From 622e3ae65f52b65fdb9fba27b049581be0894774 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sat, 3 Aug 2024 21:17:21 +0200 Subject: [PATCH] Update a lot of releases --- installations/applications/helmfile.yaml | 18 +- installations/games/helmfile.yaml | 21 +++ installations/storage/helmfile.yaml | 4 +- installations/system/helmfile.yaml | 10 +- values/badhouseplants/secrets.minecraft.yaml | 28 ++++ values/badhouseplants/values.minecraft.yaml | 157 ++++++++++++++++++ values/badhouseplants/values.prometheus.yaml | 6 +- values/badhouseplants/values.rook-ceph.yaml | 2 + values/badhouseplants/values.stalwart.yaml | 46 +++++ .../badhouseplants/values.woodpecker-ci.yaml | 2 +- 10 files changed, 278 insertions(+), 16 deletions(-) create mode 100644 installations/games/helmfile.yaml create mode 100644 values/badhouseplants/secrets.minecraft.yaml create mode 100644 values/badhouseplants/values.minecraft.yaml create mode 100644 values/badhouseplants/values.stalwart.yaml diff --git a/installations/applications/helmfile.yaml b/installations/applications/helmfile.yaml index 0d76026..906da59 100644 --- a/installations/applications/helmfile.yaml +++ b/installations/applications/helmfile.yaml @@ -103,14 +103,22 @@ releases: - template: default-env-values - template: default-env-secrets - template: ext-database - - - name: vaultwardentest - chart: softplayer-oci/vaultwarden - version: 2.1.0 + + - name: stalwart + chart: allangers-charts/stalwart + version: 0.1.0 namespace: applications inherit: - template: default-env-values - - template: default-env-secrets + - template: ext-tcp-routes + + #- name: vaultwardentest + # chart: allangers-charts/vaultwarden + # version: 2.1.0 + # namespace: applications + # inherit: + # - template: default-env-values + # - template: default-env-secrets - name: shadowsocks-libev chart: softplayer-oci/shadowsocks-libev diff --git a/installations/games/helmfile.yaml b/installations/games/helmfile.yaml new file mode 100644 index 0000000..f48470c --- /dev/null +++ b/installations/games/helmfile.yaml @@ -0,0 +1,21 @@ +--- +{{ readFile "../../common/templates.yaml" }} + +bases: + - ../../common/environments.yaml + +repositories: + - name: bedag + url: https://bedag.github.io/helm-charts/ + - name: minecraft + url: https://itzg.github.io/minecraft-server-charts/ + +releases: + - name: minecraft + chart: minecraft/minecraft + namespace: games + version: 4.20.0 + inherit: + - template: ext-tcp-routes + - template: default-env-values + - template: default-env-secrets diff --git a/installations/storage/helmfile.yaml b/installations/storage/helmfile.yaml index 0b3b16d..e1b5d87 100644 --- a/installations/storage/helmfile.yaml +++ b/installations/storage/helmfile.yaml @@ -13,7 +13,7 @@ releases: chart: rook-release/rook-ceph installed: true namespace: rook-ceph - version: v1.14.8 + version: v1.14.9 inherit: - template: default-env-values @@ -21,7 +21,7 @@ releases: chart: rook-release/rook-ceph-cluster installed: true namespace: rook-ceph - version: v1.14.8 + version: v1.14.9 needs: - rook-ceph/rook-ceph inherit: diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 1f5f733..dc20767 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -58,7 +58,7 @@ releases: - name: cilium chart: cilium/cilium - version: 1.15.7 + version: 1.16.0 namespace: kube-system needs: - kube-system/coredns @@ -67,7 +67,7 @@ releases: - name: cert-manager chart: jetstack/cert-manager - version: 1.15.1 + version: 1.15.2 namespace: kube-system needs: - kube-system/cilium @@ -94,7 +94,7 @@ releases: - name: metallb chart: metallb/metallb namespace: kube-system - version: 0.14.7 + version: 0.14.8 needs: - kube-system/cilium inherit: @@ -112,7 +112,7 @@ releases: - name: traefik chart: traefik/traefik - version: 29.0.1 + version: 30.0.2 namespace: kube-system needs: - kube-system/cilium @@ -122,7 +122,7 @@ releases: - name: velero chart: vmware-tanzu/velero namespace: kube-system - version: 7.1.2 + version: 7.1.4 inherit: - template: default-env-values - template: default-env-secrets diff --git a/values/badhouseplants/secrets.minecraft.yaml b/values/badhouseplants/secrets.minecraft.yaml new file mode 100644 index 0000000..a841175 --- /dev/null +++ b/values/badhouseplants/secrets.minecraft.yaml @@ -0,0 +1,28 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:lZ2/ZXHCjXEe3VlqzyziGWRi7CWn8jhaLg==,iv:hWQy35yoxZOfTqr3Y2x7yUTd0nzLBpjHtQWrdvHYD4g=,tag:QGMkDh2q8JrBwq1wRJ/2nQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:NVwBLhDqZD0+1Yk5mr48Z491CMsfQGzRR4zQmRgP,iv:N60ZtRRxRDH8WdzQUTt6v3TP/UAiibyqCA/Y97g770o=,tag:Lz/lEG23hdva8TWgYxBA7g==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:i0MErquBzs4YgePKfSI=,iv:VwnGxA3PLkILQSbyzJ9XtSzWepF7RYtxnvyhZumWBLQ=,tag:AvXdooV5Cn7d3kNzt2ptSg==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:vrpIZIrU,iv:9draRN4qSnhGLKbndWPW5YR5Tr93f/37/x+2G3rIfsw=,tag:fks0UI/j04MILBFRQGcfaQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb0szVEV3V2l0WmtoRFRj + U1QzWkw3UDRKemVQQ0t2TzFrSmN1b3V0Y1E4CkdDaDQzdlNjZTFlSVNMbTlxbkwv + dVFHQ1EvYUFBNGs0cWc0SFB2M2xtbUUKLS0tIFFGUzFpTXhXd0UwZVhZSUR1c1RS + QURwVEdlK1FWQTh1d0NNUXR1OUplMGMKqc1VSEnCX6AN9wClNZXy+rfhlzpxhnTE + GKQQA0MFgAKwjLe2K0IyOXi1nxNxElZnBPzJeDAVej4BTpUZvh14ow== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-03T19:16:36Z" + mac: ENC[AES256_GCM,data:/qsVEOLbarzykIPsX0eqQWZcyyWIEZQILE+Qpt2d6XFHBsJ52KUD1KWL5USFOA0qvTP9c4EV9dDfAsXM+VO1jpm61/SZiTAtsTzI+JlY7x+6hqTc1cq0WXZgn4xQXJ9FKwrkCVL8HBGtujg3qb8EoeYaWpuHf3OCyJaAsKTajgw=,iv:8qCXGDQtf+uPUq/qe/koodf3CuJaYf2tFyjQeYTWJ6g=,tag:D5A7noPWEnvtoVTNETqJGg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/values/badhouseplants/values.minecraft.yaml b/values/badhouseplants/values.minecraft.yaml new file mode 100644 index 0000000..63a1f1a --- /dev/null +++ b/values/badhouseplants/values.minecraft.yaml @@ -0,0 +1,157 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +traefik: + enabled: true + tcpRoutes: + - name: minecraft-tcp + entrypoint: minecraft + gateway: istio-system/badhouseplants-minecraft + match: HostSNI(`*`) + service: minecraft-minecraft + port: 25565 +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- +image: + tag: java17-graalvm + pullPolicy: Always + +resources: + requests: + memory: 3Gi + cpu: 1000m + limits: + memory: 3Gi + + #lifecycle: + # postStart: + # - bash + # - -c + # - for i in {1..100}; do mc-health && break || sleep 20; done && rcon-cli setpassword 11223345 + +livenessProbe: + command: + - mc-health + initialDelaySeconds: 30 + periodSeconds: 5 + failureThreshold: 20 + successThreshold: 1 + timeoutSeconds: 20 +readinessProbe: + command: + - mc-health + initialDelaySeconds: 30 + periodSeconds: 5 + failureThreshold: 20 + successThreshold: 1 + timeoutSeconds: 20 + +minecraftServer: + memory: 2G + overrideServerProperties: true + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.20.1 + maxWorldSize: 90000 + type: "FORGE" + gameMode: survival + pvp: true + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false +persistence: + storageClass: ceph-filesystem + dataDir: + enabled: true + Size: 10Gi +mcbackup: + enabled: false + backupInterval: 2h + pauseIfNoPlayers: "false" + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" + resources: + requests: + memory: 512Mi + cpu: 100m + persistence: + backupDir: + enabled: false +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- +initContainers: + - name: 0-download-mods + image: alpine/curl + command: + - curl + - -L + - "https://s3.badhouseplants.net/public-download/server_mods.tar" + - -o + - /download/server_mods.tar + volumeMounts: + - name: download + mountPath: /download + readOnly: false + - name: 1-copy-plugins-to-minecraft + image: ubuntu + command: + - sh + - -c + - cd /mods && tar -xvf /download/server_mods.tar || true + volumeMounts: + - name: plugins + mountPath: /mods + readOnly: false + - name: download + mountPath: /download + readOnly: false +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/mods + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi + - name: download + emptyDir: + sizeLimit: 500Mi diff --git a/values/badhouseplants/values.prometheus.yaml b/values/badhouseplants/values.prometheus.yaml index 6750b7f..337c8cb 100644 --- a/values/badhouseplants/values.prometheus.yaml +++ b/values/badhouseplants/values.prometheus.yaml @@ -56,7 +56,7 @@ defaultRules: prometheus: prometheusSpec: enableAdminAPI: true - retentionSize: 7GB + retentionSize: 1GB retention: 20d podMonitorNamespaceSelector: any: true @@ -73,7 +73,7 @@ prometheus: storageSpec: volumeClaimTemplate: spec: - accessModes: ["ReadWriteOnce"] + accessModes: ["ReadWriteMany"] resources: requests: - storage: 12Gi + storage: 1Gi diff --git a/values/badhouseplants/values.rook-ceph.yaml b/values/badhouseplants/values.rook-ceph.yaml index 931a1e1..2c05e13 100644 --- a/values/badhouseplants/values.rook-ceph.yaml +++ b/values/badhouseplants/values.rook-ceph.yaml @@ -1,4 +1,6 @@ --- +monitoring: + enabled: true csi: enableRbdDriver: false csiRBDProvisionerResource: | diff --git a/values/badhouseplants/values.stalwart.yaml b/values/badhouseplants/values.stalwart.yaml new file mode 100644 index 0000000..e28df64 --- /dev/null +++ b/values/badhouseplants/values.stalwart.yaml @@ -0,0 +1,46 @@ +shortcuts: + hostname: stalwart.badhouseplants.net + +ingress: + main: + annotations: + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.class: traefik + kubernetes.io/ingress.global-static-ip-name: "" + kubernetes.io/tls-acme: "true" + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + +traefik: + enabled: true + tcpRoutes: + - name: stalwart-smtp + service: stalwart-smtp + match: HostSNI(`*`) + entrypoint: smtp + port: 25 + - name: stalwart-smpt-startls + match: HostSNI(`*`) + service: stalwart-submission + entrypoint: smtp-startls + port: 587 + - name: stalwart-imap + match: HostSNI(`*`) + service: stalwart-imap + entrypoint: imap + port: 143 + - name: stalwart-imaps + match: HostSNI(`*`) + service: stalwart-imaptls + entrypoint: imaps + port: 993 + - name: stalwart-pop3 + match: HostSNI(`*`) + service: stalwart-pop3 + entrypoint: pop3 + port: 110 + - name: stalwart-pop3s + match: HostSNI(`*`) + service: stalwart-pop3s + entrypoint: pop3s + port: 995 diff --git a/values/badhouseplants/values.woodpecker-ci.yaml b/values/badhouseplants/values.woodpecker-ci.yaml index 86cba08..84064b3 100644 --- a/values/badhouseplants/values.woodpecker-ci.yaml +++ b/values/badhouseplants/values.woodpecker-ci.yaml @@ -32,7 +32,7 @@ server: enabled: true env: WOODPECKER_GITEA: true - WOODPECKER_GITEA_URL: https://git.badhouseplants.net + WOODPECKER_GITEA_URL: https://gitea.badhouseplants.net WOODPECKER_DATABASE_DRIVER: postgres WOODPECKER_GITEA_CLIENT: ab5e4687-a476-4668-9fbc-288d54095634 WOODPECKER_OPEN: true