badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 6 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:400abc6821a1759baef17a9764e16ab366b7d20c
Branches Tags
badhouseplants:main
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/cilium-1.x
badhouseplants:renovate/argo-cd-7.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:01cdb0fa60982d2ace4481279c1aa2eb749426d6
Branches Tags
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/cilium-1.x
badhouseplants:renovate/argo-cd-7.x
badhouseplants:main
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

6 Commits
400abc6821 ... 01cdb0fa60

Author SHA1 Message Date
Devops Bot
01cdb0fa60 chore(deps): update helm release renovate to v39.222.1 2025-03-31 01:01:13 +00:00
Nikolai Rodionov
2c0f498611
Update memos lib 2025-03-30 18:18:28 +02:00
Nikolai Rodionov
bb45328532
Trying to migrate istio 2025-03-30 16:10:40 +02:00
Nikolai Rodionov
a8693f41ee
Keep migrating things 2025-03-30 15:51:26 +02:00
Nikolai Rodionov
a659611d6f
Keep migrating things 2025-03-30 15:13:48 +02:00
Nikolai Rodionov
dbd69180e4
Keep migrating things 2025-03-29 14:16:34 +01:00
41 changed files with 464 additions and 90 deletions
Show Stats Expand all files Collapse all files

7
common/values/values.badhouseplants.yaml
View File

@ -1 +1,6 @@
registry: registry.badhouseplants.net registry: registry.badhouseplants.net/containers
registry_url: registry.badhouseplants.net
main_ip: 195.201.249.91
tools:
openebs:
enabled: true

4
common/values/values.etersoft.yaml
View File

@ -1,2 +1,6 @@
registry: registry.ru.badhouseplants.net/containers registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net registry_url: registry.ru.badhouseplants.net
main_ip: 91.232.225.63
tools:
openebs:
enabled: false

1
helmfile.yaml
View File

@ -3,3 +3,4 @@ bases:
- ./common/templates.yaml - ./common/templates.yaml
- ./helmfiles/base.yaml - ./helmfiles/base.yaml
- ./helmfiles/system.yaml - ./helmfiles/system.yaml
- ./helmfiles/platform.yaml

50
helmfiles/platform.yaml Normal file
View File

@ -0,0 +1,50 @@
repositories:
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: minio-standalone
url: https://charts.min.io/
releases:
- name: external-dns
chart: external-dns/external-dns
labels:
layer: platform
version: 1.15.2
namespace: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
labels:
layer: platform
namespace: platform
inherit:
- template: common-values-tpl
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets

45
helmfiles/system.yaml
View File

@ -17,6 +17,12 @@ repositories:
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: kyverno - name: kyverno
url: https://kyverno.github.io/kyverno/ url: https://kyverno.github.io/kyverno/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: istio
url: https://istio-release.storage.googleapis.com/charts
releases: releases:
- name: coredns - name: coredns
@ -103,7 +109,7 @@ releases:
needs: needs:
- kube-system/metallb - kube-system/metallb
inherit: inherit:
- template: env-values - template: common-values-tpl
- name: traefik - name: traefik
chart: traefik/traefik chart: traefik/traefik
@ -135,3 +141,40 @@ releases:
- registry/cluster-mirror - registry/cluster-mirror
inherit: inherit:
- template: common-values-tpl - template: common-values-tpl
- name: openebs
chart: openebs/openebs
condition: tools.openebs.enabled
namespace: kube-system
version: 4.2.0
inherit:
- template: common-values-tpl
- template: env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
condition: velero.enabled
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: istio-base
chart: istio/base
condition: istio.enabled
namespace: istio-system
version: 1.25.1
inherit:
- template: common-values
- name: istiod
chart: istio/istiod
condition: istio.enabled
namespace: istio-system
version: 1.25.1
inherit:
- template: common-values-tpl
needs:
- istio-system/istio-base

2
installations/applications/helmfile-badhouseplants.yaml
View File

@ -111,7 +111,7 @@ releases:
- name: memos - name: memos
chart: allangers-charts/memos chart: allangers-charts/memos
version: 0.2.0 version: 0.3.0
namespace: applications namespace: applications
inherit: inherit:
- template: default-env-values - template: default-env-values

4
installations/pipelines/helmfile.yaml
View File

@ -20,7 +20,7 @@ releases:
- name: renovate-gitea - name: renovate-gitea
chart: renovate/renovate chart: renovate/renovate
namespace: pipelines namespace: pipelines
version: 39.220.4 version: 39.222.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -28,7 +28,7 @@ releases:
chart: renovate/renovate chart: renovate/renovate
installed: false installed: false
namespace: pipelines namespace: pipelines
version: 39.220.4 version: 39.222.1
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets

22
installations/system/helmfile.yaml
View File

@ -17,10 +17,6 @@ repositories:
url: https://coredns.github.io/helm url: https://coredns.github.io/helm
- name: cilium - name: cilium
url: https://helm.cilium.io/ url: https://helm.cilium.io/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: local-path-provisioner - name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: istio - name: istio
@ -29,24 +25,6 @@ repositories:
url: https://zotregistry.dev/helm-charts/ url: https://zotregistry.dev/helm-charts/
releases: releases:
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
condition: velero.enabled
inherit:
- template: default-env-values
- template: default-env-secrets
- template: crd-management-hook
- name: openebs
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.2.0
inherit:
- template: default-env-values
- name: istio-base - name: istio-base
chart: istio/base chart: istio/base
condition: istio.enabled condition: istio.enabled

13
kustomizations/kyverno/badhouseplants/pvc-patch.yaml
View File

@ -4,6 +4,19 @@ metadata:
name: replace-storage-class-by-openebs name: replace-storage-class-by-openebs
spec: spec:
rules: rules:
- name: local-path-fix
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- registry
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
- name: replace-storage-class - name: replace-storage-class
match: match:
any: any:

6
values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -5,13 +5,17 @@ namespaces:
- name: kyverno - name: kyverno
defaultRegcred: true defaultRegcred: true
- name: velero - name: velero
defaultRegcred: true
- name: observability - name: observability
- name: databases - name: databases
- name: istio-system - name: istio-system
defaultRegcred: true
- name: applications - name: applications
defaultRegcred: true
labels: labels:
istio-injection: disabled istio-injection: enabled
- name: platform - name: platform
defaultRegcred: true
- name: games - name: games
- name: team-fortress-2 - name: team-fortress-2
- name: pipelines - name: pipelines

1
values/badhouseplants/values.openebs.yaml → values/badhouseplants/kube-system/openebs/values.yaml
View File

@ -1,6 +1,7 @@
localpv-provisioner: localpv-provisioner:
hostpathClass: hostpathClass:
isDefaultClass: true isDefaultClass: true
zfs-localpv: zfs-localpv:
crds: crds:
zfsLocalPv: zfsLocalPv:

0
values/badhouseplants/values.traefik.yaml → values/badhouseplants/kube-system/traefik/values.yaml
View File

22
values/badhouseplants/kube-system/zot-mirror/secrets.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

2
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml
View File

@ -59,7 +59,7 @@ gitea:
MAX_CREATION_LIMIT: 0 MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki DISABLED_REPO_UNITS: repo.wiki
service: service:
DISABLE_REGISTRATION: false DISABLE_REGISTRATION: true
server: server:
DOMAIN: gitea.badhouseplants.net DOMAIN: gitea.badhouseplants.net
ROOT_URL: https://gitea.badhouseplants.net ROOT_URL: https://gitea.badhouseplants.net

0
values/badhouseplants/secrets.external-dns.yaml → values/badhouseplants/platform/external-dns/secrets.yaml
View File

0
values/badhouseplants/values.external-dns.yaml → values/badhouseplants/platform/external-dns/values.yaml
View File

0
values/badhouseplants/secrets.minio.yaml → values/badhouseplants/platform/minio/secrets.yaml
View File

2
values/badhouseplants/values.minio.yaml → values/badhouseplants/platform/minio/values.yaml
View File

@ -56,7 +56,7 @@ consoleService:
port: '9001' port: '9001'
resources: resources:
requests: requests:
memory: 2Gi memory: 1Gi
buckets: buckets:
- name: badhouseplants-net - name: badhouseplants-net
policy: download policy: download

0
values/badhouseplants/values.uptime-kuma.yaml → values/badhouseplants/platform/uptime-kuma/values.yaml
View File

22
values/badhouseplants/registry/cluster-mirror/secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
authHeader: ENC[AES256_GCM,data:BWmu4bpFjlIDStIcWfpsgbm1hfxlvZAK9LabhXuAdArJzflc4VA+Dy5fJRAMu9Mv,iv:+rwtfnjJCZKPmdcUkTfklq19uSgavOKaySK/O/xd2PE=,tag:3yXa+0LbIqMDk6KLWAAN0Q==,type:str]
_mirror_password: ENC[AES256_GCM,data:0aa6fqR3+0ZY5KhRKJa0SKBcBnF/KizHXTIm2NQB,iv:DUB8ItYbT+K31XLbWzi5909RPVn9DG9HRDU120VxbdY=,tag:DniRwku2rQX44ffMn4mU6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ0U5L01iNFo5Y0t5SFo2
MXlwVDhQZ2R5QnVlUndmQ0x5L2ppU1h6aEVZCmhaUW1JY0RDMEM0T1JkZkk3TGVD
R0JjaEN0MGxVV1RIZUxkbjgzMTlTMmsKLS0tIFdDNW8xaWsxamFvUGRFaVZsVUV4
S3ZiYTJGOUFzZlNwSUZvNGtmSFNpczQK/npaHLqHSxMnCXNvDFw0eB9KfMJ7bWfV
ZuteeaXG+eZNX4l1ZY1pLNUv9kui4oXI8payp7sTZJI6WYZCQz6Oaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T20:50:16Z"
mac: ENC[AES256_GCM,data:XtX4NUZ9PCdAFckdlygywFQ8vJRAszOjqPItr0MNRM0ndk/PkYYGzY0phMan7FgxY3Cz5XMJcv/MEogLedM+uH5vMbsOpRY49jpILMORL3Ni1tZFG5Px5NbfExGQmjFyefotRzCHlsUSTZEHlBIp4+FeBI41CgBbLw45rEoneL8=,iv:Ilk7TXqKSSV5WYnptLRaOk/lwwHHLesbSslOCarlVEA=,tag:vWXe+r3tHXoMtWYeJN9T0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

13
values/badhouseplants/values.istiod.yaml
View File

@ -1,13 +0,0 @@
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi
global:
proxy:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 128Mi

22
values/badhouseplants/values.memos.yaml
View File

@ -7,14 +7,22 @@ ext-database:
credentials: credentials:
MEMOS_DRIVER: postgres MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
base:
workload:
containers:
memos:
envFrom:
main: {}
raw:
- secretRef:
name: memos-postgres16-creds
workload: storage:
containers: data:
memos: metadata:
envFrom: annotations:
- main volume.kubernetes.io/selected-node: bordeaux
- secretRef: storageClassName: openebs-hostpath
name: memos-postgres16-creds
ingress: ingress:
main: main:
annotations: annotations:

0
values/badhouseplants/secrets.velero.yaml → values/badhouseplants/velero/velero/secrets.yaml
View File

11
values/badhouseplants/values.velero.yaml → values/badhouseplants/velero/velero/values.yaml
View File

@ -1,10 +1,3 @@
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.11.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
configuration: configuration:
logLevel: error logLevel: error
repositoryMaintenanceJob: repositoryMaintenanceJob:
@ -17,7 +10,7 @@ configuration:
backupStorageLocation: backupStorageLocation:
- name: hetzner - name: hetzner
provider: aws provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.0 plugin: velero/velero-plugin-for-aws:v1.11.1
bucket: badhouseplants-backups bucket: badhouseplants-backups
accessMode: ReadWrite accessMode: ReadWrite
credential: credential:
@ -31,7 +24,7 @@ configuration:
checksumAlgorithm: "" checksumAlgorithm: ""
- name: etersoft - name: etersoft
provider: aws provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.0 plugin: velero/velero-plugin-for-aws:v1.11.1
bucket: velero bucket: velero
accessMode: ReadWrite accessMode: ReadWrite
credential: credential:

3
values/common/istio-system/istio-base/values.yaml Normal file
View File

@ -0,0 +1,3 @@
global:
imagePullSecrets:
- regcred

16
values/common/istio-system/istiod/values.gotmpl Normal file
View File

@ -0,0 +1,16 @@
pilot:
resources:
requests:
cpu: 50m
memory: 256Mi
global:
hub: {{ .Values.registry }}/istio
imagePullSecrets:
- regcred
proxy:
resources:
requests:
cpu: 20m
memory: 54Mi
limits:
memory: 54Mi

1
values/common/kube-system/metallb-resources/values.gotmpl Normal file
View File

@ -0,0 +1 @@
addresses: "{{ .Values.main_ip }}-{{ .Values.main_ip }}"

6
values/common/kube-system/openebs/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
global:
imageRegistry: {{ .Values.registry }}
localpv-provisioner:
imagePullSecrets:
- name: regcred

7
values/common/platform/external-dns/values.gotmpl Normal file
View File

@ -0,0 +1,7 @@
global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry}}/external-dns/external-dns

6
values/common/platform/keel/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
image:
repository: {{ .Values.registry }}/keelhq/keel
imagePullSecrets:
- name: regcred

9
values/common/platform/minio/values.gotmpl Normal file
View File

@ -0,0 +1,9 @@
image:
repository: {{ .Values.registry }}/minio/minio
imagePullSecrets:
- name: regcred
mcImage:
repository: {{ .Values.registry }}/minio/mc

6
values/common/platform/uptime-kuma/values.gotmpl Normal file
View File

@ -0,0 +1,6 @@
image:
repository: {{ .Values.registry }}/louislam/uptime-kuma
imagePullSecrets:
- name: regcred

26
values/common/velero/velero/values.gotmpl Normal file
View File

@ -0,0 +1,26 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/velero/velero
imagePullSecrets:
- regcred
kubectl:
image:
repository: {{ .Values.registry }}/bitnami/kubectl
initContainers:
- name: velero-plugin-for-aws
image: {{.Values.registry}}/velero/velero-plugin-for-aws:v1.11.1
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
{{- else }}
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.11.1
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
{{- end }}

8
values/etersoft/kube-system/cilium/values.yaml
View File

@ -1,8 +0,0 @@
operator:
replicas: 1
endpointRoutes:
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"]

1
values/etersoft/kube-system/metallb-resources/values.yaml
View File

@ -1 +0,0 @@
addresses: 91.232.225.63-91.232.225.63

3
values/etersoft/kube-system/namespaces/values.yaml
View File

@ -4,5 +4,8 @@ namespaces:
defaultRegcred: true defaultRegcred: true
- name: applications - name: applications
- name: platform - name: platform
defaultRegcred: true
- name: kyverno - name: kyverno
defaultRegcred: true defaultRegcred: true
- name: istio-system
defaultRegcred: true

23
values/etersoft/platform/external-dns/secrets.yaml Normal file
View File

@ -0,0 +1,23 @@
env:
- name: ENC[AES256_GCM,data:I+XVWWOUmm7Cd4mQ,iv:rfUzb5HMPVyNfzkCP2frVDxD+v4lTPzILRifcS3uG6s=,tag:1sXONdAjMZ85S8abMVZM1A==,type:str]
value: ENC[AES256_GCM,data:h8sYBvFfm7uFoklqXE7QLNkikl1ihHz/KN4uYiZlRJBZkiUBbTk/Vg==,iv:/y6RdHVWwwBym5HiBaxEatTWG7I/gNY9ZIaQc4bk9h0=,tag:PytkOjvY3fy6XeLNmGPrXA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra0RUWVFDUXN0ejAxemE2
VFlRcEtLNDJUblA3ZmoyMExPWWpjZzlVYjJzCnZVZDNSbnpjcFRUQ0hOMWxLNUZi
RTg5Z2JVZzVoVFVYSVErcWdnbHVvVVkKLS0tIHdZMjVsc3lHRzlJODRWSEh0Wm8w
M09rOXZ3OHZVUUVlWWIwaTN0Z2RqRmcKe1ny6FJIFwR6Un0HBFZK2KXkzUQA63rU
JR7mpEzr2h2oXxOmyc7HeFFi2R66zendFzfhNcvSlm2L5td2Pnxyxg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-16T14:21:42Z"
mac: ENC[AES256_GCM,data:SNHNvmPCt/6Xwd6xoCh5uHF1erhWpTfzEQ/krTvYtByvT7XvDtXjtslJqAa8RkNPl2QV34epWcj/Ff6xud9tvLdAR4Gj4MPJD8WBLUUFul4rvoXfaHyHhSanYmiOhdF0mArE81qsBY918LFS5fdWMrxCNDrHbDtW76KBoLcDUto=,iv:8/ZxjrER1151RGjSdICVjj8ptyQn60SInakqABXWQZE=,tag:/bQsE3TCXoMbXoAF1UErOw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

13
values/etersoft/platform/external-dns/values.yaml Normal file
View File

@ -0,0 +1,13 @@
provider:
name: cloudflare
domainFilters:
- badhouseplants.net
policy: sync
txtOwnerId: eter
txtPrefix: eter-ext-dns-
logFormat: json
logLevel: info
sources:
- service
- ingress
- crd

38
values/etersoft/platform/minio/secrets.yaml Normal file
View File

@ -0,0 +1,38 @@
rootPassword: ENC[AES256_GCM,data:kxg0YirkjeeTaKueH1G4RijoLjLGxHJP2w==,iv:FM83CGAl7E/xEh9k+GPy/z5apxlAb6/HEhznGcUcu64=,tag:Obw7iPuQltcaWwjZfAh7xQ==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:h01uNoYYTNs=,iv:YkdniZm4pFzcEa+MfXazBClz6RrnYjzAh+3IbnVE0nQ=,tag:SFZ8HnM8N99CNLvEnWBXqA==,type:str]
secretKey: ENC[AES256_GCM,data:sr33gCJYEd2k7bbZNHKVgvOmUN235YJoUg==,iv:hGFkM9cS0cv+GOWpxn1YPjDJBqSZl3RHRrUM9TQt0A0=,tag:Uu7ItlGDxayQhG9vmSNp/Q==,type:str]
policy: ENC[AES256_GCM,data:QPL12F5ZWVI=,iv:wXBHgWlI6kFvGH6rp5pLEEcT7S2i58K3Pwa4D4407ks=,tag:JckGYguaJfvHK/sgSuKICQ==,type:str]
- accessKey: ENC[AES256_GCM,data:oJrvlRNB,iv:RTYdPqj5Q77NvJIUsRw7PA/7yhZ1YzjRWCYfvshXoCU=,tag:5gtdnE9cIUvZWWpQsO+2oA==,type:str]
secretKey: ENC[AES256_GCM,data:nZGlehkE2OhNjXLZk/4syI/xKRGmRmzltw==,iv:24Q/OVU2Rtz5ZmUcgJ6ZsOfXv97PXHL9456C5ccsVAA=,tag:xbU/qLleiUwUBzB1dU6/Ew==,type:str]
policy: ENC[AES256_GCM,data:eC7ZPjG/,iv:cEbFEZygJ7ntGA174A3p/RXhjK1QFVY1ldLiZFsaJ8M=,tag:cknvoIX5NONoni1mInssgg==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:ZzHQSw==,iv:pAM6Sg5FOqk3OevwXxNz6+HoA+S9JKn3qXKBrvtQOjw=,tag:jIjUzOpsDTrmWXnVQZvOLQ==,type:bool]
configUrl: ENC[AES256_GCM,data:wM3MMDLR0hD0moLuOJbVV0FXEAcRpGQCiWZHIRfaer5WzSAnQH/8/PVkOnFy16uzsAf1IFbQIOjaXDw1alv3WxczIKpfXiR8mfNI013fCs+tURdOPCSdziQf9G1+sar9/Fs=,iv:95nxS+kP5Ml3WWbN6kGQxH0E/hLDUMp664OrQVZhH80=,tag:0PvfH+J9SQGwBJ/Kh7zgCA==,type:str]
clientId: ENC[AES256_GCM,data:UlETcj+fUPFDh2thR2Q=,iv:EF5QHrfstIqT5MYvrkQkUtcquG9SIsruYKSaR9adz5E=,tag:/yYOxzIIgoCRqsFSHyQanw==,type:str]
clientSecret: ENC[AES256_GCM,data:elh+rgMPMxJ3Tf+ufv4FBVQRBY+HeWbaSz4Mjx+CQIGzVBYDw2TaImgZbdIN7X+tVRdKjBUad7Bd4VUZoZt8kIacT4usJRQC9qErhMjnuT+OGzq6mSpXMztAzbGpL76L44S893sRkUkVwDpA6p4vqPSe5vMiaXZZAANIrhIDcRo=,iv:FIr6pRpJ3FlRchQs2Hg25bJu4HFYSy9HFiDhOPDPang=,tag:0pWGuHVwrlm11SqFKYj5ag==,type:str]
claimName: ENC[AES256_GCM,data:EOYQcSX7,iv:7ELctRaFlUmE/I9ExsLjMSCOrwLyTrJt5RQeDMqcZXI=,tag:CAEcRcWu0jkHxIdWFwoQvA==,type:str]
redirectUri: ENC[AES256_GCM,data:ek2cRHXtOCy9yNRrCyW6GFULz9ql7vzFIYc/7OBBlqQZmzMVEiNJ0B8Wej5TELIJ+do=,iv:IMr3J6Vcs7mT+agAcwaV8av7PUuOtvCdvLOOIKYwN2U=,tag:hLgtwpqtgsyoIF574C8UYA==,type:str]
comment: ENC[AES256_GCM,data:io98WZF69zRwoaDz1WXgb3gJ+Ac=,iv:Uw3p8734k25N+GZhQQ225Ye5mJInR4LcJ9LPcppEsgY=,tag:hvx6FxcwajTmC4gQGErWmQ==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:mK8Vczvi5SSVPW6k9pLx2aOaXUdfujXE1G77,iv:M8TxsGfsnvdRyBo94JitBnx366MuRY5Q6vLNmCs0hp8=,tag:YaobqJvS7u6B9x0MN5VMzA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYlFwMzFCaG8wbk5ZcDI4
OU93MVNoZGNyL0h0WFhRM254eDF6Y2FkZjMwClJEcHNZcFVlaTB4eDlsMm5QaEYy
NE0rd3EzUytaVEc5Y3I0MUpJWnI1NkUKLS0tIHBlS1dKMG9kcXpJSHMzbDhXcGJx
OXIvTU1uSVFXenF5QU82VHFta3ZmS0UK86P5geFl4PEMgKqBW2AlQfyTjT84TRfE
NjjFcpeFsUa3GoSm+NHxjzXbEEWkQsVsLWqS48IAPhOiICyWPwiznA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-20T16:42:14Z"
mac: ENC[AES256_GCM,data:DyBFmjgWcRCkEEpuDUL2M4w6DcJ+YiVaUZcCuHReTKZRuE0BcYn8TCKYqaILKM4B0ClLK4aYH194ZNysEMDoAVDnLaTWPa3as8dW8mwpeaPmV80CbnKsRLMajwWJi7T8LBYrHaSSZx8eCRHvXFaB3u8B7t31vmzwutlpu5BKQqc=,iv:RzcPzF0rrSVZNSuG/Juv/gFtSdPqgImU+jO0Z3oQVzQ=,tag:KkEecRrbBDImiTBhn4T0pQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

119
values/etersoft/platform/minio/values.yaml Normal file
View File

@ -0,0 +1,119 @@
ingress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3.ru.badhouseplants.net
tls:
- secretName: s3.ru.badhouseplants.net
hosts:
- s3.ru.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- minio.ru.badhouseplants.net
tls:
- secretName: minio.ru.badhouseplants.net
hosts:
- minio.ru.badhouseplants.net
rootUser: "overlord"
replicas: 1
mode: standalone
environment:
MINIO_SERVER_URL: "https://s3.ru.badhouseplants.net"
tls:
enabled: false
certSecret: ""
publicCrt: public.crt
privateKey: private.key
persistence:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
storageClass: local-path
enabled: true
accessMode: ReadWriteOnce
size: 60Gi
service:
type: ClusterIP
clusterIP: ~
port: "9000"
consoleService:
type: ClusterIP
clusterIP: ~
port: "9001"
resources:
requests:
memory: 2Gi
buckets:
- name: velero
policy: none
purge: false
versioning: false
- name: xray-public
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
policies:
- name: allanger
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: velero
statements:
- resources:
- "arn:aws:s3:::velero"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::velero/*"
actions:
- "s3:*"
- name: Admins
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: DevOps
statements:
- resources:
- "arn:aws:s3:::badhouseplants-net"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::badhouseplants-net/*"
actions:
- "s3:*"

20
values/etersoft/platform/uptime-kuma/values.yaml Normal file
View File

@ -0,0 +1,20 @@
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: uptime.ru.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: uptime.ru.badhouseplants.net
hosts:
- uptime.ru.badhouseplants.net