.2
version: 1.19.0
istio-base: &istio-base
name: istio-base
@ -183,8 +183,8 @@ templates:
# ----------------------------
openvpn: &openvpn
name: openvpn
chart: allanger-charts/openvpn
version: 1.0.3
chart: allanger-gitea/openvpn
version: 1.0.6
inherit:
- template: default-env-values
- template: ext-istio-resource
@ -197,7 +197,7 @@ templates:
drone: &drone
name: drone
chart: drone/drone
version: 0.6.4
version: 0.6.5
inherit:
- template: default-env-values
- template: default-env-secrets
@ -216,7 +216,7 @@ templates:
nrodionov: &nrodionov
name: nrodionov
chart: bitnami/wordpress
version: 17.0.4
version: 17.1.11
inherit:
- template: default-env-values
- template: default-env-secrets
@ -235,15 +235,16 @@ templates:
minecraft: &minecraft
name: minecraft
chart: minecraft-server-charts/minecraft
version: 4.9.3
version: 4.10.0
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-istio-resource
gitea: &gitea
name: gitea
chart: gitea/gitea
version: 9.1.0
version: 9.4.0
inherit:
- template: default-env-values
- template: default-env-secrets
@ -253,7 +254,7 @@ templates:
funkwhale: &funkwhale
name: funkwhale
chart: ananace-charts/funkwhale
version: 2.0.1
version: 2.0.3
inherit:
- template: default-env-values
- template: default-env-secrets
@ -282,7 +283,7 @@ templates:
redis: &redis
name: redis
chart: bitnami/redis
version: 17.14.6
version: 18.1.0
inherit:
- template: default-env-values
- template: default-env-secrets
@ -290,7 +291,7 @@ templates:
postgres: &postgres
name: postgres
chart: bitnami/postgresql
version: 12.8.0
version: 12.12.7
inherit:
- template: default-env-values
- template: default-env-secrets
@ -298,7 +299,7 @@ templates:
db-operator: &db-operator
name: db-operator
chart: db-operator/db-operator
version: 1.9.1
version: 1.11.0
db-instances: &db-instances
name: db-instances
@ -311,7 +312,7 @@ templates:
mysql: &mysql
name: mysql
chart: bitnami/mysql
version: 9.10.10
version: 9.12.3
inherit:
- template: default-env-values
- template: default-env-secrets

2
repositories.yaml
View File

@ -2,8 +2,6 @@
repositories:
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: allanger-charts
url: https://allanger.github.io/allanger-charts
- name: jetstack
url: https://charts.jetstack.io
- name: istio