From c2ec134d2bdb73646b1f705c7c6e4604e61bd148 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Thu, 7 Nov 2024 10:09:56 +0100 Subject: [PATCH] Add postgres to etersoft --- common/environments.yaml | 8 ++- .../applications/helmfile-badhouseplants.yaml | 9 +++ .../applications/helmfile-etersoft.yaml | 3 +- installations/databases/helmfile.yaml | 4 +- installations/platform/helmfile.yaml | 2 - .../badhouseplants/secrets.vaultwarden.yaml | 56 +++++++++---------- values/badhouseplants/values.stalwart.yaml | 7 +-- values/badhouseplants/values.traefik.yaml | 7 +++ values/common/values.tcp-route.yaml | 36 ++++++------ values/etersoft/secrets.db-instances.yaml | 25 +++++++++ values/etersoft/secrets.postgres16.yaml | 24 ++++++++ values/etersoft/secrets.vaultwardentest.yaml | 56 +++++++++---------- values/etersoft/values.db-instances.yaml | 11 ++++ values/etersoft/values.minio.yaml | 4 +- values/etersoft/values.postgres16.yaml | 36 ++++++++++++ values/etersoft/values.vaultwardentest.yaml | 30 ++++++---- 16 files changed, 220 insertions(+), 98 deletions(-) create mode 100644 values/etersoft/secrets.db-instances.yaml create mode 100644 values/etersoft/secrets.postgres16.yaml create mode 100644 values/etersoft/values.db-instances.yaml create mode 100644 values/etersoft/values.postgres16.yaml diff --git a/common/environments.yaml b/common/environments.yaml index 0ea29db..ffdec4a 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -12,7 +12,9 @@ environments: enabled: false - openebs: enabled: true - - postgres: + - postgres17: + enabled: true + - postgres16: enabled: true - redis: enabled: true @@ -29,7 +31,9 @@ environments: enabled: false - localpath: enabled: true - - postgres: + - postgres17: enabled: false - redis: enabled: false + - postgres16: + enabled: true diff --git a/installations/applications/helmfile-badhouseplants.yaml b/installations/applications/helmfile-badhouseplants.yaml index 2c76fe8..ee1c1b3 100644 --- a/installations/applications/helmfile-badhouseplants.yaml +++ b/installations/applications/helmfile-badhouseplants.yaml @@ -109,3 +109,12 @@ releases: - template: default-env-values - template: ext-tcp-routes - template: ext-cilium + - name: vaultwardentest + chart: allangers-charts/vaultwarden + version: 2.4.0 + namespace: applications + installed: false + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database diff --git a/installations/applications/helmfile-etersoft.yaml b/installations/applications/helmfile-etersoft.yaml index fefc547..371340c 100644 --- a/installations/applications/helmfile-etersoft.yaml +++ b/installations/applications/helmfile-etersoft.yaml @@ -26,11 +26,12 @@ releases: - template: ext-traefik-middleware - name: vaultwardentest chart: allangers-charts/vaultwarden - version: 2.3.0 + version: 2.4.0 namespace: applications inherit: - template: default-env-values - template: default-env-secrets + - template: ext-database - name: tf-ocloud chart: ../../charts/tf-ocloud namespace: pipelines diff --git a/installations/databases/helmfile.yaml b/installations/databases/helmfile.yaml index b24352b..18f1129 100644 --- a/installations/databases/helmfile.yaml +++ b/installations/databases/helmfile.yaml @@ -20,7 +20,7 @@ releases: bundle: postgres namespace: databases chart: bitnami/postgresql - condition: postgres.enabled + condition: postgres16.enabled version: 15.5.38 inherit: - template: default-env-values @@ -30,7 +30,7 @@ releases: bundle: postgres namespace: databases chart: bitnami/postgresql - condition: postgres.enabled + condition: postgres17.enabled version: 16.0.6 inherit: - template: default-env-values diff --git a/installations/platform/helmfile.yaml b/installations/platform/helmfile.yaml index 0cd1b1a..f5170e4 100644 --- a/installations/platform/helmfile.yaml +++ b/installations/platform/helmfile.yaml @@ -26,13 +26,11 @@ releases: - name: db-operator namespace: platform chart: db-operator/db-operator - condition: workload.enabled version: 1.29.0 - name: db-instances chart: db-operator/db-instances namespace: platform - condition: workload.enabled needs: - platform/db-operator version: 2.4.0 diff --git a/values/badhouseplants/secrets.vaultwarden.yaml b/values/badhouseplants/secrets.vaultwarden.yaml index 87514dc..b9cea47 100644 --- a/values/badhouseplants/secrets.vaultwarden.yaml +++ b/values/badhouseplants/secrets.vaultwarden.yaml @@ -1,30 +1,30 @@ env: - secrets: - enabled: ENC[AES256_GCM,data:p8ATew==,iv:dP7WATC+Fm0dfP7hlEHdVPOo8ErsbiB+5YPgQzXV/Ss=,tag:iVnFW7Q74vo1CJ0I1tt+4g==,type:bool] - sensitive: ENC[AES256_GCM,data:dyb+SQ==,iv:ZkrLnt6yOtv8fd1qy+HIlbNcHT8aDmIU3S82WM/SePs=,tag:iPVbwIDHHDek97k58mgIZw==,type:bool] - data: - SMTP_USERNAME: ENC[AES256_GCM,data:26jN,iv:ASzEihTqVCn6XerFqAb/khSa+aTauTh0+OiJMoNmvsI=,tag:n8g47XIOOLkbBSUERsyx3A==,type:str] - ADMIN_PASSWORD: ENC[AES256_GCM,data:FOHowPJxX6b2i4Kr3DwJOjX7mzzq1Mp/mw==,iv:DrXQihNeT7jP23PhuuYAXCviYPD9+N+ZUp1hCxgPneY=,tag:WsmTl30sNMIMou23SGaunQ==,type:str] - ADMIN_TOKEN: ENC[AES256_GCM,data:ZWuys8umG5dqer/I5SmZCYQFB5FolA8jkXWgJvW5X/CIDEZlPxnL+nojSxhmdLTkVy7Yo0mgCC93WOjtPqPvZ+42SEVfKIgBKRM=,iv:nnb7peQioiB8drt2trcQjX13j471EJNARtQbXuJVvaw=,tag:fIAmV5R7BstW33zttKanRA==,type:str] - DATABASE_URL: null - SMTP_PASSWORD: ENC[AES256_GCM,data:kGne0ERfIBTpfv9r6TLZ/coYtk6xsvjXFQ==,iv:zhQwqdp1O60XlRum6Kye5VQPLxZHZ4aTKR6fZ1rK5Mo=,tag:LiDOXd1ahAGpA9JbV1ChGw==,type:str] + secrets: + enabled: ENC[AES256_GCM,data:Gv3Unw==,iv:pIls2F+alt1LfJIzfto+6YA4ih9KLBAzutd6Nz4uvlI=,tag:HUXRQI+vvN70eMsgNgeltw==,type:bool] + sensitive: ENC[AES256_GCM,data:/trLBA==,iv:w5IV1c7+d971WHLkhbi2jAT4smGUFNQjWXfAHjqMJtQ=,tag:GErKO9Mev/vNI8hVO0OCOg==,type:bool] + data: + SMTP_USERNAME: ENC[AES256_GCM,data:mxHg,iv:fnC9XmPBSoYg/SaezA9I7hUNcK16z0UyB0ujp8dOV/Q=,tag:Ude8TQ+m358upwTHW4g2vA==,type:str] + ADMIN_PASSWORD: ENC[AES256_GCM,data:arONfkxTVCKOrw4ehk1HGG2MOisfo1oZyw==,iv:T/MAUaHaIVL/oAuAMGwB4x4aNWrnjnvNvM7h4cgL0q0=,tag:F/GYyB1ZxFLxC32hKtsnSg==,type:str] + ADMIN_TOKEN: ENC[AES256_GCM,data:eiXun0SKGMichylKuyJPxRkO0nUbCb+ex1ABr4z/IM5CYgbptCW+b+Lw5BQB+Bf0OzcmX3d/GcwrJKXvbjBBelgMUZGXLfShB3M=,iv:git8/iNUeWPxwt/+1NT+rEoYz12hNUGPD6dg+gCyKTs=,tag:M2BqdsoitGIm3GeFBnG9/w==,type:str] + DATABASE_URL: null + SMTP_PASSWORD: ENC[AES256_GCM,data:KdFR+MmZyGsuHsItX8WNy6r5LXWMgUzJjg==,iv:89e34akVX23Nblm2FNd6u7lX2Z/Zigek8gdjdHD1PTE=,tag:BdpfhbsPHB08gfey80w6gw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZDNxQy9JRS9OcHArNXov - dVVJT1NhZmV1d05ZUFZmM1hBVDRCeE1IY2dJCjAyZW5CV0UvRGx5MG4zdGZKcEFP - cGpYc0drUitIeXhuYnlRSDNKbWFENncKLS0tIER3R3FxNGlNOW9VRHliNktQZHpG - UEc0R0h1OXhLdU5VNFEvaExMWXk1Q0UKBU1IZOnH3TpjFlaMVFz9QO9yyuG5Sm0b - YHqBxoO4FlFXAperIwpXojzIdNIC7CKnUUFN94fitNG+Lieto7ZqGw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-14T08:08:22Z" - mac: ENC[AES256_GCM,data:H7C2pN0IAc91M2LCGZefhdfeVetmt6jwxDQwQ8OPVrYXt69w4vFjeb801nKHNT6g2qV/WkLN5inHnP6EJoCS4/+ti8l814m/jmCXrNkK9mNJ9A00xc/p43WdxEtaktFORH0Y+mvS1ADrK/ghlIUjcvC0o1b1rVH8rkCjR1ql/Js=,iv:JOC8VGNj3ERRH0GRKFJ/RL1rOVfU6G98v+fsqBpvn2c=,tag:zoHGbt9p590qZfT4/8YTKA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OElmeTA4K1NZUncvRjI2 + YldLMHVhQVpKSWdwNHh6RnRZZmhSdC9wUlNzCnk5R2xrQzM4MlNxWFZuV0J5aHkv + VlNlSm02d1JQWlFuTG5USmlwQzdXancKLS0tIEFGSDRtc1pmMnVPWGhJR2NBU2xP + a2h1RE5XWmxxb05IZEU3c3VGaXRmeUUKmIgm5Apj8ipz/h8YYiz+ryVFSsjTCXMv + WWDuNLIhxO3inp6QgwWW1PhDjNWAn1uEULckyFAgDOdwp4Tof4A/ZQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-05T11:05:01Z" + mac: ENC[AES256_GCM,data:Sxc3HM0kCuNNRTn6R9kDWmzx+uJHjXi2245n4EwJBx3faX0WsH5I3ZZfjJl0fKLQJApEaN4i+vu/6fEWIfUrbbHfSLCQQDrj1OpXz0Yz+ett83JY+G41bjgWb316MYvuXp0zFlLsms54jCFMY3aV+ROIDXEGaEYncVwrbIXiJpk=,iv:wHi9wf1iiptgCiDD1yAtBw/xaOfymliihp7RyHg9J0M=,tag:uygWGbkgZyb/KZNCzxyPUg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/badhouseplants/values.stalwart.yaml b/values/badhouseplants/values.stalwart.yaml index b5d26ec..1ec68e7 100644 --- a/values/badhouseplants/values.stalwart.yaml +++ b/values/badhouseplants/values.stalwart.yaml @@ -101,7 +101,7 @@ traefik: files: config: enabled: true - sensitive: true + sensitive: false remove: [] entries: # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml @@ -170,11 +170,6 @@ files: bind = "[::]:8080" protocol = "http" hsts = true - permissive-cors = false - url = "protocol + '://' + key_get('default', 'hostname') + ':' + local_port" - use-x-forwarded = true - proxy.override = true - proxy.trusted-networks.0 = "192.168.0.0/16" [storage] data = "rocksdb" diff --git a/values/badhouseplants/values.traefik.yaml b/values/badhouseplants/values.traefik.yaml index 9cd826b..9bf827e 100644 --- a/values/badhouseplants/values.traefik.yaml +++ b/values/badhouseplants/values.traefik.yaml @@ -1,3 +1,6 @@ +service: + annotations: + service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" ports: websecure: transport: @@ -5,9 +8,13 @@ ports: readTimeout: 0 idleTimeout: 0 writeTimeout: 0 + forwardedHeaders: + trustedIPs: + - "192.168.0.0/16" proxyProtocol: trustedIPs: - "192.168.0.0/16" + insecure: true ssh: port: 22 expose: diff --git a/values/common/values.tcp-route.yaml b/values/common/values.tcp-route.yaml index 5331ede..c682a6b 100644 --- a/values/common/values.tcp-route.yaml +++ b/values/common/values.tcp-route.yaml @@ -1,20 +1,22 @@ ---- traefik: templates: - | - {{ range .Values.tcpRoutes }} - --- - apiVersion: traefik.io/v1alpha1 - kind: IngressRouteTCP - metadata: - name: {{ .name }} - spec: - entryPoints: - - {{ .entrypoint }} - routes: - - match: {{ .match }} - services: - - name: {{ .service }} - nativeLB: true - port: {{ .port }} - {{- end }} + {{ range .Values.tcpRoutes }} + --- + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ .name }} + spec: + entryPoints: + - {{ .entrypoint }} + routes: + - match: {{ .match }} + services: + - name: {{ .service }} + nativeLB: true + port: {{ .port }} + {{- if .proxyProtocolVersion }} + proxyProtocol: {{ .proxyProtocolVersion }} + {{- end }} + {{- end }} diff --git a/values/etersoft/secrets.db-instances.yaml b/values/etersoft/secrets.db-instances.yaml new file mode 100644 index 0000000..0454abb --- /dev/null +++ b/values/etersoft/secrets.db-instances.yaml @@ -0,0 +1,25 @@ +dbinstances: + postgres16: + secrets: + adminUser: ENC[AES256_GCM,data:rxSV97yqRDU=,iv:8gqGL14LDS2zKDlImdNPMYYX3J8epZvlytjOfuxSP2I=,tag:s95IsFyLj7oIy5Tm12oJZg==,type:str] + adminPassword: ENC[AES256_GCM,data:VgU22sobeBBdjxhth44Llugp,iv:Y2jTlURdgjc/rpydwu1YCEmZgVkRkuBytQmds2ZO3pk=,tag:Abxa+/m3a3L4xNwEFqqncw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubjJWVzg2ZitheWFhUlND + N05nYmlWUzdtVE4xT3NwMnVIbThLam1KQkRFCnA3a2FucS9sdFVHNnBUU285dGZz + dUZvT0xRZ1JLcnNTMVdrSnJBUkJzZW8KLS0tIHJoTlVYVmpjSDJob3RpOG45MEtx + NTBZb2pRNEM5TWJiRUkzWHRyVTdaUmcK9oYd7htT3Wt2HLUFGHQrBfiAfKUaFitr + UcBA/MXGcJt3Wq6Tw8ujNqQbDrftAd+sRWTO8rNqTGK02zXvkmu1sA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-05T10:54:18Z" + mac: ENC[AES256_GCM,data:tvfGmnwG8nJ/1r0OZBjuU3jCSsC4V1DqjqriARti51RA4AsRFodyl1QMbLoaHgwzLLqbe6Xy62n1EU/icgmiEdEbpBZ7kEuyQ0Q9M0mkZgQVrvF126Tdd11ylswO9imSknaWmvnb0nwj0ZV1daOCqF3NCl+HaP0NiTlCy18aP74=,iv:OYvQDBhxTDEmfBWXtcAluGX9sYGVj8Ki3mZXPVvpYwk=,tag:M7VgUVQoxVC63kGJol6DUA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/etersoft/secrets.postgres16.yaml b/values/etersoft/secrets.postgres16.yaml new file mode 100644 index 0000000..e1f8bbe --- /dev/null +++ b/values/etersoft/secrets.postgres16.yaml @@ -0,0 +1,24 @@ +global: + postgresql: + auth: + postgresPassword: ENC[AES256_GCM,data:4RQkD5bHyjMQjofzrmB3V45q,iv:JlD23SAhnU5Q+0xl3TAdOdkXJPTG+Awx7qRe8cH1HFo=,tag:KSnUQi0U2ydpigAgoZxFsg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1hzTUV3TzRFaHNTN3Fj + Tkh0TW1VNng0WkZNdXdsOVozMDZ5T25uQmgwCkhSWXViUkNsZnExV0c5UXFsd2R4 + ZjNYYUFDbnpYYkRQbHdQUDA3cHBxa28KLS0tIFR4MGVWK2o1TFZlQ1FRbkIza3F6 + UWc5NzVMVkQ4UDNlSzRidWNzSnFWWkkKfnTaKxZoBFCj2l4QfI/BvG0eGOFX/seF + DcpofYlg0hQFRSavqRjidLri1rzpOCdKlWh/h0nIRDFA7O55Q8QAnQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-05T10:53:47Z" + mac: ENC[AES256_GCM,data:ugdm5oICFj1nZtkUNdfamjuGjMOz8bWTKIsaOND31alQsTuvnHNT/GrVIKkiAwgXbP71nH8ecmv3Ossq/tt8OxpG5Hu5v3s1Dgl8fXNCRt8cR0INGJyeDYc9l1WDugNkNRhRV96udmDJewompcIxqPYECwfZHXYiWA7HMyIdlDk=,iv:1PgLX53dbD4JfpLnszMgH/pQBXvUimgJYZsw3leerBo=,tag:O5KBMenIG7/J5o+kiU/mGg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/etersoft/secrets.vaultwardentest.yaml b/values/etersoft/secrets.vaultwardentest.yaml index f834759..9a4b11f 100644 --- a/values/etersoft/secrets.vaultwardentest.yaml +++ b/values/etersoft/secrets.vaultwardentest.yaml @@ -1,30 +1,30 @@ env: - secrets: - enabled: ENC[AES256_GCM,data:2aJihg==,iv:VtJL8ubzBpuNCQWoJ04hrWB236svrXR4arUxvdlwLl0=,tag:Rz7vmAtywhOA/vaHEF2Vjw==,type:bool] - sensitive: ENC[AES256_GCM,data:SzwuZw==,iv:7BZl7KXrQ8UJWdCwPxALPMfNfYz3jZu3Ivn092Px69s=,tag:aGm6HO4dB1jEPaLhqCE1Cw==,type:bool] - data: - SMTP_USERNAME: ENC[AES256_GCM,data:og5bxhkNQfwvUkDKOt+2uQZz/N4Q4p8BLUro,iv:yWRuJ3wThNGvtycs5FwGMS8lIvDMJBDCtk2gg65TLko=,tag:LFmn3KymKXTaPYckYn6JCA==,type:str] - ADMIN_PASSWORD: ENC[AES256_GCM,data:rfJqM8eUghgDg07sEhO0hbpTwRQZJlKU56R9kOqBjTs4+VkGt7GWshrQx4L1BDEY8oE=,iv:U/ieTe261wjBm6GPtRsfwO/EFzo5hc0KbEoaY5A+7kk=,tag:oQTFk/YtgOkgllQomF/pPw==,type:str] - ADMIN_TOKEN: ENC[AES256_GCM,data:t2BKaqd+/xt5OJwCUjvgNH12jU5k7msjsSA9R6uiq+ynixzc9/u/lfGKh9dGRbjTKv+0b9pG7tWzJwDs3HtB53VGkiZ2dY90wrXrQa/yG+1D7DN3FQ==,iv:hPi87kBXmTX7SJOJvZAKqFSxvfegsLrbCKUwkV/79ds=,tag:DeTITUcd4MOIHDkSGcWjLQ==,type:str] - DATABASE_URL: null - SMTP_PASSWORD: ENC[AES256_GCM,data:Oh0s1kb9tHu5WYhMYxLVc1ql8ys=,iv:RdUp4bZac6qla+GYDeFM7SzpUMKmRxck5qJ/9l4L9Ik=,tag:7pHha/gm1Wuec2+FoRnMlg==,type:str] + secrets: + enabled: ENC[AES256_GCM,data:zzAqZw==,iv:eNmoXsT7ME8Ayq1+6SKVMAmNfMXbaCHhbpoIVSCMmEs=,tag:rXlJGUtPQm0ulut18xuEpQ==,type:bool] + sensitive: ENC[AES256_GCM,data:p+tT+Q==,iv:0W4zA1+9Q6eDx6OMAscdDc0GveZgo/zW6in/PdfZo5E=,tag:SBplDU0DWQHzS0zQbhlOmA==,type:bool] + data: + #ENC[AES256_GCM,data:lUhrHf0qCaIFA/03PexzwaG8BZPx4jJ1E7+D8RSusZsegYVEAcP13XkQ,iv:/aKm2fUtjUWb7zGipYLjFSoPv6JEhrt0lneEHcLY2vk=,tag:0TrN03ApXMyDLbghPU3lEw==,type:comment] + ADMIN_PASSWORD: ENC[AES256_GCM,data:NkRDv5wL9+q30cydrbxaG5kSkEjSVk1kj4H1OipjaWkSKR1gUyVfFcmd1NCWldDNAK8=,iv:i26l6IFjyHqHXVadTGBl3wKDtRyykTca20mNaItl6kM=,tag:iYDdkUBE0GorA+zhu1ogfg==,type:str] + ADMIN_TOKEN: ENC[AES256_GCM,data:3LzUfxviYj5PSsm9bUn7pkLdVR7ggFHToXKvKIEw61d1MY6Ph3qVMr32KKJlbwh25by/hUQgSa1/WxxJDbBWsMzP9PikTov6lwFzMMOS/DDBM9ctxw==,iv:9zDoNV+Gbij9N95tKLd7Aa5c63UswSIG0nauGLS39Jg=,tag:wZE8U1t6GEqt7Obj4mqWcA==,type:str] + DATABASE_URL: null + #ENC[AES256_GCM,data:/5YuWuePwRN26Y2mCmGqI2FeDzZnsEyucbj1TR8j2LoCmhE=,iv:GMB4Y6LMAodfF6ItU5cRffMSPZh/85VHuLWOSo5YXdc=,tag:/h4vqzl5ZBy4msVe96l4Uw==,type:comment] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtaUVMdEpNcUxncnRMZDlU - MW0wQndGVDF1SUtRTGczZDkxNVdZVmNJYTNrClJtQzYxWnkrc01VZmlVS1ZDTWw2 - K2lmYkdnWWtMNjFseG5qZmpzd0w2OFUKLS0tIHd6U1hnOVlsNVk2WkhIUUdSL1R4 - UUNVNkFkT2ZGbG1HbFJPRWNjL0N2ZUEKklrgeG4EmufgXzTr4sgGZLCzcedEA6eN - VC2XYbdO06L4QL7GteFlW+CHFXKn3QB8+nfiU+dNriXJmzMpYEUtPA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-14T08:08:21Z" - mac: ENC[AES256_GCM,data:SDZHIiaFpGYRSjLaiKRtQOXRvuH7K7J42O7BV0eSA0XEMdjy6i/nx8uRyWmF2uApyfXaptxT9gO60snZ24+ox890L0KtLE/qt2r6omyRR4Jn8vGfh1WQQHiFjWj/q6NDkKH9yItgrE1zOPKs2sMLjaxmWdcIpPVq/ZxehWfDyAs=,iv:zUKpJYpVok3qKM+aq6qizCHIHGNiKHMhtrGnRyumJ20=,tag:n4N6iueXTLS54IZnrrNfEg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRHYvUG9ybVdOUk56alc1 + VFUrS1lxT0srSG1uRldVUkZxY0NDaDZFUFJRCklsejBiNm9pelZYRTdlTGcvMSta + TS9lMElyMGJCa1pPN0J0amxDOFlQbGsKLS0tIE1mYlpwZEhES2Zrdk84UExjeXlz + akQ2M3NTc2hDRCt0OFJMMmVKZzg5UXMKqFkcNzqp9uhVu67/APA5XbqMVzv4RegS + at9pmPCxTlWQoPjzGtuF+l7J5lkS2KrU0wROC62AggnmEY1dMOSzqw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-06T09:06:31Z" + mac: ENC[AES256_GCM,data:uDSzjE3cnkzY2ADj/v6PkaB4XVla9+N5J7H/+b7Erc9cSdbV7utvBjhxDeMpnrurO10mNDtvgPEJ00e/bDz4Ru3tl6OXSeY9lvvKZTHi69i5e8naX6t6M2xv7rKyLe8gw5GzwSGfKGpsJeTKsUuKN2tAcoy23THC1Mauulj6G2A=,iv:85JA9+1rps4OUzFrXsy0e/NS0SZPfYpPHP0hjy/uCRQ=,tag:K/Oj9TyQIJXvuo6gwPzzRw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/etersoft/values.db-instances.yaml b/values/etersoft/values.db-instances.yaml new file mode 100644 index 0000000..143523d --- /dev/null +++ b/values/etersoft/values.db-instances.yaml @@ -0,0 +1,11 @@ +dbinstances: + postgres16: + monitoring: + enabled: false + adminSecretRef: + Name: postgres16-secret + Namespace: databases + engine: postgres + generic: + host: postgres16-postgresql.databases.svc.cluster.local + port: 5432 diff --git a/values/etersoft/values.minio.yaml b/values/etersoft/values.minio.yaml index 8fae75c..f523db0 100644 --- a/values/etersoft/values.minio.yaml +++ b/values/etersoft/values.minio.yaml @@ -46,7 +46,7 @@ persistence: storageClass: local-path enabled: true accessMode: ReadWriteOnce - size: 10Gi + size: 40Gi service: type: ClusterIP clusterIP: ~ @@ -62,7 +62,7 @@ buckets: - name: velero policy: none purge: false - versioning: fase + versioning: false metrics: serviceMonitor: enabled: false diff --git a/values/etersoft/values.postgres16.yaml b/values/etersoft/values.postgres16.yaml new file mode 100644 index 0000000..bfbdf47 --- /dev/null +++ b/values/etersoft/values.postgres16.yaml @@ -0,0 +1,36 @@ +architecture: standalone + +auth: + database: postgres + +metrics: + enabled: false +primary: + persistence: + size: 2Gi + annotations: + volume.kubernetes.io/selected-node: yekaterinburg + resources: + limits: + ephemeral-storage: 1Gi + memory: 512Mi + requests: + cpu: 512m + ephemeral-storage: 50Mi + memory: 128Mi + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsNonRoot: false + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" diff --git a/values/etersoft/values.vaultwardentest.yaml b/values/etersoft/values.vaultwardentest.yaml index b55265d..be79d60 100644 --- a/values/etersoft/values.vaultwardentest.yaml +++ b/values/etersoft/values.vaultwardentest.yaml @@ -1,3 +1,11 @@ +shortcuts: + hostname: vaulttest.badhouseplants.net +ext-database: + enabled: true + name: vaultwardentest-postgres16 + instance: postgres16 + credentials: + DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}" workload: kind: Deployment strategy: @@ -14,6 +22,8 @@ workload: envFrom: - environment - secrets + - secretRef: + name: vaultwardentest-postgres16-creds ingress: main: class: traefik @@ -55,15 +65,15 @@ env: sensitive: false data: DOMAIN: https://vaulttest.badhouseplants.net - SMTP_HOST: mail.badhouseplants.net - SMTP_SECURITY: "starttls" - SMTP_PORT: 587 - SMTP_FROM: vaulttest@badhouseplants.net - SMTP_FROM_NAME: Vault Warden - SMTP_AUTH_MECHANISM: "Plain" - SMTP_ACCEPT_INVALID_HOSTNAMES: "false" - SMTP_ACCEPT_INVALID_CERTS: "false" - SMTP_DEBUG: false + #SMTP_HOST: mail.badhouseplants.net + #SMTP_SECURITY: "starttls" + #SMTP_PORT: 587 + #SMTP_FROM: vaulttest@badhouseplants.net + #SMTP_FROM_NAME: Vault Warden + #SMTP_AUTH_MECHANISM: "Plain" + #SMTP_ACCEPT_INVALID_HOSTNAMES: "false" + #SMTP_ACCEPT_INVALID_CERTS: "false" + #SMTP_DEBUG: false DATA_FOLDER: /app/data/ ROCKET_PORT: 8080 SHOW_PASSWORD_HINT: true @@ -73,7 +83,7 @@ env: SIGNUPS_VERIFY: false WEB_VAULT_ENABLED: true LOG_FILE: /app/logs/log.txt - LOG_LEVEL: info + LOG_LEVEL: debug DB_CONNECTION_RETRIES: 10 DATABASE_MAX_CONNS: 10 ORG_GROUPS_ENABLED: true