badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

Fox some things

Browse Source
This commit is contained in:
Nikolai Rodionov 2025-03-03 09:58:44 +01:00
parent 1cd242ea6a
commit b413d381cc
Signed by: allanger
GPG Key ID: 09F8B434D0FDD99B
9 changed files with 78 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
common/environments.yaml
View File

@ -41,52 +41,6 @@ environments:
enabled: false
- redis:
enabled: false
- postgres16:
enabled: true
- istio:
enabled: false
xray-1:
kubeContext: xray-1
values:
- base:
enabled: false
- velero:
enabled: false
- workload:
enabled: false
- backups:
enabled: false
- openebs:
enabled: false
- localpath:
enabled: false
- postgres17:
enabled: false
- redis:
enabled: false
- postgres16:
enabled: false
- istio:
enabled: false
xray-2:
kubeContext: xray-2
values:
- base:
enabled: false
- velero:
enabled: false
- workload:
enabled: false
- backups:
enabled: false
- openebs:
enabled: false
- localpath:
enabled: false
- postgres17:
enabled: false
- redis:
enabled: false
- postgres16:
enabled: false
- istio:

4
installations/applications/helmfile-badhouseplants.yaml
View File

@ -54,7 +54,7 @@ releases:
- name: navidrome
chart: allangers-charts/navidrome
namespace: applications
version: 0.3.0
version: 0.4.0
inherit:
- template: default-env-values
- template: ext-traefik-middleware
@ -62,7 +62,7 @@ releases:
- name: navidrome-private
chart: allangers-charts/navidrome
namespace: applications
version: 0.3.0
version: 0.4.0
inherit:
- template: default-env-values
- template: default-env-secrets

1
installations/applications/helmfile-etersoft.yaml
View File

@ -26,7 +26,6 @@ releases:
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: external-service-xray
chart: ../../kustomizations/external-service-xray

4
kustomizations/kyverno/etersoft/pvc-patch.yaml
View File

@ -1,7 +1,7 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: replace-storage-class-by-openebs
name: append-node-name-to-pvc
spec:
rules:
- name: replace-storage-class
@ -11,7 +11,7 @@ spec:
kinds:
- PersistentVolumeClaim
namespaces:
- application
- applications
- platform
mutate:
patchStrategicMerge:

26
values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
View File

@ -1,14 +1,14 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:3uyfgg==,iv:h0lDQcBUq7dGkoEUrbpYUIH3WMjLCTfeuyWN3dor4Fc=,tag:haDg+tn+P4byTBu9Ubo7lg==,type:bool]
sensitive: ENC[AES256_GCM,data:++ogyA==,iv:pGxb1rjvB6/P2xb0UiP8EkfRlaGWRjkIkcquhSBoGK0=,tag:6MKBUdow2ncGBTIKqipSQA==,type:bool]
enabled: ENC[AES256_GCM,data:C4TSoQ==,iv:kG2QtaNWHSc2sdhzo8HnMnPE0Mixqs1dvFsAcke/Gw4=,tag:HhbVmIw5RQ9hipQqZ5J2pw==,type:bool]
sensitive: ENC[AES256_GCM,data:0wVOUg==,iv:FGxAd9h2e0LeWukZR/THhCscF3FWoK4dnkrX1mqSC+A=,tag:0rpeedT6x2V79WB5xRNbuA==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:N+Br,iv:PCsBwchLQ1cHaLXTM3xoMyrZYMHC/u0jky6LE8SEhh4=,tag:RmgPoHblCVy2SxG0SxK3Hw==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:BKHlDha9Ce+tZxHrfDgTxExSkAHlrjQxIw==,iv:kNqYZP1EItbzvBJK4eaDrdm2FMTrv8K/AjMLuH2oABY=,tag:en3UXFjjzQFpty5UNhsYwg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:Hl3d5pEWQaiR8b3u/ue1yvDInneH4VY10XgBb+D7M6lxPGDkFgJHoocsw+ZB3N+nK+JSvdeblA65z4H3fVxpMS8Bs8dtAXHjW6k=,iv:D/04/1IiW3Bs/IpOlbhP+mSOyon5TtPatNmS5437lBo=,tag:AO7f1NGMDRVsg/e6iLUxBg==,type:str]
SMTP_USERNAME: ENC[AES256_GCM,data:82zb,iv:Z89+Wt6jGMQTZ73ghk1Ey504WYt2Li9XQ2gaH0SB8tI=,tag:RmqHxghik75E9LAABzyVxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:ELi8dtNa/OhQKgrXbrgwHK95ntZjyzRSvQ==,iv:IVZbXZlFyCRMc3bW81Ak9UdjeGke0px9mGqrmaW7EHk=,tag:9xli08c0pqnxu2ktTbCMcg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:CAAalqRcu9vsM1bjC76enJCSX/tc7yOd48mxGV0d5rTFxQz08b4JVhKyMzl7BRog7+PMtJkkTnRIXZHgj31FqhRylmHyuAn3iPc=,iv:PpZvZMhOEt6ecdkBcvAOSz+eZktPAzaAlYNjBSgiN/w=,tag:apHKw66HG7TYnpBNVyM7xA==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:WFsNwHisslATr9wgiDJrwRycr9xFckGGJA==,iv:tz7kOZuwwJOBpToJMtEIqKH6CS+8lNgHKzp8wdyRHq0=,tag:0dQ/qB9AAhxT4Bw2W4uQ+Q==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:g212PzN9/4hxBKMAWFNiR0qAnPPK/tkffg==,iv:1l6dikIQGSjznW9MsaCTdz0wLJmAhiL0ZOdN2J4Q0yA=,tag:tNbPdORUa6IBWgh0HHaNjA==,type:str]
sops:
kms: []
gcp_kms: []
@ -18,14 +18,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQkRvRGRNWWcrbXk4SG1B
bCt0TFg4cUhjbTU3RzNSbTVKbVFhWkVGRlFvCndUbW5jWWhKZ256RWZkN3RQZnhJ
ZEc0NkNTRk5rYjhpVjhWZXdGZmdrc0UKLS0tIGpncTNyaXZGMTVubmZIS0pmWWRa
cG5FRVRpSEo4ektGclJyc1BjVVZGL2cKk6T/GQ6yuH/fejE4/RIaPhqnDFQSdvOl
5Vts8+3J+x23HxXSzSuscz4JTuFiaLHWRi1I40yV9qpwSoy5D76sqw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoLys3dkJDK2lrQ0d4ZlJi
eFRTSmx1RUtZRnpxdkNvVFFCeXl6dDcvWXdvCitoNkcwVFFxRVJ6dkNUbGVPb1pU
b3E4ZjZibFF6QytNdUhXNDFLZXRpSEUKLS0tIHpZTmFXNnptVzJmZFhIU2haRWhR
UjNEN1BlREFVak1xdmQzaFY1dHVyM3cKuvMIrQUL1cuw3Odz/Cv+kZV9ZZzBozSW
XimhDSkxNrH5OsGC1Jxz/8JOv8abBs4NROzffVdyqtZZzXOLzw3mJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-20T13:25:53Z"
mac: ENC[AES256_GCM,data:uS8xrENKnhTCPgSHYSqwssYaWNsvPgwG1zabR/GIrVnMxUQlOUnUP6G1cC8ELQ9Zx79sEUW/X+nZOOeSiggHWBgh3XQNJRIXO8OUz4El+9yoXaTr0mfU72e3KtpWZ2xxOQoVBD3mRVACSuNbfwL/qQEx8L8bYfEghZ35dMld8f0=,iv:MEJ5MNb3og993Z3JoL7gidcX8YdW288PbYaBl3g+Aqo=,tag:JuCvgkrdziwOeVsAxfKcPw==,type:str]
lastmodified: "2025-03-02T08:58:16Z"
mac: ENC[AES256_GCM,data:px+D6tlAZU6GzlE8/jLc0BaPyRwsfE1jRROy2mX7bhFTIW3lZqt/zangO46fFH5hXZjY5wLNIktCDbawIbUFwAp0vrmXxctZoAftl9hpdtW6ann3yfyv3pdcs7/BKu3s5QUswx6D13iLU0dvzyG4vGcQNmKpxuPQYLuDp2o74hM=,iv:2Y+wsS7QcgQ/8umZ+a21QjU25Yq24Y7UWjXVy9Gmvoo=,tag:APVtby5NCOQxrPAjIbMJ+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

28
values/etersoft/secrets.vaultwardentest.yaml
View File

@ -1,13 +1,11 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:zzAqZw==,iv:eNmoXsT7ME8Ayq1+6SKVMAmNfMXbaCHhbpoIVSCMmEs=,tag:rXlJGUtPQm0ulut18xuEpQ==,type:bool]
sensitive: ENC[AES256_GCM,data:p+tT+Q==,iv:0W4zA1+9Q6eDx6OMAscdDc0GveZgo/zW6in/PdfZo5E=,tag:SBplDU0DWQHzS0zQbhlOmA==,type:bool]
enabled: ENC[AES256_GCM,data:nQ+V6A==,iv:V3S80SWwPd4CmIpcE7h8JlzqlMhJPwRa3QjQ0Ezl9po=,tag:J1bNAB6vQzuZLK+QPGl/Mw==,type:bool]
sensitive: ENC[AES256_GCM,data:O1M/Pw==,iv:FcXRYnWleruNLWWB5SvXKKh2VDrpq1NmFgZ0qXtwz8A=,tag:MPaozYmtMvIp2ik2NMv50A==,type:bool]
data:
#ENC[AES256_GCM,data:lUhrHf0qCaIFA/03PexzwaG8BZPx4jJ1E7+D8RSusZsegYVEAcP13XkQ,iv:/aKm2fUtjUWb7zGipYLjFSoPv6JEhrt0lneEHcLY2vk=,tag:0TrN03ApXMyDLbghPU3lEw==,type:comment]
ADMIN_PASSWORD: ENC[AES256_GCM,data:NkRDv5wL9+q30cydrbxaG5kSkEjSVk1kj4H1OipjaWkSKR1gUyVfFcmd1NCWldDNAK8=,iv:i26l6IFjyHqHXVadTGBl3wKDtRyykTca20mNaItl6kM=,tag:iYDdkUBE0GorA+zhu1ogfg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:3LzUfxviYj5PSsm9bUn7pkLdVR7ggFHToXKvKIEw61d1MY6Ph3qVMr32KKJlbwh25by/hUQgSa1/WxxJDbBWsMzP9PikTov6lwFzMMOS/DDBM9ctxw==,iv:9zDoNV+Gbij9N95tKLd7Aa5c63UswSIG0nauGLS39Jg=,tag:wZE8U1t6GEqt7Obj4mqWcA==,type:str]
DATABASE_URL: null
#ENC[AES256_GCM,data:/5YuWuePwRN26Y2mCmGqI2FeDzZnsEyucbj1TR8j2LoCmhE=,iv:GMB4Y6LMAodfF6ItU5cRffMSPZh/85VHuLWOSo5YXdc=,tag:/h4vqzl5ZBy4msVe96l4Uw==,type:comment]
ADMIN_PASSWORD: ENC[AES256_GCM,data:YDMg09xZG26MR+d4wcEtqGDnID8piLNX4uFFa1rnrde3qek2ZYzm5RDGhRjUbABgj3g=,iv:Q0wi8tDfkzDDfBHFNEm9EItmIEwhX/13LiZ9cvb9QBo=,tag:zugAhXY26VPRsS1Sz+KCkg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:FZtTW2AVZsSlsF0kaZOkpaOvpYmjaVTJ3joSXU+6ylS16iItp4ggqfZe/EMjKDImqB42XrOt+c90hWu21a/RlGe7iGt+av9mkG3/932STxgUaPHB8A==,iv:GOb9mOurT3qeXcO4GmX38kQNFQx4ylAQ7Z/n5GCaVao=,tag:raZZSHBg9mPKnwaYB4yoaA==,type:str]
sops:
kms: []
gcp_kms: []
@ -17,14 +15,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRHYvUG9ybVdOUk56alc1
VFUrS1lxT0srSG1uRldVUkZxY0NDaDZFUFJRCklsejBiNm9pelZYRTdlTGcvMSta
TS9lMElyMGJCa1pPN0J0amxDOFlQbGsKLS0tIE1mYlpwZEhES2Zrdk84UExjeXlz
akQ2M3NTc2hDRCt0OFJMMmVKZzg5UXMKqFkcNzqp9uhVu67/APA5XbqMVzv4RegS
at9pmPCxTlWQoPjzGtuF+l7J5lkS2KrU0wROC62AggnmEY1dMOSzqw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUGtWT09WOVlGRnc3aVVp
VWdMbHFPMTAwSGFOd3dBSDUrbFB2R3VOaVVRCkptckpBR1JHcW12bEVIQ3pBOHJN
emQ0VmorbjhSeUNhTGJMMWFKMWZrelEKLS0tIFRDMkRiV0owWnNLWFFKSVAzZ1Bi
eWt3a0J4b1F3ejFwZlRlblcyWGYrY00KvZ737upypCW8nDPa01uHVTtHgGcKhEFv
MSa0WYeEa3ArffR6gPtH4uAErL0B7+slSvTFVt6HJ5z1VdgIWlMBZg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-06T09:06:31Z"
mac: ENC[AES256_GCM,data:uDSzjE3cnkzY2ADj/v6PkaB4XVla9+N5J7H/+b7Erc9cSdbV7utvBjhxDeMpnrurO10mNDtvgPEJ00e/bDz4Ru3tl6OXSeY9lvvKZTHi69i5e8naX6t6M2xv7rKyLe8gw5GzwSGfKGpsJeTKsUuKN2tAcoy23THC1Mauulj6G2A=,iv:85JA9+1rps4OUzFrXsy0e/NS0SZPfYpPHP0hjy/uCRQ=,tag:K/Oj9TyQIJXvuo6gwPzzRw==,type:str]
lastmodified: "2025-03-02T08:58:13Z"
mac: ENC[AES256_GCM,data:hYtrnn0dXtv/9vZ82hu6wsFVXvP56QNKrz1vb6o8+BVOc9cWheDAyPwhv3SHibkSSXb7Bw0qCXN0w43+zxT03HTxHAWb/zk/YD39Vv8iWvGc5Wuyduh/pPZn52MrQr4Gyqf/QQQMwvDkWwXQ0t6Y8XU+HF+XDz2NKE2NyZzOOa8=,iv:Rg7AUYEhqWHJqvZi32F7b9Ux4fv1o0Gmavw6SQe+hao=,tag:5clTc1DJrfFzMiTEPtj7Fw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.4

8
values/etersoft/values.external-dns.yaml
View File

@ -1,7 +1,13 @@
provider:
name: cloudflare
domainFilters:
- badhouseplants.net
policy: sync
txtOwnerId: eter
txtPrefix: eter-ext-dns
txtPrefix: eter-ext-dns-
logFormat: json
logLevel: info
sources:
- service
- ingress
- crd

63
values/etersoft/values.vaultwardentest.yaml
View File

@ -1,32 +1,10 @@
shortcuts:
hostname: vaulttest.ru.badhouseplants.net
ext-database:
enabled: true
name: vaultwardentest-postgres16
instance: postgres16
credentials:
DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}"
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
mounts:
storage:
data:
path: /app/data/
extraVolumes:
logs:
path: /app/logs
envFrom:
- environment
- secrets
- secretRef:
name: vaultwardentest-postgres16-creds
ingress:
main:
class: traefik
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
@ -34,46 +12,14 @@ ingress:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
rules:
- host: vaulttest.ru.badhouseplants.net
http:
paths:
- backend:
service:
name: '{{ include "chart.fullname" $ }}-main'
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- vaulttest.ru.badhouseplants.net
secretName: vaulttest.ru.badhouseplants.net
extraVolumes:
logs:
emptyDir: {}
storage:
data:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
accessModes:
- ReadWriteOnce
config:
env:
environment:
main:
enabled: true
sensitive: false
data:
DOMAIN: https://vaulttest.ru.badhouseplants.net
#SMTP_HOST: mail.badhouseplants.net
#SMTP_SECURITY: "starttls"
#SMTP_PORT: 587
#SMTP_FROM: vaulttest@badhouseplants.net
#SMTP_FROM_NAME: Vault Warden
#SMTP_AUTH_MECHANISM: "Plain"
#SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
#SMTP_ACCEPT_INVALID_CERTS: "false"
#SMTP_DEBUG: false
DATA_FOLDER: /app/data/
ROCKET_PORT: 8080
SHOW_PASSWORD_HINT: true
@ -89,3 +35,4 @@ env:
ORG_GROUPS_ENABLED: true
ORG_EVENTS_ENABLED: true
ORG_CREATION_USERS: ""
SMTP_SECURITY: 'off'