From fb6a016b6683080a05163101c1c7d46fac61d3d6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 10 Feb 2024 22:00:32 +0100 Subject: [PATCH 01/35] Revert "[Minecraft] Password plugin update" This reverts commit 0591ae21ce38cde5c7824d0e1387d25a5f09e8a5. --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 6234128..e5df96a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -127,7 +127,7 @@ initContainers: command: - curl - -L - - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - -o - /data/plugins/PasswordProtect.jar volumeMounts: -- 2.45.2 From f4c9224ae69e36ef737304b3a3da645d7d35f2fa Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:39:37 +0100 Subject: [PATCH 02/35] Enable limits and store minecraft logs --- .woodpecker/.helmfile.yml | 15 +++++++++++++++ badhouseplants/values/values.promtail.yaml | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 355d333..166422c 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -1,11 +1,25 @@ when: event: push + + +.k8s-limits: &k8s-limits + backend_options: + kubernetes: + resources: + requests: + memory: 200Mi + cpu: 100m + limits: + memory: 400Mi + cpu: 200m + matrix: ENVIRONMENT: - badhouseplants - etersoft steps: diff: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -17,6 +31,7 @@ steps: - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets apply: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 6ab31f3..4976174 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!~"mail-service|woodpecker"}' + selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' action: drop -- 2.45.2 From 1cb2c5f2595ecd4e442b66114205c67d27ed5b43 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:57:07 +0100 Subject: [PATCH 03/35] Increase limits --- .woodpecker/.helmfile.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 166422c..fd6ed63 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,11 +7,11 @@ when: kubernetes: resources: requests: - memory: 200Mi - cpu: 100m - limits: memory: 400Mi - cpu: 200m + cpu: 1000m + limits: + memory: 800Mi + cpu: 1500m matrix: ENVIRONMENT: -- 2.45.2 From 99972808b7f5b7d02558375d5b088745bda8830f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 09:00:05 +0100 Subject: [PATCH 04/35] Increase limits --- .woodpecker/.helmfile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index fd6ed63..2407cd8 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,10 +7,10 @@ when: kubernetes: resources: requests: - memory: 400Mi + memory: 1024Mi cpu: 1000m limits: - memory: 800Mi + memory: 1512Mi cpu: 1500m matrix: -- 2.45.2 From d67cf1a273075c734f63738bc5b7f5d09fa6887a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Feb 2024 15:49:31 +0100 Subject: [PATCH 05/35] Add new ns --- badhouseplants/values/values.namespaces.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 838f30b..d752942 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -20,4 +20,7 @@ namespaces: - name: openvpn-service - name: tandoor-application - name: badhouseplants-main + labels: + istio-injection: enabled + - name: badhouseplants-preview - name: mailu-application -- 2.45.2 From 21ff595d4063ab76b63263b2a87fa486aa2640d2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:47:14 +0100 Subject: [PATCH 06/35] Some small chagnes --- badhouseplants/helmfile.yaml | 2 + badhouseplants/values/values.roles.yaml | 9 ++++ .../chart/templates/namespaces.yaml | 3 +- charts/roles/.helmignore | 23 ++++++++++ charts/roles/Chart.yaml | 6 +++ charts/roles/templates/_helpers.tpl | 43 +++++++++++++++++++ charts/roles/templates/namespaces.yaml | 23 ++++++++++ charts/roles/values.yaml | 9 ++++ releases.yaml | 8 ++++ 9 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 badhouseplants/values/values.roles.yaml create mode 100644 charts/roles/.helmignore create mode 100644 charts/roles/Chart.yaml create mode 100644 charts/roles/templates/_helpers.tpl create mode 100644 charts/roles/templates/namespaces.yaml create mode 100644 charts/roles/values.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 0ec24c9..39e25bd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -4,6 +4,8 @@ releases: - <<: *namespaces installed: true + - <<: *roles + installed: true - <<: *coredns installed: true - <<: *cilium diff --git a/badhouseplants/values/values.roles.yaml b/badhouseplants/values/values.roles.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/badhouseplants/values/values.roles.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml index dc2bd62..3e87e83 100644 --- a/charts/namespaces/chart/templates/namespaces.yaml +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -10,8 +10,9 @@ metadata: {{- with $ns.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with $ns.annotations}} annotations: + "helm.sh/resource-policy": keep + {{- with $ns.annotations}} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/roles/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml new file mode 100644 index 0000000..c2d5cc6 --- /dev/null +++ b/charts/roles/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: roles +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl new file mode 100644 index 0000000..2927519 --- /dev/null +++ b/charts/roles/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "roles.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "roles.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "roles.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "roles.labels" -}} +helm.sh/chart: {{ include "roles.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml new file mode 100644 index 0000000..7cb85dc --- /dev/null +++ b/charts/roles/templates/namespaces.yaml @@ -0,0 +1,23 @@ +{{- if .Values.roles }} +{{- range $roles := .Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $roles.kind }} +metadata: + name: {{ $roles.name }} + namespace: {{ $roles.namespace }} + labels: + {{- include "roles.labels" $ | nindent 4 }} + {{- with $roles.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $roles.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +{{- with $roles.rules }} +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/charts/roles/values.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/releases.yaml b/releases.yaml index 7c999fd..e8a4277 100644 --- a/releases.yaml +++ b/releases.yaml @@ -106,6 +106,14 @@ templates: inherit: - template: default-env-values + roles: &roles + name: roles + chart: '{{ requiredEnv "PWD" }}/charts/roles' + namespace: kube-public + createNamespace: false + inherit: + - template: default-env-values + metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server -- 2.45.2 From 4d5ee1f6c52e81d5c0c1c341f623e096f7c98fff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:51:18 +0100 Subject: [PATCH 07/35] Update db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index e8a4277..5a2d274 100644 --- a/releases.yaml +++ b/releases.yaml @@ -354,7 +354,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.18.0 + version: 1.20.0 db-instances: &db-instances name: db-instances -- 2.45.2 From a6b30b3337bb5db06361574ebfdad4c044330f5d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 17 Feb 2024 02:20:54 +0100 Subject: [PATCH 08/35] Cleanup db-operator --- .../values/secrets.db-instances.yaml | 28 +++++++------------ .../values/values.db-instances.yaml | 20 ------------- releases.yaml | 1 - 3 files changed, 10 insertions(+), 39 deletions(-) diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index f8caa3a..ffe6efa 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -1,16 +1,8 @@ dbinstances: - postgres: - secrets: - adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] - adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] postgres16: secrets: - adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] - adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] - mysql: - secrets: - adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] - adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] + adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] + adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] sops: kms: [] gcp_kms: [] @@ -20,14 +12,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl + RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx + Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho + d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq + Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T02:28:20Z" - mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] + lastmodified: "2024-02-17T01:05:06Z" + mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 8e16c19..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -1,15 +1,5 @@ --- dbinstances: - postgres: - monitoring: - enabled: false - adminSecretRef: - Name: postgres-secret - Namespace: database-service - engine: postgres - generic: - host: postgres-postgresql - port: 5432 postgres16: monitoring: enabled: false @@ -20,13 +10,3 @@ dbinstances: generic: host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 - mysql: - monitoring: - enabled: false - adminSecretRef: - Name: mysql-secret - Namespace: database-service - engine: mysql - generic: - host: mysql - port: 3306 diff --git a/releases.yaml b/releases.yaml index 5a2d274..ff68c1f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -286,7 +286,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - - template: ext-database minio: &minio name: minio -- 2.45.2 From a20017c9b7f2ebe5cdde7f3f1d64a7d6dcacd1c3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 15:44:31 +0100 Subject: [PATCH 09/35] Start setting up shadowsocks --- .../values/values.istio-ingressgateway.yaml | 4 + manifests/shadowsocks/install.yaml | 78 +++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 manifests/shadowsocks/install.yaml diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 8e39d27..94fe69a 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -2,6 +2,10 @@ service: type: LoadBalancer externalTrafficPolicy: Local ports: + - name: shadowsocks + port: 8388 + protocol: TCP + targetPort: 8388 - name: minecraft port: 25565 protocol: TCP diff --git a/manifests/shadowsocks/install.yaml b/manifests/shadowsocks/install.yaml new file mode 100644 index 0000000..a539b01 --- /dev/null +++ b/manifests/shadowsocks/install.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shadowsocks-deployment + labels: + app: shadowsocks +spec: + replicas: 1 + selector: + matchLabels: + app: shadowsocks + template: + metadata: + labels: + app: shadowsocks + spec: + containers: + - name: shadowsocks-libev + image: shadowsocks/shadowsocks-libev + env: + - name: METHOD + value: chacha20-ietf-poly1305 + - name: PASSWORD + value: test12345 + ports: + - containerPort: 8388 + securityContext: + capabilities: + add: + - NET_ADMIN +--- +apiVersion: v1 +kind: Service +metadata: + name: shadowsocks + labels: + app: shadowsocks +spec: + type: ClusterIP + ports: + - port: 8388 + protocol: TCP + selector: + app: shadowsocks +--- +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: badhouseplants-shadowsocks + namespace: istio-system +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: tcp + number: 8388 + protocol: TCP +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: shadowsocks +spec: + gateways: + - istio-system/badhouseplants-shadowsocks + hosts: + - '*' + tcp: + - match: + - port: 8388 + route: + - destination: + host: shadowsocks + port: + number: 8388 -- 2.45.2 From fbf483cfc0302db6e2a1935e5da7b5a98fcff142 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 16:26:35 +0100 Subject: [PATCH 10/35] Update openvpn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index ff68c1f..6d8d23d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 5b478e594e27849764d9f38489be7ba448dd7ff6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:08 +0100 Subject: [PATCH 11/35] Cleanup the backup cluster --- badhouseplants/helmfile.yaml | 8 +++++++- etersoft/helmfile.yaml | 5 ----- helmfile.yaml | 5 ----- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 39e25bd..fd0641c 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -115,7 +115,7 @@ releases: installed: true namespace: mail-service createNamespace: true - + - <<: *tandoor installed: true namespace: tandoor-application @@ -125,6 +125,12 @@ releases: installed: false namespace: mailu-application createNamespace: false + + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 98684a6..d861bbd 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,11 +7,6 @@ releases: namespace: openvpn-service createNamespace: false - - <<: *postgres16 - installed: true - namespace: database-service - createNamespace: true - bases: - ../environments.yaml - ../repositories.yaml diff --git a/helmfile.yaml b/helmfile.yaml index c813fb4..de9aa6b 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,11 +46,6 @@ releases: namespace: reflector-system createNamespace: true - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - - <<: *metallb-resources installed: true namespace: metallb-system -- 2.45.2 From 3c8f6a243c0bea83002d89c624b5810475df6528 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:23 +0100 Subject: [PATCH 12/35] Update istio bundle --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6d8d23d..db5e056 100644 --- a/releases.yaml +++ b/releases.yaml @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.2 + version: 1.20.3 istio-base: &istio-base name: istio-base -- 2.45.2 From cc1cf4e650af4dd94887112120e88a49e07a125d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:48:21 +0100 Subject: [PATCH 13/35] Update cilium --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index db5e056..d1d94af 100644 --- a/releases.yaml +++ b/releases.yaml @@ -426,7 +426,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.14.6 + version: 1.15.1 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From b93d4e0b2beeb0aec3d03f80db37eaad61a81d9a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:03:04 +0100 Subject: [PATCH 14/35] Update bunch of releases --- badhouseplants/values/secrets.argocd.yaml | 22 ++++++++--------- badhouseplants/values/values.argocd.yaml | 29 +++++++++++------------ releases.yaml | 20 ++++++++-------- 3 files changed, 35 insertions(+), 36 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 371d4d1..befdd81 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,10 @@ server: - config: - dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] + configs: + dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 + YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs + WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 + TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti + LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-04T16:16:37Z" - mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] + lastmodified: "2024-02-20T22:58:37Z" + mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index e8d0bce..0acc84b 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -58,21 +58,6 @@ server: enabled: true serviceMonitor: enabled: false - rbacConfig: - policy.default: role:readonly - scopes: "[email, group]" - policy.csv: | - g, allanger@zohomail.com, role:admin - g, allanger@badhouseplants.net, role:admin - g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, *, badhouseplants/*,allow - config: - exec.enabled: "true" - url: https://argo.badhouseplants.net - kustomize.buildOptions: "--enable-alpha-plugins" - accounts.drone: apiKey, login - accounts.drone.enabled: "true" - extraArgs: - --insecure @@ -86,6 +71,20 @@ repoServer: - name: regcred configs: + rbac: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, *, badhouseplants/*,allow + cm: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" credentialTemplates: ssh-creds: url: git@github.com diff --git a/releases.yaml b/releases.yaml index d1d94af..ccc0215 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.11.0 + version: 3.12.0 values: - common/values.{{ .Release.Name }}.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.1 + version: 1.14.2 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.53.13 + version: 6.2.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.6.1 + version: 56.8.2 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.42.2 + version: 5.43.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.2.3 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.14.0 + version: 4.15.0 inherit: - template: default-env-values - template: default-env-secrets @@ -337,7 +337,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.12.1 + version: 18.14.0 inherit: - template: default-env-values - template: default-env-secrets @@ -345,7 +345,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.0.1 + version: 14.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -408,7 +408,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.8.12 + version: 0.9.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From c5ade9c28b5c0c8c2c1b1e95695045e476198c79 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:08:14 +0100 Subject: [PATCH 15/35] Update longhorn and openvpn --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index ccc0215..7fb40d3 100644 --- a/releases.yaml +++ b/releases.yaml @@ -144,7 +144,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.3 + version: 1.6.0 inherit: - template: default-env-values @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.8 + version: 1.1.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 9b8c729d654cfee50afae78581950e7963b20675 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:36:23 +0100 Subject: [PATCH 16/35] Update sops file --- badhouseplants/values/secrets.minecraft.yaml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 1639eb7..6a54d19 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -1,11 +1,11 @@ minecraftServer: rcon: - password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] + password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] mcbackup: resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,14 +15,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o + dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 + azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK + QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk + lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T15:32:19Z" - mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] + lastmodified: "2024-02-20T23:30:03Z" + mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 -- 2.45.2 From e255ee4e99eb3b67cfeb04f93279a08822885ce9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:50:11 +0100 Subject: [PATCH 17/35] Remove minecraft from the repo --- badhouseplants/helmfile.yaml | 5 - badhouseplants/values/secrets.minecraft.yaml | 28 --- badhouseplants/values/values.minecraft.yaml | 180 ------------------- badhouseplants/values/values.namespaces.yaml | 5 + releases.yaml | 9 - repositories.yaml | 2 - 6 files changed, 5 insertions(+), 224 deletions(-) delete mode 100644 badhouseplants/values/secrets.minecraft.yaml delete mode 100644 badhouseplants/values/values.minecraft.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index fd0641c..30d3395 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -30,11 +30,6 @@ releases: namespace: nrodionov-application createNamespace: false - - <<: *minecraft - installed: true - namespace: minecraft-application - createNamespace: false - - <<: *gitea installed: true namespace: gitea-service diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml deleted file mode 100644 index 6a54d19..0000000 --- a/badhouseplants/values/secrets.minecraft.yaml +++ /dev/null @@ -1,28 +0,0 @@ -minecraftServer: - rcon: - password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] -mcbackup: - resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o - dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 - azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK - QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk - lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T23:30:03Z" - mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml deleted file mode 100644 index e5df96a..0000000 --- a/badhouseplants/values/values.minecraft.yaml +++ /dev/null @@ -1,180 +0,0 @@ ---- -# -------------------------------------------------- -# -- Extensions values -# -------------------------------------------------- -service-account: - enabled: true - resources: - - name: minecraft-exporter - label: - app: minecraft-minecraft-metrics - endpoints: - port: metrics -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: minecraft-tcp - gateway: istio-system/badhouseplants-minecraft - kind: tcp - port_match: 25565 - hostname: "*" - service: minecraft-minecraft - port: 25565 -# -------------------------------------------------- -# -- Main values -# -------------------------------------------------- -image: - tag: java17-graalvm-ce - pullPolicy: Always - -resources: - requests: - memory: 3Gi - cpu: 256m - limits: - memory: 3Gi - -lifecycle: - postStart: - - bash - - -c - - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 - -readinessProbe: - command: - - mc-health - periodSeconds: 20 - failureThreshold: 50 - timeoutSeconds: 10 -livenessProbe: - timeoutSeconds: 10 - -minecraftServer: - overrideServerProperties: true - eula: "TRUE" - onlineMode: false - difficulty: hard - hardcore: true - version: 1.20.1 - maxWorldSize: 90000 - type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar - gameMode: survival - pvp: true - rcon: - enabled: true - withGeneratedPassword: false - port: 25575 - serviceType: ClusterIP - extraPorts: - - name: metrics - containerPort: 9225 - protocol: TCP - service: - enabled: true - embedded: false - labels: - exporter: minecraft - type: ClusterIP - port: 9925 - ingress: - enabled: false -persistence: - dataDir: - enabled: true - Size: 15Gi -mcbackup: - enabled: false - backupInterval: 2h - pauseIfNoPlayers: "false" - pruneBackupsDays: 2 - rconRetries: 5 - rconRetryInterval: 10s - excludes: "*.jar,cache,logs" - backupMethod: restic - resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft - resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" - resources: - requests: - memory: 512Mi - cpu: 100m - persistence: - backupDir: - enabled: false -# --------------------------------------------- -# -- Install Plugins -# --------------------------------------------- -initContainers: - - name: 0-install-prometheus-exporter - image: alpine/curl - command: - - curl - - -L - - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" - - -o - - /data/plugins/prometheus-exporter.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-password-plugin - image: alpine/curl - command: - - curl - - -L - - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - - -o - - /data/plugins/PasswordProtect.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-gravity-control-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar - - -o - - /data/plugins/GravityControl-1.3.0.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-fast-minecart-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - - -o - - /data/plugins/FastMinecarts.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - - name: 1-add-plugins-to-minecraft - image: alpine/curl - command: - - sh - - -c - - cp -r /in /out/plugins - volumeMounts: - - name: plugins - mountPath: /in - readOnly: false - - name: datadir - mountPath: /out -extraVolumes: - - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - volumes: - - name: plugins - emptyDir: - sizeLimit: 500Mi diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index d752942..c0232d1 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -8,6 +8,11 @@ namespaces: - name: argo-system - name: nrodionov-application - name: minecraft-application + annotations: + badohouseplants.net/git-repo: | + https://git.badhouseplants.net/badhouseplants/minecraft-helmfile + badhouseplants.net/ci: | + https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - name: monitoring-system diff --git a/releases.yaml b/releases.yaml index 7fb40d3..8e126d7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -296,15 +296,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minecraft: &minecraft - name: minecraft - chart: minecraft-server-charts/minecraft - version: 4.15.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - gitea: &gitea name: gitea chart: gitea/gitea diff --git a/repositories.yaml b/repositories.yaml index 9e7eced..0a82ac7 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -11,8 +11,6 @@ repositories: url: https://charts.bitnami.com/bitnami - name: minio url: https://charts.min.io/ - - name: minecraft-server-charts - url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea -- 2.45.2 From 773b70bb3a5acb6efa196987fce84b6bcc9e3564 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 22 Feb 2024 22:15:27 +0100 Subject: [PATCH 18/35] Udpate values --- badhouseplants/values/values.db-instances.yaml | 2 +- badhouseplants/values/values.namespaces.yaml | 1 + releases.yaml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index bfd0e1d..2032930 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 + port: '5432' diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c0232d1..b10de2e 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -29,3 +29,4 @@ namespaces: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application + - name: kube-services diff --git a/releases.yaml b/releases.yaml index 8e126d7..7b04ab5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -344,12 +344,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.20.0 + version: 1.21.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.2.0 + version: 2.3.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 630819f88712feeb72d6aec01a8c28b3ec6f5f41 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 23 Feb 2024 00:47:38 +0100 Subject: [PATCH 19/35] Fix ArgoCD oauth --- badhouseplants/values/secrets.argocd.yaml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index befdd81..81405e1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,9 @@ -server: - configs: - dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: + cm: + dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +13,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 - YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs - WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 - TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti - LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw + MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 + V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 + THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 + DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T22:58:37Z" - mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] + lastmodified: "2024-02-22T23:43:36Z" + mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- 2.45.2 From 97117aa3f28037df25ad5eef18c76396e954a50a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 29 Feb 2024 16:04:12 +0100 Subject: [PATCH 20/35] Update dbinstances --- badhouseplants/values/values.db-instances.yaml | 2 +- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 2032930..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: '5432' + port: 5432 diff --git a/releases.yaml b/releases.yaml index 7b04ab5..7d00a7b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -349,7 +349,7 @@ templates: db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.3.0 + version: 2.3.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 2211d9b3881b69f5819c5aab70ff5b3883ed2164 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 11 Mar 2024 11:16:03 +0100 Subject: [PATCH 21/35] Update charts --- releases.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d00a7b..75b9769 100644 --- a/releases.yaml +++ b/releases.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.2 + version: 1.14.4 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.2.3 + version: 6.6.0 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.8.2 + version: 57.0.1 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.2 + version: 5.43.6 inherit: - template: monitoring-common - template: default-env-values @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.1.1 + version: 1.2.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.3.0 + version: 20.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.15 + version: 5.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.1 + version: 10.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.14.0 + version: 18.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.1.3 + version: 14.3.1 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.19.1 + version: 9.23.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.238 + version: 7.1.256 mailu: &mailu name: mailu @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.0 + version: 0.9.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 8a85d32722da26c1d8f91ea25950a305d3b67592 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Mar 2024 11:16:58 +0100 Subject: [PATCH 22/35] Update releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index 75b9769..a68627e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.6.0 + version: 6.7.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.0.1 + version: 57.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.3 + version: 1.21.0 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.0 + version: 1.2.3 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 20.1.2 + version: 21.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.19.1 + version: 19.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.3.1 + version: 15.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.23.0 + version: 10.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.256 + version: 7.1.262 mailu: &mailu name: mailu -- 2.45.2 From a47775d835b80af5dd26bdc3f02ddc41b6cf17d8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:42:13 +0100 Subject: [PATCH 23/35] Update charts --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index a68627e..a212f84 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.2.0 + version: 1.3.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -374,7 +374,7 @@ templates: vaultwarden: &vaultwarden name: vaultwarden chart: allanger-gitea/vaultwarden - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From ba7a32a17f7d22a891b8e1f82f7d8853d09308da Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:44:22 +0100 Subject: [PATCH 24/35] Instll zot --- badhouseplants/helmfile.yaml | 2 ++ badhouseplants/values/values.zot.yaml | 11 +++++++++++ manifests/debug/istio/httpbin.yaml | 18 ++++++++++++++++++ releases.yaml | 12 +++++++++++- repositories.yaml | 10 ++++++++-- 5 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.zot.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 30d3395..cbda993 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,6 +10,8 @@ releases: installed: true - <<: *cilium installed: true + - <<: *zot + installed: true - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml new file mode 100644 index 0000000..f25f24f --- /dev/null +++ b/badhouseplants/values/values.zot.yaml @@ -0,0 +1,11 @@ +istio: + enabled: true + istio: + - name: zot + kind: http + gateway: istio-system/badhouseplants-net + hostname: registry.badhouseplants.net + service: zot + port: 5000 +service: + type: ClusterIP diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index 395418c..f6d57f9 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -24,6 +24,24 @@ spec: number: 8000 host: httpbin --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httpbin + namespace: debug +spec: + rules: + - host: httpbin.rocks + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: httpbin + port: + number: 8000 +--- apiVersion: v1 kind: Service metadata: diff --git a/releases.yaml b/releases.yaml index a212f84..7ec4d2d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -417,8 +417,18 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.1 + version: 1.15.2 createNamespace: false namespace: kube-system inherit: - template: default-env-values + + zot: &zot + name: zot + chart: zot/zot + version: 0.1.52 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: ext-istio-resource diff --git a/repositories.yaml b/repositories.yaml index 0a82ac7..0134e5a 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -45,7 +45,13 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ - - name: coredns + - name: coredns url: https://coredns.github.io/helm - - name: cilium + - name: cilium url: https://helm.cilium.io/ + - name: phybros-helm-charts + url: https://phybros.github.io/helm-charts + - name: nextcloud + url: https://nextcloud.github.io/helm/ + - name: zot + url: https://zotregistry.dev/helm-charts/ -- 2.45.2 From c4dd8bd6e473929aa400a24d844fa1053505d585 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 21:48:31 +0100 Subject: [PATCH 25/35] Install zot --- badhouseplants/values/secrets.zot.yaml | 23 +++++++++++++++++++++++ badhouseplants/values/values.zot.yaml | 25 +++++++++++++++++++++++++ releases.yaml | 1 + 3 files changed, 49 insertions(+) create mode 100644 badhouseplants/values/secrets.zot.yaml diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml new file mode 100644 index 0000000..4019155 --- /dev/null +++ b/badhouseplants/values/secrets.zot.yaml @@ -0,0 +1,23 @@ +configFiles: + config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] +authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 + dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk + WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv + REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ + ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-25T10:24:20Z" + mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index f25f24f..c418f5c 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -9,3 +9,28 @@ istio: port: 5000 service: type: ClusterIP +persistence: true +pvc: + create: true + accessMode: "ReadWriteOnce" + storage: 5Gi + storageClassName: longhorn +mountConfig: true +mountSecret: true + #configFiles: + # ui.json: |- + # { + # "log": { + # "level": "info" + # }, + # "extensions": { + # "search": { + # "cve": { + # "updateInterval": "2h" + # } + # }, + # "ui": { + # "enable": true + # } + # } + # } diff --git a/releases.yaml b/releases.yaml index 7ec4d2d..d431f97 100644 --- a/releases.yaml +++ b/releases.yaml @@ -431,4 +431,5 @@ templates: namespace: kube-services inherit: - template: default-env-values + - template: default-env-secrets - template: ext-istio-resource -- 2.45.2 From bcab058394b2da5c5977daf4faaa49cc885c89a1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 22:25:21 +0100 Subject: [PATCH 26/35] Init helmule config --- helmule/helmule.yaml | 235 ++++++++++++++++++++++++++++++++++++++++++ repositories-oci.yaml | 4 + 2 files changed, 239 insertions(+) create mode 100644 helmule/helmule.yaml create mode 100644 repositories-oci.yaml diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml new file mode 100644 index 0000000..5be7c9a --- /dev/null +++ b/helmule/helmule.yaml @@ -0,0 +1,235 @@ +charts: + - repository: metrics-server + name: metrics-server + mirrors: + - custom-commands + - repository: metallb + name: metallb + mirrors: + - custom-commands + - repository: bedag + name: raw + mirrors: + - custom-commands + - repository: jetstack + name: cert-manager + mirrors: + - custom-commands + - repository: longhorn + name: longhorn + mirrors: + - custom-commands + - repository: argo + name: argo-cd + mirrors: + - custom-commands + - repository: prometheus-community + name: kube-prometheus-stack + mirrors: + - custom-commands + - repository: grafana + name: loki + mirrors: + - custom-commands + - repository: grafana + name: promtail + mirrors: + - custom-commands + - repository: istio + name: base + mirrors: + - custom-commands + - repository: istio + name: gateway + mirrors: + - custom-commands + - repository: istio + name: istiod + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn-xor + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn + mirrors: + - custom-commands + - repository: drone + name: drone + mirrors: + - custom-commands + - repository: drone + name: drone-runner-docker + mirrors: + - custom-commands + - repository: woodpecker + name: woodpecker + mirrors: + - custom-commands + - repository: bitnami + name: wordpress + mirrors: + - custom-commands + - repository: minio + name: minio + mirrors: + - custom-commands + - repository: gitea + name: gitea + mirrors: + - custom-commands + - repository: ananace-charts + name: funkwhale + mirrors: + - custom-commands + - repository: bitwarden + name: vaultwarden + mirrors: + - custom-commands + - repository: bitnami + name: redis + mirrors: + - custom-commands + - repository: bitnami + name: postgresql + mirrors: + - custom-commands + - repository: db-operator + name: db-operator + mirrors: + - custom-commands + - repository: db-operator + name: db-instances + mirrors: + - custom-commands + - repository: bitnami + name: mysql + mirrors: + - custom-commands + - repository: allanger-gitea + name: docker-mailserver + mirrors: + - custom-commands + - repository: allanger-gitea + name: vaultwarden + mirrors: + - custom-commands + - repository: emberstack + name: reflector + mirrors: + - custom-commands + - repository: mailu + name: mailu + mirrors: + - custom-commands + - repository: gabe565 + name: tandoor + mirrors: + - custom-commands + - repository: coredns + name: coredns + mirrors: + - custom-commands + - repository: cilium + name: cilium + mirrors: + - custom-commands + - repository: zot + name: zot + mirrors: + - custom-commands +mirrors: + - name: custom-commands + custom_command: + package: + - helm package -d package . + upload: + - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants + - rm -rf ./package +repositories: + - name: metrics-server + helm: + url: https://kubernetes-sigs.github.io/metrics-server/ + - name: jetstack + helm: + url: https://charts.jetstack.io + - name: istio + helm: + url: https://istio-release.storage.googleapis.com/charts + - name: drone + helm: + url: https://charts.drone.io + - name: bitnami + helm: + url: https://charts.bitnami.com/bitnami + - name: minio + helm: + url: https://charts.min.io/ + - name: longhorn + helm: + url: https://charts.longhorn.io + - name: gitea + helm: + url: https://dl.gitea.io/charts/ + - name: ananace-charts + helm: + url: https://ananace.gitlab.io/charts + - name: argo + helm: + url: https://argoproj.github.io/argo-helm + - name: bedag + helm: + url: https://bedag.github.io/helm-charts/ + - name: metallb + helm: + url: https://metallb.github.io/metallb + - name: prometheus-community + helm: + url: https://prometheus-community.github.io/helm-charts + - name: grafana + helm: + url: https://grafana.github.io/helm-charts + - name: bitwarden + helm: + url: https://constin.github.io/vaultwarden-helm/ + - name: db-operator + helm: + url: https://db-operator.github.io/charts + - name: allanger-gitea + helm: + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + helm: + url: https://badhouseplants.github.io/helm-charts/ + - name: woodpecker + helm: + url: https://woodpecker-ci.org + - name: firefly-iii + helm: + url: https://firefly-iii.github.io/kubernetes/ + - name: emberstack + helm: + url: https://emberstack.github.io/helm-charts + - name: gabe565 + helm: + url: https://charts.gabe565.com + - name: mailu + helm: + url: https://mailu.github.io/helm-charts/ + - name: coredns + helm: + url: https://coredns.github.io/helm + - name: cilium + helm: + url: https://helm.cilium.io/ + - name: phybros-helm-charts + helm: + url: https://phybros.github.io/helm-charts + - name: nextcloud + helm: + url: https://nextcloud.github.io/helm/ + - name: zot + helm: + url: https://zotregistry.dev/helm-charts/ + diff --git a/repositories-oci.yaml b/repositories-oci.yaml new file mode 100644 index 0000000..5db4d1e --- /dev/null +++ b/repositories-oci.yaml @@ -0,0 +1,4 @@ +repositories: + - name: badhouseplants-oci + url: registry.badhouseplants.net/badhouseplants + oci: true -- 2.45.2 From ff0f34551a544dff8e08989fbc3874f5b220421d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Apr 2024 11:31:15 +0200 Subject: [PATCH 27/35] Update charts --- badhouseplants/helmfile.yaml | 1 + .../values/secrets.chartmuseum.yaml | 24 ++++++++++++++ badhouseplants/values/values.chartmuseum.yaml | 19 +++++++++++ releases.yaml | 32 ++++++++++++------- repositories.yaml | 2 ++ 5 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/secrets.chartmuseum.yaml create mode 100644 badhouseplants/values/values.chartmuseum.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index cbda993..3d901cd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,6 +12,7 @@ releases: installed: true - <<: *zot installed: true + - <<: *chartmuseum - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/secrets.chartmuseum.yaml b/badhouseplants/values/secrets.chartmuseum.yaml new file mode 100644 index 0000000..8e14680 --- /dev/null +++ b/badhouseplants/values/secrets.chartmuseum.yaml @@ -0,0 +1,24 @@ +env: + secret: + BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] + BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 + OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl + a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY + TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg + H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-27T08:47:35Z" + mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.chartmuseum.yaml b/badhouseplants/values/values.chartmuseum.yaml new file mode 100644 index 0000000..8ea6b10 --- /dev/null +++ b/badhouseplants/values/values.chartmuseum.yaml @@ -0,0 +1,19 @@ +istio: + enabled: true + istio: + - name: chartmuseum + kind: http + gateway: istio-system/badhouseplants-net + hostname: helm.badhouseplants.net + service: chartmuseum + port: 8080 +env: + open: + AUTH_ANONYMOUS_GET: true + DISABLE_API: false + CORS_ALLOWORIGIN: "*" +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 2Gi + path: /storage diff --git a/releases.yaml b/releases.yaml index d431f97..f66cf73 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.3 + version: 0.14.4 metallb-resources: &metallb-resources name: metallb-resources @@ -144,14 +144,14 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.0 + version: 1.6.1 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.3 + version: 6.7.6 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.1.0 + version: 57.2.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.6 + version: 5.47.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.5 + version: 21.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.1 + version: 19.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.1.2 + version: 15.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.1 + version: 0.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.2 + version: 1.15.3 createNamespace: false namespace: kube-system inherit: @@ -426,7 +426,17 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.52 + version: 0.1.53 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + chartmuseum: &chartmuseum + name: chartmuseum + chart: chartmuseum/chartmuseum + version: 3.10.2 createNamespace: false namespace: kube-services inherit: diff --git a/repositories.yaml b/repositories.yaml index 0134e5a..2ce3602 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -55,3 +55,5 @@ repositories: url: https://nextcloud.github.io/helm/ - name: zot url: https://zotregistry.dev/helm-charts/ + - name: chartmuseum + url: https://chartmuseum.github.io/charts -- 2.45.2 From 262417f1cf5c56aded53c82007b1c0ca63e587be Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Apr 2024 13:51:38 +0200 Subject: [PATCH 28/35] A lot of updates and disable loki --- badhouseplants/helmfile.yaml | 6 +- badhouseplants/values/secrets.zot.yaml | 18 ++-- .../values.istio-gateway-resources.yaml | 10 ++ .../values/values.istio-ingressgateway.yaml | 4 + badhouseplants/values/values.istiod.yaml | 2 +- badhouseplants/values/values.loki.yaml | 91 +++++++++++++++++-- badhouseplants/values/values.postgres16.yaml | 17 ++++ badhouseplants/values/values.zot.yaml | 2 + releases.yaml | 36 +++++--- repositories.yaml | 2 + 10 files changed, 154 insertions(+), 34 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 3d901cd..b1464e4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,8 +11,10 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: true + installed: false - <<: *chartmuseum + installed: false + - <<: *keel - <<: *drone installed: true namespace: drone-service @@ -115,7 +117,7 @@ releases: createNamespace: true - <<: *tandoor - installed: true + installed: false namespace: tandoor-application createNamespace: true diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 4019155..14ecac2 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] -authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] + config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] +authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 - dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk - WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv - REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ - ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 + emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw + N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy + ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V + WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-25T10:24:20Z" - mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + lastmodified: "2024-04-08T15:15:59Z" + mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index 9349206..acbca74 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -22,6 +22,16 @@ istio-gateway: gateways: - name: badhouseplants-net servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: grpc-web + number: 8080 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE - hosts: - badhouseplants.net - '*.badhouseplants.net' diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 94fe69a..b97223d 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -18,6 +18,10 @@ service: port: 80 protocol: TCP targetPort: 80 + - name: grpc-web + port: 8080 + protocol: TCP + targetPort: 8080 - name: https port: 443 protocol: TCP diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index 01529ce..d788392 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 100m + cpu: 20m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index f3a74e8..c160d28 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,24 +1,99 @@ --- global: dnsService: "coredns" -singleBinary: - replicas: 1 - persistence: - size: 5Gi + loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' + commonConfig: + replication_factor: 1 + schemaConfig: + configs: + - from: 2024-04-01 + store: tsdb + object_store: s3 + schema: v13 + index: + prefix: loki_index_ + period: 24h + ingester: + chunk_encoding: snappy + tracing: + enabled: true + querier: + # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing + max_concurrent: 2 + +compactor: + retention_enabled: true +limits_config: + retention_period: 14d + monitoring: selfMonitoring: enabled: false lokiCanary: enabled: false -test: + +#gateway: +# ingress: +# enabled: true +# hosts: +# - host: FIXME +# paths: +# - path: / +# pathType: Prefix + +deploymentMode: SingleBinary +singleBinary: + persistence: + size: 5Gi + replicas: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + extraEnv: + # Keep a little bit lower than memory limits + - name: GOMEMLIMIT + value: 3750MiB + +chunksCache: + # default is 500MB, with limited memory keep this smaller + writebackSizeLimit: 10MB + +minio: enabled: false + +# Zero out replica counts of other deployment modes +backend: + replicas: 0 +read: + replicas: 0 +write: + replicas: 0 + +ingester: + replicas: 0 +querier: + replicas: 0 +queryFrontend: + replicas: 0 +queryScheduler: + replicas: 0 +distributor: + replicas: 0 compactor: - retention_enabled: true -limits_config: - retention_period: 14d + replicas: 0 +indexGateway: + replicas: 0 +bloomCompactor: + replicas: 0 +bloomGateway: + replicas: 0 diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index cbcb751..92cef0b 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -8,3 +8,20 @@ persistence: metrics: enabled: false +primary: + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsNonRoot: false + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index c418f5c..e7afd09 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -7,6 +7,8 @@ istio: hostname: registry.badhouseplants.net service: zot port: 5000 +strategy: + type: Recreate service: type: ClusterIP persistence: true diff --git a/releases.yaml b/releases.yaml index f66cf73..2c7d858 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.0 + version: 3.12.1 values: - common/values.{{ .Release.Name }}.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.6 + version: 6.7.12 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.2.0 + version: 58.1.3 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.47.2 + version: 6.3.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.0 + version: 1.21.1 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.7 + version: 22.1.7 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.3 + version: 10.1.4 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.2 + version: 19.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.0 + version: 15.2.5 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.21.0 + version: 1.23.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.0 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -365,7 +365,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.2.0 + version: 2.3.1 inherit: - template: default-env-values - template: ext-istio-gateway @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.3 + version: 0.9.5 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.3 + version: 1.15.4 createNamespace: false namespace: kube-system inherit: @@ -443,3 +443,11 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel + name: keel + chart: keel/keel + version: 1.0.3 + createNamespace: false + namespace: kube-system + + diff --git a/repositories.yaml b/repositories.yaml index 2ce3602..2900540 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -57,3 +57,5 @@ repositories: url: https://zotregistry.dev/helm-charts/ - name: chartmuseum url: https://chartmuseum.github.io/charts + - name: keel + url: https://charts.keel.sh -- 2.45.2 From 5d4eae31528edf361d7e8b66c204c73577398017 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 11 May 2024 20:52:58 +0200 Subject: [PATCH 29/35] Some updates to the config --- badhouseplants/helmfile.yaml | 4 ++-- badhouseplants/values/secrets.zot.yaml | 18 ++++++++--------- releases.yaml | 28 +++++++++++++------------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b1464e4..25de42b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,7 +11,7 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: false + installed: true - <<: *chartmuseum installed: false - <<: *keel @@ -51,7 +51,7 @@ releases: createNamespace: true - <<: *loki - installed: true + installed: false namespace: monitoring-system createNamespace: false diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 14ecac2..25871e8 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] -authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] + config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] +authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 - emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw - N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy - ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V - WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 + NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du + RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB + M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp + VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-08T15:15:59Z" - mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] + lastmodified: "2024-05-05T17:37:17Z" + mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/releases.yaml b/releases.yaml index 2c7d858..9144955 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.4 + version: 0.14.5 metallb-resources: &metallb-resources name: metallb-resources @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.4 + version: 1.14.5 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.12 + version: 6.8.1 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.1.3 + version: 58.5.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 6.3.2 + version: 6.5.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.1 + version: 1.21.2 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.3 + version: 1.3.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.1.7 + version: 22.2.7 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.1.0 + version: 5.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.1.0 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.5 + version: 15.2.12 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.23.0 + version: 1.25.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.1 + version: 10.2.2 inherit: - template: default-env-values - template: default-env-secrets @@ -426,7 +426,7 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.53 + version: 0.1.54 createNamespace: false namespace: kube-services inherit: -- 2.45.2 From 21f198b0fa5491361969fb1335e782886a38a28e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 13 May 2024 11:39:57 +0200 Subject: [PATCH 30/35] Increase Gitea disk --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 3aaccee..4fb3a9d 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 10Gi + size: 15Gi accessModes: - ReadWriteOnce -- 2.45.2 From 10d7936625a55fab654457b269dc3ba19bd0cc81 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 18 May 2024 15:36:38 +0200 Subject: [PATCH 31/35] Update releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 9144955..ac52cdf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.8.1 + version: 6.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.5.0 + version: 58.5.3 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.2 + version: 1.22.0 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.7 + version: 22.2.11 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.3.0 + version: 19.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.12 + version: 15.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.2 + version: 10.2.4 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.4 + version: 1.15.5 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From 6c83d67c9cc42d452e3a5fb4f3f64553ab0e78d9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 12:20:06 +0200 Subject: [PATCH 32/35] Huge upgraqde to everything --- badhouseplants/helmfile.yaml | 48 ++----- .../values/secrets.vaultwardentest.yaml | 27 ++++ badhouseplants/values/values.argocd.yaml | 33 +++-- .../values/values.docker-mailserver.yaml | 126 +++++------------- badhouseplants/values/values.funkwhale.yaml | 19 ++- badhouseplants/values/values.gitea.yaml | 58 +++++--- .../values/values.local-path-provisioner.yaml | 3 + badhouseplants/values/values.mailu.yaml | 124 +++++++++-------- badhouseplants/values/values.minio.yaml | 33 +++++ badhouseplants/values/values.namespaces.yaml | 8 +- badhouseplants/values/values.nrodionov.yaml | 15 ++- badhouseplants/values/values.openvpn-xor.yaml | 29 ++-- badhouseplants/values/values.traefik.yaml | 78 +++++++++++ badhouseplants/values/values.vaultwarden.yaml | 17 +++ .../values/values.vaultwardentest.yaml | 58 ++++++++ .../values/values.woodpecker-ci.yaml | 16 +++ badhouseplants/values/values.zot.yaml | 25 ++-- common/values.database.yaml | 25 ++++ common/values.tcp-route.yaml | 20 +++ common/values.tcproute.yaml | 13 ++ etersoft/helmfile.yaml | 15 +++ etersoft/values/values.minio.yaml | 4 + helmfile.yaml | 27 +--- manifests/debug/istio/httpbin.yaml | 2 +- manifests/httpo1-cluster-issuer.yaml | 18 +++ releases.yaml | 93 +++++++------ repositories.yaml | 8 +- 27 files changed, 619 insertions(+), 323 deletions(-) create mode 100644 badhouseplants/values/secrets.vaultwardentest.yaml create mode 100644 badhouseplants/values/values.local-path-provisioner.yaml create mode 100644 badhouseplants/values/values.traefik.yaml create mode 100644 badhouseplants/values/values.vaultwardentest.yaml create mode 100644 common/values.tcp-route.yaml create mode 100644 common/values.tcproute.yaml create mode 100644 manifests/httpo1-cluster-issuer.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 25de42b..05f6226 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,20 +10,13 @@ releases: installed: true - <<: *cilium installed: true + + - <<: *local-path-provisioner + - <<: *zot installed: true - - <<: *chartmuseum - installed: false - <<: *keel - - <<: *drone - installed: true - namespace: drone-service - createNamespace: false - - - <<: *drone-runner-docker - installed: true - namespace: drone-service - createNamespace: false + - <<: *traefik - <<: *argocd installed: true @@ -45,21 +38,6 @@ releases: namespace: funkwhale-application createNamespace: false - - <<: *prometheus - installed: true - namespace: monitoring-system - createNamespace: true - - - <<: *loki - installed: false - namespace: monitoring-system - createNamespace: false - - - <<: *promtail - installed: true - namespace: monitoring-system - createNamespace: false - - <<: *bitwarden installed: false namespace: bitwarden-application @@ -95,16 +73,15 @@ releases: namespace: woodpecker-ci createNamespace: true - - - <<: *istio-gateway-resources - installed: true - namespace: istio-system - createNamespace: false - - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application + + - <<: *vaultwardentest + createNamespace: false + installed: true + namespace: applications - <<: *openvpn-xor installed: true @@ -113,12 +90,7 @@ releases: - <<: *docker-mailserver installed: true - namespace: mail-service - createNamespace: true - - - <<: *tandoor - installed: false - namespace: tandoor-application + namespace: applications createNamespace: true - <<: *mailu diff --git a/badhouseplants/values/secrets.vaultwardentest.yaml b/badhouseplants/values/secrets.vaultwardentest.yaml new file mode 100644 index 0000000..39b3c9b --- /dev/null +++ b/badhouseplants/values/secrets.vaultwardentest.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] + password: + value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] + adminToken: + value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-06T15:15:43Z" + mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 0acc84b..71cf854 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,18 +1,4 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: argocd-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: argo.badhouseplants.net - service: argocd-server - port: 80 - controller: resources: limits: @@ -48,18 +34,35 @@ dex: enabled: false serviceMonitor: enabled: false + redis: metrics: enabled: false serviceMonitor: enabled: false + +global: + domain: argo.badhouseplants.net + server: + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + ingressClassName: traefik + tls: true metrics: enabled: true serviceMonitor: enabled: false extraArgs: - --insecure + servicePort: + servicePortHttp: 80 + servicePortHttps: 80 repoServer: metrics: @@ -71,6 +74,8 @@ repoServer: - name: regcred configs: + params: + server.insecure: true rbac: policy.default: role:readonly scopes: "[email, group]" diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 47d6a99..45b25ef 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,125 +1,67 @@ -istio-gateway: +traefik: enabled: true - gateways: - - name: badhouseplants-email - servers: - - hosts: - - "*" - port: - name: smtp - number: 25 - protocol: TCP - - hosts: - - "*" - port: - name: pop3 - number: 110 - protocol: TCP - - hosts: - - "*" - port: - name: imap - number: 143 - protocol: TCP - - hosts: - - "*" - port: - name: smtps - number: 465 - protocol: TCP - - hosts: - - "*" - port: - name: submission - number: 587 - protocol: TCP - - hosts: - - "*" - port: - name: imaps - number: 993 - protocol: TCP - - hosts: - - "*" - port: - name: pop3s - number: 995 - protocol: TCP -istio: - enabled: true - istio: - - name: docker-mailserver-smpt - kind: tcp - gateway: badhouseplants-email + tcpRoutes: + - name: docker-mailserver-smtp service: docker-mailserver - hostname: badhouseplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: docker-mailserver-smpts - kind: tcp - gateway: badhouseplants-email - port_match: 465 - hostname: badhouseplants.net + - name: docker-mailserver-smtps + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtps port: 465 - name: docker-mailserver-smpt-startls - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 587 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtp-startls port: 587 - name: docker-mailserver-imap - kind: tcp - hostname: badhouseplants.net - gateway: badhouseplants-email - port_match: 143 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imap port: 143 - name: docker-mailserver-imaps - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 993 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imaps port: 993 - name: docker-mailserver-pop3 - kind: tcp - gateway: badhouseplants-email - port_match: 110 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3 port: 110 - name: docker-mailserver-pop3s - kind: tcp - gateway: badhouseplants-email - port_match: 993 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3s port: 993 - - name: docker-mailserver-rainloop - kind: http - gateway: istio-system/badhouseplants-net - hostname: mail.badhouseplants.net - service: docker-mailserver-rainloop - port: 80 rainloop: enabled: true ingress: - enabled: false + enabled: true + hosts: + - mail.badhouseplants.net + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: + - secretName: mail-tls-secret + hosts: + - mail.badhouseplants.net + demoMode: enabled: false domains: - badhouseplants.net - mail.badhouseplants.net ssl: - issuer: - name: badhouseplants-issuer - kind: ClusterIssuer - dnsname: badhouseplants.net - dns01provider: cloudflare - useExisting: false + useExisting: true + existingName: mail-tls-secret pod: dockermailserver: enable_fail2ban: "0" diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index e5aeb81..16d0606 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -30,6 +30,22 @@ celery: requests: cpu: 10m memory: 75Mi +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + host: funkwhale.badhouseplants.net + protocol: http + + tls: + - secretName: funkwhale-tls-secret + hosts: + - funkwhale.badhouseplants.net + extraEnv: FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_PROTOCOL: https @@ -39,8 +55,7 @@ persistence: size: 10Gi s3: enabled: false -ingress: - enabled: false + postgresql: enabled: false host: postgres16-postgresql.database-service.svc.cluster.local diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 4fb3a9d..607d4bd 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,25 +1,5 @@ --- # ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: gitea-http - kind: http - gateway: istio-system/badhouseplants-net - hostname: git.badhouseplants.net - service: gitea-http - port: 3000 - - name: gitea-ssh - kind: tcp - gateway: istio-system/badhouseplants-ssh - hostname: "*" - port_match: 22 - service: gitea-ssh - port: 22 -# ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator # ------------------------------------------ @@ -27,9 +7,27 @@ ext-database: enabled: true name: gitea-postgres16 instance: postgres16 + # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: git.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: gitea-tls-secret + hosts: + - git.badhouseplants.net replicaCount: 1 clusterDomain: cluster.local @@ -47,8 +45,6 @@ persistence: accessModes: - ReadWriteOnce -ingress: - enabled: false # ------------------------------------------ # -- Main Gitea settings # ------------------------------------------ @@ -125,3 +121,21 @@ postgresql-ha: enabled: false redis-cluster: enabled: false + +extraDeploy: + - | + {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ include "gitea.fullname" . }}-ssh + spec: + entryPoints: + - git-ssh + routes: + - match: HostSNI(`git.badhouseplants.net`) + services: + - name: "{{ include "gitea.fullname" . }}-ssh" + port: 22 + nativeLB: true + {{- end }} diff --git a/badhouseplants/values/values.local-path-provisioner.yaml b/badhouseplants/values/values.local-path-provisioner.yaml new file mode 100644 index 0000000..aa1d3e2 --- /dev/null +++ b/badhouseplants/values/values.local-path-provisioner.yaml @@ -0,0 +1,3 @@ +storageClass: + create: true + defaultClass: false diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index aba9e11..966fbac 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,81 +1,64 @@ --- -certificate: +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: enabled: true - certificate: - - name: mailu - secretName: mailu-certificate - issuer: - kind: ClusterIssuer - name: badhouseplants-issuer - dnsNames: - - badhouseplants.net - - "email.badhouseplants.net" + name: mailu-postgres16 + instance: postgres16 + extraDatabase: + enabled: true + name: roundcube-postgres16 + instance: postgres16 + # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: +traefik: enabled: true - istio: - - name: mailu-web - kind: http - gateway: istio-system/badhouseplants-net - hostname: email.badhouseplants.net + tcpRoutes: + - name: mailu-smtp service: mailu-front - port: 80 - - name: mailu-smpt - kind: tcp - gateway: badhouseplants-mail - service: mailu-front - hostname: email.badhousplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: mailu-smpts - kind: tcp - gateway: badhouseplants-mail - port_match: 465 - hostname: email.badhousplants.net + - name: mailu-smtps + match: HostSNI(`*`) service: mailu-front + entrypoint: smtps port: 465 - name: mailu-smpt-startls - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 587 + match: HostSNI(`*`) service: mailu-front + entrypoint: smtp-startls port: 587 - name: mailu-imap - kind: tcp - hostname: email.badhousplants.net - gateway: badhouseplants-mail - port_match: 143 + match: HostSNI(`*`) service: mailu-front + entrypoint: imap port: 143 - name: mailu-imaps - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 993 + match: HostSNI(`*`) service: mailu-front + entrypoint: imaps port: 993 - name: mailu-pop3 - kind: tcp - gateway: badhouseplants-mail - port_match: 110 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3 port: 110 - name: mailu-pop3s - kind: tcp - gateway: badhouseplants-mail - port_match: 993 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3s port: 993 subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - - post.badhouseplants.net + - badhouseplants.net + - email.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false @@ -85,13 +68,17 @@ limits: tls: outboundLevel: secure ingress: - enabled: false - tls: false + enabled: true + ingressClassName: traefik + tls: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 tlsFlavorOverride: mail - selfSigned: false - existingSecret: mailu-certificate - realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local - realIpHeader: "X-Envoy-External-Address" + realIpFrom: traefik.kube-system.svc.cluster.local + realIpHeader: "X-Real-IP" front: hostPort: enabled: false @@ -150,16 +137,18 @@ roundcube: mysql: enabled: false postgresql: + enabled: false +## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. +externalDatabase: + ## @param externalDatabase.enabled Set to true to use an external database enabled: true - auth: - enablePostgresUser: true - username: mailu - database: mailu - persistence: - enabled: false - storageClass: "" - accessMode: ReadWriteOnce - size: 2Gi + type: postgresql + existingSecret: mailu-postgres16-creds + existingSecretDatabaseKey: POSTGRES_DB + existingSecretUsernameKey: POSTGRES_USER + existingSecretPasswordKey: POSTGRES_PASSWORD + host: postgres16-postgresql.database-service.svc.cluster.local + port: 5432 rspamd: resources: requests: @@ -181,3 +170,10 @@ webmail: accessModes: [ReadWriteOnce] claimNameOverride: "" annotations: {} +global: + database: + roundcube: + database: applications-roundcube-postgres16 + username: applications-roundcube-postgres16 + existingSecret: roundcube-postgres16-creds + existingSecretPasswordKey: POSTGRES_PASSWORD diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index ef99a67..19b39a0 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -19,6 +19,39 @@ istio: service: minio port: 9000 +ingress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - s3.badhouseplants.net + tls: + - secretName: s3-tls-secret + hosts: + - s3.badhouseplants.net +consoleIngress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - minio.badhouseplants.net + tls: + - secretName: minio-tls-secret + hosts: + - minio.badhouseplants.net + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index b10de2e..7dd45d2 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,10 +1,6 @@ namespaces: - name: longhorn-system - - name: cert-manager - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - name: argo-system - name: nrodionov-application - name: minecraft-application @@ -15,18 +11,16 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: monitoring-system - name: bitwarden-application - name: database-service - name: mail-service - - name: istio-system - name: vaultwarden-application - name: woodpecker-ci - name: openvpn-service - - name: tandoor-application - name: badhouseplants-main labels: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application - name: kube-services + - name: applications \ No newline at end of file diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 14d1b8c..3582f47 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -17,7 +17,20 @@ ext-database: enabled: true name: nrodionov-mysql instance: mysql - +ingress: + enabled: true + pathType: ImplementationSpecific + hostname: dev.nrodionov.info + path: / + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: true + tlsWwwPrefix: false + selfSigned: false wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 9b9171b..5827bde 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -3,17 +3,26 @@ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: - enabled: true - istio: - - name: openvpn-tcp-xor - gateway: istio-system/badhouseplants-vpn - kind: tcp - port_match: 1194 - hostname: "*" - service: openvpn-xor - port: 1194 +# istio: + # enabled: true + # istio: + # - name: openvpn-tcp-xor + # gateway: istio-system/badhouseplants-vpn + # kind: tcp + # port_match: 1194 + # hostname: "*" + # service: openvpn-xor + # port: 1194 # ------------------------------------------ +traefik: + enabled: true + tcpRoutes: + - name: openvpn-xor + service: openvpn-xor + match: HostSNI(`*`) + entrypoint: openvpn + port: 1194 + storage: class: longhorn size: 512Mi diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml new file mode 100644 index 0000000..fb92321 --- /dev/null +++ b/badhouseplants/values/values.traefik.yaml @@ -0,0 +1,78 @@ +globalArguments: + - "--serversTransport.insecureSkipVerify=true" +service: + spec: + externalTrafficPolicy: Local +ports: + git-ssh: + port: 22 + expose: + default: true + exposedPort: 22 + protocol: TCP + openvpn: + port: 1194 + expose: + default: true + exposedPort: 1194 + protocol: TCP + valve-server: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: UDP + valve-rcon: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: TCP + smtp: + port: 25 + protocol: TCP + exposedPort: 25 + expose: + default: true + smtps: + port: 465 + protocol: TCP + exposedPort: 465 + expose: + default: true + smtp-startls: + port: 587 + protocol: TCP + exposedPort: 587 + expose: + default: true + imap: + port: 143 + protocol: TCP + exposedPort: 143 + expose: + default: true + imaps: + port: 993 + protocol: TCP + exposedPort: 993 + expose: + default: true + pop3: + port: 110 + protocol: TCP + exposedPort: 110 + expose: + default: true + pop3s: + port: 995 + protocol: TCP + exposedPort: 995 + expose: + default: true + minecraft: + port: 25565 + protocol: TCP + exposedPort: 25565 + expose: + default: true diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index b4afad8..8114432 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -61,3 +61,20 @@ vaultwarden: enabled: false logfile: "/data/vaultwarden.log" loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vault.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vault.badhouseplants.net diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml new file mode 100644 index 0000000..da8b043 --- /dev/null +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -0,0 +1,58 @@ +service: + port: 8080 +vaultwarden: + smtp: + host: mail.badhouseplants.net + security: "starttls" + port: 587 + from: vaulttest@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vaulttest.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vaulttest.badhouseplants.net" + signupsVerify: "true" + showPassHint: "false" + # database: + # existingSecret: vaultwarden-postgres16-creds + # existingSecretKey: CONNECTION_STRING + # connectionRetries: 15 + # maxConnections: 10 + storage: + enabled: false + # size: 1Gi + # class: longhorn + # dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vaulttest.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vaulttest.badhouseplants.net diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 202daca..62ced72 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,6 +18,22 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: ci.badhouseplants.net + paths: + - path: / + tls: + - secretName: woodpecker-tls-secret + hosts: + - ci.badhouseplants.net #image: # registry: git.badhouseplants.net # repository: allanger/woodpecker-server diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index e7afd09..753b7ae 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -1,12 +1,21 @@ -istio: +ingress: enabled: true - istio: - - name: zot - kind: http - gateway: istio-system/badhouseplants-net - hostname: registry.badhouseplants.net - service: zot - port: 5000 + className: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + pathtype: ImplementationSpecific + hosts: + - host: registry.badhouseplants.net + paths: + - path: / + tls: + - secretName: zot-secret-tls + hosts: + - registry.badhouseplants.net strategy: type: Recreate service: diff --git a/common/values.database.yaml b/common/values.database.yaml index 6685015..eba45ae 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -23,3 +23,28 @@ ext-database: secret: true {{- end }} {{- end }} + + - | + {{- if (.Values.extraDatabase).enabled }} + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.extraDatabase.name }}" + spec: + secretName: "{{ .Values.extraDatabase.name }}-creds" + instance: "{{ .Values.extraDatabase.instance }}" + deletionProtected: true + backup: + enable: false + cron: 0 0 * * * + {{- if .Values.extraDatabase.credentials }} + credentials: + templates: + {{- range $key, $value := .Values.extraDatabase.credentials }} + - name: {{ $key }} + template: {{ $value }} + secret: true + {{- end }} + {{- end }} + {{- end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml new file mode 100644 index 0000000..b995d25 --- /dev/null +++ b/common/values.tcp-route.yaml @@ -0,0 +1,20 @@ +--- +traefik: + templates: + - | + {{ range .Values.tcpRoutes }} + --- + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ .name }} + spec: + entryPoints: + - {{ .entrypoint }} + routes: + - match: {{ .match }} + services: + - name: {{ .service }} + nativeLB: true + port: {{ .port }} + {{- end }} \ No newline at end of file diff --git a/common/values.tcproute.yaml b/common/values.tcproute.yaml new file mode 100644 index 0000000..05e0d89 --- /dev/null +++ b/common/values.tcproute.yaml @@ -0,0 +1,13 @@ +--- +tcproute: + templates: + - | + --- + {{ range .Values.routes }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ printf "%s-%s" .Release.Name .name }} + spec: + {{ tpl (.routes | toYaml | indent 2 | toString) $ }} + {{ end }} diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index d861bbd..677999c 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,6 +7,21 @@ releases: namespace: openvpn-service createNamespace: false + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index deefdb1..ba51cc3 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -95,6 +95,10 @@ buckets: policy: none purge: false versioning: false + - name: velero-test + policy: none + purge: false + versioning: false - name: restic policy: none purge: false diff --git a/helmfile.yaml b/helmfile.yaml index de9aa6b..735e9ba 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,24 +11,9 @@ releases: namespace: kube-system createNamespace: false - - <<: *istio-base - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istio-gateway - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istiod - installed: true - namespace: istio-system - createNamespace: false - - <<: *cert-manager installed: true - namespace: cert-manager + namespace: kube-system createNamespace: false - <<: *minio @@ -38,17 +23,17 @@ releases: - <<: *metallb installed: true - namespace: metallb-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *reflector installed: true - namespace: reflector-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *metallb-resources installed: true - namespace: metallb-system + namespace: kube-system createNamespace: false helmfiles: diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index f6d57f9..bc5f0b1 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -31,7 +31,7 @@ metadata: namespace: debug spec: rules: - - host: httpbin.rocks + - host: "httpbin.badhouseplants.net" http: paths: - path: / diff --git a/manifests/httpo1-cluster-issuer.yaml b/manifests/httpo1-cluster-issuer.yaml new file mode 100644 index 0000000..547b892 --- /dev/null +++ b/manifests/httpo1-cluster-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/instance: cluster-issuer + app.kubernetes.io/name: acme-cluster-issuer + name: badhouseplants-issuer-http01 +spec: + acme: + email: allanger@zohomail.com + preferredChain: "" + privateKeySecretRef: + name: badhouseplants-issuer-htt01-account-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + ingressClassName: traefik diff --git a/releases.yaml b/releases.yaml index ac52cdf..c8797c2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,4 +1,3 @@ ---- templates: # --------------------------- # -- Hooks @@ -49,6 +48,14 @@ templates: values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + ext-tcp-routes: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: traefik + values: + - '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml' + ext-istio-resource: dependencies: - chart: bedag/raw @@ -56,6 +63,7 @@ templates: alias: istio values: - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: dependencies: - chart: bedag/raw @@ -137,25 +145,24 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.5 + version: 1.15.0 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.1 + version: 1.6.2 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.9.3 + version: 7.1.3 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource monitoring-common: labels: @@ -170,7 +177,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: crd-management-hook - - template: ext-istio-resource loki: &loki name: loki @@ -231,10 +237,10 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.3.0 + version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource + - template: ext-tcp-routes openvpn: &openvpn name: openvpn @@ -242,7 +248,6 @@ templates: version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource # ---------------------------- # -- Drone # ---------------------------- @@ -256,7 +261,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: drone-common drone-runner-docker: &drone-runner-docker @@ -271,21 +275,19 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.3.0 + version: 1.4.0 inherit: - template: ext-database - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.11 + version: 22.4.10 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource minio: &minio name: minio @@ -294,16 +296,14 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.4 + version: 10.2.0 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database funkwhale: &funkwhale @@ -313,7 +313,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database bitwarden: &bitwarden @@ -323,12 +322,11 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource redis: &redis name: redis chart: bitnami/redis - version: 19.3.3 + version: 19.5.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +334,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.3.3 + version: 15.5.5 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +355,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.4 + version: 11.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -368,8 +366,7 @@ templates: version: 2.3.1 inherit: - template: default-env-values - - template: ext-istio-gateway - - template: ext-istio-resource + - template: ext-tcp-routes vaultwarden: &vaultwarden name: vaultwarden @@ -378,9 +375,16 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database + vaultwarden-test: &vaultwardentest + name: vaultwardentest + chart: allanger-gitea/vaultwarden + version: 1.2.0 + inherit: + - template: default-env-values + - template: default-env-secrets + reflector: &reflector name: reflector chart: emberstack/reflector @@ -393,8 +397,9 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-certificate + - template: ext-tcp-routes + - template: ext-database tandoor: &tandoor name: tandoor @@ -403,13 +408,12 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database coredns: &coredns name: coredns chart: coredns/coredns - version: 1.29.0 + version: 1.31.0 namespace: kube-system inherit: - template: default-env-values @@ -417,7 +421,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.5 + version: 1.15.6 createNamespace: false namespace: kube-system inherit: @@ -426,23 +430,14 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.54 - createNamespace: false - namespace: kube-services - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - chartmuseum: &chartmuseum - name: chartmuseum - chart: chartmuseum/chartmuseum - version: 3.10.2 + version: 0.1.56 createNamespace: false namespace: kube-services inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel name: keel chart: keel/keel @@ -450,4 +445,20 @@ templates: createNamespace: false namespace: kube-system - + traefik: &traefik + name: traefik + chart: traefik/traefik + version: 28.2.0 + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + + local-path-provisioner: &local-path-provisioner + name: local-path-provisioner + chart: local-path-provisioner/local-path-provisioner + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + diff --git a/repositories.yaml b/repositories.yaml index 2900540..5ffcf86 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -31,8 +31,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + # - name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker @@ -59,3 +59,7 @@ repositories: url: https://chartmuseum.github.io/charts - name: keel url: https://charts.keel.sh + - name: traefik + url: https://traefik.github.io/charts + - name: local-path-provisioner + url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 -- 2.45.2 From d6d93998cb6b16d74f20616d2c2adb21af7e4f78 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 20:45:50 +0200 Subject: [PATCH 33/35] Update traefik --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index c8797c2..3092fe6 100644 --- a/releases.yaml +++ b/releases.yaml @@ -448,7 +448,7 @@ templates: traefik: &traefik name: traefik chart: traefik/traefik - version: 28.2.0 + version: 28.3.0 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From 697e5f374651c757719aa79a662f7875c95f4076 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Jun 2024 17:23:33 +0200 Subject: [PATCH 34/35] Add a storage to the vaultwarden test --- badhouseplants/values/values.vaultwardentest.yaml | 14 +++++++------- releases.yaml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml index da8b043..7796066 100644 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -20,21 +20,21 @@ vaultwarden: port: "8080" workers: "10" webVaultEnabled: "true" - signupsAllowed: false + signupsAllowed: true invitationsAllowed: true signupDomains: "https://vaulttest.badhouseplants.net" - signupsVerify: "true" - showPassHint: "false" + signupsVerify: false + showPassHint: true # database: # existingSecret: vaultwarden-postgres16-creds # existingSecretKey: CONNECTION_STRING # connectionRetries: 15 # maxConnections: 10 storage: - enabled: false - # size: 1Gi - # class: longhorn - # dataDir: /data + enabled: true + size: 512Mi + class: longhorn + dataDir: /data logging: enabled: false logfile: "/data/vaultwarden.log" diff --git a/releases.yaml b/releases.yaml index 3092fe6..f07b763 100644 --- a/releases.yaml +++ b/releases.yaml @@ -275,7 +275,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.4.0 + version: 1.5.0 inherit: - template: ext-database - template: default-env-values -- 2.45.2 From 14dbe234eaac4d3a0412982c9e2dda010e607d36 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 22 Jun 2024 13:28:53 +0200 Subject: [PATCH 35/35] Cleanup namespaces --- badhouseplants/values/values.namespaces.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 7dd45d2..c11513c 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -11,7 +11,6 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: bitwarden-application - name: database-service - name: mail-service - name: vaultwarden-application @@ -21,6 +20,4 @@ namespaces: labels: istio-injection: enabled - name: badhouseplants-preview - - name: mailu-application - name: kube-services - - name: applications \ No newline at end of file -- 2.45.2