diff --git a/common/environments.yaml b/common/environments.yaml index 04ec0d3..db23ea9 100644 --- a/common/environments.yaml +++ b/common/environments.yaml @@ -2,6 +2,8 @@ environments: badhouseplants: kubeContext: badhouseplants values: + - base: + enabled: true - velero: enabled: true - workload: @@ -23,6 +25,8 @@ environments: etersoft: kubeContext: etersoft values: + - base: + enabled: true - velero: enabled: false - workload: @@ -41,3 +45,49 @@ environments: enabled: true - istio: enabled: false + xray-1: + kubeContext: xray-1 + values: + - base: + enabled: false + - velero: + enabled: false + - workload: + enabled: false + - backups: + enabled: false + - openebs: + enabled: false + - localpath: + enabled: false + - postgres17: + enabled: false + - redis: + enabled: false + - postgres16: + enabled: false + - istio: + enabled: false + xray-2: + kubeContext: xray-2 + values: + - base: + enabled: false + - velero: + enabled: false + - workload: + enabled: false + - backups: + enabled: false + - openebs: + enabled: false + - localpath: + enabled: false + - postgres17: + enabled: false + - redis: + enabled: false + - postgres16: + enabled: false + - istio: + enabled: false diff --git a/common/extensions/self-signed-cert.yaml b/common/extensions/self-signed-cert.yaml new file mode 100644 index 0000000..9a874de --- /dev/null +++ b/common/extensions/self-signed-cert.yaml @@ -0,0 +1,13 @@ +ext-self-signed-cert: + templates: + - | + --- + apiVersion: v1 + kind: Secret + metadata: + name: {{ .Values.name }} + data: + {{- $ca := genCA .Values.domain 365 -}} + {{- $cert := genSignedCert .Values.domain nil (list .Values.domain ) 365 $ca }} + tls.crt: {{ $cert.Cert | b64enc }} + tls.key: {{ $cert.Key | b64enc }} diff --git a/common/templates.yaml b/common/templates.yaml index caadc71..9cada48 100644 --- a/common/templates.yaml +++ b/common/templates.yaml @@ -125,3 +125,10 @@ templates: alias: ext-cilium values: - '{{ requiredEnv "PWD" }}/values/common/values.ext-cilium.yaml' + ext-self-signed-cert: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: ext-self-signed-cert + values: + - '{{ requiredEnv "PWD" }}/common/extensions/self-signed-cert.yaml' diff --git a/installations/applications/helmfile-xray-1.yaml b/installations/applications/helmfile-xray-1.yaml new file mode 100644 index 0000000..ee75dc3 --- /dev/null +++ b/installations/applications/helmfile-xray-1.yaml @@ -0,0 +1,23 @@ +bases: + - ../../common/environments.yaml + - ../../common/templates.yaml +repositories: + - name: allangers-charts + url: ghcr.io/allanger/allangers-charts + oci: true +releases: + - name: server-xray-public + chart: allangers-charts/server-xray + namespace: public-xray + version: 0.4.0 + inherit: + - template: default-env-secrets + - template: default-env-values + - template: ext-self-signed-cert + - name: promtail + chart: grafana/promtail + namespace: promtail + version: 6.16.6 + inherit: + - template: default-env-values + - template: default-env-secrets diff --git a/installations/applications/helmfile-xray-2.yaml b/installations/applications/helmfile-xray-2.yaml new file mode 100644 index 0000000..271e2c0 --- /dev/null +++ b/installations/applications/helmfile-xray-2.yaml @@ -0,0 +1,16 @@ +bases: + - ../../common/environments.yaml + - ../../common/templates.yaml +repositories: + - name: allangers-charts + url: ghcr.io/allanger/allangers-charts + oci: true +releases: + - name: server-xray-public + chart: allangers-charts/server-xray + namespace: public-xray + version: 0.4.0 + inherit: + - template: default-env-secrets + - template: default-env-values + - template: ext-self-signed-cert diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 28b84c6..01b37a7 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -66,6 +66,7 @@ releases: - name: cilium chart: cilium/cilium version: 1.16.3 + condition: base.enabled namespace: kube-system needs: - kube-system/coredns @@ -76,18 +77,24 @@ releases: chart: jetstack/cert-manager version: v1.16.1 namespace: kube-system + condition: base.enabled + missingFileHandler: Warn needs: - kube-system/cilium inherit: - template: default-common-values + - template: default-env-values - name: issuer chart: '{{ requiredEnv "PWD" }}/charts/issuer' namespace: kube-public + missingFileHandler: Warn + condition: base.enabled needs: - kube-system/cert-manager inherit: - template: default-common-values + - template: default-env-values - name: metrics-server chart: metrics-server/metrics-server @@ -101,6 +108,7 @@ releases: - name: metallb chart: metallb/metallb namespace: kube-system + condition: base.enabled version: 0.14.8 needs: - kube-system/cilium @@ -110,6 +118,7 @@ releases: - name: metallb-resources chart: bedag/raw version: 2.0.0 + condition: base.enabled namespace: kube-system needs: - kube-system/metallb @@ -120,6 +129,7 @@ releases: - name: traefik chart: traefik/traefik version: 33.0.0 + condition: base.enabled namespace: kube-system needs: - kube-system/cilium diff --git a/values/xray-1/secrets.promtail.yaml b/values/xray-1/secrets.promtail.yaml new file mode 100644 index 0000000..e3b2680 --- /dev/null +++ b/values/xray-1/secrets.promtail.yaml @@ -0,0 +1,27 @@ +config: + clients: + - url: ENC[AES256_GCM,data:CFq8x1jLDO8aLitEOlCOXeG1yp8RqKHdeqf8x7o9YESOmTAKFTuLpcBUDeESNTv9,iv:68uLarfOiS4oTcvEQu4uHMQUzRhXhqAZb5c4ik4U2E4=,tag:GhkkzriBYhWmTxt0KNwMkg==,type:str] + tenant_id: ENC[AES256_GCM,data:Iad0xh30fhwNiDh8SRU=,iv:A9o5brTa/2YbdYCIg5D4RHY2LXkMauIZBfygGsyV8gM=,tag:vNbcRImDSRCkM34B03MiMQ==,type:str] + basic_auth: + username: ENC[AES256_GCM,data:kUgLwA==,iv:5rAxU463ynXXZQfmGykocKmWm+VKahatT2KokSux16E=,tag:vYe9g0mePeYAapJlHAOWVw==,type:str] + password: ENC[AES256_GCM,data:2Zb4d8Aj5M27V7YNvcdFIkHHAl5dvNIlB46sP2sJ,iv:wW31BhjGvN2ii60p+/hSs2IqaIhLbDgl70KFfGiTbXM=,tag:50DB7GxuuAl+8GJ7K2ePvA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdjR0eFRDS2dCVTNENUFr + V0k4T2Q2cmxua05QeDlzdnB2WWJLQ2hQbUdZCndjT0cxcytPUW0zOWtxVy9sazlr + Z3RKSkFVeGx2UkdtWmhLQXhNUnpKeUEKLS0tIGV3L1pRNXlZMG92K1N6aGlvSVBz + ZVV1d3R6KzJtT0drOVNHSThDdjAxekkK1RXCHM6QhNXto5D6yFTlvANN3E4iYfOC + Bf8s76p0ynI3tqfH6IgA9NFRPxYPzMGC/1zsQ95n5N6fMXh/KouRqg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-17T16:09:55Z" + mac: ENC[AES256_GCM,data:EM9kmYq/6en0XwMtmDcx5yO6VflugTbqDgPvvIBl7m6EvFi9EkMx/Aa9jkVYS+VFvS+pJ9pVe8+F/TL5+o/K0O9rkgZ8+ciAYXoRDBb1o9qUMoy2+ZjbjI7FMXDp8c8UED0MK+SZYNZ2C+44C9kohX5cPwOQCHd+0HxJKOTzH8U=,iv:The91sevo/IqJIXBt8BAta5RYDtv1oFaGQRyqzrm+tM=,tag:fKduoewHPG/N1qGr76r/8A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/xray-1/secrets.server-xray-public.yaml b/values/xray-1/secrets.server-xray-public.yaml new file mode 100644 index 0000000..e885806 --- /dev/null +++ b/values/xray-1/secrets.server-xray-public.yaml @@ -0,0 +1,37 @@ +files: + config: + enabled: ENC[AES256_GCM,data:nAOcqA==,iv:IgjI1fKgYvF/9JaWtN4rCx8ES3dhZ+J/9Bx3oGhJwHM=,tag:HIr+sIPImT2HvbpDsSeU2A==,type:bool] + sensitive: ENC[AES256_GCM,data:T/22lCM=,iv:9/bWVhvaW/7JKKssxHPbc0U21mC+Npx2LQRwg22/Fyo=,tag:DMNf0id3/J7HII8ETuwrOA==,type:bool] + remove: [] + entries: + config.json: + data: ENC[AES256_GCM,data:LaOVNskRiFPXiFlhNcHE0c71FVt+ViDUkenbs/3j5EVMXP8qd3uRM4an/lkPL/WbfH5UT4K5acKyvwdnRQfpl+UUevYPJD7IAh3IAFuSeEsz2wFiIHltOEhTtoXSveT+TNxHgqi7+Q3LOzrh8ndttnLpfupQHdCKA5RO3xO5VhxERCE4biSnBP1ecNYz0t+5QINdeImtuDczE8tQjLLKEsd+XnYlZlQQYz9BnPXjoNAVkkdrsgGtts4jy5yb88U8Qx+TIs6MBkIUaN81/QDdkIPDgXhwU2i5XqYtXlX+DVYXuERP+r0aBCAlutXTLp9eE/Ow5ULDLBaGpRBl95vRTrWBCwTJPVx5ODAd7LtGFrVzevM4XA3UPaH1mLabtx2pjzQMhQyMiyM+ya1zlGueOPU0L/hUdmlyFCrRhaeO/PW4vEhNRGkRnjX8mxPNsHpJVMju8iarJnI+7r25hl/gH0gd7yBmGhidDOVELf24rwPnJOASFQKBi+Ahfd8w60WmMRv6MMeGHD3IVnGvu5FFTo/98SImWqqVJciXL2zOveewPUANBz3rah8v8dKH6k0KhcEj33u9kevnZAypqhy8SuZNfbHWGskPwqiF45GU2Rybbb2bHAx4bUgWDuW63uvfVwbLqbrob7b2G3KzdgWpWMD6uA5F6cewFUIz/NRb9cpwke9PbgVSNKLm0A0xihmqDaxRJgCseVgxHx3ssWLeP08UBj/t6p6nJIaQXVmXc0Bo2/LIx7JDKpRkz6jC1Mbmwxf2GcyYuTUnq4e2w+ZxbasPdueBOZDgmgHAse38cm7k51fk99ZV3ChEBLa5qAFKvQfbGmMZAoHKXr5HceGQTb+32Y/2aYBuK4o9dPFieT9ogZaq7lqydRImuz+hH47YECbYKonZMlpW5d2gnkb7/9SCQMmb0EW7uWI8rvm/j+vcE3D8K5B8iUzfDjhcIj9GbyiJy8dVlE5DIKRmAWqq8XKIAP+vigLDl7fJEeqNQH2byI+qfVHDNB70d9W87Nfhx9iI3f0JbMupI2SCKamoiAHNnVNj3fs/Mf5Pof1aiXrz7tFUJxdqvW/1DH68A/yCq41jcvL9LqICYMQecBIhnk0KIXYTe29jWgokdtAiiw4PAZR6X2+9MZYnubObTO7rcdVlBVVueLpnjrCCc4Iy0rH0kaTMRMQ3wL28z+xaD3jdn0ywEuaEfAZtvB5xnUFiyWg4V7wulGobC0tO+bxIxKf3oTdo7SjKJE6QPaP83BON2gewy7Ib06keSdr8xvlCd8uGXskEGq0NaaR8aWVKh2G5yZ2KYFy2176jZPQRAve/NupneqEvgeaF7Rlgsb5iftFm/yQHoV1zzQwOhVJWS93keW6g2DzxTUJ9q43kAULVUyvzcfRx8ahOR58QOg8BdhCJ+KXwJH3HucCfASOFWlSCMBFVPfdHRnPASrTlzhkcdXOzOTUk6aHGecD6vBCrjLj9O3meU+MbXQsXtpX2Eaea4Up8EUXo9OIqzM9cGxkIlOJ4y5fNVrDP4q5B1bUTNTjIrU5cWROilank2s/0xf3ABOfAdi0Oa/kqFka7yjP6CUXnCtdL3Jb3Yz94pNw1LIwKnZj3moNITrAVhsX1BVt49d2x5XMi8/qMTglO8kVXTb+HKHtuYNOmoFxO6kuBBHvFiUz1y4fHrl3/vS2n8WH2gqUvXiGw3QgNujyM5Q/aSrQsRs9q9Ndwolhx01Z/p6i/lDWNufUL1pWXdOkAeNqsDNYkJZU2NoC7Z/cvx4S6Qyh7fkTZBHAgEK4gyOorgoVIxzLw2o/sgG8JdLflHZ3RO6WfjCtjLgM96RbaMUoSzKPpZ5cu736o9u0bz+d0dhiSTBmtk4fRpotFpqPaiYm2KhXO9m3kNlEw0UnOvbUB3rQY3MRdShD3WB5H/Wup9fYjMUUb5pjKQP6N+5IP+S+5ukpnJHm//HH1BYS/MUw5nkCteyFxvn5A4Hmaduh8UtcwhPH/hqoYZ0ilJSdbuX7G0Yj0QZv5KjwnF1+Sw7ZGPb16v3fWLowCiamvznD0b/87iJl7v8s35lHmmoqQ6SdvV/2MTEL9j+K5z9mFyGwSRQTz2KQzpKidn4f0oVP9NnTl4vsja5BXZMJ/KF6QVPnoZUSbDthxRf/dvChzPwWzSsoemobhY0yg5CpsTcixTsj6VelrWlYLsgqokWd5Y4SFIQacpw9E1WGcpJRd8EWLrr5eMuJhQ6T9lra5kLvvixj+85u5HjbdNeAD4w38uhBPod0JBlVA9Nk0ORATw74ef5HZfqmpkU7ZA6wtSPT8vrRMfF5HoqjBFFgeM9hRGmXvqxtF/uw0KgdvZIzgI0nLyAaO/p8MVtrEzgnIVMYLI2XphN5J+eUaLFcuu/slCtfLR1hKInq6uu+Vm7RepKGt6NU9rvY0YVsVJSM1DjH2QRIJWixXLzCpHLjgcjSNuU8f8UIvHkPMDIq4buWgJQgbivIBaYKI81GO9I3wj4vEq3C27W7QgKWfXZS7uUgAdJ+8D2VI7NhSzsNe1KG96ziTWmgv5WhPUCnU3FplABulyX9PdWa11Kj2obQCqKsFA9/BhgsqSHsjog1P404kypmzVLIKrdkNe0SmZXbkPY/Qs9/8WKKLpE2D5sS5L6LXSved33XCg7HMR7aiQQ5t2VxoBItw6LYr2egAPeQ6SaW7Mczwwe7Wm8gBm3+IpPXRMjviDpZS0a5RrgV+Pn1nOL1R7A5ZkumS1bYRSuTorL4rY3/cF9iRxJ6ejIEEpzUg5XVEt8Ma32XweLZF9pcQ4FRUumYcMbsHZmiAAQEjdr8C2cdOnJzv+TLjf6xIJGoqgOl63t+XQ5KksbjvoP26nJa9mbXt0abcr2eRjiWP5C2ynW5iDWoAgnhp2IijKQsGmj40yUCQpRrwcC6zxsMvWeE1jTkJ6TDC9/W3a/73DDYceMrB8Ltyns40aDCx+GJ9Zi7cz69jrLxc6Wah8fqmxRi42AGWdVULIAEDuTMWWbuxib5IYx37/CAWXlicWolbzaWojhsIJwh37SvnN5aRgCLU8Q1u5CIm4qv3UTonjhk0AsK95hvCX9v45VHaqLMzZ5Lv4sKz/XKmU1QNKrtz46uSGQkxmZ9smCs8R1ixF7w8fCwFyuMlo5azxhatFA9t0XIhDVCsRZO9HB2gtqj/BS+oj5gll8XJ4LpxduIYiZYhlRPa1Txq8Wn+pJ8DRTdaHGHAD69iwy6AoakXHgyZSu3dYT0S3lceqSNyqL3brJSodL7YMiKgKMWtSkr1Wx7kQdcEhlsYbrg4iKwPFONqrSEaJfKK6vKZStTRqBV9tlpsJfIS4D/MRUPYKeQnanQXP5ZzG+YpleCzKyK3ncB1+IoXhlwKx5QOdXITJJdGJ5gIVVY5wYfla51G5BzDF2jRPQ/MsvCoEl9TW8jPEphIZwASKinij5iACF6iO/rVUAmJRXQsZBkI3hKFqZQ0nxh/1dGlrkWfhbnWijxFkVhyV5BmL1VAWzJ/H7KJpxxWm6R1HfMXN4y1BKgMoUiSjtBe0qxqPpueW/ZxWxzQaZeSxOX0OPfYNHHZE+Nk42dS82O5T08w57YxEhSfTzFfxfkAM1ywkygEyeCf30Y3a/sq2ZQ8BDImS+ow5hDiTuKyJwefSeL4wrbUSg76O8QQl9ikG9ROaig2ZYFZFsjcNPU9FNqXw7ExLfPREWs6Eg6kuUBpjm9FquA+EeJd2oPekzVWwWp0u/C2kXM2OEB94YXPaPs+SD2bRimGC9n063H1p48zGncWJTHw6a96kbMiryJlbMKySlVBFn1S4BCCpLH85GI9VkHo7xM3qfDFF/b2AyXRa0AW5SNYptdLBxA/Vn62/TBwZOsCtzOqJdn3Hs/sTZEcQSxnMeZKFKkMY6I8afhwcpFEErCONS1i5R3P4pewcEqwYEw7jyfYYZ8265Dz0yj2oqmSpfaP65JJc5d3qHaOkn1AWjZlyKFPaaYUX7aqPHbqBR2c2YzGSe6VmGxnnNFvw3rmStiECxc24d4UGDFjQ4zwyPXtjiXw4PVFedly0ZmY25OWqW0fuOGEoLe/QWAT0+OoHY0XJkFtVH6AOkIKILFLApKoffeJy5Nv10gIaWIb0L9xf8eMFFS0ZE7lwtLCs4O7rOTnkQuAoA2QiF37prgjeKrpr+YmZ9oYbFT1DS5fQUHxP8TWUicj/WAhEZZsbXpvQ+USUBit44KhjQQSvdO4ZvuMrAXb,iv:AdhKIjW4VD1N0km2fzPROhbs3QFToYuYfjTgHfS1IVg=,tag:VduZZAavteFNwVxiNcTMyA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUkh4bWtiUHdqMllyVkZt + c2pWMmNqeVB3cW5NRGxYdHZObGN0cTJoZlhRCitUUExtWXJsTHVWbTNDSVB3QnJp + ZTJBbko3Zjk3bFkvQjBDRjVYcWNJdVkKLS0tIHBuMFBGQndOZU5wQXczMisxYjV5 + UGp6ZFNzZUloV2wwbUpyL1FDY0Q0RWsKxoWWeAWlLmIXOfwijC4Ql6bxeBbBDfPM + mH38M2veyGAT+wAET9t1Ja8V1WVg84Hr5isTbd/RdLtpSQvYZBjzoA== + -----END AGE ENCRYPTED FILE----- + - recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLN3pNV1YranJlMEdvSUZu + bnpselFadHZBQTMyQjQvUk9DS3o0K244bDNjCjNpcjloeXl4ZWM5WERqTVVzeW9F + YnM1OWE3WnRHQzJYVTYxRWR6RndIbnMKLS0tIHh2OTYrTlNHWUZPUXErMnhBdFdi + VXc2UUJldVFmblI1SU5oN3BiaGlwM1UKM1mITMB6N5QjKeoLHJmMpXdnjU9N45OA + QkL6YaxrVjRCkECYlHrq0y6MjkB8Z3aoGoZcSW6EtviWEm7Lr4IaeQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-17T16:08:28Z" + mac: ENC[AES256_GCM,data:fOPKKaDtczjvBtDGpnQLWJ6ialNF3P8/JbFfr4w+KKWaN0+WdMa+nYmPLwrhAfSvdZ3mcGfnCDlYVM5ZZpk2LdcKyNnv49cc9sLCDwrEFR7s6+Lv2jMiT0TEK3zgvxIUvR8dvxwcYbuRsd0i1uH4WgwEgwQS/HVul2skRY9q/88=,iv:O/AhcimYqVDor4S1K3rS9u6NPG9lpsL+ZEJ+6g3lnZ8=,tag:RtLzoaH0Lscfw9NwGBjXlA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/xray-1/values.namespaces.yaml b/values/xray-1/values.namespaces.yaml new file mode 100644 index 0000000..d443d0f --- /dev/null +++ b/values/xray-1/values.namespaces.yaml @@ -0,0 +1,3 @@ +namespaces: + - name: public-xray + - name: promtail diff --git a/values/xray-1/values.promtail.yaml b/values/xray-1/values.promtail.yaml new file mode 100644 index 0000000..5848230 --- /dev/null +++ b/values/xray-1/values.promtail.yaml @@ -0,0 +1,7 @@ +config: + snippets: + pipelineStages: + - match: + pipeline_name: "drop-all" + selector: '{namespace!~"public-xray"}' + action: drop diff --git a/values/xray-1/values.roles.yaml b/values/xray-1/values.roles.yaml new file mode 100644 index 0000000..1684f2f --- /dev/null +++ b/values/xray-1/values.roles.yaml @@ -0,0 +1 @@ +roles: [] diff --git a/values/xray-1/values.server-xray-public.yaml b/values/xray-1/values.server-xray-public.yaml new file mode 100644 index 0000000..979ba68 --- /dev/null +++ b/values/xray-1/values.server-xray-public.yaml @@ -0,0 +1,26 @@ +ext-self-signed-cert: + enabled: true + name: xray.badhouseplants.net + domain: xray.badhouseplants.net +ingress: + main: + enabled: false +service: + xray-https: + enabled: true + type: NodePort + ports: + https: + port: 443 + targetPort: 443 + nodePort: 30015 + protocol: TCP + xray-http: + enabled: true + type: NodePort + ports: + http: + port: 80 + targetPort: 80 + protocol: TCP + nodePort: 30014 diff --git a/values/xray-2/secrets.promtail.yaml b/values/xray-2/secrets.promtail.yaml new file mode 100644 index 0000000..e3b2680 --- /dev/null +++ b/values/xray-2/secrets.promtail.yaml @@ -0,0 +1,27 @@ +config: + clients: + - url: ENC[AES256_GCM,data:CFq8x1jLDO8aLitEOlCOXeG1yp8RqKHdeqf8x7o9YESOmTAKFTuLpcBUDeESNTv9,iv:68uLarfOiS4oTcvEQu4uHMQUzRhXhqAZb5c4ik4U2E4=,tag:GhkkzriBYhWmTxt0KNwMkg==,type:str] + tenant_id: ENC[AES256_GCM,data:Iad0xh30fhwNiDh8SRU=,iv:A9o5brTa/2YbdYCIg5D4RHY2LXkMauIZBfygGsyV8gM=,tag:vNbcRImDSRCkM34B03MiMQ==,type:str] + basic_auth: + username: ENC[AES256_GCM,data:kUgLwA==,iv:5rAxU463ynXXZQfmGykocKmWm+VKahatT2KokSux16E=,tag:vYe9g0mePeYAapJlHAOWVw==,type:str] + password: ENC[AES256_GCM,data:2Zb4d8Aj5M27V7YNvcdFIkHHAl5dvNIlB46sP2sJ,iv:wW31BhjGvN2ii60p+/hSs2IqaIhLbDgl70KFfGiTbXM=,tag:50DB7GxuuAl+8GJ7K2ePvA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdjR0eFRDS2dCVTNENUFr + V0k4T2Q2cmxua05QeDlzdnB2WWJLQ2hQbUdZCndjT0cxcytPUW0zOWtxVy9sazlr + Z3RKSkFVeGx2UkdtWmhLQXhNUnpKeUEKLS0tIGV3L1pRNXlZMG92K1N6aGlvSVBz + ZVV1d3R6KzJtT0drOVNHSThDdjAxekkK1RXCHM6QhNXto5D6yFTlvANN3E4iYfOC + Bf8s76p0ynI3tqfH6IgA9NFRPxYPzMGC/1zsQ95n5N6fMXh/KouRqg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-17T16:09:55Z" + mac: ENC[AES256_GCM,data:EM9kmYq/6en0XwMtmDcx5yO6VflugTbqDgPvvIBl7m6EvFi9EkMx/Aa9jkVYS+VFvS+pJ9pVe8+F/TL5+o/K0O9rkgZ8+ciAYXoRDBb1o9qUMoy2+ZjbjI7FMXDp8c8UED0MK+SZYNZ2C+44C9kohX5cPwOQCHd+0HxJKOTzH8U=,iv:The91sevo/IqJIXBt8BAta5RYDtv1oFaGQRyqzrm+tM=,tag:fKduoewHPG/N1qGr76r/8A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/xray-2/secrets.server-xray-public.yaml b/values/xray-2/secrets.server-xray-public.yaml new file mode 100644 index 0000000..e885806 --- /dev/null +++ b/values/xray-2/secrets.server-xray-public.yaml @@ -0,0 +1,37 @@ +files: + config: + enabled: ENC[AES256_GCM,data:nAOcqA==,iv:IgjI1fKgYvF/9JaWtN4rCx8ES3dhZ+J/9Bx3oGhJwHM=,tag:HIr+sIPImT2HvbpDsSeU2A==,type:bool] + sensitive: ENC[AES256_GCM,data:T/22lCM=,iv:9/bWVhvaW/7JKKssxHPbc0U21mC+Npx2LQRwg22/Fyo=,tag:DMNf0id3/J7HII8ETuwrOA==,type:bool] + remove: [] + entries: + config.json: + data: ENC[AES256_GCM,data:LaOVNskRiFPXiFlhNcHE0c71FVt+ViDUkenbs/3j5EVMXP8qd3uRM4an/lkPL/WbfH5UT4K5acKyvwdnRQfpl+UUevYPJD7IAh3IAFuSeEsz2wFiIHltOEhTtoXSveT+TNxHgqi7+Q3LOzrh8ndttnLpfupQHdCKA5RO3xO5VhxERCE4biSnBP1ecNYz0t+5QINdeImtuDczE8tQjLLKEsd+XnYlZlQQYz9BnPXjoNAVkkdrsgGtts4jy5yb88U8Qx+TIs6MBkIUaN81/QDdkIPDgXhwU2i5XqYtXlX+DVYXuERP+r0aBCAlutXTLp9eE/Ow5ULDLBaGpRBl95vRTrWBCwTJPVx5ODAd7LtGFrVzevM4XA3UPaH1mLabtx2pjzQMhQyMiyM+ya1zlGueOPU0L/hUdmlyFCrRhaeO/PW4vEhNRGkRnjX8mxPNsHpJVMju8iarJnI+7r25hl/gH0gd7yBmGhidDOVELf24rwPnJOASFQKBi+Ahfd8w60WmMRv6MMeGHD3IVnGvu5FFTo/98SImWqqVJciXL2zOveewPUANBz3rah8v8dKH6k0KhcEj33u9kevnZAypqhy8SuZNfbHWGskPwqiF45GU2Rybbb2bHAx4bUgWDuW63uvfVwbLqbrob7b2G3KzdgWpWMD6uA5F6cewFUIz/NRb9cpwke9PbgVSNKLm0A0xihmqDaxRJgCseVgxHx3ssWLeP08UBj/t6p6nJIaQXVmXc0Bo2/LIx7JDKpRkz6jC1Mbmwxf2GcyYuTUnq4e2w+ZxbasPdueBOZDgmgHAse38cm7k51fk99ZV3ChEBLa5qAFKvQfbGmMZAoHKXr5HceGQTb+32Y/2aYBuK4o9dPFieT9ogZaq7lqydRImuz+hH47YECbYKonZMlpW5d2gnkb7/9SCQMmb0EW7uWI8rvm/j+vcE3D8K5B8iUzfDjhcIj9GbyiJy8dVlE5DIKRmAWqq8XKIAP+vigLDl7fJEeqNQH2byI+qfVHDNB70d9W87Nfhx9iI3f0JbMupI2SCKamoiAHNnVNj3fs/Mf5Pof1aiXrz7tFUJxdqvW/1DH68A/yCq41jcvL9LqICYMQecBIhnk0KIXYTe29jWgokdtAiiw4PAZR6X2+9MZYnubObTO7rcdVlBVVueLpnjrCCc4Iy0rH0kaTMRMQ3wL28z+xaD3jdn0ywEuaEfAZtvB5xnUFiyWg4V7wulGobC0tO+bxIxKf3oTdo7SjKJE6QPaP83BON2gewy7Ib06keSdr8xvlCd8uGXskEGq0NaaR8aWVKh2G5yZ2KYFy2176jZPQRAve/NupneqEvgeaF7Rlgsb5iftFm/yQHoV1zzQwOhVJWS93keW6g2DzxTUJ9q43kAULVUyvzcfRx8ahOR58QOg8BdhCJ+KXwJH3HucCfASOFWlSCMBFVPfdHRnPASrTlzhkcdXOzOTUk6aHGecD6vBCrjLj9O3meU+MbXQsXtpX2Eaea4Up8EUXo9OIqzM9cGxkIlOJ4y5fNVrDP4q5B1bUTNTjIrU5cWROilank2s/0xf3ABOfAdi0Oa/kqFka7yjP6CUXnCtdL3Jb3Yz94pNw1LIwKnZj3moNITrAVhsX1BVt49d2x5XMi8/qMTglO8kVXTb+HKHtuYNOmoFxO6kuBBHvFiUz1y4fHrl3/vS2n8WH2gqUvXiGw3QgNujyM5Q/aSrQsRs9q9Ndwolhx01Z/p6i/lDWNufUL1pWXdOkAeNqsDNYkJZU2NoC7Z/cvx4S6Qyh7fkTZBHAgEK4gyOorgoVIxzLw2o/sgG8JdLflHZ3RO6WfjCtjLgM96RbaMUoSzKPpZ5cu736o9u0bz+d0dhiSTBmtk4fRpotFpqPaiYm2KhXO9m3kNlEw0UnOvbUB3rQY3MRdShD3WB5H/Wup9fYjMUUb5pjKQP6N+5IP+S+5ukpnJHm//HH1BYS/MUw5nkCteyFxvn5A4Hmaduh8UtcwhPH/hqoYZ0ilJSdbuX7G0Yj0QZv5KjwnF1+Sw7ZGPb16v3fWLowCiamvznD0b/87iJl7v8s35lHmmoqQ6SdvV/2MTEL9j+K5z9mFyGwSRQTz2KQzpKidn4f0oVP9NnTl4vsja5BXZMJ/KF6QVPnoZUSbDthxRf/dvChzPwWzSsoemobhY0yg5CpsTcixTsj6VelrWlYLsgqokWd5Y4SFIQacpw9E1WGcpJRd8EWLrr5eMuJhQ6T9lra5kLvvixj+85u5HjbdNeAD4w38uhBPod0JBlVA9Nk0ORATw74ef5HZfqmpkU7ZA6wtSPT8vrRMfF5HoqjBFFgeM9hRGmXvqxtF/uw0KgdvZIzgI0nLyAaO/p8MVtrEzgnIVMYLI2XphN5J+eUaLFcuu/slCtfLR1hKInq6uu+Vm7RepKGt6NU9rvY0YVsVJSM1DjH2QRIJWixXLzCpHLjgcjSNuU8f8UIvHkPMDIq4buWgJQgbivIBaYKI81GO9I3wj4vEq3C27W7QgKWfXZS7uUgAdJ+8D2VI7NhSzsNe1KG96ziTWmgv5WhPUCnU3FplABulyX9PdWa11Kj2obQCqKsFA9/BhgsqSHsjog1P404kypmzVLIKrdkNe0SmZXbkPY/Qs9/8WKKLpE2D5sS5L6LXSved33XCg7HMR7aiQQ5t2VxoBItw6LYr2egAPeQ6SaW7Mczwwe7Wm8gBm3+IpPXRMjviDpZS0a5RrgV+Pn1nOL1R7A5ZkumS1bYRSuTorL4rY3/cF9iRxJ6ejIEEpzUg5XVEt8Ma32XweLZF9pcQ4FRUumYcMbsHZmiAAQEjdr8C2cdOnJzv+TLjf6xIJGoqgOl63t+XQ5KksbjvoP26nJa9mbXt0abcr2eRjiWP5C2ynW5iDWoAgnhp2IijKQsGmj40yUCQpRrwcC6zxsMvWeE1jTkJ6TDC9/W3a/73DDYceMrB8Ltyns40aDCx+GJ9Zi7cz69jrLxc6Wah8fqmxRi42AGWdVULIAEDuTMWWbuxib5IYx37/CAWXlicWolbzaWojhsIJwh37SvnN5aRgCLU8Q1u5CIm4qv3UTonjhk0AsK95hvCX9v45VHaqLMzZ5Lv4sKz/XKmU1QNKrtz46uSGQkxmZ9smCs8R1ixF7w8fCwFyuMlo5azxhatFA9t0XIhDVCsRZO9HB2gtqj/BS+oj5gll8XJ4LpxduIYiZYhlRPa1Txq8Wn+pJ8DRTdaHGHAD69iwy6AoakXHgyZSu3dYT0S3lceqSNyqL3brJSodL7YMiKgKMWtSkr1Wx7kQdcEhlsYbrg4iKwPFONqrSEaJfKK6vKZStTRqBV9tlpsJfIS4D/MRUPYKeQnanQXP5ZzG+YpleCzKyK3ncB1+IoXhlwKx5QOdXITJJdGJ5gIVVY5wYfla51G5BzDF2jRPQ/MsvCoEl9TW8jPEphIZwASKinij5iACF6iO/rVUAmJRXQsZBkI3hKFqZQ0nxh/1dGlrkWfhbnWijxFkVhyV5BmL1VAWzJ/H7KJpxxWm6R1HfMXN4y1BKgMoUiSjtBe0qxqPpueW/ZxWxzQaZeSxOX0OPfYNHHZE+Nk42dS82O5T08w57YxEhSfTzFfxfkAM1ywkygEyeCf30Y3a/sq2ZQ8BDImS+ow5hDiTuKyJwefSeL4wrbUSg76O8QQl9ikG9ROaig2ZYFZFsjcNPU9FNqXw7ExLfPREWs6Eg6kuUBpjm9FquA+EeJd2oPekzVWwWp0u/C2kXM2OEB94YXPaPs+SD2bRimGC9n063H1p48zGncWJTHw6a96kbMiryJlbMKySlVBFn1S4BCCpLH85GI9VkHo7xM3qfDFF/b2AyXRa0AW5SNYptdLBxA/Vn62/TBwZOsCtzOqJdn3Hs/sTZEcQSxnMeZKFKkMY6I8afhwcpFEErCONS1i5R3P4pewcEqwYEw7jyfYYZ8265Dz0yj2oqmSpfaP65JJc5d3qHaOkn1AWjZlyKFPaaYUX7aqPHbqBR2c2YzGSe6VmGxnnNFvw3rmStiECxc24d4UGDFjQ4zwyPXtjiXw4PVFedly0ZmY25OWqW0fuOGEoLe/QWAT0+OoHY0XJkFtVH6AOkIKILFLApKoffeJy5Nv10gIaWIb0L9xf8eMFFS0ZE7lwtLCs4O7rOTnkQuAoA2QiF37prgjeKrpr+YmZ9oYbFT1DS5fQUHxP8TWUicj/WAhEZZsbXpvQ+USUBit44KhjQQSvdO4ZvuMrAXb,iv:AdhKIjW4VD1N0km2fzPROhbs3QFToYuYfjTgHfS1IVg=,tag:VduZZAavteFNwVxiNcTMyA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUkh4bWtiUHdqMllyVkZt + c2pWMmNqeVB3cW5NRGxYdHZObGN0cTJoZlhRCitUUExtWXJsTHVWbTNDSVB3QnJp + ZTJBbko3Zjk3bFkvQjBDRjVYcWNJdVkKLS0tIHBuMFBGQndOZU5wQXczMisxYjV5 + UGp6ZFNzZUloV2wwbUpyL1FDY0Q0RWsKxoWWeAWlLmIXOfwijC4Ql6bxeBbBDfPM + mH38M2veyGAT+wAET9t1Ja8V1WVg84Hr5isTbd/RdLtpSQvYZBjzoA== + -----END AGE ENCRYPTED FILE----- + - recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLN3pNV1YranJlMEdvSUZu + bnpselFadHZBQTMyQjQvUk9DS3o0K244bDNjCjNpcjloeXl4ZWM5WERqTVVzeW9F + YnM1OWE3WnRHQzJYVTYxRWR6RndIbnMKLS0tIHh2OTYrTlNHWUZPUXErMnhBdFdi + VXc2UUJldVFmblI1SU5oN3BiaGlwM1UKM1mITMB6N5QjKeoLHJmMpXdnjU9N45OA + QkL6YaxrVjRCkECYlHrq0y6MjkB8Z3aoGoZcSW6EtviWEm7Lr4IaeQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-17T16:08:28Z" + mac: ENC[AES256_GCM,data:fOPKKaDtczjvBtDGpnQLWJ6ialNF3P8/JbFfr4w+KKWaN0+WdMa+nYmPLwrhAfSvdZ3mcGfnCDlYVM5ZZpk2LdcKyNnv49cc9sLCDwrEFR7s6+Lv2jMiT0TEK3zgvxIUvR8dvxwcYbuRsd0i1uH4WgwEgwQS/HVul2skRY9q/88=,iv:O/AhcimYqVDor4S1K3rS9u6NPG9lpsL+ZEJ+6g3lnZ8=,tag:RtLzoaH0Lscfw9NwGBjXlA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/xray-2/values.namespaces.yaml b/values/xray-2/values.namespaces.yaml new file mode 100644 index 0000000..d443d0f --- /dev/null +++ b/values/xray-2/values.namespaces.yaml @@ -0,0 +1,3 @@ +namespaces: + - name: public-xray + - name: promtail diff --git a/values/xray-2/values.promtail.yaml b/values/xray-2/values.promtail.yaml new file mode 100644 index 0000000..5848230 --- /dev/null +++ b/values/xray-2/values.promtail.yaml @@ -0,0 +1,7 @@ +config: + snippets: + pipelineStages: + - match: + pipeline_name: "drop-all" + selector: '{namespace!~"public-xray"}' + action: drop diff --git a/values/xray-2/values.roles.yaml b/values/xray-2/values.roles.yaml new file mode 100644 index 0000000..1684f2f --- /dev/null +++ b/values/xray-2/values.roles.yaml @@ -0,0 +1 @@ +roles: [] diff --git a/values/xray-2/values.server-xray-public.yaml b/values/xray-2/values.server-xray-public.yaml new file mode 100644 index 0000000..979ba68 --- /dev/null +++ b/values/xray-2/values.server-xray-public.yaml @@ -0,0 +1,26 @@ +ext-self-signed-cert: + enabled: true + name: xray.badhouseplants.net + domain: xray.badhouseplants.net +ingress: + main: + enabled: false +service: + xray-https: + enabled: true + type: NodePort + ports: + https: + port: 443 + targetPort: 443 + nodePort: 30015 + protocol: TCP + xray-http: + enabled: true + type: NodePort + ports: + http: + port: 80 + targetPort: 80 + protocol: TCP + nodePort: 30014