From ceca1f3bc95a495010440ddc75ce08452d2cd60a Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Thu, 21 Dec 2023 14:56:26 +0100 Subject: [PATCH] feat: add linkwarden --- coder/.gitignore | 1 + coder/config/secrets.enc.yml | 37 + coder/config/values.coder.yml | 63 + coder/kustomization.yaml | 19 + coder/resources/namespace.yaml | 7 + coder/secret-generator.yaml | 10 + dragonfly-operator/resources/deployment.yaml | 8 + hedgedoc/kustomization.yaml | 8 +- hedgedoc/resources/config.enc.yaml | 5 +- hedgedoc/resources/deployment.yaml | 26 +- homepage/kustomization.yaml | 8 +- linkwarden/config/secrets.enc.yaml | 48 + linkwarden/kustomization.yaml | 23 + linkwarden/resources/deployment.yaml | 80 + linkwarden/resources/ingress.yaml | 23 + linkwarden/resources/namespace.yaml | 7 + linkwarden/resources/service.yaml | 12 + linkwarden/secret-generator.yaml | 10 + postgres-operator/kustomization.yaml | 5 +- postgres-operator/resources/crd/pgadmins.yaml | 1532 +++++++++++++++++ .../resources/crd/pgupgrades.yaml | 4 +- .../resources/crd/postgresclusters.yaml | 4 +- .../resources/db/default-cluster.yaml | 7 +- postgres-operator/resources/manager.yaml | 12 +- postgres-operator/resources/rbac/role.yaml | 20 +- .../resources/rbac/role_binding.yaml | 3 +- vaultwarden/kustomization.yaml | 8 +- vaultwarden/resources/deployment.yaml | 10 + vikunja/kustomization.yaml | 8 +- zipline/kustomization.yaml | 8 +- 30 files changed, 1971 insertions(+), 45 deletions(-) create mode 100644 coder/.gitignore create mode 100644 coder/config/secrets.enc.yml create mode 100644 coder/config/values.coder.yml create mode 100644 coder/kustomization.yaml create mode 100644 coder/resources/namespace.yaml create mode 100644 coder/secret-generator.yaml create mode 100644 linkwarden/config/secrets.enc.yaml create mode 100644 linkwarden/kustomization.yaml create mode 100644 linkwarden/resources/deployment.yaml create mode 100644 linkwarden/resources/ingress.yaml create mode 100644 linkwarden/resources/namespace.yaml create mode 100644 linkwarden/resources/service.yaml create mode 100644 linkwarden/secret-generator.yaml create mode 100644 postgres-operator/resources/crd/pgadmins.yaml diff --git a/coder/.gitignore b/coder/.gitignore new file mode 100644 index 0000000..711a39c --- /dev/null +++ b/coder/.gitignore @@ -0,0 +1 @@ +charts/ \ No newline at end of file diff --git a/coder/config/secrets.enc.yml b/coder/config/secrets.enc.yml new file mode 100644 index 0000000..cf4e71f --- /dev/null +++ b/coder/config/secrets.enc.yml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: coder-secrets +type: Opaque +stringData: + OIDC_CLIENT_ID: ENC[AES256_GCM,data:4KD0RPoRdY23wwkwqoXFloAl3VHQsaVJq46psw/tybCic+g6,iv:LQuY/nTVbD8J62Ia4QNRPQq+mP2BX5cOufIOpaqdjHk=,tag:2hB0sZ6fG/Mdi/Mxi123yw==,type:str] + OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:8F2gjA8bMyh+g/MPppOtO8pGSvvjoNse2jPAYcH2vyfXNRNR2hn3OF56OkqAQUDgKh3mOMMIlOA=,iv:MSpf7TueXeJ9bJ9gMJAR7m97sbe/GG0GhIsDKOS8U5g=,tag:dJwpuxdG2tjEGSkoynstrg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNllWNkJSdm8rblRWQWY0 + U05Bdkw4OUlhTmZTY2VPOXp3UStKMTZpTGpRCmlxRVFlREtuSG85Zk4vb2lIZm1H + SG9hTjc5bmppS0ZWNDVkajBHY2FlcnMKLS0tIGVPQTVHTktPbGVORys4Vk9pdEZp + ZnhvczRaK09YL0crK0hwYUllZXErSk0K23F5ItL9qHYbuNVuWGzpgaXMN5LNwc+n + LAtAoDwhsNhxNFTU+164rtjwHQ+NMp/xNIHiWMeOBz8zSkqCDAhxJg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaU5ldHg2RjVqdUQxMysv + d05jaEFsMXF6QXNlZ2I0SjhGb2pEeHl2WXh3CmtZcG1WZXY3SnBBTTU2cFh6Z1Vo + RGd1OGt1cUhXc2VoUmJJaHJhRlQ1QVUKLS0tIEhscmZWU3Y2UFI2UVorbXVoQ2Yz + VElCdDBrcEt0amlJUmlldENtSjYyczQK8BueJyu/9pJSqa3eYT/bW705O+Wzd6OF + +COLZ8HmD6RFy6K+1uqRqy8ETfSqsaNC06ZdBtH3VKNPOk0ayAuWeg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-21T13:40:45Z" + mac: ENC[AES256_GCM,data:nxoSscCX6drScTysPpdPCwNBpJ7IFjIHEDsoVtsMaC2XufxBHNs5iZLv0vc/QfPK4xTRuEjWxhpFq/XiqTkcArpj/19PopKawa9JAKwSjK+9h83rvhK2r0j8QUmKpx9CfRS4uR2e/u2SCLyGtoAFsZD/nwQYFh3o3y0GfpCz3FE=,iv:V/j4zOf2D9SFSJsr7v8/IM8Sor+pJDL520vXSQUwW6w=,tag:lvNKkyw51qVM/j0WB987JA==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/coder/config/values.coder.yml b/coder/config/values.coder.yml new file mode 100644 index 0000000..a443714 --- /dev/null +++ b/coder/config/values.coder.yml @@ -0,0 +1,63 @@ +--- +coder: + ingress: + enable: true + host: ide.icb4dc0.de + wildcardHost: "*.ide.icb4dc0.de" + annotations: + gethomepage.dev/description: Remote IDE + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: coder.png + gethomepage.dev/name: Coder + env: + - name: CODER_WILDCARD_ACCESS_URL + value: '*.ide.icb4dc0.de' + - name: CODER_ACCESS_URL + value: "https://ide.icb4dc0.de" + - name: CODER_PG_CONNECTION_URL + valueFrom: + secretKeyRef: + name: default-cluster-pguser-coder + key: uri + - name: CODER_DISABLE_PASSWORD_AUTH + value: "true" + - name: CODER_OIDC_ISSUER_URL + value: "https://code.icb4dc0.de/" + - name: CODER_OIDC_SIGN_IN_TEXT + value: "Sign in with Gitea" + - name: CODER_OIDC_ICON_URL + value: https://gitea.io/images/gitea.png + - name: CODER_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: coder-secrets + key: OIDC_CLIENT_ID + - name: CODER_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: coder-secrets + key: OIDC_CLIENT_SECRET + - name: CODER_GITAUTH_0_ID + value: primary-forgejo + - name: CODER_GITAUTH_0_TYPE + value: gitlab + - name: CODER_GITAUTH_0_AUTH_URL + value: https://code.icb4dc0.de/login/oauth/authorize + - name: CODER_GITAUTH_0_TOKEN_URL + value: https://code.icb4dc0.de/login/oauth/access_token + - name: CODER_GITAUTH_0_VALIDATE_URL + value: https://code.icb4dc0.de/login/oauth/userinfo + - name: CODER_GITAUTH_0_CLIENT_ID + valueFrom: + secretKeyRef: + name: coder-secrets + key: OIDC_CLIENT_ID + - name: CODER_GITAUTH_0_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: coder-secrets + key: OIDC_CLIENT_SECRET + + service: + type: ClusterIP \ No newline at end of file diff --git a/coder/kustomization.yaml b/coder/kustomization.yaml new file mode 100644 index 0000000..2bee5db --- /dev/null +++ b/coder/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: coder + +resources: + - "resources/namespace.yaml" + +helmCharts: + - name: coder + repo: https://helm.coder.com/v2 + releaseName: coder + namespace: coder + version: "2.5.1" + valuesFile: config/values.coder.yml + skipTests: true + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/coder/resources/namespace.yaml b/coder/resources/namespace.yaml new file mode 100644 index 0000000..4259872 --- /dev/null +++ b/coder/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: coder + labels: + prometheus: default \ No newline at end of file diff --git a/coder/secret-generator.yaml b/coder/secret-generator.yaml new file mode 100644 index 0000000..9c11746 --- /dev/null +++ b/coder/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: coder-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./config/secrets.enc.yml \ No newline at end of file diff --git a/dragonfly-operator/resources/deployment.yaml b/dragonfly-operator/resources/deployment.yaml index 7ba5bc9..9d98158 100644 --- a/dragonfly-operator/resources/deployment.yaml +++ b/dragonfly-operator/resources/deployment.yaml @@ -26,6 +26,14 @@ spec: spec: affinity: nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: diff --git a/hedgedoc/kustomization.yaml b/hedgedoc/kustomization.yaml index 11f996e..facc008 100644 --- a/hedgedoc/kustomization.yaml +++ b/hedgedoc/kustomization.yaml @@ -8,9 +8,11 @@ images: newName: quay.io/hedgedoc/hedgedoc newTag: "1.9.9" -commonLabels: - app.kubernetes.io/instance: icb4dc0de - app.kubernetes.io/managed-by: kustomize +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize resources: - "resources/namespace.yaml" diff --git a/hedgedoc/resources/config.enc.yaml b/hedgedoc/resources/config.enc.yaml index ac1bce8..8dac50e 100644 --- a/hedgedoc/resources/config.enc.yaml +++ b/hedgedoc/resources/config.enc.yaml @@ -4,7 +4,6 @@ metadata: name: hedgedoc-secret-config type: Opaque stringData: - CMD_DB_URL: ENC[AES256_GCM,data:4nqueG0hIb5fPQbPJll+keWZVODpFxBUhVkeHTKJ2/J8Kpj8DMuU41HLQ1+iGFiUtEdv2LPvbgDOeXT4UR3zjDdGL96SpKbLQIKQlNjPWNfUXeHASkiIiMHh9Y7z3d/s2coopzk9ULTHs5XIMywCUoY8DX4=,iv:drx1hQdbsLbPSojSL79TFop1wni2KxNPJ+KwlOL9WQo=,tag:4JbriWueqRye/n3rnBpSkw==,type:str] CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:VqudURssSgmCDVhCRjak2TDG10pwvCNfi0w9FlEh4SI=,iv:VGavO528JfqsUVyvWSAlWkMTXJAmLUablaGZ3VCEtq8=,tag:unvEa2k/9AzfVMEnhCDB1Q==,type:str] CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:/iQq6wnoH/WwEzApap6szpr7z+KZJ+twcuINgqtbHOMDXeVz9Yi7cjC0hGlqQHZTCO4jR5gp+OwdIkzRk0zDsw==,iv:1OHm8K3AA340q0xkNCF3RsPpcpKmUE5Yibu+IWIZ7+E=,tag:cB/pckdoEZQlzlRVWoYKmA==,type:str] CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str] @@ -34,8 +33,8 @@ sops: ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-08T19:19:28Z" - mac: ENC[AES256_GCM,data:mG1SOLX1AFuPuJ3v8o12ofU+rHD/Iwwp3xFfIoayHp+K/w8btnwZ1rrbzZLRwZfR2nnxF9Rn4UZ2d1v6B9z2Dlz/p4EDc2pDyyhgWFCoJgf1J3w7Gj7b1C9ukoGrxcQ0RaZjhhZrU0XjN5EyfTgxcl1e5UahOrHVUu5OMBukkKg=,iv:2M5gtUdMpsYmLZkuaWXoHGGKPM9pvXwEpqqRjhSN8yo=,tag:ORpppvL5KKXRVgIwAoTOCw==,type:str] + lastmodified: "2023-12-20T20:40:53Z" + mac: ENC[AES256_GCM,data:DcoiksdfIUl5cCC8mSbzAUO9lWTeotr/UNMwIa+Z7aq9s4tzVn3YBbAPh5by5U7PVqAPkutoBjUk1IXCqWykkGXw/k9n7mAZn5AiCweLNY/d0gmKTpCUsGqaTg8gH7gQJy6+TNGxnq+Wm4GQNHAduYMJXS4/UdJcIAAc/id4JXo=,iv:+OYzaUHdJN4daTrAg561LxS0i6lozZ+OylhxubZplYc=,tag:7gElSJeGIaqXzjYTe9OTZQ==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1 diff --git a/hedgedoc/resources/deployment.yaml b/hedgedoc/resources/deployment.yaml index b52c4fc..f1eed14 100644 --- a/hedgedoc/resources/deployment.yaml +++ b/hedgedoc/resources/deployment.yaml @@ -15,6 +15,14 @@ spec: containers: - name: hedgedoc image: hedgedoc + env: + - name: CMD_DB_URL + valueFrom: + secretKeyRef: + name: default-cluster-pguser-hedgedoc + key: uri + - name: NODE_EXTRA_CA_CERTS + value: /certs/ca.crt envFrom: - secretRef: name: hedgedoc-base-config @@ -27,6 +35,9 @@ spec: volumeMounts: - name: upload-tmp mountPath: /tmp + - name: pg-certs + mountPath: /certs + readOnly: true resources: requests: memory: "168Mi" @@ -44,7 +55,20 @@ spec: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 volumes: - name: upload-tmp emptyDir: - sizeLimit: 500Mi \ No newline at end of file + sizeLimit: 500Mi + - name: pg-certs + secret: + secretName: default-cluster-cluster-cert \ No newline at end of file diff --git a/homepage/kustomization.yaml b/homepage/kustomization.yaml index d6e1ad8..cd81dd3 100644 --- a/homepage/kustomization.yaml +++ b/homepage/kustomization.yaml @@ -11,9 +11,11 @@ images: newName: quay.io/oauth2-proxy/oauth2-proxy newTag: v7.5.1 -commonLabels: - app.kubernetes.io/instance: icb4dc0de - app.kubernetes.io/managed-by: kustomize +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize resources: - "resources/namespace.yaml" diff --git a/linkwarden/config/secrets.enc.yaml b/linkwarden/config/secrets.enc.yaml new file mode 100644 index 0000000..8fe47a9 --- /dev/null +++ b/linkwarden/config/secrets.enc.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Secret +metadata: + name: linkwarden-config +type: Opaque +stringData: + NEXTAUTH_SECRET: ENC[AES256_GCM,data:qljN/QafFYQwk9tZzfUom864wmLBkOA6sZLezygCqpmTPxo6T7VWP2Z6hoI=,iv:HZHCtzraMHTaTjlTRdSs0T6gaREUVWwg4tst7lGgWjs=,tag:g4WXVJ4zcoH8HcPBprkiiA==,type:str] + NEXTAUTH_URL: ENC[AES256_GCM,data:WqEQhQHOgitq66YKbF0SV4iox3rb0713TATzZE+iNxEccm27,iv:urUC/cmks3renR3kkGpw8hHYwVrwz5JXf7QXXQq2ElA=,tag:Vucguui87xJWGCT+M1SaZw==,type:str] + NEXT_PUBLIC_DISABLE_REGISTRATION: ENC[AES256_GCM,data:r7mA+g==,iv:hTpGulLYK10DoCAYc3Hp6BlKQBeKHkV3A6BUJku9ZjQ=,tag:5gpMkBYkySIO8RGG4dzaew==,type:str] + SPACES_KEY: ENC[AES256_GCM,data:BF1RGNTId/gzEATiHqI4DwAeSSz0QBk1MVtQCs91K84=,iv:4jKC+G/c8MZ/kNyt9n6Hn7YvSYNWegTEzcQ9Z63i6U4=,tag:05l1AVPhFN4H53b5/FM4fw==,type:str] + SPACES_SECRET: ENC[AES256_GCM,data:UwWvKzmHsLE4y1+yeZEjP+swVO5+Ss/Dj8YJz/V1xq9sbvI4dyswuUeOJ6xzl4fbPUYW4gMCELhLBYz4s6eOZw==,iv:fvt2J66VPFMY4bLn+18rpxOPFRJi2ynikfQGNSn0PoY=,tag:F4XGCCJq+1uvl1LdBBES1A==,type:str] + SPACES_ENDPOINT: ENC[AES256_GCM,data:9V9UgB1YgSqyXQO6VogyDHTRpS++OmDvWdGYEoaAoSHrBMhrDq2YW7mCLSNA8HOpFCLWN5AF9FqbsjA/dB/7Gio=,iv:S3Js7k/hoLJeDIbZWPdPlupdNKaupAaqFoWWiFgHs7Q=,tag:5deMT1/t78VOduFs5pTuxA==,type:str] + SPACES_BUCKET_NAME: ENC[AES256_GCM,data:/T9L2eHlrpX74w==,iv:pGzRxFLGYOEf8LeuzOrc7GVTHQ9lbp4YjFWSS03OQNM=,tag:S6iWpQANHebGAK+7lhAqwg==,type:str] + SPACES_REGION: ENC[AES256_GCM,data:kP0CGw==,iv:bniAW1+xg7y1qnSqh9qAUM1LG1geVs7AIvbqn+fH/CU=,tag:GyWNCgK8PSJWnUOfDg3X+w==,type:str] + SPACES_FORCE_PATH_STYLE: ENC[AES256_GCM,data:JSXD7Q==,iv:JMbqKZO4SdYBglZySpDY56vTiCKDCeBlRjKD4uwFQOg=,tag:6gsT1+BWbGA1Ce05iaK/1Q==,type:str] + NEXT_PUBLIC_KEYCLOAK_ENABLED: ENC[AES256_GCM,data:5ePOxQ==,iv:B3Xv/z0Bcv4u2nzNQSHFZGQeuAw6kkZIi4V2gkkGesk=,tag:ZLzKaf55W1DXzXhQ0NRPWQ==,type:str] + KEYCLOAK_ISSUER: ENC[AES256_GCM,data:I710NmdNMWyheJD5i+zXgV8I3LCa9dc=,iv:17dX+n20fkq+m98i47WeKeJ+f5l+rg9oq08/Ki8hmg8=,tag:5HdizFf2WM2X9X/rMsZH9Q==,type:str] + KEYCLOAK_CLIENT_ID: ENC[AES256_GCM,data:aUrLGjG5Pt6yAdI1sGMS7qmDg70oiUMciLAwfpNsyscMv9nk,iv:29JZfzF8sPmIvyWPw+VjzgTRJr+aSjDN6IGZmt7JFYM=,tag:pX6w2++QHwED/46njtM/Qg==,type:str] + KEYCLOAK_CLIENT_SECRET: ENC[AES256_GCM,data:yrz8bwNmEvjl0zeul2EfcyBrvp1VhDJYIVA/2ttIvEVuvB9M0XzOAtV/KHxZXv544mQ+/HsORMY=,iv:GL0vMgvm5zIfV4+zWUmAnTv7FTJvF0jQzfoxqFMB0ho=,tag:jzwQYN2sB6EoS/owF0wNMg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkb2dXQkVHOW9aVGozUkVG + QTkyWVBkQ1F4MVVmN0Z2ZGhUVi9oR1puYWpZCm5xcXM1VU9pOE5iR1VUQmZOQlBq + V2N0ZG5mWGJMTW43V3ZDWUJhQ2RwVUkKLS0tIDYvSkpQQnkyb2ZvOGwxcXM3ZUVh + NnkwcUJna1FSTXpMY1RxS05TV2lCWEUK63y4d4TS0JWdNPy2DCFsrnPVoWF3HaF2 + hMFBIt7bKNrEMChwJ0IWCtCS4EoatYKrFSwuIQHBGPiDgQuHij90Rg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUZFaXFCbFVoVEVNS3hP + bmt0YXJhbk9BUDdkT1M1N0h0UXZ3V0dCOEVjCkQ5Wmt6VjMwNTZmUGk2Z0srU2lo + OU8waDhDMHE3SDRaOUNxc2pZallnd0UKLS0tIHNkOEhudkR4SmVhRGd1VStQLzBZ + aVVYZ3JDSDhKdFZZZXdycnUyTml0VXcKTg087ZASI5RraNAD8rnHa5OUaYEdRte/ + OyVbfwvYm79jQipgTwoctCmVuL8lMjnoKuDZnMT6UEgV6ziHKrqIZw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-21T12:25:42Z" + mac: ENC[AES256_GCM,data:U2rRu3TPyXjt2YnR7cQrsRYvWS41zgDonqglfJPnnrSegoe/JmNn2jIU6iljJEruGmhxNGxh1KE8KHn2mJ2M6GWJ0TMW6JBiQ0Yl6UXBYAnMrw5FYfIThtB8gxvEUtoQ8fES9jCyqneHE5DWe0kbdMqaU9uf/G4nwUMAyWdVAdA=,iv:AejpeLY6pooJ4MOIbXjSAr9d6JjFx7FTkygs8Jy91Ug=,tag:7/RNNFY5ZhkxJ88bL4v55Q==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/linkwarden/kustomization.yaml b/linkwarden/kustomization.yaml new file mode 100644 index 0000000..96f8db5 --- /dev/null +++ b/linkwarden/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: linkwarden + +labels: +- pairs: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +images: + - name: linkwarden + newName: ghcr.io/linkwarden/linkwarden + newTag: "v2.3.0" + +resources: + - "resources/namespace.yaml" + - "resources/deployment.yaml" + - "resources/service.yaml" + - "resources/ingress.yaml" + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/linkwarden/resources/deployment.yaml b/linkwarden/resources/deployment.yaml new file mode 100644 index 0000000..e390132 --- /dev/null +++ b/linkwarden/resources/deployment.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: linkwarden + labels: + app.kubernetes.io/name: linkwarden +spec: + selector: + matchLabels: + app.kubernetes.io/name: linkwarden + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: linkwarden + spec: + initContainers: + - name: install-packages + image: linkwarden + command: ["/bin/bash", "-c", "npx playwright install"] + volumeMounts: + - name: node-cache + mountPath: /home/node/.cache + containers: + - name: linkwarden + image: linkwarden + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: default-cluster-pguser-linkwarden + key: uri + envFrom: + - secretRef: + name: linkwarden-config + ports: + - containerPort: 3000 + protocol: TCP + name: web + volumeMounts: + - name: next-cache + mountPath: /data/.next/cache + - name: node-cache + mountPath: /home/node/.cache + resources: + requests: + memory: "384Mi" + cpu: "50m" + limits: + memory: "768Mi" + cpu: "500m" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true + volumes: + - name: next-cache + emptyDir: + sizeLimit: 250Mi + - name: node-cache + emptyDir: + sizeLimit: 1500Mi \ No newline at end of file diff --git a/linkwarden/resources/ingress.yaml b/linkwarden/resources/ingress.yaml new file mode 100644 index 0000000..0299751 --- /dev/null +++ b/linkwarden/resources/ingress.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: linkwarden + annotations: + gethomepage.dev/description: Store links to find them later + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: linkwarden.png + gethomepage.dev/name: Linkwarden +spec: + rules: + - host: links.icb4dc0.de + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: linkwarden + port: + number: 3000 \ No newline at end of file diff --git a/linkwarden/resources/namespace.yaml b/linkwarden/resources/namespace.yaml new file mode 100644 index 0000000..ec300fb --- /dev/null +++ b/linkwarden/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: linkwarden + labels: + prometheus: default \ No newline at end of file diff --git a/linkwarden/resources/service.yaml b/linkwarden/resources/service.yaml new file mode 100644 index 0000000..c5c7466 --- /dev/null +++ b/linkwarden/resources/service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: linkwarden +spec: + selector: + app.kubernetes.io/name: linkwarden + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 \ No newline at end of file diff --git a/linkwarden/secret-generator.yaml b/linkwarden/secret-generator.yaml new file mode 100644 index 0000000..cdfd1ab --- /dev/null +++ b/linkwarden/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: linkwarden-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./config/secrets.enc.yaml \ No newline at end of file diff --git a/postgres-operator/kustomization.yaml b/postgres-operator/kustomization.yaml index 2200e73..17fe243 100644 --- a/postgres-operator/kustomization.yaml +++ b/postgres-operator/kustomization.yaml @@ -6,18 +6,19 @@ labels: pairs: app.kubernetes.io/name: pgo # The version below should match the version on the PostgresCluster CRD - app.kubernetes.io/version: 5.4.3 + app.kubernetes.io/version: 5.5.0 postgres-operator.crunchydata.com/control-plane: postgres-operator images: - name: postgres-operator newName: registry.developers.crunchydata.com/crunchydata/postgres-operator - newTag: ubi8-5.4.3-0 + newTag: ubi8-5.5.0-0 resources: - resources/namespace.yaml - resources/crd/postgresclusters.yaml - resources/crd/pgupgrades.yaml + - resources/crd/pgadmins.yaml - resources/rbac/service_account.yaml - resources/rbac/role.yaml - resources/rbac/role_binding.yaml diff --git a/postgres-operator/resources/crd/pgadmins.yaml b/postgres-operator/resources/crd/pgadmins.yaml new file mode 100644 index 0000000..1abbaa9 --- /dev/null +++ b/postgres-operator/resources/crd/pgadmins.yaml @@ -0,0 +1,1532 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + labels: + app.kubernetes.io/name: pgo + app.kubernetes.io/version: 5.5.0 + name: pgadmins.postgres-operator.crunchydata.com +spec: + group: postgres-operator.crunchydata.com + names: + kind: PGAdmin + listKind: PGAdminList + plural: pgadmins + singular: pgadmin + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: PGAdmin is the Schema for the pgadmins API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PGAdminSpec defines the desired state of PGAdmin + properties: + affinity: + description: 'Scheduling constraints of the PGAdmin pod. More info: + https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + config: + description: Configuration settings for the pgAdmin process. Changes + to any of these values will be loaded without validation. Be careful, + as you may put pgAdmin into an unusable state. + properties: + files: + description: Files allows the user to mount projected volumes + into the pgAdmin container so that files can be referenced by + pgAdmin as needed. + items: + description: Projection that may be projected along with other + supported volume types + properties: + configMap: + description: configMap information about the configMap data + to project + properties: + items: + description: items if unspecified, each key-value pair + in the Data field of the referenced ConfigMap will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If a + key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal values + for mode bits. If not specified, the volume + defaultMode will be used. This might be in conflict + with other options that affect the file mode, + like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data to + project + properties: + items: + description: items if unspecified, each key-value pair + in the Data field of the referenced Secret will be + projected into the volume as a file whose name is + the key and content is the value. If specified, the + listed keys will be projected into the specified paths, + and unlisted keys will not be present. If a key is + specified which is not present in the Secret, the + volume setup will error unless it is marked optional. + Paths must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal values + for mode bits. If not specified, the volume + defaultMode will be used. This might be in conflict + with other options that affect the file mode, + like fsGroup, and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: optional field specify whether the Secret + or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken is information about the + serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience of the + token. A recipient of a token must identify itself + with an identifier specified in the audience of the + token, and otherwise should reject the token. The + audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested duration + of validity of the service account token. As the token + approaches expiration, the kubelet volume plugin will + proactively rotate the service account token. The + kubelet will start trying to rotate the token if the + token is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults to + 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + ldapBindPassword: + description: 'A Secret containing the value for the LDAP_BIND_PASSWORD + setting. More info: https://www.pgadmin.org/docs/pgadmin4/latest/ldap.html' + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + settings: + description: 'Settings for the pgAdmin server process. Keys should + be uppercase and values must be constants. More info: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html' + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + dataVolumeClaimSpec: + description: 'Defines a PersistentVolumeClaim for pgAdmin data. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes' + properties: + accessModes: + description: 'accessModes contains the desired access modes the + volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified + data source. If the AnyVolumeDataSource feature gate is enabled, + this field will always have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object from which to + populate the volume with data, if a non-empty volume is desired. + This may be any local object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator + or dynamic provisioner. This field will replace the functionality + of the DataSource field and as such if both fields are non-empty, + they must have the same value. For backwards compatibility, + both fields (DataSource and DataSourceRef) will be set to the + same value automatically if one of them is empty and the other + is non-empty. There are two important differences between DataSource + and DataSourceRef: * While DataSource only allows two specific + types of objects, DataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. * While DataSource + ignores disallowed values (dropping them), DataSourceRef preserves + all values, and generates an error if a disallowed value is + specified. (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources the volume + should have. If RecoverVolumeExpansionFailure feature is enabled + users are allowed to specify resource requirements that are + lower than previous value but must still be higher than capacity + recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + image: + description: The image name to use for pgAdmin instance. + type: string + imagePullPolicy: + description: 'ImagePullPolicy is used to determine when Kubernetes + will attempt to pull (download) container images. More info: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy' + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: The image pull secrets used to pull from a private registry. + Changing this value causes all running PGAdmin pods to restart. + https://k8s.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + type: array + metadata: + description: Metadata contains metadata for custom resources + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + priorityClassName: + description: 'Priority class name for the PGAdmin pod. Changing this + value causes PGAdmin pod to restart. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/' + type: string + resources: + description: Resource requirements for the PGAdmin container. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serverGroups: + description: ServerGroups for importing PostgresClusters to pgAdmin. + To create a pgAdmin with no selectors, leave this field empty. A + pgAdmin created with no `ServerGroups` will not automatically add + any servers through discovery. PostgresClusters can still be added + manually. + items: + properties: + name: + description: The name for the ServerGroup in pgAdmin. Must be + unique in the pgAdmin's ServerGroups since it becomes the + ServerGroup name in pgAdmin. + type: string + postgresClusterSelector: + description: PostgresClusterSelector selects clusters to dynamically + add to pgAdmin by matching labels. An empty selector like + `{}` will select ALL clusters in the namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + required: + - name + - postgresClusterSelector + type: object + type: array + tolerations: + description: 'Tolerations of the PGAdmin pod. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration' + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + required: + - dataVolumeClaimSpec + type: object + status: + description: PGAdminStatus defines the observed state of PGAdmin + properties: + conditions: + description: 'conditions represent the observations of pgadmin''s + current state. Known .status.conditions.type are: "PersistentVolumeResizing", + "Progressing", "ProxyAvailable"' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration represents the .metadata.generation + on which the status was based. + format: int64 + minimum: 0 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} \ No newline at end of file diff --git a/postgres-operator/resources/crd/pgupgrades.yaml b/postgres-operator/resources/crd/pgupgrades.yaml index 820bacc..cbe5a5e 100644 --- a/postgres-operator/resources/crd/pgupgrades.yaml +++ b/postgres-operator/resources/crd/pgupgrades.yaml @@ -6,7 +6,7 @@ metadata: creationTimestamp: null labels: app.kubernetes.io/name: pgo - app.kubernetes.io/version: 5.4.3 + app.kubernetes.io/version: 5.5.0 name: pgupgrades.postgres-operator.crunchydata.com spec: group: postgres-operator.crunchydata.com @@ -1072,4 +1072,4 @@ spec: served: true storage: true subresources: - status: {} + status: {} \ No newline at end of file diff --git a/postgres-operator/resources/crd/postgresclusters.yaml b/postgres-operator/resources/crd/postgresclusters.yaml index 07f8d0c..ddd7a66 100644 --- a/postgres-operator/resources/crd/postgresclusters.yaml +++ b/postgres-operator/resources/crd/postgresclusters.yaml @@ -6,7 +6,7 @@ metadata: creationTimestamp: null labels: app.kubernetes.io/name: pgo - app.kubernetes.io/version: 5.4.3 + app.kubernetes.io/version: 5.5.0 name: postgresclusters.postgres-operator.crunchydata.com spec: group: postgres-operator.crunchydata.com @@ -15462,4 +15462,4 @@ spec: served: true storage: true subresources: - status: {} + status: {} \ No newline at end of file diff --git a/postgres-operator/resources/db/default-cluster.yaml b/postgres-operator/resources/db/default-cluster.yaml index 70b6997..4011975 100644 --- a/postgres-operator/resources/db/default-cluster.yaml +++ b/postgres-operator/resources/db/default-cluster.yaml @@ -5,7 +5,7 @@ metadata: name: default-cluster namespace: postgres spec: - image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1 + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.5-0 postgresVersion: 15 users: - name: postgres @@ -27,6 +27,9 @@ spec: - name: hedgedoc databases: - hedgedoc + - name: linkwarden + databases: + - linkwarden - name: nextcloud databases: - nextcloud @@ -65,7 +68,7 @@ spec: backups: pgbackrest: - image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1 + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-2 configuration: - secret: name: pgo-s3-creds diff --git a/postgres-operator/resources/manager.yaml b/postgres-operator/resources/manager.yaml index c8249d3..309f00c 100644 --- a/postgres-operator/resources/manager.yaml +++ b/postgres-operator/resources/manager.yaml @@ -60,4 +60,14 @@ spec: capabilities: { drop: [ALL] } readOnlyRootFilesystem: true runAsNonRoot: true - serviceAccountName: pgo \ No newline at end of file + serviceAccountName: pgo + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 \ No newline at end of file diff --git a/postgres-operator/resources/rbac/role.yaml b/postgres-operator/resources/rbac/role.yaml index 12886ee..60138ee 100644 --- a/postgres-operator/resources/rbac/role.yaml +++ b/postgres-operator/resources/rbac/role.yaml @@ -102,6 +102,7 @@ rules: - apiGroups: - postgres-operator.crunchydata.com resources: + - pgadmins - pgupgrades verbs: - get @@ -110,18 +111,19 @@ rules: - apiGroups: - postgres-operator.crunchydata.com resources: + - pgadmins/finalizers - pgupgrades/finalizers + - postgresclusters/finalizers verbs: - - patch - update - apiGroups: - postgres-operator.crunchydata.com resources: + - pgadmins/status - pgupgrades/status + - postgresclusters/status verbs: - - get - patch - - watch - apiGroups: - postgres-operator.crunchydata.com resources: @@ -131,18 +133,6 @@ rules: - list - patch - watch -- apiGroups: - - postgres-operator.crunchydata.com - resources: - - postgresclusters/finalizers - verbs: - - update -- apiGroups: - - postgres-operator.crunchydata.com - resources: - - postgresclusters/status - verbs: - - patch - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/postgres-operator/resources/rbac/role_binding.yaml b/postgres-operator/resources/rbac/role_binding.yaml index 2d515c4..1503ee9 100644 --- a/postgres-operator/resources/rbac/role_binding.yaml +++ b/postgres-operator/resources/rbac/role_binding.yaml @@ -11,5 +11,4 @@ roleRef: name: postgres-operator subjects: - kind: ServiceAccount - name: pgo - namespace: postgres-system \ No newline at end of file + name: pgo \ No newline at end of file diff --git a/vaultwarden/kustomization.yaml b/vaultwarden/kustomization.yaml index 4a92a0e..275f3d9 100644 --- a/vaultwarden/kustomization.yaml +++ b/vaultwarden/kustomization.yaml @@ -3,9 +3,11 @@ kind: Kustomization namespace: vaultwarden -commonLabels: - app.kubernetes.io/instance: icb4dc0de - app.kubernetes.io/managed-by: kustomize +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize images: - name: vaultwarden diff --git a/vaultwarden/resources/deployment.yaml b/vaultwarden/resources/deployment.yaml index 1e5687c..d7f922b 100644 --- a/vaultwarden/resources/deployment.yaml +++ b/vaultwarden/resources/deployment.yaml @@ -35,6 +35,16 @@ spec: volumeMounts: - name: data mountPath: /data + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 volumes: - name: data persistentVolumeClaim: diff --git a/vikunja/kustomization.yaml b/vikunja/kustomization.yaml index 9fb99b5..c060033 100644 --- a/vikunja/kustomization.yaml +++ b/vikunja/kustomization.yaml @@ -11,9 +11,11 @@ images: newName: docker.io/vikunja/frontend newTag: "0.21.0" -commonLabels: - app.kubernetes.io/instance: icb4dc0de - app.kubernetes.io/managed-by: kustomize +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize resources: - resources/namespace.yaml diff --git a/zipline/kustomization.yaml b/zipline/kustomization.yaml index f151cbc..4b06f5b 100644 --- a/zipline/kustomization.yaml +++ b/zipline/kustomization.yaml @@ -8,9 +8,11 @@ images: newName: ghcr.io/diced/zipline newTag: "3.7.7" -commonLabels: - app.kubernetes.io/instance: icb4dc0de - app.kubernetes.io/managed-by: kustomize +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize resources: - "resources/namespace.yaml"