From a616f03d713ce14b722176b756df194680945c20 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:10:32 +0100 Subject: [PATCH 01/69] Re-install woodpecker --- ;wq | 19 +++++++++++++++++++ badhouseplants/helmfile.yaml | 2 +- .../values/values.woodpecker-ci.yaml | 17 ++++++++++++++--- common/values.database.yaml | 9 +++++++++ releases.yaml | 1 + 5 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 ;wq diff --git a/;wq b/;wq new file mode 100644 index 0000000..3ba430b --- /dev/null +++ b/;wq @@ -0,0 +1,19 @@ +--- +ext-database: + templates: + - | + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.name }}" + spec: + secretName: "{{ .Values.name }}-creds" + instance: "{{ .Values.instance }}" + deletionProtected: false + backup: + enable: false + cron: 0 0 * * * + {{ if .Values.templates }} + check: check + {{- end }} diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 479557f..450d7b0 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -104,7 +104,7 @@ releases: - <<: *woodpecker-ci installed: true - namespace: woodpecker + namespace: woodpecker-ci createNamespace: true bases: diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 736abf2..5fa52b5 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -11,24 +11,35 @@ istio: hostname: ci.badhouseplants.net service: woodpecker-ci-server port: 80 +ext-database: + enabled: true + name: woodpecker-postgres16 + instance: postgres16 + credentials: + WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: enabled: true env: WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.badhouseplants.net + WOODPECKER_DATABASE_DRIVER: postgres WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true - extraSecretNamesForEnvFrom: [] + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath + extraSecretNamesForEnvFrom: + - woodpecker-postgres16-creds agent: enabled: true extraSecretNamesForEnvFrom: [] env: WOODPECKER_SERVER: woodpecker-ci-server:9000 - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1Gi - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath serviceAccount: create: true rbac: diff --git a/common/values.database.yaml b/common/values.database.yaml index 9680113..d5d0221 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -14,3 +14,12 @@ ext-database: backup: enable: false cron: 0 0 * * * + {{- if .Values.credentials }} + credentials: + templates: + {{- range $key, $value := .Values.credentials }} + - name: {{ $key }} + template: {{ $value }} + secret: true + {{- end }} + {{- end }} diff --git a/releases.yaml b/releases.yaml index 9860b3a..9ea207e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -235,6 +235,7 @@ templates: chart: woodpecker/woodpecker version: 1.0.1 inherit: + - template: ext-database - template: default-env-values - template: default-env-secrets - template: ext-istio-resource -- 2.45.2 From 94f81a9213f8f8be40d2bcd67d94d75b48c83da7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:11:02 +0100 Subject: [PATCH 02/69] Remove a strnage file --- ;wq | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 ;wq diff --git a/;wq b/;wq deleted file mode 100644 index 3ba430b..0000000 --- a/;wq +++ /dev/null @@ -1,19 +0,0 @@ ---- -ext-database: - templates: - - | - --- - apiVersion: kinda.rocks/v1beta1 - kind: Database - metadata: - name: "{{ .Values.name }}" - spec: - secretName: "{{ .Values.name }}-creds" - instance: "{{ .Values.instance }}" - deletionProtected: false - backup: - enable: false - cron: 0 0 * * * - {{ if .Values.templates }} - check: check - {{- end }} -- 2.45.2 From cb7188064ac4453b50244ad65f659d7788cd381f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:12:48 +0100 Subject: [PATCH 03/69] Setup check-da-helm --- .woodpecker/{.cdh.yml.back => .cdh.yml} | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) rename .woodpecker/{.cdh.yml.back => .cdh.yml} (64%) diff --git a/.woodpecker/.cdh.yml.back b/.woodpecker/.cdh.yml similarity index 64% rename from .woodpecker/.cdh.yml.back rename to .woodpecker/.cdh.yml index 89050ab..8298b38 100644 --- a/.woodpecker/.cdh.yml.back +++ b/.woodpecker/.cdh.yml @@ -2,8 +2,8 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - event: push - # cron: nightly + - event: cron + cron: nightly steps: check badhouseplants: image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable @@ -12,20 +12,23 @@ steps: environment: RUST_LOG: info commands: - - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl - - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl + - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html notification: image: deblan/woodpecker-email settings: - from.address: woody@badhouseplants.net - from.name: Woody Woodpecker + from: woody@badhouseplants.net host: badhouseplants.net + skip_verify: true + no_starttls: false username: from_secret: smtp_username password: from_secret: smtp_password recipients: + - allanger@badhouseplants.net subject: CDH result target: main + recipients_only: true + attachment: result.html when: - status: [success, failure] -- 2.45.2 From 7365a42479ec6a938ad33e17b15e817b74961fb4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Dec 2023 22:45:00 +0100 Subject: [PATCH 04/69] Udpate outdatec chart --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index 9ea207e..2306689 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.0.0 + version: 55.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.39.0 + version: 5.40.1 inherit: - template: monitoring-common - template: default-env-values @@ -243,7 +243,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.21 + version: 18.1.23 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From b675368776e51348fca355eed362c3439932b8bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 10 Dec 2023 08:50:51 +0100 Subject: [PATCH 05/69] Update retention config for Prometheus --- badhouseplants/values/values.prometheus.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 712e0d7..1a78e62 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -64,7 +64,8 @@ defaultRules: prometheus: prometheusSpec: enableAdminAPI: true - retentionSize: 10GB + retentionSize: 7GB + retention: 20d podMonitorNamespaceSelector: any: true podMonitorSelector: {} -- 2.45.2 From a4a64011e339ed260a6ce66bba79e85a6d1cf000 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 10 Dec 2023 22:25:20 +0100 Subject: [PATCH 06/69] Increase Prometheus storage --- badhouseplants/values/values.prometheus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 1a78e62..cc03d42 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -84,7 +84,7 @@ prometheus: accessModes: ["ReadWriteOnce"] resources: requests: - storage: 10Gi + storage: 12Gi grafana: persistence: -- 2.45.2 From f9c8716904593b7d6c5cc266c9bc1b4abbb7e88e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:45:43 +0100 Subject: [PATCH 07/69] Use custom woodpecker image --- badhouseplants/values/values.woodpecker-ci.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 5fa52b5..043e5b4 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -33,6 +33,15 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: + image: + # -- The image registry + registry: git.badhouseplants.net + # -- The image repository + repository: allanger/woodpecker-agent + # -- The pull policy for the image + pullPolicy: Always + # -- Overrides the image tag whose default is the chart appVersion. + tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.45.2 From 31da33b9d97f34fefbcf0ae429520462e7dda70e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:47:00 +0100 Subject: [PATCH 08/69] Update releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 2306689..4c4004f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -107,7 +107,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.2 + version: 1.13.3 set: - name: installCRDs value: true @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.1.0 + version: 55.3.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.40.1 + version: 5.41.1 inherit: - template: monitoring-common - template: default-env-values @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.0 + version: 1.20.1 istio-base: &istio-base name: istio-base @@ -243,7 +243,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.23 + version: 18.1.24 inherit: - template: default-env-values - template: default-env-secrets @@ -281,7 +281,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.4 + version: 2.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -300,7 +300,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.4.0 + version: 18.5.0 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +316,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.13.1 + version: 1.14.0 db-instances: &db-instances name: db-instances -- 2.45.2 From 04534d43d7db3c1fffd2b9a0bd4e656dd4898035 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:55:58 +0100 Subject: [PATCH 09/69] Update db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 4c4004f..7c673c6 100644 --- a/releases.yaml +++ b/releases.yaml @@ -316,7 +316,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.14.0 + version: 1.14.1 db-instances: &db-instances name: db-instances -- 2.45.2 From 91dfbedf64e9d55bc350d848550475d18c062654 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 14 Dec 2023 20:16:09 +0100 Subject: [PATCH 10/69] Switch to woodpecker dev --- badhouseplants/values/values.woodpecker-ci.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 043e5b4..4dd3ab4 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,6 +18,11 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + image: + registry: git.badhouseplants.net + repository: allanger/woodpecker-server + pullPolicy: Always + tag: fix-error enabled: true env: WOODPECKER_GITEA: true @@ -33,14 +38,10 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - # -- The image registry + image: registry: git.badhouseplants.net - # -- The image repository repository: allanger/woodpecker-agent - # -- The pull policy for the image pullPolicy: Always - # -- Overrides the image tag whose default is the chart appVersion. tag: dev enabled: true extraSecretNamesForEnvFrom: [] -- 2.45.2 From e2b0647c9453ae1e8481b4d74a30c0615f83934a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Dec 2023 16:26:11 +0100 Subject: [PATCH 11/69] Use official woodpecker images --- .../values/values.woodpecker-ci.yaml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 4dd3ab4..6d29890 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,11 +18,11 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-server - pullPolicy: Always - tag: fix-error + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-server + # pullPolicy: Always + # tag: icon enabled: true env: WOODPECKER_GITEA: true @@ -38,11 +38,11 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-agent - pullPolicy: Always - tag: dev + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-agent + # pullPolicy: Always + # tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.45.2 From 1ddab7a67f6383a31d0d6c5aea4a454800f2cd66 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Dec 2023 14:48:53 +0100 Subject: [PATCH 12/69] Install reflector --- helmfile.yaml | 5 +++++ releases.yaml | 5 +++++ repositories.yaml | 5 ++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/helmfile.yaml b/helmfile.yaml index 738d891..97375c2 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,5 +46,10 @@ releases: namespace: metallb-system createNamespace: true + - <<: *reflector + installed: true + namespace: reflector-system + createNamespace: true + helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/releases.yaml b/releases.yaml index 7c673c6..ada37fc 100644 --- a/releases.yaml +++ b/releases.yaml @@ -352,3 +352,8 @@ templates: - template: default-env-secrets - template: ext-istio-resource - template: ext-database + + reflector: &reflector + name: reflector + chart: emberstack/reflector + version: 7.1.216 diff --git a/repositories.yaml b/repositories.yaml index 0d52f2e..6c63ec0 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -1,4 +1,3 @@ ---- repositories: - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ @@ -40,3 +39,7 @@ repositories: url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker url: https://woodpecker-ci.org + - name: firefly-iii + url: https://firefly-iii.github.io/kubernetes/ + - name: emberstack + url: https://emberstack.github.io/helm-charts -- 2.45.2 From fb8a6f55f35f373f28db5d783626eb92fac6df3e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Dec 2023 15:09:37 +0100 Subject: [PATCH 13/69] Start using reflector with Redis --- badhouseplants/values/values.redis.yaml | 6 +++++- releases.yaml | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/badhouseplants/values/values.redis.yaml b/badhouseplants/values/values.redis.yaml index b27501d..77d5357 100644 --- a/badhouseplants/values/values.redis.yaml +++ b/badhouseplants/values/values.redis.yaml @@ -1,7 +1,11 @@ metrics: enabled: false +secretAnnotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application" architecture: standalone master: persistence: - enabled: false \ No newline at end of file + enabled: false diff --git a/releases.yaml b/releases.yaml index ada37fc..0cca357 100644 --- a/releases.yaml +++ b/releases.yaml @@ -354,6 +354,6 @@ templates: - template: ext-database reflector: &reflector - name: reflector - chart: emberstack/reflector - version: 7.1.216 + name: reflector + chart: emberstack/reflector + version: 7.1.216 -- 2.45.2 From 1a7066aa7d2ec208fafe7c3cff01ef07c8c6a620 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 25 Dec 2023 20:45:10 +0100 Subject: [PATCH 14/69] Update smtp password in vaultwarden --- badhouseplants/values/secrets.vaultwarden.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml index 9c2e617..8d2d9a3 100644 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -2,7 +2,7 @@ vaultwarden: smtp: username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] password: - value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] + value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] adminToken: value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] sops: @@ -20,8 +20,8 @@ sops: U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-20T07:01:25Z" - mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] + lastmodified: "2023-12-25T19:33:37Z" + mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- 2.45.2 From e54ea10a1331a1d9fe27c6198907d71732134f80 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Dec 2023 13:21:09 +0100 Subject: [PATCH 15/69] Use dev woodpecker image --- badhouseplants/values/values.woodpecker-ci.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 6d29890..492d05c 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -38,11 +38,11 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - #image: - # registry: git.badhouseplants.net - # repository: allanger/woodpecker-agent - # pullPolicy: Always - # tag: dev + image: + registry: git.badhouseplants.net + repository: allanger/woodpecker-agent + pullPolicy: Always + tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.45.2 From afed983626c6f2481ab803caa64d62e5ee1f3433 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Jan 2024 13:50:42 +0100 Subject: [PATCH 16/69] Update OpenVPN --- badhouseplants/helmfile.yaml | 5 +++ ...s.openvpn.yaml => values.openvpn-xor.yaml} | 7 ++-- .../values/values.woodpecker-ci.yaml | 12 +++---- etersoft/helmfile.yaml | 5 +++ helmfile.yaml | 5 --- releases.yaml | 34 ++++++++++++------- 6 files changed, 40 insertions(+), 28 deletions(-) rename badhouseplants/values/{values.openvpn.yaml => values.openvpn-xor.yaml} (88%) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 450d7b0..ebb0e1f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -107,6 +107,11 @@ releases: namespace: woodpecker-ci createNamespace: true + - <<: *openvpn-xor + installed: true + namespace: openvpn-service + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn-xor.yaml similarity index 88% rename from badhouseplants/values/values.openvpn.yaml rename to badhouseplants/values/values.openvpn-xor.yaml index 073bdfa..0f4c96c 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -6,16 +6,14 @@ istio: enabled: true istio: - - name: openvpn-tcp + - name: openvpn-tcp-xor gateway: istio-system/badhouseplants-vpn kind: tcp port_match: 1194 hostname: "*" - service: openvpn + service: openvpn-xor port: 1194 # ------------------------------------------ -image: - tag: v2.6.5-xor-4.0.0beta08 storage: class: longhorn size: 512Mi @@ -23,6 +21,7 @@ storage: openvpn: proto: tcp host: 195.201.250.50 + easyrsa: cn: Bad Houseplants country: Germany diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 492d05c..ffd1564 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -35,14 +35,14 @@ server: WOODPECKER_ESCALATE: true WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath - extraSecretNamesForEnvFrom: + extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-agent - pullPolicy: Always - tag: dev + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-agent + # pullPolicy: Always + # tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index af38673..319da69 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,4 +1,9 @@ --- +releases: + - <<: *openvpn + installed: true + namespace: openvpn-service + createNamespace: false bases: - ../environments.yaml diff --git a/helmfile.yaml b/helmfile.yaml index 97375c2..06da863 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -36,11 +36,6 @@ releases: namespace: minio-service createNamespace: false - - <<: *openvpn - installed: true - namespace: openvpn-service - createNamespace: false - - <<: *metallb installed: true namespace: metallb-system diff --git a/releases.yaml b/releases.yaml index 0cca357..fe607c5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.6 + version: 5.52.0 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.3.1 + version: 55.5.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.1 + version: 5.41.4 inherit: - template: monitoring-common - template: default-env-values @@ -198,10 +198,18 @@ templates: # ---------------------------- # -- Applications # ---------------------------- + openvpn-xor: &openvpn-xor + name: openvpn-xor + chart: allanger-gitea/openvpn-xor + version: 1.1.0 + inherit: + - template: default-env-values + - template: ext-istio-resource + openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.7 + version: 1.0.8 inherit: - template: default-env-values - template: ext-istio-resource @@ -233,7 +241,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.1 + version: 1.0.3 inherit: - template: ext-database - template: default-env-values @@ -243,7 +251,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.24 + version: 19.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -262,7 +270,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.12.0 + version: 4.14.0 inherit: - template: default-env-values - template: default-env-secrets @@ -271,7 +279,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.6.1 + version: 10.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -300,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.5.0 + version: 18.6.1 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.24 + version: 13.2.27 inherit: - template: default-env-values - template: default-env-secrets @@ -316,12 +324,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.14.1 + version: 1.16.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.1.1 + version: 2.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -329,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.4 + version: 9.16.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 106c701ce1a758beb742154c2a4a2c65513bc3e4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Jan 2024 13:56:35 +0100 Subject: [PATCH 17/69] Fix etersoft cluster's config --- etersoft/helmfile.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 319da69..a051a53 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,4 +1,6 @@ --- +{{ readFile "../releases.yaml" }} + releases: - <<: *openvpn installed: true -- 2.45.2 From af37b8011bcd022bca25b0f1eb31da1e3bf97e52 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 11:11:24 +0100 Subject: [PATCH 18/69] Update db-oeprator version --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index fe607c5..c240569 100644 --- a/releases.yaml +++ b/releases.yaml @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.0 + version: 1.16.1 db-instances: &db-instances name: db-instances -- 2.45.2 From 41ff1dadbfa3f672b1da6242c0d021c02a36722e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 14:55:12 +0100 Subject: [PATCH 19/69] Upgrade vaultwarden --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index c240569..86a98af 100644 --- a/releases.yaml +++ b/releases.yaml @@ -353,8 +353,8 @@ templates: vaultwarden: &vaultwarden name: vaultwarden - chart: badhouseplants/vaultwarden - version: 1.0.0 + chart: allanger-gitea/vaultwarden + version: 1.1.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 18b8a3ec56b13a2a8ae2b9a1608b35e641d204ff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 21:01:47 +0100 Subject: [PATCH 20/69] Upgrade db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 86a98af..1c9977e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.1 + version: 1.16.2 db-instances: &db-instances name: db-instances -- 2.45.2 From aa101786e01d6d97825b098b8f1060718f39b70e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 4 Jan 2024 11:19:28 +0100 Subject: [PATCH 21/69] Enable storage for Vaultwarden --- badhouseplants/values/values.vaultwarden.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index b2bd5a3..ea33706 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -53,9 +53,9 @@ vaultwarden: connectionRetries: 15 maxConnections: 10 storage: - enabled: false + enabled: true size: 1Gi - class: default + class: longhorn dataDir: /data logging: enabled: false -- 2.45.2 From dd6db7b7cdfb65a4ad00ab99214c60ea1b28e258 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 05:03:34 +0100 Subject: [PATCH 22/69] Update releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 1c9977e..5630ac5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.52.0 + version: 5.52.1 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.5.1 + version: 55.6.0 inherit: - template: monitoring-common - template: default-env-values @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.1 + version: 18.6.2 inherit: - template: default-env-values - template: default-env-secrets @@ -364,4 +364,4 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.216 + version: 7.1.218 -- 2.45.2 From 5236fd1cd72d517166aef65e009cbcbac80096dd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 06:29:15 +0100 Subject: [PATCH 23/69] Update releases --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 5630ac5..b13dd22 100644 --- a/releases.yaml +++ b/releases.yaml @@ -364,4 +364,4 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.218 + version: 7.1.238 -- 2.45.2 From 5b7fd5117ede2df8e7a606b23926d7fe4b1f2c6c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 21:16:12 +0100 Subject: [PATCH 24/69] Install Tandoor --- badhouseplants/helmfile.yaml | 5 ++ badhouseplants/values/secrets.tandoor.yaml | 22 +++++++++ badhouseplants/values/values.tandoor.yaml | 55 ++++++++++++++++++++++ releases.yaml | 10 ++++ repositories.yaml | 2 + 5 files changed, 94 insertions(+) create mode 100644 badhouseplants/values/secrets.tandoor.yaml create mode 100644 badhouseplants/values/values.tandoor.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index ebb0e1f..92e05f1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -112,6 +112,11 @@ releases: namespace: openvpn-service createNamespace: false + - <<: *tandoor + installed: true + namespace: tandoor-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.tandoor.yaml b/badhouseplants/values/secrets.tandoor.yaml new file mode 100644 index 0000000..65d3703 --- /dev/null +++ b/badhouseplants/values/secrets.tandoor.yaml @@ -0,0 +1,22 @@ +env: + SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB + d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV + YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM + NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz + qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-06T15:16:21Z" + mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.tandoor.yaml b/badhouseplants/values/values.tandoor.yaml new file mode 100644 index 0000000..c30f79e --- /dev/null +++ b/badhouseplants/values/values.tandoor.yaml @@ -0,0 +1,55 @@ +istio: + enabled: true + istio: + - name: tandoor-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: tandoor.badhouseplants.net + service: tandoor + port: 8080 + +ext-database: + enabled: true + name: tandoor-postgres16 + instance: postgres16 + credentials: + POSTGRES_HOST: |- + "{{ .Hostname }}" + POSTGRES_PORT: |- + "{{ .Port }}" + +envFrom: + - secretRef: + name: tandoor-postgres16-creds +env: + TZ: UTC + DB_ENGINE: django.db.backends.postgresql + EMAIL_HOST: badhouseplants.net + EMAIL_PORT: 587 + EMAIL_HOST_USER: overlord@badhouseplants.net + EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g + EMAIL_USE_TLS: 1 + EMAIL_USE_SSL: 0 + DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net +persistence: + config: + enabled: true + retain: true + storageClass: longhorn + accessMode: ReadWriteOnce + size: 1Gi + media: + enabled: true + mountPath: /opt/recipes/mediafiles + retain: true + storageClass: longhorn + accessMode: ReadWriteOnce + size: 1Gi + static: + enabled: true + type: emptyDir + mountPath: /opt/recipes/staticfiles + django-js-reverse: + enabled: true + type: emptyDir + mountPath: /opt/recipes/cookbook/static/django_js_reverse diff --git a/releases.yaml b/releases.yaml index b13dd22..cc62771 100644 --- a/releases.yaml +++ b/releases.yaml @@ -365,3 +365,13 @@ templates: name: reflector chart: emberstack/reflector version: 7.1.238 + + tandoor: &tandoor + name: tandoor + chart: gabe565/tandoor + version: 0.8.11 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database diff --git a/repositories.yaml b/repositories.yaml index 6c63ec0..1026e58 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -43,3 +43,5 @@ repositories: url: https://firefly-iii.github.io/kubernetes/ - name: emberstack url: https://emberstack.github.io/helm-charts + - name: gabe565 + url: https://charts.gabe565.com -- 2.45.2 From 2c33823d906c95078709170272af8fee3ae7d539 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 21:29:25 +0100 Subject: [PATCH 25/69] Use longhorn for vaultwarden --- badhouseplants/values/values.vaultwarden.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index ea33706..b4afad8 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -20,7 +20,7 @@ ext-database: enabled: true name: vaultwarden-postgres16 instance: postgres16 -service: +service: port: 8080 vaultwarden: smtp: -- 2.45.2 From 238231bdc89f9af22d2f51d2b6b3f8f95aa0199f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 11 Jan 2024 04:37:37 +0100 Subject: [PATCH 26/69] Update release --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index cc62771..ccb1d8b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.6.0 + version: 55.7.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.4 + version: 5.41.5 inherit: - template: monitoring-common - template: default-env-values @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.1 + version: 1.20.2 istio-base: &istio-base name: istio-base @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.2 + version: 18.6.3 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.27 + version: 13.2.28 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 0f533964eadb347f7cc54ad91d96312ba196fddf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Jan 2024 11:57:09 +0100 Subject: [PATCH 27/69] Some updates --- .../values/values.istio-ingressgateway.yaml | 4 ---- manifests/debug/metallb/deployment.yaml | 19 +++++++++++++++++++ manifests/debug/metallb/service.yaml | 11 +++++++++++ releases.yaml | 4 ++-- repositories.yaml | 4 ++-- 5 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 manifests/debug/metallb/deployment.yaml create mode 100644 manifests/debug/metallb/service.yaml diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index a5d2656..e37b970 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -21,10 +21,6 @@ service: port: 1194 protocol: TCP targetPort: 1194 - - name: tcp - port: 25 - protocol: TCP - targetPort: 25 # ----------- # -- Email # ----------- diff --git a/manifests/debug/metallb/deployment.yaml b/manifests/debug/metallb/deployment.yaml new file mode 100644 index 0000000..1ad28b5 --- /dev/null +++ b/manifests/debug/metallb/deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + selector: + matchLabels: + app: nginx + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ports: + - containerPort: 80 diff --git a/manifests/debug/metallb/service.yaml b/manifests/debug/metallb/service.yaml new file mode 100644 index 0000000..041fc06 --- /dev/null +++ b/manifests/debug/metallb/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx +spec: + selector: + app: nginx + ports: + - port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/releases.yaml b/releases.yaml index ccb1d8b..053d82e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -316,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.28 + version: 13.3.1 inherit: - template: default-env-values - template: default-env-secrets @@ -337,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.16.1 + version: 9.17.1 inherit: - template: default-env-values - template: default-env-secrets diff --git a/repositories.yaml b/repositories.yaml index 1026e58..3f5b623 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -33,8 +33,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + #- name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker -- 2.45.2 From a95c4a9406d06004a07d83f3e8c47440ff9bd209 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:35:32 +0100 Subject: [PATCH 28/69] Update the email workflow --- .woodpecker/.cdh.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index 8298b38..0fcab33 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,6 +2,7 @@ # -- Check da helm pipeline # ---------------------------------------------- when: + - push - event: cron cron: nightly steps: @@ -16,19 +17,15 @@ steps: notification: image: deblan/woodpecker-email settings: - from: woody@badhouseplants.net - host: badhouseplants.net - skip_verify: true - no_starttls: false - username: - from_secret: smtp_username - password: - from_secret: smtp_password + dsn: + from_secret: smtp_dsn + from: + address: woody@badhouseplants.net + name: Woody Woodpecker recipients: - allanger@badhouseplants.net subject: CDH result target: main - recipients_only: true attachment: result.html when: - status: [success, failure] -- 2.45.2 From 25ea4c42542fc42a415c1fcedc3bf7c39dc6041e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:36:36 +0100 Subject: [PATCH 29/69] Fix the push workflow --- .woodpecker/.cdh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index 0fcab33..b2e06e7 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,7 +2,7 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - push + - event: push - event: cron cron: nightly steps: -- 2.45.2 From 896e939c2d7e691bdb775331e1c9709ab9d48046 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:49:03 +0100 Subject: [PATCH 30/69] Fix the gitea-allanger repo --- repositories.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/repositories.yaml b/repositories.yaml index 3f5b623..1026e58 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -33,8 +33,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - #- name: allanger-gitea - # url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker -- 2.45.2 From 9cf8656ba56d27116742d3de7e331f574e73fd51 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 26 Jan 2024 16:53:13 +0100 Subject: [PATCH 31/69] Fix the cluster --- badhouseplants/values/secrets.funkwhale.yaml | 22 +++---- badhouseplants/values/secrets.gitea.yaml | 36 +++++------ badhouseplants/values/values.loki.yaml | 2 + badhouseplants/values/values.longhorn.yaml | 7 ++- .../values/values.woodpecker-ci.yaml | 3 +- system/charts/namespaces/chart/.helmignore | 23 +++++++ system/charts/namespaces/chart/Chart.yaml | 24 +++++++ .../namespaces/chart/templates/_helpers.tpl | 43 +++++++++++++ .../chart/templates/namespaces.yaml | 18 ++++++ system/charts/namespaces/chart/values.yaml | 20 ++++++ .../namespaces/kustomize/flux-system.yml | 6 ++ .../namespaces/kustomize/giantswarm-flux.yml | 6 ++ .../namespaces/kustomize/giantswarm.yml | 6 ++ .../namespaces/kustomize/kustomization.yaml | 5 ++ .../namespaces/kustomize/monitoring.yml | 6 ++ .../namespaces/kustomize/org-giantswarm.yml | 6 ++ system/charts/root/.helmignore | 23 +++++++ system/charts/root/Chart.yaml | 6 ++ system/charts/root/templates/_helpers.tpl | 62 +++++++++++++++++++ system/charts/root/templates/root.yaml | 25 ++++++++ system/charts/root/templates/self.yaml | 25 ++++++++ system/charts/root/values.yaml | 5 ++ system/helmfile.yaml | 51 +++++++++++++++ system/values/calico.yaml | 12 ++++ system/values/cilium.yaml | 11 ++++ system/values/coredns.yaml | 32 ++++++++++ system/values/namespaces.yaml | 22 +++++++ 27 files changed, 473 insertions(+), 34 deletions(-) create mode 100644 system/charts/namespaces/chart/.helmignore create mode 100644 system/charts/namespaces/chart/Chart.yaml create mode 100644 system/charts/namespaces/chart/templates/_helpers.tpl create mode 100644 system/charts/namespaces/chart/templates/namespaces.yaml create mode 100644 system/charts/namespaces/chart/values.yaml create mode 100644 system/charts/namespaces/kustomize/flux-system.yml create mode 100644 system/charts/namespaces/kustomize/giantswarm-flux.yml create mode 100644 system/charts/namespaces/kustomize/giantswarm.yml create mode 100644 system/charts/namespaces/kustomize/kustomization.yaml create mode 100644 system/charts/namespaces/kustomize/monitoring.yml create mode 100644 system/charts/namespaces/kustomize/org-giantswarm.yml create mode 100644 system/charts/root/.helmignore create mode 100644 system/charts/root/Chart.yaml create mode 100644 system/charts/root/templates/_helpers.tpl create mode 100644 system/charts/root/templates/root.yaml create mode 100644 system/charts/root/templates/self.yaml create mode 100644 system/charts/root/values.yaml create mode 100644 system/helmfile.yaml create mode 100644 system/values/calico.yaml create mode 100644 system/values/cilium.yaml create mode 100644 system/values/coredns.yaml create mode 100644 system/values/namespaces.yaml diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 1730f80..ff593f1 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] +djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] + password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str] redis: auth: - password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] + password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw - TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL - VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y - dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA - GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG + MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ + WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3 + S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX + E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T18:47:37Z" - mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] + lastmodified: "2024-01-26T15:39:00Z" + mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 6d28634..84af601 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] - password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] + username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str] + password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] + PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] + PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str] cache: - HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] + HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] + CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str] oauth: - - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] - provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] - key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] - secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] + - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str] + provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str] + key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str] + secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 - QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu - LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 - Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN - WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6 + VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv + MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu + YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns + xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-15T09:58:05Z" - mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] + lastmodified: "2024-01-26T15:39:40Z" + mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index 76f2f8f..f3a74e8 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,4 +1,6 @@ --- +global: + dnsService: "coredns" singleBinary: replicas: 1 persistence: diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 078e6ab..eb7bfe5 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -1,13 +1,14 @@ defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore + backupTarget: s3://longhorn@us-east1/backupstore backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 storageOverProvisioningPercentage: 300 storageMinimalAvailablePercentage: 5 - defaultDataPath: /media-longhorn + storageReservedPercentageForDefaultDisk: 1 + defaultDataPath: /media/longhorn csi: - kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet + kubeletRootDir: /var/lib/kubelet/ persistence: defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index ffd1564..202daca 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -34,7 +34,6 @@ server: WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: @@ -49,7 +48,7 @@ agent: WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn serviceAccount: create: true rbac: diff --git a/system/charts/namespaces/chart/.helmignore b/system/charts/namespaces/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/namespaces/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/namespaces/chart/Chart.yaml b/system/charts/namespaces/chart/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/system/charts/namespaces/chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/system/charts/namespaces/chart/templates/_helpers.tpl b/system/charts/namespaces/chart/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/system/charts/namespaces/chart/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/system/charts/namespaces/chart/templates/namespaces.yaml b/system/charts/namespaces/chart/templates/namespaces.yaml new file mode 100644 index 0000000..dc2bd62 --- /dev/null +++ b/system/charts/namespaces/chart/templates/namespaces.yaml @@ -0,0 +1,18 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $ns.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/system/charts/namespaces/chart/values.yaml b/system/charts/namespaces/chart/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/system/charts/namespaces/chart/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/system/charts/namespaces/kustomize/flux-system.yml b/system/charts/namespaces/kustomize/flux-system.yml new file mode 100644 index 0000000..f44f3af --- /dev/null +++ b/system/charts/namespaces/kustomize/flux-system.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + name: flux-system diff --git a/system/charts/namespaces/kustomize/giantswarm-flux.yml b/system/charts/namespaces/kustomize/giantswarm-flux.yml new file mode 100644 index 0000000..bd0e121 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm-flux.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm-flux + labels: + name: giantswarm-flux diff --git a/system/charts/namespaces/kustomize/giantswarm.yml b/system/charts/namespaces/kustomize/giantswarm.yml new file mode 100644 index 0000000..31e7916 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm + labels: + name: giantswarm diff --git a/system/charts/namespaces/kustomize/kustomization.yaml b/system/charts/namespaces/kustomize/kustomization.yaml new file mode 100644 index 0000000..8159198 --- /dev/null +++ b/system/charts/namespaces/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ./giantswarm-flux.yml + - ./giantswarm.yml + - ./monitoring.yml + - ./org-giantswarm.yml diff --git a/system/charts/namespaces/kustomize/monitoring.yml b/system/charts/namespaces/kustomize/monitoring.yml new file mode 100644 index 0000000..90d12ef --- /dev/null +++ b/system/charts/namespaces/kustomize/monitoring.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + name: monitoring diff --git a/system/charts/namespaces/kustomize/org-giantswarm.yml b/system/charts/namespaces/kustomize/org-giantswarm.yml new file mode 100644 index 0000000..f27e8c4 --- /dev/null +++ b/system/charts/namespaces/kustomize/org-giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: org-giantswarm + labels: + name: org-giantswarm diff --git a/system/charts/root/.helmignore b/system/charts/root/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/root/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/root/Chart.yaml b/system/charts/root/Chart.yaml new file mode 100644 index 0000000..59e507d --- /dev/null +++ b/system/charts/root/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: root +description: A Helm chart for Kubernetes +type: application +version: 0.1.5 +appVersion: "1.16.0" diff --git a/system/charts/root/templates/_helpers.tpl b/system/charts/root/templates/_helpers.tpl new file mode 100644 index 0000000..8a3cc9a --- /dev/null +++ b/system/charts/root/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "root.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "root.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "root.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "root.labels" -}} +helm.sh/chart: {{ include "root.chart" . }} +{{ include "root.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "root.selectorLabels" -}} +app.kubernetes.io/name: {{ include "root.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "root.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/system/charts/root/templates/root.yaml b/system/charts/root/templates/root.yaml new file mode 100644 index 0000000..f542187 --- /dev/null +++ b/system/charts/root/templates/root.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root +spec: + interval: 30s + url: {{ .Values.url }} + ref: + branch: {{ .Values.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/templates/self.yaml b/system/charts/root/templates/self.yaml new file mode 100644 index 0000000..0ddb8de --- /dev/null +++ b/system/charts/root/templates/self.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root-self +spec: + interval: 30s + url: {{ .Values.self.url }} + ref: + branch: {{ .Values.self.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root-self +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root-self + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/values.yaml b/system/charts/root/values.yaml new file mode 100644 index 0000000..51850fa --- /dev/null +++ b/system/charts/root/values.yaml @@ -0,0 +1,5 @@ +url: https://git.badhouseplants.net/giantswarm/cluster-example.git +branch: main +self: + url: git@git.badhouseplants.net:giantswarm/root-config.git + branch: master diff --git a/system/helmfile.yaml b/system/helmfile.yaml new file mode 100644 index 0000000..7cc46e6 --- /dev/null +++ b/system/helmfile.yaml @@ -0,0 +1,51 @@ +repositories: + - name: projectcalico + url: https://docs.tigera.io/calico/charts + - name: coredns + url: https://coredns.github.io/helm + - name: flannel + url: https://flannel-io.github.io/flannel/ + - name: cilium + url: https://helm.cilium.io/ + - name: hcloud + url: https://charts.hetzner.cloud + +releases: + - name: namespaces + chart: ./charts/namespaces/chart + namespace: kube-public + createNamespace: false + values: + - ./values/namespaces.yaml + + - name: hccm + chart: hcloud/hcloud-cloud-controller-manager + needs: + - kube-public/namespaces + namespace: kube-system + version: 1.19.0 + installed: false + createNamespace: false + values: + - ./values/hcloud.yaml + + - name: coredns + needs: + - kube-public/namespaces + chart: coredns/coredns + installed: true + version: 1.29.0 + namespace: kube-system + values: + - ./values/coredns.yaml + + - name: cilium + chart: cilium/cilium + version: 1.14.6 + installed: true + createNamespace: false + namespace: kube-system + needs: + - kube-public/namespaces + values: + - ./values/cilium.yaml diff --git a/system/values/calico.yaml b/system/values/calico.yaml new file mode 100644 index 0000000..b47e04e --- /dev/null +++ b/system/values/calico.yaml @@ -0,0 +1,12 @@ +installation: + enabled: true + spec: + calicoNetwork: + bgp: Enabled + nodeAddressAutodetectionV4: + interface: ens11 + ipPools: + - cidr: 10.50.0.0/16 + encapsulation: VXLANCrossSubnet + natOutgoing: Enabled + nodeSelector: all() diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml new file mode 100644 index 0000000..e0f0670 --- /dev/null +++ b/system/values/cilium.yaml @@ -0,0 +1,11 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +policyEnforcementMode: never +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"] diff --git a/system/values/coredns.yaml b/system/values/coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/system/values/coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml new file mode 100644 index 0000000..d303607 --- /dev/null +++ b/system/values/namespaces.yaml @@ -0,0 +1,22 @@ +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main -- 2.45.2 From 9c7e44e757f9ddc4c369ab113b463b1c59000b6f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 4 Feb 2024 09:31:09 +0100 Subject: [PATCH 32/69] Sync after the disaster recovery --- badhouseplants/helmfile.yaml | 24 ++-- badhouseplants/values/secrets.funkwhale.yaml | 20 +-- badhouseplants/values/secrets.gitea.yaml | 36 ++--- badhouseplants/values/secrets.mailu.yaml | 38 ++--- .../values/secrets.vaultwarden.yaml | 20 +-- badhouseplants/values/values.argocd.yaml | 1 + badhouseplants/values/values.mailu.yaml | 130 +++++++++--------- badhouseplants/values/values.openvpn-xor.yaml | 2 +- common/values.database.yaml | 2 +- etersoft/helmfile.yaml | 5 + etersoft/values/secrets.postgres16.yaml | 24 ++++ etersoft/values/values.longhorn.yaml | 13 ++ etersoft/values/values.postgres16.yaml | 10 ++ helmfile.yaml | 5 + manifests/badhouseplants-ip.yaml | 2 +- manifests/debug/istio/httpbin.yaml | 63 +++++++++ manifests/debug/ubuntu.yaml | 11 ++ releases.yaml | 11 ++ repositories.yaml | 2 + system/values/cilium.yaml | 3 +- system/values/namespaces.yaml | 1 + 21 files changed, 285 insertions(+), 138 deletions(-) create mode 100644 etersoft/values/secrets.postgres16.yaml create mode 100644 etersoft/values/values.longhorn.yaml create mode 100644 etersoft/values/values.postgres16.yaml create mode 100644 manifests/debug/istio/httpbin.yaml create mode 100644 manifests/debug/ubuntu.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 92e05f1..e6c262b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,11 +12,6 @@ releases: namespace: drone-service createNamespace: false - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - - <<: *argocd installed: true namespace: argo-system @@ -87,11 +82,12 @@ releases: namespace: database-service createNamespace: true - - <<: *docker-mailserver + - <<: *woodpecker-ci installed: true - namespace: mail-service + namespace: woodpecker-ci createNamespace: true + - <<: *istio-gateway-resources installed: true namespace: istio-system @@ -102,21 +98,25 @@ releases: installed: true namespace: vaultwarden-application - - <<: *woodpecker-ci - installed: true - namespace: woodpecker-ci - createNamespace: true - - <<: *openvpn-xor installed: true namespace: openvpn-service createNamespace: false + - <<: *docker-mailserver + installed: true + namespace: mail-service + createNamespace: true + - <<: *tandoor installed: true namespace: tandoor-application createNamespace: true + - <<: *mailu + installed: true + namespace: mailu-application + createNamespace: false bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index ff593f1..2ef8cde 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str] +djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str] + password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str] redis: auth: - password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str] + password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG - MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ - WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3 - S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX - E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2 + NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3 + Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB + ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5 + M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-26T15:39:00Z" - mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str] + lastmodified: "2024-01-31T18:41:30Z" + mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 84af601..4c1a84f 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str] - password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str] + username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str] + password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str] + PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str] + PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str] cache: - HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str] + HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str] + CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str] oauth: - - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str] - provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str] - key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str] - secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str] + - name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str] + provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str] + key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str] + secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6 - VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv - MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu - YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns - xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk + OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy + Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3 + YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI + nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-26T15:39:40Z" - mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str] + lastmodified: "2024-01-30T18:17:44Z" + mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index 5e20299..193f934 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] +secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] - username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] - domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] - password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] + enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool] + username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str] + domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str] + password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] - postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] + password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str] + postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] - userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str] + userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] + password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw - YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh - b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv - RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp - QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN + Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96 + a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5 + S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9 + wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-28T08:37:51Z" - mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] + lastmodified: "2024-02-02T07:57:08Z" + mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml index 8d2d9a3..61f6e40 100644 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -1,10 +1,10 @@ vaultwarden: smtp: - username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] + username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str] password: - value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] + value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str] adminToken: - value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] + value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo - WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 - dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a - U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT - HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-25T19:33:37Z" - mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] + lastmodified: "2024-01-30T18:44:39Z" + mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 7d01d6c..e8d0bce 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -63,6 +63,7 @@ server: scopes: "[email, group]" policy.csv: | g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin g, rodion.n.rodionov@gmail.com, role:admin p, drone, applications, *, badhouseplants/*,allow config: diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 0612e49..6c54e91 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,7 +1,7 @@ --- -certificate: +certificate: enabled: true - certificate: + certificate: - name: mailu secretName: mailu-certificate issuer: @@ -21,58 +21,58 @@ istio: kind: http gateway: badhouseplants-net hostname: email.badhouseplants.net - service: mailu-fr ont + service: mailu-front port: 80 - # - name: mailu-smpt - # kind: tcp - # gateway: badhouseplants-mail - # service: mailu-front - # hostname: email.badhousplants.net - # port_match: 25 - # port: 25 - # - name: mailu-smpts - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 465 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 465 - # - name: mailu-smpt-startls - # kind: tcp - # gateway: badhouseplants-mail - # hostname: email.badhousplants.net - # port_match: 587 - # service: mailu-front - # port: 587 - # - name: mailu-imap - # kind: tcp - # hostname: email.badhousplants.net - # gateway: badhouseplants-mail - # port_match: 143 - # service: mailu-front - # port: 143 - # - name: mailu-imaps - # kind: tcp - # gateway: badhouseplants-mail - # hostname: email.badhousplants.net - # port_match: 993 - # service: mailu-front - # port: 993 - # - name: mailu-pop3 - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 110 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 110 - # - name: mailu-pop3s - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 993 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 993 -subnet: 10.1.0.0/16 + - name: mailu-smpt + kind: tcp + gateway: badhouseplants-mail + service: mailu-front + hostname: email.badhousplants.net + port_match: 25 + port: 25 + - name: mailu-smpts + kind: tcp + gateway: badhouseplants-mail + port_match: 465 + hostname: email.badhousplants.net + service: mailu-front + port: 465 + - name: mailu-smpt-startls + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 587 + service: mailu-front + port: 587 + - name: mailu-imap + kind: tcp + hostname: email.badhousplants.net + gateway: badhouseplants-mail + port_match: 143 + service: mailu-front + port: 143 + - name: mailu-imaps + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 993 + service: mailu-front + port: 993 + - name: mailu-pop3 + kind: tcp + gateway: badhouseplants-mail + port_match: 110 + hostname: email.badhousplants.net + service: mailu-front + port: 110 + - name: mailu-pop3s + kind: tcp + gateway: badhouseplants-mail + port_match: 993 + hostname: email.badhousplants.net + service: mailu-front + port: 993 +subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - post.badhouseplants.net @@ -90,6 +90,11 @@ ingress: tlsFlavorOverride: mail selfSigned: false existingSecret: mailu-certificate + realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local + realIpHeader: "X-Forwarded-For" +front: + hostPort: + enabled: false admin: resources: requests: @@ -107,9 +112,10 @@ redis: cpu: 70m limits: memory: 200Mi - cpu: 200m - persistence: - size: 1Gi + cpu: 200m + master: + persistence: + enabled: false postfix: resources: requests: @@ -117,7 +123,7 @@ postfix: cpu: 200m limits: memory: 1024Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi dovecot: @@ -128,7 +134,7 @@ dovecot: cpu: 70m limits: memory: 400Mi - cpu: 300m + cpu: 300m persistence: size: 1Gi roundcube: @@ -138,7 +144,7 @@ roundcube: cpu: 70m limits: memory: 200Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi mysql: @@ -154,10 +160,6 @@ postgresql: storageClass: "" accessMode: ReadWriteOnce size: 2Gi -front: - logLevel: DEBUG - hostPort: - enabled: true rspamd: resources: requests: @@ -166,7 +168,7 @@ rspamd: limits: memory: 500Mi cpu: 400m - startupProbe: + startupProbe: periodSeconds: 30 failureThreshold: 900 timeoutSeconds: 20 diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 0f4c96c..9b9171b 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -20,7 +20,7 @@ storage: openvpn: proto: tcp - host: 195.201.250.50 + host: 195.201.249.91 easyrsa: cn: Bad Houseplants diff --git a/common/values.database.yaml b/common/values.database.yaml index d5d0221..6685015 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -10,7 +10,7 @@ ext-database: spec: secretName: "{{ .Values.name }}-creds" instance: "{{ .Values.instance }}" - deletionProtected: false + deletionProtected: true backup: enable: false cron: 0 0 * * * diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index a051a53..98684a6 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -6,6 +6,11 @@ releases: installed: true namespace: openvpn-service createNamespace: false + + - <<: *postgres16 + installed: true + namespace: database-service + createNamespace: true bases: - ../environments.yaml diff --git a/etersoft/values/secrets.postgres16.yaml b/etersoft/values/secrets.postgres16.yaml new file mode 100644 index 0000000..e466bb1 --- /dev/null +++ b/etersoft/values/secrets.postgres16.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T02:27:48Z" + mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/etersoft/values/values.longhorn.yaml b/etersoft/values/values.longhorn.yaml new file mode 100644 index 0000000..078e6ab --- /dev/null +++ b/etersoft/values/values.longhorn.yaml @@ -0,0 +1,13 @@ +defaultSettings: + backupTarget: s3://longhorn@us-east1/backupstore + backupTargetCredentialSecret: aws-secret + guaranteedEngineManagerCPU: 6 + guaranteedReplicaManagerCPU: 6 + storageOverProvisioningPercentage: 300 + storageMinimalAvailablePercentage: 5 + defaultDataPath: /media-longhorn +csi: + kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet +persistence: + defaultClassReplicaCount: 1 +enablePSP: false diff --git a/etersoft/values/values.postgres16.yaml b/etersoft/values/values.postgres16.yaml new file mode 100644 index 0000000..cbcb751 --- /dev/null +++ b/etersoft/values/values.postgres16.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false diff --git a/helmfile.yaml b/helmfile.yaml index 06da863..73ac8fa 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,5 +46,10 @@ releases: namespace: reflector-system createNamespace: true + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/manifests/badhouseplants-ip.yaml b/manifests/badhouseplants-ip.yaml index b98f76f..86db502 100644 --- a/manifests/badhouseplants-ip.yaml +++ b/manifests/badhouseplants-ip.yaml @@ -7,4 +7,4 @@ metadata: namespace: metallb-system spec: addresses: - - 195.201.250.50-195.201.250.50 + - 195.201.249.91-195.201.249.91 diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml new file mode 100644 index 0000000..29b9db1 --- /dev/null +++ b/manifests/debug/istio/httpbin.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + kubernetes.io/metadata.name: debug + name: debug +--- +# httpbin.yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: httpbin + namespace: debug +spec: + hosts: + - "httpbin.e.badhouseplants.net" + gateways: + - istio-system/e-badhouseplants-net + http: + - route: + - destination: + port: + number: 8000 + host: httpbin +--- +apiVersion: v1 +kind: Service +metadata: + name: httpbin + namespace: debug + labels: + app: httpbin +spec: + ports: + - name: http + port: 8000 + selector: + app: httpbin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: httpbin + namespace: debug +spec: + replicas: 1 + selector: + matchLabels: + app: httpbin + version: v1 + template: + metadata: + labels: + app: httpbin + version: v1 + spec: + containers: + - image: docker.io/citizenstig/httpbin + imagePullPolicy: IfNotPresent + name: httpbin + ports: + - containerPort: 8000 diff --git a/manifests/debug/ubuntu.yaml b/manifests/debug/ubuntu.yaml new file mode 100644 index 0000000..676a047 --- /dev/null +++ b/manifests/debug/ubuntu.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ubuntu +spec: + containers: + - name: ubuntu + image: ubuntu + command: + - sleep + - infinity diff --git a/releases.yaml b/releases.yaml index 053d82e..7138202 100644 --- a/releases.yaml +++ b/releases.yaml @@ -366,6 +366,17 @@ templates: chart: emberstack/reflector version: 7.1.238 + mailu: &mailu + name: mailu + chart: mailu/mailu + version: 1.5.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-certificate + + tandoor: &tandoor name: tandoor chart: gabe565/tandoor diff --git a/repositories.yaml b/repositories.yaml index 1026e58..fc03a1e 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -45,3 +45,5 @@ repositories: url: https://emberstack.github.io/helm-charts - name: gabe565 url: https://charts.gabe565.com + - name: mailu + url: https://mailu.github.io/helm-charts/ diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml index e0f0670..6eae22c 100644 --- a/system/values/cilium.yaml +++ b/system/values/cilium.yaml @@ -4,8 +4,7 @@ endpointRoutes: # -- Enable use of per endpoint routes instead of routing via # the cilium_host interface. enabled: true -policyEnforcementMode: never ipam: ciliumNodeUpdateRate: "15s" operator: - clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"] + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml index d303607..838f30b 100644 --- a/system/values/namespaces.yaml +++ b/system/values/namespaces.yaml @@ -20,3 +20,4 @@ namespaces: - name: openvpn-service - name: tandoor-application - name: badhouseplants-main + - name: mailu-application -- 2.45.2 From b1f183d7127669fee7c5872dd3a37d765a6178fd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 8 Feb 2024 19:58:31 +0100 Subject: [PATCH 33/69] Updates after the disaster recovery --- .woodpecker/.cdh.yml | 1 - Makefile | 4 -- README.md | 2 +- badhouseplants/helmfile.yaml | 8 ++- badhouseplants/values/secrets.funkwhale.yaml | 20 +++--- badhouseplants/values/secrets.gitea.yaml | 36 +++++----- badhouseplants/values/secrets.mailu.yaml | 36 +++++----- badhouseplants/values/values.cilium.yaml | 10 +++ badhouseplants/values/values.coredns.yaml | 32 +++++++++ .../values/values.istio-ingressgateway.yaml | 1 + badhouseplants/values/values.mailu.yaml | 4 +- .../values/values.metallb-resources.yaml | 5 ++ badhouseplants/values/values.namespaces.yaml | 32 ++++++--- badhouseplants/values/values.prometheus.yaml | 1 + charts/namespaces/chart/.helmignore | 23 ++++++ charts/namespaces/chart/Chart.yaml | 24 +++++++ .../namespaces/chart/templates/_helpers.tpl | 43 +++++++++++ .../chart/templates/namespaces.yaml | 18 +++++ charts/namespaces/chart/values.yaml | 20 ++++++ charts/namespaces/kustomize/flux-system.yml | 6 ++ .../namespaces/kustomize/giantswarm-flux.yml | 6 ++ charts/namespaces/kustomize/giantswarm.yml | 6 ++ .../namespaces/kustomize/kustomization.yaml | 5 ++ charts/namespaces/kustomize/monitoring.yml | 6 ++ .../namespaces/kustomize/org-giantswarm.yml | 6 ++ charts/root/.helmignore | 23 ++++++ charts/root/Chart.yaml | 6 ++ charts/root/templates/_helpers.tpl | 62 ++++++++++++++++ charts/root/templates/root.yaml | 25 +++++++ charts/root/templates/self.yaml | 25 +++++++ charts/root/values.yaml | 5 ++ common/values.metallb.yaml | 14 ++++ crd.yaml | 27 +++++++ docs/restic.md | 7 -- etersoft/values/secrets.minio.yaml | 48 ++++++------- etersoft/values/values.metallb-resources.yaml | 5 ++ etersoft/values/values.minio.yaml | 10 +++ extensions.yaml | 56 +++++++++++++++ helmfile.yaml | 5 ++ .../namespace-creator-binding.yaml | 12 ---- .../namespace-creator-role.yaml | 8 --- manifests/debug/istio/httpbin.yaml | 4 +- manifests/new-ip.yaml | 11 +++ releases.yaml | 72 ++++++++++++++----- repositories.yaml | 4 ++ system/values/values.cilium.yaml | 10 +++ system/values/values.coredns.yaml | 32 +++++++++ system/values/values.namespaces.yaml | 23 ++++++ templates/crd-hook.yaml | 25 +++++++ templates/extensions.yaml | 56 +++++++++++++++ 50 files changed, 795 insertions(+), 135 deletions(-) delete mode 100644 Makefile create mode 100644 badhouseplants/values/values.cilium.yaml create mode 100644 badhouseplants/values/values.coredns.yaml create mode 100644 badhouseplants/values/values.metallb-resources.yaml create mode 100644 charts/namespaces/chart/.helmignore create mode 100644 charts/namespaces/chart/Chart.yaml create mode 100644 charts/namespaces/chart/templates/_helpers.tpl create mode 100644 charts/namespaces/chart/templates/namespaces.yaml create mode 100644 charts/namespaces/chart/values.yaml create mode 100644 charts/namespaces/kustomize/flux-system.yml create mode 100644 charts/namespaces/kustomize/giantswarm-flux.yml create mode 100644 charts/namespaces/kustomize/giantswarm.yml create mode 100644 charts/namespaces/kustomize/kustomization.yaml create mode 100644 charts/namespaces/kustomize/monitoring.yml create mode 100644 charts/namespaces/kustomize/org-giantswarm.yml create mode 100644 charts/root/.helmignore create mode 100644 charts/root/Chart.yaml create mode 100644 charts/root/templates/_helpers.tpl create mode 100644 charts/root/templates/root.yaml create mode 100644 charts/root/templates/self.yaml create mode 100644 charts/root/values.yaml create mode 100644 common/values.metallb.yaml create mode 100644 crd.yaml delete mode 100644 docs/restic.md create mode 100644 etersoft/values/values.metallb-resources.yaml create mode 100644 extensions.yaml delete mode 100644 manifests/badhouseplants/namespace-creator-binding.yaml delete mode 100644 manifests/badhouseplants/namespace-creator-role.yaml create mode 100644 manifests/new-ip.yaml create mode 100644 system/values/values.cilium.yaml create mode 100644 system/values/values.coredns.yaml create mode 100644 system/values/values.namespaces.yaml create mode 100644 templates/crd-hook.yaml create mode 100644 templates/extensions.yaml diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index b2e06e7..6fc4838 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,7 +2,6 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - event: push - event: cron cron: nightly steps: diff --git a/Makefile b/Makefile deleted file mode 100644 index 1814372..0000000 --- a/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -create_crb: - kubectl create clusterrolebinding drone-deployer-workaround \ - --clusterrole=cluster-admin \ - --serviceaccount=drone-service:default diff --git a/README.md b/README.md index 3fd9e60..5ad2c85 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,4 @@ [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) # CRD hooks -I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. \ No newline at end of file +I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index e6c262b..0ec24c9 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -2,6 +2,12 @@ {{ readFile "../releases.yaml" }} releases: + - <<: *namespaces + installed: true + - <<: *coredns + installed: true + - <<: *cilium + installed: true - <<: *drone installed: true namespace: drone-service @@ -114,7 +120,7 @@ releases: createNamespace: true - <<: *mailu - installed: true + installed: false namespace: mailu-application createNamespace: false bases: diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 2ef8cde..8ca3587 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str] +djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str] + password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str] redis: auth: - password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str] + password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2 - NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3 - Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB - ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5 - M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty + dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG + SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y + ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC + nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-31T18:41:30Z" - mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str] + lastmodified: "2024-02-09T09:33:11Z" + mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 4c1a84f..55bd2b4 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str] - password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str] + username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str] + password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str] + PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str] database: - PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str] + PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str] cache: - HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str] + HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str] + CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str] oauth: - - name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str] - provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str] - key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str] - secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str] + - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str] + provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str] + key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str] + secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk - OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy - Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3 - YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI - nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ + M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5 + TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC + OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X + RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-30T18:17:44Z" - mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str] + lastmodified: "2024-02-09T09:32:40Z" + mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index 193f934..61e967f 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str] +secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool] - username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str] - domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str] - password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str] + enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool] + username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str] + domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str] + password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str] - postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str] + password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str] + postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str] - userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str] + userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str] + password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN - Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96 - a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5 - S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9 - wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS + L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu + Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj + aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i + l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-02T07:57:08Z" - mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str] + lastmodified: "2024-02-04T09:30:41Z" + mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.cilium.yaml b/badhouseplants/values/values.cilium.yaml new file mode 100644 index 0000000..6eae22c --- /dev/null +++ b/badhouseplants/values/values.cilium.yaml @@ -0,0 +1,10 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/badhouseplants/values/values.coredns.yaml b/badhouseplants/values/values.coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/badhouseplants/values/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index e37b970..8e39d27 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -1,5 +1,6 @@ service: type: LoadBalancer + externalTrafficPolicy: Local ports: - name: minecraft port: 25565 diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 6c54e91..aba9e11 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -19,7 +19,7 @@ istio: istio: - name: mailu-web kind: http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net hostname: email.badhouseplants.net service: mailu-front port: 80 @@ -91,7 +91,7 @@ ingress: selfSigned: false existingSecret: mailu-certificate realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local - realIpHeader: "X-Forwarded-For" + realIpHeader: "X-Envoy-External-Address" front: hostPort: enabled: false diff --git a/badhouseplants/values/values.metallb-resources.yaml b/badhouseplants/values/values.metallb-resources.yaml new file mode 100644 index 0000000..94b681b --- /dev/null +++ b/badhouseplants/values/values.metallb-resources.yaml @@ -0,0 +1,5 @@ +metallb: + enabled: true + ippools: + - name: fuji + addresses: 195.201.249.91-195.201.249.91 diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index b477a0b..838f30b 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,11 +1,23 @@ ---- -ns: +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application - name: monitoring-system -templates: - - | - {{ range .Values.ns }} - apiVersion: v1 - kind: Namespace - metadata: - name: {{ .name }} - {{ end }} + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main + - name: mailu-application diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index cc03d42..2ee10c9 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -87,6 +87,7 @@ prometheus: storage: 12Gi grafana: + assertNoLeakedSecrets: false persistence: enabled: true size: 2Gi diff --git a/charts/namespaces/chart/.helmignore b/charts/namespaces/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/namespaces/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/namespaces/chart/Chart.yaml b/charts/namespaces/chart/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/charts/namespaces/chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/namespaces/chart/templates/_helpers.tpl b/charts/namespaces/chart/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/charts/namespaces/chart/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml new file mode 100644 index 0000000..dc2bd62 --- /dev/null +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -0,0 +1,18 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $ns.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/namespaces/chart/values.yaml b/charts/namespaces/chart/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/charts/namespaces/chart/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/charts/namespaces/kustomize/flux-system.yml b/charts/namespaces/kustomize/flux-system.yml new file mode 100644 index 0000000..f44f3af --- /dev/null +++ b/charts/namespaces/kustomize/flux-system.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + name: flux-system diff --git a/charts/namespaces/kustomize/giantswarm-flux.yml b/charts/namespaces/kustomize/giantswarm-flux.yml new file mode 100644 index 0000000..bd0e121 --- /dev/null +++ b/charts/namespaces/kustomize/giantswarm-flux.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm-flux + labels: + name: giantswarm-flux diff --git a/charts/namespaces/kustomize/giantswarm.yml b/charts/namespaces/kustomize/giantswarm.yml new file mode 100644 index 0000000..31e7916 --- /dev/null +++ b/charts/namespaces/kustomize/giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm + labels: + name: giantswarm diff --git a/charts/namespaces/kustomize/kustomization.yaml b/charts/namespaces/kustomize/kustomization.yaml new file mode 100644 index 0000000..8159198 --- /dev/null +++ b/charts/namespaces/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ./giantswarm-flux.yml + - ./giantswarm.yml + - ./monitoring.yml + - ./org-giantswarm.yml diff --git a/charts/namespaces/kustomize/monitoring.yml b/charts/namespaces/kustomize/monitoring.yml new file mode 100644 index 0000000..90d12ef --- /dev/null +++ b/charts/namespaces/kustomize/monitoring.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + name: monitoring diff --git a/charts/namespaces/kustomize/org-giantswarm.yml b/charts/namespaces/kustomize/org-giantswarm.yml new file mode 100644 index 0000000..f27e8c4 --- /dev/null +++ b/charts/namespaces/kustomize/org-giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: org-giantswarm + labels: + name: org-giantswarm diff --git a/charts/root/.helmignore b/charts/root/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/root/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/root/Chart.yaml b/charts/root/Chart.yaml new file mode 100644 index 0000000..59e507d --- /dev/null +++ b/charts/root/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: root +description: A Helm chart for Kubernetes +type: application +version: 0.1.5 +appVersion: "1.16.0" diff --git a/charts/root/templates/_helpers.tpl b/charts/root/templates/_helpers.tpl new file mode 100644 index 0000000..8a3cc9a --- /dev/null +++ b/charts/root/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "root.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "root.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "root.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "root.labels" -}} +helm.sh/chart: {{ include "root.chart" . }} +{{ include "root.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "root.selectorLabels" -}} +app.kubernetes.io/name: {{ include "root.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "root.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/root/templates/root.yaml b/charts/root/templates/root.yaml new file mode 100644 index 0000000..f542187 --- /dev/null +++ b/charts/root/templates/root.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root +spec: + interval: 30s + url: {{ .Values.url }} + ref: + branch: {{ .Values.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/charts/root/templates/self.yaml b/charts/root/templates/self.yaml new file mode 100644 index 0000000..0ddb8de --- /dev/null +++ b/charts/root/templates/self.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root-self +spec: + interval: 30s + url: {{ .Values.self.url }} + ref: + branch: {{ .Values.self.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root-self +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root-self + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/charts/root/values.yaml b/charts/root/values.yaml new file mode 100644 index 0000000..51850fa --- /dev/null +++ b/charts/root/values.yaml @@ -0,0 +1,5 @@ +url: https://git.badhouseplants.net/giantswarm/cluster-example.git +branch: main +self: + url: git@git.badhouseplants.net:giantswarm/root-config.git + branch: master diff --git a/common/values.metallb.yaml b/common/values.metallb.yaml new file mode 100644 index 0000000..c35b944 --- /dev/null +++ b/common/values.metallb.yaml @@ -0,0 +1,14 @@ +--- +metallb: + templates: + - | + {{ range .Values.ippools }} + --- + apiVersion: metallb.io/v1beta1 + kind: IPAddressPool + metadata: + name: {{ .name }} + spec: + addresses: + - {{ .addresses }} + {{ end }} diff --git a/crd.yaml b/crd.yaml new file mode 100644 index 0000000..0e245b2 --- /dev/null +++ b/crd.yaml @@ -0,0 +1,27 @@ +templates: + # --------------------------- + # -- Hooks + # --------------------------- + crd-management-hook: + hooks: + - events: ["preapply"] + showlogs: true + command: "sh" + args: + - -c + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true + - events: ["prepare"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" + - events: ["postuninstall"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/docs/restic.md b/docs/restic.md deleted file mode 100644 index f740f43..0000000 --- a/docs/restic.md +++ /dev/null @@ -1,7 +0,0 @@ -# Restic - -We are using restic for backing up the Minecraft server - -## How to restore - -TODO: Describe the restoration process diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index 465ad9a..cb55a93 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -1,21 +1,21 @@ -rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] +rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str] users: - - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] - secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] - policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] - - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] - secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] - policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] -oidc: - enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] - configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] - clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] - clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] - claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] - redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] - comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] - claimPrefix: "" - scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] + - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str] + secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str] + policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str] + - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str] + secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str] + policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str] + #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment] + #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment] + #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment] + #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment] + #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment] + #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment] + #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment] + #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment] + #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment] + #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz - QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I - R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa - UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 - vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6 + MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U + SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX + ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg + mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-04T19:00:41Z" - mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] + lastmodified: "2024-02-04T08:44:29Z" + mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/etersoft/values/values.metallb-resources.yaml b/etersoft/values/values.metallb-resources.yaml new file mode 100644 index 0000000..5c77cf7 --- /dev/null +++ b/etersoft/values/values.metallb-resources.yaml @@ -0,0 +1,5 @@ +metallb: + enabled: true + ippools: + - name: etersoft + addresses: 91.232.225.63-91.232.225.63 diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index a536d3e..deefdb1 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -18,6 +18,16 @@ istio: hostname: s3.e.badhouseplants.net service: minio port: 9000 +image: + repository: quay.io/minio/minio + tag: RELEASE.2024-01-11T07-46-16Z-cpuv1 + pullPolicy: IfNotPresent + +mcImage: + repository: quay.io/minio/mc + tag: RELEASE.2024-01-11T05-49-32Z-cpuv1 + pullPolicy: IfNotPresent + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/extensions.yaml b/extensions.yaml new file mode 100644 index 0000000..86903c3 --- /dev/null +++ b/extensions.yaml @@ -0,0 +1,56 @@ +templates: + # ---------------------------- + # -- Extensions + # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio-gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' + namespace: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ns + inherit: + - template: default-common-values + - template: default-env-values + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' diff --git a/helmfile.yaml b/helmfile.yaml index 73ac8fa..c813fb4 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -50,6 +50,11 @@ releases: installed: true namespace: longhorn-system createNamespace: false + + - <<: *metallb-resources + installed: true + namespace: metallb-system + createNamespace: false helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/manifests/badhouseplants/namespace-creator-binding.yaml b/manifests/badhouseplants/namespace-creator-binding.yaml deleted file mode 100644 index d24486c..0000000 --- a/manifests/badhouseplants/namespace-creator-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: namespace-manager -subjects: - - kind: User - name: badhousplants - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: namespace-manager - apiGroup: rbac.authorization.k8s.io diff --git a/manifests/badhouseplants/namespace-creator-role.yaml b/manifests/badhouseplants/namespace-creator-role.yaml deleted file mode 100644 index c552be6..0000000 --- a/manifests/badhouseplants/namespace-creator-role.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: namespace-manager -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "watch", "list", "create", "delete"] diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index 29b9db1..395418c 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -14,9 +14,9 @@ metadata: namespace: debug spec: hosts: - - "httpbin.e.badhouseplants.net" + - "httpbin.badhouseplants.net" gateways: - - istio-system/e-badhouseplants-net + - istio-system/badhouseplants-net http: - route: - destination: diff --git a/manifests/new-ip.yaml b/manifests/new-ip.yaml new file mode 100644 index 0000000..b554876 --- /dev/null +++ b/manifests/new-ip.yaml @@ -0,0 +1,11 @@ +--- +# Source: raw/charts/metallb/templates/resources.yaml +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: etersoft +spec: + addresses: + - 91.232.225.63-91.232.225.63 + diff --git a/releases.yaml b/releases.yaml index 7138202..7c999fd 100644 --- a/releases.yaml +++ b/releases.yaml @@ -63,7 +63,13 @@ templates: alias: certificate values: - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' service-monitor: dependencies: - chart: bedag/raw @@ -92,6 +98,14 @@ templates: # ---------------------------- # -- System # ---------------------------- + namespaces: &namespaces + name: namespaces + chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' + namespace: kube-public + createNamespace: false + inherit: + - template: default-env-values + metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server @@ -102,12 +116,20 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.12 + version: 0.14.3 + + metallb-resources: &metallb-resources + name: metallb-resources + chart: bedag/raw + version: 2.0.0 + inherit: + - template: ext-metallb + - template: default-env-values cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.3 + version: 1.14.1 set: - name: installCRDs value: true @@ -121,7 +143,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.52.1 + version: 5.53.13 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +156,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.7.0 + version: 56.6.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +167,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.5 + version: 5.42.2 inherit: - template: monitoring-common - template: default-env-values @@ -153,7 +175,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.3 + version: 6.15.5 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +263,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.3 + version: 1.1.1 inherit: - template: ext-database - template: default-env-values @@ -251,7 +273,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.0.4 + version: 19.2.3 inherit: - template: default-env-values - template: default-env-secrets @@ -261,7 +283,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.14 + version: 5.0.15 inherit: - template: default-env-values - template: default-env-secrets @@ -279,7 +301,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.0.2 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +330,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.3 + version: 18.12.1 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +338,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.3.1 + version: 14.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -324,7 +346,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.2 + version: 1.18.0 db-instances: &db-instances name: db-instances @@ -337,7 +359,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.17.1 + version: 9.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -376,13 +398,29 @@ templates: - template: ext-istio-resource - template: ext-certificate - tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.8.11 + version: 0.8.12 inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - template: ext-database + + coredns: &coredns + name: coredns + chart: coredns/coredns + version: 1.29.0 + namespace: kube-system + inherit: + - template: default-env-values + + cilium: &cilium + name: cilium + chart: cilium/cilium + version: 1.14.6 + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values diff --git a/repositories.yaml b/repositories.yaml index fc03a1e..9e7eced 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -47,3 +47,7 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ + - name: coredns + url: https://coredns.github.io/helm + - name: cilium + url: https://helm.cilium.io/ diff --git a/system/values/values.cilium.yaml b/system/values/values.cilium.yaml new file mode 100644 index 0000000..6eae22c --- /dev/null +++ b/system/values/values.cilium.yaml @@ -0,0 +1,10 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/values.coredns.yaml b/system/values/values.coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/system/values/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/system/values/values.namespaces.yaml b/system/values/values.namespaces.yaml new file mode 100644 index 0000000..838f30b --- /dev/null +++ b/system/values/values.namespaces.yaml @@ -0,0 +1,23 @@ +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main + - name: mailu-application diff --git a/templates/crd-hook.yaml b/templates/crd-hook.yaml new file mode 100644 index 0000000..db6365f --- /dev/null +++ b/templates/crd-hook.yaml @@ -0,0 +1,25 @@ +--- +templates: + crd-management-hook: + hooks: + - events: ["preapply"] + showlogs: true + command: "sh" + args: + - -c + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true + - events: ["prepare"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" + - events: ["postuninstall"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/templates/extensions.yaml b/templates/extensions.yaml new file mode 100644 index 0000000..86903c3 --- /dev/null +++ b/templates/extensions.yaml @@ -0,0 +1,56 @@ +templates: + # ---------------------------- + # -- Extensions + # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio-gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' + namespace: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ns + inherit: + - template: default-common-values + - template: default-env-values + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' -- 2.45.2 From 0591ae21ce38cde5c7824d0e1387d25a5f09e8a5 Mon Sep 17 00:00:00 2001 From: Roman Date: Sat, 10 Feb 2024 23:46:29 +0300 Subject: [PATCH 34/69] [Minecraft] Password plugin update --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e5df96a..6234128 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -127,7 +127,7 @@ initContainers: command: - curl - -L - - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" - -o - /data/plugins/PasswordProtect.jar volumeMounts: -- 2.45.2 From fb6a016b6683080a05163101c1c7d46fac61d3d6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 10 Feb 2024 22:00:32 +0100 Subject: [PATCH 35/69] Revert "[Minecraft] Password plugin update" This reverts commit 0591ae21ce38cde5c7824d0e1387d25a5f09e8a5. --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 6234128..e5df96a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -127,7 +127,7 @@ initContainers: command: - curl - -L - - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - -o - /data/plugins/PasswordProtect.jar volumeMounts: -- 2.45.2 From f4c9224ae69e36ef737304b3a3da645d7d35f2fa Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:39:37 +0100 Subject: [PATCH 36/69] Enable limits and store minecraft logs --- .woodpecker/.helmfile.yml | 15 +++++++++++++++ badhouseplants/values/values.promtail.yaml | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 355d333..166422c 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -1,11 +1,25 @@ when: event: push + + +.k8s-limits: &k8s-limits + backend_options: + kubernetes: + resources: + requests: + memory: 200Mi + cpu: 100m + limits: + memory: 400Mi + cpu: 200m + matrix: ENVIRONMENT: - badhouseplants - etersoft steps: diff: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -17,6 +31,7 @@ steps: - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets apply: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 6ab31f3..4976174 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!~"mail-service|woodpecker"}' + selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' action: drop -- 2.45.2 From 1cb2c5f2595ecd4e442b66114205c67d27ed5b43 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:57:07 +0100 Subject: [PATCH 37/69] Increase limits --- .woodpecker/.helmfile.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 166422c..fd6ed63 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,11 +7,11 @@ when: kubernetes: resources: requests: - memory: 200Mi - cpu: 100m - limits: memory: 400Mi - cpu: 200m + cpu: 1000m + limits: + memory: 800Mi + cpu: 1500m matrix: ENVIRONMENT: -- 2.45.2 From 99972808b7f5b7d02558375d5b088745bda8830f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 09:00:05 +0100 Subject: [PATCH 38/69] Increase limits --- .woodpecker/.helmfile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index fd6ed63..2407cd8 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,10 +7,10 @@ when: kubernetes: resources: requests: - memory: 400Mi + memory: 1024Mi cpu: 1000m limits: - memory: 800Mi + memory: 1512Mi cpu: 1500m matrix: -- 2.45.2 From d67cf1a273075c734f63738bc5b7f5d09fa6887a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Feb 2024 15:49:31 +0100 Subject: [PATCH 39/69] Add new ns --- badhouseplants/values/values.namespaces.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 838f30b..d752942 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -20,4 +20,7 @@ namespaces: - name: openvpn-service - name: tandoor-application - name: badhouseplants-main + labels: + istio-injection: enabled + - name: badhouseplants-preview - name: mailu-application -- 2.45.2 From 21ff595d4063ab76b63263b2a87fa486aa2640d2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:47:14 +0100 Subject: [PATCH 40/69] Some small chagnes --- badhouseplants/helmfile.yaml | 2 + badhouseplants/values/values.roles.yaml | 9 ++++ .../chart/templates/namespaces.yaml | 3 +- charts/roles/.helmignore | 23 ++++++++++ charts/roles/Chart.yaml | 6 +++ charts/roles/templates/_helpers.tpl | 43 +++++++++++++++++++ charts/roles/templates/namespaces.yaml | 23 ++++++++++ charts/roles/values.yaml | 9 ++++ releases.yaml | 8 ++++ 9 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 badhouseplants/values/values.roles.yaml create mode 100644 charts/roles/.helmignore create mode 100644 charts/roles/Chart.yaml create mode 100644 charts/roles/templates/_helpers.tpl create mode 100644 charts/roles/templates/namespaces.yaml create mode 100644 charts/roles/values.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 0ec24c9..39e25bd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -4,6 +4,8 @@ releases: - <<: *namespaces installed: true + - <<: *roles + installed: true - <<: *coredns installed: true - <<: *cilium diff --git a/badhouseplants/values/values.roles.yaml b/badhouseplants/values/values.roles.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/badhouseplants/values/values.roles.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml index dc2bd62..3e87e83 100644 --- a/charts/namespaces/chart/templates/namespaces.yaml +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -10,8 +10,9 @@ metadata: {{- with $ns.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with $ns.annotations}} annotations: + "helm.sh/resource-policy": keep + {{- with $ns.annotations}} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/roles/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml new file mode 100644 index 0000000..c2d5cc6 --- /dev/null +++ b/charts/roles/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: roles +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl new file mode 100644 index 0000000..2927519 --- /dev/null +++ b/charts/roles/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "roles.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "roles.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "roles.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "roles.labels" -}} +helm.sh/chart: {{ include "roles.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml new file mode 100644 index 0000000..7cb85dc --- /dev/null +++ b/charts/roles/templates/namespaces.yaml @@ -0,0 +1,23 @@ +{{- if .Values.roles }} +{{- range $roles := .Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $roles.kind }} +metadata: + name: {{ $roles.name }} + namespace: {{ $roles.namespace }} + labels: + {{- include "roles.labels" $ | nindent 4 }} + {{- with $roles.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $roles.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +{{- with $roles.rules }} +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/charts/roles/values.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/releases.yaml b/releases.yaml index 7c999fd..e8a4277 100644 --- a/releases.yaml +++ b/releases.yaml @@ -106,6 +106,14 @@ templates: inherit: - template: default-env-values + roles: &roles + name: roles + chart: '{{ requiredEnv "PWD" }}/charts/roles' + namespace: kube-public + createNamespace: false + inherit: + - template: default-env-values + metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server -- 2.45.2 From 4d5ee1f6c52e81d5c0c1c341f623e096f7c98fff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:51:18 +0100 Subject: [PATCH 41/69] Update db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index e8a4277..5a2d274 100644 --- a/releases.yaml +++ b/releases.yaml @@ -354,7 +354,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.18.0 + version: 1.20.0 db-instances: &db-instances name: db-instances -- 2.45.2 From a6b30b3337bb5db06361574ebfdad4c044330f5d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 17 Feb 2024 02:20:54 +0100 Subject: [PATCH 42/69] Cleanup db-operator --- .../values/secrets.db-instances.yaml | 28 +++++++------------ .../values/values.db-instances.yaml | 20 ------------- releases.yaml | 1 - 3 files changed, 10 insertions(+), 39 deletions(-) diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index f8caa3a..ffe6efa 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -1,16 +1,8 @@ dbinstances: - postgres: - secrets: - adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] - adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] postgres16: secrets: - adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] - adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] - mysql: - secrets: - adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] - adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] + adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] + adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] sops: kms: [] gcp_kms: [] @@ -20,14 +12,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl + RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx + Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho + d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq + Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T02:28:20Z" - mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] + lastmodified: "2024-02-17T01:05:06Z" + mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 8e16c19..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -1,15 +1,5 @@ --- dbinstances: - postgres: - monitoring: - enabled: false - adminSecretRef: - Name: postgres-secret - Namespace: database-service - engine: postgres - generic: - host: postgres-postgresql - port: 5432 postgres16: monitoring: enabled: false @@ -20,13 +10,3 @@ dbinstances: generic: host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 - mysql: - monitoring: - enabled: false - adminSecretRef: - Name: mysql-secret - Namespace: database-service - engine: mysql - generic: - host: mysql - port: 3306 diff --git a/releases.yaml b/releases.yaml index 5a2d274..ff68c1f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -286,7 +286,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - - template: ext-database minio: &minio name: minio -- 2.45.2 From a20017c9b7f2ebe5cdde7f3f1d64a7d6dcacd1c3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 15:44:31 +0100 Subject: [PATCH 43/69] Start setting up shadowsocks --- .../values/values.istio-ingressgateway.yaml | 4 + manifests/shadowsocks/install.yaml | 78 +++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 manifests/shadowsocks/install.yaml diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 8e39d27..94fe69a 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -2,6 +2,10 @@ service: type: LoadBalancer externalTrafficPolicy: Local ports: + - name: shadowsocks + port: 8388 + protocol: TCP + targetPort: 8388 - name: minecraft port: 25565 protocol: TCP diff --git a/manifests/shadowsocks/install.yaml b/manifests/shadowsocks/install.yaml new file mode 100644 index 0000000..a539b01 --- /dev/null +++ b/manifests/shadowsocks/install.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shadowsocks-deployment + labels: + app: shadowsocks +spec: + replicas: 1 + selector: + matchLabels: + app: shadowsocks + template: + metadata: + labels: + app: shadowsocks + spec: + containers: + - name: shadowsocks-libev + image: shadowsocks/shadowsocks-libev + env: + - name: METHOD + value: chacha20-ietf-poly1305 + - name: PASSWORD + value: test12345 + ports: + - containerPort: 8388 + securityContext: + capabilities: + add: + - NET_ADMIN +--- +apiVersion: v1 +kind: Service +metadata: + name: shadowsocks + labels: + app: shadowsocks +spec: + type: ClusterIP + ports: + - port: 8388 + protocol: TCP + selector: + app: shadowsocks +--- +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: badhouseplants-shadowsocks + namespace: istio-system +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: tcp + number: 8388 + protocol: TCP +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: shadowsocks +spec: + gateways: + - istio-system/badhouseplants-shadowsocks + hosts: + - '*' + tcp: + - match: + - port: 8388 + route: + - destination: + host: shadowsocks + port: + number: 8388 -- 2.45.2 From fbf483cfc0302db6e2a1935e5da7b5a98fcff142 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 16:26:35 +0100 Subject: [PATCH 44/69] Update openvpn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index ff68c1f..6d8d23d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 5b478e594e27849764d9f38489be7ba448dd7ff6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:08 +0100 Subject: [PATCH 45/69] Cleanup the backup cluster --- badhouseplants/helmfile.yaml | 8 +++++++- etersoft/helmfile.yaml | 5 ----- helmfile.yaml | 5 ----- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 39e25bd..fd0641c 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -115,7 +115,7 @@ releases: installed: true namespace: mail-service createNamespace: true - + - <<: *tandoor installed: true namespace: tandoor-application @@ -125,6 +125,12 @@ releases: installed: false namespace: mailu-application createNamespace: false + + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 98684a6..d861bbd 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,11 +7,6 @@ releases: namespace: openvpn-service createNamespace: false - - <<: *postgres16 - installed: true - namespace: database-service - createNamespace: true - bases: - ../environments.yaml - ../repositories.yaml diff --git a/helmfile.yaml b/helmfile.yaml index c813fb4..de9aa6b 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,11 +46,6 @@ releases: namespace: reflector-system createNamespace: true - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - - <<: *metallb-resources installed: true namespace: metallb-system -- 2.45.2 From 3c8f6a243c0bea83002d89c624b5810475df6528 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:23 +0100 Subject: [PATCH 46/69] Update istio bundle --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6d8d23d..db5e056 100644 --- a/releases.yaml +++ b/releases.yaml @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.2 + version: 1.20.3 istio-base: &istio-base name: istio-base -- 2.45.2 From cc1cf4e650af4dd94887112120e88a49e07a125d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:48:21 +0100 Subject: [PATCH 47/69] Update cilium --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index db5e056..d1d94af 100644 --- a/releases.yaml +++ b/releases.yaml @@ -426,7 +426,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.14.6 + version: 1.15.1 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From b93d4e0b2beeb0aec3d03f80db37eaad61a81d9a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:03:04 +0100 Subject: [PATCH 48/69] Update bunch of releases --- badhouseplants/values/secrets.argocd.yaml | 22 ++++++++--------- badhouseplants/values/values.argocd.yaml | 29 +++++++++++------------ releases.yaml | 20 ++++++++-------- 3 files changed, 35 insertions(+), 36 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 371d4d1..befdd81 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,10 @@ server: - config: - dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] + configs: + dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 + YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs + WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 + TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti + LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-04T16:16:37Z" - mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] + lastmodified: "2024-02-20T22:58:37Z" + mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index e8d0bce..0acc84b 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -58,21 +58,6 @@ server: enabled: true serviceMonitor: enabled: false - rbacConfig: - policy.default: role:readonly - scopes: "[email, group]" - policy.csv: | - g, allanger@zohomail.com, role:admin - g, allanger@badhouseplants.net, role:admin - g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, *, badhouseplants/*,allow - config: - exec.enabled: "true" - url: https://argo.badhouseplants.net - kustomize.buildOptions: "--enable-alpha-plugins" - accounts.drone: apiKey, login - accounts.drone.enabled: "true" - extraArgs: - --insecure @@ -86,6 +71,20 @@ repoServer: - name: regcred configs: + rbac: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, *, badhouseplants/*,allow + cm: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" credentialTemplates: ssh-creds: url: git@github.com diff --git a/releases.yaml b/releases.yaml index d1d94af..ccc0215 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.11.0 + version: 3.12.0 values: - common/values.{{ .Release.Name }}.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.1 + version: 1.14.2 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.53.13 + version: 6.2.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.6.1 + version: 56.8.2 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.42.2 + version: 5.43.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.2.3 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.14.0 + version: 4.15.0 inherit: - template: default-env-values - template: default-env-secrets @@ -337,7 +337,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.12.1 + version: 18.14.0 inherit: - template: default-env-values - template: default-env-secrets @@ -345,7 +345,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.0.1 + version: 14.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -408,7 +408,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.8.12 + version: 0.9.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From c5ade9c28b5c0c8c2c1b1e95695045e476198c79 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:08:14 +0100 Subject: [PATCH 49/69] Update longhorn and openvpn --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index ccc0215..7fb40d3 100644 --- a/releases.yaml +++ b/releases.yaml @@ -144,7 +144,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.3 + version: 1.6.0 inherit: - template: default-env-values @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.8 + version: 1.1.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 9b8c729d654cfee50afae78581950e7963b20675 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:36:23 +0100 Subject: [PATCH 50/69] Update sops file --- badhouseplants/values/secrets.minecraft.yaml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 1639eb7..6a54d19 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -1,11 +1,11 @@ minecraftServer: rcon: - password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] + password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] mcbackup: resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,14 +15,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o + dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 + azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK + QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk + lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T15:32:19Z" - mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] + lastmodified: "2024-02-20T23:30:03Z" + mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 -- 2.45.2 From e255ee4e99eb3b67cfeb04f93279a08822885ce9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:50:11 +0100 Subject: [PATCH 51/69] Remove minecraft from the repo --- badhouseplants/helmfile.yaml | 5 - badhouseplants/values/secrets.minecraft.yaml | 28 --- badhouseplants/values/values.minecraft.yaml | 180 ------------------- badhouseplants/values/values.namespaces.yaml | 5 + releases.yaml | 9 - repositories.yaml | 2 - 6 files changed, 5 insertions(+), 224 deletions(-) delete mode 100644 badhouseplants/values/secrets.minecraft.yaml delete mode 100644 badhouseplants/values/values.minecraft.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index fd0641c..30d3395 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -30,11 +30,6 @@ releases: namespace: nrodionov-application createNamespace: false - - <<: *minecraft - installed: true - namespace: minecraft-application - createNamespace: false - - <<: *gitea installed: true namespace: gitea-service diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml deleted file mode 100644 index 6a54d19..0000000 --- a/badhouseplants/values/secrets.minecraft.yaml +++ /dev/null @@ -1,28 +0,0 @@ -minecraftServer: - rcon: - password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] -mcbackup: - resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o - dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 - azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK - QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk - lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T23:30:03Z" - mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml deleted file mode 100644 index e5df96a..0000000 --- a/badhouseplants/values/values.minecraft.yaml +++ /dev/null @@ -1,180 +0,0 @@ ---- -# -------------------------------------------------- -# -- Extensions values -# -------------------------------------------------- -service-account: - enabled: true - resources: - - name: minecraft-exporter - label: - app: minecraft-minecraft-metrics - endpoints: - port: metrics -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: minecraft-tcp - gateway: istio-system/badhouseplants-minecraft - kind: tcp - port_match: 25565 - hostname: "*" - service: minecraft-minecraft - port: 25565 -# -------------------------------------------------- -# -- Main values -# -------------------------------------------------- -image: - tag: java17-graalvm-ce - pullPolicy: Always - -resources: - requests: - memory: 3Gi - cpu: 256m - limits: - memory: 3Gi - -lifecycle: - postStart: - - bash - - -c - - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 - -readinessProbe: - command: - - mc-health - periodSeconds: 20 - failureThreshold: 50 - timeoutSeconds: 10 -livenessProbe: - timeoutSeconds: 10 - -minecraftServer: - overrideServerProperties: true - eula: "TRUE" - onlineMode: false - difficulty: hard - hardcore: true - version: 1.20.1 - maxWorldSize: 90000 - type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar - gameMode: survival - pvp: true - rcon: - enabled: true - withGeneratedPassword: false - port: 25575 - serviceType: ClusterIP - extraPorts: - - name: metrics - containerPort: 9225 - protocol: TCP - service: - enabled: true - embedded: false - labels: - exporter: minecraft - type: ClusterIP - port: 9925 - ingress: - enabled: false -persistence: - dataDir: - enabled: true - Size: 15Gi -mcbackup: - enabled: false - backupInterval: 2h - pauseIfNoPlayers: "false" - pruneBackupsDays: 2 - rconRetries: 5 - rconRetryInterval: 10s - excludes: "*.jar,cache,logs" - backupMethod: restic - resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft - resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" - resources: - requests: - memory: 512Mi - cpu: 100m - persistence: - backupDir: - enabled: false -# --------------------------------------------- -# -- Install Plugins -# --------------------------------------------- -initContainers: - - name: 0-install-prometheus-exporter - image: alpine/curl - command: - - curl - - -L - - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" - - -o - - /data/plugins/prometheus-exporter.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-password-plugin - image: alpine/curl - command: - - curl - - -L - - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - - -o - - /data/plugins/PasswordProtect.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-gravity-control-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar - - -o - - /data/plugins/GravityControl-1.3.0.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-fast-minecart-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - - -o - - /data/plugins/FastMinecarts.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - - name: 1-add-plugins-to-minecraft - image: alpine/curl - command: - - sh - - -c - - cp -r /in /out/plugins - volumeMounts: - - name: plugins - mountPath: /in - readOnly: false - - name: datadir - mountPath: /out -extraVolumes: - - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - volumes: - - name: plugins - emptyDir: - sizeLimit: 500Mi diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index d752942..c0232d1 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -8,6 +8,11 @@ namespaces: - name: argo-system - name: nrodionov-application - name: minecraft-application + annotations: + badohouseplants.net/git-repo: | + https://git.badhouseplants.net/badhouseplants/minecraft-helmfile + badhouseplants.net/ci: | + https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - name: monitoring-system diff --git a/releases.yaml b/releases.yaml index 7fb40d3..8e126d7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -296,15 +296,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minecraft: &minecraft - name: minecraft - chart: minecraft-server-charts/minecraft - version: 4.15.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - gitea: &gitea name: gitea chart: gitea/gitea diff --git a/repositories.yaml b/repositories.yaml index 9e7eced..0a82ac7 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -11,8 +11,6 @@ repositories: url: https://charts.bitnami.com/bitnami - name: minio url: https://charts.min.io/ - - name: minecraft-server-charts - url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea -- 2.45.2 From 773b70bb3a5acb6efa196987fce84b6bcc9e3564 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 22 Feb 2024 22:15:27 +0100 Subject: [PATCH 52/69] Udpate values --- badhouseplants/values/values.db-instances.yaml | 2 +- badhouseplants/values/values.namespaces.yaml | 1 + releases.yaml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index bfd0e1d..2032930 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 + port: '5432' diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c0232d1..b10de2e 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -29,3 +29,4 @@ namespaces: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application + - name: kube-services diff --git a/releases.yaml b/releases.yaml index 8e126d7..7b04ab5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -344,12 +344,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.20.0 + version: 1.21.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.2.0 + version: 2.3.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 630819f88712feeb72d6aec01a8c28b3ec6f5f41 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 23 Feb 2024 00:47:38 +0100 Subject: [PATCH 53/69] Fix ArgoCD oauth --- badhouseplants/values/secrets.argocd.yaml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index befdd81..81405e1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,9 @@ -server: - configs: - dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: + cm: + dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +13,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 - YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs - WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 - TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti - LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw + MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 + V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 + THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 + DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T22:58:37Z" - mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] + lastmodified: "2024-02-22T23:43:36Z" + mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- 2.45.2 From 97117aa3f28037df25ad5eef18c76396e954a50a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 29 Feb 2024 16:04:12 +0100 Subject: [PATCH 54/69] Update dbinstances --- badhouseplants/values/values.db-instances.yaml | 2 +- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 2032930..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: '5432' + port: 5432 diff --git a/releases.yaml b/releases.yaml index 7b04ab5..7d00a7b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -349,7 +349,7 @@ templates: db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.3.0 + version: 2.3.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 2211d9b3881b69f5819c5aab70ff5b3883ed2164 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 11 Mar 2024 11:16:03 +0100 Subject: [PATCH 55/69] Update charts --- releases.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d00a7b..75b9769 100644 --- a/releases.yaml +++ b/releases.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.2 + version: 1.14.4 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.2.3 + version: 6.6.0 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.8.2 + version: 57.0.1 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.2 + version: 5.43.6 inherit: - template: monitoring-common - template: default-env-values @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.1.1 + version: 1.2.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.3.0 + version: 20.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.15 + version: 5.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.1 + version: 10.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.14.0 + version: 18.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.1.3 + version: 14.3.1 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.19.1 + version: 9.23.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.238 + version: 7.1.256 mailu: &mailu name: mailu @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.0 + version: 0.9.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 8a85d32722da26c1d8f91ea25950a305d3b67592 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Mar 2024 11:16:58 +0100 Subject: [PATCH 56/69] Update releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index 75b9769..a68627e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.6.0 + version: 6.7.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.0.1 + version: 57.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.3 + version: 1.21.0 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.0 + version: 1.2.3 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 20.1.2 + version: 21.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.19.1 + version: 19.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.3.1 + version: 15.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.23.0 + version: 10.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.256 + version: 7.1.262 mailu: &mailu name: mailu -- 2.45.2 From a47775d835b80af5dd26bdc3f02ddc41b6cf17d8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:42:13 +0100 Subject: [PATCH 57/69] Update charts --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index a68627e..a212f84 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.2.0 + version: 1.3.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -374,7 +374,7 @@ templates: vaultwarden: &vaultwarden name: vaultwarden chart: allanger-gitea/vaultwarden - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From ba7a32a17f7d22a891b8e1f82f7d8853d09308da Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:44:22 +0100 Subject: [PATCH 58/69] Instll zot --- badhouseplants/helmfile.yaml | 2 ++ badhouseplants/values/values.zot.yaml | 11 +++++++++++ manifests/debug/istio/httpbin.yaml | 18 ++++++++++++++++++ releases.yaml | 12 +++++++++++- repositories.yaml | 10 ++++++++-- 5 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.zot.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 30d3395..cbda993 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,6 +10,8 @@ releases: installed: true - <<: *cilium installed: true + - <<: *zot + installed: true - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml new file mode 100644 index 0000000..f25f24f --- /dev/null +++ b/badhouseplants/values/values.zot.yaml @@ -0,0 +1,11 @@ +istio: + enabled: true + istio: + - name: zot + kind: http + gateway: istio-system/badhouseplants-net + hostname: registry.badhouseplants.net + service: zot + port: 5000 +service: + type: ClusterIP diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index 395418c..f6d57f9 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -24,6 +24,24 @@ spec: number: 8000 host: httpbin --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httpbin + namespace: debug +spec: + rules: + - host: httpbin.rocks + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: httpbin + port: + number: 8000 +--- apiVersion: v1 kind: Service metadata: diff --git a/releases.yaml b/releases.yaml index a212f84..7ec4d2d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -417,8 +417,18 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.1 + version: 1.15.2 createNamespace: false namespace: kube-system inherit: - template: default-env-values + + zot: &zot + name: zot + chart: zot/zot + version: 0.1.52 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: ext-istio-resource diff --git a/repositories.yaml b/repositories.yaml index 0a82ac7..0134e5a 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -45,7 +45,13 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ - - name: coredns + - name: coredns url: https://coredns.github.io/helm - - name: cilium + - name: cilium url: https://helm.cilium.io/ + - name: phybros-helm-charts + url: https://phybros.github.io/helm-charts + - name: nextcloud + url: https://nextcloud.github.io/helm/ + - name: zot + url: https://zotregistry.dev/helm-charts/ -- 2.45.2 From c4dd8bd6e473929aa400a24d844fa1053505d585 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 21:48:31 +0100 Subject: [PATCH 59/69] Install zot --- badhouseplants/values/secrets.zot.yaml | 23 +++++++++++++++++++++++ badhouseplants/values/values.zot.yaml | 25 +++++++++++++++++++++++++ releases.yaml | 1 + 3 files changed, 49 insertions(+) create mode 100644 badhouseplants/values/secrets.zot.yaml diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml new file mode 100644 index 0000000..4019155 --- /dev/null +++ b/badhouseplants/values/secrets.zot.yaml @@ -0,0 +1,23 @@ +configFiles: + config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] +authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 + dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk + WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv + REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ + ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-25T10:24:20Z" + mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index f25f24f..c418f5c 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -9,3 +9,28 @@ istio: port: 5000 service: type: ClusterIP +persistence: true +pvc: + create: true + accessMode: "ReadWriteOnce" + storage: 5Gi + storageClassName: longhorn +mountConfig: true +mountSecret: true + #configFiles: + # ui.json: |- + # { + # "log": { + # "level": "info" + # }, + # "extensions": { + # "search": { + # "cve": { + # "updateInterval": "2h" + # } + # }, + # "ui": { + # "enable": true + # } + # } + # } diff --git a/releases.yaml b/releases.yaml index 7ec4d2d..d431f97 100644 --- a/releases.yaml +++ b/releases.yaml @@ -431,4 +431,5 @@ templates: namespace: kube-services inherit: - template: default-env-values + - template: default-env-secrets - template: ext-istio-resource -- 2.45.2 From bcab058394b2da5c5977daf4faaa49cc885c89a1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 22:25:21 +0100 Subject: [PATCH 60/69] Init helmule config --- helmule/helmule.yaml | 235 ++++++++++++++++++++++++++++++++++++++++++ repositories-oci.yaml | 4 + 2 files changed, 239 insertions(+) create mode 100644 helmule/helmule.yaml create mode 100644 repositories-oci.yaml diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml new file mode 100644 index 0000000..5be7c9a --- /dev/null +++ b/helmule/helmule.yaml @@ -0,0 +1,235 @@ +charts: + - repository: metrics-server + name: metrics-server + mirrors: + - custom-commands + - repository: metallb + name: metallb + mirrors: + - custom-commands + - repository: bedag + name: raw + mirrors: + - custom-commands + - repository: jetstack + name: cert-manager + mirrors: + - custom-commands + - repository: longhorn + name: longhorn + mirrors: + - custom-commands + - repository: argo + name: argo-cd + mirrors: + - custom-commands + - repository: prometheus-community + name: kube-prometheus-stack + mirrors: + - custom-commands + - repository: grafana + name: loki + mirrors: + - custom-commands + - repository: grafana + name: promtail + mirrors: + - custom-commands + - repository: istio + name: base + mirrors: + - custom-commands + - repository: istio + name: gateway + mirrors: + - custom-commands + - repository: istio + name: istiod + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn-xor + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn + mirrors: + - custom-commands + - repository: drone + name: drone + mirrors: + - custom-commands + - repository: drone + name: drone-runner-docker + mirrors: + - custom-commands + - repository: woodpecker + name: woodpecker + mirrors: + - custom-commands + - repository: bitnami + name: wordpress + mirrors: + - custom-commands + - repository: minio + name: minio + mirrors: + - custom-commands + - repository: gitea + name: gitea + mirrors: + - custom-commands + - repository: ananace-charts + name: funkwhale + mirrors: + - custom-commands + - repository: bitwarden + name: vaultwarden + mirrors: + - custom-commands + - repository: bitnami + name: redis + mirrors: + - custom-commands + - repository: bitnami + name: postgresql + mirrors: + - custom-commands + - repository: db-operator + name: db-operator + mirrors: + - custom-commands + - repository: db-operator + name: db-instances + mirrors: + - custom-commands + - repository: bitnami + name: mysql + mirrors: + - custom-commands + - repository: allanger-gitea + name: docker-mailserver + mirrors: + - custom-commands + - repository: allanger-gitea + name: vaultwarden + mirrors: + - custom-commands + - repository: emberstack + name: reflector + mirrors: + - custom-commands + - repository: mailu + name: mailu + mirrors: + - custom-commands + - repository: gabe565 + name: tandoor + mirrors: + - custom-commands + - repository: coredns + name: coredns + mirrors: + - custom-commands + - repository: cilium + name: cilium + mirrors: + - custom-commands + - repository: zot + name: zot + mirrors: + - custom-commands +mirrors: + - name: custom-commands + custom_command: + package: + - helm package -d package . + upload: + - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants + - rm -rf ./package +repositories: + - name: metrics-server + helm: + url: https://kubernetes-sigs.github.io/metrics-server/ + - name: jetstack + helm: + url: https://charts.jetstack.io + - name: istio + helm: + url: https://istio-release.storage.googleapis.com/charts + - name: drone + helm: + url: https://charts.drone.io + - name: bitnami + helm: + url: https://charts.bitnami.com/bitnami + - name: minio + helm: + url: https://charts.min.io/ + - name: longhorn + helm: + url: https://charts.longhorn.io + - name: gitea + helm: + url: https://dl.gitea.io/charts/ + - name: ananace-charts + helm: + url: https://ananace.gitlab.io/charts + - name: argo + helm: + url: https://argoproj.github.io/argo-helm + - name: bedag + helm: + url: https://bedag.github.io/helm-charts/ + - name: metallb + helm: + url: https://metallb.github.io/metallb + - name: prometheus-community + helm: + url: https://prometheus-community.github.io/helm-charts + - name: grafana + helm: + url: https://grafana.github.io/helm-charts + - name: bitwarden + helm: + url: https://constin.github.io/vaultwarden-helm/ + - name: db-operator + helm: + url: https://db-operator.github.io/charts + - name: allanger-gitea + helm: + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + helm: + url: https://badhouseplants.github.io/helm-charts/ + - name: woodpecker + helm: + url: https://woodpecker-ci.org + - name: firefly-iii + helm: + url: https://firefly-iii.github.io/kubernetes/ + - name: emberstack + helm: + url: https://emberstack.github.io/helm-charts + - name: gabe565 + helm: + url: https://charts.gabe565.com + - name: mailu + helm: + url: https://mailu.github.io/helm-charts/ + - name: coredns + helm: + url: https://coredns.github.io/helm + - name: cilium + helm: + url: https://helm.cilium.io/ + - name: phybros-helm-charts + helm: + url: https://phybros.github.io/helm-charts + - name: nextcloud + helm: + url: https://nextcloud.github.io/helm/ + - name: zot + helm: + url: https://zotregistry.dev/helm-charts/ + diff --git a/repositories-oci.yaml b/repositories-oci.yaml new file mode 100644 index 0000000..5db4d1e --- /dev/null +++ b/repositories-oci.yaml @@ -0,0 +1,4 @@ +repositories: + - name: badhouseplants-oci + url: registry.badhouseplants.net/badhouseplants + oci: true -- 2.45.2 From ff0f34551a544dff8e08989fbc3874f5b220421d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Apr 2024 11:31:15 +0200 Subject: [PATCH 61/69] Update charts --- badhouseplants/helmfile.yaml | 1 + .../values/secrets.chartmuseum.yaml | 24 ++++++++++++++ badhouseplants/values/values.chartmuseum.yaml | 19 +++++++++++ releases.yaml | 32 ++++++++++++------- repositories.yaml | 2 ++ 5 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/secrets.chartmuseum.yaml create mode 100644 badhouseplants/values/values.chartmuseum.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index cbda993..3d901cd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,6 +12,7 @@ releases: installed: true - <<: *zot installed: true + - <<: *chartmuseum - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/secrets.chartmuseum.yaml b/badhouseplants/values/secrets.chartmuseum.yaml new file mode 100644 index 0000000..8e14680 --- /dev/null +++ b/badhouseplants/values/secrets.chartmuseum.yaml @@ -0,0 +1,24 @@ +env: + secret: + BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] + BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 + OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl + a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY + TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg + H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-27T08:47:35Z" + mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.chartmuseum.yaml b/badhouseplants/values/values.chartmuseum.yaml new file mode 100644 index 0000000..8ea6b10 --- /dev/null +++ b/badhouseplants/values/values.chartmuseum.yaml @@ -0,0 +1,19 @@ +istio: + enabled: true + istio: + - name: chartmuseum + kind: http + gateway: istio-system/badhouseplants-net + hostname: helm.badhouseplants.net + service: chartmuseum + port: 8080 +env: + open: + AUTH_ANONYMOUS_GET: true + DISABLE_API: false + CORS_ALLOWORIGIN: "*" +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 2Gi + path: /storage diff --git a/releases.yaml b/releases.yaml index d431f97..f66cf73 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.3 + version: 0.14.4 metallb-resources: &metallb-resources name: metallb-resources @@ -144,14 +144,14 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.0 + version: 1.6.1 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.3 + version: 6.7.6 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.1.0 + version: 57.2.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.6 + version: 5.47.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.5 + version: 21.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.1 + version: 19.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.1.2 + version: 15.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.1 + version: 0.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.2 + version: 1.15.3 createNamespace: false namespace: kube-system inherit: @@ -426,7 +426,17 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.52 + version: 0.1.53 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + chartmuseum: &chartmuseum + name: chartmuseum + chart: chartmuseum/chartmuseum + version: 3.10.2 createNamespace: false namespace: kube-services inherit: diff --git a/repositories.yaml b/repositories.yaml index 0134e5a..2ce3602 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -55,3 +55,5 @@ repositories: url: https://nextcloud.github.io/helm/ - name: zot url: https://zotregistry.dev/helm-charts/ + - name: chartmuseum + url: https://chartmuseum.github.io/charts -- 2.45.2 From 262417f1cf5c56aded53c82007b1c0ca63e587be Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Apr 2024 13:51:38 +0200 Subject: [PATCH 62/69] A lot of updates and disable loki --- badhouseplants/helmfile.yaml | 6 +- badhouseplants/values/secrets.zot.yaml | 18 ++-- .../values.istio-gateway-resources.yaml | 10 ++ .../values/values.istio-ingressgateway.yaml | 4 + badhouseplants/values/values.istiod.yaml | 2 +- badhouseplants/values/values.loki.yaml | 91 +++++++++++++++++-- badhouseplants/values/values.postgres16.yaml | 17 ++++ badhouseplants/values/values.zot.yaml | 2 + releases.yaml | 36 +++++--- repositories.yaml | 2 + 10 files changed, 154 insertions(+), 34 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 3d901cd..b1464e4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,8 +11,10 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: true + installed: false - <<: *chartmuseum + installed: false + - <<: *keel - <<: *drone installed: true namespace: drone-service @@ -115,7 +117,7 @@ releases: createNamespace: true - <<: *tandoor - installed: true + installed: false namespace: tandoor-application createNamespace: true diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 4019155..14ecac2 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] -authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] + config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] +authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 - dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk - WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv - REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ - ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 + emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw + N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy + ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V + WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-25T10:24:20Z" - mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + lastmodified: "2024-04-08T15:15:59Z" + mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index 9349206..acbca74 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -22,6 +22,16 @@ istio-gateway: gateways: - name: badhouseplants-net servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: grpc-web + number: 8080 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE - hosts: - badhouseplants.net - '*.badhouseplants.net' diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 94fe69a..b97223d 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -18,6 +18,10 @@ service: port: 80 protocol: TCP targetPort: 80 + - name: grpc-web + port: 8080 + protocol: TCP + targetPort: 8080 - name: https port: 443 protocol: TCP diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index 01529ce..d788392 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 100m + cpu: 20m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index f3a74e8..c160d28 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,24 +1,99 @@ --- global: dnsService: "coredns" -singleBinary: - replicas: 1 - persistence: - size: 5Gi + loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' + commonConfig: + replication_factor: 1 + schemaConfig: + configs: + - from: 2024-04-01 + store: tsdb + object_store: s3 + schema: v13 + index: + prefix: loki_index_ + period: 24h + ingester: + chunk_encoding: snappy + tracing: + enabled: true + querier: + # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing + max_concurrent: 2 + +compactor: + retention_enabled: true +limits_config: + retention_period: 14d + monitoring: selfMonitoring: enabled: false lokiCanary: enabled: false -test: + +#gateway: +# ingress: +# enabled: true +# hosts: +# - host: FIXME +# paths: +# - path: / +# pathType: Prefix + +deploymentMode: SingleBinary +singleBinary: + persistence: + size: 5Gi + replicas: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + extraEnv: + # Keep a little bit lower than memory limits + - name: GOMEMLIMIT + value: 3750MiB + +chunksCache: + # default is 500MB, with limited memory keep this smaller + writebackSizeLimit: 10MB + +minio: enabled: false + +# Zero out replica counts of other deployment modes +backend: + replicas: 0 +read: + replicas: 0 +write: + replicas: 0 + +ingester: + replicas: 0 +querier: + replicas: 0 +queryFrontend: + replicas: 0 +queryScheduler: + replicas: 0 +distributor: + replicas: 0 compactor: - retention_enabled: true -limits_config: - retention_period: 14d + replicas: 0 +indexGateway: + replicas: 0 +bloomCompactor: + replicas: 0 +bloomGateway: + replicas: 0 diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index cbcb751..92cef0b 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -8,3 +8,20 @@ persistence: metrics: enabled: false +primary: + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsNonRoot: false + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index c418f5c..e7afd09 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -7,6 +7,8 @@ istio: hostname: registry.badhouseplants.net service: zot port: 5000 +strategy: + type: Recreate service: type: ClusterIP persistence: true diff --git a/releases.yaml b/releases.yaml index f66cf73..2c7d858 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.0 + version: 3.12.1 values: - common/values.{{ .Release.Name }}.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.6 + version: 6.7.12 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.2.0 + version: 58.1.3 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.47.2 + version: 6.3.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.0 + version: 1.21.1 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.7 + version: 22.1.7 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.3 + version: 10.1.4 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.2 + version: 19.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.0 + version: 15.2.5 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.21.0 + version: 1.23.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.0 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -365,7 +365,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.2.0 + version: 2.3.1 inherit: - template: default-env-values - template: ext-istio-gateway @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.3 + version: 0.9.5 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.3 + version: 1.15.4 createNamespace: false namespace: kube-system inherit: @@ -443,3 +443,11 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel + name: keel + chart: keel/keel + version: 1.0.3 + createNamespace: false + namespace: kube-system + + diff --git a/repositories.yaml b/repositories.yaml index 2ce3602..2900540 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -57,3 +57,5 @@ repositories: url: https://zotregistry.dev/helm-charts/ - name: chartmuseum url: https://chartmuseum.github.io/charts + - name: keel + url: https://charts.keel.sh -- 2.45.2 From 5d4eae31528edf361d7e8b66c204c73577398017 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 11 May 2024 20:52:58 +0200 Subject: [PATCH 63/69] Some updates to the config --- badhouseplants/helmfile.yaml | 4 ++-- badhouseplants/values/secrets.zot.yaml | 18 ++++++++--------- releases.yaml | 28 +++++++++++++------------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b1464e4..25de42b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,7 +11,7 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: false + installed: true - <<: *chartmuseum installed: false - <<: *keel @@ -51,7 +51,7 @@ releases: createNamespace: true - <<: *loki - installed: true + installed: false namespace: monitoring-system createNamespace: false diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 14ecac2..25871e8 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] -authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] + config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] +authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 - emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw - N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy - ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V - WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 + NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du + RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB + M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp + VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-08T15:15:59Z" - mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] + lastmodified: "2024-05-05T17:37:17Z" + mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/releases.yaml b/releases.yaml index 2c7d858..9144955 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.4 + version: 0.14.5 metallb-resources: &metallb-resources name: metallb-resources @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.4 + version: 1.14.5 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.12 + version: 6.8.1 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.1.3 + version: 58.5.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 6.3.2 + version: 6.5.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.1 + version: 1.21.2 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.3 + version: 1.3.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.1.7 + version: 22.2.7 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.1.0 + version: 5.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.1.0 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.5 + version: 15.2.12 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.23.0 + version: 1.25.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.1 + version: 10.2.2 inherit: - template: default-env-values - template: default-env-secrets @@ -426,7 +426,7 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.53 + version: 0.1.54 createNamespace: false namespace: kube-services inherit: -- 2.45.2 From 21f198b0fa5491361969fb1335e782886a38a28e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 13 May 2024 11:39:57 +0200 Subject: [PATCH 64/69] Increase Gitea disk --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 3aaccee..4fb3a9d 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 10Gi + size: 15Gi accessModes: - ReadWriteOnce -- 2.45.2 From 10d7936625a55fab654457b269dc3ba19bd0cc81 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 18 May 2024 15:36:38 +0200 Subject: [PATCH 65/69] Update releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 9144955..ac52cdf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.8.1 + version: 6.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.5.0 + version: 58.5.3 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.2 + version: 1.22.0 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.7 + version: 22.2.11 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.3.0 + version: 19.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.12 + version: 15.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.2 + version: 10.2.4 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.4 + version: 1.15.5 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From 6c83d67c9cc42d452e3a5fb4f3f64553ab0e78d9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 12:20:06 +0200 Subject: [PATCH 66/69] Huge upgraqde to everything --- badhouseplants/helmfile.yaml | 48 ++----- .../values/secrets.vaultwardentest.yaml | 27 ++++ badhouseplants/values/values.argocd.yaml | 33 +++-- .../values/values.docker-mailserver.yaml | 126 +++++------------- badhouseplants/values/values.funkwhale.yaml | 19 ++- badhouseplants/values/values.gitea.yaml | 58 +++++--- .../values/values.local-path-provisioner.yaml | 3 + badhouseplants/values/values.mailu.yaml | 124 +++++++++-------- badhouseplants/values/values.minio.yaml | 33 +++++ badhouseplants/values/values.namespaces.yaml | 8 +- badhouseplants/values/values.nrodionov.yaml | 15 ++- badhouseplants/values/values.openvpn-xor.yaml | 29 ++-- badhouseplants/values/values.traefik.yaml | 78 +++++++++++ badhouseplants/values/values.vaultwarden.yaml | 17 +++ .../values/values.vaultwardentest.yaml | 58 ++++++++ .../values/values.woodpecker-ci.yaml | 16 +++ badhouseplants/values/values.zot.yaml | 25 ++-- common/values.database.yaml | 25 ++++ common/values.tcp-route.yaml | 20 +++ common/values.tcproute.yaml | 13 ++ etersoft/helmfile.yaml | 15 +++ etersoft/values/values.minio.yaml | 4 + helmfile.yaml | 27 +--- manifests/debug/istio/httpbin.yaml | 2 +- manifests/httpo1-cluster-issuer.yaml | 18 +++ releases.yaml | 93 +++++++------ repositories.yaml | 8 +- 27 files changed, 619 insertions(+), 323 deletions(-) create mode 100644 badhouseplants/values/secrets.vaultwardentest.yaml create mode 100644 badhouseplants/values/values.local-path-provisioner.yaml create mode 100644 badhouseplants/values/values.traefik.yaml create mode 100644 badhouseplants/values/values.vaultwardentest.yaml create mode 100644 common/values.tcp-route.yaml create mode 100644 common/values.tcproute.yaml create mode 100644 manifests/httpo1-cluster-issuer.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 25de42b..05f6226 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,20 +10,13 @@ releases: installed: true - <<: *cilium installed: true + + - <<: *local-path-provisioner + - <<: *zot installed: true - - <<: *chartmuseum - installed: false - <<: *keel - - <<: *drone - installed: true - namespace: drone-service - createNamespace: false - - - <<: *drone-runner-docker - installed: true - namespace: drone-service - createNamespace: false + - <<: *traefik - <<: *argocd installed: true @@ -45,21 +38,6 @@ releases: namespace: funkwhale-application createNamespace: false - - <<: *prometheus - installed: true - namespace: monitoring-system - createNamespace: true - - - <<: *loki - installed: false - namespace: monitoring-system - createNamespace: false - - - <<: *promtail - installed: true - namespace: monitoring-system - createNamespace: false - - <<: *bitwarden installed: false namespace: bitwarden-application @@ -95,16 +73,15 @@ releases: namespace: woodpecker-ci createNamespace: true - - - <<: *istio-gateway-resources - installed: true - namespace: istio-system - createNamespace: false - - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application + + - <<: *vaultwardentest + createNamespace: false + installed: true + namespace: applications - <<: *openvpn-xor installed: true @@ -113,12 +90,7 @@ releases: - <<: *docker-mailserver installed: true - namespace: mail-service - createNamespace: true - - - <<: *tandoor - installed: false - namespace: tandoor-application + namespace: applications createNamespace: true - <<: *mailu diff --git a/badhouseplants/values/secrets.vaultwardentest.yaml b/badhouseplants/values/secrets.vaultwardentest.yaml new file mode 100644 index 0000000..39b3c9b --- /dev/null +++ b/badhouseplants/values/secrets.vaultwardentest.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] + password: + value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] + adminToken: + value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-06T15:15:43Z" + mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 0acc84b..71cf854 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,18 +1,4 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: argocd-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: argo.badhouseplants.net - service: argocd-server - port: 80 - controller: resources: limits: @@ -48,18 +34,35 @@ dex: enabled: false serviceMonitor: enabled: false + redis: metrics: enabled: false serviceMonitor: enabled: false + +global: + domain: argo.badhouseplants.net + server: + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + ingressClassName: traefik + tls: true metrics: enabled: true serviceMonitor: enabled: false extraArgs: - --insecure + servicePort: + servicePortHttp: 80 + servicePortHttps: 80 repoServer: metrics: @@ -71,6 +74,8 @@ repoServer: - name: regcred configs: + params: + server.insecure: true rbac: policy.default: role:readonly scopes: "[email, group]" diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 47d6a99..45b25ef 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,125 +1,67 @@ -istio-gateway: +traefik: enabled: true - gateways: - - name: badhouseplants-email - servers: - - hosts: - - "*" - port: - name: smtp - number: 25 - protocol: TCP - - hosts: - - "*" - port: - name: pop3 - number: 110 - protocol: TCP - - hosts: - - "*" - port: - name: imap - number: 143 - protocol: TCP - - hosts: - - "*" - port: - name: smtps - number: 465 - protocol: TCP - - hosts: - - "*" - port: - name: submission - number: 587 - protocol: TCP - - hosts: - - "*" - port: - name: imaps - number: 993 - protocol: TCP - - hosts: - - "*" - port: - name: pop3s - number: 995 - protocol: TCP -istio: - enabled: true - istio: - - name: docker-mailserver-smpt - kind: tcp - gateway: badhouseplants-email + tcpRoutes: + - name: docker-mailserver-smtp service: docker-mailserver - hostname: badhouseplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: docker-mailserver-smpts - kind: tcp - gateway: badhouseplants-email - port_match: 465 - hostname: badhouseplants.net + - name: docker-mailserver-smtps + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtps port: 465 - name: docker-mailserver-smpt-startls - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 587 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtp-startls port: 587 - name: docker-mailserver-imap - kind: tcp - hostname: badhouseplants.net - gateway: badhouseplants-email - port_match: 143 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imap port: 143 - name: docker-mailserver-imaps - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 993 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imaps port: 993 - name: docker-mailserver-pop3 - kind: tcp - gateway: badhouseplants-email - port_match: 110 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3 port: 110 - name: docker-mailserver-pop3s - kind: tcp - gateway: badhouseplants-email - port_match: 993 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3s port: 993 - - name: docker-mailserver-rainloop - kind: http - gateway: istio-system/badhouseplants-net - hostname: mail.badhouseplants.net - service: docker-mailserver-rainloop - port: 80 rainloop: enabled: true ingress: - enabled: false + enabled: true + hosts: + - mail.badhouseplants.net + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: + - secretName: mail-tls-secret + hosts: + - mail.badhouseplants.net + demoMode: enabled: false domains: - badhouseplants.net - mail.badhouseplants.net ssl: - issuer: - name: badhouseplants-issuer - kind: ClusterIssuer - dnsname: badhouseplants.net - dns01provider: cloudflare - useExisting: false + useExisting: true + existingName: mail-tls-secret pod: dockermailserver: enable_fail2ban: "0" diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index e5aeb81..16d0606 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -30,6 +30,22 @@ celery: requests: cpu: 10m memory: 75Mi +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + host: funkwhale.badhouseplants.net + protocol: http + + tls: + - secretName: funkwhale-tls-secret + hosts: + - funkwhale.badhouseplants.net + extraEnv: FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_PROTOCOL: https @@ -39,8 +55,7 @@ persistence: size: 10Gi s3: enabled: false -ingress: - enabled: false + postgresql: enabled: false host: postgres16-postgresql.database-service.svc.cluster.local diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 4fb3a9d..607d4bd 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,25 +1,5 @@ --- # ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: gitea-http - kind: http - gateway: istio-system/badhouseplants-net - hostname: git.badhouseplants.net - service: gitea-http - port: 3000 - - name: gitea-ssh - kind: tcp - gateway: istio-system/badhouseplants-ssh - hostname: "*" - port_match: 22 - service: gitea-ssh - port: 22 -# ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator # ------------------------------------------ @@ -27,9 +7,27 @@ ext-database: enabled: true name: gitea-postgres16 instance: postgres16 + # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: git.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: gitea-tls-secret + hosts: + - git.badhouseplants.net replicaCount: 1 clusterDomain: cluster.local @@ -47,8 +45,6 @@ persistence: accessModes: - ReadWriteOnce -ingress: - enabled: false # ------------------------------------------ # -- Main Gitea settings # ------------------------------------------ @@ -125,3 +121,21 @@ postgresql-ha: enabled: false redis-cluster: enabled: false + +extraDeploy: + - | + {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ include "gitea.fullname" . }}-ssh + spec: + entryPoints: + - git-ssh + routes: + - match: HostSNI(`git.badhouseplants.net`) + services: + - name: "{{ include "gitea.fullname" . }}-ssh" + port: 22 + nativeLB: true + {{- end }} diff --git a/badhouseplants/values/values.local-path-provisioner.yaml b/badhouseplants/values/values.local-path-provisioner.yaml new file mode 100644 index 0000000..aa1d3e2 --- /dev/null +++ b/badhouseplants/values/values.local-path-provisioner.yaml @@ -0,0 +1,3 @@ +storageClass: + create: true + defaultClass: false diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index aba9e11..966fbac 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,81 +1,64 @@ --- -certificate: +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: enabled: true - certificate: - - name: mailu - secretName: mailu-certificate - issuer: - kind: ClusterIssuer - name: badhouseplants-issuer - dnsNames: - - badhouseplants.net - - "email.badhouseplants.net" + name: mailu-postgres16 + instance: postgres16 + extraDatabase: + enabled: true + name: roundcube-postgres16 + instance: postgres16 + # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: +traefik: enabled: true - istio: - - name: mailu-web - kind: http - gateway: istio-system/badhouseplants-net - hostname: email.badhouseplants.net + tcpRoutes: + - name: mailu-smtp service: mailu-front - port: 80 - - name: mailu-smpt - kind: tcp - gateway: badhouseplants-mail - service: mailu-front - hostname: email.badhousplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: mailu-smpts - kind: tcp - gateway: badhouseplants-mail - port_match: 465 - hostname: email.badhousplants.net + - name: mailu-smtps + match: HostSNI(`*`) service: mailu-front + entrypoint: smtps port: 465 - name: mailu-smpt-startls - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 587 + match: HostSNI(`*`) service: mailu-front + entrypoint: smtp-startls port: 587 - name: mailu-imap - kind: tcp - hostname: email.badhousplants.net - gateway: badhouseplants-mail - port_match: 143 + match: HostSNI(`*`) service: mailu-front + entrypoint: imap port: 143 - name: mailu-imaps - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 993 + match: HostSNI(`*`) service: mailu-front + entrypoint: imaps port: 993 - name: mailu-pop3 - kind: tcp - gateway: badhouseplants-mail - port_match: 110 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3 port: 110 - name: mailu-pop3s - kind: tcp - gateway: badhouseplants-mail - port_match: 993 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3s port: 993 subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - - post.badhouseplants.net + - badhouseplants.net + - email.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false @@ -85,13 +68,17 @@ limits: tls: outboundLevel: secure ingress: - enabled: false - tls: false + enabled: true + ingressClassName: traefik + tls: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 tlsFlavorOverride: mail - selfSigned: false - existingSecret: mailu-certificate - realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local - realIpHeader: "X-Envoy-External-Address" + realIpFrom: traefik.kube-system.svc.cluster.local + realIpHeader: "X-Real-IP" front: hostPort: enabled: false @@ -150,16 +137,18 @@ roundcube: mysql: enabled: false postgresql: + enabled: false +## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. +externalDatabase: + ## @param externalDatabase.enabled Set to true to use an external database enabled: true - auth: - enablePostgresUser: true - username: mailu - database: mailu - persistence: - enabled: false - storageClass: "" - accessMode: ReadWriteOnce - size: 2Gi + type: postgresql + existingSecret: mailu-postgres16-creds + existingSecretDatabaseKey: POSTGRES_DB + existingSecretUsernameKey: POSTGRES_USER + existingSecretPasswordKey: POSTGRES_PASSWORD + host: postgres16-postgresql.database-service.svc.cluster.local + port: 5432 rspamd: resources: requests: @@ -181,3 +170,10 @@ webmail: accessModes: [ReadWriteOnce] claimNameOverride: "" annotations: {} +global: + database: + roundcube: + database: applications-roundcube-postgres16 + username: applications-roundcube-postgres16 + existingSecret: roundcube-postgres16-creds + existingSecretPasswordKey: POSTGRES_PASSWORD diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index ef99a67..19b39a0 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -19,6 +19,39 @@ istio: service: minio port: 9000 +ingress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - s3.badhouseplants.net + tls: + - secretName: s3-tls-secret + hosts: + - s3.badhouseplants.net +consoleIngress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - minio.badhouseplants.net + tls: + - secretName: minio-tls-secret + hosts: + - minio.badhouseplants.net + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index b10de2e..7dd45d2 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,10 +1,6 @@ namespaces: - name: longhorn-system - - name: cert-manager - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - name: argo-system - name: nrodionov-application - name: minecraft-application @@ -15,18 +11,16 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: monitoring-system - name: bitwarden-application - name: database-service - name: mail-service - - name: istio-system - name: vaultwarden-application - name: woodpecker-ci - name: openvpn-service - - name: tandoor-application - name: badhouseplants-main labels: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application - name: kube-services + - name: applications \ No newline at end of file diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 14d1b8c..3582f47 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -17,7 +17,20 @@ ext-database: enabled: true name: nrodionov-mysql instance: mysql - +ingress: + enabled: true + pathType: ImplementationSpecific + hostname: dev.nrodionov.info + path: / + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: true + tlsWwwPrefix: false + selfSigned: false wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 9b9171b..5827bde 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -3,17 +3,26 @@ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: - enabled: true - istio: - - name: openvpn-tcp-xor - gateway: istio-system/badhouseplants-vpn - kind: tcp - port_match: 1194 - hostname: "*" - service: openvpn-xor - port: 1194 +# istio: + # enabled: true + # istio: + # - name: openvpn-tcp-xor + # gateway: istio-system/badhouseplants-vpn + # kind: tcp + # port_match: 1194 + # hostname: "*" + # service: openvpn-xor + # port: 1194 # ------------------------------------------ +traefik: + enabled: true + tcpRoutes: + - name: openvpn-xor + service: openvpn-xor + match: HostSNI(`*`) + entrypoint: openvpn + port: 1194 + storage: class: longhorn size: 512Mi diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml new file mode 100644 index 0000000..fb92321 --- /dev/null +++ b/badhouseplants/values/values.traefik.yaml @@ -0,0 +1,78 @@ +globalArguments: + - "--serversTransport.insecureSkipVerify=true" +service: + spec: + externalTrafficPolicy: Local +ports: + git-ssh: + port: 22 + expose: + default: true + exposedPort: 22 + protocol: TCP + openvpn: + port: 1194 + expose: + default: true + exposedPort: 1194 + protocol: TCP + valve-server: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: UDP + valve-rcon: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: TCP + smtp: + port: 25 + protocol: TCP + exposedPort: 25 + expose: + default: true + smtps: + port: 465 + protocol: TCP + exposedPort: 465 + expose: + default: true + smtp-startls: + port: 587 + protocol: TCP + exposedPort: 587 + expose: + default: true + imap: + port: 143 + protocol: TCP + exposedPort: 143 + expose: + default: true + imaps: + port: 993 + protocol: TCP + exposedPort: 993 + expose: + default: true + pop3: + port: 110 + protocol: TCP + exposedPort: 110 + expose: + default: true + pop3s: + port: 995 + protocol: TCP + exposedPort: 995 + expose: + default: true + minecraft: + port: 25565 + protocol: TCP + exposedPort: 25565 + expose: + default: true diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index b4afad8..8114432 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -61,3 +61,20 @@ vaultwarden: enabled: false logfile: "/data/vaultwarden.log" loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vault.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vault.badhouseplants.net diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml new file mode 100644 index 0000000..da8b043 --- /dev/null +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -0,0 +1,58 @@ +service: + port: 8080 +vaultwarden: + smtp: + host: mail.badhouseplants.net + security: "starttls" + port: 587 + from: vaulttest@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vaulttest.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vaulttest.badhouseplants.net" + signupsVerify: "true" + showPassHint: "false" + # database: + # existingSecret: vaultwarden-postgres16-creds + # existingSecretKey: CONNECTION_STRING + # connectionRetries: 15 + # maxConnections: 10 + storage: + enabled: false + # size: 1Gi + # class: longhorn + # dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vaulttest.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vaulttest.badhouseplants.net diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 202daca..62ced72 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,6 +18,22 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: ci.badhouseplants.net + paths: + - path: / + tls: + - secretName: woodpecker-tls-secret + hosts: + - ci.badhouseplants.net #image: # registry: git.badhouseplants.net # repository: allanger/woodpecker-server diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index e7afd09..753b7ae 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -1,12 +1,21 @@ -istio: +ingress: enabled: true - istio: - - name: zot - kind: http - gateway: istio-system/badhouseplants-net - hostname: registry.badhouseplants.net - service: zot - port: 5000 + className: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + pathtype: ImplementationSpecific + hosts: + - host: registry.badhouseplants.net + paths: + - path: / + tls: + - secretName: zot-secret-tls + hosts: + - registry.badhouseplants.net strategy: type: Recreate service: diff --git a/common/values.database.yaml b/common/values.database.yaml index 6685015..eba45ae 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -23,3 +23,28 @@ ext-database: secret: true {{- end }} {{- end }} + + - | + {{- if (.Values.extraDatabase).enabled }} + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.extraDatabase.name }}" + spec: + secretName: "{{ .Values.extraDatabase.name }}-creds" + instance: "{{ .Values.extraDatabase.instance }}" + deletionProtected: true + backup: + enable: false + cron: 0 0 * * * + {{- if .Values.extraDatabase.credentials }} + credentials: + templates: + {{- range $key, $value := .Values.extraDatabase.credentials }} + - name: {{ $key }} + template: {{ $value }} + secret: true + {{- end }} + {{- end }} + {{- end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml new file mode 100644 index 0000000..b995d25 --- /dev/null +++ b/common/values.tcp-route.yaml @@ -0,0 +1,20 @@ +--- +traefik: + templates: + - | + {{ range .Values.tcpRoutes }} + --- + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ .name }} + spec: + entryPoints: + - {{ .entrypoint }} + routes: + - match: {{ .match }} + services: + - name: {{ .service }} + nativeLB: true + port: {{ .port }} + {{- end }} \ No newline at end of file diff --git a/common/values.tcproute.yaml b/common/values.tcproute.yaml new file mode 100644 index 0000000..05e0d89 --- /dev/null +++ b/common/values.tcproute.yaml @@ -0,0 +1,13 @@ +--- +tcproute: + templates: + - | + --- + {{ range .Values.routes }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ printf "%s-%s" .Release.Name .name }} + spec: + {{ tpl (.routes | toYaml | indent 2 | toString) $ }} + {{ end }} diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index d861bbd..677999c 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,6 +7,21 @@ releases: namespace: openvpn-service createNamespace: false + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index deefdb1..ba51cc3 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -95,6 +95,10 @@ buckets: policy: none purge: false versioning: false + - name: velero-test + policy: none + purge: false + versioning: false - name: restic policy: none purge: false diff --git a/helmfile.yaml b/helmfile.yaml index de9aa6b..735e9ba 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,24 +11,9 @@ releases: namespace: kube-system createNamespace: false - - <<: *istio-base - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istio-gateway - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istiod - installed: true - namespace: istio-system - createNamespace: false - - <<: *cert-manager installed: true - namespace: cert-manager + namespace: kube-system createNamespace: false - <<: *minio @@ -38,17 +23,17 @@ releases: - <<: *metallb installed: true - namespace: metallb-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *reflector installed: true - namespace: reflector-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *metallb-resources installed: true - namespace: metallb-system + namespace: kube-system createNamespace: false helmfiles: diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index f6d57f9..bc5f0b1 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -31,7 +31,7 @@ metadata: namespace: debug spec: rules: - - host: httpbin.rocks + - host: "httpbin.badhouseplants.net" http: paths: - path: / diff --git a/manifests/httpo1-cluster-issuer.yaml b/manifests/httpo1-cluster-issuer.yaml new file mode 100644 index 0000000..547b892 --- /dev/null +++ b/manifests/httpo1-cluster-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/instance: cluster-issuer + app.kubernetes.io/name: acme-cluster-issuer + name: badhouseplants-issuer-http01 +spec: + acme: + email: allanger@zohomail.com + preferredChain: "" + privateKeySecretRef: + name: badhouseplants-issuer-htt01-account-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + ingressClassName: traefik diff --git a/releases.yaml b/releases.yaml index ac52cdf..c8797c2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,4 +1,3 @@ ---- templates: # --------------------------- # -- Hooks @@ -49,6 +48,14 @@ templates: values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + ext-tcp-routes: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: traefik + values: + - '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml' + ext-istio-resource: dependencies: - chart: bedag/raw @@ -56,6 +63,7 @@ templates: alias: istio values: - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: dependencies: - chart: bedag/raw @@ -137,25 +145,24 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.5 + version: 1.15.0 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.1 + version: 1.6.2 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.9.3 + version: 7.1.3 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource monitoring-common: labels: @@ -170,7 +177,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: crd-management-hook - - template: ext-istio-resource loki: &loki name: loki @@ -231,10 +237,10 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.3.0 + version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource + - template: ext-tcp-routes openvpn: &openvpn name: openvpn @@ -242,7 +248,6 @@ templates: version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource # ---------------------------- # -- Drone # ---------------------------- @@ -256,7 +261,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: drone-common drone-runner-docker: &drone-runner-docker @@ -271,21 +275,19 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.3.0 + version: 1.4.0 inherit: - template: ext-database - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.11 + version: 22.4.10 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource minio: &minio name: minio @@ -294,16 +296,14 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.4 + version: 10.2.0 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database funkwhale: &funkwhale @@ -313,7 +313,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database bitwarden: &bitwarden @@ -323,12 +322,11 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource redis: &redis name: redis chart: bitnami/redis - version: 19.3.3 + version: 19.5.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +334,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.3.3 + version: 15.5.5 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +355,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.4 + version: 11.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -368,8 +366,7 @@ templates: version: 2.3.1 inherit: - template: default-env-values - - template: ext-istio-gateway - - template: ext-istio-resource + - template: ext-tcp-routes vaultwarden: &vaultwarden name: vaultwarden @@ -378,9 +375,16 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database + vaultwarden-test: &vaultwardentest + name: vaultwardentest + chart: allanger-gitea/vaultwarden + version: 1.2.0 + inherit: + - template: default-env-values + - template: default-env-secrets + reflector: &reflector name: reflector chart: emberstack/reflector @@ -393,8 +397,9 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-certificate + - template: ext-tcp-routes + - template: ext-database tandoor: &tandoor name: tandoor @@ -403,13 +408,12 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database coredns: &coredns name: coredns chart: coredns/coredns - version: 1.29.0 + version: 1.31.0 namespace: kube-system inherit: - template: default-env-values @@ -417,7 +421,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.5 + version: 1.15.6 createNamespace: false namespace: kube-system inherit: @@ -426,23 +430,14 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.54 - createNamespace: false - namespace: kube-services - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - chartmuseum: &chartmuseum - name: chartmuseum - chart: chartmuseum/chartmuseum - version: 3.10.2 + version: 0.1.56 createNamespace: false namespace: kube-services inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel name: keel chart: keel/keel @@ -450,4 +445,20 @@ templates: createNamespace: false namespace: kube-system - + traefik: &traefik + name: traefik + chart: traefik/traefik + version: 28.2.0 + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + + local-path-provisioner: &local-path-provisioner + name: local-path-provisioner + chart: local-path-provisioner/local-path-provisioner + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + diff --git a/repositories.yaml b/repositories.yaml index 2900540..5ffcf86 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -31,8 +31,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + # - name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker @@ -59,3 +59,7 @@ repositories: url: https://chartmuseum.github.io/charts - name: keel url: https://charts.keel.sh + - name: traefik + url: https://traefik.github.io/charts + - name: local-path-provisioner + url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 -- 2.45.2 From d6d93998cb6b16d74f20616d2c2adb21af7e4f78 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 20:45:50 +0200 Subject: [PATCH 67/69] Update traefik --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index c8797c2..3092fe6 100644 --- a/releases.yaml +++ b/releases.yaml @@ -448,7 +448,7 @@ templates: traefik: &traefik name: traefik chart: traefik/traefik - version: 28.2.0 + version: 28.3.0 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From 697e5f374651c757719aa79a662f7875c95f4076 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Jun 2024 17:23:33 +0200 Subject: [PATCH 68/69] Add a storage to the vaultwarden test --- badhouseplants/values/values.vaultwardentest.yaml | 14 +++++++------- releases.yaml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml index da8b043..7796066 100644 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -20,21 +20,21 @@ vaultwarden: port: "8080" workers: "10" webVaultEnabled: "true" - signupsAllowed: false + signupsAllowed: true invitationsAllowed: true signupDomains: "https://vaulttest.badhouseplants.net" - signupsVerify: "true" - showPassHint: "false" + signupsVerify: false + showPassHint: true # database: # existingSecret: vaultwarden-postgres16-creds # existingSecretKey: CONNECTION_STRING # connectionRetries: 15 # maxConnections: 10 storage: - enabled: false - # size: 1Gi - # class: longhorn - # dataDir: /data + enabled: true + size: 512Mi + class: longhorn + dataDir: /data logging: enabled: false logfile: "/data/vaultwarden.log" diff --git a/releases.yaml b/releases.yaml index 3092fe6..f07b763 100644 --- a/releases.yaml +++ b/releases.yaml @@ -275,7 +275,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.4.0 + version: 1.5.0 inherit: - template: ext-database - template: default-env-values -- 2.45.2 From 14dbe234eaac4d3a0412982c9e2dda010e607d36 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 22 Jun 2024 13:28:53 +0200 Subject: [PATCH 69/69] Cleanup namespaces --- badhouseplants/values/values.namespaces.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 7dd45d2..c11513c 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -11,7 +11,6 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: bitwarden-application - name: database-service - name: mail-service - name: vaultwarden-application @@ -21,6 +20,4 @@ namespaces: labels: istio-injection: enabled - name: badhouseplants-preview - - name: mailu-application - name: kube-services - - name: applications \ No newline at end of file -- 2.45.2