feat: setup Gateway API
This commit is contained in:
parent
ba06d96a2c
commit
80721ce1da
75 changed files with 20990 additions and 1271 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
extraArgs:
|
||||||
|
- --feature-gates=ExperimentalGatewayAPISupport=true
|
|
@ -1,20 +1,7 @@
|
||||||
---
|
---
|
||||||
coder:
|
coder:
|
||||||
ingress:
|
ingress:
|
||||||
enable: true
|
enable: false
|
||||||
host: ide.icb4dc0.de
|
|
||||||
wildcardHost: "*.ide.icb4dc0.de"
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: Remote IDE
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: coder.png
|
|
||||||
gethomepage.dev/name: Coder
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
tls:
|
|
||||||
enable: true
|
|
||||||
secretName: coder-ingress-tls
|
|
||||||
wildcardSecretName: coder-wildcard-ingress-tls
|
|
||||||
env:
|
env:
|
||||||
- name: CODER_WILDCARD_ACCESS_URL
|
- name: CODER_WILDCARD_ACCESS_URL
|
||||||
value: '*.ide.icb4dc0.de'
|
value: '*.ide.icb4dc0.de'
|
||||||
|
|
|
@ -5,13 +5,14 @@ namespace: coder
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- "resources/namespace.yaml"
|
- "resources/namespace.yaml"
|
||||||
|
- "resources/http_routes.yaml"
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: coder
|
- name: coder
|
||||||
repo: https://helm.coder.com/v2
|
repo: https://helm.coder.com/v2
|
||||||
releaseName: coder
|
releaseName: coder
|
||||||
namespace: coder
|
namespace: coder
|
||||||
version: "2.8.2"
|
version: "2.8.3"
|
||||||
valuesFile: config/values.coder.yml
|
valuesFile: config/values.coder.yml
|
||||||
skipTests: true
|
skipTests: true
|
||||||
|
|
||||||
|
|
51
coder/resources/http_routes.yaml
Normal file
51
coder/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: coder-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- ide.icb4dc0.de
|
||||||
|
- "*.ide.icb4dc0.de"
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: coder-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- ide.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: coder
|
||||||
|
port: 80
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: coder-https-wildcard
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: coder-port-forwards
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- "*.ide.icb4dc0.de"
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: coder
|
||||||
|
port: 80
|
8527
contour/crds/contour.yaml
Normal file
8527
contour/crds/contour.yaml
Normal file
File diff suppressed because it is too large
Load diff
11763
contour/crds/gateway.yaml
Normal file
11763
contour/crds/gateway.yaml
Normal file
File diff suppressed because it is too large
Load diff
20
contour/kustomization.yaml
Normal file
20
contour/kustomization.yaml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: projectcontour
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: contour
|
||||||
|
newName: ghcr.io/projectcontour/contour
|
||||||
|
newTag: v1.28.1
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- crds/contour.yaml
|
||||||
|
- crds/gateway.yaml
|
||||||
|
- resources/namespace.yaml
|
||||||
|
- resources/rbac/service_account.yaml
|
||||||
|
- resources/rbac/roles.yaml
|
||||||
|
- resources/rbac/role_bindings.yaml
|
||||||
|
- resources/gateway_provisioner.yaml
|
||||||
|
- resources/gateway_class.yaml
|
||||||
|
- resources/default_gateway.yaml
|
50
contour/resources/default_gateway.yaml
Normal file
50
contour/resources/default_gateway.yaml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
kind: Gateway
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: contour
|
||||||
|
namespace: projectcontour
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
spec:
|
||||||
|
gatewayClassName: contour
|
||||||
|
listeners:
|
||||||
|
- name: ssh
|
||||||
|
protocol: TCP
|
||||||
|
port: 22
|
||||||
|
allowedRoutes:
|
||||||
|
kinds:
|
||||||
|
- kind: TCPRoute
|
||||||
|
namespaces:
|
||||||
|
from: All
|
||||||
|
- name: http
|
||||||
|
protocol: HTTP
|
||||||
|
port: 80
|
||||||
|
allowedRoutes:
|
||||||
|
namespaces:
|
||||||
|
from: All
|
||||||
|
- name: https
|
||||||
|
hostname: "*.icb4dc0.de"
|
||||||
|
port: 443
|
||||||
|
protocol: HTTPS
|
||||||
|
allowedRoutes:
|
||||||
|
namespaces:
|
||||||
|
from: All
|
||||||
|
tls:
|
||||||
|
mode: Terminate
|
||||||
|
certificateRefs:
|
||||||
|
- name: wildcard-icb4dc0-de
|
||||||
|
- name: coder-port-forwards
|
||||||
|
hostname: "*.ide.icb4dc0.de"
|
||||||
|
port: 443
|
||||||
|
protocol: HTTPS
|
||||||
|
allowedRoutes:
|
||||||
|
namespaces:
|
||||||
|
from: Selector
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: coder
|
||||||
|
tls:
|
||||||
|
mode: Terminate
|
||||||
|
certificateRefs:
|
||||||
|
- name: coder-port-forwards
|
6
contour/resources/gateway_class.yaml
Normal file
6
contour/resources/gateway_class.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
kind: GatewayClass
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: contour
|
||||||
|
spec:
|
||||||
|
controllerName: projectcontour.io/gateway-controller
|
39
contour/resources/gateway_provisioner.yaml
Normal file
39
contour/resources/gateway_provisioner.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
control-plane: contour-gateway-provisioner
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
namespace: projectcontour
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
control-plane: contour-gateway-provisioner
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
control-plane: contour-gateway-provisioner
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- args:
|
||||||
|
- gateway-provisioner
|
||||||
|
- --metrics-addr=127.0.0.1:8080
|
||||||
|
- --enable-leader-election
|
||||||
|
command: ["contour"]
|
||||||
|
image: contour
|
||||||
|
imagePullPolicy: Always
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 70Mi
|
||||||
|
env:
|
||||||
|
- name: CONTOUR_PROVISIONER_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
apiVersion: v1
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
serviceAccountName: contour-gateway-provisioner
|
||||||
|
terminationGracePeriodSeconds: 10
|
|
@ -2,6 +2,6 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: homepage
|
name: projectcontour
|
||||||
labels:
|
labels:
|
||||||
prometheus: default
|
prometheus: default
|
27
contour/resources/rbac/role_bindings.yaml
Normal file
27
contour/resources/rbac/role_bindings.yaml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: contour-gateway-provisioner-leader-election
|
||||||
|
namespace: projectcontour
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
namespace: projectcontour
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
namespace: projectcontour
|
214
contour/resources/rbac/roles.yaml
Normal file
214
contour/resources/rbac/roles.yaml
Normal file
|
@ -0,0 +1,214 @@
|
||||||
|
# The following ClusterRole and Role are generated from kubebuilder RBAC tags by
|
||||||
|
# generate-rbac.sh. Do not edit this file directly but instead edit the source
|
||||||
|
# files and re-render.
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
- endpoints
|
||||||
|
- namespaces
|
||||||
|
- secrets
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
- serviceaccounts
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apiextensions.k8s.io
|
||||||
|
resources:
|
||||||
|
- customresourcedefinitions
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resources:
|
||||||
|
- daemonsets
|
||||||
|
- deployments
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- coordination.k8s.io
|
||||||
|
resources:
|
||||||
|
- leases
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- discovery.k8s.io
|
||||||
|
resources:
|
||||||
|
- endpointslices
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- gateway.networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- backendtlspolicies
|
||||||
|
- gatewayclasses
|
||||||
|
- gateways
|
||||||
|
- grpcroutes
|
||||||
|
- httproutes
|
||||||
|
- referencegrants
|
||||||
|
- tcproutes
|
||||||
|
- tlsroutes
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- gateway.networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- backendtlspolicies/status
|
||||||
|
- gatewayclasses/status
|
||||||
|
- gateways/status
|
||||||
|
- grpcroutes/status
|
||||||
|
- httproutes/status
|
||||||
|
- tcproutes/status
|
||||||
|
- tlsroutes/status
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- gateway.networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- gatewayclasses
|
||||||
|
- gateways
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- gateway.networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- gatewayclasses/status
|
||||||
|
- gateways/status
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses/status
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- projectcontour.io
|
||||||
|
resources:
|
||||||
|
- contourconfigurations
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- projectcontour.io
|
||||||
|
resources:
|
||||||
|
- contourconfigurations
|
||||||
|
- extensionservices
|
||||||
|
- httpproxies
|
||||||
|
- tlscertificatedelegations
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- projectcontour.io
|
||||||
|
resources:
|
||||||
|
- contourconfigurations/status
|
||||||
|
- extensionservices/status
|
||||||
|
- httpproxies/status
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- projectcontour.io
|
||||||
|
resources:
|
||||||
|
- contourdeployments
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- rbac.authorization.k8s.io
|
||||||
|
resources:
|
||||||
|
- clusterrolebindings
|
||||||
|
- clusterroles
|
||||||
|
- rolebindings
|
||||||
|
- roles
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- update
|
||||||
|
- watch
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
namespace: projectcontour
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- coordination.k8s.io
|
||||||
|
resources:
|
||||||
|
- leases
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- update
|
6
contour/resources/rbac/service_account.yaml
Normal file
6
contour/resources/rbac/service_account.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: contour-gateway-provisioner
|
||||||
|
namespace: projectcontour
|
1
drone/.gitignore
vendored
1
drone/.gitignore
vendored
|
@ -1 +0,0 @@
|
||||||
charts/
|
|
|
@ -1,29 +0,0 @@
|
||||||
image:
|
|
||||||
tag: 1.8.3
|
|
||||||
|
|
||||||
replicaCount: 4
|
|
||||||
|
|
||||||
extraSecretNamesForEnvFrom:
|
|
||||||
- drone-runner-secrets
|
|
||||||
|
|
||||||
env:
|
|
||||||
DRONE_RUNNER_PRIVILEGED_IMAGES: code.icb4dc0.de/inetmock/inetmock
|
|
||||||
DRONE_RPC_HOST: drone.drone.svc.cluster.local:8080
|
|
||||||
DRONE_RPC_PROTO: http
|
|
||||||
DRONE_RUNNER_CAPACITY: 1
|
|
||||||
|
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- weight: 100
|
|
||||||
podAffinityTerm:
|
|
||||||
labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/name
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- drone-runner-docker
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
||||||
|
|
||||||
nodeSelector:
|
|
||||||
kubernetes.io/arch: arm64
|
|
|
@ -1,27 +0,0 @@
|
||||||
image:
|
|
||||||
tag: 1.8.3
|
|
||||||
|
|
||||||
extraSecretNamesForEnvFrom:
|
|
||||||
- drone-runner-secrets
|
|
||||||
|
|
||||||
env:
|
|
||||||
DRONE_RUNNER_PRIVILEGED_IMAGES: code.icb4dc0.de/inetmock/inetmock
|
|
||||||
DRONE_RPC_HOST: drone.drone.svc.cluster.local:8080
|
|
||||||
DRONE_RPC_PROTO: http
|
|
||||||
DRONE_RUNNER_CAPACITY: 1
|
|
||||||
|
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- weight: 100
|
|
||||||
podAffinityTerm:
|
|
||||||
labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/name
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- drone-runner-docker
|
|
||||||
topologyKey: kubernetes.io/hostname
|
|
||||||
|
|
||||||
nodeSelector:
|
|
||||||
kubernetes.io/arch: amd64
|
|
|
@ -1,44 +0,0 @@
|
||||||
image:
|
|
||||||
tag: 2.20.0
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: CI/CD system
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: drone.png
|
|
||||||
gethomepage.dev/name: Drone CI/CD
|
|
||||||
hosts:
|
|
||||||
- host: drone.icb4dc0.de
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|
||||||
service:
|
|
||||||
port: 8080
|
|
||||||
|
|
||||||
persistentVolume:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
extraSecretNamesForEnvFrom:
|
|
||||||
- drone-secrets
|
|
||||||
|
|
||||||
env:
|
|
||||||
## REQUIRED: Set the user-visible Drone hostname, sans protocol.
|
|
||||||
## Ref: https://docs.drone.io/installation/reference/drone-server-host/
|
|
||||||
##
|
|
||||||
DRONE_SERVER_HOST: "drone.icb4dc0.de"
|
|
||||||
DRONE_SERVER_PROTO: https
|
|
||||||
|
|
||||||
DRONE_DATABASE_DRIVER: postgres
|
|
||||||
DRONE_GIT_ALWAYS_AUTH: true
|
|
||||||
DRONE_LOGS_DEBUG: true
|
|
||||||
|
|
||||||
DRONE_S3_ENDPOINT: https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
|
|
||||||
DRONE_S3_BUCKET: drone
|
|
||||||
DRONE_S3_PATH_STYLE: true
|
|
||||||
DRONE_S3_SKIP_VERIFY: true
|
|
||||||
AWS_REGION: us-east-1
|
|
||||||
AWS_DEFAULT_REGION: us-east-1
|
|
||||||
DRONE_REDIS_CONNECTION: redis://drone-session-cache-keydb:6379
|
|
|
@ -1,31 +0,0 @@
|
||||||
imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
|
|
||||||
imageTag: v6.3.2
|
|
||||||
|
|
||||||
podDisruptionBudget:
|
|
||||||
enabled: true
|
|
||||||
persistentVolume:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 10m
|
|
||||||
memory: 60Mi
|
|
||||||
limits:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 128Mi
|
|
||||||
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
||||||
|
|
||||||
exporter:
|
|
||||||
enabled: true
|
|
||||||
imageTag: v1.51.0
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 50Mi
|
|
||||||
limits:
|
|
||||||
cpu: 150m
|
|
||||||
memory: 100Mi
|
|
|
@ -1,40 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: drone
|
|
||||||
|
|
||||||
commonLabels:
|
|
||||||
app.kubernetes.io/instance: icb4dc0de
|
|
||||||
app.kubernetes.io/managed-by: kustomize
|
|
||||||
|
|
||||||
commonAnnotations:
|
|
||||||
"helm.sh/resource-policy": keep
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: keydb
|
|
||||||
repo: https://enapter.github.io/charts/
|
|
||||||
releaseName: drone-session-cache
|
|
||||||
namespace: nocodb
|
|
||||||
version: "0.48.0"
|
|
||||||
valuesFile: config/values.keydb.yaml
|
|
||||||
|
|
||||||
- name: drone
|
|
||||||
repo: https://charts.drone.io
|
|
||||||
releaseName: drone
|
|
||||||
namespace: drone
|
|
||||||
version: "0.6.5"
|
|
||||||
valuesFile: config/values.drone.yaml
|
|
||||||
|
|
||||||
- name: drone-runner-docker
|
|
||||||
repo: https://charts.drone.io
|
|
||||||
releaseName: drone-kube-runner-arm64
|
|
||||||
namespace: drone
|
|
||||||
version: "0.6.2"
|
|
||||||
valuesFile: config/values.drone-runner-arm64.yaml
|
|
||||||
|
|
||||||
- name: drone-runner-docker
|
|
||||||
repo: https://charts.drone.io
|
|
||||||
releaseName: drone-kube-runner-x86-64
|
|
||||||
namespace: drone
|
|
||||||
version: "0.6.2"
|
|
||||||
valuesFile: config/values.drone-runner-x86-64.yaml
|
|
|
@ -1,20 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
commonLabels:
|
|
||||||
app.kubernetes.io/instance: icb4dc0de
|
|
||||||
app.kubernetes.io/managed-by: kustomize
|
|
||||||
|
|
||||||
commonAnnotations:
|
|
||||||
"helm.sh/resource-policy": keep
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- "base/"
|
|
||||||
- "resources/namespaces.yaml"
|
|
||||||
- "resources/sa.yaml"
|
|
||||||
- "resources/sa_secret.yaml"
|
|
||||||
- "resources/cluster_role.yaml"
|
|
||||||
- "resources/role_bindings.yaml"
|
|
||||||
|
|
||||||
generators:
|
|
||||||
- ./secret-generator.yaml
|
|
|
@ -1,44 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: drone-deploy
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
- configmaps
|
|
||||||
- pods
|
|
||||||
- services
|
|
||||||
- persistentvolumeclaims
|
|
||||||
- serviceaccounts
|
|
||||||
verbs: ["*"]
|
|
||||||
- apiGroups: ["apps"]
|
|
||||||
resources:
|
|
||||||
- replicasets
|
|
||||||
- deployments
|
|
||||||
- statefulsets
|
|
||||||
verbs: ["*"]
|
|
||||||
- apiGroups: ["batch"]
|
|
||||||
resources:
|
|
||||||
- jobs
|
|
||||||
- cronjobs
|
|
||||||
verbs: ["*"]
|
|
||||||
- apiGroups: ["autoscaling"]
|
|
||||||
resources:
|
|
||||||
- horizontalpodautoscalers
|
|
||||||
verbs: ["*"]
|
|
||||||
- apiGroups: ["networking.k8s.io"]
|
|
||||||
resources:
|
|
||||||
- ingresses
|
|
||||||
verbs: ["*"]
|
|
||||||
- apiGroups: ["rbac.authorization.k8s.io"]
|
|
||||||
resources:
|
|
||||||
- roles
|
|
||||||
- rolebindings
|
|
||||||
verbs: ["*"]
|
|
||||||
- apiGroups: ["monitoring.coreos.com"]
|
|
||||||
resources:
|
|
||||||
- podmonitors
|
|
||||||
- servicemonitors
|
|
||||||
verbs: ["*"]
|
|
|
@ -1,37 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: drone-runner-secrets
|
|
||||||
namespace: drone
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
DRONE_RPC_SECRET: ENC[AES256_GCM,data:HEXPjEhzVd32+DrxgsZUj3wSX21QCuMjHiwR1P+OhOI=,iv:DWcpdvoO5x3pAbAYtHPC0t8CCzUV6EHBeM5pwNxH/yw=,tag:oLRLwOmbNMsOD2NclOQwFg==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldVdpMWV2eW85bzJ2aDQr
|
|
||||||
a0dQcEtZZHRvdG5iTGlBc1dQRFRLbVVoZEJVCkluZnFqTkZoL2p5QUdReWtHVFlE
|
|
||||||
bzhMMldBNG83TzlhTlZrL1dLRi82aEEKLS0tIDBka2xPN2E0ZE1ZN2RYUlNFcmZu
|
|
||||||
eURnd1RpYzZ4NmdRSUN3aXVYVDYwWVUKeUhg2fbE+L1Dr4re0kuJ0Lhhf38lJiZ3
|
|
||||||
7D0szVTlCoIcFQFMOUNwpNdYGuBkyXhJgpSpyUhIuPGE5gxkrLZI1g==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTWEyaWZXd3pSVFQ4NnV3
|
|
||||||
N3c2S2RUQTU1MDZwQ0tuVVk0bmxIU1NuY0hBCitQdE1JYm9MRjNrN2kzSmNOWUQ0
|
|
||||||
UCtZODZRaUhiTnhvSjBVUk94ZDFDWFkKLS0tIFo2bVlUbUFOUk9ESmdvKzkrQlY2
|
|
||||||
QzVTTjVsb0ovT1JNRUw2dXQrcnVJUm8KvQ4hyDw8ImxrSzn5qpo9xkkQnapDXwKl
|
|
||||||
lfV9wESEo23V5MO/ZMxGBl1S1RzR10abcwkuzpYNfDr5DW4wvKPdYA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-10-26T19:23:40Z"
|
|
||||||
mac: ENC[AES256_GCM,data:eFCDA4wsm056C1Vzjer5whxItNoZNk7w3c0VvcpIMN0qrP6u7vZjEezsrT9OGv/sh7DLvVRx6qmIKZ6tw8kc7cutZB7OqfqwYLTTkPcXbVPIwCubjc4LseyFeXGhPQmQH52c8SCtKM/Ft9WMdlE624mpACLUXp7aKvGuiRkwREs=,iv:Qbt+GkUyYeopknU+z4nQ96q6blmuKS3gShQ8GuZ/qFw=,tag:OpUHMsil1ij3FbWIe43FAQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,45 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: drone-secrets
|
|
||||||
namespace: drone
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:HWUsFOc2tD8CnEm4m4+2nuynOOW6lbUrtROLaPNgkmI=,iv:pmfvhL69opyb/MPlLRNjhjid5ORtE/E1B2/tCdOJKIc=,tag:xUVez9qJc4eBR14HeHyYmA==,type:str]
|
|
||||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:skSkCr5p1YpNqeiwUz1zTUstRb9wbaSUVOzCgyLJxf9kKXWpPjQOQxve7s5m6iNhwgxICBmjNgxA6f2wYXrF2w==,iv:h/kNCcbYfXDGyH1oUz1A2Nfeb/AM92msQQ65YXHu+o4=,tag:xv7tm2PtVOCBtJ45K6H/QA==,type:str]
|
|
||||||
DRONE_COOKIE_SECRET: ENC[AES256_GCM,data:zG8FSKnxIRVk7cCbtIP6VC2tbM+FfjFcg5Y6mTE19Tw=,iv:Ac50qD8l7CwtGxFFITl/0dMq1McHbztU7320v4pPWFs=,tag:JZCwGhJ+NQ/pdpULMzI+pQ==,type:str]
|
|
||||||
DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:j5sqt/EpuGOHQH2p+kuwm/CYIxT0DviopKST2MrTpXR+Jh20NRgiq9CnYFTzCIHQZaSsO16b4Gyu0ViXgYSEK5t0j0QNnEjo8/z+ko6mOYEMyAbdAUuBmS9i/vbCb0HaXTpoTy3RG7Vjxif3WqDf,iv:b1rssEhX4K/cHNEytIuLW8NZaOPSnOokmhH+kBggyN8=,tag:Ns4lIcSWntsT1zpKMNd7cg==,type:str]
|
|
||||||
DRONE_DATABASE_SECRET: ENC[AES256_GCM,data:qSNVcSzH0y0pCY07Y3yDjfMaPZFtPWEmf3tqq076n7o=,iv:XNJaU2kQJeS7iMJyIoAkwzVS3QdqLAZy/FbE3VFvYXU=,tag:FPYbmgQ8/VSkMexXko+7Nw==,type:str]
|
|
||||||
DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:jTR4bxuyrxt5llnRDuBHnughiIyzKQ2JEylh16wjZDIyWrid,iv:NrUudI15R+ZiaL3M/k70Mdfm20aerCWjDs6R0MHC4Hc=,tag:kfX4fNcCP4Xy//V72WzDrg==,type:str]
|
|
||||||
DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:0t8swJmx5qSvx7q9GsuRU+FOfcKxelIzDm5u16Nypfrqf5m9CbqmT39Uibj1wL8dWwx04Xo4mxc=,iv:agqn9RVuDq9WXly1AvckabpIyOqyK+0E89u4iItKRn4=,tag:KZLQlq+61QZtFGY/CnlQ2w==,type:str]
|
|
||||||
DRONE_GITEA_SERVER: ENC[AES256_GCM,data:BgMZnIL6OM5r4N+L4RU9t8Pf2XOEMYA=,iv:4dbpEY3iCMmwEOPwp40VDkOIYUOfCkOnRXsmf9P/acE=,tag:1Vb6R/s+sK1UnZBIkZXxKQ==,type:str]
|
|
||||||
DRONE_RPC_SECRET: ENC[AES256_GCM,data:dyaF1jehSfCk+3lbuPffibwpXEQCggb1O7YRNu1Li7Q=,iv:wBlkUev6z1F9n+BjDfa5NAXjBbGm94AEfdUqiwrxUek=,tag:y66eOgLjTnYA3ZYFgWMKTg==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHUXdoTlVUYW1kSEp1eVF6
|
|
||||||
OFVUbndGRjEvR0ppOW94K2ZEekpCTjNXQlU4ClpsRkVKd2JSTldacm9Ddm9OZ2N0
|
|
||||||
Q0dtRUpTMmdIZkRwaDBHNUpmbG1Wbk0KLS0tIHM2OW9MYUord0pTT1ZRSXQvLzlN
|
|
||||||
VWR5WmNSTUF4MWNnVW5kQnBKUVZWNkkKErKeKJge7brrhxxZqlE7SOxQVcRczPhH
|
|
||||||
yd/bmsHwg84yOOsJejwXTMAmZcEns6qIHpq6PE7icqnsm40H6Ms1zQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RGhBQmZxY3BVK1JyY2JF
|
|
||||||
SUZDbUpQbUliQUpGM0VPQ3J3Y2txNXVVZlU0Ck1KY0NoM3IycUNPV0pkeWliVVNM
|
|
||||||
KzA5a0trQTN2ZDFmZUV3ZnlNVFF5K0kKLS0tIGdJWFJrNUU4UHFZSnNCMWMwSW5S
|
|
||||||
VGN1VEJlL3RxOXVwNmo3RTk4aUhEb1EKtAHu3KqQ7EH7SQE/Dvc6gfuSmkcsy3+c
|
|
||||||
1xxDYh69cMHkV3q4Wfnqg/DyWUq6D7OE4tVAuzNfo1SzZuBHXXCdQQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-11-08T18:21:47Z"
|
|
||||||
mac: ENC[AES256_GCM,data:Lblzygh5+S25J2c1bH+hlKE9DGkmYAzI+BcBfpoLs3uB16NIyIku833XN0jEerpxINSiJMClLBVzZ2uKCpDCfcxxz0rJIldtoUqOzKtxTtcziMt6VXoG3h5m9pPbILzGU27uzo/D7E9SbXAUAmTGYsEFLx/R7bZYWMCdhgCOO0I=,iv:tnjm+xhTCie9W8LPG4MYCK3KNMZBa8TJPmzpYxZ0HQc=,tag:R4W/OU/aNCz5S7pXHjIWbg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: drone
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: inetmock
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: blog
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: buildr
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
|
@ -1,42 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: drone-deploy-blog
|
|
||||||
namespace: blog
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: drone-deploy
|
|
||||||
namespace: drone
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: drone-deploy
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: drone-deploy-inetmock
|
|
||||||
namespace: inetmock
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: drone-deploy
|
|
||||||
namespace: drone
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: drone-deploy
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: drone-deploy-buildr
|
|
||||||
namespace: buildr
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: drone-deploy
|
|
||||||
namespace: drone
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: drone-deploy
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: drone-deploy
|
|
||||||
namespace: drone
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: drone-deploy
|
|
||||||
namespace: drone
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/service-account.name: drone-deploy
|
|
||||||
type: kubernetes.io/service-account-token
|
|
|
@ -1,12 +0,0 @@
|
||||||
apiVersion: viaduct.ai/v1
|
|
||||||
kind: ksops
|
|
||||||
metadata:
|
|
||||||
# Specify a name
|
|
||||||
name: drone-secrets-generator
|
|
||||||
annotations:
|
|
||||||
config.kubernetes.io/function: |
|
|
||||||
exec:
|
|
||||||
path: ksops
|
|
||||||
files:
|
|
||||||
- ./resources/drone-secrets.enc.yaml
|
|
||||||
- ./resources/drone-runner-secrets.enc.yaml
|
|
|
@ -19,6 +19,11 @@ spec:
|
||||||
image: external-dns
|
image: external-dns
|
||||||
args:
|
args:
|
||||||
- --source=ingress
|
- --source=ingress
|
||||||
|
- --source=gateway-httproute
|
||||||
|
- --source=gateway-tlsroute
|
||||||
|
- --source=gateway-tcproute
|
||||||
|
- --source=gateway-udproute
|
||||||
|
- --gateway-namespace=projectcontour
|
||||||
- --domain-filter=icb4dc0.de
|
- --domain-filter=icb4dc0.de
|
||||||
- --zone-id-filter=ee5cd581559fcf20384856ed5b1b2f0b
|
- --zone-id-filter=ee5cd581559fcf20384856ed5b1b2f0b
|
||||||
- --provider=cloudflare
|
- --provider=cloudflare
|
||||||
|
|
|
@ -4,11 +4,14 @@ metadata:
|
||||||
name: external-dns
|
name: external-dns
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["services","endpoints","pods"]
|
resources: ["services","endpoints","pods", "namespaces"]
|
||||||
verbs: ["get","watch","list"]
|
verbs: ["get","watch","list"]
|
||||||
- apiGroups: ["extensions","networking.k8s.io"]
|
- apiGroups: ["extensions","networking.k8s.io"]
|
||||||
resources: ["ingresses"]
|
resources: ["ingresses"]
|
||||||
verbs: ["get","watch","list"]
|
verbs: ["get","watch","list"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
verbs: ["list", "watch"]
|
verbs: ["list", "watch"]
|
||||||
|
- apiGroups: ["gateway.networking.k8s.io"]
|
||||||
|
resources: ["gateways","httproutes","tlsroutes","tcproutes","udproutes"]
|
||||||
|
verbs: ["get","watch","list"]
|
|
@ -1,32 +1,11 @@
|
||||||
image:
|
image:
|
||||||
rootless: true
|
rootless: true
|
||||||
|
|
||||||
service:
|
|
||||||
ssh:
|
|
||||||
type: NodePort
|
|
||||||
nodePort: 32022
|
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
type: Recreate
|
type: Recreate
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: false
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: where to code goes to
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: forgejo.png
|
|
||||||
gethomepage.dev/name: Forgejo
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
hosts:
|
|
||||||
- host: code.icb4dc0.de
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- code.icb4dc0.de
|
|
||||||
secretName: forgejo-ingress-tls
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
|
|
|
@ -15,6 +15,7 @@ images:
|
||||||
newTag: "nightly"
|
newTag: "nightly"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
- resources/routes.yaml
|
||||||
- resources/dragonfly.yml
|
- resources/dragonfly.yml
|
||||||
- resources/runners/act-runner-arm64.yaml
|
- resources/runners/act-runner-arm64.yaml
|
||||||
- resources/runners/act-runner-amd64.yaml
|
- resources/runners/act-runner-amd64.yaml
|
||||||
|
|
48
forgejo/resources/routes.yaml
Normal file
48
forgejo/resources/routes.yaml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: forgejo-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- code.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: forgejo-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- code.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: forgejo-http
|
||||||
|
port: 3000
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||||
|
kind: TCPRoute
|
||||||
|
metadata:
|
||||||
|
name: forgejo-ssh
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: ssh
|
||||||
|
namespace: projectcontour
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: forgejo-ssh
|
||||||
|
port: 22
|
1
ghostcms/.gitignore
vendored
1
ghostcms/.gitignore
vendored
|
@ -1 +0,0 @@
|
||||||
charts/
|
|
|
@ -1,33 +0,0 @@
|
||||||
imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
|
|
||||||
imageTag: v6.3.3
|
|
||||||
|
|
||||||
nodes: 3
|
|
||||||
podDisruptionBudget:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
persistentVolume:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 100Mi
|
|
||||||
limits:
|
|
||||||
cpu: 250m
|
|
||||||
memory: 256Mi
|
|
||||||
|
|
||||||
exporter:
|
|
||||||
enabled: true
|
|
||||||
imageTag: v1.51.0
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 50Mi
|
|
||||||
limits:
|
|
||||||
cpu: 150m
|
|
||||||
memory: 100Mi
|
|
||||||
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
|
@ -1,32 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: ghostcms
|
|
||||||
|
|
||||||
images:
|
|
||||||
- name: ghostcms
|
|
||||||
newName: docker.io/ghost
|
|
||||||
newTag: 5.79.3-alpine
|
|
||||||
|
|
||||||
commonLabels:
|
|
||||||
app.kubernetes.io/instance: icb4dc0de
|
|
||||||
app.kubernetes.io/managed-by: kustomize
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- resources/namespace.yaml
|
|
||||||
- resources/db.yaml
|
|
||||||
- resources/pvc.yaml
|
|
||||||
- resources/deployment.yaml
|
|
||||||
- resources/service.yaml
|
|
||||||
- resources/ingress.yaml
|
|
||||||
|
|
||||||
generators:
|
|
||||||
- ./secret-generator.yaml
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: keydb
|
|
||||||
repo: https://enapter.github.io/charts/
|
|
||||||
releaseName: ghostcms-keydb
|
|
||||||
namespace: ghostcms
|
|
||||||
version: "0.48.0"
|
|
||||||
valuesFile: config/values.keydb.yaml
|
|
|
@ -1,41 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: ghostcms-secret-config
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
database__client: ENC[AES256_GCM,data:sr6EfhI=,iv:pOo9u6/twN/F7O9B2TDoB5Zs5FC60vyLYtvJVDMUtV0=,tag:v2CLpeiV5CVzLK7pKAFbKA==,type:str]
|
|
||||||
database__connection__host: ENC[AES256_GCM,data:f8eQyV/1OvXQdHs/DtW6q1NbHqLIqbMi,iv:F0ChUjxJunyuKG2hKwHjylaHTDLA9SgMNMMX93aHo7c=,tag:4DcCiD1JRSqPd/KQSsyHsg==,type:str]
|
|
||||||
database__connection__user: ENC[AES256_GCM,data:zq6qSDV2N18=,iv:Pdt16Av6sw6iAEBPDu6W06AFsgBq7wkhTaxkyQahhac=,tag:RJesMhyVRK5VFFsJQsWeoA==,type:str]
|
|
||||||
database__connection__password: ENC[AES256_GCM,data:irsrzl+G4+HHosntR8/Y6BEuHmi5WAJEsZf+jwzlsbo=,iv:29BoRix+4CpMIjcFKFFDXTxEaQjHwERUTvxWwUgkLas=,tag:WoB18ym4MxO20oAnqxP5GQ==,type:str]
|
|
||||||
database__connection__database: ENC[AES256_GCM,data:+tiIhcFt06I=,iv:kwX/n8+4LW5eKmST3wxhdvPcmZoxtEh6zJ+spbvccPM=,tag:ZlwXxLRfZ6XpGE3hRga/2g==,type:str]
|
|
||||||
url: ENC[AES256_GCM,data:iNCEULqcDoiGhvAA1y80mbL0+lOzCxo=,iv:lw+5Sk1tRPJFOqIKH1MaQn7RvG02Hg0kmLTIT7JSeNE=,tag:vGNQVyRrnu1kBLYNEdNIzA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRkFMcWRyNE9tMU5NVkVs
|
|
||||||
UmNsSFVDN3k4SDJxK2tva1Rza2xuR2ExcUhVCndua28xNUZBaVlGeTJ0TG0xMlpo
|
|
||||||
cTB5ZTBkMzZ4NW03T1ZacmVGRnZMUXMKLS0tIEYyVGdMZlVCTHREdnBOR3h3NU4x
|
|
||||||
UzBWYXdMS3RadXpEQmN6cVBBUUpHWkUKugUfHbVc5+0597P5r8k8bAIcXHx2BfFe
|
|
||||||
DVdOoxLasWTXvz1GWTFuzvin3Z42GB9zCnjfzkEnwXbATwQy26MhaQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndE9JcHB5NWtBRDZLYTQ4
|
|
||||||
QXhJRG93bEtXYUlmRWhKWC93Mng2YUtDN2ljCmE3RklOdTN2dE42Q0RSc0djSXpX
|
|
||||||
UzBkdXRPVHJ2YUFDR0REeSt5YS9NNEUKLS0tIGJGR0pBWUp3Vm5tMVNneUtaQ1NB
|
|
||||||
UnE2NTVSSUp1OEVFVDd5bHJYOEZpaVkKqmw9GLZavqaPQOJjGhLqXo4ggfmFDgXz
|
|
||||||
C9HNxeDVr2kY452gleVS/YFTPWo0QPevl0SjpZg2gvnz28qLDSNXYQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-11-02T19:37:36Z"
|
|
||||||
mac: ENC[AES256_GCM,data:W1Q9cRmdgxtpREVPzbI9kF3wEFFkF9vWTek8n6sNEDyYd2sew9FQ0gaqoA2bSKro8ff4iLBpwChQIhM7AZbiw5CP0OjUZMWbcjw8YeJEwowIZ+jp3D4qrMuAfjdqhoAJf2G75RyWsChsRG2fPyQ0rVU0sPJf3haiA0MziZi97xM=,iv:yghPQbr5/CLZIeltIGPXYozs08KdcmypSOTO+OrZiHk=,tag:nIh+ntR5wcLJm2AihwhQ9A==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,37 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: ghostcms-db-creds
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
root-password: ENC[AES256_GCM,data:tCCuYiHneNQMbWk9JYBOQT0fq+M3yjSJpg5MeMVl7Bw=,iv:EAX8seGBIUtaG2/S5SDUKYBkY57g4UKJdMFjCTBBZIs=,tag:giYe8hiyk8dSbcNT9fHJhQ==,type:str]
|
|
||||||
password: ENC[AES256_GCM,data:ae7q5C9RyPZJEpMSYc11Rdx0fgyxZSdW0QPrrhd4EXU=,iv:PZd/tVfoh3xetvov/BVdRPeev2MKRG+6uVLmi1YkHRA=,tag:H2fe2T0TWLV93yhcNheYhg==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFREpwa1VjOHZOa1Rmc3M3
|
|
||||||
R001d0cxZjNYMUNLeGdxODlmMWI2bVVJd0RBCmxuOVl2cGg1dHpHU2tSMDJGSVpQ
|
|
||||||
TU5udWpEdjZZQVR5RnE3djFxZWcyRHMKLS0tICtCK1k5V0JTVy9PamViL3BtYTZk
|
|
||||||
WEo0RU5seTZvR2E2ZnhwdTNwUGF4K00KHItzwS/FL1N3iB5880SqBCAzogk2mvJo
|
|
||||||
frkb2ysHPA3e6mC/iYEJwENYTjHqi4tfkwYQmYErAFnNeD28690q1w==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaHJPb1FORk5NL2Q3Y2Fx
|
|
||||||
S3FzQjBmUmNTdVRiYkJqOE94THB6Q0ZwU3pzCmtLT0ZsZ2NEQVVVSy9IMFEyTnNN
|
|
||||||
QUVCQ1IxQjYvVGV5U1lHcUJveHk5ZU0KLS0tIFo5eWZIUzFma3BYWnlaZ08xVFkv
|
|
||||||
Y2YwMThRcUlTSVJmSDArbzdudGs3a1UKqfdWZlKDD3qsYAAKYts51XS41a52O5w1
|
|
||||||
Rivz1sRaMg7deBAMcERU9ACH7NmatWSTvehkKBWpGdkQuiGIcMCEBA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-10-31T14:40:10Z"
|
|
||||||
mac: ENC[AES256_GCM,data:mK71CK+Cp/BbobMrCr5nHpb/bdXQLFB1mxhq1vzw8FZqGQzvYQ2X5pQFeJe8Z3jOYBaR+EUIETdWnBqp7kpaci0QLYw7DnrANpAPmQxczyvITh2m1RNgkHiQxkzF7ywmmdQjr8jrm79p7viy488HLgyrCuiB5zcSW6Cu1D3RT+Y=,iv:Hsafop14fyk3cKpI9TJKHwBjVDR7v92vcHB72Qf14Nw=,tag:eM2QkUKJVN9h27ccw3Zt1w==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,51 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: mariadb.mmontes.io/v1alpha1
|
|
||||||
kind: MariaDB
|
|
||||||
metadata:
|
|
||||||
name: ghostcms-db
|
|
||||||
spec:
|
|
||||||
rootPasswordSecretKeyRef:
|
|
||||||
name: ghostcms-db-creds
|
|
||||||
key: root-password
|
|
||||||
|
|
||||||
image: mariadb:11.1.2
|
|
||||||
|
|
||||||
port: 3306
|
|
||||||
|
|
||||||
|
|
||||||
database: ghostcms
|
|
||||||
username: ghostcms
|
|
||||||
passwordSecretKeyRef:
|
|
||||||
name: ghostcms-db-creds
|
|
||||||
key: password
|
|
||||||
|
|
||||||
volumeClaimTemplate:
|
|
||||||
storageClassName: hcloud-volumes
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 10Gi
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
|
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
|
|
||||||
livenessProbe:
|
|
||||||
exec:
|
|
||||||
command:
|
|
||||||
- bash
|
|
||||||
- -c
|
|
||||||
- mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
|
|
||||||
initialDelaySeconds: 20
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 5
|
|
||||||
|
|
||||||
readinessProbe:
|
|
||||||
exec:
|
|
||||||
command:
|
|
||||||
- bash
|
|
||||||
- -c
|
|
||||||
- mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
|
|
||||||
initialDelaySeconds: 20
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 5
|
|
|
@ -1,69 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: ghostcms
|
|
||||||
spec:
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: ghostcms
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: ghostcms
|
|
||||||
spec:
|
|
||||||
initContainers:
|
|
||||||
- name: plugins
|
|
||||||
image: ghostcms
|
|
||||||
imagePullPolicy: Always
|
|
||||||
command:
|
|
||||||
- /bin/ash
|
|
||||||
- -c
|
|
||||||
- '-'
|
|
||||||
args:
|
|
||||||
- |
|
|
||||||
if [ ! -d "/var/lib/ghost/content/adapters/storage/s3" ]; then
|
|
||||||
npm install --prefix /tmp ghos3
|
|
||||||
mkdir -p /var/lib/ghost/content/adapters/storage/s3
|
|
||||||
cp -r /tmp/node_modules/ghos3/* /var/lib/ghost/content/adapters/storage/s3
|
|
||||||
fi
|
|
||||||
volumeMounts:
|
|
||||||
- name: ghost-content
|
|
||||||
mountPath: /var/lib/ghost/content
|
|
||||||
containers:
|
|
||||||
- name: ghostcms
|
|
||||||
image: ghostcms
|
|
||||||
imagePullPolicy: Always
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: ghostcms-secret-config
|
|
||||||
ports:
|
|
||||||
- containerPort: 2368
|
|
||||||
env:
|
|
||||||
- name: NODE_ENV
|
|
||||||
value: production
|
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
privileged: false
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
memory: "384Mi"
|
|
||||||
cpu: "100m"
|
|
||||||
volumeMounts:
|
|
||||||
- name: ghost-content
|
|
||||||
mountPath: /var/lib/ghost/content
|
|
||||||
securityContext:
|
|
||||||
fsGroup: 1000
|
|
||||||
runAsGroup: 1000
|
|
||||||
runAsUser: 1000
|
|
||||||
runAsNonRoot: true
|
|
||||||
volumes:
|
|
||||||
- name: ghost-content
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: ghost-content
|
|
|
@ -1,23 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: ghostcms
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: GhostCMS blog
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: ghost.png
|
|
||||||
gethomepage.dev/name: GhostCMS
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: blog.icb4dc0.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: /
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: ghostcms
|
|
||||||
port:
|
|
||||||
number: 2368
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: ghostcms
|
|
||||||
labels:
|
|
||||||
prometheus: default
|
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: ghost-content
|
|
||||||
spec:
|
|
||||||
storageClassName: hcloud-volumes
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 10Gi
|
|
||||||
volumeMode: Filesystem
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
|
@ -1,12 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: ghostcms
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app.kubernetes.io/name: ghostcms
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 2368
|
|
||||||
targetPort: 2368
|
|
|
@ -1,12 +0,0 @@
|
||||||
apiVersion: viaduct.ai/v1
|
|
||||||
kind: ksops
|
|
||||||
metadata:
|
|
||||||
# Specify a name
|
|
||||||
name: ghostcms-secret-generator
|
|
||||||
annotations:
|
|
||||||
config.kubernetes.io/function: |
|
|
||||||
exec:
|
|
||||||
path: ksops
|
|
||||||
files:
|
|
||||||
- ./resources/db-cred.enc.yaml
|
|
||||||
- ./resources/creds.enc.yaml
|
|
|
@ -18,7 +18,7 @@ resources:
|
||||||
- "resources/namespace.yaml"
|
- "resources/namespace.yaml"
|
||||||
- "resources/deployment.yaml"
|
- "resources/deployment.yaml"
|
||||||
- "resources/service.yaml"
|
- "resources/service.yaml"
|
||||||
- "resources/ingress.yaml"
|
- "resources/http_routes.yaml"
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- ./secret-generator.yaml
|
- ./secret-generator.yaml
|
||||||
|
|
34
hedgedoc/resources/http_routes.yaml
Normal file
34
hedgedoc/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: hedgedoc-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- md.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: hedgedoc-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- md.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: hedgedoc
|
||||||
|
port: 3000
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: hedgedoc
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: Markdown scratch pad
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: https://md.icb4dc0.de/icons/android-chrome-192x192.png
|
|
||||||
gethomepage.dev/name: HedgeDoc
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: md.icb4dc0.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: /
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: hedgedoc
|
|
||||||
port:
|
|
||||||
number: 3000
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- md.icb4dc0.de
|
|
||||||
secretName: hedgedoc-ingress-tls
|
|
|
@ -1,11 +0,0 @@
|
||||||
OAUTH2_PROXY_PROVIDER=github
|
|
||||||
OAUTH2_PROXY_PROVIDER_DISPLAY_NAME=Forgejo
|
|
||||||
OAUTH2_PROXY_REDIRECT_URL=https://home.icb4dc0.de/oauth2/callback
|
|
||||||
OAUTH2_PROXY_LOGIN_URL=https://code.icb4dc0.de/login/oauth/authorize
|
|
||||||
OAUTH2_PROXY_REDEEM_URL=https://code.icb4dc0.de/login/oauth/access_token
|
|
||||||
OAUTH2_PROXY_VALIDATE_URL=https://code.icb4dc0.de/api/v1/user
|
|
||||||
OAUTH2_PROXY_REVERSE_PROXY=true
|
|
||||||
OAUTH2_PROXY_UPSTREAMS=http://127.0.0.1:3000
|
|
||||||
OAUTH2_PROXY_EMAIL_DOMAINS=*
|
|
||||||
OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:3001
|
|
||||||
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
|
|
|
@ -1,36 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: homepage
|
|
||||||
|
|
||||||
images:
|
|
||||||
- name: homepage
|
|
||||||
newName: ghcr.io/gethomepage/homepage
|
|
||||||
newTag: "v0.8.8"
|
|
||||||
- name: oauth2-proxy
|
|
||||||
newName: quay.io/oauth2-proxy/oauth2-proxy
|
|
||||||
newTag: v7.6.0
|
|
||||||
|
|
||||||
labels:
|
|
||||||
- includeSelectors: true
|
|
||||||
pairs:
|
|
||||||
app.kubernetes.io/instance: icb4dc0de
|
|
||||||
app.kubernetes.io/managed-by: kustomize
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- "resources/namespace.yaml"
|
|
||||||
- "resources/sa.yaml"
|
|
||||||
- "resources/sa_secret.yaml"
|
|
||||||
- "resources/cluster_role.yaml"
|
|
||||||
- "resources/cluster_role_binding.yaml"
|
|
||||||
- "resources/deployment.yaml"
|
|
||||||
- "resources/service.yaml"
|
|
||||||
- "resources/ingress.yaml"
|
|
||||||
|
|
||||||
generators:
|
|
||||||
- ./secret-generator.yaml
|
|
||||||
|
|
||||||
secretGenerator:
|
|
||||||
- name: oauth2-proxy-base-config
|
|
||||||
envs:
|
|
||||||
- "config/oauth2-proxy.env"
|
|
|
@ -1,49 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: homepage
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- namespaces
|
|
||||||
- pods
|
|
||||||
- nodes
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- apiGroups:
|
|
||||||
- extensions
|
|
||||||
- networking.k8s.io
|
|
||||||
resources:
|
|
||||||
- ingresses
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- apiGroups:
|
|
||||||
- traefik.containo.us
|
|
||||||
resources:
|
|
||||||
- ingressroutes
|
|
||||||
- ingressroutes/status
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- apiGroups:
|
|
||||||
- metrics.k8s.io
|
|
||||||
resources:
|
|
||||||
- nodes
|
|
||||||
- pods
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- apiGroups:
|
|
||||||
- apiextensions.k8s.io
|
|
||||||
resources:
|
|
||||||
- customresourcedefinitions
|
|
||||||
- customresourcedefinitions/status
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: homepage
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: homepage
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: homepage
|
|
||||||
namespace: default
|
|
|
@ -1,43 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: homepage-config
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
bookmarks.yaml: ENC[AES256_GCM,data:EpNhM/Uaoo/zGpsbsrmLvNSSAplc1pUrOA1LP2wZY4zh3fgHc/f47e95j59Wa9YScGbEx3/+nzUbvQmW2i1zjV+9pLQRcBg6RsBWhRcwLlmcTA==,iv:5pxGhroFCqv1jaDQY0FZN1ReJ3H6HSrdaQFWzekKczU=,tag:ebhZM3Ux5SwbXupEA+qsHw==,type:str]
|
|
||||||
custom.css: ""
|
|
||||||
custom.js: ""
|
|
||||||
docker.yaml: ""
|
|
||||||
kubernetes.yaml: ENC[AES256_GCM,data:I+/V1rEWrQ5AH7mt8g==,iv:hMiXMxRKXLaJItecxULvDkzV0pdF1VwridsfgvG6pKU=,tag:9c9lLvSsHPqPZnBbWcm0/Q==,type:str]
|
|
||||||
services.yaml: ENC[AES256_GCM,data:3d8SWZ/mmKnAkaC3IHpsuz8pbB2+XA5dKb+skTbpnxOhJmEHpTVpzEPS7s7AdaPZbuHPSN2HMgURKF3/tgwNSje7a20W+ApUc1nNfqBnCldzz14gVJp9X4JVtY/9COc3lmSBgkFoQTv/HmLlxtIps3eYfUU2lfabZiMMYWKKvJ9kpIDamsQCwmwP2w/scf5bUXs7xmmq7tLZHuEY4R3e1cuZrlukF3ZhIyIugCb6G7J8zAPZxMnaQ+shewLaRijcPqk+Oj8GgucPnr8IGLC83QXpbbE5XhSCYNNSWYDXyDukuBoulQuzJTR3UfmmdiqKCT+U2m06p+JeEnXOtOe0ovjMc/cb2e9UruBp4NqMBKw0ZaXKJBb4dRkDgBr8KZm5iHFFqO9b6aVDQR8g/CB4dMJ+2F6uXf2nGdEoMTW9x3Jdzgssvu1E8GIGA69l5CaDfY02n1s9pJQnSewK5oft2f9VKKbXVZ+C3Hbvfo/hLi6hGQCuwLYABPYfSlTXbc4w1mNHjMH79axO0lQfra3RPHdl9zfLc8yvaAMn4JGSb4m4yk/85ymX46QHrQL7OWoM8zpiknCrbRmty9hSRQ0j2IoKXBeZf/xuzhukZqJbJztfOs7RrALZg33z/U/xmGnNdTKVpBf3gF6Oltvt1alzfnWSjpBUAgpVtpUdXPtqm7EiCCwDbk7qWGm/hJpY9gfl+GLRZ5iieUroycGahqFMJV3u20/DD8vAjf1H30a1uenDfmiEqdqRCUFndsY/hWAMik+dZKu1RBrWNp1v/CJqxJ8=,iv:KBXZ45bV9tosXm8isbs+twA9ghQ5T++6NUOt+zzaC/4=,tag:19ivPWPlJP8kI2qeRUVvqw==,type:str]
|
|
||||||
settings.yaml: ENC[AES256_GCM,data:yvYu7VrWPeDZWEeiLCx7ow76HRgmEWVAfczOkZFlpc1Yrq5ASISiXhk=,iv:2s0Kz25YMh7yZ6CotJhFdLEiAbvEFYNzp3ghksbWm28=,tag:q1bl1+s24KGgj8N7cpEjVw==,type:str]
|
|
||||||
widgets.yaml: ENC[AES256_GCM,data:ph9yvrX38L1RqCi8L0fjPQF7BmNNksdBiZdhBUoomw+xjF+99Nn+fj6AQVo2WvFy8LKsx++lT36eAO1WJR4i1HvTjTcIPSzMcVeM7TxvEsNEX9ZVzxqaneo7w3/R6FcjnAHLqMbDya9oqmEVUkBiwXcfQevWEZLff0KLWBeDdH8ILRGY0DLwSteWw2bwnkhsJkUahMbNihA6x4aKGMTQwQjJOGlh8WGDEC9fvq+BVu0bfJ5Oqy4eO2pynI6sGdHlX30456puDFxhha3Hc/Okckoek2+G6CfMFC1u5NSfatqqSNaWmgRFtJlRkDuAoGupMQhlocKrlHWG9KyLwAp75PiK5/P1bu9+5YlkBHipiJMQaeqnh+3E7BRY/QL7Q4dsgVA1c+lRwgh2iY+6snWIlPfxGHYt5aJIPjdGynDZCS6lO5eUhjvRzYFDUjjVUhllLTwJodqTYBqZj3sqMnIjlV1AN0eKDilAD7A3ovMFGeFaqXAMkJ1qqTO98Q0EtqlC1m7TLnbuuYT24R3t7F35jvFMAkapIAoE4kTaChwq5FRwtWSf25IDXhfK0Yc30j9374fYZ6Hj95sf1GtRp/n2Hv9mVZ7RN13uelHJAqK+QBdIGNGLE7eamMhrOjcI8LkQMc7doMWsqgAFgdrZ1rp2HLayVa0cxCU7tTcJn2qCamTYFRquEO/oNaCwdNHTsKWH/phzEwz9BEz/c0vNEc0xLn3cXIUbwL0/C9DFyA+HHLNiAP/KkRAa+cWNnCyihkdSGTK82p9yiAZG74c+ZJPWFOi2XakTmSM=,iv:hUKLr3J6G660sUJbHx7y40q4sU2Zve64KAHdVxe8nGg=,tag:dIRk9SulLYfE0Th3eX12xA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQVVaUUl4NjV6RkdpTzh3
|
|
||||||
WEZIR3hScC9RaDlHMnJscjdWN1RZMXVmSEhNCnZsUGtuOGV6MWVadHdZcGpjOU9j
|
|
||||||
UDNPNW1WRXdWT0Z3SndDeWkxWEQ5SkUKLS0tIEsrSXZyTHI5dmt2dktsZDFrTm92
|
|
||||||
VTVlZTNqUFR3eXNBVW1DMVVLSzZJSkUKPy0xO7yQuuy+fzngITe71drKxsRvZUoI
|
|
||||||
je3yUDNG0oNk/vVLityGc0p+4K0YBTCwQbNReEtG3gaNytcM75zcGw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3K2lNaUgvZjJqV3V5MzVy
|
|
||||||
ald4MTVIUWU1WG1ES1Yza0JhaWhFTDFCMVNnClRqajloVm51WnZsNG9SSGFDUG5S
|
|
||||||
YnZwZ2NGVlowaTJIcGtid0crVlZ2a2MKLS0tIHNuaEhtd3VXcDNKYzUxZjE1ZEkv
|
|
||||||
dWZHWXNNQlBIRTA1dFZXdXM1ZzlFSXMK3BJyrwoIRldG3lrGpNKiMA0QWNQA1jt1
|
|
||||||
zEqT2pgENYG8SZLXHKH3Ywrb9fNjHYPajLC6bYxkwTqTSIziNiwmaQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-10-25T19:41:17Z"
|
|
||||||
mac: ENC[AES256_GCM,data:bsjhBINLZxZUB+KUMKmJ1gFD+bkzZ9xSX0iClGRmBZb7dh2rMNPKjCfPGRdYkLEcVbREbbHYPgw74RrHYlc7cjDWiNQEB2i8xkPCScE5B8xQxmHQOIkWW4u2IR26vqPhslXI5ucYi9ojO6I5vrtbuIdxvVAdHUyqjNOz1o4/vFY=,iv:cwMx4ItAph0ETcJf6MJhIDd49eK7G7Bk9bGCksNhF0M=,tag:uv8Qd8jbnTRQKiz8BhXSOg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,74 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: homepage
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
spec:
|
|
||||||
revisionHistoryLimit: 3
|
|
||||||
replicas: 1
|
|
||||||
strategy:
|
|
||||||
type: RollingUpdate
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
spec:
|
|
||||||
serviceAccountName: homepage
|
|
||||||
automountServiceAccountToken: true
|
|
||||||
dnsPolicy: ClusterFirst
|
|
||||||
enableServiceLinks: true
|
|
||||||
containers:
|
|
||||||
- name: homepage
|
|
||||||
image: homepage
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /app/config
|
|
||||||
name: homepage-config
|
|
||||||
readOnly: true
|
|
||||||
- mountPath: /app/config/logs
|
|
||||||
name: logs
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: 256Mi
|
|
||||||
cpu: 100m
|
|
||||||
limits:
|
|
||||||
memory: 512Mi
|
|
||||||
cpu: 200m
|
|
||||||
- name: oauth2-proxy
|
|
||||||
image: oauth2-proxy
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: oauth2-proxy-base-config
|
|
||||||
- secretRef:
|
|
||||||
name: oauth2-proxy-secret-config
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
containerPort: 3001
|
|
||||||
protocol: TCP
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: 50Mi
|
|
||||||
cpu: 10m
|
|
||||||
limits:
|
|
||||||
memory: 100Mi
|
|
||||||
cpu: 20m
|
|
||||||
affinity:
|
|
||||||
nodeAffinity:
|
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- weight: 100
|
|
||||||
preference:
|
|
||||||
matchExpressions:
|
|
||||||
- key: kubernetes.io/arch
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- arm64
|
|
||||||
volumes:
|
|
||||||
- name: homepage-config
|
|
||||||
secret:
|
|
||||||
secretName: homepage-config
|
|
||||||
- name: logs
|
|
||||||
emptyDir: {}
|
|
|
@ -1,30 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: homepage
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: THE home page
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: homepage.png
|
|
||||||
gethomepage.dev/name: Homepage
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: "home.icb4dc0.de"
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: "/"
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: homepage
|
|
||||||
port:
|
|
||||||
number: 3000
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- "home.icb4dc0.de"
|
|
||||||
secretName: homepage-ingress-tls
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: homepage
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
secrets:
|
|
||||||
- name: homepage
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
type: kubernetes.io/service-account-token
|
|
||||||
metadata:
|
|
||||||
name: homepage
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/service-account.name: homepage
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: homepage
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
||||||
annotations: {}
|
|
||||||
spec:
|
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
|
||||||
- port: 3000
|
|
||||||
targetPort: http
|
|
||||||
protocol: TCP
|
|
||||||
name: http
|
|
||||||
selector:
|
|
||||||
app.kubernetes.io/name: homepage
|
|
|
@ -1,11 +0,0 @@
|
||||||
apiVersion: viaduct.ai/v1
|
|
||||||
kind: ksops
|
|
||||||
metadata:
|
|
||||||
# Specify a name
|
|
||||||
name: homepage-config-secret-generator
|
|
||||||
annotations:
|
|
||||||
config.kubernetes.io/function: |
|
|
||||||
exec:
|
|
||||||
path: ksops
|
|
||||||
files:
|
|
||||||
- ./resources/config.enc.yaml
|
|
|
@ -17,7 +17,7 @@ resources:
|
||||||
- "resources/namespace.yaml"
|
- "resources/namespace.yaml"
|
||||||
- "resources/deployment.yaml"
|
- "resources/deployment.yaml"
|
||||||
- "resources/service.yaml"
|
- "resources/service.yaml"
|
||||||
- "resources/ingress.yaml"
|
- "resources/http_routes.yaml"
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- ./secret-generator.yaml
|
- ./secret-generator.yaml
|
34
linkwarden/resources/http_routes.yaml
Normal file
34
linkwarden/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: linkwarden-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- links.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: linkwarden-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- links.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: linkwarden
|
||||||
|
port: 3000
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: linkwarden
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: Store links to find them later
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: linkwarden.png
|
|
||||||
gethomepage.dev/name: Linkwarden
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: links.icb4dc0.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: /
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: linkwarden
|
|
||||||
port:
|
|
||||||
number: 3000
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- links.icb4dc0.de
|
|
||||||
secretName: linkwarden-ingress-tls
|
|
|
@ -19,7 +19,7 @@ resources:
|
||||||
- resources/pvc.yaml
|
- resources/pvc.yaml
|
||||||
- resources/deployment.yaml
|
- resources/deployment.yaml
|
||||||
- resources/service.yaml
|
- resources/service.yaml
|
||||||
- resources/ingress.yaml
|
- resources/http_routes.yaml
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- ./secret-generator.yaml
|
- ./secret-generator.yaml
|
||||||
|
|
34
nocodb/resources/http_routes.yaml
Normal file
34
nocodb/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: nocodb-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- noco.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: nocodb-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- noco.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: nocodb
|
||||||
|
port: 8080
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: nocodb
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: Data workspace
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: nocodb.png
|
|
||||||
gethomepage.dev/name: NocoDB
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: noco.icb4dc0.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: /
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: nocodb
|
|
||||||
port:
|
|
||||||
number: 8080
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- noco.icb4dc0.de
|
|
||||||
secretName: nocodb-ingress-tls
|
|
|
@ -19,7 +19,7 @@ resources:
|
||||||
- "resources/pvc.yaml"
|
- "resources/pvc.yaml"
|
||||||
- "resources/deployment.yaml"
|
- "resources/deployment.yaml"
|
||||||
- "resources/service.yaml"
|
- "resources/service.yaml"
|
||||||
- "resources/ingress.yaml"
|
- "resources/http_routes.yaml"
|
||||||
|
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
|
|
34
vaultwarden/resources/http_routes.yaml
Normal file
34
vaultwarden/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: vaultwarden-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- pw.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: vaultwarden-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- pw.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: vaultwarden
|
||||||
|
port: 8080
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: vaultwarden
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: Safe haven for all your secrets
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: vaultwarden.png
|
|
||||||
gethomepage.dev/name: Vaultwarden
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: pw.icb4dc0.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: "/"
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: vaultwarden
|
|
||||||
port:
|
|
||||||
number: 8080
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- pw.icb4dc0.de
|
|
||||||
secretName: vaultwarden-ingress-tls
|
|
|
@ -24,7 +24,7 @@ resources:
|
||||||
- resources/api/service.yaml
|
- resources/api/service.yaml
|
||||||
- resources/ui/deployment.yaml
|
- resources/ui/deployment.yaml
|
||||||
- resources/ui/service.yaml
|
- resources/ui/service.yaml
|
||||||
- resources/ingress.yaml
|
- resources/http_routes.yaml
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- ./secret-generator.yaml
|
- ./secret-generator.yaml
|
||||||
|
|
45
vikunja/resources/http_routes.yaml
Normal file
45
vikunja/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: vikunja-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- todo.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: vikunja-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- todo.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- matches:
|
||||||
|
- path:
|
||||||
|
type: PathPrefix
|
||||||
|
value: /
|
||||||
|
backendRefs:
|
||||||
|
- name: vikunja-ui
|
||||||
|
port: 8080
|
||||||
|
- matches:
|
||||||
|
- path:
|
||||||
|
type: PathPrefix
|
||||||
|
value: /api/v1
|
||||||
|
backendRefs:
|
||||||
|
- name: vikunja-api
|
||||||
|
port: 3456
|
|
@ -1,35 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: vikunja
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: ToDos
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: vikunja.png
|
|
||||||
gethomepage.dev/name: Vikunja
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: todo.icb4dc0.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: /
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: vikunja-ui
|
|
||||||
port:
|
|
||||||
number: 8080
|
|
||||||
- pathType: Prefix
|
|
||||||
path: /api/v1
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: vikunja-api
|
|
||||||
port:
|
|
||||||
number: 3456
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- todo.icb4dc0.de
|
|
||||||
secretName: vikunja-ingress-tls
|
|
|
@ -18,7 +18,7 @@ resources:
|
||||||
- "resources/namespace.yaml"
|
- "resources/namespace.yaml"
|
||||||
- "resources/deployment.yaml"
|
- "resources/deployment.yaml"
|
||||||
- "resources/service.yaml"
|
- "resources/service.yaml"
|
||||||
- "resources/ingress.yaml"
|
- "resources/http_route.yaml"
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- ./secret-generator.yaml
|
- ./secret-generator.yaml
|
||||||
|
|
34
zipline/resources/http_route.yaml
Normal file
34
zipline/resources/http_route.yaml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: zipline-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- share.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: zipline-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- share.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: zipline
|
||||||
|
port: 3000
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: zipline
|
|
||||||
annotations:
|
|
||||||
gethomepage.dev/description: Sharing is caring
|
|
||||||
gethomepage.dev/enabled: "true"
|
|
||||||
gethomepage.dev/group: Apps
|
|
||||||
gethomepage.dev/icon: zipline.png
|
|
||||||
gethomepage.dev/name: Zipline
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: share.icb4dc0.de
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: /
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: zipline
|
|
||||||
port:
|
|
||||||
number: 3000
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- share.icb4dc0.de
|
|
||||||
secretName: zipline-ingress-tls
|
|
Loading…
Reference in a new issue