badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 6 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:c60a147e913943df65d447c260e2371a07083a95
Branches Tags
badhouseplants:main
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/cilium-1.x
badhouseplants:renovate/argo-cd-7.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:ff49ad5d2a92bd5c48049e77281095e0148b0330
Branches Tags
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/velero-9.x
badhouseplants:renovate/istio-monorepo
badhouseplants:renovate/cilium-1.x
badhouseplants:renovate/argo-cd-7.x
badhouseplants:main
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

1 Commits
c60a147e91 ... ff49ad5d2a

Author SHA1 Message Date
Devops Bot
ff49ad5d2a chore(deps): update postgresql docker tag to v16.6.0 2025-03-29 01:01:05 +00:00
121 changed files with 900 additions and 1168 deletions
Show Stats Expand all files Collapse all files

4
.sops.yaml
View File

@ -8,7 +8,3 @@ creation_rules:
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
- path_regex: common/values/secrets.*
key_groups:
- age:
- age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8

24
charts/metallb-resources/Chart.yaml
View File

@ -1,24 +0,0 @@
apiVersion: v2
name: metallb-resources
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

7
charts/metallb-resources/templates/ip_address_pool.tpl
View File

@ -1,7 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ include "metallb-resources.fullname" . }}
spec:
addresses:
- {{ .Values.addresses}}

1
charts/metallb-resources/values.yaml
View File

@ -1 +0,0 @@
addresses: 1.1.1.1-1.1.1.1

0
charts/metallb-resources/.helmignore → charts/namespaces/chart/.helmignore
View File

0
charts/namespaces/Chart.yaml → charts/namespaces/chart/Chart.yaml
View File

0
charts/namespaces/templates/_helpers.tpl → charts/namespaces/chart/templates/_helpers.tpl
View File

8
charts/namespaces/templates/namespaces.yaml → charts/namespaces/chart/templates/namespaces.yaml
View File

@ -25,14 +25,6 @@ metadata:
namespace: {{ $ns.name }}
data:
.dockerconfigjson: {{ $.Values.defaultRegcred }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: {{ $ns.name }}
imagePullSecrets:
- name: regcred
{{- end }}
{{- end }}
{{- end }}

0
charts/namespaces/values.yaml → charts/namespaces/chart/values.yaml
View File

6
charts/namespaces/kustomize/flux-system.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

6
charts/namespaces/kustomize/giantswarm-flux.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

6
charts/namespaces/kustomize/giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

5
charts/namespaces/kustomize/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

6
charts/namespaces/kustomize/monitoring.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

6
charts/namespaces/kustomize/org-giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

0
charts/namespaces/.helmignore → charts/root/.helmignore
View File

6
charts/root/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

20
charts/metallb-resources/templates/_helpers.tpl → charts/root/templates/_helpers.tpl
View File

@ -1,7 +1,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "metallb-resources.name" -}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
@ -10,7 +10,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "metallb-resources.fullname" -}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "metallb-resources.chart" -}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "metallb-resources.labels" -}}
helm.sh/chart: {{ include "metallb-resources.chart" . }}
{{ include "metallb-resources.selectorLabels" . }}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Selector labels
*/}}
{{- define "metallb-resources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "metallb-resources.serviceAccountName" -}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}

25
charts/root/templates/root.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml Normal file
View File

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

23
charts/tf-ocloud/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/tf-ocloud/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: helm-library
repository: oci://ghcr.io/allanger/allangers-helm-library
version: 0.1.4
digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
generated: "2024-10-16T20:01:59.337767+02:00"

15
charts/tf-ocloud/Chart.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v2
name: tf-ocloud
type: application
version: 0.1.0
appVersion: 0.1.5
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: helm-library
version: 0.2.3
repository: oci://ghcr.io/allanger/allangers-helm-library
annotations:
allowed_workload_kinds: "Deployment"

BIN
charts/tf-ocloud/charts/helm-library-0.1.4.tgz Normal file
View File

Binary file not shown.

3
charts/tf-ocloud/templates/install.yaml Normal file
View File

@ -0,0 +1,3 @@
{{ include "lib.component.workload" . }}
{{ include "lib.component.files" . }}
{{ include "lib.component.env" . }}

67
charts/tf-ocloud/values.yaml Normal file
View File

@ -0,0 +1,67 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
securityContext: {}
containers:
tf:
securityContext: {}
image:
registry: zot.badhouseplants.net
repository: badhouseplants/terraform-ocloud
tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
pullPolicy: Always
envFrom:
- main
mounts:
files:
ocloudkey:
path: /src/key.pem
subPath: key.pem
publickey:
path: /src/public_key
subPath: public-key
privatekey:
path: /src/ssh_key
subPath: ssh-key
tfvars:
path: /src/terraform.tfvars
subPath: terraform.tfvars
extraVolumes:
dottf:
path: /src/.terraform
extraVolumes:
dottf:
emptyDir: {}
files:
ocloudkey:
enabled: true
sensitive: false
remove: []
entries:
key.pem:
data: dummy
publickey:
enabled: true
sensitive: false
remove: []
entries:
public-key:
data: dummy
privatekey:
enabled: true
sensitive: false
remove: []
entries:
ssh-key:
data: dummy
tfvars:
enabled: true
sensitive: false
remove: []
entries:
terraform.tfvars:
data: dummy

17
common/templates.yaml
View File

@ -1,6 +1,3 @@
helmDefaults:
kubeContext: {{ .StateValues.kubeContext }}
templates:
# ---------------------------
# -- Hooks
@ -42,19 +39,19 @@ templates:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
common-values:
values:
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
common-values-tpl:
values:
- '../values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-values:
values:
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
env-values-tpl:
values:
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-secrets:
secrets:
- '../values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
# ----------------------------
# -- Extensions
# ----------------------------
@ -71,7 +68,7 @@ templates:
version: 2.0.0
alias: traefik
values:
- '../values/common/values.tcp-route.yaml'
- '{{ requiredEnv "PWD" }}/values/common/values.tcp-route.yaml'
ext-udp-routes:
dependencies:
- chart: bedag/raw
@ -128,7 +125,7 @@ templates:
version: 2.0.0
alias: ext-database
values:
- '../values/common/values.database.yaml'
- '{{ requiredEnv "PWD" }}/values/common/values.database.yaml'
ext-secret:
dependencies:
- chart: bedag/raw

7
common/values/values.badhouseplants.yaml
View File

@ -1,6 +1 @@
registry: registry.badhouseplants.net/containers
registry_url: registry.badhouseplants.net
main_ip: 195.201.249.91
tools:
openebs:
enabled: true
registry: registry.badhouseplants.net

7
common/values/values.etersoft.yaml
View File

@ -1,6 +1 @@
registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net
main_ip: 91.232.225.63
tools:
openebs:
enabled: false
registry: registry.ru.badhouseplants.net

5
helmfile.yaml Normal file
View File

@ -0,0 +1,5 @@
bases:
- ./common/environments.yaml
- ./common/templates.yaml
- ./helmfiles/base.yaml
- ./helmfiles/system.yaml

26
helmfile.yaml.gotmpl
View File

@ -1,26 +0,0 @@
---
bases:
- ./common/environments.yaml
---
helmfiles:
- path: ./helmfiles/base.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/system.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/platform.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/databases.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}
- path: ./helmfiles/applications.yaml
values:
- kubeContext: "{{ .Environment.KubeContext }}"
- {{ toYaml .Environment.Values | nindent 8 }}

28
helmfiles/applications.yaml
View File

@ -1,28 +0,0 @@
bases:
- ../common/templates.yaml
repositories:
- name: gitea
url: https://dl.gitea.io/charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: minecraft
url: https://itzg.github.io/minecraft-server-charts/
releases:
- name: app-gitea
chart: gitea/gitea
version: 11.0.0
namespace: org-badhouseplants
inherit:
- template: env-values
- template: env-secrets
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.1
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets

7
helmfiles/base.yaml
View File

@ -1,10 +1,7 @@
bases:
- ../common/templates.yaml
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ../charts/namespaces
chart: ./charts/namespaces/chart
namespace: kube-system
createNamespace: false
inherit:
@ -12,7 +9,7 @@ releases:
- template: env-secrets
- name: roles
chart: ../charts/roles
chart: ./charts/roles
namespace: kube-system
createNamespace: false
needs:

116
helmfiles/system.yaml
View File

@ -1,6 +1,3 @@
bases:
- ../common/templates.yaml
repositories:
- name: coredns
url: https://coredns.github.io/helm
@ -14,18 +11,6 @@ repositories:
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: istio
url: https://istio-release.storage.googleapis.com/charts
releases:
- name: coredns
@ -57,7 +42,7 @@ releases:
- template: common-values-tpl
- name: issuer
chart: ../charts/issuer
chart: ./charts/issuer
namespace: kube-system
missingFileHandler: Warn
needs:
@ -65,66 +50,7 @@ releases:
inherit:
- template: common-values
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
namespace: kube-system
inherit:
- template: common-values-tpl
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
version: 3.3.7
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ../kustomizations/kyverno/{{ .Environment.Name }}
namespace: kyverno
needs:
- kyverno/kyverno
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/cluster-mirror
inherit:
- template: common-values
- template: common-values-tpl
- name: metallb-resources
chart: ../charts/metallb-resources
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: common-values-tpl
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
inherit:
- template: common-values-tpl
- template: common-values
- template: env-values
- name: cluster-mirror
- name: zot
chart: zot/zot
version: 0.1.67
createNamespace: false
@ -141,41 +67,17 @@ releases:
version: 3.12.2
namespace: kube-system
needs:
- registry/cluster-mirror
- registry/zot
inherit:
- template: common-values-tpl
- name: openebs
chart: openebs/openebs
condition: tools.openebs.enabled
- name: metallb
chart: metallb/metallb
namespace: kube-system
version: 4.2.0
inherit:
- template: common-values-tpl
- template: env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.7.0
condition: velero.enabled
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: istio-base
chart: istio/base
namespace: istio-system
version: 1.25.1
condition: base.enabled
version: 0.14.9
needs:
- registry/zot
inherit:
- template: common-values
- name: istiod
chart: istio/istiod
namespace: istio-system
version: 1.25.1
inherit:
- template: common-values-tpl
needs:
- istio-system/istio-base

2
installations/applications/helmfile-badhouseplants.yaml
View File

@ -111,7 +111,7 @@ releases:
- name: memos
chart: allangers-charts/memos
version: 0.3.0
version: 0.2.0
namespace: applications
inherit:
- template: default-env-values

8
installations/applications/helmfile-etersoft.yaml
View File

@ -27,14 +27,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- name: memos
chart: allangers-charts/memos
version: 0.3.0
namespace: applications
inherit:
- template: default-env-values
- name: external-service-xray
chart: ../../kustomizations/external-service-xray
installed: true

27
helmfiles/databases.yaml → installations/databases/helmfile.yaml
View File

@ -1,14 +1,12 @@
bases:
- ../common/templates.yaml
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bitnami
url: registry-1.docker.io/bitnamicharts
oci: true
- name: bedag
url: https://bedag.github.io/helm-charts/
commonLabels:
installation: databases
releases:
- name: redis
chart: bitnami/redis
@ -16,30 +14,25 @@ releases:
condition: redis.enabled
version: 20.11.3
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: default-env-values
- template: default-env-secrets
- name: postgres16
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
condition: postgres16.enabled
version: 16.6.2
version: 16.6.0
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: default-env-values
- template: default-env-secrets
- name: postgres17
labels:
bundle: postgres
namespace: databases
chart: bitnami/postgresql
condition: postgres17.enabled
version: 16.6.2
version: 16.6.0
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: default-env-values
- template: default-env-secrets

9
installations/development/helmfile.yaml Normal file
View File

@ -0,0 +1,9 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
releases:
- name: badhouseplants
namespace: platform

11
installations/games/helmfile.yaml
View File

@ -13,7 +13,16 @@ releases:
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.1
version: 4.25.1
inherit:
- template: ext-tcp-routes
- template: default-env-values
- template: default-env-secrets
- name: team-fortress-2
chart: allangers-charts/team-fortress-2
namespace: team-fortress-2
version: 0.1.2
inherit:
- template: ext-tcp-routes
- template: default-env-values

2
installations/pipelines/helmfile.yaml
View File

@ -26,7 +26,7 @@ releases:
- template: default-env-secrets
- name: renovate-github
chart: renovate/renovate
installed: true
installed: false
namespace: pipelines
version: 39.208.1
inherit:

138
helmfiles/platform.yaml → installations/platform/helmfile.yaml
View File

@ -1,70 +1,36 @@
bases:
- ../common/templates.yaml
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: minio-standalone
url: https://charts.min.io/
- name: argo
url: https://argoproj.github.io/argo-helm
- name: db-operator
url: https://db-operator.github.io/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: crossplane-stable
url: https://charts.crossplane.io/stable
- name: goauthentik
url: https://charts.goauthentik.io/
- name: minio-standalone
url: https://charts.min.io/
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
releases:
- name: external-dns
chart: external-dns/external-dns
labels:
layer: platform
version: 1.15.2
namespace: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
labels:
layer: platform
namespace: platform
inherit:
- template: common-values-tpl
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: db-operator
namespace: platform
chart: db-operator/db-operator
version: 1.34.0
inherit:
- template: common-values-tpl
- name: db-instances
chart: db-operator/db-instances
@ -73,18 +39,19 @@ releases:
- platform/db-operator
version: 2.4.0
inherit:
- template: env-values
- template: env-secrets
- template: default-env-values
- template: default-env-secrets
- name: zot
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: platform
condition: workload.enabled
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: default-env-values
- template: default-env-secrets
- name: authentik
chart: goauthentik/authentik
@ -95,7 +62,58 @@ releases:
needs:
- platform/db-operator
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- template: default-env-values
- template: default-env-secrets
- template: ext-database
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
labels:
bootstrap: true
version: 3.3.7
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
labels:
bootstrap: true
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: "../../kustomizations/kyverno/{{ .Environment.Name }}"
namespace: kyverno
labels:
bootstrap: true
needs:
- kyverno/kyverno
- name: external-dns
chart: external-dns/external-dns
version: 1.15.2
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
namespace: platform
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
inherit:
- template: default-env-values

162
installations/system/helmfile.yaml Normal file
View File

@ -0,0 +1,162 @@
bases:
- ../../common/environments.yaml
- ../../common/templates.yaml
repositories:
- name: bedag
url: https://bedag.github.io/helm-charts/
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: coredns
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: istio
url: https://istio-release.storage.googleapis.com/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
releases:
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
missingFileHandler: Warn
condition: base.enabled
needs:
- kube-system/cert-manager
inherit:
- template: default-common-values
- template: default-env-values
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
condition: velero.enabled
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: default-env-secrets
- template: crd-management-hook
- name: openebs
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.2.0
needs:
- kube-system/cilium
inherit:
- template: default-env-values
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- name: istio-base
chart: istio/base
condition: istio.enabled
namespace: istio-system
inherit:
- template: crd-management-hook
- name: istio-ingressgateway
chart: istio/gateway
condition: istio.enabled
installed: false
namespace: istio-system
needs:
- istio-system/istio-base
inherit:
- template: default-env-values
- name: istiod
chart: istio/istiod
condition: istio.enabled
namespace: istio-system
inherit:
- template: default-env-values
needs:
- istio-system/istio-base
- name: zot-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: kube-system
inherit:
- template: default-env-values
- template: default-env-secrets

51
kustomizations/kyverno/badhouseplants/pvc-patch.yaml
View File

@ -4,19 +4,6 @@ metadata:
name: replace-storage-class-by-openebs
spec:
rules:
- name: local-path-fix
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- registry
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
- name: replace-storage-class
match:
any:
@ -37,22 +24,22 @@ spec:
storageClassName: openebs-hostpath
accessModes:
- ReadWriteOnce
#- name: remove-unwanted-annotations
# match:
# any:
# - resources:
# kinds:
# - PersistentVolumeClaim
# namespaces:
# - games
# mutate:
# patchesJson6902: |-
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
# op: replace
# value: openebs-hostpath
# - path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local
# - path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
# op: replace
# value: openebs.io/local
- name: remove-unwanted-annotations
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- games
mutate:
patchesJson6902: |-
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-class"
op: replace
value: openebs-hostpath
- path: "/metadata/annotations/volume.beta.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local
- path: "/metadata/annotations/volume.kubernetes.io~1storage-provisioner"
op: replace
value: openebs.io/local

18
values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -2,36 +2,20 @@ namespaces:
- name: registry
- name: kube-system
defaultRegcred: true
- name: production
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: velero
defaultRegcred: true
- name: observability
defaultRegcred: true
- name: databases
defaultRegcred: true
- name: istio-system
defaultRegcred: true
- name: applications
defaultRegcred: true
labels:
istio-injection: enabled
istio-injection: disabled
- name: platform
defaultRegcred: true
- name: games
defaultRegcred: true
- name: team-fortress-2
defaultRegcred: true
- name: pipelines
defaultRegcred: true
- name: public-xray
defaultRegcred: true
labels:
istio-injection: disabled
- name: org-badhouseplants
defaultRegcred: true
- name: org-allanger
labels:
istio-injection: enabled

22
values/badhouseplants/kube-system/zot-mirror/secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

6
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml
View File

@ -41,7 +41,8 @@ gitea:
metrics:
enabled: true
serviceMonitor:
enabled: true
# -- TODO(@allanger): Enable it once prometheus is configured
enabled: false
config:
database:
DB_TYPE: postgres
@ -58,14 +59,13 @@ gitea:
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: true
DISABLE_REGISTRATION: false
server:
DOMAIN: gitea.badhouseplants.net
ROOT_URL: https://gitea.badhouseplants.net
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: true
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"

15
values/badhouseplants/org-badhouseplants/app-stalwart/values.yaml
View File

@ -50,14 +50,13 @@ extraVolumes:
emptyDir: {}
ingress:
main:
metadata:
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: traefik
kubernetes.io/ingress.global-static-ip-name: ""
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
config:
files:
config:

33
values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
View File

@ -1,26 +1,31 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:bai2CQ==,iv:NG7q1ZsDpCW9Lu00fGsibpTEHGtew+l5TFOLOpljlwU=,tag:Z2/fXmsEEqhDzCdTWS/Qhw==,type:bool]
sensitive: ENC[AES256_GCM,data:n+dNXA==,iv:iFM0+5G5Bsw4NI+JH1vMMrty3Zo0El0HE9F6PEDsJrY=,tag:EcbzQHVeOHVLVC7kgaRPXw==,type:bool]
enabled: ENC[AES256_GCM,data:C4TSoQ==,iv:kG2QtaNWHSc2sdhzo8HnMnPE0Mixqs1dvFsAcke/Gw4=,tag:HhbVmIw5RQ9hipQqZ5J2pw==,type:bool]
sensitive: ENC[AES256_GCM,data:0wVOUg==,iv:FGxAd9h2e0LeWukZR/THhCscF3FWoK4dnkrX1mqSC+A=,tag:0rpeedT6x2V79WB5xRNbuA==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:eQ4c,iv:4vX/ioHWEA6DzMwZ+23dgUN4PJ7Asz7bbufG5Fy80iI=,tag:1Mq0Hj/23T4fvGEXuNUtxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:B08urSqwYgekI6I5LDYGHbPK5n3r+woRZw==,iv:K2O9aSJLRMbK+N2lfX4ojSqhbmb9KbWsuW2DtYZHCOA=,tag:Qz0OJ7aWwC+/9d1oc38ySw==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:sKVugfrrR9L5LtozHPibGiPULiwv8pAot925Z/rQ0V/mW+DVvNPEw4odgfX596Ddmd8oV5zo5Mz8WIPUCmrVmfdoz+3YzVywEy8=,iv:npthfz4xcW6fF10RhHCF6uXH/6526l3gjZGRu+Xpylg=,tag:vsPsRZ7EIQ7FMvqJga3hhg==,type:str]
SMTP_USERNAME: ENC[AES256_GCM,data:82zb,iv:Z89+Wt6jGMQTZ73ghk1Ey504WYt2Li9XQ2gaH0SB8tI=,tag:RmqHxghik75E9LAABzyVxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:ELi8dtNa/OhQKgrXbrgwHK95ntZjyzRSvQ==,iv:IVZbXZlFyCRMc3bW81Ak9UdjeGke0px9mGqrmaW7EHk=,tag:9xli08c0pqnxu2ktTbCMcg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:CAAalqRcu9vsM1bjC76enJCSX/tc7yOd48mxGV0d5rTFxQz08b4JVhKyMzl7BRog7+PMtJkkTnRIXZHgj31FqhRylmHyuAn3iPc=,iv:PpZvZMhOEt6ecdkBcvAOSz+eZktPAzaAlYNjBSgiN/w=,tag:apHKw66HG7TYnpBNVyM7xA==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:quvcZQKauXeW+l8xkYgVBElBQveoRWKDBA==,iv:KpQH+Ef87jl/M9XpBtIKNhn7ATHoV+Jgjpzg2Li28Kg=,tag:jniePrO7UVp/cz/eIh19mg==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:g212PzN9/4hxBKMAWFNiR0qAnPPK/tkffg==,iv:1l6dikIQGSjznW9MsaCTdz0wLJmAhiL0ZOdN2J4Q0yA=,tag:tNbPdORUa6IBWgh0HHaNjA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNnFwbWFpTWgxRk45S240
cVI5ekJXdVIwaG5NcGRPa2xTN2pFV2tyN1JBClNVMGhNL2FaM2pCK0sxbjgyalJN
MnpQeHBxY2RtWkI2c1htV3oyQmNnbVUKLS0tIGg4ZXNwaFRKNTlIRDluT3k0VDRD
Y3pIaEdFb1JwMnVrYnJ4UkpWMERmZFUKa45EvUqkvjaL85xh3gyxTeJ02IxPJf9a
TGjAvpjBrym9v++OrHn2otw1NOeZwSP1hmSCc+sa6/0yFqcU031xjQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoLys3dkJDK2lrQ0d4ZlJi
eFRTSmx1RUtZRnpxdkNvVFFCeXl6dDcvWXdvCitoNkcwVFFxRVJ6dkNUbGVPb1pU
b3E4ZjZibFF6QytNdUhXNDFLZXRpSEUKLS0tIHpZTmFXNnptVzJmZFhIU2haRWhR
UjNEN1BlREFVak1xdmQzaFY1dHVyM3cKuvMIrQUL1cuw3Odz/Cv+kZV9ZZzBozSW
XimhDSkxNrH5OsGC1Jxz/8JOv8abBs4NROzffVdyqtZZzXOLzw3mJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T10:29:47Z"
mac: ENC[AES256_GCM,data:VmYotoR4BJJv2mZ+kt+NNn+oXLKWHed0o/TkJO93/4eLUm8Wg9SPMA1ZYYe9YRfgbIhYxPlQbPPKQBv95XeOS1FFL24VyenTTP3TXWroeXxOWubko/Fp88U3glJXs5jfL5DLYKvGwTXG3tchFDwH9m6QOABX+aRxvNBEP5zXUxs=,iv:HMzuvl8YCPj9ZA5tKfExQfSbvwu4IEHz6sMLAe8g7vo=,tag:lI2fh1b7prHsBS8Snrbdtw==,type:str]
lastmodified: "2025-03-02T08:58:16Z"
mac: ENC[AES256_GCM,data:px+D6tlAZU6GzlE8/jLc0BaPyRwsfE1jRROy2mX7bhFTIW3lZqt/zangO46fFH5hXZjY5wLNIktCDbawIbUFwAp0vrmXxctZoAftl9hpdtW6ann3yfyv3pdcs7/BKu3s5QUswx6D13iLU0dvzyG4vGcQNmKpxuPQYLuDp2o74hM=,iv:2Y+wsS7QcgQ/8umZ+a21QjU25Yq24Y7UWjXVy9Gmvoo=,tag:APVtby5NCOQxrPAjIbMJ+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.0
version: 3.9.4

29
values/badhouseplants/platform/db-instances/secrets.yaml
View File

@ -1,29 +0,0 @@
dbinstances:
postgres16:
secrets:
adminUser: ENC[AES256_GCM,data:uuu/xvwJkHk=,iv:Pk+i8bf7AeeG9wKVh1RDJy7Dt3r5b1UKy4SJijlZfq0=,tag:QO3gwYXAG0sBBuHcKfTNQg==,type:str]
adminPassword: ENC[AES256_GCM,data:tjWATjuJT+C97D4TLQgk55BZOwVv,iv:1MWYtksmrEBQtOdGvtc6MZyLP4yBKA88eIpQ4mZCULM=,tag:3hOlT5n2Wd81ebxeEgW5tw==,type:str]
postgres17:
secrets:
adminUser: ENC[AES256_GCM,data:4w2EItIM++Q=,iv:cQLryeBskm2Y9OlbMFgQEWEBi7z/VxucLWbwZXsRtto=,tag:Ir2Q7KZv/sSDdA1MX/Niqw==,type:str]
adminPassword: ENC[AES256_GCM,data:wHUL2p8CXYwoEFu3ffCCsQO9xn/GqOZ6JPrcHKzy,iv:khoogPPFHSd+4xyp+jf1w0RfOUgrKzAmFjLnisQ8HXU=,tag:GRnkCQ0uOlUt2AiEAceFRQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL1lwdVNHMm9nZHRld2lO
Rm4xVnVHWG9hNDc1cUVyakxzUU1PcFJhalM4CkNicEdUV2lEYWMwaWNqeGcrQ2p1
Qmw1b1FzRllqYW85bjF0cmRGcW1MbjQKLS0tIENUcG1oOXFNV3REaFU0aUEyd2k4
RDgzRmlKT1ArblpOV1plcFpyMnJXZTQKgm8Eaw591+EHZWofXAADTXRHPOdOvdOM
jYne1szB/V9UJz+pmLa10tNgruga+P5yP/j+DGcYrTj0pVh5IJLjTA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-30T19:59:46Z"
mac: ENC[AES256_GCM,data:3KrwiArDx/bPAHbFGgb9BdDVHC+uC1IHp4LZXlYRZzWSKtX1t+ODQVzUW97kigGFG1sx6WXddl/w3XeNOoT9JbS5iPXJQe6KAPleNV50S/oab+U53WeloO8uL68Wrk9v/NwMhCKwE9cCqBBhqk7wCb6N9ivt45mLrUf06L8fok0=,iv:bOWhyIm8FhKtZAZH/78bukkeDp5P4XShSD20mgr4Neo=,tag:RZMx9bi+ZEcLwTzk+Gm8RQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

21
values/badhouseplants/platform/db-instances/values.yaml
View File

@ -1,21 +0,0 @@
dbinstances:
postgres16:
monitoring:
enabled: false
adminSecretRef:
Name: postgres16-secret
Namespace: databases
engine: postgres
generic:
host: postgres16-postgresql.databases.svc.cluster.local
port: 5432
postgres17:
monitoring:
enabled: false
adminSecretRef:
Name: postgres17-secret
Namespace: databases
engine: postgres
generic:
host: postgres17-postgresql.databases.svc.cluster.local
port: 5432

27
values/badhouseplants/platform/zot/values.yaml
View File

@ -1,27 +0,0 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: zot.badhouseplants.net
paths:
- path: /
tls:
- secretName: zot.badhouseplants.net
hosts:
- zot.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: false
mountConfig: true
mountSecret: true

0
values/badhouseplants/platform/authentik/secrets.yaml → values/badhouseplants/secrets.authentik.yaml
View File

0
values/badhouseplants/platform/external-dns/secrets.yaml → values/badhouseplants/secrets.external-dns.yaml
View File

0
values/badhouseplants/games/minecraft/secrets.yaml → values/badhouseplants/secrets.minecraft.yaml
View File

0
values/badhouseplants/platform/minio/secrets.yaml → values/badhouseplants/secrets.minio.yaml
View File

0
values/badhouseplants/databases/postgres16/secrets.yaml → values/badhouseplants/secrets.postgres16.yaml
View File

0
values/badhouseplants/databases/postgres17/secrets.yaml → values/badhouseplants/secrets.postgres17.yaml
View File

0
values/badhouseplants/databases/redis/secrets.yaml → values/badhouseplants/secrets.redis.yaml
View File

35
values/badhouseplants/secrets.renovate-github.yaml
View File

@ -1,17 +1,22 @@
secrets:
RENOVATE_TOKEN: ENC[AES256_GCM,data:ohd4EhTlhRpQ+IXVf1Nb73+h0VHrMZduPhkbm53s3/+HRKUZd7JepA==,iv:qtbH0lz9Li+jjWcef6JGRpbcsOGlG+e3TNHDukAK2HE=,tag:KVmari0LUGHVb61VSFtgXw==,type:str]
RENOVATE_TOKEN: ENC[AES256_GCM,data:NwkAP50vrUc7dVB0wyWTgFDd+axltTqdyXuXFHHkmO2VF4QyV/svsw==,iv:kr53r5w7lVo9luC36mHghZ8fabo6/da8vLFEzhEOgDE=,tag:UnGnSXuvwlSzVuL6pEUXsw==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TGozODRjVzQvdzlvSE5s
RTlReWNSWDlzUVVLVmZXV1c3dWVwUU9hbWw4CnJUL20yTFpHMUJFWTdYQ2JWUisx
Y0djU2FhaEtVSTlRWEY3Z0RnOUhVVjAKLS0tIEZEUjhqUTRtTEo0L3haWFlRT2JS
QTFVWU5RSTBldzBjalg1TFBDY3hGUEEKCH1rY+tGtRNGMYrfSjqXbVsrPAleVHDO
Altiz0ceC5ODo01zwBf63vDVqjZtbIQNZ8oQ8Pjlktp3jCpL7JNK9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T08:52:26Z"
mac: ENC[AES256_GCM,data:6PyWgR3f7lnen5Jun04Tsw1P7rcAgTSuF+YEh0fq3r3xHvQYFGesfEO4PHLfCGYtjyyCeyzpwBUIoUHTmI5tRYjLwjwRiIu/GH75eSLOx0y0gYMl8JUeaPxSpPvElpii3XAm7vKEJhTR9QzNuzduf0Q1JdlR6TM68XM8g78zeSc=,iv:CqTrPYoLg4IgW5zTsIcmGQUg5RfK+IQmxeQIQbd6oqk=,tag:P8Je5EhAv5TqqT77nPwlHw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZDVVZm1UallMRzJpRVF0
b2dHaUJlQldOeHN5RVhydm5oaG52ZG95SVVzCkZ0enk4Mit4KzV6Z0ErTmxhU29W
R0p6NVBiRjFSU0NWUjNKdGU2WXdrcFUKLS0tIHFURlFVLzJ5NkJVRVpCV2I5U2E4
dE1VWExmY0xEdVlrZW8wRzlPRkVrRzAKVZHyy3AGktGuv7KEQX/M0xjyU/7FpgSB
OrWzXXds9h8PWC/19FU2puvdIER1G/2CajEq0PQmaC9YMvb8nLMv0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:5FV7wwVyhB1UQOLW+iYyeImXAPv3dtTlw3Qjg2rBVBmbC8vHNpXFWloBhFeTSN4VAEjxm5tqACdP3IfNkrVT1SnYeySh6Xl/sdcAuAIao7uMjLDT/MK02AcS55T9pt7h+H4nkdNatMAX7jLKbHJwNoAnL5a/FgX+gKizAg4PRHc=,iv:7HRq2xMClJXYF2S9SQeYLZwCn2EOEc4JkEFzgze2e20=,tag:Fb3fm+wlnywr0hBfw5xyQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

37
values/badhouseplants/secrets.server-xray-public-edge.yaml
View File

File diff suppressed because one or more lines are too long

37
values/badhouseplants/secrets.server-xray-public.yaml
View File

File diff suppressed because one or more lines are too long

26
values/badhouseplants/secrets.velero.yaml Normal file
View File

@ -0,0 +1,26 @@
credentials:
useSecret: ENC[AES256_GCM,data:7gOgTQ==,iv:Wiutik5u1CZ3jkI5lL4JLwvKDQrjNPSfmnyet7SBVzo=,tag:SYm+fm393zhqNMKejQfYKw==,type:bool]
name: ENC[AES256_GCM,data:NKs3qbFPKGIhXI7lzGTq,iv:MWumBc7eHro/P1oLZxQArvfoWmdJN+S0d/Qxb+ohI9E=,tag:pxJQzB82Us+UflGc271wGg==,type:str]
secretContents:
hetzner: ENC[AES256_GCM,data:tlumlKIfwugQj5Dj8Lu9HuEcKRv8v/JhTTz4oOvRavxmeBIGElfn/MyWbK68pagfDatyKsrYjqPTutYykJWVOWdHFOCIXunnI8vkDbzpxAH0BqyZQrek3s4mkTOPJkjfW6V1MNr5AvWMYLwptcIp2Q==,iv:E3jBlMgIXzuLCNVxEBlTiiVpLCdEolJuv96bSYamwLI=,tag:4zkhZUu+on0K1zF4/8tiWQ==,type:str]
etersoft: ENC[AES256_GCM,data:/kQ9eCnHIfDSzHxy2tbVgwe7C0cF+l5LaKCgksodxUJgxTQs2pJHyx4cluoW62RwOQKHxMCy3IaqphD2zZOIVKbR0q3xVmBoxcBxrKE5UIlSxbQ=,iv:YcJF8OMiFMz147c8lXVU+ccjq1okYnHiwUvJLmJHi20=,tag:hnwtfAkBCpZUy4TEGtMOOw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiaW9NQVR6OGtLV3ZqMThn
bWsrcGZKNVk1cXB2aDc5RnRNbTMwZVoyRERVCnEyQ2tFSlZmTnhRdGQxNW1BVGNs
QzBjM2tXWnhQYTBaR1pUZnUzMWpYTmMKLS0tIGQ1emdDNlVGdzNWRlRQcU5xSWxB
bWdPdVF3RjU0Z0RQWXZWVUVocVBTeWsKogQ3kmwrShfBOwMC+JHNiavRHryv+WNY
dkUkONkUH5HEWN/6M7bsMMqjkH0D/upD5UXOXr4fiibcM/w+XI/BpA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-16T14:51:45Z"
mac: ENC[AES256_GCM,data:65vGxoFLwH9WpxvqKYi1FEb8DhRWpq4K5cTjfqQEXDxbzKDk/RjTtHpFZ2iLnAOcL2ECvL+JU9yPeM7fS06nTW/TC/oP3yNGfyJp84IWNzrBVBE8HCTaXthxcRSIbGwvdCihViT4gZU7VkMaDt1WnEesjq/KQqcK/TSpCxhSyjI=,iv:HPfV3MRyeilrAFprdsLT6H//V74YzRiGM8O7TmU/g5c=,tag:tQHA6JW5ELAUXzIlJdLYFA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

0
values/badhouseplants/platform/zot/secrets.yaml → values/badhouseplants/secrets.zot.yaml
View File

5
values/badhouseplants/platform/authentik/values.yaml → values/badhouseplants/values.authentik.yaml
View File

@ -14,10 +14,10 @@ ext-database:
database: "{{ .Database }}"
authentik:
email:
host: stalwart.badhouseplants.net
host: email.badhouseplants.net
port: 587
username: bot@badhouseplants.net
use_tls: true
use_tls: false
use_ssl: false
timeout: 30
from: bot@badhouseplants.net
@ -26,6 +26,7 @@ authentik:
user: file:///postgres-creds/username
password: file:///postgres-creds/password
name: file:///postgres-creds/database
secret_key: "2Scv6ivCfV6uGRTx9Kg5CYJ2KjBRHpR8GqSBearnBYvBFZBwR7"
# This sends anonymous usage-data, stack traces on errors and
# performance data to authentik.error-reporting.a7k.io, and is fully opt-in
error_reporting:

0
values/badhouseplants/platform/external-dns/values.yaml → values/badhouseplants/values.external-dns.yaml
View File

8
values/badhouseplants/values.gitea.yaml
View File

@ -40,11 +40,11 @@ replicaCount: 1
clusterDomain: cluster.local
resources:
limits:
memory: 1.5Gi
memory: 1024Mi
cpu: 1
requests:
cpu: 1
memory: 1.5Gi
memory: 1024Mi
persistence:
enabled: true
size: 15Gi
@ -57,7 +57,8 @@ gitea:
metrics:
enabled: true
serviceMonitor:
enabled: true
# -- TODO(@allanger): Enable it once prometheus is configured
enabled: false
config:
database:
DB_TYPE: postgres
@ -81,7 +82,6 @@ gitea:
LFS_START_SERVER: true
LANDING_PAGE: explore
START_SSH_SERVER: true
ENABLE_PPROF: true
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: "s3.badhouseplants.net:443"

13
values/badhouseplants/values.istiod.yaml
View File

@ -0,0 +1,13 @@
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi
global:
proxy:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 128Mi

41
values/badhouseplants/values.memos.yaml
View File

@ -2,34 +2,25 @@ shortcuts:
hostname: notes.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres16
instance: postgres16
name: memos-postgres17
instance: postgres17
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
base:
workload:
containers:
memos:
envFrom:
main: {}
raw:
- secretRef:
name: memos-postgres16-creds
storage:
data:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
storageClassName: openebs-hostpath
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
ingress:
main:
metadata:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

106
values/badhouseplants/games/minecraft/values.yaml → values/badhouseplants/values.minecraft.yaml
View File

@ -1,15 +1,33 @@
service-account:
enabled: true
resources:
- name: minecraft-exporter
label:
app: minecraft-minecraft-metrics
endpoints:
port: metrics
traefik:
enabled: true
tcpRoutes:
- name: minecraft-tcp
entrypoint: minecraft
gateway: istio-system/badhouseplants-minecraft
match: HostSNI(`*`)
service: minecraft-minecraft
port: 25565
# --------------------------------------------------
# -- Main values
# --------------------------------------------------
image:
tag: java23-graalvm
#tag: java21-graalvm
tag: java21-jdk
pullPolicy: Always
resources:
requests:
memory: 2.5Gi
memory: 3.5Gi
cpu: 2.5
limits:
memory: 2.5Gi
memory: 3.5Gi
lifecycle:
postStart:
- bash
@ -34,23 +52,32 @@ readinessProbe:
successThreshold: 1
timeoutSeconds: 20
minecraftServer:
memory: 2000M
memory: 3000M
jvmOpts: |
-server
jvmXXOpts: |
-Xms2000G -Xmx2500G -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M
-Xms3000G -Xmx3500G -XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M
overrideServerProperties: true
eula: "TRUE"
onlineMode: false
difficulty: hard
hardcore: true
version: "1.21.4"
version: "1.21.1"
maxWorldSize: 90000
type: "FABRIC"
gameMode: survival
pvp: true
modUrls: []
serviceType: NodePort
#- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2-api.jar
#- https://github.com/CaffeineMC/sodium-fabric/releases/download/mc1.20.1-0.5.11/sodium-fabric-0.5.11+mc1.20.1.jar
#- https://github.com/CaffeineMC/lithium-fabric/releases/download/mc1.20.1-0.11.2/lithium-fabric-mc1.20.1-0.11.2.jar
#pluginUrls:
# - https://github.com/dmulloy2/ProtocolLib/releases/download/5.2.0/ProtocolLib.jar
# - https://mediafilez.forgecdn.net/files/3789/833/GravityControl-2.0.0.jar
# - https://mediafilez.forgecdn.net/files/3151/915/CrackShot.jar
# - https://s3.badhouseplants.net/public-download/MechanicsCore-3.4.8.jar
# - https://s3.badhouseplants.net/public-download/WeaponMechanics-3.4.9.jar
rcon:
enabled: true
withGeneratedPassword: false
@ -58,7 +85,7 @@ minecraftServer:
serviceType: ClusterIP
extraPorts:
- name: metrics
containerPort: 19565
containerPort: 9225
protocol: TCP
service:
enabled: true
@ -66,11 +93,12 @@ minecraftServer:
labels:
exporter: minecraft
type: ClusterIP
port: 19565
port: 9925
ingress:
enabled: false
persistence:
storageClass: openebs-hostpath
#storageClass: local-path
dataDir:
enabled: true
Size: 9Gi
@ -93,6 +121,35 @@ mcbackup:
persistence:
backupDir:
enabled: false
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: 0-download-mods
image: alpine/curl
command:
- curl
- -L
- "https://s3.badhouseplants.net/minecraft-mods/server_mods.tar"
- -o
- /download/server_mods.tar
volumeMounts:
- name: download
mountPath: /download
readOnly: false
- name: 1-copy-plugins-to-minecraft
image: ubuntu
command:
- sh
- -c
- cd /mods && tar -xvf /download/server_mods.tar || true
volumeMounts:
- name: plugins
mountPath: /mods
readOnly: false
- name: download
mountPath: /download
readOnly: false
extraVolumes:
- volumeMounts:
- name: plugins
@ -105,36 +162,3 @@ extraVolumes:
- name: download
emptyDir:
sizeLimit: 500Mi
extraDeploy:
- |-
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: minecraft
spec:
endpoints:
- interval: 30s
port: metrics
scrapeTimeout: 10s
path: '/'
namespaceSelector:
matchNames:
- games
selector:
matchLabels:
app.kubernetes.io/instance: minecraft
- |-
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: minecraft-tcp
spec:
entryPoints:
- minecraft
routes:
- match: HostSNI(`*`)
services:
- name: minecraft
nativeLB: true
port: 25565

2
values/badhouseplants/platform/minio/values.yaml → values/badhouseplants/values.minio.yaml
View File

@ -56,7 +56,7 @@ consoleService:
port: '9001'
resources:
requests:
memory: 1Gi
memory: 2Gi
buckets:
- name: badhouseplants-net
policy: download

1
values/badhouseplants/kube-system/openebs/values.yaml → values/badhouseplants/values.openebs.yaml
View File

@ -1,7 +1,6 @@
localpv-provisioner:
hostpathClass:
isDefaultClass: true
zfs-localpv:
crds:
zfsLocalPv:

2
values/badhouseplants/databases/postgres16/values.yaml → values/badhouseplants/values.postgres16.yaml
View File

@ -9,7 +9,7 @@ metrics:
primary:
persistence:
size: 2Gi
resources:
resources:
limits:
ephemeral-storage: 1Gi
memory: 512Mi

0
values/badhouseplants/databases/postgres17/values.yaml → values/badhouseplants/values.postgres17.yaml
View File

4
values/badhouseplants/values.prometheus.yaml
View File

@ -1,3 +1,7 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
coreDns:
enabled: false
kubeEtcd:

0
values/badhouseplants/databases/redis/values.yaml → values/badhouseplants/values.redis.yaml
View File

0
values/badhouseplants/kube-system/traefik/values.yaml → values/badhouseplants/values.traefik.yaml
View File

0
values/badhouseplants/platform/uptime-kuma/values.yaml → values/badhouseplants/values.uptime-kuma.yaml
View File

12
values/badhouseplants/velero/velero/values.yaml → values/badhouseplants/values.velero.yaml
View File

@ -1,3 +1,10 @@
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.11.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
configuration:
logLevel: error
repositoryMaintenanceJob:
@ -10,7 +17,7 @@ configuration:
backupStorageLocation:
- name: hetzner
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.1
plugin: velero/velero-plugin-for-aws:v1.11.0
bucket: badhouseplants-backups
accessMode: ReadWrite
credential:
@ -22,10 +29,9 @@ configuration:
s3Url: https://nbg1.your-objectstorage.com
publicUrl: https://nbg1.your-objectstorage.com
checksumAlgorithm: ""
- name: etersoft
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.1
plugin: velero/velero-plugin-for-aws:v1.11.0
bucket: velero
accessMode: ReadWrite
credential:

21
values/badhouseplants/velero/velero/secrets.yaml
View File

@ -1,21 +0,0 @@
credentials:
useSecret: ENC[AES256_GCM,data:JeoOyQ==,iv:fu/UL5pN+RfYRluV1ipqbJ7AMmb6mBzo9Cs8MEaH90g=,tag:SXueO8IzwQ12MjSQUx5K4A==,type:bool]
name: ENC[AES256_GCM,data:jHBOoXdfbcm9/tWworFG,iv:EZdqinT6tBFS2t7/l3bA2A5OspmmXVBhlM4ENIMlWeI=,tag:ltP1tFsWxRiQV8GgNe2RmA==,type:str]
secretContents:
hetzner: ENC[AES256_GCM,data:cLAnAdz3RlBE4YOVDIcQ+gjWxsA2jsNJgh2zkBV9LbPHU2eJDaLmQIzGov28vQK0tpdGBk8uncjg7eLVpqQFnn/+4mbMrCICLNqeNYJNG9sTRhBoA8EqODRQ7mJoHMdvSqk8dp+9nGXrgO/HCKZCbg==,iv:pEQbq9pqWcuUG3Jj93QNbD4N9a/NxLPc1XqmfYNdOoc=,tag:Ss8hyMYYm24UG2aVXw6MQQ==,type:str]
etersoft: ENC[AES256_GCM,data:f7opp9R8bLoOSqpzJdjUXiVHF0hxH3uE+fRQfgEA/G0wDrPio6SPNUG+ROeZCrLJgizFTR6x4/r/yTIglEeaa9aefF1OG9dEdlpko7AALnf3DYQ=,iv:NGXNl5BbQS5dgVn5wNqN7ba11AeDgHXPloYTBC95l2E=,tag:kA/7bvS9h20/a7se5e1zUg==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2emd4d1gyWjlYL3dYRmw4
Y2J0UkJaMTR6b0NsNTVzcTBHMXJ3WnNRdWlJCnB0ZEJmclRzY0Y1WEsvQmRWYU9k
cDRtQ3J4azNBUnN5bVUvdm9EbEo1ZHcKLS0tIGN6L0VpTWlQNm1sVnA4UldBbk9C
Q1dWek5PVjNkZUdJYllJSTZhQ1p0QU0K4LFd1ITs38M101fqy6KZGZ43x4Ou3VtB
EN1uxBEt5AdfX4F+FbOnA5qAOUdRRN31TjIXs948E/1vgm8zRxSx1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-02T21:11:55Z"
mac: ENC[AES256_GCM,data:ArJNDbctyrzJIVo9CojFPAKlhW9xCBYvfpA27iG2YGWYfCRQ0uAIVmUn0jVsbfYWdtQ5WZD7p05itXMobQMMlFlv3twi7B7taXYXQQzZghhOCVJBYo8I3gFl9wxVpKHNc+WxuerFCQUCOXyBMI9CLmXsKBwlciLl78OSU6SMe/s=,iv:wHFF4yhYLs6QjOcvcU4WDpNyjQZl0dI42mouVR/43Eo=,tag:notDIF/S/r7MlYogftz9aA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

6
values/common/databases/postgres16/values.gotmpl
View File

@ -1,6 +0,0 @@
global:
imageRegistry: {{ .Values.registry }}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

6
values/common/databases/postgres17/values.gotmpl
View File

@ -1,6 +0,0 @@
global:
imageRegistry: {{ .Values.registry }}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

6
values/common/databases/redis/values.gotmpl
View File

@ -1,6 +0,0 @@
global:
imageRegistry: {{ .Values.registry}}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

33
values/common/games/minecraft/values.gotmpl
View File

@ -1,33 +0,0 @@
image:
repository: {{ .Values.registry }}/itzg/minecraft-server
pullSecret: regcred
# ---------------------------------------------
# -- Install Plugins
# ---------------------------------------------
initContainers:
- name: 0-download-mods
image: {{.Values.registry}}/alpine/curl
command:
- curl
- -L
- "https://s3.badhouseplants.net/minecraft-mods/server_mods.tar"
- -o
- /download/server_mods.tar
volumeMounts:
- name: download
mountPath: /download
readOnly: false
- name: 1-copy-plugins-to-minecraft
image: {{ .Values.registry }}/ubuntu
command:
- sh
- -c
- cd /mods && tar -xvf /download/server_mods.tar || true
volumeMounts:
- name: plugins
mountPath: /mods
readOnly: false
- name: download
mountPath: /download
readOnly: false

3
values/common/istio-system/istio-base/values.yaml
View File

@ -1,3 +0,0 @@
global:
imagePullSecrets:
- regcred

16
values/common/istio-system/istiod/values.gotmpl
View File

@ -1,16 +0,0 @@
pilot:
resources:
requests:
cpu: 50m
memory: 256Mi
global:
hub: {{ .Values.registry }}/istio
imagePullSecrets:
- regcred
proxy:
resources:
requests:
cpu: 20m
memory: 54Mi
limits:
memory: 54Mi

15
values/common/kube-system/cert-manager/values.gotmpl
View File

@ -3,17 +3,22 @@ global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-controller
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller
pullPolicy: Always
cainjector:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector
pullPolicy: Always
webhook:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-webhook
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook
pullPolicy: Always
acmesolver:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver
pullPolicy: Always
startupapicheck:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck
pullPolicy: Always
{{- end }}

6
values/common/kube-system/cilium/values.gotmpl
View File

@ -2,15 +2,15 @@
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/cilium/cilium
repository: {{ .Values.registry }}/quay/cilium/cilium
useDigest: false
envoy:
image:
repository: {{ .Values.registry }}/cilium/cilium-envoy
repository: {{ .Values.registry }}/quay/cilium/cilium-envoy
useDigest: false
operator:
image:
repository: {{ .Values.registry }}/cilium/operator
repository: {{ .Values.registry }}/quay/cilium/operator
useDigest: false
hubble:
tls:

2
values/common/kube-system/coredns/values.gotmpl
View File

@ -1,6 +1,6 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/coredns/coredns
repository: {{ .Values.registry }}/dockerhub/coredns/coredns
pullSecrets:
- name: regcred
{{- end }}

17
values/common/kube-system/local-path-provisioner/values.gotmpl
View File

@ -1,17 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/rancher/local-path-provisioner
helperImage:
repository: {{ .Values.registry }}/library/busybox
imagePullSecrets:
- name: regcred
{{- end }}
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

1
values/common/kube-system/metallb-resources/values.gotmpl
View File

@ -1 +0,0 @@
addresses: "{{ .Values.main_ip }}-{{ .Values.main_ip }}"

8
values/common/kube-system/metallb/values.gotmpl
View File

@ -1,15 +1,13 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
imagePullSecrets:
- name: regcred
controller:
image:
repository: {{ .Values.registry }}/metallb/controller
repository: {{ .Values.registry }}/quay/metallb/controller
speaker:
image:
repository: {{ .Values.registry }}/metallb/speaker
repository: {{ .Values.registry }}/quay/metallb/speaker
frr:
image:
repository: {{ .Values.registry }}/frrouting/frr
{{- end }}
repository: {{ .Values.registry }}/quay/frrouting/frr

11
values/common/kube-system/metallb/values.yaml
View File

@ -3,20 +3,17 @@ controller:
logLevel: warn
strategy:
type: RollingUpdate
securityContext:
runAsNonRoot: true
# nobody
runAsUser: 65534
fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 150Mi
memory: 100Mi
limits:
memory: 150Mi
memory: 100Mi
livenessProbe:
enabled: true
failureThreshold: 3
@ -40,9 +37,9 @@ speaker:
resources:
requests:
cpu: 30m
memory: 350Mi
memory: 300Mi
limits:
memory: 350Mi
memory: 300Mi
livenessProbe:
enabled: true
failureThreshold: 3

2
values/common/kube-system/metrics-server/values.gotmpl
View File

@ -1,5 +1,5 @@
image:
repository: {{ .Values.registry }}/metrics-server/metrics-server
repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server
imagePullSecrets:
- name: regcred
apiService:

6
values/common/kube-system/openebs/values.gotmpl
View File

@ -1,6 +0,0 @@
global:
imageRegistry: {{ .Values.registry }}
localpv-provisioner:
imagePullSecrets:
- name: regcred

8
values/common/kube-system/traefik/values.gotmpl
View File

@ -1,8 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
deployment:
imagePullSecrets:
- name: regcred
image:
registry: {{ .Values.registry }}/library
{{- end }}

7
values/common/kyverno/kyverno/values.gotmpl
View File

@ -1,7 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
global:
image:
registry: {{ .Values.registry }}
imagePullSecrets:
- name: regcred
{{- end }}

12
values/common/platform/authentik/values.gotmpl
View File

@ -1,12 +0,0 @@
global:
image:
repository: {{ .Values.registry }}/goauthentik/server
imagePullSecrets:
- name: regcred
redis:
global:
imageRegistry: {{ .Values.registry}}
imagePullSecrets:
- regcred
security:
allowInsecureImages: true

4
values/common/platform/db-operator/values.gotmpl
View File

@ -1,4 +0,0 @@
image:
repository: {{ .Values.registry }}/db-operator/db-operator
imagePullSecrets:
- name: regcred

7
values/common/platform/external-dns/values.gotmpl
View File

@ -1,7 +0,0 @@
global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry}}/external-dns/external-dns

Some files were not shown because too many files have changed in this diff Show More