Onboard the etersoft cluster
This commit is contained in:
parent
a3d8a0e93c
commit
205113bafd
@ -8,6 +8,10 @@ environments:
|
|||||||
enabled: true
|
enabled: true
|
||||||
- backups:
|
- backups:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
- localpath:
|
||||||
|
enabled: false
|
||||||
|
- openebs:
|
||||||
|
enabled: true
|
||||||
etersoft:
|
etersoft:
|
||||||
kubeContext: etersoft
|
kubeContext: etersoft
|
||||||
values:
|
values:
|
||||||
@ -19,3 +23,5 @@ environments:
|
|||||||
enabled: true
|
enabled: true
|
||||||
- openebs:
|
- openebs:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
- localpath:
|
||||||
|
enabled: true
|
||||||
|
26
installations/applications/helmfile-etersoft.yaml
Normal file
26
installations/applications/helmfile-etersoft.yaml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
bases:
|
||||||
|
- ../../common/environments.yaml
|
||||||
|
- ../../common/templates.yaml
|
||||||
|
repositories:
|
||||||
|
- name: allangers-charts
|
||||||
|
url: ghcr.io/allanger/allangers-charts
|
||||||
|
oci: true
|
||||||
|
- name: gabe565
|
||||||
|
url: ghcr.io/gabe565/charts
|
||||||
|
oci: true
|
||||||
|
releases:
|
||||||
|
- name: openvpn
|
||||||
|
chart: allangers-charts/openvpn
|
||||||
|
version: 0.0.2
|
||||||
|
namespace: applications
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
- template: ext-tcp-routes
|
||||||
|
- name: qbittorrent
|
||||||
|
chart: gabe565/qbittorrent
|
||||||
|
version: 0.3.7
|
||||||
|
namespace: applications
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
- template: ext-secret
|
||||||
|
- template: ext-traefik-middleware
|
@ -66,6 +66,7 @@ releases:
|
|||||||
version: 2024.8.3
|
version: 2024.8.3
|
||||||
namespace: platform
|
namespace: platform
|
||||||
createNamespace: false
|
createNamespace: false
|
||||||
|
condition: workload.enabled
|
||||||
needs:
|
needs:
|
||||||
- platform/db-operator
|
- platform/db-operator
|
||||||
inherit:
|
inherit:
|
||||||
@ -82,12 +83,14 @@ releases:
|
|||||||
- name: kyverno
|
- name: kyverno
|
||||||
chart: kyverno/kyverno
|
chart: kyverno/kyverno
|
||||||
namespace: kyverno
|
namespace: kyverno
|
||||||
|
condition: workload.enabled
|
||||||
labels:
|
labels:
|
||||||
bootstrap: true
|
bootstrap: true
|
||||||
version: 3.2.7
|
version: 3.2.7
|
||||||
- name: kyverno-policies
|
- name: kyverno-policies
|
||||||
chart: kyverno/kyverno-policies
|
chart: kyverno/kyverno-policies
|
||||||
namespace: kyverno
|
namespace: kyverno
|
||||||
|
condition: workload.enabled
|
||||||
labels:
|
labels:
|
||||||
bootstrap: true
|
bootstrap: true
|
||||||
version: 3.2.6
|
version: 3.2.6
|
||||||
@ -96,6 +99,7 @@ releases:
|
|||||||
- name: custom-kyverno-policies
|
- name: custom-kyverno-policies
|
||||||
chart: ../../kustomizations/kyverno/
|
chart: ../../kustomizations/kyverno/
|
||||||
namespace: kyverno
|
namespace: kyverno
|
||||||
|
condition: workload.enabled
|
||||||
labels:
|
labels:
|
||||||
bootstrap: true
|
bootstrap: true
|
||||||
needs:
|
needs:
|
||||||
|
@ -24,6 +24,8 @@ repositories:
|
|||||||
url: https://vmware-tanzu.github.io/helm-charts/
|
url: https://vmware-tanzu.github.io/helm-charts/
|
||||||
- name: openebs
|
- name: openebs
|
||||||
url: https://openebs.github.io/openebs
|
url: https://openebs.github.io/openebs
|
||||||
|
- name: local-path-provisioner
|
||||||
|
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
|
||||||
releases:
|
releases:
|
||||||
- name: namespaces
|
- name: namespaces
|
||||||
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
|
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
|
||||||
@ -131,3 +133,12 @@ releases:
|
|||||||
- kube-system/cilium
|
- kube-system/cilium
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
|
# -- Not versions since it's installed from git
|
||||||
|
- name: local-path-provisioner
|
||||||
|
chart: local-path-provisioner/local-path-provisioner
|
||||||
|
condition: localpath.enabled
|
||||||
|
namespace: kube-system
|
||||||
|
needs:
|
||||||
|
- kube-system/cilium
|
||||||
|
inherit:
|
||||||
|
- template: default-env-values
|
||||||
|
@ -1,11 +1,7 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
|
||||||
app.kubernetes.io/instance: server-xray-public
|
|
||||||
app.kubernetes.io/name: server-xray
|
|
||||||
name: debug
|
name: debug
|
||||||
namespace: public-xray
|
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- args:
|
- args:
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
credentials:
|
credentials:
|
||||||
useSecret: ENC[AES256_GCM,data:jaRt6g==,iv:tFJ1xXlSvzdmGk32IxNoygKkOTYg1uhWiTQ+Fb4vxho=,tag:w7eY7ByCOnR2yx5hnoeL7Q==,type:bool]
|
useSecret: ENC[AES256_GCM,data:aeEoxA==,iv:OGb9hAy+LJuH2ZPVVAyEkLUXpiqsYat1vFvHfxnnz+k=,tag:DLkOF+a4QWcjiNnDmQsrNg==,type:bool]
|
||||||
name: ENC[AES256_GCM,data:iXPmDVTNHwQKNpUbqjWI,iv:6ykrI3VcYPKInFAPsYl0TzynEdl/PQvCKQp0UCtytXM=,tag:LuTomLPweH/e5Ubr4O8LOw==,type:str]
|
name: ENC[AES256_GCM,data:f68NZYuDiN4uQUGA6JFl,iv:ugx3j6xxplh9nD/gWo56FfZ7UNB3m2Ta5vXpuvJTOhs=,tag:we/ZrIa6wYicsfhDL2seqQ==,type:str]
|
||||||
secretContents:
|
secretContents:
|
||||||
data: ENC[AES256_GCM,data:DC9XGNH0Q1PYEs2AesQWsYCIUS8iXWc7UsU+Y6e2Mt04vWFNpPMHxFUgMVHU4X7BChoyW/vXF3EPPORga99Xdf8q4+LprOZ4,iv:+poyt47TO3+lVzkK8L32OJreylYPJlZslBGpnNlO+aE=,tag:5qzH/6FHcIsMI7SKLadSgA==,type:str]
|
data: ENC[AES256_GCM,data:I+of51MXK+TXvGODqqk3xJ4yLFf516Acvr5HjfBJ1RNQKLP8kJ2w/6djOz6iF57WThl12Q3Nj68P8+uC6ZZ8uyS9P/AD5UVeDCeeTF0bSBdDoK0=,iv:+LdjdMyFB8xN61DxD5zEUGFbTJsGX5rRsqtZB+xwJno=,tag:ANV7UaZ839PIh+frj1UGkQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -12,14 +12,14 @@ sops:
|
|||||||
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnZG1RaForN3gwd081UzM5
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZVREdnRXcm1KSXFXR1Zx
|
||||||
SkZCVVNjVjFMRzRLbmI0VGV3QlZUdk9pT3hJCklsL0dIcDg1d0xsL2tYTlZBNDVY
|
VTlNMnFyTy8waDZuVTJ3ckphcFdxQ1pZNEFBCm1TcTlDTWhjMFdnZWN2RXNhN1RH
|
||||||
Ykp6THppMERGNm5FTUg5NFgyMkRBN1EKLS0tIE1Uclk0bnZibko1aHI0WXlpSFFQ
|
QmNJTWRneko4Ui9IMlExYVJMZlExZ1UKLS0tIDhLcytJY3NJR1g0MTQ3dlNtU2M3
|
||||||
WjVKZ1RCQzJwM04rYmQ5Q0x5SHJrdjQK/Y3T0XyH6JKG8OXip25W4EJBQlF6obbe
|
dWFFUWt0UnAyTTBxNVVhNGxQY01XWnMKPSBtx7LUUX/hRkCvJHn2d42M8FaNtUPY
|
||||||
GPv/C5IfnquKv4rGwrLxZuIKYBHmHrwmu5fj/5ls9i+Mr4FbaJt9NA==
|
0hUgS8ySUx7avpijvvBQYxLhGj9qzpMdfEX/4jQzM9Q5E9LviOA63w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-11T12:09:20Z"
|
lastmodified: "2024-10-11T12:28:10Z"
|
||||||
mac: ENC[AES256_GCM,data:o6jRT/fyR25ChKrfWnx5AapVpiPxJYLJy9NbOTv/CBv0iO9/CKTh0HpeHkvkechPuBlQexI06f1bjqXUkKNFefrh/EIS82it0WGHpUwL+UUsh+g0ZfvZ23NvhFvYCUzxG48E+VxXV2Pt3VsqwxczNb4LCCBf6Nv2ljE4T0eezlA=,iv:5Ed9ZjdotnlWLq6cos3zwmvxRdibYPmXifKwj4eiDY0=,tag:Ct9fbr9aLz3jXl16Sk9LaQ==,type:str]
|
mac: ENC[AES256_GCM,data:f3KDO0lqWydj2RS36Ak3Ml6IixNUvSbwDboFGsg7GDju839xIAJFS1RzoW9As67MBL0YLSh9t9uI0566oPmRr0SEW1/sWQpp0BXA3EQB2jzejnnPRbZnWesFJZL5qNSOGIXmacWXMDzNNAD83mxUsRj2DxfIiKJuI4fKFgmCzCg=,iv:XlFo8+wJtjBaGcM7EW1I1lRTttcijq1u/gE2dX3x2iw=,tag:6kkMBGG8UQy4e7jMcBCBFQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.1
|
||||||
|
38
values/etersoft/secrets.minio.yaml
Normal file
38
values/etersoft/secrets.minio.yaml
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
rootPassword: ENC[AES256_GCM,data:JF0ZjTiuvYzO9Ol7ma268WS/VugWW/2Jaw==,iv:VBxzVeCLB74en8BiybMZHvrB9FIyssrGtDpsaXqCtBQ=,tag:DOhQwg7D+tEqcikrcv88FQ==,type:str]
|
||||||
|
users:
|
||||||
|
- accessKey: ENC[AES256_GCM,data:4vsyrmk6clo=,iv:lcDiS+AFB3yAzsrKbfyDQnYuT2twGpd0kC/z7YhpsbQ=,tag:fpBGkAVPNiTrxDCE1pXR3A==,type:str]
|
||||||
|
secretKey: ENC[AES256_GCM,data:3kqn1s4wqGLURlfrhNYMGjaoZAw+HF4rwg==,iv:0xLW4f6N0g3h8FfOUGfbVOhnSTKLsy71Ubt+2z4dSC0=,tag:HkEJ/LSbn+8RfGF8FAYqHQ==,type:str]
|
||||||
|
policy: ENC[AES256_GCM,data:FJEdDNqZA30=,iv:ZI7Nbzwi3RtIuadt3/UBA5AbQJjjiB2M/uoj2AFA/10=,tag:U3BZ6cFRS09fnKkA7kROJA==,type:str]
|
||||||
|
- accessKey: ENC[AES256_GCM,data:0poCmmka,iv:O51Mx43yigleqadiR7b8i7uxOT+38C88efa/TUbYBj0=,tag:r9ZwW5pxvPxLSyQTezAN1Q==,type:str]
|
||||||
|
secretKey: ENC[AES256_GCM,data:fRpbe2HbTNactZx+60jtd0YL1pCmhWMYgw==,iv:tmZbhzQxx8+Tyxpx+jQ0YCXBVfR74BM3yGlai8IXZHE=,tag:xk9l8Rse9Hnj0Qcmnm/cmA==,type:str]
|
||||||
|
policy: ENC[AES256_GCM,data:oxr+5V8C,iv:EHFqChAYnZP9PqejnpA9coJIlO9s9VllMIXUM1HLSpY=,tag:/Al9G92TUtxWAcwkTaQJCA==,type:str]
|
||||||
|
oidc:
|
||||||
|
enabled: ENC[AES256_GCM,data:lMx4vU8=,iv:J2/vLve9rjzAS6IGFEMixfSTa+0bRTxKcy8iRUuhvSY=,tag:Xz5/xmyUgLmW9YLXRc/D4A==,type:bool]
|
||||||
|
configUrl: ENC[AES256_GCM,data:eGE12HZTCzRkC4I+chRrk/GZjN4uBf6BEkrfgj4w3AKoe/zRfn5fbfOeZcYswJxmemf5jV0/Z8Xf7qRAOfogF0j/oAGPr6Ljf1xmJ37W72Giz9AJGBOWOnk=,iv:Fxwb59KoX/+xsbAJ4Gimxs5EbFaJf47KIosexsg6+xw=,tag:hWh/HbR8Re0F79amQhprmw==,type:str]
|
||||||
|
clientId: ENC[AES256_GCM,data:HV3Na7c=,iv:J+zpkI6f24cjnETRcIIv9M7ZcYf59TSIui05TOQJvJU=,tag:F3nmBGoW2lZ8GR09hRZ6YQ==,type:str]
|
||||||
|
clientSecret: ENC[AES256_GCM,data:gIGqUq1CAl+Y6EBBhWW8qjsUnUpuril/eH+gZBWG9J3O8dJjX3Z4MA8Q4HZPVdz5Q+6cZlIQ8nf5xbDQsGKFJgE0IqlM2B+pLd+toCpstP2irwHbx5z1RSHo8az70al87AaAKeAlWF0xVbVhpN5JrAQcjALOUbgeBg72QLQZOUw=,iv:bwc677iXUyX4R37j25iuKS37H8hwwEleEIArrQLNfhU=,tag:guPzIqsD+4s51rTK61fx2A==,type:str]
|
||||||
|
claimName: ENC[AES256_GCM,data:wXZh3m5M,iv:0iuETRNlJeiAwgeMbXuECh1EYuHQ+FI+++aL7jgMU9s=,tag:BBwQbNfPmwnjx5Hrk68sZQ==,type:str]
|
||||||
|
redirectUri: ENC[AES256_GCM,data:FSeRB5+TscUcZCwJhpaDHGbpUa49yF/eW4vjN036hfCJ2r0jdSiDrU2CjVTqcl8=,iv:4ap8l61BRye4K0imsF34zXiEmN13uwe86PTxcnTOEm0=,tag:k62A6DGt0n1Ra/NJoss+FQ==,type:str]
|
||||||
|
comment: ENC[AES256_GCM,data:U9F6nifLDU9DkfVXoCOHUJC7H2M=,iv:xR4P03dfn1OXGD4zx3OXOPwHGh4/rJHVqDp0Qn+Oacw=,tag:AXfM+5M2ZdtNJ6oJgeyqZw==,type:str]
|
||||||
|
claimPrefix: ""
|
||||||
|
scopes: ENC[AES256_GCM,data:rkal2ggLfUTsMu739T5aXWM7MF4ny+k6m6D5,iv:Xl1siRhxvWlqlAcZzV5N1hZTH3hg+HsEujwn9kLFovM=,tag:LKza7MMkC2x6ZeYVKIop5w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMHA0bUNTVnlHWU03UWhn
|
||||||
|
eHJ0Y2xzREVxTlhWbk5GRzhSa3RoV2lValY0CkcxbEZyc1VQNnozcTRteVlVQXNy
|
||||||
|
cUlyNDFtMTRPMnF1TmNIRjB4RkdZK28KLS0tIFBJdG05MklnV3IyYVJ5VDF6VE9n
|
||||||
|
VkVEQitNb0VOa1BJNkZ5d0E2czNtRXcKby+2hCLGWWKVsQeb5rLdl/LOvh9zQOyr
|
||||||
|
c1Spv2k7duos1MNnbQvRtRbJyYCRdo9Q7ZjbXiJL+Wb5//MGCfJi0w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-10-14T05:40:46Z"
|
||||||
|
mac: ENC[AES256_GCM,data:yFMVr4gztundDVhLKENNfn+/WS/n8kJFXJ52aF7vAZtJ3UYibUBJh88BWYQn2euBUiPZXu2xNp0/SBUTKocJE9a9g9O+mjLemTzCOsHD7mMmKwHc9BSUnzPpKne+hdfNaWW8V0LP5hnlDeIT+75dcqu9f4I/v/ipsOk+C1WeKU4=,iv:gkDc7bqtoFrz6GG7NiBY8PUn1etWEAomhI8mf9b5jD0=,tag:1m2Ysku6FMlceILUisK5bw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.1
|
@ -1,9 +1,7 @@
|
|||||||
---
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: ~
|
ingressClassName: traefik
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
@ -11,16 +9,15 @@ ingress:
|
|||||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
path: /
|
path: /
|
||||||
hosts:
|
hosts:
|
||||||
- s3.3.badhouseplants.net
|
- s3.e.badhouseplants.net
|
||||||
tls:
|
tls:
|
||||||
- secretName: s3.e.badhouseplants.net
|
- secretName: s3.e.badhouseplants.net
|
||||||
hosts:
|
hosts:
|
||||||
- s3.e.badhouseplants.net
|
- s3.e.badhouseplants.net
|
||||||
consoleIngress:
|
consoleIngress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: ~
|
ingressClassName: traefik
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
kubernetes.io/ingress.allow-http: "false"
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
kubernetes.io/ingress.global-static-ip-name: ""
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
@ -28,12 +25,11 @@ consoleIngress:
|
|||||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||||
path: /
|
path: /
|
||||||
hosts:
|
hosts:
|
||||||
- minio.e.badhouseplants.net
|
- min.e.badhouseplants.net
|
||||||
tls:
|
tls:
|
||||||
- secretName: minio.e.badhouseplants.net
|
- secretName: min.e.badhouseplants.net
|
||||||
hosts:
|
hosts:
|
||||||
- minio.e.badhouseplants.net
|
- min.e.badhouseplants.net
|
||||||
|
|
||||||
rootUser: 'overlord'
|
rootUser: 'overlord'
|
||||||
replicas: 1
|
replicas: 1
|
||||||
mode: standalone
|
mode: standalone
|
||||||
@ -45,9 +41,12 @@ tls:
|
|||||||
publicCrt: public.crt
|
publicCrt: public.crt
|
||||||
privateKey: private.key
|
privateKey: private.key
|
||||||
persistence:
|
persistence:
|
||||||
|
annotations:
|
||||||
|
volume.kubernetes.io/selected-node: yekaterinburg
|
||||||
|
storageClass: local-path
|
||||||
enabled: true
|
enabled: true
|
||||||
accessMode: ReadWriteOnce
|
accessMode: ReadWriteOnce
|
||||||
size: 100Gi
|
size: 10Gi
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
clusterIP: ~
|
clusterIP: ~
|
||||||
@ -60,25 +59,10 @@ resources:
|
|||||||
requests:
|
requests:
|
||||||
memory: 2Gi
|
memory: 2Gi
|
||||||
buckets:
|
buckets:
|
||||||
- name: badhouseplants-net
|
- name: velero
|
||||||
policy: download
|
policy: none
|
||||||
purge: false
|
|
||||||
versioning: false
|
|
||||||
- name: badhouseplants-js
|
|
||||||
policy: download
|
|
||||||
purge: false
|
|
||||||
versioning: false
|
|
||||||
- name: badhouseplants-net-main
|
|
||||||
policy: download
|
|
||||||
purge: false
|
|
||||||
versioning: false
|
|
||||||
- name: sharing
|
|
||||||
policy: download
|
|
||||||
purge: false
|
|
||||||
versioning: false
|
|
||||||
- name: allanger-music
|
|
||||||
policy: download
|
|
||||||
purge: false
|
purge: false
|
||||||
|
versioning: fase
|
||||||
metrics:
|
metrics:
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -97,35 +81,13 @@ policies:
|
|||||||
- resources: []
|
- resources: []
|
||||||
actions:
|
actions:
|
||||||
- "kms:*"
|
- "kms:*"
|
||||||
- name: Admins
|
- name: velero
|
||||||
statements:
|
statements:
|
||||||
- resources:
|
- resources:
|
||||||
- 'arn:aws:s3:::*'
|
- 'arn:aws:s3:::velero'
|
||||||
actions:
|
|
||||||
- "s3:*"
|
|
||||||
- resources: []
|
|
||||||
actions:
|
|
||||||
- "admin:*"
|
|
||||||
- resources: []
|
|
||||||
actions:
|
|
||||||
- "kms:*"
|
|
||||||
- name: DevOps
|
|
||||||
statements:
|
|
||||||
- resources:
|
|
||||||
- 'arn:aws:s3:::badhouseplants-net'
|
|
||||||
actions:
|
actions:
|
||||||
- "s3:*"
|
- "s3:*"
|
||||||
- resources:
|
- resources:
|
||||||
- 'arn:aws:s3:::badhouseplants-net/*'
|
- 'arn:aws:s3:::velero/*'
|
||||||
actions:
|
|
||||||
- "s3:*"
|
|
||||||
- name: sharing
|
|
||||||
statements:
|
|
||||||
- resources:
|
|
||||||
- 'arn:aws:s3:::sharing'
|
|
||||||
actions:
|
|
||||||
- "s3:*"
|
|
||||||
- resources:
|
|
||||||
- 'arn:aws:s3:::sharing/*'
|
|
||||||
actions:
|
actions:
|
||||||
- "s3:*"
|
- "s3:*"
|
||||||
|
@ -1,35 +1,47 @@
|
|||||||
|
image:
|
||||||
|
repository: zot.badhouseplants.net/allanger/container-openvpn
|
||||||
|
# ------------------------------------------
|
||||||
|
# -- Istio extenstion. Just because I'm
|
||||||
|
# -- not using ingress nginx
|
||||||
|
# ------------------------------------------
|
||||||
|
# istio:
|
||||||
|
# enabled: true
|
||||||
|
# istio:
|
||||||
|
# - name: openvpn-tcp-xor
|
||||||
|
# gateway: istio-system/badhouseplants-vpn
|
||||||
|
# kind: tcp
|
||||||
|
# port_match: 1194
|
||||||
|
# hostname: "*"
|
||||||
|
# service: openvpn-xor
|
||||||
|
# port: 1194
|
||||||
|
|
||||||
|
# ------------------------------------------
|
||||||
|
traefik:
|
||||||
|
enabled: true
|
||||||
|
tcpRoutes:
|
||||||
|
- name: openvpn
|
||||||
|
service: openvpn
|
||||||
|
match: HostSNI(`*`)
|
||||||
|
entrypoint: openvpn
|
||||||
|
port: 1194
|
||||||
|
tcproute:
|
||||||
|
enabled: false
|
||||||
storage:
|
storage:
|
||||||
class: microk8s-hostpath
|
annotations:
|
||||||
size: 5Gi
|
volume.kubernetes.io/selected-node: yekaterinburg
|
||||||
|
size: 128Mi
|
||||||
openvpn:
|
openvpn:
|
||||||
proto: tcp
|
proto: tcp
|
||||||
host: 91.232.225.63
|
host: 91.232.225.63
|
||||||
|
easyrsa:
|
||||||
|
cn: Bad Houseplants
|
||||||
|
country: Germany
|
||||||
|
province: Hamburg
|
||||||
|
city: Hamburg
|
||||||
|
org: Bad Houseplants
|
||||||
|
email: allanger@badhouseplants.net.com
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
port: 1194
|
port: 1194
|
||||||
targetPort: 1194
|
targetPort: 1194
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
easyrsa:
|
|
||||||
cn: Bad Houseplants
|
|
||||||
country: Germany
|
|
||||||
province: NRW
|
|
||||||
city: Duesseldorf
|
|
||||||
org: Bad Houseplants
|
|
||||||
email: allanger@zohomail.com
|
|
||||||
istio-resources:
|
|
||||||
enabled: true
|
|
||||||
gateways:
|
|
||||||
- metadata:
|
|
||||||
name: etersoft-vpn
|
|
||||||
namespace: istio-system
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
istio: ingressgateway
|
|
||||||
servers:
|
|
||||||
- hosts:
|
|
||||||
- '*'
|
|
||||||
port:
|
|
||||||
name: openvpn
|
|
||||||
number: 1194
|
|
||||||
protocol: TCP
|
|
||||||
|
|
||||||
|
45
values/etersoft/values.qbittorrent.yaml
Normal file
45
values/etersoft/values.qbittorrent.yaml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
ext-secret:
|
||||||
|
enabled: true
|
||||||
|
name: torrent-basic-auth
|
||||||
|
data:
|
||||||
|
users: |
|
||||||
|
allanger:$apr1$kNwkQ0S.$9q29sib/xWEp3NDp.tquw/
|
||||||
|
middleware:
|
||||||
|
enabled: true
|
||||||
|
middlewares:
|
||||||
|
- name: torrentauth
|
||||||
|
spec:
|
||||||
|
basicAuth:
|
||||||
|
secret: torrent-basic-auth
|
||||||
|
ingress:
|
||||||
|
# -- Enable and configure ingress settings for the chart under this key.
|
||||||
|
# @default -- See [values.yaml](./values.yaml)
|
||||||
|
main:
|
||||||
|
ingressClassName: traefik
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/tls-acme: "true"
|
||||||
|
kubernetes.io/ingress.allow-http: "false"
|
||||||
|
kubernetes.io/ingress.global-static-ip-name: ""
|
||||||
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: applications-torrentauth@kubernetescrd
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- host: tor.e.badhouseplants.net
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
tls:
|
||||||
|
- secretName: tor.e.badhouseplants.net
|
||||||
|
hosts:
|
||||||
|
- tor.e.badhouseplants.net
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
annotations:
|
||||||
|
volume.kubernetes.io/selected-node: yekaterinburg
|
||||||
|
enabled: true
|
||||||
|
size: 1Gi
|
||||||
|
downloads:
|
||||||
|
annotations:
|
||||||
|
volume.kubernetes.io/selected-node: yekaterinburg
|
||||||
|
enabled: true
|
||||||
|
size: 10Gi
|
||||||
|
accessMode: ReadWriteOnce
|
@ -4,87 +4,9 @@ ports:
|
|||||||
web:
|
web:
|
||||||
redirectTo:
|
redirectTo:
|
||||||
port: websecure
|
port: websecure
|
||||||
ssh:
|
|
||||||
port: 22
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
exposedPort: 22
|
|
||||||
protocol: TCP
|
|
||||||
openvpn:
|
openvpn:
|
||||||
port: 1194
|
port: 1194
|
||||||
expose:
|
expose:
|
||||||
default: true
|
default: true
|
||||||
exposedPort: 1194
|
exposedPort: 1194
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
# valve-server:
|
|
||||||
# port: 27015
|
|
||||||
# expose:
|
|
||||||
# default: true
|
|
||||||
# exposedPort: 27015
|
|
||||||
# protocol: UDP
|
|
||||||
# valve-rcon:
|
|
||||||
# port: 27015
|
|
||||||
# expose:
|
|
||||||
# default: true
|
|
||||||
# exposedPort: 27015
|
|
||||||
# protocol: TCP
|
|
||||||
smtp:
|
|
||||||
port: 25
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 25
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
smtps:
|
|
||||||
port: 465
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 465
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
smtp-startls:
|
|
||||||
port: 587
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 587
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
imap:
|
|
||||||
port: 143
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 143
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
imaps:
|
|
||||||
port: 993
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 993
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
pop3:
|
|
||||||
port: 110
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 110
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
pop3s:
|
|
||||||
port: 995
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 995
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
minecraft:
|
|
||||||
port: 25565
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 25565
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
shadowsocks:
|
|
||||||
port: 8388
|
|
||||||
protocol: TCP
|
|
||||||
exposedPort: 8388
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
shadowsocks-udp:
|
|
||||||
port: 8389
|
|
||||||
protocol: UDP
|
|
||||||
exposedPort: 8389
|
|
||||||
expose:
|
|
||||||
default: true
|
|
||||||
|
Loading…
Reference in New Issue
Block a user