Update a lot of releases

2024-08-03 21:17:21 +02:00 · 2024-08-03 21:17:21 +02:00 · 622e3ae65f
commit 622e3ae65f
parent 232b922270
10 changed files with 278 additions and 16 deletions
--- a/installations/applications/helmfile.yaml
+++ b/installations/applications/helmfile.yaml
@ -103,14 +103,22 @@ releases:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-database
-
-  - name: vaultwardentest
-    chart: softplayer-oci/vaultwarden
-    version: 2.1.0
+  
+  - name: stalwart
+    chart: allangers-charts/stalwart
+    version: 0.1.0
    namespace: applications
    inherit:
      - template: default-env-values
-      - template: default-env-secrets
+      - template: ext-tcp-routes
+
+  #- name: vaultwardentest
+  #  chart: allangers-charts/vaultwarden
+  #  version: 2.1.0
+  #  namespace: applications
+  #  inherit:
+  #    - template: default-env-values
+  #    - template: default-env-secrets
  
  - name: shadowsocks-libev
    chart: softplayer-oci/shadowsocks-libev
--- a/installations/games/helmfile.yaml
+++ b/installations/games/helmfile.yaml
@ -0,0 +1,21 @@
+---
+{{ readFile "../../common/templates.yaml" }}
+
+bases:
+  - ../../common/environments.yaml
+  
+repositories:
+  - name: bedag
+    url: https://bedag.github.io/helm-charts/
+  - name: minecraft
+    url: https://itzg.github.io/minecraft-server-charts/
+
+releases:
+  - name: minecraft
+    chart: minecraft/minecraft
+    namespace: games
+    version: 4.20.0
+    inherit:
+      - template: ext-tcp-routes
+      - template: default-env-values
+      - template: default-env-secrets
--- a/installations/storage/helmfile.yaml
+++ b/installations/storage/helmfile.yaml
@ -13,7 +13,7 @@ releases:
    chart: rook-release/rook-ceph
    installed: true
    namespace: rook-ceph
-    version: v1.14.8
+    version: v1.14.9
    inherit:
      - template: default-env-values
  
@ -21,7 +21,7 @@ releases:
    chart: rook-release/rook-ceph-cluster
    installed: true
    namespace: rook-ceph
-    version: v1.14.8
+    version: v1.14.9
    needs:
      - rook-ceph/rook-ceph
    inherit:
--- a/installations/system/helmfile.yaml
+++ b/installations/system/helmfile.yaml
@ -58,7 +58,7 @@ releases:

  - name: cilium
    chart: cilium/cilium
-    version: 1.15.7
+    version: 1.16.0
    namespace: kube-system
    needs:
      - kube-system/coredns
@ -67,7 +67,7 @@ releases:

  - name: cert-manager
    chart: jetstack/cert-manager
-    version: 1.15.1
+    version: 1.15.2
    namespace: kube-system
    needs:
      - kube-system/cilium
@ -94,7 +94,7 @@ releases:
  - name: metallb
    chart: metallb/metallb
    namespace: kube-system
-    version: 0.14.7
+    version: 0.14.8
    needs:
      - kube-system/cilium
    inherit:
@ -112,7 +112,7 @@ releases:

  - name: traefik
    chart: traefik/traefik
-    version: 29.0.1
+    version: 30.0.2
    namespace: kube-system
    needs:
      - kube-system/cilium
@ -122,7 +122,7 @@ releases:
  - name: velero
    chart: vmware-tanzu/velero
    namespace: kube-system
-    version: 7.1.2
+    version: 7.1.4
    inherit:
      - template: default-env-values
      - template: default-env-secrets
--- a/values/badhouseplants/secrets.minecraft.yaml
+++ b/values/badhouseplants/secrets.minecraft.yaml
@ -0,0 +1,28 @@
+minecraftServer:
+    rcon:
+        password: ENC[AES256_GCM,data:lZ2/ZXHCjXEe3VlqzyziGWRi7CWn8jhaLg==,iv:hWQy35yoxZOfTqr3Y2x7yUTd0nzLBpjHtQWrdvHYD4g=,tag:QGMkDh2q8JrBwq1wRJ/2nQ==,type:str]
+mcbackup:
+    resticEnvs:
+        RESTIC_PASSWORD: ENC[AES256_GCM,data:NVwBLhDqZD0+1Yk5mr48Z491CMsfQGzRR4zQmRgP,iv:N60ZtRRxRDH8WdzQUTt6v3TP/UAiibyqCA/Y97g770o=,tag:Lz/lEG23hdva8TWgYxBA7g==,type:str]
+        AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:i0MErquBzs4YgePKfSI=,iv:VwnGxA3PLkILQSbyzJ9XtSzWepF7RYtxnvyhZumWBLQ=,tag:AvXdooV5Cn7d3kNzt2ptSg==,type:str]
+        AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:vrpIZIrU,iv:9draRN4qSnhGLKbndWPW5YR5Tr93f/37/x+2G3rIfsw=,tag:fks0UI/j04MILBFRQGcfaQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb0szVEV3V2l0WmtoRFRj
+            U1QzWkw3UDRKemVQQ0t2TzFrSmN1b3V0Y1E4CkdDaDQzdlNjZTFlSVNMbTlxbkwv
+            dVFHQ1EvYUFBNGs0cWc0SFB2M2xtbUUKLS0tIFFGUzFpTXhXd0UwZVhZSUR1c1RS
+            QURwVEdlK1FWQTh1d0NNUXR1OUplMGMKqc1VSEnCX6AN9wClNZXy+rfhlzpxhnTE
+            GKQQA0MFgAKwjLe2K0IyOXi1nxNxElZnBPzJeDAVej4BTpUZvh14ow==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-03T19:16:36Z"
+    mac: ENC[AES256_GCM,data:/qsVEOLbarzykIPsX0eqQWZcyyWIEZQILE+Qpt2d6XFHBsJ52KUD1KWL5USFOA0qvTP9c4EV9dDfAsXM+VO1jpm61/SZiTAtsTzI+JlY7x+6hqTc1cq0WXZgn4xQXJ9FKwrkCVL8HBGtujg3qb8EoeYaWpuHf3OCyJaAsKTajgw=,iv:8qCXGDQtf+uPUq/qe/koodf3CuJaYf2tFyjQeYTWJ6g=,tag:D5A7noPWEnvtoVTNETqJGg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
--- a/values/badhouseplants/values.minecraft.yaml
+++ b/values/badhouseplants/values.minecraft.yaml
@ -0,0 +1,157 @@
+---
+# --------------------------------------------------
+# -- Extensions values
+# --------------------------------------------------
+service-account:
+  enabled: true
+  resources:
+    - name: minecraft-exporter
+      label:
+        app: minecraft-minecraft-metrics
+      endpoints:
+        port: metrics
+# ------------------------------------------
+# -- Istio extenstion. Just because I'm
+# --  not using ingress nginx
+# ------------------------------------------
+traefik:
+  enabled: true
+  tcpRoutes:
+    - name: minecraft-tcp
+      entrypoint: minecraft
+      gateway: istio-system/badhouseplants-minecraft
+      match: HostSNI(`*`)
+      service: minecraft-minecraft
+      port: 25565
+# --------------------------------------------------
+# -- Main values
+# --------------------------------------------------
+image:
+  tag: java17-graalvm
+  pullPolicy: Always
+
+resources:
+  requests:
+    memory: 3Gi
+    cpu: 1000m
+  limits:
+    memory: 3Gi
+
+      #lifecycle:
+      #  postStart:
+      #    - bash
+      #    - -c
+      #    - for i in {1..100}; do mc-health && break || sleep 20; done && rcon-cli setpassword 11223345
+
+livenessProbe:
+  command:
+    - mc-health
+  initialDelaySeconds: 30
+  periodSeconds: 5
+  failureThreshold: 20
+  successThreshold: 1
+  timeoutSeconds: 20
+readinessProbe:
+  command:
+    - mc-health
+  initialDelaySeconds: 30
+  periodSeconds: 5
+  failureThreshold: 20
+  successThreshold: 1
+  timeoutSeconds: 20
+
+minecraftServer:
+  memory: 2G
+  overrideServerProperties: true
+  eula: "TRUE"
+  onlineMode: false
+  difficulty: hard
+  hardcore: true
+  version: 1.20.1
+  maxWorldSize: 90000
+  type: "FORGE"
+  gameMode: survival
+  pvp: true
+  rcon:
+    enabled: true
+    withGeneratedPassword: false
+    port: 25575
+    serviceType: ClusterIP
+  extraPorts:
+    - name: metrics
+      containerPort: 9225
+      protocol: TCP
+      service:
+        enabled: true
+        embedded: false
+        labels:
+          exporter: minecraft
+        type: ClusterIP
+        port: 9925
+      ingress:
+        enabled: false
+persistence:
+  storageClass: ceph-filesystem
+  dataDir:
+    enabled: true
+    Size: 10Gi
+mcbackup:
+  enabled: false
+  backupInterval: 2h
+  pauseIfNoPlayers: "false"
+  pruneBackupsDays: 2
+  rconRetries: 5
+  rconRetryInterval: 10s
+  excludes: "*.jar,cache,logs"
+  backupMethod: restic
+  resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
+  resticAdditionalTags: "mc_backups"
+  pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
+  resources:
+    requests:
+      memory: 512Mi
+      cpu: 100m
+  persistence:
+    backupDir:
+      enabled: false
+# ---------------------------------------------
+# -- Install Plugins
+# ---------------------------------------------
+initContainers:
+  - name: 0-download-mods
+    image: alpine/curl
+    command:
+      - curl
+      - -L
+      - "https://s3.badhouseplants.net/public-download/server_mods.tar"
+      - -o
+      - /download/server_mods.tar
+    volumeMounts:
+      - name: download
+        mountPath: /download
+        readOnly: false
+  - name: 1-copy-plugins-to-minecraft
+    image: ubuntu
+    command:
+      - sh
+      - -c
+      - cd /mods  && tar -xvf /download/server_mods.tar || true
+    volumeMounts:
+      - name: plugins
+        mountPath: /mods
+        readOnly: false
+      - name: download
+        mountPath: /download
+        readOnly: false
+extraVolumes:
+  - volumeMounts:
+      - name: plugins
+        mountPath: /data/mods
+        readOnly: false
+    volumes:
+      - name: plugins
+        emptyDir:
+          sizeLimit: 500Mi
+      - name: download
+        emptyDir:
+          sizeLimit: 500Mi
--- a/values/badhouseplants/values.prometheus.yaml
+++ b/values/badhouseplants/values.prometheus.yaml
@ -56,7 +56,7 @@ defaultRules:
 prometheus:
  prometheusSpec:
    enableAdminAPI: true
-    retentionSize: 7GB
+    retentionSize: 1GB
    retention: 20d
    podMonitorNamespaceSelector:
      any: true
@ -73,7 +73,7 @@ prometheus:
    storageSpec:
      volumeClaimTemplate:
        spec:
-          accessModes: ["ReadWriteOnce"]
+          accessModes: ["ReadWriteMany"]
          resources:
            requests:
-              storage: 12Gi
+              storage: 1Gi
--- a/values/badhouseplants/values.rook-ceph.yaml
+++ b/values/badhouseplants/values.rook-ceph.yaml
@ -1,4 +1,6 @@
 ---
+monitoring: 
+  enabled: true
 csi:
  enableRbdDriver: false
  csiRBDProvisionerResource: |
--- a/values/badhouseplants/values.stalwart.yaml
+++ b/values/badhouseplants/values.stalwart.yaml
@ -0,0 +1,46 @@
+shortcuts:
+  hostname: stalwart.badhouseplants.net
+
+ingress:
+  main:
+    annotations:
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.class: traefik
+      kubernetes.io/ingress.global-static-ip-name: ""
+      kubernetes.io/tls-acme: "true"
+      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+
+traefik:
+  enabled: true
+  tcpRoutes:
+    - name: stalwart-smtp
+      service: stalwart-smtp
+      match: HostSNI(`*`)
+      entrypoint: smtp
+      port: 25
+    - name: stalwart-smpt-startls
+      match: HostSNI(`*`)
+      service: stalwart-submission
+      entrypoint: smtp-startls
+      port: 587
+    - name: stalwart-imap
+      match: HostSNI(`*`)
+      service: stalwart-imap
+      entrypoint: imap
+      port: 143
+    - name: stalwart-imaps
+      match: HostSNI(`*`)
+      service: stalwart-imaptls
+      entrypoint: imaps
+      port: 993
+    - name: stalwart-pop3
+      match: HostSNI(`*`)
+      service: stalwart-pop3
+      entrypoint: pop3
+      port: 110
+    - name: stalwart-pop3s
+      match: HostSNI(`*`)
+      service: stalwart-pop3s
+      entrypoint: pop3s
+      port: 995
--- a/values/badhouseplants/values.woodpecker-ci.yaml
+++ b/values/badhouseplants/values.woodpecker-ci.yaml
@ -32,7 +32,7 @@ server:
  enabled: true
  env:
    WOODPECKER_GITEA: true
-    WOODPECKER_GITEA_URL: https://git.badhouseplants.net
+    WOODPECKER_GITEA_URL: https://gitea.badhouseplants.net
    WOODPECKER_DATABASE_DRIVER: postgres
    WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634
    WOODPECKER_OPEN: true