badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 11 Actions Packages Projects Releases Activity

install-memos #199

Merged
allanger merged 3 commits from install-memos into main 2024-12-24 18:46:35 +00:00
Conversation 0 Commits 3 Files Changed 6 +88 -52
6 changed files with 88 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/environments.yaml
View File

@ -11,7 +11,7 @@ environments:
- backups:
enabled: false
- localpath:
enabled: true
enabled: false
- openebs:
enabled: true
- postgres17:

8
installations/applications/helmfile-badhouseplants.yaml
View File

@ -124,6 +124,14 @@ releases:
- template: default-env-secrets
- template: ext-database
- name: memos
chart: allangers-charts/memos
version: 0.1.0
namespace: applications
inherit:
- template: default-env-values
- template: ext-database
- name: badhouseplants-net
chart: badhouseplants-helm/badhouseplants-net
namespace: production

65
values/badhouseplants/secrets.minio.yaml
View File

@ -1,30 +1,33 @@
rootPassword: ENC[AES256_GCM,data:X4PQGfbMObmHkD7Qk1AGlnMK748=,iv:+obQfzC6F7cBNY1d6WpMPAMRZgfO9XXc8jFPZ36ShLs=,tag:79EvpFwM+vqqhBazwejXHw==,type:str]
rootPassword: ENC[AES256_GCM,data:LMwOjL2d6f4dVwdUhbz4GzI4+LI=,iv:HDjcwwzy64RftTJ3WgjsNv09yJ/adb7bfRxG5LtiHu8=,tag:pcHfD4yP68B4af2k254Aeg==,type:str]
users:
- accessKey: ENC[AES256_GCM,data:nhagvffOzcI=,iv:HvLmKNCLapLpzpWt/xBRmAWhf73SnDA5qqbmOTxZi/0=,tag:dzBP0Yyv/M6Xvjv+fpFDew==,type:str]
secretKey: ENC[AES256_GCM,data:9IEqubInFr+m9QAnttGQYQTtVA==,iv:adfRWA2TYK+KrcnmziiBA3AgUZ+TUOzA4HfXUITQIFM=,tag:xDcFCmJA4svH7mcgeQseRg==,type:str]
policy: ENC[AES256_GCM,data:gQd5QKGHVrQ=,iv:nTWo4wHr4xzZn08DrJGXeceZqdVjy1ZY4bX3kMXl7Kk=,tag:5ZjPAtQyhsg7nBQTA2Kr7w==,type:str]
- accessKey: ENC[AES256_GCM,data:XDX5,iv:520OfJb8RJgWpeAJ9J4V1jIAwXl9jT/V7GuAMr8PmBY=,tag:LOETQbQT7kwA7EIjAlPWLg==,type:str]
secretKey: ENC[AES256_GCM,data:QlVpl3lks1P81dLQdUuM6a9irH2ny53ZsA==,iv:eFADkYo9oj+ODQ1CPbIVc/rfA6rr8iF7wglfFksrkDo=,tag:JyFMTyuuQyWHaMLHKXOxEQ==,type:str]
policy: ENC[AES256_GCM,data:yeC1,iv:FE7WNpWN/dxgkBi9QJxtYRzZTnpgjYJ/ar9/45bETMo=,tag:eXN54Gvw9PXbp/vNoZLrNQ==,type:str]
- accessKey: ENC[AES256_GCM,data:drqrZ3/nCyGX,iv:ey3xBAhJG3htB6sehhAONQApwUgR0redb11wIyanyhE=,tag:2PM5xvwY9YjvJLm/+clF+Q==,type:str]
secretKey: ENC[AES256_GCM,data:iKpEQkDFqYn7k5I2OVcIDrWDIpQ=,iv:m7FeYAIt0/jm66gWenOrOj2X989vpRQKr+GYdw8mrRU=,tag:GHOPwRLdRfpc2wLH4tX/Cw==,type:str]
policy: ENC[AES256_GCM,data:4XqHiO4Ut76p,iv:KbwPkexAVDaahi4F/Q6Wh6geGy28OggE2Rptmq1Lxrw=,tag:M5wFcNICGstXXGP5e+umcg==,type:str]
- accessKey: ENC[AES256_GCM,data:ghT3JzY=,iv:65gARnb6O1r7nSJioVyZs7SyBk4aiDgyEq8iLFeMatI=,tag:pLx4r6txAjBBjnmG7AcTUA==,type:str]
secretKey: ENC[AES256_GCM,data:Eq4OG7kPFxkhQ+gX7/ICSvjaWxf68nUs9g==,iv:1bgYfjXZLgVvcPTHNtOBaRKV5dWp/RmkisRdQUfWJqo=,tag:t8T9DY6+lr4VPofnOI+g+g==,type:str]
policy: ENC[AES256_GCM,data:7bF0/18=,iv:k5zb0KRyfOQvSWiVhy0au683aJhthrBoqxLHWyXuQD0=,tag:y0P69LtUb+dBc3BARp9p3w==,type:str]
- accessKey: ENC[AES256_GCM,data:b923YDOG9Oxl,iv:rSDiwfWEzCof7Lj5zkOpvcH2p+zI4iqQC+uPxQUUvyI=,tag:gRUDQha2EITQ1VkCurnT0g==,type:str]
secretKey: ENC[AES256_GCM,data:iwpLzRUfZTqWWwzw+KOjko8rMcWwz0P4eg==,iv:THFj+8ILYlTHU8dAcCony7bI/5q5A83dRsjHoqeXa74=,tag:bo3VK4WflhXN9iGdkthYcQ==,type:str]
policy: ENC[AES256_GCM,data:v+H0vmJXHeJK,iv:S3JjrjZm4XdJnsg7hvXBsnZ0y+QSVD0zPS1cJlGxIw0=,tag:KBWkrID8knK6pvB8oa30ZA==,type:str]
- accessKey: ENC[AES256_GCM,data:U9gQrxPi0KA=,iv:OZxOyntT7iM4YTDIPl0ud1SVQRQnvf73NLCAxv+vako=,tag:gHcrnc3DJYWcn8p5V8W+zQ==,type:str]
secretKey: ENC[AES256_GCM,data:TpcDYa8EZl8/whmoWusaZ/UAgQ==,iv:FNIRu13m9u8eWoqn9k2Ptu6hMyXux+tbnycOeM3Zxb0=,tag:rJqVu41Ti45BS1jHta+u2Q==,type:str]
policy: ENC[AES256_GCM,data:wwe2VZEGlS8=,iv:bdlBCTacXJgZFtxhszx3iey66ooQhmSRXBbyOn5xSXs=,tag:z/b3gk9pQUJ/7ogYt0xfaQ==,type:str]
- accessKey: ENC[AES256_GCM,data:s6Pp,iv:p0OgVnBo48KfWBR5sXfg8eFz7TJXU8Y9fsEtURarS2E=,tag:Z6c8ZUwzyYKzBPqHms/vfw==,type:str]
secretKey: ENC[AES256_GCM,data:Pfp/ojWBpkKCMnx3y5wID1IAaQwL61sjig==,iv:V0AZOPcCizJAWAQxODN3j7REN9qfWBJjK0J49btOTME=,tag:fEVy9ytgrssQFfFPSbKVrA==,type:str]
policy: ENC[AES256_GCM,data:DHaw,iv:2IeHf68O4/uUivXragB0FQPzHqGn2EtWRFQ0yZu3JCQ=,tag:eci1or9/f+bVwRUrnuCptg==,type:str]
- accessKey: ENC[AES256_GCM,data:6FsPnW8eNOsf,iv:Fm4o4imcJ2vxP2wPOZud6Hq1mskEFBLXl9k7TRHSKVQ=,tag:9EHmal05wNPY4oYi+2lEUQ==,type:str]
secretKey: ENC[AES256_GCM,data:tekGxAUVkdAp+BXwmJwHmDPj7pI=,iv:2gbGjiRZghfblKyNn9sTC2xttuxQkw5Gvi4Gihd/GD8=,tag:AxiLtRTwHIUkBJMNnHmlFQ==,type:str]
policy: ENC[AES256_GCM,data:SNQ0zWcMtB58,iv:WQAJBI/keeNCOsr1Yvkq8B9JzhrTNnLNLdTCE/iiMZQ=,tag:CsKReNCe8bk6ldFehfZLzw==,type:str]
- accessKey: ENC[AES256_GCM,data:sADhTAs=,iv:alArwqu831vNYRbbj9UYJKfTMKLlXlulA3LwCKcM5vM=,tag:jgZnELSavy2QFHGolhrIPA==,type:str]
secretKey: ENC[AES256_GCM,data:tDc5/SUfSIae4xRJwZNJ6eavVb89kw7dmw==,iv:oeI8saAkuvUO0Ulj3XXLpHyWu1m6auntKN13PdyF750=,tag:OB3Ksrz6jpoLLHo2onJ2/Q==,type:str]
policy: ENC[AES256_GCM,data:enJjBw0=,iv:q9a3RORLNjYKUhlV25cjD2uHfVfFBf52bjcsZak5TVo=,tag:ge7ws7yEt2lTQWQJkdaT2Q==,type:str]
- accessKey: ENC[AES256_GCM,data:mj8/0Powkldl,iv:pOqRKFbAKQqa/AI63TbSFRik55SyCdPocWESwj8KpGk=,tag:1UUvaALkEqX4MesOt747oA==,type:str]
secretKey: ENC[AES256_GCM,data:bkniQmx7oOiCG7LZBJZFHGQwoAmUqN+Frw==,iv:bXAg5i18WZIzjaCaG2J4XErGn7X02bwd4I99/Tdqjy0=,tag:Xn3B20zidUCu6RC+PstDkg==,type:str]
policy: ENC[AES256_GCM,data:60NZXxmE5tna,iv:lKeS6AZPR5iP8O6mLr7OKTo8fNOC9zkDClTz0kds1gk=,tag:LvXBoVkPm/Axpofb3w/ewA==,type:str]
- accessKey: ENC[AES256_GCM,data:qOSM+KE=,iv:9hp4U2TI9H/edFJEmDiW1VHEwnMe3OvYC2ZraMLVi6E=,tag:8aE0/k0u83P+8uRCTm1q+A==,type:str]
secretKey: ENC[AES256_GCM,data:6yMWcv68NTK1M8xpTbvS6KiY,iv:4BmPorAikxpBrRT+mxSTNRwOrMPTk9g+kPgXUylFJ2A=,tag:BCmDcEyoDbkErqFl0YxcSQ==,type:str]
policy: ENC[AES256_GCM,data:GmoLcuI=,iv:m91xdrLJ0zgQ6S8BFfJBSFV+bdU+GwsAtDs6c3ydMck=,tag:zOu/fw6dCohoTa2+/TgF+w==,type:str]
oidc:
enabled: ENC[AES256_GCM,data:c+ODwg==,iv:bY7yZXxhj5fGdT85yPEGD+2lsQ2l0+6BJkMcYzcZCwo=,tag:uHxzyeUpypMvcswCVv2pGw==,type:bool]
configUrl: ENC[AES256_GCM,data:pzbhMON4qNE96d0AYDO1ojvXvQXBVgIWtjeRkpj7psDo5HBOLew73dzDPJgThWsZYthv5ROaLqQo2hmheuc0cP/AAa8JSaTGWFD13iN3d18iPI8ZaxnxZFg=,iv:GEYB7lX4+NWeD9VgjFu1CChg/ClDGvO3rGkuxvIcql0=,tag:QWEg0kMMcmIcJdsFgSCYqQ==,type:str]
clientId: ENC[AES256_GCM,data:DXn3ZGs=,iv:xHYHMB+LpMwdGgiiMcq5RE5idlEII1sY/7NWw0rT3aw=,tag:oG1pOyPnJCd1DUXtPQA8Bg==,type:str]
clientSecret: ENC[AES256_GCM,data:XwMEAxsyYnN3b2zTSIy7a3WGqGAQLF8MSQPMNXkx/zVNd9q6hVINXRbqeVRgF+y923DZYO5qnNdKhrVgby1qg7xYxgPfkK/ouDrzuftDa4agEjzJXw4QXRpHpaWujyYk3ltaRzi6ySgbMwj2z6G+ZMsbKuNKbv1yS1NOI/T45+Q=,iv:MkiPUjZV0HslDSZwc7sqzHzrejHRRVa6AIbLYZzciLQ=,tag:hp3uZjYJcDoalUOxGGnOGg==,type:str]
claimName: ENC[AES256_GCM,data:Mml/efpg,iv:imZD0TjiyhQRntes4Z0AcnjvsTjgdsRaFTnhFlqcxQ0=,tag:+oAMOz4tmi0yvmNPiDuqsA==,type:str]
redirectUri: ENC[AES256_GCM,data:lRx520z6aq+UJc8a7NY/MNPQjOuDqY0Xuha9bOJn47tR+pkq63jh1ShYhmOM73Q=,iv:jCG6lxPV5jXdyvF7Td4yasHiqC1U22Kg6LdLqj8rKh0=,tag:5ix40wSSEW2JgzAZlgOuIQ==,type:str]
comment: ENC[AES256_GCM,data:mhzyX2SGy+12XjOl6PICR2Yvazs=,iv:o0O70wKypt6+HB7ex1Pno4A4XxB8ldTU5NTh627vMcw=,tag:1hlYLXJyzhLb3x0oYIee2w==,type:str]
enabled: ENC[AES256_GCM,data:a1cK3Q==,iv:Itb5LOyvU+ba5Bw/xC+bSMKWYQDKJhk4HdnTlUQzFoY=,tag:UKRGkYETNhmYSHZYkkXX8g==,type:bool]
configUrl: ENC[AES256_GCM,data:3wKhNkgdRXAxed2ickfK9Rmz447GTNySdi5zHcS0bOz6k4hFrWY9+i0BtbV46hyCT+7ad9RJ9+9ybNC3RwgOwaiQRF5lbcxlKdTmgi6K3r1dScsu7o/GSiM=,iv:1qykknnYq8zLblhs4eZ+6b1UdcHST+nnvpSFwl3Q4sU=,tag:zJhfKO0jLF2S4MjJ/Z3f8w==,type:str]
clientId: ENC[AES256_GCM,data:kfQmCDU=,iv:/5Fk5jax2i70BQswdjrYvWAUyLbYpjgHJlVm4OcMR+0=,tag:WZ1ggK43HZDPM4taeHaApg==,type:str]
clientSecret: ENC[AES256_GCM,data:TCqiNCYKQUHHiTBu0j+62euR8zMLjEzPfBmULHqJuSrmtJ5c4+T7ci57IsnWxvXL9KhkjjCKmDeV2kzKJrnnKBndTpumWMPwPdxhnljRwjBEQ88I9armFqSMb3C3eCd1L69JfRdAyGQgKB3IuqRr4O+nFPUq7UsxQr0imG6yotg=,iv:ACJFi1nxwIgivZPE0yrvFH5rpCpvvZkurOogBPWqCG8=,tag:bAFRCXybjp23waZmP4juOA==,type:str]
claimName: ENC[AES256_GCM,data:3ce9Zch4,iv:E2KvPW/EidKnlun42iZ057WmhA1VCXF6MvyGLeFK2ik=,tag:SUj8Y1up+7tJ4NiXc7w2jg==,type:str]
redirectUri: ENC[AES256_GCM,data:eMMl/lqAcpxQs0M2pQzRDmLRnY6OKLJ9A1LMLYK3emJXmRSuEr9GU6yE/U0rsyk=,iv:9b1sD3YhaOrKvt+sIUtH8lp5foTWGrGji30R4jxeN08=,tag:A8AKJQg9jiJPhsTA1b43VQ==,type:str]
comment: ENC[AES256_GCM,data:yzarNmXqyfYbYhZT0x2fnySwp8w=,iv:mVho3o/y4WIRzNj4KHECo/T45F6Xt7Psrfgf3NsMY3o=,tag:Kk/1BAOmqnhEtHVjecvC8Q==,type:str]
claimPrefix: ""
scopes: ENC[AES256_GCM,data:ztX8pA35GP2+kLLvQo5tLcsGdz2+/AGrwFJw,iv:qldaOWV5asc+WAAiHVAYoNkXVNMPVZfVTIHj3jd/cO4=,tag:6A+JiirnO7aMjO8i0zYbjA==,type:str]
scopes: ENC[AES256_GCM,data:EFDQI0aYDORcxAoqmLv2Rm7n0PKKqE5kMPi0,iv:0VqhHvz+1ArPz88euB9clm8OU5iff0n0D6BxS5/9ojo=,tag:ebbotalnOmoQF8q6My8cyw==,type:str]
sops:
kms: []
gcp_kms: []
@ -34,14 +37,14 @@ sops:
- recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONzFwREQ1dGdpS01VQ21I
RFRna2QxejdiSUppZDlaeHpNdzhFWlQ4ZDE0CmNpR0hNMTZBWm9FdDhWY24wc0hD
RFBCWHhHekdja0xnL1BVOFVST2FGOFUKLS0tIDRkVW9ESnJLWmtuS3VWRDFna3hB
aWlhcU9qSmNsRERJRDhqc1h3eVVOUncKQc21maFwBHZzD3xMedoqmCEFOwaTZkG8
OD0o9sqjHqrHj4vqlWjj2LwAAoq3bL/ttvbEjm7jm8tHGIHTh13TDQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdmNaWXpBalN4OHY2aEpN
S0RwZmUzRmpnOXcweVhrczUzVDVjajBoWlRBCjRtb3VEeDhpYkhmamV0NHVreTMx
eG96d0dhNVgxRklMaUlkdW1XTlp0dVkKLS0tIGVMR005VnhsM25oT2ViMURObG52
eHI5aVgyejdKZGFvcUJxMkNYa0h5aFkKxM3OVDtZvCbKaRecH7HVoE8EAx4b+mm7
ubzqwNh0W4Y1jcLsQgi2XuWEHt2Tag1ooRx15VSK3H9W3T1C60HALw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-16T09:16:55Z"
mac: ENC[AES256_GCM,data:+gZ0lhBo4j1GKfGupQh5UxYt6C+yfTRrMM2rwabU8Tr5ZNWviNfGQiDk67Dyio01NH4wAL6EhcL+xwG0+94DlTd/++VieKBQuCABhnugi0wvJO/wp2HOjotmb9hWhF+kIXLj2bPdkd0iJQuZM5CbDy1XLUlYaRT0H7s7IGA8QI4=,iv:jhrH7+Io7lx5xMS7feq/4g5iW58QFWjRyCfDoUZVC4g=,tag:6ozB9/8ULOJg8WHvAZYgpg==,type:str]
lastmodified: "2024-12-23T12:36:38Z"
mac: ENC[AES256_GCM,data:WeA9ApOd7CPkLX3hkkRFqohGm0ti2GJhjrm4Wg2ynRBA6UO/249S65loSHHzRvv2jIuL9LoACpWCAN97xhjlR2ECiPXwfUmXUeckVGbH3gV409nZnLzjAiYzz1MstvBoiFs0+b+9JGSWq5clYRY0oe9YtQ6Fw50xHhutWZZ+1EM=,iv:/yVp4nt42KBv2yBkSMqAisbhGWCH+zcX6ObxMSpdHic=,tag:pMDCr1WhsPmtek4u5W2WJQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

26
values/badhouseplants/values.memos.yaml Normal file
View File

@ -0,0 +1,26 @@
shortcuts:
hostname: notes.badhouseplants.net
ext-database:
enabled: true
name: memos-postgres16
instance: postgres16
credentials:
MEMOS_DRIVER: postgres
MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
workload:
containers:
memos:
envFrom:
- main
- secretRef:
name: memos-postgres16-creds
ingress:
main:
annotations:
kubernetes.io/ingress.class: traefik
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name: ""
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure

30
values/badhouseplants/values.minio.yaml
View File

@ -1,22 +1,3 @@
# ------------------------------------------
# -- Istio extenstion. Just because I'm
# -- not using ingress nginx
# ------------------------------------------
istio:
enabled: true
istio:
- name: minio-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: minio.badhouseplants.net
service: minio-console
port: 9001
- name: s3-http
gateway: istio-system/badhouseplants-net
kind: http
hostname: s3.badhouseplants.net
service: minio
port: 9000
ingress:
enabled: true
ingressClassName: ~
@ -119,6 +100,10 @@ buckets:
policy: false
purge: false
versioning: false
- name: memos
policy: false
purge: false
versioning: false
metrics:
serviceMonitor:
enabled: false
@ -197,3 +182,10 @@ policies:
- 'arn:aws:s3:::states/*'
actions:
- 's3:*'
- name: memos
statements:
- resources:
- 'arn:aws:s3:::memos'
- 'arn:aws:s3:::memos/*'
actions:
- 's3:*'

9
values/common/values.coredns.yaml
View File

@ -1,6 +1,13 @@
service:
clusterIP: 10.43.0.10
replicaCount: 2
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: nil
memory: 128Mi
servers:
- zones:
- zone: .