badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:fbf33cc01639a964e708e2485a513041e1d4a23d
Branches Tags
badhouseplants:main
badhouseplants:renovate/kube-prometheus-stack-70.x
badhouseplants:renovate/velero-8.x
badhouseplants:renovate/renovate-39.x
badhouseplants:renovate/external-dns-1.x
badhouseplants:renovate/coredns-1.x
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/minecraft-4.x
badhouseplants:renovate/loki-6.x
badhouseplants:renovate/gitea-11.x
badhouseplants:renovate/redis-20.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:1ad92f1aa8d03d664935383d6af9f1a7abd5b631
Branches Tags
badhouseplants:renovate/kube-prometheus-stack-70.x
badhouseplants:main
badhouseplants:renovate/velero-8.x
badhouseplants:renovate/renovate-39.x
badhouseplants:renovate/external-dns-1.x
badhouseplants:renovate/coredns-1.x
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/minecraft-4.x
badhouseplants:renovate/loki-6.x
badhouseplants:renovate/gitea-11.x
badhouseplants:renovate/redis-20.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

3 Commits
fbf33cc016 ... 1ad92f1aa8

Author SHA1 Message Date
Devops Bot
1ad92f1aa8 chore(deps): update helm release renovate to v39.219.2 2025-03-28 01:01:02 +00:00
Nikolai Rodionov
c32705ffa0
Keep migrating things 2025-03-27 22:54:32 +01:00
Nikolai Rodionov
f8684df5a9
Started a big refactoring again 2025-03-27 21:13:13 +01:00
31 changed files with 661 additions and 77 deletions
Show Stats Expand all files Collapse all files

2
common/environments.yaml
View File

@ -2,6 +2,7 @@ environments:
badhouseplants: badhouseplants:
kubeContext: badhouseplants kubeContext: badhouseplants
values: values:
- ./common/values/values.badhouseplants.yaml
- base: - base:
enabled: true enabled: true
- velero: - velero:
@ -25,6 +26,7 @@ environments:
etersoft: etersoft:
kubeContext: etersoft kubeContext: etersoft
values: values:
- ./common/values/values.etersoft.yaml
- base: - base:
enabled: true enabled: true
- velero: - velero:

9
common/templates.yaml
View File

@ -37,9 +37,18 @@ templates:
default-env-secrets: default-env-secrets:
secrets: secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml' - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
common-values:
values:
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
common-values-tpl:
values:
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-values: env-values:
values: values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml' - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
env-values-tpl:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-secrets: env-secrets:
secrets: secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml' - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'

5
common/values/values.badhouseplants.yaml
View File

@ -1,4 +1 @@
namespaces: registry: registry.badhouseplants.net
kubeSystem: kube-system
kubePublic: kube-public

1
common/values/values.etersoft.yaml Normal file
View File

@ -0,0 +1 @@
registry: registry.ru.badhouseplants.net

10
helmfile.yaml
View File

@ -1,11 +1,5 @@
bases: bases:
- ./common/environments.yaml - ./common/environments.yaml
- ./common/templates.yaml - ./common/templates.yaml
helmfiles: - ./helmfiles/base.yaml
- ./installations/system/ - ./helmfiles/system.yaml
- ./installations/databases/
- ./installations/platform/
- ./installations/pipelines/
- ./installations/monitoring/
- ./installations/applications/helmfile-{{ .Environment.Name }}.yaml
- ./installations/games/

18
helmfiles/base.yaml Normal file
View File

@ -0,0 +1,18 @@
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ./charts/namespaces/chart
namespace: kube-system
createNamespace: false
inherit:
- template: env-values
- template: env-secrets
- name: roles
chart: ./charts/roles
namespace: kube-system
createNamespace: false
needs:
- kube-system/namespaces
inherit:
- template: env-values

71
helmfiles/system.yaml Normal file
View File

@ -0,0 +1,71 @@
repositories:
- name: coredns
url: https://coredns.github.io/helm
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: cilium
url: https://helm.cilium.io/
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
url: https://charts.jetstack.io
releases:
- name: coredns
chart: coredns/coredns
version: 1.39.1
namespace: kube-system
inherit:
- template: common-values-tpl
- name: cilium
chart: cilium/cilium
version: 1.17.2
namespace: kube-system
needs:
- kube-system/coredns
inherit:
- template: common-values
- template: common-values-tpl
- name: zot
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: registry
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- template: env-secrets
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- registry/zot
inherit:
- template: common-values-tpl
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: common-values
- template: common-values-tpl
#- name: issuer
# chart: '{{ requiredEnv "PWD" }}/charts/issuer'
# namespace: kube-public
# missingFileHandler: Warn
# needs:
# - kube-system/zot-mirror
# inherit:
# - template: common-values
# - template: env-values

4
installations/pipelines/helmfile.yaml
View File

@ -20,7 +20,7 @@ releases:
- name: renovate-gitea - name: renovate-gitea
chart: renovate/renovate chart: renovate/renovate
namespace: pipelines namespace: pipelines
version: 39.218.1 version: 39.219.2
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
@ -28,7 +28,7 @@ releases:
chart: renovate/renovate chart: renovate/renovate
installed: false installed: false
namespace: pipelines namespace: pipelines
version: 39.218.1 version: 39.219.2
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets

35
installations/system/helmfile.yaml
View File

@ -27,41 +27,8 @@ repositories:
url: https://istio-release.storage.googleapis.com/charts url: https://istio-release.storage.googleapis.com/charts
- name: zot - name: zot
url: https://zotregistry.dev/helm-charts/ url: https://zotregistry.dev/helm-charts/
releases: releases:
- name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
- template: default-env-secrets
- name: roles
chart: '{{ requiredEnv "PWD" }}/charts/roles'
namespace: kube-public
createNamespace: false
needs:
- kube-public/namespaces
inherit:
- template: default-env-values
- name: coredns
chart: coredns/coredns
version: 1.39.1
namespace: kube-system
inherit:
- template: default-common-values
- name: cilium
chart: cilium/cilium
version: 1.17.2
condition: base.enabled
namespace: kube-system
needs:
- kube-system/coredns
inherit:
- template: default-env-values
- name: cert-manager - name: cert-manager
chart: jetstack/cert-manager chart: jetstack/cert-manager
version: v1.17.1 version: v1.17.1

1
kustomizations/kyverno/etersoft/pvc-patch.yaml
View File

@ -13,6 +13,7 @@ spec:
namespaces: namespaces:
- applications - applications
- platform - platform
- registry
mutate: mutate:
patchStrategicMerge: patchStrategicMerge:
metadata: metadata:

21
values/badhouseplants/kube-system/namespaces/secrets.yaml Normal file
View File

@ -0,0 +1,21 @@
defaultRegcred: ENC[AES256_GCM,data:lsqr2fBEosOQqYLBwps1hmgFs90zkzbdHpO8UwJWcMl1/CGkyzroACqHkL8taaOnnvwWwadIL8FU3382jamw0Xk5O51bFSBbCxTs3xd4ibwe39ha5YI6YQDHADDb/u1Yw4TctJ/h9xykXHDOL4foE5Z860e16vtMiVvniLD9OGfR6utb9gvZHE2QqZTlHR9U4PY2vLWWQMN3VRvipT7hulmOUzXMVcuBswmyDF39PvTba6Ea7A83V9h6HpqNeSA1ewKREIDOFqjhl7tIit8aQnuee58bJCTVIdg6gyR6yfu6sF22wdUlsJ7CAHtd41sbhEhWGyzJIqg=,iv:J1CfAJmNpI7lgQalYJlXs+JX5I0e6COGrsenMhvDGLA=,tag:nHkq8VF47I/9FS8uGcEyuw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWHpPUkZqbC9LaEtJYzhF
L0hIZUtOa3E4KzJDOFlwaFRVWDdJRnBtR1ZjCnVLNzhyQkdxS2dtK2lFaWRJUkJq
dThURHRTRG5GT1BqaTZRbzlUbXYzWHMKLS0tIFRSa1lkSGQrN1RGdklzYzZNU3BH
ZE0wMk1sRGg1M1lrNVFMTityK3cwK00Kbhugumz27RVo1SJjaljEbklHY6CW7xGD
UCbN0LGh5PPpN6eCbZW8dB1+/lLR9AnyYr6okrGM2iztaJQdlwRvww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T10:24:56Z"
mac: ENC[AES256_GCM,data:xGqmh1TPg0OJLSycbnjsF4Ai844ZzlCzawQXmROpORJEiSL/3R1W+2PsBT5KcAfG7y2+Ovyk+l1FeorIPuqnbcezX9zUxMOaFXJylmwvNYXCwoihU6Yx2hg9SuFhnwINAhCLqOaRKIh8xPUaK8nRVqwJJa0jW6eCyZ5lsLtpz90=,iv:pmPfpSv3VfVz/MvTGTWoMxzkF3BvCMhK+HxEeN5pzNI=,tag:WkLcTz/WlLXmq8EojHfdlA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

5
values/badhouseplants/values.namespaces.yaml → values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -1,4 +1,7 @@
namespaces: namespaces:
- name: registry
- name: kube-system
defaultRegcred: true
- name: kyverno - name: kyverno
- name: velero - name: velero
- name: observability - name: observability
@ -16,5 +19,3 @@ namespaces:
istio-injection: disabled istio-injection: disabled
- name: org-badhouseplants - name: org-badhouseplants
- name: org-allanger - name: org-allanger
- name: kube-system
defaultRegcred: true

24
values/badhouseplants/kube-system/roles/values.yaml Normal file
View File

@ -0,0 +1,24 @@
roles:
- name: xray-admin
namespace: public-xray
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["public-xray"]
bindings:
- name: woodpecker-ci
namespace: pipelines
kind: ClusterRoleBinding
subjects:
- kind: ServiceAccount
namespace: pipelines
name: woodpecker-ci
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
sa:
- name: woodpecker-ci
namespace: pipelines

22
values/badhouseplants/kube-system/zot-mirror/secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

21
values/badhouseplants/secrets.namespaces.yaml
View File

@ -1,21 +0,0 @@
defaultRegcred: ENC[AES256_GCM,data:QpL9wlCjErkjp16vsOAcsDA539EguT48JPb24oi6VexbbRm3cBVz9KDlrVhhbt1Uk8hMkbHfN+SQT+OQL38EW6fJiQ2CJ6JbVuyNXeolErxbeV2V9dWegiSjcekgS+tqs0YmshdfUpMFXIpmHWAsW2hty40b6+WE1iAmSf0NgrdYTG+ctMtetCIpiLwy3vgiBc581h0kmAxC3QCDVXIxtw0p0mtF3iHZmQv78FEd9CseTPH0jVlaoucM3mRPKNFi5j7sGQtrevYfPZpynpufTRLSkW84NddXbpk1gzFn5fbENjS1b0vrInqVkS0KMmewOGwf6coL0uELFclRQua1YO7hW5uVKZyUCn9UpCMFHWI=,iv:Vr6x3YFd7UGqId1PQOJqJmpSWxlalIcQdsfwCmQkdQo=,tag:rtFEPOYSzf7M8vTwe3hxtA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTSs0WkNIdlhxVURXcU5u
WDMzb000cUE5TnpPajRHZnZLblpKY0RUZmlnCnNpbno2VUVHb1g2cy9XUEV2eHdz
QWI0VVVJSllIRHdRZFdlRmFOckVmV2MKLS0tIDJER2UrTXArblBnckxJY3hSaXZk
Tk5SK3Y2YVBPem1HVjI1ejhaK2tmTVkKgfdOUiERRABkvvYLe3P7hAOoc97dNmnF
rAwK+FrRrAnfeG2R9RegocbDv64ieB1vwJpW2LeainGchn9opNjeeQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T19:22:13Z"
mac: ENC[AES256_GCM,data:JYkxfsrFgYHrxQTPh4uZ1RIqexJnaYefRWzYFzpE6Or2in/UBDG+UghYtbld8+wI6xSMMwfh8BgmOwUWWhqzCwzHEVaiNjRUNisw/epdbKwCuou1h6m4e8vid8NG8+FttWK2QvIzEKM9ONTJPcoCRjiKIBH7dGBAeCjAOJy6PlA=,iv:n26YeGhiZ80SQYfFUA5Lv0THDTPYvOvWoU23nTut7Qw=,tag:C3ij7ClL2ra6hutcTtbP9g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

14
values/badhouseplants/values.zot-mirror.yaml
View File

@ -135,6 +135,19 @@ configFiles:
], ],
"onDemand": true, "onDemand": true,
"tlsVerify": true "tlsVerify": true
},
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/quay"
}
],
"onDemand": true,
"tlsVerify": true
} }
] ]
} }
@ -145,4 +158,3 @@ secretFiles:
htpasswd: |- htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ. overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi

24
values/common/kube-system/cert-manager/values.gotmpl Normal file
View File

@ -0,0 +1,24 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-controller
pullPolicy: Always
cainjector:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-cainjector
pullPolicy: Always
webhook:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-webhook
pullPolicy: Always
acmesolver:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-acmesolver
pullPolicy: Always
startupapicheck:
image:
repository: {{ .Values.registry }}/quay/jetstack/cert-manager-startupapicheck
pullPolicy: Always
{{- end }}

25
values/common/kube-system/cert-manager/values.yaml Normal file
View File

@ -0,0 +1,25 @@
crds:
enabled: true
resources:
requests:
cpu: 30m
memory: 100Mi
limits:
memory: 100Mi
cainjector:
resources:
requests:
cpu: 20m
memory: 150Mi
limits:
memory: 150Mi
webhook:
resources:
requests:
cpu: 50m
memory: 150Mi
limits:
memory: 150Mi

15
values/common/kube-system/cilium/values.gotmpl Normal file
View File

@ -0,0 +1,15 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/quay/cilium/cilium
useDigest: false
envoy:
image:
repository: {{ .Values.registry }}/quay/cilium/cilium-envoy
useDigest: false
operator:
image:
repository: {{ .Values.registry }}/quay/cilium/operator
useDigest: false
{{- end }}

8
values/common/kube-system/cilium/values.yaml Normal file
View File

@ -0,0 +1,8 @@
operator:
replicas: 1
endpointRoutes:
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"]

8
values/common/values.coredns.yaml → values/common/kube-system/coredns/values.gotmpl
View File

@ -1,16 +1,22 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image: image:
repository: registry.badhouseplants.net/dockerhub/coredns/coredns repository: {{ .Values.registry }}/dockerhub/coredns/coredns
pullSecrets: pullSecrets:
- name: regcred - name: regcred
{{- end }}
service: service:
clusterIP: 10.43.0.10 clusterIP: 10.43.0.10
replicaCount: 2 replicaCount: 2
resources: resources:
limits: limits:
cpu: 100m cpu: 100m
memory: 256Mi memory: 256Mi
requests: requests:
memory: 128Mi memory: 128Mi
servers: servers:
- zones: - zones:
- zone: . - zone: .

2
values/common/values.metrics-server.yaml → values/common/kube-system/metrics-server/values.gotmpl
View File

@ -1,5 +1,5 @@
image: image:
repository: registry.badhouseplants.net/k8s/metrics-server/metrics-server repository: {{ .Values.registry }}/k8s/metrics-server/metrics-server
imagePullSecrets: imagePullSecrets:
- name: regcred - name: regcred
apiService: apiService:

161
values/common/registry/zot/values.gotmpl Normal file
View File

@ -0,0 +1,161 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: {{ .Values.registry }}
paths:
- path: /
tls:
- secretName: {{ .Values.registry }}
hosts:
- {{ .Values.registry }}
service:
type: ClusterIP
persistence: true
pvc:
create: true
lavels:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
configFiles:
config.json: |-
{
"distSpecVersion": "1.1.1",
"storage": {
"dedupe": true,
"gc": true,
"rootDirectory": "/var/lib/registry",
"retention": {
"dryRun": false,
"delay": "24h",
"policies": [
{
"repositories": [
"**"
],
"deleteReferrers": false,
"deleteUntagged": true,
"keepTags": [
{
"mostRecentlyPulledCount": 2
}
]
}
]
}
},
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://{{ .Values.registry }}",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
}
},
"accessControl": {
"metrics": {
"users": [
"admin"
]
},
"repositories": {
"**": {
"anonymousPolicy": [],
"policies": [
{
"users": [
"mirror_user",
"overlord"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
]
}
}
}
},
"log": {
"level": "info"
},
"extensions": {
"scrub": {
"enable": true
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
},
"mgmt": {
"enable": false
},
"sync": {
"enable": true,
"registries": [
{
"urls": [
"https://docker.io/library",
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/dockerhub"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://registry.k8s.io"
],
"content": [
{
"prefix": "**",
"destination": "/k8s"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/quay"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
}
}
secretFiles:
htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi

8
values/etersoft/kube-system/cilium/values.yaml Normal file
View File

@ -0,0 +1,8 @@
operator:
replicas: 1
endpointRoutes:
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"]

21
values/etersoft/kube-system/namespaces/secrets.yaml Normal file
View File

@ -0,0 +1,21 @@
defaultRegcred: ENC[AES256_GCM,data:YJfoPG9G4PBdkoGCGa/Q/GANcPrl15SnKZKZfkKuJmaOUo16c8la86D3M6ZRv3FPtpT57ZQAuru8aybLqk6bwi202CMuIDFxn8qTiAE/YLtPPpnIricyvOnI+ig4QZVxHb3Ewb6kBompw0wdaogUfXnQvVt39SdFkg04KZJu63xIMguPlgGR6ltW6lT/N//eadzSYaC9DT3L4KmfKhayNG1xuq2wL5NdD5t/jSfjonO7pgf5XrXY8XJGlHwDN4pdlas8Sto2SNWKg33cWutghXeqO7RpBe7fiJFgI2YzCoo992xPjwDoqLtxaZsgvXmh52Q8qTn/SF8bD9Sh3cLGDA==,iv:i0pyAYa7+pIkSfBbzr/omnPgBn/60wg/Egv4i8i56EU=,tag:ULVYyUme23ItIq4G9rYiKg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S3p6SGxZZzFrNjBvSWRO
OU5XaFhrMW9IMldELzJCWGRTdVRONGM0OVRBCkhXalIvMk9NY0NtdWtlTTBwUFE0
blVaRWdrMUpFVlg5aldUd2RybFZ1SGcKLS0tIFE1WS9MR0pDRUtwSWFQOGxydzV2
cUZubjVHWlhkUU5BZUlQVnF2Wk5jZjQKn9A+rb/ZPCFRDjLPzf/xvUcZ5IjASl7r
fS2hcY7eFm7zdv3g85Iu9ivg4bIcn5U6R02izTWCBGbPIdDFtFbWwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T10:24:28Z"
mac: ENC[AES256_GCM,data:T3IuMQKtpbmy2NbjZZmn56yvf8mt/Ef09ZD8zmUJijVGEeUTbbtQ/39WhXSXNWI0HZuz4nGkOzhgbTrotlHByxK6/z2rLeykHNB+WFGL4jYgwoJM4vtJpCL14xGlWHPr9dyz/IZP1oG21FHHsFJjdQ/WUzOMAkcLyieuQx78h6U=,iv:6GpX7zeIkEFvG1lyRw5m1X9/ngts5JhKGcVUGn9L8Mo=,tag:320EfivP9O2pwyWOYkqtKQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

6
values/etersoft/kube-system/namespaces/values.yaml Normal file
View File

@ -0,0 +1,6 @@
namespaces:
- name: registry
- name: kube-system
defaultRegcred: true
- name: applications
- name: platform

1
values/etersoft/kube-system/roles/values.yaml Normal file
View File

@ -0,0 +1 @@
roles: []

22
values/etersoft/registry/zot/secrets.yaml Normal file
View File

@ -0,0 +1,22 @@
authHeader: ENC[AES256_GCM,data:BWmu4bpFjlIDStIcWfpsgbm1hfxlvZAK9LabhXuAdArJzflc4VA+Dy5fJRAMu9Mv,iv:+rwtfnjJCZKPmdcUkTfklq19uSgavOKaySK/O/xd2PE=,tag:3yXa+0LbIqMDk6KLWAAN0Q==,type:str]
_mirror_password: ENC[AES256_GCM,data:0aa6fqR3+0ZY5KhRKJa0SKBcBnF/KizHXTIm2NQB,iv:DUB8ItYbT+K31XLbWzi5909RPVn9DG9HRDU120VxbdY=,tag:DniRwku2rQX44ffMn4mU6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ0U5L01iNFo5Y0t5SFo2
MXlwVDhQZ2R5QnVlUndmQ0x5L2ppU1h6aEVZCmhaUW1JY0RDMEM0T1JkZkk3TGVD
R0JjaEN0MGxVV1RIZUxkbjgzMTlTMmsKLS0tIFdDNW8xaWsxamFvUGRFaVZsVUV4
S3ZiYTJGOUFzZlNwSUZvNGtmSFNpczQK/npaHLqHSxMnCXNvDFw0eB9KfMJ7bWfV
ZuteeaXG+eZNX4l1ZY1pLNUv9kui4oXI8payp7sTZJI6WYZCQz6Oaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T20:50:16Z"
mac: ENC[AES256_GCM,data:XtX4NUZ9PCdAFckdlygywFQ8vJRAszOjqPItr0MNRM0ndk/PkYYGzY0phMan7FgxY3Cz5XMJcv/MEogLedM+uH5vMbsOpRY49jpILMORL3Ni1tZFG5Px5NbfExGQmjFyefotRzCHlsUSTZEHlBIp4+FeBI41CgBbLw45rEoneL8=,iv:Ilk7TXqKSSV5WYnptLRaOk/lwwHHLesbSslOCarlVEA=,tag:vWXe+r3tHXoMtWYeJN9T0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

22
values/etersoft/secrets.zot-mirror.yaml Normal file
View File

@ -0,0 +1,22 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

3
values/etersoft/values.namespaces.yaml
View File

@ -1,3 +0,0 @@
namespaces:
- name: applications
- name: platform

149
values/etersoft/values.zot-mirror.yaml Normal file
View File

@ -0,0 +1,149 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: registry.ru.badhouseplants.net
paths:
- path: /
tls:
- secretName: registry.ru.badhouseplants.net
hosts:
- registry.ru.badhouseplants.net
service:
type: ClusterIP
persistence: false
pvc:
create: true
lavels:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
configFiles:
config.json: |-
{
"distSpecVersion": "1.1.1",
"storage": {
"dedupe": true,
"gc": true,
"rootDirectory": "/var/lib/registry",
"retention": {
"dryRun": false,
"delay": "24h",
"policies": [
{
"repositories": [
"**"
],
"deleteReferrers": false,
"deleteUntagged": true,
"keepTags": [
{
"mostRecentlyPulledCount": 2
}
]
}
]
}
},
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://registry.ru.badhouseplants.net",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
}
},
"accessControl": {
"metrics": {
"users": [
"admin"
]
},
"repositories": {
"**": {
"anonymousPolicy": [],
"policies": [
{
"users": [
"mirror_user",
"overlord"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
]
}
}
}
},
"log": {
"level": "info"
},
"extensions": {
"scrub": {
"enable": true
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
},
"mgmt": {
"enable": false
},
"sync": {
"enable": true,
"registries": [
{
"urls": [
"https://docker.io/library",
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/dockerhub"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://registry.k8s.io"
],
"content": [
{
"prefix": "**",
"destination": "/k8s"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
}
}
secretFiles:
htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi