From 6a054f4344e2373e636f76b5f97710e7bca1d8fa Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 Feb 2023 11:16:31 +0100 Subject: [PATCH 001/316] Migrate istio --- .../values/values.istio-gateway.yaml | 31 +++++++++++++++++++ badhouseplants/values/values.istiod.yaml | 7 +++++ badhouseplants/values/values.openvpn.yaml | 1 + bin/migrate.sh | 2 +- etersoft/values/values.istio-gateway.yaml | 17 ++++++++++ etersoft/values/values.istiod.yaml | 7 +++++ etersoft/values/values.openvpn.yaml | 1 + helmfile.yaml | 10 ++++++ releases.yaml | 24 ++++++++++++-- 9 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.istio-gateway.yaml create mode 100644 badhouseplants/values/values.istiod.yaml create mode 100644 etersoft/values/values.istio-gateway.yaml create mode 100644 etersoft/values/values.istiod.yaml diff --git a/badhouseplants/values/values.istio-gateway.yaml b/badhouseplants/values/values.istio-gateway.yaml new file mode 100644 index 0000000..b698e06 --- /dev/null +++ b/badhouseplants/values/values.istio-gateway.yaml @@ -0,0 +1,31 @@ +--- +service: + type: LoadBalancer + ports: + - name: minecraft + port: 25565 + protocol: TCP + targetPort: 25565 + - name: ssh-gitea + port: 22 + protocol: TCP + targetPort: 22 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + - name: tcp + port: 1194 + protocol: TCP + targetPort: 1194 +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 1024Mi diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml new file mode 100644 index 0000000..546495b --- /dev/null +++ b/badhouseplants/values/values.istiod.yaml @@ -0,0 +1,7 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 2048Mi + diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 5fddee6..80b2be6 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -1,3 +1,4 @@ +--- storageClassName: longhorn openvpn: server: "tcp://195.201.250.50:1194" diff --git a/bin/migrate.sh b/bin/migrate.sh index 42d3d2c..b9ef8a9 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -1,3 +1,3 @@ #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done -kubectl get sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-base -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-base" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istiod -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istiod" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/etersoft/values/values.istio-gateway.yaml b/etersoft/values/values.istio-gateway.yaml new file mode 100644 index 0000000..58caaaf --- /dev/null +++ b/etersoft/values/values.istio-gateway.yaml @@ -0,0 +1,17 @@ +--- +service: + type: LoadBalancer + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + diff --git a/etersoft/values/values.istiod.yaml b/etersoft/values/values.istiod.yaml new file mode 100644 index 0000000..036279e --- /dev/null +++ b/etersoft/values/values.istiod.yaml @@ -0,0 +1,7 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 256Mi + diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 2b0c78d..9173f4b 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -1,3 +1,4 @@ +--- storageClassName: microk8s-hostpath openvpn: server: "tcp://91.232.225.63:1194" diff --git a/helmfile.yaml b/helmfile.yaml index 1973e67..76299d8 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -16,6 +16,16 @@ releases: namespace: istio-system createNamespace: false + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + - <<: *cert-manager installed: true namespace: cert-manager diff --git a/releases.yaml b/releases.yaml index f5a4e94..d6cbb12 100644 --- a/releases.yaml +++ b/releases.yaml @@ -37,13 +37,33 @@ templates: set: - name: installCRDs value: true - + # ---------------------------- + # -- Istio + # ---------------------------- + istio-version: + version: 1.16.1 istio-base: &istio-base name: istio-base chart: istio/base - version: 1.16.1 inherit: - template: crd-management-hook + - template: istio-version + + istio-gateway: &istio-gateway + name: istio-gateway + chart: istio/gateway + values: + - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + inherit: + - template: istio-version + + istiod: &istiod + name: istiod + chart: istio/istiod + values: + - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + inherit: + - template: istio-version openvpn: &openvpn name: openvpn -- 2.45.2 From 18109afec3397278e52646fdd72789962803f9cf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 Feb 2023 10:18:26 +0000 Subject: [PATCH 002/316] Migrate Istio completely (#7) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/7 --- .../values/values.istio-gateway.yaml | 31 +++++++++++++++++++ badhouseplants/values/values.istiod.yaml | 7 +++++ badhouseplants/values/values.openvpn.yaml | 1 + bin/migrate.sh | 2 +- etersoft/values/values.istio-gateway.yaml | 17 ++++++++++ etersoft/values/values.istiod.yaml | 7 +++++ etersoft/values/values.openvpn.yaml | 1 + helmfile.yaml | 10 ++++++ releases.yaml | 24 ++++++++++++-- 9 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.istio-gateway.yaml create mode 100644 badhouseplants/values/values.istiod.yaml create mode 100644 etersoft/values/values.istio-gateway.yaml create mode 100644 etersoft/values/values.istiod.yaml diff --git a/badhouseplants/values/values.istio-gateway.yaml b/badhouseplants/values/values.istio-gateway.yaml new file mode 100644 index 0000000..b698e06 --- /dev/null +++ b/badhouseplants/values/values.istio-gateway.yaml @@ -0,0 +1,31 @@ +--- +service: + type: LoadBalancer + ports: + - name: minecraft + port: 25565 + protocol: TCP + targetPort: 25565 + - name: ssh-gitea + port: 22 + protocol: TCP + targetPort: 22 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + - name: tcp + port: 1194 + protocol: TCP + targetPort: 1194 +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 1024Mi diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml new file mode 100644 index 0000000..546495b --- /dev/null +++ b/badhouseplants/values/values.istiod.yaml @@ -0,0 +1,7 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 2048Mi + diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 5fddee6..80b2be6 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -1,3 +1,4 @@ +--- storageClassName: longhorn openvpn: server: "tcp://195.201.250.50:1194" diff --git a/bin/migrate.sh b/bin/migrate.sh index 42d3d2c..b9ef8a9 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -1,3 +1,3 @@ #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done -kubectl get sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-base -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-base" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istiod -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istiod" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/etersoft/values/values.istio-gateway.yaml b/etersoft/values/values.istio-gateway.yaml new file mode 100644 index 0000000..58caaaf --- /dev/null +++ b/etersoft/values/values.istio-gateway.yaml @@ -0,0 +1,17 @@ +--- +service: + type: LoadBalancer + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + diff --git a/etersoft/values/values.istiod.yaml b/etersoft/values/values.istiod.yaml new file mode 100644 index 0000000..036279e --- /dev/null +++ b/etersoft/values/values.istiod.yaml @@ -0,0 +1,7 @@ +--- +pilot: + resources: + requests: + cpu: 50m + memory: 256Mi + diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 2b0c78d..9173f4b 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -1,3 +1,4 @@ +--- storageClassName: microk8s-hostpath openvpn: server: "tcp://91.232.225.63:1194" diff --git a/helmfile.yaml b/helmfile.yaml index 1973e67..76299d8 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -16,6 +16,16 @@ releases: namespace: istio-system createNamespace: false + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + - <<: *cert-manager installed: true namespace: cert-manager diff --git a/releases.yaml b/releases.yaml index f5a4e94..d6cbb12 100644 --- a/releases.yaml +++ b/releases.yaml @@ -37,13 +37,33 @@ templates: set: - name: installCRDs value: true - + # ---------------------------- + # -- Istio + # ---------------------------- + istio-version: + version: 1.16.1 istio-base: &istio-base name: istio-base chart: istio/base - version: 1.16.1 inherit: - template: crd-management-hook + - template: istio-version + + istio-gateway: &istio-gateway + name: istio-gateway + chart: istio/gateway + values: + - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + inherit: + - template: istio-version + + istiod: &istiod + name: istiod + chart: istio/istiod + values: + - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + inherit: + - template: istio-version openvpn: &openvpn name: openvpn -- 2.45.2 From cfee65ed2e2daafcd7e84a9ef09082526d860bda Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 Feb 2023 12:00:33 +0000 Subject: [PATCH 003/316] Migrate drone-ci and runners (#8) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/8 --- .drone.yml | 16 ++++++-- .sops.yaml | 6 +++ badhouseplants/helmfile.yaml | 17 ++++++++ .../values/secrets.drone-runner-kube.yaml | 22 ++++++++++ badhouseplants/values/secrets.drone.yaml | 23 +++++++++++ .../values/values.drone-runner-kube.yaml | 13 ++++++ badhouseplants/values/values.drone.yaml | 6 +++ releases.yaml | 41 +++++++++++++++---- repositories.yaml | 2 + 9 files changed, 135 insertions(+), 11 deletions(-) create mode 100644 .sops.yaml create mode 100644 badhouseplants/values/secrets.drone-runner-kube.yaml create mode 100644 badhouseplants/values/secrets.drone.yaml create mode 100644 badhouseplants/values/values.drone-runner-kube.yaml create mode 100644 badhouseplants/values/values.drone.yaml diff --git a/.drone.yml b/.drone.yml index 54c7254..a326c90 100644 --- a/.drone.yml +++ b/.drone.yml @@ -19,20 +19,24 @@ steps: environment: KUBECONFIG_CONTENT: from_secret: KUBECONFIG_CONTENT + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e badhouseplants diff + - helmfile -e badhouseplants diff --suppress-secrets - name: Diff eterosoft image: ghcr.io/helmfile/helmfile:canary environment: + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY KUBECONFIG_CONTENT: from_secret: KUBECONFIG_CONTENT commands: - mkdir $HOME/.kube - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e etersoft diff + - helmfile -e etersoft diff --suppress-secrets --- # ---------------------------------------------- @@ -54,18 +58,22 @@ steps: environment: KUBECONFIG_CONTENT: from_secret: KUBECONFIG_CONTENT + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e badhouseplants apply + - helmfile -e badhouseplants apply --suppress-secrets - name: Apply eterosoft image: ghcr.io/helmfile/helmfile:canary environment: KUBECONFIG_CONTENT: from_secret: KUBECONFIG_CONTENT + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e etersoft apply + - helmfile -e etersoft apply --suppress-secrets diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..583442d --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,6 @@ +creation_rules: + - path_regex: .*/values/.* + key_groups: + - age: + - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index e69de29..cdee092 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -0,0 +1,17 @@ +--- +{{ readFile "../releases.yaml" }} + +releases: + - <<: *drone + installed: true + namespace: drone-service + createNamespace: false + + - <<: *drone-runner-kube + installed: true + namespace: drone-service + createNamespace: false + +bases: + - ../environments.yaml + - ../repositories.yaml diff --git a/badhouseplants/values/secrets.drone-runner-kube.yaml b/badhouseplants/values/secrets.drone-runner-kube.yaml new file mode 100644 index 0000000..67c1c78 --- /dev/null +++ b/badhouseplants/values/secrets.drone-runner-kube.yaml @@ -0,0 +1,22 @@ +env: + DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:6vsbRkd6DbWKf6qPPtfmv14cvKc=,iv:PPlH4m+SyMNNo/bV5/hpW2CZPGwxNKwO3RzY5RPOu5w=,tag:BGEf82OvMjDQvKe078/Fkg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 + Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi + aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ + em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh + DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-19T11:56:50Z" + mac: ENC[AES256_GCM,data:5U/D1hI+3zulh0UuuBv/oGAU8Bz5hpWvLCxUSCQbPSOW08S2jBiyDEdDJH7g0/y1xQkd3xJYLzJ7ccWx98j+0QJ+HOzcUF1Hwro6Zl0GSw8D4xvIeulHwwM6MBJGtOanbSHjeJ6Qyqf/tM5bF9GXpDblrNOXrnhvGOHj2GkzstU=,iv:AWAn3hAUEs8mbproV0M5EJyKddfNmUrI0ouIjvh1fEE=,tag:bFIQa/v4CaDx4RAJ7aHjeg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.drone.yaml b/badhouseplants/values/secrets.drone.yaml new file mode 100644 index 0000000..0d56eec --- /dev/null +++ b/badhouseplants/values/secrets.drone.yaml @@ -0,0 +1,23 @@ +env: + DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:BbhUhVbrqFhD3Bw3w0ZfXRFNDkR7LV2gtabUOR990UQ6xDFw,iv:PfsuCU8A0C7MxVd9q6h6hexpeqxDJIshG16+Yoj9uTA=,tag:5mqw0hVJSlIta4p9VxGomw==,type:str] + DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:W3NzKBlKhzB1lPmLbMfVkHxtnod25tGi1lHJW2RWc46je6NeWHX1XZlRefbVqKO6gO4AUTlJOq4=,iv:08EQ/9iVZ93P0I+mYBv3SuKfLs/T3ZS6yZkdAuzU4KI=,tag:c2OiB4R/aBLjVY5EfPSJgA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaREllV3RqUVg0anpIU1Rj + RFh3WkdGdEU5bWg0bWk3bWU5OHFkeFF6SGh3CmlOek9zL2w4a0ZHc0p0WTNucE1Q + dVpDeW93QlNHZGY1dWhOc0FneUFjQUUKLS0tIEhuZE1CMmZLZFIxbXJTZmIzcEE4 + QStxOG1iMWlxQ2dmOXRabXp4cm9NSU0K/+CRAc7DH4PgbQscXvDb7yLe8VoEpixr + icD3GL37kYE2D4h1cm+p+/b7BF4/yjNlCUvo5cITXRjZAuiWGwUixQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-19T10:39:39Z" + mac: ENC[AES256_GCM,data:UXfogL8cIidQpdrTNVCofPRkoC00OczHIQcISQ1AlL+BTl8NjdQfzVdknczDagtooAXdV8Cf+Qf9xMzDd7svFv2Uyc6Tzz80171My9d8bHLtv1Q5TbJ4OSAVr38tOd35APnPgsvgX2SXEDf/vvUuTN7mljPTFuF0raCqLlN+LGg=,iv:s2AH5PUohmLTo2LN3Vq9RW1OOO4I9YkyuK1/ODGwegc=,tag:YmzJBbt2TGJsy5ym8ZkP2Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.drone-runner-kube.yaml b/badhouseplants/values/values.drone-runner-kube.yaml new file mode 100644 index 0000000..2589a1c --- /dev/null +++ b/badhouseplants/values/values.drone-runner-kube.yaml @@ -0,0 +1,13 @@ +--- +env: + DRONE_RPC_SECRET: drone-rpc-sec + DRONE_RPC_HOST: drone.badhouseplants.net + DRONE_RPC_PROTO: https + DRONE_NAMESPACE_DEFAULT: drone-service + DRONE_RESOURCE_LIMIT_CPU: 300 + DRONE_RESOURCE_REQUEST_CPU: 100 + DRONE_RESOURCE_LIMIT_MEMORY: 2048Mi + DRONE_RESOURCE_REQUEST_MEMORY: 512Mi +rbac: + buildNamespaces: + - drone-service \ No newline at end of file diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml new file mode 100644 index 0000000..b3dc07e --- /dev/null +++ b/badhouseplants/values/values.drone.yaml @@ -0,0 +1,6 @@ +env: + DRONE_SERVER_HOST: drone.badhouseplants.net + DRONE_SERVER_PROTO: https + DRONE_RPC_SECRET: drone-rpc-sec + DRONE_GITEA_SERVER: https://git.badhouseplants.net + DRONE_USER_CREATE: username:allanger,admin:true diff --git a/releases.yaml b/releases.yaml index d6cbb12..4d17d80 100644 --- a/releases.yaml +++ b/releases.yaml @@ -20,9 +20,17 @@ templates: args: - -c - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f -" + default-env-values: + values: + - "{{ requiredEnv \"PWD\" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + default-env-secrets: + secrets: + - "{{ requiredEnv \"PWD\" }}/{{ .Environment.Name }}/values/secrets.{{ .Release.Name }}.yaml" # ---------------------------- # -- Releases # ---------------------------- + # -- System + # ---------------------------- metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server @@ -52,22 +60,41 @@ templates: istio-gateway: &istio-gateway name: istio-gateway chart: istio/gateway - values: - - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" inherit: - template: istio-version + - template: default-env-values istiod: &istiod name: istiod chart: istio/istiod - values: - - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" inherit: - template: istio-version - + - template: default-env-values + + # ---------------------------- + # -- Applications + # ---------------------------- openvpn: &openvpn name: openvpn chart: allanger-charts/openvpn version: 1.0.1 - values: - - "{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + inherit: + - template: default-env-values + + drone: &drone + name: drone + chart: drone/drone + version: 0.6.4 + inherit: + - template: default-env-values + - template: default-env-secrets + + drone-runner-kube: &drone-runner-kube + name: drone-runner-kube + chart: drone/drone-runner-kube + version: 0.1.10 + inherit: + - template: default-env-values + - template: default-env-secrets + + diff --git a/repositories.yaml b/repositories.yaml index 67edd60..6772423 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -8,3 +8,5 @@ repositories: url: https://charts.jetstack.io - name: istio url: https://istio-release.storage.googleapis.com/charts + - name: drone + url: https://charts.drone.io -- 2.45.2 From df48d4501875e3a2ce7cfb917b93db2dfe1566c1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 Feb 2023 13:22:48 +0000 Subject: [PATCH 004/316] Migrate OpenVPN (#10) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/10 --- ....yaml => values.istio-ingressgateway.yaml} | 0 bin/migrate.sh | 2 +- ....yaml => values.istio-ingressgateway.yaml} | 4 ++++ etersoft/values/values.openvpn.yaml | 20 +------------------ helmfile.yaml | 9 +++++++-- releases.yaml | 4 ++-- 6 files changed, 15 insertions(+), 24 deletions(-) rename badhouseplants/values/{values.istio-gateway.yaml => values.istio-ingressgateway.yaml} (100%) rename etersoft/values/{values.istio-gateway.yaml => values.istio-ingressgateway.yaml} (78%) diff --git a/badhouseplants/values/values.istio-gateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml similarity index 100% rename from badhouseplants/values/values.istio-gateway.yaml rename to badhouseplants/values/values.istio-ingressgateway.yaml diff --git a/bin/migrate.sh b/bin/migrate.sh index b9ef8a9..8224a61 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -1,3 +1,3 @@ #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done -kubectl get EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istiod -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istiod" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-ingressgateway -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-ingressgateway" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/etersoft/values/values.istio-gateway.yaml b/etersoft/values/values.istio-ingressgateway.yaml similarity index 78% rename from etersoft/values/values.istio-gateway.yaml rename to etersoft/values/values.istio-ingressgateway.yaml index 58caaaf..4f93e51 100644 --- a/etersoft/values/values.istio-gateway.yaml +++ b/etersoft/values/values.istio-ingressgateway.yaml @@ -14,4 +14,8 @@ service: port: 443 protocol: TCP targetPort: 443 + - name: openvpn + port: 1194 + protocol: TCP + targetPort: 1194 diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 9173f4b..f389024 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -23,22 +23,4 @@ istio-resources: name: openvpn number: 1194 protocol: TCP - # virtual_services: - # - metadata: - # name: openvpn - # spec: - # hosts: - # - '*' - # gateways: - # - istio-system/etersoft-vpn - # tcp: - # - match: - # - port: 1194 - # route: - # - destination: - # host: openvpn - # port: - # number: 1194 - # - # - # + diff --git a/helmfile.yaml b/helmfile.yaml index 76299d8..27ccbe9 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -6,7 +6,7 @@ bases: - repositories.yaml releases: - - <<: *metrics-server + - <<: *metrics-server installed: true namespace: kube-system createNamespace: false @@ -26,10 +26,15 @@ releases: namespace: istio-system createNamespace: false - - <<: *cert-manager + - <<: *cert-manager installed: true namespace: cert-manager createNamespace: false + + - <<: *openvpn + installed: true + namespace: openvpn-service + createNamespace: false helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/releases.yaml b/releases.yaml index 4d17d80..ccf2d0d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -58,7 +58,7 @@ templates: - template: istio-version istio-gateway: &istio-gateway - name: istio-gateway + name: istio-ingressgateway chart: istio/gateway inherit: - template: istio-version @@ -77,7 +77,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-charts/openvpn - version: 1.0.1 + version: 1.0.3 inherit: - template: default-env-values -- 2.45.2 From 9a237f599809ecd25fe43564500f8cdff38ae05e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Feb 2023 08:39:55 +0000 Subject: [PATCH 005/316] Migrate anything to helmfile (#12) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/12 --- badhouseplants/helmfile.yaml | 20 +++++++ badhouseplants/values/secrets.funkwhale.yaml | 25 +++++++++ badhouseplants/values/secrets.gitea.yaml | 31 ++++++++++ badhouseplants/values/secrets.minio.yaml | 25 +++++++++ badhouseplants/values/secrets.nrodionov.yaml | 28 ++++++++++ badhouseplants/values/values.funkwhale.yaml | 24 ++++++++ badhouseplants/values/values.gitea.yaml | 59 ++++++++++++++++++++ badhouseplants/values/values.longhorn.yaml | 10 ++++ badhouseplants/values/values.minecraft.yaml | 18 ++++++ badhouseplants/values/values.minio.yaml | 36 ++++++++++++ badhouseplants/values/values.nrodionov.yaml | 38 +++++++++++++ bin/migrate.sh | 5 +- etersoft/values/secrets.minio.yaml | 28 ++++++++++ etersoft/values/values.minio.yaml | 47 ++++++++++++++++ helmfile.yaml | 5 ++ releases.yaml | 45 +++++++++++++++ repositories.yaml | 12 ++++ 17 files changed, 455 insertions(+), 1 deletion(-) create mode 100644 badhouseplants/values/secrets.funkwhale.yaml create mode 100644 badhouseplants/values/secrets.gitea.yaml create mode 100644 badhouseplants/values/secrets.minio.yaml create mode 100644 badhouseplants/values/secrets.nrodionov.yaml create mode 100644 badhouseplants/values/values.funkwhale.yaml create mode 100644 badhouseplants/values/values.gitea.yaml create mode 100644 badhouseplants/values/values.longhorn.yaml create mode 100644 badhouseplants/values/values.minecraft.yaml create mode 100644 badhouseplants/values/values.minio.yaml create mode 100644 badhouseplants/values/values.nrodionov.yaml create mode 100644 etersoft/values/secrets.minio.yaml create mode 100644 etersoft/values/values.minio.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index cdee092..b489173 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,6 +12,26 @@ releases: namespace: drone-service createNamespace: false + - <<: *nrodionov + installed: true + namespace: nrodionov-application + createNamespace: false + + - <<: *minecraft + installed: true + namespace: minecraft-application + createNamespace: false + + - <<: *gitea + installed: true + namespace: gitea-service + createNamespace: false + + - <<: *funkwhale + installed: true + namespace: funkwhale-application + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml new file mode 100644 index 0000000..712cfdf --- /dev/null +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -0,0 +1,25 @@ +postgresql: + auth: + username: ENC[AES256_GCM,data:S09SpdX3ro0S,iv:QYQiF8Ozz9iLElqsoxyika+iVcHzRyo4hhaaIw8/vDM=,tag:KzorD+/Pysqwm5PneRRsyg==,type:str] + password: ENC[AES256_GCM,data:R6bqME1FH72K,iv:PuOIgStSM/NvwhQj06E/PMtB30aDbstypIBt84Fh1q0=,tag:gzv9S+hYW6qjgdoMhl1mTw==,type:str] + database: ENC[AES256_GCM,data:Ld33SGYZdlK+,iv:hZ/DlO3wNQ7Bm5L3RmNDzOp9U4QBr+nhJbDD1XYc56Y=,tag:NIgpN71+dL1jIgG66l+3VA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw + TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL + VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y + dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA + GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-21T14:05:30Z" + mac: ENC[AES256_GCM,data:gt+reA0ZXvsTCbRFDcDDpu/DYZAeEuS1XYAK2H/t3VudIxHcPSNYeQeOwpZ4ziOoX0DbSeci8jTXOSmqhI3R+g5ENS3KL9jw+9e+7znzvc9Y0esNVhqSJZCxDhAlrxW6th1fYdFQ43QHyQsK8HXafh9DO2qMmam5Kf0zxO6RpFM=,iv:Xdk1s1Sx/lIpHulkWD1JJWw/Rhs9aP3MC8uRKtCrSQ8=,tag:E2qFvcr4pmJ98I1ci6iFSw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml new file mode 100644 index 0000000..2a1daa2 --- /dev/null +++ b/badhouseplants/values/secrets.gitea.yaml @@ -0,0 +1,31 @@ +postgresql: + global: + postgresql: + postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str] + postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str] + postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str] +gitea: + admin: + username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] + password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] + email: ENC[AES256_GCM,data:sePKv5CPwYZtayjcqX4JoSGrZAR+Zhfe,iv:TTwfxzqq83xe2bk8cVV93GTlfGMaxmR5arK+Vdht+vE=,tag:Aiox/la2sENjC24Jiib9uQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 + QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu + LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 + Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN + WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-19T20:56:47Z" + mac: ENC[AES256_GCM,data:I4TVIsmcuFAvOCM9rjMHVAokmNzyAZJZ5tSNnWhLRk+WfOUQ8OMuJ0GlzE9EJxeIM2LMLU475EvKyMnrqmsFFsP7VE+t2yxG3kioAr5zDvaqqJ1OVrpKEGRH+EQrc96vc5bv5v94kqU6uQRdxm+q/or+rMm7Gf0P4vifaQPxBIo=,iv:ujv0Vlh71isP/gG3B96M8f1vA13jAjn7pnrezAqTSVY=,tag:N8I29R21DYvby7t03i5nbA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.minio.yaml b/badhouseplants/values/secrets.minio.yaml new file mode 100644 index 0000000..c47026c --- /dev/null +++ b/badhouseplants/values/secrets.minio.yaml @@ -0,0 +1,25 @@ +rootPassword: ENC[AES256_GCM,data:7baD0HwMztU27TymEWp+Ad1s8Zc=,iv:CXiTBEGU1tr99ibNxcFO6RtiC7gjtqSqYrtfmbwocIQ=,tag:ravi1nGLEVSqELVskv71CA==,type:str] +users: + - accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str] + secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str] + policy: ENC[AES256_GCM,data:B7CQsSUaq3B/gO/X,iv:Z4DTTXk5TO288lIrjbvXQXsUt44WjvGLMGxXmnEnHGU=,tag:pvK4zoZGBbpithTBYVDKfQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VjY3eWQ4V29rQ2VUejA5 + cG1JTTBCVWY5WGpaVFpDNU8yRTJaUEcwYTI4CnhHVjZrSFVnTGg1Yyt2ekM2YkRr + RzljT003RFVURFVRaThaNnYyOTZka1UKLS0tIFYyd1JIQzQ2VEZ2b2xabXM4TFVp + NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y + zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-19T20:48:11Z" + mac: ENC[AES256_GCM,data:MTcZ//5+uC+yFp+TmLhqdGIBpcaW96HpfUZeIUZijOffss401/XMOYprIILTPRq2B8kaCW2jp8hkL3oFDxSce0BGeqdRsFOlRL9vbtpyBPTUoGBnr6u/HK1G09zqtlsA/RZTvpBNoKrfdSvoWwoFIjs5oWPbi1f44gkgAl85ENM=,iv:07nSOo1F63sPgadSHtdI9JjtKjH/F9ThFW4sxWVGTxs=,tag:fFOO4sT6EFsAKje5llEUqg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.nrodionov.yaml b/badhouseplants/values/secrets.nrodionov.yaml new file mode 100644 index 0000000..0f98798 --- /dev/null +++ b/badhouseplants/values/secrets.nrodionov.yaml @@ -0,0 +1,28 @@ +wordpressPassword: ENC[AES256_GCM,data:yYE91wuc9uOzIQ==,iv:jLqs0BZcEIG73roA/wxtK74xX+osePoIaKhg6XvuAXE=,tag:9a3n1tbRAy4TaU0OE8uZcQ==,type:str] +wordpressEmail: ENC[AES256_GCM,data:Fy6mIfhu0DuO+MSp1TPN7On6cFZk,iv:bxYiJBYgbuQsWPRWKfubmNZ/jShMBLeiPDyw7XtOAkY=,tag:RyBuqoNGoTzKR68RNSgumA==,type:str] +mariadb: + auth: + rootPassword: ENC[AES256_GCM,data:oex+HDJ5SnaYrw==,iv:5HfGr27bpbXTROVMIWodMUe0WN6T3tXEESYSXwUUxw0=,tag:K83scpenVclwsEnGolsQiQ==,type:str] + database: ENC[AES256_GCM,data:xqBbXrRmtrUPaCZBC4NTelk=,iv:HOQHpilfi5TpD1jqI8XaEzO6W4CfdLBsTn+ACFWNhdE=,tag:EnsdqkExZi7PE7X4LlwBxA==,type:str] + username: ENC[AES256_GCM,data:oxVjkciMzifFIuhF,iv:kQsEGv9HIB+RTs54KfU8s/fpp1ooyzLK5lBQJZGSvy0=,tag:Y0uzVdsGb6McWRGPk2dNBQ==,type:str] + password: ENC[AES256_GCM,data:HV2d0nHUrOdE2Suju6/EUQ==,iv:HLOoCUdtOhm7ss8WSBkEAT4ulR+fwSNF4Oqv1XwDfrU=,tag:BBlW+z5LLmvtIwG69+De0Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1V2tQdkFWenZWZU1pT1JY + cXpVV3UxNnN6and1R0lBd1NrcXdWNTdibkFnCkJxeERBYyt4ZUtabWl5dlIxNmJZ + blhSUHZWTk1PVS9RUThlNFRBREh0T1UKLS0tIENKK200NnRDNUJCeGNTeFB5Z1BI + a2l5SG4yTjhmUlorWlJNbmFDekN5LzgKCS8nqMu72GDYjuSrfgbp/KZbHfhOdpyu + WpT0T6pk/oOc9ohQKGD/jvcjrMW7OZ5uYpZc/4gPdLKcOnNB+BEo/g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-19T20:44:54Z" + mac: ENC[AES256_GCM,data:ZCsQBgVwgAEfVh3Qhyiq7WDbthwliLqDzy4cyfpRN54oQ1SfuTofLKJmdPgmdraDJaCjxgb9zM0RfXS9x2wcFXWc2Q8I06TmWIEbZ1jehSqlQk1WmWWP7P6LqIvA0AY/c32tUhO9kmuftiOcT8sDmiFB/MqHBahAmdTT+0vo4LI=,iv:gcSDUwTMmuNtNTf4wtmSlXSvbje25wd288gnLEQx294=,tag:lcwpAyfDRgGfZ+H07ZkcZw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml new file mode 100644 index 0000000..e6a36db --- /dev/null +++ b/badhouseplants/values/values.funkwhale.yaml @@ -0,0 +1,24 @@ +replicaCount: 1 +worker: + replicaCount: 1 +celery: + beat: + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 10m + memory: 75Mi +extraEnv: + FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net + FUNKWHALE_PROTOCOL: https +persistence: + enabled: true + accessMode: ReadWriteMany + size: 10Gi +s3: + enabled: false +ingress: + enabled: false + diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml new file mode 100644 index 0000000..daa9e62 --- /dev/null +++ b/badhouseplants/values/values.gitea.yaml @@ -0,0 +1,59 @@ +replicaCount: 1 +clusterDomain: cluster.local +resources: + limits: + cpu: 300m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi +persistence: + enabled: true + size: 10Gi + accessModes: + - ReadWriteOnce + labels: {} + annotations: {} +memcached: + enabled: true + service: + port: 11211 +postgresql: + auth: + postgresPassword: check + enabled: true + global: + postgresql: + servicePort: 5432 + persistence: + size: 10Gi +ingress: + enabled: false +gitea: + config: + APP_NAME: Bad Houseplants Gitea + ui: + meta: + AUTHOR: Bad Houseplants + DESCRIPTION: by allanger + repository: + DEFAULT_BRANCH: main + service: + DISABLE_REGISTRATION: true + server: + DOMAIN: git.badhouseplants.net + ROOT_URL: https://git.badhouseplants.net + packages: + ENABLED: true + cron: + enabled: true +statefulset: + env: + - name: DOMAIN + value: git.badhouseplants.net + - name: START_SSH_SERVER + value: "true" +service: + ssh: + type: ClusterIP + port: 22 diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml new file mode 100644 index 0000000..c20c4ef --- /dev/null +++ b/badhouseplants/values/values.longhorn.yaml @@ -0,0 +1,10 @@ +defaultSettings: + backupTarget: s3://longhorn@us-east1/backupstore + backupTargetCredentialSecret: aws-secret + guaranteedEngineManagerCPU: 6 + guaranteedReplicaManagerCPU: 6 +csi: + kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet +persistence: + defaultClassReplicaCount: 1 +enablePSP: false \ No newline at end of file diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml new file mode 100644 index 0000000..30480c1 --- /dev/null +++ b/badhouseplants/values/values.minecraft.yaml @@ -0,0 +1,18 @@ +resources: + requests: + memory: 512Mi + cpu: 50m +minecraftServer: + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.19.2 + gameMode: survival + motd: "Suck my cock" + pvp: true + memory: 2512M +persistence: + dataDir: + enabled: true + Size: 8Gi diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml new file mode 100644 index 0000000..aaa04e3 --- /dev/null +++ b/badhouseplants/values/values.minio.yaml @@ -0,0 +1,36 @@ +rootUser: 'overlord' +replicas: 1 +mode: standalone +environment: + MINIO_SERVER_URL: "https://s3.badhouseplants.net:443" +tls: + enabled: false + certSecret: '' + publicCrt: public.crt + privateKey: private.key +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 10Gi +service: + type: ClusterIP + clusterIP: ~ + port: '9000' +consoleService: + type: ClusterIP + clusterIP: ~ + port: '9001' +resources: + requests: + memory: 2Gi +buckets: + - name: allanger + policy: none + purge: false + versioning: true +metrics: + serviceMonitor: + enabled: false + public: true + additionalLabels: {} + diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml new file mode 100644 index 0000000..ba5f50d --- /dev/null +++ b/badhouseplants/values/values.nrodionov.yaml @@ -0,0 +1,38 @@ +wordpressBlogName: Николай Николаевич Родионов +wordpressUsername: admin +wordpressFirstName: Nikolai +wordpressLastName: Rodionov +wordpressTablePrefix: wp_ +wordpressScheme: http +existingWordPressConfigurationSecret: "" +resources: + requests: + memory: 300Mi + cpu: 10m +service: + type: ClusterIP + ports: + http: 8080 + https: 8443 + +persistence: + enabled: true + storageClass: "" + accessModes: + - ReadWriteOnce + accessMode: ReadWriteOnce + size: 2Gi + dataSource: {} + existingClaim: "" + selector: {} + +mariadb: + enabled: true + primary: + persistence: + enabled: true + storageClass: "" + accessModes: + - ReadWriteOnce + size: 3Gi + diff --git a/bin/migrate.sh b/bin/migrate.sh index 8224a61..81c6e7d 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -1,3 +1,6 @@ #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done -kubectl get PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-ingressgateway -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-ingressgateway" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +argo_instance=$1 +helm_name=$2 +helm_ns=$3 +kubectl get PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml new file mode 100644 index 0000000..a3fcedc --- /dev/null +++ b/etersoft/values/secrets.minio.yaml @@ -0,0 +1,28 @@ +rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] +users: + - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] + secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] + policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] + - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] + secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] + policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz + QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I + R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa + UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 + vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-19T20:49:43Z" + mac: ENC[AES256_GCM,data:LKS2YTDM0VSJwHyItYQ3rdgZgwvJNoHgsQdolduzYZ1RA33RX2b1IvWSufhfTTwR9AWoAYQgjrutyNSjC9ND5hSvvlQ97wAGUwgj9jFseDy5kAFet5QfhQBtWy6ngE3SlzY/zuapHij2b+AbjcRRQ1/6kQ72ht3cM5G7QvBV1bM=,iv:yrl/diVMfiNpBftBvUMLsbN3Lv+tXxVF8dmYi6QW/iM=,tag:O9lIRXDJLnbEaOgc89UO0Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml new file mode 100644 index 0000000..51cec9d --- /dev/null +++ b/etersoft/values/values.minio.yaml @@ -0,0 +1,47 @@ +--- +rootUser: 'overlord' +replicas: 1 +mode: standalone +environment: + MINIO_SERVER_URL: "https://s3.e.badhouseplants.net:443" +tls: + enabled: false + certSecret: '' + publicCrt: public.crt + privateKey: private.key +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 30Gi +service: + type: ClusterIP + clusterIP: ~ + port: '9000' +consoleService: + type: ClusterIP + clusterIP: ~ + port: '9001' +resources: + requests: + memory: 0.7Gi +policies: +- name: backup + statements: + - resources: + - 'arn:aws:s3:::longhorn/*' + - 'arn:aws:s3:::longhorn' + actions: + - "s3:DeleteObject" + - "s3:GetObject" + - "s3:ListBucket" + - "s3:PutObject" +buckets: + - name: longhorn + policy: none + purge: false + versioning: false +metrics: + serviceMonitor: + enabled: false + public: true + additionalLabels: {} diff --git a/helmfile.yaml b/helmfile.yaml index 27ccbe9..7de8c56 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -30,6 +30,11 @@ releases: installed: true namespace: cert-manager createNamespace: false + + - <<: *minio + installed: true + namespace: minio-service + createNamespace: false - <<: *openvpn installed: true diff --git a/releases.yaml b/releases.yaml index ccf2d0d..21d774a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -45,11 +45,18 @@ templates: set: - name: installCRDs value: true + longhorn: &longhorn + name: longhorn + chart: longhorn/longhorn + version: 1.4.0 + inherit: + - template: default-env-values # ---------------------------- # -- Istio # ---------------------------- istio-version: version: 1.16.1 + istio-base: &istio-base name: istio-base chart: istio/base @@ -97,4 +104,42 @@ templates: - template: default-env-values - template: default-env-secrets + nrodionov: &nrodionov + name: nrodionov + chart: bitnami/wordpress + version: 15.2.22 + inherit: + - template: default-env-values + - template: default-env-secrets + + minio: &minio + name: minio + chart: minio/minio + version: 5.0.4 + inherit: + - template: default-env-values + - template: default-env-secrets + + minecraft: &minecraft + name: minecraft + chart: minecraft-server-charts/minecraft + version: 4.4.0 + inherit: + - template: default-env-values + + gitea: &gitea + name: gitea + chart: gitea/gitea + version: 7.0.2 + inherit: + - template: default-env-values + - template: default-env-secrets + + funkwhale: &funkwhale + name: funkwhale + chart: ananace-charts/funkwhale + version: 1.0.0 + inherit: + - template: default-env-values + - template: default-env-secrets diff --git a/repositories.yaml b/repositories.yaml index 6772423..450f037 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -10,3 +10,15 @@ repositories: url: https://istio-release.storage.googleapis.com/charts - name: drone url: https://charts.drone.io + - name: bitnami + url: https://charts.bitnami.com/bitnami + - name: minio + url: https://charts.min.io/ + - name: minecraft-server-charts + url: https://itzg.github.io/minecraft-server-charts/ + - name: longhorn + url: https://charts.longhorn.io + - name: gitea + url: https://dl.gitea.io/charts/ + - name: ananace-charts + url: https://ananace.gitlab.io/charts -- 2.45.2 From fafd7e65a003a30fa58fec40a401bfc639c91717 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Feb 2023 08:50:20 +0000 Subject: [PATCH 006/316] Fix gitea and funkwhale (#13) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/13 --- badhouseplants/values/secrets.funkwhale.yaml | 5 +++-- badhouseplants/values/values.gitea.yaml | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 712cfdf..4c60758 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -3,6 +3,7 @@ postgresql: username: ENC[AES256_GCM,data:S09SpdX3ro0S,iv:QYQiF8Ozz9iLElqsoxyika+iVcHzRyo4hhaaIw8/vDM=,tag:KzorD+/Pysqwm5PneRRsyg==,type:str] password: ENC[AES256_GCM,data:R6bqME1FH72K,iv:PuOIgStSM/NvwhQj06E/PMtB30aDbstypIBt84Fh1q0=,tag:gzv9S+hYW6qjgdoMhl1mTw==,type:str] database: ENC[AES256_GCM,data:Ld33SGYZdlK+,iv:hZ/DlO3wNQ7Bm5L3RmNDzOp9U4QBr+nhJbDD1XYc56Y=,tag:NIgpN71+dL1jIgG66l+3VA==,type:str] + postgresPassword: ENC[AES256_GCM,data:AGtLRy+ujNAVpA==,iv:U19Pb6vXU/ceH3M6ZLOduqRBFaStX7JSyFnO6ODzbLs=,tag:kpbEkwMZl7c2wJrELjp4tw==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +19,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-21T14:05:30Z" - mac: ENC[AES256_GCM,data:gt+reA0ZXvsTCbRFDcDDpu/DYZAeEuS1XYAK2H/t3VudIxHcPSNYeQeOwpZ4ziOoX0DbSeci8jTXOSmqhI3R+g5ENS3KL9jw+9e+7znzvc9Y0esNVhqSJZCxDhAlrxW6th1fYdFQ43QHyQsK8HXafh9DO2qMmam5Kf0zxO6RpFM=,iv:Xdk1s1Sx/lIpHulkWD1JJWw/Rhs9aP3MC8uRKtCrSQ8=,tag:E2qFvcr4pmJ98I1ci6iFSw==,type:str] + lastmodified: "2023-02-22T08:45:06Z" + mac: ENC[AES256_GCM,data:dPUc7qB2Vtb5AirZUR3Dt3bOBTClYyxDFZx6/6DpvZfaNwI6yn9sjg/2CmX6z21UeKTWo/cPKOuSl+qQjMJe90ZeKVGaSgw5qEtkj5DhwOIOlIL9tQlbSurVuIPOXAPZkWcO0Mhr6jS94OKaydt3tqW4JVf2PVQc1C3dCoU1hJY=,iv:iUhHjaCB9Si+TE7AjQiZtc1cXgd3ecc2hf/vPvAOHHk=,tag:y5ACLeLZ2GtdqvT4WJ6ANA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index daa9e62..5687bab 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -57,3 +57,4 @@ service: ssh: type: ClusterIP port: 22 + clusterIP: -- 2.45.2 From f13a69426c8ff81d319bcc6388325f3df5ef7ac1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Feb 2023 09:24:03 +0000 Subject: [PATCH 007/316] Migrate longhorn (#14) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/14 --- badhouseplants/helmfile.yaml | 4 ++++ badhouseplants/values/secrets.funkwhale.yaml | 5 +++-- bin/migrate.sh | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b489173..b0cd0f7 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,6 +11,10 @@ releases: installed: true namespace: drone-service createNamespace: false + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false - <<: *nrodionov installed: true diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 4c60758..47cc127 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,3 +1,4 @@ +djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] postgresql: auth: username: ENC[AES256_GCM,data:S09SpdX3ro0S,iv:QYQiF8Ozz9iLElqsoxyika+iVcHzRyo4hhaaIw8/vDM=,tag:KzorD+/Pysqwm5PneRRsyg==,type:str] @@ -19,8 +20,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-22T08:45:06Z" - mac: ENC[AES256_GCM,data:dPUc7qB2Vtb5AirZUR3Dt3bOBTClYyxDFZx6/6DpvZfaNwI6yn9sjg/2CmX6z21UeKTWo/cPKOuSl+qQjMJe90ZeKVGaSgw5qEtkj5DhwOIOlIL9tQlbSurVuIPOXAPZkWcO0Mhr6jS94OKaydt3tqW4JVf2PVQc1C3dCoU1hJY=,iv:iUhHjaCB9Si+TE7AjQiZtc1cXgd3ecc2hf/vPvAOHHk=,tag:y5ACLeLZ2GtdqvT4WJ6ANA==,type:str] + lastmodified: "2023-02-22T09:20:09Z" + mac: ENC[AES256_GCM,data:1Wt61yiS/8/D0IwiM1RQwV6fYZNq5yZFxOWE/1T4/eLhZY4jSLFMMDrZLA3joOv6ZeN1fWzbJpbGEzsBdPm0ZP7scz56+XwWJTjY9xlnlRB6ou35ViABE9mKCNP6/wUqqnw0d3EhnxhC5lOAPsl5koUHhGQw/8dZEDiA9PniQ20=,iv:dgkvOii83PR3cpFBQoSq9pi53g7DjTcrAXc5O5ge9nA=,tag:/RWIko/vBwFcHIZqmJdrZQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/bin/migrate.sh b/bin/migrate.sh index 81c6e7d..cfcd410 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -3,4 +3,4 @@ argo_instance=$1 helm_name=$2 helm_ns=$3 -kubectl get PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get CustomResourceDefinition,PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -l helm.sh/chart=longhorn-1.4.0 -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done -- 2.45.2 From ef85b41b2798b40240a0b7279f46a7747a5014d6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Feb 2023 12:52:46 +0000 Subject: [PATCH 008/316] Add ArgoCD (#17) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/17 --- badhouseplants/helmfile.yaml | 6 + badhouseplants/values/secrets.argocd.yaml | 27 ++++ badhouseplants/values/secrets.gitea.yaml | 5 +- badhouseplants/values/values.argocd.yaml | 148 ++++++++++++++++++++++ releases.yaml | 9 ++ repositories.yaml | 3 + 6 files changed, 196 insertions(+), 2 deletions(-) create mode 100644 badhouseplants/values/secrets.argocd.yaml create mode 100644 badhouseplants/values/values.argocd.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b0cd0f7..11f4e86 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,11 +11,17 @@ releases: installed: true namespace: drone-service createNamespace: false + - <<: *longhorn installed: true namespace: longhorn-system createNamespace: false + - <<: *argocd + installed: true + namespace: argo-system + createNamespace: false + - <<: *nrodionov installed: true namespace: nrodionov-application diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml new file mode 100644 index 0000000..9115eae --- /dev/null +++ b/badhouseplants/values/secrets.argocd.yaml @@ -0,0 +1,27 @@ +server: + config: + dex.config: ENC[AES256_GCM,data:w42nfkrcJlqjDduXn+lR0KHFWoL2lY+fwCnSpGZ46uaQFa+iP6Lr5yCdWfCBUrz+/9OKqqnt5GDD7gV2UH9m4eiJZ2fS0SLKsxgxyD+bPMr/F77+mqh+g7fWpo0GRnUt5kygRWwVzBPBJnp32zOX8TSiOD0Pt6HDcBPngkOWn4JlNQqC0e+NzW91BsLt5qmmF1lOyDKIKuTNOSb2tl1GM+nBad1G0CKXGlKmzT5a6j4p8DzZW6WmFA3824lH1ahwb5sb+ttPWx9C0OE0DOIyGPPNW/rDpwO5fU5+eTX+IwEWJK7/ZDt10X4gO/z4voI=,iv:TzXfBuc3N8iQibibwMblAmlLIsRBPAgm/OOs3zCdwiY=,tag:12ZOQBweFbT4gCcnfNo9nw==,type:str] +configs: + credentialTemplates: + ssh-creds: + sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-22T09:30:43Z" + mac: ENC[AES256_GCM,data:YSSFYlfJT5kCAt7MkuPvR2HMUcodSo410Vn0yZDFcRXb0CoE2KRjbwdkB8BD5DiamdO6viiitlnqRo5gzJv0e0kDu80QEjyCcEImkMSffnufMbFfkQWUylbBGx6iFkDhnsD3iEcYfnaE/W4k5shPYVfOmEjpzMLKX5CcC46oBQY=,iv:CGtXUGTG8Ax8NCkFXXf2eSSvnMW2xEpqUS2Tttzd0RI=,tag:WwIXtMXCUqmiK55f21lUCw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 2a1daa2..7d4a1f7 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -4,6 +4,7 @@ postgresql: postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str] postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str] postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str] + postgresqlPostgresPassword: ENC[AES256_GCM,data:eAOXc+LouMdlfw==,iv:ePyDlj2wUkI7JoaUE38I7a/2mkaIL6iqN5QVp92FDN4=,tag:SE+BaOK5CZHT/Xowjov/CA==,type:str] gitea: admin: username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] @@ -24,8 +25,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T20:56:47Z" - mac: ENC[AES256_GCM,data:I4TVIsmcuFAvOCM9rjMHVAokmNzyAZJZ5tSNnWhLRk+WfOUQ8OMuJ0GlzE9EJxeIM2LMLU475EvKyMnrqmsFFsP7VE+t2yxG3kioAr5zDvaqqJ1OVrpKEGRH+EQrc96vc5bv5v94kqU6uQRdxm+q/or+rMm7Gf0P4vifaQPxBIo=,iv:ujv0Vlh71isP/gG3B96M8f1vA13jAjn7pnrezAqTSVY=,tag:N8I29R21DYvby7t03i5nbA==,type:str] + lastmodified: "2023-02-22T09:43:31Z" + mac: ENC[AES256_GCM,data:CsAwzOnU31crz6+rQjwutDUtZK5Qq9EQHWNYAnmVFhy3fWYT4+9eLK2gSjq+kVZD9QC/vH31Kf1QEKMKu9Kol8TuDZN+UEEuuixQNqi2hcPbMV43HVOFdFOR475jLbkUo2S09Bs6b4i5f7NbpxCuy/am4K0p4K4839cRyN8pADI=,iv:w6tpLCM/FbyMgZpjXF5MVB4/UcBUvOUYzMa9hln4poc=,tag:SMpnEtR2l4H6VRqJPT7Frg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml new file mode 100644 index 0000000..3634111 --- /dev/null +++ b/badhouseplants/values/values.argocd.yaml @@ -0,0 +1,148 @@ +controller: + resources: + limits: + memory: 512Mi + cpu: 200m + requests: + cpu: 100m + memory: 512Mi + metrics: + enabled: false + applicationLabels: + enabled: false + labels: [] + service: + annotations: {} + labels: {} + servicePort: 8082 + portName: http-metrics + serviceMonitor: + enabled: false + interval: 30s + relabelings: [] + metricRelabelings: [] + selector: {} + scheme: "" + tlsConfig: {} + additionalLabels: {} + rules: + enabled: false + spec: [] +dex: + metrics: + enabled: false + serviceMonitor: + enabled: false +redis: + metrics: + enabled: false + serviceMonitor: + enabled: false +server: + metrics: + enabled: false + serviceMonitor: + enabled: false + rbacConfig: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + config: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + + extraArgs: + - --insecure + +repoServer: + metrics: + enabled: true + serviceMonitor: + enabled: false + + imagePullSecrets: + - name: regcred + volumes: + - emptyDir: {} + name: cmp-tmp + - name: custom-tools + emptyDir: {} + - name: helm-plugins + emptyDir: {} + env: + - name: HELM_PLUGINS + value: /helm-plugins + - name: install-ksops + image: viaductoss/ksops:v3.0.2 + command: ["/bin/sh", "-c"] + args: + - echo "Installing KSOPS..."; + mv ksops /custom-tools/; + mv $GOPATH/bin/kustomize /custom-tools/; + echo "Done."; + volumeMounts: + - mountPath: /custom-tools + name: custom-tools + - name: install-helm-secrets + image: alpine:latest + command: [sh, -ec] + env: + - name: HELM_SECRETS_VERSION + value: "3.12.0" + - name: KUBECTL_VERSION + value: "1.24.3" + - name: VALS_VERSION + value: "0.18.0" + - name: SOPS_VERSION + value: "3.7.3" + args: + - | + mkdir -p /custom-tools/helm-plugins + wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-; + + wget -qO /custom-tools/sops https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux + wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl + + wget -qO- https://github.com/variantdev/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals; + + chmod +x /custom-tools/* + volumeMounts: + - mountPath: /custom-tools + name: custom-tools + + volumeMounts: + - mountPath: /usr/local/bin/kustomize + name: custom-tools + subPath: kustomize + - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops + name: custom-tools + subPath: ksops + - mountPath: /helm-plugins + name: helm-plugins + + +configs: + credentialTemplates: + ssh-creds: + url: git@github.com + +applicationSet: + metrics: + enabled: false + serviceMonitor: + enabled: false + + repositories: + argo-deployment: + url: git@github.com:allanger/argo-deployment.git + name: argo-deployment + insecure: "true" + type: git + cluster-config: + url: git@github.com:allanger/cluster-config.git + name: cluster-config + insecure: "true" + type: git diff --git a/releases.yaml b/releases.yaml index 21d774a..7c1b678 100644 --- a/releases.yaml +++ b/releases.yaml @@ -51,6 +51,15 @@ templates: version: 1.4.0 inherit: - template: default-env-values + + argocd: &argocd + name: argocd + chart: argo/argo-cd + version: 5.20.2 + inherit: + - template: crd-management-hook + - template: default-env-values + - template: default-env-secrets # ---------------------------- # -- Istio # ---------------------------- diff --git a/repositories.yaml b/repositories.yaml index 450f037..1588688 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -22,3 +22,6 @@ repositories: url: https://dl.gitea.io/charts/ - name: ananace-charts url: https://ananace.gitlab.io/charts + - name: argo + url: https://argoproj.github.io/argo-helm + -- 2.45.2 From eb85b3ee263095330cafbf91689d456ed2083875 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Feb 2023 21:18:00 +0000 Subject: [PATCH 009/316] Fix ArgoCD CRDs (#19) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/19 --- releases.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 7c1b678..b543ec7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -57,7 +57,6 @@ templates: chart: argo/argo-cd version: 5.20.2 inherit: - - template: crd-management-hook - template: default-env-values - template: default-env-secrets # ---------------------------- -- 2.45.2 From 44584a7adace8e20e204cb9850987908e584878d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Feb 2023 17:38:07 +0000 Subject: [PATCH 010/316] Update settings dor ArgoCD (#20) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/20 --- badhouseplants/values/values.argocd.yaml | 4 +++ badhouseplants/values/values.gitea.yaml | 39 ++++++++++++++++++++++++ common/values.ns.yaml | 8 +++++ environments.yaml | 2 +- releases.yaml | 34 ++++++++++++++++++--- repositories.yaml | 3 +- 6 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 common/values.ns.yaml diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 3634111..8f6e277 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -49,10 +49,14 @@ server: policy.csv: | g, allanger@zohomail.com, role:admin g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, get, */*,allow + p, drone, applications, sync, */*,allow config: exec.enabled: "true" url: https://argo.badhouseplants.net kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" extraArgs: - --insecure diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 5687bab..8f8d15a 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,5 +1,39 @@ +ns: + enabled: true + name: gitea-service +istio: + enabled: true + istio: + - name: gitea-http + gateway: badhouseplants-net + hostname: git.badhouseplants.net + service: gitea-http + port: 3000 + templates: + - | + {{ range .Values.istio }} + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + name: {{ .name }} + spec: + gateways: + - "istio-system/{{ .gateway }}" + hosts: + - {{ .hostname }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{ end }} replicaCount: 1 clusterDomain: cluster.local + resources: limits: cpu: 300m @@ -7,6 +41,7 @@ resources: requests: cpu: 100m memory: 128Mi + persistence: enabled: true size: 10Gi @@ -14,10 +49,12 @@ persistence: - ReadWriteOnce labels: {} annotations: {} + memcached: enabled: true service: port: 11211 + postgresql: auth: postgresPassword: check @@ -27,8 +64,10 @@ postgresql: servicePort: 5432 persistence: size: 10Gi + ingress: enabled: false + gitea: config: APP_NAME: Bad Houseplants Gitea diff --git a/common/values.ns.yaml b/common/values.ns.yaml new file mode 100644 index 0000000..02caabf --- /dev/null +++ b/common/values.ns.yaml @@ -0,0 +1,8 @@ +ns: + templates: + - | + apiVersion: v1 + kind: Namespace + metadata: + name: {{ .Values.name }} + diff --git a/environments.yaml b/environments.yaml index bbecb66..40b9a9b 100644 --- a/environments.yaml +++ b/environments.yaml @@ -1,5 +1,5 @@ environments: badhouseplants: - kubeContext: allanger@badhouseplants-microk8s + # kubeContext: allanger@badhouseplants-microk8s etersoft: kubeContext: allanger@etersoft diff --git a/releases.yaml b/releases.yaml index b543ec7..3819476 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,5 +1,8 @@ --- templates: + # --------------------------- + # -- Hooks + # --------------------------- crd-management-hook: hooks: - events: ["preapply"] @@ -20,6 +23,12 @@ templates: args: - -c - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f -" + # ---------------------------- + # -- Configs + # ---------------------------- + default-common-values: + values: + - "{{ requiredEnv \"PWD\" }}/commmon/values.{{ .Release.Name }}.yaml" default-env-values: values: - "{{ requiredEnv \"PWD\" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" @@ -27,6 +36,21 @@ templates: secrets: - "{{ requiredEnv \"PWD\" }}/{{ .Environment.Name }}/values/secrets.{{ .Release.Name }}.yaml" # ---------------------------- + # -- Extensions + # ---------------------------- + istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + namespace: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ns + values: + - "{{ requiredEnv \"PWD\" }}/common/values.ns.yaml" + # ---------------------------- # -- Releases # ---------------------------- # -- System @@ -62,7 +86,9 @@ templates: # ---------------------------- # -- Istio # ---------------------------- - istio-version: + istio-common: + labels: + bundle: istio version: 1.16.1 istio-base: &istio-base @@ -70,20 +96,20 @@ templates: chart: istio/base inherit: - template: crd-management-hook - - template: istio-version + - template: istio-common istio-gateway: &istio-gateway name: istio-ingressgateway chart: istio/gateway inherit: - - template: istio-version + - template: istio-common - template: default-env-values istiod: &istiod name: istiod chart: istio/istiod inherit: - - template: istio-version + - template: istio-common - template: default-env-values # ---------------------------- diff --git a/repositories.yaml b/repositories.yaml index 1588688..f41d930 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -24,4 +24,5 @@ repositories: url: https://ananace.gitlab.io/charts - name: argo url: https://argoproj.github.io/argo-helm - + - name: bedag + url: https://bedag.github.io/helm-charts/ -- 2.45.2 From 907b7226fdd33d007e8b8417a770a16e12fed50b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Feb 2023 17:43:05 +0000 Subject: [PATCH 011/316] Increase MAX_SIZE for gitea attachments (#21) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/21 --- badhouseplants/values/values.gitea.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 8f8d15a..4d299a6 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -86,6 +86,8 @@ gitea: ENABLED: true cron: enabled: true + attachment: + MAX_SIZE: 10 statefulset: env: - name: DOMAIN -- 2.45.2 From 1dfce982e36f1bba128392c71fffec203fc5a452 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 28 Feb 2023 20:07:07 +0000 Subject: [PATCH 012/316] Upgrade ArgoCD chart (#23) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/23 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 3819476..3b7b52f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -79,7 +79,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.20.2 + version: 5.23.3 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 504e2a97d7c0d372f1e19a03743c02cb7e30ce04 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 28 Feb 2023 20:38:08 +0000 Subject: [PATCH 013/316] Remove unused volume in ArgoCD (#24) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/24 --- badhouseplants/values/values.argocd.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 8f6e277..efc09d8 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -70,8 +70,6 @@ repoServer: imagePullSecrets: - name: regcred volumes: - - emptyDir: {} - name: cmp-tmp - name: custom-tools emptyDir: {} - name: helm-plugins -- 2.45.2 From 212134ba4648aad6fcf41c79384230ab4185765b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 28 Feb 2023 20:56:37 +0000 Subject: [PATCH 014/316] Remove all the extra stuff for ArgoCD (#25) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/25 --- badhouseplants/values/values.argocd.yaml | 56 ------------------------ 1 file changed, 56 deletions(-) diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index efc09d8..a00aa9f 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -69,62 +69,6 @@ repoServer: imagePullSecrets: - name: regcred - volumes: - - name: custom-tools - emptyDir: {} - - name: helm-plugins - emptyDir: {} - env: - - name: HELM_PLUGINS - value: /helm-plugins - - name: install-ksops - image: viaductoss/ksops:v3.0.2 - command: ["/bin/sh", "-c"] - args: - - echo "Installing KSOPS..."; - mv ksops /custom-tools/; - mv $GOPATH/bin/kustomize /custom-tools/; - echo "Done."; - volumeMounts: - - mountPath: /custom-tools - name: custom-tools - - name: install-helm-secrets - image: alpine:latest - command: [sh, -ec] - env: - - name: HELM_SECRETS_VERSION - value: "3.12.0" - - name: KUBECTL_VERSION - value: "1.24.3" - - name: VALS_VERSION - value: "0.18.0" - - name: SOPS_VERSION - value: "3.7.3" - args: - - | - mkdir -p /custom-tools/helm-plugins - wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-; - - wget -qO /custom-tools/sops https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux - wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl - - wget -qO- https://github.com/variantdev/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals; - - chmod +x /custom-tools/* - volumeMounts: - - mountPath: /custom-tools - name: custom-tools - - volumeMounts: - - mountPath: /usr/local/bin/kustomize - name: custom-tools - subPath: kustomize - - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops - name: custom-tools - subPath: ksops - - mountPath: /helm-plugins - name: helm-plugins - configs: credentialTemplates: -- 2.45.2 From 949deb58dfdb26e0226db3b71c756bfcd0bab40b Mon Sep 17 00:00:00 2001 From: jacklull Date: Wed, 1 Mar 2023 15:57:02 +0000 Subject: [PATCH 015/316] Increase Minecraft server RAM (#26) Co-authored-by: RNRod Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/26 --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 30480c1..1f3c39e 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -11,7 +11,7 @@ minecraftServer: gameMode: survival motd: "Suck my cock" pvp: true - memory: 2512M + memory: 4096M persistence: dataDir: enabled: true -- 2.45.2 From d682592f0b8139d6b559fde4329b64cb302e78d6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Mar 2023 16:11:34 +0000 Subject: [PATCH 016/316] Add gitea as auth for argoCD (#28) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/28 --- badhouseplants/values/secrets.argocd.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 9115eae..a8c1fd6 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,6 +1,6 @@ server: config: - dex.config: ENC[AES256_GCM,data:w42nfkrcJlqjDduXn+lR0KHFWoL2lY+fwCnSpGZ46uaQFa+iP6Lr5yCdWfCBUrz+/9OKqqnt5GDD7gV2UH9m4eiJZ2fS0SLKsxgxyD+bPMr/F77+mqh+g7fWpo0GRnUt5kygRWwVzBPBJnp32zOX8TSiOD0Pt6HDcBPngkOWn4JlNQqC0e+NzW91BsLt5qmmF1lOyDKIKuTNOSb2tl1GM+nBad1G0CKXGlKmzT5a6j4p8DzZW6WmFA3824lH1ahwb5sb+ttPWx9C0OE0DOIyGPPNW/rDpwO5fU5+eTX+IwEWJK7/ZDt10X4gO/z4voI=,iv:TzXfBuc3N8iQibibwMblAmlLIsRBPAgm/OOs3zCdwiY=,tag:12ZOQBweFbT4gCcnfNo9nw==,type:str] + dex.config: ENC[AES256_GCM,data:bjTKndrvmLDiRlbff6V8HaH1r+mzAZd1C7PB9IfGGjPQ1zbMQQQDISwehANhS7xTzEMmR22Kc8djGSeyXoQ685kAD3ZF4I+fahTcFfnXLyCKPazFzDXjPtk4H5PVlsefxsu0fNzfeBkf0LDH3nKkF+tAZ46f8ERtagfBwD1glMWZMNDSztf5AB8722CBPuP9bRqS3fwOWSVq4vkzxPOblyWgTABSG1JqFDDDxvI5czmRMV9YOA/oebGdVj9bsQa4yqNOcJjGzPp4e7W4MP5Lh2OcMlfky2f4w6B4llQ4jdCxoS+EkOO4t1lzDf6DK7N3WXxcw/UPU9Ghq4v81KSdW2VhQSWKTJb4xtHQvMinsCT3vMNW08B8VdCfKeuI2MtR4Qd7SFYyeWBI8kkRMngYeK5h4iDdwMu6PWgZxhD3YxNLbHFIv+Mc0O+qC1aQxAHhbt/sKBjDyDRFVWhTPD35cSVe8Q0Ew45imwjXwD5mDg5qwY7Wy51iMfQhzPL/bNOrRcQ0mHaKe9tDQ+3g6T8rHMqL+lNOUbILwwOcOY5roacSJs8gdZUGvOQLtWxfSn5vVBTajAptRs1EoUcN8J33u9zlt3IyTzHNb4R8Ks2qBwWyZJ91GQFAgq8X4Gy5SN/3TmdBItWahauYtoS73qV+,iv:0ohAwVtCdy1ry7LBNwZ/CMVuuGd0X4bZoRluPW9ofxc=,tag:HTSWiUZSKd8iO6mYTlWCxw==,type:str] configs: credentialTemplates: ssh-creds: @@ -20,8 +20,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-22T09:30:43Z" - mac: ENC[AES256_GCM,data:YSSFYlfJT5kCAt7MkuPvR2HMUcodSo410Vn0yZDFcRXb0CoE2KRjbwdkB8BD5DiamdO6viiitlnqRo5gzJv0e0kDu80QEjyCcEImkMSffnufMbFfkQWUylbBGx6iFkDhnsD3iEcYfnaE/W4k5shPYVfOmEjpzMLKX5CcC46oBQY=,iv:CGtXUGTG8Ax8NCkFXXf2eSSvnMW2xEpqUS2Tttzd0RI=,tag:WwIXtMXCUqmiK55f21lUCw==,type:str] + lastmodified: "2023-03-04T16:07:32Z" + mac: ENC[AES256_GCM,data:VQ8b9viFejsASLPlWwbcH8izxbIv8ldZ9yxNgMpmXNfcbM2NvdDxqmbdwhx5dvrJiXxBGMOZUq6PncLGKJqtfnnTsav8OgJdJrRqjWd/E0Zlu/HEg17/VkerLJU5PzjRgmSiDBczagz0YVWVuD33S/gvOH0JhW5mu2rWNMfgRpc=,iv:LQtihL+A3/vR5jLgms29vHcBMDnXU7ZR+nAumV/4ylg=,tag:vW0S0gmIbuWnKMT+9cbYbw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 -- 2.45.2 From 003d6f14c2d0e00235187f469600ee6afec03b1f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Mar 2023 16:24:36 +0000 Subject: [PATCH 017/316] Fix Gitea dex config (#29) Set the correct `baseURL` Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/29 --- badhouseplants/values/secrets.argocd.yaml | 6 +++--- badhouseplants/values/values.argocd.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index a8c1fd6..371d4d1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,6 +1,6 @@ server: config: - dex.config: ENC[AES256_GCM,data:bjTKndrvmLDiRlbff6V8HaH1r+mzAZd1C7PB9IfGGjPQ1zbMQQQDISwehANhS7xTzEMmR22Kc8djGSeyXoQ685kAD3ZF4I+fahTcFfnXLyCKPazFzDXjPtk4H5PVlsefxsu0fNzfeBkf0LDH3nKkF+tAZ46f8ERtagfBwD1glMWZMNDSztf5AB8722CBPuP9bRqS3fwOWSVq4vkzxPOblyWgTABSG1JqFDDDxvI5czmRMV9YOA/oebGdVj9bsQa4yqNOcJjGzPp4e7W4MP5Lh2OcMlfky2f4w6B4llQ4jdCxoS+EkOO4t1lzDf6DK7N3WXxcw/UPU9Ghq4v81KSdW2VhQSWKTJb4xtHQvMinsCT3vMNW08B8VdCfKeuI2MtR4Qd7SFYyeWBI8kkRMngYeK5h4iDdwMu6PWgZxhD3YxNLbHFIv+Mc0O+qC1aQxAHhbt/sKBjDyDRFVWhTPD35cSVe8Q0Ew45imwjXwD5mDg5qwY7Wy51iMfQhzPL/bNOrRcQ0mHaKe9tDQ+3g6T8rHMqL+lNOUbILwwOcOY5roacSJs8gdZUGvOQLtWxfSn5vVBTajAptRs1EoUcN8J33u9zlt3IyTzHNb4R8Ks2qBwWyZJ91GQFAgq8X4Gy5SN/3TmdBItWahauYtoS73qV+,iv:0ohAwVtCdy1ry7LBNwZ/CMVuuGd0X4bZoRluPW9ofxc=,tag:HTSWiUZSKd8iO6mYTlWCxw==,type:str] + dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] configs: credentialTemplates: ssh-creds: @@ -20,8 +20,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-04T16:07:32Z" - mac: ENC[AES256_GCM,data:VQ8b9viFejsASLPlWwbcH8izxbIv8ldZ9yxNgMpmXNfcbM2NvdDxqmbdwhx5dvrJiXxBGMOZUq6PncLGKJqtfnnTsav8OgJdJrRqjWd/E0Zlu/HEg17/VkerLJU5PzjRgmSiDBczagz0YVWVuD33S/gvOH0JhW5mu2rWNMfgRpc=,iv:LQtihL+A3/vR5jLgms29vHcBMDnXU7ZR+nAumV/4ylg=,tag:vW0S0gmIbuWnKMT+9cbYbw==,type:str] + lastmodified: "2023-03-04T16:16:37Z" + mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index a00aa9f..41fcc9c 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,3 +1,4 @@ +--- controller: resources: limits: -- 2.45.2 From b03661222ace0eb5807b11512a3dfdf7da61fca7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 5 Mar 2023 07:47:20 +0000 Subject: [PATCH 018/316] Decrease resources given to Istio proxies (#30) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/30 --- badhouseplants/values/values.istiod.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index 546495b..01529ce 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -4,4 +4,11 @@ pilot: requests: cpu: 50m memory: 2048Mi - +global: + proxy: + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + memory: 128Mi -- 2.45.2 From bbefd9ce54ea5b9fb491c7f94249a6ef8631b59e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 5 Mar 2023 17:50:13 +0000 Subject: [PATCH 019/316] Set more realistic requests (#32) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/32 --- badhouseplants/helmfile.yaml | 2 +- badhouseplants/values/values.funkwhale.yaml | 9 +++- badhouseplants/values/values.gitea.yaml | 12 +++-- releases.yaml | 57 ++++++++++----------- 4 files changed, 45 insertions(+), 35 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 11f4e86..8186903 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -31,7 +31,7 @@ releases: installed: true namespace: minecraft-application createNamespace: false - + - <<: *gitea installed: true namespace: gitea-service diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index e6a36db..08bdbd6 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -1,5 +1,6 @@ +--- replicaCount: 1 -worker: +worker: replicaCount: 1 celery: beat: @@ -21,4 +22,8 @@ s3: enabled: false ingress: enabled: false - +postgresql: + primary: + resources: + requests: + cpu: 50m diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 4d299a6..6c6cf87 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,3 +1,4 @@ +--- ns: enabled: true name: gitea-service @@ -39,7 +40,7 @@ resources: cpu: 300m memory: 512Mi requests: - cpu: 100m + cpu: 50m memory: 128Mi persistence: @@ -54,9 +55,11 @@ memcached: enabled: true service: port: 11211 - + resources: + requests: + cpu: 10mi postgresql: - auth: + auth: postgresPassword: check enabled: true global: @@ -64,6 +67,9 @@ postgresql: servicePort: 5432 persistence: size: 10Gi + resources: + requests: + cpu: 50m ingress: enabled: false diff --git a/releases.yaml b/releases.yaml index 3b7b52f..eaff832 100644 --- a/releases.yaml +++ b/releases.yaml @@ -4,37 +4,37 @@ templates: # -- Hooks # --------------------------- crd-management-hook: - hooks: + hooks: - events: ["preapply"] showlogs: true command: "sh" - args: - - -c + args: + - -c - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }}| kubectl apply -f -" - events: ["prepare"] showlogs: true command: "sh" - args: - - -c + args: + - -c - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" - events: ["postuninstall"] showlogs: true command: "sh" - args: - - -c + args: + - -c - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f -" # ---------------------------- # -- Configs # ---------------------------- - default-common-values: - values: - - "{{ requiredEnv \"PWD\" }}/commmon/values.{{ .Release.Name }}.yaml" - default-env-values: - values: - - "{{ requiredEnv \"PWD\" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml" + default-common-values: + values: + - '{{ requiredEnv "PWD" }}/commmon/values.{{ .Release.Name }}.yaml' + default-env-values: + values: + - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml' default-env-secrets: - secrets: - - "{{ requiredEnv \"PWD\" }}/{{ .Environment.Name }}/values/secrets.{{ .Release.Name }}.yaml" + secrets: + - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/secrets.{{ .Release.Name }}.yaml' # ---------------------------- # -- Extensions # ---------------------------- @@ -44,12 +44,12 @@ templates: version: 2.0.0 alias: istio namespace: - dependencies: + dependencies: - chart: bedag/raw version: 2.0.0 alias: ns values: - - "{{ requiredEnv \"PWD\" }}/common/values.ns.yaml" + - '{{ requiredEnv "PWD" }}/common/values.ns.yaml' # ---------------------------- # -- Releases # ---------------------------- @@ -66,7 +66,7 @@ templates: name: cert-manager chart: jetstack/cert-manager version: 1.10.1 - set: + set: - name: installCRDs value: true longhorn: &longhorn @@ -87,14 +87,14 @@ templates: # -- Istio # ---------------------------- istio-common: - labels: + labels: bundle: istio version: 1.16.1 - + istio-base: &istio-base name: istio-base chart: istio/base - inherit: + inherit: - template: crd-management-hook - template: istio-common @@ -111,7 +111,7 @@ templates: inherit: - template: istio-common - template: default-env-values - + # ---------------------------- # -- Applications # ---------------------------- @@ -129,7 +129,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - + drone-runner-kube: &drone-runner-kube name: drone-runner-kube chart: drone/drone-runner-kube @@ -145,7 +145,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - + minio: &minio name: minio chart: minio/minio @@ -153,19 +153,19 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - + minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft version: 4.4.0 inherit: - template: default-env-values - + gitea: &gitea name: gitea chart: gitea/gitea version: 7.0.2 - inherit: + inherit: - template: default-env-values - template: default-env-secrets @@ -173,7 +173,6 @@ templates: name: funkwhale chart: ananace-charts/funkwhale version: 1.0.0 - inherit: + inherit: - template: default-env-values - template: default-env-secrets - -- 2.45.2 From fd22ff01cbc3cf92594af7940388c3f78c65dd78 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 7 Mar 2023 17:34:35 +0000 Subject: [PATCH 020/316] Start managing namespaces with `Helmfile` (#33) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/33 --- badhouseplants/helmfile.yaml | 3 +++ badhouseplants/namespaces.yaml | 10 ++++++++++ badhouseplants/values/values.namespaces.yaml | 11 +++++++++++ 3 files changed, 24 insertions(+) create mode 100644 badhouseplants/namespaces.yaml create mode 100644 badhouseplants/values/values.namespaces.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8186903..604b1c4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -45,3 +45,6 @@ releases: bases: - ../environments.yaml - ../repositories.yaml + +helmfiles: + - namespaces.yaml diff --git a/badhouseplants/namespaces.yaml b/badhouseplants/namespaces.yaml new file mode 100644 index 0000000..5421b9d --- /dev/null +++ b/badhouseplants/namespaces.yaml @@ -0,0 +1,10 @@ +--- +releases: + - name: namespaces + chart: bedag/raw + version: 2.0.0 + values: + - ./values/values.namespaces.yaml +bases: + - ../environments.yaml + - ../repositories.yaml diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml new file mode 100644 index 0000000..93e1841 --- /dev/null +++ b/badhouseplants/values/values.namespaces.yaml @@ -0,0 +1,11 @@ +--- +ns: + - name: monitoring +templates: + - | + {{ range .Values.ns }} + apiVersion: v1 + kind: Namespace + metadata: + name: {{ .name }} + {{ end }} -- 2.45.2 From 1553a906d8b9f8f6f693644229b223b0fdcbed29 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 8 Mar 2023 10:11:48 +0000 Subject: [PATCH 021/316] Increase Gitea attachment size (#34) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/34 --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 6c6cf87..9b62082 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -93,7 +93,7 @@ gitea: cron: enabled: true attachment: - MAX_SIZE: 10 + MAX_SIZE: 100 statefulset: env: - name: DOMAIN -- 2.45.2 From db538f718175395f97e0b8f3b76a4d3b721c8fce Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 13 Mar 2023 07:41:49 +0000 Subject: [PATCH 022/316] Add oauth to MinIO (#35) I want to use OAuth everywhere it's possible, so I need to create accounts in gitea only Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/35 --- badhouseplants/helmfile.yaml | 4 +- badhouseplants/values/secrets.minio.yaml | 16 ++++++-- badhouseplants/values/values.minio.yaml | 47 ++++++++++++++++++++++-- releases.yaml | 16 ++++---- 4 files changed, 66 insertions(+), 17 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 604b1c4..e535da1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -46,5 +46,5 @@ bases: - ../environments.yaml - ../repositories.yaml -helmfiles: - - namespaces.yaml + #helmfiles: + # - namespaces.yaml diff --git a/badhouseplants/values/secrets.minio.yaml b/badhouseplants/values/secrets.minio.yaml index c47026c..44630df 100644 --- a/badhouseplants/values/secrets.minio.yaml +++ b/badhouseplants/values/secrets.minio.yaml @@ -2,7 +2,17 @@ rootPassword: ENC[AES256_GCM,data:7baD0HwMztU27TymEWp+Ad1s8Zc=,iv:CXiTBEGU1tr99i users: - accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str] secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str] - policy: ENC[AES256_GCM,data:B7CQsSUaq3B/gO/X,iv:Z4DTTXk5TO288lIrjbvXQXsUt44WjvGLMGxXmnEnHGU=,tag:pvK4zoZGBbpithTBYVDKfQ==,type:str] + policy: ENC[AES256_GCM,data:szr/D/u/ng0=,iv:jzm7Q4zdKQpNV0FgJ4jA9CuN7r912ySBJHmxKeQGS2I=,tag:cKarFmhIbBEtslSxOc4mcA==,type:str] +oidc: + enabled: ENC[AES256_GCM,data:lK45+A==,iv:NcoTJPt4XZGRlVRwpsmuI5nu66cGVksQBRAwRval5JY=,tag:kjtPLITQLBOqjF3IaJAL8w==,type:bool] + configUrl: ENC[AES256_GCM,data:ZNVvWPlFPA1xgfysavsEusfxE2ySIM9FYatYqfWPnUrHKMtCxYlrn1ip3nTYL2JHvjM3yltLBNbqWMCGlgtw,iv:p1F2DqCFaKvjYKhMieFytnMuggrec8DmBzDATLTVe+8=,tag:3EtpPSyRlGThov5OcZfV+g==,type:str] + clientId: ENC[AES256_GCM,data:kO7PkjN+5GqZCxChvtbTQb/5zo7nVxfh7MZqbDoJLIKMEfth,iv:ti3Xlc3sRVOVGtxGw/pT5iBy5rBqV2v+MhiNF3Krb9U=,tag:3LUDIkq08zGmvjJtSnE/jA==,type:str] + clientSecret: ENC[AES256_GCM,data:PVe+8SlNrznBiFVNpuQXIcuPkUXyUJ7DObZpRvlgA8JjUHXTy3VY7soyJVBZEMfYbNjSLLcKcWM=,iv:fbh2RcQdPf3jUt2AOI3xp09SSEaWzI4rLGZmlZY46uM=,tag:wvEBkkPsXoQXAP7fN1iDMA==,type:str] + claimName: ENC[AES256_GCM,data:K7IO7TyaAUr4U80Ni5Xt/bma,iv:R8RQLttCNMHpAit+3OQ/STXo7u6xqQ1+RYgGLpJTpn4=,tag:3Wsh7TNnh1V0GrqjF/4Uiw==,type:str] + redirectUri: ENC[AES256_GCM,data:+Q8cNCvslAcO4m7VJwNe/CpEntyHfuHOrHqqtlrDILkfc0IRAA8aSbZwbA2v+So=,iv:GwzNILyqLuAYUQFKbt5WE+VCdOzSTBmGCAHcCAnzxXk=,tag:p9/86/r2DfT1mkQu+aQJfQ==,type:str] + comment: ENC[AES256_GCM,data:TO3kA0i503ZA+EFhKa2AZw==,iv:Cl3NvvgXz71AaCgMl062urNtcBtgk832vtxTs9MJwik=,tag:JwerK2q1L7xMv/NIoWkESw==,type:str] + claimPrefix: "" + scopes: ENC[AES256_GCM,data:kyewug7Dv2UOcsc8UWe1ssepra8uBW7uYw==,iv:RfQQiwBWWSd9DSgSlYZFwyZy2xaizMuVjeCZAws3ddM=,tag:jnegIPBviRTPi4kwM1jexQ==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +28,8 @@ sops: NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T20:48:11Z" - mac: ENC[AES256_GCM,data:MTcZ//5+uC+yFp+TmLhqdGIBpcaW96HpfUZeIUZijOffss401/XMOYprIILTPRq2B8kaCW2jp8hkL3oFDxSce0BGeqdRsFOlRL9vbtpyBPTUoGBnr6u/HK1G09zqtlsA/RZTvpBNoKrfdSvoWwoFIjs5oWPbi1f44gkgAl85ENM=,iv:07nSOo1F63sPgadSHtdI9JjtKjH/F9ThFW4sxWVGTxs=,tag:fFOO4sT6EFsAKje5llEUqg==,type:str] + lastmodified: "2023-03-12T10:17:38Z" + mac: ENC[AES256_GCM,data:I6DCLZNMl3LuGif/mDDNKKODZ6O/CSYty0+N60Xw4go2mH9J8/PPX0fEYL0ilRG2VDLuZ86RTiPCwAtUXVrtu1jzlkajbZPytWMpURZk+4m2XxXSDrTHNt6KJglF29DhENCkVXeZ75fHSKOS0yliZ+Q/90Ye18FJSlvVUy6HSfM=,iv:4y4pU0OTK6c2Oj5LvoJALtcn5TJ7OQFNys2swbYkodU=,tag:GSPQ64Ntu/oYnz6BfWXOTg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index aaa04e3..f379e7a 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -1,3 +1,4 @@ +--- rootUser: 'overlord' replicas: 1 mode: standalone @@ -24,13 +25,51 @@ resources: requests: memory: 2Gi buckets: - - name: allanger - policy: none + - name: badhouseplants-net + policy: download purge: false - versioning: true + versioning: false + - name: badhouseplants-net-main + policy: download + purge: false + versioning: false metrics: serviceMonitor: enabled: false public: true additionalLabels: {} - +policies: + - name: allanger + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: badhouseplants:owners + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: badhouseplants + statements: + - resources: + - 'arn:aws:s3:::badhouseplants' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::badhouseplants/*' + actions: + - "s3:*" diff --git a/releases.yaml b/releases.yaml index eaff832..2359f94 100644 --- a/releases.yaml +++ b/releases.yaml @@ -58,14 +58,14 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.8.3 + version: 3.8.4 values: - common/values.{{ .Release.Name }}.yaml cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.10.1 + version: 1.11.0 set: - name: installCRDs value: true @@ -79,7 +79,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.23.3 + version: 5.25.0 inherit: - template: default-env-values - template: default-env-secrets @@ -89,7 +89,7 @@ templates: istio-common: labels: bundle: istio - version: 1.16.1 + version: 1.17.1 istio-base: &istio-base name: istio-base @@ -141,7 +141,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.2.22 + version: 15.2.51 inherit: - template: default-env-values - template: default-env-secrets @@ -149,7 +149,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.4 + version: 5.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -157,14 +157,14 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.4.0 + version: 4.6.0 inherit: - template: default-env-values gitea: &gitea name: gitea chart: gitea/gitea - version: 7.0.2 + version: 7.0.4 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From c9a45797bf570ed98ae90ce59367ccdb6cd0491c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 13 Mar 2023 09:08:33 +0000 Subject: [PATCH 023/316] Use groups for Minio oauth (#36) Now gitea orgs are used as policies, so it's easier to handle access. Also, drone is switched to a global Gitea oauth app, instead of my personal Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/36 --- badhouseplants/values/secrets.drone.yaml | 8 ++++---- badhouseplants/values/secrets.minio.yaml | 8 ++++---- badhouseplants/values/values.minio.yaml | 10 ++-------- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/badhouseplants/values/secrets.drone.yaml b/badhouseplants/values/secrets.drone.yaml index 0d56eec..b7c56eb 100644 --- a/badhouseplants/values/secrets.drone.yaml +++ b/badhouseplants/values/secrets.drone.yaml @@ -1,6 +1,6 @@ env: - DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:BbhUhVbrqFhD3Bw3w0ZfXRFNDkR7LV2gtabUOR990UQ6xDFw,iv:PfsuCU8A0C7MxVd9q6h6hexpeqxDJIshG16+Yoj9uTA=,tag:5mqw0hVJSlIta4p9VxGomw==,type:str] - DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:W3NzKBlKhzB1lPmLbMfVkHxtnod25tGi1lHJW2RWc46je6NeWHX1XZlRefbVqKO6gO4AUTlJOq4=,iv:08EQ/9iVZ93P0I+mYBv3SuKfLs/T3ZS6yZkdAuzU4KI=,tag:c2OiB4R/aBLjVY5EfPSJgA==,type:str] + DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:7Ohn3nGR9VeIhAr9EdW1/juRFo3TXpKIwU07hD8mGoyBrbyn,iv:9/y3Ou8H/PL2hMsirJaqviKGQuzVlzL43iGAKQb9NII=,tag:EZoo2F4/HoOcacWOVU9yjA==,type:str] + DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:2wAbiSJdDb5lGUOocK14pZtwQI0EFmXGStAigKsPGAZUKyn7M0B6xBO1+B3wZYVnIKEohiNIZF7k,iv:Y9aCzdSH5cAIZfk84Clto/IrQMRaoH+bOkvbP+9CcLM=,tag:FVfLsEA56WGNCl/8ut4F/Q==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +16,8 @@ sops: QStxOG1iMWlxQ2dmOXRabXp4cm9NSU0K/+CRAc7DH4PgbQscXvDb7yLe8VoEpixr icD3GL37kYE2D4h1cm+p+/b7BF4/yjNlCUvo5cITXRjZAuiWGwUixQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T10:39:39Z" - mac: ENC[AES256_GCM,data:UXfogL8cIidQpdrTNVCofPRkoC00OczHIQcISQ1AlL+BTl8NjdQfzVdknczDagtooAXdV8Cf+Qf9xMzDd7svFv2Uyc6Tzz80171My9d8bHLtv1Q5TbJ4OSAVr38tOd35APnPgsvgX2SXEDf/vvUuTN7mljPTFuF0raCqLlN+LGg=,iv:s2AH5PUohmLTo2LN3Vq9RW1OOO4I9YkyuK1/ODGwegc=,tag:YmzJBbt2TGJsy5ym8ZkP2Q==,type:str] + lastmodified: "2023-03-13T09:01:15Z" + mac: ENC[AES256_GCM,data:cHdSHMa5dJTMrQsDOvTAORHON3WlFVRApaajAoZ8QIWWxC1ZCNIyMp1NlgZ+vv1vY951+JsOu4WYJdfygMvCplSz2ughqWgPFvykKOCBGTLfEKxSagnxuxuDpJ3FT2zlzzUxLFSOg8iGgpxZc9mF28divlAem4POkGgWs+7s7tE=,iv:Zjx1Zscf6G4QyZJayJLktSg6kOCl3K32G7U41dL1RVQ=,tag:v3m/hIt5A4xe6R1G9b30cA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.minio.yaml b/badhouseplants/values/secrets.minio.yaml index 44630df..a4ce952 100644 --- a/badhouseplants/values/secrets.minio.yaml +++ b/badhouseplants/values/secrets.minio.yaml @@ -8,11 +8,11 @@ oidc: configUrl: ENC[AES256_GCM,data:ZNVvWPlFPA1xgfysavsEusfxE2ySIM9FYatYqfWPnUrHKMtCxYlrn1ip3nTYL2JHvjM3yltLBNbqWMCGlgtw,iv:p1F2DqCFaKvjYKhMieFytnMuggrec8DmBzDATLTVe+8=,tag:3EtpPSyRlGThov5OcZfV+g==,type:str] clientId: ENC[AES256_GCM,data:kO7PkjN+5GqZCxChvtbTQb/5zo7nVxfh7MZqbDoJLIKMEfth,iv:ti3Xlc3sRVOVGtxGw/pT5iBy5rBqV2v+MhiNF3Krb9U=,tag:3LUDIkq08zGmvjJtSnE/jA==,type:str] clientSecret: ENC[AES256_GCM,data:PVe+8SlNrznBiFVNpuQXIcuPkUXyUJ7DObZpRvlgA8JjUHXTy3VY7soyJVBZEMfYbNjSLLcKcWM=,iv:fbh2RcQdPf3jUt2AOI3xp09SSEaWzI4rLGZmlZY46uM=,tag:wvEBkkPsXoQXAP7fN1iDMA==,type:str] - claimName: ENC[AES256_GCM,data:K7IO7TyaAUr4U80Ni5Xt/bma,iv:R8RQLttCNMHpAit+3OQ/STXo7u6xqQ1+RYgGLpJTpn4=,tag:3Wsh7TNnh1V0GrqjF/4Uiw==,type:str] + claimName: ENC[AES256_GCM,data:+XEw9sQ5,iv:DgGZf/GwkJsk4lfI8TBBaGfwN8YESMu9BSOBLJkbz78=,tag:A4hvQYEaZxPNf9CZp9+YUQ==,type:str] redirectUri: ENC[AES256_GCM,data:+Q8cNCvslAcO4m7VJwNe/CpEntyHfuHOrHqqtlrDILkfc0IRAA8aSbZwbA2v+So=,iv:GwzNILyqLuAYUQFKbt5WE+VCdOzSTBmGCAHcCAnzxXk=,tag:p9/86/r2DfT1mkQu+aQJfQ==,type:str] comment: ENC[AES256_GCM,data:TO3kA0i503ZA+EFhKa2AZw==,iv:Cl3NvvgXz71AaCgMl062urNtcBtgk832vtxTs9MJwik=,tag:JwerK2q1L7xMv/NIoWkESw==,type:str] claimPrefix: "" - scopes: ENC[AES256_GCM,data:kyewug7Dv2UOcsc8UWe1ssepra8uBW7uYw==,iv:RfQQiwBWWSd9DSgSlYZFwyZy2xaizMuVjeCZAws3ddM=,tag:jnegIPBviRTPi4kwM1jexQ==,type:str] + scopes: ENC[AES256_GCM,data:TuXqq8d+Xo/1ZNi036wx1GhbNPSF2sv8uYUy,iv:u9VfqbAGR94vLPD7nnsKuz5b2sbpUhs1TT7Ah8quX7c=,tag:jZplD/t4rA+p7TtisrC9mg==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +28,8 @@ sops: NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-12T10:17:38Z" - mac: ENC[AES256_GCM,data:I6DCLZNMl3LuGif/mDDNKKODZ6O/CSYty0+N60Xw4go2mH9J8/PPX0fEYL0ilRG2VDLuZ86RTiPCwAtUXVrtu1jzlkajbZPytWMpURZk+4m2XxXSDrTHNt6KJglF29DhENCkVXeZ75fHSKOS0yliZ+Q/90Ye18FJSlvVUy6HSfM=,iv:4y4pU0OTK6c2Oj5LvoJALtcn5TJ7OQFNys2swbYkodU=,tag:GSPQ64Ntu/oYnz6BfWXOTg==,type:str] + lastmodified: "2023-03-13T07:52:39Z" + mac: ENC[AES256_GCM,data:ognemBsF32MrBDoUTcmwW1W5VI//FADb/p0Do8aQttsikYMVLcFZqWx7Dyhu8CfOWsXL/atVLh2Gj3dkxjsmDFI8uUd4gwq0oMYtk7gR09WrrigDtV1UPgDgyLO3nW4/YmTYGx0fLcsFyGJMm1Pp08Sk+oGcP2Xt+zBAch6/xyE=,iv:Q6dAGFlaTQL7zbR1Z868zo3HbWW4/xpoaWdyw/k/c0U=,tag:I6X2USyt1AhgzjlY469jOA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index f379e7a..1f16321 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -57,19 +57,13 @@ policies: - 'arn:aws:s3:::*' actions: - "s3:*" - - resources: [] - actions: - - "admin:*" - - resources: [] - actions: - - "kms:*" - name: badhouseplants statements: - resources: - - 'arn:aws:s3:::badhouseplants' + - 'arn:aws:s3:::badhouseplants-net' actions: - "s3:*" - resources: - - 'arn:aws:s3:::badhouseplants/*' + - 'arn:aws:s3:::badhouseplants-net/*' actions: - "s3:*" -- 2.45.2 From c237d4ffae91edaa17ef9522ea18f6a76748a4a2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 14 Mar 2023 14:40:09 +0000 Subject: [PATCH 024/316] Migrate minecraft to Paper (#37) I want to configure monitoring for Minecraft, and it's not possible with the Vanilla version. So we're testing Paper Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/37 --- badhouseplants/values/values.minecraft.yaml | 54 ++++++++++++++++++++- common/values.service-monitor.yaml | 16 ++++++ releases.yaml | 8 +++ 3 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 common/values.service-monitor.yaml diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 1f3c39e..41673a2 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -1,3 +1,18 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- resources: requests: memory: 512Mi @@ -8,11 +23,48 @@ minecraftServer: difficulty: hard hardcore: true version: 1.19.2 + type: "PAPER" + paperDownloadUrl: > + https://api.papermc.io/v2/projects/paper/versions/1.19.2/builds/307/downloads/paper-1.19.2-307.jar gameMode: survival - motd: "Suck my cock" pvp: true memory: 4096M + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false persistence: dataDir: enabled: true Size: 8Gi +initContainers: + - name: install-prometheus-exporter + image: alpine/curl + command: + - curl + - -L + - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" + - -o + - /data/plugins/prometheus-exporter.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi diff --git a/common/values.service-monitor.yaml b/common/values.service-monitor.yaml new file mode 100644 index 0000000..f44401a --- /dev/null +++ b/common/values.service-monitor.yaml @@ -0,0 +1,16 @@ +--- +service-monitor: + templates: + - | + {{ range .Values.service-monitor.resources }} + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: {{ .name }} + spec: + selector: + matchLabels: + app: {{ .label.app }} + endpoints: + - port: {{ .endpoints.port }} + {{ end }} diff --git a/releases.yaml b/releases.yaml index 2359f94..b38f4f5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -43,6 +43,13 @@ templates: - chart: bedag/raw version: 2.0.0 alias: istio + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' namespace: dependencies: - chart: bedag/raw @@ -160,6 +167,7 @@ templates: version: 4.6.0 inherit: - template: default-env-values + # - template: service-monitor gitea: &gitea name: gitea -- 2.45.2 From 415afc22c6cca87ebf979d7c4c2ea1f29849b11c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 16 Mar 2023 16:37:08 +0000 Subject: [PATCH 025/316] chore(Minio): Add more permissions to badhouseplants-owners (#39) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/39 --- badhouseplants/values/values.minio.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 1f16321..e39bc4e 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -57,6 +57,12 @@ policies: - 'arn:aws:s3:::*' actions: - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" - name: badhouseplants statements: - resources: -- 2.45.2 From 6cdac9d38ec014b624d00d1f6251f3ae96a6696e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Mar 2023 10:32:00 +0000 Subject: [PATCH 026/316] feat(Gitea): Enable LFS (#40) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/40 --- badhouseplants/values/values.gitea.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 9b62082..e354f0e 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -4,7 +4,7 @@ ns: name: gitea-service istio: enabled: true - istio: + istio: - name: gitea-http gateway: badhouseplants-net hostname: git.badhouseplants.net @@ -83,11 +83,12 @@ gitea: DESCRIPTION: by allanger repository: DEFAULT_BRANCH: main - service: + service: DISABLE_REGISTRATION: true - server: + server: DOMAIN: git.badhouseplants.net ROOT_URL: https://git.badhouseplants.net + LFS_START_SERVER: true packages: ENABLED: true cron: -- 2.45.2 From a6f49a084f0a15bac1b9c24cedea263abb91a99b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 21 Mar 2023 17:07:04 +0000 Subject: [PATCH 027/316] Update outdated charts (#41) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/41 --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index b38f4f5..a63d69c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -79,14 +79,14 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.4.0 + version: 1.4.1 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.25.0 + version: 5.27.1 inherit: - template: default-env-values - template: default-env-secrets @@ -148,7 +148,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.2.51 + version: 15.2.56 inherit: - template: default-env-values - template: default-env-secrets @@ -180,7 +180,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 1.0.0 + version: 1.0.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From a2bd88b8b060e557235851d6646cc99ade42caf3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 23 Mar 2023 13:49:48 +0000 Subject: [PATCH 028/316] Start using CDH (#42) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/42 --- .drone.yml | 114 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 67 insertions(+), 47 deletions(-) diff --git a/.drone.yml b/.drone.yml index a326c90..2c60c08 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,35 +8,35 @@ name: Show helmfile diffs trigger: branch: - exclude: + exclude: - main event: - - push + - push steps: -- name: Diff badhouseplants - image: ghcr.io/helmfile/helmfile:canary - environment: - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT - SOPS_AGE_KEY: - from_secret: SOPS_AGE_KEY - commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e badhouseplants diff --suppress-secrets + - name: Diff badhouseplants + image: ghcr.io/helmfile/helmfile:canary + environment: + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY + commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - helmfile -e badhouseplants diff --suppress-secrets -- name: Diff eterosoft - image: ghcr.io/helmfile/helmfile:canary - environment: - SOPS_AGE_KEY: - from_secret: SOPS_AGE_KEY - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT - commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e etersoft diff --suppress-secrets + - name: Diff eterosoft + image: ghcr.io/helmfile/helmfile:canary + environment: + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT + commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - helmfile -e etersoft diff --suppress-secrets --- # ---------------------------------------------- @@ -50,30 +50,50 @@ trigger: branch: - main event: - - push + - push steps: -- name: Apply badhouseplants - image: ghcr.io/helmfile/helmfile:canary - environment: - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT - SOPS_AGE_KEY: - from_secret: SOPS_AGE_KEY - commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e badhouseplants apply --suppress-secrets + - name: Apply badhouseplants + image: ghcr.io/helmfile/helmfile:canary + environment: + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY + commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - helmfile -e badhouseplants apply --suppress-secrets -- name: Apply eterosoft - image: ghcr.io/helmfile/helmfile:canary - environment: - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT - SOPS_AGE_KEY: - from_secret: SOPS_AGE_KEY - commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - - helmfile -e etersoft apply --suppress-secrets + - name: Apply eterosoft + image: ghcr.io/helmfile/helmfile:canary + environment: + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY + commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - helmfile -e etersoft apply --suppress-secrets +--- +# ---------------------------------------------- +# -- Check da helm pipeline +# ---------------------------------------------- +kind: pipeline +type: kubernetes +name: Check helmfiles +trigger: + event: + - cron + cron: + - daily + +steps: + - name: Check badhouseplants + image: ghcr.io/allanger/check-da-helm-helmfile:stable + environment: + RUST_LOG: info + commands: + - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o -- 2.45.2 From bef5ee42616e3c3ce31e9fdcc489768b10c731a3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Mar 2023 12:04:17 +0000 Subject: [PATCH 029/316] Add openID to the Etersoft Minio (#43) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/43 --- etersoft/values/secrets.minio.yaml | 14 ++++++++-- etersoft/values/values.minio.yaml | 42 +++++++++++++++++++++++------- 2 files changed, 44 insertions(+), 12 deletions(-) diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index a3fcedc..858d3c9 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -6,6 +6,16 @@ users: - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] +oidc: + enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] + configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] + clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str] + clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str] + claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] + redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] + comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] + claimPrefix: "" + scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] sops: kms: [] gcp_kms: [] @@ -21,8 +31,8 @@ sops: UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T20:49:43Z" - mac: ENC[AES256_GCM,data:LKS2YTDM0VSJwHyItYQ3rdgZgwvJNoHgsQdolduzYZ1RA33RX2b1IvWSufhfTTwR9AWoAYQgjrutyNSjC9ND5hSvvlQ97wAGUwgj9jFseDy5kAFet5QfhQBtWy6ngE3SlzY/zuapHij2b+AbjcRRQ1/6kQ72ht3cM5G7QvBV1bM=,iv:yrl/diVMfiNpBftBvUMLsbN3Lv+tXxVF8dmYi6QW/iM=,tag:O9lIRXDJLnbEaOgc89UO0Q==,type:str] + lastmodified: "2023-03-26T11:56:18Z" + mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index 51cec9d..0162fae 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -25,16 +25,38 @@ resources: requests: memory: 0.7Gi policies: -- name: backup - statements: - - resources: - - 'arn:aws:s3:::longhorn/*' - - 'arn:aws:s3:::longhorn' - actions: - - "s3:DeleteObject" - - "s3:GetObject" - - "s3:ListBucket" - - "s3:PutObject" + - name: badhouseplants:owners + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: badhouseplants + statements: + - resources: + - 'arn:aws:s3:::badhouseplants-net' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::badhouseplants-net/*' + actions: + - "s3:*" + - name: backup + statements: + - resources: + - 'arn:aws:s3:::longhorn/*' + - 'arn:aws:s3:::longhorn' + actions: + - "s3:DeleteObject" + - "s3:GetObject" + - "s3:ListBucket" + - "s3:PutObject" buckets: - name: longhorn policy: none -- 2.45.2 From 81cbb2ff4ef3d91a99c99aac62e03259b1630d43 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Mar 2023 12:26:33 +0000 Subject: [PATCH 030/316] Upgrade wordpress and argo (#44) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/44 --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index a63d69c..602b6fa 100644 --- a/releases.yaml +++ b/releases.yaml @@ -86,7 +86,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.27.1 + version: 5.27.3 inherit: - template: default-env-values - template: default-env-secrets @@ -148,7 +148,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.2.56 + version: 15.2.57 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 665f25a01314e35ee531e72bf74e9b6f641b606a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 27 Mar 2023 15:04:17 +0000 Subject: [PATCH 031/316] chore(minecraft): Update Minecraft to 1.19.3 (#45) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/45 --- badhouseplants/values/values.minecraft.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 41673a2..da6ccd7 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -22,10 +22,10 @@ minecraftServer: onlineMode: false difficulty: hard hardcore: true - version: 1.19.2 + version: 1.19.3 type: "PAPER" paperDownloadUrl: > - https://api.papermc.io/v2/projects/paper/versions/1.19.2/builds/307/downloads/paper-1.19.2-307.jar + https://api.papermc.io/v2/projects/paper/versions/1.19.3/builds/448/downloads/paper-1.19.3-448.jar gameMode: survival pvp: true memory: 4096M @@ -36,7 +36,7 @@ minecraftServer: service: enabled: true embedded: false - labels: + labels: exporter: minecraft type: ClusterIP port: 9925 -- 2.45.2 From 7c5632b54e1b210f96d530ccd3989d6de2b437b5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 28 Mar 2023 09:56:50 +0000 Subject: [PATCH 032/316] chore(minecraft): Update Minecraft to 1.19.4 (#46) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/46 --- badhouseplants/values/values.minecraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index da6ccd7..8d09b19 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -22,10 +22,10 @@ minecraftServer: onlineMode: false difficulty: hard hardcore: true - version: 1.19.3 + version: 1.19.4 type: "PAPER" paperDownloadUrl: > - https://api.papermc.io/v2/projects/paper/versions/1.19.3/builds/448/downloads/paper-1.19.3-448.jar + https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/473/downloads/paper-1.19.4-473.jar gameMode: survival pvp: true memory: 4096M -- 2.45.2 From 487ec5a73793ac482060fe2e50afe4391a03c8c5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 28 Mar 2023 10:58:36 +0000 Subject: [PATCH 033/316] fix(minecraft): PaperMC URL is now correct (#47) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/47 --- badhouseplants/values/values.minecraft.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 8d09b19..017d44d 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -24,8 +24,7 @@ minecraftServer: hardcore: true version: 1.19.4 type: "PAPER" - paperDownloadUrl: > - https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/473/downloads/paper-1.19.4-473.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/473/downloads/paper-1.19.4-473.jar gameMode: survival pvp: true memory: 4096M -- 2.45.2 From b6f1bd0517aee6d45d918975c52884aeb689832e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 29 Mar 2023 07:09:01 +0000 Subject: [PATCH 034/316] Update releases (#48) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/48 --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 602b6fa..c435e27 100644 --- a/releases.yaml +++ b/releases.yaml @@ -65,7 +65,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.8.4 + version: 3.9.0 values: - common/values.{{ .Release.Name }}.yaml @@ -86,7 +86,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.27.3 + version: 5.27.4 inherit: - template: default-env-values - template: default-env-secrets @@ -148,7 +148,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.2.57 + version: 15.2.59 inherit: - template: default-env-values - template: default-env-secrets @@ -172,7 +172,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 7.0.4 + version: 8.0.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 693bd37cfe6eb94871b3c6a0f4084f8be9a6edff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 29 Mar 2023 09:28:31 +0200 Subject: [PATCH 035/316] fix(gitea): Posgtress secrets are updated --- badhouseplants/values/secrets.gitea.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 7d4a1f7..dd8aa0d 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,10 +1,11 @@ postgresql: global: postgresql: - postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str] - postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str] - postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str] - postgresqlPostgresPassword: ENC[AES256_GCM,data:eAOXc+LouMdlfw==,iv:ePyDlj2wUkI7JoaUE38I7a/2mkaIL6iqN5QVp92FDN4=,tag:SE+BaOK5CZHT/Xowjov/CA==,type:str] + auth: + database: ENC[AES256_GCM,data:Cy0E9Sw=,iv:d68IzroVmsj4Y5QOgSlev7g+kTeovg29cEe2wLnWA50=,tag:pl5RqMwMtrSZgoGBkUCE9w==,type:str] + username: ENC[AES256_GCM,data:JJBW6Xs=,iv:M7EQ9UeNqjgG8B0ZAp0zHnFXHPzu+GskhyxVt0pxoJE=,tag:ujwxxXJwgpqYf7XZyXySCg==,type:str] + password: ENC[AES256_GCM,data:Fqnl7GQhgpFFRH72ZWeCsfeQjAQ=,iv:0O3zUWRAOjmc2MzOPIWj5Fq5bsemoGRBRk1u3/gU9ro=,tag:4bkQKMU1WTjRxiS10IzssQ==,type:str] + postgresPassword: ENC[AES256_GCM,data:qlLEaSfvrcROlA==,iv:3jDMPZtK/Jnjt2KXKLUlTDHOvObgjI1Q5U2UlFsivaE=,tag:tuaGHQzKD26JO6X5HAiXTw==,type:str] gitea: admin: username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] @@ -25,8 +26,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-22T09:43:31Z" - mac: ENC[AES256_GCM,data:CsAwzOnU31crz6+rQjwutDUtZK5Qq9EQHWNYAnmVFhy3fWYT4+9eLK2gSjq+kVZD9QC/vH31Kf1QEKMKu9Kol8TuDZN+UEEuuixQNqi2hcPbMV43HVOFdFOR475jLbkUo2S09Bs6b4i5f7NbpxCuy/am4K0p4K4839cRyN8pADI=,iv:w6tpLCM/FbyMgZpjXF5MVB4/UcBUvOUYzMa9hln4poc=,tag:SMpnEtR2l4H6VRqJPT7Frg==,type:str] + lastmodified: "2023-03-29T07:21:28Z" + mac: ENC[AES256_GCM,data:EGA95/6yEwOumGcXtC9G7N724j3PruP5E0HttGyNEhX97dGdpC8h2/aW9M/mjbp8YwIAvCYHdSxuEDo6D7QEpmEyyDjT4kcAPTlC6n56wRpZ/tXs7RBnzGG5FDnElVeqUVxsn8EuvF/QFsVL0W0jVQbJFeH7Z5os8rTSjz98IhI=,iv:fx9zPuQpGc1JdhAJW+8sAWrnJKifRN3O1Z3yu3H21nE=,tag:p47EO5x8EcTQARjeezAnUw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 -- 2.45.2 From 1e804ff3b1049579e1ac0b806d5a9089a09a1640 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 31 Mar 2023 11:20:57 +0200 Subject: [PATCH 036/316] feat(gitea): Turn on Gitea Actions --- badhouseplants/values/values.gitea.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index e354f0e..8624d3a 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -95,6 +95,8 @@ gitea: enabled: true attachment: MAX_SIZE: 100 + actions: + ENABLED: true statefulset: env: - name: DOMAIN -- 2.45.2 From 437cc1437ef60bd42759ee461e790c33a082bb67 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 29 Mar 2023 10:19:48 +0200 Subject: [PATCH 037/316] fix(gitea): Values syntax mistake is gone --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 8624d3a..0d3b2cb 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -57,7 +57,7 @@ memcached: port: 11211 resources: requests: - cpu: 10mi + cpu: 10m postgresql: auth: postgresPassword: check -- 2.45.2 From 1819a471d404a979b6b38abd807d886f9c35cd26 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 2 Apr 2023 07:05:27 +0200 Subject: [PATCH 038/316] chore: Update outdated charts --- releases.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index c435e27..80058a3 100644 --- a/releases.yaml +++ b/releases.yaml @@ -86,7 +86,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.27.4 + version: 5.27.5 inherit: - template: default-env-values - template: default-env-secrets @@ -148,7 +148,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.2.59 + version: 15.2.61 inherit: - template: default-env-values - template: default-env-secrets @@ -164,10 +164,9 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.6.0 + version: 4.7.0 inherit: - template: default-env-values - # - template: service-monitor gitea: &gitea name: gitea -- 2.45.2 From 1cd1a39eebc00839de70d4f65485d12656cd8909 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 5 Apr 2023 21:22:23 +0200 Subject: [PATCH 039/316] chore: Upgrade releases --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index 80058a3..e556b53 100644 --- a/releases.yaml +++ b/releases.yaml @@ -86,7 +86,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.27.5 + version: 5.28.0 inherit: - template: default-env-values - template: default-env-secrets @@ -148,7 +148,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.2.61 + version: 15.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.7.0 + version: 4.7.2 inherit: - template: default-env-values -- 2.45.2 From 91d5e7a5e1079e941bd84d016ba78b66e83e62d4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 6 Apr 2023 10:18:39 +0200 Subject: [PATCH 040/316] chore: Upgrade istio-bundle to 1.17.2 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index e556b53..07ec78a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -96,7 +96,7 @@ templates: istio-common: labels: bundle: istio - version: 1.17.1 + version: 1.17.2 istio-base: &istio-base name: istio-base -- 2.45.2 From 4a858ce490a34272fe572eedc64c0edfe3f5815b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 12 Apr 2023 21:07:43 +0200 Subject: [PATCH 041/316] chore: Upgrade releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 07ec78a..0cd7f19 100644 --- a/releases.yaml +++ b/releases.yaml @@ -72,7 +72,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.11.0 + version: 1.11.1 set: - name: installCRDs value: true @@ -86,7 +86,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.28.0 + version: 5.28.2 inherit: - template: default-env-values - template: default-env-secrets @@ -148,7 +148,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.3.0 + version: 15.3.2 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.7.2 + version: 4.7.3 inherit: - template: default-env-values -- 2.45.2 From e69598572b97d2cbdd1f80c0653015eb6a097156 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Apr 2023 20:43:33 +0200 Subject: [PATCH 042/316] chore(minecraft): Decrease memory --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 017d44d..acf5018 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -27,7 +27,7 @@ minecraftServer: paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/473/downloads/paper-1.19.4-473.jar gameMode: survival pvp: true - memory: 4096M + memory: 2512M extraPorts: - name: metrics containerPort: 9225 -- 2.45.2 From 386659a799e3dbd154a8ada329fbd9a0ba30610b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Apr 2023 20:50:07 +0200 Subject: [PATCH 043/316] chore(minecraft): Upgrade PaperMC --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index acf5018..9967b1a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -24,7 +24,7 @@ minecraftServer: hardcore: true version: 1.19.4 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/473/downloads/paper-1.19.4-473.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/511/downloads/paper-1.19.4-511.jar gameMode: survival pvp: true memory: 2512M -- 2.45.2 From a0a03cf9eb9a86e20ac3eca448c1cfb4bebbbc97 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 16 Apr 2023 18:04:22 +0200 Subject: [PATCH 044/316] chore: Upgrade releases --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 0cd7f19..59f024e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -65,7 +65,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.9.0 + version: 3.10.0 values: - common/values.{{ .Release.Name }}.yaml @@ -86,7 +86,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.28.2 + version: 5.29.1 inherit: - template: default-env-values - template: default-env-secrets @@ -148,7 +148,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.3.2 + version: 15.4.0 inherit: - template: default-env-values - template: default-env-secrets @@ -156,7 +156,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.7 + version: 5.0.8 inherit: - template: default-env-values - template: default-env-secrets @@ -171,7 +171,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 8.0.2 + version: 8.1.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From d9fe4631f1ad6c0b15c1f91d4e3a9ffeb5bd4a3b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 16 Apr 2023 19:30:59 +0200 Subject: [PATCH 045/316] fix(funkwhale): Set replicas amount on workder to 1 --- badhouseplants/values/values.funkwhale.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 08bdbd6..2a71c46 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -1,8 +1,8 @@ --- replicaCount: 1 -worker: - replicaCount: 1 celery: + worker: + replicaCount: 1 beat: resources: limits: -- 2.45.2 From 777d88fa38f3e577ca0cea8d98ef619a92c00483 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Apr 2023 10:15:08 +0200 Subject: [PATCH 046/316] WIP: Add istio ext --- releases.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 59f024e..a52b383 100644 --- a/releases.yaml +++ b/releases.yaml @@ -38,11 +38,13 @@ templates: # ---------------------------- # -- Extensions # ---------------------------- - istio-resource: + ext-istio-resource: dependencies: - chart: bedag/raw version: 2.0.0 alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' service-monitor: dependencies: - chart: bedag/raw @@ -175,6 +177,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource funkwhale: &funkwhale name: funkwhale -- 2.45.2 From f1a860f97bc5f07e85c3847aa68ae0937c8c3036 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Apr 2023 11:10:48 +0200 Subject: [PATCH 047/316] refactor(istio-resource): Move all istio resource to helmfile --- badhouseplants/values/values.argocd.yaml | 14 ++++++++ badhouseplants/values/values.drone.yaml | 13 +++++++ badhouseplants/values/values.funkwhale.yaml | 14 ++++++++ badhouseplants/values/values.gitea.yaml | 38 +++++++-------------- badhouseplants/values/values.minecraft.yaml | 14 ++++++++ badhouseplants/values/values.minio.yaml | 14 ++++++++ badhouseplants/values/values.nrodionov.yaml | 15 ++++++++ badhouseplants/values/values.openvpn.yaml | 15 ++++++++ bin/migrate.sh | 2 +- common/values.istio.yaml | 36 +++++++++++++++++++ etersoft/values/values.minio.yaml | 19 +++++++++++ etersoft/values/values.openvpn.yaml | 15 ++++++++ releases.yaml | 12 +++++++ 13 files changed, 195 insertions(+), 26 deletions(-) create mode 100644 common/values.istio.yaml diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 41fcc9c..72462af 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: argocd-http + gateway: badhouseplants-net + kind: http + hostname: argo.badhouseplants.net + service: argocd-server + port: 80 + controller: resources: limits: diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml index b3dc07e..c668910 100644 --- a/badhouseplants/values/values.drone.yaml +++ b/badhouseplants/values/values.drone.yaml @@ -1,3 +1,16 @@ +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: drone-http + gateway: badhouseplants-net + kind: http + hostname: drone.badhouseplants.net + service: drone + port: 8080 env: DRONE_SERVER_HOST: drone.badhouseplants.net DRONE_SERVER_PROTO: https diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 2a71c46..5cb7632 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: funkwhale-http + gateway: badhouseplants-net + kind: http + hostname: funkwhale.badhouseplants.net + service: funkwhale + port: 80 + replicaCount: 1 celery: worker: diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 0d3b2cb..835afe5 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,37 +1,25 @@ --- -ns: - enabled: true - name: gitea-service +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ istio: enabled: true istio: - name: gitea-http + kind: http gateway: badhouseplants-net hostname: git.badhouseplants.net service: gitea-http port: 3000 - templates: - - | - {{ range .Values.istio }} - apiVersion: networking.istio.io/v1beta1 - kind: VirtualService - metadata: - name: {{ .name }} - spec: - gateways: - - "istio-system/{{ .gateway }}" - hosts: - - {{ .hostname }} - http: - - match: - - uri: - prefix: / - route: - - destination: - host: {{ .service }} - port: - number: {{ .port }} - {{ end }} + - name: gitea-ssh + kind: tcp + gateway: badhouseplants-ssh + hostname: "*" + port_match: 22 + service: gitea-ssh + port: 22 + replicaCount: 1 clusterDomain: cluster.local diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 9967b1a..c61691f 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -10,6 +10,20 @@ service-account: app: minecraft-minecraft-metrics endpoints: port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minecraft-tcp + gateway: badhouseplants-minecraft + kind: tcp + port_match: 25565 + host: "*" + service: minecraft-minecraft + port: 25565 # -------------------------------------------------- # -- Main values # -------------------------------------------------- diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index e39bc4e..91ac710 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -1,4 +1,18 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: nrodionov-http + gateway: nrodionov-info + kind: http + hostname: dev.nrodionov.info + service: nrodionov-wordpress + port: 8080 + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index ba5f50d..055bfff 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -1,3 +1,18 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minio-http + gateway: badhouseplants-net + kind: http + hostname: minio.badhouseplants.net + service: minio-console + port: 9001 + wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 80b2be6..b2206a5 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -1,4 +1,19 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: openvpn-tcp + gateway: badhouseplants-vpn + kind: tcp + port_match: 1194 + host: "*" + service: openvpn + port: 1194 + storageClassName: longhorn openvpn: server: "tcp://195.201.250.50:1194" diff --git a/bin/migrate.sh b/bin/migrate.sh index cfcd410..fb4989b 100755 --- a/bin/migrate.sh +++ b/bin/migrate.sh @@ -3,4 +3,4 @@ argo_instance=$1 helm_name=$2 helm_ns=$3 -kubectl get CustomResourceDefinition,PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -l helm.sh/chart=longhorn-1.4.0 -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done +kubectl get CustomResourceDefinition,PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -l helm.sh/chart=longhorn-1.4.0 -A --no-headers --output custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namewspace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done diff --git a/common/values.istio.yaml b/common/values.istio.yaml new file mode 100644 index 0000000..0b353c0 --- /dev/null +++ b/common/values.istio.yaml @@ -0,0 +1,36 @@ +--- +istio: + templates: + - | + {{ range .Values.istio }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + name: {{ .name }} + spec: + gateways: + - "istio-system/{{ .gateway }}" + hosts: + - {{ .hostname | quote }} + {{- if eq .kind "http" }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{- else if eq .kind "tcp" }} + tcp: + - match: + - port: {{ .port_match }} + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{ end }} + {{ end }} diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index 0162fae..f090b2d 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -1,4 +1,23 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minio-http + gateway: badhouseplants-net + kind: http + hostname: min.e.badhouseplants.net + service: minio-console + port: 9001 + - name: s3-http + gateway: badhouseplants-net + kind: http + hostname: s3.e.badhouseplants.net + service: minio + port: 9000 rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index f389024..be04091 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -1,4 +1,19 @@ --- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: openvpn-tcp + gateway: etersoft-vp + kind: tcp + port_match: 1194 + host: "*" + service: openvpn + port: 1194 + storageClassName: microk8s-hostpath openvpn: server: "tcp://91.232.225.63:1194" diff --git a/releases.yaml b/releases.yaml index a52b383..857d4d8 100644 --- a/releases.yaml +++ b/releases.yaml @@ -92,6 +92,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource # ---------------------------- # -- Istio # ---------------------------- @@ -130,6 +131,8 @@ templates: version: 1.0.3 inherit: - template: default-env-values + - template: ext-istio-resource + drone: &drone name: drone @@ -138,6 +141,7 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource drone-runner-kube: &drone-runner-kube name: drone-runner-kube @@ -154,6 +158,8 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + minio: &minio name: minio @@ -162,6 +168,8 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + minecraft: &minecraft name: minecraft @@ -169,6 +177,8 @@ templates: version: 4.7.3 inherit: - template: default-env-values + - template: ext-istio-resource + gitea: &gitea name: gitea @@ -186,3 +196,5 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: ext-istio-resource + -- 2.45.2 From ad64e4f391514b16be8c31824f0fd557639015f6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Apr 2023 12:16:23 +0200 Subject: [PATCH 048/316] fix(istio-resource): Use `hostname` instead of `host` --- badhouseplants/values/values.minecraft.yaml | 2 +- badhouseplants/values/values.openvpn.yaml | 2 +- etersoft/values/values.openvpn.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index c61691f..b6e81f5 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -21,7 +21,7 @@ istio: gateway: badhouseplants-minecraft kind: tcp port_match: 25565 - host: "*" + hostname: "*" service: minecraft-minecraft port: 25565 # -------------------------------------------------- diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index b2206a5..dda7857 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -10,7 +10,7 @@ istio: gateway: badhouseplants-vpn kind: tcp port_match: 1194 - host: "*" + hostname: "*" service: openvpn port: 1194 diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index be04091..6b857f4 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -7,10 +7,10 @@ istio: enabled: true istio: - name: openvpn-tcp - gateway: etersoft-vp + gateway: etersoft-vpn kind: tcp port_match: 1194 - host: "*" + hostname: "*" service: openvpn port: 1194 -- 2.45.2 From 7af9eed6853bf2d4db95401a84e17f3d15c79132 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 18 Apr 2023 06:17:21 +0200 Subject: [PATCH 049/316] fix(istio-resources): Set correct istio resourcec for minio and wordpress --- badhouseplants/values/values.minio.yaml | 16 +++++++++++----- badhouseplants/values/values.nrodionov.yaml | 10 +++++----- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 91ac710..9509b85 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -6,12 +6,18 @@ istio: enabled: true istio: - - name: nrodionov-http - gateway: nrodionov-info + - name: minio-http + gateway: badhouseplants-net kind: http - hostname: dev.nrodionov.info - service: nrodionov-wordpress - port: 8080 + hostname: minio.badhouseplants.net + service: minio-console + port: 9001 + - name: s3-http + gateway: badhouseplants-net + kind: http + hostname: s3.badhouseplants.net + service: minio + port: 9000 rootUser: 'overlord' replicas: 1 diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 055bfff..1e4c1bb 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -6,12 +6,12 @@ istio: enabled: true istio: - - name: minio-http - gateway: badhouseplants-net + - name: nrodionov-http + gateway: nrodionov-info kind: http - hostname: minio.badhouseplants.net - service: minio-console - port: 9001 + hostname: dev.nrodionov.info + service: nrodionov-wordpress + port: 8080 wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin -- 2.45.2 From d96609bc62f109c5f167d6d29d951e2caadf9020 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 18 Apr 2023 09:17:10 +0200 Subject: [PATCH 050/316] feat(minio): A new bucket for javascript is added --- badhouseplants/values/values.minio.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 9509b85..c294de1 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -49,6 +49,10 @@ buckets: policy: download purge: false versioning: false + - name: badhouseplants-js + policy: download + purge: false + versioning: false - name: badhouseplants-net-main policy: download purge: false -- 2.45.2 From 5842ff89d8b2f501d2d5c4845c34d560b28b01f2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 18 Apr 2023 12:47:17 +0200 Subject: [PATCH 051/316] refactor(gitea): Stop letting users create repos and orgs --- badhouseplants/values/values.gitea.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 835afe5..1d86e51 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -71,12 +71,16 @@ gitea: DESCRIPTION: by allanger repository: DEFAULT_BRANCH: main + MAX_CREATION_LIMIT: 0 service: DISABLE_REGISTRATION: true server: DOMAIN: git.badhouseplants.net ROOT_URL: https://git.badhouseplants.net LFS_START_SERVER: true + LANDING_PAGE: explore + admin: + DISABLE_REGULAR_ORG_CREATION: true packages: ENABLED: true cron: -- 2.45.2 From 2de18b5115f03326be3d524ae859e7761e84f4d1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 19 Apr 2023 08:58:38 +0200 Subject: [PATCH 052/316] add the SOPS secret to the cdh job --- .drone.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.drone.yml b/.drone.yml index 2c60c08..7d6683d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,5 +95,7 @@ steps: image: ghcr.io/allanger/check-da-helm-helmfile:stable environment: RUST_LOG: info + SOPS_AGE_KEY: + from_secret: SOPS_AGE_KEY commands: - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o -- 2.45.2 From ac382994ae076118ef2053945ba1443ac591b598 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 20 Apr 2023 09:39:23 +0200 Subject: [PATCH 053/316] fix: longhorn is back again --- badhouseplants/values/values.longhorn.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index c20c4ef..66bee9d 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -3,8 +3,10 @@ defaultSettings: backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 + storageOverProvisioningPercentage: 120 + storageMinimalAvailablePercentage: 5 csi: kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: defaultClassReplicaCount: 1 -enablePSP: false \ No newline at end of file +enablePSP: false -- 2.45.2 From 7e621a186230f66ff8514527e300061b0e1a9bc3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 20 Apr 2023 09:57:28 +0200 Subject: [PATCH 054/316] feat(gitea): Disable repo wikis --- badhouseplants/values/values.gitea.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 1d86e51..8c71704 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -72,6 +72,7 @@ gitea: repository: DEFAULT_BRANCH: main MAX_CREATION_LIMIT: 0 + DISABLED_REPO_UNITS: repo.wiki service: DISABLE_REGISTRATION: true server: -- 2.45.2 From ac5df345b7f1ede924d66998e779520dd555175b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Apr 2023 10:57:38 +0200 Subject: [PATCH 055/316] Update default Longhorn configuration --- badhouseplants/values/values.longhorn.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 66bee9d..078e6ab 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -3,8 +3,9 @@ defaultSettings: backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 - storageOverProvisioningPercentage: 120 + storageOverProvisioningPercentage: 300 storageMinimalAvailablePercentage: 5 + defaultDataPath: /media-longhorn csi: kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: -- 2.45.2 From a7a07acf529d8913b5e69dff8b1ff49699a7083d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Apr 2023 15:39:40 +0200 Subject: [PATCH 056/316] chore(sops): Update sops config for the repo --- .sops.yaml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 583442d..055d4b6 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,17 @@ creation_rules: - - path_regex: .*/values/.* + - path_regex: .*/values/secrets.* key_groups: - age: - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - +global: + database: + roundcube: + password: '3pN_ge_z@l' +postgresql: + auth: + postgresPassword: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb + password: H5aYgqzc3U5fwX3vd54xf52wi9W4sR + secretKeys: + adminPasswordKey: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb + userPasswordKey: 4tTyKckG6y7rnfx3DHsPo6VxXBiRmP + replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz -- 2.45.2 From 1c310bfb1bee4c205844fade8b8ab2c6c1ea3632 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Apr 2023 15:40:17 +0200 Subject: [PATCH 057/316] add `mailu` to repositories and to releases --- releases.yaml | 8 ++++++++ repositories.yaml | 2 ++ 2 files changed, 10 insertions(+) diff --git a/releases.yaml b/releases.yaml index 857d4d8..56ecb4c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -198,3 +198,11 @@ templates: - template: default-env-secrets - template: ext-istio-resource + mailu: &mailu + name: mailu + chart: mailu/mailu + version: 1.1.1 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource diff --git a/repositories.yaml b/repositories.yaml index f41d930..42797a0 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -26,3 +26,5 @@ repositories: url: https://argoproj.github.io/argo-helm - name: bedag url: https://bedag.github.io/helm-charts/ + - name: mailu + url: https://mailu.github.io/helm-charts/ -- 2.45.2 From a5e526ebfcb66dd4bc3abb359eaf2c39a37f6b46 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Apr 2023 15:40:43 +0200 Subject: [PATCH 058/316] install `mailu` in the badhouseplants cluster --- badhouseplants/helmfile.yaml | 5 ++ badhouseplants/values/secrets.mailu.yaml | 25 ++++++ badhouseplants/values/values.mailu.yaml | 98 ++++++++++++++++++++++++ 3 files changed, 128 insertions(+) create mode 100644 badhouseplants/values/secrets.mailu.yaml create mode 100644 badhouseplants/values/values.mailu.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index e535da1..0d2b132 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -42,6 +42,11 @@ releases: namespace: funkwhale-application createNamespace: false + - <<: *mailu + installed: true + namespace: mailu-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml new file mode 100644 index 0000000..b9616df --- /dev/null +++ b/badhouseplants/values/secrets.mailu.yaml @@ -0,0 +1,25 @@ +secretKey: ENC[AES256_GCM,data:AY41e2XkC0e32L/9MWxK4YkbeGj/piZpgIGjU7Bd,iv:3DRmPKD3YHgqizBq2EAy/BC0qc0mSmpLLMCxRXdakRc=,tag:HgnEjhISDMqUkoObbpf3NA==,type:str] +initialAccount: + username: ENC[AES256_GCM,data:ugeeeEKt/m4=,iv:M/7s36QP7o/m2rxtdsVcl4qd5opvQvznhHvI0cD2g90=,tag:NW7+HVa923/Nams8+Qw1QQ==,type:str] + domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] + password: ENC[AES256_GCM,data:5MxZgd275wrm0fiery2n31sfEtwu8zxzqnuoGpv5,iv:fXtmmzwPxfeIOYLfbUJN1oe6v1TsR/y3ReoDjYibefY=,tag:lqB8yym/Vz58D26J7Ao7mA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw + YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh + b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv + RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp + QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-21T12:47:54Z" + mac: ENC[AES256_GCM,data:erMUPtaX67xTGbJAB2aCi3J+j2Sjc9HRLQR+U139nrEoGCOAAes+OvyhrSlpW59pH58V6ltwUUxn1aoI5GF79HaTUK2uLQ+5Gy8jIjxgF1okYJfQFzVsZJPIasxr1fZmYewnsiUU9iNqmxLm6W6GbuMzO8dN5o6LHzceJn8cjj4=,iv:ryDfDqfXuNbqu3ju/wgz1ke4eAYsXLYp1lv91MeiIoc=,tag:1Wb/XyG4P/dybrhHuQ1LAg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml new file mode 100644 index 0000000..c7d3d49 --- /dev/null +++ b/badhouseplants/values/values.mailu.yaml @@ -0,0 +1,98 @@ +hostnames: + - mail.badhouseplants.net + - imap.badhouseplants.net +domain: badhouseplants.net +persistence: + single_pvc: false +ingress: + tls: true + selfSigned: true + # tlsFlavor: mail-letsencrypt + # externalIngress: false + # annotations: + # kubernetes.io/ingress.class: istio +admin: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 700Mi + cpu: 400m + persistence: + size: 1Gi +redis: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 200Mi + cpu: 200m + persistence: + size: 1Gi +postfix: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 200Mi + cpu: 200m + persistence: + size: 1Gi +dovecot: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 200Mi + cpu: 200m + persistence: + size: 1Gi +roundcube: + resources: + requests: + memory: 100Mi + cpu: 70m + limits: + memory: 200Mi + cpu: 200m + persistence: + size: 1Gi +mysql: + enabled: false +postgresql: + enabled: true + auth: + enablePostgresUser: true + username: mailu + database: mailu + persistence: + enabled: false + storageClass: "" + accessMode: ReadWriteOnce + size: 1Gi +rspamd: + logLevel: DEBUG + resources: + requests: + memory: 100Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 400m + startupProbe: + periodSeconds: 30 + failureThreshold: 900 + timeoutSeconds: 20 + livenessProbe: {} + readinessProbe: {} +webmail: + persistence: + size: 1Gi + storageClass: "" + accessModes: [ReadWriteOnce] + claimNameOverride: "" + annotations: {} -- 2.45.2 From 968a1ac12ed4c0907175941ac69690adef9b97b2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 22 Apr 2023 19:14:11 +0200 Subject: [PATCH 059/316] feat: Mailu is installed and it's working --- .sops.yaml | 2 +- .../values/.decrypted~secrets.mailu.yaml | 17 +++ badhouseplants/values/secrets.mailu.yaml | 20 +++- .../values/values.istio-ingressgateway.yaml | 31 ++++++ badhouseplants/values/values.mailu.yaml | 103 +++++++++++++++--- common/values.certificate.yaml | 20 ++++ releases.yaml | 9 ++ 7 files changed, 184 insertions(+), 18 deletions(-) create mode 100644 badhouseplants/values/.decrypted~secrets.mailu.yaml create mode 100644 common/values.certificate.yaml diff --git a/.sops.yaml b/.sops.yaml index 055d4b6..900dcd2 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -14,4 +14,4 @@ postgresql: secretKeys: adminPasswordKey: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb userPasswordKey: 4tTyKckG6y7rnfx3DHsPo6VxXBiRmP - replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz + replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz \ No newline at end of file diff --git a/badhouseplants/values/.decrypted~secrets.mailu.yaml b/badhouseplants/values/.decrypted~secrets.mailu.yaml new file mode 100644 index 0000000..6ff33c0 --- /dev/null +++ b/badhouseplants/values/.decrypted~secrets.mailu.yaml @@ -0,0 +1,17 @@ +secretKey: FXBF3jpV4izpB8tz9GNdXpSg8kHi7k +initialAccount: + username: overlord@badhouseplants.net + domain: badhouseplants.net + password: hYX4D5vCjz6KbKkUyqifHQNzc +postgresql: + auth: + password: H5aYgqzc3U5fwX3vd54xf52wi9W4sR + postgresPassword: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb + secretKeys: + adminPasswordKey: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb + replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz + userPasswordKey: 4tTyKckG6y7rnfx3DHsPo6VxXBiRmP +global: + database: + roundcube: + password: 3pN_ge_z@l diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index b9616df..bd27314 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,8 +1,20 @@ secretKey: ENC[AES256_GCM,data:AY41e2XkC0e32L/9MWxK4YkbeGj/piZpgIGjU7Bd,iv:3DRmPKD3YHgqizBq2EAy/BC0qc0mSmpLLMCxRXdakRc=,tag:HgnEjhISDMqUkoObbpf3NA==,type:str] initialAccount: - username: ENC[AES256_GCM,data:ugeeeEKt/m4=,iv:M/7s36QP7o/m2rxtdsVcl4qd5opvQvznhHvI0cD2g90=,tag:NW7+HVa923/Nams8+Qw1QQ==,type:str] + username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] - password: ENC[AES256_GCM,data:5MxZgd275wrm0fiery2n31sfEtwu8zxzqnuoGpv5,iv:fXtmmzwPxfeIOYLfbUJN1oe6v1TsR/y3ReoDjYibefY=,tag:lqB8yym/Vz58D26J7Ao7mA==,type:str] + password: ENC[AES256_GCM,data:HR5qr3fZIOs7ye4DkwtacY2BcQbxu+27Yw==,iv:pq+0zNOhxAAWGsy579HQCrymcq0dfbOph1xyzkgPdcA=,tag:dSR8CW94YNaRujBK/Ysmtw==,type:str] +postgresql: + auth: + password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] + postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] + secretKeys: + adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] + userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] +global: + database: + roundcube: + password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +30,8 @@ sops: RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-21T12:47:54Z" - mac: ENC[AES256_GCM,data:erMUPtaX67xTGbJAB2aCi3J+j2Sjc9HRLQR+U139nrEoGCOAAes+OvyhrSlpW59pH58V6ltwUUxn1aoI5GF79HaTUK2uLQ+5Gy8jIjxgF1okYJfQFzVsZJPIasxr1fZmYewnsiUU9iNqmxLm6W6GbuMzO8dN5o6LHzceJn8cjj4=,iv:ryDfDqfXuNbqu3ju/wgz1ke4eAYsXLYp1lv91MeiIoc=,tag:1Wb/XyG4P/dybrhHuQ1LAg==,type:str] + lastmodified: "2023-04-22T17:13:44Z" + mac: ENC[AES256_GCM,data:GMqaB9uNNkO2oLFncxOIql2vQyLneopSCIZ75sbEQJpbEtc+UltcQ46EaK8MeII3vEuxa5EvEZQbaz04+zfi33lDyYIv/0IsIyKkZg1WtC+6pEzoXUCSAfSLFaPPSsvaycerU+S9rUl4hXPJJmyg/tdm75HWg9KrA0LSnlO2PSI=,iv:XbFgdnsDa8kbX2EwEmyTDiktq3VWm3QBbfpTCB8LCWo=,tag:kLLsjih/YJkQa9K07791oQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index b698e06..5b29616 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -22,6 +22,37 @@ service: port: 1194 protocol: TCP targetPort: 1194 + # ----------- + # -- Email + # ----------- + - name: smtp + port: 25 + protocol: TCP + targetPort: 25 + - name: smtps + port: 465 + protocol: TCP + targetPort: 465 + - name: smtp-startls + port: 587 + protocol: TCP + targetPort: 587 + - name: imap + port: 143 + protocol: TCP + targetPort: 143 + - name: imaps + port: 993 + protocol: TCP + targetPort: 993 + - name: pop3 + port: 110 + protocol: TCP + targetPort: 110 + - name: pop3s + port: 995 + protocol: TCP + targetPort: 995 resources: requests: cpu: 100m diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index c7d3d49..0fed94a 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,16 +1,89 @@ +--- +certificate: + enabled: true + certificate: + - name: mailu + secretName: mailu-certificate + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - badhouseplants.net + - "*.badhouseplants.net" +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: mailu-web + kind: http + gateway: badhouseplants-net + hostname: email.badhouseplants.net + service: mailu-front + port: 80 + - name: mailu-smpt + kind: tcp + gateway: badhouseplants-mail + service: mailu-front + hostname: "*" + port_match: 25 + port: 25 + - name: mailu-smpts + kind: tcp + gateway: badhouseplants-mail + port_match: 465 + hostname: "*" + service: mailu-front + port: 465 + - name: mailu-smpt-startls + kind: tcp + gateway: badhouseplants-mail + hostname: "*" + port_match: 587 + service: mailu-front + port: 587 + - name: mailu-imap + kind: tcp + hostname: "*" + gateway: badhouseplants-mail + port_match: 143 + service: mailu-front + port: 143 + - name: mailu-imaps + kind: tcp + gateway: badhouseplants-mail + hostname: "*" + port_match: 993 + service: mailu-front + port: 993 + - name: mailu-pop3 + kind: tcp + gateway: badhouseplants-mail + port_match: 110 + hostname: "*" + service: mailu-front + port: 110 + - name: mailu-pop3s + kind: tcp + gateway: badhouseplants-mail + port_match: 993 + hostname: "*" + service: mailu-front + port: 993 +subnet: 10.1.0.0/16 +sessionCookieSecure: false hostnames: - - mail.badhouseplants.net - - imap.badhouseplants.net + - email.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false ingress: - tls: true - selfSigned: true - # tlsFlavor: mail-letsencrypt - # externalIngress: false - # annotations: - # kubernetes.io/ingress.class: istio + enabled: false + tls: false + selfSigned: false + existingSecret: mailu-certificate admin: resources: requests: @@ -42,13 +115,14 @@ postfix: persistence: size: 1Gi dovecot: + logLevel: DEBUG resources: requests: memory: 100Mi cpu: 70m limits: - memory: 200Mi - cpu: 200m + memory: 400Mi + cpu: 300m persistence: size: 1Gi roundcube: @@ -74,8 +148,11 @@ postgresql: storageClass: "" accessMode: ReadWriteOnce size: 1Gi -rspamd: +front: logLevel: DEBUG + hostPort: + enabled: false +rspamd: resources: requests: memory: 100Mi @@ -91,8 +168,8 @@ rspamd: readinessProbe: {} webmail: persistence: - size: 1Gi + size: 2Gi storageClass: "" accessModes: [ReadWriteOnce] claimNameOverride: "" - annotations: {} + annotations: {} \ No newline at end of file diff --git a/common/values.certificate.yaml b/common/values.certificate.yaml new file mode 100644 index 0000000..21d1933 --- /dev/null +++ b/common/values.certificate.yaml @@ -0,0 +1,20 @@ +--- +certificate: + templates: + - | + {{ range .Values.certificate }} + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: {{ .name }} + spec: + dnsNames: + {{- range .dnsNames }} + - {{ . | quote }} + {{- end }} + issuerRef: + kind: {{ .issuer.kind }} + name: {{ .issuer.name }} + secretName: {{ .secretName }} + {{ end }} diff --git a/releases.yaml b/releases.yaml index 56ecb4c..eb08eaa 100644 --- a/releases.yaml +++ b/releases.yaml @@ -45,6 +45,14 @@ templates: alias: istio values: - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + service-monitor: dependencies: - chart: bedag/raw @@ -206,3 +214,4 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + - template: ext-certificate -- 2.45.2 From cfbd56d6be596a447eca1640793e3103c32a6367 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 22 Apr 2023 19:40:32 +0200 Subject: [PATCH 060/316] feat: Add tls to mailu --- .../values/.decrypted~secrets.mailu.yaml | 17 ----------------- badhouseplants/values/secrets.gitea.yaml | 15 ++++++++++++--- badhouseplants/values/values.mailu.yaml | 1 + 3 files changed, 13 insertions(+), 20 deletions(-) delete mode 100644 badhouseplants/values/.decrypted~secrets.mailu.yaml diff --git a/badhouseplants/values/.decrypted~secrets.mailu.yaml b/badhouseplants/values/.decrypted~secrets.mailu.yaml deleted file mode 100644 index 6ff33c0..0000000 --- a/badhouseplants/values/.decrypted~secrets.mailu.yaml +++ /dev/null @@ -1,17 +0,0 @@ -secretKey: FXBF3jpV4izpB8tz9GNdXpSg8kHi7k -initialAccount: - username: overlord@badhouseplants.net - domain: badhouseplants.net - password: hYX4D5vCjz6KbKkUyqifHQNzc -postgresql: - auth: - password: H5aYgqzc3U5fwX3vd54xf52wi9W4sR - postgresPassword: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb - secretKeys: - adminPasswordKey: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb - replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz - userPasswordKey: 4tTyKckG6y7rnfx3DHsPo6VxXBiRmP -global: - database: - roundcube: - password: 3pN_ge_z@l diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index dd8aa0d..a86d132 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -10,7 +10,16 @@ gitea: admin: username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] - email: ENC[AES256_GCM,data:sePKv5CPwYZtayjcqX4JoSGrZAR+Zhfe,iv:TTwfxzqq83xe2bk8cVV93GTlfGMaxmR5arK+Vdht+vE=,tag:Aiox/la2sENjC24Jiib9uQ==,type:str] + config: + mailer: + ENABLED: ENC[AES256_GCM,data:UpsaOQ==,iv:B5C7s88Ch39OvMxxl0TgCgt4gbqZllmBsHZ/9VTibhs=,tag:zHnzlvhYPNCBiyJifFkJ7A==,type:bool] + FROM: ENC[AES256_GCM,data:JsgZALQYFjqch0Tcf9z3QdorOfNp8zNqWIY=,iv:ObIx5B4xddGkgWFcRHOMMBLQVm475kDFYBxg33G9wJA=,tag:wrIAV/uNGOTX9DBTxHvPBw==,type:str] + MAILER_TYPE: ENC[AES256_GCM,data:vp7zrg==,iv:63U/B3zmneM8bs4azdGm7fPQJQ4VOHGoARzygdzHEfA=,tag:ek5wC6wb1PNvGEIWEePZaA==,type:str] + SMTP_ADDR: ENC[AES256_GCM,data:gq8Ge3tLJ2FekBatcvFO6EG+SYt+kSe6,iv:/R4XGhlH1MNiz2P7DIVyaju/hr2NUlgVljPVb91+N9o=,tag:ZXeSKZ2kdw2hXw5KW7kLaQ==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:RLk=,iv:AgMa0EOAQeeA2y1FuAOsV8vFo7TsPOBZAagcZe9lKT0=,tag:RPXRssS3yNGoT9XxDfG3gg==,type:int] + IS_TLS_ENABLED: ENC[AES256_GCM,data:qjI/99M=,iv:Ysb4WOm1Ee3dCBlM2o0q+3xYNHcTECjM/sYoInU1ScM=,tag:XT/hxE75NHGbpzRiZwnLHA==,type:bool] + USER: ENC[AES256_GCM,data:mCZ3UEuLiDA6dglUfVfcTSb6fbXChtHiaSo=,iv:nZnaIf8b6K/ckDpPJ3sifeoIs7tqk8A73NWbrIkSgJg=,tag:q66cFsUfthj4o2lN+H1NIw==,type:str] + PASSWD: ENC[AES256_GCM,data:bUWfLY+NRG3pJu6U6Iu8NJOrnHC+OE2Iew==,iv:QB1XRNhqbj4rPkGhgqc4XG7/pb089+Z+qqdaMXf2Qyo=,tag:cNaie2lPlBJIZeRTh2bocw==,type:str] sops: kms: [] gcp_kms: [] @@ -26,8 +35,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-29T07:21:28Z" - mac: ENC[AES256_GCM,data:EGA95/6yEwOumGcXtC9G7N724j3PruP5E0HttGyNEhX97dGdpC8h2/aW9M/mjbp8YwIAvCYHdSxuEDo6D7QEpmEyyDjT4kcAPTlC6n56wRpZ/tXs7RBnzGG5FDnElVeqUVxsn8EuvF/QFsVL0W0jVQbJFeH7Z5os8rTSjz98IhI=,iv:fx9zPuQpGc1JdhAJW+8sAWrnJKifRN3O1Z3yu3H21nE=,tag:p47EO5x8EcTQARjeezAnUw==,type:str] + lastmodified: "2023-04-22T17:30:00Z" + mac: ENC[AES256_GCM,data:SYAqBAncRnWeZXqXiv+wkxyXQ9tKgxP3OeDLZ9ueczhY2ajFNroe31eDy/jYA78l7vDZish/oSgGHQy916zlSKsb+kwL4XAPmF2FlEMDctTa5jYuJxvOOK3qKt6/hahgrDagNJbMxAsBvoB92QTBxikL2y9zajTz9OZBfIvlpWs=,iv:C0zL4g5iZEpBT5+3bS34UOvBzl9zg+DOXFv4OdCTjfc=,tag:96XIlcaCb0XjdPD5dzVeFQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 0fed94a..0b38aa0 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -82,6 +82,7 @@ persistence: ingress: enabled: false tls: false + tlsFlavorOverride: mail selfSigned: false existingSecret: mailu-certificate admin: -- 2.45.2 From e2f5bb6f351838db28e810e824966c0f8409e519 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 23 Apr 2023 12:09:19 +0200 Subject: [PATCH 061/316] Update gitea configuration to enable smtp --- badhouseplants/values/secrets.gitea.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index a86d132..cc9d011 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -16,8 +16,8 @@ gitea: FROM: ENC[AES256_GCM,data:JsgZALQYFjqch0Tcf9z3QdorOfNp8zNqWIY=,iv:ObIx5B4xddGkgWFcRHOMMBLQVm475kDFYBxg33G9wJA=,tag:wrIAV/uNGOTX9DBTxHvPBw==,type:str] MAILER_TYPE: ENC[AES256_GCM,data:vp7zrg==,iv:63U/B3zmneM8bs4azdGm7fPQJQ4VOHGoARzygdzHEfA=,tag:ek5wC6wb1PNvGEIWEePZaA==,type:str] SMTP_ADDR: ENC[AES256_GCM,data:gq8Ge3tLJ2FekBatcvFO6EG+SYt+kSe6,iv:/R4XGhlH1MNiz2P7DIVyaju/hr2NUlgVljPVb91+N9o=,tag:ZXeSKZ2kdw2hXw5KW7kLaQ==,type:str] - SMTP_PORT: ENC[AES256_GCM,data:RLk=,iv:AgMa0EOAQeeA2y1FuAOsV8vFo7TsPOBZAagcZe9lKT0=,tag:RPXRssS3yNGoT9XxDfG3gg==,type:int] - IS_TLS_ENABLED: ENC[AES256_GCM,data:qjI/99M=,iv:Ysb4WOm1Ee3dCBlM2o0q+3xYNHcTECjM/sYoInU1ScM=,tag:XT/hxE75NHGbpzRiZwnLHA==,type:bool] + SMTP_PORT: ENC[AES256_GCM,data:rZp1OQ==,iv:p2V7SeFmL3o296qy4E2N1p3ApjfXf1Xbd4YT8wY26/Y=,tag:gSkjtGFIlfEa6Y+hU5NDFg==,type:str] + IS_TLS_ENABLED: ENC[AES256_GCM,data:aQqODw==,iv:QGQZfpB6dwrrL389XDc4AJzYAYy+kKwEn9sXk2762+w=,tag:vuW1qcF9IpVv3BFabg6FvA==,type:bool] USER: ENC[AES256_GCM,data:mCZ3UEuLiDA6dglUfVfcTSb6fbXChtHiaSo=,iv:nZnaIf8b6K/ckDpPJ3sifeoIs7tqk8A73NWbrIkSgJg=,tag:q66cFsUfthj4o2lN+H1NIw==,type:str] PASSWD: ENC[AES256_GCM,data:bUWfLY+NRG3pJu6U6Iu8NJOrnHC+OE2Iew==,iv:QB1XRNhqbj4rPkGhgqc4XG7/pb089+Z+qqdaMXf2Qyo=,tag:cNaie2lPlBJIZeRTh2bocw==,type:str] sops: @@ -35,8 +35,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-22T17:30:00Z" - mac: ENC[AES256_GCM,data:SYAqBAncRnWeZXqXiv+wkxyXQ9tKgxP3OeDLZ9ueczhY2ajFNroe31eDy/jYA78l7vDZish/oSgGHQy916zlSKsb+kwL4XAPmF2FlEMDctTa5jYuJxvOOK3qKt6/hahgrDagNJbMxAsBvoB92QTBxikL2y9zajTz9OZBfIvlpWs=,iv:C0zL4g5iZEpBT5+3bS34UOvBzl9zg+DOXFv4OdCTjfc=,tag:96XIlcaCb0XjdPD5dzVeFQ==,type:str] + lastmodified: "2023-04-23T10:08:47Z" + mac: ENC[AES256_GCM,data:+Zyn2NPM4vkyr+obtwDZgkMF5Nkr8bVMIo2qRb+FUzqkAFmSA4g4M2Uc4OlfoHFuHPnbJpMSzz/T10xbfSBTfTHvKcQQeJ/2uy2qaxCQUbJ76/xeCzKRvhBX6B4zgCeFyP7O5mkSPNw1lSp1P8/R7m8GM1M+fnoa8Ckwg2Q2qjU=,iv:55tWPHb7TZZ2glWBuUiHq39IeEIhHaVI4sYn7fxnB5c=,tag:dc7wqWwpnsdHQWr1Jeu78Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 -- 2.45.2 From 8f6402b945b6ff1b99580c147e2bd8978e566c73 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 24 Apr 2023 07:37:36 +0200 Subject: [PATCH 062/316] chore: Upgrade outdated charts --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index eb08eaa..cd70427 100644 --- a/releases.yaml +++ b/releases.yaml @@ -162,7 +162,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 15.4.0 + version: 16.0.0 inherit: - template: default-env-values - template: default-env-secrets @@ -182,7 +182,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.7.3 + version: 4.7.4 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From cb25966cdb2ed3031ad688bc953c6e37e8947313 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 27 Apr 2023 18:23:49 +0200 Subject: [PATCH 063/316] fix(mailu): Set the correct timezone --- badhouseplants/values/values.mailu.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 0b38aa0..1fa61fa 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -74,6 +74,7 @@ istio: port: 993 subnet: 10.1.0.0/16 sessionCookieSecure: false +timezone: Europe/Berlin hostnames: - email.badhouseplants.net domain: badhouseplants.net @@ -173,4 +174,4 @@ webmail: storageClass: "" accessModes: [ReadWriteOnce] claimNameOverride: "" - annotations: {} \ No newline at end of file + annotations: {} -- 2.45.2 From a9f5b833e895680c0919aa5fa60c18de51f15496 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 27 Apr 2023 16:35:12 +0000 Subject: [PATCH 064/316] revert cb25966cdb2ed3031ad688bc953c6e37e8947313 revert fix(mailu): Set the correct timezone --- badhouseplants/values/values.mailu.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 1fa61fa..0b38aa0 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -74,7 +74,6 @@ istio: port: 993 subnet: 10.1.0.0/16 sessionCookieSecure: false -timezone: Europe/Berlin hostnames: - email.badhouseplants.net domain: badhouseplants.net @@ -174,4 +173,4 @@ webmail: storageClass: "" accessModes: [ReadWriteOnce] claimNameOverride: "" - annotations: {} + annotations: {} \ No newline at end of file -- 2.45.2 From 776d7272e2e879d37cc6f0046db89afa4ab4898c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 28 Apr 2023 17:39:56 +0200 Subject: [PATCH 065/316] Uninstall mailu --- badhouseplants/helmfile.yaml | 2 +- badhouseplants/values/secrets.mailu.yaml | 9 +- .../values/values.istio-ingressgateway.yaml | 2 + badhouseplants/values/values.mailu.yaml | 121 +++++++++--------- helmfile.yaml | 5 + manifests/badhouseplants-ip.yaml | 10 ++ manifests/debug/istio-stuff.yaml | 17 +++ manifests/debug/proxy-prot.yaml | 17 +++ manifests/debug/test.yaml | 83 ++++++++++++ manifests/etersoft-ip.yaml | 10 ++ releases.yaml | 5 + repositories.yaml | 2 + 12 files changed, 220 insertions(+), 63 deletions(-) create mode 100644 manifests/badhouseplants-ip.yaml create mode 100644 manifests/debug/istio-stuff.yaml create mode 100644 manifests/debug/proxy-prot.yaml create mode 100644 manifests/debug/test.yaml create mode 100644 manifests/etersoft-ip.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 0d2b132..7d85357 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -43,7 +43,7 @@ releases: createNamespace: false - <<: *mailu - installed: true + installed: false namespace: mailu-application createNamespace: true diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index bd27314..5e20299 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,8 +1,9 @@ -secretKey: ENC[AES256_GCM,data:AY41e2XkC0e32L/9MWxK4YkbeGj/piZpgIGjU7Bd,iv:3DRmPKD3YHgqizBq2EAy/BC0qc0mSmpLLMCxRXdakRc=,tag:HgnEjhISDMqUkoObbpf3NA==,type:str] +secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] initialAccount: + enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] - password: ENC[AES256_GCM,data:HR5qr3fZIOs7ye4DkwtacY2BcQbxu+27Yw==,iv:pq+0zNOhxAAWGsy579HQCrymcq0dfbOph1xyzkgPdcA=,tag:dSR8CW94YNaRujBK/Ysmtw==,type:str] + password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] postgresql: auth: password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] @@ -30,8 +31,8 @@ sops: RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-22T17:13:44Z" - mac: ENC[AES256_GCM,data:GMqaB9uNNkO2oLFncxOIql2vQyLneopSCIZ75sbEQJpbEtc+UltcQ46EaK8MeII3vEuxa5EvEZQbaz04+zfi33lDyYIv/0IsIyKkZg1WtC+6pEzoXUCSAfSLFaPPSsvaycerU+S9rUl4hXPJJmyg/tdm75HWg9KrA0LSnlO2PSI=,iv:XbFgdnsDa8kbX2EwEmyTDiktq3VWm3QBbfpTCB8LCWo=,tag:kLLsjih/YJkQa9K07791oQ==,type:str] + lastmodified: "2023-04-28T08:37:51Z" + mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 5b29616..b20aa3d 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -53,6 +53,8 @@ service: port: 995 protocol: TCP targetPort: 995 +podAnnotations: + proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 0, "forwardClientCertDetails": SANITIZE } }' resources: requests: cpu: 100m diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 0b38aa0..c2188b2 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -9,7 +9,7 @@ certificate: name: badhouseplants-issuer dnsNames: - badhouseplants.net - - "*.badhouseplants.net" + - "email.badhouseplants.net" # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx @@ -23,62 +23,67 @@ istio: hostname: email.badhouseplants.net service: mailu-front port: 80 - - name: mailu-smpt - kind: tcp - gateway: badhouseplants-mail - service: mailu-front - hostname: "*" - port_match: 25 - port: 25 - - name: mailu-smpts - kind: tcp - gateway: badhouseplants-mail - port_match: 465 - hostname: "*" - service: mailu-front - port: 465 - - name: mailu-smpt-startls - kind: tcp - gateway: badhouseplants-mail - hostname: "*" - port_match: 587 - service: mailu-front - port: 587 - - name: mailu-imap - kind: tcp - hostname: "*" - gateway: badhouseplants-mail - port_match: 143 - service: mailu-front - port: 143 - - name: mailu-imaps - kind: tcp - gateway: badhouseplants-mail - hostname: "*" - port_match: 993 - service: mailu-front - port: 993 - - name: mailu-pop3 - kind: tcp - gateway: badhouseplants-mail - port_match: 110 - hostname: "*" - service: mailu-front - port: 110 - - name: mailu-pop3s - kind: tcp - gateway: badhouseplants-mail - port_match: 993 - hostname: "*" - service: mailu-front - port: 993 + # - name: mailu-smpt + # kind: tcp + # gateway: badhouseplants-mail + # service: mailu-front + # hostname: email.badhousplants.net + # port_match: 25 + # port: 25 + # - name: mailu-smpts + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 465 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 465 + # - name: mailu-smpt-startls + # kind: tcp + # gateway: badhouseplants-mail + # hostname: email.badhousplants.net + # port_match: 587 + # service: mailu-front + # port: 587 + # - name: mailu-imap + # kind: tcp + # hostname: email.badhousplants.net + # gateway: badhouseplants-mail + # port_match: 143 + # service: mailu-front + # port: 143 + # - name: mailu-imaps + # kind: tcp + # gateway: badhouseplants-mail + # hostname: email.badhousplants.net + # port_match: 993 + # service: mailu-front + # port: 993 + # - name: mailu-pop3 + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 110 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 110 + # - name: mailu-pop3s + # kind: tcp + # gateway: badhouseplants-mail + # port_match: 993 + # hostname: email.badhousplants.net + # service: mailu-front + # port: 993 subnet: 10.1.0.0/16 -sessionCookieSecure: false +sessionCookieSecure: true hostnames: - - email.badhouseplants.net + - post.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false +limits: + messageRatelimit: + value: "10/day" +tls: + outboundLevel: secure ingress: enabled: false tls: false @@ -108,10 +113,10 @@ redis: postfix: resources: requests: - memory: 100Mi - cpu: 70m + memory: 1024Mi + cpu: 200m limits: - memory: 200Mi + memory: 1024Mi cpu: 200m persistence: size: 1Gi @@ -148,11 +153,11 @@ postgresql: enabled: false storageClass: "" accessMode: ReadWriteOnce - size: 1Gi + size: 2Gi front: logLevel: DEBUG hostPort: - enabled: false + enabled: true rspamd: resources: requests: @@ -173,4 +178,4 @@ webmail: storageClass: "" accessModes: [ReadWriteOnce] claimNameOverride: "" - annotations: {} \ No newline at end of file + annotations: {} diff --git a/helmfile.yaml b/helmfile.yaml index 7de8c56..1bbc24e 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -40,6 +40,11 @@ releases: installed: true namespace: openvpn-service createNamespace: false + + - <<: *metallb + installed: true + namespace: metallb-system + createNamespace: true helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/manifests/badhouseplants-ip.yaml b/manifests/badhouseplants-ip.yaml new file mode 100644 index 0000000..b98f76f --- /dev/null +++ b/manifests/badhouseplants-ip.yaml @@ -0,0 +1,10 @@ +# addresspool.yaml +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: custom-addresspool + namespace: metallb-system +spec: + addresses: + - 195.201.250.50-195.201.250.50 diff --git a/manifests/debug/istio-stuff.yaml b/manifests/debug/istio-stuff.yaml new file mode 100644 index 0000000..70c689e --- /dev/null +++ b/manifests/debug/istio-stuff.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: proxy-protocol + namespace: istio-system +spec: + workloadSelector: + labels: + istio: ingressgateway + configPatches: + - applyTo: LISTENER + patch: + operation: MERGE + value: + listener_filters: + - name: envoy.listener.proxy_protocol + diff --git a/manifests/debug/proxy-prot.yaml b/manifests/debug/proxy-prot.yaml new file mode 100644 index 0000000..94e9946 --- /dev/null +++ b/manifests/debug/proxy-prot.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: proxy-protocol + namespace: istio-system +spec: + configPatches: + - applyTo: LISTENER + patch: + operation: MERGE + value: + listener_filters: + - name: envoy.listener.proxy_protocol + - name: envoy.listener.tls_inspector + workloadSelector: + labels: + istio: ingressgateway diff --git a/manifests/debug/test.yaml b/manifests/debug/test.yaml new file mode 100644 index 0000000..25636a6 --- /dev/null +++ b/manifests/debug/test.yaml @@ -0,0 +1,83 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: httpbin-gateway +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP2 + hosts: + - "test.badhouseplants.net" + - hosts: + - "test.badhouseplants.net" + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: httpbin +spec: + hosts: + - "test.badhouseplants.net" + gateways: + - httpbin-gateway + http: + - route: + - destination: + host: httpbin + port: + number: 8000 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: httpbin +--- +apiVersion: v1 +kind: Service +metadata: + name: httpbin + labels: + app: httpbin + service: httpbin +spec: + ports: + - name: http + port: 8000 + targetPort: 80 + selector: + app: httpbin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: httpbin +spec: + replicas: 1 + selector: + matchLabels: + app: httpbin + version: v1 + template: + metadata: + labels: + app: httpbin + version: v1 + spec: + serviceAccountName: httpbin + containers: + - image: docker.io/kong/httpbin + imagePullPolicy: IfNotPresent + name: httpbin + ports: + - containerPort: 80 diff --git a/manifests/etersoft-ip.yaml b/manifests/etersoft-ip.yaml new file mode 100644 index 0000000..7e8a401 --- /dev/null +++ b/manifests/etersoft-ip.yaml @@ -0,0 +1,10 @@ +# addresspool.yaml +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: custom-addresspool + namespace: metallb-system +spec: + addresses: + - 91.232.225.63-91.232.225.63 diff --git a/releases.yaml b/releases.yaml index cd70427..d77cf32 100644 --- a/releases.yaml +++ b/releases.yaml @@ -79,6 +79,11 @@ templates: values: - common/values.{{ .Release.Name }}.yaml + metallb: &metallb + name: metallb + chart: metallb/metallb + version: 0.13.9 + cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager diff --git a/repositories.yaml b/repositories.yaml index 42797a0..b71fcdf 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -28,3 +28,5 @@ repositories: url: https://bedag.github.io/helm-charts/ - name: mailu url: https://mailu.github.io/helm-charts/ + - name: metallb + url: https://metallb.github.io/metallb -- 2.45.2 From 7a0abd7078ffe5f3ec052e60e6a25fbae84bef0e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 2 May 2023 20:49:15 +0200 Subject: [PATCH 066/316] Remove postgres secret from sops conf --- .sops.yaml | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 900dcd2..99e7207 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,16 +2,5 @@ creation_rules: - path_regex: .*/values/secrets.* key_groups: - age: - - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 -global: - database: - roundcube: - password: '3pN_ge_z@l' -postgresql: - auth: - postgresPassword: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb - password: H5aYgqzc3U5fwX3vd54xf52wi9W4sR - secretKeys: - adminPasswordKey: pU9HcPy3ZviAgmxk8qMhv2YCV46EZb - userPasswordKey: 4tTyKckG6y7rnfx3DHsPo6VxXBiRmP - replicationPasswordKey: VMhJQ4emdpZS65h2yo58pSNXY82Yvz \ No newline at end of file + - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + -- 2.45.2 From 88e1cb01ce19c9a4e64ab7bc629c9dbed4a9c048 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 4 May 2023 13:13:08 +0200 Subject: [PATCH 067/316] Use a cdh image with secerts pluging installed --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 7d6683d..f9f0b9c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -92,7 +92,7 @@ trigger: steps: - name: Check badhouseplants - image: ghcr.io/allanger/check-da-helm-helmfile:stable + image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable environment: RUST_LOG: info SOPS_AGE_KEY: -- 2.45.2 From f2497f8f27658ee5f6cc936e25a575b12259b0fa Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 4 May 2023 22:32:42 +0200 Subject: [PATCH 068/316] chore: Upgrade charts --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index d77cf32..2dbe1ac 100644 --- a/releases.yaml +++ b/releases.yaml @@ -101,7 +101,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.29.1 + version: 5.31.1 inherit: - template: default-env-values - template: default-env-secrets @@ -167,7 +167,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.0.0 + version: 16.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -177,7 +177,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.8 + version: 5.0.9 inherit: - template: default-env-values - template: default-env-secrets @@ -196,7 +196,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 8.1.0 + version: 8.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -214,7 +214,7 @@ templates: mailu: &mailu name: mailu chart: mailu/mailu - version: 1.1.1 + version: 1.2.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 722c4caac590aa4dba287652315f096eafd732b9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 13 May 2023 16:36:29 +0200 Subject: [PATCH 069/316] chore: Upgrade releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 2dbe1ac..dd5536c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -87,21 +87,21 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.11.1 + version: 1.11.2 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.4.1 + version: 1.4.2 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.31.1 + version: 5.33.3 inherit: - template: default-env-values - template: default-env-secrets @@ -167,7 +167,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.0.4 + version: 16.1.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 7e2ac0fabd5d0fe9c8671a9858b3ffdb23303180 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 15 May 2023 20:29:49 +0200 Subject: [PATCH 070/316] Minio: add new functions --- badhouseplants/values/values.minio.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index c294de1..c3a0877 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -57,6 +57,10 @@ buckets: policy: download purge: false versioning: false + - name: sharing + policy: sharing + purge: false + versioning: false metrics: serviceMonitor: enabled: false @@ -97,3 +101,13 @@ policies: - 'arn:aws:s3:::badhouseplants-net/*' actions: - "s3:*" + - name: sharing + statements: + - resources: + - 'arn:aws:s3:::sharing' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::sharing/*' + actions: + - "s3:*" -- 2.45.2 From a352987eef9799b20bdb72c0534fc0d8ea0ad0a9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 16 May 2023 12:04:04 +0200 Subject: [PATCH 071/316] Let drone remove apps --- badhouseplants/values/values.argocd.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 72462af..6a1bd3a 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -66,6 +66,7 @@ server: g, rodion.n.rodionov@gmail.com, role:admin p, drone, applications, get, */*,allow p, drone, applications, sync, */*,allow + p, drone, applications, delete, */*,allow config: exec.enabled: "true" url: https://argo.badhouseplants.net -- 2.45.2 From 1d2c31feb473d4f03f0f40dfe0f7eea8bdeb8157 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 15 May 2023 21:13:21 +0200 Subject: [PATCH 072/316] Fix minio things --- badhouseplants/values/values.minio.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index c3a0877..5003b39 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -58,7 +58,11 @@ buckets: purge: false versioning: false - name: sharing - policy: sharing + policy: download + purge: false + versioning: false + - name: allanger-music + policy: download purge: false versioning: false metrics: -- 2.45.2 From a62c76a49b39afddd9fd967a952137bfbc1af73e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 18 May 2023 19:58:57 +0200 Subject: [PATCH 073/316] Migrate to docker runner --- .drone.yml | 13 ++++++++--- badhouseplants/helmfile.yaml | 5 +++++ ...decrypted~secrets.drone-runner-docker.yaml | 2 ++ .../values/secrets.drone-runner-docker.yaml | 22 +++++++++++++++++++ .../values/secrets.drone-runner-kube.yaml | 7 +++--- badhouseplants/values/secrets.drone.yaml | 5 +++-- .../values/values.drone-runner-docker.yaml | 12 ++++++++++ .../values/values.drone-runner-kube.yaml | 3 +-- badhouseplants/values/values.drone.yaml | 1 - releases.yaml | 19 ++++++++++++++-- 10 files changed, 76 insertions(+), 13 deletions(-) create mode 100644 badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml create mode 100644 badhouseplants/values/secrets.drone-runner-docker.yaml create mode 100644 badhouseplants/values/values.drone-runner-docker.yaml diff --git a/.drone.yml b/.drone.yml index f9f0b9c..8d814bf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3,8 +3,11 @@ # -- Helmfile diff changes # ---------------------------------------------- kind: pipeline -type: kubernetes +type: docker name: Show helmfile diffs +platform: + os: linux + arch: amd64 trigger: branch: @@ -43,9 +46,13 @@ steps: # -- Helmfile apply changes # ---------------------------------------------- kind: pipeline -type: kubernetes +type: docker name: Apply helmfile changes +platform: + os: linux + arch: amd64 + trigger: branch: - main @@ -82,7 +89,7 @@ steps: # -- Check da helm pipeline # ---------------------------------------------- kind: pipeline -type: kubernetes +type: docker name: Check helmfiles trigger: event: diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 7d85357..9544105 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,6 +12,11 @@ releases: namespace: drone-service createNamespace: false + - <<: *drone-runner-docker + installed: true + namespace: drone-service + createNamespace: false + - <<: *longhorn installed: true namespace: longhorn-system diff --git a/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml new file mode 100644 index 0000000..d63f3e6 --- /dev/null +++ b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml @@ -0,0 +1,2 @@ +env: + DRONE_RPC_SECRET: qwFYt9UNsZeBhJ9RG5h6dKaKza8kMD diff --git a/badhouseplants/values/secrets.drone-runner-docker.yaml b/badhouseplants/values/secrets.drone-runner-docker.yaml new file mode 100644 index 0000000..eb18677 --- /dev/null +++ b/badhouseplants/values/secrets.drone-runner-docker.yaml @@ -0,0 +1,22 @@ +env: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 + Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi + aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ + em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh + DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-21T09:27:21Z" + mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.drone-runner-kube.yaml b/badhouseplants/values/secrets.drone-runner-kube.yaml index 67c1c78..cc83446 100644 --- a/badhouseplants/values/secrets.drone-runner-kube.yaml +++ b/badhouseplants/values/secrets.drone-runner-kube.yaml @@ -1,5 +1,6 @@ env: - DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:6vsbRkd6DbWKf6qPPtfmv14cvKc=,iv:PPlH4m+SyMNNo/bV5/hpW2CZPGwxNKwO3RzY5RPOu5w=,tag:BGEf82OvMjDQvKe078/Fkg==,type:str] + DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:wqUNt9o/+7fan2wxSfZjb4X3Ogk=,iv:IMc/dxu+ZN+PcbBMz+Z5J2JOAR3a6fuCdCx8XPtop4k=,tag:AryXmU1xrSCfAzZehvGvYg==,type:str] + DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +16,8 @@ sops: em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T11:56:50Z" - mac: ENC[AES256_GCM,data:5U/D1hI+3zulh0UuuBv/oGAU8Bz5hpWvLCxUSCQbPSOW08S2jBiyDEdDJH7g0/y1xQkd3xJYLzJ7ccWx98j+0QJ+HOzcUF1Hwro6Zl0GSw8D4xvIeulHwwM6MBJGtOanbSHjeJ6Qyqf/tM5bF9GXpDblrNOXrnhvGOHj2GkzstU=,iv:AWAn3hAUEs8mbproV0M5EJyKddfNmUrI0ouIjvh1fEE=,tag:bFIQa/v4CaDx4RAJ7aHjeg==,type:str] + lastmodified: "2023-05-21T09:07:35Z" + mac: ENC[AES256_GCM,data:4MIzNp44+5zPPOhiq5elk5JIrpVeiDG8/aYXxh9Xoch4f5L4omywoXk9znRVwXlaaL2FVS0RnOXvUrmWagdX0f5LTDE0WoThXIgL2YRayHEAISW8uu+auaLIE5qPT7rEI/JLHQhdSuczVYLNj3P2jOKK7XPAuV2E/65DXkvESGk=,iv:0OuRk8Ur+aU33DXn9KPIv+qW8RU/q0599AVRduQS2rQ=,tag:G7ygruy60cuDKgJFB3uoGQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.drone.yaml b/badhouseplants/values/secrets.drone.yaml index b7c56eb..82877c3 100644 --- a/badhouseplants/values/secrets.drone.yaml +++ b/badhouseplants/values/secrets.drone.yaml @@ -1,4 +1,5 @@ env: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:W1OAxQIUbVU8uYHtxujhPyww4jscNH4LwMAGOU5v,iv:ouToTniIMiy757x40MKMtmLFBVzpuGxSYOTMZmmN8ck=,tag:RZ/cb7cRXDQSAQwGqdX+zw==,type:str] DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:7Ohn3nGR9VeIhAr9EdW1/juRFo3TXpKIwU07hD8mGoyBrbyn,iv:9/y3Ou8H/PL2hMsirJaqviKGQuzVlzL43iGAKQb9NII=,tag:EZoo2F4/HoOcacWOVU9yjA==,type:str] DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:2wAbiSJdDb5lGUOocK14pZtwQI0EFmXGStAigKsPGAZUKyn7M0B6xBO1+B3wZYVnIKEohiNIZF7k,iv:Y9aCzdSH5cAIZfk84Clto/IrQMRaoH+bOkvbP+9CcLM=,tag:FVfLsEA56WGNCl/8ut4F/Q==,type:str] sops: @@ -16,8 +17,8 @@ sops: QStxOG1iMWlxQ2dmOXRabXp4cm9NSU0K/+CRAc7DH4PgbQscXvDb7yLe8VoEpixr icD3GL37kYE2D4h1cm+p+/b7BF4/yjNlCUvo5cITXRjZAuiWGwUixQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-13T09:01:15Z" - mac: ENC[AES256_GCM,data:cHdSHMa5dJTMrQsDOvTAORHON3WlFVRApaajAoZ8QIWWxC1ZCNIyMp1NlgZ+vv1vY951+JsOu4WYJdfygMvCplSz2ughqWgPFvykKOCBGTLfEKxSagnxuxuDpJ3FT2zlzzUxLFSOg8iGgpxZc9mF28divlAem4POkGgWs+7s7tE=,iv:Zjx1Zscf6G4QyZJayJLktSg6kOCl3K32G7U41dL1RVQ=,tag:v3m/hIt5A4xe6R1G9b30cA==,type:str] + lastmodified: "2023-05-18T17:11:19Z" + mac: ENC[AES256_GCM,data:d9G44MW63rUa/MQaW/rLQQ4dlgOOje6qaS1V7yWT3HrkRLOXRCfuK5E+XeWC1PuQwMk0ghaNYJDT0FTnBsoJbxlu+7Vb91qlItn+azvldOFDvtGTRpAK7bPjM+p+G4/gZsgarFxaTh7py6Z/HsoqP1RvaK8GWNhRl7VfTiFuUrA=,iv:e4IXbSSiHMTPc3WijuwgF8L5aG5iMMfu6P/IYD2cp5A=,tag:aGqcqjjrO+PfYxfIAgSmeQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml new file mode 100644 index 0000000..0ce5ba2 --- /dev/null +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -0,0 +1,12 @@ +--- +env: + DRONE_RPC_HOST: drone.badhouseplants.net + DRONE_RPC_PROTO: https + DRONE_NAMESPACE_DEFAULT: drone-service + DRONE_RESOURCE_LIMIT_CPU: 300 + DRONE_RESOURCE_REQUEST_CPU: 100 + DRONE_RESOURCE_LIMIT_MEMORY: 2048Mi + DRONE_RESOURCE_REQUEST_MEMORY: 512Mi +rbac: + buildNamespaces: + - drone-service diff --git a/badhouseplants/values/values.drone-runner-kube.yaml b/badhouseplants/values/values.drone-runner-kube.yaml index 2589a1c..0ce5ba2 100644 --- a/badhouseplants/values/values.drone-runner-kube.yaml +++ b/badhouseplants/values/values.drone-runner-kube.yaml @@ -1,6 +1,5 @@ --- env: - DRONE_RPC_SECRET: drone-rpc-sec DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https DRONE_NAMESPACE_DEFAULT: drone-service @@ -10,4 +9,4 @@ env: DRONE_RESOURCE_REQUEST_MEMORY: 512Mi rbac: buildNamespaces: - - drone-service \ No newline at end of file + - drone-service diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml index c668910..6324ef8 100644 --- a/badhouseplants/values/values.drone.yaml +++ b/badhouseplants/values/values.drone.yaml @@ -14,6 +14,5 @@ istio: env: DRONE_SERVER_HOST: drone.badhouseplants.net DRONE_SERVER_PROTO: https - DRONE_RPC_SECRET: drone-rpc-sec DRONE_GITEA_SERVER: https://git.badhouseplants.net DRONE_USER_CREATE: username:allanger,admin:true diff --git a/releases.yaml b/releases.yaml index dd5536c..29989da 100644 --- a/releases.yaml +++ b/releases.yaml @@ -145,8 +145,12 @@ templates: inherit: - template: default-env-values - template: ext-istio-resource - - + # ---------------------------- + # -- Drone + # ---------------------------- + drone-common: + labels: + bundle: drone drone: &drone name: drone chart: drone/drone @@ -155,6 +159,7 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + - template: drone-common drone-runner-kube: &drone-runner-kube name: drone-runner-kube @@ -163,6 +168,16 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + - template: drone-common + + drone-runner-docker: &drone-runner-docker + name: drone-runner-docker + chart: drone/drone-runner-docker + version: 0.6.1 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: drone-common nrodionov: &nrodionov name: nrodionov -- 2.45.2 From 0f56b9d028420fa40b3720855aea35cfe0578cfb Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 11:31:59 +0200 Subject: [PATCH 074/316] Remove a leaked secret and remove Kubeconfig --- .drone.yml | 16 ---------------- .../.decrypted~secrets.drone-runner-docker.yaml | 2 -- 2 files changed, 18 deletions(-) delete mode 100644 badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml diff --git a/.drone.yml b/.drone.yml index 8d814bf..46361b7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,13 +20,9 @@ steps: - name: Diff badhouseplants image: ghcr.io/helmfile/helmfile:canary environment: - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e badhouseplants diff --suppress-secrets - name: Diff eterosoft @@ -34,11 +30,7 @@ steps: environment: SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e etersoft diff --suppress-secrets --- @@ -63,25 +55,17 @@ steps: - name: Apply badhouseplants image: ghcr.io/helmfile/helmfile:canary environment: - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e badhouseplants apply --suppress-secrets - name: Apply eterosoft image: ghcr.io/helmfile/helmfile:canary environment: - KUBECONFIG_CONTENT: - from_secret: KUBECONFIG_CONTENT SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: - - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e etersoft apply --suppress-secrets --- diff --git a/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml deleted file mode 100644 index d63f3e6..0000000 --- a/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml +++ /dev/null @@ -1,2 +0,0 @@ -env: - DRONE_RPC_SECRET: qwFYt9UNsZeBhJ9RG5h6dKaKza8kMD -- 2.45.2 From c1b3933f221924bf1119e4cd2cf3a775a7605e10 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 10:08:53 +0000 Subject: [PATCH 075/316] revert 0f56b9d028420fa40b3720855aea35cfe0578cfb revert Remove a leaked secret and remove Kubeconfig --- .drone.yml | 16 ++++++++++++++++ .../.decrypted~secrets.drone-runner-docker.yaml | 2 ++ 2 files changed, 18 insertions(+) create mode 100644 badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml diff --git a/.drone.yml b/.drone.yml index 46361b7..8d814bf 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,9 +20,13 @@ steps: - name: Diff badhouseplants image: ghcr.io/helmfile/helmfile:canary environment: + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e badhouseplants diff --suppress-secrets - name: Diff eterosoft @@ -30,7 +34,11 @@ steps: environment: SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e etersoft diff --suppress-secrets --- @@ -55,17 +63,25 @@ steps: - name: Apply badhouseplants image: ghcr.io/helmfile/helmfile:canary environment: + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e badhouseplants apply --suppress-secrets - name: Apply eterosoft image: ghcr.io/helmfile/helmfile:canary environment: + KUBECONFIG_CONTENT: + from_secret: KUBECONFIG_CONTENT SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: + - mkdir $HOME/.kube + - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config - helmfile -e etersoft apply --suppress-secrets --- diff --git a/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml new file mode 100644 index 0000000..d63f3e6 --- /dev/null +++ b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml @@ -0,0 +1,2 @@ +env: + DRONE_RPC_SECRET: qwFYt9UNsZeBhJ9RG5h6dKaKza8kMD -- 2.45.2 From 8d3466255508dc7e2e86ecf447b09ffa8421bdbf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 12:09:29 +0200 Subject: [PATCH 076/316] Remove a leaked secret --- .../values/.decrypted~secrets.drone-runner-docker.yaml | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml diff --git a/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml b/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml deleted file mode 100644 index d63f3e6..0000000 --- a/badhouseplants/values/.decrypted~secrets.drone-runner-docker.yaml +++ /dev/null @@ -1,2 +0,0 @@ -env: - DRONE_RPC_SECRET: qwFYt9UNsZeBhJ9RG5h6dKaKza8kMD -- 2.45.2 From f3350105cb32ebaf26cde93e23a2a1502442feb5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 12:15:20 +0200 Subject: [PATCH 077/316] Set resource limits for drone --- badhouseplants/values/values.drone-runner-docker.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index 0ce5ba2..56d8783 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -1,12 +1,10 @@ --- env: + DRONE_CPU_QUOTA: 100 + DRONE_MEMORY_LIMIT: 2000000000 DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https DRONE_NAMESPACE_DEFAULT: drone-service - DRONE_RESOURCE_LIMIT_CPU: 300 - DRONE_RESOURCE_REQUEST_CPU: 100 - DRONE_RESOURCE_LIMIT_MEMORY: 2048Mi - DRONE_RESOURCE_REQUEST_MEMORY: 512Mi rbac: buildNamespaces: - drone-service -- 2.45.2 From 52439494cdab9cf03e373ec755fea37ce1ea46c6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 12:30:18 +0200 Subject: [PATCH 078/316] Set memory limits for drone --- badhouseplants/values/values.drone-runner-docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index 56d8783..6d176ae 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -1,7 +1,7 @@ --- env: DRONE_CPU_QUOTA: 100 - DRONE_MEMORY_LIMIT: 2000000000 + DRONE_MEMORY_LIMIT: "524288000" DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https DRONE_NAMESPACE_DEFAULT: drone-service -- 2.45.2 From e25ce03c0717d1bc3184b9f9bc071842980bd5fe Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 12:32:24 +0200 Subject: [PATCH 079/316] Set cpu limits for drone --- badhouseplants/values/values.drone-runner-docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index 6d176ae..89c4691 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -1,6 +1,6 @@ --- env: - DRONE_CPU_QUOTA: 100 + DRONE_CPU_QUOTA: 1000 DRONE_MEMORY_LIMIT: "524288000" DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https -- 2.45.2 From 9e8849ef25a56bf71f9c0ef2dba990b6f9f55a01 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 13:01:08 +0200 Subject: [PATCH 080/316] Update drone docker runner config --- badhouseplants/values/values.drone-runner-docker.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index 89c4691..7581b3f 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -1,6 +1,7 @@ --- env: - DRONE_CPU_QUOTA: 1000 + DRONE_CPU_QUOTA: "1000" + DRONE_CPU_PERIOD: "100000" DRONE_MEMORY_LIMIT: "524288000" DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https -- 2.45.2 From d685eb749fad74e72da6c7a68e4f2d2aa88f64b0 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 13:11:05 +0200 Subject: [PATCH 081/316] Increase Drone limits --- badhouseplants/values/values.drone-runner-docker.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index 7581b3f..c2731d2 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -1,7 +1,7 @@ --- env: - DRONE_CPU_QUOTA: "1000" - DRONE_CPU_PERIOD: "100000" + DRONE_CPU_QUOTA: "10000" + DRONE_CPU_PERIOD: "1000000" DRONE_MEMORY_LIMIT: "524288000" DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https -- 2.45.2 From d5eb58a82746158d4cfffd06a82d58ba7f576ff9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 14:31:14 +0200 Subject: [PATCH 082/316] Update Gitea configs --- badhouseplants/values/secrets.gitea.yaml | 18 ++++++++---------- badhouseplants/values/values.gitea.yaml | 5 ++++- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index cc9d011..4a8e9f8 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -12,14 +12,12 @@ gitea: password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] config: mailer: - ENABLED: ENC[AES256_GCM,data:UpsaOQ==,iv:B5C7s88Ch39OvMxxl0TgCgt4gbqZllmBsHZ/9VTibhs=,tag:zHnzlvhYPNCBiyJifFkJ7A==,type:bool] - FROM: ENC[AES256_GCM,data:JsgZALQYFjqch0Tcf9z3QdorOfNp8zNqWIY=,iv:ObIx5B4xddGkgWFcRHOMMBLQVm475kDFYBxg33G9wJA=,tag:wrIAV/uNGOTX9DBTxHvPBw==,type:str] - MAILER_TYPE: ENC[AES256_GCM,data:vp7zrg==,iv:63U/B3zmneM8bs4azdGm7fPQJQ4VOHGoARzygdzHEfA=,tag:ek5wC6wb1PNvGEIWEePZaA==,type:str] - SMTP_ADDR: ENC[AES256_GCM,data:gq8Ge3tLJ2FekBatcvFO6EG+SYt+kSe6,iv:/R4XGhlH1MNiz2P7DIVyaju/hr2NUlgVljPVb91+N9o=,tag:ZXeSKZ2kdw2hXw5KW7kLaQ==,type:str] - SMTP_PORT: ENC[AES256_GCM,data:rZp1OQ==,iv:p2V7SeFmL3o296qy4E2N1p3ApjfXf1Xbd4YT8wY26/Y=,tag:gSkjtGFIlfEa6Y+hU5NDFg==,type:str] - IS_TLS_ENABLED: ENC[AES256_GCM,data:aQqODw==,iv:QGQZfpB6dwrrL389XDc4AJzYAYy+kKwEn9sXk2762+w=,tag:vuW1qcF9IpVv3BFabg6FvA==,type:bool] - USER: ENC[AES256_GCM,data:mCZ3UEuLiDA6dglUfVfcTSb6fbXChtHiaSo=,iv:nZnaIf8b6K/ckDpPJ3sifeoIs7tqk8A73NWbrIkSgJg=,tag:q66cFsUfthj4o2lN+H1NIw==,type:str] - PASSWD: ENC[AES256_GCM,data:bUWfLY+NRG3pJu6U6Iu8NJOrnHC+OE2Iew==,iv:QB1XRNhqbj4rPkGhgqc4XG7/pb089+Z+qqdaMXf2Qyo=,tag:cNaie2lPlBJIZeRTh2bocw==,type:str] + ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] + oauth: + - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] + provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] + key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] + secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] sops: kms: [] gcp_kms: [] @@ -35,8 +33,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-23T10:08:47Z" - mac: ENC[AES256_GCM,data:+Zyn2NPM4vkyr+obtwDZgkMF5Nkr8bVMIo2qRb+FUzqkAFmSA4g4M2Uc4OlfoHFuHPnbJpMSzz/T10xbfSBTfTHvKcQQeJ/2uy2qaxCQUbJ76/xeCzKRvhBX6B4zgCeFyP7O5mkSPNw1lSp1P8/R7m8GM1M+fnoa8Ckwg2Q2qjU=,iv:55tWPHb7TZZ2glWBuUiHq39IeEIhHaVI4sYn7fxnB5c=,tag:dc7wqWwpnsdHQWr1Jeu78Q==,type:str] + lastmodified: "2023-05-21T12:13:23Z" + mac: ENC[AES256_GCM,data:9BHUjJKb4n0EeIrpDytKouAASi2v92bPlwxgb0Ewf1bMv8zyZFwAfjhVx0EbPLzvdB7QOPPxvljn1YRNzRxxnQAc1d88S5h0xIRH+ybek4xdB5HlBLcdH97GGUnfHbxKKT0BJ6a4OCxWMYM0YuHl5VJ+jJXChG55UzTnDrY6vgA=,iv:0ROT1b0e6C5ZbmZby1REl8vQwCx+1LG0sjnmOBefP/k=,tag:Mr+0Dtg5jzeSlb09v+yx7g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 8c71704..2523a61 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -74,7 +74,7 @@ gitea: MAX_CREATION_LIMIT: 0 DISABLED_REPO_UNITS: repo.wiki service: - DISABLE_REGISTRATION: true + DISABLE_REGISTRATION: false server: DOMAIN: git.badhouseplants.net ROOT_URL: https://git.badhouseplants.net @@ -90,6 +90,9 @@ gitea: MAX_SIZE: 100 actions: ENABLED: true + oauth2_client: + REGISTER_EMAIL_CONFIRM: false + ENABLE_AUTO_REGISTRATION: true statefulset: env: - name: DOMAIN -- 2.45.2 From 50cd8a5697f683512febcd6e5056c2a289e9c0bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 15:14:11 +0200 Subject: [PATCH 083/316] Update drone configs --- badhouseplants/values/values.drone-runner-docker.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index c2731d2..dbf22b4 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -1,7 +1,7 @@ --- env: - DRONE_CPU_QUOTA: "10000" - DRONE_CPU_PERIOD: "1000000" + DRONE_CPU_QUOTA: "30000" + DRONE_CPU_PERIOD: "3000000" DRONE_MEMORY_LIMIT: "524288000" DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https -- 2.45.2 From c60f48af7d9619713510742680a9b0d7e0c64ee3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 21 May 2023 16:44:59 +0200 Subject: [PATCH 084/316] Set DIND config to drone --- badhouseplants/values/values.drone-runner-docker.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index dbf22b4..919936a 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -1,11 +1,16 @@ --- env: - DRONE_CPU_QUOTA: "30000" - DRONE_CPU_PERIOD: "3000000" - DRONE_MEMORY_LIMIT: "524288000" DRONE_RPC_HOST: drone.badhouseplants.net DRONE_RPC_PROTO: https DRONE_NAMESPACE_DEFAULT: drone-service rbac: buildNamespaces: - drone-service +dind: + resources: + limits: + cpu: 2000m + memory: 2024Mi + requests: + cpu: 2000m + memory: 2024Mi -- 2.45.2 From 60b24b0457a0d894b2d0aab5aa9ba7f4c05365cf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 23 May 2023 10:14:55 +0200 Subject: [PATCH 085/316] Update drone and argocd values --- badhouseplants/values/values.argocd.yaml | 4 +--- badhouseplants/values/values.drone-runner-docker.yaml | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 6a1bd3a..c50fbf3 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -64,9 +64,7 @@ server: policy.csv: | g, allanger@zohomail.com, role:admin g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, get, */*,allow - p, drone, applications, sync, */*,allow - p, drone, applications, delete, */*,allow + p, drone, applications, *, badhouseplants/*,allow config: exec.enabled: "true" url: https://argo.badhouseplants.net diff --git a/badhouseplants/values/values.drone-runner-docker.yaml b/badhouseplants/values/values.drone-runner-docker.yaml index 919936a..923e72d 100644 --- a/badhouseplants/values/values.drone-runner-docker.yaml +++ b/badhouseplants/values/values.drone-runner-docker.yaml @@ -12,5 +12,5 @@ dind: cpu: 2000m memory: 2024Mi requests: - cpu: 2000m - memory: 2024Mi + cpu: 100m + memory: 512Mi \ No newline at end of file -- 2.45.2 From bf479e0331d94b29427ddb0e02140603b12d574e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 23 May 2023 10:16:18 +0200 Subject: [PATCH 086/316] chore: Upgrade ArgoCD to 5.34.2 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 29989da..ff63096 100644 --- a/releases.yaml +++ b/releases.yaml @@ -101,7 +101,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.33.3 + version: 5.34.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 34aba7527382458b8cfea24b802f1e24b9d7e2d1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 23 May 2023 10:16:42 +0200 Subject: [PATCH 087/316] chore: Upgrade Wordpress to 16.1.6 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index ff63096..9c7a218 100644 --- a/releases.yaml +++ b/releases.yaml @@ -182,7 +182,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.2 + version: 16.1.6 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 8a212c9b04625d7ed9596ea3410f5ef25e827520 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 23 May 2023 10:17:15 +0200 Subject: [PATCH 088/316] chore: Upgrade Cert Manager to 1.12.0 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 9c7a218..f0a5dad 100644 --- a/releases.yaml +++ b/releases.yaml @@ -87,7 +87,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.11.2 + version: 1.12.0 set: - name: installCRDs value: true -- 2.45.2 From b8009dffe3c057dd8d12710e619d08c374dd6117 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 27 May 2023 22:29:03 +0200 Subject: [PATCH 089/316] chore: Upgrade ArgoCD to 5.34.5 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index f0a5dad..d3e18ae 100644 --- a/releases.yaml +++ b/releases.yaml @@ -101,7 +101,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.34.2 + version: 5.34.5 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 8a0f6dd3cca66eac2d4974897fbee521136537dc Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 27 May 2023 22:29:33 +0200 Subject: [PATCH 090/316] chore: Upgrade Worpress to 16.1.9 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index d3e18ae..cce995e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -182,7 +182,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.6 + version: 16.1.9 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 582886511c229875b8835482920aff834a0f84e1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 27 May 2023 22:29:54 +0200 Subject: [PATCH 091/316] chore: Upgrade Cert Manager to 1.12.1 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index cce995e..6dee5c0 100644 --- a/releases.yaml +++ b/releases.yaml @@ -87,7 +87,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.0 + version: 1.12.1 set: - name: installCRDs value: true -- 2.45.2 From 6f6b0706f564ebfd9396612bfe8f01d321d8fe09 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 27 May 2023 22:30:14 +0200 Subject: [PATCH 092/316] chore: Upgrade Minio to 5.0.10 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6dee5c0..cd90e2d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -192,7 +192,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.9 + version: 5.0.10 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From cf13597d76e56f37094959123f1495fbdefc207e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 7 Mar 2023 18:03:39 +0100 Subject: [PATCH 093/316] Install Prometheus --- README.md | 3 + badhouseplants/helmfile.yaml | 5 ++ .../values/.decrypted~secrets.prometheus.yaml | 6 ++ badhouseplants/values/secrets.prometheus.yaml | 26 +++++++++ badhouseplants/values/values.prometheus.yaml | 57 +++++++++++++++++++ helmfile.yaml | 2 +- releases.yaml | 27 ++++++--- repositories.yaml | 6 +- 8 files changed, 121 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/.decrypted~secrets.prometheus.yaml create mode 100644 badhouseplants/values/secrets.prometheus.yaml create mode 100644 badhouseplants/values/values.prometheus.yaml diff --git a/README.md b/README.md index 197b3f5..3fd9e60 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # Kubernetes configuration [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) + +# CRD hooks +I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. \ No newline at end of file diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 9544105..73f68da 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -52,6 +52,11 @@ releases: namespace: mailu-application createNamespace: true + - <<: *prometheus + installed: true + namespace: monitoring-system + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/.decrypted~secrets.prometheus.yaml b/badhouseplants/values/.decrypted~secrets.prometheus.yaml new file mode 100644 index 0000000..3d61ccf --- /dev/null +++ b/badhouseplants/values/.decrypted~secrets.prometheus.yaml @@ -0,0 +1,6 @@ +grafana: + adminPassword: h*Ct9g!k&SQQjs%i!7SrMrv^9 + adminUser: overlord + grafana.ini: + auth.generic_oauth: + client_secret: gto_mpc5pzjnjysab37kqjouwrexkayubxdlrgv75vjamwyrrtkv6zzq diff --git a/badhouseplants/values/secrets.prometheus.yaml b/badhouseplants/values/secrets.prometheus.yaml new file mode 100644 index 0000000..399c170 --- /dev/null +++ b/badhouseplants/values/secrets.prometheus.yaml @@ -0,0 +1,26 @@ +grafana: + adminPassword: ENC[AES256_GCM,data:gxI2S/KxstCmLKTeAqRESo4p9sMImVqUDA==,iv:/5aKhPxCeEN22juQPwLBaM8n3AAjV9axxuZ1NZbZ9IM=,tag:PmCtctTjZIXlgXyDA7G4yQ==,type:str] + adminUser: ENC[AES256_GCM,data:Esh/6bXMez8=,iv:cRdvkpnO8gNOaKy+4kPcq69ksdXxuZClnjSvBp4yto8=,tag:ZgycOsDXJIT1mrN6nJHw3g==,type:str] + grafana.ini: + auth.generic_oauth: + client_secret: ENC[AES256_GCM,data:7/PqroaClfcd6kTHm+oljOA/r6FGq5EXnv5BRsrMRsaHhX0AzPLMk7Z/sc6SuP5iR+Xysa8/Y/o=,iv:vdZKOA4MsQjMnmKsAT0QA+E3WaAQXoIItVsznlbXZ68=,tag:sbuDV8RkAcZiGuxkytu3XQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeTlhQ2xpK0dvMU00ejh4 + bjZxZVMvMEFobGFqYU55a3dxcTlnRitkS2wwCmJVNHhQNHJHTVBxbk4xQ1RWbkFv + TUNGY3YvQUIyTUJYNEZmOWRYd3JaUHcKLS0tIHJ5STVXV0hxRUdYQmNXSFR2U0Vv + NXQ5SjNQUW9JOStDclZuYUlqV3FaWWsKvu2T2LmDjuJgnB0djjhJczsvDjFsH/D/ + QDPkkl2G1luDoIjBj21uoy0daqfyskd4Yw2ZsPsZU6zuEGdFj52Qbw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-28T06:39:30Z" + mac: ENC[AES256_GCM,data:21m+X5uMwQSBEVsV+x+flobNlcPJRXF50IfbfzVoW4C/Tt+77gasD+Lq9A4q+U3lbRm59FO0R0u8puONM0MfM7QFTJyevZKGVGQFOMEnOHwv4s9w5WNMTZszPopcWRFuM+6rRvoWypr0hTVGKFpIQ/asfGdqxHGPf8Rdq5OPU9M=,iv:BtU0CckuX9F/MJe+31TA3oLAGOZlZis5AIKY40uYRgc=,tag:nDZI0kaXx7alFU3qEafQmA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml new file mode 100644 index 0000000..10b48bc --- /dev/null +++ b/badhouseplants/values/values.prometheus.yaml @@ -0,0 +1,57 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: grafana-https + gateway: badhouseplants-net + kind: http + hostname: "grafana.badhouseplants.net" + service: prometheus-grafana + port: 80 +prometheus: + prometheusSpec: + podMonitorNamespaceSelector: + any: true + podMonitorSelector: {} + podMonitorSelectorNilUsesHelmValues: false + ruleNamespaceSelector: + any: true + ruleSelector: {} + ruleSelectorNilUsesHelmValues: false + serviceMonitorNamespaceSelector: + any: true + serviceMonitorSelector: {} + serviceMonitorSelectorNilUsesHelmValues: false + storageSpec: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi +grafana: + persistence: + enabled: true + size: 2Gi + grafana.ini: + server: + root_url: https://grafana.badhouseplants.net + auth.generic_oauth: + name: Gitea + icon: signin + enabled: true + allow_sign_up: true + auto_login: false + client_id: 0ce70a7d-f267-44cc-9686-71048277e51d + scopes: openid profile email groups + empty_scopes: false + auth_url: https://git.badhouseplants.net/login/oauth/authorize + token_url: https://git.badhouseplants.net/login/oauth/access_token + api_url: https://git.badhouseplants.net/login/oauth/userinfo + tls_skip_verify_insecure: false + use_pkce: true + role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer' diff --git a/helmfile.yaml b/helmfile.yaml index 1bbc24e..738d891 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -35,7 +35,7 @@ releases: installed: true namespace: minio-service createNamespace: false - + - <<: *openvpn installed: true namespace: openvpn-service diff --git a/releases.yaml b/releases.yaml index cd90e2d..b0dd0f7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -10,7 +10,10 @@ templates: command: "sh" args: - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }}| kubectl apply -f -" + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true - events: ["prepare"] showlogs: true command: "sh" @@ -22,13 +25,13 @@ templates: command: "sh" args: - -c - - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f -" + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" # ---------------------------- # -- Configs # ---------------------------- default-common-values: values: - - '{{ requiredEnv "PWD" }}/commmon/values.{{ .Release.Name }}.yaml' + - '{{ requiredEnv "PWD" }}/common/values.{{ .Release.Name }}.yaml' default-env-values: values: - '{{ requiredEnv "PWD" }}/{{ .Environment.Name }}/values/values.{{ .Release.Name }}.yaml' @@ -65,8 +68,9 @@ templates: - chart: bedag/raw version: 2.0.0 alias: ns - values: - - '{{ requiredEnv "PWD" }}/common/values.ns.yaml' + inherit: + - template: default-common-values + - template: default-env-values # ---------------------------- # -- Releases # ---------------------------- @@ -106,6 +110,16 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + + prometheus: &prometheus + name: prometheus + chart: prometheus-community/kube-prometheus-stack + version: 46.4.1 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: crd-management-hook + - template: ext-istio-resource # ---------------------------- # -- Istio # ---------------------------- @@ -188,7 +202,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minio: &minio name: minio chart: minio/minio @@ -198,7 +211,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft @@ -207,7 +219,6 @@ templates: - template: default-env-values - template: ext-istio-resource - gitea: &gitea name: gitea chart: gitea/gitea diff --git a/repositories.yaml b/repositories.yaml index b71fcdf..52838da 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -26,7 +26,9 @@ repositories: url: https://argoproj.github.io/argo-helm - name: bedag url: https://bedag.github.io/helm-charts/ - - name: mailu - url: https://mailu.github.io/helm-charts/ + # - name: mailu + # url: https://mailu.github.io/helm-charts/ - name: metallb url: https://metallb.github.io/metallb + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts -- 2.45.2 From c15ab699cd48a61bf0c2a59df1f38c26417d02ba Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 29 May 2023 13:41:26 +0200 Subject: [PATCH 094/316] Remove the decrypted secret from repo --- badhouseplants/values/.decrypted~secrets.prometheus.yaml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 badhouseplants/values/.decrypted~secrets.prometheus.yaml diff --git a/badhouseplants/values/.decrypted~secrets.prometheus.yaml b/badhouseplants/values/.decrypted~secrets.prometheus.yaml deleted file mode 100644 index 3d61ccf..0000000 --- a/badhouseplants/values/.decrypted~secrets.prometheus.yaml +++ /dev/null @@ -1,6 +0,0 @@ -grafana: - adminPassword: h*Ct9g!k&SQQjs%i!7SrMrv^9 - adminUser: overlord - grafana.ini: - auth.generic_oauth: - client_secret: gto_mpc5pzjnjysab37kqjouwrexkayubxdlrgv75vjamwyrrtkv6zzq -- 2.45.2 From 85dff3d6ab5906deaac40bcd6de7fb89d763686a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 29 May 2023 21:38:39 +0200 Subject: [PATCH 095/316] Add Gitea to prometheus --- badhouseplants/values/secrets.prometheus.yaml | 8 ++--- badhouseplants/values/values.gitea.yaml | 4 +++ badhouseplants/values/values.prometheus.yaml | 32 +++++++++++++++---- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/secrets.prometheus.yaml b/badhouseplants/values/secrets.prometheus.yaml index 399c170..8e23981 100644 --- a/badhouseplants/values/secrets.prometheus.yaml +++ b/badhouseplants/values/secrets.prometheus.yaml @@ -1,9 +1,9 @@ grafana: - adminPassword: ENC[AES256_GCM,data:gxI2S/KxstCmLKTeAqRESo4p9sMImVqUDA==,iv:/5aKhPxCeEN22juQPwLBaM8n3AAjV9axxuZ1NZbZ9IM=,tag:PmCtctTjZIXlgXyDA7G4yQ==,type:str] + adminPassword: ENC[AES256_GCM,data:AuPGLXN861DvndWdecukXKzt91sGGIMBToj7tO3J,iv:gKmj0gurV77e/jbxdyxhaxkmmsp738vB6ZAfzRFf45M=,tag:rKOkedx87g4MlRk6npgXiA==,type:str] adminUser: ENC[AES256_GCM,data:Esh/6bXMez8=,iv:cRdvkpnO8gNOaKy+4kPcq69ksdXxuZClnjSvBp4yto8=,tag:ZgycOsDXJIT1mrN6nJHw3g==,type:str] grafana.ini: auth.generic_oauth: - client_secret: ENC[AES256_GCM,data:7/PqroaClfcd6kTHm+oljOA/r6FGq5EXnv5BRsrMRsaHhX0AzPLMk7Z/sc6SuP5iR+Xysa8/Y/o=,iv:vdZKOA4MsQjMnmKsAT0QA+E3WaAQXoIItVsznlbXZ68=,tag:sbuDV8RkAcZiGuxkytu3XQ==,type:str] + client_secret: ENC[AES256_GCM,data:+4Qfo4aR9TMZprWL9U6lFx4B86d3ywH2O5K6rM5hmv2gROeFinp7k5p9C2pgNubIK9W3TlWSZAw=,iv:uFX2Lz3s2/aR5rcwsDvfuUGbKHNxh43ZiuCNaT5b1dw=,tag:8YdsVMaHbP6wqjubb9Ab2w==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +19,8 @@ sops: NXQ5SjNQUW9JOStDclZuYUlqV3FaWWsKvu2T2LmDjuJgnB0djjhJczsvDjFsH/D/ QDPkkl2G1luDoIjBj21uoy0daqfyskd4Yw2ZsPsZU6zuEGdFj52Qbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-28T06:39:30Z" - mac: ENC[AES256_GCM,data:21m+X5uMwQSBEVsV+x+flobNlcPJRXF50IfbfzVoW4C/Tt+77gasD+Lq9A4q+U3lbRm59FO0R0u8puONM0MfM7QFTJyevZKGVGQFOMEnOHwv4s9w5WNMTZszPopcWRFuM+6rRvoWypr0hTVGKFpIQ/asfGdqxHGPf8Rdq5OPU9M=,iv:BtU0CckuX9F/MJe+31TA3oLAGOZlZis5AIKY40uYRgc=,tag:nDZI0kaXx7alFU3qEafQmA==,type:str] + lastmodified: "2023-05-29T11:41:00Z" + mac: ENC[AES256_GCM,data:7Xs7W6smDPr8fp4AapKcUvHUsYRKkTQ3wb4CuDmL0ziQs2d73ueezEembp7RRaBQ/Q5jACY1dHQg42+4YymcTt8NqJ6SE4G7f9iqJu3rr5g5lh8mYP8ft8J1/l2jrQtCSfxyzuG2CPZRycQIo+0Tq++w6iK0iy6ExPt8cDNR2Ao=,iv:v8m4CEW6FG5rWV8fKsqACh37X9yzsB/Bl1wh+4348rI=,tag:Up71zDf12JMDjK8uIxnsLA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 2523a61..7c16864 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -63,6 +63,10 @@ ingress: enabled: false gitea: + metrics: + enabled: true + serviceMonitor: + enabled: true config: APP_NAME: Bad Houseplants Gitea ui: diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 10b48bc..ddb0acd 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -26,13 +26,13 @@ prometheus: any: true serviceMonitorSelector: {} serviceMonitorSelectorNilUsesHelmValues: false - storageSpec: - volumeClaimTemplate: - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 5Gi + storageSpec: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 5Gi grafana: persistence: enabled: true @@ -55,3 +55,21 @@ grafana: tls_skip_verify_insecure: false use_pkce: true role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer' + dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: true + editable: false + options: + path: /var/lib/grafana/dashboards/default + dashboards: + default: + gitea-dashboard: + gnetId: 13192 + revision: 1 + datasource: Prometheus -- 2.45.2 From f333f5fc928aefa07eca364e61f6a7c72a228899 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 2 Jun 2023 11:52:40 +0200 Subject: [PATCH 096/316] chore: Upgrade Funkwhale to 2.0.0 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index b0dd0f7..8a11e95 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 1.0.1 + version: 2.0.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 6a929ce1f0382bea9dfaf0f0ca3b5db24aa41204 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 2 Jun 2023 17:12:23 +0200 Subject: [PATCH 097/316] chore: Upgrade outdated charts --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 8a11e95..3c7235e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -86,7 +86,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.9 + version: 0.13.10 cert-manager: &cert-manager name: cert-manager @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.34.5 + version: 5.34.6 inherit: - template: default-env-values - template: default-env-secrets @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 46.4.1 + version: 46.5.0 inherit: - template: default-env-values - template: default-env-secrets @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.9 + version: 16.1.11 inherit: - template: default-env-values - template: default-env-secrets @@ -214,7 +214,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.7.4 + version: 4.8.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From cfdc5af81b8886a7940ad53e3509bd6b3074909b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 4 Jun 2023 19:36:17 +0200 Subject: [PATCH 098/316] chore: Upgrade Prometheus and remove Mailu --- badhouseplants/helmfile.yaml | 4 ---- releases.yaml | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 73f68da..f460821 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -47,10 +47,6 @@ releases: namespace: funkwhale-application createNamespace: false - - <<: *mailu - installed: false - namespace: mailu-application - createNamespace: true - <<: *prometheus installed: true diff --git a/releases.yaml b/releases.yaml index 3c7235e..d261a11 100644 --- a/releases.yaml +++ b/releases.yaml @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 46.5.0 + version: 46.6.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 1852a8777fc397b52e0d4f425f28cebfc17314a6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 7 Jun 2023 12:22:03 +0200 Subject: [PATCH 099/316] Increase prom storage --- badhouseplants/values/values.prometheus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index ddb0acd..059d061 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -32,7 +32,7 @@ prometheus: accessModes: ["ReadWriteOnce"] resources: requests: - storage: 5Gi + storage: 10Gi grafana: persistence: enabled: true -- 2.45.2 From 83d69af017b2b61b4af8dd756808401ab6048493 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 7 Jun 2023 23:27:29 +0200 Subject: [PATCH 100/316] chore(Minecraft): Upgrade Paper --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index b6e81f5..80ffb02 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -38,7 +38,7 @@ minecraftServer: hardcore: true version: 1.19.4 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/511/downloads/paper-1.19.4-511.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/549/downloads/paper-1.19.4-549.jar gameMode: survival pvp: true memory: 2512M -- 2.45.2 From 80dec7d110207d8cdc4bf70dfc00f3a36e76e685 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 8 Jun 2023 19:13:05 +0200 Subject: [PATCH 101/316] Add ArgoCD Dashboard --- badhouseplants/values/values.argocd.yaml | 10 +++++----- badhouseplants/values/values.prometheus.yaml | 6 ++++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index c50fbf3..93af7dc 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -22,7 +22,7 @@ controller: cpu: 100m memory: 512Mi metrics: - enabled: false + enabled: true applicationLabels: enabled: false labels: [] @@ -32,7 +32,7 @@ controller: servicePort: 8082 portName: http-metrics serviceMonitor: - enabled: false + enabled: true interval: 30s relabelings: [] metricRelabelings: [] @@ -55,9 +55,9 @@ redis: enabled: false server: metrics: - enabled: false + enabled: true serviceMonitor: - enabled: false + enabled: true rbacConfig: policy.default: role:readonly scopes: "[email, group]" @@ -77,7 +77,7 @@ server: repoServer: metrics: - enabled: true + enabled: false serviceMonitor: enabled: false diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 059d061..04336ce 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -14,6 +14,7 @@ istio: port: 80 prometheus: prometheusSpec: + retentionSize: 10GB podMonitorNamespaceSelector: any: true podMonitorSelector: {} @@ -73,3 +74,8 @@ grafana: gnetId: 13192 revision: 1 datasource: Prometheus + argo-dashboard: + gnetId: 14584 + revision: 1 + datasource: Prometheus + -- 2.45.2 From 548148bf1feb1cb51f27b75214f20a9cf2a0eca2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 8 Jun 2023 19:18:40 +0200 Subject: [PATCH 102/316] chore: Upgrade releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index d261a11..da20077 100644 --- a/releases.yaml +++ b/releases.yaml @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.34.6 + version: 5.36.0 inherit: - template: default-env-values - template: default-env-secrets @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 46.6.0 + version: 46.7.0 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: istio-common: labels: bundle: istio - version: 1.17.2 + version: 1.18.0 istio-base: &istio-base name: istio-base @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.11 + version: 16.1.13 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 0fbdcc7ead21d1a117422d4be95a5895c1f9c861 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Jun 2023 21:21:03 +0200 Subject: [PATCH 103/316] Update Minecraft --- badhouseplants/values/values.minecraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 80ffb02..f606aa4 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -36,9 +36,9 @@ minecraftServer: onlineMode: false difficulty: hard hardcore: true - version: 1.19.4 + version: 1.20.1 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/549/downloads/paper-1.19.4-549.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/18/downloads/paper-1.20.1-18.jar gameMode: survival pvp: true memory: 2512M -- 2.45.2 From 5df6d74088357ba0d030471f879714671e585fe8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Jun 2023 20:09:49 +0000 Subject: [PATCH 104/316] revert 548148bf1feb1cb51f27b75214f20a9cf2a0eca2 revert chore: Upgrade releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index da20077..d261a11 100644 --- a/releases.yaml +++ b/releases.yaml @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.36.0 + version: 5.34.6 inherit: - template: default-env-values - template: default-env-secrets @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 46.7.0 + version: 46.6.0 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: istio-common: labels: bundle: istio - version: 1.18.0 + version: 1.17.2 istio-base: &istio-base name: istio-base @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.13 + version: 16.1.11 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 3644b6a8c3bbc4ba46aa8e45027746fd711e3a85 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Jun 2023 20:15:11 +0000 Subject: [PATCH 105/316] revert 5df6d74088357ba0d030471f879714671e585fe8 revert revert 548148bf1feb1cb51f27b75214f20a9cf2a0eca2 revert chore: Upgrade releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index d261a11..da20077 100644 --- a/releases.yaml +++ b/releases.yaml @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.34.6 + version: 5.36.0 inherit: - template: default-env-values - template: default-env-secrets @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 46.6.0 + version: 46.7.0 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: istio-common: labels: bundle: istio - version: 1.17.2 + version: 1.18.0 istio-base: &istio-base name: istio-base @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.11 + version: 16.1.13 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 4ddc471f720064fc16516cf4a581f3433558ee88 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Jun 2023 20:15:30 +0000 Subject: [PATCH 106/316] revert 0fbdcc7ead21d1a117422d4be95a5895c1f9c861 revert Update Minecraft --- badhouseplants/values/values.minecraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index f606aa4..80ffb02 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -36,9 +36,9 @@ minecraftServer: onlineMode: false difficulty: hard hardcore: true - version: 1.20.1 + version: 1.19.4 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/18/downloads/paper-1.20.1-18.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/549/downloads/paper-1.19.4-549.jar gameMode: survival pvp: true memory: 2512M -- 2.45.2 From d441cdf0dd4d4d19a434224750ce771e2e6eb3cf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 17 Jun 2023 10:50:58 +0200 Subject: [PATCH 107/316] chore: Upgrade releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index da20077..3556768 100644 --- a/releases.yaml +++ b/releases.yaml @@ -91,7 +91,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.1 + version: 1.12.2 set: - name: installCRDs value: true @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.36.0 + version: 5.36.1 inherit: - template: default-env-values - template: default-env-secrets @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 46.7.0 + version: 46.8.0 inherit: - template: default-env-values - template: default-env-secrets @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.13 + version: 16.1.15 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From d809bd5106d20a788aa1f813e09cef363faeaf95 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 18 Jun 2023 15:38:43 +0200 Subject: [PATCH 108/316] feat(Minecraft): Add password to the server --- badhouseplants/values/values.minecraft.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 80ffb02..d8a500c 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -72,6 +72,18 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false + - name: install-password-plugin + image: alpine/curl + command: + - curl + - -L + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - -o + - /data/plugins/PasswordProtect.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false extraVolumes: - volumeMounts: - name: plugins -- 2.45.2 From f36ec04dd3bcd962ce9643e5853524c04c6b5fa9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Jun 2023 16:13:20 +0200 Subject: [PATCH 109/316] Update minecraft configuration --- badhouseplants/values/values.minecraft.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index d8a500c..384fd91 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -31,6 +31,13 @@ resources: requests: memory: 512Mi cpu: 50m + limits: + memory: 3Gi + cpu: 1500m +readinessProbe: + timeoutSeconds: 10 +livenessProbe: + timeoutSeconds: 10 minecraftServer: eula: "TRUE" onlineMode: false -- 2.45.2 From 71b46ee97c348dd3793550ed7fc9975849abee52 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 23 Jun 2023 21:53:21 +0200 Subject: [PATCH 110/316] feat: Use the forked minecraft chart --- badhouseplants/values/values.minecraft.yaml | 6 ++++++ releases.yaml | 3 ++- repositories.yaml | 3 ++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 384fd91..3e6c5e3 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -34,6 +34,12 @@ resources: limits: memory: 3Gi cpu: 1500m + +lifecycle: + postStart: + - bash + - -c + - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 readinessProbe: timeoutSeconds: 10 livenessProbe: diff --git a/releases.yaml b/releases.yaml index 3556768..4f902f2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -214,7 +214,8 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.8.0 + # chart: git+https://github.com/allanger/minecraft-server-charts@charts/minecraft?ref=master + version: 4.9.0 inherit: - template: default-env-values - template: ext-istio-resource diff --git a/repositories.yaml b/repositories.yaml index 52838da..03773e3 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -15,7 +15,8 @@ repositories: - name: minio url: https://charts.min.io/ - name: minecraft-server-charts - url: https://itzg.github.io/minecraft-server-charts/ + # url: https://itzg.github.io/minecraft-server-charts/ + url: git+https://github.com/allanger/minecraft-server-charts@charts/minecraft?ref=add-container-lifecycle - name: longhorn url: https://charts.longhorn.io - name: gitea -- 2.45.2 From a888247ab03df541e1e525751e1eb776ce40624c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 23 Jun 2023 23:46:19 +0200 Subject: [PATCH 111/316] chore: Make readiness probes less sensitive --- badhouseplants/values/values.minecraft.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 3e6c5e3..e239c36 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -41,6 +41,10 @@ lifecycle: - -c - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 readinessProbe: + command: + - mc-health + periodSeconds: 20 + failureThreshold: 50 timeoutSeconds: 10 livenessProbe: timeoutSeconds: 10 -- 2.45.2 From e668689e31b230b81eb037ebfefd05aa3efea27c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 23 Jun 2023 23:46:31 +0200 Subject: [PATCH 112/316] chore(minecraft): Switch back to the upstream repo --- repositories.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/repositories.yaml b/repositories.yaml index 03773e3..52838da 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -15,8 +15,7 @@ repositories: - name: minio url: https://charts.min.io/ - name: minecraft-server-charts - # url: https://itzg.github.io/minecraft-server-charts/ - url: git+https://github.com/allanger/minecraft-server-charts@charts/minecraft?ref=add-container-lifecycle + url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea -- 2.45.2 From b438fcecb848c68ef2be61565aeb3addd803fd80 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 25 Jun 2023 12:59:05 +0200 Subject: [PATCH 113/316] chore: Upgrade outdated charts --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 4f902f2..05dc1a7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.36.1 + version: 5.36.7 inherit: - template: default-env-values - template: default-env-secrets @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 46.8.0 + version: 47.0.0 inherit: - template: default-env-values - template: default-env-secrets @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.15 + version: 16.1.19 inherit: - template: default-env-values - template: default-env-secrets @@ -205,7 +205,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.10 + version: 5.0.11 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From d62b240c791150c3555f8d5e82f2f5792ffb9d6e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 25 Jun 2023 13:00:04 +0200 Subject: [PATCH 114/316] refactor: Remove a leftover comment --- releases.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 05dc1a7..6cc6b6a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -214,7 +214,6 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - # chart: git+https://github.com/allanger/minecraft-server-charts@charts/minecraft?ref=master version: 4.9.0 inherit: - template: default-env-values -- 2.45.2 From b8a899c295646d6418fc50ef4de2806a5c93bf73 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 25 Jun 2023 14:22:18 +0200 Subject: [PATCH 115/316] chore(Minecraft): Upgrade to 4.9.1 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6cc6b6a..3d78c6c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -214,7 +214,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.0 + version: 4.9.1 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From c6c396b6e65edaa2b2cce9582bad8ba6650d5d17 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 4 Jul 2023 11:30:13 +0200 Subject: [PATCH 116/316] chore: Upgrade outdated releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 3d78c6c..185caee 100644 --- a/releases.yaml +++ b/releases.yaml @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.36.7 + version: 5.36.14 inherit: - template: default-env-values - template: default-env-secrets @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 47.0.0 + version: 47.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.19 + version: 16.1.22 inherit: - template: default-env-values - template: default-env-secrets @@ -231,7 +231,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.0 + version: 2.0.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 7ab06bb36559c3df4ff0901c3a358f2eba1c41d2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 4 Jul 2023 20:44:42 +0200 Subject: [PATCH 117/316] Remove Prometheus --- badhouseplants/helmfile.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index f460821..d9a5080 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -47,12 +47,6 @@ releases: namespace: funkwhale-application createNamespace: false - - - <<: *prometheus - installed: true - namespace: monitoring-system - createNamespace: true - bases: - ../environments.yaml - ../repositories.yaml -- 2.45.2 From f6d5e342af67fb8d46bea9617c73b4ef4992a0a4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 7 Jul 2023 17:46:20 +0200 Subject: [PATCH 118/316] Set a context for the badhp env --- environments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environments.yaml b/environments.yaml index 40b9a9b..bbecb66 100644 --- a/environments.yaml +++ b/environments.yaml @@ -1,5 +1,5 @@ environments: badhouseplants: - # kubeContext: allanger@badhouseplants-microk8s + kubeContext: allanger@badhouseplants-microk8s etersoft: kubeContext: allanger@etersoft -- 2.45.2 From 2116141a297321b85551bd61d9082546a45a61c8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 7 Jul 2023 19:17:24 +0200 Subject: [PATCH 119/316] Remove Prometheus --- badhouseplants/helmfile.yaml | 5 +++++ badhouseplants/values/values.argocd.yaml | 4 ++-- badhouseplants/values/values.gitea.yaml | 2 +- releases.yaml | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index d9a5080..b2af28d 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -47,6 +47,11 @@ releases: namespace: funkwhale-application createNamespace: false + - <<: *prometheus + installed: false + namespace: monitoring-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 93af7dc..5afd729 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -32,7 +32,7 @@ controller: servicePort: 8082 portName: http-metrics serviceMonitor: - enabled: true + enabled: false interval: 30s relabelings: [] metricRelabelings: [] @@ -57,7 +57,7 @@ server: metrics: enabled: true serviceMonitor: - enabled: true + enabled: false rbacConfig: policy.default: role:readonly scopes: "[email, group]" diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 7c16864..feeeba1 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -66,7 +66,7 @@ gitea: metrics: enabled: true serviceMonitor: - enabled: true + enabled: false config: APP_NAME: Bad Houseplants Gitea ui: diff --git a/releases.yaml b/releases.yaml index 185caee..c0aab69 100644 --- a/releases.yaml +++ b/releases.yaml @@ -114,7 +114,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 47.2.0 + version: 47.1.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 439078c052e9e83d1b901b317b2784ae7cdfb295 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 17:47:17 +0200 Subject: [PATCH 120/316] Use graalvm for minecraft --- badhouseplants/values/values.minecraft.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e239c36..8863247 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -27,6 +27,9 @@ istio: # -------------------------------------------------- # -- Main values # -------------------------------------------------- +image: + tag: java17-graalvm-ce + pullPolicy: Always resources: requests: memory: 512Mi @@ -53,9 +56,9 @@ minecraftServer: onlineMode: false difficulty: hard hardcore: true - version: 1.19.4 + version: 1.20.1 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.19.4/builds/549/downloads/paper-1.19.4-549.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/68/downloads/paper-1.20.1-68.jar gameMode: survival pvp: true memory: 2512M -- 2.45.2 From c50917edbc1d1740b04788d6c8099f2503e9cead Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 17:48:27 +0200 Subject: [PATCH 121/316] chore: Upgrade Longhorn to 1.5.0 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index c0aab69..1d8ca6a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -98,7 +98,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.4.2 + version: 1.5.0 inherit: - template: default-env-values -- 2.45.2 From 182f0de4e34c9f69f4a6ac93984826fc02538998 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 17:54:13 +0200 Subject: [PATCH 122/316] chore: Upgrade outdated releases --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 1d8ca6a..308e00c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -10,7 +10,7 @@ templates: command: "sh" args: - -c - - | + - | helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ || true @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.36.14 + version: 5.37.1 inherit: - template: default-env-values - template: default-env-secrets @@ -196,7 +196,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.22 + version: 16.1.25 inherit: - template: default-env-values - template: default-env-secrets @@ -205,7 +205,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.11 + version: 5.0.12 inherit: - template: default-env-values - template: default-env-secrets @@ -214,7 +214,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.1 + version: 4.9.2 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From c49156c4ed427c0d56c6d998bc0ba11d5bf40ae3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 18:07:47 +0200 Subject: [PATCH 123/316] chore: Downgrade Minecraft something is broken with istio in 4.9.2 --- badhouseplants/values/values.minecraft.yaml | 2 +- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 8863247..8919cca 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -78,7 +78,7 @@ minecraftServer: persistence: dataDir: enabled: true - Size: 8Gi + Size: 15Gi initContainers: - name: install-prometheus-exporter image: alpine/curl diff --git a/releases.yaml b/releases.yaml index 308e00c..d714295 100644 --- a/releases.yaml +++ b/releases.yaml @@ -214,7 +214,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.2 + version: 4.9.1 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From a37465b9e15722ebc11234ba123dd0211bd06a17 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 20:36:32 +0200 Subject: [PATCH 124/316] Update Minecraft config --- badhouseplants/values/values.minecraft.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 8919cca..718b8b0 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -57,6 +57,8 @@ minecraftServer: difficulty: hard hardcore: true version: 1.20.1 + maxWorldSize: 20000 + ops: PapaPenis type: "PAPER" paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/68/downloads/paper-1.20.1-68.jar gameMode: survival -- 2.45.2 From 2aca7420923ac220d4ef819703d81d73d8877b73 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 22:31:45 +0200 Subject: [PATCH 125/316] Update the MC world size --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 718b8b0..344b3cb 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -57,7 +57,7 @@ minecraftServer: difficulty: hard hardcore: true version: 1.20.1 - maxWorldSize: 20000 + maxWorldSize: 90000 ops: PapaPenis type: "PAPER" paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/68/downloads/paper-1.20.1-68.jar -- 2.45.2 From 9a05d934513ccd8b27a22e9a494a699ecb08ed53 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 22:36:30 +0200 Subject: [PATCH 126/316] Downgrade Minio Upgrade Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/77 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index d714295..1e4e690 100644 --- a/releases.yaml +++ b/releases.yaml @@ -205,7 +205,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.12 + version: 5.0.11 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From cd506cd96987042c7298e61a93717184bf4d1863 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 17 Jun 2023 10:49:16 +0200 Subject: [PATCH 127/316] feat: Setup a logging system Loki + Promtail --- badhouseplants/helmfile.yaml | 10 ++++++++++ badhouseplants/values/values.loki.yaml | 7 +++++++ badhouseplants/values/values.prometheus.yaml | 13 +++++++++++- badhouseplants/values/values.promtail.yaml | 5 +++++ releases.yaml | 21 ++++++++++++++++++++ repositories.yaml | 4 ++-- 6 files changed, 57 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.loki.yaml create mode 100644 badhouseplants/values/values.promtail.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b2af28d..8dcacf1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -50,6 +50,16 @@ releases: - <<: *prometheus installed: false namespace: monitoring-system + createNamespace: true + + - <<: *loki + installed: true + namespace: monitoring-system + createNamespace: false + + - <<: *promtail + installed: true + namespace: monitoring-system createNamespace: false bases: diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml new file mode 100644 index 0000000..5feead7 --- /dev/null +++ b/badhouseplants/values/values.loki.yaml @@ -0,0 +1,7 @@ +--- +singleBinary: + replicas: 1 +loki: + auth_enabled: false + commonConfig: + replication_factor: 1 diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 04336ce..5f849b7 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -78,4 +78,15 @@ grafana: gnetId: 14584 revision: 1 datasource: Prometheus - + datasources: + loki.yaml: + apiVersion: 1 + datasources: + - name: Loki + type: loki + access: proxy + uid: loki + editable: false + url: http://loki.monitoring-system:3100/ + jsonData: + maxLines: 1000 diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml new file mode 100644 index 0000000..7846cec --- /dev/null +++ b/badhouseplants/values/values.promtail.yaml @@ -0,0 +1,5 @@ +--- +config: + clients: + # - url: http://loki.monitoring-system:3100 + - url: http://loki-gateway/loki/api/v1/push diff --git a/releases.yaml b/releases.yaml index 1e4e690..08ed996 100644 --- a/releases.yaml +++ b/releases.yaml @@ -110,16 +110,37 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + + monitoring-common: + labels: + bundle: monitoring prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack version: 47.1.0 inherit: + - template: monitoring-common - template: default-env-values - template: default-env-secrets - template: crd-management-hook - template: ext-istio-resource + + loki: &loki + name: loki + chart: grafana/loki + version: 5.6.4 + inherit: + - template: monitoring-common + - template: default-env-values + + promtail: &promtail + name: promtail + chart: grafana/promtail + version: 6.11.3 + inherit: + - template: monitoring-common + - template: default-env-values # ---------------------------- # -- Istio # ---------------------------- diff --git a/repositories.yaml b/repositories.yaml index 52838da..cef712f 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -26,9 +26,9 @@ repositories: url: https://argoproj.github.io/argo-helm - name: bedag url: https://bedag.github.io/helm-charts/ - # - name: mailu - # url: https://mailu.github.io/helm-charts/ - name: metallb url: https://metallb.github.io/metallb - name: prometheus-community url: https://prometheus-community.github.io/helm-charts + - name: grafana + url: https://grafana.github.io/helm-charts -- 2.45.2 From f29e5af719a82b6e42f684b73c7dd02801b30e72 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 27 Jun 2023 00:43:04 +0200 Subject: [PATCH 128/316] Set a retention perriod for logs --- badhouseplants/values/values.loki.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index 5feead7..0be3069 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -5,3 +5,7 @@ loki: auth_enabled: false commonConfig: replication_factor: 1 +compactor: + retention_enabled: true +limits_config: + retention_period: 2d -- 2.45.2 From 4313c1db4eb73488e7e79437bf36b014393c277c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 22:40:33 +0200 Subject: [PATCH 129/316] Set installed for logging stuff to false --- badhouseplants/helmfile.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8dcacf1..b60f269 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -53,12 +53,12 @@ releases: createNamespace: true - <<: *loki - installed: true + installed: false namespace: monitoring-system createNamespace: false - <<: *promtail - installed: true + installed: false namespace: monitoring-system createNamespace: false -- 2.45.2 From 89b6c9f94610dc8f4c9f80acee6ef612c9fd2703 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 22:46:01 +0200 Subject: [PATCH 130/316] chore: Upgrade Minio Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/77 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 08ed996..0f48119 100644 --- a/releases.yaml +++ b/releases.yaml @@ -226,7 +226,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.11 + version: 5.0.13 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From ff67d9f18fd86811ceeed49fe99eb609ebeab578 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 9 Jul 2023 22:47:04 +0200 Subject: [PATCH 131/316] chore: Upgrade Minecraft Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/78 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 0f48119..8b05297 100644 --- a/releases.yaml +++ b/releases.yaml @@ -235,7 +235,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.1 + version: 4.9.3 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From f1d164106a908fefb61c46864ba6d9961db110ee Mon Sep 17 00:00:00 2001 From: RNRod Date: Thu, 13 Jul 2023 18:39:34 +0200 Subject: [PATCH 132/316] remove CPU limits for the minecraft server --- badhouseplants/values/values.minecraft.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 344b3cb..7abf12a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -36,7 +36,6 @@ resources: cpu: 50m limits: memory: 3Gi - cpu: 1500m lifecycle: postStart: -- 2.45.2 From 386fb7ca018ef27a407c606830f56328dda0d413 Mon Sep 17 00:00:00 2001 From: RNRod Date: Thu, 13 Jul 2023 18:40:08 +0200 Subject: [PATCH 133/316] remove ops on the minecraft server --- badhouseplants/values/values.minecraft.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 7abf12a..c6ccfb5 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -57,7 +57,6 @@ minecraftServer: hardcore: true version: 1.20.1 maxWorldSize: 90000 - ops: PapaPenis type: "PAPER" paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/68/downloads/paper-1.20.1-68.jar gameMode: survival -- 2.45.2 From e4454aa266cc7987fc994f577897e92ecc4766b6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jul 2023 17:29:53 +0200 Subject: [PATCH 134/316] chore: Upgrade istio --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 8b05297..4d6a63b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -110,9 +110,9 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - + monitoring-common: - labels: + labels: bundle: monitoring prometheus: &prometheus @@ -125,7 +125,7 @@ templates: - template: default-env-secrets - template: crd-management-hook - template: ext-istio-resource - + loki: &loki name: loki chart: grafana/loki @@ -147,7 +147,7 @@ templates: istio-common: labels: bundle: istio - version: 1.18.0 + version: 1.18.1 istio-base: &istio-base name: istio-base -- 2.45.2 From da96d0bbbcaa6af52526e1e1bdf35ce72a4b5ee8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jul 2023 17:34:37 +0200 Subject: [PATCH 135/316] chore: Upgrade releases --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 4d6a63b..58d1d84 100644 --- a/releases.yaml +++ b/releases.yaml @@ -105,7 +105,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.37.1 + version: 5.39.0 inherit: - template: default-env-values - template: default-env-secrets @@ -118,7 +118,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 47.1.0 + version: 48.1.1 inherit: - template: monitoring-common - template: default-env-values @@ -129,7 +129,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.6.4 + version: 5.8.9 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.11.3 + version: 6.11.6 inherit: - template: monitoring-common - template: default-env-values @@ -217,7 +217,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.25 + version: 16.1.26 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 8e19905feba5f6c266a79ce7f30d8a4cda2f6368 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 19 Jul 2023 22:28:21 +0200 Subject: [PATCH 136/316] Install drone-docker-runner to the etersoft cluster --- badhouseplants/helmfile.yaml | 5 ----- .../values/secrets.drone-runner-docker.yaml | 22 +++++++++++++++++++ .../values/values.drone-runner-docker.yaml | 16 ++++++++++++++ helmfile.yaml | 6 +++++ 4 files changed, 44 insertions(+), 5 deletions(-) create mode 100644 etersoft/values/secrets.drone-runner-docker.yaml create mode 100644 etersoft/values/values.drone-runner-docker.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b60f269..9cd43ab 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,11 +12,6 @@ releases: namespace: drone-service createNamespace: false - - <<: *drone-runner-docker - installed: true - namespace: drone-service - createNamespace: false - - <<: *longhorn installed: true namespace: longhorn-system diff --git a/etersoft/values/secrets.drone-runner-docker.yaml b/etersoft/values/secrets.drone-runner-docker.yaml new file mode 100644 index 0000000..eb18677 --- /dev/null +++ b/etersoft/values/secrets.drone-runner-docker.yaml @@ -0,0 +1,22 @@ +env: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 + Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi + aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ + em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh + DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-21T09:27:21Z" + mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/etersoft/values/values.drone-runner-docker.yaml b/etersoft/values/values.drone-runner-docker.yaml new file mode 100644 index 0000000..923e72d --- /dev/null +++ b/etersoft/values/values.drone-runner-docker.yaml @@ -0,0 +1,16 @@ +--- +env: + DRONE_RPC_HOST: drone.badhouseplants.net + DRONE_RPC_PROTO: https + DRONE_NAMESPACE_DEFAULT: drone-service +rbac: + buildNamespaces: + - drone-service +dind: + resources: + limits: + cpu: 2000m + memory: 2024Mi + requests: + cpu: 100m + memory: 512Mi \ No newline at end of file diff --git a/helmfile.yaml b/helmfile.yaml index 738d891..8a8ccd9 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,5 +46,11 @@ releases: namespace: metallb-system createNamespace: true + - <<: *drone-runner-docker + installed: true + namespace: drone-service + createNamespace: false + + helmfiles: - path: {{.Environment.Name }}/helmfile.yaml -- 2.45.2 From fdcd2aafdb6da5b15784adf9fe180ba3bdf4e2a5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 20 Jul 2023 18:19:44 +0200 Subject: [PATCH 137/316] update kubecontext setup now the drone user should be used to run helmfile --- .drone.yml | 8 ++++---- environments.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 8d814bf..2ae9841 100644 --- a/.drone.yml +++ b/.drone.yml @@ -26,7 +26,7 @@ steps: from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e badhouseplants diff --suppress-secrets - name: Diff eterosoft @@ -38,7 +38,7 @@ steps: from_secret: KUBECONFIG_CONTENT commands: - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e etersoft diff --suppress-secrets --- @@ -69,7 +69,7 @@ steps: from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e badhouseplants apply --suppress-secrets - name: Apply eterosoft @@ -81,7 +81,7 @@ steps: from_secret: SOPS_AGE_KEY commands: - mkdir $HOME/.kube - - echo $KUBECONFIG_CONTENT | base64 -d > $HOME/.kube/config + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e etersoft apply --suppress-secrets --- diff --git a/environments.yaml b/environments.yaml index bbecb66..13a3ca2 100644 --- a/environments.yaml +++ b/environments.yaml @@ -1,5 +1,5 @@ environments: badhouseplants: - kubeContext: allanger@badhouseplants-microk8s + kubeContext: badhouseplants etersoft: - kubeContext: allanger@etersoft + kubeContext: etersoft -- 2.45.2 From 1fe836c4f00d9aaec3bebc52ab890d48e4fed375 Mon Sep 17 00:00:00 2001 From: RNRod Date: Sun, 16 Jul 2023 21:52:44 +0200 Subject: [PATCH 138/316] add bitwarden --- badhouseplants/helmfile.yaml | 5 +++ badhouseplants/values/secrets.bitwarden.yaml | 22 ++++++++++++ badhouseplants/values/values.bitwarden.yaml | 37 ++++++++++++++++++++ releases.yaml | 9 +++++ repositories.yaml | 2 ++ 5 files changed, 75 insertions(+) create mode 100644 badhouseplants/values/secrets.bitwarden.yaml create mode 100644 badhouseplants/values/values.bitwarden.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 9cd43ab..c9bfb1a 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -57,6 +57,11 @@ releases: namespace: monitoring-system createNamespace: false + - <<: *bitwarden + installed: true + namespace: bitwarden-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.bitwarden.yaml b/badhouseplants/values/secrets.bitwarden.yaml new file mode 100644 index 0000000..2a865a3 --- /dev/null +++ b/badhouseplants/values/secrets.bitwarden.yaml @@ -0,0 +1,22 @@ +env: + ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKL3M4VWJBQzZQdHRDcXVw + VWIwcjd0Zm44V01DTW1aV2FhV1QvT2hpcUVZClJ2dHdvcDYxalEvMXB2a1F1WlRy + K1VOYmg4cWprSHpLSVJVK1lYVXR5cWMKLS0tIGJ3bHNIZE9zR3RuZmpmMlZBQ1Qr + dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1 + amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-16T18:40:43Z" + mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 \ No newline at end of file diff --git a/badhouseplants/values/values.bitwarden.yaml b/badhouseplants/values/values.bitwarden.yaml new file mode 100644 index 0000000..b959319 --- /dev/null +++ b/badhouseplants/values/values.bitwarden.yaml @@ -0,0 +1,37 @@ +--- +image: + repository: vaultwarden/server + tag: 1.28.1 + +istio: + enabled: true + istio: + - name: bitwarden-http + gateway: badhouseplants-net + kind: http + hostname: bitwarden.badhouseplants.net + service: bitwarden-vaultwarden + port: 80 + + # pathType is only for k8s >= 1.1= + pathType: Prefix + +env: + + SIGNUPS_ALLOWED: false + DOMAIN: "https://bitwarden.badhouseplants.net" + # YUBICO_CLIENT_ID + # YUBICO_SECRET_KEY + # DATA_FOLDER + # DATABASE_URL + # ATTACHMENTS_FOLDER + # ICON_CACHE_FOLDER + # ROCKET_LIMITS + # ROCKET_WORKERS + WEB_VAULT_ENABLED: true + +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 800Mi + storageClass: longhorn \ No newline at end of file diff --git a/releases.yaml b/releases.yaml index 58d1d84..e7dd71a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -267,3 +267,12 @@ templates: - template: default-env-secrets - template: ext-istio-resource - template: ext-certificate + + bitwarden: &bitwarden + name: bitwarden + chart: bitwarden/vaultwarden + version: 0.1.7 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource \ No newline at end of file diff --git a/repositories.yaml b/repositories.yaml index cef712f..8a7e150 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -32,3 +32,5 @@ repositories: url: https://prometheus-community.github.io/helm-charts - name: grafana url: https://grafana.github.io/helm-charts + - name: bitwarden + url: https://constin.github.io/vaultwarden-helm/ \ No newline at end of file -- 2.45.2 From b3c043277316a80f80f0fc647f3e47185c1328a9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Jul 2023 12:40:26 +0200 Subject: [PATCH 139/316] chore: Upgrade releases --- releases.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/releases.yaml b/releases.yaml index e7dd71a..d29ad32 100644 --- a/releases.yaml +++ b/releases.yaml @@ -98,14 +98,14 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.0 + version: 1.5.1 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.39.0 + version: 5.41.1 inherit: - template: default-env-values - template: default-env-secrets @@ -118,7 +118,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 48.1.1 + version: 48.1.2 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.11.6 + version: 6.11.7 inherit: - template: monitoring-common - template: default-env-values @@ -217,7 +217,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.26 + version: 16.1.33 inherit: - template: default-env-values - template: default-env-secrets @@ -275,4 +275,4 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource \ No newline at end of file + - template: ext-istio-resource -- 2.45.2 From 92ed9fc966e79c175b7fc198c9786ba18e411019 Mon Sep 17 00:00:00 2001 From: RNRod Date: Fri, 21 Jul 2023 14:14:33 +0200 Subject: [PATCH 140/316] install redis --- badhouseplants/helmfile.yaml | 5 +++++ badhouseplants/values/values.redis.yaml | 7 +++++++ releases.yaml | 7 +++++++ 3 files changed, 19 insertions(+) create mode 100644 badhouseplants/values/values.redis.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index c9bfb1a..1fa6efa 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -62,6 +62,11 @@ releases: namespace: bitwarden-application createNamespace: true + - <<: *redis + installed: true + namespace: database-service + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.redis.yaml b/badhouseplants/values/values.redis.yaml new file mode 100644 index 0000000..3435894 --- /dev/null +++ b/badhouseplants/values/values.redis.yaml @@ -0,0 +1,7 @@ +metrics: + enabled: false + +architecture: standalone +master: + persistence: + size: 1Gi \ No newline at end of file diff --git a/releases.yaml b/releases.yaml index d29ad32..d71cd55 100644 --- a/releases.yaml +++ b/releases.yaml @@ -276,3 +276,10 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + + redis: &redis + name: redis + chart: bitnami/redis + version: 17.11.2 + inherit: + - template: default-env-values \ No newline at end of file -- 2.45.2 From bb2211fc15ee6473317d7040fbb4bd61c1140e6d Mon Sep 17 00:00:00 2001 From: RNRod Date: Fri, 21 Jul 2023 15:10:05 +0200 Subject: [PATCH 141/316] install postgres update redis version issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86\#issuecomment-1612 --- badhouseplants/helmfile.yaml | 5 +++++ badhouseplants/values/secrets.postgres.yaml | 24 +++++++++++++++++++++ badhouseplants/values/values.postgres.yaml | 10 +++++++++ releases.yaml | 12 +++++++++-- 4 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 badhouseplants/values/secrets.postgres.yaml create mode 100644 badhouseplants/values/values.postgres.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 1fa6efa..0378438 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -67,6 +67,11 @@ releases: namespace: database-service createNamespace: true + - <<: *postgres + installed: true + namespace: database-service + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.postgres.yaml b/badhouseplants/values/secrets.postgres.yaml new file mode 100644 index 0000000..a3223c8 --- /dev/null +++ b/badhouseplants/values/secrets.postgres.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:NopZyPWiTKPPVzLcvVLN3JgMQjQ=,iv:rWVhR2wChvQSIa7eBPrvnWO2ydLZ2D8oF87INiy8NX4=,tag:Xb0qbED6QXu5QBgHY6hrOA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-21T12:58:01Z" + mac: ENC[AES256_GCM,data:ShHWH9RIL4rJ5X0IvThOtyM28AC+1bJLr4PJJdYSLtV9T7Wcs2LbmWxtM2tpRyzMeZjYKJrsstGYgxBevr1BpfGBIeR4+JCwrbdK4AOq2VbLMpH7nMOU/huuUpxOopweRBTwZOEMRBkSkEk4qPvebLHEqUi6aNGdtxOINmHv/fA=,iv:C/iJOSshanbhSQ9Be712aSN2B8aXndPpP4655SQONeQ=,tag:BAJIzrYfh8a59OzkxDOrbw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 \ No newline at end of file diff --git a/badhouseplants/values/values.postgres.yaml b/badhouseplants/values/values.postgres.yaml new file mode 100644 index 0000000..db7f7ab --- /dev/null +++ b/badhouseplants/values/values.postgres.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false \ No newline at end of file diff --git a/releases.yaml b/releases.yaml index d71cd55..a993cd5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -280,6 +280,14 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.11.2 + version: 17.13.2 inherit: - - template: default-env-values \ No newline at end of file + - template: default-env-values + + postgres: &postgres + name: postgres + chart: bitnami/postgresql + version: 12.6.8 + inherit: + - template: default-env-values + - template: default-env-secrets -- 2.45.2 From 20e12ee4ba62d109d5c7d67d4e5edcc17f580fb5 Mon Sep 17 00:00:00 2001 From: RNRod Date: Fri, 21 Jul 2023 15:31:26 +0200 Subject: [PATCH 142/316] install db-operator issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86 --- badhouseplants/helmfile.yaml | 5 +++++ releases.yaml | 5 +++++ repositories.yaml | 4 +++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 0378438..3e661d5 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -72,6 +72,11 @@ releases: namespace: database-service createNamespace: true + - <<: *db-operator + installed: true + namespace: database-service + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/releases.yaml b/releases.yaml index a993cd5..4348e63 100644 --- a/releases.yaml +++ b/releases.yaml @@ -291,3 +291,8 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + + db-operator: &db-operator + name: db-operator + chart: db-operator/db-operator + version: 1.9.1 diff --git a/repositories.yaml b/repositories.yaml index 8a7e150..abaff21 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -33,4 +33,6 @@ repositories: - name: grafana url: https://grafana.github.io/helm-charts - name: bitwarden - url: https://constin.github.io/vaultwarden-helm/ \ No newline at end of file + url: https://constin.github.io/vaultwarden-helm/ + - name: db-operator + url: https://db-operator.github.io/charts -- 2.45.2 From 315bd127a1c844ea1a8a7aeb587f1be4cdc2872b Mon Sep 17 00:00:00 2001 From: RNRod Date: Fri, 21 Jul 2023 16:06:38 +0200 Subject: [PATCH 143/316] install db-instances issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86 --- badhouseplants/helmfile.yaml | 5 ++++ .../values/secrets.db-instances.yaml | 25 +++++++++++++++++++ .../values/values.db-instances.yaml | 12 +++++++++ releases.yaml | 8 ++++++ 4 files changed, 50 insertions(+) create mode 100644 badhouseplants/values/secrets.db-instances.yaml create mode 100644 badhouseplants/values/values.db-instances.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 3e661d5..4bc6609 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -77,6 +77,11 @@ releases: namespace: database-service createNamespace: true + - <<: *db-instances + installed: true + namespace: database-service + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml new file mode 100644 index 0000000..4018bea --- /dev/null +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -0,0 +1,25 @@ +dbinstances: + postgres: + secrets: + adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] + adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-21T14:01:22Z" + mac: ENC[AES256_GCM,data:tH/XnZOmYYygzMEcJduyCX3qXX5t8vEIwh4PwXXpsgfUvM7kKzbEEMDq4vyxIO5ht7ixXs8HRVKC2hK8Jn4d9/theXXTaxxeZvtUK23og01S5kyRJdlJpx5J3+soHKlkegbSH4JiQPRNgO7rf1PFIM6n++KtFvnBkrDdYD1c6Pw=,iv:VOiVwRRrqAp6fLjxGnZ0hvFxqOFrhgKu8lom2MrtDnw=,tag:+OjBhUpvplsLzRFrScmPJA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml new file mode 100644 index 0000000..c03513c --- /dev/null +++ b/badhouseplants/values/values.db-instances.yaml @@ -0,0 +1,12 @@ +--- +dbinstances: + postgres: + monitoring: + enabled: false + adminSecretRef: + Name: postgres-secret + Namespace: database-service + engine: postgres + generic: + host: postgres-postgresql + port: 5432 diff --git a/releases.yaml b/releases.yaml index 4348e63..65e1a59 100644 --- a/releases.yaml +++ b/releases.yaml @@ -296,3 +296,11 @@ templates: name: db-operator chart: db-operator/db-operator version: 1.9.1 + + db-instances: &db-instances + name: db-instances + chart: db-operator/db-instances + version: 1.4.2 + inherit: + - template: default-env-values + - template: default-env-secrets \ No newline at end of file -- 2.45.2 From c53cd3be0859ff037fc0dfe49cb5ed5c0b590d41 Mon Sep 17 00:00:00 2001 From: RNRod Date: Fri, 21 Jul 2023 16:15:04 +0200 Subject: [PATCH 144/316] fix redis configuration issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86 --- badhouseplants/values/secrets.redis.yaml | 23 +++++++++++++++++++++++ badhouseplants/values/values.redis.yaml | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 badhouseplants/values/secrets.redis.yaml diff --git a/badhouseplants/values/secrets.redis.yaml b/badhouseplants/values/secrets.redis.yaml new file mode 100644 index 0000000..b63290e --- /dev/null +++ b/badhouseplants/values/secrets.redis.yaml @@ -0,0 +1,23 @@ +global: + redis: + password: ENC[AES256_GCM,data:JseijC4tJuYQaqgW7eoDQ9JEOrE=,iv:9ES+Zs2ssxFTtCjU86H9N9q451jtOcjI6onJZBPKT2o=,tag:21OeVzQlhGLwTSvsdoP/9w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-21T14:12:50Z" + mac: ENC[AES256_GCM,data:opr1qb1qukrqeMMeCLvJJ4kKbaAvpJoZeVss+KPuN7gKlpKiDnF2NU6fNVomMXbhg7DnWxX+rlbqCd77I/pf4YXToU9JXL9+aQOrLiBagE7KsQLvA31sonJROx0OO+mbuTScGNm/XSmb48Uw6xCkVwtOE6ky7G/2SjjZ3xwEEAs=,iv:Q6WZZ6MmBiSa6OpXffnAH2mOFhjYPXN1+lifM9PXJ7k=,tag:x/IGEz/4oE3cZ9nMiW6tyw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.redis.yaml b/badhouseplants/values/values.redis.yaml index 3435894..b27501d 100644 --- a/badhouseplants/values/values.redis.yaml +++ b/badhouseplants/values/values.redis.yaml @@ -4,4 +4,4 @@ metrics: architecture: standalone master: persistence: - size: 1Gi \ No newline at end of file + enabled: false \ No newline at end of file -- 2.45.2 From 6aa71a0fa12cc0c6cf46f81e42efcb6f7302d6b5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 22 Jul 2023 14:25:37 +0200 Subject: [PATCH 145/316] install Prometheus to the BadHouseplants cluster --- badhouseplants/helmfile.yaml | 2 +- badhouseplants/values/values.namespaces.yaml | 2 +- badhouseplants/values/values.prometheus.yaml | 54 ++++++++++++++++++++ 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 4bc6609..b458b1f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -43,7 +43,7 @@ releases: createNamespace: false - <<: *prometheus - installed: false + installed: true namespace: monitoring-system createNamespace: true diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 93e1841..b477a0b 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,6 +1,6 @@ --- ns: - - name: monitoring + - name: monitoring-system templates: - | {{ range .Values.ns }} diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 5f849b7..11f1a0b 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -12,8 +12,58 @@ istio: hostname: "grafana.badhouseplants.net" service: prometheus-grafana port: 80 + +coreDns: + enabled: false +kubeEtcd: + enabled: false +kubelet: + enabled: false +kubeApiServer: + enabled: false + +prometheus-node-exporter: + prometheus: + monitor: + enabled: true + jobLabel: jobLabel + interval: 60s + +defaultRules: + create: true + rules: + alertmanager: true + etcd: false + configReloaders: false + general: true + k8s: true + kubeApiserverAvailability: false + kubeApiserverBurnrate: false + kubeApiserverHistogram: false + kubeApiserverSlos: false + kubeControllerManager: false + kubelet: false + kubeProxy: false + kubePrometheusGeneral: false + kubePrometheusNodeRecording: false + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeSchedulerAlerting: false + kubeSchedulerRecording: true + kubeStateMetrics: true + network: false + node: true + nodeExporterAlerting: true + nodeExporterRecording: true + prometheus: true + prometheusOperator: true + windows: false + prometheus: prometheusSpec: + enableAdminAPI: true retentionSize: 10GB podMonitorNamespaceSelector: any: true @@ -34,6 +84,7 @@ prometheus: resources: requests: storage: 10Gi + grafana: persistence: enabled: true @@ -56,6 +107,7 @@ grafana: tls_skip_verify_insecure: false use_pkce: true role_attribute_path: contains(groups, 'badhouseplants:owners') && 'Admin' || 'Viewer' + dashboardProviders: dashboardproviders.yaml: apiVersion: 1 @@ -68,6 +120,7 @@ grafana: editable: false options: path: /var/lib/grafana/dashboards/default + dashboards: default: gitea-dashboard: @@ -78,6 +131,7 @@ grafana: gnetId: 14584 revision: 1 datasource: Prometheus + datasources: loki.yaml: apiVersion: 1 -- 2.45.2 From 177e7dcb9de47497014b4ffc01f1eff3bf9436ec Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 23 Jul 2023 17:38:54 +0200 Subject: [PATCH 146/316] Add a new bucket to Minio --- badhouseplants/values/values.minio.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 5003b39..cccfe32 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -65,6 +65,10 @@ buckets: policy: download purge: false versioning: false + - name: badhouseplants-brew + policy: download + purge: false + versioning: false metrics: serviceMonitor: enabled: false -- 2.45.2 From 5501b4cc0794327f28ddd98728f96fa87cdb9d9b Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 26 Jul 2023 21:06:07 +0200 Subject: [PATCH 147/316] add database extension issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86 --- badhouseplants/values/values.gitea.yaml | 5 +++++ common/values.database.yaml | 16 ++++++++++++++++ releases.yaml | 9 +++++++++ 3 files changed, 30 insertions(+) create mode 100644 common/values.database.yaml diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index feeeba1..ceefb4a 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -20,6 +20,11 @@ istio: service: gitea-ssh port: 22 +database: + enabled: true + name: gitea-postgres + instance: postgres + replicaCount: 1 clusterDomain: cluster.local diff --git a/common/values.database.yaml b/common/values.database.yaml new file mode 100644 index 0000000..8a6a183 --- /dev/null +++ b/common/values.database.yaml @@ -0,0 +1,16 @@ +--- +database: + templates: + - | + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.name }}" + spec: + secretName: "{{ .Values.name }}-creds" + instance: "{{ .Values.instance }}" + deletionProtected: false + backup: + enable: false + cron: 0 0 * * * diff --git a/releases.yaml b/releases.yaml index 65e1a59..20ed74b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -71,6 +71,14 @@ templates: inherit: - template: default-common-values - template: default-env-values + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' # ---------------------------- # -- Releases # ---------------------------- @@ -248,6 +256,7 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + - template: ext-database funkwhale: &funkwhale name: funkwhale -- 2.45.2 From 301de982cc22cd7cfbf062777bcea8fb4f1b78b4 Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 26 Jul 2023 22:50:08 +0200 Subject: [PATCH 148/316] migrate gitea to a dedicated database issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86 --- badhouseplants/values/secrets.gitea.yaml | 6 ++++-- badhouseplants/values/values.gitea.yaml | 9 ++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 4a8e9f8..86388fa 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -13,6 +13,8 @@ gitea: config: mailer: ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] + database: + PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str] oauth: - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] @@ -33,8 +35,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-21T12:13:23Z" - mac: ENC[AES256_GCM,data:9BHUjJKb4n0EeIrpDytKouAASi2v92bPlwxgb0Ewf1bMv8zyZFwAfjhVx0EbPLzvdB7QOPPxvljn1YRNzRxxnQAc1d88S5h0xIRH+ybek4xdB5HlBLcdH97GGUnfHbxKKT0BJ6a4OCxWMYM0YuHl5VJ+jJXChG55UzTnDrY6vgA=,iv:0ROT1b0e6C5ZbmZby1REl8vQwCx+1LG0sjnmOBefP/k=,tag:Mr+0Dtg5jzeSlb09v+yx7g==,type:str] + lastmodified: "2023-07-26T20:46:45Z" + mac: ENC[AES256_GCM,data:ZZ5KeUmc5FqFIfZKkVfmu9s2YWCbFULgHiF8JMjgyIYqnUkE1gSPq7PqCJFnHuDmg9b9QKw7KbT1SgCTY9UXcZ2h8xQGQ6SrU3oDBVLGG+tJovTqAgeEAy3WUqSensAw86OHVbQafC+urO7pW83suGVBp19vhT7lNm3tpM43i08=,iv:RXnqoZy/p8wJEDV2jtbzQWfvAOJpAEc3SFso+bVtZsg=,tag:vBvtEm9Q/pEKeD9ek+xWVA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index ceefb4a..f19a174 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -25,6 +25,8 @@ database: name: gitea-postgres instance: postgres + + replicaCount: 1 clusterDomain: cluster.local @@ -54,7 +56,7 @@ memcached: postgresql: auth: postgresPassword: check - enabled: true + enabled: false global: postgresql: servicePort: 5432 @@ -73,6 +75,11 @@ gitea: serviceMonitor: enabled: false config: + database: + DB_TYPE: postgres + HOST: postgres-postgresql.database-service.svc.cluster.local + NAME: gitea-service-gitea-postgres + USER: gitea-service-gitea-postgres APP_NAME: Bad Houseplants Gitea ui: meta: -- 2.45.2 From a26d58fb4d138d1c50d11817a78a38985bac6673 Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 26 Jul 2023 22:51:32 +0200 Subject: [PATCH 149/316] format gitea values --- badhouseplants/values/values.gitea.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index f19a174..3920257 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -25,8 +25,6 @@ database: name: gitea-postgres instance: postgres - - replicaCount: 1 clusterDomain: cluster.local -- 2.45.2 From 9c33d64c5b55a473d42f2fd7362052c28dec0d57 Mon Sep 17 00:00:00 2001 From: RNRod Date: Sat, 29 Jul 2023 18:57:03 +0200 Subject: [PATCH 150/316] migrate funkwhale to a dedicated database issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/95 --- badhouseplants/values/secrets.funkwhale.yaml | 9 +++------ badhouseplants/values/values.funkwhale.yaml | 14 ++++++++++---- badhouseplants/values/values.gitea.yaml | 2 +- common/values.database.yaml | 2 +- releases.yaml | 3 ++- 5 files changed, 17 insertions(+), 13 deletions(-) diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 47cc127..fca2d0f 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,7 @@ djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] postgresql: auth: - username: ENC[AES256_GCM,data:S09SpdX3ro0S,iv:QYQiF8Ozz9iLElqsoxyika+iVcHzRyo4hhaaIw8/vDM=,tag:KzorD+/Pysqwm5PneRRsyg==,type:str] - password: ENC[AES256_GCM,data:R6bqME1FH72K,iv:PuOIgStSM/NvwhQj06E/PMtB30aDbstypIBt84Fh1q0=,tag:gzv9S+hYW6qjgdoMhl1mTw==,type:str] - database: ENC[AES256_GCM,data:Ld33SGYZdlK+,iv:hZ/DlO3wNQ7Bm5L3RmNDzOp9U4QBr+nhJbDD1XYc56Y=,tag:NIgpN71+dL1jIgG66l+3VA==,type:str] - postgresPassword: ENC[AES256_GCM,data:AGtLRy+ujNAVpA==,iv:U19Pb6vXU/ceH3M6ZLOduqRBFaStX7JSyFnO6ODzbLs=,tag:kpbEkwMZl7c2wJrELjp4tw==,type:str] + password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +17,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-22T09:20:09Z" - mac: ENC[AES256_GCM,data:1Wt61yiS/8/D0IwiM1RQwV6fYZNq5yZFxOWE/1T4/eLhZY4jSLFMMDrZLA3joOv6ZeN1fWzbJpbGEzsBdPm0ZP7scz56+XwWJTjY9xlnlRB6ou35ViABE9mKCNP6/wUqqnw0d3EhnxhC5lOAPsl5koUHhGQw/8dZEDiA9PniQ20=,iv:dgkvOii83PR3cpFBQoSq9pi53g7DjTcrAXc5O5ge9nA=,tag:/RWIko/vBwFcHIZqmJdrZQ==,type:str] + lastmodified: "2023-07-29T16:49:07Z" + mac: ENC[AES256_GCM,data:Rnkc8vhUyrFUq8BveKpr1PWtZJOaw5862rU/TzvL+X9fkTz4kS2N9wkA1vK21EN0QG4U1kLL3XNImdqK4sw70ItZ+swCUGbqrc2KOFjH3msCIdcCj9xl87cFDMk4OPk2dpzI/ckyXhSco2I6qrW3LvUo60wNNTwEJrUjrUGIx38=,iv:QBFecsw554VtnCbirwPP+HlxPnnpOgwtMWlnmr4IVfo=,tag:ufkQ0lPTkZcTfI7Yrd5Mfw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 5cb7632..303a8ae 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -13,6 +13,11 @@ istio: service: funkwhale port: 80 +ext-database: + enabled: true + name: funkwhale-postgres + instance: postgres + replicaCount: 1 celery: worker: @@ -37,7 +42,8 @@ s3: ingress: enabled: false postgresql: - primary: - resources: - requests: - cpu: 50m + enabled: false + host: postgres-postgresql.database-service.svc.cluster.local + auth: + username: funkwhale-application-funkwhale-postgres + database: funkwhale-application-funkwhale-postgres diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 3920257..fa9b60e 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -20,7 +20,7 @@ istio: service: gitea-ssh port: 22 -database: +ext-database: enabled: true name: gitea-postgres instance: postgres diff --git a/common/values.database.yaml b/common/values.database.yaml index 8a6a183..9680113 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -1,5 +1,5 @@ --- -database: +ext-database: templates: - | --- diff --git a/releases.yaml b/releases.yaml index 20ed74b..df172e7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -76,7 +76,7 @@ templates: dependencies: - chart: bedag/raw version: 2.0.0 - alias: database + alias: ext-database values: - '{{ requiredEnv "PWD" }}/common/values.database.yaml' # ---------------------------- @@ -266,6 +266,7 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + - template: ext-database mailu: &mailu name: mailu -- 2.45.2 From 66c1fc970cf567485923445d3eaba590147f7bd8 Mon Sep 17 00:00:00 2001 From: RNRod Date: Sat, 29 Jul 2023 19:33:18 +0200 Subject: [PATCH 151/316] migrate funkwhale to a dedicated redis issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/95 --- badhouseplants/values/values.funkwhale.yaml | 7 +++++++ releases.yaml | 1 + 2 files changed, 8 insertions(+) diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 303a8ae..7f04b3e 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -47,3 +47,10 @@ postgresql: auth: username: funkwhale-application-funkwhale-postgres database: funkwhale-application-funkwhale-postgres + +redis: + enabled: false + host: redis-master.database-service.svc.cluster.local + auth: + enabled: true + password: AgzqQsXf9ifwMpq8eKEW diff --git a/releases.yaml b/releases.yaml index df172e7..071cb80 100644 --- a/releases.yaml +++ b/releases.yaml @@ -293,6 +293,7 @@ templates: version: 17.13.2 inherit: - template: default-env-values + - template: default-env-secrets postgres: &postgres name: postgres -- 2.45.2 From 755238e1955ed877dd98bea7194fec628845cc27 Mon Sep 17 00:00:00 2001 From: RNRod Date: Sat, 29 Jul 2023 20:09:57 +0200 Subject: [PATCH 152/316] change redis password --- badhouseplants/values/secrets.funkwhale.yaml | 7 +++++-- badhouseplants/values/secrets.redis.yaml | 6 +++--- badhouseplants/values/values.funkwhale.yaml | 1 - 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index fca2d0f..8655857 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -2,6 +2,9 @@ djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+e postgresql: auth: password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] +redis: + auth: + password: ENC[AES256_GCM,data:aeU0t+HU/SYw2e4Ka/xUFecc+dw=,iv:+sqbnts+Sammd5RyEMpYwbcpOuFISamwessi4ZyPfxE=,tag:B+77buXXmAi9qGNpHgZ/BQ==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +20,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T16:49:07Z" - mac: ENC[AES256_GCM,data:Rnkc8vhUyrFUq8BveKpr1PWtZJOaw5862rU/TzvL+X9fkTz4kS2N9wkA1vK21EN0QG4U1kLL3XNImdqK4sw70ItZ+swCUGbqrc2KOFjH3msCIdcCj9xl87cFDMk4OPk2dpzI/ckyXhSco2I6qrW3LvUo60wNNTwEJrUjrUGIx38=,iv:QBFecsw554VtnCbirwPP+HlxPnnpOgwtMWlnmr4IVfo=,tag:ufkQ0lPTkZcTfI7Yrd5Mfw==,type:str] + lastmodified: "2023-07-29T17:45:04Z" + mac: ENC[AES256_GCM,data:5SQLrGXu7BxhIpQYtv9gW3hyX9kC9Gdpjlqm8UcL803qOQxHSz0BryzEEot//K0ka8cud+uRWQUfNairZYWj6uBNkcM+aFy2kZUKMMozBShi+5kd0BzC1TNYhxaOXmfjTE2bjjdFBFW5xmIqnu15DmzqPU2cxjpGQuea8ol0G/c=,iv:G/IlEOU2hbYa3czcd0n4T/l52if6W4nx43ZKCchX3bQ=,tag:wfEzMjeiIAMMBIgIjaOYOg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.redis.yaml b/badhouseplants/values/secrets.redis.yaml index b63290e..13a18e0 100644 --- a/badhouseplants/values/secrets.redis.yaml +++ b/badhouseplants/values/secrets.redis.yaml @@ -1,6 +1,6 @@ global: redis: - password: ENC[AES256_GCM,data:JseijC4tJuYQaqgW7eoDQ9JEOrE=,iv:9ES+Zs2ssxFTtCjU86H9N9q451jtOcjI6onJZBPKT2o=,tag:21OeVzQlhGLwTSvsdoP/9w==,type:str] + password: ENC[AES256_GCM,data:kf/oRSCxPziRerU2Z4AqXJk/fp4=,iv:6d3t4cbjbcI8Wnw5dmO6NkOVuApf+DWEkXd6j5T17Lw=,tag:VzUwTP2+w8iwwkZOjMbdCQ==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +16,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-21T14:12:50Z" - mac: ENC[AES256_GCM,data:opr1qb1qukrqeMMeCLvJJ4kKbaAvpJoZeVss+KPuN7gKlpKiDnF2NU6fNVomMXbhg7DnWxX+rlbqCd77I/pf4YXToU9JXL9+aQOrLiBagE7KsQLvA31sonJROx0OO+mbuTScGNm/XSmb48Uw6xCkVwtOE6ky7G/2SjjZ3xwEEAs=,iv:Q6WZZ6MmBiSa6OpXffnAH2mOFhjYPXN1+lifM9PXJ7k=,tag:x/IGEz/4oE3cZ9nMiW6tyw==,type:str] + lastmodified: "2023-07-29T17:44:01Z" + mac: ENC[AES256_GCM,data:iV7/1P+LppuGxIE0djzw/Vc/GCSRPsdclx6je9f1UHgg7FV9rjdqCr0lN/JfcqOC9z/HfPoQX3cWh3hADABKV+8DvYtFGfIYIbt1+wdg7xM7pAXh6ffsOK8iOg9Fy1L1AoHe61W8Wmp5I5woExTUSRb3ZdNNIcBSjUbRhjAtYZ4=,iv:HJ9joQgY3xdJWQhGiqEmS3Ei95TbFM4ocQ99n2N+e4Q=,tag:W3D7YMLvMPVYGmDO1oClPQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 7f04b3e..732adee 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -53,4 +53,3 @@ redis: host: redis-master.database-service.svc.cluster.local auth: enabled: true - password: AgzqQsXf9ifwMpq8eKEW -- 2.45.2 From 6181a09e2eb02b81939d80755a1143df26ef2e3a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 20:29:42 +0200 Subject: [PATCH 153/316] Remove the deprecated `drone-kube-runner` Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/96 --- badhouseplants/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b458b1f..c8bec73 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -8,7 +8,7 @@ releases: createNamespace: false - <<: *drone-runner-kube - installed: true + installed: false namespace: drone-service createNamespace: false -- 2.45.2 From 903e0e2d476dfa1dfb05a036bcb63d0f6a68e9bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 20:37:43 +0200 Subject: [PATCH 154/316] Cleanup after `drone-runner-kube` removing Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/96 --- badhouseplants/helmfile.yaml | 5 ---- .../values/secrets.drone-runner-kube.yaml | 23 ------------------- .../values/values.drone-runner-kube.yaml | 12 ---------- releases.yaml | 9 -------- 4 files changed, 49 deletions(-) delete mode 100644 badhouseplants/values/secrets.drone-runner-kube.yaml delete mode 100644 badhouseplants/values/values.drone-runner-kube.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index c8bec73..caf29b0 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -7,11 +7,6 @@ releases: namespace: drone-service createNamespace: false - - <<: *drone-runner-kube - installed: false - namespace: drone-service - createNamespace: false - - <<: *longhorn installed: true namespace: longhorn-system diff --git a/badhouseplants/values/secrets.drone-runner-kube.yaml b/badhouseplants/values/secrets.drone-runner-kube.yaml deleted file mode 100644 index cc83446..0000000 --- a/badhouseplants/values/secrets.drone-runner-kube.yaml +++ /dev/null @@ -1,23 +0,0 @@ -env: - DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:wqUNt9o/+7fan2wxSfZjb4X3Ogk=,iv:IMc/dxu+ZN+PcbBMz+Z5J2JOAR3a6fuCdCx8XPtop4k=,tag:AryXmU1xrSCfAzZehvGvYg==,type:str] - DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 - Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi - aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ - em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh - DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-21T09:07:35Z" - mac: ENC[AES256_GCM,data:4MIzNp44+5zPPOhiq5elk5JIrpVeiDG8/aYXxh9Xoch4f5L4omywoXk9znRVwXlaaL2FVS0RnOXvUrmWagdX0f5LTDE0WoThXIgL2YRayHEAISW8uu+auaLIE5qPT7rEI/JLHQhdSuczVYLNj3P2jOKK7XPAuV2E/65DXkvESGk=,iv:0OuRk8Ur+aU33DXn9KPIv+qW8RU/q0599AVRduQS2rQ=,tag:G7ygruy60cuDKgJFB3uoGQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/badhouseplants/values/values.drone-runner-kube.yaml b/badhouseplants/values/values.drone-runner-kube.yaml deleted file mode 100644 index 0ce5ba2..0000000 --- a/badhouseplants/values/values.drone-runner-kube.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -env: - DRONE_RPC_HOST: drone.badhouseplants.net - DRONE_RPC_PROTO: https - DRONE_NAMESPACE_DEFAULT: drone-service - DRONE_RESOURCE_LIMIT_CPU: 300 - DRONE_RESOURCE_REQUEST_CPU: 100 - DRONE_RESOURCE_LIMIT_MEMORY: 2048Mi - DRONE_RESOURCE_REQUEST_MEMORY: 512Mi -rbac: - buildNamespaces: - - drone-service diff --git a/releases.yaml b/releases.yaml index 071cb80..116503f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -204,15 +204,6 @@ templates: - template: ext-istio-resource - template: drone-common - drone-runner-kube: &drone-runner-kube - name: drone-runner-kube - chart: drone/drone-runner-kube - version: 0.1.10 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: drone-common - drone-runner-docker: &drone-runner-docker name: drone-runner-docker chart: drone/drone-runner-docker -- 2.45.2 From 5ff279ef0339b6aa44abdec0b228859e5afce025 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 21:11:54 +0200 Subject: [PATCH 155/316] chore(minecraft): Upgrade the Paper version --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index c6ccfb5..d005fc1 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -58,7 +58,7 @@ minecraftServer: version: 1.20.1 maxWorldSize: 90000 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/68/downloads/paper-1.20.1-68.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar gameMode: survival pvp: true memory: 2512M -- 2.45.2 From 0b23d53f10e2268b42e15538dae9e97b1c1121b8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 22:17:42 +0200 Subject: [PATCH 156/316] chore(gitea): Upgrade the gitea chart version The maintainer of the chart release a breaking chage, so this migration was not easy. After the upgrade, I've copied all the data from the previous installation, because the ReplicaSet provided was switched from the StatefulSet to Deployment. Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86 --- badhouseplants/values/values.gitea.yaml | 67 +++++++++++++------------ releases.yaml | 4 +- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index fa9b60e..7fed6e9 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -19,12 +19,17 @@ istio: port_match: 22 service: gitea-ssh port: 22 - +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ ext-database: enabled: true name: gitea-postgres instance: postgres - +# ------------------------------------------ +# -- Kubernetes related values +# ------------------------------------------ replicaCount: 1 clusterDomain: cluster.local @@ -38,39 +43,20 @@ resources: persistence: enabled: true - size: 10Gi + size: 6Gi accessModes: - ReadWriteOnce - labels: {} - annotations: {} - -memcached: - enabled: true - service: - port: 11211 - resources: - requests: - cpu: 10m -postgresql: - auth: - postgresPassword: check - enabled: false - global: - postgresql: - servicePort: 5432 - persistence: - size: 10Gi - resources: - requests: - cpu: 50m ingress: enabled: false - +# ------------------------------------------ +# -- Main Gitea settings +# ------------------------------------------ gitea: metrics: enabled: true serviceMonitor: + # -- TODO(@allanger): Enable it once prometheus is configured enabled: false config: database: @@ -82,7 +68,7 @@ gitea: ui: meta: AUTHOR: Bad Houseplants - DESCRIPTION: by allanger + DESCRIPTION: ...by allanger repository: DEFAULT_BRANCH: main MAX_CREATION_LIMIT: 0 @@ -94,6 +80,7 @@ gitea: ROOT_URL: https://git.badhouseplants.net LFS_START_SERVER: true LANDING_PAGE: explore + START_SSH_SERVER: true admin: DISABLE_REGULAR_ORG_CREATION: true packages: @@ -107,14 +94,28 @@ gitea: oauth2_client: REGISTER_EMAIL_CONFIRM: false ENABLE_AUTO_REGISTRATION: true -statefulset: - env: - - name: DOMAIN - value: git.badhouseplants.net - - name: START_SSH_SERVER - value: "true" + # -------------------------------------- + # -- Redis settings + # -------------------------------------- + session: + PROVIDER: redis + PROVIDER_CONFIG: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& + cache: + ENABLED: true + ADAPTER: redis + HOST: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& + queue: + TYPE: redis + CONN_STR: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& service: ssh: type: ClusterIP port: 22 clusterIP: +# ------------------------------------------ +# -- Disabled dependencies +# ------------------------------------------ +postgresql-ha: + enabled: false +redis-cluster: + enabled: false \ No newline at end of file diff --git a/releases.yaml b/releases.yaml index 116503f..5a9b582 100644 --- a/releases.yaml +++ b/releases.yaml @@ -242,7 +242,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 8.3.0 + version: 9.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -305,4 +305,4 @@ templates: version: 1.4.2 inherit: - template: default-env-values - - template: default-env-secrets \ No newline at end of file + - template: default-env-secrets -- 2.45.2 From 39eff42bda73df863d6a84f5713779918a1b9a6c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 22:26:45 +0200 Subject: [PATCH 157/316] Update the leaked redis password Also updated for Gitea and Funkwhale --- badhouseplants/values/secrets.funkwhale.yaml | 6 +++--- badhouseplants/values/secrets.gitea.yaml | 18 ++++++++---------- badhouseplants/values/secrets.redis.yaml | 9 ++++++--- badhouseplants/values/values.gitea.yaml | 6 ------ 4 files changed, 17 insertions(+), 22 deletions(-) diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 8655857..bc30824 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -4,7 +4,7 @@ postgresql: password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] redis: auth: - password: ENC[AES256_GCM,data:aeU0t+HU/SYw2e4Ka/xUFecc+dw=,iv:+sqbnts+Sammd5RyEMpYwbcpOuFISamwessi4ZyPfxE=,tag:B+77buXXmAi9qGNpHgZ/BQ==,type:str] + password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +20,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T17:45:04Z" - mac: ENC[AES256_GCM,data:5SQLrGXu7BxhIpQYtv9gW3hyX9kC9Gdpjlqm8UcL803qOQxHSz0BryzEEot//K0ka8cud+uRWQUfNairZYWj6uBNkcM+aFy2kZUKMMozBShi+5kd0BzC1TNYhxaOXmfjTE2bjjdFBFW5xmIqnu15DmzqPU2cxjpGQuea8ol0G/c=,iv:G/IlEOU2hbYa3czcd0n4T/l52if6W4nx43ZKCchX3bQ=,tag:wfEzMjeiIAMMBIgIjaOYOg==,type:str] + lastmodified: "2023-07-29T20:22:20Z" + mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 86388fa..24357eb 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,11 +1,3 @@ -postgresql: - global: - postgresql: - auth: - database: ENC[AES256_GCM,data:Cy0E9Sw=,iv:d68IzroVmsj4Y5QOgSlev7g+kTeovg29cEe2wLnWA50=,tag:pl5RqMwMtrSZgoGBkUCE9w==,type:str] - username: ENC[AES256_GCM,data:JJBW6Xs=,iv:M7EQ9UeNqjgG8B0ZAp0zHnFXHPzu+GskhyxVt0pxoJE=,tag:ujwxxXJwgpqYf7XZyXySCg==,type:str] - password: ENC[AES256_GCM,data:Fqnl7GQhgpFFRH72ZWeCsfeQjAQ=,iv:0O3zUWRAOjmc2MzOPIWj5Fq5bsemoGRBRk1u3/gU9ro=,tag:4bkQKMU1WTjRxiS10IzssQ==,type:str] - postgresPassword: ENC[AES256_GCM,data:qlLEaSfvrcROlA==,iv:3jDMPZtK/Jnjt2KXKLUlTDHOvObgjI1Q5U2UlFsivaE=,tag:tuaGHQzKD26JO6X5HAiXTw==,type:str] gitea: admin: username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] @@ -15,6 +7,12 @@ gitea: ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] database: PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str] + session: + PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] + cache: + HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] + queue: + CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] oauth: - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] @@ -35,8 +33,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-26T20:46:45Z" - mac: ENC[AES256_GCM,data:ZZ5KeUmc5FqFIfZKkVfmu9s2YWCbFULgHiF8JMjgyIYqnUkE1gSPq7PqCJFnHuDmg9b9QKw7KbT1SgCTY9UXcZ2h8xQGQ6SrU3oDBVLGG+tJovTqAgeEAy3WUqSensAw86OHVbQafC+urO7pW83suGVBp19vhT7lNm3tpM43i08=,iv:RXnqoZy/p8wJEDV2jtbzQWfvAOJpAEc3SFso+bVtZsg=,tag:vBvtEm9Q/pEKeD9ek+xWVA==,type:str] + lastmodified: "2023-07-29T20:30:31Z" + mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.redis.yaml b/badhouseplants/values/secrets.redis.yaml index 13a18e0..14b99c2 100644 --- a/badhouseplants/values/secrets.redis.yaml +++ b/badhouseplants/values/secrets.redis.yaml @@ -1,6 +1,9 @@ global: redis: - password: ENC[AES256_GCM,data:kf/oRSCxPziRerU2Z4AqXJk/fp4=,iv:6d3t4cbjbcI8Wnw5dmO6NkOVuApf+DWEkXd6j5T17Lw=,tag:VzUwTP2+w8iwwkZOjMbdCQ==,type:str] + #ENC[AES256_GCM,data:QRLnzdJ/lmaItppUMOZO33kySISWDfMdjr2nrEjBuhucnoglEVNF9Wy5IVbt5CNERajCADTVWNy/N40uCv+9n3PQVKl+Ki6YV+Q24Bzy,iv:8PvJ2yU7AW+/XkP+/9OQcrdCVAomnRexkNNw+2rjoho=,tag:U4gbrqqBwvXC63qn7jFmPQ==,type:comment] + #ENC[AES256_GCM,data:69gagNeejZaafGWo/Rll,iv:kW13FOrc/j//BxVj4JgEC0G/DQIOPHil0uNXpOM2/W0=,tag:sqviMlgQHiN397ukswoNsg==,type:comment] + #ENC[AES256_GCM,data:C8ta7Vtb3LpOotE=,iv:Kdat2trhQIQHxIpD7xhUoLRYo+a4PgzpB+S0w32somA=,tag:jgH656M8a14QhA//sN6MGg==,type:comment] + password: ENC[AES256_GCM,data:qdV5FH2K4w9gj4SFznfflY8Uw3ohSCO4lOE4Hea4,iv:/XYT2xiHlfRB1NLkw+Qm/QaWehvs9v8PUp2ZfMxeyRA=,tag:06XSi3K7y+9a50nZK1LAfQ==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +19,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T17:44:01Z" - mac: ENC[AES256_GCM,data:iV7/1P+LppuGxIE0djzw/Vc/GCSRPsdclx6je9f1UHgg7FV9rjdqCr0lN/JfcqOC9z/HfPoQX3cWh3hADABKV+8DvYtFGfIYIbt1+wdg7xM7pAXh6ffsOK8iOg9Fy1L1AoHe61W8Wmp5I5woExTUSRb3ZdNNIcBSjUbRhjAtYZ4=,iv:HJ9joQgY3xdJWQhGiqEmS3Ei95TbFM4ocQ99n2N+e4Q=,tag:W3D7YMLvMPVYGmDO1oClPQ==,type:str] + lastmodified: "2023-07-29T20:22:15Z" + mac: ENC[AES256_GCM,data:DIdcvQXu7rivXdPFPjfzs1AeJ5bRvUBD+Hq9mH7Hp/+iqrG03fWSF2NF1ra8KfEIg6TDsyMnQLWvipxBlA654BLBNrABFoGwLsdVsATBORz0kNNY862qfyhSOaaTBHTWhPVpbjGnYav+bi5pfvbLC9yJm3SjIRtUbnaNVWvqMq0=,iv:d7SaPZLb/px7fy+bGJnH3bfNBmqbhwMijyNB0jfYgLE=,tag:LT5hJoDcSiP5FVgj0M2sCA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 7fed6e9..b2e5639 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -94,19 +94,13 @@ gitea: oauth2_client: REGISTER_EMAIL_CONFIRM: false ENABLE_AUTO_REGISTRATION: true - # -------------------------------------- - # -- Redis settings - # -------------------------------------- session: PROVIDER: redis - PROVIDER_CONFIG: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& cache: ENABLED: true ADAPTER: redis - HOST: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& queue: TYPE: redis - CONN_STR: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& service: ssh: type: ClusterIP -- 2.45.2 From 06837fd283e42556fb67fca4dd90e81512d4e19c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 30 Jul 2023 16:19:00 +0200 Subject: [PATCH 158/316] chore: Upgrade outdated releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index 5a9b582..d658945 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.2 + version: 1.12.3 set: - name: installCRDs value: true @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.41.1 + version: 5.42.0 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 48.1.2 + version: 48.2.2 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.8.9 + version: 5.9.2 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.11.7 + version: 6.11.9 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.18.1 + version: 1.18.2 istio-base: &istio-base name: istio-base @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.33 + version: 16.1.34 inherit: - template: default-env-values - template: default-env-secrets @@ -281,7 +281,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.13.2 + version: 17.14.3 inherit: - template: default-env-values - template: default-env-secrets @@ -289,7 +289,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.6.8 + version: 12.7.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 3acfcb93fb410c8c83c44576c85e1e6b0dab191d Mon Sep 17 00:00:00 2001 From: RNRod Date: Sun, 30 Jul 2023 17:37:19 +0200 Subject: [PATCH 159/316] install and configure mysql server create an empty db in wordpress create db-instance to watch mysql server --- badhouseplants/helmfile.yaml | 6 +++++ .../values/secrets.db-instances.yaml | 8 +++++-- badhouseplants/values/secrets.mysql.yaml | 23 +++++++++++++++++++ .../values/values.db-instances.yaml | 10 ++++++++ badhouseplants/values/values.mysql.yaml | 7 ++++++ badhouseplants/values/values.nrodionov.yaml | 5 ++++ releases.yaml | 9 ++++++++ 7 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 badhouseplants/values/secrets.mysql.yaml create mode 100644 badhouseplants/values/values.mysql.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index caf29b0..54887d1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -77,6 +77,12 @@ releases: namespace: database-service createNamespace: true + - <<: *mysql + installed: true + namespace: database-service + createNamespace: true + + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index 4018bea..0bbdbe7 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -3,6 +3,10 @@ dbinstances: secrets: adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] + mysql: + secrets: + adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] + adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +22,8 @@ sops: Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-21T14:01:22Z" - mac: ENC[AES256_GCM,data:tH/XnZOmYYygzMEcJduyCX3qXX5t8vEIwh4PwXXpsgfUvM7kKzbEEMDq4vyxIO5ht7ixXs8HRVKC2hK8Jn4d9/theXXTaxxeZvtUK23og01S5kyRJdlJpx5J3+soHKlkegbSH4JiQPRNgO7rf1PFIM6n++KtFvnBkrDdYD1c6Pw=,iv:VOiVwRRrqAp6fLjxGnZ0hvFxqOFrhgKu8lom2MrtDnw=,tag:+OjBhUpvplsLzRFrScmPJA==,type:str] + lastmodified: "2023-07-30T15:07:28Z" + mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.mysql.yaml b/badhouseplants/values/secrets.mysql.yaml new file mode 100644 index 0000000..52fd510 --- /dev/null +++ b/badhouseplants/values/secrets.mysql.yaml @@ -0,0 +1,23 @@ +auth: + rootPassword: ENC[AES256_GCM,data:X7htluDDokepRf8GVV4eu+pGM2o=,iv:DJ893dKr/4SFBEl8HnYv2PMb3Nb2AfL1RVgN2QmDRmA=,tag:W6QX7k92P7bgi3Ji/64xHg==,type:str] + password: ENC[AES256_GCM,data:hlXWCWbFnmbuUg==,iv:d9ZmklpwJa13wyNjrqNfFMEbJDSQ+NeyB4gj+59g09Q=,tag:Ps4oq5XWDIx7HnvCCnB/FQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-30T15:06:09Z" + mac: ENC[AES256_GCM,data:oiigjlyNoSm5hcdB58MWUxhqcYzE5XtA5LEDUCUX4r0inNd8UuLP029jz6bvQ7E/wFpiGNVTFAlFB1HA/YVwai/siovy5H2DL6g4LS3k+fxLKc3lwo3BvkaBi9X2aYu7vGBJpNe3KxBdWFyjkEQVoux1RD8JJBYNquMu9tW3K/g=,iv:1H7pF0Tr6GcgDt9ItXiTBOTFa55wb9pOdTF3jNJlPiY=,tag:dQ9nrAKr+qo4JpqD2wJXjg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index c03513c..fbf15f5 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -10,3 +10,13 @@ dbinstances: generic: host: postgres-postgresql port: 5432 + mysql: + monitoring: + enabled: false + adminSecretRef: + Name: mysql-secret + Namespace: database-service + engine: mysql + generic: + host: mysql + port: 3306 diff --git a/badhouseplants/values/values.mysql.yaml b/badhouseplants/values/values.mysql.yaml new file mode 100644 index 0000000..d8519fb --- /dev/null +++ b/badhouseplants/values/values.mysql.yaml @@ -0,0 +1,7 @@ +primary: + persistence: + size: 500Mi + +auth: + createDatabase: false + \ No newline at end of file diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 1e4c1bb..7798c6b 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -13,6 +13,11 @@ istio: service: nrodionov-wordpress port: 8080 +ext-database: + enabled: true + name: nrodionov-mysql + instance: mysql + wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/releases.yaml b/releases.yaml index d658945..8cb6e46 100644 --- a/releases.yaml +++ b/releases.yaml @@ -221,6 +221,7 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + - template: ext-database minio: &minio name: minio @@ -306,3 +307,11 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + + mysql: &mysql + name: mysql + chart: bitnami/mysql + version: 9.10.9 + inherit: + - template: default-env-values + - template: default-env-secrets -- 2.45.2 From b24cbadbd48125103dd7b8b1c3f9f07d12e56108 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Jul 2023 07:08:25 +0200 Subject: [PATCH 160/316] Install iredmail --- badhouseplants/helmfile.yaml | 5 +++++ badhouseplants/values/secrets.iredmail.yaml | 25 +++++++++++++++++++++ badhouseplants/values/values.iredmail.yaml | 4 ++++ releases.yaml | 5 +++++ repositories.yaml | 5 +++++ 5 files changed, 44 insertions(+) create mode 100644 badhouseplants/values/secrets.iredmail.yaml create mode 100644 badhouseplants/values/values.iredmail.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 54887d1..d65f1ec 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -76,6 +76,11 @@ releases: installed: true namespace: database-service createNamespace: true + + - <<: *iredmail + installed: true + namespace: iredmail-service + createNamespace: true - <<: *mysql installed: true diff --git a/badhouseplants/values/secrets.iredmail.yaml b/badhouseplants/values/secrets.iredmail.yaml new file mode 100644 index 0000000..e2f189e --- /dev/null +++ b/badhouseplants/values/secrets.iredmail.yaml @@ -0,0 +1,25 @@ +config: + env: + FIRST_MAIL_DOMAIN_ADMIN_PASSWORD: ENC[AES256_GCM,data:dcrMgiX2egbSllo4esVRcJ340oQBRpVkRA==,iv:NQpe96WmGRAnLmeAK0VT/zdJ8MS/8RfAJIwNsL8alHY=,tag:CjppOC4SEW7a9u4Q2xlm8g==,type:str] + MLMMJADMIN_API_TOKEN: ENC[AES256_GCM,data:OxsD/v9ACQuoyHrxZmIdq8TUqmbWCh8GhGaSQTBGfS+vp+v2rdfKIm4WTnI=,iv:68Vli4aaCOiFixooz5cHABuRLuOrw9/HNpBNQzVwAkg=,tag:RXBXFzGCOO6MhoeNhES/+w==,type:str] + ROUNDCUBE_DES_KEY: ENC[AES256_GCM,data:RZni9nCThb9xzzNrN6JTQsLetnMB9cSo1L7hwLERnbA=,iv:L3r0I8sQkoicwy6odvuF3HfIEDQVgnOtn/OMpF16Dis=,tag:ZFaoIywA+FJ/GHAZAGjU2g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZlAvUXJBdzM3RjJMdHNG + SjRpSTBYNUs5NEoxRFdLZDN0a2IyQlp1ODB3CnQycFk3SkM2Ny82U1RZZmE1cWxG + TTQxUzhWRWlPQmxYUnN5dVJpb0FWa1EKLS0tIDZSK1NvSmNUQkZucFJCM3FiRHlI + L0VKb2JCc29XWjVkODJxTmxPZXZJc3MKyDy9BH0W1OgEONm3PLCskOWtIr2YW2V8 + 3Lc0Au6lLYetVCvSB82/uylZBHc9yQ2rNdLBUrm1zyDZJW/BmNpVLQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-17T05:06:27Z" + mac: ENC[AES256_GCM,data:WP9F1N5ZTYwJk3UfiSwf/QJHp06pawdbu6kUBOMTq1tWOZ/zhCRe0vJzU7alUxhw1RZu8f6tUNeh6qXxt/4mrSuy5dRjOKOJyRioIcRCdg4Z+2jVycDAA2VlPB1oDQj0CIdrW4hvM02KZKxcOy9KP8iRQaYqLlhvWrTAQZ9HAIA=,iv:d/wZUbaU9EkBPRIxqCDDXpp8AMjjHnXxej726q37Ni4=,tag:AC4FvAFBTYOcI02bFD+MHw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.iredmail.yaml b/badhouseplants/values/values.iredmail.yaml new file mode 100644 index 0000000..fd50394 --- /dev/null +++ b/badhouseplants/values/values.iredmail.yaml @@ -0,0 +1,4 @@ +config: + env: + HOSTNAME: mail.badhouseplants.net + FIRST_MAIL_DOMAIN: badhouseplants.net \ No newline at end of file diff --git a/releases.yaml b/releases.yaml index 8cb6e46..5795255 100644 --- a/releases.yaml +++ b/releases.yaml @@ -279,6 +279,11 @@ templates: - template: default-env-secrets - template: ext-istio-resource + iredmail: &iredmail + name: iredmail + chart: allanger-gitea/iredmail + version: 0.1.0 + redis: &redis name: redis chart: bitnami/redis diff --git a/repositories.yaml b/repositories.yaml index abaff21..aac9a35 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -32,7 +32,12 @@ repositories: url: https://prometheus-community.github.io/helm-charts - name: grafana url: https://grafana.github.io/helm-charts +<<<<<<< HEAD - name: bitwarden url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts +======= + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm +>>>>>>> 28d01f6 (Install iredmail) -- 2.45.2 From 38a1b5f5b3adaeb9a5153fcbffe010156045f1ea Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 30 Jul 2023 16:20:44 +0200 Subject: [PATCH 161/316] Uninstall ireadmail It's not working anyway --- badhouseplants/helmfile.yaml | 2 +- repositories.yaml | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index d65f1ec..d931a53 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -78,7 +78,7 @@ releases: createNamespace: true - <<: *iredmail - installed: true + installed: false namespace: iredmail-service createNamespace: true diff --git a/repositories.yaml b/repositories.yaml index aac9a35..347833f 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -32,12 +32,9 @@ repositories: url: https://prometheus-community.github.io/helm-charts - name: grafana url: https://grafana.github.io/helm-charts -<<<<<<< HEAD - name: bitwarden url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts -======= - name: allanger-gitea url: https://git.badhouseplants.net/api/packages/allanger/helm ->>>>>>> 28d01f6 (Install iredmail) -- 2.45.2 From bb3fe7c359ca9e8a90ba00534f93d3c5843bb6a5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 1 Aug 2023 09:35:34 +0200 Subject: [PATCH 162/316] chore: Upgrade postgres and gitea --- releases.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index 5795255..723fbd8 100644 --- a/releases.yaml +++ b/releases.yaml @@ -243,7 +243,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.0.4 + version: 9.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -279,11 +279,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - iredmail: &iredmail - name: iredmail - chart: allanger-gitea/iredmail - version: 0.1.0 - redis: &redis name: redis chart: bitnami/redis @@ -295,7 +290,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.7.1 + version: 12.7.3 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 20496058d05c4eeb2a15b9752ff3fad7dae4bcf3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 2 Aug 2023 21:25:13 +0200 Subject: [PATCH 163/316] Remove the broken iredmail release --- badhouseplants/helmfile.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index d931a53..54887d1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -76,11 +76,6 @@ releases: installed: true namespace: database-service createNamespace: true - - - <<: *iredmail - installed: false - namespace: iredmail-service - createNamespace: true - <<: *mysql installed: true -- 2.45.2 From 1f9a6edd20a28ce979b9dab202c9621b3947f346 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 6 Aug 2023 20:26:42 +0200 Subject: [PATCH 164/316] chore: Upgrade ArgoCD to 5.42.2 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 723fbd8..d4902cf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.42.0 + version: 5.42.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 2de5a08408e2178cb412cfa3a8f9f627f2778d2f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 6 Aug 2023 20:27:19 +0200 Subject: [PATCH 165/316] chore: Upgrade Wordpress to 17.0.4 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index d4902cf..803cc1f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.34 + version: 17.0.4 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From f98f93ad63428bf7a3bbda544a0d31afaec82195 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 6 Aug 2023 20:29:24 +0200 Subject: [PATCH 166/316] chore: Upgrade outdated release --- releases.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index 803cc1f..2a0de5f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -87,7 +87,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.10.0 + version: 3.11.0 values: - common/values.{{ .Release.Name }}.yaml @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 48.2.2 + version: 48.3.1 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.9.2 + version: 5.10.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.11.9 + version: 6.14.1 inherit: - template: monitoring-common - template: default-env-values @@ -282,7 +282,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.14.3 + version: 17.14.5 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.7.3 + version: 12.8.0 inherit: - template: default-env-values - template: default-env-secrets @@ -311,7 +311,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.10.9 + version: 9.10.10 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From ba6f5cf1a4639501ae2a1f436dd26440fe3ffd48 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 8 Aug 2023 09:06:04 +0200 Subject: [PATCH 167/316] Update redis --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 2a0de5f..8ea1260 100644 --- a/releases.yaml +++ b/releases.yaml @@ -282,7 +282,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.14.5 + version: 17.14.6 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 77429c2c362eea130f174d0b58dbce7f0f63ab9d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 9 Aug 2023 19:22:12 +0200 Subject: [PATCH 168/316] Setup a new XOR patched VPN --- badhouseplants/values/values.openvpn.yaml | 9 ++++++++- etersoft/values/values.openvpn.yaml | 4 +++- releases.yaml | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index dda7857..67b743a 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -14,7 +14,14 @@ istio: service: openvpn port: 1194 -storageClassName: longhorn +storage: + class: longhorn + size: 512Mi + +image: + repository: lawtancool/docker-openvpn-xor + pullPolicy: IfNotPresent + tag: latest openvpn: server: "tcp://195.201.250.50:1194" service: diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 6b857f4..7f2d53d 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -14,7 +14,9 @@ istio: service: openvpn port: 1194 -storageClassName: microk8s-hostpath +storage: + class: microk8s-hostpath + size: 5Gi openvpn: server: "tcp://91.232.225.63:1194" service: diff --git a/releases.yaml b/releases.yaml index 8ea1260..0e8a237 100644 --- a/releases.yaml +++ b/releases.yaml @@ -184,7 +184,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-charts/openvpn - version: 1.0.3 + version: 1.0.6 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 3643ea788b8868424efa23126fa90fabbb872646 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 14 Aug 2023 11:31:49 +0200 Subject: [PATCH 169/316] chore: Upgrade outdated releases --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 0e8a237..1fc7b7b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.42.2 + version: 5.42.3 inherit: - template: default-env-values - template: default-env-secrets @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.0.4 + version: 17.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -282,7 +282,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.14.6 + version: 17.15.2 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.8.0 + version: 12.8.2 inherit: - template: default-env-values - template: default-env-secrets @@ -298,7 +298,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.9.1 + version: 1.9.2 db-instances: &db-instances name: db-instances -- 2.45.2 From e3848a49ccb561ca2e9e9244eddf5cbfdaeb262d Mon Sep 17 00:00:00 2001 From: RNRod Date: Mon, 14 Aug 2023 18:42:56 +0200 Subject: [PATCH 170/316] install gravity control plugin for minecraft server --- badhouseplants/values/values.minecraft.yaml | 12 ++++++++++++ badhouseplants/values/values.mysql.yaml | 1 - 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index d005fc1..f7d7105 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -104,6 +104,18 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false + - name: install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar + - -o + - /data/plugins/GravityControl-1.3.0.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false extraVolumes: - volumeMounts: - name: plugins diff --git a/badhouseplants/values/values.mysql.yaml b/badhouseplants/values/values.mysql.yaml index d8519fb..b2209a0 100644 --- a/badhouseplants/values/values.mysql.yaml +++ b/badhouseplants/values/values.mysql.yaml @@ -4,4 +4,3 @@ primary: auth: createDatabase: false - \ No newline at end of file -- 2.45.2 From ced4bcd4c5a27dc9a47143bed3ef8f327b0f9f2b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 14:53:20 +0200 Subject: [PATCH 171/316] Add new bucket to minio and setup rcon --- badhouseplants/values/secrets.minecraft.yaml | 23 ++++++++++++ badhouseplants/values/values.minecraft.yaml | 38 ++++++++++++++++++++ etersoft/helmfile.yaml | 5 +++ etersoft/values/values.minio.yaml | 6 ++++ 4 files changed, 72 insertions(+) create mode 100644 badhouseplants/values/secrets.minecraft.yaml diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml new file mode 100644 index 0000000..66cd5bd --- /dev/null +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -0,0 +1,23 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-15T12:48:04Z" + mac: ENC[AES256_GCM,data:aksZH0kHJASsk6ziynB/xJ+vAH7TSU6Wjx+ZcqY/MlfBrdgsWBruCrutTtZE3rvchAVH1lSVeJ5z0w2Ix1/iMHOfkzM5U4LfU49e4HH6FinaWpOZ2tdODdr3Za2jF93FD6TfJOExCOL9pD94LdjBH4XbxBmpdrCqRMkX1Piu0tw=,iv:kKHZFQKqETRe7DZZVpNU4PE4xaeboA4sUWaP2uV1Nwk=,tag:qqAPQTpVhEEWa9Bmw0cTng==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index f7d7105..f8ef327 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -62,6 +62,11 @@ minecraftServer: gameMode: survival pvp: true memory: 2512M + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP extraPorts: - name: metrics containerPort: 9225 @@ -79,6 +84,38 @@ persistence: dataDir: enabled: true Size: 15Gi +mcbackup: + enabled: false + image: + backupInterval: 2h + pauseIfNoPlayers: "false" + # is set to a positive number, it'll delete old .tgz backup files from DEST_DIR. By default deletes backups older than a week. + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 75" + resticEnvs: + [] + extraEnv: + {} + envFrom: [] + resources: + requests: + memory: 512Mi + cpu: 500m + + persistence: + annotations: {} + backupDir: + enabled: false + Size: 1Gi +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- initContainers: - name: install-prometheus-exporter image: alpine/curl @@ -116,6 +153,7 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false + extraVolumes: - volumeMounts: - name: plugins diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index e69de29..af38673 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -0,0 +1,5 @@ +--- + +bases: + - ../environments.yaml + - ../repositories.yaml diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index f090b2d..25c0888 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -71,6 +71,8 @@ policies: - resources: - 'arn:aws:s3:::longhorn/*' - 'arn:aws:s3:::longhorn' + - 'arn:aws:s3:::restic/*' + - 'arn:aws:s3:::restic' actions: - "s3:DeleteObject" - "s3:GetObject" @@ -81,6 +83,10 @@ buckets: policy: none purge: false versioning: false + - name: restic + policy: none + purge: false + versioning: false metrics: serviceMonitor: enabled: false -- 2.45.2 From b755239823b021d173029b53e70764ebbc59a0ec Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 15:40:59 +0200 Subject: [PATCH 172/316] Enable restic backups for minecraft --- badhouseplants/values/secrets.minecraft.yaml | 7 +++++-- badhouseplants/values/values.minecraft.yaml | 18 ++++-------------- docs/restic.md | 7 +++++++ 3 files changed, 16 insertions(+), 16 deletions(-) create mode 100644 docs/restic.md diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 66cd5bd..57b931c 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -1,6 +1,9 @@ minecraftServer: rcon: password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +19,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T12:48:04Z" - mac: ENC[AES256_GCM,data:aksZH0kHJASsk6ziynB/xJ+vAH7TSU6Wjx+ZcqY/MlfBrdgsWBruCrutTtZE3rvchAVH1lSVeJ5z0w2Ix1/iMHOfkzM5U4LfU49e4HH6FinaWpOZ2tdODdr3Za2jF93FD6TfJOExCOL9pD94LdjBH4XbxBmpdrCqRMkX1Piu0tw=,iv:kKHZFQKqETRe7DZZVpNU4PE4xaeboA4sUWaP2uV1Nwk=,tag:qqAPQTpVhEEWa9Bmw0cTng==,type:str] + lastmodified: "2023-08-15T13:37:56Z" + mac: ENC[AES256_GCM,data:bzLZpYzuD7H0Heo/BsCEcS2HX8PZ3XpT4B866lA9T9Imwe29Gfw8eKn2jgzlwjHhoWfBJPy5XGf7/K/uw6Ift1fwEgApHSWwhP7wvCtCAaMdricXkumbfHFlJAR+zwTx5TiC2GhWyhDMNQviEgRU8m/QLEfvP8uXJxvlp9ZtaL4=,iv:fxJ+XhnctFmQ9Nvgr+C2o2HS3P0vI7hB3ODYRN8LGow=,tag:UEjTt5bKBH+xUxlfzTaaJQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index f8ef327..2c5bdf3 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -85,34 +85,24 @@ persistence: enabled: true Size: 15Gi mcbackup: - enabled: false - image: + enabled: true backupInterval: 2h pauseIfNoPlayers: "false" - # is set to a positive number, it'll delete old .tgz backup files from DEST_DIR. By default deletes backups older than a week. pruneBackupsDays: 2 rconRetries: 5 rconRetryInterval: 10s excludes: "*.jar,cache,logs" backupMethod: restic - resticRepository: + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraf resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 75" - resticEnvs: - [] - extraEnv: - {} - envFrom: [] + pruneResticRetention: "--keep-last 12 --keep-daily 7 --keep-weekly 4 --keep-monthly 2 --keep-yearly 2" resources: requests: memory: 512Mi - cpu: 500m - + cpu: 100m persistence: - annotations: {} backupDir: enabled: false - Size: 1Gi # --------------------------------------------- # -- Install Plugins # --------------------------------------------- diff --git a/docs/restic.md b/docs/restic.md new file mode 100644 index 0000000..f740f43 --- /dev/null +++ b/docs/restic.md @@ -0,0 +1,7 @@ +# Restic + +We are using restic for backing up the Minecraft server + +## How to restore + +TODO: Describe the restoration process -- 2.45.2 From 12c1a0ca31ecb98168aba19c21b895b4f86a861a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 17:25:31 +0200 Subject: [PATCH 173/316] Enable default secrets for minecraft --- releases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/releases.yaml b/releases.yaml index 1fc7b7b..a3eb62e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -238,6 +238,7 @@ templates: version: 4.9.3 inherit: - template: default-env-values + - template: default-env-secrets - template: ext-istio-resource gitea: &gitea -- 2.45.2 From 5ac35a5a60762b2853b9990fbeadb7674cdca719 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 17:27:55 +0200 Subject: [PATCH 174/316] Fix the name of restic repo --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 2c5bdf3..99d387d 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -93,7 +93,7 @@ mcbackup: rconRetryInterval: 10s excludes: "*.jar,cache,logs" backupMethod: restic - resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraf + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft resticAdditionalTags: "mc_backups" pruneResticRetention: "--keep-last 12 --keep-daily 7 --keep-weekly 4 --keep-monthly 2 --keep-yearly 2" resources: -- 2.45.2 From 15bbc19939dfc2d45ee94ae41c6bf5d4e4db0beb Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 17:41:10 +0200 Subject: [PATCH 175/316] minecraft: Override server properties --- badhouseplants/values/secrets.minecraft.yaml | 6 ++++-- badhouseplants/values/values.minecraft.yaml | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 57b931c..1639eb7 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -4,6 +4,8 @@ minecraftServer: mcbackup: resticEnvs: RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +21,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T13:37:56Z" - mac: ENC[AES256_GCM,data:bzLZpYzuD7H0Heo/BsCEcS2HX8PZ3XpT4B866lA9T9Imwe29Gfw8eKn2jgzlwjHhoWfBJPy5XGf7/K/uw6Ift1fwEgApHSWwhP7wvCtCAaMdricXkumbfHFlJAR+zwTx5TiC2GhWyhDMNQviEgRU8m/QLEfvP8uXJxvlp9ZtaL4=,iv:fxJ+XhnctFmQ9Nvgr+C2o2HS3P0vI7hB3ODYRN8LGow=,tag:UEjTt5bKBH+xUxlfzTaaJQ==,type:str] + lastmodified: "2023-08-15T15:32:19Z" + mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 99d387d..9df8a41 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -51,6 +51,7 @@ readinessProbe: livenessProbe: timeoutSeconds: 10 minecraftServer: + overrideServerProperties: true eula: "TRUE" onlineMode: false difficulty: hard -- 2.45.2 From e3760ca4001d221d15e8c46c168f4a6b824b4fb9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 16 Aug 2023 20:55:56 +0200 Subject: [PATCH 176/316] Migrate to the new openvpn setup --- .../values/values.istio-ingressgateway.yaml | 4 ++++ badhouseplants/values/values.openvpn.yaml | 23 ++++++++++++++----- releases.yaml | 4 ++-- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index b20aa3d..60d5a2f 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -22,6 +22,10 @@ service: port: 1194 protocol: TCP targetPort: 1194 + - name: tcp + port: 25 + protocol: TCP + targetPort: 25 # ----------- # -- Email # ----------- diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 67b743a..aae765e 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -13,17 +13,28 @@ istio: hostname: "*" service: openvpn port: 1194 - + - name: openvpn-tcp-fake-port + gateway: badhouseplants-vpn + kind: tcp + port_match: 25 + hostname: "*" + service: openvpn + port: 1194 storage: class: longhorn size: 512Mi -image: - repository: lawtancool/docker-openvpn-xor - pullPolicy: IfNotPresent - tag: latest openvpn: - server: "tcp://195.201.250.50:1194" + proto: tcp + host: 195.201.250.50 +easyrsa: + cn: Bad Houseplants + country: Germany + province: NRW + city: Duesseldorf + org: Bad Houseplants + email: allanger@zohomail.com + service: type: ClusterIP port: 1194 diff --git a/releases.yaml b/releases.yaml index a3eb62e..602dc8f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -183,8 +183,8 @@ templates: # ---------------------------- openvpn: &openvpn name: openvpn - chart: allanger-charts/openvpn - version: 1.0.6 + chart: allanger-gitea/openvpn + version: 1.0.3 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 39160f7e66bb7624811b92d89a4b2a7b161f287b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 17 Aug 2023 11:10:47 +0200 Subject: [PATCH 177/316] Update db-operator chart to 1.10.0 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 602dc8f..5b0ab8d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.9.2 + version: 1.10.0 db-instances: &db-instances name: db-instances -- 2.45.2 From bb6617b58ca5449d6de110572322bbe98bb99683 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 19 Aug 2023 09:14:35 +0200 Subject: [PATCH 178/316] Update OpenVPN --- badhouseplants/values/values.openvpn.yaml | 3 +++ releases.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index aae765e..01b544c 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -20,6 +20,9 @@ istio: hostname: "*" service: openvpn port: 1194 +# ------------------------------------------ +image: + tag: v2.6.6-xor-4.0.0beta08 storage: class: longhorn size: 512Mi diff --git a/releases.yaml b/releases.yaml index 5b0ab8d..f5e56c1 100644 --- a/releases.yaml +++ b/releases.yaml @@ -184,7 +184,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.3 + version: 1.0.5 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 8183029ebd25f7adbe2afb113676c60f0b135638 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 19 Aug 2023 09:15:58 +0200 Subject: [PATCH 179/316] Update outdated releases --- releases.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/releases.yaml b/releases.yaml index f5e56c1..59a64ed 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.42.3 + version: 5.43.4 inherit: - template: default-env-values - template: default-env-secrets @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.10.0 + version: 5.14.1 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.0.5 + version: 17.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.15.2 + version: 17.15.5 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.8.2 + version: 12.8.3 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.10.10 + version: 9.11.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 162b2dd60230165e6cc8172e826a96567752bb01 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 22 Aug 2023 23:46:39 +0200 Subject: [PATCH 180/316] Add 'faster minecarts' to Minecraft --- badhouseplants/values/values.minecraft.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 9df8a41..e530503 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -144,7 +144,18 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - + - name: install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FasrMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false extraVolumes: - volumeMounts: - name: plugins -- 2.45.2 From 6aaeb5db0d9bec51b2c97cddfe85df434a1284cb Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 22 Aug 2023 23:51:31 +0200 Subject: [PATCH 181/316] Add 'faster minecarts' to Minecraft again --- badhouseplants/values/values.minecraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e530503..6eff90b 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -144,14 +144,14 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-gravity-control-plugin + - name: install-fast-minecart-plugin image: alpine/curl command: - curl - -L - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - -o - - /data/plugins/FasrMinecarts.jar + - /data/plugins/FastMinecarts.jar volumeMounts: - name: plugins mountPath: /data/plugins -- 2.45.2 From 2d8bb5ff3959f12eda3f31e271526dd2871ac706 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 21:34:15 +0200 Subject: [PATCH 182/316] Downgrade openvpn --- badhouseplants/values/values.openvpn.yaml | 2 +- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 01b544c..8d3c9f3 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -22,7 +22,7 @@ istio: port: 1194 # ------------------------------------------ image: - tag: v2.6.6-xor-4.0.0beta08 + tag: v2.6.5-xor-4.0.0beta08 storage: class: longhorn size: 512Mi diff --git a/releases.yaml b/releases.yaml index 59a64ed..a804250 100644 --- a/releases.yaml +++ b/releases.yaml @@ -184,7 +184,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.5 + version: 1.0.6 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 0d4f0c105320bc51895541728226ece7847c78de Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 21:35:08 +0200 Subject: [PATCH 183/316] Update backup setup --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 6eff90b..e8fce64 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -96,7 +96,7 @@ mcbackup: backupMethod: restic resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-last 12 --keep-daily 7 --keep-weekly 4 --keep-monthly 2 --keep-yearly 2" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" resources: requests: memory: 512Mi -- 2.45.2 From 1c50200fa20a074d04bae3c45f7344f9faf39661 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 3 Sep 2023 11:13:25 +0200 Subject: [PATCH 184/316] chore: Upgrade releases --- releases.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/releases.yaml b/releases.yaml index a804250..1890d6c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.3 + version: 1.12.4 set: - name: installCRDs value: true @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.43.4 + version: 5.45.0 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 48.3.1 + version: 50.0.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.14.1 + version: 5.15.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.14.1 + version: 6.15.0 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.0.7 + version: 17.1.6 inherit: - template: default-env-values - template: default-env-secrets @@ -235,7 +235,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.3 + version: 4.9.6 inherit: - template: default-env-values - template: default-env-secrets @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.1.0 + version: 9.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -254,7 +254,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.1 + version: 2.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.15.5 + version: 18.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.8.3 + version: 12.10.0 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.11.1 + version: 9.12.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 39893c3390e2876b90b6dd806d50459b16e02ff6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 3 Sep 2023 11:15:21 +0200 Subject: [PATCH 185/316] chore: Fix gitea version --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 1890d6c..7f5b405 100644 --- a/releases.yaml +++ b/releases.yaml @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.1.3 + version: 9.3.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From a68bf4502a438c879806e1488c4a5c63581ce5c2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 7 Sep 2023 00:31:47 +0200 Subject: [PATCH 186/316] Update minecraft config and Paper --- badhouseplants/values/values.minecraft.yaml | 22 ++++++--------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e8fce64..652cf6c 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -30,10 +30,11 @@ istio: image: tag: java17-graalvm-ce pullPolicy: Always + resources: requests: - memory: 512Mi - cpu: 50m + memory: 3Gi + cpu: 256m limits: memory: 3Gi @@ -42,6 +43,7 @@ lifecycle: - bash - -c - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 + readinessProbe: command: - mc-health @@ -50,6 +52,7 @@ readinessProbe: timeoutSeconds: 10 livenessProbe: timeoutSeconds: 10 + minecraftServer: overrideServerProperties: true eula: "TRUE" @@ -59,10 +62,9 @@ minecraftServer: version: 1.20.1 maxWorldSize: 90000 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar gameMode: survival pvp: true - memory: 2512M rcon: enabled: true withGeneratedPassword: false @@ -144,18 +146,6 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-fast-minecart-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - - -o - - /data/plugins/FastMinecarts.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false extraVolumes: - volumeMounts: - name: plugins -- 2.45.2 From 2cae97fccbf3cee804256d5a242556f512d3f8b2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Sep 2023 00:08:38 +0200 Subject: [PATCH 187/316] chore: Update drone --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 7f5b405..af0fe35 100644 --- a/releases.yaml +++ b/releases.yaml @@ -197,7 +197,7 @@ templates: drone: &drone name: drone chart: drone/drone - version: 0.6.4 + version: 0.6.5 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From b149d953f33c14725f2ab840b1ecea393f416e9e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Sep 2023 00:39:02 +0200 Subject: [PATCH 188/316] chore: Some updates that are not critical --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index af0fe35..31bc784 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.45.0 + version: 5.45.3 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 50.0.0 + version: 50.3.1 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.15.0 + version: 5.19.0 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.6 + version: 17.1.7 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.10.0 + version: 1.10.1 db-instances: &db-instances name: db-instances -- 2.45.2 From af236d75a11f67c0e7bd0f561bfdcc1b21f716e4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Sep 2023 05:06:14 +0200 Subject: [PATCH 189/316] chore: Update MetalLB --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 31bc784..c4ab92b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -94,7 +94,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.10 + version: 0.13.11 cert-manager: &cert-manager name: cert-manager -- 2.45.2 From 1d5e6f6d93ad5d0e9f1adcd34db1f3839cb0292d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 12 Sep 2023 10:39:42 +0200 Subject: [PATCH 190/316] chore: Upgrade releases --- releases.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/releases.yaml b/releases.yaml index c4ab92b..95eae33 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.45.3 + version: 5.46.2 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 50.3.1 + version: 51.0.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.19.0 + version: 5.20.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.0 + version: 6.15.1 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.18.2 + version: 1.19.0 istio-base: &istio-base name: istio-base @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.3.0 + version: 9.4.0 inherit: - template: default-env-values - template: default-env-secrets @@ -254,7 +254,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.2 + version: 2.0.3 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.0.1 + version: 18.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.10.0 + version: 12.11.1 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.1 + version: 9.12.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 8cfd4bf88dd5e29f8d8982d3c978b24a333cff2c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 14 Sep 2023 10:28:12 +0200 Subject: [PATCH 191/316] Use another redis db for funkwhale --- badhouseplants/values/values.funkwhale.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 732adee..3c1d129 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -53,3 +53,4 @@ redis: host: redis-master.database-service.svc.cluster.local auth: enabled: true + database: 3 -- 2.45.2 From 63968337e245a89a87c2643557598b0a1e4801e9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 14 Sep 2023 07:03:41 +0200 Subject: [PATCH 192/316] add telegram notifications for outdated charts --- .drone.yml | 14 +++++++++++++- badhouseplants/helmfile.yaml | 2 -- message_file.tpl | 0 repositories.yaml | 2 -- 4 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 message_file.tpl diff --git a/.drone.yml b/.drone.yml index 2ae9841..b594fd0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -105,4 +105,16 @@ steps: SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: - - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o + - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl + - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl + + - name: Send telegram notification + when: + status: + - failure + image: appleboy/drone-telegram + settings: + token: + from_secret: TELEGRAM_TOKEN + to: 131601077 + message_file: message_file.tpl diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 54887d1..79434f9 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -87,5 +87,3 @@ bases: - ../environments.yaml - ../repositories.yaml - #helmfiles: - # - namespaces.yaml diff --git a/message_file.tpl b/message_file.tpl new file mode 100644 index 0000000..e69de29 diff --git a/repositories.yaml b/repositories.yaml index 347833f..64e3842 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -2,8 +2,6 @@ repositories: - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ - - name: allanger-charts - url: https://allanger.github.io/allanger-charts - name: jetstack url: https://charts.jetstack.io - name: istio -- 2.45.2 From a941f7df16e8997a420a6a2a9856aead3e788033 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Sep 2023 10:29:40 +0200 Subject: [PATCH 193/316] Remove drone runner from the etersoft cluster --- badhouseplants/helmfile.yaml | 7 +++++- .../values/secrets.drone-runner-docker.yaml | 22 ------------------- .../values/values.drone-runner-docker.yaml | 16 -------------- helmfile.yaml | 6 ----- 4 files changed, 6 insertions(+), 45 deletions(-) delete mode 100644 etersoft/values/secrets.drone-runner-docker.yaml delete mode 100644 etersoft/values/values.drone-runner-docker.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 79434f9..8572e51 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -6,7 +6,12 @@ releases: installed: true namespace: drone-service createNamespace: false - + + - <<: *drone-runner-docker + installed: true + namespace: drone-service + createNamespace: false + - <<: *longhorn installed: true namespace: longhorn-system diff --git a/etersoft/values/secrets.drone-runner-docker.yaml b/etersoft/values/secrets.drone-runner-docker.yaml deleted file mode 100644 index eb18677..0000000 --- a/etersoft/values/secrets.drone-runner-docker.yaml +++ /dev/null @@ -1,22 +0,0 @@ -env: - DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 - Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi - aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ - em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh - DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-21T09:27:21Z" - mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/etersoft/values/values.drone-runner-docker.yaml b/etersoft/values/values.drone-runner-docker.yaml deleted file mode 100644 index 923e72d..0000000 --- a/etersoft/values/values.drone-runner-docker.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -env: - DRONE_RPC_HOST: drone.badhouseplants.net - DRONE_RPC_PROTO: https - DRONE_NAMESPACE_DEFAULT: drone-service -rbac: - buildNamespaces: - - drone-service -dind: - resources: - limits: - cpu: 2000m - memory: 2024Mi - requests: - cpu: 100m - memory: 512Mi \ No newline at end of file diff --git a/helmfile.yaml b/helmfile.yaml index 8a8ccd9..738d891 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,11 +46,5 @@ releases: namespace: metallb-system createNamespace: true - - <<: *drone-runner-docker - installed: true - namespace: drone-service - createNamespace: false - - helmfiles: - path: {{.Environment.Name }}/helmfile.yaml -- 2.45.2 From 4739b983bc312f1625c4d5898d2e59ba269ce9ed Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 23 Sep 2023 15:30:12 +0200 Subject: [PATCH 194/316] Upgrade db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 95eae33..b025f07 100644 --- a/releases.yaml +++ b/releases.yaml @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.10.1 + version: 1.11.0 db-instances: &db-instances name: db-instances -- 2.45.2 From 357dba4476eca2c3130c4de00468b58d24dd8e7b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 23 Sep 2023 16:51:07 +0200 Subject: [PATCH 195/316] Disable backups for minecraft --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 652cf6c..499e54d 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -88,7 +88,7 @@ persistence: enabled: true Size: 15Gi mcbackup: - enabled: true + enabled: false backupInterval: 2h pauseIfNoPlayers: "false" pruneBackupsDays: 2 -- 2.45.2 From 4843cdbedb3d24aeed8ac41bccdf46860b874029 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Sep 2023 06:48:37 +0200 Subject: [PATCH 196/316] chore: Upgrade releases --- releases.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/releases.yaml b/releases.yaml index b025f07..91d8dd0 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.4 + version: 1.13.0 set: - name: installCRDs value: true @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.46.2 + version: 5.46.7 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.0.0 + version: 51.2.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.20.0 + version: 5.23.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.1 + version: 6.15.2 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.7 + version: 17.1.11 inherit: - template: default-env-values - template: default-env-secrets @@ -235,7 +235,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.6 + version: 4.10.0 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.0.4 + version: 18.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.11.1 + version: 12.12.7 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.2 + version: 9.12.3 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From b2e58102ce8d7e7c2dea09911602b175bd1bf184 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 3 Oct 2023 10:53:34 +0200 Subject: [PATCH 197/316] upgrade some releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 91d8dd0..8256977 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.0 + version: 1.13.1 set: - name: installCRDs value: true @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.23.0 + version: 5.23.1 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.0 + version: 1.19.1 istio-base: &istio-base name: istio-base @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.11 + version: 17.1.15 inherit: - template: default-env-values - template: default-env-secrets @@ -226,7 +226,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.13 + version: 5.0.14 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.0 + version: 18.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.12.7 + version: 12.7.3 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.11.0 + version: 1.11.1 db-instances: &db-instances name: db-instances -- 2.45.2 From b495f0926110ed059b8a4f215fac5126589bd902 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 4 Oct 2023 04:34:39 +0200 Subject: [PATCH 198/316] chore: Install postgres 16 --- badhouseplants/helmfile.yaml | 5 ++++ .../values/secrets.db-instances.yaml | 10 +++++--- badhouseplants/values/secrets.postgres16.yaml | 24 +++++++++++++++++++ .../values/values.db-instances.yaml | 10 ++++++++ badhouseplants/values/values.postgres16.yaml | 10 ++++++++ releases.yaml | 8 +++++++ 6 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/secrets.postgres16.yaml create mode 100644 badhouseplants/values/values.postgres16.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8572e51..1d25b5f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -72,6 +72,11 @@ releases: namespace: database-service createNamespace: true + - <<: *postgres16 + installed: true + namespace: database-service + createNamespace: true + - <<: *db-operator installed: true namespace: database-service diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index 0bbdbe7..f8caa3a 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -3,6 +3,10 @@ dbinstances: secrets: adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] + postgres16: + secrets: + adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] + adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] mysql: secrets: adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] @@ -22,8 +26,8 @@ sops: Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-30T15:07:28Z" - mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str] + lastmodified: "2023-10-04T02:28:20Z" + mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.0 diff --git a/badhouseplants/values/secrets.postgres16.yaml b/badhouseplants/values/secrets.postgres16.yaml new file mode 100644 index 0000000..e466bb1 --- /dev/null +++ b/badhouseplants/values/secrets.postgres16.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T02:27:48Z" + mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index fbf15f5..6c8999b 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -10,6 +10,16 @@ dbinstances: generic: host: postgres-postgresql port: 5432 + postgres16: + monitoring: + enabled: false + adminSecretRef: + Name: postgres16-secret + Namespace: database-service + engine: postgres + generic: + host: postgres16-postgresql + port: 5432 mysql: monitoring: enabled: false diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml new file mode 100644 index 0000000..cbcb751 --- /dev/null +++ b/badhouseplants/values/values.postgres16.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false diff --git a/releases.yaml b/releases.yaml index 8256977..5e1d6e3 100644 --- a/releases.yaml +++ b/releases.yaml @@ -296,6 +296,14 @@ templates: - template: default-env-values - template: default-env-secrets + postgres16: &postgres16 + name: postgres16 + chart: bitnami/postgresql + version: 13.0.0 + inherit: + - template: default-env-values + - template: default-env-secrets + db-operator: &db-operator name: db-operator chart: db-operator/db-operator -- 2.45.2 From 548700c1dd592da5309640522bec39af2c4d251f Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:28:48 +0200 Subject: [PATCH 199/316] Add a script for postgres migration Issue: #116 --- scripts/migrate_postgres.sh | 39 +++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 scripts/migrate_postgres.sh diff --git a/scripts/migrate_postgres.sh b/scripts/migrate_postgres.sh new file mode 100644 index 0000000..33fa417 --- /dev/null +++ b/scripts/migrate_postgres.sh @@ -0,0 +1,39 @@ +#!/bin/bash +export PGHOST=$OLD_PGHOST +export PGPASSWORD=$OLD_PGPASSWORD +export PGDATABASE=$OLD_PGDATABASE +DUMP_FILE=/tmp/$PGDATABASE.dump +pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv + +export PGHOST=$NEW_PGHOST +export PGPASSWORD=$NEW_PGPASSWORD +export PGDATABASE=$NEW_PGDATABASE +pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv + +psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\"" +psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\"" +psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\"" + +rm -f /tmp/output + +psql -c "\ +SELECT format(\ + 'ALTER TABLE %I.%I.%I OWNER TO %I;',\ + table_catalog,\ + table_schema,\ + table_name,\ + '${PGDATABASE}')\ +FROM information_schema.tables \ +WHERE table_schema='public'" | grep ALTER > /tmp/output + +psql -c "\ +SELECT format(\ + 'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\ + sequence_catalog,\ + sequence_schema,\ + sequence_name,\ + '${PGDATABASE}')\ +FROM information_schema.sequences \ +WHERE sequence_schema='public'" | grep ALTER >> /tmp/output + +psql -c "$(cat /tmp/output)" -- 2.45.2 From 0c7fbbd0793d83b91e78421ff62d47de97e13ac8 Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:30:41 +0200 Subject: [PATCH 200/316] Migrate gitea to postgres 16 Issue: #116 --- badhouseplants/values/secrets.gitea.yaml | 8 ++++---- badhouseplants/values/values.gitea.yaml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 24357eb..4dec029 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -6,7 +6,7 @@ gitea: mailer: ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] database: - PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str] + PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] session: PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] cache: @@ -33,8 +33,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T20:30:31Z" - mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str] + lastmodified: "2023-10-04T19:15:11Z" + mac: ENC[AES256_GCM,data:1i8EysfGANbgwIPGqQ1+SxKRjpvWP50gheisTs9kRUop/kH4WF+WM+cKyAIB1i5JCF1ICOas0KDcTkSiO4kEV0tFS8efBCkWNopZOmGSET5uUjeekj/nshtp1OCloQyWV2x6Ata4v8p1Y2gZ2FcfocslXRLtMBvwxvzxabW4Ui8=,iv:09qo93S1WxX/9ryvaXMLQRynCdee8sorBFPCNM0ilS4=,tag:St7XKo6Ycz/g3lje199cSg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.0 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index b2e5639..0b20f9c 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -25,8 +25,8 @@ istio: # ------------------------------------------ ext-database: enabled: true - name: gitea-postgres - instance: postgres + name: gitea-postgres16 + instance: postgres16 # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ @@ -61,9 +61,9 @@ gitea: config: database: DB_TYPE: postgres - HOST: postgres-postgresql.database-service.svc.cluster.local - NAME: gitea-service-gitea-postgres - USER: gitea-service-gitea-postgres + HOST: postgres16-postgresql.database-service.svc.cluster.local + NAME: gitea-service-gitea-postgres16 + USER: gitea-service-gitea-postgres16 APP_NAME: Bad Houseplants Gitea ui: meta: -- 2.45.2 From bf6685ce6d7644ba6d7b48f4cba81c7b14268d98 Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:31:06 +0200 Subject: [PATCH 201/316] Migrate funkwhale to postgres 16 Issue: #116 --- badhouseplants/values/secrets.funkwhale.yaml | 8 ++++---- badhouseplants/values/values.funkwhale.yaml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index bc30824..1730f80 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,7 +1,7 @@ djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] + password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] redis: auth: password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] @@ -20,8 +20,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T20:22:20Z" - mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str] + lastmodified: "2023-10-04T18:47:37Z" + mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.0 diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 3c1d129..79db09a 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -15,8 +15,8 @@ istio: ext-database: enabled: true - name: funkwhale-postgres - instance: postgres + name: funkwhale-postgres16 + instance: postgres16 replicaCount: 1 celery: @@ -43,10 +43,10 @@ ingress: enabled: false postgresql: enabled: false - host: postgres-postgresql.database-service.svc.cluster.local + host: postgres16-postgresql.database-service.svc.cluster.local auth: - username: funkwhale-application-funkwhale-postgres - database: funkwhale-application-funkwhale-postgres + username: funkwhale-application-funkwhale-postgres16 + database: funkwhale-application-funkwhale-postgres16 redis: enabled: false -- 2.45.2 From 35eae889b2eff2b70a9fbacddb7c88164966bb3b Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:35:19 +0200 Subject: [PATCH 202/316] Delete old postgres Issue: #116 --- badhouseplants/helmfile.yaml | 5 ----- releases.yaml | 8 -------- 2 files changed, 13 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 1d25b5f..66c3c77 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -67,11 +67,6 @@ releases: namespace: database-service createNamespace: true - - <<: *postgres - installed: true - namespace: database-service - createNamespace: true - - <<: *postgres16 installed: true namespace: database-service diff --git a/releases.yaml b/releases.yaml index 5e1d6e3..afcefef 100644 --- a/releases.yaml +++ b/releases.yaml @@ -288,14 +288,6 @@ templates: - template: default-env-values - template: default-env-secrets - postgres: &postgres - name: postgres - chart: bitnami/postgresql - version: 12.7.3 - inherit: - - template: default-env-values - - template: default-env-secrets - postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql -- 2.45.2 From 546d887d9897e007d08ae4103241df60b7eb1cc7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 10 Oct 2023 15:14:28 +0200 Subject: [PATCH 203/316] chore: Update outdated charts --- releases.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/releases.yaml b/releases.yaml index afcefef..52cdd0b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.2.0 + version: 51.4.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.23.1 + version: 5.27.0 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.15 + version: 17.1.17 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.1 + version: 18.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.0.0 + version: 13.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.3 + version: 9.12.4 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From eaf3f3988d26d21aa815b3f07618e01e90ab4c2f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 10 Oct 2023 18:23:26 +0200 Subject: [PATCH 204/316] Update Prometheus --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index 52cdd0b..b0ed075 100644 --- a/releases.yaml +++ b/releases.yaml @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.4.0 + version: 51.5.1 inherit: - template: monitoring-common - template: default-env-values @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.4.0 + version: 9.5.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 89df5ff10c72b4a258cd01ce8c32d813386a98d4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 11 Oct 2023 07:58:37 +0200 Subject: [PATCH 205/316] chore: Update Istio --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index b0ed075..9afd19c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.1 + version: 1.19.2 istio-base: &istio-base name: istio-base -- 2.45.2 From ccaba4e70d85f0649c9c1f89163f3fd2e4bf72ea Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 11 Oct 2023 19:22:39 +0200 Subject: [PATCH 206/316] Some updated to minecraft --- badhouseplants/values/values.minecraft.yaml | 29 ++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 499e54d..de6218a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -110,7 +110,7 @@ mcbackup: # -- Install Plugins # --------------------------------------------- initContainers: - - name: install-prometheus-exporter + - name: 0-install-prometheus-exporter image: alpine/curl command: - curl @@ -122,7 +122,7 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-password-plugin + - name: 0-install-password-plugin image: alpine/curl command: - curl @@ -134,7 +134,7 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-gravity-control-plugin + - name: 0-install-gravity-control-plugin image: alpine/curl command: - curl @@ -146,6 +146,29 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false + - name: 0-install-fast-minecart-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FastMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + - name: 1-add-plugins-to-minecraft + image: alpine/curl + command: + - sh + - -c + - cp -r /in /out/plugins + volumeMounts: + - name: plugins + mountPath: /in + readOnly: false + - name: datadir + mountPath: /out extraVolumes: - volumeMounts: - name: plugins -- 2.45.2 From 54a7dad780cfc064744ee8a537f94ce9318de267 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 14 Oct 2023 07:41:40 +0200 Subject: [PATCH 207/316] Update releases and increase Gitea storage --- badhouseplants/values/values.gitea.yaml | 4 ++-- releases.yaml | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 0b20f9c..c9ee912 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 6Gi + size: 8Gi accessModes: - ReadWriteOnce @@ -112,4 +112,4 @@ service: postgresql-ha: enabled: false redis-cluster: - enabled: false \ No newline at end of file + enabled: false diff --git a/releases.yaml b/releases.yaml index 9afd19c..ffad5cf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.46.7 + version: 5.46.8 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.5.1 + version: 51.6.1 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.27.0 + version: 5.29.0 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.2 + version: 1.19.3 istio-base: &istio-base name: istio-base @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.17 + version: 18.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -235,7 +235,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.10.0 + version: 4.11.0 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.3 + version: 18.1.5 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.1.2 + version: 13.1.4 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.4 + version: 9.12.5 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 212930ec1ae8d992666856e30a33371bfd8cda59 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 14 Oct 2023 16:24:13 +0200 Subject: [PATCH 208/316] Install email server --- badhouseplants/helmfile.yaml | 4 + badhouseplants/values/values.argocd.yaml | 2 +- badhouseplants/values/values.bitwarden.yaml | 2 +- .../values/values.docker-mailserver.yaml | 119 ++++++++++++++++++ badhouseplants/values/values.drone.yaml | 2 +- badhouseplants/values/values.funkwhale.yaml | 2 +- badhouseplants/values/values.gitea.yaml | 4 +- badhouseplants/values/values.minecraft.yaml | 2 +- badhouseplants/values/values.minio.yaml | 4 +- badhouseplants/values/values.nrodionov.yaml | 2 +- badhouseplants/values/values.openvpn.yaml | 9 +- badhouseplants/values/values.prometheus.yaml | 2 +- common/values.istio-gateway.yaml | 16 +++ common/values.istio.yaml | 2 +- releases.yaml | 18 +++ 15 files changed, 170 insertions(+), 20 deletions(-) create mode 100644 badhouseplants/values/values.docker-mailserver.yaml create mode 100644 common/values.istio-gateway.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 66c3c77..8037a71 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -87,6 +87,10 @@ releases: namespace: database-service createNamespace: true + - <<: *docker-mailserver + installed: true + namespace: mail-service + createNamespace: true bases: - ../environments.yaml diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 5afd729..7d01d6c 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: argocd-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: argo.badhouseplants.net service: argocd-server diff --git a/badhouseplants/values/values.bitwarden.yaml b/badhouseplants/values/values.bitwarden.yaml index b959319..16d3cb9 100644 --- a/badhouseplants/values/values.bitwarden.yaml +++ b/badhouseplants/values/values.bitwarden.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: bitwarden-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: bitwarden.badhouseplants.net service: bitwarden-vaultwarden diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml new file mode 100644 index 0000000..11efe55 --- /dev/null +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -0,0 +1,119 @@ +istio_gateway: + enabled: true + gateways: + - name: badhouseplants-email + servers: + - hosts: + - "*" + port: + name: smtp + number: 25 + protocol: TCP + - hosts: + - "*" + port: + name: pop3 + number: 110 + protocol: TCP + - hosts: + - "*" + port: + name: imap + number: 143 + protocol: TCP + - hosts: + - "*" + port: + name: smtps + number: 465 + protocol: TCP + - hosts: + - "*" + port: + name: submission + number: 587 + protocol: TCP + - hosts: + - "*" + port: + name: imaps + number: 993 + protocol: TCP + - hosts: + - "*" + port: + name: pop3s + number: 995 + protocol: TCP +istio: + enabled: true + istio: + - name: docker-mailserver-smpt + kind: tcp + gateway: badhouseplants-email + service: docker-mailserver + hostname: badhousplants.net + port_match: 25 + port: 25 + - name: docker-mailserver-smpts + kind: tcp + gateway: badhouseplants-email + port_match: 465 + hostname: badhousplants.net + service: docker-mailserver + port: 465 + - name: docker-mailserver-smpt-startls + kind: tcp + gateway: badhouseplants-email + hostname: badhousplants.net + port_match: 587 + service: docker-mailserver + port: 587 + - name: docker-mailserver-imap + kind: tcp + hostname: badhousplants.net + gateway: badhouseplants-email + port_match: 143 + service: docker-mailserver + port: 143 + - name: docker-mailserver-imaps + kind: tcp + gateway: badhouseplants-email + hostname: badhousplants.net + port_match: 993 + service: docker-mailserver + port: 993 + - name: docker-mailserver-pop3 + kind: tcp + gateway: badhouseplants-email + port_match: 110 + hostname: badhousplants.net + service: docker-mailserver + port: 110 + - name: docker-mailserver-pop3s + kind: tcp + gateway: badhouseplants-email + port_match: 993 + hostname: badhousplants.net + service: docker-mailserver + port: 993 + +demoMode: + enabled: false +domains: + - badhouseplants.net + - "*.badhouseplants.net" +ssl: + issuer: + name: badhouseplants-issuer + kind: ClusterIssuer + dnsname: badhouseplants.net + dns01provider: cloudflare + useExisting: false +pod: + dockermailserver: + enable_fail2ban: "0" + ssl_type: manual +service: + type: ClusterIP +spfTestsDisabled: true diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml index 6324ef8..8a1eb82 100644 --- a/badhouseplants/values/values.drone.yaml +++ b/badhouseplants/values/values.drone.yaml @@ -6,7 +6,7 @@ istio: enabled: true istio: - name: drone-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: drone.badhouseplants.net service: drone diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 79db09a..e5aeb81 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: funkwhale-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: funkwhale.badhouseplants.net service: funkwhale diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index c9ee912..88ef536 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -8,13 +8,13 @@ istio: istio: - name: gitea-http kind: http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net hostname: git.badhouseplants.net service: gitea-http port: 3000 - name: gitea-ssh kind: tcp - gateway: badhouseplants-ssh + gateway: istio-system/badhouseplants-ssh hostname: "*" port_match: 22 service: gitea-ssh diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index de6218a..e5df96a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -18,7 +18,7 @@ istio: enabled: true istio: - name: minecraft-tcp - gateway: badhouseplants-minecraft + gateway: istio-system/badhouseplants-minecraft kind: tcp port_match: 25565 hostname: "*" diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index cccfe32..2ae9119 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -7,13 +7,13 @@ istio: enabled: true istio: - name: minio-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: minio.badhouseplants.net service: minio-console port: 9001 - name: s3-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: s3.badhouseplants.net service: minio diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 7798c6b..14d1b8c 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: nrodionov-http - gateway: nrodionov-info + gateway: istio-system/nrodionov-info kind: http hostname: dev.nrodionov.info service: nrodionov-wordpress diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 8d3c9f3..073bdfa 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -7,19 +7,12 @@ istio: enabled: true istio: - name: openvpn-tcp - gateway: badhouseplants-vpn + gateway: istio-system/badhouseplants-vpn kind: tcp port_match: 1194 hostname: "*" service: openvpn port: 1194 - - name: openvpn-tcp-fake-port - gateway: badhouseplants-vpn - kind: tcp - port_match: 25 - hostname: "*" - service: openvpn - port: 1194 # ------------------------------------------ image: tag: v2.6.5-xor-4.0.0beta08 diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 11f1a0b..712e0d7 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: grafana-https - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: "grafana.badhouseplants.net" service: prometheus-grafana diff --git a/common/values.istio-gateway.yaml b/common/values.istio-gateway.yaml new file mode 100644 index 0000000..deb3696 --- /dev/null +++ b/common/values.istio-gateway.yaml @@ -0,0 +1,16 @@ +--- +istio_gateway: + templates: + - | + {{ range .Values.gateways }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: {{ .name }} + spec: + selector: + istio: ingressgateway + servers: + {{ toYaml .servers | indent 4 }} + {{ end }} diff --git a/common/values.istio.yaml b/common/values.istio.yaml index 0b353c0..1c834bc 100644 --- a/common/values.istio.yaml +++ b/common/values.istio.yaml @@ -10,7 +10,7 @@ istio: name: {{ .name }} spec: gateways: - - "istio-system/{{ .gateway }}" + - "{{ .gateway }}" hosts: - {{ .hostname | quote }} {{- if eq .kind "http" }} diff --git a/releases.yaml b/releases.yaml index ffad5cf..f6bd399 100644 --- a/releases.yaml +++ b/releases.yaml @@ -41,6 +41,14 @@ templates: # ---------------------------- # -- Extensions # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio_gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + ext-istio-resource: dependencies: - chart: bedag/raw @@ -316,3 +324,13 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + + docker-mailserver: &docker-mailserver + name: docker-mailserver + chart: allanger-gitea/docker-mailserver + version: 2.1.3 + inherit: + - template: default-env-values + - template: ext-istio-gateway + - template: ext-istio-resource + -- 2.45.2 From 250ee3ef2622f5f30e5a452a5ca3e7261dc2d0ad Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 15 Oct 2023 17:21:49 +0200 Subject: [PATCH 209/316] Add some smtp settings --- badhouseplants/values/secrets.bitwarden.yaml | 8 ++++--- badhouseplants/values/secrets.gitea.yaml | 8 +++---- badhouseplants/values/values.bitwarden.yaml | 23 +++++++++++--------- badhouseplants/values/values.gitea.yaml | 7 ++++++ badhouseplants/values/values.mailu.yaml | 2 +- 5 files changed, 30 insertions(+), 18 deletions(-) diff --git a/badhouseplants/values/secrets.bitwarden.yaml b/badhouseplants/values/secrets.bitwarden.yaml index 2a865a3..4407926 100644 --- a/badhouseplants/values/secrets.bitwarden.yaml +++ b/badhouseplants/values/secrets.bitwarden.yaml @@ -1,5 +1,7 @@ env: ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str] +smtp: + password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +17,8 @@ sops: dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1 amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-16T18:40:43Z" - mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str] + lastmodified: "2023-10-15T12:20:48Z" + mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 \ No newline at end of file + version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 4dec029..6d28634 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -4,7 +4,7 @@ gitea: password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] config: mailer: - ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] + PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] database: PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] session: @@ -33,8 +33,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T19:15:11Z" - mac: ENC[AES256_GCM,data:1i8EysfGANbgwIPGqQ1+SxKRjpvWP50gheisTs9kRUop/kH4WF+WM+cKyAIB1i5JCF1ICOas0KDcTkSiO4kEV0tFS8efBCkWNopZOmGSET5uUjeekj/nshtp1OCloQyWV2x6Ata4v8p1Y2gZ2FcfocslXRLtMBvwxvzxabW4Ui8=,iv:09qo93S1WxX/9ryvaXMLQRynCdee8sorBFPCNM0ilS4=,tag:St7XKo6Ycz/g3lje199cSg==,type:str] + lastmodified: "2023-10-15T09:58:05Z" + mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/values.bitwarden.yaml b/badhouseplants/values/values.bitwarden.yaml index 16d3cb9..00e0898 100644 --- a/badhouseplants/values/values.bitwarden.yaml +++ b/badhouseplants/values/values.bitwarden.yaml @@ -17,21 +17,24 @@ istio: pathType: Prefix env: - SIGNUPS_ALLOWED: false DOMAIN: "https://bitwarden.badhouseplants.net" - # YUBICO_CLIENT_ID - # YUBICO_SECRET_KEY - # DATA_FOLDER - # DATABASE_URL - # ATTACHMENTS_FOLDER - # ICON_CACHE_FOLDER - # ROCKET_LIMITS - # ROCKET_WORKERS WEB_VAULT_ENABLED: true persistence: enabled: true accessMode: ReadWriteOnce size: 800Mi - storageClass: longhorn \ No newline at end of file + storageClass: longhorn + +smtp: + host: badhouseplants.net + security: "starttls" + port: 587 + from: bitwarden@badhouseplants.net + fromName: bitwarden + username: + value: overlord@badhouseplants.net + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" \ No newline at end of file diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 88ef536..726fde3 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -101,6 +101,13 @@ gitea: ADAPTER: redis queue: TYPE: redis + mailer: + ENABLED: true + FROM: gitea@badhouseplants.net + PROTOCOL: smtp+startls + SMTP_ADDR: badhouseplants.net + SMTP_PORT: 587 + USER: overlord@badhouseplants.net service: ssh: type: ClusterIP diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index c2188b2..0612e49 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -21,7 +21,7 @@ istio: kind: http gateway: badhouseplants-net hostname: email.badhouseplants.net - service: mailu-front + service: mailu-fr ont port: 80 # - name: mailu-smpt # kind: tcp -- 2.45.2 From 63df23af178429311e58fc55956ee9863be00fd7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 17 Oct 2023 14:56:57 +0200 Subject: [PATCH 210/316] Start managing gateways with helmfile --- badhouseplants/helmfile.yaml | 5 ++ .../values/values.docker-mailserver.yaml | 28 +++++--- .../values.istio-gateway-resources.yaml | 69 +++++++++++++++++++ .../values/values.istio-ingressgateway.yaml | 1 - common/values.istio-gateway.yaml | 2 +- message_file.tpl | 0 releases.yaml | 10 ++- 7 files changed, 103 insertions(+), 12 deletions(-) create mode 100644 badhouseplants/values/values.istio-gateway-resources.yaml delete mode 100644 message_file.tpl diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8037a71..bbbf5d4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -92,6 +92,11 @@ releases: namespace: mail-service createNamespace: true + - <<: *istio-gateway-resources + installed: true + namespace: istio-system + createNamespace: false} + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 11efe55..47d6a99 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,4 +1,4 @@ -istio_gateway: +istio-gateway: enabled: true gateways: - name: badhouseplants-email @@ -52,26 +52,26 @@ istio: kind: tcp gateway: badhouseplants-email service: docker-mailserver - hostname: badhousplants.net + hostname: badhouseplants.net port_match: 25 port: 25 - name: docker-mailserver-smpts kind: tcp gateway: badhouseplants-email port_match: 465 - hostname: badhousplants.net + hostname: badhouseplants.net service: docker-mailserver port: 465 - name: docker-mailserver-smpt-startls kind: tcp gateway: badhouseplants-email - hostname: badhousplants.net + hostname: badhouseplants.net port_match: 587 service: docker-mailserver port: 587 - name: docker-mailserver-imap kind: tcp - hostname: badhousplants.net + hostname: badhouseplants.net gateway: badhouseplants-email port_match: 143 service: docker-mailserver @@ -79,7 +79,7 @@ istio: - name: docker-mailserver-imaps kind: tcp gateway: badhouseplants-email - hostname: badhousplants.net + hostname: badhouseplants.net port_match: 993 service: docker-mailserver port: 993 @@ -87,22 +87,32 @@ istio: kind: tcp gateway: badhouseplants-email port_match: 110 - hostname: badhousplants.net + hostname: badhouseplants.net service: docker-mailserver port: 110 - name: docker-mailserver-pop3s kind: tcp gateway: badhouseplants-email port_match: 993 - hostname: badhousplants.net + hostname: badhouseplants.net service: docker-mailserver port: 993 + - name: docker-mailserver-rainloop + kind: http + gateway: istio-system/badhouseplants-net + hostname: mail.badhouseplants.net + service: docker-mailserver-rainloop + port: 80 +rainloop: + enabled: true + ingress: + enabled: false demoMode: enabled: false domains: - badhouseplants.net - - "*.badhouseplants.net" + - mail.badhouseplants.net ssl: issuer: name: badhouseplants-issuer diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml new file mode 100644 index 0000000..adb884f --- /dev/null +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -0,0 +1,69 @@ +istio-gateway: + enabled: true + gateways: + - name: badhouseplants-net + servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: http + number: 80 + protocol: HTTP2 + tls: + httpsRedirect: true + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE + - name: nrodionov-info + servers: + - hosts: + - nrodionov.info + - dev.nrodionov.info + port: + name: http + number: 80 + protocol: HTTP2 + tls: + httpsRedirect: false + - hosts: + - nrodionov.info + - dev.nrodionov.info + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: nrodionov-wildcard-tls + mode: SIMPLE + - name: badhouseplants-vpn + servers: + - hosts: + - '*' + port: + name: tcp + number: 1194 + protocol: TCP + - name: badhouseplants-ssh + servers: + - hosts: + - '*' + port: + name: ssh + number: 22 + protocol: TCP + - name: badhouseplants-minecraft + servers: + - hosts: + - '*' + port: + name: minecraft + number: 25565 + protocol: TCP diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 60d5a2f..a5d2656 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -1,4 +1,3 @@ ---- service: type: LoadBalancer ports: diff --git a/common/values.istio-gateway.yaml b/common/values.istio-gateway.yaml index deb3696..d54bfa7 100644 --- a/common/values.istio-gateway.yaml +++ b/common/values.istio-gateway.yaml @@ -1,5 +1,5 @@ --- -istio_gateway: +istio-gateway: templates: - | {{ range .Values.gateways }} diff --git a/message_file.tpl b/message_file.tpl deleted file mode 100644 index e69de29..0000000 diff --git a/releases.yaml b/releases.yaml index f6bd399..1155aa8 100644 --- a/releases.yaml +++ b/releases.yaml @@ -45,7 +45,7 @@ templates: dependencies: - chart: bedag/raw version: 2.0.0 - alias: istio_gateway + alias: istio-gateway values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' @@ -179,6 +179,14 @@ templates: - template: istio-common - template: default-env-values + istio-gateway-resources: &istio-gateway-resources + name: istio-gateway-resources + chart: bedag/raw + version: 2.0.0 + inherit: + - template: ext-istio-gateway + - template: default-env-values + istiod: &istiod name: istiod chart: istio/istiod -- 2.45.2 From 5201e2a58965443cca48b4deb6df181f31be19bc Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 07:40:46 +0200 Subject: [PATCH 211/316] Fix broken helmfile --- badhouseplants/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index bbbf5d4..88616fc 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -95,7 +95,7 @@ releases: - <<: *istio-gateway-resources installed: true namespace: istio-system - createNamespace: false} + createNamespace: false bases: - ../environments.yaml -- 2.45.2 From 871ceb8e06d1ec785ead5cc92b5b4117c4676de6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 21:42:57 +0200 Subject: [PATCH 212/316] Install vaultwarden --- badhouseplants/helmfile.yaml | 5 ++ .../values/secrets.vaultwarden.yaml | 27 ++++++++ .../values/values.db-instances.yaml | 2 +- badhouseplants/values/values.longhorn.yaml | 2 +- badhouseplants/values/values.vaultwarden.yaml | 63 +++++++++++++++++++ releases.yaml | 25 +++++--- repositories.yaml | 4 +- 7 files changed, 117 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/secrets.vaultwarden.yaml create mode 100644 badhouseplants/values/values.vaultwarden.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 88616fc..8573d06 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -97,6 +97,11 @@ releases: namespace: istio-system createNamespace: false + - <<: *vaultwarden + installed: true + namespace: vaultwarden-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml new file mode 100644 index 0000000..9c2e617 --- /dev/null +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] + password: + value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] + adminToken: + value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo + WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 + dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a + U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT + HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-20T07:01:25Z" + mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 6c8999b..8e16c19 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -18,7 +18,7 @@ dbinstances: Namespace: database-service engine: postgres generic: - host: postgres16-postgresql + host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 mysql: monitoring: diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 078e6ab..c639d5f 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -9,5 +9,5 @@ defaultSettings: csi: kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: - defaultClassReplicaCount: 1 +defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml new file mode 100644 index 0000000..b2bd5a3 --- /dev/null +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -0,0 +1,63 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: vaultwarden-http + kind: http + gateway: istio-system/badhouseplants-net + hostname: vault.badhouseplants.net + service: vaultwarden + port: 8080 +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: + enabled: true + name: vaultwarden-postgres16 + instance: postgres16 +service: + port: 8080 +vaultwarden: + smtp: + host: badhouseplants.net + security: "starttls" + port: 587 + from: vaultwarden@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vault.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vault.badhouseplants.com" + signupsVerify: "true" + showPassHint: "false" + database: + existingSecret: vaultwarden-postgres16-creds + existingSecretKey: CONNECTION_STRING + connectionRetries: 15 + maxConnections: 10 + storage: + enabled: false + size: 1Gi + class: default + dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" diff --git a/releases.yaml b/releases.yaml index 1155aa8..0b9bd0c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.6.1 + version: 51.9.4 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.29.0 + version: 5.35.0 inherit: - template: monitoring-common - template: default-env-values @@ -153,7 +153,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.2 + version: 6.15.3 inherit: - template: monitoring-common - template: default-env-values @@ -232,7 +232,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.0.4 + version: 18.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -260,7 +260,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.5.0 + version: 9.5.1 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.5 + version: 18.1.6 inherit: - template: default-env-values - template: default-env-secrets @@ -307,7 +307,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.1.4 + version: 13.1.5 inherit: - template: default-env-values - template: default-env-secrets @@ -315,7 +315,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.11.1 + version: 1.11.2 db-instances: &db-instances name: db-instances @@ -342,3 +342,12 @@ templates: - template: ext-istio-gateway - template: ext-istio-resource + vaultwarden: &vaultwarden + name: vaultwarden + chart: badhouseplants/vaultwarden + version: 0.1.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database diff --git a/repositories.yaml b/repositories.yaml index 64e3842..fcdf4fe 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -35,4 +35,6 @@ repositories: - name: db-operator url: https://db-operator.github.io/charts - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + url: https://badhouseplants.github.io/helm-charts/ -- 2.45.2 From 45e4555218d92bc3ab0c3975fe0028f86a4fba95 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 21:52:24 +0200 Subject: [PATCH 213/316] Update vaultwarden and fix some values --- badhouseplants/helmfile.yaml | 2 +- badhouseplants/values/values.longhorn.yaml | 2 +- releases.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8573d06..8d7ed5b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -58,7 +58,7 @@ releases: createNamespace: false - <<: *bitwarden - installed: true + installed: false namespace: bitwarden-application createNamespace: true diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index c639d5f..078e6ab 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -9,5 +9,5 @@ defaultSettings: csi: kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: -defaultClassReplicaCount: 1 + defaultClassReplicaCount: 1 enablePSP: false diff --git a/releases.yaml b/releases.yaml index 0b9bd0c..7d067ef 100644 --- a/releases.yaml +++ b/releases.yaml @@ -345,7 +345,7 @@ templates: vaultwarden: &vaultwarden name: vaultwarden chart: badhouseplants/vaultwarden - version: 0.1.0 + version: 1.0.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From eed6c898c54220a6a6982c45f2f134d9bd97f35e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 22 Oct 2023 13:17:16 +0200 Subject: [PATCH 214/316] Update outdated releases --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d067ef..43ebded 100644 --- a/releases.yaml +++ b/releases.yaml @@ -102,7 +102,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.11 + version: 0.13.12 cert-manager: &cert-manager name: cert-manager @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.9.4 + version: 51.10.0 inherit: - template: monitoring-common - template: default-env-values -- 2.45.2 From 283bcc5cd2a0260b85b2bcac43f479833299a896 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 5 Oct 2023 10:07:25 +0200 Subject: [PATCH 215/316] Install and test woodpecker-ci --- .woodpecker.yml | 24 ++++++++++++ badhouseplants/helmfile.yaml | 7 +++- .../values/secrets.woodpecker-agent.yaml | 23 ++++++++++++ .../values/secrets.woodpecker-ci.yaml | 26 +++++++++++++ .../values/values.woodpecker-ci.yaml | 37 +++++++++++++++++++ releases.yaml | 9 +++++ repositories.yaml | 2 + 7 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 .woodpecker.yml create mode 100644 badhouseplants/values/secrets.woodpecker-agent.yaml create mode 100644 badhouseplants/values/secrets.woodpecker-ci.yaml create mode 100644 badhouseplants/values/values.woodpecker-ci.yaml diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..b18ba77 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,24 @@ +--- +when: + event: push + +steps: + Diff Badhouseplants: + image: ghcr.io/helmfile/helmfile:canary + secrets: [ sops_age_key, kubeconfig_content ] + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e badhouseplants diff --suppress-secrets + + Diff Eterosoft: + image: ghcr.io/helmfile/helmfile:canary + secrets: [ sops_age_key, kubeconfig_content ] + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e etersoft diff --suppress-secrets + + #services: + # kind: + # image: kindest/node:v1.27.3 diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8d7ed5b..5023f26 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -97,9 +97,14 @@ releases: namespace: istio-system createNamespace: false - - <<: *vaultwarden + - <<: &vaultwarde + createNamespace: true installed: true namespace: vaultwarden-application + + - <<: *woodpecker-ci + installed: true + namespace: woodpecker createNamespace: true bases: diff --git a/badhouseplants/values/secrets.woodpecker-agent.yaml b/badhouseplants/values/secrets.woodpecker-agent.yaml new file mode 100644 index 0000000..f71db04 --- /dev/null +++ b/badhouseplants/values/secrets.woodpecker-agent.yaml @@ -0,0 +1,23 @@ +env: + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str] + WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1 + RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz + ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0 + SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY + 870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-05T08:06:51Z" + mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/badhouseplants/values/secrets.woodpecker-ci.yaml b/badhouseplants/values/secrets.woodpecker-ci.yaml new file mode 100644 index 0000000..dedead1 --- /dev/null +++ b/badhouseplants/values/secrets.woodpecker-ci.yaml @@ -0,0 +1,26 @@ +server: + env: + WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] +agent: + env: + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:rnxJ1aKdMnJDXbiQFIUP2a1zaB/hfdXZ0YLwegT+aMSM4tBRV+YgQ/0OvoUuoTC2j1Jtp1SnY94=,iv:XHDR0WSiG1zwOkqTUnVtw0hLceWyI4W5sYNrsnXAAik=,tag:6mddyqwUd/mOQeEGIJlQhQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5 + QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn + bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4 + WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 + ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-14T16:17:58Z" + mac: ENC[AES256_GCM,data:guD5+TBhN9n0WKRN4Ffzo0khhL+3CroELwxTfvUPmxQndFBzOnw/kvj8ZP/NBHMwAiQ1sirUdoJE0QKruHpkHlPs0slyNK0adGExPlSmn9fS5egltbtthzZYbftTJKFlImo3/3Z6tapBWN8neJNc3fhtZbItuwgfYJecXPPqW7Q=,iv:bqqhU1KDfzIN4LOY4dMpSw8XT/2j+NiD74M56jSpjWE=,tag:VGXSlEreapoSFCUnfHXIXA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml new file mode 100644 index 0000000..51b5f98 --- /dev/null +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -0,0 +1,37 @@ +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: woodpecker-server-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: ci.badhouseplants.net + service: woodpecker-ci-server + port: 80 +server: + image: + tag: v1.0.2 + enabled: true + env: + WOODPECKER_GITEA: true + WOODPECKER_GITEA_URL: https://git.badhouseplants.net + WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 + WOODPECKER_ADMIN: "woodpecker,allanger" + WOODPECKER_HOST: "https://ci.badhouseplants.net" + extraSecretNamesForEnvFrom: [] +agent: + image: + tag: v1.0.2 + enabled: true + extraSecretNamesForEnvFrom: [] + env: + WOODPECKER_SERVER: woodpecker-ci-server:9000 + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1Gi + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: + serviceAccount: + create: true + rbac: + create: true diff --git a/releases.yaml b/releases.yaml index 43ebded..e380875 100644 --- a/releases.yaml +++ b/releases.yaml @@ -229,6 +229,15 @@ templates: - template: default-env-secrets - template: drone-common + woodpecker-ci: &woodpecker-ci + name: woodpecker-ci + chart: woodpecker/woodpecker + version: 0.4.2 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress diff --git a/repositories.yaml b/repositories.yaml index fcdf4fe..0d52f2e 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -38,3 +38,5 @@ repositories: url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ + - name: woodpecker + url: https://woodpecker-ci.org -- 2.45.2 From e1ce435597f7614e1a7ee5cc2e737eb0134f554a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 21:55:21 +0200 Subject: [PATCH 216/316] Try the matrix build --- .woodpecker.yml | 24 -------------- .woodpecker/.cdh.yml | 31 +++++++++++++++++++ .woodpecker/.helmfile.yml | 29 +++++++++++++++++ badhouseplants/helmfile.yaml | 2 +- .../values/values.woodpecker-ci.yaml | 1 + 5 files changed, 62 insertions(+), 25 deletions(-) delete mode 100644 .woodpecker.yml create mode 100644 .woodpecker/.cdh.yml create mode 100644 .woodpecker/.helmfile.yml diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index b18ba77..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -when: - event: push - -steps: - Diff Badhouseplants: - image: ghcr.io/helmfile/helmfile:canary - secrets: [ sops_age_key, kubeconfig_content ] - commands: - - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e badhouseplants diff --suppress-secrets - - Diff Eterosoft: - image: ghcr.io/helmfile/helmfile:canary - secrets: [ sops_age_key, kubeconfig_content ] - commands: - - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e etersoft diff --suppress-secrets - - #services: - # kind: - # image: kindest/node:v1.27.3 diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml new file mode 100644 index 0000000..89050ab --- /dev/null +++ b/.woodpecker/.cdh.yml @@ -0,0 +1,31 @@ +# ---------------------------------------------- +# -- Check da helm pipeline +# ---------------------------------------------- +when: + - event: push + # cron: nightly +steps: + check badhouseplants: + image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable + secrets: + - sops_age_key + environment: + RUST_LOG: info + commands: + - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl + - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl + notification: + image: deblan/woodpecker-email + settings: + from.address: woody@badhouseplants.net + from.name: Woody Woodpecker + host: badhouseplants.net + username: + from_secret: smtp_username + password: + from_secret: smtp_password + recipients: + subject: CDH result + target: main + when: + - status: [success, failure] diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml new file mode 100644 index 0000000..16f03ca --- /dev/null +++ b/.woodpecker/.helmfile.yml @@ -0,0 +1,29 @@ +when: + event: push +matrix: + ENVIRONMENT: + - badhouseplants + - etersoft +steps: + diff: + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + exclude: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e $ENVIRONMENT diff --suppress-secrets + sync: + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + include: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e $ENVIRONMENT sync diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 5023f26..89ced65 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -97,7 +97,7 @@ releases: namespace: istio-system createNamespace: false - - <<: &vaultwarde + - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 51b5f98..c19c116 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -19,6 +19,7 @@ server: WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.badhouseplants.net WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 + WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" extraSecretNamesForEnvFrom: [] -- 2.45.2 From cffa11820f463206345a44ac464b5d47083de8cf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 08:21:18 +0200 Subject: [PATCH 217/316] Update OpenVPN --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index e380875..442b6c2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -200,7 +200,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.6 + version: 1.0.7 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 164e4b2ffba85aa02c5aeca8d864440fd5546eb8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 08:27:52 +0200 Subject: [PATCH 218/316] Increase Gitea disk --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 726fde3..ee27307 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 8Gi + size: 10Gi accessModes: - ReadWriteOnce -- 2.45.2 From fb90882fcc3b837c6706e636eb7f793e296613a0 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 29 Oct 2023 10:55:28 +0100 Subject: [PATCH 219/316] Upgrade outdated releases --- releases.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index 442b6c2..79df093 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.46.8 + version: 5.48.8 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.10.0 + version: 52.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.35.0 + version: 5.36.0 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.0.7 + version: 18.0.11 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.6 + version: 18.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.11.2 + version: 1.12.0 db-instances: &db-instances name: db-instances @@ -337,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.5 + version: 9.14.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 4f42d4e73f776a15da366a2423c3a1cf70f36584 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 29 Oct 2023 10:56:21 +0100 Subject: [PATCH 220/316] Disable cdh workflow --- .woodpecker/{.cdh.yml => .cdh.yml.back} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .woodpecker/{.cdh.yml => .cdh.yml.back} (100%) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml.back similarity index 100% rename from .woodpecker/.cdh.yml rename to .woodpecker/.cdh.yml.back -- 2.45.2 From 4c554264411c38b9f97ebf2ce8a2d9554cedc95f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 29 Oct 2023 14:57:24 +0100 Subject: [PATCH 221/316] Set a correct version for Argo --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 79df093..8536440 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.48.8 + version: 5.48.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From f61ffc416175b16e181a7725c52b358d9cfa305b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 30 Oct 2023 13:26:00 +0100 Subject: [PATCH 222/316] Upgrade mail-server version --- releases.yaml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/releases.yaml b/releases.yaml index 8536440..1e39d21 100644 --- a/releases.yaml +++ b/releases.yaml @@ -286,16 +286,6 @@ templates: - template: ext-istio-resource - template: ext-database - mailu: &mailu - name: mailu - chart: mailu/mailu - version: 1.2.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - - template: ext-certificate - bitwarden: &bitwarden name: bitwarden chart: bitwarden/vaultwarden @@ -345,7 +335,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.1.3 + version: 2.2.0 inherit: - template: default-env-values - template: ext-istio-gateway -- 2.45.2 From e18424d98ac5e15930a6d33563090a74180d6390 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 30 Oct 2023 16:07:26 +0100 Subject: [PATCH 223/316] Enable indexer for Gitea --- badhouseplants/values/values.gitea.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index ee27307..3aaccee 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -108,6 +108,11 @@ gitea: SMTP_ADDR: badhouseplants.net SMTP_PORT: 587 USER: overlord@badhouseplants.net + indexer: + REPO_INDEXER_ENABLED: true + REPO_INDEXER_PATH: indexers/repos.bleve + MAX_FILE_SIZE: 1048576 + REPO_INDEXER_EXCLUDE: resources/bin/** service: ssh: type: ClusterIP -- 2.45.2 From b9954063cb1f091ba195fad7503a0bf695917cf5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 13:54:32 +0100 Subject: [PATCH 224/316] Upgrade Longhorn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 1e39d21..7d38f1c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -114,7 +114,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.1 + version: 1.5.2 inherit: - template: default-env-values -- 2.45.2 From 654731b7ef951c24f4e6816b1bc84d7a761bc504 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 19:54:19 +0100 Subject: [PATCH 225/316] Add some manifests for badhouseplants --- .../badhouseplants/namespace-creator-binding.yaml | 12 ++++++++++++ manifests/badhouseplants/namespace-creator-role.yaml | 8 ++++++++ 2 files changed, 20 insertions(+) create mode 100644 manifests/badhouseplants/namespace-creator-binding.yaml create mode 100644 manifests/badhouseplants/namespace-creator-role.yaml diff --git a/manifests/badhouseplants/namespace-creator-binding.yaml b/manifests/badhouseplants/namespace-creator-binding.yaml new file mode 100644 index 0000000..d24486c --- /dev/null +++ b/manifests/badhouseplants/namespace-creator-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: namespace-manager +subjects: + - kind: User + name: badhousplants + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: namespace-manager + apiGroup: rbac.authorization.k8s.io diff --git a/manifests/badhouseplants/namespace-creator-role.yaml b/manifests/badhouseplants/namespace-creator-role.yaml new file mode 100644 index 0000000..c552be6 --- /dev/null +++ b/manifests/badhouseplants/namespace-creator-role.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: namespace-manager +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "watch", "list", "create", "delete"] -- 2.45.2 From f4cbb2b5c50cad84e25eec7ebcd1b011d31135ca Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 19:55:29 +0100 Subject: [PATCH 226/316] Create etcd bucket in etersoft --- etersoft/values/values.minio.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index 25c0888..a536d3e 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -73,6 +73,8 @@ policies: - 'arn:aws:s3:::longhorn' - 'arn:aws:s3:::restic/*' - 'arn:aws:s3:::restic' + - 'arn:aws:s3:::etcd/*' + - 'arn:aws:s3:::etcd' actions: - "s3:DeleteObject" - "s3:GetObject" @@ -87,6 +89,10 @@ buckets: policy: none purge: false versioning: false + - name: etcd + policy: none + versioning: false + purge: false metrics: serviceMonitor: enabled: false -- 2.45.2 From 3a7df6e695c2b6cfa3097f2192fcec86531607ec Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 19:57:56 +0100 Subject: [PATCH 227/316] Use apply instead of sync in ci --- .woodpecker/.helmfile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 16f03ca..355d333 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -16,7 +16,7 @@ steps: - mkdir $HOME/.kube - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets - sync: + apply: image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -26,4 +26,4 @@ steps: commands: - mkdir $HOME/.kube - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e $ENVIRONMENT sync + - helmfile -e $ENVIRONMENT apply -- 2.45.2 From 3a74881b27cf06555f083262ad7930a2cdd92c83 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 20:00:56 +0100 Subject: [PATCH 228/316] Update sso for Minio Etersoft --- etersoft/values/secrets.minio.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index 858d3c9..465ad9a 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -9,8 +9,8 @@ users: oidc: enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] - clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str] - clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str] + clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] + clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] @@ -31,8 +31,8 @@ sops: UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-26T11:56:18Z" - mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str] + lastmodified: "2023-11-04T19:00:41Z" + mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 -- 2.45.2 From a9bf45dcef6c2010fe75181a2eeb972dc1ef8b15 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 5 Nov 2023 16:17:21 +0100 Subject: [PATCH 229/316] Fix the image on the Etersoft VPN --- etersoft/values/values.openvpn.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 7f2d53d..4602748 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -14,6 +14,8 @@ istio: service: openvpn port: 1194 +image: + tag: v2.6.5-xor-4.0.0beta08 storage: class: microk8s-hostpath size: 5Gi -- 2.45.2 From 76a7c5d4ef9933e646a3a75bf6abd092262e67a2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 7 Nov 2023 03:55:40 +0100 Subject: [PATCH 230/316] Remove badhouseplants-brew bucket --- badhouseplants/values/values.minio.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 2ae9119..ef99a67 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -64,11 +64,6 @@ buckets: - name: allanger-music policy: download purge: false - versioning: false - - name: badhouseplants-brew - policy: download - purge: false - versioning: false metrics: serviceMonitor: enabled: false -- 2.45.2 From 4412cc5fbd66255ac18c756cb9b31f740cbf3ae9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 8 Nov 2023 15:15:41 +0100 Subject: [PATCH 231/316] Update outdated releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d38f1c..910bc4e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -107,7 +107,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.1 + version: 1.13.2 set: - name: installCRDs value: true @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.48.0 + version: 5.51.0 inherit: - template: default-env-values - template: default-env-secrets @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.36.0 + version: 5.36.3 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.0.11 + version: 18.1.6 inherit: - template: default-env-values - template: default-env-secrets @@ -298,7 +298,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.2.0 + version: 18.2.1 inherit: - template: default-env-values - template: default-env-secrets @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.1.5 + version: 13.2.2 inherit: - template: default-env-values - template: default-env-secrets @@ -314,7 +314,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.12.0 + version: 1.13.1 db-instances: &db-instances name: db-instances @@ -327,7 +327,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.1 + version: 9.14.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From ff64516cf72472c00fbcd7a6e36829b51e142c95 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 12 Nov 2023 22:19:26 +0100 Subject: [PATCH 232/316] Update charts --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 910bc4e..6f5467c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.0 + version: 5.51.1 inherit: - template: default-env-values - template: default-env-secrets @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.6 + version: 18.1.11 inherit: - template: default-env-values - template: default-env-secrets @@ -298,7 +298,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.2.1 + version: 18.3.2 inherit: - template: default-env-values - template: default-env-secrets @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.2 + version: 13.2.5 inherit: - template: default-env-values - template: default-env-secrets @@ -327,7 +327,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.2 + version: 9.14.3 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From fb0d11beee19339a7ef2191af200e8584dc6ed81 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 14 Nov 2023 08:38:24 +0100 Subject: [PATCH 233/316] Add escalation to woodpecker --- badhouseplants/values/values.woodpecker-ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index c19c116..13dd311 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -22,6 +22,7 @@ server: WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" + WOODPECKER_ESCALATE: true extraSecretNamesForEnvFrom: [] agent: image: -- 2.45.2 From 4f258d9140b6b6c606c5d7638e76732ec8967a0c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:01:25 +0100 Subject: [PATCH 234/316] chore: Upgrade longhorn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6f5467c..7b2defe 100644 --- a/releases.yaml +++ b/releases.yaml @@ -114,7 +114,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.2 + version: 1.5.3 inherit: - template: default-env-values -- 2.45.2 From 693169f9639849d105992703213d562975976bcc Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:02:07 +0100 Subject: [PATCH 235/316] chore: Upgrade istio --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 7b2defe..b54a494 100644 --- a/releases.yaml +++ b/releases.yaml @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.3 + version: 1.20.0 istio-base: &istio-base name: istio-base -- 2.45.2 From 627f433ff16c1e90672ddc0cd9ee708b62b02b42 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:07:29 +0100 Subject: [PATCH 236/316] chore: Upgrade some unimportant helm releases --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index b54a494..3e1efba 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.1 + version: 5.51.2 inherit: - template: default-env-values - template: default-env-secrets @@ -223,7 +223,7 @@ templates: drone-runner-docker: &drone-runner-docker name: drone-runner-docker chart: drone/drone-runner-docker - version: 0.6.1 + version: 0.6.2 inherit: - template: default-env-values - template: default-env-secrets @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.11 + version: 18.1.14 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From c1da28126dd477cacc0640b9707e894eab618fd2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:11:20 +0100 Subject: [PATCH 237/316] chore: Upgrade some unimportant helm releases --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index 3e1efba..f965c2e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 52.1.0 + version: 54.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -298,7 +298,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.3.2 + version: 18.4.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From fd7813a8401af9ec4b1aa05e08f2e5c8a6950f3e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:16:20 +0100 Subject: [PATCH 238/316] chore: Upgrade important helm releases --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index f965c2e..b7e3197 100644 --- a/releases.yaml +++ b/releases.yaml @@ -269,7 +269,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.5.1 + version: 9.6.0 inherit: - template: default-env-values - template: default-env-secrets @@ -279,7 +279,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.3 + version: 2.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.5 + version: 13.2.9 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 4b364c9c18bcaab70e7dcbbe4827e028359eb0a3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 18 Nov 2023 13:12:26 +0100 Subject: [PATCH 239/316] Setup promtail and loki --- badhouseplants/helmfile.yaml | 6 +++--- badhouseplants/values/values.loki.yaml | 13 ++++++++++++- badhouseplants/values/values.promtail.yaml | 6 ++++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 89ced65..479557f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -48,12 +48,12 @@ releases: createNamespace: true - <<: *loki - installed: false + installed: true namespace: monitoring-system createNamespace: false - <<: *promtail - installed: false + installed: true namespace: monitoring-system createNamespace: false @@ -83,7 +83,7 @@ releases: createNamespace: true - <<: *mysql - installed: true + installed: false namespace: database-service createNamespace: true diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index 0be3069..76f2f8f 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,11 +1,22 @@ --- singleBinary: replicas: 1 + persistence: + size: 5Gi loki: auth_enabled: false commonConfig: replication_factor: 1 + storage: + type: 'filesystem' +monitoring: + selfMonitoring: + enabled: false + lokiCanary: + enabled: false +test: + enabled: false compactor: retention_enabled: true limits_config: - retention_period: 2d + retention_period: 14d diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 7846cec..7e5d7b1 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -3,3 +3,9 @@ config: clients: # - url: http://loki.monitoring-system:3100 - url: http://loki-gateway/loki/api/v1/push + snippets: + pipelineStages: + - match: + pipeline_name: "drop-all" + selector: '{namespace!="mail-service"}' + action: drop -- 2.45.2 From f57301153ad34550e19197706fb0a47823037fe6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 Nov 2023 10:30:01 +0100 Subject: [PATCH 240/316] Use newer woodpecker --- badhouseplants/values/secrets.woodpecker-ci.yaml | 7 ++++--- badhouseplants/values/values.promtail.yaml | 2 +- badhouseplants/values/values.woodpecker-ci.yaml | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/badhouseplants/values/secrets.woodpecker-ci.yaml b/badhouseplants/values/secrets.woodpecker-ci.yaml index dedead1..56326be 100644 --- a/badhouseplants/values/secrets.woodpecker-ci.yaml +++ b/badhouseplants/values/secrets.woodpecker-ci.yaml @@ -1,9 +1,10 @@ server: env: WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str] agent: env: - WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:rnxJ1aKdMnJDXbiQFIUP2a1zaB/hfdXZ0YLwegT+aMSM4tBRV+YgQ/0OvoUuoTC2j1Jtp1SnY94=,iv:XHDR0WSiG1zwOkqTUnVtw0hLceWyI4W5sYNrsnXAAik=,tag:6mddyqwUd/mOQeEGIJlQhQ==,type:str] + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +20,8 @@ sops: WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-14T16:17:58Z" - mac: ENC[AES256_GCM,data:guD5+TBhN9n0WKRN4Ffzo0khhL+3CroELwxTfvUPmxQndFBzOnw/kvj8ZP/NBHMwAiQ1sirUdoJE0QKruHpkHlPs0slyNK0adGExPlSmn9fS5egltbtthzZYbftTJKFlImo3/3Z6tapBWN8neJNc3fhtZbItuwgfYJecXPPqW7Q=,iv:bqqhU1KDfzIN4LOY4dMpSw8XT/2j+NiD74M56jSpjWE=,tag:VGXSlEreapoSFCUnfHXIXA==,type:str] + lastmodified: "2023-11-18T17:43:53Z" + mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 7e5d7b1..6ab31f3 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!="mail-service"}' + selector: '{namespace!~"mail-service|woodpecker"}' action: drop diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 13dd311..c5202d2 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -13,7 +13,7 @@ istio: port: 80 server: image: - tag: v1.0.2 + tag: v2.0.0-rc.0 enabled: true env: WOODPECKER_GITEA: true @@ -26,7 +26,7 @@ server: extraSecretNamesForEnvFrom: [] agent: image: - tag: v1.0.2 + tag: v2.0.0-rc.0 enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.45.2 From f94338d176db047aa4c762f23521df87bf2281fe Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Nov 2023 10:34:11 +0100 Subject: [PATCH 241/316] Update some releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index b7e3197..40a4885 100644 --- a/releases.yaml +++ b/releases.yaml @@ -82,9 +82,9 @@ templates: ext-database: dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ext-database + - chart: bedag/raw + version: 2.0.0 + alias: ext-database values: - '{{ requiredEnv "PWD" }}/common/values.database.yaml' # ---------------------------- @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.2 + version: 5.51.4 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 54.1.0 + version: 54.2.2 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.36.3 + version: 5.38.0 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.14 + version: 18.1.17 inherit: - template: default-env-values - template: default-env-secrets @@ -260,7 +260,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.11.0 + version: 4.12.0 inherit: - template: default-env-values - template: default-env-secrets @@ -327,7 +327,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.3 + version: 9.14.4 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 663e29ebef7dbae0d387466352c8507a8a510ad2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Nov 2023 15:34:08 +0100 Subject: [PATCH 242/316] Update postgres --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 40a4885..e09b05f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.9 + version: 13.2.18 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From a9dc7658b9eec05d27f61aea387c60d21baadbde Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 7 Dec 2023 13:34:01 +0100 Subject: [PATCH 243/316] Fix certs --- .../values.istio-gateway-resources.yaml | 21 ++++++++++++++++++- releases.yaml | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index adb884f..9349206 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -1,3 +1,22 @@ +certificate: + enabled: true + certificate: + - name: nrodionov-wildcard + secretName: nrodionov-wildcard-tls + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - nrodionov.info + - "*.nrodionov.info" + - name: badhouseplants-wildcard + secretName: badhouseplants-wildcard-tls + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - badhouseplants.net + - "*.badhouseplants.net" istio-gateway: enabled: true gateways: @@ -32,7 +51,7 @@ istio-gateway: number: 80 protocol: HTTP2 tls: - httpsRedirect: false + httpsRedirect: true - hosts: - nrodionov.info - dev.nrodionov.info diff --git a/releases.yaml b/releases.yaml index e09b05f..b88172b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -185,6 +185,7 @@ templates: version: 2.0.0 inherit: - template: ext-istio-gateway + - template: ext-certificate - template: default-env-values istiod: &istiod -- 2.45.2 From 35599488dd8e707ff21cd6ed7abe69dcf151ce16 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 27 Nov 2023 10:48:52 +0100 Subject: [PATCH 244/316] Update woodpecker to 1.0.0 --- badhouseplants/values/values.woodpecker-ci.yaml | 6 +----- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index c5202d2..736abf2 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -12,8 +12,6 @@ istio: service: woodpecker-ci-server port: 80 server: - image: - tag: v2.0.0-rc.0 enabled: true env: WOODPECKER_GITEA: true @@ -23,10 +21,8 @@ server: WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true - extraSecretNamesForEnvFrom: [] + extraSecretNamesForEnvFrom: [] agent: - image: - tag: v2.0.0-rc.0 enabled: true extraSecretNamesForEnvFrom: [] env: diff --git a/releases.yaml b/releases.yaml index b88172b..5e2dde2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -233,7 +233,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 0.4.2 + version: 1.0.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 9c137f574d991c48376e331f71a2d6e92a8890bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 27 Nov 2023 10:55:39 +0100 Subject: [PATCH 245/316] Update woodpecker to 1.0.0 -- 2.45.2 From 234da9a023f60c6f465a11043eb09efa91e2cc83 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 5 Dec 2023 11:25:03 +0100 Subject: [PATCH 246/316] Update woodpecker chart --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 5e2dde2..dc9c8bf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -233,7 +233,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.0 + version: 1.0.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 30b59f6daa1480cb75e000a7e21bcc508f8b7984 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 6 Dec 2023 22:10:54 +0100 Subject: [PATCH 247/316] Update outdated release --- releases.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index dc9c8bf..9860b3a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.4 + version: 5.51.6 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 54.2.2 + version: 55.0.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.38.0 + version: 5.39.0 inherit: - template: monitoring-common - template: default-env-values @@ -242,7 +242,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.17 + version: 18.1.21 inherit: - template: default-env-values - template: default-env-secrets @@ -270,7 +270,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.6.0 + version: 9.6.1 inherit: - template: default-env-values - template: default-env-secrets @@ -307,7 +307,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.18 + version: 13.2.24 inherit: - template: default-env-values - template: default-env-secrets @@ -320,7 +320,7 @@ templates: db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 1.4.2 + version: 2.1.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From a616f03d713ce14b722176b756df194680945c20 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:10:32 +0100 Subject: [PATCH 248/316] Re-install woodpecker --- ;wq | 19 +++++++++++++++++++ badhouseplants/helmfile.yaml | 2 +- .../values/values.woodpecker-ci.yaml | 17 ++++++++++++++--- common/values.database.yaml | 9 +++++++++ releases.yaml | 1 + 5 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 ;wq diff --git a/;wq b/;wq new file mode 100644 index 0000000..3ba430b --- /dev/null +++ b/;wq @@ -0,0 +1,19 @@ +--- +ext-database: + templates: + - | + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.name }}" + spec: + secretName: "{{ .Values.name }}-creds" + instance: "{{ .Values.instance }}" + deletionProtected: false + backup: + enable: false + cron: 0 0 * * * + {{ if .Values.templates }} + check: check + {{- end }} diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 479557f..450d7b0 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -104,7 +104,7 @@ releases: - <<: *woodpecker-ci installed: true - namespace: woodpecker + namespace: woodpecker-ci createNamespace: true bases: diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 736abf2..5fa52b5 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -11,24 +11,35 @@ istio: hostname: ci.badhouseplants.net service: woodpecker-ci-server port: 80 +ext-database: + enabled: true + name: woodpecker-postgres16 + instance: postgres16 + credentials: + WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: enabled: true env: WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.badhouseplants.net + WOODPECKER_DATABASE_DRIVER: postgres WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true - extraSecretNamesForEnvFrom: [] + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath + extraSecretNamesForEnvFrom: + - woodpecker-postgres16-creds agent: enabled: true extraSecretNamesForEnvFrom: [] env: WOODPECKER_SERVER: woodpecker-ci-server:9000 - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1Gi - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath serviceAccount: create: true rbac: diff --git a/common/values.database.yaml b/common/values.database.yaml index 9680113..d5d0221 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -14,3 +14,12 @@ ext-database: backup: enable: false cron: 0 0 * * * + {{- if .Values.credentials }} + credentials: + templates: + {{- range $key, $value := .Values.credentials }} + - name: {{ $key }} + template: {{ $value }} + secret: true + {{- end }} + {{- end }} diff --git a/releases.yaml b/releases.yaml index 9860b3a..9ea207e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -235,6 +235,7 @@ templates: chart: woodpecker/woodpecker version: 1.0.1 inherit: + - template: ext-database - template: default-env-values - template: default-env-secrets - template: ext-istio-resource -- 2.45.2 From 94f81a9213f8f8be40d2bcd67d94d75b48c83da7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:11:02 +0100 Subject: [PATCH 249/316] Remove a strnage file --- ;wq | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 ;wq diff --git a/;wq b/;wq deleted file mode 100644 index 3ba430b..0000000 --- a/;wq +++ /dev/null @@ -1,19 +0,0 @@ ---- -ext-database: - templates: - - | - --- - apiVersion: kinda.rocks/v1beta1 - kind: Database - metadata: - name: "{{ .Values.name }}" - spec: - secretName: "{{ .Values.name }}-creds" - instance: "{{ .Values.instance }}" - deletionProtected: false - backup: - enable: false - cron: 0 0 * * * - {{ if .Values.templates }} - check: check - {{- end }} -- 2.45.2 From cb7188064ac4453b50244ad65f659d7788cd381f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:12:48 +0100 Subject: [PATCH 250/316] Setup check-da-helm --- .woodpecker/{.cdh.yml.back => .cdh.yml} | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) rename .woodpecker/{.cdh.yml.back => .cdh.yml} (64%) diff --git a/.woodpecker/.cdh.yml.back b/.woodpecker/.cdh.yml similarity index 64% rename from .woodpecker/.cdh.yml.back rename to .woodpecker/.cdh.yml index 89050ab..8298b38 100644 --- a/.woodpecker/.cdh.yml.back +++ b/.woodpecker/.cdh.yml @@ -2,8 +2,8 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - event: push - # cron: nightly + - event: cron + cron: nightly steps: check badhouseplants: image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable @@ -12,20 +12,23 @@ steps: environment: RUST_LOG: info commands: - - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl - - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl + - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html notification: image: deblan/woodpecker-email settings: - from.address: woody@badhouseplants.net - from.name: Woody Woodpecker + from: woody@badhouseplants.net host: badhouseplants.net + skip_verify: true + no_starttls: false username: from_secret: smtp_username password: from_secret: smtp_password recipients: + - allanger@badhouseplants.net subject: CDH result target: main + recipients_only: true + attachment: result.html when: - status: [success, failure] -- 2.45.2 From 7365a42479ec6a938ad33e17b15e817b74961fb4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Dec 2023 22:45:00 +0100 Subject: [PATCH 251/316] Udpate outdatec chart --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index 9ea207e..2306689 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.0.0 + version: 55.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.39.0 + version: 5.40.1 inherit: - template: monitoring-common - template: default-env-values @@ -243,7 +243,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.21 + version: 18.1.23 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From b675368776e51348fca355eed362c3439932b8bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 10 Dec 2023 08:50:51 +0100 Subject: [PATCH 252/316] Update retention config for Prometheus --- badhouseplants/values/values.prometheus.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 712e0d7..1a78e62 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -64,7 +64,8 @@ defaultRules: prometheus: prometheusSpec: enableAdminAPI: true - retentionSize: 10GB + retentionSize: 7GB + retention: 20d podMonitorNamespaceSelector: any: true podMonitorSelector: {} -- 2.45.2 From a4a64011e339ed260a6ce66bba79e85a6d1cf000 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 10 Dec 2023 22:25:20 +0100 Subject: [PATCH 253/316] Increase Prometheus storage --- badhouseplants/values/values.prometheus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 1a78e62..cc03d42 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -84,7 +84,7 @@ prometheus: accessModes: ["ReadWriteOnce"] resources: requests: - storage: 10Gi + storage: 12Gi grafana: persistence: -- 2.45.2 From f9c8716904593b7d6c5cc266c9bc1b4abbb7e88e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:45:43 +0100 Subject: [PATCH 254/316] Use custom woodpecker image --- badhouseplants/values/values.woodpecker-ci.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 5fa52b5..043e5b4 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -33,6 +33,15 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: + image: + # -- The image registry + registry: git.badhouseplants.net + # -- The image repository + repository: allanger/woodpecker-agent + # -- The pull policy for the image + pullPolicy: Always + # -- Overrides the image tag whose default is the chart appVersion. + tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.45.2 From 31da33b9d97f34fefbcf0ae429520462e7dda70e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:47:00 +0100 Subject: [PATCH 255/316] Update releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 2306689..4c4004f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -107,7 +107,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.2 + version: 1.13.3 set: - name: installCRDs value: true @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.1.0 + version: 55.3.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.40.1 + version: 5.41.1 inherit: - template: monitoring-common - template: default-env-values @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.0 + version: 1.20.1 istio-base: &istio-base name: istio-base @@ -243,7 +243,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.23 + version: 18.1.24 inherit: - template: default-env-values - template: default-env-secrets @@ -281,7 +281,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.4 + version: 2.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -300,7 +300,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.4.0 + version: 18.5.0 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +316,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.13.1 + version: 1.14.0 db-instances: &db-instances name: db-instances -- 2.45.2 From 04534d43d7db3c1fffd2b9a0bd4e656dd4898035 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:55:58 +0100 Subject: [PATCH 256/316] Update db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 4c4004f..7c673c6 100644 --- a/releases.yaml +++ b/releases.yaml @@ -316,7 +316,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.14.0 + version: 1.14.1 db-instances: &db-instances name: db-instances -- 2.45.2 From 91dfbedf64e9d55bc350d848550475d18c062654 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 14 Dec 2023 20:16:09 +0100 Subject: [PATCH 257/316] Switch to woodpecker dev --- badhouseplants/values/values.woodpecker-ci.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 043e5b4..4dd3ab4 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,6 +18,11 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + image: + registry: git.badhouseplants.net + repository: allanger/woodpecker-server + pullPolicy: Always + tag: fix-error enabled: true env: WOODPECKER_GITEA: true @@ -33,14 +38,10 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - # -- The image registry + image: registry: git.badhouseplants.net - # -- The image repository repository: allanger/woodpecker-agent - # -- The pull policy for the image pullPolicy: Always - # -- Overrides the image tag whose default is the chart appVersion. tag: dev enabled: true extraSecretNamesForEnvFrom: [] -- 2.45.2 From e2b0647c9453ae1e8481b4d74a30c0615f83934a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Dec 2023 16:26:11 +0100 Subject: [PATCH 258/316] Use official woodpecker images --- .../values/values.woodpecker-ci.yaml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 4dd3ab4..6d29890 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,11 +18,11 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-server - pullPolicy: Always - tag: fix-error + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-server + # pullPolicy: Always + # tag: icon enabled: true env: WOODPECKER_GITEA: true @@ -38,11 +38,11 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-agent - pullPolicy: Always - tag: dev + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-agent + # pullPolicy: Always + # tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.45.2 From 1ddab7a67f6383a31d0d6c5aea4a454800f2cd66 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Dec 2023 14:48:53 +0100 Subject: [PATCH 259/316] Install reflector --- helmfile.yaml | 5 +++++ releases.yaml | 5 +++++ repositories.yaml | 5 ++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/helmfile.yaml b/helmfile.yaml index 738d891..97375c2 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,5 +46,10 @@ releases: namespace: metallb-system createNamespace: true + - <<: *reflector + installed: true + namespace: reflector-system + createNamespace: true + helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/releases.yaml b/releases.yaml index 7c673c6..ada37fc 100644 --- a/releases.yaml +++ b/releases.yaml @@ -352,3 +352,8 @@ templates: - template: default-env-secrets - template: ext-istio-resource - template: ext-database + + reflector: &reflector + name: reflector + chart: emberstack/reflector + version: 7.1.216 diff --git a/repositories.yaml b/repositories.yaml index 0d52f2e..6c63ec0 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -1,4 +1,3 @@ ---- repositories: - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ @@ -40,3 +39,7 @@ repositories: url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker url: https://woodpecker-ci.org + - name: firefly-iii + url: https://firefly-iii.github.io/kubernetes/ + - name: emberstack + url: https://emberstack.github.io/helm-charts -- 2.45.2 From fb8a6f55f35f373f28db5d783626eb92fac6df3e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Dec 2023 15:09:37 +0100 Subject: [PATCH 260/316] Start using reflector with Redis --- badhouseplants/values/values.redis.yaml | 6 +++++- releases.yaml | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/badhouseplants/values/values.redis.yaml b/badhouseplants/values/values.redis.yaml index b27501d..77d5357 100644 --- a/badhouseplants/values/values.redis.yaml +++ b/badhouseplants/values/values.redis.yaml @@ -1,7 +1,11 @@ metrics: enabled: false +secretAnnotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application" architecture: standalone master: persistence: - enabled: false \ No newline at end of file + enabled: false diff --git a/releases.yaml b/releases.yaml index ada37fc..0cca357 100644 --- a/releases.yaml +++ b/releases.yaml @@ -354,6 +354,6 @@ templates: - template: ext-database reflector: &reflector - name: reflector - chart: emberstack/reflector - version: 7.1.216 + name: reflector + chart: emberstack/reflector + version: 7.1.216 -- 2.45.2 From 1a7066aa7d2ec208fafe7c3cff01ef07c8c6a620 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 25 Dec 2023 20:45:10 +0100 Subject: [PATCH 261/316] Update smtp password in vaultwarden --- badhouseplants/values/secrets.vaultwarden.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml index 9c2e617..8d2d9a3 100644 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -2,7 +2,7 @@ vaultwarden: smtp: username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] password: - value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] + value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] adminToken: value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] sops: @@ -20,8 +20,8 @@ sops: U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-20T07:01:25Z" - mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] + lastmodified: "2023-12-25T19:33:37Z" + mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- 2.45.2 From e54ea10a1331a1d9fe27c6198907d71732134f80 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Dec 2023 13:21:09 +0100 Subject: [PATCH 262/316] Use dev woodpecker image --- badhouseplants/values/values.woodpecker-ci.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 6d29890..492d05c 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -38,11 +38,11 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - #image: - # registry: git.badhouseplants.net - # repository: allanger/woodpecker-agent - # pullPolicy: Always - # tag: dev + image: + registry: git.badhouseplants.net + repository: allanger/woodpecker-agent + pullPolicy: Always + tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.45.2 From afed983626c6f2481ab803caa64d62e5ee1f3433 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Jan 2024 13:50:42 +0100 Subject: [PATCH 263/316] Update OpenVPN --- badhouseplants/helmfile.yaml | 5 +++ ...s.openvpn.yaml => values.openvpn-xor.yaml} | 7 ++-- .../values/values.woodpecker-ci.yaml | 12 +++---- etersoft/helmfile.yaml | 5 +++ helmfile.yaml | 5 --- releases.yaml | 34 ++++++++++++------- 6 files changed, 40 insertions(+), 28 deletions(-) rename badhouseplants/values/{values.openvpn.yaml => values.openvpn-xor.yaml} (88%) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 450d7b0..ebb0e1f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -107,6 +107,11 @@ releases: namespace: woodpecker-ci createNamespace: true + - <<: *openvpn-xor + installed: true + namespace: openvpn-service + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn-xor.yaml similarity index 88% rename from badhouseplants/values/values.openvpn.yaml rename to badhouseplants/values/values.openvpn-xor.yaml index 073bdfa..0f4c96c 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -6,16 +6,14 @@ istio: enabled: true istio: - - name: openvpn-tcp + - name: openvpn-tcp-xor gateway: istio-system/badhouseplants-vpn kind: tcp port_match: 1194 hostname: "*" - service: openvpn + service: openvpn-xor port: 1194 # ------------------------------------------ -image: - tag: v2.6.5-xor-4.0.0beta08 storage: class: longhorn size: 512Mi @@ -23,6 +21,7 @@ storage: openvpn: proto: tcp host: 195.201.250.50 + easyrsa: cn: Bad Houseplants country: Germany diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 492d05c..ffd1564 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -35,14 +35,14 @@ server: WOODPECKER_ESCALATE: true WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath - extraSecretNamesForEnvFrom: + extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-agent - pullPolicy: Always - tag: dev + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-agent + # pullPolicy: Always + # tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index af38673..319da69 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,4 +1,9 @@ --- +releases: + - <<: *openvpn + installed: true + namespace: openvpn-service + createNamespace: false bases: - ../environments.yaml diff --git a/helmfile.yaml b/helmfile.yaml index 97375c2..06da863 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -36,11 +36,6 @@ releases: namespace: minio-service createNamespace: false - - <<: *openvpn - installed: true - namespace: openvpn-service - createNamespace: false - - <<: *metallb installed: true namespace: metallb-system diff --git a/releases.yaml b/releases.yaml index 0cca357..fe607c5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.6 + version: 5.52.0 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.3.1 + version: 55.5.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.1 + version: 5.41.4 inherit: - template: monitoring-common - template: default-env-values @@ -198,10 +198,18 @@ templates: # ---------------------------- # -- Applications # ---------------------------- + openvpn-xor: &openvpn-xor + name: openvpn-xor + chart: allanger-gitea/openvpn-xor + version: 1.1.0 + inherit: + - template: default-env-values + - template: ext-istio-resource + openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.7 + version: 1.0.8 inherit: - template: default-env-values - template: ext-istio-resource @@ -233,7 +241,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.1 + version: 1.0.3 inherit: - template: ext-database - template: default-env-values @@ -243,7 +251,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.24 + version: 19.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -262,7 +270,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.12.0 + version: 4.14.0 inherit: - template: default-env-values - template: default-env-secrets @@ -271,7 +279,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.6.1 + version: 10.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -300,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.5.0 + version: 18.6.1 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.24 + version: 13.2.27 inherit: - template: default-env-values - template: default-env-secrets @@ -316,12 +324,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.14.1 + version: 1.16.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.1.1 + version: 2.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -329,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.4 + version: 9.16.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 106c701ce1a758beb742154c2a4a2c65513bc3e4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Jan 2024 13:56:35 +0100 Subject: [PATCH 264/316] Fix etersoft cluster's config --- etersoft/helmfile.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 319da69..a051a53 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,4 +1,6 @@ --- +{{ readFile "../releases.yaml" }} + releases: - <<: *openvpn installed: true -- 2.45.2 From af37b8011bcd022bca25b0f1eb31da1e3bf97e52 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 11:11:24 +0100 Subject: [PATCH 265/316] Update db-oeprator version --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index fe607c5..c240569 100644 --- a/releases.yaml +++ b/releases.yaml @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.0 + version: 1.16.1 db-instances: &db-instances name: db-instances -- 2.45.2 From 41ff1dadbfa3f672b1da6242c0d021c02a36722e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 14:55:12 +0100 Subject: [PATCH 266/316] Upgrade vaultwarden --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index c240569..86a98af 100644 --- a/releases.yaml +++ b/releases.yaml @@ -353,8 +353,8 @@ templates: vaultwarden: &vaultwarden name: vaultwarden - chart: badhouseplants/vaultwarden - version: 1.0.0 + chart: allanger-gitea/vaultwarden + version: 1.1.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 18b8a3ec56b13a2a8ae2b9a1608b35e641d204ff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 21:01:47 +0100 Subject: [PATCH 267/316] Upgrade db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 86a98af..1c9977e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.1 + version: 1.16.2 db-instances: &db-instances name: db-instances -- 2.45.2 From aa101786e01d6d97825b098b8f1060718f39b70e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 4 Jan 2024 11:19:28 +0100 Subject: [PATCH 268/316] Enable storage for Vaultwarden --- badhouseplants/values/values.vaultwarden.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index b2bd5a3..ea33706 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -53,9 +53,9 @@ vaultwarden: connectionRetries: 15 maxConnections: 10 storage: - enabled: false + enabled: true size: 1Gi - class: default + class: longhorn dataDir: /data logging: enabled: false -- 2.45.2 From dd6db7b7cdfb65a4ad00ab99214c60ea1b28e258 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 05:03:34 +0100 Subject: [PATCH 269/316] Update releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 1c9977e..5630ac5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.52.0 + version: 5.52.1 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.5.1 + version: 55.6.0 inherit: - template: monitoring-common - template: default-env-values @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.1 + version: 18.6.2 inherit: - template: default-env-values - template: default-env-secrets @@ -364,4 +364,4 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.216 + version: 7.1.218 -- 2.45.2 From 5236fd1cd72d517166aef65e009cbcbac80096dd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 06:29:15 +0100 Subject: [PATCH 270/316] Update releases --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 5630ac5..b13dd22 100644 --- a/releases.yaml +++ b/releases.yaml @@ -364,4 +364,4 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.218 + version: 7.1.238 -- 2.45.2 From 5b7fd5117ede2df8e7a606b23926d7fe4b1f2c6c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 21:16:12 +0100 Subject: [PATCH 271/316] Install Tandoor --- badhouseplants/helmfile.yaml | 5 ++ badhouseplants/values/secrets.tandoor.yaml | 22 +++++++++ badhouseplants/values/values.tandoor.yaml | 55 ++++++++++++++++++++++ releases.yaml | 10 ++++ repositories.yaml | 2 + 5 files changed, 94 insertions(+) create mode 100644 badhouseplants/values/secrets.tandoor.yaml create mode 100644 badhouseplants/values/values.tandoor.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index ebb0e1f..92e05f1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -112,6 +112,11 @@ releases: namespace: openvpn-service createNamespace: false + - <<: *tandoor + installed: true + namespace: tandoor-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.tandoor.yaml b/badhouseplants/values/secrets.tandoor.yaml new file mode 100644 index 0000000..65d3703 --- /dev/null +++ b/badhouseplants/values/secrets.tandoor.yaml @@ -0,0 +1,22 @@ +env: + SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB + d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV + YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM + NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz + qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-06T15:16:21Z" + mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.tandoor.yaml b/badhouseplants/values/values.tandoor.yaml new file mode 100644 index 0000000..c30f79e --- /dev/null +++ b/badhouseplants/values/values.tandoor.yaml @@ -0,0 +1,55 @@ +istio: + enabled: true + istio: + - name: tandoor-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: tandoor.badhouseplants.net + service: tandoor + port: 8080 + +ext-database: + enabled: true + name: tandoor-postgres16 + instance: postgres16 + credentials: + POSTGRES_HOST: |- + "{{ .Hostname }}" + POSTGRES_PORT: |- + "{{ .Port }}" + +envFrom: + - secretRef: + name: tandoor-postgres16-creds +env: + TZ: UTC + DB_ENGINE: django.db.backends.postgresql + EMAIL_HOST: badhouseplants.net + EMAIL_PORT: 587 + EMAIL_HOST_USER: overlord@badhouseplants.net + EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g + EMAIL_USE_TLS: 1 + EMAIL_USE_SSL: 0 + DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net +persistence: + config: + enabled: true + retain: true + storageClass: longhorn + accessMode: ReadWriteOnce + size: 1Gi + media: + enabled: true + mountPath: /opt/recipes/mediafiles + retain: true + storageClass: longhorn + accessMode: ReadWriteOnce + size: 1Gi + static: + enabled: true + type: emptyDir + mountPath: /opt/recipes/staticfiles + django-js-reverse: + enabled: true + type: emptyDir + mountPath: /opt/recipes/cookbook/static/django_js_reverse diff --git a/releases.yaml b/releases.yaml index b13dd22..cc62771 100644 --- a/releases.yaml +++ b/releases.yaml @@ -365,3 +365,13 @@ templates: name: reflector chart: emberstack/reflector version: 7.1.238 + + tandoor: &tandoor + name: tandoor + chart: gabe565/tandoor + version: 0.8.11 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database diff --git a/repositories.yaml b/repositories.yaml index 6c63ec0..1026e58 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -43,3 +43,5 @@ repositories: url: https://firefly-iii.github.io/kubernetes/ - name: emberstack url: https://emberstack.github.io/helm-charts + - name: gabe565 + url: https://charts.gabe565.com -- 2.45.2 From 2c33823d906c95078709170272af8fee3ae7d539 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 21:29:25 +0100 Subject: [PATCH 272/316] Use longhorn for vaultwarden --- badhouseplants/values/values.vaultwarden.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index ea33706..b4afad8 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -20,7 +20,7 @@ ext-database: enabled: true name: vaultwarden-postgres16 instance: postgres16 -service: +service: port: 8080 vaultwarden: smtp: -- 2.45.2 From 238231bdc89f9af22d2f51d2b6b3f8f95aa0199f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 11 Jan 2024 04:37:37 +0100 Subject: [PATCH 273/316] Update release --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index cc62771..ccb1d8b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.6.0 + version: 55.7.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.4 + version: 5.41.5 inherit: - template: monitoring-common - template: default-env-values @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.1 + version: 1.20.2 istio-base: &istio-base name: istio-base @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.2 + version: 18.6.3 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.27 + version: 13.2.28 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 0f533964eadb347f7cc54ad91d96312ba196fddf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Jan 2024 11:57:09 +0100 Subject: [PATCH 274/316] Some updates --- .../values/values.istio-ingressgateway.yaml | 4 ---- manifests/debug/metallb/deployment.yaml | 19 +++++++++++++++++++ manifests/debug/metallb/service.yaml | 11 +++++++++++ releases.yaml | 4 ++-- repositories.yaml | 4 ++-- 5 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 manifests/debug/metallb/deployment.yaml create mode 100644 manifests/debug/metallb/service.yaml diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index a5d2656..e37b970 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -21,10 +21,6 @@ service: port: 1194 protocol: TCP targetPort: 1194 - - name: tcp - port: 25 - protocol: TCP - targetPort: 25 # ----------- # -- Email # ----------- diff --git a/manifests/debug/metallb/deployment.yaml b/manifests/debug/metallb/deployment.yaml new file mode 100644 index 0000000..1ad28b5 --- /dev/null +++ b/manifests/debug/metallb/deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + selector: + matchLabels: + app: nginx + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ports: + - containerPort: 80 diff --git a/manifests/debug/metallb/service.yaml b/manifests/debug/metallb/service.yaml new file mode 100644 index 0000000..041fc06 --- /dev/null +++ b/manifests/debug/metallb/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx +spec: + selector: + app: nginx + ports: + - port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/releases.yaml b/releases.yaml index ccb1d8b..053d82e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -316,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.28 + version: 13.3.1 inherit: - template: default-env-values - template: default-env-secrets @@ -337,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.16.1 + version: 9.17.1 inherit: - template: default-env-values - template: default-env-secrets diff --git a/repositories.yaml b/repositories.yaml index 1026e58..3f5b623 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -33,8 +33,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + #- name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker -- 2.45.2 From a95c4a9406d06004a07d83f3e8c47440ff9bd209 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:35:32 +0100 Subject: [PATCH 275/316] Update the email workflow --- .woodpecker/.cdh.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index 8298b38..0fcab33 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,6 +2,7 @@ # -- Check da helm pipeline # ---------------------------------------------- when: + - push - event: cron cron: nightly steps: @@ -16,19 +17,15 @@ steps: notification: image: deblan/woodpecker-email settings: - from: woody@badhouseplants.net - host: badhouseplants.net - skip_verify: true - no_starttls: false - username: - from_secret: smtp_username - password: - from_secret: smtp_password + dsn: + from_secret: smtp_dsn + from: + address: woody@badhouseplants.net + name: Woody Woodpecker recipients: - allanger@badhouseplants.net subject: CDH result target: main - recipients_only: true attachment: result.html when: - status: [success, failure] -- 2.45.2 From 25ea4c42542fc42a415c1fcedc3bf7c39dc6041e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:36:36 +0100 Subject: [PATCH 276/316] Fix the push workflow --- .woodpecker/.cdh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index 0fcab33..b2e06e7 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,7 +2,7 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - push + - event: push - event: cron cron: nightly steps: -- 2.45.2 From 896e939c2d7e691bdb775331e1c9709ab9d48046 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:49:03 +0100 Subject: [PATCH 277/316] Fix the gitea-allanger repo --- repositories.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/repositories.yaml b/repositories.yaml index 3f5b623..1026e58 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -33,8 +33,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - #- name: allanger-gitea - # url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker -- 2.45.2 From 9cf8656ba56d27116742d3de7e331f574e73fd51 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 26 Jan 2024 16:53:13 +0100 Subject: [PATCH 278/316] Fix the cluster --- badhouseplants/values/secrets.funkwhale.yaml | 22 +++---- badhouseplants/values/secrets.gitea.yaml | 36 +++++------ badhouseplants/values/values.loki.yaml | 2 + badhouseplants/values/values.longhorn.yaml | 7 ++- .../values/values.woodpecker-ci.yaml | 3 +- system/charts/namespaces/chart/.helmignore | 23 +++++++ system/charts/namespaces/chart/Chart.yaml | 24 +++++++ .../namespaces/chart/templates/_helpers.tpl | 43 +++++++++++++ .../chart/templates/namespaces.yaml | 18 ++++++ system/charts/namespaces/chart/values.yaml | 20 ++++++ .../namespaces/kustomize/flux-system.yml | 6 ++ .../namespaces/kustomize/giantswarm-flux.yml | 6 ++ .../namespaces/kustomize/giantswarm.yml | 6 ++ .../namespaces/kustomize/kustomization.yaml | 5 ++ .../namespaces/kustomize/monitoring.yml | 6 ++ .../namespaces/kustomize/org-giantswarm.yml | 6 ++ system/charts/root/.helmignore | 23 +++++++ system/charts/root/Chart.yaml | 6 ++ system/charts/root/templates/_helpers.tpl | 62 +++++++++++++++++++ system/charts/root/templates/root.yaml | 25 ++++++++ system/charts/root/templates/self.yaml | 25 ++++++++ system/charts/root/values.yaml | 5 ++ system/helmfile.yaml | 51 +++++++++++++++ system/values/calico.yaml | 12 ++++ system/values/cilium.yaml | 11 ++++ system/values/coredns.yaml | 32 ++++++++++ system/values/namespaces.yaml | 22 +++++++ 27 files changed, 473 insertions(+), 34 deletions(-) create mode 100644 system/charts/namespaces/chart/.helmignore create mode 100644 system/charts/namespaces/chart/Chart.yaml create mode 100644 system/charts/namespaces/chart/templates/_helpers.tpl create mode 100644 system/charts/namespaces/chart/templates/namespaces.yaml create mode 100644 system/charts/namespaces/chart/values.yaml create mode 100644 system/charts/namespaces/kustomize/flux-system.yml create mode 100644 system/charts/namespaces/kustomize/giantswarm-flux.yml create mode 100644 system/charts/namespaces/kustomize/giantswarm.yml create mode 100644 system/charts/namespaces/kustomize/kustomization.yaml create mode 100644 system/charts/namespaces/kustomize/monitoring.yml create mode 100644 system/charts/namespaces/kustomize/org-giantswarm.yml create mode 100644 system/charts/root/.helmignore create mode 100644 system/charts/root/Chart.yaml create mode 100644 system/charts/root/templates/_helpers.tpl create mode 100644 system/charts/root/templates/root.yaml create mode 100644 system/charts/root/templates/self.yaml create mode 100644 system/charts/root/values.yaml create mode 100644 system/helmfile.yaml create mode 100644 system/values/calico.yaml create mode 100644 system/values/cilium.yaml create mode 100644 system/values/coredns.yaml create mode 100644 system/values/namespaces.yaml diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 1730f80..ff593f1 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] +djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] + password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str] redis: auth: - password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] + password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw - TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL - VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y - dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA - GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG + MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ + WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3 + S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX + E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T18:47:37Z" - mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] + lastmodified: "2024-01-26T15:39:00Z" + mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 6d28634..84af601 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] - password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] + username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str] + password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] + PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] + PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str] cache: - HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] + HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] + CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str] oauth: - - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] - provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] - key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] - secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] + - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str] + provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str] + key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str] + secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 - QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu - LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 - Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN - WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6 + VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv + MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu + YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns + xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-15T09:58:05Z" - mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] + lastmodified: "2024-01-26T15:39:40Z" + mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index 76f2f8f..f3a74e8 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,4 +1,6 @@ --- +global: + dnsService: "coredns" singleBinary: replicas: 1 persistence: diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 078e6ab..eb7bfe5 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -1,13 +1,14 @@ defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore + backupTarget: s3://longhorn@us-east1/backupstore backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 storageOverProvisioningPercentage: 300 storageMinimalAvailablePercentage: 5 - defaultDataPath: /media-longhorn + storageReservedPercentageForDefaultDisk: 1 + defaultDataPath: /media/longhorn csi: - kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet + kubeletRootDir: /var/lib/kubelet/ persistence: defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index ffd1564..202daca 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -34,7 +34,6 @@ server: WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: @@ -49,7 +48,7 @@ agent: WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn serviceAccount: create: true rbac: diff --git a/system/charts/namespaces/chart/.helmignore b/system/charts/namespaces/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/namespaces/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/namespaces/chart/Chart.yaml b/system/charts/namespaces/chart/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/system/charts/namespaces/chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/system/charts/namespaces/chart/templates/_helpers.tpl b/system/charts/namespaces/chart/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/system/charts/namespaces/chart/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/system/charts/namespaces/chart/templates/namespaces.yaml b/system/charts/namespaces/chart/templates/namespaces.yaml new file mode 100644 index 0000000..dc2bd62 --- /dev/null +++ b/system/charts/namespaces/chart/templates/namespaces.yaml @@ -0,0 +1,18 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $ns.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/system/charts/namespaces/chart/values.yaml b/system/charts/namespaces/chart/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/system/charts/namespaces/chart/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/system/charts/namespaces/kustomize/flux-system.yml b/system/charts/namespaces/kustomize/flux-system.yml new file mode 100644 index 0000000..f44f3af --- /dev/null +++ b/system/charts/namespaces/kustomize/flux-system.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + name: flux-system diff --git a/system/charts/namespaces/kustomize/giantswarm-flux.yml b/system/charts/namespaces/kustomize/giantswarm-flux.yml new file mode 100644 index 0000000..bd0e121 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm-flux.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm-flux + labels: + name: giantswarm-flux diff --git a/system/charts/namespaces/kustomize/giantswarm.yml b/system/charts/namespaces/kustomize/giantswarm.yml new file mode 100644 index 0000000..31e7916 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm + labels: + name: giantswarm diff --git a/system/charts/namespaces/kustomize/kustomization.yaml b/system/charts/namespaces/kustomize/kustomization.yaml new file mode 100644 index 0000000..8159198 --- /dev/null +++ b/system/charts/namespaces/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ./giantswarm-flux.yml + - ./giantswarm.yml + - ./monitoring.yml + - ./org-giantswarm.yml diff --git a/system/charts/namespaces/kustomize/monitoring.yml b/system/charts/namespaces/kustomize/monitoring.yml new file mode 100644 index 0000000..90d12ef --- /dev/null +++ b/system/charts/namespaces/kustomize/monitoring.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + name: monitoring diff --git a/system/charts/namespaces/kustomize/org-giantswarm.yml b/system/charts/namespaces/kustomize/org-giantswarm.yml new file mode 100644 index 0000000..f27e8c4 --- /dev/null +++ b/system/charts/namespaces/kustomize/org-giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: org-giantswarm + labels: + name: org-giantswarm diff --git a/system/charts/root/.helmignore b/system/charts/root/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/root/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/root/Chart.yaml b/system/charts/root/Chart.yaml new file mode 100644 index 0000000..59e507d --- /dev/null +++ b/system/charts/root/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: root +description: A Helm chart for Kubernetes +type: application +version: 0.1.5 +appVersion: "1.16.0" diff --git a/system/charts/root/templates/_helpers.tpl b/system/charts/root/templates/_helpers.tpl new file mode 100644 index 0000000..8a3cc9a --- /dev/null +++ b/system/charts/root/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "root.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "root.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "root.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "root.labels" -}} +helm.sh/chart: {{ include "root.chart" . }} +{{ include "root.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "root.selectorLabels" -}} +app.kubernetes.io/name: {{ include "root.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "root.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/system/charts/root/templates/root.yaml b/system/charts/root/templates/root.yaml new file mode 100644 index 0000000..f542187 --- /dev/null +++ b/system/charts/root/templates/root.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root +spec: + interval: 30s + url: {{ .Values.url }} + ref: + branch: {{ .Values.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/templates/self.yaml b/system/charts/root/templates/self.yaml new file mode 100644 index 0000000..0ddb8de --- /dev/null +++ b/system/charts/root/templates/self.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root-self +spec: + interval: 30s + url: {{ .Values.self.url }} + ref: + branch: {{ .Values.self.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root-self +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root-self + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/values.yaml b/system/charts/root/values.yaml new file mode 100644 index 0000000..51850fa --- /dev/null +++ b/system/charts/root/values.yaml @@ -0,0 +1,5 @@ +url: https://git.badhouseplants.net/giantswarm/cluster-example.git +branch: main +self: + url: git@git.badhouseplants.net:giantswarm/root-config.git + branch: master diff --git a/system/helmfile.yaml b/system/helmfile.yaml new file mode 100644 index 0000000..7cc46e6 --- /dev/null +++ b/system/helmfile.yaml @@ -0,0 +1,51 @@ +repositories: + - name: projectcalico + url: https://docs.tigera.io/calico/charts + - name: coredns + url: https://coredns.github.io/helm + - name: flannel + url: https://flannel-io.github.io/flannel/ + - name: cilium + url: https://helm.cilium.io/ + - name: hcloud + url: https://charts.hetzner.cloud + +releases: + - name: namespaces + chart: ./charts/namespaces/chart + namespace: kube-public + createNamespace: false + values: + - ./values/namespaces.yaml + + - name: hccm + chart: hcloud/hcloud-cloud-controller-manager + needs: + - kube-public/namespaces + namespace: kube-system + version: 1.19.0 + installed: false + createNamespace: false + values: + - ./values/hcloud.yaml + + - name: coredns + needs: + - kube-public/namespaces + chart: coredns/coredns + installed: true + version: 1.29.0 + namespace: kube-system + values: + - ./values/coredns.yaml + + - name: cilium + chart: cilium/cilium + version: 1.14.6 + installed: true + createNamespace: false + namespace: kube-system + needs: + - kube-public/namespaces + values: + - ./values/cilium.yaml diff --git a/system/values/calico.yaml b/system/values/calico.yaml new file mode 100644 index 0000000..b47e04e --- /dev/null +++ b/system/values/calico.yaml @@ -0,0 +1,12 @@ +installation: + enabled: true + spec: + calicoNetwork: + bgp: Enabled + nodeAddressAutodetectionV4: + interface: ens11 + ipPools: + - cidr: 10.50.0.0/16 + encapsulation: VXLANCrossSubnet + natOutgoing: Enabled + nodeSelector: all() diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml new file mode 100644 index 0000000..e0f0670 --- /dev/null +++ b/system/values/cilium.yaml @@ -0,0 +1,11 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +policyEnforcementMode: never +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"] diff --git a/system/values/coredns.yaml b/system/values/coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/system/values/coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml new file mode 100644 index 0000000..d303607 --- /dev/null +++ b/system/values/namespaces.yaml @@ -0,0 +1,22 @@ +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main -- 2.45.2 From 9c7e44e757f9ddc4c369ab113b463b1c59000b6f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 4 Feb 2024 09:31:09 +0100 Subject: [PATCH 279/316] Sync after the disaster recovery --- badhouseplants/helmfile.yaml | 24 ++-- badhouseplants/values/secrets.funkwhale.yaml | 20 +-- badhouseplants/values/secrets.gitea.yaml | 36 ++--- badhouseplants/values/secrets.mailu.yaml | 38 ++--- .../values/secrets.vaultwarden.yaml | 20 +-- badhouseplants/values/values.argocd.yaml | 1 + badhouseplants/values/values.mailu.yaml | 130 +++++++++--------- badhouseplants/values/values.openvpn-xor.yaml | 2 +- common/values.database.yaml | 2 +- etersoft/helmfile.yaml | 5 + etersoft/values/secrets.postgres16.yaml | 24 ++++ etersoft/values/values.longhorn.yaml | 13 ++ etersoft/values/values.postgres16.yaml | 10 ++ helmfile.yaml | 5 + manifests/badhouseplants-ip.yaml | 2 +- manifests/debug/istio/httpbin.yaml | 63 +++++++++ manifests/debug/ubuntu.yaml | 11 ++ releases.yaml | 11 ++ repositories.yaml | 2 + system/values/cilium.yaml | 3 +- system/values/namespaces.yaml | 1 + 21 files changed, 285 insertions(+), 138 deletions(-) create mode 100644 etersoft/values/secrets.postgres16.yaml create mode 100644 etersoft/values/values.longhorn.yaml create mode 100644 etersoft/values/values.postgres16.yaml create mode 100644 manifests/debug/istio/httpbin.yaml create mode 100644 manifests/debug/ubuntu.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 92e05f1..e6c262b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,11 +12,6 @@ releases: namespace: drone-service createNamespace: false - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - - <<: *argocd installed: true namespace: argo-system @@ -87,11 +82,12 @@ releases: namespace: database-service createNamespace: true - - <<: *docker-mailserver + - <<: *woodpecker-ci installed: true - namespace: mail-service + namespace: woodpecker-ci createNamespace: true + - <<: *istio-gateway-resources installed: true namespace: istio-system @@ -102,21 +98,25 @@ releases: installed: true namespace: vaultwarden-application - - <<: *woodpecker-ci - installed: true - namespace: woodpecker-ci - createNamespace: true - - <<: *openvpn-xor installed: true namespace: openvpn-service createNamespace: false + - <<: *docker-mailserver + installed: true + namespace: mail-service + createNamespace: true + - <<: *tandoor installed: true namespace: tandoor-application createNamespace: true + - <<: *mailu + installed: true + namespace: mailu-application + createNamespace: false bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index ff593f1..2ef8cde 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str] +djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str] + password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str] redis: auth: - password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str] + password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG - MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ - WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3 - S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX - E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2 + NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3 + Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB + ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5 + M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-26T15:39:00Z" - mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str] + lastmodified: "2024-01-31T18:41:30Z" + mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 84af601..4c1a84f 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str] - password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str] + username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str] + password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str] + PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str] + PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str] cache: - HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str] + HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str] + CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str] oauth: - - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str] - provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str] - key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str] - secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str] + - name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str] + provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str] + key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str] + secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6 - VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv - MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu - YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns - xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk + OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy + Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3 + YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI + nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-26T15:39:40Z" - mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str] + lastmodified: "2024-01-30T18:17:44Z" + mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index 5e20299..193f934 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] +secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] - username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] - domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] - password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] + enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool] + username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str] + domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str] + password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] - postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] + password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str] + postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] - userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str] + userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] + password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw - YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh - b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv - RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp - QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN + Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96 + a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5 + S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9 + wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-28T08:37:51Z" - mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] + lastmodified: "2024-02-02T07:57:08Z" + mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml index 8d2d9a3..61f6e40 100644 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -1,10 +1,10 @@ vaultwarden: smtp: - username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] + username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str] password: - value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] + value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str] adminToken: - value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] + value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo - WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 - dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a - U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT - HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-25T19:33:37Z" - mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] + lastmodified: "2024-01-30T18:44:39Z" + mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 7d01d6c..e8d0bce 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -63,6 +63,7 @@ server: scopes: "[email, group]" policy.csv: | g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin g, rodion.n.rodionov@gmail.com, role:admin p, drone, applications, *, badhouseplants/*,allow config: diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 0612e49..6c54e91 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,7 +1,7 @@ --- -certificate: +certificate: enabled: true - certificate: + certificate: - name: mailu secretName: mailu-certificate issuer: @@ -21,58 +21,58 @@ istio: kind: http gateway: badhouseplants-net hostname: email.badhouseplants.net - service: mailu-fr ont + service: mailu-front port: 80 - # - name: mailu-smpt - # kind: tcp - # gateway: badhouseplants-mail - # service: mailu-front - # hostname: email.badhousplants.net - # port_match: 25 - # port: 25 - # - name: mailu-smpts - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 465 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 465 - # - name: mailu-smpt-startls - # kind: tcp - # gateway: badhouseplants-mail - # hostname: email.badhousplants.net - # port_match: 587 - # service: mailu-front - # port: 587 - # - name: mailu-imap - # kind: tcp - # hostname: email.badhousplants.net - # gateway: badhouseplants-mail - # port_match: 143 - # service: mailu-front - # port: 143 - # - name: mailu-imaps - # kind: tcp - # gateway: badhouseplants-mail - # hostname: email.badhousplants.net - # port_match: 993 - # service: mailu-front - # port: 993 - # - name: mailu-pop3 - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 110 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 110 - # - name: mailu-pop3s - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 993 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 993 -subnet: 10.1.0.0/16 + - name: mailu-smpt + kind: tcp + gateway: badhouseplants-mail + service: mailu-front + hostname: email.badhousplants.net + port_match: 25 + port: 25 + - name: mailu-smpts + kind: tcp + gateway: badhouseplants-mail + port_match: 465 + hostname: email.badhousplants.net + service: mailu-front + port: 465 + - name: mailu-smpt-startls + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 587 + service: mailu-front + port: 587 + - name: mailu-imap + kind: tcp + hostname: email.badhousplants.net + gateway: badhouseplants-mail + port_match: 143 + service: mailu-front + port: 143 + - name: mailu-imaps + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 993 + service: mailu-front + port: 993 + - name: mailu-pop3 + kind: tcp + gateway: badhouseplants-mail + port_match: 110 + hostname: email.badhousplants.net + service: mailu-front + port: 110 + - name: mailu-pop3s + kind: tcp + gateway: badhouseplants-mail + port_match: 993 + hostname: email.badhousplants.net + service: mailu-front + port: 993 +subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - post.badhouseplants.net @@ -90,6 +90,11 @@ ingress: tlsFlavorOverride: mail selfSigned: false existingSecret: mailu-certificate + realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local + realIpHeader: "X-Forwarded-For" +front: + hostPort: + enabled: false admin: resources: requests: @@ -107,9 +112,10 @@ redis: cpu: 70m limits: memory: 200Mi - cpu: 200m - persistence: - size: 1Gi + cpu: 200m + master: + persistence: + enabled: false postfix: resources: requests: @@ -117,7 +123,7 @@ postfix: cpu: 200m limits: memory: 1024Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi dovecot: @@ -128,7 +134,7 @@ dovecot: cpu: 70m limits: memory: 400Mi - cpu: 300m + cpu: 300m persistence: size: 1Gi roundcube: @@ -138,7 +144,7 @@ roundcube: cpu: 70m limits: memory: 200Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi mysql: @@ -154,10 +160,6 @@ postgresql: storageClass: "" accessMode: ReadWriteOnce size: 2Gi -front: - logLevel: DEBUG - hostPort: - enabled: true rspamd: resources: requests: @@ -166,7 +168,7 @@ rspamd: limits: memory: 500Mi cpu: 400m - startupProbe: + startupProbe: periodSeconds: 30 failureThreshold: 900 timeoutSeconds: 20 diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 0f4c96c..9b9171b 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -20,7 +20,7 @@ storage: openvpn: proto: tcp - host: 195.201.250.50 + host: 195.201.249.91 easyrsa: cn: Bad Houseplants diff --git a/common/values.database.yaml b/common/values.database.yaml index d5d0221..6685015 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -10,7 +10,7 @@ ext-database: spec: secretName: "{{ .Values.name }}-creds" instance: "{{ .Values.instance }}" - deletionProtected: false + deletionProtected: true backup: enable: false cron: 0 0 * * * diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index a051a53..98684a6 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -6,6 +6,11 @@ releases: installed: true namespace: openvpn-service createNamespace: false + + - <<: *postgres16 + installed: true + namespace: database-service + createNamespace: true bases: - ../environments.yaml diff --git a/etersoft/values/secrets.postgres16.yaml b/etersoft/values/secrets.postgres16.yaml new file mode 100644 index 0000000..e466bb1 --- /dev/null +++ b/etersoft/values/secrets.postgres16.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T02:27:48Z" + mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/etersoft/values/values.longhorn.yaml b/etersoft/values/values.longhorn.yaml new file mode 100644 index 0000000..078e6ab --- /dev/null +++ b/etersoft/values/values.longhorn.yaml @@ -0,0 +1,13 @@ +defaultSettings: + backupTarget: s3://longhorn@us-east1/backupstore + backupTargetCredentialSecret: aws-secret + guaranteedEngineManagerCPU: 6 + guaranteedReplicaManagerCPU: 6 + storageOverProvisioningPercentage: 300 + storageMinimalAvailablePercentage: 5 + defaultDataPath: /media-longhorn +csi: + kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet +persistence: + defaultClassReplicaCount: 1 +enablePSP: false diff --git a/etersoft/values/values.postgres16.yaml b/etersoft/values/values.postgres16.yaml new file mode 100644 index 0000000..cbcb751 --- /dev/null +++ b/etersoft/values/values.postgres16.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false diff --git a/helmfile.yaml b/helmfile.yaml index 06da863..73ac8fa 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,5 +46,10 @@ releases: namespace: reflector-system createNamespace: true + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/manifests/badhouseplants-ip.yaml b/manifests/badhouseplants-ip.yaml index b98f76f..86db502 100644 --- a/manifests/badhouseplants-ip.yaml +++ b/manifests/badhouseplants-ip.yaml @@ -7,4 +7,4 @@ metadata: namespace: metallb-system spec: addresses: - - 195.201.250.50-195.201.250.50 + - 195.201.249.91-195.201.249.91 diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml new file mode 100644 index 0000000..29b9db1 --- /dev/null +++ b/manifests/debug/istio/httpbin.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + kubernetes.io/metadata.name: debug + name: debug +--- +# httpbin.yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: httpbin + namespace: debug +spec: + hosts: + - "httpbin.e.badhouseplants.net" + gateways: + - istio-system/e-badhouseplants-net + http: + - route: + - destination: + port: + number: 8000 + host: httpbin +--- +apiVersion: v1 +kind: Service +metadata: + name: httpbin + namespace: debug + labels: + app: httpbin +spec: + ports: + - name: http + port: 8000 + selector: + app: httpbin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: httpbin + namespace: debug +spec: + replicas: 1 + selector: + matchLabels: + app: httpbin + version: v1 + template: + metadata: + labels: + app: httpbin + version: v1 + spec: + containers: + - image: docker.io/citizenstig/httpbin + imagePullPolicy: IfNotPresent + name: httpbin + ports: + - containerPort: 8000 diff --git a/manifests/debug/ubuntu.yaml b/manifests/debug/ubuntu.yaml new file mode 100644 index 0000000..676a047 --- /dev/null +++ b/manifests/debug/ubuntu.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ubuntu +spec: + containers: + - name: ubuntu + image: ubuntu + command: + - sleep + - infinity diff --git a/releases.yaml b/releases.yaml index 053d82e..7138202 100644 --- a/releases.yaml +++ b/releases.yaml @@ -366,6 +366,17 @@ templates: chart: emberstack/reflector version: 7.1.238 + mailu: &mailu + name: mailu + chart: mailu/mailu + version: 1.5.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-certificate + + tandoor: &tandoor name: tandoor chart: gabe565/tandoor diff --git a/repositories.yaml b/repositories.yaml index 1026e58..fc03a1e 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -45,3 +45,5 @@ repositories: url: https://emberstack.github.io/helm-charts - name: gabe565 url: https://charts.gabe565.com + - name: mailu + url: https://mailu.github.io/helm-charts/ diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml index e0f0670..6eae22c 100644 --- a/system/values/cilium.yaml +++ b/system/values/cilium.yaml @@ -4,8 +4,7 @@ endpointRoutes: # -- Enable use of per endpoint routes instead of routing via # the cilium_host interface. enabled: true -policyEnforcementMode: never ipam: ciliumNodeUpdateRate: "15s" operator: - clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"] + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml index d303607..838f30b 100644 --- a/system/values/namespaces.yaml +++ b/system/values/namespaces.yaml @@ -20,3 +20,4 @@ namespaces: - name: openvpn-service - name: tandoor-application - name: badhouseplants-main + - name: mailu-application -- 2.45.2 From b1f183d7127669fee7c5872dd3a37d765a6178fd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 8 Feb 2024 19:58:31 +0100 Subject: [PATCH 280/316] Updates after the disaster recovery --- .woodpecker/.cdh.yml | 1 - Makefile | 4 -- README.md | 2 +- badhouseplants/helmfile.yaml | 8 ++- badhouseplants/values/secrets.funkwhale.yaml | 20 +++--- badhouseplants/values/secrets.gitea.yaml | 36 +++++----- badhouseplants/values/secrets.mailu.yaml | 36 +++++----- badhouseplants/values/values.cilium.yaml | 10 +++ badhouseplants/values/values.coredns.yaml | 32 +++++++++ .../values/values.istio-ingressgateway.yaml | 1 + badhouseplants/values/values.mailu.yaml | 4 +- .../values/values.metallb-resources.yaml | 5 ++ badhouseplants/values/values.namespaces.yaml | 32 ++++++--- badhouseplants/values/values.prometheus.yaml | 1 + charts/namespaces/chart/.helmignore | 23 ++++++ charts/namespaces/chart/Chart.yaml | 24 +++++++ .../namespaces/chart/templates/_helpers.tpl | 43 +++++++++++ .../chart/templates/namespaces.yaml | 18 +++++ charts/namespaces/chart/values.yaml | 20 ++++++ charts/namespaces/kustomize/flux-system.yml | 6 ++ .../namespaces/kustomize/giantswarm-flux.yml | 6 ++ charts/namespaces/kustomize/giantswarm.yml | 6 ++ .../namespaces/kustomize/kustomization.yaml | 5 ++ charts/namespaces/kustomize/monitoring.yml | 6 ++ .../namespaces/kustomize/org-giantswarm.yml | 6 ++ charts/root/.helmignore | 23 ++++++ charts/root/Chart.yaml | 6 ++ charts/root/templates/_helpers.tpl | 62 ++++++++++++++++ charts/root/templates/root.yaml | 25 +++++++ charts/root/templates/self.yaml | 25 +++++++ charts/root/values.yaml | 5 ++ common/values.metallb.yaml | 14 ++++ crd.yaml | 27 +++++++ docs/restic.md | 7 -- etersoft/values/secrets.minio.yaml | 48 ++++++------- etersoft/values/values.metallb-resources.yaml | 5 ++ etersoft/values/values.minio.yaml | 10 +++ extensions.yaml | 56 +++++++++++++++ helmfile.yaml | 5 ++ .../namespace-creator-binding.yaml | 12 ---- .../namespace-creator-role.yaml | 8 --- manifests/debug/istio/httpbin.yaml | 4 +- manifests/new-ip.yaml | 11 +++ releases.yaml | 72 ++++++++++++++----- repositories.yaml | 4 ++ system/values/values.cilium.yaml | 10 +++ system/values/values.coredns.yaml | 32 +++++++++ system/values/values.namespaces.yaml | 23 ++++++ templates/crd-hook.yaml | 25 +++++++ templates/extensions.yaml | 56 +++++++++++++++ 50 files changed, 795 insertions(+), 135 deletions(-) delete mode 100644 Makefile create mode 100644 badhouseplants/values/values.cilium.yaml create mode 100644 badhouseplants/values/values.coredns.yaml create mode 100644 badhouseplants/values/values.metallb-resources.yaml create mode 100644 charts/namespaces/chart/.helmignore create mode 100644 charts/namespaces/chart/Chart.yaml create mode 100644 charts/namespaces/chart/templates/_helpers.tpl create mode 100644 charts/namespaces/chart/templates/namespaces.yaml create mode 100644 charts/namespaces/chart/values.yaml create mode 100644 charts/namespaces/kustomize/flux-system.yml create mode 100644 charts/namespaces/kustomize/giantswarm-flux.yml create mode 100644 charts/namespaces/kustomize/giantswarm.yml create mode 100644 charts/namespaces/kustomize/kustomization.yaml create mode 100644 charts/namespaces/kustomize/monitoring.yml create mode 100644 charts/namespaces/kustomize/org-giantswarm.yml create mode 100644 charts/root/.helmignore create mode 100644 charts/root/Chart.yaml create mode 100644 charts/root/templates/_helpers.tpl create mode 100644 charts/root/templates/root.yaml create mode 100644 charts/root/templates/self.yaml create mode 100644 charts/root/values.yaml create mode 100644 common/values.metallb.yaml create mode 100644 crd.yaml delete mode 100644 docs/restic.md create mode 100644 etersoft/values/values.metallb-resources.yaml create mode 100644 extensions.yaml delete mode 100644 manifests/badhouseplants/namespace-creator-binding.yaml delete mode 100644 manifests/badhouseplants/namespace-creator-role.yaml create mode 100644 manifests/new-ip.yaml create mode 100644 system/values/values.cilium.yaml create mode 100644 system/values/values.coredns.yaml create mode 100644 system/values/values.namespaces.yaml create mode 100644 templates/crd-hook.yaml create mode 100644 templates/extensions.yaml diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index b2e06e7..6fc4838 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,7 +2,6 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - event: push - event: cron cron: nightly steps: diff --git a/Makefile b/Makefile deleted file mode 100644 index 1814372..0000000 --- a/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -create_crb: - kubectl create clusterrolebinding drone-deployer-workaround \ - --clusterrole=cluster-admin \ - --serviceaccount=drone-service:default diff --git a/README.md b/README.md index 3fd9e60..5ad2c85 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,4 @@ [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) # CRD hooks -I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. \ No newline at end of file +I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index e6c262b..0ec24c9 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -2,6 +2,12 @@ {{ readFile "../releases.yaml" }} releases: + - <<: *namespaces + installed: true + - <<: *coredns + installed: true + - <<: *cilium + installed: true - <<: *drone installed: true namespace: drone-service @@ -114,7 +120,7 @@ releases: createNamespace: true - <<: *mailu - installed: true + installed: false namespace: mailu-application createNamespace: false bases: diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 2ef8cde..8ca3587 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str] +djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str] + password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str] redis: auth: - password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str] + password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2 - NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3 - Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB - ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5 - M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty + dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG + SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y + ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC + nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-31T18:41:30Z" - mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str] + lastmodified: "2024-02-09T09:33:11Z" + mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 4c1a84f..55bd2b4 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str] - password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str] + username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str] + password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str] + PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str] database: - PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str] + PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str] cache: - HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str] + HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str] + CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str] oauth: - - name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str] - provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str] - key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str] - secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str] + - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str] + provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str] + key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str] + secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk - OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy - Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3 - YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI - nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ + M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5 + TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC + OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X + RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-30T18:17:44Z" - mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str] + lastmodified: "2024-02-09T09:32:40Z" + mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index 193f934..61e967f 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str] +secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool] - username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str] - domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str] - password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str] + enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool] + username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str] + domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str] + password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str] - postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str] + password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str] + postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str] - userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str] + userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str] + password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN - Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96 - a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5 - S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9 - wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS + L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu + Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj + aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i + l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-02T07:57:08Z" - mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str] + lastmodified: "2024-02-04T09:30:41Z" + mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.cilium.yaml b/badhouseplants/values/values.cilium.yaml new file mode 100644 index 0000000..6eae22c --- /dev/null +++ b/badhouseplants/values/values.cilium.yaml @@ -0,0 +1,10 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/badhouseplants/values/values.coredns.yaml b/badhouseplants/values/values.coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/badhouseplants/values/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index e37b970..8e39d27 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -1,5 +1,6 @@ service: type: LoadBalancer + externalTrafficPolicy: Local ports: - name: minecraft port: 25565 diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 6c54e91..aba9e11 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -19,7 +19,7 @@ istio: istio: - name: mailu-web kind: http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net hostname: email.badhouseplants.net service: mailu-front port: 80 @@ -91,7 +91,7 @@ ingress: selfSigned: false existingSecret: mailu-certificate realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local - realIpHeader: "X-Forwarded-For" + realIpHeader: "X-Envoy-External-Address" front: hostPort: enabled: false diff --git a/badhouseplants/values/values.metallb-resources.yaml b/badhouseplants/values/values.metallb-resources.yaml new file mode 100644 index 0000000..94b681b --- /dev/null +++ b/badhouseplants/values/values.metallb-resources.yaml @@ -0,0 +1,5 @@ +metallb: + enabled: true + ippools: + - name: fuji + addresses: 195.201.249.91-195.201.249.91 diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index b477a0b..838f30b 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,11 +1,23 @@ ---- -ns: +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application - name: monitoring-system -templates: - - | - {{ range .Values.ns }} - apiVersion: v1 - kind: Namespace - metadata: - name: {{ .name }} - {{ end }} + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main + - name: mailu-application diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index cc03d42..2ee10c9 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -87,6 +87,7 @@ prometheus: storage: 12Gi grafana: + assertNoLeakedSecrets: false persistence: enabled: true size: 2Gi diff --git a/charts/namespaces/chart/.helmignore b/charts/namespaces/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/namespaces/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/namespaces/chart/Chart.yaml b/charts/namespaces/chart/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/charts/namespaces/chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/namespaces/chart/templates/_helpers.tpl b/charts/namespaces/chart/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/charts/namespaces/chart/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml new file mode 100644 index 0000000..dc2bd62 --- /dev/null +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -0,0 +1,18 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $ns.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/namespaces/chart/values.yaml b/charts/namespaces/chart/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/charts/namespaces/chart/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/charts/namespaces/kustomize/flux-system.yml b/charts/namespaces/kustomize/flux-system.yml new file mode 100644 index 0000000..f44f3af --- /dev/null +++ b/charts/namespaces/kustomize/flux-system.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + name: flux-system diff --git a/charts/namespaces/kustomize/giantswarm-flux.yml b/charts/namespaces/kustomize/giantswarm-flux.yml new file mode 100644 index 0000000..bd0e121 --- /dev/null +++ b/charts/namespaces/kustomize/giantswarm-flux.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm-flux + labels: + name: giantswarm-flux diff --git a/charts/namespaces/kustomize/giantswarm.yml b/charts/namespaces/kustomize/giantswarm.yml new file mode 100644 index 0000000..31e7916 --- /dev/null +++ b/charts/namespaces/kustomize/giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm + labels: + name: giantswarm diff --git a/charts/namespaces/kustomize/kustomization.yaml b/charts/namespaces/kustomize/kustomization.yaml new file mode 100644 index 0000000..8159198 --- /dev/null +++ b/charts/namespaces/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ./giantswarm-flux.yml + - ./giantswarm.yml + - ./monitoring.yml + - ./org-giantswarm.yml diff --git a/charts/namespaces/kustomize/monitoring.yml b/charts/namespaces/kustomize/monitoring.yml new file mode 100644 index 0000000..90d12ef --- /dev/null +++ b/charts/namespaces/kustomize/monitoring.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + name: monitoring diff --git a/charts/namespaces/kustomize/org-giantswarm.yml b/charts/namespaces/kustomize/org-giantswarm.yml new file mode 100644 index 0000000..f27e8c4 --- /dev/null +++ b/charts/namespaces/kustomize/org-giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: org-giantswarm + labels: + name: org-giantswarm diff --git a/charts/root/.helmignore b/charts/root/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/root/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/root/Chart.yaml b/charts/root/Chart.yaml new file mode 100644 index 0000000..59e507d --- /dev/null +++ b/charts/root/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: root +description: A Helm chart for Kubernetes +type: application +version: 0.1.5 +appVersion: "1.16.0" diff --git a/charts/root/templates/_helpers.tpl b/charts/root/templates/_helpers.tpl new file mode 100644 index 0000000..8a3cc9a --- /dev/null +++ b/charts/root/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "root.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "root.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "root.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "root.labels" -}} +helm.sh/chart: {{ include "root.chart" . }} +{{ include "root.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "root.selectorLabels" -}} +app.kubernetes.io/name: {{ include "root.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "root.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/root/templates/root.yaml b/charts/root/templates/root.yaml new file mode 100644 index 0000000..f542187 --- /dev/null +++ b/charts/root/templates/root.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root +spec: + interval: 30s + url: {{ .Values.url }} + ref: + branch: {{ .Values.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/charts/root/templates/self.yaml b/charts/root/templates/self.yaml new file mode 100644 index 0000000..0ddb8de --- /dev/null +++ b/charts/root/templates/self.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root-self +spec: + interval: 30s + url: {{ .Values.self.url }} + ref: + branch: {{ .Values.self.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root-self +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root-self + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/charts/root/values.yaml b/charts/root/values.yaml new file mode 100644 index 0000000..51850fa --- /dev/null +++ b/charts/root/values.yaml @@ -0,0 +1,5 @@ +url: https://git.badhouseplants.net/giantswarm/cluster-example.git +branch: main +self: + url: git@git.badhouseplants.net:giantswarm/root-config.git + branch: master diff --git a/common/values.metallb.yaml b/common/values.metallb.yaml new file mode 100644 index 0000000..c35b944 --- /dev/null +++ b/common/values.metallb.yaml @@ -0,0 +1,14 @@ +--- +metallb: + templates: + - | + {{ range .Values.ippools }} + --- + apiVersion: metallb.io/v1beta1 + kind: IPAddressPool + metadata: + name: {{ .name }} + spec: + addresses: + - {{ .addresses }} + {{ end }} diff --git a/crd.yaml b/crd.yaml new file mode 100644 index 0000000..0e245b2 --- /dev/null +++ b/crd.yaml @@ -0,0 +1,27 @@ +templates: + # --------------------------- + # -- Hooks + # --------------------------- + crd-management-hook: + hooks: + - events: ["preapply"] + showlogs: true + command: "sh" + args: + - -c + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true + - events: ["prepare"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" + - events: ["postuninstall"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/docs/restic.md b/docs/restic.md deleted file mode 100644 index f740f43..0000000 --- a/docs/restic.md +++ /dev/null @@ -1,7 +0,0 @@ -# Restic - -We are using restic for backing up the Minecraft server - -## How to restore - -TODO: Describe the restoration process diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index 465ad9a..cb55a93 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -1,21 +1,21 @@ -rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] +rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str] users: - - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] - secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] - policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] - - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] - secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] - policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] -oidc: - enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] - configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] - clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] - clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] - claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] - redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] - comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] - claimPrefix: "" - scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] + - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str] + secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str] + policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str] + - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str] + secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str] + policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str] + #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment] + #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment] + #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment] + #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment] + #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment] + #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment] + #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment] + #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment] + #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment] + #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz - QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I - R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa - UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 - vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6 + MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U + SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX + ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg + mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-04T19:00:41Z" - mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] + lastmodified: "2024-02-04T08:44:29Z" + mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/etersoft/values/values.metallb-resources.yaml b/etersoft/values/values.metallb-resources.yaml new file mode 100644 index 0000000..5c77cf7 --- /dev/null +++ b/etersoft/values/values.metallb-resources.yaml @@ -0,0 +1,5 @@ +metallb: + enabled: true + ippools: + - name: etersoft + addresses: 91.232.225.63-91.232.225.63 diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index a536d3e..deefdb1 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -18,6 +18,16 @@ istio: hostname: s3.e.badhouseplants.net service: minio port: 9000 +image: + repository: quay.io/minio/minio + tag: RELEASE.2024-01-11T07-46-16Z-cpuv1 + pullPolicy: IfNotPresent + +mcImage: + repository: quay.io/minio/mc + tag: RELEASE.2024-01-11T05-49-32Z-cpuv1 + pullPolicy: IfNotPresent + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/extensions.yaml b/extensions.yaml new file mode 100644 index 0000000..86903c3 --- /dev/null +++ b/extensions.yaml @@ -0,0 +1,56 @@ +templates: + # ---------------------------- + # -- Extensions + # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio-gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' + namespace: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ns + inherit: + - template: default-common-values + - template: default-env-values + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' diff --git a/helmfile.yaml b/helmfile.yaml index 73ac8fa..c813fb4 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -50,6 +50,11 @@ releases: installed: true namespace: longhorn-system createNamespace: false + + - <<: *metallb-resources + installed: true + namespace: metallb-system + createNamespace: false helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/manifests/badhouseplants/namespace-creator-binding.yaml b/manifests/badhouseplants/namespace-creator-binding.yaml deleted file mode 100644 index d24486c..0000000 --- a/manifests/badhouseplants/namespace-creator-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: namespace-manager -subjects: - - kind: User - name: badhousplants - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: namespace-manager - apiGroup: rbac.authorization.k8s.io diff --git a/manifests/badhouseplants/namespace-creator-role.yaml b/manifests/badhouseplants/namespace-creator-role.yaml deleted file mode 100644 index c552be6..0000000 --- a/manifests/badhouseplants/namespace-creator-role.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: namespace-manager -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "watch", "list", "create", "delete"] diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index 29b9db1..395418c 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -14,9 +14,9 @@ metadata: namespace: debug spec: hosts: - - "httpbin.e.badhouseplants.net" + - "httpbin.badhouseplants.net" gateways: - - istio-system/e-badhouseplants-net + - istio-system/badhouseplants-net http: - route: - destination: diff --git a/manifests/new-ip.yaml b/manifests/new-ip.yaml new file mode 100644 index 0000000..b554876 --- /dev/null +++ b/manifests/new-ip.yaml @@ -0,0 +1,11 @@ +--- +# Source: raw/charts/metallb/templates/resources.yaml +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: etersoft +spec: + addresses: + - 91.232.225.63-91.232.225.63 + diff --git a/releases.yaml b/releases.yaml index 7138202..7c999fd 100644 --- a/releases.yaml +++ b/releases.yaml @@ -63,7 +63,13 @@ templates: alias: certificate values: - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' service-monitor: dependencies: - chart: bedag/raw @@ -92,6 +98,14 @@ templates: # ---------------------------- # -- System # ---------------------------- + namespaces: &namespaces + name: namespaces + chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' + namespace: kube-public + createNamespace: false + inherit: + - template: default-env-values + metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server @@ -102,12 +116,20 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.12 + version: 0.14.3 + + metallb-resources: &metallb-resources + name: metallb-resources + chart: bedag/raw + version: 2.0.0 + inherit: + - template: ext-metallb + - template: default-env-values cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.3 + version: 1.14.1 set: - name: installCRDs value: true @@ -121,7 +143,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.52.1 + version: 5.53.13 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +156,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.7.0 + version: 56.6.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +167,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.5 + version: 5.42.2 inherit: - template: monitoring-common - template: default-env-values @@ -153,7 +175,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.3 + version: 6.15.5 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +263,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.3 + version: 1.1.1 inherit: - template: ext-database - template: default-env-values @@ -251,7 +273,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.0.4 + version: 19.2.3 inherit: - template: default-env-values - template: default-env-secrets @@ -261,7 +283,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.14 + version: 5.0.15 inherit: - template: default-env-values - template: default-env-secrets @@ -279,7 +301,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.0.2 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +330,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.3 + version: 18.12.1 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +338,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.3.1 + version: 14.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -324,7 +346,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.2 + version: 1.18.0 db-instances: &db-instances name: db-instances @@ -337,7 +359,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.17.1 + version: 9.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -376,13 +398,29 @@ templates: - template: ext-istio-resource - template: ext-certificate - tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.8.11 + version: 0.8.12 inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - template: ext-database + + coredns: &coredns + name: coredns + chart: coredns/coredns + version: 1.29.0 + namespace: kube-system + inherit: + - template: default-env-values + + cilium: &cilium + name: cilium + chart: cilium/cilium + version: 1.14.6 + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values diff --git a/repositories.yaml b/repositories.yaml index fc03a1e..9e7eced 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -47,3 +47,7 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ + - name: coredns + url: https://coredns.github.io/helm + - name: cilium + url: https://helm.cilium.io/ diff --git a/system/values/values.cilium.yaml b/system/values/values.cilium.yaml new file mode 100644 index 0000000..6eae22c --- /dev/null +++ b/system/values/values.cilium.yaml @@ -0,0 +1,10 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/values.coredns.yaml b/system/values/values.coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/system/values/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/system/values/values.namespaces.yaml b/system/values/values.namespaces.yaml new file mode 100644 index 0000000..838f30b --- /dev/null +++ b/system/values/values.namespaces.yaml @@ -0,0 +1,23 @@ +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main + - name: mailu-application diff --git a/templates/crd-hook.yaml b/templates/crd-hook.yaml new file mode 100644 index 0000000..db6365f --- /dev/null +++ b/templates/crd-hook.yaml @@ -0,0 +1,25 @@ +--- +templates: + crd-management-hook: + hooks: + - events: ["preapply"] + showlogs: true + command: "sh" + args: + - -c + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true + - events: ["prepare"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" + - events: ["postuninstall"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/templates/extensions.yaml b/templates/extensions.yaml new file mode 100644 index 0000000..86903c3 --- /dev/null +++ b/templates/extensions.yaml @@ -0,0 +1,56 @@ +templates: + # ---------------------------- + # -- Extensions + # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio-gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' + namespace: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ns + inherit: + - template: default-common-values + - template: default-env-values + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' -- 2.45.2 From 0591ae21ce38cde5c7824d0e1387d25a5f09e8a5 Mon Sep 17 00:00:00 2001 From: Roman Date: Sat, 10 Feb 2024 23:46:29 +0300 Subject: [PATCH 281/316] [Minecraft] Password plugin update --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e5df96a..6234128 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -127,7 +127,7 @@ initContainers: command: - curl - -L - - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" - -o - /data/plugins/PasswordProtect.jar volumeMounts: -- 2.45.2 From fb6a016b6683080a05163101c1c7d46fac61d3d6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 10 Feb 2024 22:00:32 +0100 Subject: [PATCH 282/316] Revert "[Minecraft] Password plugin update" This reverts commit 0591ae21ce38cde5c7824d0e1387d25a5f09e8a5. --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 6234128..e5df96a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -127,7 +127,7 @@ initContainers: command: - curl - -L - - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - -o - /data/plugins/PasswordProtect.jar volumeMounts: -- 2.45.2 From f4c9224ae69e36ef737304b3a3da645d7d35f2fa Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:39:37 +0100 Subject: [PATCH 283/316] Enable limits and store minecraft logs --- .woodpecker/.helmfile.yml | 15 +++++++++++++++ badhouseplants/values/values.promtail.yaml | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 355d333..166422c 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -1,11 +1,25 @@ when: event: push + + +.k8s-limits: &k8s-limits + backend_options: + kubernetes: + resources: + requests: + memory: 200Mi + cpu: 100m + limits: + memory: 400Mi + cpu: 200m + matrix: ENVIRONMENT: - badhouseplants - etersoft steps: diff: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -17,6 +31,7 @@ steps: - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets apply: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 6ab31f3..4976174 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!~"mail-service|woodpecker"}' + selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' action: drop -- 2.45.2 From 1cb2c5f2595ecd4e442b66114205c67d27ed5b43 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:57:07 +0100 Subject: [PATCH 284/316] Increase limits --- .woodpecker/.helmfile.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 166422c..fd6ed63 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,11 +7,11 @@ when: kubernetes: resources: requests: - memory: 200Mi - cpu: 100m - limits: memory: 400Mi - cpu: 200m + cpu: 1000m + limits: + memory: 800Mi + cpu: 1500m matrix: ENVIRONMENT: -- 2.45.2 From 99972808b7f5b7d02558375d5b088745bda8830f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 09:00:05 +0100 Subject: [PATCH 285/316] Increase limits --- .woodpecker/.helmfile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index fd6ed63..2407cd8 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,10 +7,10 @@ when: kubernetes: resources: requests: - memory: 400Mi + memory: 1024Mi cpu: 1000m limits: - memory: 800Mi + memory: 1512Mi cpu: 1500m matrix: -- 2.45.2 From d67cf1a273075c734f63738bc5b7f5d09fa6887a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Feb 2024 15:49:31 +0100 Subject: [PATCH 286/316] Add new ns --- badhouseplants/values/values.namespaces.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 838f30b..d752942 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -20,4 +20,7 @@ namespaces: - name: openvpn-service - name: tandoor-application - name: badhouseplants-main + labels: + istio-injection: enabled + - name: badhouseplants-preview - name: mailu-application -- 2.45.2 From 21ff595d4063ab76b63263b2a87fa486aa2640d2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:47:14 +0100 Subject: [PATCH 287/316] Some small chagnes --- badhouseplants/helmfile.yaml | 2 + badhouseplants/values/values.roles.yaml | 9 ++++ .../chart/templates/namespaces.yaml | 3 +- charts/roles/.helmignore | 23 ++++++++++ charts/roles/Chart.yaml | 6 +++ charts/roles/templates/_helpers.tpl | 43 +++++++++++++++++++ charts/roles/templates/namespaces.yaml | 23 ++++++++++ charts/roles/values.yaml | 9 ++++ releases.yaml | 8 ++++ 9 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 badhouseplants/values/values.roles.yaml create mode 100644 charts/roles/.helmignore create mode 100644 charts/roles/Chart.yaml create mode 100644 charts/roles/templates/_helpers.tpl create mode 100644 charts/roles/templates/namespaces.yaml create mode 100644 charts/roles/values.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 0ec24c9..39e25bd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -4,6 +4,8 @@ releases: - <<: *namespaces installed: true + - <<: *roles + installed: true - <<: *coredns installed: true - <<: *cilium diff --git a/badhouseplants/values/values.roles.yaml b/badhouseplants/values/values.roles.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/badhouseplants/values/values.roles.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml index dc2bd62..3e87e83 100644 --- a/charts/namespaces/chart/templates/namespaces.yaml +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -10,8 +10,9 @@ metadata: {{- with $ns.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with $ns.annotations}} annotations: + "helm.sh/resource-policy": keep + {{- with $ns.annotations}} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/roles/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml new file mode 100644 index 0000000..c2d5cc6 --- /dev/null +++ b/charts/roles/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: roles +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl new file mode 100644 index 0000000..2927519 --- /dev/null +++ b/charts/roles/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "roles.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "roles.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "roles.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "roles.labels" -}} +helm.sh/chart: {{ include "roles.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml new file mode 100644 index 0000000..7cb85dc --- /dev/null +++ b/charts/roles/templates/namespaces.yaml @@ -0,0 +1,23 @@ +{{- if .Values.roles }} +{{- range $roles := .Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $roles.kind }} +metadata: + name: {{ $roles.name }} + namespace: {{ $roles.namespace }} + labels: + {{- include "roles.labels" $ | nindent 4 }} + {{- with $roles.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $roles.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +{{- with $roles.rules }} +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/charts/roles/values.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/releases.yaml b/releases.yaml index 7c999fd..e8a4277 100644 --- a/releases.yaml +++ b/releases.yaml @@ -106,6 +106,14 @@ templates: inherit: - template: default-env-values + roles: &roles + name: roles + chart: '{{ requiredEnv "PWD" }}/charts/roles' + namespace: kube-public + createNamespace: false + inherit: + - template: default-env-values + metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server -- 2.45.2 From 4d5ee1f6c52e81d5c0c1c341f623e096f7c98fff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:51:18 +0100 Subject: [PATCH 288/316] Update db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index e8a4277..5a2d274 100644 --- a/releases.yaml +++ b/releases.yaml @@ -354,7 +354,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.18.0 + version: 1.20.0 db-instances: &db-instances name: db-instances -- 2.45.2 From a6b30b3337bb5db06361574ebfdad4c044330f5d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 17 Feb 2024 02:20:54 +0100 Subject: [PATCH 289/316] Cleanup db-operator --- .../values/secrets.db-instances.yaml | 28 +++++++------------ .../values/values.db-instances.yaml | 20 ------------- releases.yaml | 1 - 3 files changed, 10 insertions(+), 39 deletions(-) diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index f8caa3a..ffe6efa 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -1,16 +1,8 @@ dbinstances: - postgres: - secrets: - adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] - adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] postgres16: secrets: - adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] - adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] - mysql: - secrets: - adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] - adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] + adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] + adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] sops: kms: [] gcp_kms: [] @@ -20,14 +12,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl + RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx + Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho + d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq + Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T02:28:20Z" - mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] + lastmodified: "2024-02-17T01:05:06Z" + mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 8e16c19..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -1,15 +1,5 @@ --- dbinstances: - postgres: - monitoring: - enabled: false - adminSecretRef: - Name: postgres-secret - Namespace: database-service - engine: postgres - generic: - host: postgres-postgresql - port: 5432 postgres16: monitoring: enabled: false @@ -20,13 +10,3 @@ dbinstances: generic: host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 - mysql: - monitoring: - enabled: false - adminSecretRef: - Name: mysql-secret - Namespace: database-service - engine: mysql - generic: - host: mysql - port: 3306 diff --git a/releases.yaml b/releases.yaml index 5a2d274..ff68c1f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -286,7 +286,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - - template: ext-database minio: &minio name: minio -- 2.45.2 From a20017c9b7f2ebe5cdde7f3f1d64a7d6dcacd1c3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 15:44:31 +0100 Subject: [PATCH 290/316] Start setting up shadowsocks --- .../values/values.istio-ingressgateway.yaml | 4 + manifests/shadowsocks/install.yaml | 78 +++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 manifests/shadowsocks/install.yaml diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 8e39d27..94fe69a 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -2,6 +2,10 @@ service: type: LoadBalancer externalTrafficPolicy: Local ports: + - name: shadowsocks + port: 8388 + protocol: TCP + targetPort: 8388 - name: minecraft port: 25565 protocol: TCP diff --git a/manifests/shadowsocks/install.yaml b/manifests/shadowsocks/install.yaml new file mode 100644 index 0000000..a539b01 --- /dev/null +++ b/manifests/shadowsocks/install.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shadowsocks-deployment + labels: + app: shadowsocks +spec: + replicas: 1 + selector: + matchLabels: + app: shadowsocks + template: + metadata: + labels: + app: shadowsocks + spec: + containers: + - name: shadowsocks-libev + image: shadowsocks/shadowsocks-libev + env: + - name: METHOD + value: chacha20-ietf-poly1305 + - name: PASSWORD + value: test12345 + ports: + - containerPort: 8388 + securityContext: + capabilities: + add: + - NET_ADMIN +--- +apiVersion: v1 +kind: Service +metadata: + name: shadowsocks + labels: + app: shadowsocks +spec: + type: ClusterIP + ports: + - port: 8388 + protocol: TCP + selector: + app: shadowsocks +--- +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: badhouseplants-shadowsocks + namespace: istio-system +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: tcp + number: 8388 + protocol: TCP +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: shadowsocks +spec: + gateways: + - istio-system/badhouseplants-shadowsocks + hosts: + - '*' + tcp: + - match: + - port: 8388 + route: + - destination: + host: shadowsocks + port: + number: 8388 -- 2.45.2 From fbf483cfc0302db6e2a1935e5da7b5a98fcff142 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 16:26:35 +0100 Subject: [PATCH 291/316] Update openvpn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index ff68c1f..6d8d23d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 5b478e594e27849764d9f38489be7ba448dd7ff6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:08 +0100 Subject: [PATCH 292/316] Cleanup the backup cluster --- badhouseplants/helmfile.yaml | 8 +++++++- etersoft/helmfile.yaml | 5 ----- helmfile.yaml | 5 ----- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 39e25bd..fd0641c 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -115,7 +115,7 @@ releases: installed: true namespace: mail-service createNamespace: true - + - <<: *tandoor installed: true namespace: tandoor-application @@ -125,6 +125,12 @@ releases: installed: false namespace: mailu-application createNamespace: false + + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 98684a6..d861bbd 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,11 +7,6 @@ releases: namespace: openvpn-service createNamespace: false - - <<: *postgres16 - installed: true - namespace: database-service - createNamespace: true - bases: - ../environments.yaml - ../repositories.yaml diff --git a/helmfile.yaml b/helmfile.yaml index c813fb4..de9aa6b 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,11 +46,6 @@ releases: namespace: reflector-system createNamespace: true - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - - <<: *metallb-resources installed: true namespace: metallb-system -- 2.45.2 From 3c8f6a243c0bea83002d89c624b5810475df6528 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:23 +0100 Subject: [PATCH 293/316] Update istio bundle --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6d8d23d..db5e056 100644 --- a/releases.yaml +++ b/releases.yaml @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.2 + version: 1.20.3 istio-base: &istio-base name: istio-base -- 2.45.2 From cc1cf4e650af4dd94887112120e88a49e07a125d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:48:21 +0100 Subject: [PATCH 294/316] Update cilium --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index db5e056..d1d94af 100644 --- a/releases.yaml +++ b/releases.yaml @@ -426,7 +426,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.14.6 + version: 1.15.1 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From b93d4e0b2beeb0aec3d03f80db37eaad61a81d9a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:03:04 +0100 Subject: [PATCH 295/316] Update bunch of releases --- badhouseplants/values/secrets.argocd.yaml | 22 ++++++++--------- badhouseplants/values/values.argocd.yaml | 29 +++++++++++------------ releases.yaml | 20 ++++++++-------- 3 files changed, 35 insertions(+), 36 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 371d4d1..befdd81 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,10 @@ server: - config: - dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] + configs: + dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 + YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs + WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 + TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti + LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-04T16:16:37Z" - mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] + lastmodified: "2024-02-20T22:58:37Z" + mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index e8d0bce..0acc84b 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -58,21 +58,6 @@ server: enabled: true serviceMonitor: enabled: false - rbacConfig: - policy.default: role:readonly - scopes: "[email, group]" - policy.csv: | - g, allanger@zohomail.com, role:admin - g, allanger@badhouseplants.net, role:admin - g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, *, badhouseplants/*,allow - config: - exec.enabled: "true" - url: https://argo.badhouseplants.net - kustomize.buildOptions: "--enable-alpha-plugins" - accounts.drone: apiKey, login - accounts.drone.enabled: "true" - extraArgs: - --insecure @@ -86,6 +71,20 @@ repoServer: - name: regcred configs: + rbac: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, *, badhouseplants/*,allow + cm: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" credentialTemplates: ssh-creds: url: git@github.com diff --git a/releases.yaml b/releases.yaml index d1d94af..ccc0215 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.11.0 + version: 3.12.0 values: - common/values.{{ .Release.Name }}.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.1 + version: 1.14.2 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.53.13 + version: 6.2.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.6.1 + version: 56.8.2 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.42.2 + version: 5.43.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.2.3 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.14.0 + version: 4.15.0 inherit: - template: default-env-values - template: default-env-secrets @@ -337,7 +337,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.12.1 + version: 18.14.0 inherit: - template: default-env-values - template: default-env-secrets @@ -345,7 +345,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.0.1 + version: 14.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -408,7 +408,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.8.12 + version: 0.9.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From c5ade9c28b5c0c8c2c1b1e95695045e476198c79 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:08:14 +0100 Subject: [PATCH 296/316] Update longhorn and openvpn --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index ccc0215..7fb40d3 100644 --- a/releases.yaml +++ b/releases.yaml @@ -144,7 +144,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.3 + version: 1.6.0 inherit: - template: default-env-values @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.8 + version: 1.1.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.45.2 From 9b8c729d654cfee50afae78581950e7963b20675 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:36:23 +0100 Subject: [PATCH 297/316] Update sops file --- badhouseplants/values/secrets.minecraft.yaml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 1639eb7..6a54d19 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -1,11 +1,11 @@ minecraftServer: rcon: - password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] + password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] mcbackup: resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,14 +15,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o + dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 + azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK + QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk + lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T15:32:19Z" - mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] + lastmodified: "2024-02-20T23:30:03Z" + mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 -- 2.45.2 From e255ee4e99eb3b67cfeb04f93279a08822885ce9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:50:11 +0100 Subject: [PATCH 298/316] Remove minecraft from the repo --- badhouseplants/helmfile.yaml | 5 - badhouseplants/values/secrets.minecraft.yaml | 28 --- badhouseplants/values/values.minecraft.yaml | 180 ------------------- badhouseplants/values/values.namespaces.yaml | 5 + releases.yaml | 9 - repositories.yaml | 2 - 6 files changed, 5 insertions(+), 224 deletions(-) delete mode 100644 badhouseplants/values/secrets.minecraft.yaml delete mode 100644 badhouseplants/values/values.minecraft.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index fd0641c..30d3395 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -30,11 +30,6 @@ releases: namespace: nrodionov-application createNamespace: false - - <<: *minecraft - installed: true - namespace: minecraft-application - createNamespace: false - - <<: *gitea installed: true namespace: gitea-service diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml deleted file mode 100644 index 6a54d19..0000000 --- a/badhouseplants/values/secrets.minecraft.yaml +++ /dev/null @@ -1,28 +0,0 @@ -minecraftServer: - rcon: - password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] -mcbackup: - resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o - dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 - azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK - QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk - lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T23:30:03Z" - mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml deleted file mode 100644 index e5df96a..0000000 --- a/badhouseplants/values/values.minecraft.yaml +++ /dev/null @@ -1,180 +0,0 @@ ---- -# -------------------------------------------------- -# -- Extensions values -# -------------------------------------------------- -service-account: - enabled: true - resources: - - name: minecraft-exporter - label: - app: minecraft-minecraft-metrics - endpoints: - port: metrics -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: minecraft-tcp - gateway: istio-system/badhouseplants-minecraft - kind: tcp - port_match: 25565 - hostname: "*" - service: minecraft-minecraft - port: 25565 -# -------------------------------------------------- -# -- Main values -# -------------------------------------------------- -image: - tag: java17-graalvm-ce - pullPolicy: Always - -resources: - requests: - memory: 3Gi - cpu: 256m - limits: - memory: 3Gi - -lifecycle: - postStart: - - bash - - -c - - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 - -readinessProbe: - command: - - mc-health - periodSeconds: 20 - failureThreshold: 50 - timeoutSeconds: 10 -livenessProbe: - timeoutSeconds: 10 - -minecraftServer: - overrideServerProperties: true - eula: "TRUE" - onlineMode: false - difficulty: hard - hardcore: true - version: 1.20.1 - maxWorldSize: 90000 - type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar - gameMode: survival - pvp: true - rcon: - enabled: true - withGeneratedPassword: false - port: 25575 - serviceType: ClusterIP - extraPorts: - - name: metrics - containerPort: 9225 - protocol: TCP - service: - enabled: true - embedded: false - labels: - exporter: minecraft - type: ClusterIP - port: 9925 - ingress: - enabled: false -persistence: - dataDir: - enabled: true - Size: 15Gi -mcbackup: - enabled: false - backupInterval: 2h - pauseIfNoPlayers: "false" - pruneBackupsDays: 2 - rconRetries: 5 - rconRetryInterval: 10s - excludes: "*.jar,cache,logs" - backupMethod: restic - resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft - resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" - resources: - requests: - memory: 512Mi - cpu: 100m - persistence: - backupDir: - enabled: false -# --------------------------------------------- -# -- Install Plugins -# --------------------------------------------- -initContainers: - - name: 0-install-prometheus-exporter - image: alpine/curl - command: - - curl - - -L - - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" - - -o - - /data/plugins/prometheus-exporter.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-password-plugin - image: alpine/curl - command: - - curl - - -L - - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - - -o - - /data/plugins/PasswordProtect.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-gravity-control-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar - - -o - - /data/plugins/GravityControl-1.3.0.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-fast-minecart-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - - -o - - /data/plugins/FastMinecarts.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - - name: 1-add-plugins-to-minecraft - image: alpine/curl - command: - - sh - - -c - - cp -r /in /out/plugins - volumeMounts: - - name: plugins - mountPath: /in - readOnly: false - - name: datadir - mountPath: /out -extraVolumes: - - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - volumes: - - name: plugins - emptyDir: - sizeLimit: 500Mi diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index d752942..c0232d1 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -8,6 +8,11 @@ namespaces: - name: argo-system - name: nrodionov-application - name: minecraft-application + annotations: + badohouseplants.net/git-repo: | + https://git.badhouseplants.net/badhouseplants/minecraft-helmfile + badhouseplants.net/ci: | + https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - name: monitoring-system diff --git a/releases.yaml b/releases.yaml index 7fb40d3..8e126d7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -296,15 +296,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minecraft: &minecraft - name: minecraft - chart: minecraft-server-charts/minecraft - version: 4.15.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - gitea: &gitea name: gitea chart: gitea/gitea diff --git a/repositories.yaml b/repositories.yaml index 9e7eced..0a82ac7 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -11,8 +11,6 @@ repositories: url: https://charts.bitnami.com/bitnami - name: minio url: https://charts.min.io/ - - name: minecraft-server-charts - url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea -- 2.45.2 From 773b70bb3a5acb6efa196987fce84b6bcc9e3564 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 22 Feb 2024 22:15:27 +0100 Subject: [PATCH 299/316] Udpate values --- badhouseplants/values/values.db-instances.yaml | 2 +- badhouseplants/values/values.namespaces.yaml | 1 + releases.yaml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index bfd0e1d..2032930 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 + port: '5432' diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c0232d1..b10de2e 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -29,3 +29,4 @@ namespaces: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application + - name: kube-services diff --git a/releases.yaml b/releases.yaml index 8e126d7..7b04ab5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -344,12 +344,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.20.0 + version: 1.21.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.2.0 + version: 2.3.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 630819f88712feeb72d6aec01a8c28b3ec6f5f41 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 23 Feb 2024 00:47:38 +0100 Subject: [PATCH 300/316] Fix ArgoCD oauth --- badhouseplants/values/secrets.argocd.yaml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index befdd81..81405e1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,9 @@ -server: - configs: - dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: + cm: + dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +13,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 - YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs - WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 - TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti - LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw + MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 + V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 + THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 + DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T22:58:37Z" - mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] + lastmodified: "2024-02-22T23:43:36Z" + mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- 2.45.2 From 97117aa3f28037df25ad5eef18c76396e954a50a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 29 Feb 2024 16:04:12 +0100 Subject: [PATCH 301/316] Update dbinstances --- badhouseplants/values/values.db-instances.yaml | 2 +- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 2032930..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: '5432' + port: 5432 diff --git a/releases.yaml b/releases.yaml index 7b04ab5..7d00a7b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -349,7 +349,7 @@ templates: db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.3.0 + version: 2.3.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 2211d9b3881b69f5819c5aab70ff5b3883ed2164 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 11 Mar 2024 11:16:03 +0100 Subject: [PATCH 302/316] Update charts --- releases.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d00a7b..75b9769 100644 --- a/releases.yaml +++ b/releases.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.2 + version: 1.14.4 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.2.3 + version: 6.6.0 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.8.2 + version: 57.0.1 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.2 + version: 5.43.6 inherit: - template: monitoring-common - template: default-env-values @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.1.1 + version: 1.2.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.3.0 + version: 20.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.15 + version: 5.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.1 + version: 10.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.14.0 + version: 18.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.1.3 + version: 14.3.1 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.19.1 + version: 9.23.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.238 + version: 7.1.256 mailu: &mailu name: mailu @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.0 + version: 0.9.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From 8a85d32722da26c1d8f91ea25950a305d3b67592 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Mar 2024 11:16:58 +0100 Subject: [PATCH 303/316] Update releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index 75b9769..a68627e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.6.0 + version: 6.7.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.0.1 + version: 57.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.3 + version: 1.21.0 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.0 + version: 1.2.3 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 20.1.2 + version: 21.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.19.1 + version: 19.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.3.1 + version: 15.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.23.0 + version: 10.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.256 + version: 7.1.262 mailu: &mailu name: mailu -- 2.45.2 From a47775d835b80af5dd26bdc3f02ddc41b6cf17d8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:42:13 +0100 Subject: [PATCH 304/316] Update charts --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index a68627e..a212f84 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.2.0 + version: 1.3.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -374,7 +374,7 @@ templates: vaultwarden: &vaultwarden name: vaultwarden chart: allanger-gitea/vaultwarden - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.45.2 From ba7a32a17f7d22a891b8e1f82f7d8853d09308da Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:44:22 +0100 Subject: [PATCH 305/316] Instll zot --- badhouseplants/helmfile.yaml | 2 ++ badhouseplants/values/values.zot.yaml | 11 +++++++++++ manifests/debug/istio/httpbin.yaml | 18 ++++++++++++++++++ releases.yaml | 12 +++++++++++- repositories.yaml | 10 ++++++++-- 5 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.zot.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 30d3395..cbda993 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,6 +10,8 @@ releases: installed: true - <<: *cilium installed: true + - <<: *zot + installed: true - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml new file mode 100644 index 0000000..f25f24f --- /dev/null +++ b/badhouseplants/values/values.zot.yaml @@ -0,0 +1,11 @@ +istio: + enabled: true + istio: + - name: zot + kind: http + gateway: istio-system/badhouseplants-net + hostname: registry.badhouseplants.net + service: zot + port: 5000 +service: + type: ClusterIP diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index 395418c..f6d57f9 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -24,6 +24,24 @@ spec: number: 8000 host: httpbin --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httpbin + namespace: debug +spec: + rules: + - host: httpbin.rocks + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: httpbin + port: + number: 8000 +--- apiVersion: v1 kind: Service metadata: diff --git a/releases.yaml b/releases.yaml index a212f84..7ec4d2d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -417,8 +417,18 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.1 + version: 1.15.2 createNamespace: false namespace: kube-system inherit: - template: default-env-values + + zot: &zot + name: zot + chart: zot/zot + version: 0.1.52 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: ext-istio-resource diff --git a/repositories.yaml b/repositories.yaml index 0a82ac7..0134e5a 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -45,7 +45,13 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ - - name: coredns + - name: coredns url: https://coredns.github.io/helm - - name: cilium + - name: cilium url: https://helm.cilium.io/ + - name: phybros-helm-charts + url: https://phybros.github.io/helm-charts + - name: nextcloud + url: https://nextcloud.github.io/helm/ + - name: zot + url: https://zotregistry.dev/helm-charts/ -- 2.45.2 From c4dd8bd6e473929aa400a24d844fa1053505d585 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 21:48:31 +0100 Subject: [PATCH 306/316] Install zot --- badhouseplants/values/secrets.zot.yaml | 23 +++++++++++++++++++++++ badhouseplants/values/values.zot.yaml | 25 +++++++++++++++++++++++++ releases.yaml | 1 + 3 files changed, 49 insertions(+) create mode 100644 badhouseplants/values/secrets.zot.yaml diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml new file mode 100644 index 0000000..4019155 --- /dev/null +++ b/badhouseplants/values/secrets.zot.yaml @@ -0,0 +1,23 @@ +configFiles: + config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] +authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 + dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk + WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv + REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ + ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-25T10:24:20Z" + mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index f25f24f..c418f5c 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -9,3 +9,28 @@ istio: port: 5000 service: type: ClusterIP +persistence: true +pvc: + create: true + accessMode: "ReadWriteOnce" + storage: 5Gi + storageClassName: longhorn +mountConfig: true +mountSecret: true + #configFiles: + # ui.json: |- + # { + # "log": { + # "level": "info" + # }, + # "extensions": { + # "search": { + # "cve": { + # "updateInterval": "2h" + # } + # }, + # "ui": { + # "enable": true + # } + # } + # } diff --git a/releases.yaml b/releases.yaml index 7ec4d2d..d431f97 100644 --- a/releases.yaml +++ b/releases.yaml @@ -431,4 +431,5 @@ templates: namespace: kube-services inherit: - template: default-env-values + - template: default-env-secrets - template: ext-istio-resource -- 2.45.2 From bcab058394b2da5c5977daf4faaa49cc885c89a1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 22:25:21 +0100 Subject: [PATCH 307/316] Init helmule config --- helmule/helmule.yaml | 235 ++++++++++++++++++++++++++++++++++++++++++ repositories-oci.yaml | 4 + 2 files changed, 239 insertions(+) create mode 100644 helmule/helmule.yaml create mode 100644 repositories-oci.yaml diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml new file mode 100644 index 0000000..5be7c9a --- /dev/null +++ b/helmule/helmule.yaml @@ -0,0 +1,235 @@ +charts: + - repository: metrics-server + name: metrics-server + mirrors: + - custom-commands + - repository: metallb + name: metallb + mirrors: + - custom-commands + - repository: bedag + name: raw + mirrors: + - custom-commands + - repository: jetstack + name: cert-manager + mirrors: + - custom-commands + - repository: longhorn + name: longhorn + mirrors: + - custom-commands + - repository: argo + name: argo-cd + mirrors: + - custom-commands + - repository: prometheus-community + name: kube-prometheus-stack + mirrors: + - custom-commands + - repository: grafana + name: loki + mirrors: + - custom-commands + - repository: grafana + name: promtail + mirrors: + - custom-commands + - repository: istio + name: base + mirrors: + - custom-commands + - repository: istio + name: gateway + mirrors: + - custom-commands + - repository: istio + name: istiod + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn-xor + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn + mirrors: + - custom-commands + - repository: drone + name: drone + mirrors: + - custom-commands + - repository: drone + name: drone-runner-docker + mirrors: + - custom-commands + - repository: woodpecker + name: woodpecker + mirrors: + - custom-commands + - repository: bitnami + name: wordpress + mirrors: + - custom-commands + - repository: minio + name: minio + mirrors: + - custom-commands + - repository: gitea + name: gitea + mirrors: + - custom-commands + - repository: ananace-charts + name: funkwhale + mirrors: + - custom-commands + - repository: bitwarden + name: vaultwarden + mirrors: + - custom-commands + - repository: bitnami + name: redis + mirrors: + - custom-commands + - repository: bitnami + name: postgresql + mirrors: + - custom-commands + - repository: db-operator + name: db-operator + mirrors: + - custom-commands + - repository: db-operator + name: db-instances + mirrors: + - custom-commands + - repository: bitnami + name: mysql + mirrors: + - custom-commands + - repository: allanger-gitea + name: docker-mailserver + mirrors: + - custom-commands + - repository: allanger-gitea + name: vaultwarden + mirrors: + - custom-commands + - repository: emberstack + name: reflector + mirrors: + - custom-commands + - repository: mailu + name: mailu + mirrors: + - custom-commands + - repository: gabe565 + name: tandoor + mirrors: + - custom-commands + - repository: coredns + name: coredns + mirrors: + - custom-commands + - repository: cilium + name: cilium + mirrors: + - custom-commands + - repository: zot + name: zot + mirrors: + - custom-commands +mirrors: + - name: custom-commands + custom_command: + package: + - helm package -d package . + upload: + - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants + - rm -rf ./package +repositories: + - name: metrics-server + helm: + url: https://kubernetes-sigs.github.io/metrics-server/ + - name: jetstack + helm: + url: https://charts.jetstack.io + - name: istio + helm: + url: https://istio-release.storage.googleapis.com/charts + - name: drone + helm: + url: https://charts.drone.io + - name: bitnami + helm: + url: https://charts.bitnami.com/bitnami + - name: minio + helm: + url: https://charts.min.io/ + - name: longhorn + helm: + url: https://charts.longhorn.io + - name: gitea + helm: + url: https://dl.gitea.io/charts/ + - name: ananace-charts + helm: + url: https://ananace.gitlab.io/charts + - name: argo + helm: + url: https://argoproj.github.io/argo-helm + - name: bedag + helm: + url: https://bedag.github.io/helm-charts/ + - name: metallb + helm: + url: https://metallb.github.io/metallb + - name: prometheus-community + helm: + url: https://prometheus-community.github.io/helm-charts + - name: grafana + helm: + url: https://grafana.github.io/helm-charts + - name: bitwarden + helm: + url: https://constin.github.io/vaultwarden-helm/ + - name: db-operator + helm: + url: https://db-operator.github.io/charts + - name: allanger-gitea + helm: + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + helm: + url: https://badhouseplants.github.io/helm-charts/ + - name: woodpecker + helm: + url: https://woodpecker-ci.org + - name: firefly-iii + helm: + url: https://firefly-iii.github.io/kubernetes/ + - name: emberstack + helm: + url: https://emberstack.github.io/helm-charts + - name: gabe565 + helm: + url: https://charts.gabe565.com + - name: mailu + helm: + url: https://mailu.github.io/helm-charts/ + - name: coredns + helm: + url: https://coredns.github.io/helm + - name: cilium + helm: + url: https://helm.cilium.io/ + - name: phybros-helm-charts + helm: + url: https://phybros.github.io/helm-charts + - name: nextcloud + helm: + url: https://nextcloud.github.io/helm/ + - name: zot + helm: + url: https://zotregistry.dev/helm-charts/ + diff --git a/repositories-oci.yaml b/repositories-oci.yaml new file mode 100644 index 0000000..5db4d1e --- /dev/null +++ b/repositories-oci.yaml @@ -0,0 +1,4 @@ +repositories: + - name: badhouseplants-oci + url: registry.badhouseplants.net/badhouseplants + oci: true -- 2.45.2 From ff0f34551a544dff8e08989fbc3874f5b220421d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Apr 2024 11:31:15 +0200 Subject: [PATCH 308/316] Update charts --- badhouseplants/helmfile.yaml | 1 + .../values/secrets.chartmuseum.yaml | 24 ++++++++++++++ badhouseplants/values/values.chartmuseum.yaml | 19 +++++++++++ releases.yaml | 32 ++++++++++++------- repositories.yaml | 2 ++ 5 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/secrets.chartmuseum.yaml create mode 100644 badhouseplants/values/values.chartmuseum.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index cbda993..3d901cd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,6 +12,7 @@ releases: installed: true - <<: *zot installed: true + - <<: *chartmuseum - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/secrets.chartmuseum.yaml b/badhouseplants/values/secrets.chartmuseum.yaml new file mode 100644 index 0000000..8e14680 --- /dev/null +++ b/badhouseplants/values/secrets.chartmuseum.yaml @@ -0,0 +1,24 @@ +env: + secret: + BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] + BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 + OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl + a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY + TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg + H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-27T08:47:35Z" + mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.chartmuseum.yaml b/badhouseplants/values/values.chartmuseum.yaml new file mode 100644 index 0000000..8ea6b10 --- /dev/null +++ b/badhouseplants/values/values.chartmuseum.yaml @@ -0,0 +1,19 @@ +istio: + enabled: true + istio: + - name: chartmuseum + kind: http + gateway: istio-system/badhouseplants-net + hostname: helm.badhouseplants.net + service: chartmuseum + port: 8080 +env: + open: + AUTH_ANONYMOUS_GET: true + DISABLE_API: false + CORS_ALLOWORIGIN: "*" +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 2Gi + path: /storage diff --git a/releases.yaml b/releases.yaml index d431f97..f66cf73 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.3 + version: 0.14.4 metallb-resources: &metallb-resources name: metallb-resources @@ -144,14 +144,14 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.0 + version: 1.6.1 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.3 + version: 6.7.6 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.1.0 + version: 57.2.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.6 + version: 5.47.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.5 + version: 21.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.1 + version: 19.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.1.2 + version: 15.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.1 + version: 0.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.2 + version: 1.15.3 createNamespace: false namespace: kube-system inherit: @@ -426,7 +426,17 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.52 + version: 0.1.53 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + chartmuseum: &chartmuseum + name: chartmuseum + chart: chartmuseum/chartmuseum + version: 3.10.2 createNamespace: false namespace: kube-services inherit: diff --git a/repositories.yaml b/repositories.yaml index 0134e5a..2ce3602 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -55,3 +55,5 @@ repositories: url: https://nextcloud.github.io/helm/ - name: zot url: https://zotregistry.dev/helm-charts/ + - name: chartmuseum + url: https://chartmuseum.github.io/charts -- 2.45.2 From 262417f1cf5c56aded53c82007b1c0ca63e587be Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Apr 2024 13:51:38 +0200 Subject: [PATCH 309/316] A lot of updates and disable loki --- badhouseplants/helmfile.yaml | 6 +- badhouseplants/values/secrets.zot.yaml | 18 ++-- .../values.istio-gateway-resources.yaml | 10 ++ .../values/values.istio-ingressgateway.yaml | 4 + badhouseplants/values/values.istiod.yaml | 2 +- badhouseplants/values/values.loki.yaml | 91 +++++++++++++++++-- badhouseplants/values/values.postgres16.yaml | 17 ++++ badhouseplants/values/values.zot.yaml | 2 + releases.yaml | 36 +++++--- repositories.yaml | 2 + 10 files changed, 154 insertions(+), 34 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 3d901cd..b1464e4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,8 +11,10 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: true + installed: false - <<: *chartmuseum + installed: false + - <<: *keel - <<: *drone installed: true namespace: drone-service @@ -115,7 +117,7 @@ releases: createNamespace: true - <<: *tandoor - installed: true + installed: false namespace: tandoor-application createNamespace: true diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 4019155..14ecac2 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] -authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] + config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] +authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 - dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk - WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv - REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ - ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 + emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw + N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy + ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V + WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-25T10:24:20Z" - mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + lastmodified: "2024-04-08T15:15:59Z" + mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index 9349206..acbca74 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -22,6 +22,16 @@ istio-gateway: gateways: - name: badhouseplants-net servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: grpc-web + number: 8080 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE - hosts: - badhouseplants.net - '*.badhouseplants.net' diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 94fe69a..b97223d 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -18,6 +18,10 @@ service: port: 80 protocol: TCP targetPort: 80 + - name: grpc-web + port: 8080 + protocol: TCP + targetPort: 8080 - name: https port: 443 protocol: TCP diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index 01529ce..d788392 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 100m + cpu: 20m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index f3a74e8..c160d28 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,24 +1,99 @@ --- global: dnsService: "coredns" -singleBinary: - replicas: 1 - persistence: - size: 5Gi + loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' + commonConfig: + replication_factor: 1 + schemaConfig: + configs: + - from: 2024-04-01 + store: tsdb + object_store: s3 + schema: v13 + index: + prefix: loki_index_ + period: 24h + ingester: + chunk_encoding: snappy + tracing: + enabled: true + querier: + # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing + max_concurrent: 2 + +compactor: + retention_enabled: true +limits_config: + retention_period: 14d + monitoring: selfMonitoring: enabled: false lokiCanary: enabled: false -test: + +#gateway: +# ingress: +# enabled: true +# hosts: +# - host: FIXME +# paths: +# - path: / +# pathType: Prefix + +deploymentMode: SingleBinary +singleBinary: + persistence: + size: 5Gi + replicas: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + extraEnv: + # Keep a little bit lower than memory limits + - name: GOMEMLIMIT + value: 3750MiB + +chunksCache: + # default is 500MB, with limited memory keep this smaller + writebackSizeLimit: 10MB + +minio: enabled: false + +# Zero out replica counts of other deployment modes +backend: + replicas: 0 +read: + replicas: 0 +write: + replicas: 0 + +ingester: + replicas: 0 +querier: + replicas: 0 +queryFrontend: + replicas: 0 +queryScheduler: + replicas: 0 +distributor: + replicas: 0 compactor: - retention_enabled: true -limits_config: - retention_period: 14d + replicas: 0 +indexGateway: + replicas: 0 +bloomCompactor: + replicas: 0 +bloomGateway: + replicas: 0 diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index cbcb751..92cef0b 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -8,3 +8,20 @@ persistence: metrics: enabled: false +primary: + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsNonRoot: false + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index c418f5c..e7afd09 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -7,6 +7,8 @@ istio: hostname: registry.badhouseplants.net service: zot port: 5000 +strategy: + type: Recreate service: type: ClusterIP persistence: true diff --git a/releases.yaml b/releases.yaml index f66cf73..2c7d858 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.0 + version: 3.12.1 values: - common/values.{{ .Release.Name }}.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.6 + version: 6.7.12 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.2.0 + version: 58.1.3 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.47.2 + version: 6.3.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.0 + version: 1.21.1 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.7 + version: 22.1.7 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.3 + version: 10.1.4 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.2 + version: 19.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.0 + version: 15.2.5 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.21.0 + version: 1.23.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.0 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -365,7 +365,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.2.0 + version: 2.3.1 inherit: - template: default-env-values - template: ext-istio-gateway @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.3 + version: 0.9.5 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.3 + version: 1.15.4 createNamespace: false namespace: kube-system inherit: @@ -443,3 +443,11 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel + name: keel + chart: keel/keel + version: 1.0.3 + createNamespace: false + namespace: kube-system + + diff --git a/repositories.yaml b/repositories.yaml index 2ce3602..2900540 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -57,3 +57,5 @@ repositories: url: https://zotregistry.dev/helm-charts/ - name: chartmuseum url: https://chartmuseum.github.io/charts + - name: keel + url: https://charts.keel.sh -- 2.45.2 From 5d4eae31528edf361d7e8b66c204c73577398017 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 11 May 2024 20:52:58 +0200 Subject: [PATCH 310/316] Some updates to the config --- badhouseplants/helmfile.yaml | 4 ++-- badhouseplants/values/secrets.zot.yaml | 18 ++++++++--------- releases.yaml | 28 +++++++++++++------------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b1464e4..25de42b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,7 +11,7 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: false + installed: true - <<: *chartmuseum installed: false - <<: *keel @@ -51,7 +51,7 @@ releases: createNamespace: true - <<: *loki - installed: true + installed: false namespace: monitoring-system createNamespace: false diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 14ecac2..25871e8 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] -authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] + config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] +authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 - emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw - N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy - ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V - WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 + NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du + RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB + M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp + VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-08T15:15:59Z" - mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] + lastmodified: "2024-05-05T17:37:17Z" + mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/releases.yaml b/releases.yaml index 2c7d858..9144955 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.4 + version: 0.14.5 metallb-resources: &metallb-resources name: metallb-resources @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.4 + version: 1.14.5 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.12 + version: 6.8.1 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.1.3 + version: 58.5.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 6.3.2 + version: 6.5.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.1 + version: 1.21.2 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.3 + version: 1.3.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.1.7 + version: 22.2.7 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.1.0 + version: 5.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.1.0 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.5 + version: 15.2.12 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.23.0 + version: 1.25.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.1 + version: 10.2.2 inherit: - template: default-env-values - template: default-env-secrets @@ -426,7 +426,7 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.53 + version: 0.1.54 createNamespace: false namespace: kube-services inherit: -- 2.45.2 From 21f198b0fa5491361969fb1335e782886a38a28e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 13 May 2024 11:39:57 +0200 Subject: [PATCH 311/316] Increase Gitea disk --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 3aaccee..4fb3a9d 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 10Gi + size: 15Gi accessModes: - ReadWriteOnce -- 2.45.2 From 10d7936625a55fab654457b269dc3ba19bd0cc81 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 18 May 2024 15:36:38 +0200 Subject: [PATCH 312/316] Update releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 9144955..ac52cdf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.8.1 + version: 6.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.5.0 + version: 58.5.3 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.2 + version: 1.22.0 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.7 + version: 22.2.11 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.3.0 + version: 19.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.12 + version: 15.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.2 + version: 10.2.4 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.4 + version: 1.15.5 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From 6c83d67c9cc42d452e3a5fb4f3f64553ab0e78d9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 12:20:06 +0200 Subject: [PATCH 313/316] Huge upgraqde to everything --- badhouseplants/helmfile.yaml | 48 ++----- .../values/secrets.vaultwardentest.yaml | 27 ++++ badhouseplants/values/values.argocd.yaml | 33 +++-- .../values/values.docker-mailserver.yaml | 126 +++++------------- badhouseplants/values/values.funkwhale.yaml | 19 ++- badhouseplants/values/values.gitea.yaml | 58 +++++--- .../values/values.local-path-provisioner.yaml | 3 + badhouseplants/values/values.mailu.yaml | 124 +++++++++-------- badhouseplants/values/values.minio.yaml | 33 +++++ badhouseplants/values/values.namespaces.yaml | 8 +- badhouseplants/values/values.nrodionov.yaml | 15 ++- badhouseplants/values/values.openvpn-xor.yaml | 29 ++-- badhouseplants/values/values.traefik.yaml | 78 +++++++++++ badhouseplants/values/values.vaultwarden.yaml | 17 +++ .../values/values.vaultwardentest.yaml | 58 ++++++++ .../values/values.woodpecker-ci.yaml | 16 +++ badhouseplants/values/values.zot.yaml | 25 ++-- common/values.database.yaml | 25 ++++ common/values.tcp-route.yaml | 20 +++ common/values.tcproute.yaml | 13 ++ etersoft/helmfile.yaml | 15 +++ etersoft/values/values.minio.yaml | 4 + helmfile.yaml | 27 +--- manifests/debug/istio/httpbin.yaml | 2 +- manifests/httpo1-cluster-issuer.yaml | 18 +++ releases.yaml | 93 +++++++------ repositories.yaml | 8 +- 27 files changed, 619 insertions(+), 323 deletions(-) create mode 100644 badhouseplants/values/secrets.vaultwardentest.yaml create mode 100644 badhouseplants/values/values.local-path-provisioner.yaml create mode 100644 badhouseplants/values/values.traefik.yaml create mode 100644 badhouseplants/values/values.vaultwardentest.yaml create mode 100644 common/values.tcp-route.yaml create mode 100644 common/values.tcproute.yaml create mode 100644 manifests/httpo1-cluster-issuer.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 25de42b..05f6226 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,20 +10,13 @@ releases: installed: true - <<: *cilium installed: true + + - <<: *local-path-provisioner + - <<: *zot installed: true - - <<: *chartmuseum - installed: false - <<: *keel - - <<: *drone - installed: true - namespace: drone-service - createNamespace: false - - - <<: *drone-runner-docker - installed: true - namespace: drone-service - createNamespace: false + - <<: *traefik - <<: *argocd installed: true @@ -45,21 +38,6 @@ releases: namespace: funkwhale-application createNamespace: false - - <<: *prometheus - installed: true - namespace: monitoring-system - createNamespace: true - - - <<: *loki - installed: false - namespace: monitoring-system - createNamespace: false - - - <<: *promtail - installed: true - namespace: monitoring-system - createNamespace: false - - <<: *bitwarden installed: false namespace: bitwarden-application @@ -95,16 +73,15 @@ releases: namespace: woodpecker-ci createNamespace: true - - - <<: *istio-gateway-resources - installed: true - namespace: istio-system - createNamespace: false - - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application + + - <<: *vaultwardentest + createNamespace: false + installed: true + namespace: applications - <<: *openvpn-xor installed: true @@ -113,12 +90,7 @@ releases: - <<: *docker-mailserver installed: true - namespace: mail-service - createNamespace: true - - - <<: *tandoor - installed: false - namespace: tandoor-application + namespace: applications createNamespace: true - <<: *mailu diff --git a/badhouseplants/values/secrets.vaultwardentest.yaml b/badhouseplants/values/secrets.vaultwardentest.yaml new file mode 100644 index 0000000..39b3c9b --- /dev/null +++ b/badhouseplants/values/secrets.vaultwardentest.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] + password: + value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] + adminToken: + value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-06T15:15:43Z" + mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 0acc84b..71cf854 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,18 +1,4 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: argocd-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: argo.badhouseplants.net - service: argocd-server - port: 80 - controller: resources: limits: @@ -48,18 +34,35 @@ dex: enabled: false serviceMonitor: enabled: false + redis: metrics: enabled: false serviceMonitor: enabled: false + +global: + domain: argo.badhouseplants.net + server: + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + ingressClassName: traefik + tls: true metrics: enabled: true serviceMonitor: enabled: false extraArgs: - --insecure + servicePort: + servicePortHttp: 80 + servicePortHttps: 80 repoServer: metrics: @@ -71,6 +74,8 @@ repoServer: - name: regcred configs: + params: + server.insecure: true rbac: policy.default: role:readonly scopes: "[email, group]" diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 47d6a99..45b25ef 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,125 +1,67 @@ -istio-gateway: +traefik: enabled: true - gateways: - - name: badhouseplants-email - servers: - - hosts: - - "*" - port: - name: smtp - number: 25 - protocol: TCP - - hosts: - - "*" - port: - name: pop3 - number: 110 - protocol: TCP - - hosts: - - "*" - port: - name: imap - number: 143 - protocol: TCP - - hosts: - - "*" - port: - name: smtps - number: 465 - protocol: TCP - - hosts: - - "*" - port: - name: submission - number: 587 - protocol: TCP - - hosts: - - "*" - port: - name: imaps - number: 993 - protocol: TCP - - hosts: - - "*" - port: - name: pop3s - number: 995 - protocol: TCP -istio: - enabled: true - istio: - - name: docker-mailserver-smpt - kind: tcp - gateway: badhouseplants-email + tcpRoutes: + - name: docker-mailserver-smtp service: docker-mailserver - hostname: badhouseplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: docker-mailserver-smpts - kind: tcp - gateway: badhouseplants-email - port_match: 465 - hostname: badhouseplants.net + - name: docker-mailserver-smtps + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtps port: 465 - name: docker-mailserver-smpt-startls - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 587 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtp-startls port: 587 - name: docker-mailserver-imap - kind: tcp - hostname: badhouseplants.net - gateway: badhouseplants-email - port_match: 143 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imap port: 143 - name: docker-mailserver-imaps - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 993 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imaps port: 993 - name: docker-mailserver-pop3 - kind: tcp - gateway: badhouseplants-email - port_match: 110 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3 port: 110 - name: docker-mailserver-pop3s - kind: tcp - gateway: badhouseplants-email - port_match: 993 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3s port: 993 - - name: docker-mailserver-rainloop - kind: http - gateway: istio-system/badhouseplants-net - hostname: mail.badhouseplants.net - service: docker-mailserver-rainloop - port: 80 rainloop: enabled: true ingress: - enabled: false + enabled: true + hosts: + - mail.badhouseplants.net + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: + - secretName: mail-tls-secret + hosts: + - mail.badhouseplants.net + demoMode: enabled: false domains: - badhouseplants.net - mail.badhouseplants.net ssl: - issuer: - name: badhouseplants-issuer - kind: ClusterIssuer - dnsname: badhouseplants.net - dns01provider: cloudflare - useExisting: false + useExisting: true + existingName: mail-tls-secret pod: dockermailserver: enable_fail2ban: "0" diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index e5aeb81..16d0606 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -30,6 +30,22 @@ celery: requests: cpu: 10m memory: 75Mi +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + host: funkwhale.badhouseplants.net + protocol: http + + tls: + - secretName: funkwhale-tls-secret + hosts: + - funkwhale.badhouseplants.net + extraEnv: FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_PROTOCOL: https @@ -39,8 +55,7 @@ persistence: size: 10Gi s3: enabled: false -ingress: - enabled: false + postgresql: enabled: false host: postgres16-postgresql.database-service.svc.cluster.local diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 4fb3a9d..607d4bd 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,25 +1,5 @@ --- # ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: gitea-http - kind: http - gateway: istio-system/badhouseplants-net - hostname: git.badhouseplants.net - service: gitea-http - port: 3000 - - name: gitea-ssh - kind: tcp - gateway: istio-system/badhouseplants-ssh - hostname: "*" - port_match: 22 - service: gitea-ssh - port: 22 -# ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator # ------------------------------------------ @@ -27,9 +7,27 @@ ext-database: enabled: true name: gitea-postgres16 instance: postgres16 + # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: git.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: gitea-tls-secret + hosts: + - git.badhouseplants.net replicaCount: 1 clusterDomain: cluster.local @@ -47,8 +45,6 @@ persistence: accessModes: - ReadWriteOnce -ingress: - enabled: false # ------------------------------------------ # -- Main Gitea settings # ------------------------------------------ @@ -125,3 +121,21 @@ postgresql-ha: enabled: false redis-cluster: enabled: false + +extraDeploy: + - | + {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ include "gitea.fullname" . }}-ssh + spec: + entryPoints: + - git-ssh + routes: + - match: HostSNI(`git.badhouseplants.net`) + services: + - name: "{{ include "gitea.fullname" . }}-ssh" + port: 22 + nativeLB: true + {{- end }} diff --git a/badhouseplants/values/values.local-path-provisioner.yaml b/badhouseplants/values/values.local-path-provisioner.yaml new file mode 100644 index 0000000..aa1d3e2 --- /dev/null +++ b/badhouseplants/values/values.local-path-provisioner.yaml @@ -0,0 +1,3 @@ +storageClass: + create: true + defaultClass: false diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index aba9e11..966fbac 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,81 +1,64 @@ --- -certificate: +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: enabled: true - certificate: - - name: mailu - secretName: mailu-certificate - issuer: - kind: ClusterIssuer - name: badhouseplants-issuer - dnsNames: - - badhouseplants.net - - "email.badhouseplants.net" + name: mailu-postgres16 + instance: postgres16 + extraDatabase: + enabled: true + name: roundcube-postgres16 + instance: postgres16 + # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: +traefik: enabled: true - istio: - - name: mailu-web - kind: http - gateway: istio-system/badhouseplants-net - hostname: email.badhouseplants.net + tcpRoutes: + - name: mailu-smtp service: mailu-front - port: 80 - - name: mailu-smpt - kind: tcp - gateway: badhouseplants-mail - service: mailu-front - hostname: email.badhousplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: mailu-smpts - kind: tcp - gateway: badhouseplants-mail - port_match: 465 - hostname: email.badhousplants.net + - name: mailu-smtps + match: HostSNI(`*`) service: mailu-front + entrypoint: smtps port: 465 - name: mailu-smpt-startls - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 587 + match: HostSNI(`*`) service: mailu-front + entrypoint: smtp-startls port: 587 - name: mailu-imap - kind: tcp - hostname: email.badhousplants.net - gateway: badhouseplants-mail - port_match: 143 + match: HostSNI(`*`) service: mailu-front + entrypoint: imap port: 143 - name: mailu-imaps - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 993 + match: HostSNI(`*`) service: mailu-front + entrypoint: imaps port: 993 - name: mailu-pop3 - kind: tcp - gateway: badhouseplants-mail - port_match: 110 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3 port: 110 - name: mailu-pop3s - kind: tcp - gateway: badhouseplants-mail - port_match: 993 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3s port: 993 subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - - post.badhouseplants.net + - badhouseplants.net + - email.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false @@ -85,13 +68,17 @@ limits: tls: outboundLevel: secure ingress: - enabled: false - tls: false + enabled: true + ingressClassName: traefik + tls: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 tlsFlavorOverride: mail - selfSigned: false - existingSecret: mailu-certificate - realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local - realIpHeader: "X-Envoy-External-Address" + realIpFrom: traefik.kube-system.svc.cluster.local + realIpHeader: "X-Real-IP" front: hostPort: enabled: false @@ -150,16 +137,18 @@ roundcube: mysql: enabled: false postgresql: + enabled: false +## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. +externalDatabase: + ## @param externalDatabase.enabled Set to true to use an external database enabled: true - auth: - enablePostgresUser: true - username: mailu - database: mailu - persistence: - enabled: false - storageClass: "" - accessMode: ReadWriteOnce - size: 2Gi + type: postgresql + existingSecret: mailu-postgres16-creds + existingSecretDatabaseKey: POSTGRES_DB + existingSecretUsernameKey: POSTGRES_USER + existingSecretPasswordKey: POSTGRES_PASSWORD + host: postgres16-postgresql.database-service.svc.cluster.local + port: 5432 rspamd: resources: requests: @@ -181,3 +170,10 @@ webmail: accessModes: [ReadWriteOnce] claimNameOverride: "" annotations: {} +global: + database: + roundcube: + database: applications-roundcube-postgres16 + username: applications-roundcube-postgres16 + existingSecret: roundcube-postgres16-creds + existingSecretPasswordKey: POSTGRES_PASSWORD diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index ef99a67..19b39a0 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -19,6 +19,39 @@ istio: service: minio port: 9000 +ingress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - s3.badhouseplants.net + tls: + - secretName: s3-tls-secret + hosts: + - s3.badhouseplants.net +consoleIngress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - minio.badhouseplants.net + tls: + - secretName: minio-tls-secret + hosts: + - minio.badhouseplants.net + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index b10de2e..7dd45d2 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,10 +1,6 @@ namespaces: - name: longhorn-system - - name: cert-manager - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - name: argo-system - name: nrodionov-application - name: minecraft-application @@ -15,18 +11,16 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: monitoring-system - name: bitwarden-application - name: database-service - name: mail-service - - name: istio-system - name: vaultwarden-application - name: woodpecker-ci - name: openvpn-service - - name: tandoor-application - name: badhouseplants-main labels: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application - name: kube-services + - name: applications \ No newline at end of file diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 14d1b8c..3582f47 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -17,7 +17,20 @@ ext-database: enabled: true name: nrodionov-mysql instance: mysql - +ingress: + enabled: true + pathType: ImplementationSpecific + hostname: dev.nrodionov.info + path: / + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: true + tlsWwwPrefix: false + selfSigned: false wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 9b9171b..5827bde 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -3,17 +3,26 @@ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: - enabled: true - istio: - - name: openvpn-tcp-xor - gateway: istio-system/badhouseplants-vpn - kind: tcp - port_match: 1194 - hostname: "*" - service: openvpn-xor - port: 1194 +# istio: + # enabled: true + # istio: + # - name: openvpn-tcp-xor + # gateway: istio-system/badhouseplants-vpn + # kind: tcp + # port_match: 1194 + # hostname: "*" + # service: openvpn-xor + # port: 1194 # ------------------------------------------ +traefik: + enabled: true + tcpRoutes: + - name: openvpn-xor + service: openvpn-xor + match: HostSNI(`*`) + entrypoint: openvpn + port: 1194 + storage: class: longhorn size: 512Mi diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml new file mode 100644 index 0000000..fb92321 --- /dev/null +++ b/badhouseplants/values/values.traefik.yaml @@ -0,0 +1,78 @@ +globalArguments: + - "--serversTransport.insecureSkipVerify=true" +service: + spec: + externalTrafficPolicy: Local +ports: + git-ssh: + port: 22 + expose: + default: true + exposedPort: 22 + protocol: TCP + openvpn: + port: 1194 + expose: + default: true + exposedPort: 1194 + protocol: TCP + valve-server: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: UDP + valve-rcon: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: TCP + smtp: + port: 25 + protocol: TCP + exposedPort: 25 + expose: + default: true + smtps: + port: 465 + protocol: TCP + exposedPort: 465 + expose: + default: true + smtp-startls: + port: 587 + protocol: TCP + exposedPort: 587 + expose: + default: true + imap: + port: 143 + protocol: TCP + exposedPort: 143 + expose: + default: true + imaps: + port: 993 + protocol: TCP + exposedPort: 993 + expose: + default: true + pop3: + port: 110 + protocol: TCP + exposedPort: 110 + expose: + default: true + pop3s: + port: 995 + protocol: TCP + exposedPort: 995 + expose: + default: true + minecraft: + port: 25565 + protocol: TCP + exposedPort: 25565 + expose: + default: true diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index b4afad8..8114432 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -61,3 +61,20 @@ vaultwarden: enabled: false logfile: "/data/vaultwarden.log" loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vault.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vault.badhouseplants.net diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml new file mode 100644 index 0000000..da8b043 --- /dev/null +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -0,0 +1,58 @@ +service: + port: 8080 +vaultwarden: + smtp: + host: mail.badhouseplants.net + security: "starttls" + port: 587 + from: vaulttest@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vaulttest.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vaulttest.badhouseplants.net" + signupsVerify: "true" + showPassHint: "false" + # database: + # existingSecret: vaultwarden-postgres16-creds + # existingSecretKey: CONNECTION_STRING + # connectionRetries: 15 + # maxConnections: 10 + storage: + enabled: false + # size: 1Gi + # class: longhorn + # dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vaulttest.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vaulttest.badhouseplants.net diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 202daca..62ced72 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,6 +18,22 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: ci.badhouseplants.net + paths: + - path: / + tls: + - secretName: woodpecker-tls-secret + hosts: + - ci.badhouseplants.net #image: # registry: git.badhouseplants.net # repository: allanger/woodpecker-server diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index e7afd09..753b7ae 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -1,12 +1,21 @@ -istio: +ingress: enabled: true - istio: - - name: zot - kind: http - gateway: istio-system/badhouseplants-net - hostname: registry.badhouseplants.net - service: zot - port: 5000 + className: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + pathtype: ImplementationSpecific + hosts: + - host: registry.badhouseplants.net + paths: + - path: / + tls: + - secretName: zot-secret-tls + hosts: + - registry.badhouseplants.net strategy: type: Recreate service: diff --git a/common/values.database.yaml b/common/values.database.yaml index 6685015..eba45ae 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -23,3 +23,28 @@ ext-database: secret: true {{- end }} {{- end }} + + - | + {{- if (.Values.extraDatabase).enabled }} + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.extraDatabase.name }}" + spec: + secretName: "{{ .Values.extraDatabase.name }}-creds" + instance: "{{ .Values.extraDatabase.instance }}" + deletionProtected: true + backup: + enable: false + cron: 0 0 * * * + {{- if .Values.extraDatabase.credentials }} + credentials: + templates: + {{- range $key, $value := .Values.extraDatabase.credentials }} + - name: {{ $key }} + template: {{ $value }} + secret: true + {{- end }} + {{- end }} + {{- end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml new file mode 100644 index 0000000..b995d25 --- /dev/null +++ b/common/values.tcp-route.yaml @@ -0,0 +1,20 @@ +--- +traefik: + templates: + - | + {{ range .Values.tcpRoutes }} + --- + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ .name }} + spec: + entryPoints: + - {{ .entrypoint }} + routes: + - match: {{ .match }} + services: + - name: {{ .service }} + nativeLB: true + port: {{ .port }} + {{- end }} \ No newline at end of file diff --git a/common/values.tcproute.yaml b/common/values.tcproute.yaml new file mode 100644 index 0000000..05e0d89 --- /dev/null +++ b/common/values.tcproute.yaml @@ -0,0 +1,13 @@ +--- +tcproute: + templates: + - | + --- + {{ range .Values.routes }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ printf "%s-%s" .Release.Name .name }} + spec: + {{ tpl (.routes | toYaml | indent 2 | toString) $ }} + {{ end }} diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index d861bbd..677999c 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,6 +7,21 @@ releases: namespace: openvpn-service createNamespace: false + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index deefdb1..ba51cc3 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -95,6 +95,10 @@ buckets: policy: none purge: false versioning: false + - name: velero-test + policy: none + purge: false + versioning: false - name: restic policy: none purge: false diff --git a/helmfile.yaml b/helmfile.yaml index de9aa6b..735e9ba 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,24 +11,9 @@ releases: namespace: kube-system createNamespace: false - - <<: *istio-base - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istio-gateway - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istiod - installed: true - namespace: istio-system - createNamespace: false - - <<: *cert-manager installed: true - namespace: cert-manager + namespace: kube-system createNamespace: false - <<: *minio @@ -38,17 +23,17 @@ releases: - <<: *metallb installed: true - namespace: metallb-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *reflector installed: true - namespace: reflector-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *metallb-resources installed: true - namespace: metallb-system + namespace: kube-system createNamespace: false helmfiles: diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index f6d57f9..bc5f0b1 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -31,7 +31,7 @@ metadata: namespace: debug spec: rules: - - host: httpbin.rocks + - host: "httpbin.badhouseplants.net" http: paths: - path: / diff --git a/manifests/httpo1-cluster-issuer.yaml b/manifests/httpo1-cluster-issuer.yaml new file mode 100644 index 0000000..547b892 --- /dev/null +++ b/manifests/httpo1-cluster-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/instance: cluster-issuer + app.kubernetes.io/name: acme-cluster-issuer + name: badhouseplants-issuer-http01 +spec: + acme: + email: allanger@zohomail.com + preferredChain: "" + privateKeySecretRef: + name: badhouseplants-issuer-htt01-account-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + ingressClassName: traefik diff --git a/releases.yaml b/releases.yaml index ac52cdf..c8797c2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,4 +1,3 @@ ---- templates: # --------------------------- # -- Hooks @@ -49,6 +48,14 @@ templates: values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + ext-tcp-routes: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: traefik + values: + - '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml' + ext-istio-resource: dependencies: - chart: bedag/raw @@ -56,6 +63,7 @@ templates: alias: istio values: - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: dependencies: - chart: bedag/raw @@ -137,25 +145,24 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.5 + version: 1.15.0 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.1 + version: 1.6.2 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.9.3 + version: 7.1.3 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource monitoring-common: labels: @@ -170,7 +177,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: crd-management-hook - - template: ext-istio-resource loki: &loki name: loki @@ -231,10 +237,10 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.3.0 + version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource + - template: ext-tcp-routes openvpn: &openvpn name: openvpn @@ -242,7 +248,6 @@ templates: version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource # ---------------------------- # -- Drone # ---------------------------- @@ -256,7 +261,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: drone-common drone-runner-docker: &drone-runner-docker @@ -271,21 +275,19 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.3.0 + version: 1.4.0 inherit: - template: ext-database - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.11 + version: 22.4.10 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource minio: &minio name: minio @@ -294,16 +296,14 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.4 + version: 10.2.0 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database funkwhale: &funkwhale @@ -313,7 +313,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database bitwarden: &bitwarden @@ -323,12 +322,11 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource redis: &redis name: redis chart: bitnami/redis - version: 19.3.3 + version: 19.5.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +334,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.3.3 + version: 15.5.5 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +355,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.4 + version: 11.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -368,8 +366,7 @@ templates: version: 2.3.1 inherit: - template: default-env-values - - template: ext-istio-gateway - - template: ext-istio-resource + - template: ext-tcp-routes vaultwarden: &vaultwarden name: vaultwarden @@ -378,9 +375,16 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database + vaultwarden-test: &vaultwardentest + name: vaultwardentest + chart: allanger-gitea/vaultwarden + version: 1.2.0 + inherit: + - template: default-env-values + - template: default-env-secrets + reflector: &reflector name: reflector chart: emberstack/reflector @@ -393,8 +397,9 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-certificate + - template: ext-tcp-routes + - template: ext-database tandoor: &tandoor name: tandoor @@ -403,13 +408,12 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database coredns: &coredns name: coredns chart: coredns/coredns - version: 1.29.0 + version: 1.31.0 namespace: kube-system inherit: - template: default-env-values @@ -417,7 +421,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.5 + version: 1.15.6 createNamespace: false namespace: kube-system inherit: @@ -426,23 +430,14 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.54 - createNamespace: false - namespace: kube-services - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - chartmuseum: &chartmuseum - name: chartmuseum - chart: chartmuseum/chartmuseum - version: 3.10.2 + version: 0.1.56 createNamespace: false namespace: kube-services inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel name: keel chart: keel/keel @@ -450,4 +445,20 @@ templates: createNamespace: false namespace: kube-system - + traefik: &traefik + name: traefik + chart: traefik/traefik + version: 28.2.0 + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + + local-path-provisioner: &local-path-provisioner + name: local-path-provisioner + chart: local-path-provisioner/local-path-provisioner + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + diff --git a/repositories.yaml b/repositories.yaml index 2900540..5ffcf86 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -31,8 +31,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + # - name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker @@ -59,3 +59,7 @@ repositories: url: https://chartmuseum.github.io/charts - name: keel url: https://charts.keel.sh + - name: traefik + url: https://traefik.github.io/charts + - name: local-path-provisioner + url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 -- 2.45.2 From d6d93998cb6b16d74f20616d2c2adb21af7e4f78 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 20:45:50 +0200 Subject: [PATCH 314/316] Update traefik --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index c8797c2..3092fe6 100644 --- a/releases.yaml +++ b/releases.yaml @@ -448,7 +448,7 @@ templates: traefik: &traefik name: traefik chart: traefik/traefik - version: 28.2.0 + version: 28.3.0 createNamespace: false namespace: kube-system inherit: -- 2.45.2 From 697e5f374651c757719aa79a662f7875c95f4076 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Jun 2024 17:23:33 +0200 Subject: [PATCH 315/316] Add a storage to the vaultwarden test --- badhouseplants/values/values.vaultwardentest.yaml | 14 +++++++------- releases.yaml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml index da8b043..7796066 100644 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -20,21 +20,21 @@ vaultwarden: port: "8080" workers: "10" webVaultEnabled: "true" - signupsAllowed: false + signupsAllowed: true invitationsAllowed: true signupDomains: "https://vaulttest.badhouseplants.net" - signupsVerify: "true" - showPassHint: "false" + signupsVerify: false + showPassHint: true # database: # existingSecret: vaultwarden-postgres16-creds # existingSecretKey: CONNECTION_STRING # connectionRetries: 15 # maxConnections: 10 storage: - enabled: false - # size: 1Gi - # class: longhorn - # dataDir: /data + enabled: true + size: 512Mi + class: longhorn + dataDir: /data logging: enabled: false logfile: "/data/vaultwarden.log" diff --git a/releases.yaml b/releases.yaml index 3092fe6..f07b763 100644 --- a/releases.yaml +++ b/releases.yaml @@ -275,7 +275,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.4.0 + version: 1.5.0 inherit: - template: ext-database - template: default-env-values -- 2.45.2 From 14dbe234eaac4d3a0412982c9e2dda010e607d36 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 22 Jun 2024 13:28:53 +0200 Subject: [PATCH 316/316] Cleanup namespaces --- badhouseplants/values/values.namespaces.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 7dd45d2..c11513c 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -11,7 +11,6 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: bitwarden-application - name: database-service - name: mail-service - name: vaultwarden-application @@ -21,6 +20,4 @@ namespaces: labels: istio-injection: enabled - name: badhouseplants-preview - - name: mailu-application - name: kube-services - - name: applications \ No newline at end of file -- 2.45.2