diff --git a/installations/applications/helmfile-badhouseplants.yaml b/installations/applications/helmfile-badhouseplants.yaml index 70df5c2..0e54465 100644 --- a/installations/applications/helmfile-badhouseplants.yaml +++ b/installations/applications/helmfile-badhouseplants.yaml @@ -113,6 +113,16 @@ releases: - template: default-env-secrets - template: ext-database + - name: tandoor-recipes + chart: allangers-charts/tandoor-recipes + installed: false + version: 0.1.0 + namespace: applications + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database + - name: badhouseplants-net chart: badhouseplants-helm/badhouseplants-net namespace: production diff --git a/values/badhouseplants/secrets.tandoor-recipes.yaml b/values/badhouseplants/secrets.tandoor-recipes.yaml new file mode 100644 index 0000000..1b948e1 --- /dev/null +++ b/values/badhouseplants/secrets.tandoor-recipes.yaml @@ -0,0 +1,25 @@ +env: + secrets: + data: + SECRET_KEY: ENC[AES256_GCM,data:9ABsIVICRj0LO7q1iKPatWkjPLaqpBa7EaXIHzT7,iv:2P2qRyUnP7GP0VXTulxbgplagyaAV4RvHsUPEXuieq0=,tag:juNh+eY/7GfxWMb5VXlNjQ==,type:str] + SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:VaPaCl6QAn7cn1OlZYD/tkJk8jgDCyiTvrfGydWrFtpUJFyNA+Wfj6sWvkTqhHTk5GYN4h0IIfqQScxhTmbxHmnEctyorC0AvFEZRw6IQ0KGFgdoQFZ5MPcb1kL3neY+GJwm7UAmH2AjAwG7PTZJsnha7N8q672IkAljCAVAokL7s6IS0vGzVHbyRy/tbR1BxCWcJX2WF2kpXAlc+mTKMZWsFChvrjjK1h4RyrYIDgbKGhJVM4cnrOzGrliuI58Ief+QERMXsFMIY6fbUsPT3eGe+oQQ+lKZxvlEbgVZsnsafQX6ZSWvtylmYVMgNsXbdqsWKlCnRfmATkS9sSJiUX59/ZtZcL3giRrXNlnv5poumEp9PO5euexXwlmJURXOnnD/kEcJn/PxuL2aV390I8TmaNGUZe0vzrNDSVOhCsykGMxf1L+MO5+aU+OndT0FH6l1GTQHNzzeo8XRrF5U9EPN6dTxbYWsu4GL9WuL0jhm/wYlbn1bhNnr5+1+xTpAHl20MeVQ0t+cCiB/7ALraPnFS88HQiA59YfiJA==,iv:qZa9zUL3c2bemBFk2SexY5TfDYUVNkk8QbB8Ucj/040=,tag:8e6CddYfCPnCKSN4bh3XMA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZ3JPMzhhVlVFR2R0R1hP + L25HUUdZRGp3dzViSk9vVXVvMVNTWWN0VmhnCkF1Y2F3SWdzR1p2LzJFd2xiWExW + UnhjZVpFM3NOaVkyYXBKUGZiMXFSM1EKLS0tIGJyS1VRTnJKYjAzcXpMbnd5LzhP + bHd1UGd0R3NZMXdUblAzMXZFUWtPUncKab/saT736wWdksBB1swEZMY25LICviqc + pzSL7VWlN4d+KEZu2mS4Z8Fxd+PqLmbKFtBL0pIYyXxmHmfI2AVS6Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-01T23:22:38Z" + mac: ENC[AES256_GCM,data:+5B69+er2ofT3sk1a7bvZiTqNpGjlaPTWza+pZP2O0wOw52IxhLtJdzQbxaCeAYoztYqAnFuqnaSZM7BL9AoV8bq1aAwnq64/KquWQ5KtBaY5YxDSrt0XFqDW63gAmcO+kyi777HwYSjpphMg8L3hRMebnypVju08il0twaDfww=,iv:xI3cU0WfH9TQ8YyLwqsJqnPKhVCKX+3EXQrm3ToY7ZY=,tag:Lz1jjjiZnd11AZaQv//9CA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/badhouseplants/values.tandoor-recipes.yaml b/values/badhouseplants/values.tandoor-recipes.yaml new file mode 100644 index 0000000..833fdf1 --- /dev/null +++ b/values/badhouseplants/values.tandoor-recipes.yaml @@ -0,0 +1,46 @@ +shortcuts: + hostname: tandoor.badhouseplants.net +ext-database: + enabled: true + name: tandoor-postgres16 + instance: postgres16 + credentials: + POSTGRES_HOST: "{{ .Hostname }}" + POSTGRES_PORT: "{{ .Port }}" +workload: + kind: Deployment + strategy: + type: RollingUpdate + containers: + tandoor: + securityContext: + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 3000 + supplementalGroups: [3000] + envFrom: + - main + - secrets + - secretRef: + name: tandoor-postgres16-creds +ingress: + main: + class: traefik + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + +env: + main: + enabled: true + sensitive: false + data: + DB_ENGINE: django.db.backends.postgresql + SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect + REMOTE_USER_AUTH: 1 + SOCIAL_DEFAULT_ACCESS: 1 + SOCIAL_DEFAULT_GROUP: guest