badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 8 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:0b9e7a2a41cd98355a8e1146c9448c17f0a0abf5
Branches Tags
badhouseplants:main
badhouseplants:renovate/redis-21.x
badhouseplants:renovate/grafana-9.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/renovate-40.x
badhouseplants:renovate/kube-prometheus-stack-72.x
badhouseplants:renovate/argo-cd-8.x
badhouseplants:renovate/woodpecker-3.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:5721c87dab52ca56b4a58bf39255bdad2bc1b74a
Branches Tags
badhouseplants:renovate/redis-21.x
badhouseplants:renovate/grafana-9.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/renovate-40.x
badhouseplants:renovate/kube-prometheus-stack-72.x
badhouseplants:renovate/argo-cd-8.x
badhouseplants:renovate/woodpecker-3.x
badhouseplants:main
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

8 Commits
0b9e7a2a41 ... 5721c87dab

Author SHA1 Message Date
Devops Bot
5721c87dab chore(deps): update helm release renovate to v40 2025-05-06 01:01:05 +00:00
Nikolai Rodionov
40b9e8d9c2
Cleanup postgres16 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
 2025-05-05 15:30:32 +02:00
Nikolai Rodionov
cf9997087a
Remove postgres16 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
 2025-05-05 15:29:58 +02:00
Nikolai Rodionov
80c8162de1
Migrate authentik to postgres17 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
 2025-05-05 15:24:24 +02:00
Nikolai Rodionov
dc8d2b5d4c
Remove the obsolete applications ns 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
 2025-05-05 14:11:24 +02:00
Nikolai Rodionov
7f05e57de2
Cleanup memos 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
 2025-05-05 14:09:22 +02:00
Nikolai Rodionov
8ed0a2400b
Remove memos from the applications ns 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
 2025-05-05 14:08:37 +02:00
Nikolai Rodionov
c31458279d
Install memos to another ns 
Signed-off-by: Nikolai Rodionov <nikolai.rodionov@onpier.de>
 2025-05-05 13:58:57 +02:00
12 changed files with 34 additions and 170 deletions
Show Stats Expand all files Collapse all files

8
helmfiles/badhouseplants-applications.yaml
View File

@ -68,10 +68,10 @@ releases:
- template: env-values
- template: env-secrets
- name: memos
- name: app-memos
chart: allangers-charts/memos
version: 0.4.0
namespace: applications
namespace: org-allanger
inherit:
- template: env-values
- template: ext-database
@ -120,7 +120,7 @@ releases:
- name: renovate-gitea
chart: renovate/renovate
namespace: pipelines
version: 40.3.1
version: 40.3.4
inherit:
- template: env-values
- template: env-secrets
@ -129,7 +129,7 @@ releases:
chart: renovate/renovate
installed: false
namespace: pipelines
version: 40.3.1
version: 40.3.4
inherit:
- template: env-values
- template: env-secrets

12
helmfiles/databases.yaml
View File

@ -20,18 +20,6 @@ releases:
- template: env-values
- template: env-secrets
- name: postgres16
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
condition: postgres16.enabled
version: 15.5.38
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: postgres17
labels:
bundle: postgres

4
helmfiles/pipelines.yaml
View File

@ -21,7 +21,7 @@ releases:
- name: renovate-gitea
chart: renovate/renovate
namespace: pipelines
version: 40.3.1
version: 40.3.4
inherit:
- template: env-values
- template: env-secrets
@ -29,7 +29,7 @@ releases:
chart: renovate/renovate
installed: true
namespace: pipelines
version: 40.3.1
version: 40.3.4
inherit:
- template: env-values
- template: env-secrets

24
values/badhouseplants/databases/postgres16/secrets.yaml
View File

@ -1,24 +0,0 @@
global:
postgresql:
auth:
postgresPassword: ENC[AES256_GCM,data:+YRWapVv08cZonBsTLtsMHxT7JJp,iv:LJBUmSX1vvmLDBuIdqmi+4UbuLL+yD6PO18kmwlyzpE=,tag:TmG2GQ5/87mIZPLY4uzkBA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR1hzTUV3TzRFaHNTN3Fj
Tkh0TW1VNng0WkZNdXdsOVozMDZ5T25uQmgwCkhSWXViUkNsZnExV0c5UXFsd2R4
ZjNYYUFDbnpYYkRQbHdQUDA3cHBxa28KLS0tIFR4MGVWK2o1TFZlQ1FRbkIza3F6
UWc5NzVMVkQ4UDNlSzRidWNzSnFWWkkKfnTaKxZoBFCj2l4QfI/BvG0eGOFX/seF
DcpofYlg0hQFRSavqRjidLri1rzpOCdKlWh/h0nIRDFA7O55Q8QAnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:fi4ewchdGDHm1YyVFD57IxSepsnP8K5kCY5klszKUA+swAkGS5BJb4/tsDQ2kefRgJ+RnbqeYfyaBrzrXQQBdYHsHIg4iR+NGl3ql8TzIze2Kc124BCjBs/eq+xyGRxjXjKr31c9dGGaWriO/jIO0ZBSDn5Uz7JcY6iv5Nu+cGI=,iv:SbZr06PcwTJduuxan4a9koKI7B8ZEZ1dQzwBbGQjO+w=,tag:RpTSWKBhUU4oH2m2g906Dw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

35
values/badhouseplants/databases/postgres16/values.yaml
View File

@ -1,35 +0,0 @@
architecture: standalone
auth:
database: postgres
metrics:
enabled: false
primary:
persistence:
size: 2Gi
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi
requests:
cpu: 512m
ephemeral-storage: 50Mi
memory: 128Mi
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsNonRoot: false
privileged: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"

5
values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -18,10 +18,6 @@ namespaces:
defaultRegcred: true
- name: istio-system
defaultRegcred: true
- name: applications
defaultRegcred: true
labels:
istio-injection: enabled
- name: platform
defaultRegcred: true
- name: games
@ -35,5 +31,6 @@ namespaces:
- name: org-badhouseplants
defaultRegcred: true
- name: org-allanger
defaultRegcred: true
labels:
istio-injection: enabled

6
values/badhouseplants/applications/memos/values.yaml → values/badhouseplants/org-allanger/app-memos/values.yaml
View File

@ -2,8 +2,8 @@ shortcuts:
hostname: notes.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres16
instance: postgres16
name: memos-postgres17
instance: postgres17
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
@ -15,7 +15,7 @@ base:
main: {}
raw:
- secretRef:
name: memos-postgres16-creds
name: memos-postgres17-creds
storage:
data:

43
values/badhouseplants/org-onpier/app-memos/values.yaml
View File

@ -1,43 +0,0 @@
shortcuts:
hostname: notes-onpier.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres16
instance: postgres16
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
traefik.ingress.kubernetes.io/router.middlewares: org\-onpier-memosauth@kubernetescrd
ext-secret:
enabled: true
name: memos-basic-auth
data:
users: |
allanger:$apr1$kNwkQ0S.$9q29sib/xWEp3NDp.tquw/
middleware:
enabled: true
middlewares:
- name: memosauth
spec:
basicAuth:
secret: memos-basic-auth

20
values/badhouseplants/platform/authentik/secrets.yaml
View File

@ -1,19 +1,19 @@
authentik:
email:
password: ENC[AES256_GCM,data:aP/oiXCzwLsEd0qAp8aAPufQ1Ko=,iv:T5YdegcjWEK4MDdzLhFmsvV56OPl0jkhmtepohujP/s=,tag:EXerXi4m06Ryy7WVD3ZURg==,type:str]
secret_key: ENC[AES256_GCM,data:Oh/csFD5+FDfyXUYRVCEPrBE6UXPFZkR5VEep1bkAjs4hltuOaO22Q==,iv:IiBtFjBbsjepC2VmEk6wEe7r14lv48DBX12SpXaUCmc=,tag:ITR6OJiCYMxUoTGnSCPTQQ==,type:str]
password: ENC[AES256_GCM,data:Ai0jLsHymPDXBkTC8+IG0tLeFw4=,iv:Ev0LCJQtHxwiAPwPKih0Yay9TpenoKkNizpNAN85un4=,tag:kWdMGjzyiZAMq+cyahX9hg==,type:str]
secret_key: ENC[AES256_GCM,data:jYOrFumK2SatpvhrAtdkznNjOZfELIXVvavu0Kx+njBoOu28lFk+3A==,iv:4RL8UnBvPk5gZCuEyJZ39AFEMukOTu6QsjciNmofYOs=,tag:d87HNop+AlOB31XuKD7iDA==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSUNmTVZ0ZC9LaytCUTZy
TTRNR0M0WDVmN0RPVllWTmR0dnMrdzBCOFJnCkMrNGVCc1FnYkZTaE1vUFRCVWI0
WERUTWMwanFZUDFnVExZL2NyVTNWTk0KLS0tIEN2K0wzQm8vUkw4azZPaE9LZGsx
UW05cHVjemNBeDFGbHhoVXR4ckUxUXMKgfTTlw0Q3J+pFSW+eEyfK1tkrbEd4ZzR
x0ONWS1GTx+um+r76NYNRI+W93FD5d4/jiiZGPB6rupMSje9DV41MQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WkpPcy9BM0hiVDF1Q0x2
NTBFRnNjTk1HWktUZ0k2SjdjRE9EU1YyT1FrCk9zZDhzM0FyU2tKMmxjVXArUDdk
eEpFaVdWWm44dG9mazBwNTRIQ0JucGcKLS0tIGhSNmRBNzVHTm5mZlAyTGdZTFpU
a0N0TGViZnlXOEVFZkxwTWJDL2p1eWcKrhSyt4j7pjIE+GZyttCO9MC145J2V8I4
fya4hMVEr5w/i3mibQIsHWszofnMO/pex8oYmsq0zBeBchQbt5xdCA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-12T15:22:14Z"
mac: ENC[AES256_GCM,data:xwt0NRuygT/qAlhnfKHLqgVFfEMKMIgiGvjCl7baIplwl94Kxqhh6JMgCogjjtoI2iGrAY3QPamfTDQIOEItB/yqQ7S9NApWIfsXtA8t85YuWwnP3OTCDmpy6dcP1FOV4lGmSvsqr65+OYKALrPTRkA7pV9kGo3roO6BPJbpb+Y=,iv:5eY4EOBM0ZFSjiyKmOJ07YNStOg0+Db3cM27g8+Y//s=,tag:rT1aCz5M0k9AbxKSWhmJ1A==,type:str]
lastmodified: "2025-05-05T13:18:25Z"
mac: ENC[AES256_GCM,data:JHOeGn984F1Yvfn1eUqqVxnQKF7SL6yXXVvM32FvHzLKIFRlOMwAh0Qa2DTB55nRkZA4AazGM0AhyvNJ4ggX8eftpOrTvMOPReaQ//X7VRXcsJnimVuxNanj3E2wJ6J3nuVjTN4pM0FxH8zlr/DqWzIZSBXHNxOWVaJsbhqUXcs=,iv:XTKudFFEgtKfbvG31McmIyorsMwFFrPkb0YNWxTTvrg=,tag:jd3L4TSuDJxRLd33FyBc7Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1
version: 3.10.2

8
values/badhouseplants/platform/authentik/values.yaml
View File

@ -5,8 +5,8 @@
# ------------------------------------------
ext-database:
enabled: true
name: authentik-postgres16
instance: postgres16
name: authentik-postgres17
instance: postgres17
credentials:
host: "{{ .Hostname }}"
username: "{{ .Username }}"
@ -49,7 +49,7 @@ server:
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
secretName: authentik-postgres17-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds
@ -99,7 +99,7 @@ worker:
volumes:
- name: postgres-creds
secret:
secretName: authentik-postgres16-creds
secretName: authentik-postgres17-creds
volumeMounts:
- name: postgres-creds
mountPath: /postgres-creds

29
values/badhouseplants/platform/db-instances/secrets.yaml
View File

@ -1,29 +1,20 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str]
adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str]
postgres17:
secrets:
adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str]
adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str]
adminUser: ENC[AES256_GCM,data:fzNOuvTLnLk=,iv:3rZSUx1r6sPhtA6Uj5db1JUvhSNE4nzvuaRSAc3kbmo=,tag:jITuAPaPMeviG7NxptFGXw==,type:str]
adminPassword: ENC[AES256_GCM,data:L+x7P+lbezrOYCA0+BbS3g7jJjkkuPgGJ4MuP94D,iv:xDpopUYJmm3JNYNSKQwbAR0qJ3eXZW7nGsXkVbxMna8=,tag:INlZlvAdb5nhI7qC6++DKA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO
Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1
Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4
RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM
jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NlY2WVp5UlhRZmxGVm9i
UHM1cVZzR2QrakRiaFNxQUQ3R09GRTNrRHhrClBwUG14WTZQaklIZWZ4RmRkdW8y
ZEN1R0tTUDdwT3ZrU0VBUGp5UUQwNUEKLS0tIFJNQnFQdFVySVkrdUIyNC9Vc1pK
WVVMaDE3dVBvRmJCUUlsMVc1SC9GWGMKEnyXXE58x4Ni0Ze6dXray0Yk2OPJKDqm
qZmHnVOnSZxsV4roFWqI+BSgD1mZub07tLhNWKubUJnAMQfIWtJ3vQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T19:59:46Z"
mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str]
pgp: []
lastmodified: "2025-05-05T13:27:36Z"
mac: ENC[AES256_GCM,data:bJ5Jt0BUYGAEZTvY7CTiktqeuqjYmAMhEhO67Avw+HaajMcwORavi746X6eCas7+JsafkwllOKs/j3VjJ3tXsk0wti1cCliBHyz31Gxa+pGGRVDcJ3RwntWkkSCQzjft/b+2XCqB7Qa5et693rDs8c2EX9v9OCpztSeIA1ErPsI=,iv:iKo8/eku5K4t/4OKPy/Mz8XPHMuzaSFttdxZaV0X/uU=,tag:yuEhdYXC+yVMv9wKLcd36Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.10.2

10
values/badhouseplants/platform/db-instances/values.yaml
View File

@ -1,14 +1,4 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
postgres17:
monitoring:
enabled: false