From 6181a09e2eb02b81939d80755a1143df26ef2e3a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 20:29:42 +0200 Subject: [PATCH 001/164] Remove the deprecated `drone-kube-runner` Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/96 --- badhouseplants/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b458b1f..c8bec73 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -8,7 +8,7 @@ releases: createNamespace: false - <<: *drone-runner-kube - installed: true + installed: false namespace: drone-service createNamespace: false -- 2.49.0 From 903e0e2d476dfa1dfb05a036bcb63d0f6a68e9bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 20:37:43 +0200 Subject: [PATCH 002/164] Cleanup after `drone-runner-kube` removing Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/96 --- badhouseplants/helmfile.yaml | 5 ---- .../values/secrets.drone-runner-kube.yaml | 23 ------------------- .../values/values.drone-runner-kube.yaml | 12 ---------- releases.yaml | 9 -------- 4 files changed, 49 deletions(-) delete mode 100644 badhouseplants/values/secrets.drone-runner-kube.yaml delete mode 100644 badhouseplants/values/values.drone-runner-kube.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index c8bec73..caf29b0 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -7,11 +7,6 @@ releases: namespace: drone-service createNamespace: false - - <<: *drone-runner-kube - installed: false - namespace: drone-service - createNamespace: false - - <<: *longhorn installed: true namespace: longhorn-system diff --git a/badhouseplants/values/secrets.drone-runner-kube.yaml b/badhouseplants/values/secrets.drone-runner-kube.yaml deleted file mode 100644 index cc83446..0000000 --- a/badhouseplants/values/secrets.drone-runner-kube.yaml +++ /dev/null @@ -1,23 +0,0 @@ -env: - DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:wqUNt9o/+7fan2wxSfZjb4X3Ogk=,iv:IMc/dxu+ZN+PcbBMz+Z5J2JOAR3a6fuCdCx8XPtop4k=,tag:AryXmU1xrSCfAzZehvGvYg==,type:str] - DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 - Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi - aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ - em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh - DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-21T09:07:35Z" - mac: ENC[AES256_GCM,data:4MIzNp44+5zPPOhiq5elk5JIrpVeiDG8/aYXxh9Xoch4f5L4omywoXk9znRVwXlaaL2FVS0RnOXvUrmWagdX0f5LTDE0WoThXIgL2YRayHEAISW8uu+auaLIE5qPT7rEI/JLHQhdSuczVYLNj3P2jOKK7XPAuV2E/65DXkvESGk=,iv:0OuRk8Ur+aU33DXn9KPIv+qW8RU/q0599AVRduQS2rQ=,tag:G7ygruy60cuDKgJFB3uoGQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/badhouseplants/values/values.drone-runner-kube.yaml b/badhouseplants/values/values.drone-runner-kube.yaml deleted file mode 100644 index 0ce5ba2..0000000 --- a/badhouseplants/values/values.drone-runner-kube.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -env: - DRONE_RPC_HOST: drone.badhouseplants.net - DRONE_RPC_PROTO: https - DRONE_NAMESPACE_DEFAULT: drone-service - DRONE_RESOURCE_LIMIT_CPU: 300 - DRONE_RESOURCE_REQUEST_CPU: 100 - DRONE_RESOURCE_LIMIT_MEMORY: 2048Mi - DRONE_RESOURCE_REQUEST_MEMORY: 512Mi -rbac: - buildNamespaces: - - drone-service diff --git a/releases.yaml b/releases.yaml index 071cb80..116503f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -204,15 +204,6 @@ templates: - template: ext-istio-resource - template: drone-common - drone-runner-kube: &drone-runner-kube - name: drone-runner-kube - chart: drone/drone-runner-kube - version: 0.1.10 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: drone-common - drone-runner-docker: &drone-runner-docker name: drone-runner-docker chart: drone/drone-runner-docker -- 2.49.0 From 5ff279ef0339b6aa44abdec0b228859e5afce025 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 21:11:54 +0200 Subject: [PATCH 003/164] chore(minecraft): Upgrade the Paper version --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index c6ccfb5..d005fc1 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -58,7 +58,7 @@ minecraftServer: version: 1.20.1 maxWorldSize: 90000 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/68/downloads/paper-1.20.1-68.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar gameMode: survival pvp: true memory: 2512M -- 2.49.0 From 0b23d53f10e2268b42e15538dae9e97b1c1121b8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 22:17:42 +0200 Subject: [PATCH 004/164] chore(gitea): Upgrade the gitea chart version The maintainer of the chart release a breaking chage, so this migration was not easy. After the upgrade, I've copied all the data from the previous installation, because the ReplicaSet provided was switched from the StatefulSet to Deployment. Issue: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/issues/86 --- badhouseplants/values/values.gitea.yaml | 67 +++++++++++++------------ releases.yaml | 4 +- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index fa9b60e..7fed6e9 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -19,12 +19,17 @@ istio: port_match: 22 service: gitea-ssh port: 22 - +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ ext-database: enabled: true name: gitea-postgres instance: postgres - +# ------------------------------------------ +# -- Kubernetes related values +# ------------------------------------------ replicaCount: 1 clusterDomain: cluster.local @@ -38,39 +43,20 @@ resources: persistence: enabled: true - size: 10Gi + size: 6Gi accessModes: - ReadWriteOnce - labels: {} - annotations: {} - -memcached: - enabled: true - service: - port: 11211 - resources: - requests: - cpu: 10m -postgresql: - auth: - postgresPassword: check - enabled: false - global: - postgresql: - servicePort: 5432 - persistence: - size: 10Gi - resources: - requests: - cpu: 50m ingress: enabled: false - +# ------------------------------------------ +# -- Main Gitea settings +# ------------------------------------------ gitea: metrics: enabled: true serviceMonitor: + # -- TODO(@allanger): Enable it once prometheus is configured enabled: false config: database: @@ -82,7 +68,7 @@ gitea: ui: meta: AUTHOR: Bad Houseplants - DESCRIPTION: by allanger + DESCRIPTION: ...by allanger repository: DEFAULT_BRANCH: main MAX_CREATION_LIMIT: 0 @@ -94,6 +80,7 @@ gitea: ROOT_URL: https://git.badhouseplants.net LFS_START_SERVER: true LANDING_PAGE: explore + START_SSH_SERVER: true admin: DISABLE_REGULAR_ORG_CREATION: true packages: @@ -107,14 +94,28 @@ gitea: oauth2_client: REGISTER_EMAIL_CONFIRM: false ENABLE_AUTO_REGISTRATION: true -statefulset: - env: - - name: DOMAIN - value: git.badhouseplants.net - - name: START_SSH_SERVER - value: "true" + # -------------------------------------- + # -- Redis settings + # -------------------------------------- + session: + PROVIDER: redis + PROVIDER_CONFIG: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& + cache: + ENABLED: true + ADAPTER: redis + HOST: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& + queue: + TYPE: redis + CONN_STR: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& service: ssh: type: ClusterIP port: 22 clusterIP: +# ------------------------------------------ +# -- Disabled dependencies +# ------------------------------------------ +postgresql-ha: + enabled: false +redis-cluster: + enabled: false \ No newline at end of file diff --git a/releases.yaml b/releases.yaml index 116503f..5a9b582 100644 --- a/releases.yaml +++ b/releases.yaml @@ -242,7 +242,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 8.3.0 + version: 9.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -305,4 +305,4 @@ templates: version: 1.4.2 inherit: - template: default-env-values - - template: default-env-secrets \ No newline at end of file + - template: default-env-secrets -- 2.49.0 From 39eff42bda73df863d6a84f5713779918a1b9a6c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 29 Jul 2023 22:26:45 +0200 Subject: [PATCH 005/164] Update the leaked redis password Also updated for Gitea and Funkwhale --- badhouseplants/values/secrets.funkwhale.yaml | 6 +++--- badhouseplants/values/secrets.gitea.yaml | 18 ++++++++---------- badhouseplants/values/secrets.redis.yaml | 9 ++++++--- badhouseplants/values/values.gitea.yaml | 6 ------ 4 files changed, 17 insertions(+), 22 deletions(-) diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 8655857..bc30824 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -4,7 +4,7 @@ postgresql: password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] redis: auth: - password: ENC[AES256_GCM,data:aeU0t+HU/SYw2e4Ka/xUFecc+dw=,iv:+sqbnts+Sammd5RyEMpYwbcpOuFISamwessi4ZyPfxE=,tag:B+77buXXmAi9qGNpHgZ/BQ==,type:str] + password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +20,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T17:45:04Z" - mac: ENC[AES256_GCM,data:5SQLrGXu7BxhIpQYtv9gW3hyX9kC9Gdpjlqm8UcL803qOQxHSz0BryzEEot//K0ka8cud+uRWQUfNairZYWj6uBNkcM+aFy2kZUKMMozBShi+5kd0BzC1TNYhxaOXmfjTE2bjjdFBFW5xmIqnu15DmzqPU2cxjpGQuea8ol0G/c=,iv:G/IlEOU2hbYa3czcd0n4T/l52if6W4nx43ZKCchX3bQ=,tag:wfEzMjeiIAMMBIgIjaOYOg==,type:str] + lastmodified: "2023-07-29T20:22:20Z" + mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 86388fa..24357eb 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,11 +1,3 @@ -postgresql: - global: - postgresql: - auth: - database: ENC[AES256_GCM,data:Cy0E9Sw=,iv:d68IzroVmsj4Y5QOgSlev7g+kTeovg29cEe2wLnWA50=,tag:pl5RqMwMtrSZgoGBkUCE9w==,type:str] - username: ENC[AES256_GCM,data:JJBW6Xs=,iv:M7EQ9UeNqjgG8B0ZAp0zHnFXHPzu+GskhyxVt0pxoJE=,tag:ujwxxXJwgpqYf7XZyXySCg==,type:str] - password: ENC[AES256_GCM,data:Fqnl7GQhgpFFRH72ZWeCsfeQjAQ=,iv:0O3zUWRAOjmc2MzOPIWj5Fq5bsemoGRBRk1u3/gU9ro=,tag:4bkQKMU1WTjRxiS10IzssQ==,type:str] - postgresPassword: ENC[AES256_GCM,data:qlLEaSfvrcROlA==,iv:3jDMPZtK/Jnjt2KXKLUlTDHOvObgjI1Q5U2UlFsivaE=,tag:tuaGHQzKD26JO6X5HAiXTw==,type:str] gitea: admin: username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] @@ -15,6 +7,12 @@ gitea: ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] database: PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str] + session: + PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] + cache: + HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] + queue: + CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] oauth: - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] @@ -35,8 +33,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-26T20:46:45Z" - mac: ENC[AES256_GCM,data:ZZ5KeUmc5FqFIfZKkVfmu9s2YWCbFULgHiF8JMjgyIYqnUkE1gSPq7PqCJFnHuDmg9b9QKw7KbT1SgCTY9UXcZ2h8xQGQ6SrU3oDBVLGG+tJovTqAgeEAy3WUqSensAw86OHVbQafC+urO7pW83suGVBp19vhT7lNm3tpM43i08=,iv:RXnqoZy/p8wJEDV2jtbzQWfvAOJpAEc3SFso+bVtZsg=,tag:vBvtEm9Q/pEKeD9ek+xWVA==,type:str] + lastmodified: "2023-07-29T20:30:31Z" + mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.redis.yaml b/badhouseplants/values/secrets.redis.yaml index 13a18e0..14b99c2 100644 --- a/badhouseplants/values/secrets.redis.yaml +++ b/badhouseplants/values/secrets.redis.yaml @@ -1,6 +1,9 @@ global: redis: - password: ENC[AES256_GCM,data:kf/oRSCxPziRerU2Z4AqXJk/fp4=,iv:6d3t4cbjbcI8Wnw5dmO6NkOVuApf+DWEkXd6j5T17Lw=,tag:VzUwTP2+w8iwwkZOjMbdCQ==,type:str] + #ENC[AES256_GCM,data:QRLnzdJ/lmaItppUMOZO33kySISWDfMdjr2nrEjBuhucnoglEVNF9Wy5IVbt5CNERajCADTVWNy/N40uCv+9n3PQVKl+Ki6YV+Q24Bzy,iv:8PvJ2yU7AW+/XkP+/9OQcrdCVAomnRexkNNw+2rjoho=,tag:U4gbrqqBwvXC63qn7jFmPQ==,type:comment] + #ENC[AES256_GCM,data:69gagNeejZaafGWo/Rll,iv:kW13FOrc/j//BxVj4JgEC0G/DQIOPHil0uNXpOM2/W0=,tag:sqviMlgQHiN397ukswoNsg==,type:comment] + #ENC[AES256_GCM,data:C8ta7Vtb3LpOotE=,iv:Kdat2trhQIQHxIpD7xhUoLRYo+a4PgzpB+S0w32somA=,tag:jgH656M8a14QhA//sN6MGg==,type:comment] + password: ENC[AES256_GCM,data:qdV5FH2K4w9gj4SFznfflY8Uw3ohSCO4lOE4Hea4,iv:/XYT2xiHlfRB1NLkw+Qm/QaWehvs9v8PUp2ZfMxeyRA=,tag:06XSi3K7y+9a50nZK1LAfQ==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +19,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T17:44:01Z" - mac: ENC[AES256_GCM,data:iV7/1P+LppuGxIE0djzw/Vc/GCSRPsdclx6je9f1UHgg7FV9rjdqCr0lN/JfcqOC9z/HfPoQX3cWh3hADABKV+8DvYtFGfIYIbt1+wdg7xM7pAXh6ffsOK8iOg9Fy1L1AoHe61W8Wmp5I5woExTUSRb3ZdNNIcBSjUbRhjAtYZ4=,iv:HJ9joQgY3xdJWQhGiqEmS3Ei95TbFM4ocQ99n2N+e4Q=,tag:W3D7YMLvMPVYGmDO1oClPQ==,type:str] + lastmodified: "2023-07-29T20:22:15Z" + mac: ENC[AES256_GCM,data:DIdcvQXu7rivXdPFPjfzs1AeJ5bRvUBD+Hq9mH7Hp/+iqrG03fWSF2NF1ra8KfEIg6TDsyMnQLWvipxBlA654BLBNrABFoGwLsdVsATBORz0kNNY862qfyhSOaaTBHTWhPVpbjGnYav+bi5pfvbLC9yJm3SjIRtUbnaNVWvqMq0=,iv:d7SaPZLb/px7fy+bGJnH3bfNBmqbhwMijyNB0jfYgLE=,tag:LT5hJoDcSiP5FVgj0M2sCA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 7fed6e9..b2e5639 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -94,19 +94,13 @@ gitea: oauth2_client: REGISTER_EMAIL_CONFIRM: false ENABLE_AUTO_REGISTRATION: true - # -------------------------------------- - # -- Redis settings - # -------------------------------------- session: PROVIDER: redis - PROVIDER_CONFIG: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& cache: ENABLED: true ADAPTER: redis - HOST: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& queue: TYPE: redis - CONN_STR: redis://:gtCkXoSg82Aeimj5WYYX@redis-master.database-service.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s& service: ssh: type: ClusterIP -- 2.49.0 From 06837fd283e42556fb67fca4dd90e81512d4e19c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 30 Jul 2023 16:19:00 +0200 Subject: [PATCH 006/164] chore: Upgrade outdated releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index 5a9b582..d658945 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.2 + version: 1.12.3 set: - name: installCRDs value: true @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.41.1 + version: 5.42.0 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 48.1.2 + version: 48.2.2 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.8.9 + version: 5.9.2 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.11.7 + version: 6.11.9 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.18.1 + version: 1.18.2 istio-base: &istio-base name: istio-base @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.33 + version: 16.1.34 inherit: - template: default-env-values - template: default-env-secrets @@ -281,7 +281,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.13.2 + version: 17.14.3 inherit: - template: default-env-values - template: default-env-secrets @@ -289,7 +289,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.6.8 + version: 12.7.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 3acfcb93fb410c8c83c44576c85e1e6b0dab191d Mon Sep 17 00:00:00 2001 From: RNRod Date: Sun, 30 Jul 2023 17:37:19 +0200 Subject: [PATCH 007/164] install and configure mysql server create an empty db in wordpress create db-instance to watch mysql server --- badhouseplants/helmfile.yaml | 6 +++++ .../values/secrets.db-instances.yaml | 8 +++++-- badhouseplants/values/secrets.mysql.yaml | 23 +++++++++++++++++++ .../values/values.db-instances.yaml | 10 ++++++++ badhouseplants/values/values.mysql.yaml | 7 ++++++ badhouseplants/values/values.nrodionov.yaml | 5 ++++ releases.yaml | 9 ++++++++ 7 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 badhouseplants/values/secrets.mysql.yaml create mode 100644 badhouseplants/values/values.mysql.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index caf29b0..54887d1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -77,6 +77,12 @@ releases: namespace: database-service createNamespace: true + - <<: *mysql + installed: true + namespace: database-service + createNamespace: true + + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index 4018bea..0bbdbe7 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -3,6 +3,10 @@ dbinstances: secrets: adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] + mysql: + secrets: + adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] + adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +22,8 @@ sops: Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-21T14:01:22Z" - mac: ENC[AES256_GCM,data:tH/XnZOmYYygzMEcJduyCX3qXX5t8vEIwh4PwXXpsgfUvM7kKzbEEMDq4vyxIO5ht7ixXs8HRVKC2hK8Jn4d9/theXXTaxxeZvtUK23og01S5kyRJdlJpx5J3+soHKlkegbSH4JiQPRNgO7rf1PFIM6n++KtFvnBkrDdYD1c6Pw=,iv:VOiVwRRrqAp6fLjxGnZ0hvFxqOFrhgKu8lom2MrtDnw=,tag:+OjBhUpvplsLzRFrScmPJA==,type:str] + lastmodified: "2023-07-30T15:07:28Z" + mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/secrets.mysql.yaml b/badhouseplants/values/secrets.mysql.yaml new file mode 100644 index 0000000..52fd510 --- /dev/null +++ b/badhouseplants/values/secrets.mysql.yaml @@ -0,0 +1,23 @@ +auth: + rootPassword: ENC[AES256_GCM,data:X7htluDDokepRf8GVV4eu+pGM2o=,iv:DJ893dKr/4SFBEl8HnYv2PMb3Nb2AfL1RVgN2QmDRmA=,tag:W6QX7k92P7bgi3Ji/64xHg==,type:str] + password: ENC[AES256_GCM,data:hlXWCWbFnmbuUg==,iv:d9ZmklpwJa13wyNjrqNfFMEbJDSQ+NeyB4gj+59g09Q=,tag:Ps4oq5XWDIx7HnvCCnB/FQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-30T15:06:09Z" + mac: ENC[AES256_GCM,data:oiigjlyNoSm5hcdB58MWUxhqcYzE5XtA5LEDUCUX4r0inNd8UuLP029jz6bvQ7E/wFpiGNVTFAlFB1HA/YVwai/siovy5H2DL6g4LS3k+fxLKc3lwo3BvkaBi9X2aYu7vGBJpNe3KxBdWFyjkEQVoux1RD8JJBYNquMu9tW3K/g=,iv:1H7pF0Tr6GcgDt9ItXiTBOTFa55wb9pOdTF3jNJlPiY=,tag:dQ9nrAKr+qo4JpqD2wJXjg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index c03513c..fbf15f5 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -10,3 +10,13 @@ dbinstances: generic: host: postgres-postgresql port: 5432 + mysql: + monitoring: + enabled: false + adminSecretRef: + Name: mysql-secret + Namespace: database-service + engine: mysql + generic: + host: mysql + port: 3306 diff --git a/badhouseplants/values/values.mysql.yaml b/badhouseplants/values/values.mysql.yaml new file mode 100644 index 0000000..d8519fb --- /dev/null +++ b/badhouseplants/values/values.mysql.yaml @@ -0,0 +1,7 @@ +primary: + persistence: + size: 500Mi + +auth: + createDatabase: false + \ No newline at end of file diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 1e4c1bb..7798c6b 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -13,6 +13,11 @@ istio: service: nrodionov-wordpress port: 8080 +ext-database: + enabled: true + name: nrodionov-mysql + instance: mysql + wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/releases.yaml b/releases.yaml index d658945..8cb6e46 100644 --- a/releases.yaml +++ b/releases.yaml @@ -221,6 +221,7 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + - template: ext-database minio: &minio name: minio @@ -306,3 +307,11 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + + mysql: &mysql + name: mysql + chart: bitnami/mysql + version: 9.10.9 + inherit: + - template: default-env-values + - template: default-env-secrets -- 2.49.0 From b24cbadbd48125103dd7b8b1c3f9f07d12e56108 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 17 Jul 2023 07:08:25 +0200 Subject: [PATCH 008/164] Install iredmail --- badhouseplants/helmfile.yaml | 5 +++++ badhouseplants/values/secrets.iredmail.yaml | 25 +++++++++++++++++++++ badhouseplants/values/values.iredmail.yaml | 4 ++++ releases.yaml | 5 +++++ repositories.yaml | 5 +++++ 5 files changed, 44 insertions(+) create mode 100644 badhouseplants/values/secrets.iredmail.yaml create mode 100644 badhouseplants/values/values.iredmail.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 54887d1..d65f1ec 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -76,6 +76,11 @@ releases: installed: true namespace: database-service createNamespace: true + + - <<: *iredmail + installed: true + namespace: iredmail-service + createNamespace: true - <<: *mysql installed: true diff --git a/badhouseplants/values/secrets.iredmail.yaml b/badhouseplants/values/secrets.iredmail.yaml new file mode 100644 index 0000000..e2f189e --- /dev/null +++ b/badhouseplants/values/secrets.iredmail.yaml @@ -0,0 +1,25 @@ +config: + env: + FIRST_MAIL_DOMAIN_ADMIN_PASSWORD: ENC[AES256_GCM,data:dcrMgiX2egbSllo4esVRcJ340oQBRpVkRA==,iv:NQpe96WmGRAnLmeAK0VT/zdJ8MS/8RfAJIwNsL8alHY=,tag:CjppOC4SEW7a9u4Q2xlm8g==,type:str] + MLMMJADMIN_API_TOKEN: ENC[AES256_GCM,data:OxsD/v9ACQuoyHrxZmIdq8TUqmbWCh8GhGaSQTBGfS+vp+v2rdfKIm4WTnI=,iv:68Vli4aaCOiFixooz5cHABuRLuOrw9/HNpBNQzVwAkg=,tag:RXBXFzGCOO6MhoeNhES/+w==,type:str] + ROUNDCUBE_DES_KEY: ENC[AES256_GCM,data:RZni9nCThb9xzzNrN6JTQsLetnMB9cSo1L7hwLERnbA=,iv:L3r0I8sQkoicwy6odvuF3HfIEDQVgnOtn/OMpF16Dis=,tag:ZFaoIywA+FJ/GHAZAGjU2g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZlAvUXJBdzM3RjJMdHNG + SjRpSTBYNUs5NEoxRFdLZDN0a2IyQlp1ODB3CnQycFk3SkM2Ny82U1RZZmE1cWxG + TTQxUzhWRWlPQmxYUnN5dVJpb0FWa1EKLS0tIDZSK1NvSmNUQkZucFJCM3FiRHlI + L0VKb2JCc29XWjVkODJxTmxPZXZJc3MKyDy9BH0W1OgEONm3PLCskOWtIr2YW2V8 + 3Lc0Au6lLYetVCvSB82/uylZBHc9yQ2rNdLBUrm1zyDZJW/BmNpVLQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-07-17T05:06:27Z" + mac: ENC[AES256_GCM,data:WP9F1N5ZTYwJk3UfiSwf/QJHp06pawdbu6kUBOMTq1tWOZ/zhCRe0vJzU7alUxhw1RZu8f6tUNeh6qXxt/4mrSuy5dRjOKOJyRioIcRCdg4Z+2jVycDAA2VlPB1oDQj0CIdrW4hvM02KZKxcOy9KP8iRQaYqLlhvWrTAQZ9HAIA=,iv:d/wZUbaU9EkBPRIxqCDDXpp8AMjjHnXxej726q37Ni4=,tag:AC4FvAFBTYOcI02bFD+MHw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.iredmail.yaml b/badhouseplants/values/values.iredmail.yaml new file mode 100644 index 0000000..fd50394 --- /dev/null +++ b/badhouseplants/values/values.iredmail.yaml @@ -0,0 +1,4 @@ +config: + env: + HOSTNAME: mail.badhouseplants.net + FIRST_MAIL_DOMAIN: badhouseplants.net \ No newline at end of file diff --git a/releases.yaml b/releases.yaml index 8cb6e46..5795255 100644 --- a/releases.yaml +++ b/releases.yaml @@ -279,6 +279,11 @@ templates: - template: default-env-secrets - template: ext-istio-resource + iredmail: &iredmail + name: iredmail + chart: allanger-gitea/iredmail + version: 0.1.0 + redis: &redis name: redis chart: bitnami/redis diff --git a/repositories.yaml b/repositories.yaml index abaff21..aac9a35 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -32,7 +32,12 @@ repositories: url: https://prometheus-community.github.io/helm-charts - name: grafana url: https://grafana.github.io/helm-charts +<<<<<<< HEAD - name: bitwarden url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts +======= + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm +>>>>>>> 28d01f6 (Install iredmail) -- 2.49.0 From 38a1b5f5b3adaeb9a5153fcbffe010156045f1ea Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 30 Jul 2023 16:20:44 +0200 Subject: [PATCH 009/164] Uninstall ireadmail It's not working anyway --- badhouseplants/helmfile.yaml | 2 +- repositories.yaml | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index d65f1ec..d931a53 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -78,7 +78,7 @@ releases: createNamespace: true - <<: *iredmail - installed: true + installed: false namespace: iredmail-service createNamespace: true diff --git a/repositories.yaml b/repositories.yaml index aac9a35..347833f 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -32,12 +32,9 @@ repositories: url: https://prometheus-community.github.io/helm-charts - name: grafana url: https://grafana.github.io/helm-charts -<<<<<<< HEAD - name: bitwarden url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts -======= - name: allanger-gitea url: https://git.badhouseplants.net/api/packages/allanger/helm ->>>>>>> 28d01f6 (Install iredmail) -- 2.49.0 From bb3fe7c359ca9e8a90ba00534f93d3c5843bb6a5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 1 Aug 2023 09:35:34 +0200 Subject: [PATCH 010/164] chore: Upgrade postgres and gitea --- releases.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index 5795255..723fbd8 100644 --- a/releases.yaml +++ b/releases.yaml @@ -243,7 +243,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.0.4 + version: 9.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -279,11 +279,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - iredmail: &iredmail - name: iredmail - chart: allanger-gitea/iredmail - version: 0.1.0 - redis: &redis name: redis chart: bitnami/redis @@ -295,7 +290,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.7.1 + version: 12.7.3 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 20496058d05c4eeb2a15b9752ff3fad7dae4bcf3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 2 Aug 2023 21:25:13 +0200 Subject: [PATCH 011/164] Remove the broken iredmail release --- badhouseplants/helmfile.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index d931a53..54887d1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -76,11 +76,6 @@ releases: installed: true namespace: database-service createNamespace: true - - - <<: *iredmail - installed: false - namespace: iredmail-service - createNamespace: true - <<: *mysql installed: true -- 2.49.0 From 1f9a6edd20a28ce979b9dab202c9621b3947f346 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 6 Aug 2023 20:26:42 +0200 Subject: [PATCH 012/164] chore: Upgrade ArgoCD to 5.42.2 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 723fbd8..d4902cf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.42.0 + version: 5.42.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 2de5a08408e2178cb412cfa3a8f9f627f2778d2f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 6 Aug 2023 20:27:19 +0200 Subject: [PATCH 013/164] chore: Upgrade Wordpress to 17.0.4 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index d4902cf..803cc1f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 16.1.34 + version: 17.0.4 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From f98f93ad63428bf7a3bbda544a0d31afaec82195 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 6 Aug 2023 20:29:24 +0200 Subject: [PATCH 014/164] chore: Upgrade outdated release --- releases.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index 803cc1f..2a0de5f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -87,7 +87,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.10.0 + version: 3.11.0 values: - common/values.{{ .Release.Name }}.yaml @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 48.2.2 + version: 48.3.1 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.9.2 + version: 5.10.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.11.9 + version: 6.14.1 inherit: - template: monitoring-common - template: default-env-values @@ -282,7 +282,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.14.3 + version: 17.14.5 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.7.3 + version: 12.8.0 inherit: - template: default-env-values - template: default-env-secrets @@ -311,7 +311,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.10.9 + version: 9.10.10 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From ba6f5cf1a4639501ae2a1f436dd26440fe3ffd48 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 8 Aug 2023 09:06:04 +0200 Subject: [PATCH 015/164] Update redis --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 2a0de5f..8ea1260 100644 --- a/releases.yaml +++ b/releases.yaml @@ -282,7 +282,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.14.5 + version: 17.14.6 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 77429c2c362eea130f174d0b58dbce7f0f63ab9d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 9 Aug 2023 19:22:12 +0200 Subject: [PATCH 016/164] Setup a new XOR patched VPN --- badhouseplants/values/values.openvpn.yaml | 9 ++++++++- etersoft/values/values.openvpn.yaml | 4 +++- releases.yaml | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index dda7857..67b743a 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -14,7 +14,14 @@ istio: service: openvpn port: 1194 -storageClassName: longhorn +storage: + class: longhorn + size: 512Mi + +image: + repository: lawtancool/docker-openvpn-xor + pullPolicy: IfNotPresent + tag: latest openvpn: server: "tcp://195.201.250.50:1194" service: diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 6b857f4..7f2d53d 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -14,7 +14,9 @@ istio: service: openvpn port: 1194 -storageClassName: microk8s-hostpath +storage: + class: microk8s-hostpath + size: 5Gi openvpn: server: "tcp://91.232.225.63:1194" service: diff --git a/releases.yaml b/releases.yaml index 8ea1260..0e8a237 100644 --- a/releases.yaml +++ b/releases.yaml @@ -184,7 +184,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-charts/openvpn - version: 1.0.3 + version: 1.0.6 inherit: - template: default-env-values - template: ext-istio-resource -- 2.49.0 From 3643ea788b8868424efa23126fa90fabbb872646 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 14 Aug 2023 11:31:49 +0200 Subject: [PATCH 017/164] chore: Upgrade outdated releases --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 0e8a237..1fc7b7b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.42.2 + version: 5.42.3 inherit: - template: default-env-values - template: default-env-secrets @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.0.4 + version: 17.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -282,7 +282,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.14.6 + version: 17.15.2 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.8.0 + version: 12.8.2 inherit: - template: default-env-values - template: default-env-secrets @@ -298,7 +298,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.9.1 + version: 1.9.2 db-instances: &db-instances name: db-instances -- 2.49.0 From e3848a49ccb561ca2e9e9244eddf5cbfdaeb262d Mon Sep 17 00:00:00 2001 From: RNRod Date: Mon, 14 Aug 2023 18:42:56 +0200 Subject: [PATCH 018/164] install gravity control plugin for minecraft server --- badhouseplants/values/values.minecraft.yaml | 12 ++++++++++++ badhouseplants/values/values.mysql.yaml | 1 - 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index d005fc1..f7d7105 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -104,6 +104,18 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false + - name: install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar + - -o + - /data/plugins/GravityControl-1.3.0.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false extraVolumes: - volumeMounts: - name: plugins diff --git a/badhouseplants/values/values.mysql.yaml b/badhouseplants/values/values.mysql.yaml index d8519fb..b2209a0 100644 --- a/badhouseplants/values/values.mysql.yaml +++ b/badhouseplants/values/values.mysql.yaml @@ -4,4 +4,3 @@ primary: auth: createDatabase: false - \ No newline at end of file -- 2.49.0 From ced4bcd4c5a27dc9a47143bed3ef8f327b0f9f2b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 14:53:20 +0200 Subject: [PATCH 019/164] Add new bucket to minio and setup rcon --- badhouseplants/values/secrets.minecraft.yaml | 23 ++++++++++++ badhouseplants/values/values.minecraft.yaml | 38 ++++++++++++++++++++ etersoft/helmfile.yaml | 5 +++ etersoft/values/values.minio.yaml | 6 ++++ 4 files changed, 72 insertions(+) create mode 100644 badhouseplants/values/secrets.minecraft.yaml diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml new file mode 100644 index 0000000..66cd5bd --- /dev/null +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -0,0 +1,23 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-08-15T12:48:04Z" + mac: ENC[AES256_GCM,data:aksZH0kHJASsk6ziynB/xJ+vAH7TSU6Wjx+ZcqY/MlfBrdgsWBruCrutTtZE3rvchAVH1lSVeJ5z0w2Ix1/iMHOfkzM5U4LfU49e4HH6FinaWpOZ2tdODdr3Za2jF93FD6TfJOExCOL9pD94LdjBH4XbxBmpdrCqRMkX1Piu0tw=,iv:kKHZFQKqETRe7DZZVpNU4PE4xaeboA4sUWaP2uV1Nwk=,tag:qqAPQTpVhEEWa9Bmw0cTng==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index f7d7105..f8ef327 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -62,6 +62,11 @@ minecraftServer: gameMode: survival pvp: true memory: 2512M + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP extraPorts: - name: metrics containerPort: 9225 @@ -79,6 +84,38 @@ persistence: dataDir: enabled: true Size: 15Gi +mcbackup: + enabled: false + image: + backupInterval: 2h + pauseIfNoPlayers: "false" + # is set to a positive number, it'll delete old .tgz backup files from DEST_DIR. By default deletes backups older than a week. + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 75" + resticEnvs: + [] + extraEnv: + {} + envFrom: [] + resources: + requests: + memory: 512Mi + cpu: 500m + + persistence: + annotations: {} + backupDir: + enabled: false + Size: 1Gi +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- initContainers: - name: install-prometheus-exporter image: alpine/curl @@ -116,6 +153,7 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false + extraVolumes: - volumeMounts: - name: plugins diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index e69de29..af38673 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -0,0 +1,5 @@ +--- + +bases: + - ../environments.yaml + - ../repositories.yaml diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index f090b2d..25c0888 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -71,6 +71,8 @@ policies: - resources: - 'arn:aws:s3:::longhorn/*' - 'arn:aws:s3:::longhorn' + - 'arn:aws:s3:::restic/*' + - 'arn:aws:s3:::restic' actions: - "s3:DeleteObject" - "s3:GetObject" @@ -81,6 +83,10 @@ buckets: policy: none purge: false versioning: false + - name: restic + policy: none + purge: false + versioning: false metrics: serviceMonitor: enabled: false -- 2.49.0 From b755239823b021d173029b53e70764ebbc59a0ec Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 15:40:59 +0200 Subject: [PATCH 020/164] Enable restic backups for minecraft --- badhouseplants/values/secrets.minecraft.yaml | 7 +++++-- badhouseplants/values/values.minecraft.yaml | 18 ++++-------------- docs/restic.md | 7 +++++++ 3 files changed, 16 insertions(+), 16 deletions(-) create mode 100644 docs/restic.md diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 66cd5bd..57b931c 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -1,6 +1,9 @@ minecraftServer: rcon: password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +19,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T12:48:04Z" - mac: ENC[AES256_GCM,data:aksZH0kHJASsk6ziynB/xJ+vAH7TSU6Wjx+ZcqY/MlfBrdgsWBruCrutTtZE3rvchAVH1lSVeJ5z0w2Ix1/iMHOfkzM5U4LfU49e4HH6FinaWpOZ2tdODdr3Za2jF93FD6TfJOExCOL9pD94LdjBH4XbxBmpdrCqRMkX1Piu0tw=,iv:kKHZFQKqETRe7DZZVpNU4PE4xaeboA4sUWaP2uV1Nwk=,tag:qqAPQTpVhEEWa9Bmw0cTng==,type:str] + lastmodified: "2023-08-15T13:37:56Z" + mac: ENC[AES256_GCM,data:bzLZpYzuD7H0Heo/BsCEcS2HX8PZ3XpT4B866lA9T9Imwe29Gfw8eKn2jgzlwjHhoWfBJPy5XGf7/K/uw6Ift1fwEgApHSWwhP7wvCtCAaMdricXkumbfHFlJAR+zwTx5TiC2GhWyhDMNQviEgRU8m/QLEfvP8uXJxvlp9ZtaL4=,iv:fxJ+XhnctFmQ9Nvgr+C2o2HS3P0vI7hB3ODYRN8LGow=,tag:UEjTt5bKBH+xUxlfzTaaJQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index f8ef327..2c5bdf3 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -85,34 +85,24 @@ persistence: enabled: true Size: 15Gi mcbackup: - enabled: false - image: + enabled: true backupInterval: 2h pauseIfNoPlayers: "false" - # is set to a positive number, it'll delete old .tgz backup files from DEST_DIR. By default deletes backups older than a week. pruneBackupsDays: 2 rconRetries: 5 rconRetryInterval: 10s excludes: "*.jar,cache,logs" backupMethod: restic - resticRepository: + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraf resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 75" - resticEnvs: - [] - extraEnv: - {} - envFrom: [] + pruneResticRetention: "--keep-last 12 --keep-daily 7 --keep-weekly 4 --keep-monthly 2 --keep-yearly 2" resources: requests: memory: 512Mi - cpu: 500m - + cpu: 100m persistence: - annotations: {} backupDir: enabled: false - Size: 1Gi # --------------------------------------------- # -- Install Plugins # --------------------------------------------- diff --git a/docs/restic.md b/docs/restic.md new file mode 100644 index 0000000..f740f43 --- /dev/null +++ b/docs/restic.md @@ -0,0 +1,7 @@ +# Restic + +We are using restic for backing up the Minecraft server + +## How to restore + +TODO: Describe the restoration process -- 2.49.0 From 12c1a0ca31ecb98168aba19c21b895b4f86a861a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 17:25:31 +0200 Subject: [PATCH 021/164] Enable default secrets for minecraft --- releases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/releases.yaml b/releases.yaml index 1fc7b7b..a3eb62e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -238,6 +238,7 @@ templates: version: 4.9.3 inherit: - template: default-env-values + - template: default-env-secrets - template: ext-istio-resource gitea: &gitea -- 2.49.0 From 5ac35a5a60762b2853b9990fbeadb7674cdca719 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 17:27:55 +0200 Subject: [PATCH 022/164] Fix the name of restic repo --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 2c5bdf3..99d387d 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -93,7 +93,7 @@ mcbackup: rconRetryInterval: 10s excludes: "*.jar,cache,logs" backupMethod: restic - resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraf + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft resticAdditionalTags: "mc_backups" pruneResticRetention: "--keep-last 12 --keep-daily 7 --keep-weekly 4 --keep-monthly 2 --keep-yearly 2" resources: -- 2.49.0 From 15bbc19939dfc2d45ee94ae41c6bf5d4e4db0beb Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 15 Aug 2023 17:41:10 +0200 Subject: [PATCH 023/164] minecraft: Override server properties --- badhouseplants/values/secrets.minecraft.yaml | 6 ++++-- badhouseplants/values/values.minecraft.yaml | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 57b931c..1639eb7 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -4,6 +4,8 @@ minecraftServer: mcbackup: resticEnvs: RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +21,8 @@ sops: MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T13:37:56Z" - mac: ENC[AES256_GCM,data:bzLZpYzuD7H0Heo/BsCEcS2HX8PZ3XpT4B866lA9T9Imwe29Gfw8eKn2jgzlwjHhoWfBJPy5XGf7/K/uw6Ift1fwEgApHSWwhP7wvCtCAaMdricXkumbfHFlJAR+zwTx5TiC2GhWyhDMNQviEgRU8m/QLEfvP8uXJxvlp9ZtaL4=,iv:fxJ+XhnctFmQ9Nvgr+C2o2HS3P0vI7hB3ODYRN8LGow=,tag:UEjTt5bKBH+xUxlfzTaaJQ==,type:str] + lastmodified: "2023-08-15T15:32:19Z" + mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 99d387d..9df8a41 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -51,6 +51,7 @@ readinessProbe: livenessProbe: timeoutSeconds: 10 minecraftServer: + overrideServerProperties: true eula: "TRUE" onlineMode: false difficulty: hard -- 2.49.0 From e3760ca4001d221d15e8c46c168f4a6b824b4fb9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 16 Aug 2023 20:55:56 +0200 Subject: [PATCH 024/164] Migrate to the new openvpn setup --- .../values/values.istio-ingressgateway.yaml | 4 ++++ badhouseplants/values/values.openvpn.yaml | 23 ++++++++++++++----- releases.yaml | 4 ++-- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index b20aa3d..60d5a2f 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -22,6 +22,10 @@ service: port: 1194 protocol: TCP targetPort: 1194 + - name: tcp + port: 25 + protocol: TCP + targetPort: 25 # ----------- # -- Email # ----------- diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 67b743a..aae765e 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -13,17 +13,28 @@ istio: hostname: "*" service: openvpn port: 1194 - + - name: openvpn-tcp-fake-port + gateway: badhouseplants-vpn + kind: tcp + port_match: 25 + hostname: "*" + service: openvpn + port: 1194 storage: class: longhorn size: 512Mi -image: - repository: lawtancool/docker-openvpn-xor - pullPolicy: IfNotPresent - tag: latest openvpn: - server: "tcp://195.201.250.50:1194" + proto: tcp + host: 195.201.250.50 +easyrsa: + cn: Bad Houseplants + country: Germany + province: NRW + city: Duesseldorf + org: Bad Houseplants + email: allanger@zohomail.com + service: type: ClusterIP port: 1194 diff --git a/releases.yaml b/releases.yaml index a3eb62e..602dc8f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -183,8 +183,8 @@ templates: # ---------------------------- openvpn: &openvpn name: openvpn - chart: allanger-charts/openvpn - version: 1.0.6 + chart: allanger-gitea/openvpn + version: 1.0.3 inherit: - template: default-env-values - template: ext-istio-resource -- 2.49.0 From 39160f7e66bb7624811b92d89a4b2a7b161f287b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 17 Aug 2023 11:10:47 +0200 Subject: [PATCH 025/164] Update db-operator chart to 1.10.0 --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 602dc8f..5b0ab8d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.9.2 + version: 1.10.0 db-instances: &db-instances name: db-instances -- 2.49.0 From bb6617b58ca5449d6de110572322bbe98bb99683 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 19 Aug 2023 09:14:35 +0200 Subject: [PATCH 026/164] Update OpenVPN --- badhouseplants/values/values.openvpn.yaml | 3 +++ releases.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index aae765e..01b544c 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -20,6 +20,9 @@ istio: hostname: "*" service: openvpn port: 1194 +# ------------------------------------------ +image: + tag: v2.6.6-xor-4.0.0beta08 storage: class: longhorn size: 512Mi diff --git a/releases.yaml b/releases.yaml index 5b0ab8d..f5e56c1 100644 --- a/releases.yaml +++ b/releases.yaml @@ -184,7 +184,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.3 + version: 1.0.5 inherit: - template: default-env-values - template: ext-istio-resource -- 2.49.0 From 8183029ebd25f7adbe2afb113676c60f0b135638 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 19 Aug 2023 09:15:58 +0200 Subject: [PATCH 027/164] Update outdated releases --- releases.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/releases.yaml b/releases.yaml index f5e56c1..59a64ed 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.42.3 + version: 5.43.4 inherit: - template: default-env-values - template: default-env-secrets @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.10.0 + version: 5.14.1 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.0.5 + version: 17.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.15.2 + version: 17.15.5 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.8.2 + version: 12.8.3 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.10.10 + version: 9.11.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 162b2dd60230165e6cc8172e826a96567752bb01 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 22 Aug 2023 23:46:39 +0200 Subject: [PATCH 028/164] Add 'faster minecarts' to Minecraft --- badhouseplants/values/values.minecraft.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 9df8a41..e530503 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -144,7 +144,18 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - + - name: install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FasrMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false extraVolumes: - volumeMounts: - name: plugins -- 2.49.0 From 6aaeb5db0d9bec51b2c97cddfe85df434a1284cb Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 22 Aug 2023 23:51:31 +0200 Subject: [PATCH 029/164] Add 'faster minecarts' to Minecraft again --- badhouseplants/values/values.minecraft.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e530503..6eff90b 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -144,14 +144,14 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-gravity-control-plugin + - name: install-fast-minecart-plugin image: alpine/curl command: - curl - -L - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - -o - - /data/plugins/FasrMinecarts.jar + - /data/plugins/FastMinecarts.jar volumeMounts: - name: plugins mountPath: /data/plugins -- 2.49.0 From 2d8bb5ff3959f12eda3f31e271526dd2871ac706 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 21:34:15 +0200 Subject: [PATCH 030/164] Downgrade openvpn --- badhouseplants/values/values.openvpn.yaml | 2 +- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 01b544c..8d3c9f3 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -22,7 +22,7 @@ istio: port: 1194 # ------------------------------------------ image: - tag: v2.6.6-xor-4.0.0beta08 + tag: v2.6.5-xor-4.0.0beta08 storage: class: longhorn size: 512Mi diff --git a/releases.yaml b/releases.yaml index 59a64ed..a804250 100644 --- a/releases.yaml +++ b/releases.yaml @@ -184,7 +184,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.5 + version: 1.0.6 inherit: - template: default-env-values - template: ext-istio-resource -- 2.49.0 From 0d4f0c105320bc51895541728226ece7847c78de Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 24 Aug 2023 21:35:08 +0200 Subject: [PATCH 031/164] Update backup setup --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 6eff90b..e8fce64 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -96,7 +96,7 @@ mcbackup: backupMethod: restic resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-last 12 --keep-daily 7 --keep-weekly 4 --keep-monthly 2 --keep-yearly 2" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" resources: requests: memory: 512Mi -- 2.49.0 From 1c50200fa20a074d04bae3c45f7344f9faf39661 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 3 Sep 2023 11:13:25 +0200 Subject: [PATCH 032/164] chore: Upgrade releases --- releases.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/releases.yaml b/releases.yaml index a804250..1890d6c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.3 + version: 1.12.4 set: - name: installCRDs value: true @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.43.4 + version: 5.45.0 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 48.3.1 + version: 50.0.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.14.1 + version: 5.15.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.14.1 + version: 6.15.0 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.0.7 + version: 17.1.6 inherit: - template: default-env-values - template: default-env-secrets @@ -235,7 +235,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.3 + version: 4.9.6 inherit: - template: default-env-values - template: default-env-secrets @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.1.0 + version: 9.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -254,7 +254,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.1 + version: 2.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 17.15.5 + version: 18.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.8.3 + version: 12.10.0 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.11.1 + version: 9.12.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 39893c3390e2876b90b6dd806d50459b16e02ff6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 3 Sep 2023 11:15:21 +0200 Subject: [PATCH 033/164] chore: Fix gitea version --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 1890d6c..7f5b405 100644 --- a/releases.yaml +++ b/releases.yaml @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.1.3 + version: 9.3.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From a68bf4502a438c879806e1488c4a5c63581ce5c2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 7 Sep 2023 00:31:47 +0200 Subject: [PATCH 034/164] Update minecraft config and Paper --- badhouseplants/values/values.minecraft.yaml | 22 ++++++--------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e8fce64..652cf6c 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -30,10 +30,11 @@ istio: image: tag: java17-graalvm-ce pullPolicy: Always + resources: requests: - memory: 512Mi - cpu: 50m + memory: 3Gi + cpu: 256m limits: memory: 3Gi @@ -42,6 +43,7 @@ lifecycle: - bash - -c - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 + readinessProbe: command: - mc-health @@ -50,6 +52,7 @@ readinessProbe: timeoutSeconds: 10 livenessProbe: timeoutSeconds: 10 + minecraftServer: overrideServerProperties: true eula: "TRUE" @@ -59,10 +62,9 @@ minecraftServer: version: 1.20.1 maxWorldSize: 90000 type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar gameMode: survival pvp: true - memory: 2512M rcon: enabled: true withGeneratedPassword: false @@ -144,18 +146,6 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-fast-minecart-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - - -o - - /data/plugins/FastMinecarts.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false extraVolumes: - volumeMounts: - name: plugins -- 2.49.0 From 2cae97fccbf3cee804256d5a242556f512d3f8b2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Sep 2023 00:08:38 +0200 Subject: [PATCH 035/164] chore: Update drone --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 7f5b405..af0fe35 100644 --- a/releases.yaml +++ b/releases.yaml @@ -197,7 +197,7 @@ templates: drone: &drone name: drone chart: drone/drone - version: 0.6.4 + version: 0.6.5 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From b149d953f33c14725f2ab840b1ecea393f416e9e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Sep 2023 00:39:02 +0200 Subject: [PATCH 036/164] chore: Some updates that are not critical --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index af0fe35..31bc784 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.45.0 + version: 5.45.3 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 50.0.0 + version: 50.3.1 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.15.0 + version: 5.19.0 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.6 + version: 17.1.7 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.10.0 + version: 1.10.1 db-instances: &db-instances name: db-instances -- 2.49.0 From af236d75a11f67c0e7bd0f561bfdcc1b21f716e4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Sep 2023 05:06:14 +0200 Subject: [PATCH 037/164] chore: Update MetalLB --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 31bc784..c4ab92b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -94,7 +94,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.10 + version: 0.13.11 cert-manager: &cert-manager name: cert-manager -- 2.49.0 From 1d5e6f6d93ad5d0e9f1adcd34db1f3839cb0292d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 12 Sep 2023 10:39:42 +0200 Subject: [PATCH 038/164] chore: Upgrade releases --- releases.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/releases.yaml b/releases.yaml index c4ab92b..95eae33 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.45.3 + version: 5.46.2 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 50.3.1 + version: 51.0.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.19.0 + version: 5.20.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.0 + version: 6.15.1 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.18.2 + version: 1.19.0 istio-base: &istio-base name: istio-base @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.3.0 + version: 9.4.0 inherit: - template: default-env-values - template: default-env-secrets @@ -254,7 +254,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.2 + version: 2.0.3 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.0.1 + version: 18.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.10.0 + version: 12.11.1 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.1 + version: 9.12.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 8cfd4bf88dd5e29f8d8982d3c978b24a333cff2c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 14 Sep 2023 10:28:12 +0200 Subject: [PATCH 039/164] Use another redis db for funkwhale --- badhouseplants/values/values.funkwhale.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 732adee..3c1d129 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -53,3 +53,4 @@ redis: host: redis-master.database-service.svc.cluster.local auth: enabled: true + database: 3 -- 2.49.0 From 63968337e245a89a87c2643557598b0a1e4801e9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 14 Sep 2023 07:03:41 +0200 Subject: [PATCH 040/164] add telegram notifications for outdated charts --- .drone.yml | 14 +++++++++++++- badhouseplants/helmfile.yaml | 2 -- message_file.tpl | 0 repositories.yaml | 2 -- 4 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 message_file.tpl diff --git a/.drone.yml b/.drone.yml index 2ae9841..b594fd0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -105,4 +105,16 @@ steps: SOPS_AGE_KEY: from_secret: SOPS_AGE_KEY commands: - - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o + - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl + - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl + + - name: Send telegram notification + when: + status: + - failure + image: appleboy/drone-telegram + settings: + token: + from_secret: TELEGRAM_TOKEN + to: 131601077 + message_file: message_file.tpl diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 54887d1..79434f9 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -87,5 +87,3 @@ bases: - ../environments.yaml - ../repositories.yaml - #helmfiles: - # - namespaces.yaml diff --git a/message_file.tpl b/message_file.tpl new file mode 100644 index 0000000..e69de29 diff --git a/repositories.yaml b/repositories.yaml index 347833f..64e3842 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -2,8 +2,6 @@ repositories: - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ - - name: allanger-charts - url: https://allanger.github.io/allanger-charts - name: jetstack url: https://charts.jetstack.io - name: istio -- 2.49.0 From a941f7df16e8997a420a6a2a9856aead3e788033 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Sep 2023 10:29:40 +0200 Subject: [PATCH 041/164] Remove drone runner from the etersoft cluster --- badhouseplants/helmfile.yaml | 7 +++++- .../values/secrets.drone-runner-docker.yaml | 22 ------------------- .../values/values.drone-runner-docker.yaml | 16 -------------- helmfile.yaml | 6 ----- 4 files changed, 6 insertions(+), 45 deletions(-) delete mode 100644 etersoft/values/secrets.drone-runner-docker.yaml delete mode 100644 etersoft/values/values.drone-runner-docker.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 79434f9..8572e51 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -6,7 +6,12 @@ releases: installed: true namespace: drone-service createNamespace: false - + + - <<: *drone-runner-docker + installed: true + namespace: drone-service + createNamespace: false + - <<: *longhorn installed: true namespace: longhorn-system diff --git a/etersoft/values/secrets.drone-runner-docker.yaml b/etersoft/values/secrets.drone-runner-docker.yaml deleted file mode 100644 index eb18677..0000000 --- a/etersoft/values/secrets.drone-runner-docker.yaml +++ /dev/null @@ -1,22 +0,0 @@ -env: - DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5 - Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi - aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ - em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh - DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-21T09:27:21Z" - mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/etersoft/values/values.drone-runner-docker.yaml b/etersoft/values/values.drone-runner-docker.yaml deleted file mode 100644 index 923e72d..0000000 --- a/etersoft/values/values.drone-runner-docker.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -env: - DRONE_RPC_HOST: drone.badhouseplants.net - DRONE_RPC_PROTO: https - DRONE_NAMESPACE_DEFAULT: drone-service -rbac: - buildNamespaces: - - drone-service -dind: - resources: - limits: - cpu: 2000m - memory: 2024Mi - requests: - cpu: 100m - memory: 512Mi \ No newline at end of file diff --git a/helmfile.yaml b/helmfile.yaml index 8a8ccd9..738d891 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,11 +46,5 @@ releases: namespace: metallb-system createNamespace: true - - <<: *drone-runner-docker - installed: true - namespace: drone-service - createNamespace: false - - helmfiles: - path: {{.Environment.Name }}/helmfile.yaml -- 2.49.0 From 4739b983bc312f1625c4d5898d2e59ba269ce9ed Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 23 Sep 2023 15:30:12 +0200 Subject: [PATCH 042/164] Upgrade db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 95eae33..b025f07 100644 --- a/releases.yaml +++ b/releases.yaml @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.10.1 + version: 1.11.0 db-instances: &db-instances name: db-instances -- 2.49.0 From 357dba4476eca2c3130c4de00468b58d24dd8e7b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 23 Sep 2023 16:51:07 +0200 Subject: [PATCH 043/164] Disable backups for minecraft --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 652cf6c..499e54d 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -88,7 +88,7 @@ persistence: enabled: true Size: 15Gi mcbackup: - enabled: true + enabled: false backupInterval: 2h pauseIfNoPlayers: "false" pruneBackupsDays: 2 -- 2.49.0 From 4843cdbedb3d24aeed8ac41bccdf46860b874029 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Sep 2023 06:48:37 +0200 Subject: [PATCH 044/164] chore: Upgrade releases --- releases.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/releases.yaml b/releases.yaml index b025f07..91d8dd0 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.12.4 + version: 1.13.0 set: - name: installCRDs value: true @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.46.2 + version: 5.46.7 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.0.0 + version: 51.2.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.20.0 + version: 5.23.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.1 + version: 6.15.2 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.7 + version: 17.1.11 inherit: - template: default-env-values - template: default-env-secrets @@ -235,7 +235,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.9.6 + version: 4.10.0 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.0.4 + version: 18.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.11.1 + version: 12.12.7 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.2 + version: 9.12.3 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From b2e58102ce8d7e7c2dea09911602b175bd1bf184 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 3 Oct 2023 10:53:34 +0200 Subject: [PATCH 045/164] upgrade some releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 91d8dd0..8256977 100644 --- a/releases.yaml +++ b/releases.yaml @@ -99,7 +99,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.0 + version: 1.13.1 set: - name: installCRDs value: true @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.23.0 + version: 5.23.1 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.0 + version: 1.19.1 istio-base: &istio-base name: istio-base @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.11 + version: 17.1.15 inherit: - template: default-env-values - template: default-env-secrets @@ -226,7 +226,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.13 + version: 5.0.14 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.0 + version: 18.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres: &postgres name: postgres chart: bitnami/postgresql - version: 12.12.7 + version: 12.7.3 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.11.0 + version: 1.11.1 db-instances: &db-instances name: db-instances -- 2.49.0 From b495f0926110ed059b8a4f215fac5126589bd902 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 4 Oct 2023 04:34:39 +0200 Subject: [PATCH 046/164] chore: Install postgres 16 --- badhouseplants/helmfile.yaml | 5 ++++ .../values/secrets.db-instances.yaml | 10 +++++--- badhouseplants/values/secrets.postgres16.yaml | 24 +++++++++++++++++++ .../values/values.db-instances.yaml | 10 ++++++++ badhouseplants/values/values.postgres16.yaml | 10 ++++++++ releases.yaml | 8 +++++++ 6 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/secrets.postgres16.yaml create mode 100644 badhouseplants/values/values.postgres16.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8572e51..1d25b5f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -72,6 +72,11 @@ releases: namespace: database-service createNamespace: true + - <<: *postgres16 + installed: true + namespace: database-service + createNamespace: true + - <<: *db-operator installed: true namespace: database-service diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index 0bbdbe7..f8caa3a 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -3,6 +3,10 @@ dbinstances: secrets: adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] + postgres16: + secrets: + adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] + adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] mysql: secrets: adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] @@ -22,8 +26,8 @@ sops: Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-30T15:07:28Z" - mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str] + lastmodified: "2023-10-04T02:28:20Z" + mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.0 diff --git a/badhouseplants/values/secrets.postgres16.yaml b/badhouseplants/values/secrets.postgres16.yaml new file mode 100644 index 0000000..e466bb1 --- /dev/null +++ b/badhouseplants/values/secrets.postgres16.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T02:27:48Z" + mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index fbf15f5..6c8999b 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -10,6 +10,16 @@ dbinstances: generic: host: postgres-postgresql port: 5432 + postgres16: + monitoring: + enabled: false + adminSecretRef: + Name: postgres16-secret + Namespace: database-service + engine: postgres + generic: + host: postgres16-postgresql + port: 5432 mysql: monitoring: enabled: false diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml new file mode 100644 index 0000000..cbcb751 --- /dev/null +++ b/badhouseplants/values/values.postgres16.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false diff --git a/releases.yaml b/releases.yaml index 8256977..5e1d6e3 100644 --- a/releases.yaml +++ b/releases.yaml @@ -296,6 +296,14 @@ templates: - template: default-env-values - template: default-env-secrets + postgres16: &postgres16 + name: postgres16 + chart: bitnami/postgresql + version: 13.0.0 + inherit: + - template: default-env-values + - template: default-env-secrets + db-operator: &db-operator name: db-operator chart: db-operator/db-operator -- 2.49.0 From 548700c1dd592da5309640522bec39af2c4d251f Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:28:48 +0200 Subject: [PATCH 047/164] Add a script for postgres migration Issue: #116 --- scripts/migrate_postgres.sh | 39 +++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 scripts/migrate_postgres.sh diff --git a/scripts/migrate_postgres.sh b/scripts/migrate_postgres.sh new file mode 100644 index 0000000..33fa417 --- /dev/null +++ b/scripts/migrate_postgres.sh @@ -0,0 +1,39 @@ +#!/bin/bash +export PGHOST=$OLD_PGHOST +export PGPASSWORD=$OLD_PGPASSWORD +export PGDATABASE=$OLD_PGDATABASE +DUMP_FILE=/tmp/$PGDATABASE.dump +pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv + +export PGHOST=$NEW_PGHOST +export PGPASSWORD=$NEW_PGPASSWORD +export PGDATABASE=$NEW_PGDATABASE +pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv + +psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\"" +psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\"" +psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\"" + +rm -f /tmp/output + +psql -c "\ +SELECT format(\ + 'ALTER TABLE %I.%I.%I OWNER TO %I;',\ + table_catalog,\ + table_schema,\ + table_name,\ + '${PGDATABASE}')\ +FROM information_schema.tables \ +WHERE table_schema='public'" | grep ALTER > /tmp/output + +psql -c "\ +SELECT format(\ + 'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\ + sequence_catalog,\ + sequence_schema,\ + sequence_name,\ + '${PGDATABASE}')\ +FROM information_schema.sequences \ +WHERE sequence_schema='public'" | grep ALTER >> /tmp/output + +psql -c "$(cat /tmp/output)" -- 2.49.0 From 0c7fbbd0793d83b91e78421ff62d47de97e13ac8 Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:30:41 +0200 Subject: [PATCH 048/164] Migrate gitea to postgres 16 Issue: #116 --- badhouseplants/values/secrets.gitea.yaml | 8 ++++---- badhouseplants/values/values.gitea.yaml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 24357eb..4dec029 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -6,7 +6,7 @@ gitea: mailer: ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] database: - PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str] + PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] session: PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] cache: @@ -33,8 +33,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T20:30:31Z" - mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str] + lastmodified: "2023-10-04T19:15:11Z" + mac: ENC[AES256_GCM,data:1i8EysfGANbgwIPGqQ1+SxKRjpvWP50gheisTs9kRUop/kH4WF+WM+cKyAIB1i5JCF1ICOas0KDcTkSiO4kEV0tFS8efBCkWNopZOmGSET5uUjeekj/nshtp1OCloQyWV2x6Ata4v8p1Y2gZ2FcfocslXRLtMBvwxvzxabW4Ui8=,iv:09qo93S1WxX/9ryvaXMLQRynCdee8sorBFPCNM0ilS4=,tag:St7XKo6Ycz/g3lje199cSg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.0 diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index b2e5639..0b20f9c 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -25,8 +25,8 @@ istio: # ------------------------------------------ ext-database: enabled: true - name: gitea-postgres - instance: postgres + name: gitea-postgres16 + instance: postgres16 # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ @@ -61,9 +61,9 @@ gitea: config: database: DB_TYPE: postgres - HOST: postgres-postgresql.database-service.svc.cluster.local - NAME: gitea-service-gitea-postgres - USER: gitea-service-gitea-postgres + HOST: postgres16-postgresql.database-service.svc.cluster.local + NAME: gitea-service-gitea-postgres16 + USER: gitea-service-gitea-postgres16 APP_NAME: Bad Houseplants Gitea ui: meta: -- 2.49.0 From bf6685ce6d7644ba6d7b48f4cba81c7b14268d98 Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:31:06 +0200 Subject: [PATCH 049/164] Migrate funkwhale to postgres 16 Issue: #116 --- badhouseplants/values/secrets.funkwhale.yaml | 8 ++++---- badhouseplants/values/values.funkwhale.yaml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index bc30824..1730f80 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,7 +1,7 @@ djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str] + password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] redis: auth: password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] @@ -20,8 +20,8 @@ sops: dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T20:22:20Z" - mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str] + lastmodified: "2023-10-04T18:47:37Z" + mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.0 diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 3c1d129..79db09a 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -15,8 +15,8 @@ istio: ext-database: enabled: true - name: funkwhale-postgres - instance: postgres + name: funkwhale-postgres16 + instance: postgres16 replicaCount: 1 celery: @@ -43,10 +43,10 @@ ingress: enabled: false postgresql: enabled: false - host: postgres-postgresql.database-service.svc.cluster.local + host: postgres16-postgresql.database-service.svc.cluster.local auth: - username: funkwhale-application-funkwhale-postgres - database: funkwhale-application-funkwhale-postgres + username: funkwhale-application-funkwhale-postgres16 + database: funkwhale-application-funkwhale-postgres16 redis: enabled: false -- 2.49.0 From 35eae889b2eff2b70a9fbacddb7c88164966bb3b Mon Sep 17 00:00:00 2001 From: RNRod Date: Wed, 4 Oct 2023 21:35:19 +0200 Subject: [PATCH 050/164] Delete old postgres Issue: #116 --- badhouseplants/helmfile.yaml | 5 ----- releases.yaml | 8 -------- 2 files changed, 13 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 1d25b5f..66c3c77 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -67,11 +67,6 @@ releases: namespace: database-service createNamespace: true - - <<: *postgres - installed: true - namespace: database-service - createNamespace: true - - <<: *postgres16 installed: true namespace: database-service diff --git a/releases.yaml b/releases.yaml index 5e1d6e3..afcefef 100644 --- a/releases.yaml +++ b/releases.yaml @@ -288,14 +288,6 @@ templates: - template: default-env-values - template: default-env-secrets - postgres: &postgres - name: postgres - chart: bitnami/postgresql - version: 12.7.3 - inherit: - - template: default-env-values - - template: default-env-secrets - postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql -- 2.49.0 From 546d887d9897e007d08ae4103241df60b7eb1cc7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 10 Oct 2023 15:14:28 +0200 Subject: [PATCH 051/164] chore: Update outdated charts --- releases.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/releases.yaml b/releases.yaml index afcefef..52cdd0b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.2.0 + version: 51.4.0 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.23.1 + version: 5.27.0 inherit: - template: monitoring-common - template: default-env-values @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.15 + version: 17.1.17 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.1 + version: 18.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.0.0 + version: 13.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.3 + version: 9.12.4 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From eaf3f3988d26d21aa815b3f07618e01e90ab4c2f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 10 Oct 2023 18:23:26 +0200 Subject: [PATCH 052/164] Update Prometheus --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index 52cdd0b..b0ed075 100644 --- a/releases.yaml +++ b/releases.yaml @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.4.0 + version: 51.5.1 inherit: - template: monitoring-common - template: default-env-values @@ -244,7 +244,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.4.0 + version: 9.5.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 89df5ff10c72b4a258cd01ce8c32d813386a98d4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 11 Oct 2023 07:58:37 +0200 Subject: [PATCH 053/164] chore: Update Istio --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index b0ed075..9afd19c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.1 + version: 1.19.2 istio-base: &istio-base name: istio-base -- 2.49.0 From ccaba4e70d85f0649c9c1f89163f3fd2e4bf72ea Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 11 Oct 2023 19:22:39 +0200 Subject: [PATCH 054/164] Some updated to minecraft --- badhouseplants/values/values.minecraft.yaml | 29 ++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 499e54d..de6218a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -110,7 +110,7 @@ mcbackup: # -- Install Plugins # --------------------------------------------- initContainers: - - name: install-prometheus-exporter + - name: 0-install-prometheus-exporter image: alpine/curl command: - curl @@ -122,7 +122,7 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-password-plugin + - name: 0-install-password-plugin image: alpine/curl command: - curl @@ -134,7 +134,7 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false - - name: install-gravity-control-plugin + - name: 0-install-gravity-control-plugin image: alpine/curl command: - curl @@ -146,6 +146,29 @@ initContainers: - name: plugins mountPath: /data/plugins readOnly: false + - name: 0-install-fast-minecart-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FastMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + - name: 1-add-plugins-to-minecraft + image: alpine/curl + command: + - sh + - -c + - cp -r /in /out/plugins + volumeMounts: + - name: plugins + mountPath: /in + readOnly: false + - name: datadir + mountPath: /out extraVolumes: - volumeMounts: - name: plugins -- 2.49.0 From 54a7dad780cfc064744ee8a537f94ce9318de267 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 14 Oct 2023 07:41:40 +0200 Subject: [PATCH 055/164] Update releases and increase Gitea storage --- badhouseplants/values/values.gitea.yaml | 4 ++-- releases.yaml | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 0b20f9c..c9ee912 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 6Gi + size: 8Gi accessModes: - ReadWriteOnce @@ -112,4 +112,4 @@ service: postgresql-ha: enabled: false redis-cluster: - enabled: false \ No newline at end of file + enabled: false diff --git a/releases.yaml b/releases.yaml index 9afd19c..ffad5cf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -113,7 +113,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.46.7 + version: 5.46.8 inherit: - template: default-env-values - template: default-env-secrets @@ -126,7 +126,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.5.1 + version: 51.6.1 inherit: - template: monitoring-common - template: default-env-values @@ -137,7 +137,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.27.0 + version: 5.29.0 inherit: - template: monitoring-common - template: default-env-values @@ -155,7 +155,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.2 + version: 1.19.3 istio-base: &istio-base name: istio-base @@ -216,7 +216,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 17.1.17 + version: 18.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -235,7 +235,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.10.0 + version: 4.11.0 inherit: - template: default-env-values - template: default-env-secrets @@ -283,7 +283,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.3 + version: 18.1.5 inherit: - template: default-env-values - template: default-env-secrets @@ -291,7 +291,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.1.2 + version: 13.1.4 inherit: - template: default-env-values - template: default-env-secrets @@ -312,7 +312,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.4 + version: 9.12.5 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 212930ec1ae8d992666856e30a33371bfd8cda59 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 14 Oct 2023 16:24:13 +0200 Subject: [PATCH 056/164] Install email server --- badhouseplants/helmfile.yaml | 4 + badhouseplants/values/values.argocd.yaml | 2 +- badhouseplants/values/values.bitwarden.yaml | 2 +- .../values/values.docker-mailserver.yaml | 119 ++++++++++++++++++ badhouseplants/values/values.drone.yaml | 2 +- badhouseplants/values/values.funkwhale.yaml | 2 +- badhouseplants/values/values.gitea.yaml | 4 +- badhouseplants/values/values.minecraft.yaml | 2 +- badhouseplants/values/values.minio.yaml | 4 +- badhouseplants/values/values.nrodionov.yaml | 2 +- badhouseplants/values/values.openvpn.yaml | 9 +- badhouseplants/values/values.prometheus.yaml | 2 +- common/values.istio-gateway.yaml | 16 +++ common/values.istio.yaml | 2 +- releases.yaml | 18 +++ 15 files changed, 170 insertions(+), 20 deletions(-) create mode 100644 badhouseplants/values/values.docker-mailserver.yaml create mode 100644 common/values.istio-gateway.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 66c3c77..8037a71 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -87,6 +87,10 @@ releases: namespace: database-service createNamespace: true + - <<: *docker-mailserver + installed: true + namespace: mail-service + createNamespace: true bases: - ../environments.yaml diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 5afd729..7d01d6c 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: argocd-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: argo.badhouseplants.net service: argocd-server diff --git a/badhouseplants/values/values.bitwarden.yaml b/badhouseplants/values/values.bitwarden.yaml index b959319..16d3cb9 100644 --- a/badhouseplants/values/values.bitwarden.yaml +++ b/badhouseplants/values/values.bitwarden.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: bitwarden-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: bitwarden.badhouseplants.net service: bitwarden-vaultwarden diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml new file mode 100644 index 0000000..11efe55 --- /dev/null +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -0,0 +1,119 @@ +istio_gateway: + enabled: true + gateways: + - name: badhouseplants-email + servers: + - hosts: + - "*" + port: + name: smtp + number: 25 + protocol: TCP + - hosts: + - "*" + port: + name: pop3 + number: 110 + protocol: TCP + - hosts: + - "*" + port: + name: imap + number: 143 + protocol: TCP + - hosts: + - "*" + port: + name: smtps + number: 465 + protocol: TCP + - hosts: + - "*" + port: + name: submission + number: 587 + protocol: TCP + - hosts: + - "*" + port: + name: imaps + number: 993 + protocol: TCP + - hosts: + - "*" + port: + name: pop3s + number: 995 + protocol: TCP +istio: + enabled: true + istio: + - name: docker-mailserver-smpt + kind: tcp + gateway: badhouseplants-email + service: docker-mailserver + hostname: badhousplants.net + port_match: 25 + port: 25 + - name: docker-mailserver-smpts + kind: tcp + gateway: badhouseplants-email + port_match: 465 + hostname: badhousplants.net + service: docker-mailserver + port: 465 + - name: docker-mailserver-smpt-startls + kind: tcp + gateway: badhouseplants-email + hostname: badhousplants.net + port_match: 587 + service: docker-mailserver + port: 587 + - name: docker-mailserver-imap + kind: tcp + hostname: badhousplants.net + gateway: badhouseplants-email + port_match: 143 + service: docker-mailserver + port: 143 + - name: docker-mailserver-imaps + kind: tcp + gateway: badhouseplants-email + hostname: badhousplants.net + port_match: 993 + service: docker-mailserver + port: 993 + - name: docker-mailserver-pop3 + kind: tcp + gateway: badhouseplants-email + port_match: 110 + hostname: badhousplants.net + service: docker-mailserver + port: 110 + - name: docker-mailserver-pop3s + kind: tcp + gateway: badhouseplants-email + port_match: 993 + hostname: badhousplants.net + service: docker-mailserver + port: 993 + +demoMode: + enabled: false +domains: + - badhouseplants.net + - "*.badhouseplants.net" +ssl: + issuer: + name: badhouseplants-issuer + kind: ClusterIssuer + dnsname: badhouseplants.net + dns01provider: cloudflare + useExisting: false +pod: + dockermailserver: + enable_fail2ban: "0" + ssl_type: manual +service: + type: ClusterIP +spfTestsDisabled: true diff --git a/badhouseplants/values/values.drone.yaml b/badhouseplants/values/values.drone.yaml index 6324ef8..8a1eb82 100644 --- a/badhouseplants/values/values.drone.yaml +++ b/badhouseplants/values/values.drone.yaml @@ -6,7 +6,7 @@ istio: enabled: true istio: - name: drone-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: drone.badhouseplants.net service: drone diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index 79db09a..e5aeb81 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: funkwhale-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: funkwhale.badhouseplants.net service: funkwhale diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index c9ee912..88ef536 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -8,13 +8,13 @@ istio: istio: - name: gitea-http kind: http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net hostname: git.badhouseplants.net service: gitea-http port: 3000 - name: gitea-ssh kind: tcp - gateway: badhouseplants-ssh + gateway: istio-system/badhouseplants-ssh hostname: "*" port_match: 22 service: gitea-ssh diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index de6218a..e5df96a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -18,7 +18,7 @@ istio: enabled: true istio: - name: minecraft-tcp - gateway: badhouseplants-minecraft + gateway: istio-system/badhouseplants-minecraft kind: tcp port_match: 25565 hostname: "*" diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index cccfe32..2ae9119 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -7,13 +7,13 @@ istio: enabled: true istio: - name: minio-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: minio.badhouseplants.net service: minio-console port: 9001 - name: s3-http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: s3.badhouseplants.net service: minio diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 7798c6b..14d1b8c 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: nrodionov-http - gateway: nrodionov-info + gateway: istio-system/nrodionov-info kind: http hostname: dev.nrodionov.info service: nrodionov-wordpress diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn.yaml index 8d3c9f3..073bdfa 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn.yaml @@ -7,19 +7,12 @@ istio: enabled: true istio: - name: openvpn-tcp - gateway: badhouseplants-vpn + gateway: istio-system/badhouseplants-vpn kind: tcp port_match: 1194 hostname: "*" service: openvpn port: 1194 - - name: openvpn-tcp-fake-port - gateway: badhouseplants-vpn - kind: tcp - port_match: 25 - hostname: "*" - service: openvpn - port: 1194 # ------------------------------------------ image: tag: v2.6.5-xor-4.0.0beta08 diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 11f1a0b..712e0d7 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -7,7 +7,7 @@ istio: enabled: true istio: - name: grafana-https - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net kind: http hostname: "grafana.badhouseplants.net" service: prometheus-grafana diff --git a/common/values.istio-gateway.yaml b/common/values.istio-gateway.yaml new file mode 100644 index 0000000..deb3696 --- /dev/null +++ b/common/values.istio-gateway.yaml @@ -0,0 +1,16 @@ +--- +istio_gateway: + templates: + - | + {{ range .Values.gateways }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: Gateway + metadata: + name: {{ .name }} + spec: + selector: + istio: ingressgateway + servers: + {{ toYaml .servers | indent 4 }} + {{ end }} diff --git a/common/values.istio.yaml b/common/values.istio.yaml index 0b353c0..1c834bc 100644 --- a/common/values.istio.yaml +++ b/common/values.istio.yaml @@ -10,7 +10,7 @@ istio: name: {{ .name }} spec: gateways: - - "istio-system/{{ .gateway }}" + - "{{ .gateway }}" hosts: - {{ .hostname | quote }} {{- if eq .kind "http" }} diff --git a/releases.yaml b/releases.yaml index ffad5cf..f6bd399 100644 --- a/releases.yaml +++ b/releases.yaml @@ -41,6 +41,14 @@ templates: # ---------------------------- # -- Extensions # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio_gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + ext-istio-resource: dependencies: - chart: bedag/raw @@ -316,3 +324,13 @@ templates: inherit: - template: default-env-values - template: default-env-secrets + + docker-mailserver: &docker-mailserver + name: docker-mailserver + chart: allanger-gitea/docker-mailserver + version: 2.1.3 + inherit: + - template: default-env-values + - template: ext-istio-gateway + - template: ext-istio-resource + -- 2.49.0 From 250ee3ef2622f5f30e5a452a5ca3e7261dc2d0ad Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 15 Oct 2023 17:21:49 +0200 Subject: [PATCH 057/164] Add some smtp settings --- badhouseplants/values/secrets.bitwarden.yaml | 8 ++++--- badhouseplants/values/secrets.gitea.yaml | 8 +++---- badhouseplants/values/values.bitwarden.yaml | 23 +++++++++++--------- badhouseplants/values/values.gitea.yaml | 7 ++++++ badhouseplants/values/values.mailu.yaml | 2 +- 5 files changed, 30 insertions(+), 18 deletions(-) diff --git a/badhouseplants/values/secrets.bitwarden.yaml b/badhouseplants/values/secrets.bitwarden.yaml index 2a865a3..4407926 100644 --- a/badhouseplants/values/secrets.bitwarden.yaml +++ b/badhouseplants/values/secrets.bitwarden.yaml @@ -1,5 +1,7 @@ env: ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str] +smtp: + password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +17,8 @@ sops: dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1 amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-16T18:40:43Z" - mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str] + lastmodified: "2023-10-15T12:20:48Z" + mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 \ No newline at end of file + version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 4dec029..6d28634 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -4,7 +4,7 @@ gitea: password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] config: mailer: - ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool] + PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] database: PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] session: @@ -33,8 +33,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T19:15:11Z" - mac: ENC[AES256_GCM,data:1i8EysfGANbgwIPGqQ1+SxKRjpvWP50gheisTs9kRUop/kH4WF+WM+cKyAIB1i5JCF1ICOas0KDcTkSiO4kEV0tFS8efBCkWNopZOmGSET5uUjeekj/nshtp1OCloQyWV2x6Ata4v8p1Y2gZ2FcfocslXRLtMBvwxvzxabW4Ui8=,iv:09qo93S1WxX/9ryvaXMLQRynCdee8sorBFPCNM0ilS4=,tag:St7XKo6Ycz/g3lje199cSg==,type:str] + lastmodified: "2023-10-15T09:58:05Z" + mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/values.bitwarden.yaml b/badhouseplants/values/values.bitwarden.yaml index 16d3cb9..00e0898 100644 --- a/badhouseplants/values/values.bitwarden.yaml +++ b/badhouseplants/values/values.bitwarden.yaml @@ -17,21 +17,24 @@ istio: pathType: Prefix env: - SIGNUPS_ALLOWED: false DOMAIN: "https://bitwarden.badhouseplants.net" - # YUBICO_CLIENT_ID - # YUBICO_SECRET_KEY - # DATA_FOLDER - # DATABASE_URL - # ATTACHMENTS_FOLDER - # ICON_CACHE_FOLDER - # ROCKET_LIMITS - # ROCKET_WORKERS WEB_VAULT_ENABLED: true persistence: enabled: true accessMode: ReadWriteOnce size: 800Mi - storageClass: longhorn \ No newline at end of file + storageClass: longhorn + +smtp: + host: badhouseplants.net + security: "starttls" + port: 587 + from: bitwarden@badhouseplants.net + fromName: bitwarden + username: + value: overlord@badhouseplants.net + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" \ No newline at end of file diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 88ef536..726fde3 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -101,6 +101,13 @@ gitea: ADAPTER: redis queue: TYPE: redis + mailer: + ENABLED: true + FROM: gitea@badhouseplants.net + PROTOCOL: smtp+startls + SMTP_ADDR: badhouseplants.net + SMTP_PORT: 587 + USER: overlord@badhouseplants.net service: ssh: type: ClusterIP diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index c2188b2..0612e49 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -21,7 +21,7 @@ istio: kind: http gateway: badhouseplants-net hostname: email.badhouseplants.net - service: mailu-front + service: mailu-fr ont port: 80 # - name: mailu-smpt # kind: tcp -- 2.49.0 From 63df23af178429311e58fc55956ee9863be00fd7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 17 Oct 2023 14:56:57 +0200 Subject: [PATCH 058/164] Start managing gateways with helmfile --- badhouseplants/helmfile.yaml | 5 ++ .../values/values.docker-mailserver.yaml | 28 +++++--- .../values.istio-gateway-resources.yaml | 69 +++++++++++++++++++ .../values/values.istio-ingressgateway.yaml | 1 - common/values.istio-gateway.yaml | 2 +- message_file.tpl | 0 releases.yaml | 10 ++- 7 files changed, 103 insertions(+), 12 deletions(-) create mode 100644 badhouseplants/values/values.istio-gateway-resources.yaml delete mode 100644 message_file.tpl diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8037a71..bbbf5d4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -92,6 +92,11 @@ releases: namespace: mail-service createNamespace: true + - <<: *istio-gateway-resources + installed: true + namespace: istio-system + createNamespace: false} + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 11efe55..47d6a99 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,4 +1,4 @@ -istio_gateway: +istio-gateway: enabled: true gateways: - name: badhouseplants-email @@ -52,26 +52,26 @@ istio: kind: tcp gateway: badhouseplants-email service: docker-mailserver - hostname: badhousplants.net + hostname: badhouseplants.net port_match: 25 port: 25 - name: docker-mailserver-smpts kind: tcp gateway: badhouseplants-email port_match: 465 - hostname: badhousplants.net + hostname: badhouseplants.net service: docker-mailserver port: 465 - name: docker-mailserver-smpt-startls kind: tcp gateway: badhouseplants-email - hostname: badhousplants.net + hostname: badhouseplants.net port_match: 587 service: docker-mailserver port: 587 - name: docker-mailserver-imap kind: tcp - hostname: badhousplants.net + hostname: badhouseplants.net gateway: badhouseplants-email port_match: 143 service: docker-mailserver @@ -79,7 +79,7 @@ istio: - name: docker-mailserver-imaps kind: tcp gateway: badhouseplants-email - hostname: badhousplants.net + hostname: badhouseplants.net port_match: 993 service: docker-mailserver port: 993 @@ -87,22 +87,32 @@ istio: kind: tcp gateway: badhouseplants-email port_match: 110 - hostname: badhousplants.net + hostname: badhouseplants.net service: docker-mailserver port: 110 - name: docker-mailserver-pop3s kind: tcp gateway: badhouseplants-email port_match: 993 - hostname: badhousplants.net + hostname: badhouseplants.net service: docker-mailserver port: 993 + - name: docker-mailserver-rainloop + kind: http + gateway: istio-system/badhouseplants-net + hostname: mail.badhouseplants.net + service: docker-mailserver-rainloop + port: 80 +rainloop: + enabled: true + ingress: + enabled: false demoMode: enabled: false domains: - badhouseplants.net - - "*.badhouseplants.net" + - mail.badhouseplants.net ssl: issuer: name: badhouseplants-issuer diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml new file mode 100644 index 0000000..adb884f --- /dev/null +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -0,0 +1,69 @@ +istio-gateway: + enabled: true + gateways: + - name: badhouseplants-net + servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: http + number: 80 + protocol: HTTP2 + tls: + httpsRedirect: true + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE + - name: nrodionov-info + servers: + - hosts: + - nrodionov.info + - dev.nrodionov.info + port: + name: http + number: 80 + protocol: HTTP2 + tls: + httpsRedirect: false + - hosts: + - nrodionov.info + - dev.nrodionov.info + port: + name: https + number: 443 + protocol: HTTPS + tls: + credentialName: nrodionov-wildcard-tls + mode: SIMPLE + - name: badhouseplants-vpn + servers: + - hosts: + - '*' + port: + name: tcp + number: 1194 + protocol: TCP + - name: badhouseplants-ssh + servers: + - hosts: + - '*' + port: + name: ssh + number: 22 + protocol: TCP + - name: badhouseplants-minecraft + servers: + - hosts: + - '*' + port: + name: minecraft + number: 25565 + protocol: TCP diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 60d5a2f..a5d2656 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -1,4 +1,3 @@ ---- service: type: LoadBalancer ports: diff --git a/common/values.istio-gateway.yaml b/common/values.istio-gateway.yaml index deb3696..d54bfa7 100644 --- a/common/values.istio-gateway.yaml +++ b/common/values.istio-gateway.yaml @@ -1,5 +1,5 @@ --- -istio_gateway: +istio-gateway: templates: - | {{ range .Values.gateways }} diff --git a/message_file.tpl b/message_file.tpl deleted file mode 100644 index e69de29..0000000 diff --git a/releases.yaml b/releases.yaml index f6bd399..1155aa8 100644 --- a/releases.yaml +++ b/releases.yaml @@ -45,7 +45,7 @@ templates: dependencies: - chart: bedag/raw version: 2.0.0 - alias: istio_gateway + alias: istio-gateway values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' @@ -179,6 +179,14 @@ templates: - template: istio-common - template: default-env-values + istio-gateway-resources: &istio-gateway-resources + name: istio-gateway-resources + chart: bedag/raw + version: 2.0.0 + inherit: + - template: ext-istio-gateway + - template: default-env-values + istiod: &istiod name: istiod chart: istio/istiod -- 2.49.0 From 5201e2a58965443cca48b4deb6df181f31be19bc Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 07:40:46 +0200 Subject: [PATCH 059/164] Fix broken helmfile --- badhouseplants/helmfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index bbbf5d4..88616fc 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -95,7 +95,7 @@ releases: - <<: *istio-gateway-resources installed: true namespace: istio-system - createNamespace: false} + createNamespace: false bases: - ../environments.yaml -- 2.49.0 From 871ceb8e06d1ec785ead5cc92b5b4117c4676de6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 21:42:57 +0200 Subject: [PATCH 060/164] Install vaultwarden --- badhouseplants/helmfile.yaml | 5 ++ .../values/secrets.vaultwarden.yaml | 27 ++++++++ .../values/values.db-instances.yaml | 2 +- badhouseplants/values/values.longhorn.yaml | 2 +- badhouseplants/values/values.vaultwarden.yaml | 63 +++++++++++++++++++ releases.yaml | 25 +++++--- repositories.yaml | 4 +- 7 files changed, 117 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/secrets.vaultwarden.yaml create mode 100644 badhouseplants/values/values.vaultwarden.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 88616fc..8573d06 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -97,6 +97,11 @@ releases: namespace: istio-system createNamespace: false + - <<: *vaultwarden + installed: true + namespace: vaultwarden-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml new file mode 100644 index 0000000..9c2e617 --- /dev/null +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] + password: + value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] + adminToken: + value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo + WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 + dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a + U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT + HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-20T07:01:25Z" + mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 6c8999b..8e16c19 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -18,7 +18,7 @@ dbinstances: Namespace: database-service engine: postgres generic: - host: postgres16-postgresql + host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 mysql: monitoring: diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 078e6ab..c639d5f 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -9,5 +9,5 @@ defaultSettings: csi: kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: - defaultClassReplicaCount: 1 +defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml new file mode 100644 index 0000000..b2bd5a3 --- /dev/null +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -0,0 +1,63 @@ +--- +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: vaultwarden-http + kind: http + gateway: istio-system/badhouseplants-net + hostname: vault.badhouseplants.net + service: vaultwarden + port: 8080 +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: + enabled: true + name: vaultwarden-postgres16 + instance: postgres16 +service: + port: 8080 +vaultwarden: + smtp: + host: badhouseplants.net + security: "starttls" + port: 587 + from: vaultwarden@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vault.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vault.badhouseplants.com" + signupsVerify: "true" + showPassHint: "false" + database: + existingSecret: vaultwarden-postgres16-creds + existingSecretKey: CONNECTION_STRING + connectionRetries: 15 + maxConnections: 10 + storage: + enabled: false + size: 1Gi + class: default + dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" diff --git a/releases.yaml b/releases.yaml index 1155aa8..0b9bd0c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.6.1 + version: 51.9.4 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.29.0 + version: 5.35.0 inherit: - template: monitoring-common - template: default-env-values @@ -153,7 +153,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.2 + version: 6.15.3 inherit: - template: monitoring-common - template: default-env-values @@ -232,7 +232,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.0.4 + version: 18.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -260,7 +260,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.5.0 + version: 9.5.1 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.5 + version: 18.1.6 inherit: - template: default-env-values - template: default-env-secrets @@ -307,7 +307,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.1.4 + version: 13.1.5 inherit: - template: default-env-values - template: default-env-secrets @@ -315,7 +315,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.11.1 + version: 1.11.2 db-instances: &db-instances name: db-instances @@ -342,3 +342,12 @@ templates: - template: ext-istio-gateway - template: ext-istio-resource + vaultwarden: &vaultwarden + name: vaultwarden + chart: badhouseplants/vaultwarden + version: 0.1.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database diff --git a/repositories.yaml b/repositories.yaml index 64e3842..fcdf4fe 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -35,4 +35,6 @@ repositories: - name: db-operator url: https://db-operator.github.io/charts - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + url: https://badhouseplants.github.io/helm-charts/ -- 2.49.0 From 45e4555218d92bc3ab0c3975fe0028f86a4fba95 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 21:52:24 +0200 Subject: [PATCH 061/164] Update vaultwarden and fix some values --- badhouseplants/helmfile.yaml | 2 +- badhouseplants/values/values.longhorn.yaml | 2 +- releases.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8573d06..8d7ed5b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -58,7 +58,7 @@ releases: createNamespace: false - <<: *bitwarden - installed: true + installed: false namespace: bitwarden-application createNamespace: true diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index c639d5f..078e6ab 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -9,5 +9,5 @@ defaultSettings: csi: kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet persistence: -defaultClassReplicaCount: 1 + defaultClassReplicaCount: 1 enablePSP: false diff --git a/releases.yaml b/releases.yaml index 0b9bd0c..7d067ef 100644 --- a/releases.yaml +++ b/releases.yaml @@ -345,7 +345,7 @@ templates: vaultwarden: &vaultwarden name: vaultwarden chart: badhouseplants/vaultwarden - version: 0.1.0 + version: 1.0.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From eed6c898c54220a6a6982c45f2f134d9bd97f35e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 22 Oct 2023 13:17:16 +0200 Subject: [PATCH 062/164] Update outdated releases --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d067ef..43ebded 100644 --- a/releases.yaml +++ b/releases.yaml @@ -102,7 +102,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.11 + version: 0.13.12 cert-manager: &cert-manager name: cert-manager @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.9.4 + version: 51.10.0 inherit: - template: monitoring-common - template: default-env-values -- 2.49.0 From 283bcc5cd2a0260b85b2bcac43f479833299a896 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 5 Oct 2023 10:07:25 +0200 Subject: [PATCH 063/164] Install and test woodpecker-ci --- .woodpecker.yml | 24 ++++++++++++ badhouseplants/helmfile.yaml | 7 +++- .../values/secrets.woodpecker-agent.yaml | 23 ++++++++++++ .../values/secrets.woodpecker-ci.yaml | 26 +++++++++++++ .../values/values.woodpecker-ci.yaml | 37 +++++++++++++++++++ releases.yaml | 9 +++++ repositories.yaml | 2 + 7 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 .woodpecker.yml create mode 100644 badhouseplants/values/secrets.woodpecker-agent.yaml create mode 100644 badhouseplants/values/secrets.woodpecker-ci.yaml create mode 100644 badhouseplants/values/values.woodpecker-ci.yaml diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..b18ba77 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,24 @@ +--- +when: + event: push + +steps: + Diff Badhouseplants: + image: ghcr.io/helmfile/helmfile:canary + secrets: [ sops_age_key, kubeconfig_content ] + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e badhouseplants diff --suppress-secrets + + Diff Eterosoft: + image: ghcr.io/helmfile/helmfile:canary + secrets: [ sops_age_key, kubeconfig_content ] + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e etersoft diff --suppress-secrets + + #services: + # kind: + # image: kindest/node:v1.27.3 diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 8d7ed5b..5023f26 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -97,9 +97,14 @@ releases: namespace: istio-system createNamespace: false - - <<: *vaultwarden + - <<: &vaultwarde + createNamespace: true installed: true namespace: vaultwarden-application + + - <<: *woodpecker-ci + installed: true + namespace: woodpecker createNamespace: true bases: diff --git a/badhouseplants/values/secrets.woodpecker-agent.yaml b/badhouseplants/values/secrets.woodpecker-agent.yaml new file mode 100644 index 0000000..f71db04 --- /dev/null +++ b/badhouseplants/values/secrets.woodpecker-agent.yaml @@ -0,0 +1,23 @@ +env: + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:cJoxJw6c6FYZ337i5P6dGUzLmgUn9Z+/Ed9aUK76WYnB8m0D9h5IlAlOfCQ=,iv:1BgxKsaI3dhhPNkZbpHKBn6GXadn1RD+3Q4RwKLfmcU=,tag:y8qLWwpVAwKrOWN1cC2ulw==,type:str] + WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:VdWASwxPurzmfSjb2h8wBw3XbZSfG9UG0jmXSbTBPreZ+l7UQblI/wqr8Tw=,iv:APNuiqimA/ofCWsvywj+SJedQBMgRoCd65Gd3Ps2/fw=,tag:ATLGT4ACZ2GR46qD9ABUng==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTRFNvdnBsSHFBcjlGcGl1 + RnU1NEpZekpucTNCZHBGcXdBakhkU1drb2dZClVYZ2xMVUJiOXV2enlBbm1TS2Mz + ZnZ0UHpsVHVUU2ZkSGtwUXNMM0R6VjQKLS0tIFR4NEdTTGRIY3QycTFhRzJNSEY0 + SEs0Z3VjaTN2Y3Z0QmtEUEdQdmtwYnMKxQ3z1p2GulSOklUEolWeH20JeFwNpZqY + 870x5UtCJNVTMrIDgwMQK3hn+yywxPdgSRhkW3bqH4PJDxi78UUpXw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-05T08:06:51Z" + mac: ENC[AES256_GCM,data:pc4n/3MEP0GhmZ+wdbOiK2gj7ah/9IJ2hoXRtM1sAGy3UPNBrF5VE7hxnAi393YpWBank7crDTvg2aJjhVt7XqB8zcjiHtNMlcpxL6fJ+uWxeH4uVj/NBfSvoO410oYbtPuKMjZpPU7KACmTJ9tzVIZdZOScXx7fLQxNUq01Hu8=,iv:18MqueG9MHrTcXmu14Q8LPnMFT9lolDkCbXjjA2P1qg=,tag:6ETPd8vZ0CCGEUP5u8ZxNA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/badhouseplants/values/secrets.woodpecker-ci.yaml b/badhouseplants/values/secrets.woodpecker-ci.yaml new file mode 100644 index 0000000..dedead1 --- /dev/null +++ b/badhouseplants/values/secrets.woodpecker-ci.yaml @@ -0,0 +1,26 @@ +server: + env: + WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] +agent: + env: + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:rnxJ1aKdMnJDXbiQFIUP2a1zaB/hfdXZ0YLwegT+aMSM4tBRV+YgQ/0OvoUuoTC2j1Jtp1SnY94=,iv:XHDR0WSiG1zwOkqTUnVtw0hLceWyI4W5sYNrsnXAAik=,tag:6mddyqwUd/mOQeEGIJlQhQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQjZqNE9iMDl6MlhnSUp5 + QTBSOG83WFBqZFZIU2dEMzlpengrUFg4alZFCld4MkI4WW8xMUZnMm1SU2hmMCtn + bTZSVTIxTk5aZmo3OEJJdlJwL2xhV3MKLS0tIGJraERVZTNyMWFCVE1TbEhRR3J4 + WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 + ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-14T16:17:58Z" + mac: ENC[AES256_GCM,data:guD5+TBhN9n0WKRN4Ffzo0khhL+3CroELwxTfvUPmxQndFBzOnw/kvj8ZP/NBHMwAiQ1sirUdoJE0QKruHpkHlPs0slyNK0adGExPlSmn9fS5egltbtthzZYbftTJKFlImo3/3Z6tapBWN8neJNc3fhtZbItuwgfYJecXPPqW7Q=,iv:bqqhU1KDfzIN4LOY4dMpSw8XT/2j+NiD74M56jSpjWE=,tag:VGXSlEreapoSFCUnfHXIXA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml new file mode 100644 index 0000000..51b5f98 --- /dev/null +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -0,0 +1,37 @@ +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: woodpecker-server-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: ci.badhouseplants.net + service: woodpecker-ci-server + port: 80 +server: + image: + tag: v1.0.2 + enabled: true + env: + WOODPECKER_GITEA: true + WOODPECKER_GITEA_URL: https://git.badhouseplants.net + WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 + WOODPECKER_ADMIN: "woodpecker,allanger" + WOODPECKER_HOST: "https://ci.badhouseplants.net" + extraSecretNamesForEnvFrom: [] +agent: + image: + tag: v1.0.2 + enabled: true + extraSecretNamesForEnvFrom: [] + env: + WOODPECKER_SERVER: woodpecker-ci-server:9000 + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1Gi + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: + serviceAccount: + create: true + rbac: + create: true diff --git a/releases.yaml b/releases.yaml index 43ebded..e380875 100644 --- a/releases.yaml +++ b/releases.yaml @@ -229,6 +229,15 @@ templates: - template: default-env-secrets - template: drone-common + woodpecker-ci: &woodpecker-ci + name: woodpecker-ci + chart: woodpecker/woodpecker + version: 0.4.2 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress diff --git a/repositories.yaml b/repositories.yaml index fcdf4fe..0d52f2e 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -38,3 +38,5 @@ repositories: url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ + - name: woodpecker + url: https://woodpecker-ci.org -- 2.49.0 From e1ce435597f7614e1a7ee5cc2e737eb0134f554a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 20 Oct 2023 21:55:21 +0200 Subject: [PATCH 064/164] Try the matrix build --- .woodpecker.yml | 24 -------------- .woodpecker/.cdh.yml | 31 +++++++++++++++++++ .woodpecker/.helmfile.yml | 29 +++++++++++++++++ badhouseplants/helmfile.yaml | 2 +- .../values/values.woodpecker-ci.yaml | 1 + 5 files changed, 62 insertions(+), 25 deletions(-) delete mode 100644 .woodpecker.yml create mode 100644 .woodpecker/.cdh.yml create mode 100644 .woodpecker/.helmfile.yml diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index b18ba77..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -when: - event: push - -steps: - Diff Badhouseplants: - image: ghcr.io/helmfile/helmfile:canary - secrets: [ sops_age_key, kubeconfig_content ] - commands: - - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e badhouseplants diff --suppress-secrets - - Diff Eterosoft: - image: ghcr.io/helmfile/helmfile:canary - secrets: [ sops_age_key, kubeconfig_content ] - commands: - - mkdir $HOME/.kube - - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e etersoft diff --suppress-secrets - - #services: - # kind: - # image: kindest/node:v1.27.3 diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml new file mode 100644 index 0000000..89050ab --- /dev/null +++ b/.woodpecker/.cdh.yml @@ -0,0 +1,31 @@ +# ---------------------------------------------- +# -- Check da helm pipeline +# ---------------------------------------------- +when: + - event: push + # cron: nightly +steps: + check badhouseplants: + image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable + secrets: + - sops_age_key + environment: + RUST_LOG: info + commands: + - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl + - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl + notification: + image: deblan/woodpecker-email + settings: + from.address: woody@badhouseplants.net + from.name: Woody Woodpecker + host: badhouseplants.net + username: + from_secret: smtp_username + password: + from_secret: smtp_password + recipients: + subject: CDH result + target: main + when: + - status: [success, failure] diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml new file mode 100644 index 0000000..16f03ca --- /dev/null +++ b/.woodpecker/.helmfile.yml @@ -0,0 +1,29 @@ +when: + event: push +matrix: + ENVIRONMENT: + - badhouseplants + - etersoft +steps: + diff: + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + exclude: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e $ENVIRONMENT diff --suppress-secrets + sync: + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + include: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile -e $ENVIRONMENT sync diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 5023f26..89ced65 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -97,7 +97,7 @@ releases: namespace: istio-system createNamespace: false - - <<: &vaultwarde + - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 51b5f98..c19c116 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -19,6 +19,7 @@ server: WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.badhouseplants.net WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 + WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" extraSecretNamesForEnvFrom: [] -- 2.49.0 From cffa11820f463206345a44ac464b5d47083de8cf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 08:21:18 +0200 Subject: [PATCH 065/164] Update OpenVPN --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index e380875..442b6c2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -200,7 +200,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.6 + version: 1.0.7 inherit: - template: default-env-values - template: ext-istio-resource -- 2.49.0 From 164e4b2ffba85aa02c5aeca8d864440fd5546eb8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 23 Oct 2023 08:27:52 +0200 Subject: [PATCH 066/164] Increase Gitea disk --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 726fde3..ee27307 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 8Gi + size: 10Gi accessModes: - ReadWriteOnce -- 2.49.0 From fb90882fcc3b837c6706e636eb7f793e296613a0 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 29 Oct 2023 10:55:28 +0100 Subject: [PATCH 067/164] Upgrade outdated releases --- releases.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index 442b6c2..79df093 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.46.8 + version: 5.48.8 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 51.10.0 + version: 52.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.35.0 + version: 5.36.0 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.0.7 + version: 18.0.11 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.1.6 + version: 18.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.11.2 + version: 1.12.0 db-instances: &db-instances name: db-instances @@ -337,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.12.5 + version: 9.14.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 4f42d4e73f776a15da366a2423c3a1cf70f36584 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 29 Oct 2023 10:56:21 +0100 Subject: [PATCH 068/164] Disable cdh workflow --- .woodpecker/{.cdh.yml => .cdh.yml.back} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .woodpecker/{.cdh.yml => .cdh.yml.back} (100%) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml.back similarity index 100% rename from .woodpecker/.cdh.yml rename to .woodpecker/.cdh.yml.back -- 2.49.0 From 4c554264411c38b9f97ebf2ce8a2d9554cedc95f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 29 Oct 2023 14:57:24 +0100 Subject: [PATCH 069/164] Set a correct version for Argo --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 79df093..8536440 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.48.8 + version: 5.48.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From f61ffc416175b16e181a7725c52b358d9cfa305b Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 30 Oct 2023 13:26:00 +0100 Subject: [PATCH 070/164] Upgrade mail-server version --- releases.yaml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/releases.yaml b/releases.yaml index 8536440..1e39d21 100644 --- a/releases.yaml +++ b/releases.yaml @@ -286,16 +286,6 @@ templates: - template: ext-istio-resource - template: ext-database - mailu: &mailu - name: mailu - chart: mailu/mailu - version: 1.2.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - - template: ext-certificate - bitwarden: &bitwarden name: bitwarden chart: bitwarden/vaultwarden @@ -345,7 +335,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.1.3 + version: 2.2.0 inherit: - template: default-env-values - template: ext-istio-gateway -- 2.49.0 From e18424d98ac5e15930a6d33563090a74180d6390 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 30 Oct 2023 16:07:26 +0100 Subject: [PATCH 071/164] Enable indexer for Gitea --- badhouseplants/values/values.gitea.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index ee27307..3aaccee 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -108,6 +108,11 @@ gitea: SMTP_ADDR: badhouseplants.net SMTP_PORT: 587 USER: overlord@badhouseplants.net + indexer: + REPO_INDEXER_ENABLED: true + REPO_INDEXER_PATH: indexers/repos.bleve + MAX_FILE_SIZE: 1048576 + REPO_INDEXER_EXCLUDE: resources/bin/** service: ssh: type: ClusterIP -- 2.49.0 From b9954063cb1f091ba195fad7503a0bf695917cf5 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 13:54:32 +0100 Subject: [PATCH 072/164] Upgrade Longhorn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 1e39d21..7d38f1c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -114,7 +114,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.1 + version: 1.5.2 inherit: - template: default-env-values -- 2.49.0 From 654731b7ef951c24f4e6816b1bc84d7a761bc504 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 19:54:19 +0100 Subject: [PATCH 073/164] Add some manifests for badhouseplants --- .../badhouseplants/namespace-creator-binding.yaml | 12 ++++++++++++ manifests/badhouseplants/namespace-creator-role.yaml | 8 ++++++++ 2 files changed, 20 insertions(+) create mode 100644 manifests/badhouseplants/namespace-creator-binding.yaml create mode 100644 manifests/badhouseplants/namespace-creator-role.yaml diff --git a/manifests/badhouseplants/namespace-creator-binding.yaml b/manifests/badhouseplants/namespace-creator-binding.yaml new file mode 100644 index 0000000..d24486c --- /dev/null +++ b/manifests/badhouseplants/namespace-creator-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: namespace-manager +subjects: + - kind: User + name: badhousplants + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: namespace-manager + apiGroup: rbac.authorization.k8s.io diff --git a/manifests/badhouseplants/namespace-creator-role.yaml b/manifests/badhouseplants/namespace-creator-role.yaml new file mode 100644 index 0000000..c552be6 --- /dev/null +++ b/manifests/badhouseplants/namespace-creator-role.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: namespace-manager +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "watch", "list", "create", "delete"] -- 2.49.0 From f4cbb2b5c50cad84e25eec7ebcd1b011d31135ca Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 19:55:29 +0100 Subject: [PATCH 074/164] Create etcd bucket in etersoft --- etersoft/values/values.minio.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index 25c0888..a536d3e 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -73,6 +73,8 @@ policies: - 'arn:aws:s3:::longhorn' - 'arn:aws:s3:::restic/*' - 'arn:aws:s3:::restic' + - 'arn:aws:s3:::etcd/*' + - 'arn:aws:s3:::etcd' actions: - "s3:DeleteObject" - "s3:GetObject" @@ -87,6 +89,10 @@ buckets: policy: none purge: false versioning: false + - name: etcd + policy: none + versioning: false + purge: false metrics: serviceMonitor: enabled: false -- 2.49.0 From 3a7df6e695c2b6cfa3097f2192fcec86531607ec Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 19:57:56 +0100 Subject: [PATCH 075/164] Use apply instead of sync in ci --- .woodpecker/.helmfile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 16f03ca..355d333 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -16,7 +16,7 @@ steps: - mkdir $HOME/.kube - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets - sync: + apply: image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -26,4 +26,4 @@ steps: commands: - mkdir $HOME/.kube - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - - helmfile -e $ENVIRONMENT sync + - helmfile -e $ENVIRONMENT apply -- 2.49.0 From 3a74881b27cf06555f083262ad7930a2cdd92c83 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 4 Nov 2023 20:00:56 +0100 Subject: [PATCH 076/164] Update sso for Minio Etersoft --- etersoft/values/secrets.minio.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index 858d3c9..465ad9a 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -9,8 +9,8 @@ users: oidc: enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] - clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str] - clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str] + clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] + clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] @@ -31,8 +31,8 @@ sops: UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-26T11:56:18Z" - mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str] + lastmodified: "2023-11-04T19:00:41Z" + mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 -- 2.49.0 From a9bf45dcef6c2010fe75181a2eeb972dc1ef8b15 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 5 Nov 2023 16:17:21 +0100 Subject: [PATCH 077/164] Fix the image on the Etersoft VPN --- etersoft/values/values.openvpn.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etersoft/values/values.openvpn.yaml b/etersoft/values/values.openvpn.yaml index 7f2d53d..4602748 100644 --- a/etersoft/values/values.openvpn.yaml +++ b/etersoft/values/values.openvpn.yaml @@ -14,6 +14,8 @@ istio: service: openvpn port: 1194 +image: + tag: v2.6.5-xor-4.0.0beta08 storage: class: microk8s-hostpath size: 5Gi -- 2.49.0 From 76a7c5d4ef9933e646a3a75bf6abd092262e67a2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 7 Nov 2023 03:55:40 +0100 Subject: [PATCH 078/164] Remove badhouseplants-brew bucket --- badhouseplants/values/values.minio.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index 2ae9119..ef99a67 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -64,11 +64,6 @@ buckets: - name: allanger-music policy: download purge: false - versioning: false - - name: badhouseplants-brew - policy: download - purge: false - versioning: false metrics: serviceMonitor: enabled: false -- 2.49.0 From 4412cc5fbd66255ac18c756cb9b31f740cbf3ae9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 8 Nov 2023 15:15:41 +0100 Subject: [PATCH 079/164] Update outdated releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d38f1c..910bc4e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -107,7 +107,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.1 + version: 1.13.2 set: - name: installCRDs value: true @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.48.0 + version: 5.51.0 inherit: - template: default-env-values - template: default-env-secrets @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.36.0 + version: 5.36.3 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.0.11 + version: 18.1.6 inherit: - template: default-env-values - template: default-env-secrets @@ -298,7 +298,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.2.0 + version: 18.2.1 inherit: - template: default-env-values - template: default-env-secrets @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.1.5 + version: 13.2.2 inherit: - template: default-env-values - template: default-env-secrets @@ -314,7 +314,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.12.0 + version: 1.13.1 db-instances: &db-instances name: db-instances @@ -327,7 +327,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.1 + version: 9.14.2 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From ff64516cf72472c00fbcd7a6e36829b51e142c95 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 12 Nov 2023 22:19:26 +0100 Subject: [PATCH 080/164] Update charts --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index 910bc4e..6f5467c 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.0 + version: 5.51.1 inherit: - template: default-env-values - template: default-env-secrets @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.6 + version: 18.1.11 inherit: - template: default-env-values - template: default-env-secrets @@ -298,7 +298,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.2.1 + version: 18.3.2 inherit: - template: default-env-values - template: default-env-secrets @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.2 + version: 13.2.5 inherit: - template: default-env-values - template: default-env-secrets @@ -327,7 +327,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.2 + version: 9.14.3 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From fb0d11beee19339a7ef2191af200e8584dc6ed81 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 14 Nov 2023 08:38:24 +0100 Subject: [PATCH 081/164] Add escalation to woodpecker --- badhouseplants/values/values.woodpecker-ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index c19c116..13dd311 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -22,6 +22,7 @@ server: WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" + WOODPECKER_ESCALATE: true extraSecretNamesForEnvFrom: [] agent: image: -- 2.49.0 From 4f258d9140b6b6c606c5d7638e76732ec8967a0c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:01:25 +0100 Subject: [PATCH 082/164] chore: Upgrade longhorn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6f5467c..7b2defe 100644 --- a/releases.yaml +++ b/releases.yaml @@ -114,7 +114,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.2 + version: 1.5.3 inherit: - template: default-env-values -- 2.49.0 From 693169f9639849d105992703213d562975976bcc Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:02:07 +0100 Subject: [PATCH 083/164] chore: Upgrade istio --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 7b2defe..b54a494 100644 --- a/releases.yaml +++ b/releases.yaml @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.19.3 + version: 1.20.0 istio-base: &istio-base name: istio-base -- 2.49.0 From 627f433ff16c1e90672ddc0cd9ee708b62b02b42 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:07:29 +0100 Subject: [PATCH 084/164] chore: Upgrade some unimportant helm releases --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index b54a494..3e1efba 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.1 + version: 5.51.2 inherit: - template: default-env-values - template: default-env-secrets @@ -223,7 +223,7 @@ templates: drone-runner-docker: &drone-runner-docker name: drone-runner-docker chart: drone/drone-runner-docker - version: 0.6.1 + version: 0.6.2 inherit: - template: default-env-values - template: default-env-secrets @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.11 + version: 18.1.14 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From c1da28126dd477cacc0640b9707e894eab618fd2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:11:20 +0100 Subject: [PATCH 085/164] chore: Upgrade some unimportant helm releases --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index 3e1efba..f965c2e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 52.1.0 + version: 54.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -298,7 +298,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.3.2 + version: 18.4.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From fd7813a8401af9ec4b1aa05e08f2e5c8a6950f3e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 17 Nov 2023 11:16:20 +0100 Subject: [PATCH 086/164] chore: Upgrade important helm releases --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index f965c2e..b7e3197 100644 --- a/releases.yaml +++ b/releases.yaml @@ -269,7 +269,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.5.1 + version: 9.6.0 inherit: - template: default-env-values - template: default-env-secrets @@ -279,7 +279,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.3 + version: 2.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.5 + version: 13.2.9 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 4b364c9c18bcaab70e7dcbbe4827e028359eb0a3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 18 Nov 2023 13:12:26 +0100 Subject: [PATCH 087/164] Setup promtail and loki --- badhouseplants/helmfile.yaml | 6 +++--- badhouseplants/values/values.loki.yaml | 13 ++++++++++++- badhouseplants/values/values.promtail.yaml | 6 ++++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 89ced65..479557f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -48,12 +48,12 @@ releases: createNamespace: true - <<: *loki - installed: false + installed: true namespace: monitoring-system createNamespace: false - <<: *promtail - installed: false + installed: true namespace: monitoring-system createNamespace: false @@ -83,7 +83,7 @@ releases: createNamespace: true - <<: *mysql - installed: true + installed: false namespace: database-service createNamespace: true diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index 0be3069..76f2f8f 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,11 +1,22 @@ --- singleBinary: replicas: 1 + persistence: + size: 5Gi loki: auth_enabled: false commonConfig: replication_factor: 1 + storage: + type: 'filesystem' +monitoring: + selfMonitoring: + enabled: false + lokiCanary: + enabled: false +test: + enabled: false compactor: retention_enabled: true limits_config: - retention_period: 2d + retention_period: 14d diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 7846cec..7e5d7b1 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -3,3 +3,9 @@ config: clients: # - url: http://loki.monitoring-system:3100 - url: http://loki-gateway/loki/api/v1/push + snippets: + pipelineStages: + - match: + pipeline_name: "drop-all" + selector: '{namespace!="mail-service"}' + action: drop -- 2.49.0 From f57301153ad34550e19197706fb0a47823037fe6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 19 Nov 2023 10:30:01 +0100 Subject: [PATCH 088/164] Use newer woodpecker --- badhouseplants/values/secrets.woodpecker-ci.yaml | 7 ++++--- badhouseplants/values/values.promtail.yaml | 2 +- badhouseplants/values/values.woodpecker-ci.yaml | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/badhouseplants/values/secrets.woodpecker-ci.yaml b/badhouseplants/values/secrets.woodpecker-ci.yaml index dedead1..56326be 100644 --- a/badhouseplants/values/secrets.woodpecker-ci.yaml +++ b/badhouseplants/values/secrets.woodpecker-ci.yaml @@ -1,9 +1,10 @@ server: env: WOODPECKER_GITEA_SECRET: ENC[AES256_GCM,data:mGYEvlIeQC3mg+kxy3ZX6gAVf88DXLVdeSdgpQa8wixsb2rDoj4+l2ET2saquK+lVhjvv8ZKdvg=,iv:VlPgDYPj1xpxnpWnEHj+slBi0H2nWKeScclPItUaG9A=,tag:ox/Ur5vsOARXRT3g0hCgsg==,type:str] + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:WXwsmLmb37clb5xgv+2DeKfhk7cwaIJpaCW8/Kq/CmgfwCmrarPDDQGXZoLwOjGj3mh/ciDj7V5WgHfyxuIDhA==,iv:NhGlPyPrTrTbz1DjOZEieWAfOQHqSqhdLiqMspex1j0=,tag:vOfo+XiCUW6MhtJemkZPMA==,type:str] agent: env: - WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:rnxJ1aKdMnJDXbiQFIUP2a1zaB/hfdXZ0YLwegT+aMSM4tBRV+YgQ/0OvoUuoTC2j1Jtp1SnY94=,iv:XHDR0WSiG1zwOkqTUnVtw0hLceWyI4W5sYNrsnXAAik=,tag:6mddyqwUd/mOQeEGIJlQhQ==,type:str] + WOODPECKER_AGENT_SECRET: ENC[AES256_GCM,data:4lTZ16jbrorU4B9gTAoWmgiGggrMWD7K5O/5R47OIDMdRInwXtaWviofFD8WJQMduiGvANxMVNs0J1DLvFKi9Q==,iv:Y0AsW63vdVEwKvpVYeMVLFmwYlsQSwnz602QjDgj/ZQ=,tag:aO9xh3psy/bRCCQEFUp75A==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +20,8 @@ sops: WXh3NGd4UG9OODhHNEp0cDVoQkM5dWMKcz4h0O4J2WlB+L9+/U8Rl+zzd87hsJo8 ThPZgnUNDGpdRrU2IYiXo03fZOhBoqBJe1ZG+Ol8z9bvTeyeMZxRIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-14T16:17:58Z" - mac: ENC[AES256_GCM,data:guD5+TBhN9n0WKRN4Ffzo0khhL+3CroELwxTfvUPmxQndFBzOnw/kvj8ZP/NBHMwAiQ1sirUdoJE0QKruHpkHlPs0slyNK0adGExPlSmn9fS5egltbtthzZYbftTJKFlImo3/3Z6tapBWN8neJNc3fhtZbItuwgfYJecXPPqW7Q=,iv:bqqhU1KDfzIN4LOY4dMpSw8XT/2j+NiD74M56jSpjWE=,tag:VGXSlEreapoSFCUnfHXIXA==,type:str] + lastmodified: "2023-11-18T17:43:53Z" + mac: ENC[AES256_GCM,data:u8iu+Ia1u5c5AkdyKbGT//G/Zp+yDNv3TQIElSBA6qCTBu0lKAii3ywXrqdpQ1kYtytjazcwkOa7vKmVy1UoCNda+8wGGHfhfOIQlll+TKBNvgUO73lF5P7X5q6CcgFMvTazXKElESEC3G04uVLEOdG1W6d0ArVRnh8gFOY6Jgg=,iv:VT0pFoOcLPK14I1doJi+52wtCfUuqh2nxdSVu0ufVOY=,tag:SwAOYLxOYaouteqXdgP2Hg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 7e5d7b1..6ab31f3 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!="mail-service"}' + selector: '{namespace!~"mail-service|woodpecker"}' action: drop diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 13dd311..c5202d2 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -13,7 +13,7 @@ istio: port: 80 server: image: - tag: v1.0.2 + tag: v2.0.0-rc.0 enabled: true env: WOODPECKER_GITEA: true @@ -26,7 +26,7 @@ server: extraSecretNamesForEnvFrom: [] agent: image: - tag: v1.0.2 + tag: v2.0.0-rc.0 enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.49.0 From f94338d176db047aa4c762f23521df87bf2281fe Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Nov 2023 10:34:11 +0100 Subject: [PATCH 089/164] Update some releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index b7e3197..40a4885 100644 --- a/releases.yaml +++ b/releases.yaml @@ -82,9 +82,9 @@ templates: ext-database: dependencies: - - chart: bedag/raw - version: 2.0.0 - alias: ext-database + - chart: bedag/raw + version: 2.0.0 + alias: ext-database values: - '{{ requiredEnv "PWD" }}/common/values.database.yaml' # ---------------------------- @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.2 + version: 5.51.4 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 54.1.0 + version: 54.2.2 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.36.3 + version: 5.38.0 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +241,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.14 + version: 18.1.17 inherit: - template: default-env-values - template: default-env-secrets @@ -260,7 +260,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.11.0 + version: 4.12.0 inherit: - template: default-env-values - template: default-env-secrets @@ -327,7 +327,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.3 + version: 9.14.4 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 663e29ebef7dbae0d387466352c8507a8a510ad2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 26 Nov 2023 15:34:08 +0100 Subject: [PATCH 090/164] Update postgres --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 40a4885..e09b05f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -306,7 +306,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.9 + version: 13.2.18 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From a9dc7658b9eec05d27f61aea387c60d21baadbde Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 7 Dec 2023 13:34:01 +0100 Subject: [PATCH 091/164] Fix certs --- .../values.istio-gateway-resources.yaml | 21 ++++++++++++++++++- releases.yaml | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index adb884f..9349206 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -1,3 +1,22 @@ +certificate: + enabled: true + certificate: + - name: nrodionov-wildcard + secretName: nrodionov-wildcard-tls + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - nrodionov.info + - "*.nrodionov.info" + - name: badhouseplants-wildcard + secretName: badhouseplants-wildcard-tls + issuer: + kind: ClusterIssuer + name: badhouseplants-issuer + dnsNames: + - badhouseplants.net + - "*.badhouseplants.net" istio-gateway: enabled: true gateways: @@ -32,7 +51,7 @@ istio-gateway: number: 80 protocol: HTTP2 tls: - httpsRedirect: false + httpsRedirect: true - hosts: - nrodionov.info - dev.nrodionov.info diff --git a/releases.yaml b/releases.yaml index e09b05f..b88172b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -185,6 +185,7 @@ templates: version: 2.0.0 inherit: - template: ext-istio-gateway + - template: ext-certificate - template: default-env-values istiod: &istiod -- 2.49.0 From 35599488dd8e707ff21cd6ed7abe69dcf151ce16 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 27 Nov 2023 10:48:52 +0100 Subject: [PATCH 092/164] Update woodpecker to 1.0.0 --- badhouseplants/values/values.woodpecker-ci.yaml | 6 +----- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index c5202d2..736abf2 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -12,8 +12,6 @@ istio: service: woodpecker-ci-server port: 80 server: - image: - tag: v2.0.0-rc.0 enabled: true env: WOODPECKER_GITEA: true @@ -23,10 +21,8 @@ server: WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true - extraSecretNamesForEnvFrom: [] + extraSecretNamesForEnvFrom: [] agent: - image: - tag: v2.0.0-rc.0 enabled: true extraSecretNamesForEnvFrom: [] env: diff --git a/releases.yaml b/releases.yaml index b88172b..5e2dde2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -233,7 +233,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 0.4.2 + version: 1.0.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 9c137f574d991c48376e331f71a2d6e92a8890bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 27 Nov 2023 10:55:39 +0100 Subject: [PATCH 093/164] Update woodpecker to 1.0.0 -- 2.49.0 From 234da9a023f60c6f465a11043eb09efa91e2cc83 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 5 Dec 2023 11:25:03 +0100 Subject: [PATCH 094/164] Update woodpecker chart --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 5e2dde2..dc9c8bf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -233,7 +233,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.0 + version: 1.0.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 30b59f6daa1480cb75e000a7e21bcc508f8b7984 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 6 Dec 2023 22:10:54 +0100 Subject: [PATCH 095/164] Update outdated release --- releases.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/releases.yaml b/releases.yaml index dc9c8bf..9860b3a 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.4 + version: 5.51.6 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 54.2.2 + version: 55.0.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.38.0 + version: 5.39.0 inherit: - template: monitoring-common - template: default-env-values @@ -242,7 +242,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.17 + version: 18.1.21 inherit: - template: default-env-values - template: default-env-secrets @@ -270,7 +270,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.6.0 + version: 9.6.1 inherit: - template: default-env-values - template: default-env-secrets @@ -307,7 +307,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.18 + version: 13.2.24 inherit: - template: default-env-values - template: default-env-secrets @@ -320,7 +320,7 @@ templates: db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 1.4.2 + version: 2.1.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From a616f03d713ce14b722176b756df194680945c20 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:10:32 +0100 Subject: [PATCH 096/164] Re-install woodpecker --- ;wq | 19 +++++++++++++++++++ badhouseplants/helmfile.yaml | 2 +- .../values/values.woodpecker-ci.yaml | 17 ++++++++++++++--- common/values.database.yaml | 9 +++++++++ releases.yaml | 1 + 5 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 ;wq diff --git a/;wq b/;wq new file mode 100644 index 0000000..3ba430b --- /dev/null +++ b/;wq @@ -0,0 +1,19 @@ +--- +ext-database: + templates: + - | + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.name }}" + spec: + secretName: "{{ .Values.name }}-creds" + instance: "{{ .Values.instance }}" + deletionProtected: false + backup: + enable: false + cron: 0 0 * * * + {{ if .Values.templates }} + check: check + {{- end }} diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 479557f..450d7b0 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -104,7 +104,7 @@ releases: - <<: *woodpecker-ci installed: true - namespace: woodpecker + namespace: woodpecker-ci createNamespace: true bases: diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 736abf2..5fa52b5 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -11,24 +11,35 @@ istio: hostname: ci.badhouseplants.net service: woodpecker-ci-server port: 80 +ext-database: + enabled: true + name: woodpecker-postgres16 + instance: postgres16 + credentials: + WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: enabled: true env: WOODPECKER_GITEA: true WOODPECKER_GITEA_URL: https://git.badhouseplants.net + WOODPECKER_DATABASE_DRIVER: postgres WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 WOODPECKER_OPEN: true WOODPECKER_ADMIN: "woodpecker,allanger" WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true - extraSecretNamesForEnvFrom: [] + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath + extraSecretNamesForEnvFrom: + - woodpecker-postgres16-creds agent: enabled: true extraSecretNamesForEnvFrom: [] env: WOODPECKER_SERVER: woodpecker-ci-server:9000 - WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 1Gi - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: + WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi + WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath serviceAccount: create: true rbac: diff --git a/common/values.database.yaml b/common/values.database.yaml index 9680113..d5d0221 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -14,3 +14,12 @@ ext-database: backup: enable: false cron: 0 0 * * * + {{- if .Values.credentials }} + credentials: + templates: + {{- range $key, $value := .Values.credentials }} + - name: {{ $key }} + template: {{ $value }} + secret: true + {{- end }} + {{- end }} diff --git a/releases.yaml b/releases.yaml index 9860b3a..9ea207e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -235,6 +235,7 @@ templates: chart: woodpecker/woodpecker version: 1.0.1 inherit: + - template: ext-database - template: default-env-values - template: default-env-secrets - template: ext-istio-resource -- 2.49.0 From 94f81a9213f8f8be40d2bcd67d94d75b48c83da7 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:11:02 +0100 Subject: [PATCH 097/164] Remove a strnage file --- ;wq | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 ;wq diff --git a/;wq b/;wq deleted file mode 100644 index 3ba430b..0000000 --- a/;wq +++ /dev/null @@ -1,19 +0,0 @@ ---- -ext-database: - templates: - - | - --- - apiVersion: kinda.rocks/v1beta1 - kind: Database - metadata: - name: "{{ .Values.name }}" - spec: - secretName: "{{ .Values.name }}-creds" - instance: "{{ .Values.instance }}" - deletionProtected: false - backup: - enable: false - cron: 0 0 * * * - {{ if .Values.templates }} - check: check - {{- end }} -- 2.49.0 From cb7188064ac4453b50244ad65f659d7788cd381f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 8 Dec 2023 14:12:48 +0100 Subject: [PATCH 098/164] Setup check-da-helm --- .woodpecker/{.cdh.yml.back => .cdh.yml} | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) rename .woodpecker/{.cdh.yml.back => .cdh.yml} (64%) diff --git a/.woodpecker/.cdh.yml.back b/.woodpecker/.cdh.yml similarity index 64% rename from .woodpecker/.cdh.yml.back rename to .woodpecker/.cdh.yml index 89050ab..8298b38 100644 --- a/.woodpecker/.cdh.yml.back +++ b/.woodpecker/.cdh.yml @@ -2,8 +2,8 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - event: push - # cron: nightly + - event: cron + cron: nightly steps: check badhouseplants: image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable @@ -12,20 +12,23 @@ steps: environment: RUST_LOG: info commands: - - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl - - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl + - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html notification: image: deblan/woodpecker-email settings: - from.address: woody@badhouseplants.net - from.name: Woody Woodpecker + from: woody@badhouseplants.net host: badhouseplants.net + skip_verify: true + no_starttls: false username: from_secret: smtp_username password: from_secret: smtp_password recipients: + - allanger@badhouseplants.net subject: CDH result target: main + recipients_only: true + attachment: result.html when: - status: [success, failure] -- 2.49.0 From 7365a42479ec6a938ad33e17b15e817b74961fb4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 9 Dec 2023 22:45:00 +0100 Subject: [PATCH 099/164] Udpate outdatec chart --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index 9ea207e..2306689 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.0.0 + version: 55.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.39.0 + version: 5.40.1 inherit: - template: monitoring-common - template: default-env-values @@ -243,7 +243,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.21 + version: 18.1.23 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From b675368776e51348fca355eed362c3439932b8bf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 10 Dec 2023 08:50:51 +0100 Subject: [PATCH 100/164] Update retention config for Prometheus --- badhouseplants/values/values.prometheus.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 712e0d7..1a78e62 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -64,7 +64,8 @@ defaultRules: prometheus: prometheusSpec: enableAdminAPI: true - retentionSize: 10GB + retentionSize: 7GB + retention: 20d podMonitorNamespaceSelector: any: true podMonitorSelector: {} -- 2.49.0 From a4a64011e339ed260a6ce66bba79e85a6d1cf000 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 10 Dec 2023 22:25:20 +0100 Subject: [PATCH 101/164] Increase Prometheus storage --- badhouseplants/values/values.prometheus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index 1a78e62..cc03d42 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -84,7 +84,7 @@ prometheus: accessModes: ["ReadWriteOnce"] resources: requests: - storage: 10Gi + storage: 12Gi grafana: persistence: -- 2.49.0 From f9c8716904593b7d6c5cc266c9bc1b4abbb7e88e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:45:43 +0100 Subject: [PATCH 102/164] Use custom woodpecker image --- badhouseplants/values/values.woodpecker-ci.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 5fa52b5..043e5b4 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -33,6 +33,15 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: + image: + # -- The image registry + registry: git.badhouseplants.net + # -- The image repository + repository: allanger/woodpecker-agent + # -- The pull policy for the image + pullPolicy: Always + # -- Overrides the image tag whose default is the chart appVersion. + tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.49.0 From 31da33b9d97f34fefbcf0ae429520462e7dda70e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:47:00 +0100 Subject: [PATCH 103/164] Update releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 2306689..4c4004f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -107,7 +107,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.2 + version: 1.13.3 set: - name: installCRDs value: true @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.1.0 + version: 55.3.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.40.1 + version: 5.41.1 inherit: - template: monitoring-common - template: default-env-values @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.0 + version: 1.20.1 istio-base: &istio-base name: istio-base @@ -243,7 +243,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.23 + version: 18.1.24 inherit: - template: default-env-values - template: default-env-secrets @@ -281,7 +281,7 @@ templates: funkwhale: &funkwhale name: funkwhale chart: ananace-charts/funkwhale - version: 2.0.4 + version: 2.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -300,7 +300,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.4.0 + version: 18.5.0 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +316,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.13.1 + version: 1.14.0 db-instances: &db-instances name: db-instances -- 2.49.0 From 04534d43d7db3c1fffd2b9a0bd4e656dd4898035 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 13 Dec 2023 09:55:58 +0100 Subject: [PATCH 104/164] Update db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 4c4004f..7c673c6 100644 --- a/releases.yaml +++ b/releases.yaml @@ -316,7 +316,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.14.0 + version: 1.14.1 db-instances: &db-instances name: db-instances -- 2.49.0 From 91dfbedf64e9d55bc350d848550475d18c062654 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 14 Dec 2023 20:16:09 +0100 Subject: [PATCH 105/164] Switch to woodpecker dev --- badhouseplants/values/values.woodpecker-ci.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 043e5b4..4dd3ab4 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,6 +18,11 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + image: + registry: git.badhouseplants.net + repository: allanger/woodpecker-server + pullPolicy: Always + tag: fix-error enabled: true env: WOODPECKER_GITEA: true @@ -33,14 +38,10 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - # -- The image registry + image: registry: git.badhouseplants.net - # -- The image repository repository: allanger/woodpecker-agent - # -- The pull policy for the image pullPolicy: Always - # -- Overrides the image tag whose default is the chart appVersion. tag: dev enabled: true extraSecretNamesForEnvFrom: [] -- 2.49.0 From e2b0647c9453ae1e8481b4d74a30c0615f83934a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Dec 2023 16:26:11 +0100 Subject: [PATCH 106/164] Use official woodpecker images --- .../values/values.woodpecker-ci.yaml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 4dd3ab4..6d29890 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,11 +18,11 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-server - pullPolicy: Always - tag: fix-error + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-server + # pullPolicy: Always + # tag: icon enabled: true env: WOODPECKER_GITEA: true @@ -38,11 +38,11 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-agent - pullPolicy: Always - tag: dev + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-agent + # pullPolicy: Always + # tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.49.0 From 1ddab7a67f6383a31d0d6c5aea4a454800f2cd66 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Dec 2023 14:48:53 +0100 Subject: [PATCH 107/164] Install reflector --- helmfile.yaml | 5 +++++ releases.yaml | 5 +++++ repositories.yaml | 5 ++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/helmfile.yaml b/helmfile.yaml index 738d891..97375c2 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,5 +46,10 @@ releases: namespace: metallb-system createNamespace: true + - <<: *reflector + installed: true + namespace: reflector-system + createNamespace: true + helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/releases.yaml b/releases.yaml index 7c673c6..ada37fc 100644 --- a/releases.yaml +++ b/releases.yaml @@ -352,3 +352,8 @@ templates: - template: default-env-secrets - template: ext-istio-resource - template: ext-database + + reflector: &reflector + name: reflector + chart: emberstack/reflector + version: 7.1.216 diff --git a/repositories.yaml b/repositories.yaml index 0d52f2e..6c63ec0 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -1,4 +1,3 @@ ---- repositories: - name: metrics-server url: https://kubernetes-sigs.github.io/metrics-server/ @@ -40,3 +39,7 @@ repositories: url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker url: https://woodpecker-ci.org + - name: firefly-iii + url: https://firefly-iii.github.io/kubernetes/ + - name: emberstack + url: https://emberstack.github.io/helm-charts -- 2.49.0 From fb8a6f55f35f373f28db5d783626eb92fac6df3e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Dec 2023 15:09:37 +0100 Subject: [PATCH 108/164] Start using reflector with Redis --- badhouseplants/values/values.redis.yaml | 6 +++++- releases.yaml | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/badhouseplants/values/values.redis.yaml b/badhouseplants/values/values.redis.yaml index b27501d..77d5357 100644 --- a/badhouseplants/values/values.redis.yaml +++ b/badhouseplants/values/values.redis.yaml @@ -1,7 +1,11 @@ metrics: enabled: false +secretAnnotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application" architecture: standalone master: persistence: - enabled: false \ No newline at end of file + enabled: false diff --git a/releases.yaml b/releases.yaml index ada37fc..0cca357 100644 --- a/releases.yaml +++ b/releases.yaml @@ -354,6 +354,6 @@ templates: - template: ext-database reflector: &reflector - name: reflector - chart: emberstack/reflector - version: 7.1.216 + name: reflector + chart: emberstack/reflector + version: 7.1.216 -- 2.49.0 From 1a7066aa7d2ec208fafe7c3cff01ef07c8c6a620 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 25 Dec 2023 20:45:10 +0100 Subject: [PATCH 109/164] Update smtp password in vaultwarden --- badhouseplants/values/secrets.vaultwarden.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml index 9c2e617..8d2d9a3 100644 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -2,7 +2,7 @@ vaultwarden: smtp: username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] password: - value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str] + value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] adminToken: value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] sops: @@ -20,8 +20,8 @@ sops: U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-20T07:01:25Z" - mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str] + lastmodified: "2023-12-25T19:33:37Z" + mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- 2.49.0 From e54ea10a1331a1d9fe27c6198907d71732134f80 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Dec 2023 13:21:09 +0100 Subject: [PATCH 110/164] Use dev woodpecker image --- badhouseplants/values/values.woodpecker-ci.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 6d29890..492d05c 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -38,11 +38,11 @@ server: extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - #image: - # registry: git.badhouseplants.net - # repository: allanger/woodpecker-agent - # pullPolicy: Always - # tag: dev + image: + registry: git.badhouseplants.net + repository: allanger/woodpecker-agent + pullPolicy: Always + tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: -- 2.49.0 From afed983626c6f2481ab803caa64d62e5ee1f3433 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Jan 2024 13:50:42 +0100 Subject: [PATCH 111/164] Update OpenVPN --- badhouseplants/helmfile.yaml | 5 +++ ...s.openvpn.yaml => values.openvpn-xor.yaml} | 7 ++-- .../values/values.woodpecker-ci.yaml | 12 +++---- etersoft/helmfile.yaml | 5 +++ helmfile.yaml | 5 --- releases.yaml | 34 ++++++++++++------- 6 files changed, 40 insertions(+), 28 deletions(-) rename badhouseplants/values/{values.openvpn.yaml => values.openvpn-xor.yaml} (88%) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 450d7b0..ebb0e1f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -107,6 +107,11 @@ releases: namespace: woodpecker-ci createNamespace: true + - <<: *openvpn-xor + installed: true + namespace: openvpn-service + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.openvpn.yaml b/badhouseplants/values/values.openvpn-xor.yaml similarity index 88% rename from badhouseplants/values/values.openvpn.yaml rename to badhouseplants/values/values.openvpn-xor.yaml index 073bdfa..0f4c96c 100644 --- a/badhouseplants/values/values.openvpn.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -6,16 +6,14 @@ istio: enabled: true istio: - - name: openvpn-tcp + - name: openvpn-tcp-xor gateway: istio-system/badhouseplants-vpn kind: tcp port_match: 1194 hostname: "*" - service: openvpn + service: openvpn-xor port: 1194 # ------------------------------------------ -image: - tag: v2.6.5-xor-4.0.0beta08 storage: class: longhorn size: 512Mi @@ -23,6 +21,7 @@ storage: openvpn: proto: tcp host: 195.201.250.50 + easyrsa: cn: Bad Houseplants country: Germany diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 492d05c..ffd1564 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -35,14 +35,14 @@ server: WOODPECKER_ESCALATE: true WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath - extraSecretNamesForEnvFrom: + extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: - image: - registry: git.badhouseplants.net - repository: allanger/woodpecker-agent - pullPolicy: Always - tag: dev + #image: + # registry: git.badhouseplants.net + # repository: allanger/woodpecker-agent + # pullPolicy: Always + # tag: dev enabled: true extraSecretNamesForEnvFrom: [] env: diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index af38673..319da69 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,4 +1,9 @@ --- +releases: + - <<: *openvpn + installed: true + namespace: openvpn-service + createNamespace: false bases: - ../environments.yaml diff --git a/helmfile.yaml b/helmfile.yaml index 97375c2..06da863 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -36,11 +36,6 @@ releases: namespace: minio-service createNamespace: false - - <<: *openvpn - installed: true - namespace: openvpn-service - createNamespace: false - - <<: *metallb installed: true namespace: metallb-system diff --git a/releases.yaml b/releases.yaml index 0cca357..fe607c5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.51.6 + version: 5.52.0 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.3.1 + version: 55.5.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.1 + version: 5.41.4 inherit: - template: monitoring-common - template: default-env-values @@ -198,10 +198,18 @@ templates: # ---------------------------- # -- Applications # ---------------------------- + openvpn-xor: &openvpn-xor + name: openvpn-xor + chart: allanger-gitea/openvpn-xor + version: 1.1.0 + inherit: + - template: default-env-values + - template: ext-istio-resource + openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.7 + version: 1.0.8 inherit: - template: default-env-values - template: ext-istio-resource @@ -233,7 +241,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.1 + version: 1.0.3 inherit: - template: ext-database - template: default-env-values @@ -243,7 +251,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 18.1.24 + version: 19.0.4 inherit: - template: default-env-values - template: default-env-secrets @@ -262,7 +270,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.12.0 + version: 4.14.0 inherit: - template: default-env-values - template: default-env-secrets @@ -271,7 +279,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 9.6.1 + version: 10.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -300,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.5.0 + version: 18.6.1 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.24 + version: 13.2.27 inherit: - template: default-env-values - template: default-env-secrets @@ -316,12 +324,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.14.1 + version: 1.16.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.1.1 + version: 2.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -329,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.14.4 + version: 9.16.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 106c701ce1a758beb742154c2a4a2c65513bc3e4 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Jan 2024 13:56:35 +0100 Subject: [PATCH 112/164] Fix etersoft cluster's config --- etersoft/helmfile.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 319da69..a051a53 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -1,4 +1,6 @@ --- +{{ readFile "../releases.yaml" }} + releases: - <<: *openvpn installed: true -- 2.49.0 From af37b8011bcd022bca25b0f1eb31da1e3bf97e52 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 11:11:24 +0100 Subject: [PATCH 113/164] Update db-oeprator version --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index fe607c5..c240569 100644 --- a/releases.yaml +++ b/releases.yaml @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.0 + version: 1.16.1 db-instances: &db-instances name: db-instances -- 2.49.0 From 41ff1dadbfa3f672b1da6242c0d021c02a36722e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 14:55:12 +0100 Subject: [PATCH 114/164] Upgrade vaultwarden --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index c240569..86a98af 100644 --- a/releases.yaml +++ b/releases.yaml @@ -353,8 +353,8 @@ templates: vaultwarden: &vaultwarden name: vaultwarden - chart: badhouseplants/vaultwarden - version: 1.0.0 + chart: allanger-gitea/vaultwarden + version: 1.1.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 18b8a3ec56b13a2a8ae2b9a1608b35e641d204ff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 3 Jan 2024 21:01:47 +0100 Subject: [PATCH 115/164] Upgrade db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 86a98af..1c9977e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -324,7 +324,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.1 + version: 1.16.2 db-instances: &db-instances name: db-instances -- 2.49.0 From aa101786e01d6d97825b098b8f1060718f39b70e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 4 Jan 2024 11:19:28 +0100 Subject: [PATCH 116/164] Enable storage for Vaultwarden --- badhouseplants/values/values.vaultwarden.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index b2bd5a3..ea33706 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -53,9 +53,9 @@ vaultwarden: connectionRetries: 15 maxConnections: 10 storage: - enabled: false + enabled: true size: 1Gi - class: default + class: longhorn dataDir: /data logging: enabled: false -- 2.49.0 From dd6db7b7cdfb65a4ad00ab99214c60ea1b28e258 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 05:03:34 +0100 Subject: [PATCH 117/164] Update releases --- releases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/releases.yaml b/releases.yaml index 1c9977e..5630ac5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -121,7 +121,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.52.0 + version: 5.52.1 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.5.1 + version: 55.6.0 inherit: - template: monitoring-common - template: default-env-values @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.1 + version: 18.6.2 inherit: - template: default-env-values - template: default-env-secrets @@ -364,4 +364,4 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.216 + version: 7.1.218 -- 2.49.0 From 5236fd1cd72d517166aef65e009cbcbac80096dd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 06:29:15 +0100 Subject: [PATCH 118/164] Update releases --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 5630ac5..b13dd22 100644 --- a/releases.yaml +++ b/releases.yaml @@ -364,4 +364,4 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.218 + version: 7.1.238 -- 2.49.0 From 5b7fd5117ede2df8e7a606b23926d7fe4b1f2c6c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 21:16:12 +0100 Subject: [PATCH 119/164] Install Tandoor --- badhouseplants/helmfile.yaml | 5 ++ badhouseplants/values/secrets.tandoor.yaml | 22 +++++++++ badhouseplants/values/values.tandoor.yaml | 55 ++++++++++++++++++++++ releases.yaml | 10 ++++ repositories.yaml | 2 + 5 files changed, 94 insertions(+) create mode 100644 badhouseplants/values/secrets.tandoor.yaml create mode 100644 badhouseplants/values/values.tandoor.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index ebb0e1f..92e05f1 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -112,6 +112,11 @@ releases: namespace: openvpn-service createNamespace: false + - <<: *tandoor + installed: true + namespace: tandoor-application + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.tandoor.yaml b/badhouseplants/values/secrets.tandoor.yaml new file mode 100644 index 0000000..65d3703 --- /dev/null +++ b/badhouseplants/values/secrets.tandoor.yaml @@ -0,0 +1,22 @@ +env: + SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB + d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV + YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM + NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz + qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-06T15:16:21Z" + mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.tandoor.yaml b/badhouseplants/values/values.tandoor.yaml new file mode 100644 index 0000000..c30f79e --- /dev/null +++ b/badhouseplants/values/values.tandoor.yaml @@ -0,0 +1,55 @@ +istio: + enabled: true + istio: + - name: tandoor-http + gateway: istio-system/badhouseplants-net + kind: http + hostname: tandoor.badhouseplants.net + service: tandoor + port: 8080 + +ext-database: + enabled: true + name: tandoor-postgres16 + instance: postgres16 + credentials: + POSTGRES_HOST: |- + "{{ .Hostname }}" + POSTGRES_PORT: |- + "{{ .Port }}" + +envFrom: + - secretRef: + name: tandoor-postgres16-creds +env: + TZ: UTC + DB_ENGINE: django.db.backends.postgresql + EMAIL_HOST: badhouseplants.net + EMAIL_PORT: 587 + EMAIL_HOST_USER: overlord@badhouseplants.net + EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g + EMAIL_USE_TLS: 1 + EMAIL_USE_SSL: 0 + DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net +persistence: + config: + enabled: true + retain: true + storageClass: longhorn + accessMode: ReadWriteOnce + size: 1Gi + media: + enabled: true + mountPath: /opt/recipes/mediafiles + retain: true + storageClass: longhorn + accessMode: ReadWriteOnce + size: 1Gi + static: + enabled: true + type: emptyDir + mountPath: /opt/recipes/staticfiles + django-js-reverse: + enabled: true + type: emptyDir + mountPath: /opt/recipes/cookbook/static/django_js_reverse diff --git a/releases.yaml b/releases.yaml index b13dd22..cc62771 100644 --- a/releases.yaml +++ b/releases.yaml @@ -365,3 +365,13 @@ templates: name: reflector chart: emberstack/reflector version: 7.1.238 + + tandoor: &tandoor + name: tandoor + chart: gabe565/tandoor + version: 0.8.11 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-database diff --git a/repositories.yaml b/repositories.yaml index 6c63ec0..1026e58 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -43,3 +43,5 @@ repositories: url: https://firefly-iii.github.io/kubernetes/ - name: emberstack url: https://emberstack.github.io/helm-charts + - name: gabe565 + url: https://charts.gabe565.com -- 2.49.0 From 2c33823d906c95078709170272af8fee3ae7d539 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 6 Jan 2024 21:29:25 +0100 Subject: [PATCH 120/164] Use longhorn for vaultwarden --- badhouseplants/values/values.vaultwarden.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index ea33706..b4afad8 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -20,7 +20,7 @@ ext-database: enabled: true name: vaultwarden-postgres16 instance: postgres16 -service: +service: port: 8080 vaultwarden: smtp: -- 2.49.0 From 238231bdc89f9af22d2f51d2b6b3f8f95aa0199f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 11 Jan 2024 04:37:37 +0100 Subject: [PATCH 121/164] Update release --- releases.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/releases.yaml b/releases.yaml index cc62771..ccb1d8b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -134,7 +134,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.6.0 + version: 55.7.0 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +145,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.4 + version: 5.41.5 inherit: - template: monitoring-common - template: default-env-values @@ -163,7 +163,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.1 + version: 1.20.2 istio-base: &istio-base name: istio-base @@ -308,7 +308,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.2 + version: 18.6.3 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.27 + version: 13.2.28 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 0f533964eadb347f7cc54ad91d96312ba196fddf Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Jan 2024 11:57:09 +0100 Subject: [PATCH 122/164] Some updates --- .../values/values.istio-ingressgateway.yaml | 4 ---- manifests/debug/metallb/deployment.yaml | 19 +++++++++++++++++++ manifests/debug/metallb/service.yaml | 11 +++++++++++ releases.yaml | 4 ++-- repositories.yaml | 4 ++-- 5 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 manifests/debug/metallb/deployment.yaml create mode 100644 manifests/debug/metallb/service.yaml diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index a5d2656..e37b970 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -21,10 +21,6 @@ service: port: 1194 protocol: TCP targetPort: 1194 - - name: tcp - port: 25 - protocol: TCP - targetPort: 25 # ----------- # -- Email # ----------- diff --git a/manifests/debug/metallb/deployment.yaml b/manifests/debug/metallb/deployment.yaml new file mode 100644 index 0000000..1ad28b5 --- /dev/null +++ b/manifests/debug/metallb/deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + selector: + matchLabels: + app: nginx + replicas: 2 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ports: + - containerPort: 80 diff --git a/manifests/debug/metallb/service.yaml b/manifests/debug/metallb/service.yaml new file mode 100644 index 0000000..041fc06 --- /dev/null +++ b/manifests/debug/metallb/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx +spec: + selector: + app: nginx + ports: + - port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/releases.yaml b/releases.yaml index ccb1d8b..053d82e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -316,7 +316,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.2.28 + version: 13.3.1 inherit: - template: default-env-values - template: default-env-secrets @@ -337,7 +337,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.16.1 + version: 9.17.1 inherit: - template: default-env-values - template: default-env-secrets diff --git a/repositories.yaml b/repositories.yaml index 1026e58..3f5b623 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -33,8 +33,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + #- name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker -- 2.49.0 From a95c4a9406d06004a07d83f3e8c47440ff9bd209 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:35:32 +0100 Subject: [PATCH 123/164] Update the email workflow --- .woodpecker/.cdh.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index 8298b38..0fcab33 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,6 +2,7 @@ # -- Check da helm pipeline # ---------------------------------------------- when: + - push - event: cron cron: nightly steps: @@ -16,19 +17,15 @@ steps: notification: image: deblan/woodpecker-email settings: - from: woody@badhouseplants.net - host: badhouseplants.net - skip_verify: true - no_starttls: false - username: - from_secret: smtp_username - password: - from_secret: smtp_password + dsn: + from_secret: smtp_dsn + from: + address: woody@badhouseplants.net + name: Woody Woodpecker recipients: - allanger@badhouseplants.net subject: CDH result target: main - recipients_only: true attachment: result.html when: - status: [success, failure] -- 2.49.0 From 25ea4c42542fc42a415c1fcedc3bf7c39dc6041e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:36:36 +0100 Subject: [PATCH 124/164] Fix the push workflow --- .woodpecker/.cdh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index 0fcab33..b2e06e7 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,7 +2,7 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - push + - event: push - event: cron cron: nightly steps: -- 2.49.0 From 896e939c2d7e691bdb775331e1c9709ab9d48046 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 22 Jan 2024 08:49:03 +0100 Subject: [PATCH 125/164] Fix the gitea-allanger repo --- repositories.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/repositories.yaml b/repositories.yaml index 3f5b623..1026e58 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -33,8 +33,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - #- name: allanger-gitea - # url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: allanger-gitea + url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker -- 2.49.0 From 9cf8656ba56d27116742d3de7e331f574e73fd51 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 26 Jan 2024 16:53:13 +0100 Subject: [PATCH 126/164] Fix the cluster --- badhouseplants/values/secrets.funkwhale.yaml | 22 +++---- badhouseplants/values/secrets.gitea.yaml | 36 +++++------ badhouseplants/values/values.loki.yaml | 2 + badhouseplants/values/values.longhorn.yaml | 7 ++- .../values/values.woodpecker-ci.yaml | 3 +- system/charts/namespaces/chart/.helmignore | 23 +++++++ system/charts/namespaces/chart/Chart.yaml | 24 +++++++ .../namespaces/chart/templates/_helpers.tpl | 43 +++++++++++++ .../chart/templates/namespaces.yaml | 18 ++++++ system/charts/namespaces/chart/values.yaml | 20 ++++++ .../namespaces/kustomize/flux-system.yml | 6 ++ .../namespaces/kustomize/giantswarm-flux.yml | 6 ++ .../namespaces/kustomize/giantswarm.yml | 6 ++ .../namespaces/kustomize/kustomization.yaml | 5 ++ .../namespaces/kustomize/monitoring.yml | 6 ++ .../namespaces/kustomize/org-giantswarm.yml | 6 ++ system/charts/root/.helmignore | 23 +++++++ system/charts/root/Chart.yaml | 6 ++ system/charts/root/templates/_helpers.tpl | 62 +++++++++++++++++++ system/charts/root/templates/root.yaml | 25 ++++++++ system/charts/root/templates/self.yaml | 25 ++++++++ system/charts/root/values.yaml | 5 ++ system/helmfile.yaml | 51 +++++++++++++++ system/values/calico.yaml | 12 ++++ system/values/cilium.yaml | 11 ++++ system/values/coredns.yaml | 32 ++++++++++ system/values/namespaces.yaml | 22 +++++++ 27 files changed, 473 insertions(+), 34 deletions(-) create mode 100644 system/charts/namespaces/chart/.helmignore create mode 100644 system/charts/namespaces/chart/Chart.yaml create mode 100644 system/charts/namespaces/chart/templates/_helpers.tpl create mode 100644 system/charts/namespaces/chart/templates/namespaces.yaml create mode 100644 system/charts/namespaces/chart/values.yaml create mode 100644 system/charts/namespaces/kustomize/flux-system.yml create mode 100644 system/charts/namespaces/kustomize/giantswarm-flux.yml create mode 100644 system/charts/namespaces/kustomize/giantswarm.yml create mode 100644 system/charts/namespaces/kustomize/kustomization.yaml create mode 100644 system/charts/namespaces/kustomize/monitoring.yml create mode 100644 system/charts/namespaces/kustomize/org-giantswarm.yml create mode 100644 system/charts/root/.helmignore create mode 100644 system/charts/root/Chart.yaml create mode 100644 system/charts/root/templates/_helpers.tpl create mode 100644 system/charts/root/templates/root.yaml create mode 100644 system/charts/root/templates/self.yaml create mode 100644 system/charts/root/values.yaml create mode 100644 system/helmfile.yaml create mode 100644 system/values/calico.yaml create mode 100644 system/values/cilium.yaml create mode 100644 system/values/coredns.yaml create mode 100644 system/values/namespaces.yaml diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 1730f80..ff593f1 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str] +djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str] + password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str] redis: auth: - password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str] + password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw - TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL - VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y - dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA - GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG + MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ + WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3 + S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX + E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T18:47:37Z" - mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str] + lastmodified: "2024-01-26T15:39:00Z" + mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 6d28634..84af601 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] - password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str] + username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str] + password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str] + PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str] + PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str] cache: - HOST: ENC[AES256_GCM,data:UI4Dgb4qajStyDcpuJaoJTaTo3vowWQw272Y4C5q3DuV9DarChv4Qvxh9ZJwYsPSgO9G/3eI+mLldipW98HLfATMCHR+DicM7ymI0nGwxeliyj7sOVGFS2dU4zF1kNyhFCqrjMfQzTRQbfOTiB+QyfhluMfrDbOjOAAuLlsdWQ==,iv:WOlGAxAtIS12vCGIUmxMhO3UIsoUuD3xluZbBThugW4=,tag:Y0Amh1HEtYcg+9JvROM1eQ==,type:str] + HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:kpqTpJVI/8790Ho2/U8YTC2Sc/d7v8mc33PsG7vNO52d9vMCOgsb+GQldWlfMPdf1H09axJxdFc5SIvsWWD8FoaXvtktlz4yk6fL9YxEXnkpn72VSiNe+ajUu6diP4gYWw2cUhyKt3ss/Gx70bKMEyE5g/ecZG3S+NZPFxPSTw==,iv:T69ou0uBg5CrseI0VwB2sSKRDknXrlUVPb/igGI/1H0=,tag:Y42Wa4QVt8k6AmhDC5bOAg==,type:str] + CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str] oauth: - - name: ENC[AES256_GCM,data:iR9QX2Si,iv:B+4ixm+dOwAnXFCYq2BnExnfVDGooonBCiHpyxfkLP0=,tag:r7CZbpL9uQ1QjAFNiFfOsw==,type:str] - provider: ENC[AES256_GCM,data:byE4rELH,iv:lcvbNSZMD9EMA4CmJF2mvN33a5fmXWzP4++PnNPK+fg=,tag:2wfHrpp/bJJOImBq5ULzqw==,type:str] - key: ENC[AES256_GCM,data:hiIl59SdN8usULpHhPX8XhMckZI=,iv:8aycsJVxbyK+Rlor8AsYKb6xjjSaS9Y5pRC/hoHzuKs=,tag:tBhMPj+AF86TaLkxF0+6Og==,type:str] - secret: ENC[AES256_GCM,data:JfoXbQW4G3QdDsb4WxbMOIBvsEVYXsdK06s2TLO6ojtgprYUb0ZKHA==,iv:n1SYPP3tnUCNuKET0PS9kIHcRSDMDqWtysjwbSI8O3A=,tag:EJ3gKUsCG9O218yS0sw9EA==,type:str] + - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str] + provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str] + key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str] + secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94 - QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu - LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4 - Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN - WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6 + VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv + MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu + YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns + xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-15T09:58:05Z" - mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str] + lastmodified: "2024-01-26T15:39:40Z" + mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index 76f2f8f..f3a74e8 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,4 +1,6 @@ --- +global: + dnsService: "coredns" singleBinary: replicas: 1 persistence: diff --git a/badhouseplants/values/values.longhorn.yaml b/badhouseplants/values/values.longhorn.yaml index 078e6ab..eb7bfe5 100644 --- a/badhouseplants/values/values.longhorn.yaml +++ b/badhouseplants/values/values.longhorn.yaml @@ -1,13 +1,14 @@ defaultSettings: - backupTarget: s3://longhorn@us-east1/backupstore + backupTarget: s3://longhorn@us-east1/backupstore backupTargetCredentialSecret: aws-secret guaranteedEngineManagerCPU: 6 guaranteedReplicaManagerCPU: 6 storageOverProvisioningPercentage: 300 storageMinimalAvailablePercentage: 5 - defaultDataPath: /media-longhorn + storageReservedPercentageForDefaultDisk: 1 + defaultDataPath: /media/longhorn csi: - kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet + kubeletRootDir: /var/lib/kubelet/ persistence: defaultClassReplicaCount: 1 enablePSP: false diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index ffd1564..202daca 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -34,7 +34,6 @@ server: WOODPECKER_HOST: "https://ci.badhouseplants.net" WOODPECKER_ESCALATE: true WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath extraSecretNamesForEnvFrom: - woodpecker-postgres16-creds agent: @@ -49,7 +48,7 @@ agent: WOODPECKER_SERVER: woodpecker-ci-server:9000 WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 3Gi WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker-ci - WOODPECKER_BACKEND_K8S_STORAGE_CLASS: microk8s-hostpath + WOODPECKER_BACKEND_K8S_STORAGE_CLASS: longhorn serviceAccount: create: true rbac: diff --git a/system/charts/namespaces/chart/.helmignore b/system/charts/namespaces/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/namespaces/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/namespaces/chart/Chart.yaml b/system/charts/namespaces/chart/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/system/charts/namespaces/chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/system/charts/namespaces/chart/templates/_helpers.tpl b/system/charts/namespaces/chart/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/system/charts/namespaces/chart/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/system/charts/namespaces/chart/templates/namespaces.yaml b/system/charts/namespaces/chart/templates/namespaces.yaml new file mode 100644 index 0000000..dc2bd62 --- /dev/null +++ b/system/charts/namespaces/chart/templates/namespaces.yaml @@ -0,0 +1,18 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $ns.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/system/charts/namespaces/chart/values.yaml b/system/charts/namespaces/chart/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/system/charts/namespaces/chart/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/system/charts/namespaces/kustomize/flux-system.yml b/system/charts/namespaces/kustomize/flux-system.yml new file mode 100644 index 0000000..f44f3af --- /dev/null +++ b/system/charts/namespaces/kustomize/flux-system.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + name: flux-system diff --git a/system/charts/namespaces/kustomize/giantswarm-flux.yml b/system/charts/namespaces/kustomize/giantswarm-flux.yml new file mode 100644 index 0000000..bd0e121 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm-flux.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm-flux + labels: + name: giantswarm-flux diff --git a/system/charts/namespaces/kustomize/giantswarm.yml b/system/charts/namespaces/kustomize/giantswarm.yml new file mode 100644 index 0000000..31e7916 --- /dev/null +++ b/system/charts/namespaces/kustomize/giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm + labels: + name: giantswarm diff --git a/system/charts/namespaces/kustomize/kustomization.yaml b/system/charts/namespaces/kustomize/kustomization.yaml new file mode 100644 index 0000000..8159198 --- /dev/null +++ b/system/charts/namespaces/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ./giantswarm-flux.yml + - ./giantswarm.yml + - ./monitoring.yml + - ./org-giantswarm.yml diff --git a/system/charts/namespaces/kustomize/monitoring.yml b/system/charts/namespaces/kustomize/monitoring.yml new file mode 100644 index 0000000..90d12ef --- /dev/null +++ b/system/charts/namespaces/kustomize/monitoring.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + name: monitoring diff --git a/system/charts/namespaces/kustomize/org-giantswarm.yml b/system/charts/namespaces/kustomize/org-giantswarm.yml new file mode 100644 index 0000000..f27e8c4 --- /dev/null +++ b/system/charts/namespaces/kustomize/org-giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: org-giantswarm + labels: + name: org-giantswarm diff --git a/system/charts/root/.helmignore b/system/charts/root/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/system/charts/root/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/system/charts/root/Chart.yaml b/system/charts/root/Chart.yaml new file mode 100644 index 0000000..59e507d --- /dev/null +++ b/system/charts/root/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: root +description: A Helm chart for Kubernetes +type: application +version: 0.1.5 +appVersion: "1.16.0" diff --git a/system/charts/root/templates/_helpers.tpl b/system/charts/root/templates/_helpers.tpl new file mode 100644 index 0000000..8a3cc9a --- /dev/null +++ b/system/charts/root/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "root.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "root.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "root.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "root.labels" -}} +helm.sh/chart: {{ include "root.chart" . }} +{{ include "root.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "root.selectorLabels" -}} +app.kubernetes.io/name: {{ include "root.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "root.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/system/charts/root/templates/root.yaml b/system/charts/root/templates/root.yaml new file mode 100644 index 0000000..f542187 --- /dev/null +++ b/system/charts/root/templates/root.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root +spec: + interval: 30s + url: {{ .Values.url }} + ref: + branch: {{ .Values.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/templates/self.yaml b/system/charts/root/templates/self.yaml new file mode 100644 index 0000000..0ddb8de --- /dev/null +++ b/system/charts/root/templates/self.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root-self +spec: + interval: 30s + url: {{ .Values.self.url }} + ref: + branch: {{ .Values.self.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root-self +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root-self + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/system/charts/root/values.yaml b/system/charts/root/values.yaml new file mode 100644 index 0000000..51850fa --- /dev/null +++ b/system/charts/root/values.yaml @@ -0,0 +1,5 @@ +url: https://git.badhouseplants.net/giantswarm/cluster-example.git +branch: main +self: + url: git@git.badhouseplants.net:giantswarm/root-config.git + branch: master diff --git a/system/helmfile.yaml b/system/helmfile.yaml new file mode 100644 index 0000000..7cc46e6 --- /dev/null +++ b/system/helmfile.yaml @@ -0,0 +1,51 @@ +repositories: + - name: projectcalico + url: https://docs.tigera.io/calico/charts + - name: coredns + url: https://coredns.github.io/helm + - name: flannel + url: https://flannel-io.github.io/flannel/ + - name: cilium + url: https://helm.cilium.io/ + - name: hcloud + url: https://charts.hetzner.cloud + +releases: + - name: namespaces + chart: ./charts/namespaces/chart + namespace: kube-public + createNamespace: false + values: + - ./values/namespaces.yaml + + - name: hccm + chart: hcloud/hcloud-cloud-controller-manager + needs: + - kube-public/namespaces + namespace: kube-system + version: 1.19.0 + installed: false + createNamespace: false + values: + - ./values/hcloud.yaml + + - name: coredns + needs: + - kube-public/namespaces + chart: coredns/coredns + installed: true + version: 1.29.0 + namespace: kube-system + values: + - ./values/coredns.yaml + + - name: cilium + chart: cilium/cilium + version: 1.14.6 + installed: true + createNamespace: false + namespace: kube-system + needs: + - kube-public/namespaces + values: + - ./values/cilium.yaml diff --git a/system/values/calico.yaml b/system/values/calico.yaml new file mode 100644 index 0000000..b47e04e --- /dev/null +++ b/system/values/calico.yaml @@ -0,0 +1,12 @@ +installation: + enabled: true + spec: + calicoNetwork: + bgp: Enabled + nodeAddressAutodetectionV4: + interface: ens11 + ipPools: + - cidr: 10.50.0.0/16 + encapsulation: VXLANCrossSubnet + natOutgoing: Enabled + nodeSelector: all() diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml new file mode 100644 index 0000000..e0f0670 --- /dev/null +++ b/system/values/cilium.yaml @@ -0,0 +1,11 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +policyEnforcementMode: never +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"] diff --git a/system/values/coredns.yaml b/system/values/coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/system/values/coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml new file mode 100644 index 0000000..d303607 --- /dev/null +++ b/system/values/namespaces.yaml @@ -0,0 +1,22 @@ +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main -- 2.49.0 From 9c7e44e757f9ddc4c369ab113b463b1c59000b6f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 4 Feb 2024 09:31:09 +0100 Subject: [PATCH 127/164] Sync after the disaster recovery --- badhouseplants/helmfile.yaml | 24 ++-- badhouseplants/values/secrets.funkwhale.yaml | 20 +-- badhouseplants/values/secrets.gitea.yaml | 36 ++--- badhouseplants/values/secrets.mailu.yaml | 38 ++--- .../values/secrets.vaultwarden.yaml | 20 +-- badhouseplants/values/values.argocd.yaml | 1 + badhouseplants/values/values.mailu.yaml | 130 +++++++++--------- badhouseplants/values/values.openvpn-xor.yaml | 2 +- common/values.database.yaml | 2 +- etersoft/helmfile.yaml | 5 + etersoft/values/secrets.postgres16.yaml | 24 ++++ etersoft/values/values.longhorn.yaml | 13 ++ etersoft/values/values.postgres16.yaml | 10 ++ helmfile.yaml | 5 + manifests/badhouseplants-ip.yaml | 2 +- manifests/debug/istio/httpbin.yaml | 63 +++++++++ manifests/debug/ubuntu.yaml | 11 ++ releases.yaml | 11 ++ repositories.yaml | 2 + system/values/cilium.yaml | 3 +- system/values/namespaces.yaml | 1 + 21 files changed, 285 insertions(+), 138 deletions(-) create mode 100644 etersoft/values/secrets.postgres16.yaml create mode 100644 etersoft/values/values.longhorn.yaml create mode 100644 etersoft/values/values.postgres16.yaml create mode 100644 manifests/debug/istio/httpbin.yaml create mode 100644 manifests/debug/ubuntu.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 92e05f1..e6c262b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,11 +12,6 @@ releases: namespace: drone-service createNamespace: false - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - - <<: *argocd installed: true namespace: argo-system @@ -87,11 +82,12 @@ releases: namespace: database-service createNamespace: true - - <<: *docker-mailserver + - <<: *woodpecker-ci installed: true - namespace: mail-service + namespace: woodpecker-ci createNamespace: true + - <<: *istio-gateway-resources installed: true namespace: istio-system @@ -102,21 +98,25 @@ releases: installed: true namespace: vaultwarden-application - - <<: *woodpecker-ci - installed: true - namespace: woodpecker-ci - createNamespace: true - - <<: *openvpn-xor installed: true namespace: openvpn-service createNamespace: false + - <<: *docker-mailserver + installed: true + namespace: mail-service + createNamespace: true + - <<: *tandoor installed: true namespace: tandoor-application createNamespace: true + - <<: *mailu + installed: true + namespace: mailu-application + createNamespace: false bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index ff593f1..2ef8cde 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:Dxn3ziYhpVIVnnIg27s=,iv:E70rvmmLgJYRzdTeIRMVnEjDs5b5WJWUrGVBFUDdpQQ=,tag:gcIDzr4qRMhlsdqIgdgIWw==,type:str] +djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:BRCvka3Fl8HLC0PzWIvibqMUOOuh4rtI,iv:a7yLJchdgzRVB76Xwd/JPC07fZYVQ1m2er2e7Dbzzm4=,tag:iPk7gZBtPGkFnncP4CjrWw==,type:str] + password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str] redis: auth: - password: ENC[AES256_GCM,data:EqYl8dDTUN1VJEHlWkrNVSISV+q8JS+GZQaMfHAC,iv:DgsM1Qx1nNrlWfuVAfYhfci1scn9J2e3Dg4tStw0O1w=,tag:N5FtGjZZOh+90OsoI8tC5Q==,type:str] + password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONityNXRmc1lMQkJETnpG - MnFXRGluaXg3NVJQZTF5YUVySTlCZWpRaEJVCnNvSGZpNXF4QlFiN2o3UHFxcHlZ - WkFxNGtyS1JqRmRiUlg2MHJwK0pPU1kKLS0tIEdVc0FWUVNKdGhZRlVXOThkVkt3 - S1ZuTURXUlJUSFhSUFFmaUtEWndzL2sKm9wB6mr7lhMQ2r1Tal2MrMM6ldDCHRuX - E0ZD3BI1LYqsej09ws4jQQXbxkd4T4rmZIsVQXjdCpjhWkyJQQOuTQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2 + NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3 + Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB + ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5 + M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-26T15:39:00Z" - mac: ENC[AES256_GCM,data:pCSh0EtSEZXVA4vGmolsF1JEIGP0EmcJR5A6Mgo9mrYf2TSc/Ks3bjR4dtjk1LM/tslAH9uaelmmmJmnN5Ku36bajJ2aawB9ubedlDz+evxA1q3mstigztrx0t6F7ghDGpCeo9eUtU2iJ4ql7jzy4GPiXPY/wrcAcFxfdBegM7g=,iv:HRG1BLjb7LoXJ0J2UUnsRbDcUtXKnNMiz6MKBb8Gv7M=,tag:nohRYRSuEGv2Iak7ycyoJg==,type:str] + lastmodified: "2024-01-31T18:41:30Z" + mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 84af601..4c1a84f 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:c8Od1TSSkzQ=,iv:sZclgFDEAdFmaiANaPxZBCNlviscfOtA/96jyG85Byg=,tag:bwshEPWLAH9R901a/+K/JQ==,type:str] - password: ENC[AES256_GCM,data:qA4vLK/rqiguNWOycqmrGuWI4kI=,iv:e5EA5gRXxFhPQJ3s3o3Ce6HyqfgQ1tU7edT3AH4cGas=,tag:uhzSvl6rGgUPQUk4hYg5cg==,type:str] + username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str] + password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:+P8jSmix/G0rTXnhu8YBqT4SFxc=,iv:phbvUWoU9Jl8dGRbksvRm/sVXuBxs/pgtBzVBN/tMeM=,tag:5nbdkXmMmUs1fRB2fiTGqQ==,type:str] + PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str] database: - PASSWD: ENC[AES256_GCM,data:mUaEZDKUkotTTuLCgXCkuCPicKMVbX4fc0g=,iv:l9NbRaVqs8t+LnHjGvq37HkXeH2a3qNLUmfDHUKD1ow=,tag:tPAfWoqe631A8ewcV0EZpQ==,type:str] + PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:ii6KD+jecDX2xVcTykniEBWnMMMNo0gJhDvC1FM3phf3Wx/fbXwvsPWImO9vUpiL1CI6qsy1F+KN1G9buZM5/NN5+Qx7etBDnF+sLML3ukzc+Mkr+aeethT+C1Ewm0ZA0gDgE+cNtKveoBZUUSNyfSikdUk0LBSM2CWSp6zqnA==,iv:VBxjIxr5sZSTg8zdgFZzebpvAoBrFLnX7at+MYxbrVw=,tag:C71bZegTqMl9rRsqhU63Zw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str] cache: - HOST: ENC[AES256_GCM,data:6qFL61t1IvG/FNdDKsCllej9isQw4J8wzxlZjPvtkJ3LcGnQ7EbKZTdVCvItjAtFtNo+XDnq28l9NKK58oRPV7eS/Lm/6Prc0c2E01wUagd26QPju2m+606R+b5p+IpRFbd+LRf4vwMT3XWjkVbO2+YnjIw/Pq8atj2KILx9vg==,iv:WdMji2//rlZm1YZuuD7cKnOlzJVKdIMF2lpoUHbVo7Y=,tag:L8cYJQSeRN1C7bnCLe14FA==,type:str] + HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:+kOSWTcpxBAzz4QPdfppjKNKcDpEcUnVBEKBW4v/tMeRc6TFdkcyHhphtHSaR3EJaSNQ83/rW2u87CNulvAAtTXz0ZvASpLagw8E1WpwlCXbSAhz1L08AdInlUyLXKTHtLJTCMre5RsMhOLwgaWiKAt+TgGxG4OsMMAFJjHApg==,iv:f4KXFD03Pv5XTt+6QrUJYFHNdGll70TJOgTUjt6/JWU=,tag:KstJUrdn3M/hnUvoH4mjnA==,type:str] + CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str] oauth: - - name: ENC[AES256_GCM,data:rsWPcjVh,iv:uMBx+GB4t6Pe7RhfIOUmUeCkt4j780diVVdN2bFlt5A=,tag:gKXxRXBm6PqqVARYGSwx+g==,type:str] - provider: ENC[AES256_GCM,data:ZP02nHCj,iv:agSmxxWrGLTGKaiQ+G0VnygeoBc7IbbswlewaGMYRBk=,tag:1D98qTqmuG8HE3uIYGbrIA==,type:str] - key: ENC[AES256_GCM,data:MI78BJIm7izOPCqg08dilFrr7rU=,iv:7HbNh8IYWA0KhvdPoo0BLeDq4ZDkjqY3qhDtkZ+bJ3Y=,tag:LkeNTammEdYPQbY76Wj+Fw==,type:str] - secret: ENC[AES256_GCM,data:Y/d2kZSF5S5KVfZRv+W6/+CRrOVe0G0chfDnvFsmQyaolQmQg+Wvsg==,iv:C4WqprYdsz9iXf5KhffxcbvD9OdF/ReLk6oGdWdd3VQ=,tag:fFGAIZ8b1awkbRMw9phknA==,type:str] + - name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str] + provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str] + key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str] + secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVTdROHl3TW1abHlTa0d6 - VDVIK2dvc0lQZ1B4NkljbXBVZG1JaVdJTng4CkRVOCs3Sy9jNVpHMDh3djRHT0xv - MVhVUlltVWpXUGVJMkZKWmk4WktBNHMKLS0tIEk5QkgvRFVYaUxjQ3lMRW84U1hu - YjFUVUszVmlWUW90SWQ1WGV1MjhERTAKdiPPQqZDWLOK8m19Ewlzcqn/cdHKW6ns - xa0xPc+nmlSR1ixicgkJ/mILntanVnpqhKg57NgjZ+/9agUXMRtGQQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk + OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy + Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3 + YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI + nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-26T15:39:40Z" - mac: ENC[AES256_GCM,data:bHZs54AwX5VXF/kq6S/QOpmGTH4JxNYtsUI3mB+B+oYomikBvtNiuVwbsi5nDUKmEjpJDrkJIpz0vXrKXjSCaKzXeVq/FQOonNyjobHEx1S6kZGCVT0Ib+owLS8atLd0tJJqw0aS1Asw+hgXpVVxCREo6bdt3er+3/adpzuhHRo=,iv:cGW64wPM1UyJRqDDh68oHL+beZZ15FvMRSHzukIe5SI=,tag:pkI9yWl7lCkbthisdYi43w==,type:str] + lastmodified: "2024-01-30T18:17:44Z" + mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index 5e20299..193f934 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:yL0+ORBJ4ZWHrmoNvVowEA==,iv:XJuY89wtdz8b+9SnTMro33Ka/pBOymyhN3MLJOyujAA=,tag:hSXjKC6+6NLgCoiHlbqtxQ==,type:str] +secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:MvyEVw==,iv:ICIPR4oJW6pCRUks7Rk70NqdxVTXYqmM2qjQetppmEY=,tag:1FOK5MyPSTaiDayAAaPPuQ==,type:bool] - username: ENC[AES256_GCM,data:qSsqS5iQAyNzAQ+ZOLSWsie3k04b7qPUpcfU,iv:sXe2sjo4XesoEmjI9tY8gYd2psUlZCltBtLlIyE+v8w=,tag:uZeXnjU+7aLHI87qW+tiGw==,type:str] - domain: ENC[AES256_GCM,data:T5w/nPrq36iwZQdYHMQkisY1,iv:7EskbKJfRXMhkKZBgHy6nP8r1epcf7bNi8gAp4qY5TI=,tag:nZ+0BhvIy9Ap88SHaKhSvw==,type:str] - password: ENC[AES256_GCM,data:dki7Cw2n5FxYsINS+aap4u8hkQBl4RUVW2KxSXrQ,iv:XxUHdy5xAWoH00yxItL9P5YuCJtCG4pfRUhZdOr0EWw=,tag:Lo7ahX7CAXS31lFDKEYRww==,type:str] + enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool] + username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str] + domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str] + password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:o2KghCpri6cUbGeh3LIjUO6TXBz4nrZSaU8tW7PD,iv:KNp+FM1DqC2h1/F2cudAQfQZA6UAD833SQbEQ/oKkTM=,tag:oHZzKLzZ+IIJDrjFDX/3cA==,type:str] - postgresPassword: ENC[AES256_GCM,data:2+RrJdHwGQVU910BkXH5ZogDfh8zoOPDcJazg7Iv,iv:CKH/lhkTYNbJ0sKQCwgZ4CDg+7ITsbJq3wcQiJWogtI=,tag:xZX3HSfpC2Wrz1sCOtQwYQ==,type:str] + password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str] + postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:LbBjpvmdVgIDLtlL5ccufC7Pe28ZVO5CYxTzVoZD,iv:dsVuk1ZluIAhtYN1s9xH+2Jk2CyVYGRU2LoxnC5Lgb0=,tag:lWZohYLUyVnrMKhvwIz7uw==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:asv/FCVAPir07vw5kW1uqSPGEKTR/ukwtOXY5q8j,iv:SnEftPnqXdPK3Zw9nd8Qnj412tHrPSK6hR0V3rLfn3A=,tag:xKqOjOuSyMKSo02r8GyVbg==,type:str] - userPasswordKey: ENC[AES256_GCM,data:NNUZ8zVSem5Aov/PxFbc7OjANRVa5g5WjyMLRX1V,iv:c3XDq6nyea5ErJZHMKwxEqNfpjBYVGiqbAgqko5nsjI=,tag:HrhLvBxraIKFhNPaulM+uQ==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str] + userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:V7Ml++sPS94LzA==,iv:aQ36cTMR5ArSows/3+z10nFIRppCkSvQx6VwtB30hno=,tag:2yVIXNHJ3HbA/sr6vnX7XA==,type:str] + password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa1lRY0tQUk05WmpINVVw - YkJkVDA0QlZibHFmbDdPTHpGTTY5N0JodXljCm14aVVSUm43MXo3d0ZlYWRUMXhh - b1VqRHZXUTArbDNpRG9VY1U1a281ZW8KLS0tIHV6NWZQdzVzWFdJU0ErQy9WTFMv - RjVVYmRKcERYZVhMT0ViZzR5cm8rMTgKizZBRrU/WauUmFYm9fnouiegNkYZkudp - QpOha6CggN8rItelbnWMHlzGZBzM+77mFocuGmvNuTY/YGSkXfLjLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN + Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96 + a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5 + S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9 + wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-28T08:37:51Z" - mac: ENC[AES256_GCM,data:NtXsrrs9yWlVO6oBQuJKHKPlmFMkqmu5BqOrYjdj9R7KdYycIWRDlNojieP9lghjSllgjkR3N4DpST9n6r6GHOkrpCl0eX12AsY0GUhSwaJzMgvX34Kzo+BjtISvODy0UzEVb9qKzbFuO9R4FMqyxBjTJirJVFT1EIB7Hxbb5Zc=,iv:OFKLvj96oRasDg5sYbJNS5KvZnxOXhh36Nwjl2gA1v0=,tag:aWsKrlbubuh+xTnyxvWeRg==,type:str] + lastmodified: "2024-02-02T07:57:08Z" + mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/badhouseplants/values/secrets.vaultwarden.yaml b/badhouseplants/values/secrets.vaultwarden.yaml index 8d2d9a3..61f6e40 100644 --- a/badhouseplants/values/secrets.vaultwarden.yaml +++ b/badhouseplants/values/secrets.vaultwarden.yaml @@ -1,10 +1,10 @@ vaultwarden: smtp: - username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str] + username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str] password: - value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str] + value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str] adminToken: - value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str] + value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDL0RuQitFb0dPajRpSHRo - WnhUa3BOazVHSTE5STRNMGQ2eWUxaXhvNEJVCmtpMjE2Q3hyQzhDSTBObUgwQXV3 - dmhvYmUvL05QUGd6Umx5QjRhMVFmcHMKLS0tIEtkTDc1ZVcxOWRqRzlzdTM1WG5a - U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT - HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-25T19:33:37Z" - mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str] + lastmodified: "2024-01-30T18:44:39Z" + mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 7d01d6c..e8d0bce 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -63,6 +63,7 @@ server: scopes: "[email, group]" policy.csv: | g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin g, rodion.n.rodionov@gmail.com, role:admin p, drone, applications, *, badhouseplants/*,allow config: diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 0612e49..6c54e91 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,7 +1,7 @@ --- -certificate: +certificate: enabled: true - certificate: + certificate: - name: mailu secretName: mailu-certificate issuer: @@ -21,58 +21,58 @@ istio: kind: http gateway: badhouseplants-net hostname: email.badhouseplants.net - service: mailu-fr ont + service: mailu-front port: 80 - # - name: mailu-smpt - # kind: tcp - # gateway: badhouseplants-mail - # service: mailu-front - # hostname: email.badhousplants.net - # port_match: 25 - # port: 25 - # - name: mailu-smpts - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 465 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 465 - # - name: mailu-smpt-startls - # kind: tcp - # gateway: badhouseplants-mail - # hostname: email.badhousplants.net - # port_match: 587 - # service: mailu-front - # port: 587 - # - name: mailu-imap - # kind: tcp - # hostname: email.badhousplants.net - # gateway: badhouseplants-mail - # port_match: 143 - # service: mailu-front - # port: 143 - # - name: mailu-imaps - # kind: tcp - # gateway: badhouseplants-mail - # hostname: email.badhousplants.net - # port_match: 993 - # service: mailu-front - # port: 993 - # - name: mailu-pop3 - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 110 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 110 - # - name: mailu-pop3s - # kind: tcp - # gateway: badhouseplants-mail - # port_match: 993 - # hostname: email.badhousplants.net - # service: mailu-front - # port: 993 -subnet: 10.1.0.0/16 + - name: mailu-smpt + kind: tcp + gateway: badhouseplants-mail + service: mailu-front + hostname: email.badhousplants.net + port_match: 25 + port: 25 + - name: mailu-smpts + kind: tcp + gateway: badhouseplants-mail + port_match: 465 + hostname: email.badhousplants.net + service: mailu-front + port: 465 + - name: mailu-smpt-startls + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 587 + service: mailu-front + port: 587 + - name: mailu-imap + kind: tcp + hostname: email.badhousplants.net + gateway: badhouseplants-mail + port_match: 143 + service: mailu-front + port: 143 + - name: mailu-imaps + kind: tcp + gateway: badhouseplants-mail + hostname: email.badhousplants.net + port_match: 993 + service: mailu-front + port: 993 + - name: mailu-pop3 + kind: tcp + gateway: badhouseplants-mail + port_match: 110 + hostname: email.badhousplants.net + service: mailu-front + port: 110 + - name: mailu-pop3s + kind: tcp + gateway: badhouseplants-mail + port_match: 993 + hostname: email.badhousplants.net + service: mailu-front + port: 993 +subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - post.badhouseplants.net @@ -90,6 +90,11 @@ ingress: tlsFlavorOverride: mail selfSigned: false existingSecret: mailu-certificate + realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local + realIpHeader: "X-Forwarded-For" +front: + hostPort: + enabled: false admin: resources: requests: @@ -107,9 +112,10 @@ redis: cpu: 70m limits: memory: 200Mi - cpu: 200m - persistence: - size: 1Gi + cpu: 200m + master: + persistence: + enabled: false postfix: resources: requests: @@ -117,7 +123,7 @@ postfix: cpu: 200m limits: memory: 1024Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi dovecot: @@ -128,7 +134,7 @@ dovecot: cpu: 70m limits: memory: 400Mi - cpu: 300m + cpu: 300m persistence: size: 1Gi roundcube: @@ -138,7 +144,7 @@ roundcube: cpu: 70m limits: memory: 200Mi - cpu: 200m + cpu: 200m persistence: size: 1Gi mysql: @@ -154,10 +160,6 @@ postgresql: storageClass: "" accessMode: ReadWriteOnce size: 2Gi -front: - logLevel: DEBUG - hostPort: - enabled: true rspamd: resources: requests: @@ -166,7 +168,7 @@ rspamd: limits: memory: 500Mi cpu: 400m - startupProbe: + startupProbe: periodSeconds: 30 failureThreshold: 900 timeoutSeconds: 20 diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 0f4c96c..9b9171b 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -20,7 +20,7 @@ storage: openvpn: proto: tcp - host: 195.201.250.50 + host: 195.201.249.91 easyrsa: cn: Bad Houseplants diff --git a/common/values.database.yaml b/common/values.database.yaml index d5d0221..6685015 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -10,7 +10,7 @@ ext-database: spec: secretName: "{{ .Values.name }}-creds" instance: "{{ .Values.instance }}" - deletionProtected: false + deletionProtected: true backup: enable: false cron: 0 0 * * * diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index a051a53..98684a6 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -6,6 +6,11 @@ releases: installed: true namespace: openvpn-service createNamespace: false + + - <<: *postgres16 + installed: true + namespace: database-service + createNamespace: true bases: - ../environments.yaml diff --git a/etersoft/values/secrets.postgres16.yaml b/etersoft/values/secrets.postgres16.yaml new file mode 100644 index 0000000..e466bb1 --- /dev/null +++ b/etersoft/values/secrets.postgres16.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 + VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi + bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns + Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 + OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-04T02:27:48Z" + mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/etersoft/values/values.longhorn.yaml b/etersoft/values/values.longhorn.yaml new file mode 100644 index 0000000..078e6ab --- /dev/null +++ b/etersoft/values/values.longhorn.yaml @@ -0,0 +1,13 @@ +defaultSettings: + backupTarget: s3://longhorn@us-east1/backupstore + backupTargetCredentialSecret: aws-secret + guaranteedEngineManagerCPU: 6 + guaranteedReplicaManagerCPU: 6 + storageOverProvisioningPercentage: 300 + storageMinimalAvailablePercentage: 5 + defaultDataPath: /media-longhorn +csi: + kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet +persistence: + defaultClassReplicaCount: 1 +enablePSP: false diff --git a/etersoft/values/values.postgres16.yaml b/etersoft/values/values.postgres16.yaml new file mode 100644 index 0000000..cbcb751 --- /dev/null +++ b/etersoft/values/values.postgres16.yaml @@ -0,0 +1,10 @@ +architecture: standalone + +auth: + database: postgres + +persistence: + size: 1Gi + +metrics: + enabled: false diff --git a/helmfile.yaml b/helmfile.yaml index 06da863..73ac8fa 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,5 +46,10 @@ releases: namespace: reflector-system createNamespace: true + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/manifests/badhouseplants-ip.yaml b/manifests/badhouseplants-ip.yaml index b98f76f..86db502 100644 --- a/manifests/badhouseplants-ip.yaml +++ b/manifests/badhouseplants-ip.yaml @@ -7,4 +7,4 @@ metadata: namespace: metallb-system spec: addresses: - - 195.201.250.50-195.201.250.50 + - 195.201.249.91-195.201.249.91 diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml new file mode 100644 index 0000000..29b9db1 --- /dev/null +++ b/manifests/debug/istio/httpbin.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + kubernetes.io/metadata.name: debug + name: debug +--- +# httpbin.yaml +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: httpbin + namespace: debug +spec: + hosts: + - "httpbin.e.badhouseplants.net" + gateways: + - istio-system/e-badhouseplants-net + http: + - route: + - destination: + port: + number: 8000 + host: httpbin +--- +apiVersion: v1 +kind: Service +metadata: + name: httpbin + namespace: debug + labels: + app: httpbin +spec: + ports: + - name: http + port: 8000 + selector: + app: httpbin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: httpbin + namespace: debug +spec: + replicas: 1 + selector: + matchLabels: + app: httpbin + version: v1 + template: + metadata: + labels: + app: httpbin + version: v1 + spec: + containers: + - image: docker.io/citizenstig/httpbin + imagePullPolicy: IfNotPresent + name: httpbin + ports: + - containerPort: 8000 diff --git a/manifests/debug/ubuntu.yaml b/manifests/debug/ubuntu.yaml new file mode 100644 index 0000000..676a047 --- /dev/null +++ b/manifests/debug/ubuntu.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ubuntu +spec: + containers: + - name: ubuntu + image: ubuntu + command: + - sleep + - infinity diff --git a/releases.yaml b/releases.yaml index 053d82e..7138202 100644 --- a/releases.yaml +++ b/releases.yaml @@ -366,6 +366,17 @@ templates: chart: emberstack/reflector version: 7.1.238 + mailu: &mailu + name: mailu + chart: mailu/mailu + version: 1.5.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + - template: ext-certificate + + tandoor: &tandoor name: tandoor chart: gabe565/tandoor diff --git a/repositories.yaml b/repositories.yaml index 1026e58..fc03a1e 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -45,3 +45,5 @@ repositories: url: https://emberstack.github.io/helm-charts - name: gabe565 url: https://charts.gabe565.com + - name: mailu + url: https://mailu.github.io/helm-charts/ diff --git a/system/values/cilium.yaml b/system/values/cilium.yaml index e0f0670..6eae22c 100644 --- a/system/values/cilium.yaml +++ b/system/values/cilium.yaml @@ -4,8 +4,7 @@ endpointRoutes: # -- Enable use of per endpoint routes instead of routing via # the cilium_host interface. enabled: true -policyEnforcementMode: never ipam: ciliumNodeUpdateRate: "15s" operator: - clusterPoolIPv4PodCIDRList: ["10.40.0.0/16"] + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/namespaces.yaml b/system/values/namespaces.yaml index d303607..838f30b 100644 --- a/system/values/namespaces.yaml +++ b/system/values/namespaces.yaml @@ -20,3 +20,4 @@ namespaces: - name: openvpn-service - name: tandoor-application - name: badhouseplants-main + - name: mailu-application -- 2.49.0 From b1f183d7127669fee7c5872dd3a37d765a6178fd Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 8 Feb 2024 19:58:31 +0100 Subject: [PATCH 128/164] Updates after the disaster recovery --- .woodpecker/.cdh.yml | 1 - Makefile | 4 -- README.md | 2 +- badhouseplants/helmfile.yaml | 8 ++- badhouseplants/values/secrets.funkwhale.yaml | 20 +++--- badhouseplants/values/secrets.gitea.yaml | 36 +++++----- badhouseplants/values/secrets.mailu.yaml | 36 +++++----- badhouseplants/values/values.cilium.yaml | 10 +++ badhouseplants/values/values.coredns.yaml | 32 +++++++++ .../values/values.istio-ingressgateway.yaml | 1 + badhouseplants/values/values.mailu.yaml | 4 +- .../values/values.metallb-resources.yaml | 5 ++ badhouseplants/values/values.namespaces.yaml | 32 ++++++--- badhouseplants/values/values.prometheus.yaml | 1 + charts/namespaces/chart/.helmignore | 23 ++++++ charts/namespaces/chart/Chart.yaml | 24 +++++++ .../namespaces/chart/templates/_helpers.tpl | 43 +++++++++++ .../chart/templates/namespaces.yaml | 18 +++++ charts/namespaces/chart/values.yaml | 20 ++++++ charts/namespaces/kustomize/flux-system.yml | 6 ++ .../namespaces/kustomize/giantswarm-flux.yml | 6 ++ charts/namespaces/kustomize/giantswarm.yml | 6 ++ .../namespaces/kustomize/kustomization.yaml | 5 ++ charts/namespaces/kustomize/monitoring.yml | 6 ++ .../namespaces/kustomize/org-giantswarm.yml | 6 ++ charts/root/.helmignore | 23 ++++++ charts/root/Chart.yaml | 6 ++ charts/root/templates/_helpers.tpl | 62 ++++++++++++++++ charts/root/templates/root.yaml | 25 +++++++ charts/root/templates/self.yaml | 25 +++++++ charts/root/values.yaml | 5 ++ common/values.metallb.yaml | 14 ++++ crd.yaml | 27 +++++++ docs/restic.md | 7 -- etersoft/values/secrets.minio.yaml | 48 ++++++------- etersoft/values/values.metallb-resources.yaml | 5 ++ etersoft/values/values.minio.yaml | 10 +++ extensions.yaml | 56 +++++++++++++++ helmfile.yaml | 5 ++ .../namespace-creator-binding.yaml | 12 ---- .../namespace-creator-role.yaml | 8 --- manifests/debug/istio/httpbin.yaml | 4 +- manifests/new-ip.yaml | 11 +++ releases.yaml | 72 ++++++++++++++----- repositories.yaml | 4 ++ system/values/values.cilium.yaml | 10 +++ system/values/values.coredns.yaml | 32 +++++++++ system/values/values.namespaces.yaml | 23 ++++++ templates/crd-hook.yaml | 25 +++++++ templates/extensions.yaml | 56 +++++++++++++++ 50 files changed, 795 insertions(+), 135 deletions(-) delete mode 100644 Makefile create mode 100644 badhouseplants/values/values.cilium.yaml create mode 100644 badhouseplants/values/values.coredns.yaml create mode 100644 badhouseplants/values/values.metallb-resources.yaml create mode 100644 charts/namespaces/chart/.helmignore create mode 100644 charts/namespaces/chart/Chart.yaml create mode 100644 charts/namespaces/chart/templates/_helpers.tpl create mode 100644 charts/namespaces/chart/templates/namespaces.yaml create mode 100644 charts/namespaces/chart/values.yaml create mode 100644 charts/namespaces/kustomize/flux-system.yml create mode 100644 charts/namespaces/kustomize/giantswarm-flux.yml create mode 100644 charts/namespaces/kustomize/giantswarm.yml create mode 100644 charts/namespaces/kustomize/kustomization.yaml create mode 100644 charts/namespaces/kustomize/monitoring.yml create mode 100644 charts/namespaces/kustomize/org-giantswarm.yml create mode 100644 charts/root/.helmignore create mode 100644 charts/root/Chart.yaml create mode 100644 charts/root/templates/_helpers.tpl create mode 100644 charts/root/templates/root.yaml create mode 100644 charts/root/templates/self.yaml create mode 100644 charts/root/values.yaml create mode 100644 common/values.metallb.yaml create mode 100644 crd.yaml delete mode 100644 docs/restic.md create mode 100644 etersoft/values/values.metallb-resources.yaml create mode 100644 extensions.yaml delete mode 100644 manifests/badhouseplants/namespace-creator-binding.yaml delete mode 100644 manifests/badhouseplants/namespace-creator-role.yaml create mode 100644 manifests/new-ip.yaml create mode 100644 system/values/values.cilium.yaml create mode 100644 system/values/values.coredns.yaml create mode 100644 system/values/values.namespaces.yaml create mode 100644 templates/crd-hook.yaml create mode 100644 templates/extensions.yaml diff --git a/.woodpecker/.cdh.yml b/.woodpecker/.cdh.yml index b2e06e7..6fc4838 100644 --- a/.woodpecker/.cdh.yml +++ b/.woodpecker/.cdh.yml @@ -2,7 +2,6 @@ # -- Check da helm pipeline # ---------------------------------------------- when: - - event: push - event: cron cron: nightly steps: diff --git a/Makefile b/Makefile deleted file mode 100644 index 1814372..0000000 --- a/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -create_crb: - kubectl create clusterrolebinding drone-deployer-workaround \ - --clusterrole=cluster-admin \ - --serviceaccount=drone-service:default diff --git a/README.md b/README.md index 3fd9e60..5ad2c85 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,4 @@ [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config) # CRD hooks -I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. \ No newline at end of file +I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index e6c262b..0ec24c9 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -2,6 +2,12 @@ {{ readFile "../releases.yaml" }} releases: + - <<: *namespaces + installed: true + - <<: *coredns + installed: true + - <<: *cilium + installed: true - <<: *drone installed: true namespace: drone-service @@ -114,7 +120,7 @@ releases: createNamespace: true - <<: *mailu - installed: true + installed: false namespace: mailu-application createNamespace: false bases: diff --git a/badhouseplants/values/secrets.funkwhale.yaml b/badhouseplants/values/secrets.funkwhale.yaml index 2ef8cde..8ca3587 100644 --- a/badhouseplants/values/secrets.funkwhale.yaml +++ b/badhouseplants/values/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str] +djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str] + password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str] redis: auth: - password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str] + password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2 - NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3 - Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB - ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5 - M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty + dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG + SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y + ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC + nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-31T18:41:30Z" - mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str] + lastmodified: "2024-02-09T09:33:11Z" + mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 4c1a84f..55bd2b4 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -1,23 +1,23 @@ gitea: admin: - username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str] - password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str] + username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str] + password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str] config: mailer: - PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str] + PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str] database: - PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str] + PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str] session: - PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str] + PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str] cache: - HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str] + HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str] queue: - CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str] + CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str] oauth: - - name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str] - provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str] - key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str] - secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str] + - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str] + provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str] + key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str] + secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str] sops: kms: [] gcp_kms: [] @@ -27,14 +27,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk - OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy - Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3 - YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI - nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ + M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5 + TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC + OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X + RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-30T18:17:44Z" - mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str] + lastmodified: "2024-02-09T09:32:40Z" + mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/secrets.mailu.yaml b/badhouseplants/values/secrets.mailu.yaml index 193f934..61e967f 100644 --- a/badhouseplants/values/secrets.mailu.yaml +++ b/badhouseplants/values/secrets.mailu.yaml @@ -1,21 +1,21 @@ -secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str] +secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str] initialAccount: - enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool] - username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str] - domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str] - password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str] + enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool] + username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str] + domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str] + password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str] - postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str] + password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str] + postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str] secretKeys: - adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str] - replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str] - userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str] + adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str] + replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str] + userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str] global: database: roundcube: - password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str] + password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN - Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96 - a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5 - S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9 - wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS + L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu + Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj + aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i + l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-02T07:57:08Z" - mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str] + lastmodified: "2024-02-04T09:30:41Z" + mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.cilium.yaml b/badhouseplants/values/values.cilium.yaml new file mode 100644 index 0000000..6eae22c --- /dev/null +++ b/badhouseplants/values/values.cilium.yaml @@ -0,0 +1,10 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/badhouseplants/values/values.coredns.yaml b/badhouseplants/values/values.coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/badhouseplants/values/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index e37b970..8e39d27 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -1,5 +1,6 @@ service: type: LoadBalancer + externalTrafficPolicy: Local ports: - name: minecraft port: 25565 diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index 6c54e91..aba9e11 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -19,7 +19,7 @@ istio: istio: - name: mailu-web kind: http - gateway: badhouseplants-net + gateway: istio-system/badhouseplants-net hostname: email.badhouseplants.net service: mailu-front port: 80 @@ -91,7 +91,7 @@ ingress: selfSigned: false existingSecret: mailu-certificate realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local - realIpHeader: "X-Forwarded-For" + realIpHeader: "X-Envoy-External-Address" front: hostPort: enabled: false diff --git a/badhouseplants/values/values.metallb-resources.yaml b/badhouseplants/values/values.metallb-resources.yaml new file mode 100644 index 0000000..94b681b --- /dev/null +++ b/badhouseplants/values/values.metallb-resources.yaml @@ -0,0 +1,5 @@ +metallb: + enabled: true + ippools: + - name: fuji + addresses: 195.201.249.91-195.201.249.91 diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index b477a0b..838f30b 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,11 +1,23 @@ ---- -ns: +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application - name: monitoring-system -templates: - - | - {{ range .Values.ns }} - apiVersion: v1 - kind: Namespace - metadata: - name: {{ .name }} - {{ end }} + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main + - name: mailu-application diff --git a/badhouseplants/values/values.prometheus.yaml b/badhouseplants/values/values.prometheus.yaml index cc03d42..2ee10c9 100644 --- a/badhouseplants/values/values.prometheus.yaml +++ b/badhouseplants/values/values.prometheus.yaml @@ -87,6 +87,7 @@ prometheus: storage: 12Gi grafana: + assertNoLeakedSecrets: false persistence: enabled: true size: 2Gi diff --git a/charts/namespaces/chart/.helmignore b/charts/namespaces/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/namespaces/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/namespaces/chart/Chart.yaml b/charts/namespaces/chart/Chart.yaml new file mode 100644 index 0000000..0f737fe --- /dev/null +++ b/charts/namespaces/chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: namespaces +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/namespaces/chart/templates/_helpers.tpl b/charts/namespaces/chart/templates/_helpers.tpl new file mode 100644 index 0000000..a33714c --- /dev/null +++ b/charts/namespaces/chart/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "namespaces.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespaces.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespaces.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespaces.labels" -}} +helm.sh/chart: {{ include "namespaces.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml new file mode 100644 index 0000000..dc2bd62 --- /dev/null +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -0,0 +1,18 @@ +{{- if .Values.namespaces }} +{{- range $ns := .Values.namespaces }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $ns.name }} + labels: + {{- include "namespaces.labels" $ | nindent 4 }} + {{- with $ns.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $ns.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/namespaces/chart/values.yaml b/charts/namespaces/chart/values.yaml new file mode 100644 index 0000000..cd5a239 --- /dev/null +++ b/charts/namespaces/chart/values.yaml @@ -0,0 +1,20 @@ +namespaces: + - name: giantswarm-flux + labels: + name: giantswarm-flux + - name: giantswarm + labels: + name: giantswarm + - name: monitoring + labels: + name: monitoring + - name: org-giantswarm + labels: + name: org-giantswarm + - name: flux-system + labels: + name: flux-system + - name: flux-giantswarm + labels: + name: flux-giantswarm + - name: policy-exception diff --git a/charts/namespaces/kustomize/flux-system.yml b/charts/namespaces/kustomize/flux-system.yml new file mode 100644 index 0000000..f44f3af --- /dev/null +++ b/charts/namespaces/kustomize/flux-system.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux-system + labels: + name: flux-system diff --git a/charts/namespaces/kustomize/giantswarm-flux.yml b/charts/namespaces/kustomize/giantswarm-flux.yml new file mode 100644 index 0000000..bd0e121 --- /dev/null +++ b/charts/namespaces/kustomize/giantswarm-flux.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm-flux + labels: + name: giantswarm-flux diff --git a/charts/namespaces/kustomize/giantswarm.yml b/charts/namespaces/kustomize/giantswarm.yml new file mode 100644 index 0000000..31e7916 --- /dev/null +++ b/charts/namespaces/kustomize/giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: giantswarm + labels: + name: giantswarm diff --git a/charts/namespaces/kustomize/kustomization.yaml b/charts/namespaces/kustomize/kustomization.yaml new file mode 100644 index 0000000..8159198 --- /dev/null +++ b/charts/namespaces/kustomize/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ./giantswarm-flux.yml + - ./giantswarm.yml + - ./monitoring.yml + - ./org-giantswarm.yml diff --git a/charts/namespaces/kustomize/monitoring.yml b/charts/namespaces/kustomize/monitoring.yml new file mode 100644 index 0000000..90d12ef --- /dev/null +++ b/charts/namespaces/kustomize/monitoring.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring + labels: + name: monitoring diff --git a/charts/namespaces/kustomize/org-giantswarm.yml b/charts/namespaces/kustomize/org-giantswarm.yml new file mode 100644 index 0000000..f27e8c4 --- /dev/null +++ b/charts/namespaces/kustomize/org-giantswarm.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: org-giantswarm + labels: + name: org-giantswarm diff --git a/charts/root/.helmignore b/charts/root/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/root/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/root/Chart.yaml b/charts/root/Chart.yaml new file mode 100644 index 0000000..59e507d --- /dev/null +++ b/charts/root/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: root +description: A Helm chart for Kubernetes +type: application +version: 0.1.5 +appVersion: "1.16.0" diff --git a/charts/root/templates/_helpers.tpl b/charts/root/templates/_helpers.tpl new file mode 100644 index 0000000..8a3cc9a --- /dev/null +++ b/charts/root/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "root.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "root.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "root.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "root.labels" -}} +helm.sh/chart: {{ include "root.chart" . }} +{{ include "root.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "root.selectorLabels" -}} +app.kubernetes.io/name: {{ include "root.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "root.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "root.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/root/templates/root.yaml b/charts/root/templates/root.yaml new file mode 100644 index 0000000..f542187 --- /dev/null +++ b/charts/root/templates/root.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root +spec: + interval: 30s + url: {{ .Values.url }} + ref: + branch: {{ .Values.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/charts/root/templates/self.yaml b/charts/root/templates/self.yaml new file mode 100644 index 0000000..0ddb8de --- /dev/null +++ b/charts/root/templates/self.yaml @@ -0,0 +1,25 @@ +{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }} +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: root-self +spec: + interval: 30s + url: {{ .Values.self.url }} + ref: + branch: {{ .Values.self.branch }} +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: root-self +spec: + interval: 30s + targetNamespace: flux-system + sourceRef: + kind: GitRepository + name: root-self + path: "." + prune: false + timeout: 1m +{{- end }} diff --git a/charts/root/values.yaml b/charts/root/values.yaml new file mode 100644 index 0000000..51850fa --- /dev/null +++ b/charts/root/values.yaml @@ -0,0 +1,5 @@ +url: https://git.badhouseplants.net/giantswarm/cluster-example.git +branch: main +self: + url: git@git.badhouseplants.net:giantswarm/root-config.git + branch: master diff --git a/common/values.metallb.yaml b/common/values.metallb.yaml new file mode 100644 index 0000000..c35b944 --- /dev/null +++ b/common/values.metallb.yaml @@ -0,0 +1,14 @@ +--- +metallb: + templates: + - | + {{ range .Values.ippools }} + --- + apiVersion: metallb.io/v1beta1 + kind: IPAddressPool + metadata: + name: {{ .name }} + spec: + addresses: + - {{ .addresses }} + {{ end }} diff --git a/crd.yaml b/crd.yaml new file mode 100644 index 0000000..0e245b2 --- /dev/null +++ b/crd.yaml @@ -0,0 +1,27 @@ +templates: + # --------------------------- + # -- Hooks + # --------------------------- + crd-management-hook: + hooks: + - events: ["preapply"] + showlogs: true + command: "sh" + args: + - -c + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true + - events: ["prepare"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" + - events: ["postuninstall"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/docs/restic.md b/docs/restic.md deleted file mode 100644 index f740f43..0000000 --- a/docs/restic.md +++ /dev/null @@ -1,7 +0,0 @@ -# Restic - -We are using restic for backing up the Minecraft server - -## How to restore - -TODO: Describe the restoration process diff --git a/etersoft/values/secrets.minio.yaml b/etersoft/values/secrets.minio.yaml index 465ad9a..cb55a93 100644 --- a/etersoft/values/secrets.minio.yaml +++ b/etersoft/values/secrets.minio.yaml @@ -1,21 +1,21 @@ -rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str] +rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str] users: - - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str] - secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str] - policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str] - - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str] - secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str] - policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str] -oidc: - enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool] - configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str] - clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str] - clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str] - claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str] - redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str] - comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str] - claimPrefix: "" - scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str] + - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str] + secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str] + policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str] + - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str] + secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str] + policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str] + #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment] + #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment] + #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment] + #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment] + #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment] + #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment] + #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment] + #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment] + #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment] + #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz - QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I - R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa - UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6 - vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6 + MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U + SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX + ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg + mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-04T19:00:41Z" - mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str] + lastmodified: "2024-02-04T08:44:29Z" + mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/etersoft/values/values.metallb-resources.yaml b/etersoft/values/values.metallb-resources.yaml new file mode 100644 index 0000000..5c77cf7 --- /dev/null +++ b/etersoft/values/values.metallb-resources.yaml @@ -0,0 +1,5 @@ +metallb: + enabled: true + ippools: + - name: etersoft + addresses: 91.232.225.63-91.232.225.63 diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index a536d3e..deefdb1 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -18,6 +18,16 @@ istio: hostname: s3.e.badhouseplants.net service: minio port: 9000 +image: + repository: quay.io/minio/minio + tag: RELEASE.2024-01-11T07-46-16Z-cpuv1 + pullPolicy: IfNotPresent + +mcImage: + repository: quay.io/minio/mc + tag: RELEASE.2024-01-11T05-49-32Z-cpuv1 + pullPolicy: IfNotPresent + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/extensions.yaml b/extensions.yaml new file mode 100644 index 0000000..86903c3 --- /dev/null +++ b/extensions.yaml @@ -0,0 +1,56 @@ +templates: + # ---------------------------- + # -- Extensions + # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio-gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' + namespace: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ns + inherit: + - template: default-common-values + - template: default-env-values + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' diff --git a/helmfile.yaml b/helmfile.yaml index 73ac8fa..c813fb4 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -50,6 +50,11 @@ releases: installed: true namespace: longhorn-system createNamespace: false + + - <<: *metallb-resources + installed: true + namespace: metallb-system + createNamespace: false helmfiles: - path: {{.Environment.Name }}/helmfile.yaml diff --git a/manifests/badhouseplants/namespace-creator-binding.yaml b/manifests/badhouseplants/namespace-creator-binding.yaml deleted file mode 100644 index d24486c..0000000 --- a/manifests/badhouseplants/namespace-creator-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: namespace-manager -subjects: - - kind: User - name: badhousplants - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: namespace-manager - apiGroup: rbac.authorization.k8s.io diff --git a/manifests/badhouseplants/namespace-creator-role.yaml b/manifests/badhouseplants/namespace-creator-role.yaml deleted file mode 100644 index c552be6..0000000 --- a/manifests/badhouseplants/namespace-creator-role.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: namespace-manager -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "watch", "list", "create", "delete"] diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index 29b9db1..395418c 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -14,9 +14,9 @@ metadata: namespace: debug spec: hosts: - - "httpbin.e.badhouseplants.net" + - "httpbin.badhouseplants.net" gateways: - - istio-system/e-badhouseplants-net + - istio-system/badhouseplants-net http: - route: - destination: diff --git a/manifests/new-ip.yaml b/manifests/new-ip.yaml new file mode 100644 index 0000000..b554876 --- /dev/null +++ b/manifests/new-ip.yaml @@ -0,0 +1,11 @@ +--- +# Source: raw/charts/metallb/templates/resources.yaml +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: etersoft +spec: + addresses: + - 91.232.225.63-91.232.225.63 + diff --git a/releases.yaml b/releases.yaml index 7138202..7c999fd 100644 --- a/releases.yaml +++ b/releases.yaml @@ -63,7 +63,13 @@ templates: alias: certificate values: - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' - + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' service-monitor: dependencies: - chart: bedag/raw @@ -92,6 +98,14 @@ templates: # ---------------------------- # -- System # ---------------------------- + namespaces: &namespaces + name: namespaces + chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' + namespace: kube-public + createNamespace: false + inherit: + - template: default-env-values + metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server @@ -102,12 +116,20 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.13.12 + version: 0.14.3 + + metallb-resources: &metallb-resources + name: metallb-resources + chart: bedag/raw + version: 2.0.0 + inherit: + - template: ext-metallb + - template: default-env-values cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.13.3 + version: 1.14.1 set: - name: installCRDs value: true @@ -121,7 +143,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.52.1 + version: 5.53.13 inherit: - template: default-env-values - template: default-env-secrets @@ -134,7 +156,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 55.7.0 + version: 56.6.1 inherit: - template: monitoring-common - template: default-env-values @@ -145,7 +167,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.41.5 + version: 5.42.2 inherit: - template: monitoring-common - template: default-env-values @@ -153,7 +175,7 @@ templates: promtail: &promtail name: promtail chart: grafana/promtail - version: 6.15.3 + version: 6.15.5 inherit: - template: monitoring-common - template: default-env-values @@ -241,7 +263,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.0.3 + version: 1.1.1 inherit: - template: ext-database - template: default-env-values @@ -251,7 +273,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.0.4 + version: 19.2.3 inherit: - template: default-env-values - template: default-env-secrets @@ -261,7 +283,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.14 + version: 5.0.15 inherit: - template: default-env-values - template: default-env-secrets @@ -279,7 +301,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.0.2 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -308,7 +330,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.6.3 + version: 18.12.1 inherit: - template: default-env-values - template: default-env-secrets @@ -316,7 +338,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 13.3.1 + version: 14.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -324,7 +346,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.16.2 + version: 1.18.0 db-instances: &db-instances name: db-instances @@ -337,7 +359,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.17.1 + version: 9.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -376,13 +398,29 @@ templates: - template: ext-istio-resource - template: ext-certificate - tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.8.11 + version: 0.8.12 inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - template: ext-database + + coredns: &coredns + name: coredns + chart: coredns/coredns + version: 1.29.0 + namespace: kube-system + inherit: + - template: default-env-values + + cilium: &cilium + name: cilium + chart: cilium/cilium + version: 1.14.6 + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values diff --git a/repositories.yaml b/repositories.yaml index fc03a1e..9e7eced 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -47,3 +47,7 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ + - name: coredns + url: https://coredns.github.io/helm + - name: cilium + url: https://helm.cilium.io/ diff --git a/system/values/values.cilium.yaml b/system/values/values.cilium.yaml new file mode 100644 index 0000000..6eae22c --- /dev/null +++ b/system/values/values.cilium.yaml @@ -0,0 +1,10 @@ +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"] diff --git a/system/values/values.coredns.yaml b/system/values/values.coredns.yaml new file mode 100644 index 0000000..04d2b02 --- /dev/null +++ b/system/values/values.coredns.yaml @@ -0,0 +1,32 @@ +service: + clusterIP: 10.43.0.10 + +servers: + - zones: + - zone: . + port: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 1.1.1.1 1.0.0.1 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance diff --git a/system/values/values.namespaces.yaml b/system/values/values.namespaces.yaml new file mode 100644 index 0000000..838f30b --- /dev/null +++ b/system/values/values.namespaces.yaml @@ -0,0 +1,23 @@ +namespaces: + - name: longhorn-system + - name: cert-manager + - name: minio-service + - name: metallb-system + - name: reflector-system + - name: drone-service + - name: argo-system + - name: nrodionov-application + - name: minecraft-application + - name: gitea-service + - name: funkwhale-application + - name: monitoring-system + - name: bitwarden-application + - name: database-service + - name: mail-service + - name: istio-system + - name: vaultwarden-application + - name: woodpecker-ci + - name: openvpn-service + - name: tandoor-application + - name: badhouseplants-main + - name: mailu-application diff --git a/templates/crd-hook.yaml b/templates/crd-hook.yaml new file mode 100644 index 0000000..db6365f --- /dev/null +++ b/templates/crd-hook.yaml @@ -0,0 +1,25 @@ +--- +templates: + crd-management-hook: + hooks: + - events: ["preapply"] + showlogs: true + command: "sh" + args: + - -c + - | + helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f - \ + || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f - \ + || true + - events: ["prepare"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true" + - events: ["postuninstall"] + showlogs: true + command: "sh" + args: + - -c + - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true" diff --git a/templates/extensions.yaml b/templates/extensions.yaml new file mode 100644 index 0000000..86903c3 --- /dev/null +++ b/templates/extensions.yaml @@ -0,0 +1,56 @@ +templates: + # ---------------------------- + # -- Extensions + # ---------------------------- + ext-istio-gateway: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio-gateway + values: + - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: certificate + values: + - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml' + ext-metallb: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: metallb + values: + - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml' + service-monitor: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: service-monitor + values: + - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml' + namespace: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ns + inherit: + - template: default-common-values + - template: default-env-values + + ext-database: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-database + values: + - '{{ requiredEnv "PWD" }}/common/values.database.yaml' -- 2.49.0 From 0591ae21ce38cde5c7824d0e1387d25a5f09e8a5 Mon Sep 17 00:00:00 2001 From: Roman Date: Sat, 10 Feb 2024 23:46:29 +0300 Subject: [PATCH 129/164] [Minecraft] Password plugin update --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index e5df96a..6234128 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -127,7 +127,7 @@ initContainers: command: - curl - -L - - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" - -o - /data/plugins/PasswordProtect.jar volumeMounts: -- 2.49.0 From fb6a016b6683080a05163101c1c7d46fac61d3d6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 10 Feb 2024 22:00:32 +0100 Subject: [PATCH 130/164] Revert "[Minecraft] Password plugin update" This reverts commit 0591ae21ce38cde5c7824d0e1387d25a5f09e8a5. --- badhouseplants/values/values.minecraft.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml index 6234128..e5df96a 100644 --- a/badhouseplants/values/values.minecraft.yaml +++ b/badhouseplants/values/values.minecraft.yaml @@ -127,7 +127,7 @@ initContainers: command: - curl - -L - - "https://github.com/Troloroma/PasswordProtect/releases/download/37/PasswordProtect-ubuntu-latest-17.jar" + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - -o - /data/plugins/PasswordProtect.jar volumeMounts: -- 2.49.0 From f4c9224ae69e36ef737304b3a3da645d7d35f2fa Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:39:37 +0100 Subject: [PATCH 131/164] Enable limits and store minecraft logs --- .woodpecker/.helmfile.yml | 15 +++++++++++++++ badhouseplants/values/values.promtail.yaml | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 355d333..166422c 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -1,11 +1,25 @@ when: event: push + + +.k8s-limits: &k8s-limits + backend_options: + kubernetes: + resources: + requests: + memory: 200Mi + cpu: 100m + limits: + memory: 400Mi + cpu: 200m + matrix: ENVIRONMENT: - badhouseplants - etersoft steps: diff: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -17,6 +31,7 @@ steps: - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config - helmfile -e $ENVIRONMENT diff --suppress-secrets apply: + <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: diff --git a/badhouseplants/values/values.promtail.yaml b/badhouseplants/values/values.promtail.yaml index 6ab31f3..4976174 100644 --- a/badhouseplants/values/values.promtail.yaml +++ b/badhouseplants/values/values.promtail.yaml @@ -7,5 +7,5 @@ config: pipelineStages: - match: pipeline_name: "drop-all" - selector: '{namespace!~"mail-service|woodpecker"}' + selector: '{namespace!~"mail-service|woodpecker|minecraft-application"}' action: drop -- 2.49.0 From 1cb2c5f2595ecd4e442b66114205c67d27ed5b43 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 08:57:07 +0100 Subject: [PATCH 132/164] Increase limits --- .woodpecker/.helmfile.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index 166422c..fd6ed63 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,11 +7,11 @@ when: kubernetes: resources: requests: - memory: 200Mi - cpu: 100m - limits: memory: 400Mi - cpu: 200m + cpu: 1000m + limits: + memory: 800Mi + cpu: 1500m matrix: ENVIRONMENT: -- 2.49.0 From 99972808b7f5b7d02558375d5b088745bda8830f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 11 Feb 2024 09:00:05 +0100 Subject: [PATCH 133/164] Increase limits --- .woodpecker/.helmfile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.woodpecker/.helmfile.yml b/.woodpecker/.helmfile.yml index fd6ed63..2407cd8 100644 --- a/.woodpecker/.helmfile.yml +++ b/.woodpecker/.helmfile.yml @@ -7,10 +7,10 @@ when: kubernetes: resources: requests: - memory: 400Mi + memory: 1024Mi cpu: 1000m limits: - memory: 800Mi + memory: 1512Mi cpu: 1500m matrix: -- 2.49.0 From d67cf1a273075c734f63738bc5b7f5d09fa6887a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 13 Feb 2024 15:49:31 +0100 Subject: [PATCH 134/164] Add new ns --- badhouseplants/values/values.namespaces.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 838f30b..d752942 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -20,4 +20,7 @@ namespaces: - name: openvpn-service - name: tandoor-application - name: badhouseplants-main + labels: + istio-injection: enabled + - name: badhouseplants-preview - name: mailu-application -- 2.49.0 From 21ff595d4063ab76b63263b2a87fa486aa2640d2 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:47:14 +0100 Subject: [PATCH 135/164] Some small chagnes --- badhouseplants/helmfile.yaml | 2 + badhouseplants/values/values.roles.yaml | 9 ++++ .../chart/templates/namespaces.yaml | 3 +- charts/roles/.helmignore | 23 ++++++++++ charts/roles/Chart.yaml | 6 +++ charts/roles/templates/_helpers.tpl | 43 +++++++++++++++++++ charts/roles/templates/namespaces.yaml | 23 ++++++++++ charts/roles/values.yaml | 9 ++++ releases.yaml | 8 ++++ 9 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 badhouseplants/values/values.roles.yaml create mode 100644 charts/roles/.helmignore create mode 100644 charts/roles/Chart.yaml create mode 100644 charts/roles/templates/_helpers.tpl create mode 100644 charts/roles/templates/namespaces.yaml create mode 100644 charts/roles/values.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 0ec24c9..39e25bd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -4,6 +4,8 @@ releases: - <<: *namespaces installed: true + - <<: *roles + installed: true - <<: *coredns installed: true - <<: *cilium diff --git a/badhouseplants/values/values.roles.yaml b/badhouseplants/values/values.roles.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/badhouseplants/values/values.roles.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/charts/namespaces/chart/templates/namespaces.yaml b/charts/namespaces/chart/templates/namespaces.yaml index dc2bd62..3e87e83 100644 --- a/charts/namespaces/chart/templates/namespaces.yaml +++ b/charts/namespaces/chart/templates/namespaces.yaml @@ -10,8 +10,9 @@ metadata: {{- with $ns.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with $ns.annotations}} annotations: + "helm.sh/resource-policy": keep + {{- with $ns.annotations}} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/roles/.helmignore b/charts/roles/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/roles/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/roles/Chart.yaml b/charts/roles/Chart.yaml new file mode 100644 index 0000000..c2d5cc6 --- /dev/null +++ b/charts/roles/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: roles +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/charts/roles/templates/_helpers.tpl b/charts/roles/templates/_helpers.tpl new file mode 100644 index 0000000..2927519 --- /dev/null +++ b/charts/roles/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "roles.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "roles.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "roles.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "roles.labels" -}} +helm.sh/chart: {{ include "roles.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + diff --git a/charts/roles/templates/namespaces.yaml b/charts/roles/templates/namespaces.yaml new file mode 100644 index 0000000..7cb85dc --- /dev/null +++ b/charts/roles/templates/namespaces.yaml @@ -0,0 +1,23 @@ +{{- if .Values.roles }} +{{- range $roles := .Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $roles.kind }} +metadata: + name: {{ $roles.name }} + namespace: {{ $roles.namespace }} + labels: + {{- include "roles.labels" $ | nindent 4 }} + {{- with $roles.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $roles.annotations}} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +{{- with $roles.rules }} +{{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/roles/values.yaml b/charts/roles/values.yaml new file mode 100644 index 0000000..7fcd045 --- /dev/null +++ b/charts/roles/values.yaml @@ -0,0 +1,9 @@ +roles: + - name: minecraft-admin + namespace: minecraft-application + kind: Role + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + namespace: ["minecraft-application"] diff --git a/releases.yaml b/releases.yaml index 7c999fd..e8a4277 100644 --- a/releases.yaml +++ b/releases.yaml @@ -106,6 +106,14 @@ templates: inherit: - template: default-env-values + roles: &roles + name: roles + chart: '{{ requiredEnv "PWD" }}/charts/roles' + namespace: kube-public + createNamespace: false + inherit: + - template: default-env-values + metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server -- 2.49.0 From 4d5ee1f6c52e81d5c0c1c341f623e096f7c98fff Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 16 Feb 2024 15:51:18 +0100 Subject: [PATCH 136/164] Update db-operator --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index e8a4277..5a2d274 100644 --- a/releases.yaml +++ b/releases.yaml @@ -354,7 +354,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.18.0 + version: 1.20.0 db-instances: &db-instances name: db-instances -- 2.49.0 From a6b30b3337bb5db06361574ebfdad4c044330f5d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 17 Feb 2024 02:20:54 +0100 Subject: [PATCH 137/164] Cleanup db-operator --- .../values/secrets.db-instances.yaml | 28 +++++++------------ .../values/values.db-instances.yaml | 20 ------------- releases.yaml | 1 - 3 files changed, 10 insertions(+), 39 deletions(-) diff --git a/badhouseplants/values/secrets.db-instances.yaml b/badhouseplants/values/secrets.db-instances.yaml index f8caa3a..ffe6efa 100644 --- a/badhouseplants/values/secrets.db-instances.yaml +++ b/badhouseplants/values/secrets.db-instances.yaml @@ -1,16 +1,8 @@ dbinstances: - postgres: - secrets: - adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str] - adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str] postgres16: secrets: - adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str] - adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str] - mysql: - secrets: - adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str] - adminPassword: ENC[AES256_GCM,data:vYIiHccMkX7yJ2gsVGcLTUO7Ers=,iv:uDlefG5I/cirIUal/phlHCNwYtcXYFBND54XJ+n7eug=,tag:YK7pdaohOZL9yg4OiPxbRg==,type:str] + adminUser: ENC[AES256_GCM,data:Ma+kTq+QHKY=,iv:1znr9VoLAdGlLFzbBx9NMsj022vb0I9z7bTTTAjzX/c=,tag:GfUQHztjj2h/ctm6XznT7w==,type:str] + adminPassword: ENC[AES256_GCM,data:XYfh9OGA9SgW3B76u3tmXPjQ8vA4,iv:M4KIyzNujIePcrwmp9N/EErer+YZFRujOEN9VsPz76E=,tag:driIxiCOYX2VUj3v0rvB7g==,type:str] sops: kms: [] gcp_kms: [] @@ -20,14 +12,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4 - VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi - bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns - Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3 - OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON2FPbXpoZCtMVStKZ0dl + RVRycjdaODJMcG5vblpiZlB3M1NVZXJaaWxnClpPSURkM0hzSFdPVmIwQ3g4N2Rx + Mnd6LzY2WVA1dTJmSVhMZXp6dmx5OXcKLS0tIHJKOGtWYTNjSnR1ZGMrZk5mR3ho + d1p0TDkrWkxwVUpKOTNYQVlORm94dFkKh4sfmicfMZzwoD6LymdlcXDTFcoLbJXq + Hoc62EW11Pl0Ah8HWkndbiYVO++xf2UHWq7Th4t1W1PdKq0bCN/GSg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T02:28:20Z" - mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str] + lastmodified: "2024-02-17T01:05:06Z" + mac: ENC[AES256_GCM,data:DX2T2S17r2U5jqqFWRDeuBjkjO1OrkF4/wRAC1cmSuhrGB+R+B/x3RPT9XKGpo9kEzgQkj1Fx9Wjkg0KMVlmTWJZM6GtHz/DUbD/nQX1+JLy+1U2qSYua59hdez3vIPPaLbiYcs7g2M/nEyyMj5c82wBgDUD26uiYo7V/AeoWjU=,iv:ISDzjgML2az6Y0VH/KNUcTVuHv8e59tT+Exn5BAqMeY=,tag:fGXusF0pYxHCPe8i+FmNIw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.0 + version: 3.8.1 diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 8e16c19..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -1,15 +1,5 @@ --- dbinstances: - postgres: - monitoring: - enabled: false - adminSecretRef: - Name: postgres-secret - Namespace: database-service - engine: postgres - generic: - host: postgres-postgresql - port: 5432 postgres16: monitoring: enabled: false @@ -20,13 +10,3 @@ dbinstances: generic: host: postgres16-postgresql.database-service.svc.cluster.local port: 5432 - mysql: - monitoring: - enabled: false - adminSecretRef: - Name: mysql-secret - Namespace: database-service - engine: mysql - generic: - host: mysql - port: 3306 diff --git a/releases.yaml b/releases.yaml index 5a2d274..ff68c1f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -286,7 +286,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource - - template: ext-database minio: &minio name: minio -- 2.49.0 From a20017c9b7f2ebe5cdde7f3f1d64a7d6dcacd1c3 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 15:44:31 +0100 Subject: [PATCH 138/164] Start setting up shadowsocks --- .../values/values.istio-ingressgateway.yaml | 4 + manifests/shadowsocks/install.yaml | 78 +++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 manifests/shadowsocks/install.yaml diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 8e39d27..94fe69a 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -2,6 +2,10 @@ service: type: LoadBalancer externalTrafficPolicy: Local ports: + - name: shadowsocks + port: 8388 + protocol: TCP + targetPort: 8388 - name: minecraft port: 25565 protocol: TCP diff --git a/manifests/shadowsocks/install.yaml b/manifests/shadowsocks/install.yaml new file mode 100644 index 0000000..a539b01 --- /dev/null +++ b/manifests/shadowsocks/install.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shadowsocks-deployment + labels: + app: shadowsocks +spec: + replicas: 1 + selector: + matchLabels: + app: shadowsocks + template: + metadata: + labels: + app: shadowsocks + spec: + containers: + - name: shadowsocks-libev + image: shadowsocks/shadowsocks-libev + env: + - name: METHOD + value: chacha20-ietf-poly1305 + - name: PASSWORD + value: test12345 + ports: + - containerPort: 8388 + securityContext: + capabilities: + add: + - NET_ADMIN +--- +apiVersion: v1 +kind: Service +metadata: + name: shadowsocks + labels: + app: shadowsocks +spec: + type: ClusterIP + ports: + - port: 8388 + protocol: TCP + selector: + app: shadowsocks +--- +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: badhouseplants-shadowsocks + namespace: istio-system +spec: + selector: + istio: ingressgateway + servers: + - hosts: + - '*' + port: + name: tcp + number: 8388 + protocol: TCP +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: shadowsocks +spec: + gateways: + - istio-system/badhouseplants-shadowsocks + hosts: + - '*' + tcp: + - match: + - port: 8388 + route: + - destination: + host: shadowsocks + port: + number: 8388 -- 2.49.0 From fbf483cfc0302db6e2a1935e5da7b5a98fcff142 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 16:26:35 +0100 Subject: [PATCH 139/164] Update openvpn --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index ff68c1f..6d8d23d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.49.0 From 5b478e594e27849764d9f38489be7ba448dd7ff6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:08 +0100 Subject: [PATCH 140/164] Cleanup the backup cluster --- badhouseplants/helmfile.yaml | 8 +++++++- etersoft/helmfile.yaml | 5 ----- helmfile.yaml | 5 ----- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 39e25bd..fd0641c 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -115,7 +115,7 @@ releases: installed: true namespace: mail-service createNamespace: true - + - <<: *tandoor installed: true namespace: tandoor-application @@ -125,6 +125,12 @@ releases: installed: false namespace: mailu-application createNamespace: false + + - <<: *longhorn + installed: true + namespace: longhorn-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index 98684a6..d861bbd 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,11 +7,6 @@ releases: namespace: openvpn-service createNamespace: false - - <<: *postgres16 - installed: true - namespace: database-service - createNamespace: true - bases: - ../environments.yaml - ../repositories.yaml diff --git a/helmfile.yaml b/helmfile.yaml index c813fb4..de9aa6b 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -46,11 +46,6 @@ releases: namespace: reflector-system createNamespace: true - - <<: *longhorn - installed: true - namespace: longhorn-system - createNamespace: false - - <<: *metallb-resources installed: true namespace: metallb-system -- 2.49.0 From 3c8f6a243c0bea83002d89c624b5810475df6528 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:44:23 +0100 Subject: [PATCH 141/164] Update istio bundle --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index 6d8d23d..db5e056 100644 --- a/releases.yaml +++ b/releases.yaml @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.2 + version: 1.20.3 istio-base: &istio-base name: istio-base -- 2.49.0 From cc1cf4e650af4dd94887112120e88a49e07a125d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:48:21 +0100 Subject: [PATCH 142/164] Update cilium --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index db5e056..d1d94af 100644 --- a/releases.yaml +++ b/releases.yaml @@ -426,7 +426,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.14.6 + version: 1.15.1 createNamespace: false namespace: kube-system inherit: -- 2.49.0 From b93d4e0b2beeb0aec3d03f80db37eaad61a81d9a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:03:04 +0100 Subject: [PATCH 143/164] Update bunch of releases --- badhouseplants/values/secrets.argocd.yaml | 22 ++++++++--------- badhouseplants/values/values.argocd.yaml | 29 +++++++++++------------ releases.yaml | 20 ++++++++-------- 3 files changed, 35 insertions(+), 36 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index 371d4d1..befdd81 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,10 @@ server: - config: - dex.config: ENC[AES256_GCM,data:SExaFuvPjiyYUiqBivswX4dpPM+x/6OsmyC9FFpiX1TCDIsYNFakzW5ZwFk1XnS8OYzqksyoxAGGU2fmoTVpHXviDqSZ76g0AREH3OwtSlz2R8RwFU/zzgXeqoxw2rC2ij0t0Vg39BeltArIFBcrtTfDy7AjMqf/Qx29EAb9nnoTA/SPj33VzHbn+tJIHb/a2XExj6VAyVJoq+fqsdKmmbI0tb636V+Cq/+wj6WwGjhu/0PDtaMN9AWokMGgICLUbdtfocinvZ1gyv8+QDnczYonD+wFZdlaKDembGN3p0BggBCLOY1I9f3PHG9Yy5xpNtAGFjDYF3NLz1n1QjDwRo1La6EHmmd2pL3INtU++IGRkC64bzCKR7i429/il13MKvccBOBWiJpkf5L65Rluyb1WWNYBcI/SscfQo1CSL6zXuZtrxeWrRcySs9TjSAtwHrpuRm6hfwi1tUcUUEhu6c9uUYMhSoNug8/2vQjQiJcEdh9n+YCoUbPraAC/OSctrnmO/vsXY9CcXCWWR606Wwvr0RIX+wg4/5vCyecj+5nvhfaZvECXoCmKT8xtmVw6h2oYbAU4T7o9J93XNMVyhui4DM1JN4GYlTsfbpU1PBetUII+RO23rJDSRQdEq16Kk9RcNEUaJYcS4uH7AXvbJVeC6Cx2OwN7zSmOSbA9D2kYt7IVcnBQRGJ+cH6fy34KTwJ0def6Ze243LlHdA==,iv:c8cJLybNsyuAw/BFmKtNTBzXIl0vmeSuKW8j/aw8STw=,tag:URax9og6ZQRvWPtKVel4SQ==,type:str] + configs: + dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 + YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs + WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 + TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti + LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-04T16:16:37Z" - mac: ENC[AES256_GCM,data:4HhqNV9EIcBA/nzxuiS21TWe6BQ+anfEQOnfrYcZ2vVD2dTPzc0ztZ1Ihc2WX6sMCVFDpUJFEcr38Aj2tXnnS80kTsnznBsSFNLj2b857PWXNeoAuwiiY3XBq+Ndo7I5wCYgWyuaH8xWQtd5JVuZPpqdtjTkbWq3lj8aARJUuQw=,iv:Hlu6iaBBQovSaXYAEB7nWBL9OM1UXYxQ444s5ZrMtuo=,tag:N/znbxYVwFoJ1eYAS8PE4A==,type:str] + lastmodified: "2024-02-20T22:58:37Z" + mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index e8d0bce..0acc84b 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -58,21 +58,6 @@ server: enabled: true serviceMonitor: enabled: false - rbacConfig: - policy.default: role:readonly - scopes: "[email, group]" - policy.csv: | - g, allanger@zohomail.com, role:admin - g, allanger@badhouseplants.net, role:admin - g, rodion.n.rodionov@gmail.com, role:admin - p, drone, applications, *, badhouseplants/*,allow - config: - exec.enabled: "true" - url: https://argo.badhouseplants.net - kustomize.buildOptions: "--enable-alpha-plugins" - accounts.drone: apiKey, login - accounts.drone.enabled: "true" - extraArgs: - --insecure @@ -86,6 +71,20 @@ repoServer: - name: regcred configs: + rbac: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, allanger@badhouseplants.net, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + p, drone, applications, *, badhouseplants/*,allow + cm: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + accounts.drone: apiKey, login + accounts.drone.enabled: "true" credentialTemplates: ssh-creds: url: git@github.com diff --git a/releases.yaml b/releases.yaml index d1d94af..ccc0215 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.11.0 + version: 3.12.0 values: - common/values.{{ .Release.Name }}.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.1 + version: 1.14.2 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 5.53.13 + version: 6.2.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.6.1 + version: 56.8.2 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.42.2 + version: 5.43.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.2.3 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: minecraft: &minecraft name: minecraft chart: minecraft-server-charts/minecraft - version: 4.14.0 + version: 4.15.0 inherit: - template: default-env-values - template: default-env-secrets @@ -337,7 +337,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.12.1 + version: 18.14.0 inherit: - template: default-env-values - template: default-env-secrets @@ -345,7 +345,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.0.1 + version: 14.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -408,7 +408,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.8.12 + version: 0.9.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From c5ade9c28b5c0c8c2c1b1e95695045e476198c79 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:08:14 +0100 Subject: [PATCH 144/164] Update longhorn and openvpn --- releases.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/releases.yaml b/releases.yaml index ccc0215..7fb40d3 100644 --- a/releases.yaml +++ b/releases.yaml @@ -144,7 +144,7 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.5.3 + version: 1.6.0 inherit: - template: default-env-values @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.0.8 + version: 1.1.0 inherit: - template: default-env-values - template: ext-istio-resource -- 2.49.0 From 9b8c729d654cfee50afae78581950e7963b20675 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:36:23 +0100 Subject: [PATCH 145/164] Update sops file --- badhouseplants/values/secrets.minecraft.yaml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml index 1639eb7..6a54d19 100644 --- a/badhouseplants/values/secrets.minecraft.yaml +++ b/badhouseplants/values/secrets.minecraft.yaml @@ -1,11 +1,11 @@ minecraftServer: rcon: - password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str] + password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] mcbackup: resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,14 +15,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 - MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF - cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 - MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf - pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o + dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 + azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK + QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk + lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-15T15:32:19Z" - mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str] + lastmodified: "2024-02-20T23:30:03Z" + mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 -- 2.49.0 From e255ee4e99eb3b67cfeb04f93279a08822885ce9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:50:11 +0100 Subject: [PATCH 146/164] Remove minecraft from the repo --- badhouseplants/helmfile.yaml | 5 - badhouseplants/values/secrets.minecraft.yaml | 28 --- badhouseplants/values/values.minecraft.yaml | 180 ------------------- badhouseplants/values/values.namespaces.yaml | 5 + releases.yaml | 9 - repositories.yaml | 2 - 6 files changed, 5 insertions(+), 224 deletions(-) delete mode 100644 badhouseplants/values/secrets.minecraft.yaml delete mode 100644 badhouseplants/values/values.minecraft.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index fd0641c..30d3395 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -30,11 +30,6 @@ releases: namespace: nrodionov-application createNamespace: false - - <<: *minecraft - installed: true - namespace: minecraft-application - createNamespace: false - - <<: *gitea installed: true namespace: gitea-service diff --git a/badhouseplants/values/secrets.minecraft.yaml b/badhouseplants/values/secrets.minecraft.yaml deleted file mode 100644 index 6a54d19..0000000 --- a/badhouseplants/values/secrets.minecraft.yaml +++ /dev/null @@ -1,28 +0,0 @@ -minecraftServer: - rcon: - password: ENC[AES256_GCM,data:woijK03SjpwXBK4v6VQQcDU9+Vtxu1K8aw==,iv:z42FfsX/uyqHKV1uUnXxbVSEMmI549nOvR0PTMhBqXA=,tag:GX3h+j00PfR/3kxcmk/RRg==,type:str] -mcbackup: - resticEnvs: - RESTIC_PASSWORD: ENC[AES256_GCM,data:stg6lZdHeI1IDCqcEObPi2HcLc0WtsxN4mwOqajD,iv:cd9k4zC6qLLfDesHc2eHYgOYw0tLoXRROOiWWg2ZWqo=,tag:tY+Vj2Uv1MonbgGSBZF/aA==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:J5+56NluagLrqNOoML4=,iv:jV4hZwcxg3K4hI3YiZlUTc+z26p+TJlHJ0iCnCD8XN4=,tag:yolnLc3raai15UMGzhY7Tg==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:D/nUeA9W,iv:sWH469oSthTZLlmdfNBs9iz8Rkmh+FgoN7cNwuhhm44=,tag:EeG6Dlz7XNKFxlyY2NWheA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvb29BdXcwNmJKVHg0ZE1o - dHJQMmdQcjBrbmo4cmpZZFdUNkQzbXZnc1FnCkZZdHBodXRpVG43dHRtaXVOdis3 - azRqSFQ4QU9Bc0YyaldUMFQ2S3NBOVUKLS0tIC9TbHkwVGYxY2xIT2thRHpQdDFK - QU55VnhyREJld1QzQUlvdGlJQzR1dEkKjPTR48VdNKqmZmNJb3eB44nXyqRtPxfk - lFh1pQLPRSiFtCQYRsRTUNZt131Y/wSIJ33Ri77rZAzF7MoOXZj+FQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T23:30:03Z" - mac: ENC[AES256_GCM,data:uZ0a7xDvJEQXxnoiTjclZ/rsuR5Iz+oY/5eQjeDdWnMd+itHZyHk4my8q1Ug0Dl6Md2qiVSiLAvfJsvLDiBqYWoCTWqnvBF8qXLq+pdjXuvAoLTVct8G/BDtgxYZcLQIUnox9RifUb6RCKtZADcG3VMsTWSrrZD4y0S3feQ47Mw=,iv:WYbtRGus5SR4J5rmmUuqgbhgJg/3NCZw04z67CvdYvM=,tag:OF79vVtfnC98ydWPOB4QnQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/badhouseplants/values/values.minecraft.yaml b/badhouseplants/values/values.minecraft.yaml deleted file mode 100644 index e5df96a..0000000 --- a/badhouseplants/values/values.minecraft.yaml +++ /dev/null @@ -1,180 +0,0 @@ ---- -# -------------------------------------------------- -# -- Extensions values -# -------------------------------------------------- -service-account: - enabled: true - resources: - - name: minecraft-exporter - label: - app: minecraft-minecraft-metrics - endpoints: - port: metrics -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: minecraft-tcp - gateway: istio-system/badhouseplants-minecraft - kind: tcp - port_match: 25565 - hostname: "*" - service: minecraft-minecraft - port: 25565 -# -------------------------------------------------- -# -- Main values -# -------------------------------------------------- -image: - tag: java17-graalvm-ce - pullPolicy: Always - -resources: - requests: - memory: 3Gi - cpu: 256m - limits: - memory: 3Gi - -lifecycle: - postStart: - - bash - - -c - - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 - -readinessProbe: - command: - - mc-health - periodSeconds: 20 - failureThreshold: 50 - timeoutSeconds: 10 -livenessProbe: - timeoutSeconds: 10 - -minecraftServer: - overrideServerProperties: true - eula: "TRUE" - onlineMode: false - difficulty: hard - hardcore: true - version: 1.20.1 - maxWorldSize: 90000 - type: "PAPER" - paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar - gameMode: survival - pvp: true - rcon: - enabled: true - withGeneratedPassword: false - port: 25575 - serviceType: ClusterIP - extraPorts: - - name: metrics - containerPort: 9225 - protocol: TCP - service: - enabled: true - embedded: false - labels: - exporter: minecraft - type: ClusterIP - port: 9925 - ingress: - enabled: false -persistence: - dataDir: - enabled: true - Size: 15Gi -mcbackup: - enabled: false - backupInterval: 2h - pauseIfNoPlayers: "false" - pruneBackupsDays: 2 - rconRetries: 5 - rconRetryInterval: 10s - excludes: "*.jar,cache,logs" - backupMethod: restic - resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft - resticAdditionalTags: "mc_backups" - pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" - resources: - requests: - memory: 512Mi - cpu: 100m - persistence: - backupDir: - enabled: false -# --------------------------------------------- -# -- Install Plugins -# --------------------------------------------- -initContainers: - - name: 0-install-prometheus-exporter - image: alpine/curl - command: - - curl - - -L - - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" - - -o - - /data/plugins/prometheus-exporter.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-password-plugin - image: alpine/curl - command: - - curl - - -L - - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" - - -o - - /data/plugins/PasswordProtect.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-gravity-control-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar - - -o - - /data/plugins/GravityControl-1.3.0.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - - name: 0-install-fast-minecart-plugin - image: alpine/curl - command: - - curl - - -L - - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar - - -o - - /data/plugins/FastMinecarts.jar - volumeMounts: - - name: plugins - mountPath: /data/plugins - - name: 1-add-plugins-to-minecraft - image: alpine/curl - command: - - sh - - -c - - cp -r /in /out/plugins - volumeMounts: - - name: plugins - mountPath: /in - readOnly: false - - name: datadir - mountPath: /out -extraVolumes: - - volumeMounts: - - name: plugins - mountPath: /data/plugins - readOnly: false - volumes: - - name: plugins - emptyDir: - sizeLimit: 500Mi diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index d752942..c0232d1 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -8,6 +8,11 @@ namespaces: - name: argo-system - name: nrodionov-application - name: minecraft-application + annotations: + badohouseplants.net/git-repo: | + https://git.badhouseplants.net/badhouseplants/minecraft-helmfile + badhouseplants.net/ci: | + https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - name: monitoring-system diff --git a/releases.yaml b/releases.yaml index 7fb40d3..8e126d7 100644 --- a/releases.yaml +++ b/releases.yaml @@ -296,15 +296,6 @@ templates: - template: default-env-secrets - template: ext-istio-resource - minecraft: &minecraft - name: minecraft - chart: minecraft-server-charts/minecraft - version: 4.15.0 - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - gitea: &gitea name: gitea chart: gitea/gitea diff --git a/repositories.yaml b/repositories.yaml index 9e7eced..0a82ac7 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -11,8 +11,6 @@ repositories: url: https://charts.bitnami.com/bitnami - name: minio url: https://charts.min.io/ - - name: minecraft-server-charts - url: https://itzg.github.io/minecraft-server-charts/ - name: longhorn url: https://charts.longhorn.io - name: gitea -- 2.49.0 From 773b70bb3a5acb6efa196987fce84b6bcc9e3564 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 22 Feb 2024 22:15:27 +0100 Subject: [PATCH 147/164] Udpate values --- badhouseplants/values/values.db-instances.yaml | 2 +- badhouseplants/values/values.namespaces.yaml | 1 + releases.yaml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index bfd0e1d..2032930 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: 5432 + port: '5432' diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index c0232d1..b10de2e 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -29,3 +29,4 @@ namespaces: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application + - name: kube-services diff --git a/releases.yaml b/releases.yaml index 8e126d7..7b04ab5 100644 --- a/releases.yaml +++ b/releases.yaml @@ -344,12 +344,12 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.20.0 + version: 1.21.0 db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.2.0 + version: 2.3.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 630819f88712feeb72d6aec01a8c28b3ec6f5f41 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 23 Feb 2024 00:47:38 +0100 Subject: [PATCH 148/164] Fix ArgoCD oauth --- badhouseplants/values/secrets.argocd.yaml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml index befdd81..81405e1 100644 --- a/badhouseplants/values/secrets.argocd.yaml +++ b/badhouseplants/values/secrets.argocd.yaml @@ -1,10 +1,9 @@ -server: - configs: - dex.config: ENC[AES256_GCM,data:7xM/TxMDkRKLJULb1zhLlHZX4uTVCp5iOAHI4P/x0fP85zNkFLskHUD5E2y0JZ+4SrDWpyVIUPu6Q6P31/b13IJBzKd78jepKBNacHeVKADGqibrPquP4pa4ZT8lKitMRXzqC/dnYeDPaJyjWyuBD0F/5d25m+Q8mpE9+XuchrBCLQg+rULOmgchWL08KnjeSxvOurYh8ehl5WMANgTsD1kFWRIjAj8XZNmNnz0jjiayEFikFt9yu1hcDMlwS3Urz+AkWa+d+lvymhP7jTSFhBzXP2VO2zwaaF+IcSOT2EdMhWltsZTeBaqi6YFyfR38Db/elTCd+/ZhYjEmNS/b7kSHlVDrt/J3zNFX2zJQS6NltC4NQpVRA4zkmz79N4pBzMoGIbYGyavXiBZvrqm3hcP2jKC5x/41CXfPIKO97iHOLALu8/N1We2hHulps91A0FZse5hz+kU9XbggKbKuvhbwjFDUPOraHcBuCa1YefSlCAZwgL/2BX/js8T5AJusiTtYbgR0GA2a1jlbq9hNQk0myyUk3cuR8svGfZARyomrBsTlrLB5dxIqfa/ZCXBlqGsxFQKyTxnnNxaMsGelRXE0uOUTwJ/Fz/bRNYaJO0UNPfiKPA+1q4qPOuM1i794TxeufP6eAR+lL+qeYViwTvh8r4I7y/41cbdj1WFsd3GcTMlNlOt8jXsJZ6vUgZPn88An1LI8U8Lzhj0IDw==,iv:DiW7ZlTe+TRxVIwnV+ASJJfJYFUQ0YqhHRsxx+vrLGs=,tag:i46xfJRV8rq5m7yT6etFfg==,type:str] configs: + cm: + dex.config: ENC[AES256_GCM,data:/5fVXmrlrI+A9VkyXXXEyout6crDfLKvEHRgSak3tZn90aVm/SrSsq/mJHO4k79zVPz/BBF8/RIt2rD1TJsBNWsTFfKJuCkSN7kjUIE1Blch9ju2MOOmtWR8NIi98k/t5D/kfF6JhAw3hTv6nOkaz6P9eJgAEawdNeaNZS2i/6s5UdJkTpZWCOD+3DJezYhWS9dePrWldRGzYNVc25wAbDF6jRrtXbF2aC/z/cuhcCEEgsncFAYz1lN8sKpdMXIZzBqvugYGUZHPkWAi8fsLRM818jA736NoT55d7yO2hR0RzbIEbr0Edbk9eeofAty5WEPBhop9OUJJFKeRq2AXgdY6Y98BH1Yn1X1PmkpV4Tu+S49q3jRC4g2dIttywA3waqdGSsXVI5q9sVSJTCN5gsHXM298K1hb0hCgIv4WAv/09BvOOxocTbz06c1zB/ZFxhJJ1Fv3wSPFiY011y8StMgEvBmh84ERK703Sn8jFrT31eujpF6saM8fER/1W7acOrGZTTCirXcm2Cp4QPS6LILeANcD6S6gFvITKxCa/Dzkk4OV3uB2KqpTX13IrbnMm+oYGM573QAJzuRBfGtFBggX6GHM1jGnPZ/s2n+BRrhKhZRofVommLMSl2mTyWRsLwJ8XzXIDZlQT8MrkCZX8EorQmUS3NPM5oTgxpq4dtGbwVmKh2i2ZcmwGK7AwB5OtLXeyLe/MbOikQKCig==,iv:xuTDUZWDWtzZwTOvfzGRNsqpPx+rxtTVs1C0gOjB+Pw=,tag:CLGA9kgSoWBFCJRW/s3MAg==,type:str] credentialTemplates: ssh-creds: - sshPrivateKey: ENC[AES256_GCM,data:iYvK2cwkrOJ4B3c4/opEMkZVsGTepka6n6Ut+NDbA6xnBfeVjTwEgxCx6MLtvTkyoFAoyFoUvbOMZuqqTkSa6WrQ6B9mkR62VpdQ5yBsCwg3InuS08pAIXyKfJ4V3jKqK8rrCjkIazcygefsvu139PD1SUe2DNusYZOQq3o6y8PRugSMXX8SJipgJcjMpdUyvrYcHupP+QkuiSuZLkccCEgoctlpUJ8QAbMxvWFv7hv35Vr0r/BIeEfJJ1XHm1e78ZJINiXbAXR64pyWWgWKJm2fFb2kbNPsJ3/PTQScvDO5qNUhuHDP4KiX0swl1Ja4YBJ2z0UuDamqjhA4xjCn1XRtq4e1huIpnKUb3ukRuBTQYeFQbYVSrHtypGmzcE5vpj3KmYSOPAN9QLHMEGhMEjT0AUW+3uhWyK7C1talvz/7xojUXMWkjLcEK0+U8XLu/3jd9XBVC2eSlpGQK7pyvYUOrotUd1KKeFZrIKXbxVKyQ5zXrCbAcEQejaybdn0Igi6FO1gAVKTOiAPAQfSR8bLjM70/+S+Fe6JejgWKt0Diqc6hNRCoIhNyToWOyxNB/b/OXMfwpYGCwf63loXjTU/WSK24m5FI5JRNknaPeC73q809fKhWP9le18BPKqdiltaw/bg51wyswKa7U93c020RwDcIKt7Hb+u7YquTUH0JUgZxzmoMszZg0YkPz44wb1kQG8zMd1joVAqdLJVT67Bd/XbU5dHZ/Tw+7/drhpZUKYagX30K4rPBnRiY03UfQtqKwZxueqRYhm47b8DoPBDI2UCssYPvfD6bz0vPbvIkoub485jQ9aSCvq0nB+AJpSVJaSHYHbmIxXZVSh3yMmBlx11J/tD+4IuehZqs85ybuCwGhD83+89W9NdzrTZt6OnTzF5IDA5S8H8nu5p2h9T7lgArhDjXj9MsE8H4bCKcmo9J1Dby1Zzr6Yf94IvTjVJSQV2MgbXOIhUhu8HaaE8f/d8Fm5TNdjrzjWPYNYZJWMkUY4ce5182aI8QZp/ApPJ8Y4BhTK8aYsDbJq8TBFL+h8GC2NmilQHJQeepXQpK8QylByv6P7wcpDuAJVyYMJrplbLQKD3bfw4RKvPqzbVae9jrf27PTzhFhhSauAm7xO1yO6riZVKn2pamXhDUdFjCxL55hAqRI1lfylNsWLA0uMS7GXBHPXBkBF/9wLeWijrUSApkigciLUKrN53G59PzpBhq4dd2GMhCTeV6UcupsdI8tTcvolVw/TWWWPNjKUGrEACqrWgd8eVjy5A7GPW4UdOIhieBj1Hi8Wn5k7eME4AWFfkAaHcyBRXmvYkal2gZvvqYm0cBpU0VQpMvwZBqh2n+MAiKcFupJ53Fpv+yIcGxVBGPI4nsUT1CHuUbzIF6JnpBAdFbKZtyNXOuheJPELt2bpcOz1KXsxf1g9rNIcVHMxKyNaLUEFRo2sVyVUuVkbrbzq+Nutk8R4RkXzbJ/E+d/QBHG8/QQLwL7hG5Lx2dhZsC2Ckx3R1c5Vr+u4yafp6t1juyB5UhLe1ReC4UVK4Z9ewWMWwD6NTssgYLGQNp3BK4CZmR9+JLHiPnC0vibAvM+qCMATaxriqUToDrDfrpfgZfz25ookiR1iWC9Pr8KahaVkeMuRuuEEovooe6cGTSOjxWzEagMvUwdd7af6JAanflMA8AvvSn1h8+WCfvdANXIOZDEKNr5+LqniRNXV6+GQcbqJzUaZXgQKjlZyv0MMNGVObAjXDO3bfiigll8gm4kh3JDiwe2utRb9w/vWaanRhdLiHVPg5zfs/WYGh1Q////UYV/A91bEw6Pndu7ZXq7CUYNBBhfznj0Jp7/0zHZDrVpDtDv4VQQTuJBAeC52sHVd4PK7P9SIoE0l03wwkVpkuP/bYupeTDovxNsbK5cO0Ponk0B18P28CQ4w4VtQMvAUOYz3C6vtgO9jxgnGrFxQkOSsgBCx1ZLCcLrfhGnSPTX6sW5MOf/Hfgn/9rkFsZN+Ek2Ls091rIg6jZmA9sfW9gsdSQumOzK4/PbTS9rdFZLa73AnXBUL3lSjDbqNaErph8/FBT4wGmPoeKht4o/uqPLbXF7ws3xz0W3A+7IIvoFZexQf/JnOGZgXDjyOyZj3hTAZy7+N85v/M8h7DeZDzYHuH/3dugye+yQxUxFpwgfXxs7avwi9aN37LPNmN9zA88whmtXMaUL2cf4i41BaRPSUtQX3CQ7aNtntnyxvU/YP0/QiwkZN/PLVmLFw/WDulAevGjN6lz1WwKdHcVdLhoZDWqkr+zK4wDTK5Fm7Se/WMK2Ne5UXA2k7xTPgN1HkzAfNfusfX5T3lL1YFzzuhJ5ShPHE+S7CMuQUvpn4ZWA3HonzHc/mfEh+9k9lNjGNzc4WwWUVB5IyVyotNf4gpeybbmi92v4MQ54oxoRD+QrNEdkyY+ImuK6louhWlB5/bpmm3vg8K3EcL3jw3ehdQMOwdeieDnjDYjjKgxQKZWkiyZ2K/QLonK9OYdvGArVJTbsJWORPLJsM6rScvQ3wg5TEzcn1+K0LILj1t58+0bvRL66ze7ZU9fBtANIRKLDWdDNqzm4s9qh8W2696AdQ20D0shCxd1BMSYmMclvx8z+bcxUNujnmULiFVFEdnyocuFlRmIqj0GQAhcrIhKE/Q+C7mXNxEqZV/tIAI/9WLhKGD6MHvmR6mCruX9DDOMxeu0T4nK3yVF/vRY5u2BqqIqyA93gJVLdvGvM1DIxJ2Mh7GzLFdkTUDP/YrTKxVg3mnkoKcbl4P3if0zRVTwOq5VpUv4pb0Z0AIrQDYdUIWPmqa7rap6ALAtc2OPsqXoXWkCCuFZncdTUA8qtTs82igcuMODsCQc2w/5wnzmkkczLkoiPgHFbBZNRS5qvG/Kbo8k5Tj3rJIBNd8dzwpxkFI7/YiOGdYEEuFELveyzIgnogsA38qc1xDi9vAElFX2+5Yh11WoZqpkrG3ZOFKF/LylcZCXZRr4Tzz3nxfcTriXb8b23BCG9ehc8zHXMOAz9F1NueycWMS15om4qxa4Rs/8b9EiNQ02CxN+Jb9s54zTpOcZ+PIY5FLY4+brltPdEwdhC7yrOC6K9gKn3QLJTECSOwfdGa7tHS3LoCUv+VWxDj+2rvkC/57EwovHo69Oy6HatgFhjN/n06lXm6NAijyC9wzuCwq7UutvcxXVp27zHfAeF6DdkQrtrXt5MKgiO9yXIVgstPZIV2WCPhxPgo/eAN1Tsw+xehXLJZl5KDqh3JDYYulUu9Cf4PyhKbPqL7cN2d1eGc3P/KG9J9xa+5IyfY+go1Ut+7u0xZ0sWk2XVDGhyWTc/XaqnOsr0L13zLBdpRlXhwmRMXdmu1YOAbtGojFUQ061H8jgAXufzkSUuxJX9ItP2A0dlIchu+XSsaUDaviUhXYQPg0hNDbxhNPYC4KifHhnYWtumdvs2eEEwiBREHeJZv4JC/Ll4VMo5A==,iv:4CZ3hbG1MSrQs0y5hPU2rGaHvw4DkzWgQuqn8alqUp4=,tag:a0a5DN0KTCrkJ1jGbU5YrA==,type:str] + sshPrivateKey: ENC[AES256_GCM,data:43Enu05W+Cxbg1z8GjoYMWNOkCSuUIny4c9YOJlp6HBwazFx8IbMLibSxcI4kWCaceKHj+jxHhj5hnnDJgXWElFHmsApxNX/GtXtaiIHF2I3f4o+WjLJMco1lkdrtLhb2ERis7PtzI+1aQsTDtwJG6xPDpxYT+apokx2XnwkFzjAetfi5zHMyepgQRXFjyGvn4HECLeC1uii4+/FmImI4gzTFIGAoeb6xT4HDsWV/kzrWNJk/FsnmQyCkiEHQ8wU1z1WTPr6cuTLf7WUrliPaOAwmGwxfchU+vIfIBsbfHoBVHeJR8/j9fB5Em10Z5Ton91CXObGVpEBJD4MHgUIEVmAunqK+ltAit/CNmQI5AwSofcfAV+hI2o8v6N4Wlq6PteNKeeBvdSCYEt9DR7uw+TNgTgxNhAzjZuXnfZzVpmsqtsy0LMBtdwruA7j0roBoqODU9+YbJc9rpx+MTwlaPrkBBRA2+ZZ2Z2Tl2NV8RJbxK6fwDha+E7KPqJnBwqK6xsROvEV2wzW/ZXGDWXuOM7sqCK0Zc+vi/X/1kgTTVt5BlnjLpk+tiZSIwMFLAQctMkEFpVQAWFqpVnlJenHmwh4NaHgEIEsiIMsR4Uh+7tmEwli+DVhauwOwJpMc4MJsZgquTyATd/1hJdLW0XJKNYGDd/Ia9dUvtuZR0vZks1J85XVwp/qR8QlJd0nMhFgzNV7cJnf2WE6nj3c8ibPjhelFPFd+dw0inoLsnwBGvNpxZTeu2UBInnyAW7MefVs29gSnWaSFi2dvT4Lw4X+yGdGP3SAydkTOfMcV7hbtv+IRfeyFTV6v0ebilufuvVy56HlZQl5H6y9kZEg3m8qxJ2gJB7MFVfqAku8lNDAgMyvdx2sDivbWvOOsPAC5N8NFHVn5XKlASrZs4N6o5Uo85ewO2GSLn+UKxLWvhqKwIB7oYubfVyV+m9SwqiZLBy6xt0FOKr4cg5pLDFhNer2vQfwRB/2meV3jZt3TXE5anlnxgEKIfrjhjJTXpOIaUPn3z/jbYk5RHTrFrAIib6u2r+HpTkxdnIE+jdgyl/bmhzI7cqDfR/VDdfbl78sAKNQjAhzG10eNWnRgrvNU5KuPOpvxaNUyv55L9MyrO95LdmrmV3SG2Y8J08sCx2kmGg0gJwWmQJpvWTPaa8HQ8oTUw/+b8c6z1DzesozjVVTdd2m51cprYQtSY+izJfjzYXfTs9q2ibzDaan1GWRx7cFYye5ks0DWG4Qn+dFIiVUez+mnSPIJ3CTWcXwnMfLALM4p1Ki2/BUyRz84ryJLJ4L+FhDJJFBpyi+SzdNOIpCEqOQgztxdX5FFEZ6dKwsQtj+8AA+eOlQIb1fu9lr+6g4+TgJzyYSxxgmCD/bTU+gGXq7r6pX8NIIZl3zcVNtvEg/mObzRq3U9JtljKDHjQVKlLm5KqoVeLybgCK0kr0DsqriD92UnhOHYY9Xt6l670h/kfH9tygSHogiWHZFJ3E90YeXnRAgzyELqdz9wrGri7y///Vm4vAh7O2wqVq7XW4w/27HStCFEOmPA6i/84VIRJPsbTNUxYi1SKVQzHe0r8gBAr3kcrLMRTzs/myH7utZxFmygR4NcI9q1X1Hz91Hi2mfHRAuhqnFWHjA/clMXy2eFTUkAUlG36z1+VhsPQVo+n1vkPXtbtW8FofL8LJZwtwuOHfnHI4W8431S4KtOcLFNLha6otzwD63KZ40x07ljwFW2/4txlb98jVE3myXK7n93mTL6iY17cTBir4gRdAACDlmelIyqQB2KcL8sJht9B0XXeWqMxkt6HQlJQaHjefv5QtP3tXKCSQUmdPf2dLLXfQnhhpZxEU6krZJLPCpM4Fj9hi+1dCmIwSW8iGSxMD9+KtyCenP3L243P0NzWPEpM4CvL4c8sgZYVzZ5xAxbGjL87ScTWhrBvpSv5a0OLtH9K1BFgISwXbZyn2dBSLdhaJYE2963KJE+yvbSuZPGzdOSGShQPX+h5FEEJrhZKyxI5b/EjbczZ/Rhu8YTrYdBNFX6XZkXvlF35uXfxmALihu7IBZCOZh8qepdxzYbXbrwLI22bG76Fib1zofhYuLTUqEHABy++NMGCZwLGsCzM6KQAEhlzy3uhQywpMuNUMfp9gaxsSb/RooYGEfqr7Ss7Qg6Nbzue9ayiO4sGl80m2kbQi2A+QdXsrplWeUVouNsdeIWs8J7uU+KSwQXdtuZHHVeo8v7YJddLHJDXdzKMEpukj1Nq342ZPSPpp8ENDh3XUP/SQgOWyAM7J08mhtlblmAOvKFe99SEnXqHLfRtgZgeZvlcfZF5mzz4Cq96mh8LU0V8C3T+31fWJpMJFo1eNHEbYxp/K6UkCDGsba4ahGAD8Txb/J5SPMWUKI8GRDo8ZOgvvDd0f/NvfnjngSWAVq/Kff2kMAMN9JtpEGUhxrRFZu+7qanmHrB4/3c3h+vh/+mQlURTIDmKOGFZPXmlOaW8KfL8/6dzSxAyYjOHPCuMb1JjyNqte1fzZ7Dih0LBtbTJYoMc52HM7nJ/ENHirwditTj3PTWJbRh/vVEQisbKtLkzb2vZPkTW3EXo1Z73KWZ/RqcU1S1Xj9egNLNZQegcJ98/9qXtmOAyhpwCyP+5Xscu6xVeIIso2f4G3JPJCelHCoeTyFo+8r/8k2FHiOhcmhPYPC6mlQQNKcV0441jrnjaJ7L9E1Kxt/iVK4B+/k4HVwv2J7yjQ5dU/KBY3V/vMhjQc3AGq6S6T7WoycYNY51AYYGHk6Hf2yl3md/qFE14hzX0Zt2sjmpQDJSG8CAOnay5XxDOrLEQwqmCaZPGGAK4FaXDERAgRsxp8vMy9KUQDVHwT1Tqf3rwGn74nNXo9IqQgcc5NV88FvRjLv1bm/6kBeaD9udfZBw7YqsRkY3mRoG/aJw8DkOdmYNIrJm69rmHreQo1KssVe/mz3Om0auwpBXR5D2OzZ/9e9XCprnUEN59cOfaha6qMm7pvDyJocaYvbSWPpchZb8DorWGEC7Iq2Qa45NaaKIpMrAOLPhiRqtNLP3L5Hzq23kvNOxY1r8Pxk6VPH6DqUBYrwq0vkYgABnquE1TZPL7ZqMMsfiAsK+iAxyFSbH44Yuby7VvD86rs0YaKYIgBTPMjfo7GNP5Dx8YPKUruQDnfaJYCw8klnmAtdioPWeEzRDmSYN+wOtz5fBFzPCXOVfit5BA8fIgpMrjdo/8a5TD7yf1HI9i3Nb8K8l1rAJ1SCsLF2Nu024rrcib8mxXBdXBdqxekGtN8+D2KLyq0FsR395o+Hy1uQg4UwL/tH5s7CiFoyQcngZxS4zqOjLQeTUbsLCx2y5SG144Ls/bQloLps0mvoz7+hyv7+UmKbkNbiJKOeIUjGMKRcfBDSog0v+V75yWjlsrRWmaVlQCwp0bkpCNu684qOv1T1WnpoYNctJzgxzggEYWuk/5YgqG/ao4Td7pJTkAD21A==,iv:x5mss0VoYp8qlgEdSa7973AClSdCin14GuAt3duWqjk=,tag:jz4tVj4Ot2ZwedETSRcVLA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +13,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NWtKdU5Gb1E5aFhmaHI0 - YWpQY0VTR2hWWDNPcklvQkdES3VMV01kUWh3CldheTZHRmpjNjV0MVErV2Qrc1Fs - WlhidklZOWgyMEtnbzA2UU0zVGhkQkUKLS0tIFBEZHVpd3krMHR3aXpHSzBTM2d5 - TE0xeGxscWhCVEpSYVkxUDdybGZ6VVEKHQ1m2NOmuo7Alr9wdaK+kKtceCbX9tti - LNQjwMsHfIyts5LIEafRh4mC+vsjmO56CUlUzoZDk7hU1u5Zp0Pskw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoUm5MVFA1THRlNHlQdkpw + MGtVZjhiTTNCUzcwV3lCQ0NqeTZHUWxrc21BCnRVbklPZE84U1FhNFIzeHowWUh0 + V01aeWhDcno1d1Bta01rdWtvaGRQaUkKLS0tIGhiZEZoMWt6WDlGeHpNdWZyVlI3 + THJzYlU2NUJ1R1I0TEtpQUdOM0VvQ3MKQmjL1jaJfXGi6FeFb34/l4FhOEAV05Q4 + DeHvke3nKOP/R0BJxwqvLi2hAyI2LEMSEaXs7iWnDDFOPUA1DiBcuA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-20T22:58:37Z" - mac: ENC[AES256_GCM,data:HHbHPlslZC5XLjh40wP8VfEgpFT1PyKtDhd0I0rxKhv7qQh+4oMQBpNvVrye1RIzLZJY43hme74lkH7o8ZnWfXAwPRJ7YYAKvLt0LAyLbko2v7hINY/kwMn6xGbUnfmvBIwLkLqHndYxOW44BvUe320N7a831OqPYWkiDEiwLSw=,iv:YYZSQMyQEM0r4WIyHs+gki5qaHMc4gKUi/JcFxjSHDU=,tag:ZyQ+/obUCLKAB2MsFYO7Ag==,type:str] + lastmodified: "2024-02-22T23:43:36Z" + mac: ENC[AES256_GCM,data:szfQ+rXGzIaqcLKnGO/H1poFQu6/qxtUJejY9lCQre/YUg+d5WAgPdrxlwmsUsLaUz8tgMGiAd+J8NmR/P+tahz5/wwuHOYadPWzof/okC77vuyVLjuEE2t2RQ5U40kUJJKR/3TPawyttiaTDpxu6VJj2KcIlHfxsW5ddzAtFdU=,iv:fX2yQtrap9XKxjiPMfriH+QHZM8tGrTDgtHhCWh4NZQ=,tag:7FWAPf7K8rvyEURVFkrz8A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- 2.49.0 From 97117aa3f28037df25ad5eef18c76396e954a50a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 29 Feb 2024 16:04:12 +0100 Subject: [PATCH 149/164] Update dbinstances --- badhouseplants/values/values.db-instances.yaml | 2 +- releases.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/badhouseplants/values/values.db-instances.yaml b/badhouseplants/values/values.db-instances.yaml index 2032930..bfd0e1d 100644 --- a/badhouseplants/values/values.db-instances.yaml +++ b/badhouseplants/values/values.db-instances.yaml @@ -9,4 +9,4 @@ dbinstances: engine: postgres generic: host: postgres16-postgresql.database-service.svc.cluster.local - port: '5432' + port: 5432 diff --git a/releases.yaml b/releases.yaml index 7b04ab5..7d00a7b 100644 --- a/releases.yaml +++ b/releases.yaml @@ -349,7 +349,7 @@ templates: db-instances: &db-instances name: db-instances chart: db-operator/db-instances - version: 2.3.0 + version: 2.3.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 2211d9b3881b69f5819c5aab70ff5b3883ed2164 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 11 Mar 2024 11:16:03 +0100 Subject: [PATCH 150/164] Update charts --- releases.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/releases.yaml b/releases.yaml index 7d00a7b..75b9769 100644 --- a/releases.yaml +++ b/releases.yaml @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.2 + version: 1.14.4 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.2.3 + version: 6.6.0 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 56.8.2 + version: 57.0.1 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.2 + version: 5.43.6 inherit: - template: monitoring-common - template: default-env-values @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.1.1 + version: 1.2.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 19.3.0 + version: 20.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.0.15 + version: 5.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.1 + version: 10.1.3 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.14.0 + version: 18.19.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.1.3 + version: 14.3.1 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.19.1 + version: 9.23.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.238 + version: 7.1.256 mailu: &mailu name: mailu @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.0 + version: 0.9.1 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From 8a85d32722da26c1d8f91ea25950a305d3b67592 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 22 Mar 2024 11:16:58 +0100 Subject: [PATCH 151/164] Update releases --- releases.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/releases.yaml b/releases.yaml index 75b9769..a68627e 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.6.0 + version: 6.7.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.0.1 + version: 57.1.0 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.20.3 + version: 1.21.0 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.0 + version: 1.2.3 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 20.1.2 + version: 21.0.5 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 18.19.1 + version: 19.0.1 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 14.3.1 + version: 15.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 9.23.0 + version: 10.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -384,7 +384,7 @@ templates: reflector: &reflector name: reflector chart: emberstack/reflector - version: 7.1.256 + version: 7.1.262 mailu: &mailu name: mailu -- 2.49.0 From a47775d835b80af5dd26bdc3f02ddc41b6cf17d8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:42:13 +0100 Subject: [PATCH 152/164] Update charts --- releases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/releases.yaml b/releases.yaml index a68627e..a212f84 100644 --- a/releases.yaml +++ b/releases.yaml @@ -231,7 +231,7 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.2.0 + version: 1.3.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -239,7 +239,7 @@ templates: openvpn: &openvpn name: openvpn chart: allanger-gitea/openvpn - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: ext-istio-resource @@ -374,7 +374,7 @@ templates: vaultwarden: &vaultwarden name: vaultwarden chart: allanger-gitea/vaultwarden - version: 1.1.0 + version: 1.2.0 inherit: - template: default-env-values - template: default-env-secrets -- 2.49.0 From ba7a32a17f7d22a891b8e1f82f7d8853d09308da Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 24 Mar 2024 13:44:22 +0100 Subject: [PATCH 153/164] Instll zot --- badhouseplants/helmfile.yaml | 2 ++ badhouseplants/values/values.zot.yaml | 11 +++++++++++ manifests/debug/istio/httpbin.yaml | 18 ++++++++++++++++++ releases.yaml | 12 +++++++++++- repositories.yaml | 10 ++++++++-- 5 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 badhouseplants/values/values.zot.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 30d3395..cbda993 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,6 +10,8 @@ releases: installed: true - <<: *cilium installed: true + - <<: *zot + installed: true - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml new file mode 100644 index 0000000..f25f24f --- /dev/null +++ b/badhouseplants/values/values.zot.yaml @@ -0,0 +1,11 @@ +istio: + enabled: true + istio: + - name: zot + kind: http + gateway: istio-system/badhouseplants-net + hostname: registry.badhouseplants.net + service: zot + port: 5000 +service: + type: ClusterIP diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index 395418c..f6d57f9 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -24,6 +24,24 @@ spec: number: 8000 host: httpbin --- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httpbin + namespace: debug +spec: + rules: + - host: httpbin.rocks + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: httpbin + port: + number: 8000 +--- apiVersion: v1 kind: Service metadata: diff --git a/releases.yaml b/releases.yaml index a212f84..7ec4d2d 100644 --- a/releases.yaml +++ b/releases.yaml @@ -417,8 +417,18 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.1 + version: 1.15.2 createNamespace: false namespace: kube-system inherit: - template: default-env-values + + zot: &zot + name: zot + chart: zot/zot + version: 0.1.52 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: ext-istio-resource diff --git a/repositories.yaml b/repositories.yaml index 0a82ac7..0134e5a 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -45,7 +45,13 @@ repositories: url: https://charts.gabe565.com - name: mailu url: https://mailu.github.io/helm-charts/ - - name: coredns + - name: coredns url: https://coredns.github.io/helm - - name: cilium + - name: cilium url: https://helm.cilium.io/ + - name: phybros-helm-charts + url: https://phybros.github.io/helm-charts + - name: nextcloud + url: https://nextcloud.github.io/helm/ + - name: zot + url: https://zotregistry.dev/helm-charts/ -- 2.49.0 From c4dd8bd6e473929aa400a24d844fa1053505d585 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 21:48:31 +0100 Subject: [PATCH 154/164] Install zot --- badhouseplants/values/secrets.zot.yaml | 23 +++++++++++++++++++++++ badhouseplants/values/values.zot.yaml | 25 +++++++++++++++++++++++++ releases.yaml | 1 + 3 files changed, 49 insertions(+) create mode 100644 badhouseplants/values/secrets.zot.yaml diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml new file mode 100644 index 0000000..4019155 --- /dev/null +++ b/badhouseplants/values/secrets.zot.yaml @@ -0,0 +1,23 @@ +configFiles: + config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] +authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 + dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk + WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv + REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ + ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-25T10:24:20Z" + mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index f25f24f..c418f5c 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -9,3 +9,28 @@ istio: port: 5000 service: type: ClusterIP +persistence: true +pvc: + create: true + accessMode: "ReadWriteOnce" + storage: 5Gi + storageClassName: longhorn +mountConfig: true +mountSecret: true + #configFiles: + # ui.json: |- + # { + # "log": { + # "level": "info" + # }, + # "extensions": { + # "search": { + # "cve": { + # "updateInterval": "2h" + # } + # }, + # "ui": { + # "enable": true + # } + # } + # } diff --git a/releases.yaml b/releases.yaml index 7ec4d2d..d431f97 100644 --- a/releases.yaml +++ b/releases.yaml @@ -431,4 +431,5 @@ templates: namespace: kube-services inherit: - template: default-env-values + - template: default-env-secrets - template: ext-istio-resource -- 2.49.0 From bcab058394b2da5c5977daf4faaa49cc885c89a1 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 26 Mar 2024 22:25:21 +0100 Subject: [PATCH 155/164] Init helmule config --- helmule/helmule.yaml | 235 ++++++++++++++++++++++++++++++++++++++++++ repositories-oci.yaml | 4 + 2 files changed, 239 insertions(+) create mode 100644 helmule/helmule.yaml create mode 100644 repositories-oci.yaml diff --git a/helmule/helmule.yaml b/helmule/helmule.yaml new file mode 100644 index 0000000..5be7c9a --- /dev/null +++ b/helmule/helmule.yaml @@ -0,0 +1,235 @@ +charts: + - repository: metrics-server + name: metrics-server + mirrors: + - custom-commands + - repository: metallb + name: metallb + mirrors: + - custom-commands + - repository: bedag + name: raw + mirrors: + - custom-commands + - repository: jetstack + name: cert-manager + mirrors: + - custom-commands + - repository: longhorn + name: longhorn + mirrors: + - custom-commands + - repository: argo + name: argo-cd + mirrors: + - custom-commands + - repository: prometheus-community + name: kube-prometheus-stack + mirrors: + - custom-commands + - repository: grafana + name: loki + mirrors: + - custom-commands + - repository: grafana + name: promtail + mirrors: + - custom-commands + - repository: istio + name: base + mirrors: + - custom-commands + - repository: istio + name: gateway + mirrors: + - custom-commands + - repository: istio + name: istiod + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn-xor + mirrors: + - custom-commands + - repository: allanger-gitea + name: openvpn + mirrors: + - custom-commands + - repository: drone + name: drone + mirrors: + - custom-commands + - repository: drone + name: drone-runner-docker + mirrors: + - custom-commands + - repository: woodpecker + name: woodpecker + mirrors: + - custom-commands + - repository: bitnami + name: wordpress + mirrors: + - custom-commands + - repository: minio + name: minio + mirrors: + - custom-commands + - repository: gitea + name: gitea + mirrors: + - custom-commands + - repository: ananace-charts + name: funkwhale + mirrors: + - custom-commands + - repository: bitwarden + name: vaultwarden + mirrors: + - custom-commands + - repository: bitnami + name: redis + mirrors: + - custom-commands + - repository: bitnami + name: postgresql + mirrors: + - custom-commands + - repository: db-operator + name: db-operator + mirrors: + - custom-commands + - repository: db-operator + name: db-instances + mirrors: + - custom-commands + - repository: bitnami + name: mysql + mirrors: + - custom-commands + - repository: allanger-gitea + name: docker-mailserver + mirrors: + - custom-commands + - repository: allanger-gitea + name: vaultwarden + mirrors: + - custom-commands + - repository: emberstack + name: reflector + mirrors: + - custom-commands + - repository: mailu + name: mailu + mirrors: + - custom-commands + - repository: gabe565 + name: tandoor + mirrors: + - custom-commands + - repository: coredns + name: coredns + mirrors: + - custom-commands + - repository: cilium + name: cilium + mirrors: + - custom-commands + - repository: zot + name: zot + mirrors: + - custom-commands +mirrors: + - name: custom-commands + custom_command: + package: + - helm package -d package . + upload: + - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/badhouseplants + - rm -rf ./package +repositories: + - name: metrics-server + helm: + url: https://kubernetes-sigs.github.io/metrics-server/ + - name: jetstack + helm: + url: https://charts.jetstack.io + - name: istio + helm: + url: https://istio-release.storage.googleapis.com/charts + - name: drone + helm: + url: https://charts.drone.io + - name: bitnami + helm: + url: https://charts.bitnami.com/bitnami + - name: minio + helm: + url: https://charts.min.io/ + - name: longhorn + helm: + url: https://charts.longhorn.io + - name: gitea + helm: + url: https://dl.gitea.io/charts/ + - name: ananace-charts + helm: + url: https://ananace.gitlab.io/charts + - name: argo + helm: + url: https://argoproj.github.io/argo-helm + - name: bedag + helm: + url: https://bedag.github.io/helm-charts/ + - name: metallb + helm: + url: https://metallb.github.io/metallb + - name: prometheus-community + helm: + url: https://prometheus-community.github.io/helm-charts + - name: grafana + helm: + url: https://grafana.github.io/helm-charts + - name: bitwarden + helm: + url: https://constin.github.io/vaultwarden-helm/ + - name: db-operator + helm: + url: https://db-operator.github.io/charts + - name: allanger-gitea + helm: + url: https://git.badhouseplants.net/api/packages/allanger/helm + - name: badhouseplants + helm: + url: https://badhouseplants.github.io/helm-charts/ + - name: woodpecker + helm: + url: https://woodpecker-ci.org + - name: firefly-iii + helm: + url: https://firefly-iii.github.io/kubernetes/ + - name: emberstack + helm: + url: https://emberstack.github.io/helm-charts + - name: gabe565 + helm: + url: https://charts.gabe565.com + - name: mailu + helm: + url: https://mailu.github.io/helm-charts/ + - name: coredns + helm: + url: https://coredns.github.io/helm + - name: cilium + helm: + url: https://helm.cilium.io/ + - name: phybros-helm-charts + helm: + url: https://phybros.github.io/helm-charts + - name: nextcloud + helm: + url: https://nextcloud.github.io/helm/ + - name: zot + helm: + url: https://zotregistry.dev/helm-charts/ + diff --git a/repositories-oci.yaml b/repositories-oci.yaml new file mode 100644 index 0000000..5db4d1e --- /dev/null +++ b/repositories-oci.yaml @@ -0,0 +1,4 @@ +repositories: + - name: badhouseplants-oci + url: registry.badhouseplants.net/badhouseplants + oci: true -- 2.49.0 From ff0f34551a544dff8e08989fbc3874f5b220421d Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Apr 2024 11:31:15 +0200 Subject: [PATCH 156/164] Update charts --- badhouseplants/helmfile.yaml | 1 + .../values/secrets.chartmuseum.yaml | 24 ++++++++++++++ badhouseplants/values/values.chartmuseum.yaml | 19 +++++++++++ releases.yaml | 32 ++++++++++++------- repositories.yaml | 2 ++ 5 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 badhouseplants/values/secrets.chartmuseum.yaml create mode 100644 badhouseplants/values/values.chartmuseum.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index cbda993..3d901cd 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -12,6 +12,7 @@ releases: installed: true - <<: *zot installed: true + - <<: *chartmuseum - <<: *drone installed: true namespace: drone-service diff --git a/badhouseplants/values/secrets.chartmuseum.yaml b/badhouseplants/values/secrets.chartmuseum.yaml new file mode 100644 index 0000000..8e14680 --- /dev/null +++ b/badhouseplants/values/secrets.chartmuseum.yaml @@ -0,0 +1,24 @@ +env: + secret: + BASIC_AUTH_USER: ENC[AES256_GCM,data:i+3uBSJ1yrA=,iv:bhB9fIPxR2y9sS4jfbuhAIyzMHgoIRLFGXzQJ4763Cg=,tag:7pv9IOcBXhaeRu3qChQP8A==,type:str] + BASIC_AUTH_PASS: ENC[AES256_GCM,data:zSb7cw==,iv:CL6ywqsc2hpTnBl7ndD0s49JNEmMNnu3X0gke4KT3qw=,tag:tSVaRdIZpkzsqp6n1RUB9A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBc2RwQk9OTS9GV0NOb2x2 + OE1YVEsveU1VMTArZEJ3a2tETis1N1FTTndJCm96bWtYMDdRNnVTZEk2b0JPQWFl + a1BTcWVyUWZKOEJSWDZEcWZydEc2b00KLS0tIEpWdTZGWUdCUHczWEZoR0dSTlRY + TlNpbDVHa1VDUk9wODJLaHZJT2JoWmsKUD7yk2jpDVHvP5B4soK7k834RI+ydHxg + H9/8nzPNwNbpq5ysHmYFChpfiOHrSKirVINUP7MmLGdPZ24FSHI4+g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-27T08:47:35Z" + mac: ENC[AES256_GCM,data:w72acY/GygiBVO/3/OQU1WJ90R+mbuCcGid9KzCAPOtdhBBbY5zZUtkZvkZkaugoiI+bpywoXQI/5JbY4+23D4MN2XHHG69DIkpR0eygeTHWc/id+LhfxIGHqvYzULshQuyVtPezoExWVwC3c3ZJYpkzRJhgOjA9TNg5ib4jnIw=,iv:srnydYWdQ352zeNzk/HJi5CyoQEqsDxbCV+1aT1qE8Y=,tag:zCRILWPmLcW0mN/IRpzazA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.chartmuseum.yaml b/badhouseplants/values/values.chartmuseum.yaml new file mode 100644 index 0000000..8ea6b10 --- /dev/null +++ b/badhouseplants/values/values.chartmuseum.yaml @@ -0,0 +1,19 @@ +istio: + enabled: true + istio: + - name: chartmuseum + kind: http + gateway: istio-system/badhouseplants-net + hostname: helm.badhouseplants.net + service: chartmuseum + port: 8080 +env: + open: + AUTH_ANONYMOUS_GET: true + DISABLE_API: false + CORS_ALLOWORIGIN: "*" +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 2Gi + path: /storage diff --git a/releases.yaml b/releases.yaml index d431f97..f66cf73 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.3 + version: 0.14.4 metallb-resources: &metallb-resources name: metallb-resources @@ -144,14 +144,14 @@ templates: longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.0 + version: 1.6.1 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.3 + version: 6.7.6 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.1.0 + version: 57.2.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.43.6 + version: 5.47.2 inherit: - template: monitoring-common - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.5 + version: 21.0.7 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.1 + version: 19.0.2 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.1.2 + version: 15.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.1 + version: 0.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.2 + version: 1.15.3 createNamespace: false namespace: kube-system inherit: @@ -426,7 +426,17 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.52 + version: 0.1.53 + createNamespace: false + namespace: kube-services + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-istio-resource + chartmuseum: &chartmuseum + name: chartmuseum + chart: chartmuseum/chartmuseum + version: 3.10.2 createNamespace: false namespace: kube-services inherit: diff --git a/repositories.yaml b/repositories.yaml index 0134e5a..2ce3602 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -55,3 +55,5 @@ repositories: url: https://nextcloud.github.io/helm/ - name: zot url: https://zotregistry.dev/helm-charts/ + - name: chartmuseum + url: https://chartmuseum.github.io/charts -- 2.49.0 From 262417f1cf5c56aded53c82007b1c0ca63e587be Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 20 Apr 2024 13:51:38 +0200 Subject: [PATCH 157/164] A lot of updates and disable loki --- badhouseplants/helmfile.yaml | 6 +- badhouseplants/values/secrets.zot.yaml | 18 ++-- .../values.istio-gateway-resources.yaml | 10 ++ .../values/values.istio-ingressgateway.yaml | 4 + badhouseplants/values/values.istiod.yaml | 2 +- badhouseplants/values/values.loki.yaml | 91 +++++++++++++++++-- badhouseplants/values/values.postgres16.yaml | 17 ++++ badhouseplants/values/values.zot.yaml | 2 + releases.yaml | 36 +++++--- repositories.yaml | 2 + 10 files changed, 154 insertions(+), 34 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 3d901cd..b1464e4 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,8 +11,10 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: true + installed: false - <<: *chartmuseum + installed: false + - <<: *keel - <<: *drone installed: true namespace: drone-service @@ -115,7 +117,7 @@ releases: createNamespace: true - <<: *tandoor - installed: true + installed: false namespace: tandoor-application createNamespace: true diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 4019155..14ecac2 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:9XS/phUYqF5BNC6IYxLLcIfCysAaxwFbiSGv0qJP+cx37Av/+B3ItHpupnKAJtrKtOPUtye3E3LiJ/vzLzBbDuQ4dCjr8X8oAqN4/PuZe2qz1oYwG1fKZJRQqMJowi/fqiL1B7AQGAHs2RNptH4WVhQZVeFmpUFLptRNIu2I+63LB9XYI/WYk3H1VXPTADqLccnQe2skGXL4GxuZsST3LnYneRPOWNAVa64xeJYZ1c2/FCue1Nc4ylpWEzBchZ3znPv1pY6v9xnacNgm8kTw5e40VEn2NmWPnDVdJhWO2tBLHAFyxU6HpO1U0GRhHTAnt6eh330B+cEMZIcOf+eoYKwzxeyM1aevsrkykSLXfVcZpn96/j9V3LtIZUn4cjgTa7fDyui23fZ1MM3yLUsfElqTwN8Dq+cnHrgEjUHpCSsth0Zd7PF0CIjhVm8SlgLXrU0vr3EzC5hoIeW9wQs23v+i6rB49+fR7DkqRuBYNrYNgFghwd9STMa5gwC1o/mvJrgM1tSx74ETRXq7ukVXCsSlGm5YEMI5HqDeF6XQbkaL9VbKEVnuhhu+oaF4IphpZHIs+r5ExLMST9LHnHtANohk5JERtclrWIosqlBrYLHDv00rYvLZH2F/GPa95i1+0kbAM+D3fTQX72czJFWNaJqZ/JifrVQyW2wizrtpEfOZoWV6tdPddaJdtcVJuQqrRJDSZN1Ju94Mgkf0b71YEbLBqba/5Zv8bV/2TeG1qcRR1U644XJ/BalFEi1cWv6UVkEnjqQun4X/keDZXGkxwcwSkoz/1kdsLfrXB3izZz8iLooGepKxUf1/7n9wuuRDMjrdASv3jj9vJlaB/brxXuW4k8LXnv4XM6EKKMFxy2xhzF5yOiyCARECqTR9G/AcrnQPefbqYgtz4mmWF5F0s7Fvod6aOWlEyX86SEEb/GuZu+45GpalWHWr5veOGcuohDbaAwdRFHDMP8DO00dZzwuU1/wmmmMtpUvbOjiH7gxQHJriCntO8YaTGkGajVVfFZDmzRlJui528ePL2XAXlzqcH79Om/M59p00HWWyOCCnD/Eza+t4YiULDtPpL0KInd4GbU0S0RfI97yDjSbXtiHc5KV6qPfcrGGydqmamn0l0WyNctLwi4a48eL9NDRPrLKq2z3yWP7z3eiPmR4PZ+C2Q0+WYxRhIUgMyeIfFWLC+ifButF6auYedB9NLjXexVGinmZpxVkhcfJoAiFbGB1m3fJ63gdEUPA6xdou2SuPzeK8pjaRKV3tWxJNSyjOknR1mDHqbttvq3vvHJ7zG+WhkC8RVf2TNcPCefQnzReURCOIo9Ji6vvs11s1S/2DOhQJMx2Sm5ltRglMQFYehbDspz/5Z0fx/7SLcBD+wnqmat/fWDVHRSBZyej7dNk02X09B3E2GszhJEC1RcqHDNZWM10FqzQgCEBGQUkmXKyL0zG+2au6bdZI0M7ztjDZPPfwwduC2iP4u/Lapez2v4aX,iv:lKDF4axHH0zSkxbqlVfPnjyUsW/Dp2cBtmehBjqe40U=,tag:RRUPjceWpA9XkQMBeOf83w==,type:str] -authHeader: ENC[AES256_GCM,data:+9j9VcfgWUaC5pt77Kvpng==,iv:U6b3AtgiIIOWjlA/8ebqTgZpOYGNSl/6KWO/G9GImWc=,tag:0VBXVn58kt2q31Bp7t7ZUw==,type:str] + config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] +authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXdOMjliODlaK3A4ZDR2 - dHJwUTVqbURFTGVuTkhlVVhONitRUjlxOEYwCkkveUVHN3VoNmgvUGxxN2I3MmRk - WVV4bGZVaDM0UUJ1cDRyQjJqcUhNbmcKLS0tIG9pYTc0Zm00NDR2Z0xuZXRQS3Mv - REdCMHNYeFZUT2E3YmpMMWV3WTNORUUK2aYBLuMwbBmpvOFZam28ij4XV9XydtfZ - ISrxWvuhqVmrl07tc+Zb6Vd0W1utSS8rK5N4/DaSoBJ6QVSpGHSPMQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 + emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw + N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy + ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V + WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-25T10:24:20Z" - mac: ENC[AES256_GCM,data:LPCHkUeO5Lk0yoEPYrnDa0LDVPJtMVlplUKNC8rVCL3PC1j3Hs6MlJFTHgZPw7QrJGThojb/SK10ysi4zknISlwMvuA4QSbSdcqYyzz9C8NhmnsqWOix2jrSPJR4CQVwzmX51mxGF+3oXQDO/qBDsaMXWf4uQi8rWGIl1fCINOo=,iv:n6tLmRGNlH5I+ouTawOm+NCskylwvKF7uBLKpy52y3U=,tag:3nVuMfVcwoxJAYW4e3tmcQ==,type:str] + lastmodified: "2024-04-08T15:15:59Z" + mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index 9349206..acbca74 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -22,6 +22,16 @@ istio-gateway: gateways: - name: badhouseplants-net servers: + - hosts: + - badhouseplants.net + - '*.badhouseplants.net' + port: + name: grpc-web + number: 8080 + protocol: HTTPS + tls: + credentialName: badhouseplants-wildcard-tls + mode: SIMPLE - hosts: - badhouseplants.net - '*.badhouseplants.net' diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index 94fe69a..b97223d 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -18,6 +18,10 @@ service: port: 80 protocol: TCP targetPort: 80 + - name: grpc-web + port: 8080 + protocol: TCP + targetPort: 8080 - name: https port: 443 protocol: TCP diff --git a/badhouseplants/values/values.istiod.yaml b/badhouseplants/values/values.istiod.yaml index 01529ce..d788392 100644 --- a/badhouseplants/values/values.istiod.yaml +++ b/badhouseplants/values/values.istiod.yaml @@ -8,7 +8,7 @@ global: proxy: resources: requests: - cpu: 100m + cpu: 20m memory: 128Mi limits: memory: 128Mi diff --git a/badhouseplants/values/values.loki.yaml b/badhouseplants/values/values.loki.yaml index f3a74e8..c160d28 100644 --- a/badhouseplants/values/values.loki.yaml +++ b/badhouseplants/values/values.loki.yaml @@ -1,24 +1,99 @@ --- global: dnsService: "coredns" -singleBinary: - replicas: 1 - persistence: - size: 5Gi + loki: auth_enabled: false commonConfig: replication_factor: 1 storage: type: 'filesystem' + commonConfig: + replication_factor: 1 + schemaConfig: + configs: + - from: 2024-04-01 + store: tsdb + object_store: s3 + schema: v13 + index: + prefix: loki_index_ + period: 24h + ingester: + chunk_encoding: snappy + tracing: + enabled: true + querier: + # Default is 4, if you have enough memory and CPU you can increase, reduce if OOMing + max_concurrent: 2 + +compactor: + retention_enabled: true +limits_config: + retention_period: 14d + monitoring: selfMonitoring: enabled: false lokiCanary: enabled: false -test: + +#gateway: +# ingress: +# enabled: true +# hosts: +# - host: FIXME +# paths: +# - path: / +# pathType: Prefix + +deploymentMode: SingleBinary +singleBinary: + persistence: + size: 5Gi + replicas: 1 + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + extraEnv: + # Keep a little bit lower than memory limits + - name: GOMEMLIMIT + value: 3750MiB + +chunksCache: + # default is 500MB, with limited memory keep this smaller + writebackSizeLimit: 10MB + +minio: enabled: false + +# Zero out replica counts of other deployment modes +backend: + replicas: 0 +read: + replicas: 0 +write: + replicas: 0 + +ingester: + replicas: 0 +querier: + replicas: 0 +queryFrontend: + replicas: 0 +queryScheduler: + replicas: 0 +distributor: + replicas: 0 compactor: - retention_enabled: true -limits_config: - retention_period: 14d + replicas: 0 +indexGateway: + replicas: 0 +bloomCompactor: + replicas: 0 +bloomGateway: + replicas: 0 diff --git a/badhouseplants/values/values.postgres16.yaml b/badhouseplants/values/values.postgres16.yaml index cbcb751..92cef0b 100644 --- a/badhouseplants/values/values.postgres16.yaml +++ b/badhouseplants/values/values.postgres16.yaml @@ -8,3 +8,20 @@ persistence: metrics: enabled: false +primary: + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsNonRoot: false + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index c418f5c..e7afd09 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -7,6 +7,8 @@ istio: hostname: registry.badhouseplants.net service: zot port: 5000 +strategy: + type: Recreate service: type: ClusterIP persistence: true diff --git a/releases.yaml b/releases.yaml index f66cf73..2c7d858 100644 --- a/releases.yaml +++ b/releases.yaml @@ -117,7 +117,7 @@ templates: metrics-server: &metrics-server name: metrics-server chart: metrics-server/metrics-server - version: 3.12.0 + version: 3.12.1 values: - common/values.{{ .Release.Name }}.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.6 + version: 6.7.12 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 57.2.0 + version: 58.1.3 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 5.47.2 + version: 6.3.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.0 + version: 1.21.1 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 21.0.7 + version: 22.1.7 inherit: - template: default-env-values - template: default-env-secrets @@ -299,7 +299,7 @@ templates: gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.3 + version: 10.1.4 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.0.2 + version: 19.1.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.0 + version: 15.2.5 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.21.0 + version: 1.23.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.0 + version: 10.1.1 inherit: - template: default-env-values - template: default-env-secrets @@ -365,7 +365,7 @@ templates: docker-mailserver: &docker-mailserver name: docker-mailserver chart: allanger-gitea/docker-mailserver - version: 2.2.0 + version: 2.3.1 inherit: - template: default-env-values - template: ext-istio-gateway @@ -399,7 +399,7 @@ templates: tandoor: &tandoor name: tandoor chart: gabe565/tandoor - version: 0.9.3 + version: 0.9.5 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.3 + version: 1.15.4 createNamespace: false namespace: kube-system inherit: @@ -443,3 +443,11 @@ templates: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel + name: keel + chart: keel/keel + version: 1.0.3 + createNamespace: false + namespace: kube-system + + diff --git a/repositories.yaml b/repositories.yaml index 2ce3602..2900540 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -57,3 +57,5 @@ repositories: url: https://zotregistry.dev/helm-charts/ - name: chartmuseum url: https://chartmuseum.github.io/charts + - name: keel + url: https://charts.keel.sh -- 2.49.0 From 5d4eae31528edf361d7e8b66c204c73577398017 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 11 May 2024 20:52:58 +0200 Subject: [PATCH 158/164] Some updates to the config --- badhouseplants/helmfile.yaml | 4 ++-- badhouseplants/values/secrets.zot.yaml | 18 ++++++++--------- releases.yaml | 28 +++++++++++++------------- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b1464e4..25de42b 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,7 +11,7 @@ releases: - <<: *cilium installed: true - <<: *zot - installed: false + installed: true - <<: *chartmuseum installed: false - <<: *keel @@ -51,7 +51,7 @@ releases: createNamespace: true - <<: *loki - installed: true + installed: false namespace: monitoring-system createNamespace: false diff --git a/badhouseplants/values/secrets.zot.yaml b/badhouseplants/values/secrets.zot.yaml index 14ecac2..25871e8 100644 --- a/badhouseplants/values/secrets.zot.yaml +++ b/badhouseplants/values/secrets.zot.yaml @@ -1,6 +1,6 @@ configFiles: - config.json: ENC[AES256_GCM,data:qegPHc2eSUq5ayVQ55qrB00D3AVD2KUyx3/nEML4kblAevIZrLVja+xoccfKfu3TX+vUAa9ji6HyL+NxqtBKRi+Q3y/7CG3UNcTK3jJIjWBnhzmHUo5sd5vhTWHsPaIKQthSp3Gv9eTp97lMQ591MlzhpOAXHGat1Van1xHWEYraUqMCPyqMc2WBpXYb+wov0XcxKzmRPrkIiidnOu7fVow8rFbI455sjE9MEJqKu0MUWehaZMczylh3vf0mjZ6B0AomfqEViCZiaVbnwaSh2RVKnvBoIaGrod9l4iz8aT6oW5+8EuqtwrfiPykixIVe/Nm2YiGXAsEODstgkeQd0ktHnhG7idf8QElhgUU1mCXUu6yEYNVDKbQIiMM+eq7nUOz18822XYZ0y45GmW0xz/PIEzjMFrNIfaujs72oAXqQV0081ktFnWMby/eDan8tmBupX8bjqSHxrncxck9LWKhZu4tpn7dHFnkoUjfIWDqZUiQGQTP/qDC8Rr+TBsYyqxGkN6GrnYQmXM4d8u6ouoVyOZPp6J/QMAeXS9uSCcdQnkJh+cHNzPxKKVL2/WvqAT8YrmIXsd7uFWlCHFv0FEu4QHu3CtqxC1tb6MFFDap4nxYQKOqSLeLvw8vlrmLxcIOq0TQ++qqLTP2c/tQlBXGM4tkKK/1oJwVgtpskyGLD5FND6FVSTQlEeEDHz9rdxyd85uZm1CG4nhrrrS0FNgeqPRmHO0LibBTdwCrJONcDbnonM/NkzoioxvzsZejl6U5USSw5f8v9gcGEd5mOE1Auk81y2oYfZ5ewS6lv+7xCIFzOMRVnTlmg8jAxE1OFCjZgP7n/xaWnyQ0gS0PZORKXZS1rWZd39hyom8QNyAp3HBi9DnUsjeaJ8B8hNJf+QQfYQ5V8EGeKXfb0IE0ZxFfoRfzOEzxqldD4TQiGvMcnMqKn4iQUYJ0oNlhKmhtY2PCMY78CYvNHhThXwm0gTI8cOx0/+ZjtDNVGLH+rn8i+08NanNLpmyFasNnxV9npdSZm9+wyrL9VQAFNCfZJ+BW9jhClxivqBYURjVuhcbl6jMhShgkuuLT3/5eCAo0xkZ26LFwGvZ+ixOshqcsy+zIMFhk3xiYTJhhLYs90qpvHPJ1iSc9MiRTFnCC1CfAiqs/W6uAAbhAhnk7pNrqr3yHIQa/RDIwTOgDOl9Y2IiI3zPecdmBlLiU0ktsXR/EEDotURPswO75BPmhnAamrs9aOxIJBL1zrObrnnP/MVsvFVfAZojc8hs2XkG3xFqsTMQQ1D6XHWdGRCMW8Q9s9MM3AXt2uHe5OzM6XX1uTalkhWu+7YV02T1BbhUwPXjDL1WYZgmalKxaPBdYs+bxsjm0UKTG905GH8fVZ5dxnKUVcAH0HgPuwI6iwkpkHd8PcH0TeUoBYb2iOZ/liU4fcBCiTQEC3IarH1YdiJvUWvBKWrfsHqwzZRWXX7M7NDelZiSCiaeAfNruuJeJTZPSsXeLme6/oBszv+9rRWD4Iw5A2iMXYzxdGCUkT34RB7fldRt03zOnIrjlY1CzCRghpYHyB4XqHuKFpvH1xPDljb8S1ImlZmaYm7J3N2Lcmgwij4rMXuCHa2MoU7AISytKbNvqRH22FIYY6JV2M5ZbwrMqQculk2D8qBcCtoY+g+3nGJiEgWFTQdiG6+IwVZByPSTtVyeS6qxtPr50IjpCwFsFpRvaupDaTIWbAjS0BoU972aSDCvk9gscNyDXy/a2cxksteHdx5gwqmNsi02Ix/9S3TjtwwkeKPghJwHp0lUKPqnaOQXEAU//ImIWWs1Oc1JCD2e85StfrNwUQdNEY/PY4lmV7ioZzT1C5p1OwTS/DsSGlIDGancfMFqcL5J4c8JUVZrwQuvPHE8TQ7YF5QURrLytEbHJyLoex64AhPRuBw5PuOjUb8+YOL/2U4xvXaXhf4NupsLqL3zj6YIkVs0Mj/VrX5T8P2ZR4BeRySuSI3O1U2foQgXbsrth0NRafErZ8HdS8xJTKigtSMuSVeBJIHTkECiEosuUVA+dfrg8jApsOSYyb1oc+HQw1XmKs7jEfFggshBoynAa/qOhfWfc8vjdmRmOr/B/JZjiLE9/pO0WQ1pGLprhAx2HHPDsoC/275Nk1q/RjWvfeBQ/ZXzHV8VcSWGcmZCLk896BCHCAa8kfUF+RPVHSkrLQFZcTfMcic2bobaH4Brnaybdf8++VlE8QwbNKvWGb0jaZFsmUcWbm+Ek1OrNkb5ZTgtrVFygw6RZmRQ32MxPeoynCgX3sfItJMtllrD8gE1NfkuVslCxwuvkW4lzG3lMknqculiZrpLpp2eKvOzAabdpg8dS5cn3s9gN5l02HzfuTbHX7/DjgGZMTtv/v4IV8SSp6ty602DNkh3uBRxKwSVPgu5Xbb/Wi3puILzm8FAN5FDSsICUkLhOAw1RMc4FC4w0Iaug5v+k+TNw+9vSIDQ5Yi/6UtluOs7iiPKd5cI/32i3AcfA9sPO2q7NK7vcQEo+1SDjCWS1TvjY+1QnVKsQ5+SRO7rh5uTExEHoCtCvlxob3OonTMvEI1yK9/wnTpe8jUL0WWyLt6FfIJHsM6O6ljzlcxYViQrFl47MdBteM5IMgHuufWSi2Cp58ac177Sq7VHnVJPqMrf4yweoX,iv:FGivZ5dTjIQ5LMpP70V0usB8ao1wGhBHjAQpmRxocX8=,tag:dyYZkBHgaxLHaGKAjgHHCg==,type:str] -authHeader: ENC[AES256_GCM,data:QhRR5DuVKc+xpsvbr8SJZA==,iv:7dRj6udtirzojzft4Pt+3zkQ5DepYiiLn2fYeNQC0MQ=,tag:yANlx3WtZ4ZLbRJaNmbJ7Q==,type:str] + config.json: ENC[AES256_GCM,data:id5h3EObc18qFAYXYtVFAgJcp7IUS0QCSQZfKqy1fIoZUUYYIuKBDE9aL3OnqZkVJtXn5DNCRii/1ZYY/9Tg2IEK73twu5lDkM73APphI2GPw1ONQh6WBRp54AskuZizx3l1+PyKI/8WPVy/x1cbc7l5pGBziDzSbREor+YQQe4P3Og5KqkoWPeeO/GB/vCP+4CquBVwakyDPibrXtvEcIPxfu8b4H84fBQtlStuoT6Mdmj7NfBtK5SEl9yZ8R+kAJyjr4aM1XrtKtpBfituxi6OsXIQgKTWWZtFkousCkDuKxJf1EUCUR1J4ClmcF7UGUOxg3r3Csf1Y6ijhVgUqDlgNmRIq+qsEWrgWVixnO1RMnRcWmgJFDAs/QXY841lJTQJmVS4LRNZKu1ea8fDmF5KaxBdshizeA0RZGrdNlTUIB5AUsK3mmyPCvM4JYivQp4Hv8i1U9zlLpuPWR+7UgKbHjpQSVCem+dM76W4z9Wy463AS20EjwLUicSq7g8yLoCstuI1XsC8yNLZE6Z/nUkRysiGXa6iJnWez2tVOnIVVJ3c378U3U6tTr7ygae7v9PcvoGBTYTZA0OyrMeHrocKp4026yQJN+8Pj8CPdZX/nhC0gW08xI7EQnzK84ca4XuEZHWEtlmMBJyIGK07trq94BH6QwUaIg+nUv/gKvUA5CuMSAqECv+wCfQ+EU7mRClXR6RYJvEUxIEvGjb3CTOyV+gbj+CKaz3LZWWPETCAvOz0Cd8L56E7yUwFNhd+c7X8RuMy1vdoiCXdkzU5QCDmfv3ka4lKBPd3cvHduXeAh0wMNHSqLEVZblnt50tiZmo6vwiNGxlg3jL56Lfn3rkz+HVKRl6ArPBOdJhbgGj0bZFJMPGBU8kNDksQ6DMw371vAR7FwlzLKdz1Z3D1CvmBRUBIhr4TbnPuTL77fytVq9IdgGcTexs8QhcelXmoW5nA61PpYhYCU65m7BKC0koX4fjCjAksvjZaI0eeYPgKafAqKBlJslqKq9lNGH1orjgmXO0LWV7xv7D46BRrrfMqPwHUsPAGBP4VhfuIXc3keTmtFWjexyjMzvkxtoagATQZgbohjL4D4dzMTVhGH+Iw6AyM+9/NZeb7Cm2CmmJJXG0kmXGezuyRwNrChlhd4/HdeLvfBZbvXYLwr6pZn8dbJ7w0V77clsjN2QhsrPGh8VVf548KlkcfWp821pwmPxLme2TU4nJE+eU/7xK+LdSy8vpZ6wkxThTUdj5/A7DAszgdDed3aWfVIKz2DmLWR1iD6fC7n6OIIE+dcywNTU0sbYkMffpoYwU9Om9uPeer9rkzrnWHZX2btyfKUy8bnf0LuHuzRKyFl59nMUhlXbr1YsEKabNpsaxT50L0idoO5Phkx7os/qiqvxaPChMJngJQ9BXIoKARkg4hgvvjKpQwmjt/liA18COy58B2gjH3aKA6kye0/utQTih65DamYt8Wv4niVAZ3wm0rG5uaBvwZnj9N/xn2Klx5Iih2ZbobWVVR0MCAhe1nKIcnZxRrsm+GGRX2svYZg4ROLq7FagL8mn27/aG0UMdKQGpbXDQviNQgY+wB3jBmZAea54pWe5sgGBxXAZSYhGoOaWCLwWUtQWGdusjebEuqonW6PSE7whkbJxStNZOdAxATlCSe7jAkzuj5VBZbL8mIgnTltwKk3RcbnpL0j0pwousVZpSqg9KOqubxgk81YyMImA4LI3Fi0OFYIbDSw8zJJUgwASIWLQ2GxLM1Z1oxun7HpMV5lK8I+n70Vcqutn2N8URU0XOo6gcWCfknhClCwkOsZxU+DSVYyz5Aq49zwojSsd/CuS6WbFO82MMCO7dRLIz9ju43xAeCgFY7ZpbRyCR8U5IJKHPrHunYGwaRpolAE1V13XuBu0pOyaiU0sIeA44snU58DVMFyvA3PUl47FXvPMjGahbZoun7vi8J8KbRXlhHH/HFshi5eT16WOXK5SXBEiQDjhLa5RseWI121ARKtsvBRlhr9yRsZedlhmW7nqRw5hbVvHDQfUFIuiRHF1XAElP1C1hcb2GDE7r4anmoSRgcHYAI50HF4CPBSxiI+EAisKARIlUgRKt3gOfG8AH4mraUL8Lt+Eb0Clsd0z2GuysPHrEhy8WzGv4HW84ngNmZgznXP7ZFrtT31zAQr9QL/oirJf+ujPUdY03gJbr3jQXrQ1mfivlsaofgC0WL0xLma3Cuosb1nGmw0XmCGJNIOmgZJ/plQCWH05UzVR/QXhdEwlci3VNeYOSIUJwkv2eUyHsxHj45VRtLuxnrLx7BqR+kxBpRayJXWRBx1rcW7RTvS1a5Dk5PxsqjKcxKu+wRbPFmv77qOIroGg+XKTp8XeIxcSs4lx7AsfpTEvWpARwsydrUSKf/++F+3dL4yOrOyywul8gnTN3iLMoTjpze83ZFcJ2viiyqMWnHWQnuVveZTZi3NmoC63ZE/XLlztJcDT1UkrH3Tlvu1AxqMcm0SxK3TgEbvGmdWYo07E+qEMsUyoSpeE5MX2FESR9C67s/t5/rfThhvvjQNhydUVLrQL8O,iv:njFz+TX54d1Fy7QtrjFht7lyujuuIamNWEXquA6Q+jA=,tag:d+9rLYzYZf/0uuZ/VVys0Q==,type:str] +authHeader: ENC[AES256_GCM,data:IHFsb7dRNIMe8kv0sG6u/A==,iv:mc0MhVWKEz8ln2DvC9mwrYtqKCvOjudiUYETOBx3DAM=,tag:aktcOM3u4xNyZ4wTJZ1E3w==,type:str] sops: kms: [] gcp_kms: [] @@ -10,14 +10,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUDcwaHZzYkhOTUNwcCt1 - emlwMis2TFdGcVRjVGV1dXYvYTFWRXA1SEZjCkc2dnFlUmRaMnZEMEpkNm5ldVRw - N3NzWEQzdTRBQi9GSmlSbTIydWNwZ0UKLS0tIG45a1BoNjMwRk9UaVVoQlhLOXBy - ZlY5NVpHQ1I1M3FCMzBtK3hZMXlGTWcKFMLJT8YyMaLGfWkHVt9RaGfI0LkMzO7V - WGmsTIYmn9ULXZraaK2a/RxHjhVmW8klZdKqWOl2g4DmNBsDN6lyxg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMjkwcll5bkNzUE1lQkN0 + NXRCckdnUER0YlAwWG1wWVo5Mno2T1g5eWtZCnJGMkNScEthNHVqZnlvQnN6Q0du + RnpzNitYR1RpTnl4UDB3Zk5HMjU1MTQKLS0tIHNoZHRjdlU1SXl1c2pzemZsQzBB + M25WRjB6QUpkbURZVmNaWm9nd1U4RzAKan1bSzcDc2G+428vpnNDWYhQ3/nFKSUp + VLnfx3roZUrs0QV07O+AHobOvlLD4eo8wfHMUneKipAQ8ZAlhNFTBg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-08T15:15:59Z" - mac: ENC[AES256_GCM,data:5owhASFKnQVcmndyYUcKexSrrpLMmIllGK1GOLPMwDfPOPHxikGZftO1Y4+Bi8EHYZfc0X7OtdWvkP+UdCoqBmTh7A0V+png/Lg6RZ9Fx+FZw6+cKx4T6grTxsS49QGN3UkCDVE5MkyImUTr+ep4FKB9yqkAyHcIKuGcHqAfD3k=,iv:aihhhkyPj0yVLTqCkz6vO6q4ekiwKBltgpKmsyZMfps=,tag:KkWQiMdr+jDbugUOXcGHRQ==,type:str] + lastmodified: "2024-05-05T17:37:17Z" + mac: ENC[AES256_GCM,data:vabfq3du2GfVkWQqdy2X/8pl/V/i+juyjIeGRia9cZ57SFPPmS/7n7rV6W+tpp402ov+16HHevVu+ZUZKxFPNq/8WiIVFCh3YMAFimzB+wOXziivAf1zAgYX5h5JHMV3FrXJT0yJAGmVbrZ7KP48CaB74PJGb++4Jr3qPE6VU/4=,iv:PApbvtdThsQyfD2db8GBrnrZL4jlx7qL8bHhAijXk0E=,tag:vIwECp7tomejqjGadIhudw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/releases.yaml b/releases.yaml index 2c7d858..9144955 100644 --- a/releases.yaml +++ b/releases.yaml @@ -124,7 +124,7 @@ templates: metallb: &metallb name: metallb chart: metallb/metallb - version: 0.14.4 + version: 0.14.5 metallb-resources: &metallb-resources name: metallb-resources @@ -137,7 +137,7 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.4 + version: 1.14.5 set: - name: installCRDs value: true @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.7.12 + version: 6.8.1 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.1.3 + version: 58.5.0 inherit: - template: monitoring-common - template: default-env-values @@ -175,7 +175,7 @@ templates: loki: &loki name: loki chart: grafana/loki - version: 6.3.2 + version: 6.5.2 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.1 + version: 1.21.2 istio-base: &istio-base name: istio-base @@ -271,7 +271,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.2.3 + version: 1.3.0 inherit: - template: ext-database - template: default-env-values @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.1.7 + version: 22.2.7 inherit: - template: default-env-values - template: default-env-secrets @@ -290,7 +290,7 @@ templates: minio: &minio name: minio chart: minio/minio - version: 5.1.0 + version: 5.2.0 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.1.0 + version: 19.3.0 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.5 + version: 15.2.12 inherit: - template: default-env-values - template: default-env-secrets @@ -344,7 +344,7 @@ templates: db-operator: &db-operator name: db-operator chart: db-operator/db-operator - version: 1.23.0 + version: 1.25.0 db-instances: &db-instances name: db-instances @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.1.1 + version: 10.2.2 inherit: - template: default-env-values - template: default-env-secrets @@ -426,7 +426,7 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.53 + version: 0.1.54 createNamespace: false namespace: kube-services inherit: -- 2.49.0 From 21f198b0fa5491361969fb1335e782886a38a28e Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 13 May 2024 11:39:57 +0200 Subject: [PATCH 159/164] Increase Gitea disk --- badhouseplants/values/values.gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 3aaccee..4fb3a9d 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -43,7 +43,7 @@ resources: persistence: enabled: true - size: 10Gi + size: 15Gi accessModes: - ReadWriteOnce -- 2.49.0 From 10d7936625a55fab654457b269dc3ba19bd0cc81 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 18 May 2024 15:36:38 +0200 Subject: [PATCH 160/164] Update releases --- releases.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/releases.yaml b/releases.yaml index 9144955..ac52cdf 100644 --- a/releases.yaml +++ b/releases.yaml @@ -151,7 +151,7 @@ templates: argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.8.1 + version: 6.9.3 inherit: - template: default-env-values - template: default-env-secrets @@ -164,7 +164,7 @@ templates: prometheus: &prometheus name: prometheus chart: prometheus-community/kube-prometheus-stack - version: 58.5.0 + version: 58.5.3 inherit: - template: monitoring-common - template: default-env-values @@ -193,7 +193,7 @@ templates: istio-common: labels: bundle: istio - version: 1.21.2 + version: 1.22.0 istio-base: &istio-base name: istio-base @@ -281,7 +281,7 @@ templates: nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.7 + version: 22.2.11 inherit: - template: default-env-values - template: default-env-secrets @@ -328,7 +328,7 @@ templates: redis: &redis name: redis chart: bitnami/redis - version: 19.3.0 + version: 19.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +336,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.2.12 + version: 15.3.3 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +357,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.2 + version: 10.2.4 inherit: - template: default-env-values - template: default-env-secrets @@ -417,7 +417,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.4 + version: 1.15.5 createNamespace: false namespace: kube-system inherit: -- 2.49.0 From 6c83d67c9cc42d452e3a5fb4f3f64553ab0e78d9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 12:20:06 +0200 Subject: [PATCH 161/164] Huge upgraqde to everything --- badhouseplants/helmfile.yaml | 48 ++----- .../values/secrets.vaultwardentest.yaml | 27 ++++ badhouseplants/values/values.argocd.yaml | 33 +++-- .../values/values.docker-mailserver.yaml | 126 +++++------------- badhouseplants/values/values.funkwhale.yaml | 19 ++- badhouseplants/values/values.gitea.yaml | 58 +++++--- .../values/values.local-path-provisioner.yaml | 3 + badhouseplants/values/values.mailu.yaml | 124 +++++++++-------- badhouseplants/values/values.minio.yaml | 33 +++++ badhouseplants/values/values.namespaces.yaml | 8 +- badhouseplants/values/values.nrodionov.yaml | 15 ++- badhouseplants/values/values.openvpn-xor.yaml | 29 ++-- badhouseplants/values/values.traefik.yaml | 78 +++++++++++ badhouseplants/values/values.vaultwarden.yaml | 17 +++ .../values/values.vaultwardentest.yaml | 58 ++++++++ .../values/values.woodpecker-ci.yaml | 16 +++ badhouseplants/values/values.zot.yaml | 25 ++-- common/values.database.yaml | 25 ++++ common/values.tcp-route.yaml | 20 +++ common/values.tcproute.yaml | 13 ++ etersoft/helmfile.yaml | 15 +++ etersoft/values/values.minio.yaml | 4 + helmfile.yaml | 27 +--- manifests/debug/istio/httpbin.yaml | 2 +- manifests/httpo1-cluster-issuer.yaml | 18 +++ releases.yaml | 93 +++++++------ repositories.yaml | 8 +- 27 files changed, 619 insertions(+), 323 deletions(-) create mode 100644 badhouseplants/values/secrets.vaultwardentest.yaml create mode 100644 badhouseplants/values/values.local-path-provisioner.yaml create mode 100644 badhouseplants/values/values.traefik.yaml create mode 100644 badhouseplants/values/values.vaultwardentest.yaml create mode 100644 common/values.tcp-route.yaml create mode 100644 common/values.tcproute.yaml create mode 100644 manifests/httpo1-cluster-issuer.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 25de42b..05f6226 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -10,20 +10,13 @@ releases: installed: true - <<: *cilium installed: true + + - <<: *local-path-provisioner + - <<: *zot installed: true - - <<: *chartmuseum - installed: false - <<: *keel - - <<: *drone - installed: true - namespace: drone-service - createNamespace: false - - - <<: *drone-runner-docker - installed: true - namespace: drone-service - createNamespace: false + - <<: *traefik - <<: *argocd installed: true @@ -45,21 +38,6 @@ releases: namespace: funkwhale-application createNamespace: false - - <<: *prometheus - installed: true - namespace: monitoring-system - createNamespace: true - - - <<: *loki - installed: false - namespace: monitoring-system - createNamespace: false - - - <<: *promtail - installed: true - namespace: monitoring-system - createNamespace: false - - <<: *bitwarden installed: false namespace: bitwarden-application @@ -95,16 +73,15 @@ releases: namespace: woodpecker-ci createNamespace: true - - - <<: *istio-gateway-resources - installed: true - namespace: istio-system - createNamespace: false - - <<: *vaultwarden createNamespace: true installed: true namespace: vaultwarden-application + + - <<: *vaultwardentest + createNamespace: false + installed: true + namespace: applications - <<: *openvpn-xor installed: true @@ -113,12 +90,7 @@ releases: - <<: *docker-mailserver installed: true - namespace: mail-service - createNamespace: true - - - <<: *tandoor - installed: false - namespace: tandoor-application + namespace: applications createNamespace: true - <<: *mailu diff --git a/badhouseplants/values/secrets.vaultwardentest.yaml b/badhouseplants/values/secrets.vaultwardentest.yaml new file mode 100644 index 0000000..39b3c9b --- /dev/null +++ b/badhouseplants/values/secrets.vaultwardentest.yaml @@ -0,0 +1,27 @@ +vaultwarden: + smtp: + username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] + password: + value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] + adminToken: + value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhLzVRdW5ITFJmWHE5dkRr + R3pGbTh3UmFTTXR4VVVGRjlSUURudmxwM1hjCk16U3BKYkZTcmdwaFZtcTZNYk9C + M0ZBZk52bDBuNWZwa21SMU1mSnhmWEUKLS0tIGZVV01KQ3Z6OGltN1RFSks5MVJI + a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS + hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-06T15:15:43Z" + mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml index 0acc84b..71cf854 100644 --- a/badhouseplants/values/values.argocd.yaml +++ b/badhouseplants/values/values.argocd.yaml @@ -1,18 +1,4 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: argocd-http - gateway: istio-system/badhouseplants-net - kind: http - hostname: argo.badhouseplants.net - service: argocd-server - port: 80 - controller: resources: limits: @@ -48,18 +34,35 @@ dex: enabled: false serviceMonitor: enabled: false + redis: metrics: enabled: false serviceMonitor: enabled: false + +global: + domain: argo.badhouseplants.net + server: + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + ingressClassName: traefik + tls: true metrics: enabled: true serviceMonitor: enabled: false extraArgs: - --insecure + servicePort: + servicePortHttp: 80 + servicePortHttps: 80 repoServer: metrics: @@ -71,6 +74,8 @@ repoServer: - name: regcred configs: + params: + server.insecure: true rbac: policy.default: role:readonly scopes: "[email, group]" diff --git a/badhouseplants/values/values.docker-mailserver.yaml b/badhouseplants/values/values.docker-mailserver.yaml index 47d6a99..45b25ef 100644 --- a/badhouseplants/values/values.docker-mailserver.yaml +++ b/badhouseplants/values/values.docker-mailserver.yaml @@ -1,125 +1,67 @@ -istio-gateway: +traefik: enabled: true - gateways: - - name: badhouseplants-email - servers: - - hosts: - - "*" - port: - name: smtp - number: 25 - protocol: TCP - - hosts: - - "*" - port: - name: pop3 - number: 110 - protocol: TCP - - hosts: - - "*" - port: - name: imap - number: 143 - protocol: TCP - - hosts: - - "*" - port: - name: smtps - number: 465 - protocol: TCP - - hosts: - - "*" - port: - name: submission - number: 587 - protocol: TCP - - hosts: - - "*" - port: - name: imaps - number: 993 - protocol: TCP - - hosts: - - "*" - port: - name: pop3s - number: 995 - protocol: TCP -istio: - enabled: true - istio: - - name: docker-mailserver-smpt - kind: tcp - gateway: badhouseplants-email + tcpRoutes: + - name: docker-mailserver-smtp service: docker-mailserver - hostname: badhouseplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: docker-mailserver-smpts - kind: tcp - gateway: badhouseplants-email - port_match: 465 - hostname: badhouseplants.net + - name: docker-mailserver-smtps + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtps port: 465 - name: docker-mailserver-smpt-startls - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 587 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: smtp-startls port: 587 - name: docker-mailserver-imap - kind: tcp - hostname: badhouseplants.net - gateway: badhouseplants-email - port_match: 143 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imap port: 143 - name: docker-mailserver-imaps - kind: tcp - gateway: badhouseplants-email - hostname: badhouseplants.net - port_match: 993 + match: HostSNI(`*`) service: docker-mailserver + entrypoint: imaps port: 993 - name: docker-mailserver-pop3 - kind: tcp - gateway: badhouseplants-email - port_match: 110 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3 port: 110 - name: docker-mailserver-pop3s - kind: tcp - gateway: badhouseplants-email - port_match: 993 - hostname: badhouseplants.net + match: HostSNI(`*`) service: docker-mailserver + entrypoint: pop3s port: 993 - - name: docker-mailserver-rainloop - kind: http - gateway: istio-system/badhouseplants-net - hostname: mail.badhouseplants.net - service: docker-mailserver-rainloop - port: 80 rainloop: enabled: true ingress: - enabled: false + enabled: true + hosts: + - mail.badhouseplants.net + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: + - secretName: mail-tls-secret + hosts: + - mail.badhouseplants.net + demoMode: enabled: false domains: - badhouseplants.net - mail.badhouseplants.net ssl: - issuer: - name: badhouseplants-issuer - kind: ClusterIssuer - dnsname: badhouseplants.net - dns01provider: cloudflare - useExisting: false + useExisting: true + existingName: mail-tls-secret pod: dockermailserver: enable_fail2ban: "0" diff --git a/badhouseplants/values/values.funkwhale.yaml b/badhouseplants/values/values.funkwhale.yaml index e5aeb81..16d0606 100644 --- a/badhouseplants/values/values.funkwhale.yaml +++ b/badhouseplants/values/values.funkwhale.yaml @@ -30,6 +30,22 @@ celery: requests: cpu: 10m memory: 75Mi +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + host: funkwhale.badhouseplants.net + protocol: http + + tls: + - secretName: funkwhale-tls-secret + hosts: + - funkwhale.badhouseplants.net + extraEnv: FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net FUNKWHALE_PROTOCOL: https @@ -39,8 +55,7 @@ persistence: size: 10Gi s3: enabled: false -ingress: - enabled: false + postgresql: enabled: false host: postgres16-postgresql.database-service.svc.cluster.local diff --git a/badhouseplants/values/values.gitea.yaml b/badhouseplants/values/values.gitea.yaml index 4fb3a9d..607d4bd 100644 --- a/badhouseplants/values/values.gitea.yaml +++ b/badhouseplants/values/values.gitea.yaml @@ -1,25 +1,5 @@ --- # ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: gitea-http - kind: http - gateway: istio-system/badhouseplants-net - hostname: git.badhouseplants.net - service: gitea-http - port: 3000 - - name: gitea-ssh - kind: tcp - gateway: istio-system/badhouseplants-ssh - hostname: "*" - port_match: 22 - service: gitea-ssh - port: 22 -# ------------------------------------------ # -- Database extension is used to manage # -- database with db-operator # ------------------------------------------ @@ -27,9 +7,27 @@ ext-database: enabled: true name: gitea-postgres16 instance: postgres16 + # ------------------------------------------ # -- Kubernetes related values # ------------------------------------------ +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: git.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: gitea-tls-secret + hosts: + - git.badhouseplants.net replicaCount: 1 clusterDomain: cluster.local @@ -47,8 +45,6 @@ persistence: accessModes: - ReadWriteOnce -ingress: - enabled: false # ------------------------------------------ # -- Main Gitea settings # ------------------------------------------ @@ -125,3 +121,21 @@ postgresql-ha: enabled: false redis-cluster: enabled: false + +extraDeploy: + - | + {{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ include "gitea.fullname" . }}-ssh + spec: + entryPoints: + - git-ssh + routes: + - match: HostSNI(`git.badhouseplants.net`) + services: + - name: "{{ include "gitea.fullname" . }}-ssh" + port: 22 + nativeLB: true + {{- end }} diff --git a/badhouseplants/values/values.local-path-provisioner.yaml b/badhouseplants/values/values.local-path-provisioner.yaml new file mode 100644 index 0000000..aa1d3e2 --- /dev/null +++ b/badhouseplants/values/values.local-path-provisioner.yaml @@ -0,0 +1,3 @@ +storageClass: + create: true + defaultClass: false diff --git a/badhouseplants/values/values.mailu.yaml b/badhouseplants/values/values.mailu.yaml index aba9e11..966fbac 100644 --- a/badhouseplants/values/values.mailu.yaml +++ b/badhouseplants/values/values.mailu.yaml @@ -1,81 +1,64 @@ --- -certificate: +# ------------------------------------------ +# -- Database extension is used to manage +# -- database with db-operator +# ------------------------------------------ +ext-database: enabled: true - certificate: - - name: mailu - secretName: mailu-certificate - issuer: - kind: ClusterIssuer - name: badhouseplants-issuer - dnsNames: - - badhouseplants.net - - "email.badhouseplants.net" + name: mailu-postgres16 + instance: postgres16 + extraDatabase: + enabled: true + name: roundcube-postgres16 + instance: postgres16 + # ------------------------------------------ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: +traefik: enabled: true - istio: - - name: mailu-web - kind: http - gateway: istio-system/badhouseplants-net - hostname: email.badhouseplants.net + tcpRoutes: + - name: mailu-smtp service: mailu-front - port: 80 - - name: mailu-smpt - kind: tcp - gateway: badhouseplants-mail - service: mailu-front - hostname: email.badhousplants.net - port_match: 25 + match: HostSNI(`*`) + entrypoint: smtp port: 25 - - name: mailu-smpts - kind: tcp - gateway: badhouseplants-mail - port_match: 465 - hostname: email.badhousplants.net + - name: mailu-smtps + match: HostSNI(`*`) service: mailu-front + entrypoint: smtps port: 465 - name: mailu-smpt-startls - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 587 + match: HostSNI(`*`) service: mailu-front + entrypoint: smtp-startls port: 587 - name: mailu-imap - kind: tcp - hostname: email.badhousplants.net - gateway: badhouseplants-mail - port_match: 143 + match: HostSNI(`*`) service: mailu-front + entrypoint: imap port: 143 - name: mailu-imaps - kind: tcp - gateway: badhouseplants-mail - hostname: email.badhousplants.net - port_match: 993 + match: HostSNI(`*`) service: mailu-front + entrypoint: imaps port: 993 - name: mailu-pop3 - kind: tcp - gateway: badhouseplants-mail - port_match: 110 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3 port: 110 - name: mailu-pop3s - kind: tcp - gateway: badhouseplants-mail - port_match: 993 - hostname: email.badhousplants.net + match: HostSNI(`*`) service: mailu-front + entrypoint: pop3s port: 993 subnet: 10.244.0.0/16 sessionCookieSecure: true hostnames: - - post.badhouseplants.net + - badhouseplants.net + - email.badhouseplants.net domain: badhouseplants.net persistence: single_pvc: false @@ -85,13 +68,17 @@ limits: tls: outboundLevel: secure ingress: - enabled: false - tls: false + enabled: true + ingressClassName: traefik + tls: true + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 tlsFlavorOverride: mail - selfSigned: false - existingSecret: mailu-certificate - realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local - realIpHeader: "X-Envoy-External-Address" + realIpFrom: traefik.kube-system.svc.cluster.local + realIpHeader: "X-Real-IP" front: hostPort: enabled: false @@ -150,16 +137,18 @@ roundcube: mysql: enabled: false postgresql: + enabled: false +## If using the built-in MariaDB or PostgreSQL, the `roundcube` database will be created automatically. +externalDatabase: + ## @param externalDatabase.enabled Set to true to use an external database enabled: true - auth: - enablePostgresUser: true - username: mailu - database: mailu - persistence: - enabled: false - storageClass: "" - accessMode: ReadWriteOnce - size: 2Gi + type: postgresql + existingSecret: mailu-postgres16-creds + existingSecretDatabaseKey: POSTGRES_DB + existingSecretUsernameKey: POSTGRES_USER + existingSecretPasswordKey: POSTGRES_PASSWORD + host: postgres16-postgresql.database-service.svc.cluster.local + port: 5432 rspamd: resources: requests: @@ -181,3 +170,10 @@ webmail: accessModes: [ReadWriteOnce] claimNameOverride: "" annotations: {} +global: + database: + roundcube: + database: applications-roundcube-postgres16 + username: applications-roundcube-postgres16 + existingSecret: roundcube-postgres16-creds + existingSecretPasswordKey: POSTGRES_PASSWORD diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml index ef99a67..19b39a0 100644 --- a/badhouseplants/values/values.minio.yaml +++ b/badhouseplants/values/values.minio.yaml @@ -19,6 +19,39 @@ istio: service: minio port: 9000 +ingress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - s3.badhouseplants.net + tls: + - secretName: s3-tls-secret + hosts: + - s3.badhouseplants.net +consoleIngress: + enabled: true + ingressClassName: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + path: / + hosts: + - minio.badhouseplants.net + tls: + - secretName: minio-tls-secret + hosts: + - minio.badhouseplants.net + rootUser: 'overlord' replicas: 1 mode: standalone diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index b10de2e..7dd45d2 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -1,10 +1,6 @@ namespaces: - name: longhorn-system - - name: cert-manager - name: minio-service - - name: metallb-system - - name: reflector-system - - name: drone-service - name: argo-system - name: nrodionov-application - name: minecraft-application @@ -15,18 +11,16 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: monitoring-system - name: bitwarden-application - name: database-service - name: mail-service - - name: istio-system - name: vaultwarden-application - name: woodpecker-ci - name: openvpn-service - - name: tandoor-application - name: badhouseplants-main labels: istio-injection: enabled - name: badhouseplants-preview - name: mailu-application - name: kube-services + - name: applications \ No newline at end of file diff --git a/badhouseplants/values/values.nrodionov.yaml b/badhouseplants/values/values.nrodionov.yaml index 14d1b8c..3582f47 100644 --- a/badhouseplants/values/values.nrodionov.yaml +++ b/badhouseplants/values/values.nrodionov.yaml @@ -17,7 +17,20 @@ ext-database: enabled: true name: nrodionov-mysql instance: mysql - +ingress: + enabled: true + pathType: ImplementationSpecific + hostname: dev.nrodionov.info + path: / + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + tls: true + tlsWwwPrefix: false + selfSigned: false wordpressBlogName: Николай Николаевич Родионов wordpressUsername: admin wordpressFirstName: Nikolai diff --git a/badhouseplants/values/values.openvpn-xor.yaml b/badhouseplants/values/values.openvpn-xor.yaml index 9b9171b..5827bde 100644 --- a/badhouseplants/values/values.openvpn-xor.yaml +++ b/badhouseplants/values/values.openvpn-xor.yaml @@ -3,17 +3,26 @@ # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: - enabled: true - istio: - - name: openvpn-tcp-xor - gateway: istio-system/badhouseplants-vpn - kind: tcp - port_match: 1194 - hostname: "*" - service: openvpn-xor - port: 1194 +# istio: + # enabled: true + # istio: + # - name: openvpn-tcp-xor + # gateway: istio-system/badhouseplants-vpn + # kind: tcp + # port_match: 1194 + # hostname: "*" + # service: openvpn-xor + # port: 1194 # ------------------------------------------ +traefik: + enabled: true + tcpRoutes: + - name: openvpn-xor + service: openvpn-xor + match: HostSNI(`*`) + entrypoint: openvpn + port: 1194 + storage: class: longhorn size: 512Mi diff --git a/badhouseplants/values/values.traefik.yaml b/badhouseplants/values/values.traefik.yaml new file mode 100644 index 0000000..fb92321 --- /dev/null +++ b/badhouseplants/values/values.traefik.yaml @@ -0,0 +1,78 @@ +globalArguments: + - "--serversTransport.insecureSkipVerify=true" +service: + spec: + externalTrafficPolicy: Local +ports: + git-ssh: + port: 22 + expose: + default: true + exposedPort: 22 + protocol: TCP + openvpn: + port: 1194 + expose: + default: true + exposedPort: 1194 + protocol: TCP + valve-server: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: UDP + valve-rcon: + port: 27015 + expose: + default: true + exposedPort: 27015 + protocol: TCP + smtp: + port: 25 + protocol: TCP + exposedPort: 25 + expose: + default: true + smtps: + port: 465 + protocol: TCP + exposedPort: 465 + expose: + default: true + smtp-startls: + port: 587 + protocol: TCP + exposedPort: 587 + expose: + default: true + imap: + port: 143 + protocol: TCP + exposedPort: 143 + expose: + default: true + imaps: + port: 993 + protocol: TCP + exposedPort: 993 + expose: + default: true + pop3: + port: 110 + protocol: TCP + exposedPort: 110 + expose: + default: true + pop3s: + port: 995 + protocol: TCP + exposedPort: 995 + expose: + default: true + minecraft: + port: 25565 + protocol: TCP + exposedPort: 25565 + expose: + default: true diff --git a/badhouseplants/values/values.vaultwarden.yaml b/badhouseplants/values/values.vaultwarden.yaml index b4afad8..8114432 100644 --- a/badhouseplants/values/values.vaultwarden.yaml +++ b/badhouseplants/values/values.vaultwarden.yaml @@ -61,3 +61,20 @@ vaultwarden: enabled: false logfile: "/data/vaultwarden.log" loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vault.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vault.badhouseplants.net diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml new file mode 100644 index 0000000..da8b043 --- /dev/null +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -0,0 +1,58 @@ +service: + port: 8080 +vaultwarden: + smtp: + host: mail.badhouseplants.net + security: "starttls" + port: 587 + from: vaulttest@badhouseplants.net + fromName: Vault Warden + authMechanism: "Plain" + acceptInvalidHostnames: "false" + acceptInvalidCerts: "false" + debug: false + domain: https://vaulttest.badhouseplants.net + websocket: + enabled: true + address: "0.0.0.0" + port: 3012 + rocket: + port: "8080" + workers: "10" + webVaultEnabled: "true" + signupsAllowed: false + invitationsAllowed: true + signupDomains: "https://vaulttest.badhouseplants.net" + signupsVerify: "true" + showPassHint: "false" + # database: + # existingSecret: vaultwarden-postgres16-creds + # existingSecretKey: CONNECTION_STRING + # connectionRetries: 15 + # maxConnections: 10 + storage: + enabled: false + # size: 1Gi + # class: longhorn + # dataDir: /data + logging: + enabled: false + logfile: "/data/vaultwarden.log" + loglevel: "warn" +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: vaulttest.badhouseplants.net + paths: + - path: / + pathType: Prefix + tls: + - secretName: vault-tls-secret + hosts: + - vaulttest.badhouseplants.net diff --git a/badhouseplants/values/values.woodpecker-ci.yaml b/badhouseplants/values/values.woodpecker-ci.yaml index 202daca..62ced72 100644 --- a/badhouseplants/values/values.woodpecker-ci.yaml +++ b/badhouseplants/values/values.woodpecker-ci.yaml @@ -18,6 +18,22 @@ ext-database: credentials: WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" server: + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + hosts: + - host: ci.badhouseplants.net + paths: + - path: / + tls: + - secretName: woodpecker-tls-secret + hosts: + - ci.badhouseplants.net #image: # registry: git.badhouseplants.net # repository: allanger/woodpecker-server diff --git a/badhouseplants/values/values.zot.yaml b/badhouseplants/values/values.zot.yaml index e7afd09..753b7ae 100644 --- a/badhouseplants/values/values.zot.yaml +++ b/badhouseplants/values/values.zot.yaml @@ -1,12 +1,21 @@ -istio: +ingress: enabled: true - istio: - - name: zot - kind: http - gateway: istio-system/badhouseplants-net - hostname: registry.badhouseplants.net - service: zot - port: 5000 + className: ~ + annotations: + kubernetes.io/ingress.class: traefik + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + pathtype: ImplementationSpecific + hosts: + - host: registry.badhouseplants.net + paths: + - path: / + tls: + - secretName: zot-secret-tls + hosts: + - registry.badhouseplants.net strategy: type: Recreate service: diff --git a/common/values.database.yaml b/common/values.database.yaml index 6685015..eba45ae 100644 --- a/common/values.database.yaml +++ b/common/values.database.yaml @@ -23,3 +23,28 @@ ext-database: secret: true {{- end }} {{- end }} + + - | + {{- if (.Values.extraDatabase).enabled }} + --- + apiVersion: kinda.rocks/v1beta1 + kind: Database + metadata: + name: "{{ .Values.extraDatabase.name }}" + spec: + secretName: "{{ .Values.extraDatabase.name }}-creds" + instance: "{{ .Values.extraDatabase.instance }}" + deletionProtected: true + backup: + enable: false + cron: 0 0 * * * + {{- if .Values.extraDatabase.credentials }} + credentials: + templates: + {{- range $key, $value := .Values.extraDatabase.credentials }} + - name: {{ $key }} + template: {{ $value }} + secret: true + {{- end }} + {{- end }} + {{- end }} diff --git a/common/values.tcp-route.yaml b/common/values.tcp-route.yaml new file mode 100644 index 0000000..b995d25 --- /dev/null +++ b/common/values.tcp-route.yaml @@ -0,0 +1,20 @@ +--- +traefik: + templates: + - | + {{ range .Values.tcpRoutes }} + --- + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ .name }} + spec: + entryPoints: + - {{ .entrypoint }} + routes: + - match: {{ .match }} + services: + - name: {{ .service }} + nativeLB: true + port: {{ .port }} + {{- end }} \ No newline at end of file diff --git a/common/values.tcproute.yaml b/common/values.tcproute.yaml new file mode 100644 index 0000000..05e0d89 --- /dev/null +++ b/common/values.tcproute.yaml @@ -0,0 +1,13 @@ +--- +tcproute: + templates: + - | + --- + {{ range .Values.routes }} + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ printf "%s-%s" .Release.Name .name }} + spec: + {{ tpl (.routes | toYaml | indent 2 | toString) $ }} + {{ end }} diff --git a/etersoft/helmfile.yaml b/etersoft/helmfile.yaml index d861bbd..677999c 100644 --- a/etersoft/helmfile.yaml +++ b/etersoft/helmfile.yaml @@ -7,6 +7,21 @@ releases: namespace: openvpn-service createNamespace: false + - <<: *istio-base + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istio-gateway + installed: true + namespace: istio-system + createNamespace: false + + - <<: *istiod + installed: true + namespace: istio-system + createNamespace: false + bases: - ../environments.yaml - ../repositories.yaml diff --git a/etersoft/values/values.minio.yaml b/etersoft/values/values.minio.yaml index deefdb1..ba51cc3 100644 --- a/etersoft/values/values.minio.yaml +++ b/etersoft/values/values.minio.yaml @@ -95,6 +95,10 @@ buckets: policy: none purge: false versioning: false + - name: velero-test + policy: none + purge: false + versioning: false - name: restic policy: none purge: false diff --git a/helmfile.yaml b/helmfile.yaml index de9aa6b..735e9ba 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,24 +11,9 @@ releases: namespace: kube-system createNamespace: false - - <<: *istio-base - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istio-gateway - installed: true - namespace: istio-system - createNamespace: false - - - <<: *istiod - installed: true - namespace: istio-system - createNamespace: false - - <<: *cert-manager installed: true - namespace: cert-manager + namespace: kube-system createNamespace: false - <<: *minio @@ -38,17 +23,17 @@ releases: - <<: *metallb installed: true - namespace: metallb-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *reflector installed: true - namespace: reflector-system - createNamespace: true + namespace: kube-system + createNamespace: false - <<: *metallb-resources installed: true - namespace: metallb-system + namespace: kube-system createNamespace: false helmfiles: diff --git a/manifests/debug/istio/httpbin.yaml b/manifests/debug/istio/httpbin.yaml index f6d57f9..bc5f0b1 100644 --- a/manifests/debug/istio/httpbin.yaml +++ b/manifests/debug/istio/httpbin.yaml @@ -31,7 +31,7 @@ metadata: namespace: debug spec: rules: - - host: httpbin.rocks + - host: "httpbin.badhouseplants.net" http: paths: - path: / diff --git a/manifests/httpo1-cluster-issuer.yaml b/manifests/httpo1-cluster-issuer.yaml new file mode 100644 index 0000000..547b892 --- /dev/null +++ b/manifests/httpo1-cluster-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + labels: + app.kubernetes.io/instance: cluster-issuer + app.kubernetes.io/name: acme-cluster-issuer + name: badhouseplants-issuer-http01 +spec: + acme: + email: allanger@zohomail.com + preferredChain: "" + privateKeySecretRef: + name: badhouseplants-issuer-htt01-account-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + ingressClassName: traefik diff --git a/releases.yaml b/releases.yaml index ac52cdf..c8797c2 100644 --- a/releases.yaml +++ b/releases.yaml @@ -1,4 +1,3 @@ ---- templates: # --------------------------- # -- Hooks @@ -49,6 +48,14 @@ templates: values: - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml' + ext-tcp-routes: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: traefik + values: + - '{{ requiredEnv "PWD" }}/common/values.tcp-route.yaml' + ext-istio-resource: dependencies: - chart: bedag/raw @@ -56,6 +63,7 @@ templates: alias: istio values: - '{{ requiredEnv "PWD" }}/common/values.istio.yaml' + ext-certificate: dependencies: - chart: bedag/raw @@ -137,25 +145,24 @@ templates: cert-manager: &cert-manager name: cert-manager chart: jetstack/cert-manager - version: 1.14.5 + version: 1.15.0 set: - name: installCRDs value: true longhorn: &longhorn name: longhorn chart: longhorn/longhorn - version: 1.6.1 + version: 1.6.2 inherit: - template: default-env-values argocd: &argocd name: argocd chart: argo/argo-cd - version: 6.9.3 + version: 7.1.3 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource monitoring-common: labels: @@ -170,7 +177,6 @@ templates: - template: default-env-values - template: default-env-secrets - template: crd-management-hook - - template: ext-istio-resource loki: &loki name: loki @@ -231,10 +237,10 @@ templates: openvpn-xor: &openvpn-xor name: openvpn-xor chart: allanger-gitea/openvpn-xor - version: 1.3.0 + version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource + - template: ext-tcp-routes openvpn: &openvpn name: openvpn @@ -242,7 +248,6 @@ templates: version: 1.2.0 inherit: - template: default-env-values - - template: ext-istio-resource # ---------------------------- # -- Drone # ---------------------------- @@ -256,7 +261,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: drone-common drone-runner-docker: &drone-runner-docker @@ -271,21 +275,19 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.3.0 + version: 1.4.0 inherit: - template: ext-database - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource nrodionov: &nrodionov name: nrodionov chart: bitnami/wordpress - version: 22.2.11 + version: 22.4.10 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource minio: &minio name: minio @@ -294,16 +296,14 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource gitea: &gitea name: gitea chart: gitea/gitea - version: 10.1.4 + version: 10.2.0 inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database funkwhale: &funkwhale @@ -313,7 +313,6 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database bitwarden: &bitwarden @@ -323,12 +322,11 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource redis: &redis name: redis chart: bitnami/redis - version: 19.3.3 + version: 19.5.3 inherit: - template: default-env-values - template: default-env-secrets @@ -336,7 +334,7 @@ templates: postgres16: &postgres16 name: postgres16 chart: bitnami/postgresql - version: 15.3.3 + version: 15.5.5 inherit: - template: default-env-values - template: default-env-secrets @@ -357,7 +355,7 @@ templates: mysql: &mysql name: mysql chart: bitnami/mysql - version: 10.2.4 + version: 11.1.2 inherit: - template: default-env-values - template: default-env-secrets @@ -368,8 +366,7 @@ templates: version: 2.3.1 inherit: - template: default-env-values - - template: ext-istio-gateway - - template: ext-istio-resource + - template: ext-tcp-routes vaultwarden: &vaultwarden name: vaultwarden @@ -378,9 +375,16 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database + vaultwarden-test: &vaultwardentest + name: vaultwardentest + chart: allanger-gitea/vaultwarden + version: 1.2.0 + inherit: + - template: default-env-values + - template: default-env-secrets + reflector: &reflector name: reflector chart: emberstack/reflector @@ -393,8 +397,9 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-certificate + - template: ext-tcp-routes + - template: ext-database tandoor: &tandoor name: tandoor @@ -403,13 +408,12 @@ templates: inherit: - template: default-env-values - template: default-env-secrets - - template: ext-istio-resource - template: ext-database coredns: &coredns name: coredns chart: coredns/coredns - version: 1.29.0 + version: 1.31.0 namespace: kube-system inherit: - template: default-env-values @@ -417,7 +421,7 @@ templates: cilium: &cilium name: cilium chart: cilium/cilium - version: 1.15.5 + version: 1.15.6 createNamespace: false namespace: kube-system inherit: @@ -426,23 +430,14 @@ templates: zot: &zot name: zot chart: zot/zot - version: 0.1.54 - createNamespace: false - namespace: kube-services - inherit: - - template: default-env-values - - template: default-env-secrets - - template: ext-istio-resource - chartmuseum: &chartmuseum - name: chartmuseum - chart: chartmuseum/chartmuseum - version: 3.10.2 + version: 0.1.56 createNamespace: false namespace: kube-services inherit: - template: default-env-values - template: default-env-secrets - template: ext-istio-resource + keel: &keel name: keel chart: keel/keel @@ -450,4 +445,20 @@ templates: createNamespace: false namespace: kube-system - + traefik: &traefik + name: traefik + chart: traefik/traefik + version: 28.2.0 + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + + local-path-provisioner: &local-path-provisioner + name: local-path-provisioner + chart: local-path-provisioner/local-path-provisioner + createNamespace: false + namespace: kube-system + inherit: + - template: default-env-values + diff --git a/repositories.yaml b/repositories.yaml index 2900540..5ffcf86 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -31,8 +31,8 @@ repositories: url: https://constin.github.io/vaultwarden-helm/ - name: db-operator url: https://db-operator.github.io/charts - - name: allanger-gitea - url: https://git.badhouseplants.net/api/packages/allanger/helm + # - name: allanger-gitea + # url: https://git.badhouseplants.net/api/packages/allanger/helm - name: badhouseplants url: https://badhouseplants.github.io/helm-charts/ - name: woodpecker @@ -59,3 +59,7 @@ repositories: url: https://chartmuseum.github.io/charts - name: keel url: https://charts.keel.sh + - name: traefik + url: https://traefik.github.io/charts + - name: local-path-provisioner + url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=v0.0.26 -- 2.49.0 From d6d93998cb6b16d74f20616d2c2adb21af7e4f78 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 15 Jun 2024 20:45:50 +0200 Subject: [PATCH 162/164] Update traefik --- releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/releases.yaml b/releases.yaml index c8797c2..3092fe6 100644 --- a/releases.yaml +++ b/releases.yaml @@ -448,7 +448,7 @@ templates: traefik: &traefik name: traefik chart: traefik/traefik - version: 28.2.0 + version: 28.3.0 createNamespace: false namespace: kube-system inherit: -- 2.49.0 From 697e5f374651c757719aa79a662f7875c95f4076 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 21 Jun 2024 17:23:33 +0200 Subject: [PATCH 163/164] Add a storage to the vaultwarden test --- badhouseplants/values/values.vaultwardentest.yaml | 14 +++++++------- releases.yaml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/badhouseplants/values/values.vaultwardentest.yaml b/badhouseplants/values/values.vaultwardentest.yaml index da8b043..7796066 100644 --- a/badhouseplants/values/values.vaultwardentest.yaml +++ b/badhouseplants/values/values.vaultwardentest.yaml @@ -20,21 +20,21 @@ vaultwarden: port: "8080" workers: "10" webVaultEnabled: "true" - signupsAllowed: false + signupsAllowed: true invitationsAllowed: true signupDomains: "https://vaulttest.badhouseplants.net" - signupsVerify: "true" - showPassHint: "false" + signupsVerify: false + showPassHint: true # database: # existingSecret: vaultwarden-postgres16-creds # existingSecretKey: CONNECTION_STRING # connectionRetries: 15 # maxConnections: 10 storage: - enabled: false - # size: 1Gi - # class: longhorn - # dataDir: /data + enabled: true + size: 512Mi + class: longhorn + dataDir: /data logging: enabled: false logfile: "/data/vaultwarden.log" diff --git a/releases.yaml b/releases.yaml index 3092fe6..f07b763 100644 --- a/releases.yaml +++ b/releases.yaml @@ -275,7 +275,7 @@ templates: woodpecker-ci: &woodpecker-ci name: woodpecker-ci chart: woodpecker/woodpecker - version: 1.4.0 + version: 1.5.0 inherit: - template: ext-database - template: default-env-values -- 2.49.0 From 14dbe234eaac4d3a0412982c9e2dda010e607d36 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 22 Jun 2024 13:28:53 +0200 Subject: [PATCH 164/164] Cleanup namespaces --- badhouseplants/values/values.namespaces.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/badhouseplants/values/values.namespaces.yaml b/badhouseplants/values/values.namespaces.yaml index 7dd45d2..c11513c 100644 --- a/badhouseplants/values/values.namespaces.yaml +++ b/badhouseplants/values/values.namespaces.yaml @@ -11,7 +11,6 @@ namespaces: https://ci.badhouseplants.net/repos/15 - name: gitea-service - name: funkwhale-application - - name: bitwarden-application - name: database-service - name: mail-service - name: vaultwarden-application @@ -21,6 +20,4 @@ namespaces: labels: istio-injection: enabled - name: badhouseplants-preview - - name: mailu-application - name: kube-services - - name: applications \ No newline at end of file -- 2.49.0