Fix certs

2025-04-01 12:23:49 +02:00 · 2025-04-01 12:23:49 +02:00 · 8deb163e0d
commit 8deb163e0d
parent 2c0f498611
8 changed files with 47 additions and 10 deletions
--- a/charts/namespaces/templates/namespaces.yaml
+++ b/charts/namespaces/templates/namespaces.yaml
@ -25,6 +25,14 @@ metadata:
  namespace: {{ $ns.name }}
 data:
  .dockerconfigjson: {{ $.Values.defaultRegcred }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: default
+  namespace: {{ $ns.name }}
+imagePullSecrets:
+  - name: regcred
 {{- end }}
 {{- end }}
 {{- end }}
--- a/common/environments.yaml
+++ b/common/environments.yaml
@ -2,7 +2,7 @@ environments:
  badhouseplants:
    kubeContext: badhouseplants
    values:
-      #- ./common/values/values.badhouseplants.yaml
+      - ./common/values/values.badhouseplants.yaml
      - base:
          enabled: true
      - velero:
--- a/helmfiles/system.yaml
+++ b/helmfiles/system.yaml
@ -163,7 +163,6 @@ releases:

  - name: istio-base
    chart: istio/base
-    condition: istio.enabled
    namespace: istio-system
    version: 1.25.1
    inherit:
@ -171,7 +170,6 @@ releases:

  - name: istiod
    chart: istio/istiod
-    condition: istio.enabled
    namespace: istio-system
    version: 1.25.1
    inherit:
--- a/installations/applications/helmfile-etersoft.yaml
+++ b/installations/applications/helmfile-etersoft.yaml
@ -27,6 +27,14 @@ releases:
      - template: default-env-values
      - template: default-env-secrets

+  - name: memos
+    chart: allangers-charts/memos
+    version: 0.3.0
+    namespace: applications
+    inherit:
+      - template: default-env-values
+
+
  - name: external-service-xray
    chart: ../../kustomizations/external-service-xray
    installed: true
--- a/values/badhouseplants/kube-system/namespaces/values.yaml
+++ b/values/badhouseplants/kube-system/namespaces/values.yaml
@ -7,7 +7,9 @@ namespaces:
  - name: velero
    defaultRegcred: true
  - name: observability
+    defaultRegcred: true
  - name: databases
+    defaultRegcred: true
  - name: istio-system
    defaultRegcred: true
  - name: applications
@ -17,10 +19,17 @@ namespaces:
  - name: platform
    defaultRegcred: true
  - name: games
+    defaultRegcred: true
  - name: team-fortress-2
+    defaultRegcred: true
  - name: pipelines
+    defaultRegcred: true
  - name: public-xray
+    defaultRegcred: true
    labels:
      istio-injection: disabled
  - name: org-badhouseplants
+    defaultRegcred: true
  - name: org-allanger
+    labels:
+      istio-injection: enabled
--- a/values/badhouseplants/values.memos.yaml
+++ b/values/badhouseplants/values.memos.yaml
@ -25,6 +25,7 @@ storage:
    storageClassName: openebs-hostpath
 ingress:
  main:
+    metadata:
      annotations:
        kubernetes.io/ingress.class: traefik
        kubernetes.io/tls-acme: "true"
--- a/values/etersoft/kube-system/namespaces/values.yaml
+++ b/values/etersoft/kube-system/namespaces/values.yaml
@ -3,6 +3,7 @@ namespaces:
  - name: kube-system
    defaultRegcred: true
  - name: applications
+    defaultRegcred: true
  - name: platform
    defaultRegcred: true
  - name: kyverno
--- a/values/etersoft/values.memos.yaml
+++ b/values/etersoft/values.memos.yaml
@ -0,0 +1,12 @@
+shortcuts:
+  hostname: memos.ds.badhouseplants.net
+ingress:
+  main:
+    metadata:
+      annotations:
+        kubernetes.io/ingress.class: traefik
+        kubernetes.io/tls-acme: "true"
+        kubernetes.io/ingress.allow-http: "false"
+        kubernetes.io/ingress.global-static-ip-name: ""
+        cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+        traefik.ingress.kubernetes.io/router.entrypoints: web,websecure