badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

A big refactoring and postgres17 init

Browse Source
This commit is contained in:
Nikolai Rodionov 2024-10-30 21:03:58 +01:00
parent 839d9e8b39
commit ef44fa6fab
No known key found for this signature in database
GPG Key ID: 0AA46A90E25592AD
19 changed files with 245 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/environments.yaml
View File

@ -12,6 +12,10 @@ environments:
enabled: false enabled: false
- openebs: - openebs:
enabled: true enabled: true
- postgres:
enabled: true
- redis:
enabled: true
etersoft: etersoft:
kubeContext: etersoft kubeContext: etersoft
values: values:
@ -25,3 +29,7 @@ environments:
enabled: false enabled: false
- localpath: - localpath:
enabled: true enabled: true
- postgres:
enabled: false
- redis:
enabled: false

14
common/extensions/metallb.yaml Normal file
View File

@ -0,0 +1,14 @@
metallb:
templates:
- |
{{ range .Values.ippools }}
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ .name }}
spec:
addresses:
- {{ .addresses }}
{{ end }}

2
common/templates.yaml
View File

@ -88,7 +88,7 @@ templates:
version: 2.0.0 version: 2.0.0
alias: metallb alias: metallb
values: values:
- '{{ requiredEnv "PWD" }}/values/common/values.metallb.yaml' - '{{ requiredEnv "PWD" }}/common/extensions/metallb.yaml'
service-monitor: service-monitor:
dependencies: dependencies:
- chart: bedag/raw - chart: bedag/raw

16
installations/databases/helmfile.yaml
View File

@ -7,17 +7,10 @@ repositories:
- name: bedag - name: bedag
url: https://bedag.github.io/helm-charts/ url: https://bedag.github.io/helm-charts/
releases: releases:
- name: mariadb
chart: bitnami/mariadb
namespace: databases
installed: false
version: 19.1.0
inherit:
- template: default-env-values
- template: default-env-secrets
- name: redis - name: redis
chart: bitnami/redis chart: bitnami/redis
namespace: databases namespace: databases
condition: redis.enabled
version: 20.2.1 version: 20.2.1
inherit: inherit:
- template: default-env-values - template: default-env-values
@ -27,17 +20,18 @@ releases:
bundle: postgres bundle: postgres
namespace: databases namespace: databases
chart: bitnami/postgresql chart: bitnami/postgresql
condition: postgres.enabled
version: 15.5.38 version: 15.5.38
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: postgres16-gitea - name: postgres17
labels: labels:
bundle: postgres bundle: postgres
installed: false
namespace: databases namespace: databases
chart: bitnami/postgresql chart: bitnami/postgresql
version: 15.5.38 condition: postgres.enabled
version: 16.0.6
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets

27
installations/platform/helmfile.yaml
View File

@ -1,6 +1,7 @@
bases: bases:
- ../../common/environments.yaml - ../../common/environments.yaml
- ../../common/templates.yaml - ../../common/templates.yaml
repositories: repositories:
- name: argo - name: argo
url: https://argoproj.github.io/argo-helm url: https://argoproj.github.io/argo-helm
@ -20,21 +21,14 @@ repositories:
url: https://kyverno.github.io/kyverno/ url: https://kyverno.github.io/kyverno/
- name: external-dns - name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/ url: https://kubernetes-sigs.github.io/external-dns/
releases: releases:
- name: argocd
chart: argo/argo-cd
namespace: platform
condition: workload.enabled
installed: false
version: 7.6.12
inherit:
- template: default-env-values
- template: default-env-secrets
- name: db-operator - name: db-operator
namespace: platform namespace: platform
chart: db-operator/db-operator chart: db-operator/db-operator
condition: workload.enabled condition: workload.enabled
version: 1.29.0 version: 1.29.0
- name: db-instances - name: db-instances
chart: db-operator/db-instances chart: db-operator/db-instances
namespace: platform namespace: platform
@ -45,6 +39,7 @@ releases:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: zot - name: zot
chart: zot/zot chart: zot/zot
version: 0.1.63 version: 0.1.63
@ -55,14 +50,7 @@ releases:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: crossplane
chart: crossplane-stable/crossplane
installed: false
version: 1.17.2
namespace: platform
condition: workload.enabled
inherit:
- template: default-env-values
- name: authentik - name: authentik
chart: goauthentik/authentik chart: goauthentik/authentik
version: 2024.8.3 version: 2024.8.3
@ -75,6 +63,7 @@ releases:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-database - template: ext-database
- name: minio - name: minio
chart: minio-standalone/minio chart: minio-standalone/minio
version: 5.3.0 version: 5.3.0
@ -82,6 +71,7 @@ releases:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: kyverno - name: kyverno
chart: kyverno/kyverno chart: kyverno/kyverno
namespace: kyverno namespace: kyverno
@ -89,6 +79,7 @@ releases:
labels: labels:
bootstrap: true bootstrap: true
version: 3.3.0 version: 3.3.0
- name: kyverno-policies - name: kyverno-policies
chart: kyverno/kyverno-policies chart: kyverno/kyverno-policies
namespace: kyverno namespace: kyverno
@ -98,6 +89,7 @@ releases:
version: 3.2.6 version: 3.2.6
needs: needs:
- kyverno/kyverno - kyverno/kyverno
- name: custom-kyverno-policies - name: custom-kyverno-policies
chart: ../../kustomizations/kyverno/ chart: ../../kustomizations/kyverno/
namespace: kyverno namespace: kyverno
@ -106,6 +98,7 @@ releases:
bootstrap: true bootstrap: true
needs: needs:
- kyverno/kyverno - kyverno/kyverno
- name: external-dns - name: external-dns
chart: external-dns/external-dns chart: external-dns/external-dns
version: 1.15.0 version: 1.15.0

30
installations/system/helmfile.yaml
View File

@ -1,13 +1,14 @@
bases: bases:
- ../../common/environments.yaml - ../../common/environments.yaml
- ../../common/templates.yaml - ../../common/templates.yaml
repositories: repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: metrics-server - name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/ url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack - name: jetstack
url: https://charts.jetstack.io url: https://charts.jetstack.io
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: metallb - name: metallb
url: https://metallb.github.io/metallb url: https://metallb.github.io/metallb
- name: traefik - name: traefik
@ -16,8 +17,6 @@ repositories:
url: https://coredns.github.io/helm url: https://coredns.github.io/helm
- name: cilium - name: cilium
url: https://helm.cilium.io/ url: https://helm.cilium.io/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: piraeus-charts - name: piraeus-charts
url: https://piraeus.io/helm-charts/ url: https://piraeus.io/helm-charts/
- name: vmware-tanzu - name: vmware-tanzu
@ -26,6 +25,7 @@ repositories:
url: https://openebs.github.io/openebs url: https://openebs.github.io/openebs
- name: local-path-provisioner - name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
releases: releases:
- name: namespaces - name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart' chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
@ -33,6 +33,7 @@ releases:
createNamespace: false createNamespace: false
inherit: inherit:
- template: default-env-values - template: default-env-values
- name: roles - name: roles
chart: '{{ requiredEnv "PWD" }}/charts/roles' chart: '{{ requiredEnv "PWD" }}/charts/roles'
namespace: kube-public namespace: kube-public
@ -41,12 +42,14 @@ releases:
- kube-public/namespaces - kube-public/namespaces
inherit: inherit:
- template: default-env-values - template: default-env-values
- name: coredns - name: coredns
chart: coredns/coredns chart: coredns/coredns
version: 1.36.1 version: 1.36.1
namespace: kube-system namespace: kube-system
inherit: inherit:
- template: default-env-values - template: default-common-values
- name: snapshot-controller - name: snapshot-controller
chart: piraeus-charts/snapshot-controller chart: piraeus-charts/snapshot-controller
installed: true installed: true
@ -57,6 +60,7 @@ releases:
- kube-system/cilium - kube-system/cilium
inherit: inherit:
- template: crd-management-hook - template: crd-management-hook
- name: cilium - name: cilium
chart: cilium/cilium chart: cilium/cilium
version: 1.16.3 version: 1.16.3
@ -65,6 +69,7 @@ releases:
- kube-system/coredns - kube-system/coredns
inherit: inherit:
- template: default-env-values - template: default-env-values
- name: cert-manager - name: cert-manager
chart: jetstack/cert-manager chart: jetstack/cert-manager
version: v1.16.1 version: v1.16.1
@ -72,14 +77,16 @@ releases:
needs: needs:
- kube-system/cilium - kube-system/cilium
inherit: inherit:
- template: default-env-values - template: default-common-values
- name: issuer - name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer' chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public namespace: kube-public
needs: needs:
- kube-system/cert-manager - kube-system/cert-manager
inherit: inherit:
- template: default-env-values - template: default-common-values
- name: metrics-server - name: metrics-server
chart: metrics-server/metrics-server chart: metrics-server/metrics-server
version: 3.12.2 version: 3.12.2
@ -88,6 +95,7 @@ releases:
- kube-system/cilium - kube-system/cilium
inherit: inherit:
- template: default-common-values - template: default-common-values
- name: metallb - name: metallb
chart: metallb/metallb chart: metallb/metallb
namespace: kube-system namespace: kube-system
@ -95,7 +103,8 @@ releases:
needs: needs:
- kube-system/cilium - kube-system/cilium
inherit: inherit:
- template: default-env-values - template: default-common-values
- name: metallb-resources - name: metallb-resources
chart: bedag/raw chart: bedag/raw
version: 2.0.0 version: 2.0.0
@ -105,6 +114,7 @@ releases:
inherit: inherit:
- template: ext-metallb - template: ext-metallb
- template: default-env-values - template: default-env-values
- name: traefik - name: traefik
chart: traefik/traefik chart: traefik/traefik
version: 32.1.1 version: 32.1.1
@ -112,7 +122,9 @@ releases:
needs: needs:
- kube-system/cilium - kube-system/cilium
inherit: inherit:
- template: default-common-values
- template: default-env-values - template: default-env-values
- name: velero - name: velero
chart: vmware-tanzu/velero chart: vmware-tanzu/velero
namespace: kube-system namespace: kube-system
@ -124,6 +136,7 @@ releases:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: crd-management-hook - template: crd-management-hook
- name: openebs - name: openebs
chart: openebs/openebs chart: openebs/openebs
condition: openebs.enabled condition: openebs.enabled
@ -133,6 +146,7 @@ releases:
- kube-system/cilium - kube-system/cilium
inherit: inherit:
- template: default-env-values - template: default-env-values
# -- Not versions since it's installed from git # -- Not versions since it's installed from git
- name: local-path-provisioner - name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner chart: local-path-provisioner/local-path-provisioner

58
values/badhouseplants/secrets.db-instances.yaml
View File

@ -1,33 +1,29 @@
dbinstances: dbinstances:
postgres16-gitea: postgres16:
secrets: secrets:
adminUser: ENC[AES256_GCM,data:svH5S6WxZSc=,iv:s1+BhqFHZZkrM8gxH4MLCz1FRwr8Fzi0H1NZ7A+Vg2A=,tag:uQQBX1R8c9E+1tTX6n0mIA==,type:str] adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str]
adminPassword: ENC[AES256_GCM,data:iqJDu+jW0gXX0tZELpDuYyWN03+l3oPYTZ19ArPM4BKxFvRb/wPYvtJEeRlYe0exng0=,iv:mFOR5YN/tXBPQoN0vGwu7mDB6Oak06j2HhkrrTNzEK0=,tag:YzUUeIZLqngy7orxow0zKQ==,type:str] adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str]
postgres16: postgres17:
secrets: secrets:
adminUser: ENC[AES256_GCM,data:Y6tj+VHoOQc=,iv:kA66gAvStCSceSfjuzYxGzdga3JNI6fpsd26KSd8ZVc=,tag:KI+Hy3k4v3U/s4x+Z+vSyA==,type:str] adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str]
adminPassword: ENC[AES256_GCM,data:dpTooMckzlpWYBfhqNARi/9EZnLx,iv:JCUQuKSt2erPicXnVKvJd25Hk4z5yw2QCk9GG+J7ifc=,tag:ymPw1hqx10KGrZUFXDFPdw==,type:str] adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str]
mariadb:
secrets:
adminUser: ENC[AES256_GCM,data:aDQUaQ==,iv:uevUSJ/qdssjqYiU4n2lI55/b6PBZlTmVPrIJ4w5BLg=,tag:pjAwpcW6e9XmJqZF9j8jEw==,type:str]
adminPassword: ENC[AES256_GCM,data:TlwlPYKE3443WaETBQ/E7Y2Agps=,iv:ZwLICqLaGcBqn+MkRIJ1KhCPuRsYcdU7lI5Dm8A8axo=,tag:xqwjxUP2oMNdj8EH2cQmCQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEelNaa25TVC9pa01ENG9H YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO
dTYybUZIT3lBeGxLUnVnQzZML1dFQ3BZRHpRCitSdmZFdHdQT0Vrek0yc0FqemZu Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1
dyt1NUhkRzF0Rjd5bThkdkdaZENjSVUKLS0tICtTNy9MVXN5TDlmS3FtMGttUHNp Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4
eE00K0F4TVFmUStRZlJBams4UFBNaE0KSXwS2eKx6gEeLLpAl54PGJYpk7u1fyzw RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM
e13N86Fsq8aZ47mjbrg8WMOOnzHptc8Nw5v8ETIhjJfbCV10K+uIBA== jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:21Z" lastmodified: "2024-10-30T19:59:46Z"
mac: ENC[AES256_GCM,data:A39El9o/Z+CoSokIpsNsj8Wld100nWmiXA9jSpKKq485XWSybOr4FY4ofnx8coWu5ZYM6BMCkWe3/jy+KTu3PeF1ueucnDbjRyo/6bzxYEuRMKietD7KavBtpQNvPzdauONoiKVCjLsT6JL9fw6IFLXmu0gIotdCoaPEoXxWMnk=,iv:S0D7/I/em+upxAW6cljZRazvxFLXR3n3pk/uShrMk4U=,tag:iTU2H2PoL9qkWK4+B4yUww==,type:str] mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

24
values/badhouseplants/secrets.postgres17.yaml Normal file
View File

@ -0,0 +1,24 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:WIgce24XYrwtjxj95M8Jsfe+PJRmdDsd4H8cupbR,iv:VY4NZfY8Y7xM7zcRwX8WMshtnGVl8ad88PpMnRBuaHo=,tag:O2VonlpkE5Xg0dQJR28GyQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUEd0REtSS0xZdUNZOC9s
NUVTNlRxR0ZVandaWmRsSEVINTNuUllBK1ZNCm5ObSsrVzl5SnNycXpjRjNWb3pu
U0R5ckM4bUlvVENiZ2gxeGJKZTNIR0UKLS0tIExsdTkyWDl2dzNVbmk5ZHNXSUJV
K1FqbjBWUkVRcFcxbmtCNWtOaDduYUEKDy2DQVcFCwHGEj+k2fkYAeHU7JWgoeet
ZeqW6H1tafj8dCiBYrbv+RufC3nSWgglVx7VVRtwHh/5MyikpSQGmw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T19:59:35Z"
mac: ENC[AES256_GCM,data:RSJqYBKwE0d1cWmb9yXrroRJ5SgQpfEbkCVDUHF/3+XsBDb4yFmbhdkJcWytSj5GK4th0lnuLoxGc/79dqSjlTy2vn1fJSCIrqso3hic6GEp4ZeVuN63D6tkRw2vCpXwHL7LM+VoE2pDW/c3bkkyYoP7486GHA/+jha/ZMxYHsA=,iv:qs6Eq1KVMzAWvecuSSf2LBHYeY1wbD1VgFCDCDurz+o=,tag:h/mprk9v9eNurJl++SCphQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

32
values/badhouseplants/values.coredns.yaml
View File

@ -1,32 +0,0 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

21
values/badhouseplants/values.db-instances.yaml
View File

@ -1,15 +1,4 @@
---
dbinstances: dbinstances:
postgres16-gitea:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-gitea-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-gitea-postgresql.databases.svc.cluster.local
port: 5432
postgres16: postgres16:
monitoring: monitoring:
enabled: false enabled: false
@ -20,13 +9,13 @@ dbinstances:
generic: generic:
host: postgres16-postgresql.databases.svc.cluster.local host: postgres16-postgresql.databases.svc.cluster.local
port: 5432 port: 5432
mariadb: postgres17:
monitoring: monitoring:
enabled: false enabled: false
adminSecretRef: adminSecretRef:
Name: mariadb-secret Name: postgres17-secret
Namespace: databases Namespace: databases
engine: mysql engine: postgres
generic: generic:
host: mariadb.databases.svc.cluster.local host: postgres17-postgresql.databases.svc.cluster.local
port: 3306 port: 5432

71
values/badhouseplants/values.metallb.yaml
View File

@ -1,71 +0,0 @@
controller:
enabled: true
logLevel: warn
image:
repository: quay.io/metallb/controller
tag:
pullPolicy:
strategy:
type: RollingUpdate
securityContext:
runAsNonRoot: true
# nobody
runAsUser: 65534
fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 100Mi
limits:
memory: 100Mi
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
speaker:
enabled: true
logLevel: warn
tolerateMaster: true
image:
repository: quay.io/metallb/speaker
tag:
pullPolicy:
securityContext: {}
resources:
requests:
cpu: 30m
memory: 300Mi
limits:
memory: 300Mi
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
startupProbe:
enabled: true
failureThreshold: 30
periodSeconds: 5
crds:
enabled: true
validationFailurePolicy: Fail

19
values/badhouseplants/values.postgres17.yaml Normal file
View File

@ -0,0 +1,19 @@
architecture: standalone
auth:
database: postgres
metrics:
enabled: false
primary:
persistence:
size: 2Gi
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi

23
values/badhouseplants/values.traefik.yaml
View File

@ -1,10 +1,4 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports: ports:
web:
redirectTo:
port: websecure
websecure: websecure:
transport: transport:
respondingTimeouts: respondingTimeouts:
@ -41,18 +35,6 @@ ports:
default: true default: true
exposedPort: 27016 exposedPort: 27016
protocol: TCP protocol: TCP
# valve-server:
# port: 27015
# expose:
# default: true
# exposedPort: 27015
# protocol: UDP
# valve-rcon:
# port: 27015
# expose:
# default: true
# exposedPort: 27015
# protocol: TCP
smtp: smtp:
port: 25 port: 25
protocol: TCP protocol: TCP
@ -107,8 +89,3 @@ ports:
exposedPort: 8388 exposedPort: 8388
expose: expose:
default: true default: true
providers:
kubernetesIngress:
publishedServicePath:
enabled: true
publishedServicePath: "195.201.249.91"

0
values/badhouseplants/values.cert-manager.yaml → values/common/values.cert-manager.yaml
View File

32
values/common/values.coredns.yaml Normal file
View File

@ -0,0 +1,32 @@
service:
clusterIP: 10.43.0.10
servers:
- zones:
- zone: .
port: 53
plugins:
- name: errors
# Serves a /health endpoint on :8080, required for livenessProbe
- name: health
configBlock: |-
lameduck 5s
# Serves a /ready endpoint on :8181, required for readinessProbe
- name: ready
# Required to query kubernetes API for data
- name: kubernetes
parameters: cluster.local in-addr.arpa ip6.arpa
configBlock: |-
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
# Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus
parameters: 0.0.0.0:9153
- name: forward
parameters: . 1.1.1.1 1.0.0.1
- name: cache
parameters: 30
- name: loop
- name: reload
- name: loadbalance

1
values/badhouseplants/values.issuer.yaml → values/common/values.issuer.yaml
View File

@ -1,4 +1,3 @@
---
name: badhouseplants-issuer-http01 name: badhouseplants-issuer-http01
spec: spec:
acme: acme:

85
values/common/values.metallb.yaml
View File

@ -1,14 +1,71 @@
--- controller:
metallb: enabled: true
templates: logLevel: warn
- | image:
{{ range .Values.ippools }} repository: quay.io/metallb/controller
--- tag:
apiVersion: metallb.io/v1beta1 pullPolicy:
kind: IPAddressPool strategy:
metadata: type: RollingUpdate
name: {{ .name }} securityContext:
spec: runAsNonRoot: true
addresses: # nobody
- {{ .addresses }} runAsUser: 65534
{{ end }} fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 100Mi
limits:
memory: 100Mi
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
speaker:
enabled: true
logLevel: warn
tolerateMaster: true
image:
repository: quay.io/metallb/speaker
tag:
pullPolicy:
securityContext: {}
resources:
requests:
cpu: 30m
memory: 300Mi
limits:
memory: 300Mi
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
startupProbe:
enabled: true
failureThreshold: 30
periodSeconds: 5
crds:
enabled: true
validationFailurePolicy: Fail

7
values/common/values.traefik.yaml Normal file
View File

@ -0,0 +1,7 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports:
web:
redirectTo:
port: websecure

6
values/etersoft/values.traefik.yaml
View File

@ -1,10 +1,4 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports: ports:
web:
redirectTo:
port: websecure
openvpn: openvpn:
port: 1194 port: 1194
expose: expose: