feat: external-dns & cert-manager
All checks were successful
Renovate / renovate (push) Successful in 58s
All checks were successful
Renovate / renovate (push) Successful in 58s
This commit is contained in:
parent
b21eeffd70
commit
21258a04b2
31 changed files with 5068 additions and 14 deletions
1
cert-manager/.gitignore
vendored
Normal file
1
cert-manager/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
charts/
|
36
cert-manager/config/acme-cloudflare-dns.yaml
Normal file
36
cert-manager/config/acme-cloudflare-dns.yaml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: acme-dns-cloudflare
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
api-token: ENC[AES256_GCM,data:9PerD+nitxWGlaVCrvwrzSq4n6OXOWdoxwuvmgNCo5dwKby5MmWzgA==,iv:+IKQIFlB0wmfAXAeqVS21zXTdQgQW1382UdsV//QNc0=,tag:ET99pjX/39bZhmHRCnAzFw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByK25WeGYzZVdFOUluczNa
|
||||||
|
YXdnZklod2RxZUo5UkJvcUJNVWIvQ0pSbUhZCnpJQVF0MEUwWG51RHUvOVFFMkg3
|
||||||
|
QmI3T2VDQ0k5L1p6dSt4b1dlczA1TmsKLS0tIC9OMlIyQjNHQU90TjdlSm9CWkIv
|
||||||
|
ODQ3b05TMENqZnU1NC8xUkx2YU5vRjAKAaRgVOWFkA8qmTPAwb5zsQqpZce+QOan
|
||||||
|
RaJAf/52GB83bk8iajcJMjpPsQLNc8Bc1BUeXZeJ8Q1eDpj/Ez4pLg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbjNobXZVOEM0b09CQ1p5
|
||||||
|
c2RpUDNWTTVIVXh0aVRBTzNyOUxuVUNwUFVFCjQ0K0pvdlhlWTNqV2Vxa0Jjclc2
|
||||||
|
cDI3Z3JlV3hxaXptYlZrN1RROHBwM2cKLS0tIEJCZjRuSjVMcTlIUmhiSWk5NmRz
|
||||||
|
LzVyWGZ0em5RKytCWndjbjh6eWhNc1kK+2g/VLNIs2B62l5kZmkj561Fq0hpnvf0
|
||||||
|
L5p+Dyxlh8VjFVKXct6PzJ2Bg+mx+/MDFSZ2PXw9QUI+eNdznCutZg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-13T20:21:29Z"
|
||||||
|
mac: ENC[AES256_GCM,data:phMqQQ+gs0q2AZrnwzM7qybxcdaErWk5Q3bjXE1chekJQ5IsHoaDj7orzG0CAb1GD+Qa+/3QV9n2ggsT9w3zZGSjiMTttes3L3CVfJjOXC6WpzjxHnIM7xFA2uZsziIOXbU6nqZ8OtFfFfjbio8lt0OZj7W6HIdAnom6zIwUAbI=,iv:ueToOo0V+IBScXDTJnHPVKvx9O3/NHeTBDs344FseQ0=,tag:JNc9tr1LZx6LRRpcqNwJOA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
0
cert-manager/config/values.cert-manager.yaml
Normal file
0
cert-manager/config/values.cert-manager.yaml
Normal file
4710
cert-manager/crds/cert-manager.crds.yaml
Normal file
4710
cert-manager/crds/cert-manager.crds.yaml
Normal file
File diff suppressed because it is too large
Load diff
22
cert-manager/kustomization.yaml
Normal file
22
cert-manager/kustomization.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: kube-system
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- crds/cert-manager.crds.yaml
|
||||||
|
- resources/letsencrypt-staging.yaml
|
||||||
|
- resources/letsencrypt-production.yaml
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: cert-manager
|
||||||
|
repo: https://charts.jetstack.io
|
||||||
|
version: "1.14.2"
|
||||||
|
releaseName: cert-manager
|
||||||
|
namespace: kube-system
|
||||||
|
valuesFile: config/values.cert-manager.yaml
|
||||||
|
apiVersions:
|
||||||
|
- "cert-manager.io/v1"
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
14
cert-manager/resources/letsencrypt-production.yaml
Normal file
14
cert-manager/resources/letsencrypt-production.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-production
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
email: peter.kurfer@gmail.com
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-production
|
||||||
|
solvers:
|
||||||
|
- http01:
|
||||||
|
ingress:
|
||||||
|
ingressClassName: traefik
|
14
cert-manager/resources/letsencrypt-staging.yaml
Normal file
14
cert-manager/resources/letsencrypt-staging.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-staging
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
email: peter.kurfer@gmail.com
|
||||||
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-staging
|
||||||
|
solvers:
|
||||||
|
- http01:
|
||||||
|
ingress:
|
||||||
|
ingressClassName: traefik
|
10
cert-manager/secret-generator.yaml
Normal file
10
cert-manager/secret-generator.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: cert-manager-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- ./config/acme-cloudflare-dns.yaml
|
|
@ -10,6 +10,11 @@ coder:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: coder.png
|
gethomepage.dev/icon: coder.png
|
||||||
gethomepage.dev/name: Coder
|
gethomepage.dev/name: Coder
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
tls:
|
||||||
|
enable: true
|
||||||
|
secretName: coder-ingress-tls
|
||||||
|
wildcardSecretName: coder-wildcard-ingress-tls
|
||||||
env:
|
env:
|
||||||
- name: CODER_WILDCARD_ACCESS_URL
|
- name: CODER_WILDCARD_ACCESS_URL
|
||||||
value: '*.ide.icb4dc0.de'
|
value: '*.ide.icb4dc0.de'
|
||||||
|
|
|
@ -11,7 +11,7 @@ helmCharts:
|
||||||
repo: https://helm.coder.com/v2
|
repo: https://helm.coder.com/v2
|
||||||
releaseName: coder
|
releaseName: coder
|
||||||
namespace: coder
|
namespace: coder
|
||||||
version: "2.7.1"
|
version: "2.8.2"
|
||||||
valuesFile: config/values.coder.yml
|
valuesFile: config/values.coder.yml
|
||||||
skipTests: true
|
skipTests: true
|
||||||
|
|
||||||
|
|
36
external-dns/config/external-dns-secrets.enc.yaml
Normal file
36
external-dns/config/external-dns-secrets.enc.yaml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: external-dns-secrets
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
CF_API_TOKEN: ENC[AES256_GCM,data:zN3eidkDiRiSRx5neWjBh6H//IcDEi00Up3kKpghzUHAHHin+np3cQ==,iv:yWWzvUJyi6Go3lhtPzvlvzFJKQ9+DU4BbjxO2R43It0=,tag:hXS+HtGKmPFsGsqgQg444w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQYjg0Rnd1L0tXeThlZVNu
|
||||||
|
OE1qY0VWVXE2R1VzUnU5UGhFR1hpZEdaTEVNCkN5TEtBQkMrcnJINUcwcC9ZbmpQ
|
||||||
|
ZXVCSVUxNzdyN0lSZlI2QVpzUXUzbFkKLS0tIGVja1kxWGpnS2NuTnhobmMwazBl
|
||||||
|
d1V2K3NTMkVNSjlORkdqWnlucDVpcEEKpWV8NyV+CCuzNpEO+68fPQN7y6udc7VS
|
||||||
|
qw59UYYFlZSo6tV9U3okupDFoNQibMKYqo67yNOuhQNot/ka72PAjw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtL2tKRXdzZ3ExdFRSdDJi
|
||||||
|
TUMvOVNORzdkVkk5TW9ISkpkZy9nbC84M1VRCkJyMzV1bzBCbnBoT2dLQzJXcGJS
|
||||||
|
cVdHaElpd3A3ZnBNRDYrS1JKK3ZaaGcKLS0tIG9nWXRpTjNLc3hIYWovSHNDWGFX
|
||||||
|
K1pycWpFQ0t1ZDlJQnh1YVJ5WFVRNDgKy8P9W8EBGrsd36lcMpaAsAAp93RLnOHQ
|
||||||
|
BroVhhdcfxhS/9H9crSZAw6nSROLjySvgJc46jj255FwE2j0biLQCw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-13T18:56:54Z"
|
||||||
|
mac: ENC[AES256_GCM,data:feslQ6tRE3ngW9WBsdQGtVCBKw7TCPdrsfbjEkRCoEybgs6eyVh6c9tjq1JmocKQ7a5KHzIvr9dM2x4Kia/6hpocaztWVP3RO+Rw5CWqOmsl6WyWjzFFuktKU8vEqwOLIvgs4v6V+4fnhBUEHtLsSxbCCG9hbsibYguWiPnnFaE=,iv:JOvnroj06nBENOwhqdnF0AQ8qP4lxdhnx+QGg1Q0qNY=,tag:Pmj7zfwHUoOf9MUYp8RPyw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
24
external-dns/kustomization.yaml
Normal file
24
external-dns/kustomization.yaml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: kube-system
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/managed-by: kustomize
|
||||||
|
app.kubernetes.io/part-of: external-dns
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: external-dns
|
||||||
|
newName: registry.k8s.io/external-dns/external-dns
|
||||||
|
newTag: v0.14.0
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/rbac/service_account.yaml
|
||||||
|
- resources/rbac/cluster_role.yaml
|
||||||
|
- resources/rbac/cluster_role_binding.yaml
|
||||||
|
- resources/deployment.yaml
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
39
external-dns/resources/deployment.yaml
Normal file
39
external-dns/resources/deployment.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: external-dns
|
||||||
|
spec:
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: external-dns
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: external-dns
|
||||||
|
spec:
|
||||||
|
serviceAccountName: external-dns
|
||||||
|
containers:
|
||||||
|
- name: external-dns
|
||||||
|
image: external-dns
|
||||||
|
args:
|
||||||
|
- --source=ingress
|
||||||
|
- --domain-filter=icb4dc0.de
|
||||||
|
- --zone-id-filter=ee5cd581559fcf20384856ed5b1b2f0b
|
||||||
|
- --provider=cloudflare
|
||||||
|
- --cloudflare-dns-records-per-page=5000
|
||||||
|
- --exclude-target-net=172.23.2.0/24
|
||||||
|
env:
|
||||||
|
- name: CF_API_TOKEN
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: external-dns-secrets
|
||||||
|
key: CF_API_TOKEN
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 128Mi
|
||||||
|
limits:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 128Mi
|
14
external-dns/resources/rbac/cluster_role.yaml
Normal file
14
external-dns/resources/rbac/cluster_role.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: external-dns
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["services","endpoints","pods"]
|
||||||
|
verbs: ["get","watch","list"]
|
||||||
|
- apiGroups: ["extensions","networking.k8s.io"]
|
||||||
|
resources: ["ingresses"]
|
||||||
|
verbs: ["get","watch","list"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["list", "watch"]
|
12
external-dns/resources/rbac/cluster_role_binding.yaml
Normal file
12
external-dns/resources/rbac/cluster_role_binding.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: external-dns-viewer
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: external-dns
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: external-dns
|
||||||
|
namespace: default
|
4
external-dns/resources/rbac/service_account.yaml
Normal file
4
external-dns/resources/rbac/service_account.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: external-dns
|
10
external-dns/secret-generator.yaml
Normal file
10
external-dns/secret-generator.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: external-dns-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- ./config/external-dns-secrets.enc.yaml
|
|
@ -6,6 +6,9 @@ service:
|
||||||
type: NodePort
|
type: NodePort
|
||||||
nodePort: 32022
|
nodePort: 32022
|
||||||
|
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
|
@ -14,11 +17,16 @@ ingress:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: forgejo.png
|
gethomepage.dev/icon: forgejo.png
|
||||||
gethomepage.dev/name: Forgejo
|
gethomepage.dev/name: Forgejo
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
hosts:
|
hosts:
|
||||||
- host: code.icb4dc0.de
|
- host: code.icb4dc0.de
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- code.icb4dc0.de
|
||||||
|
secretName: forgejo-ingress-tls
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
|
|
|
@ -35,7 +35,7 @@ helmCharts:
|
||||||
repo: oci://codeberg.org/forgejo-contrib
|
repo: oci://codeberg.org/forgejo-contrib
|
||||||
releaseName: forgejo
|
releaseName: forgejo
|
||||||
namespace: forgejo
|
namespace: forgejo
|
||||||
version: "1.1.1"
|
version: "3.0.1"
|
||||||
valuesFile: config/values.forgejo.yaml
|
valuesFile: config/values.forgejo.yaml
|
||||||
skipTests: true
|
skipTests: true
|
||||||
apiVersions:
|
apiVersions:
|
||||||
|
|
|
@ -9,6 +9,7 @@ metadata:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: https://md.icb4dc0.de/icons/android-chrome-192x192.png
|
gethomepage.dev/icon: https://md.icb4dc0.de/icons/android-chrome-192x192.png
|
||||||
gethomepage.dev/name: HedgeDoc
|
gethomepage.dev/name: HedgeDoc
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: md.icb4dc0.de
|
- host: md.icb4dc0.de
|
||||||
|
@ -21,3 +22,7 @@ spec:
|
||||||
name: hedgedoc
|
name: hedgedoc
|
||||||
port:
|
port:
|
||||||
number: 3000
|
number: 3000
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- md.icb4dc0.de
|
||||||
|
secretName: hedgedoc-ingress-tls
|
|
@ -6,10 +6,10 @@ namespace: homepage
|
||||||
images:
|
images:
|
||||||
- name: homepage
|
- name: homepage
|
||||||
newName: ghcr.io/gethomepage/homepage
|
newName: ghcr.io/gethomepage/homepage
|
||||||
newTag: "v0.8.6"
|
newTag: "v0.8.8"
|
||||||
- name: oauth2-proxy
|
- name: oauth2-proxy
|
||||||
newName: quay.io/oauth2-proxy/oauth2-proxy
|
newName: quay.io/oauth2-proxy/oauth2-proxy
|
||||||
newTag: v7.5.1
|
newTag: v7.6.0
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
- includeSelectors: true
|
- includeSelectors: true
|
||||||
|
|
|
@ -11,6 +11,7 @@ metadata:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: homepage.png
|
gethomepage.dev/icon: homepage.png
|
||||||
gethomepage.dev/name: Homepage
|
gethomepage.dev/name: Homepage
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "home.icb4dc0.de"
|
- host: "home.icb4dc0.de"
|
||||||
|
@ -23,3 +24,7 @@ spec:
|
||||||
name: homepage
|
name: homepage
|
||||||
port:
|
port:
|
||||||
number: 3000
|
number: 3000
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "home.icb4dc0.de"
|
||||||
|
secretName: homepage-ingress-tls
|
|
@ -9,6 +9,7 @@ metadata:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: linkwarden.png
|
gethomepage.dev/icon: linkwarden.png
|
||||||
gethomepage.dev/name: Linkwarden
|
gethomepage.dev/name: Linkwarden
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: links.icb4dc0.de
|
- host: links.icb4dc0.de
|
||||||
|
@ -21,3 +22,7 @@ spec:
|
||||||
name: linkwarden
|
name: linkwarden
|
||||||
port:
|
port:
|
||||||
number: 3000
|
number: 3000
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- links.icb4dc0.de
|
||||||
|
secretName: linkwarden-ingress-tls
|
|
@ -9,6 +9,7 @@ metadata:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: nocodb.png
|
gethomepage.dev/icon: nocodb.png
|
||||||
gethomepage.dev/name: NocoDB
|
gethomepage.dev/name: NocoDB
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: noco.icb4dc0.de
|
- host: noco.icb4dc0.de
|
||||||
|
@ -21,3 +22,7 @@ spec:
|
||||||
name: nocodb
|
name: nocodb
|
||||||
port:
|
port:
|
||||||
number: 8080
|
number: 8080
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- noco.icb4dc0.de
|
||||||
|
secretName: nocodb-ingress-tls
|
|
@ -5,7 +5,6 @@ metadata:
|
||||||
name: default-cluster
|
name: default-cluster
|
||||||
namespace: postgres
|
namespace: postgres
|
||||||
spec:
|
spec:
|
||||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.5-0
|
|
||||||
postgresVersion: 15
|
postgresVersion: 15
|
||||||
users:
|
users:
|
||||||
- name: postgres
|
- name: postgres
|
||||||
|
@ -68,15 +67,24 @@ spec:
|
||||||
|
|
||||||
backups:
|
backups:
|
||||||
pgbackrest:
|
pgbackrest:
|
||||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-2
|
manual:
|
||||||
|
repoName: repo1
|
||||||
|
options:
|
||||||
|
- --type=full
|
||||||
configuration:
|
configuration:
|
||||||
- secret:
|
- secret:
|
||||||
name: pgo-s3-creds
|
name: pgo-s3-creds
|
||||||
global:
|
global:
|
||||||
|
repo1-retention-full: "14"
|
||||||
|
repo1-retention-full-type: time
|
||||||
|
repo1-retention-diff: "6"
|
||||||
repo1-path: /pgbackrest/default-cluster/repo1
|
repo1-path: /pgbackrest/default-cluster/repo1
|
||||||
repo1-s3-uri-style: path
|
repo1-s3-uri-style: path
|
||||||
repos:
|
repos:
|
||||||
- name: repo1
|
- name: repo1
|
||||||
|
schedules:
|
||||||
|
full: "0 1 * * 0"
|
||||||
|
differential: "0 1 * * 1-6"
|
||||||
s3:
|
s3:
|
||||||
bucket: backup
|
bucket: backup
|
||||||
endpoint: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
|
endpoint: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
|
||||||
|
|
|
@ -12,3 +12,4 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: pgo
|
name: pgo
|
||||||
|
namespace: postgres-system
|
51
traefik/values.yaml
Normal file
51
traefik/values.yaml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
experimental:
|
||||||
|
kubernetesGateway:
|
||||||
|
enabled: true
|
||||||
|
global:
|
||||||
|
systemDefaultRegistry: ""
|
||||||
|
image:
|
||||||
|
repository: rancher/mirrored-library-traefik
|
||||||
|
tag: 2.10.5
|
||||||
|
metrics:
|
||||||
|
prometheus:
|
||||||
|
service:
|
||||||
|
enabled: true
|
||||||
|
serviceMonitor:
|
||||||
|
additionalLabels:
|
||||||
|
prometheus: default
|
||||||
|
interval: 30s
|
||||||
|
scrapeTimeout: 5s
|
||||||
|
podAnnotations:
|
||||||
|
prometheus.io/port: "8082"
|
||||||
|
prometheus.io/scrape: "true"
|
||||||
|
ports:
|
||||||
|
traefik:
|
||||||
|
expose: false
|
||||||
|
port: 9000
|
||||||
|
web:
|
||||||
|
forwardedHeaders:
|
||||||
|
insecure: true
|
||||||
|
websecure:
|
||||||
|
expose: true
|
||||||
|
priorityClassName: system-cluster-critical
|
||||||
|
providers:
|
||||||
|
kubernetesIngress:
|
||||||
|
publishedService:
|
||||||
|
enabled: true
|
||||||
|
allowExternalNameServices: true
|
||||||
|
kubernetesCRD:
|
||||||
|
enabled: true
|
||||||
|
allowExternalNameServices: true
|
||||||
|
service:
|
||||||
|
type: LoadBalancer
|
||||||
|
annotations:
|
||||||
|
load-balancer.hetzner.cloud/location: "hel1"
|
||||||
|
tolerations:
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
|
@ -12,7 +12,7 @@ labels:
|
||||||
images:
|
images:
|
||||||
- name: vaultwarden
|
- name: vaultwarden
|
||||||
newName: ghcr.io/dani-garcia/vaultwarden
|
newName: ghcr.io/dani-garcia/vaultwarden
|
||||||
newTag: "1.30.1-alpine"
|
newTag: "1.30.3-alpine"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- "resources/namespace.yaml"
|
- "resources/namespace.yaml"
|
||||||
|
|
|
@ -9,6 +9,7 @@ metadata:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: vaultwarden.png
|
gethomepage.dev/icon: vaultwarden.png
|
||||||
gethomepage.dev/name: Vaultwarden
|
gethomepage.dev/name: Vaultwarden
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: pw.icb4dc0.de
|
- host: pw.icb4dc0.de
|
||||||
|
@ -21,3 +22,7 @@ spec:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
port:
|
port:
|
||||||
number: 8080
|
number: 8080
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- pw.icb4dc0.de
|
||||||
|
secretName: vaultwarden-ingress-tls
|
|
@ -9,6 +9,7 @@ metadata:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: vikunja.png
|
gethomepage.dev/icon: vikunja.png
|
||||||
gethomepage.dev/name: Vikunja
|
gethomepage.dev/name: Vikunja
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: todo.icb4dc0.de
|
- host: todo.icb4dc0.de
|
||||||
|
@ -28,3 +29,7 @@ spec:
|
||||||
name: vikunja-api
|
name: vikunja-api
|
||||||
port:
|
port:
|
||||||
number: 3456
|
number: 3456
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- todo.icb4dc0.de
|
||||||
|
secretName: vikunja-ingress-tls
|
|
@ -9,6 +9,7 @@ metadata:
|
||||||
gethomepage.dev/group: Apps
|
gethomepage.dev/group: Apps
|
||||||
gethomepage.dev/icon: zipline.png
|
gethomepage.dev/icon: zipline.png
|
||||||
gethomepage.dev/name: Zipline
|
gethomepage.dev/name: Zipline
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: share.icb4dc0.de
|
- host: share.icb4dc0.de
|
||||||
|
@ -21,3 +22,7 @@ spec:
|
||||||
name: zipline
|
name: zipline
|
||||||
port:
|
port:
|
||||||
number: 3000
|
number: 3000
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- share.icb4dc0.de
|
||||||
|
secretName: zipline-ingress-tls
|
Loading…
Reference in a new issue