badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

Compare commits

base: badhouseplants:main
Branches Tags
badhouseplants:main
badhouseplants:renovate/velero-8.x
badhouseplants:renovate/authentik-2025.x
badhouseplants:renovate/kube-prometheus-stack-70.x
badhouseplants:renovate/renovate-39.x
badhouseplants:renovate/external-dns-1.x
badhouseplants:renovate/coredns-1.x
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/loki-6.x
badhouseplants:renovate/gitea-11.x
badhouseplants:renovate/redis-20.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node
..
compare: badhouseplants:renovate/gitea-11.x
Branches Tags
badhouseplants:renovate/velero-8.x
badhouseplants:renovate/authentik-2025.x
badhouseplants:main
badhouseplants:renovate/kube-prometheus-stack-70.x
badhouseplants:renovate/renovate-39.x
badhouseplants:renovate/external-dns-1.x
badhouseplants:renovate/coredns-1.x
badhouseplants:renovate/postgresql-16.x
badhouseplants:renovate/loki-6.x
badhouseplants:renovate/gitea-11.x
badhouseplants:renovate/redis-20.x
badhouseplants:add-ci
badhouseplants:refactor-again
badhouseplants:stale-teleport-installation
badhouseplants:script-fox-xray
badhouseplants:before-single-node

1 Commits
main ... renovate/g

Author SHA1 Message Date
Devops Bot
61ffaecc0c chore(deps): update helm release gitea to v11.0.1 2025-03-27 01:00:45 +00:00
103 changed files with 559 additions and 1410 deletions
Show Stats Expand all files Collapse all files

21
charts/issuer/templates/issuer.yaml
View File

@ -1,23 +1,10 @@
{{- range $name, $issuer := .Values.clusterIssuers }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
labels:
{{- include "issuer.labels" $ | nindent 4 }}
name: "{{ $name }}"
{{- include "issuer.labels" . | nindent 4 }}
name: "{{ .Values.name }}"
spec:
{{ $issuer.spec | toYaml | indent 2 }}
{{- end }}
{{- range $name, $issuer := .Values.issuers }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
{{- include "issuer.labels" $ | nindent 4 }}
name: "{{ $name }}"
namespace: {{ $issuer.namespace }}
spec:
{{ $issuer.spec | toYaml | indent 2 }}
{{- end }}
acme:
{{ .Values.spec | toYaml | indent 2 }}

24
charts/metallb-resources/Chart.yaml
View File

@ -1,24 +0,0 @@
apiVersion: v2
name: metallb-resources
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

7
charts/metallb-resources/templates/ip_address_pool.tpl
View File

@ -1,7 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: {{ include "metallb-resources.fullname" . }}
spec:
addresses:
- {{ .Values.addresses}}

1
charts/metallb-resources/values.yaml
View File

@ -1 +0,0 @@
addresses: 1.1.1.1-1.1.1.1

0
charts/metallb-resources/.helmignore → charts/namespaces/chart/.helmignore
View File

0
charts/namespaces/Chart.yaml → charts/namespaces/chart/Chart.yaml
View File

0
charts/namespaces/templates/_helpers.tpl → charts/namespaces/chart/templates/_helpers.tpl
View File

8
charts/namespaces/templates/namespaces.yaml → charts/namespaces/chart/templates/namespaces.yaml
View File

@ -25,14 +25,6 @@ metadata:
namespace: {{ $ns.name }}
data:
.dockerconfigjson: {{ $.Values.defaultRegcred }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: {{ $ns.name }}
imagePullSecrets:
- name: regcred
{{- end }}
{{- end }}
{{- end }}

0
charts/namespaces/values.yaml → charts/namespaces/chart/values.yaml
View File

6
charts/namespaces/kustomize/flux-system.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
labels:
name: flux-system

6
charts/namespaces/kustomize/giantswarm-flux.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm-flux
labels:
name: giantswarm-flux

6
charts/namespaces/kustomize/giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: giantswarm
labels:
name: giantswarm

5
charts/namespaces/kustomize/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- ./giantswarm-flux.yml
- ./giantswarm.yml
- ./monitoring.yml
- ./org-giantswarm.yml

6
charts/namespaces/kustomize/monitoring.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
name: monitoring

6
charts/namespaces/kustomize/org-giantswarm.yml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: org-giantswarm
labels:
name: org-giantswarm

0
charts/namespaces/.helmignore → charts/root/.helmignore
View File

6
charts/root/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: root
description: A Helm chart for Kubernetes
type: application
version: 0.1.5
appVersion: "1.16.0"

20
charts/metallb-resources/templates/_helpers.tpl → charts/root/templates/_helpers.tpl
View File

@ -1,7 +1,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "metallb-resources.name" -}}
{{- define "root.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
@ -10,7 +10,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "metallb-resources.fullname" -}}
{{- define "root.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "metallb-resources.chart" -}}
{{- define "root.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "metallb-resources.labels" -}}
helm.sh/chart: {{ include "metallb-resources.chart" . }}
{{ include "metallb-resources.selectorLabels" . }}
{{- define "root.labels" -}}
helm.sh/chart: {{ include "root.chart" . }}
{{ include "root.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Selector labels
*/}}
{{- define "metallb-resources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metallb-resources.name" . }}
{{- define "root.selectorLabels" -}}
app.kubernetes.io/name: {{ include "root.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "metallb-resources.serviceAccountName" -}}
{{- define "root.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "metallb-resources.fullname" .) .Values.serviceAccount.name }}
{{- default (include "root.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}

25
charts/root/templates/root.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root
spec:
interval: 30s
url: {{ .Values.url }}
ref:
branch: {{ .Values.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root
path: "."
prune: false
timeout: 1m
{{- end }}

25
charts/root/templates/self.yaml Normal file
View File

@ -0,0 +1,25 @@
{{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: root-self
spec:
interval: 30s
url: {{ .Values.self.url }}
ref:
branch: {{ .Values.self.branch }}
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: root-self
spec:
interval: 30s
targetNamespace: flux-system
sourceRef:
kind: GitRepository
name: root-self
path: "."
prune: false
timeout: 1m
{{- end }}

5
charts/root/values.yaml Normal file
View File

@ -0,0 +1,5 @@
url: https://git.badhouseplants.net/giantswarm/cluster-example.git
branch: main
self:
url: git@git.badhouseplants.net:giantswarm/root-config.git
branch: master

23
charts/tf-ocloud/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/tf-ocloud/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: helm-library
repository: oci://ghcr.io/allanger/allangers-helm-library
version: 0.1.4
digest: sha256:6306a6a8d3c51b2b5f37cffa88c3731550da789d1ce2317a83a3f9a657310f8e
generated: "2024-10-16T20:01:59.337767+02:00"

15
charts/tf-ocloud/Chart.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v2
name: tf-ocloud
type: application
version: 0.1.0
appVersion: 0.1.5
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: helm-library
version: 0.2.3
repository: oci://ghcr.io/allanger/allangers-helm-library
annotations:
allowed_workload_kinds: "Deployment"

BIN
charts/tf-ocloud/charts/helm-library-0.1.4.tgz Normal file
View File

Binary file not shown.

3
charts/tf-ocloud/templates/install.yaml Normal file
View File

@ -0,0 +1,3 @@
{{ include "lib.component.workload" . }}
{{ include "lib.component.files" . }}
{{ include "lib.component.env" . }}

67
charts/tf-ocloud/values.yaml Normal file
View File

@ -0,0 +1,67 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
securityContext: {}
containers:
tf:
securityContext: {}
image:
registry: zot.badhouseplants.net
repository: badhouseplants/terraform-ocloud
tag: 7eae6ec805bc99618a196abf9d4d2e0fd19f75e6
pullPolicy: Always
envFrom:
- main
mounts:
files:
ocloudkey:
path: /src/key.pem
subPath: key.pem
publickey:
path: /src/public_key
subPath: public-key
privatekey:
path: /src/ssh_key
subPath: ssh-key
tfvars:
path: /src/terraform.tfvars
subPath: terraform.tfvars
extraVolumes:
dottf:
path: /src/.terraform
extraVolumes:
dottf:
emptyDir: {}
files:
ocloudkey:
enabled: true
sensitive: false
remove: []
entries:
key.pem:
data: dummy
publickey:
enabled: true
sensitive: false
remove: []
entries:
public-key:
data: dummy
privatekey:
enabled: true
sensitive: false
remove: []
entries:
ssh-key:
data: dummy
tfvars:
enabled: true
sensitive: false
remove: []
entries:
terraform.tfvars:
data: dummy

2
common/environments.yaml
View File

@ -2,7 +2,6 @@ environments:
badhouseplants:
kubeContext: badhouseplants
values:
- ./common/values/values.badhouseplants.yaml
- base:
enabled: true
- velero:
@ -26,7 +25,6 @@ environments:
etersoft:
kubeContext: etersoft
values:
- ./common/values/values.etersoft.yaml
- base:
enabled: true
- velero:

9
common/templates.yaml
View File

@ -37,18 +37,9 @@ templates:
default-env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
common-values:
values:
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
common-values-tpl:
values:
- '{{ requiredEnv "PWD" }}/values/common/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-values:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
env-values-tpl:
values:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.gotmpl'
env-secrets:
secrets:
- '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'

10
common/values/values.badhouseplants.yaml
View File

@ -1,6 +1,4 @@
registry: registry.badhouseplants.net/containers
registry_url: registry.badhouseplants.net
main_ip: 195.201.249.91
tools:
openebs:
enabled: true
namespaces:
kubeSystem: kube-system
kubePublic: kube-public

6
common/values/values.etersoft.yaml
View File

@ -1,6 +0,0 @@
registry: registry.ru.badhouseplants.net/containers
registry_url: registry.ru.badhouseplants.net
main_ip: 91.232.225.63
tools:
openebs:
enabled: false

11
helmfile.yaml
View File

@ -1,6 +1,11 @@
bases:
- ./common/environments.yaml
- ./common/templates.yaml
- ./helmfiles/base.yaml
- ./helmfiles/system.yaml
- ./helmfiles/platform.yaml
helmfiles:
- ./installations/system/
- ./installations/databases/
- ./installations/platform/
- ./installations/pipelines/
- ./installations/monitoring/
- ./installations/applications/helmfile-{{ .Environment.Name }}.yaml
- ./installations/games/

18
helmfiles/base.yaml
View File

@ -1,18 +0,0 @@
releases:
# -- This one must be executed with --take-ownership at least once
- name: namespaces
chart: ./charts/namespaces
namespace: kube-system
createNamespace: false
inherit:
- template: env-values
- template: env-secrets
- name: roles
chart: ./charts/roles
namespace: kube-system
createNamespace: false
needs:
- kube-system/namespaces
inherit:
- template: env-values

50
helmfiles/platform.yaml
View File

@ -1,50 +0,0 @@
repositories:
- name: keel
url: https://keel-hq.github.io/keel/
- name: uptime-kuma
url: https://helm.irsigler.cloud
- name: external-dns
url: https://kubernetes-sigs.github.io/external-dns/
- name: minio-standalone
url: https://charts.min.io/
releases:
- name: external-dns
chart: external-dns/external-dns
labels:
layer: platform
version: 1.15.2
namespace: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: keel
chart: keel/keel
version: v1.0.5
labels:
layer: platform
namespace: platform
inherit:
- template: common-values-tpl
- name: uptime-kuma
chart: uptime-kuma/uptime-kuma
version: 2.21.2
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- name: minio
chart: minio-standalone/minio
version: 5.4.0
namespace: platform
labels:
layer: platform
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets

178
helmfiles/system.yaml
View File

@ -1,178 +0,0 @@
repositories:
- name: coredns
url: https://coredns.github.io/helm
- name: zot
url: https://zotregistry.dev/helm-charts/
- name: cilium
url: https://helm.cilium.io/
- name: metrics-server
url: https://kubernetes-sigs.github.io/metrics-server/
- name: jetstack
url: https://charts.jetstack.io
- name: metallb
url: https://metallb.github.io/metallb
- name: traefik
url: https://traefik.github.io/charts
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: kyverno
url: https://kyverno.github.io/kyverno/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: istio
url: https://istio-release.storage.googleapis.com/charts
releases:
- name: coredns
chart: coredns/coredns
version: 1.39.1
namespace: kube-system
inherit:
- template: common-values-tpl
- name: cilium
chart: cilium/cilium
version: 1.17.2
namespace: kube-system
needs:
- kube-system/coredns
inherit:
- template: common-values
- template: common-values-tpl
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: common-values
- template: common-values-tpl
- name: issuer
chart: ./charts/issuer
namespace: kube-system
missingFileHandler: Warn
needs:
- kube-system/cert-manager
inherit:
- template: common-values
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
namespace: kube-system
inherit:
- template: common-values-tpl
- name: kyverno
chart: kyverno/kyverno
namespace: kyverno
version: 3.3.7
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- name: kyverno-policies
chart: kyverno/kyverno-policies
namespace: kyverno
version: 3.3.4
needs:
- kyverno/kyverno
- name: custom-kyverno-policies
chart: ./kustomizations/kyverno/{{ .Environment.Name }}
namespace: kyverno
needs:
- kyverno/kyverno
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- registry/cluster-mirror
inherit:
- template: common-values
- template: common-values-tpl
- name: metallb-resources
chart: ./charts/metallb-resources
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: common-values-tpl
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
inherit:
- template: common-values-tpl
- template: common-values
- template: env-values
- name: cluster-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: registry
needs:
- kube-system/cilium
inherit:
- template: common-values-tpl
- template: env-secrets
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- registry/cluster-mirror
inherit:
- template: common-values-tpl
- name: openebs
chart: openebs/openebs
condition: tools.openebs.enabled
namespace: kube-system
version: 4.2.0
inherit:
- template: common-values-tpl
- template: env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.7.0
condition: velero.enabled
inherit:
- template: common-values-tpl
- template: env-values
- template: env-secrets
- name: istio-base
chart: istio/base
namespace: istio-system
version: 1.25.1
inherit:
- template: common-values
- name: istiod
chart: istio/istiod
namespace: istio-system
version: 1.25.1
inherit:
- template: common-values-tpl
needs:
- istio-system/istio-base

6
installations/applications/helmfile-badhouseplants.yaml
View File

@ -18,7 +18,7 @@ repositories:
releases:
- name: gitea
chart: gitea/gitea
version: 11.0.0
version: 11.0.1
namespace: applications
installed: false
inherit:
@ -80,7 +80,7 @@ releases:
- name: app-gitea
chart: gitea/gitea
version: 11.0.0
version: 11.0.1
namespace: org-badhouseplants
inherit:
- template: env-values
@ -111,7 +111,7 @@ releases:
- name: memos
chart: allangers-charts/memos
version: 0.3.0
version: 0.2.0
namespace: applications
inherit:
- template: default-env-values

8
installations/applications/helmfile-etersoft.yaml
View File

@ -27,14 +27,6 @@ releases:
- template: default-env-values
- template: default-env-secrets
- name: memos
chart: allangers-charts/memos
version: 0.3.0
namespace: applications
inherit:
- template: default-env-values
- name: external-service-xray
chart: ../../kustomizations/external-service-xray
installed: true

2
installations/games/helmfile.yaml
View File

@ -13,7 +13,7 @@ releases:
- name: minecraft
chart: minecraft/minecraft
namespace: games
version: 4.26.1
version: 4.25.1
inherit:
- template: ext-tcp-routes
- template: default-env-values

2
installations/pipelines/helmfile.yaml
View File

@ -26,7 +26,7 @@ releases:
- template: default-env-secrets
- name: renovate-github
chart: renovate/renovate
installed: true
installed: false
namespace: pipelines
version: 39.208.1
inherit:

145
installations/system/helmfile.yaml
View File

@ -17,14 +17,147 @@ repositories:
url: https://coredns.github.io/helm
- name: cilium
url: https://helm.cilium.io/
- name: vmware-tanzu
url: https://vmware-tanzu.github.io/helm-charts/
- name: openebs
url: https://openebs.github.io/openebs
- name: local-path-provisioner
url: git+https://github.com/rancher/local-path-provisioner@deploy/chart?ref=master
- name: istio
url: https://istio-release.storage.googleapis.com/charts
- name: zot
url: https://zotregistry.dev/helm-charts/
releases:
- name: namespaces
chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
namespace: kube-public
createNamespace: false
inherit:
- template: default-env-values
- template: default-env-secrets
- name: roles
chart: '{{ requiredEnv "PWD" }}/charts/roles'
namespace: kube-public
createNamespace: false
needs:
- kube-public/namespaces
inherit:
- template: default-env-values
- name: coredns
chart: coredns/coredns
version: 1.39.1
namespace: kube-system
inherit:
- template: default-common-values
- name: cilium
chart: cilium/cilium
version: 1.17.2
condition: base.enabled
namespace: kube-system
needs:
- kube-system/coredns
inherit:
- template: default-env-values
- name: cert-manager
chart: jetstack/cert-manager
version: v1.17.1
namespace: kube-system
condition: base.enabled
missingFileHandler: Warn
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: issuer
chart: '{{ requiredEnv "PWD" }}/charts/issuer'
namespace: kube-public
missingFileHandler: Warn
condition: base.enabled
needs:
- kube-system/cert-manager
inherit:
- template: default-common-values
- template: default-env-values
- name: metrics-server
chart: metrics-server/metrics-server
version: 3.12.2
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb
chart: metallb/metallb
namespace: kube-system
condition: base.enabled
version: 0.14.9
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- name: metallb-resources
chart: bedag/raw
version: 2.0.0
condition: base.enabled
namespace: kube-system
needs:
- kube-system/metallb
inherit:
- template: ext-metallb
- template: default-env-values
- name: traefik
chart: traefik/traefik
version: 34.4.1
condition: base.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-common-values
- template: default-env-values
- name: velero
chart: vmware-tanzu/velero
namespace: velero
version: 8.5.0
condition: velero.enabled
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- template: default-env-secrets
- template: crd-management-hook
- name: openebs
chart: openebs/openebs
condition: openebs.enabled
namespace: kube-system
version: 4.2.0
needs:
- kube-system/cilium
inherit:
- template: default-env-values
# -- Not versions since it's idnstalled from git
- name: local-path-provisioner
chart: local-path-provisioner/local-path-provisioner
condition: localpath.enabled
namespace: kube-system
needs:
- kube-system/cilium
inherit:
- template: default-env-values
- name: istio-base
chart: istio/base
condition: istio.enabled
@ -50,3 +183,13 @@ releases:
- template: default-env-values
needs:
- istio-system/istio-base
- name: zot-mirror
chart: zot/zot
version: 0.1.67
createNamespace: false
installed: true
namespace: kube-system
inherit:
- template: default-env-values
- template: default-env-secrets

13
kustomizations/kyverno/badhouseplants/pvc-patch.yaml
View File

@ -4,19 +4,6 @@ metadata:
name: replace-storage-class-by-openebs
spec:
rules:
- name: local-path-fix
match:
any:
- resources:
kinds:
- PersistentVolumeClaim
namespaces:
- registry
mutate:
patchStrategicMerge:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
- name: replace-storage-class
match:
any:

1
kustomizations/kyverno/etersoft/pvc-patch.yaml
View File

@ -13,7 +13,6 @@ spec:
namespaces:
- applications
- platform
- registry
mutate:
patchStrategicMerge:
metadata:

21
values/badhouseplants/kube-system/namespaces/secrets.yaml
View File

@ -1,21 +0,0 @@
defaultRegcred: ENC[AES256_GCM,data:lsqr2fBEosOQqYLBwps1hmgFs90zkzbdHpO8UwJWcMl1/CGkyzroACqHkL8taaOnnvwWwadIL8FU3382jamw0Xk5O51bFSBbCxTs3xd4ibwe39ha5YI6YQDHADDb/u1Yw4TctJ/h9xykXHDOL4foE5Z860e16vtMiVvniLD9OGfR6utb9gvZHE2QqZTlHR9U4PY2vLWWQMN3VRvipT7hulmOUzXMVcuBswmyDF39PvTba6Ea7A83V9h6HpqNeSA1ewKREIDOFqjhl7tIit8aQnuee58bJCTVIdg6gyR6yfu6sF22wdUlsJ7CAHtd41sbhEhWGyzJIqg=,iv:J1CfAJmNpI7lgQalYJlXs+JX5I0e6COGrsenMhvDGLA=,tag:nHkq8VF47I/9FS8uGcEyuw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWHpPUkZqbC9LaEtJYzhF
L0hIZUtOa3E4KzJDOFlwaFRVWDdJRnBtR1ZjCnVLNzhyQkdxS2dtK2lFaWRJUkJq
dThURHRTRG5GT1BqaTZRbzlUbXYzWHMKLS0tIFRSa1lkSGQrN1RGdklzYzZNU3BH
ZE0wMk1sRGg1M1lrNVFMTityK3cwK00Kbhugumz27RVo1SJjaljEbklHY6CW7xGD
UCbN0LGh5PPpN6eCbZW8dB1+/lLR9AnyYr6okrGM2iztaJQdlwRvww==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T10:24:56Z"
mac: ENC[AES256_GCM,data:xGqmh1TPg0OJLSycbnjsF4Ai844ZzlCzawQXmROpORJEiSL/3R1W+2PsBT5KcAfG7y2+Ovyk+l1FeorIPuqnbcezX9zUxMOaFXJylmwvNYXCwoihU6Yx2hg9SuFhnwINAhCLqOaRKIh8xPUaK8nRVqwJJa0jW6eCyZ5lsLtpz90=,iv:pmPfpSv3VfVz/MvTGTWoMxzkF3BvCMhK+HxEeN5pzNI=,tag:WkLcTz/WlLXmq8EojHfdlA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

37
values/badhouseplants/kube-system/namespaces/values.yaml
View File

@ -1,37 +0,0 @@
namespaces:
- name: registry
- name: kube-system
defaultRegcred: true
- name: production
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: velero
defaultRegcred: true
- name: observability
defaultRegcred: true
- name: databases
defaultRegcred: true
- name: istio-system
defaultRegcred: true
- name: applications
defaultRegcred: true
labels:
istio-injection: enabled
- name: platform
defaultRegcred: true
- name: games
defaultRegcred: true
- name: team-fortress-2
defaultRegcred: true
- name: pipelines
defaultRegcred: true
- name: public-xray
defaultRegcred: true
labels:
istio-injection: disabled
- name: org-badhouseplants
defaultRegcred: true
- name: org-allanger
labels:
istio-injection: enabled

24
values/badhouseplants/kube-system/roles/values.yaml
View File

@ -1,24 +0,0 @@
roles:
- name: xray-admin
namespace: public-xray
kind: Role
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
namespace: ["public-xray"]
bindings:
- name: woodpecker-ci
namespace: pipelines
kind: ClusterRoleBinding
subjects:
- kind: ServiceAccount
namespace: pipelines
name: woodpecker-ci
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
sa:
- name: woodpecker-ci
namespace: pipelines

2
values/badhouseplants/org-badhouseplants/app-gitea/values.yaml
View File

@ -59,7 +59,7 @@ gitea:
MAX_CREATION_LIMIT: 0
DISABLED_REPO_UNITS: repo.wiki
service:
DISABLE_REGISTRATION: true
DISABLE_REGISTRATION: false
server:
DOMAIN: gitea.badhouseplants.net
ROOT_URL: https://gitea.badhouseplants.net

33
values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
View File

@ -1,26 +1,31 @@
config:
env:
secrets:
enabled: ENC[AES256_GCM,data:bai2CQ==,iv:NG7q1ZsDpCW9Lu00fGsibpTEHGtew+l5TFOLOpljlwU=,tag:Z2/fXmsEEqhDzCdTWS/Qhw==,type:bool]
sensitive: ENC[AES256_GCM,data:n+dNXA==,iv:iFM0+5G5Bsw4NI+JH1vMMrty3Zo0El0HE9F6PEDsJrY=,tag:EcbzQHVeOHVLVC7kgaRPXw==,type:bool]
enabled: ENC[AES256_GCM,data:C4TSoQ==,iv:kG2QtaNWHSc2sdhzo8HnMnPE0Mixqs1dvFsAcke/Gw4=,tag:HhbVmIw5RQ9hipQqZ5J2pw==,type:bool]
sensitive: ENC[AES256_GCM,data:0wVOUg==,iv:FGxAd9h2e0LeWukZR/THhCscF3FWoK4dnkrX1mqSC+A=,tag:0rpeedT6x2V79WB5xRNbuA==,type:bool]
data:
SMTP_USERNAME: ENC[AES256_GCM,data:eQ4c,iv:4vX/ioHWEA6DzMwZ+23dgUN4PJ7Asz7bbufG5Fy80iI=,tag:1Mq0Hj/23T4fvGEXuNUtxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:B08urSqwYgekI6I5LDYGHbPK5n3r+woRZw==,iv:K2O9aSJLRMbK+N2lfX4ojSqhbmb9KbWsuW2DtYZHCOA=,tag:Qz0OJ7aWwC+/9d1oc38ySw==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:sKVugfrrR9L5LtozHPibGiPULiwv8pAot925Z/rQ0V/mW+DVvNPEw4odgfX596Ddmd8oV5zo5Mz8WIPUCmrVmfdoz+3YzVywEy8=,iv:npthfz4xcW6fF10RhHCF6uXH/6526l3gjZGRu+Xpylg=,tag:vsPsRZ7EIQ7FMvqJga3hhg==,type:str]
SMTP_USERNAME: ENC[AES256_GCM,data:82zb,iv:Z89+Wt6jGMQTZ73ghk1Ey504WYt2Li9XQ2gaH0SB8tI=,tag:RmqHxghik75E9LAABzyVxA==,type:str]
ADMIN_PASSWORD: ENC[AES256_GCM,data:ELi8dtNa/OhQKgrXbrgwHK95ntZjyzRSvQ==,iv:IVZbXZlFyCRMc3bW81Ak9UdjeGke0px9mGqrmaW7EHk=,tag:9xli08c0pqnxu2ktTbCMcg==,type:str]
ADMIN_TOKEN: ENC[AES256_GCM,data:CAAalqRcu9vsM1bjC76enJCSX/tc7yOd48mxGV0d5rTFxQz08b4JVhKyMzl7BRog7+PMtJkkTnRIXZHgj31FqhRylmHyuAn3iPc=,iv:PpZvZMhOEt6ecdkBcvAOSz+eZktPAzaAlYNjBSgiN/w=,tag:apHKw66HG7TYnpBNVyM7xA==,type:str]
DATABASE_URL: null
SMTP_PASSWORD: ENC[AES256_GCM,data:quvcZQKauXeW+l8xkYgVBElBQveoRWKDBA==,iv:KpQH+Ef87jl/M9XpBtIKNhn7ATHoV+Jgjpzg2Li28Kg=,tag:jniePrO7UVp/cz/eIh19mg==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:g212PzN9/4hxBKMAWFNiR0qAnPPK/tkffg==,iv:1l6dikIQGSjznW9MsaCTdz0wLJmAhiL0ZOdN2J4Q0yA=,tag:tNbPdORUa6IBWgh0HHaNjA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNnFwbWFpTWgxRk45S240
cVI5ekJXdVIwaG5NcGRPa2xTN2pFV2tyN1JBClNVMGhNL2FaM2pCK0sxbjgyalJN
MnpQeHBxY2RtWkI2c1htV3oyQmNnbVUKLS0tIGg4ZXNwaFRKNTlIRDluT3k0VDRD
Y3pIaEdFb1JwMnVrYnJ4UkpWMERmZFUKa45EvUqkvjaL85xh3gyxTeJ02IxPJf9a
TGjAvpjBrym9v++OrHn2otw1NOeZwSP1hmSCc+sa6/0yFqcU031xjQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoLys3dkJDK2lrQ0d4ZlJi
eFRTSmx1RUtZRnpxdkNvVFFCeXl6dDcvWXdvCitoNkcwVFFxRVJ6dkNUbGVPb1pU
b3E4ZjZibFF6QytNdUhXNDFLZXRpSEUKLS0tIHpZTmFXNnptVzJmZFhIU2haRWhR
UjNEN1BlREFVak1xdmQzaFY1dHVyM3cKuvMIrQUL1cuw3Odz/Cv+kZV9ZZzBozSW
XimhDSkxNrH5OsGC1Jxz/8JOv8abBs4NROzffVdyqtZZzXOLzw3mJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T10:29:47Z"
mac: ENC[AES256_GCM,data:VmYotoR4BJJv2mZ+kt+NNn+oXLKWHed0o/TkJO93/4eLUm8Wg9SPMA1ZYYe9YRfgbIhYxPlQbPPKQBv95XeOS1FFL24VyenTTP3TXWroeXxOWubko/Fp88U3glJXs5jfL5DLYKvGwTXG3tchFDwH9m6QOABX+aRxvNBEP5zXUxs=,iv:HMzuvl8YCPj9ZA5tKfExQfSbvwu4IEHz6sMLAe8g7vo=,tag:lI2fh1b7prHsBS8Snrbdtw==,type:str]
lastmodified: "2025-03-02T08:58:16Z"
mac: ENC[AES256_GCM,data:px+D6tlAZU6GzlE8/jLc0BaPyRwsfE1jRROy2mX7bhFTIW3lZqt/zangO46fFH5hXZjY5wLNIktCDbawIbUFwAp0vrmXxctZoAftl9hpdtW6ann3yfyv3pdcs7/BKu3s5QUswx6D13iLU0dvzyG4vGcQNmKpxuPQYLuDp2o74hM=,iv:2Y+wsS7QcgQ/8umZ+a21QjU25Yq24Y7UWjXVy9Gmvoo=,tag:APVtby5NCOQxrPAjIbMJ+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.0
version: 3.9.4

22
values/badhouseplants/registry/cluster-mirror/secrets.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:BWmu4bpFjlIDStIcWfpsgbm1hfxlvZAK9LabhXuAdArJzflc4VA+Dy5fJRAMu9Mv,iv:+rwtfnjJCZKPmdcUkTfklq19uSgavOKaySK/O/xd2PE=,tag:3yXa+0LbIqMDk6KLWAAN0Q==,type:str]
_mirror_password: ENC[AES256_GCM,data:0aa6fqR3+0ZY5KhRKJa0SKBcBnF/KizHXTIm2NQB,iv:DUB8ItYbT+K31XLbWzi5909RPVn9DG9HRDU120VxbdY=,tag:DniRwku2rQX44ffMn4mU6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ0U5L01iNFo5Y0t5SFo2
MXlwVDhQZ2R5QnVlUndmQ0x5L2ppU1h6aEVZCmhaUW1JY0RDMEM0T1JkZkk3TGVD
R0JjaEN0MGxVV1RIZUxkbjgzMTlTMmsKLS0tIFdDNW8xaWsxamFvUGRFaVZsVUV4
S3ZiYTJGOUFzZlNwSUZvNGtmSFNpczQK/npaHLqHSxMnCXNvDFw0eB9KfMJ7bWfV
ZuteeaXG+eZNX4l1ZY1pLNUv9kui4oXI8payp7sTZJI6WYZCQz6Oaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T20:50:16Z"
mac: ENC[AES256_GCM,data:XtX4NUZ9PCdAFckdlygywFQ8vJRAszOjqPItr0MNRM0ndk/PkYYGzY0phMan7FgxY3Cz5XMJcv/MEogLedM+uH5vMbsOpRY49jpILMORL3Ni1tZFG5Px5NbfExGQmjFyefotRzCHlsUSTZEHlBIp4+FeBI41CgBbLw45rEoneL8=,iv:Ilk7TXqKSSV5WYnptLRaOk/lwwHHLesbSslOCarlVEA=,tag:vWXe+r3tHXoMtWYeJN9T0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

0
values/badhouseplants/platform/external-dns/secrets.yaml → values/badhouseplants/secrets.external-dns.yaml
View File

0
values/badhouseplants/platform/minio/secrets.yaml → values/badhouseplants/secrets.minio.yaml
View File

21
values/badhouseplants/secrets.namespaces.yaml Normal file
View File

@ -0,0 +1,21 @@
defaultRegcred: ENC[AES256_GCM,data:QpL9wlCjErkjp16vsOAcsDA539EguT48JPb24oi6VexbbRm3cBVz9KDlrVhhbt1Uk8hMkbHfN+SQT+OQL38EW6fJiQ2CJ6JbVuyNXeolErxbeV2V9dWegiSjcekgS+tqs0YmshdfUpMFXIpmHWAsW2hty40b6+WE1iAmSf0NgrdYTG+ctMtetCIpiLwy3vgiBc581h0kmAxC3QCDVXIxtw0p0mtF3iHZmQv78FEd9CseTPH0jVlaoucM3mRPKNFi5j7sGQtrevYfPZpynpufTRLSkW84NddXbpk1gzFn5fbENjS1b0vrInqVkS0KMmewOGwf6coL0uELFclRQua1YO7hW5uVKZyUCn9UpCMFHWI=,iv:Vr6x3YFd7UGqId1PQOJqJmpSWxlalIcQdsfwCmQkdQo=,tag:rtFEPOYSzf7M8vTwe3hxtA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTSs0WkNIdlhxVURXcU5u
WDMzb000cUE5TnpPajRHZnZLblpKY0RUZmlnCnNpbno2VUVHb1g2cy9XUEV2eHdz
QWI0VVVJSllIRHdRZFdlRmFOckVmV2MKLS0tIDJER2UrTXArblBnckxJY3hSaXZk
Tk5SK3Y2YVBPem1HVjI1ejhaK2tmTVkKgfdOUiERRABkvvYLe3P7hAOoc97dNmnF
rAwK+FrRrAnfeG2R9RegocbDv64ieB1vwJpW2LeainGchn9opNjeeQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T19:22:13Z"
mac: ENC[AES256_GCM,data:JYkxfsrFgYHrxQTPh4uZ1RIqexJnaYefRWzYFzpE6Or2in/UBDG+UghYtbld8+wI6xSMMwfh8BgmOwUWWhqzCwzHEVaiNjRUNisw/epdbKwCuou1h6m4e8vid8NG8+FttWK2QvIzEKM9ONTJPcoCRjiKIBH7dGBAeCjAOJy6PlA=,iv:n26YeGhiZ80SQYfFUA5Lv0THDTPYvOvWoU23nTut7Qw=,tag:C3ij7ClL2ra6hutcTtbP9g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

35
values/badhouseplants/secrets.renovate-github.yaml
View File

@ -1,17 +1,22 @@
secrets:
RENOVATE_TOKEN: ENC[AES256_GCM,data:ohd4EhTlhRpQ+IXVf1Nb73+h0VHrMZduPhkbm53s3/+HRKUZd7JepA==,iv:qtbH0lz9Li+jjWcef6JGRpbcsOGlG+e3TNHDukAK2HE=,tag:KVmari0LUGHVb61VSFtgXw==,type:str]
RENOVATE_TOKEN: ENC[AES256_GCM,data:NwkAP50vrUc7dVB0wyWTgFDd+axltTqdyXuXFHHkmO2VF4QyV/svsw==,iv:kr53r5w7lVo9luC36mHghZ8fabo6/da8vLFEzhEOgDE=,tag:UnGnSXuvwlSzVuL6pEUXsw==,type:str]
sops:
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TGozODRjVzQvdzlvSE5s
RTlReWNSWDlzUVVLVmZXV1c3dWVwUU9hbWw4CnJUL20yTFpHMUJFWTdYQ2JWUisx
Y0djU2FhaEtVSTlRWEY3Z0RnOUhVVjAKLS0tIEZEUjhqUTRtTEo0L3haWFlRT2JS
QTFVWU5RSTBldzBjalg1TFBDY3hGUEEKCH1rY+tGtRNGMYrfSjqXbVsrPAleVHDO
Altiz0ceC5ODo01zwBf63vDVqjZtbIQNZ8oQ8Pjlktp3jCpL7JNK9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T08:52:26Z"
mac: ENC[AES256_GCM,data:6PyWgR3f7lnen5Jun04Tsw1P7rcAgTSuF+YEh0fq3r3xHvQYFGesfEO4PHLfCGYtjyyCeyzpwBUIoUHTmI5tRYjLwjwRiIu/GH75eSLOx0y0gYMl8JUeaPxSpPvElpii3XAm7vKEJhTR9QzNuzduf0Q1JdlR6TM68XM8g78zeSc=,iv:CqTrPYoLg4IgW5zTsIcmGQUg5RfK+IQmxeQIQbd6oqk=,tag:P8Je5EhAv5TqqT77nPwlHw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZDVVZm1UallMRzJpRVF0
b2dHaUJlQldOeHN5RVhydm5oaG52ZG95SVVzCkZ0enk4Mit4KzV6Z0ErTmxhU29W
R0p6NVBiRjFSU0NWUjNKdGU2WXdrcFUKLS0tIHFURlFVLzJ5NkJVRVpCV2I5U2E4
dE1VWExmY0xEdVlrZW8wRzlPRkVrRzAKVZHyy3AGktGuv7KEQX/M0xjyU/7FpgSB
OrWzXXds9h8PWC/19FU2puvdIER1G/2CajEq0PQmaC9YMvb8nLMv0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-14T08:08:22Z"
mac: ENC[AES256_GCM,data:5FV7wwVyhB1UQOLW+iYyeImXAPv3dtTlw3Qjg2rBVBmbC8vHNpXFWloBhFeTSN4VAEjxm5tqACdP3IfNkrVT1SnYeySh6Xl/sdcAuAIao7uMjLDT/MK02AcS55T9pt7h+H4nkdNatMAX7jLKbHJwNoAnL5a/FgX+gKizAg4PRHc=,iv:7HRq2xMClJXYF2S9SQeYLZwCn2EOEc4JkEFzgze2e20=,tag:Fb3fm+wlnywr0hBfw5xyQQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

0
values/badhouseplants/velero/velero/secrets.yaml → values/badhouseplants/secrets.velero.yaml
View File

0
values/badhouseplants/platform/external-dns/values.yaml → values/badhouseplants/values.external-dns.yaml
View File

13
values/badhouseplants/values.istiod.yaml
View File

@ -0,0 +1,13 @@
pilot:
resources:
requests:
cpu: 50m
memory: 2048Mi
global:
proxy:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
memory: 128Mi

37
values/badhouseplants/values.memos.yaml
View File

@ -7,29 +7,20 @@ ext-database:
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
base:
workload:
containers:
memos:
envFrom:
main: {}
raw:
- secretRef:
name: memos-postgres16-creds
storage:
data:
metadata:
annotations:
volume.kubernetes.io/selected-node: bordeaux
storageClassName: openebs-hostpath
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
ingress:
main:
metadata:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

2
values/badhouseplants/platform/minio/values.yaml → values/badhouseplants/values.minio.yaml
View File

@ -56,7 +56,7 @@ consoleService:
port: '9001'
resources:
requests:
memory: 1Gi
memory: 2Gi
buckets:
- name: badhouseplants-net
policy: download

20
values/badhouseplants/values.namespaces.yaml Normal file
View File

@ -0,0 +1,20 @@
namespaces:
- name: kyverno
- name: velero
- name: observability
- name: databases
- name: istio-system
- name: applications
labels:
istio-injection: disabled
- name: platform
- name: games
- name: team-fortress-2
- name: pipelines
- name: public-xray
labels:
istio-injection: disabled
- name: org-badhouseplants
- name: org-allanger
- name: kube-system
defaultRegcred: true

1
values/badhouseplants/kube-system/openebs/values.yaml → values/badhouseplants/values.openebs.yaml
View File

@ -1,7 +1,6 @@
localpv-provisioner:
hostpathClass:
isDefaultClass: true
zfs-localpv:
crds:
zfsLocalPv:

0
values/badhouseplants/kube-system/traefik/values.yaml → values/badhouseplants/values.traefik.yaml
View File

0
values/badhouseplants/platform/uptime-kuma/values.yaml → values/badhouseplants/values.uptime-kuma.yaml
View File

11
values/badhouseplants/velero/velero/values.yaml → values/badhouseplants/values.velero.yaml
View File

@ -1,3 +1,10 @@
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.11.0
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
configuration:
logLevel: error
repositoryMaintenanceJob:
@ -10,7 +17,7 @@ configuration:
backupStorageLocation:
- name: hetzner
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.1
plugin: velero/velero-plugin-for-aws:v1.11.0
bucket: badhouseplants-backups
accessMode: ReadWrite
credential:
@ -24,7 +31,7 @@ configuration:
checksumAlgorithm: ""
- name: etersoft
provider: aws
plugin: velero/velero-plugin-for-aws:v1.11.1
plugin: velero/velero-plugin-for-aws:v1.11.0
bucket: velero
accessMode: ReadWrite
credential:

14
values/badhouseplants/values.zot-mirror.yaml
View File

@ -135,19 +135,6 @@ configFiles:
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/quay"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
@ -158,3 +145,4 @@ secretFiles:
htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi

3
values/common/istio-system/istio-base/values.yaml
View File

@ -1,3 +0,0 @@
global:
imagePullSecrets:
- regcred

16
values/common/istio-system/istiod/values.gotmpl
View File

@ -1,16 +0,0 @@
pilot:
resources:
requests:
cpu: 50m
memory: 256Mi
global:
hub: {{ .Values.registry }}/istio
imagePullSecrets:
- regcred
proxy:
resources:
requests:
cpu: 20m
memory: 54Mi
limits:
memory: 54Mi

19
values/common/kube-system/cert-manager/values.gotmpl
View File

@ -1,19 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-controller
cainjector:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-cainjector
webhook:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-webhook
acmesolver:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-acmesolver
startupapicheck:
image:
repository: {{ .Values.registry }}/jetstack/cert-manager-startupapicheck
{{- end }}

25
values/common/kube-system/cert-manager/values.yaml
View File

@ -1,25 +0,0 @@
crds:
enabled: true
resources:
requests:
cpu: 30m
memory: 100Mi
limits:
memory: 100Mi
cainjector:
resources:
requests:
cpu: 20m
memory: 150Mi
limits:
memory: 150Mi
webhook:
resources:
requests:
cpu: 50m
memory: 150Mi
limits:
memory: 150Mi

24
values/common/kube-system/cilium/values.gotmpl
View File

@ -1,24 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry }}/cilium/cilium
useDigest: false
envoy:
image:
repository: {{ .Values.registry }}/cilium/cilium-envoy
useDigest: false
operator:
image:
repository: {{ .Values.registry }}/cilium/operator
useDigest: false
hubble:
tls:
auto:
method: certmanager
certValidityDuration: 14
certManagerIssuerRef:
group: cert-manager.io
kind: Issuer
name: selfsigned
{{- end }}

8
values/common/kube-system/cilium/values.yaml
View File

@ -1,8 +0,0 @@
operator:
replicas: 1
endpointRoutes:
enabled: true
ipam:
ciliumNodeUpdateRate: "15s"
operator:
clusterPoolIPv4PodCIDRList: ["192.168.0.0/16"]

17
values/common/kube-system/issuer/values.yaml
View File

@ -1,17 +0,0 @@
clusterIssuers:
badhouseplants-issuer-http01:
spec:
acme:
email: allanger@badhouseplants.net
preferredChain: ""
privateKeySecretRef:
name: badhouseplants-http01-issuer-account-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: traefik
issuers:
selfsigned:
spec:
selfSigned: {}

17
values/common/kube-system/local-path-provisioner/values.gotmpl
View File

@ -1,17 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/rancher/local-path-provisioner
helperImage:
repository: {{ .Values.registry }}/library/busybox
imagePullSecrets:
- name: regcred
{{- end }}
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

1
values/common/kube-system/metallb-resources/values.gotmpl
View File

@ -1 +0,0 @@
addresses: "{{ .Values.main_ip }}-{{ .Values.main_ip }}"

15
values/common/kube-system/metallb/values.gotmpl
View File

@ -1,15 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
imagePullSecrets:
- name: regcred
controller:
image:
repository: {{ .Values.registry }}/metallb/controller
speaker:
image:
repository: {{ .Values.registry }}/metallb/speaker
frr:
image:
repository: {{ .Values.registry }}/frrouting/frr
{{- end }}

6
values/common/kube-system/openebs/values.gotmpl
View File

@ -1,6 +0,0 @@
global:
imageRegistry: {{ .Values.registry }}
localpv-provisioner:
imagePullSecrets:
- name: regcred

8
values/common/kube-system/traefik/values.gotmpl
View File

@ -1,8 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
deployment:
imagePullSecrets:
- name: regcred
image:
registry: {{ .Values.registry }}/library
{{- end }}

7
values/common/kyverno/kyverno/values.gotmpl
View File

@ -1,7 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
global:
image:
registry: {{ .Values.registry }}
imagePullSecrets:
- name: regcred
{{- end }}

7
values/common/platform/external-dns/values.gotmpl
View File

@ -1,7 +0,0 @@
global:
imagePullSecrets:
- name: regcred
image:
repository: {{ .Values.registry}}/external-dns/external-dns

6
values/common/platform/keel/values.gotmpl
View File

@ -1,6 +0,0 @@
image:
repository: {{ .Values.registry }}/keelhq/keel
imagePullSecrets:
- name: regcred

9
values/common/platform/minio/values.gotmpl
View File

@ -1,9 +0,0 @@
image:
repository: {{ .Values.registry }}/minio/minio
imagePullSecrets:
- name: regcred
mcImage:
repository: {{ .Values.registry }}/minio/mc

6
values/common/platform/uptime-kuma/values.gotmpl
View File

@ -1,6 +0,0 @@
image:
repository: {{ .Values.registry }}/louislam/uptime-kuma
imagePullSecrets:
- name: regcred

175
values/common/registry/cluster-mirror/values.gotmpl
View File

@ -1,175 +0,0 @@
image:
repository: ghcr.io/project-zot/zot
tag: v2.1.3-rc4
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
pathtype: Prefix
hosts:
- host: {{ .Values.registry_url }}
paths:
- path: /
tls:
- secretName: {{ .Values.registry_url }}
hosts:
- {{ .Values.registry_url }}
service:
type: ClusterIP
persistence: true
pvc:
create: true
lavels:
velero.io/exclude-from-backup: true
mountConfig: true
mountSecret: true
strategy:
type: Recreate
configFiles:
config.json: |-
{
"distSpecVersion": "1.1.1",
"storage": {
"dedupe": true,
"gc": true,
"rootDirectory": "/var/lib/registry",
"retention": {
"dryRun": false,
"delay": "24h",
"policies": [
{
"repositories": [
"**"
],
"deleteReferrers": false,
"deleteUntagged": true,
"keepTags": [
{
"mostRecentlyPulledCount": 2
}
]
}
]
}
},
"http": {
"address": "0.0.0.0",
"port": "5000",
"externalUrl": "https://{{ .Values.registry_url }}",
"auth": {
"htpasswd": {
"path": "/secret/htpasswd"
}
},
"accessControl": {
"metrics": {
"users": [
"admin"
]
},
"repositories": {
"**": {
"anonymousPolicy": [],
"policies": [
{
"users": [
"mirror_user",
"overlord"
],
"actions": [
"read",
"create",
"update",
"delete"
]
}
]
}
}
}
},
"log": {
"level": "warn"
},
"extensions": {
"scrub": {
"enable": true
},
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
},
"mgmt": {
"enable": false
},
"sync": {
"enable": true,
"registries": [
{
"urls": [
"https://quay.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://ghcr.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://docker.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
},
{
"urls": [
"https://registry.k8s.io"
],
"content": [
{
"prefix": "**",
"destination": "/containers"
}
],
"onDemand": true,
"tlsVerify": true
}
]
}
}
}
secretFiles:
htpasswd: |-
overlord:$2y$05$RhAeAsFY32y8h0japhT72.SQTPXgHc54RCp4CZ4Udsg2.iQxJVeZ.
mirror_user:$2y$05$PkvVMY04ZGvuGUXkrez7peyXevl63ugFbdxZ.ON1G/Tof/0Uf5vZi

8
values/common/kube-system/coredns/values.gotmpl → values/common/values.coredns.yaml
View File

@ -1,22 +1,16 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/coredns/coredns
repository: registry.badhouseplants.net/dockerhub/coredns/coredns
pullSecrets:
- name: regcred
{{- end }}
service:
clusterIP: 10.43.0.10
replicaCount: 2
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
memory: 128Mi
servers:
- zones:
- zone: .

12
values/common/values.issuer.yaml Normal file
View File

@ -0,0 +1,12 @@
name: badhouseplants-issuer-http01
spec:
acme:
email: allanger@badhouseplants.net
preferredChain: ""
privateKeySecretRef:
name: badhouseplants-http01-issuer-account-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: traefik

19
values/common/kube-system/metallb/values.yaml → values/common/values.metallb.yaml
View File

@ -1,22 +1,23 @@
controller:
enabled: true
logLevel: warn
image:
repository: quay.io/metallb/controller
tag:
pullPolicy:
strategy:
type: RollingUpdate
securityContext:
runAsNonRoot: true
# nobody
runAsUser: 65534
fsGroup: 65534
resources:
requests:
cpu: 20m
memory: 150Mi
memory: 100Mi
limits:
memory: 150Mi
memory: 100Mi
livenessProbe:
enabled: true
failureThreshold: 3
@ -36,13 +37,17 @@ speaker:
enabled: true
logLevel: warn
tolerateMaster: true
image:
repository: quay.io/metallb/speaker
tag:
pullPolicy:
securityContext: {}
resources:
requests:
cpu: 30m
memory: 350Mi
memory: 300Mi
limits:
memory: 350Mi
memory: 300Mi
livenessProbe:
enabled: true
failureThreshold: 3

2
values/common/kube-system/metrics-server/values.gotmpl → values/common/values.metrics-server.yaml
View File

@ -1,5 +1,5 @@
image:
repository: {{ .Values.registry }}/metrics-server/metrics-server
repository: registry.badhouseplants.net/k8s/metrics-server/metrics-server
imagePullSecrets:
- name: regcred
apiService:

6
values/common/kube-system/traefik/values.yaml → values/common/values.traefik.yaml
View File

@ -1,11 +1,13 @@
globalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
ports:
web:
redirections:
port: websecure
deployment:
replicas: 2
imagePullSecrets:
- name: regcred
image:
registry: registry.badhouseplants.net/dockerhub/library

26
values/common/velero/velero/values.gotmpl
View File

@ -1,26 +0,0 @@
{{- if not (env "HELMFILE_BOOTSTRAP") }}
image:
repository: {{ .Values.registry }}/velero/velero
imagePullSecrets:
- regcred
kubectl:
image:
repository: {{ .Values.registry }}/bitnami/kubectl
initContainers:
- name: velero-plugin-for-aws
image: {{.Values.registry}}/velero/velero-plugin-for-aws:v1.11.1
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
{{- else }}
initContainers:
- name: velero-plugin-for-aws
image: velero/velero-plugin-for-aws:v1.11.1
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
{{- end }}

21
values/etersoft/kube-system/namespaces/secrets.yaml
View File

@ -1,21 +0,0 @@
defaultRegcred: ENC[AES256_GCM,data:YJfoPG9G4PBdkoGCGa/Q/GANcPrl15SnKZKZfkKuJmaOUo16c8la86D3M6ZRv3FPtpT57ZQAuru8aybLqk6bwi202CMuIDFxn8qTiAE/YLtPPpnIricyvOnI+ig4QZVxHb3Ewb6kBompw0wdaogUfXnQvVt39SdFkg04KZJu63xIMguPlgGR6ltW6lT/N//eadzSYaC9DT3L4KmfKhayNG1xuq2wL5NdD5t/jSfjonO7pgf5XrXY8XJGlHwDN4pdlas8Sto2SNWKg33cWutghXeqO7RpBe7fiJFgI2YzCoo992xPjwDoqLtxaZsgvXmh52Q8qTn/SF8bD9Sh3cLGDA==,iv:i0pyAYa7+pIkSfBbzr/omnPgBn/60wg/Egv4i8i56EU=,tag:ULVYyUme23ItIq4G9rYiKg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S3p6SGxZZzFrNjBvSWRO
OU5XaFhrMW9IMldELzJCWGRTdVRONGM0OVRBCkhXalIvMk9NY0NtdWtlTTBwUFE0
blVaRWdrMUpFVlg5aldUd2RybFZ1SGcKLS0tIFE1WS9MR0pDRUtwSWFQOGxydzV2
cUZubjVHWlhkUU5BZUlQVnF2Wk5jZjQKn9A+rb/ZPCFRDjLPzf/xvUcZ5IjASl7r
fS2hcY7eFm7zdv3g85Iu9ivg4bIcn5U6R02izTWCBGbPIdDFtFbWwg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T10:24:28Z"
mac: ENC[AES256_GCM,data:T3IuMQKtpbmy2NbjZZmn56yvf8mt/Ef09ZD8zmUJijVGEeUTbbtQ/39WhXSXNWI0HZuz4nGkOzhgbTrotlHByxK6/z2rLeykHNB+WFGL4jYgwoJM4vtJpCL14xGlWHPr9dyz/IZP1oG21FHHsFJjdQ/WUzOMAkcLyieuQx78h6U=,iv:6GpX7zeIkEFvG1lyRw5m1X9/ngts5JhKGcVUGn9L8Mo=,tag:320EfivP9O2pwyWOYkqtKQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

12
values/etersoft/kube-system/namespaces/values.yaml
View File

@ -1,12 +0,0 @@
namespaces:
- name: registry
- name: kube-system
defaultRegcred: true
- name: applications
defaultRegcred: true
- name: platform
defaultRegcred: true
- name: kyverno
defaultRegcred: true
- name: istio-system
defaultRegcred: true

1
values/etersoft/kube-system/roles/values.yaml
View File

@ -1 +0,0 @@
roles: []

23
values/etersoft/platform/external-dns/secrets.yaml
View File

@ -1,23 +0,0 @@
env:
- name: ENC[AES256_GCM,data:I+XVWWOUmm7Cd4mQ,iv:rfUzb5HMPVyNfzkCP2frVDxD+v4lTPzILRifcS3uG6s=,tag:1sXONdAjMZ85S8abMVZM1A==,type:str]
value: ENC[AES256_GCM,data:h8sYBvFfm7uFoklqXE7QLNkikl1ihHz/KN4uYiZlRJBZkiUBbTk/Vg==,iv:/y6RdHVWwwBym5HiBaxEatTWG7I/gNY9ZIaQc4bk9h0=,tag:PytkOjvY3fy6XeLNmGPrXA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra0RUWVFDUXN0ejAxemE2
VFlRcEtLNDJUblA3ZmoyMExPWWpjZzlVYjJzCnZVZDNSbnpjcFRUQ0hOMWxLNUZi
RTg5Z2JVZzVoVFVYSVErcWdnbHVvVVkKLS0tIHdZMjVsc3lHRzlJODRWSEh0Wm8w
M09rOXZ3OHZVUUVlWWIwaTN0Z2RqRmcKe1ny6FJIFwR6Un0HBFZK2KXkzUQA63rU
JR7mpEzr2h2oXxOmyc7HeFFi2R66zendFzfhNcvSlm2L5td2Pnxyxg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-16T14:21:42Z"
mac: ENC[AES256_GCM,data:SNHNvmPCt/6Xwd6xoCh5uHF1erhWpTfzEQ/krTvYtByvT7XvDtXjtslJqAa8RkNPl2QV34epWcj/Ff6xud9tvLdAR4Gj4MPJD8WBLUUFul4rvoXfaHyHhSanYmiOhdF0mArE81qsBY918LFS5fdWMrxCNDrHbDtW76KBoLcDUto=,iv:8/ZxjrER1151RGjSdICVjj8ptyQn60SInakqABXWQZE=,tag:/bQsE3TCXoMbXoAF1UErOw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

13
values/etersoft/platform/external-dns/values.yaml
View File

@ -1,13 +0,0 @@
provider:
name: cloudflare
domainFilters:
- badhouseplants.net
policy: sync
txtOwnerId: eter
txtPrefix: eter-ext-dns-
logFormat: json
logLevel: info
sources:
- service
- ingress
- crd

38
values/etersoft/platform/minio/secrets.yaml
View File

@ -1,38 +0,0 @@
rootPassword: ENC[AES256_GCM,data:kxg0YirkjeeTaKueH1G4RijoLjLGxHJP2w==,iv:FM83CGAl7E/xEh9k+GPy/z5apxlAb6/HEhznGcUcu64=,tag:Obw7iPuQltcaWwjZfAh7xQ==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:h01uNoYYTNs=,iv:YkdniZm4pFzcEa+MfXazBClz6RrnYjzAh+3IbnVE0nQ=,tag:SFZ8HnM8N99CNLvEnWBXqA==,type:str]
secretKey: ENC[AES256_GCM,data:sr33gCJYEd2k7bbZNHKVgvOmUN235YJoUg==,iv:hGFkM9cS0cv+GOWpxn1YPjDJBqSZl3RHRrUM9TQt0A0=,tag:Uu7ItlGDxayQhG9vmSNp/Q==,type:str]
policy: ENC[AES256_GCM,data:QPL12F5ZWVI=,iv:wXBHgWlI6kFvGH6rp5pLEEcT7S2i58K3Pwa4D4407ks=,tag:JckGYguaJfvHK/sgSuKICQ==,type:str]
- accessKey: ENC[AES256_GCM,data:oJrvlRNB,iv:RTYdPqj5Q77NvJIUsRw7PA/7yhZ1YzjRWCYfvshXoCU=,tag:5gtdnE9cIUvZWWpQsO+2oA==,type:str]
secretKey: ENC[AES256_GCM,data:nZGlehkE2OhNjXLZk/4syI/xKRGmRmzltw==,iv:24Q/OVU2Rtz5ZmUcgJ6ZsOfXv97PXHL9456C5ccsVAA=,tag:xbU/qLleiUwUBzB1dU6/Ew==,type:str]
policy: ENC[AES256_GCM,data:eC7ZPjG/,iv:cEbFEZygJ7ntGA174A3p/RXhjK1QFVY1ldLiZFsaJ8M=,tag:cknvoIX5NONoni1mInssgg==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:ZzHQSw==,iv:pAM6Sg5FOqk3OevwXxNz6+HoA+S9JKn3qXKBrvtQOjw=,tag:jIjUzOpsDTrmWXnVQZvOLQ==,type:bool]
configUrl: ENC[AES256_GCM,data:wM3MMDLR0hD0moLuOJbVV0FXEAcRpGQCiWZHIRfaer5WzSAnQH/8/PVkOnFy16uzsAf1IFbQIOjaXDw1alv3WxczIKpfXiR8mfNI013fCs+tURdOPCSdziQf9G1+sar9/Fs=,iv:95nxS+kP5Ml3WWbN6kGQxH0E/hLDUMp664OrQVZhH80=,tag:0PvfH+J9SQGwBJ/Kh7zgCA==,type:str]
clientId: ENC[AES256_GCM,data:UlETcj+fUPFDh2thR2Q=,iv:EF5QHrfstIqT5MYvrkQkUtcquG9SIsruYKSaR9adz5E=,tag:/yYOxzIIgoCRqsFSHyQanw==,type:str]
clientSecret: ENC[AES256_GCM,data:elh+rgMPMxJ3Tf+ufv4FBVQRBY+HeWbaSz4Mjx+CQIGzVBYDw2TaImgZbdIN7X+tVRdKjBUad7Bd4VUZoZt8kIacT4usJRQC9qErhMjnuT+OGzq6mSpXMztAzbGpL76L44S893sRkUkVwDpA6p4vqPSe5vMiaXZZAANIrhIDcRo=,iv:FIr6pRpJ3FlRchQs2Hg25bJu4HFYSy9HFiDhOPDPang=,tag:0pWGuHVwrlm11SqFKYj5ag==,type:str]
claimName: ENC[AES256_GCM,data:EOYQcSX7,iv:7ELctRaFlUmE/I9ExsLjMSCOrwLyTrJt5RQeDMqcZXI=,tag:CAEcRcWu0jkHxIdWFwoQvA==,type:str]
redirectUri: ENC[AES256_GCM,data:ek2cRHXtOCy9yNRrCyW6GFULz9ql7vzFIYc/7OBBlqQZmzMVEiNJ0B8Wej5TELIJ+do=,iv:IMr3J6Vcs7mT+agAcwaV8av7PUuOtvCdvLOOIKYwN2U=,tag:hLgtwpqtgsyoIF574C8UYA==,type:str]
comment: ENC[AES256_GCM,data:io98WZF69zRwoaDz1WXgb3gJ+Ac=,iv:Uw3p8734k25N+GZhQQ225Ye5mJInR4LcJ9LPcppEsgY=,tag:hvx6FxcwajTmC4gQGErWmQ==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:mK8Vczvi5SSVPW6k9pLx2aOaXUdfujXE1G77,iv:M8TxsGfsnvdRyBo94JitBnx366MuRY5Q6vLNmCs0hp8=,tag:YaobqJvS7u6B9x0MN5VMzA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFYlFwMzFCaG8wbk5ZcDI4
OU93MVNoZGNyL0h0WFhRM254eDF6Y2FkZjMwClJEcHNZcFVlaTB4eDlsMm5QaEYy
NE0rd3EzUytaVEc5Y3I0MUpJWnI1NkUKLS0tIHBlS1dKMG9kcXpJSHMzbDhXcGJx
OXIvTU1uSVFXenF5QU82VHFta3ZmS0UK86P5geFl4PEMgKqBW2AlQfyTjT84TRfE
NjjFcpeFsUa3GoSm+NHxjzXbEEWkQsVsLWqS48IAPhOiICyWPwiznA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-20T16:42:14Z"
mac: ENC[AES256_GCM,data:DyBFmjgWcRCkEEpuDUL2M4w6DcJ+YiVaUZcCuHReTKZRuE0BcYn8TCKYqaILKM4B0ClLK4aYH194ZNysEMDoAVDnLaTWPa3as8dW8mwpeaPmV80CbnKsRLMajwWJi7T8LBYrHaSSZx8eCRHvXFaB3u8B7t31vmzwutlpu5BKQqc=,iv:RzcPzF0rrSVZNSuG/Juv/gFtSdPqgImU+jO0Z3oQVzQ=,tag:KkEecRrbBDImiTBhn4T0pQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

119
values/etersoft/platform/minio/values.yaml
View File

@ -1,119 +0,0 @@
ingress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- s3.ru.badhouseplants.net
tls:
- secretName: s3.ru.badhouseplants.net
hosts:
- s3.ru.badhouseplants.net
consoleIngress:
enabled: true
ingressClassName: traefik
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
path: /
hosts:
- minio.ru.badhouseplants.net
tls:
- secretName: minio.ru.badhouseplants.net
hosts:
- minio.ru.badhouseplants.net
rootUser: "overlord"
replicas: 1
mode: standalone
environment:
MINIO_SERVER_URL: "https://s3.ru.badhouseplants.net"
tls:
enabled: false
certSecret: ""
publicCrt: public.crt
privateKey: private.key
persistence:
annotations:
volume.kubernetes.io/selected-node: yekaterinburg
storageClass: local-path
enabled: true
accessMode: ReadWriteOnce
size: 60Gi
service:
type: ClusterIP
clusterIP: ~
port: "9000"
consoleService:
type: ClusterIP
clusterIP: ~
port: "9001"
resources:
requests:
memory: 2Gi
buckets:
- name: velero
policy: none
purge: false
versioning: false
- name: xray-public
policy: download
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
policies:
- name: allanger
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: velero
statements:
- resources:
- "arn:aws:s3:::velero"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::velero/*"
actions:
- "s3:*"
- name: Admins
statements:
- resources:
- "arn:aws:s3:::*"
actions:
- "s3:*"
- resources: []
actions:
- "admin:*"
- resources: []
actions:
- "kms:*"
- name: DevOps
statements:
- resources:
- "arn:aws:s3:::badhouseplants-net"
actions:
- "s3:*"
- resources:
- "arn:aws:s3:::badhouseplants-net/*"
actions:
- "s3:*"

20
values/etersoft/platform/uptime-kuma/values.yaml
View File

@ -1,20 +0,0 @@
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
hosts:
- host: uptime.ru.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: uptime.ru.badhouseplants.net
hosts:
- uptime.ru.badhouseplants.net

22
values/etersoft/registry/cluster-mirror/secrets.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:BWmu4bpFjlIDStIcWfpsgbm1hfxlvZAK9LabhXuAdArJzflc4VA+Dy5fJRAMu9Mv,iv:+rwtfnjJCZKPmdcUkTfklq19uSgavOKaySK/O/xd2PE=,tag:3yXa+0LbIqMDk6KLWAAN0Q==,type:str]
_mirror_password: ENC[AES256_GCM,data:0aa6fqR3+0ZY5KhRKJa0SKBcBnF/KizHXTIm2NQB,iv:DUB8ItYbT+K31XLbWzi5909RPVn9DG9HRDU120VxbdY=,tag:DniRwku2rQX44ffMn4mU6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ0U5L01iNFo5Y0t5SFo2
MXlwVDhQZ2R5QnVlUndmQ0x5L2ppU1h6aEVZCmhaUW1JY0RDMEM0T1JkZkk3TGVD
R0JjaEN0MGxVV1RIZUxkbjgzMTlTMmsKLS0tIFdDNW8xaWsxamFvUGRFaVZsVUV4
S3ZiYTJGOUFzZlNwSUZvNGtmSFNpczQK/npaHLqHSxMnCXNvDFw0eB9KfMJ7bWfV
ZuteeaXG+eZNX4l1ZY1pLNUv9kui4oXI8payp7sTZJI6WYZCQz6Oaw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-27T20:50:16Z"
mac: ENC[AES256_GCM,data:XtX4NUZ9PCdAFckdlygywFQ8vJRAszOjqPItr0MNRM0ndk/PkYYGzY0phMan7FgxY3Cz5XMJcv/MEogLedM+uH5vMbsOpRY49jpILMORL3Ni1tZFG5Px5NbfExGQmjFyefotRzCHlsUSTZEHlBIp4+FeBI41CgBbLw45rEoneL8=,iv:Ilk7TXqKSSV5WYnptLRaOk/lwwHHLesbSslOCarlVEA=,tag:vWXe+r3tHXoMtWYeJN9T0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

22
values/etersoft/secrets.zot-mirror.yaml
View File

@ -1,22 +0,0 @@
authHeader: ENC[AES256_GCM,data:nmlP0vRoKJRivvwJArnEO26sqIwFtnK5MYVPJBBCmAGCPpe/U00gYu6JET0gPqGV,iv:+GZwWrxoWw0mAZxZdITBLtHgRKYIyaj/NQwHbD8KppA=,tag:MAer3FiaBxyNwJr0BbDtow==,type:str]
_mirror_password: ENC[AES256_GCM,data:W2xy2RMmD4d6N+DNceIgtDGUpygOGEbWgGa9Icsy,iv:YsQfm/EmBYY35q2irlZ2rmzkbJzlFnfgMSEKq0G1I5o=,tag:7rNG02Wm9g8GUXeM4nTHqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVUlyVFZWcWFuWnEyS2Nv
Tkx6aTZKY1czQ25RTHhKNWNNQ0xIaWJLb1VFCkdoT0RBTW9EWG8zbzYxekdsUEY2
bE9nQUthV3NCa0kzRnBwZ2U2MWlVNzAKLS0tIFY4RVJDM05ZVmR3NEt5YUlpOWZa
ZVc1bmJnU1o4U3NGaGN0Sk90YTR0ckkK8gmkHty4Gwt4vuVK3xhWWg4h/EgvJULh
Trgn0lzx2pCThg/+82u5J1T/QLXdbbDFFFwGldiMwNjZQfpOmrZpVw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T21:04:45Z"
mac: ENC[AES256_GCM,data:cTN6wq1m1XtsfNujCfQ4nKtX1Pkc8MFCipUeScDLJUuZZwg4St0h1OkYtYJBWeVSt3CSjjexQpb7Oi9K8wukboIVevaIj0BTT1hkf2ZUFeIV8W62mtftfdRex0yJ/4h1gTZaYBhHEw+qD6r+XvavDs1m22FF5RuF+5qfGUEWA4I=,iv:RsVuXbLVfZSJ7AkIvEdf7H2auFTiqXgpXLe/LbATAo8=,tag:1V5eIiJzjzv4C1JNNf5Quw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

12
values/etersoft/values.issuer.yaml Normal file
View File

@ -0,0 +1,12 @@
name: badhouseplants-issuer-http01
spec:
acme:
email: allanger@badhouseplants.net
preferredChain: ""
privateKeySecretRef:
name: badhouseplants-http01-issuer-account-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: traefik

6
values/etersoft/values.local-path-provisioner.yaml Normal file
View File

@ -0,0 +1,6 @@
storageClass:
create: true
defaultClass: true
defaultVolumeType: local
reclaimPolicy: Delete
volumeBindingMode: Immediate

12
values/etersoft/values.memos.yaml
View File

@ -1,12 +0,0 @@
shortcuts:
hostname: memos.ds.badhouseplants.net
ingress:
main:
metadata:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

Some files were not shown because too many files have changed in this diff Show More