Add postgres to etersoft

This commit is contained in:
Nikolai Rodionov 2024-11-07 10:09:56 +01:00
parent 2f524131dd
commit c2ec134d2b
No known key found for this signature in database
GPG Key ID: 0639A45505F3BFA6
16 changed files with 220 additions and 98 deletions

View File

@ -12,7 +12,9 @@ environments:
enabled: false enabled: false
- openebs: - openebs:
enabled: true enabled: true
- postgres: - postgres17:
enabled: true
- postgres16:
enabled: true enabled: true
- redis: - redis:
enabled: true enabled: true
@ -29,7 +31,9 @@ environments:
enabled: false enabled: false
- localpath: - localpath:
enabled: true enabled: true
- postgres: - postgres17:
enabled: false enabled: false
- redis: - redis:
enabled: false enabled: false
- postgres16:
enabled: true

View File

@ -109,3 +109,12 @@ releases:
- template: default-env-values - template: default-env-values
- template: ext-tcp-routes - template: ext-tcp-routes
- template: ext-cilium - template: ext-cilium
- name: vaultwardentest
chart: allangers-charts/vaultwarden
version: 2.4.0
namespace: applications
installed: false
inherit:
- template: default-env-values
- template: default-env-secrets
- template: ext-database

View File

@ -26,11 +26,12 @@ releases:
- template: ext-traefik-middleware - template: ext-traefik-middleware
- name: vaultwardentest - name: vaultwardentest
chart: allangers-charts/vaultwarden chart: allangers-charts/vaultwarden
version: 2.3.0 version: 2.4.0
namespace: applications namespace: applications
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-database
- name: tf-ocloud - name: tf-ocloud
chart: ../../charts/tf-ocloud chart: ../../charts/tf-ocloud
namespace: pipelines namespace: pipelines

View File

@ -20,7 +20,7 @@ releases:
bundle: postgres bundle: postgres
namespace: databases namespace: databases
chart: bitnami/postgresql chart: bitnami/postgresql
condition: postgres.enabled condition: postgres16.enabled
version: 15.5.38 version: 15.5.38
inherit: inherit:
- template: default-env-values - template: default-env-values
@ -30,7 +30,7 @@ releases:
bundle: postgres bundle: postgres
namespace: databases namespace: databases
chart: bitnami/postgresql chart: bitnami/postgresql
condition: postgres.enabled condition: postgres17.enabled
version: 16.0.6 version: 16.0.6
inherit: inherit:
- template: default-env-values - template: default-env-values

View File

@ -26,13 +26,11 @@ releases:
- name: db-operator - name: db-operator
namespace: platform namespace: platform
chart: db-operator/db-operator chart: db-operator/db-operator
condition: workload.enabled
version: 1.29.0 version: 1.29.0
- name: db-instances - name: db-instances
chart: db-operator/db-instances chart: db-operator/db-instances
namespace: platform namespace: platform
condition: workload.enabled
needs: needs:
- platform/db-operator - platform/db-operator
version: 2.4.0 version: 2.4.0

View File

@ -1,30 +1,30 @@
env: env:
secrets: secrets:
enabled: ENC[AES256_GCM,data:p8ATew==,iv:dP7WATC+Fm0dfP7hlEHdVPOo8ErsbiB+5YPgQzXV/Ss=,tag:iVnFW7Q74vo1CJ0I1tt+4g==,type:bool] enabled: ENC[AES256_GCM,data:Gv3Unw==,iv:pIls2F+alt1LfJIzfto+6YA4ih9KLBAzutd6Nz4uvlI=,tag:HUXRQI+vvN70eMsgNgeltw==,type:bool]
sensitive: ENC[AES256_GCM,data:dyb+SQ==,iv:ZkrLnt6yOtv8fd1qy+HIlbNcHT8aDmIU3S82WM/SePs=,tag:iPVbwIDHHDek97k58mgIZw==,type:bool] sensitive: ENC[AES256_GCM,data:/trLBA==,iv:w5IV1c7+d971WHLkhbi2jAT4smGUFNQjWXfAHjqMJtQ=,tag:GErKO9Mev/vNI8hVO0OCOg==,type:bool]
data: data:
SMTP_USERNAME: ENC[AES256_GCM,data:26jN,iv:ASzEihTqVCn6XerFqAb/khSa+aTauTh0+OiJMoNmvsI=,tag:n8g47XIOOLkbBSUERsyx3A==,type:str] SMTP_USERNAME: ENC[AES256_GCM,data:mxHg,iv:fnC9XmPBSoYg/SaezA9I7hUNcK16z0UyB0ujp8dOV/Q=,tag:Ude8TQ+m358upwTHW4g2vA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:FOHowPJxX6b2i4Kr3DwJOjX7mzzq1Mp/mw==,iv:DrXQihNeT7jP23PhuuYAXCviYPD9+N+ZUp1hCxgPneY=,tag:WsmTl30sNMIMou23SGaunQ==,type:str] ADMIN_PASSWORD: ENC[AES256_GCM,data:arONfkxTVCKOrw4ehk1HGG2MOisfo1oZyw==,iv:T/MAUaHaIVL/oAuAMGwB4x4aNWrnjnvNvM7h4cgL0q0=,tag:F/GYyB1ZxFLxC32hKtsnSg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:ZWuys8umG5dqer/I5SmZCYQFB5FolA8jkXWgJvW5X/CIDEZlPxnL+nojSxhmdLTkVy7Yo0mgCC93WOjtPqPvZ+42SEVfKIgBKRM=,iv:nnb7peQioiB8drt2trcQjX13j471EJNARtQbXuJVvaw=,tag:fIAmV5R7BstW33zttKanRA==,type:str] ADMIN_TOKEN: ENC[AES256_GCM,data:eiXun0SKGMichylKuyJPxRkO0nUbCb+ex1ABr4z/IM5CYgbptCW+b+Lw5BQB+Bf0OzcmX3d/GcwrJKXvbjBBelgMUZGXLfShB3M=,iv:git8/iNUeWPxwt/+1NT+rEoYz12hNUGPD6dg+gCyKTs=,tag:M2BqdsoitGIm3GeFBnG9/w==,type:str]
DATABASE_URL: null DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:kGne0ERfIBTpfv9r6TLZ/coYtk6xsvjXFQ==,iv:zhQwqdp1O60XlRum6Kye5VQPLxZHZ4aTKR6fZ1rK5Mo=,tag:LiDOXd1ahAGpA9JbV1ChGw==,type:str] SMTP_PASSWORD: ENC[AES256_GCM,data:KdFR+MmZyGsuHsItX8WNy6r5LXWMgUzJjg==,iv:89e34akVX23Nblm2FNd6u7lX2Z/Zigek8gdjdHD1PTE=,tag:BdpfhbsPHB08gfey80w6gw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZDNxQy9JRS9OcHArNXov YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OElmeTA4K1NZUncvRjI2
dVVJT1NhZmV1d05ZUFZmM1hBVDRCeE1IY2dJCjAyZW5CV0UvRGx5MG4zdGZKcEFP YldLMHVhQVpKSWdwNHh6RnRZZmhSdC9wUlNzCnk5R2xrQzM4MlNxWFZuV0J5aHkv
cGpYc0drUitIeXhuYnlRSDNKbWFENncKLS0tIER3R3FxNGlNOW9VRHliNktQZHpG VlNlSm02d1JQWlFuTG5USmlwQzdXancKLS0tIEFGSDRtc1pmMnVPWGhJR2NBU2xP
UEc0R0h1OXhLdU5VNFEvaExMWXk1Q0UKBU1IZOnH3TpjFlaMVFz9QO9yyuG5Sm0b a2h1RE5XWmxxb05IZEU3c3VGaXRmeUUKmIgm5Apj8ipz/h8YYiz+ryVFSsjTCXMv
YHqBxoO4FlFXAperIwpXojzIdNIC7CKnUUFN94fitNG+Lieto7ZqGw== WWDuNLIhxO3inp6QgwWW1PhDjNWAn1uEULckyFAgDOdwp4Tof4A/ZQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z" lastmodified: "2024-11-05T11:05:01Z"
mac: ENC[AES256_GCM,data:H7C2pN0IAc91M2LCGZefhdfeVetmt6jwxDQwQ8OPVrYXt69w4vFjeb801nKHNT6g2qV/WkLN5inHnP6EJoCS4/+ti8l814m/jmCXrNkK9mNJ9A00xc/p43WdxEtaktFORH0Y+mvS1ADrK/ghlIUjcvC0o1b1rVH8rkCjR1ql/Js=,iv:JOC8VGNj3ERRH0GRKFJ/RL1rOVfU6G98v+fsqBpvn2c=,tag:zoHGbt9p590qZfT4/8YTKA==,type:str] mac: ENC[AES256_GCM,data:Sxc3HM0kCuNNRTn6R9kDWmzx+uJHjXi2245n4EwJBx3faX0WsH5I3ZZfjJl0fKLQJApEaN4i+vu/6fEWIfUrbbHfSLCQQDrj1OpXz0Yz+ett83JY+G41bjgWb316MYvuXp0zFlLsms54jCFMY3aV+ROIDXEGaEYncVwrbIXiJpk=,iv:wHi9wf1iiptgCiDD1yAtBw/xaOfymliihp7RyHg9J0M=,tag:uygWGbkgZyb/KZNCzxyPUg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

View File

@ -101,7 +101,7 @@ traefik:
files: files:
config: config:
enabled: true enabled: true
sensitive: true sensitive: false
remove: [] remove: []
entries: entries:
# Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
@ -170,11 +170,6 @@ files:
bind = "[::]:8080" bind = "[::]:8080"
protocol = "http" protocol = "http"
hsts = true hsts = true
permissive-cors = false
url = "protocol + '://' + key_get('default', 'hostname') + ':' + local_port"
use-x-forwarded = true
proxy.override = true
proxy.trusted-networks.0 = "192.168.0.0/16"
[storage] [storage]
data = "rocksdb" data = "rocksdb"

View File

@ -1,3 +1,6 @@
service:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
ports: ports:
websecure: websecure:
transport: transport:
@ -5,9 +8,13 @@ ports:
readTimeout: 0 readTimeout: 0
idleTimeout: 0 idleTimeout: 0
writeTimeout: 0 writeTimeout: 0
forwardedHeaders:
trustedIPs:
- "192.168.0.0/16"
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "192.168.0.0/16" - "192.168.0.0/16"
insecure: true
ssh: ssh:
port: 22 port: 22
expose: expose:

View File

@ -1,20 +1,22 @@
---
traefik: traefik:
templates: templates:
- | - |
{{ range .Values.tcpRoutes }} {{ range .Values.tcpRoutes }}
--- ---
apiVersion: traefik.io/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP kind: IngressRouteTCP
metadata: metadata:
name: {{ .name }} name: {{ .name }}
spec: spec:
entryPoints: entryPoints:
- {{ .entrypoint }} - {{ .entrypoint }}
routes: routes:
- match: {{ .match }} - match: {{ .match }}
services: services:
- name: {{ .service }} - name: {{ .service }}
nativeLB: true nativeLB: true
port: {{ .port }} port: {{ .port }}
{{- end }} {{- if .proxyProtocolVersion }}
proxyProtocol: {{ .proxyProtocolVersion }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,25 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:rxSV97yqRDU=,iv:8gqGL14LDS2zKDlImdNPMYYX3J8epZvlytjOfuxSP2I=,tag:s95IsFyLj7oIy5Tm12oJZg==,type:str]
adminPassword: ENC[AES256_GCM,data:VgU22sobeBBdjxhth44Llugp,iv:Y2jTlURdgjc/rpydwu1YCEmZgVkRkuBytQmds2ZO3pk=,tag:Abxa+/m3a3L4xNwEFqqncw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubjJWVzg2ZitheWFhUlND
N05nYmlWUzdtVE4xT3NwMnVIbThLam1KQkRFCnA3a2FucS9sdFVHNnBUU285dGZz
dUZvT0xRZ1JLcnNTMVdrSnJBUkJzZW8KLS0tIHJoTlVYVmpjSDJob3RpOG45MEtx
NTBZb2pRNEM5TWJiRUkzWHRyVTdaUmcK9oYd7htT3Wt2HLUFGHQrBfiAfKUaFitr
UcBA/MXGcJt3Wq6Tw8ujNqQbDrftAd+sRWTO8rNqTGK02zXvkmu1sA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-05T10:54:18Z"
mac: ENC[AES256_GCM,data:tvfGmnwG8nJ/1r0OZBjuU3jCSsC4V1DqjqriARti51RA4AsRFodyl1QMbLoaHgwzLLqbe6Xy62n1EU/icgmiEdEbpBZ7kEuyQ0Q9M0mkZgQVrvF126Tdd11ylswO9imSknaWmvnb0nwj0ZV1daOCqF3NCl+HaP0NiTlCy18aP74=,iv:OYvQDBhxTDEmfBWXtcAluGX9sYGVj8Ki3mZXPVvpYwk=,tag:M7VgUVQoxVC63kGJol6DUA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:4RQkD5bHyjMQjofzrmB3V45q,iv:JlD23SAhnU5Q+0xl3TAdOdkXJPTG+Awx7qRe8cH1HFo=,tag:KSnUQi0U2ydpigAgoZxFsg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1hzTUV3TzRFaHNTN3Fj
Tkh0TW1VNng0WkZNdXdsOVozMDZ5T25uQmgwCkhSWXViUkNsZnExV0c5UXFsd2R4
ZjNYYUFDbnpYYkRQbHdQUDA3cHBxa28KLS0tIFR4MGVWK2o1TFZlQ1FRbkIza3F6
UWc5NzVMVkQ4UDNlSzRidWNzSnFWWkkKfnTaKxZoBFCj2l4QfI/BvG0eGOFX/seF
DcpofYlg0hQFRSavqRjidLri1rzpOCdKlWh/h0nIRDFA7O55Q8QAnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-05T10:53:47Z"
mac: ENC[AES256_GCM,data:ugdm5oICFj1nZtkUNdfamjuGjMOz8bWTKIsaOND31alQsTuvnHNT/GrVIKkiAwgXbP71nH8ecmv3Ossq/tt8OxpG5Hu5v3s1Dgl8fXNCRt8cR0INGJyeDYc9l1WDugNkNRhRV96udmDJewompcIxqPYECwfZHXYiWA7HMyIdlDk=,iv:1PgLX53dbD4JfpLnszMgH/pQBXvUimgJYZsw3leerBo=,tag:O5KBMenIG7/J5o+kiU/mGg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View File

@ -1,30 +1,30 @@
env: env:
secrets: secrets:
enabled: ENC[AES256_GCM,data:2aJihg==,iv:VtJL8ubzBpuNCQWoJ04hrWB236svrXR4arUxvdlwLl0=,tag:Rz7vmAtywhOA/vaHEF2Vjw==,type:bool] enabled: ENC[AES256_GCM,data:zzAqZw==,iv:eNmoXsT7ME8Ayq1+6SKVMAmNfMXbaCHhbpoIVSCMmEs=,tag:rXlJGUtPQm0ulut18xuEpQ==,type:bool]
sensitive: ENC[AES256_GCM,data:SzwuZw==,iv:7BZl7KXrQ8UJWdCwPxALPMfNfYz3jZu3Ivn092Px69s=,tag:aGm6HO4dB1jEPaLhqCE1Cw==,type:bool] sensitive: ENC[AES256_GCM,data:p+tT+Q==,iv:0W4zA1+9Q6eDx6OMAscdDc0GveZgo/zW6in/PdfZo5E=,tag:SBplDU0DWQHzS0zQbhlOmA==,type:bool]
data: data:
SMTP_USERNAME: ENC[AES256_GCM,data:og5bxhkNQfwvUkDKOt+2uQZz/N4Q4p8BLUro,iv:yWRuJ3wThNGvtycs5FwGMS8lIvDMJBDCtk2gg65TLko=,tag:LFmn3KymKXTaPYckYn6JCA==,type:str] #ENC[AES256_GCM,data:lUhrHf0qCaIFA/03PexzwaG8BZPx4jJ1E7+D8RSusZsegYVEAcP13XkQ,iv:/aKm2fUtjUWb7zGipYLjFSoPv6JEhrt0lneEHcLY2vk=,tag:0TrN03ApXMyDLbghPU3lEw==,type:comment]
ADMIN_PASSWORD: ENC[AES256_GCM,data:rfJqM8eUghgDg07sEhO0hbpTwRQZJlKU56R9kOqBjTs4+VkGt7GWshrQx4L1BDEY8oE=,iv:U/ieTe261wjBm6GPtRsfwO/EFzo5hc0KbEoaY5A+7kk=,tag:oQTFk/YtgOkgllQomF/pPw==,type:str] ADMIN_PASSWORD: ENC[AES256_GCM,data:NkRDv5wL9+q30cydrbxaG5kSkEjSVk1kj4H1OipjaWkSKR1gUyVfFcmd1NCWldDNAK8=,iv:i26l6IFjyHqHXVadTGBl3wKDtRyykTca20mNaItl6kM=,tag:iYDdkUBE0GorA+zhu1ogfg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:t2BKaqd+/xt5OJwCUjvgNH12jU5k7msjsSA9R6uiq+ynixzc9/u/lfGKh9dGRbjTKv+0b9pG7tWzJwDs3HtB53VGkiZ2dY90wrXrQa/yG+1D7DN3FQ==,iv:hPi87kBXmTX7SJOJvZAKqFSxvfegsLrbCKUwkV/79ds=,tag:DeTITUcd4MOIHDkSGcWjLQ==,type:str] ADMIN_TOKEN: ENC[AES256_GCM,data:3LzUfxviYj5PSsm9bUn7pkLdVR7ggFHToXKvKIEw61d1MY6Ph3qVMr32KKJlbwh25by/hUQgSa1/WxxJDbBWsMzP9PikTov6lwFzMMOS/DDBM9ctxw==,iv:9zDoNV+Gbij9N95tKLd7Aa5c63UswSIG0nauGLS39Jg=,tag:wZE8U1t6GEqt7Obj4mqWcA==,type:str]
DATABASE_URL: null DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:Oh0s1kb9tHu5WYhMYxLVc1ql8ys=,iv:RdUp4bZac6qla+GYDeFM7SzpUMKmRxck5qJ/9l4L9Ik=,tag:7pHha/gm1Wuec2+FoRnMlg==,type:str] #ENC[AES256_GCM,data:/5YuWuePwRN26Y2mCmGqI2FeDzZnsEyucbj1TR8j2LoCmhE=,iv:GMB4Y6LMAodfF6ItU5cRffMSPZh/85VHuLWOSo5YXdc=,tag:/h4vqzl5ZBy4msVe96l4Uw==,type:comment]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtaUVMdEpNcUxncnRMZDlU YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRHYvUG9ybVdOUk56alc1
MW0wQndGVDF1SUtRTGczZDkxNVdZVmNJYTNrClJtQzYxWnkrc01VZmlVS1ZDTWw2 VFUrS1lxT0srSG1uRldVUkZxY0NDaDZFUFJRCklsejBiNm9pelZYRTdlTGcvMSta
K2lmYkdnWWtMNjFseG5qZmpzd0w2OFUKLS0tIHd6U1hnOVlsNVk2WkhIUUdSL1R4 TS9lMElyMGJCa1pPN0J0amxDOFlQbGsKLS0tIE1mYlpwZEhES2Zrdk84UExjeXlz
UUNVNkFkT2ZGbG1HbFJPRWNjL0N2ZUEKklrgeG4EmufgXzTr4sgGZLCzcedEA6eN akQ2M3NTc2hDRCt0OFJMMmVKZzg5UXMKqFkcNzqp9uhVu67/APA5XbqMVzv4RegS
VC2XYbdO06L4QL7GteFlW+CHFXKn3QB8+nfiU+dNriXJmzMpYEUtPA== at9pmPCxTlWQoPjzGtuF+l7J5lkS2KrU0wROC62AggnmEY1dMOSzqw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:21Z" lastmodified: "2024-11-06T09:06:31Z"
mac: ENC[AES256_GCM,data:SDZHIiaFpGYRSjLaiKRtQOXRvuH7K7J42O7BV0eSA0XEMdjy6i/nx8uRyWmF2uApyfXaptxT9gO60snZ24+ox890L0KtLE/qt2r6omyRR4Jn8vGfh1WQQHiFjWj/q6NDkKH9yItgrE1zOPKs2sMLjaxmWdcIpPVq/ZxehWfDyAs=,iv:zUKpJYpVok3qKM+aq6qizCHIHGNiKHMhtrGnRyumJ20=,tag:n4N6iueXTLS54IZnrrNfEg==,type:str] mac: ENC[AES256_GCM,data:uDSzjE3cnkzY2ADj/v6PkaB4XVla9+N5J7H/+b7Erc9cSdbV7utvBjhxDeMpnrurO10mNDtvgPEJ00e/bDz4Ru3tl6OXSeY9lvvKZTHi69i5e8naX6t6M2xv7rKyLe8gw5GzwSGfKGpsJeTKsUuKN2tAcoy23THC1Mauulj6G2A=,iv:85JA9+1rps4OUzFrXsy0e/NS0SZPfYpPHP0hjy/uCRQ=,tag:K/Oj9TyQIJXvuo6gwPzzRw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

View File

@ -0,0 +1,11 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432

View File

@ -46,7 +46,7 @@ persistence:
storageClass: local-path storageClass: local-path
enabled: true enabled: true
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 40Gi
service: service:
type: ClusterIP type: ClusterIP
clusterIP: ~ clusterIP: ~
@ -62,7 +62,7 @@ buckets:
- name: velero - name: velero
policy: none policy: none
purge: false purge: false
versioning: fase versioning: false
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: false enabled: false

View File

@ -0,0 +1,36 @@
architecture: standalone
auth:
database: postgres
metrics:
enabled: false
primary:
persistence:
size: 2Gi
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

View File

@ -1,3 +1,11 @@
shortcuts:
hostname: vaulttest.badhouseplants.net
ext-database:
enabled: true
name: vaultwardentest-postgres16
instance: postgres16
credentials:
DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}"
workload: workload:
kind: Deployment kind: Deployment
strategy: strategy:
@ -14,6 +22,8 @@ workload:
envFrom: envFrom:
- environment - environment
- secrets - secrets
- secretRef:
name: vaultwardentest-postgres16-creds
ingress: ingress:
main: main:
class: traefik class: traefik
@ -55,15 +65,15 @@ env:
sensitive: false sensitive: false
data: data:
DOMAIN: https://vaulttest.badhouseplants.net DOMAIN: https://vaulttest.badhouseplants.net
SMTP_HOST: mail.badhouseplants.net #SMTP_HOST: mail.badhouseplants.net
SMTP_SECURITY: "starttls" #SMTP_SECURITY: "starttls"
SMTP_PORT: 587 #SMTP_PORT: 587
SMTP_FROM: vaulttest@badhouseplants.net #SMTP_FROM: vaulttest@badhouseplants.net
SMTP_FROM_NAME: Vault Warden #SMTP_FROM_NAME: Vault Warden
SMTP_AUTH_MECHANISM: "Plain" #SMTP_AUTH_MECHANISM: "Plain"
SMTP_ACCEPT_INVALID_HOSTNAMES: "false" #SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
SMTP_ACCEPT_INVALID_CERTS: "false" #SMTP_ACCEPT_INVALID_CERTS: "false"
SMTP_DEBUG: false #SMTP_DEBUG: false
DATA_FOLDER: /app/data/ DATA_FOLDER: /app/data/
ROCKET_PORT: 8080 ROCKET_PORT: 8080
SHOW_PASSWORD_HINT: true SHOW_PASSWORD_HINT: true
@ -73,7 +83,7 @@ env:
SIGNUPS_VERIFY: false SIGNUPS_VERIFY: false
WEB_VAULT_ENABLED: true WEB_VAULT_ENABLED: true
LOG_FILE: /app/logs/log.txt LOG_FILE: /app/logs/log.txt
LOG_LEVEL: info LOG_LEVEL: debug
DB_CONNECTION_RETRIES: 10 DB_CONNECTION_RETRIES: 10
DATABASE_MAX_CONNS: 10 DATABASE_MAX_CONNS: 10
ORG_GROUPS_ENABLED: true ORG_GROUPS_ENABLED: true