feat: add linkwarden
All checks were successful
Renovate / renovate (push) Successful in 16s

This commit is contained in:
Peter 2023-12-21 14:56:26 +01:00
parent ac0f1f7dc9
commit ceca1f3bc9
Signed by: prskr
GPG key ID: F56BED6903BC5E37
30 changed files with 1971 additions and 45 deletions

1
coder/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
charts/

View file

@ -0,0 +1,37 @@
apiVersion: v1
kind: Secret
metadata:
name: coder-secrets
type: Opaque
stringData:
OIDC_CLIENT_ID: ENC[AES256_GCM,data:4KD0RPoRdY23wwkwqoXFloAl3VHQsaVJq46psw/tybCic+g6,iv:LQuY/nTVbD8J62Ia4QNRPQq+mP2BX5cOufIOpaqdjHk=,tag:2hB0sZ6fG/Mdi/Mxi123yw==,type:str]
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:8F2gjA8bMyh+g/MPppOtO8pGSvvjoNse2jPAYcH2vyfXNRNR2hn3OF56OkqAQUDgKh3mOMMIlOA=,iv:MSpf7TueXeJ9bJ9gMJAR7m97sbe/GG0GhIsDKOS8U5g=,tag:dJwpuxdG2tjEGSkoynstrg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNllWNkJSdm8rblRWQWY0
U05Bdkw4OUlhTmZTY2VPOXp3UStKMTZpTGpRCmlxRVFlREtuSG85Zk4vb2lIZm1H
SG9hTjc5bmppS0ZWNDVkajBHY2FlcnMKLS0tIGVPQTVHTktPbGVORys4Vk9pdEZp
ZnhvczRaK09YL0crK0hwYUllZXErSk0K23F5ItL9qHYbuNVuWGzpgaXMN5LNwc+n
LAtAoDwhsNhxNFTU+164rtjwHQ+NMp/xNIHiWMeOBz8zSkqCDAhxJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaU5ldHg2RjVqdUQxMysv
d05jaEFsMXF6QXNlZ2I0SjhGb2pEeHl2WXh3CmtZcG1WZXY3SnBBTTU2cFh6Z1Vo
RGd1OGt1cUhXc2VoUmJJaHJhRlQ1QVUKLS0tIEhscmZWU3Y2UFI2UVorbXVoQ2Yz
VElCdDBrcEt0amlJUmlldENtSjYyczQK8BueJyu/9pJSqa3eYT/bW705O+Wzd6OF
+COLZ8HmD6RFy6K+1uqRqy8ETfSqsaNC06ZdBtH3VKNPOk0ayAuWeg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-21T13:40:45Z"
mac: ENC[AES256_GCM,data:nxoSscCX6drScTysPpdPCwNBpJ7IFjIHEDsoVtsMaC2XufxBHNs5iZLv0vc/QfPK4xTRuEjWxhpFq/XiqTkcArpj/19PopKawa9JAKwSjK+9h83rvhK2r0j8QUmKpx9CfRS4uR2e/u2SCLyGtoAFsZD/nwQYFh3o3y0GfpCz3FE=,iv:V/j4zOf2D9SFSJsr7v8/IM8Sor+pJDL520vXSQUwW6w=,tag:lvNKkyw51qVM/j0WB987JA==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View file

@ -0,0 +1,63 @@
---
coder:
ingress:
enable: true
host: ide.icb4dc0.de
wildcardHost: "*.ide.icb4dc0.de"
annotations:
gethomepage.dev/description: Remote IDE
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: coder.png
gethomepage.dev/name: Coder
env:
- name: CODER_WILDCARD_ACCESS_URL
value: '*.ide.icb4dc0.de'
- name: CODER_ACCESS_URL
value: "https://ide.icb4dc0.de"
- name: CODER_PG_CONNECTION_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-coder
key: uri
- name: CODER_DISABLE_PASSWORD_AUTH
value: "true"
- name: CODER_OIDC_ISSUER_URL
value: "https://code.icb4dc0.de/"
- name: CODER_OIDC_SIGN_IN_TEXT
value: "Sign in with Gitea"
- name: CODER_OIDC_ICON_URL
value: https://gitea.io/images/gitea.png
- name: CODER_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: coder-secrets
key: OIDC_CLIENT_ID
- name: CODER_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: coder-secrets
key: OIDC_CLIENT_SECRET
- name: CODER_GITAUTH_0_ID
value: primary-forgejo
- name: CODER_GITAUTH_0_TYPE
value: gitlab
- name: CODER_GITAUTH_0_AUTH_URL
value: https://code.icb4dc0.de/login/oauth/authorize
- name: CODER_GITAUTH_0_TOKEN_URL
value: https://code.icb4dc0.de/login/oauth/access_token
- name: CODER_GITAUTH_0_VALIDATE_URL
value: https://code.icb4dc0.de/login/oauth/userinfo
- name: CODER_GITAUTH_0_CLIENT_ID
valueFrom:
secretKeyRef:
name: coder-secrets
key: OIDC_CLIENT_ID
- name: CODER_GITAUTH_0_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: coder-secrets
key: OIDC_CLIENT_SECRET
service:
type: ClusterIP

19
coder/kustomization.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: coder
resources:
- "resources/namespace.yaml"
helmCharts:
- name: coder
repo: https://helm.coder.com/v2
releaseName: coder
namespace: coder
version: "2.5.1"
valuesFile: config/values.coder.yml
skipTests: true
generators:
- ./secret-generator.yaml

View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: coder
labels:
prometheus: default

View file

@ -0,0 +1,10 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: coder-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./config/secrets.enc.yml

View file

@ -26,6 +26,14 @@ spec:
spec: spec:
affinity: affinity:
nodeAffinity: nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:

View file

@ -8,9 +8,11 @@ images:
newName: quay.io/hedgedoc/hedgedoc newName: quay.io/hedgedoc/hedgedoc
newTag: "1.9.9" newTag: "1.9.9"
commonLabels: labels:
app.kubernetes.io/instance: icb4dc0de - includeSelectors: true
app.kubernetes.io/managed-by: kustomize pairs:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"

View file

@ -4,7 +4,6 @@ metadata:
name: hedgedoc-secret-config name: hedgedoc-secret-config
type: Opaque type: Opaque
stringData: stringData:
CMD_DB_URL: ENC[AES256_GCM,data:4nqueG0hIb5fPQbPJll+keWZVODpFxBUhVkeHTKJ2/J8Kpj8DMuU41HLQ1+iGFiUtEdv2LPvbgDOeXT4UR3zjDdGL96SpKbLQIKQlNjPWNfUXeHASkiIiMHh9Y7z3d/s2coopzk9ULTHs5XIMywCUoY8DX4=,iv:drx1hQdbsLbPSojSL79TFop1wni2KxNPJ+KwlOL9WQo=,tag:4JbriWueqRye/n3rnBpSkw==,type:str]
CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:VqudURssSgmCDVhCRjak2TDG10pwvCNfi0w9FlEh4SI=,iv:VGavO528JfqsUVyvWSAlWkMTXJAmLUablaGZ3VCEtq8=,tag:unvEa2k/9AzfVMEnhCDB1Q==,type:str] CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:VqudURssSgmCDVhCRjak2TDG10pwvCNfi0w9FlEh4SI=,iv:VGavO528JfqsUVyvWSAlWkMTXJAmLUablaGZ3VCEtq8=,tag:unvEa2k/9AzfVMEnhCDB1Q==,type:str]
CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:/iQq6wnoH/WwEzApap6szpr7z+KZJ+twcuINgqtbHOMDXeVz9Yi7cjC0hGlqQHZTCO4jR5gp+OwdIkzRk0zDsw==,iv:1OHm8K3AA340q0xkNCF3RsPpcpKmUE5Yibu+IWIZ7+E=,tag:cB/pckdoEZQlzlRVWoYKmA==,type:str] CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:/iQq6wnoH/WwEzApap6szpr7z+KZJ+twcuINgqtbHOMDXeVz9Yi7cjC0hGlqQHZTCO4jR5gp+OwdIkzRk0zDsw==,iv:1OHm8K3AA340q0xkNCF3RsPpcpKmUE5Yibu+IWIZ7+E=,tag:cB/pckdoEZQlzlRVWoYKmA==,type:str]
CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str] CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str]
@ -34,8 +33,8 @@ sops:
ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B
WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA== WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-08T19:19:28Z" lastmodified: "2023-12-20T20:40:53Z"
mac: ENC[AES256_GCM,data:mG1SOLX1AFuPuJ3v8o12ofU+rHD/Iwwp3xFfIoayHp+K/w8btnwZ1rrbzZLRwZfR2nnxF9Rn4UZ2d1v6B9z2Dlz/p4EDc2pDyyhgWFCoJgf1J3w7Gj7b1C9ukoGrxcQ0RaZjhhZrU0XjN5EyfTgxcl1e5UahOrHVUu5OMBukkKg=,iv:2M5gtUdMpsYmLZkuaWXoHGGKPM9pvXwEpqqRjhSN8yo=,tag:ORpppvL5KKXRVgIwAoTOCw==,type:str] mac: ENC[AES256_GCM,data:DcoiksdfIUl5cCC8mSbzAUO9lWTeotr/UNMwIa+Z7aq9s4tzVn3YBbAPh5by5U7PVqAPkutoBjUk1IXCqWykkGXw/k9n7mAZn5AiCweLNY/d0gmKTpCUsGqaTg8gH7gQJy6+TNGxnq+Wm4GQNHAduYMJXS4/UdJcIAAc/id4JXo=,iv:+OYzaUHdJN4daTrAg561LxS0i6lozZ+OylhxubZplYc=,tag:7gElSJeGIaqXzjYTe9OTZQ==,type:str]
pgp: [] pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$ unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1 version: 3.8.1

View file

@ -15,6 +15,14 @@ spec:
containers: containers:
- name: hedgedoc - name: hedgedoc
image: hedgedoc image: hedgedoc
env:
- name: CMD_DB_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-hedgedoc
key: uri
- name: NODE_EXTRA_CA_CERTS
value: /certs/ca.crt
envFrom: envFrom:
- secretRef: - secretRef:
name: hedgedoc-base-config name: hedgedoc-base-config
@ -27,6 +35,9 @@ spec:
volumeMounts: volumeMounts:
- name: upload-tmp - name: upload-tmp
mountPath: /tmp mountPath: /tmp
- name: pg-certs
mountPath: /certs
readOnly: true
resources: resources:
requests: requests:
memory: "168Mi" memory: "168Mi"
@ -44,7 +55,20 @@ spec:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
runAsNonRoot: true runAsNonRoot: true
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
volumes: volumes:
- name: upload-tmp - name: upload-tmp
emptyDir: emptyDir:
sizeLimit: 500Mi sizeLimit: 500Mi
- name: pg-certs
secret:
secretName: default-cluster-cluster-cert

View file

@ -11,9 +11,11 @@ images:
newName: quay.io/oauth2-proxy/oauth2-proxy newName: quay.io/oauth2-proxy/oauth2-proxy
newTag: v7.5.1 newTag: v7.5.1
commonLabels: labels:
app.kubernetes.io/instance: icb4dc0de - includeSelectors: true
app.kubernetes.io/managed-by: kustomize pairs:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"

View file

@ -0,0 +1,48 @@
apiVersion: v1
kind: Secret
metadata:
name: linkwarden-config
type: Opaque
stringData:
NEXTAUTH_SECRET: ENC[AES256_GCM,data:qljN/QafFYQwk9tZzfUom864wmLBkOA6sZLezygCqpmTPxo6T7VWP2Z6hoI=,iv:HZHCtzraMHTaTjlTRdSs0T6gaREUVWwg4tst7lGgWjs=,tag:g4WXVJ4zcoH8HcPBprkiiA==,type:str]
NEXTAUTH_URL: ENC[AES256_GCM,data:WqEQhQHOgitq66YKbF0SV4iox3rb0713TATzZE+iNxEccm27,iv:urUC/cmks3renR3kkGpw8hHYwVrwz5JXf7QXXQq2ElA=,tag:Vucguui87xJWGCT+M1SaZw==,type:str]
NEXT_PUBLIC_DISABLE_REGISTRATION: ENC[AES256_GCM,data:r7mA+g==,iv:hTpGulLYK10DoCAYc3Hp6BlKQBeKHkV3A6BUJku9ZjQ=,tag:5gpMkBYkySIO8RGG4dzaew==,type:str]
SPACES_KEY: ENC[AES256_GCM,data:BF1RGNTId/gzEATiHqI4DwAeSSz0QBk1MVtQCs91K84=,iv:4jKC+G/c8MZ/kNyt9n6Hn7YvSYNWegTEzcQ9Z63i6U4=,tag:05l1AVPhFN4H53b5/FM4fw==,type:str]
SPACES_SECRET: ENC[AES256_GCM,data:UwWvKzmHsLE4y1+yeZEjP+swVO5+Ss/Dj8YJz/V1xq9sbvI4dyswuUeOJ6xzl4fbPUYW4gMCELhLBYz4s6eOZw==,iv:fvt2J66VPFMY4bLn+18rpxOPFRJi2ynikfQGNSn0PoY=,tag:F4XGCCJq+1uvl1LdBBES1A==,type:str]
SPACES_ENDPOINT: ENC[AES256_GCM,data:9V9UgB1YgSqyXQO6VogyDHTRpS++OmDvWdGYEoaAoSHrBMhrDq2YW7mCLSNA8HOpFCLWN5AF9FqbsjA/dB/7Gio=,iv:S3Js7k/hoLJeDIbZWPdPlupdNKaupAaqFoWWiFgHs7Q=,tag:5deMT1/t78VOduFs5pTuxA==,type:str]
SPACES_BUCKET_NAME: ENC[AES256_GCM,data:/T9L2eHlrpX74w==,iv:pGzRxFLGYOEf8LeuzOrc7GVTHQ9lbp4YjFWSS03OQNM=,tag:S6iWpQANHebGAK+7lhAqwg==,type:str]
SPACES_REGION: ENC[AES256_GCM,data:kP0CGw==,iv:bniAW1+xg7y1qnSqh9qAUM1LG1geVs7AIvbqn+fH/CU=,tag:GyWNCgK8PSJWnUOfDg3X+w==,type:str]
SPACES_FORCE_PATH_STYLE: ENC[AES256_GCM,data:JSXD7Q==,iv:JMbqKZO4SdYBglZySpDY56vTiCKDCeBlRjKD4uwFQOg=,tag:6gsT1+BWbGA1Ce05iaK/1Q==,type:str]
NEXT_PUBLIC_KEYCLOAK_ENABLED: ENC[AES256_GCM,data:5ePOxQ==,iv:B3Xv/z0Bcv4u2nzNQSHFZGQeuAw6kkZIi4V2gkkGesk=,tag:ZLzKaf55W1DXzXhQ0NRPWQ==,type:str]
KEYCLOAK_ISSUER: ENC[AES256_GCM,data:I710NmdNMWyheJD5i+zXgV8I3LCa9dc=,iv:17dX+n20fkq+m98i47WeKeJ+f5l+rg9oq08/Ki8hmg8=,tag:5HdizFf2WM2X9X/rMsZH9Q==,type:str]
KEYCLOAK_CLIENT_ID: ENC[AES256_GCM,data:aUrLGjG5Pt6yAdI1sGMS7qmDg70oiUMciLAwfpNsyscMv9nk,iv:29JZfzF8sPmIvyWPw+VjzgTRJr+aSjDN6IGZmt7JFYM=,tag:pX6w2++QHwED/46njtM/Qg==,type:str]
KEYCLOAK_CLIENT_SECRET: ENC[AES256_GCM,data:yrz8bwNmEvjl0zeul2EfcyBrvp1VhDJYIVA/2ttIvEVuvB9M0XzOAtV/KHxZXv544mQ+/HsORMY=,iv:GL0vMgvm5zIfV4+zWUmAnTv7FTJvF0jQzfoxqFMB0ho=,tag:jzwQYN2sB6EoS/owF0wNMg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkb2dXQkVHOW9aVGozUkVG
QTkyWVBkQ1F4MVVmN0Z2ZGhUVi9oR1puYWpZCm5xcXM1VU9pOE5iR1VUQmZOQlBq
V2N0ZG5mWGJMTW43V3ZDWUJhQ2RwVUkKLS0tIDYvSkpQQnkyb2ZvOGwxcXM3ZUVh
NnkwcUJna1FSTXpMY1RxS05TV2lCWEUK63y4d4TS0JWdNPy2DCFsrnPVoWF3HaF2
hMFBIt7bKNrEMChwJ0IWCtCS4EoatYKrFSwuIQHBGPiDgQuHij90Rg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUZFaXFCbFVoVEVNS3hP
bmt0YXJhbk9BUDdkT1M1N0h0UXZ3V0dCOEVjCkQ5Wmt6VjMwNTZmUGk2Z0srU2lo
OU8waDhDMHE3SDRaOUNxc2pZallnd0UKLS0tIHNkOEhudkR4SmVhRGd1VStQLzBZ
aVVYZ3JDSDhKdFZZZXdycnUyTml0VXcKTg087ZASI5RraNAD8rnHa5OUaYEdRte/
OyVbfwvYm79jQipgTwoctCmVuL8lMjnoKuDZnMT6UEgV6ziHKrqIZw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-21T12:25:42Z"
mac: ENC[AES256_GCM,data:U2rRu3TPyXjt2YnR7cQrsRYvWS41zgDonqglfJPnnrSegoe/JmNn2jIU6iljJEruGmhxNGxh1KE8KHn2mJ2M6GWJ0TMW6JBiQ0Yl6UXBYAnMrw5FYfIThtB8gxvEUtoQ8fES9jCyqneHE5DWe0kbdMqaU9uf/G4nwUMAyWdVAdA=,iv:AejpeLY6pooJ4MOIbXjSAr9d6JjFx7FTkygs8Jy91Ug=,tag:7/RNNFY5ZhkxJ88bL4v55Q==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

View file

@ -0,0 +1,23 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: linkwarden
labels:
- pairs:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
images:
- name: linkwarden
newName: ghcr.io/linkwarden/linkwarden
newTag: "v2.3.0"
resources:
- "resources/namespace.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/ingress.yaml"
generators:
- ./secret-generator.yaml

View file

@ -0,0 +1,80 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: linkwarden
labels:
app.kubernetes.io/name: linkwarden
spec:
selector:
matchLabels:
app.kubernetes.io/name: linkwarden
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: linkwarden
spec:
initContainers:
- name: install-packages
image: linkwarden
command: ["/bin/bash", "-c", "npx playwright install"]
volumeMounts:
- name: node-cache
mountPath: /home/node/.cache
containers:
- name: linkwarden
image: linkwarden
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-linkwarden
key: uri
envFrom:
- secretRef:
name: linkwarden-config
ports:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- name: next-cache
mountPath: /data/.next/cache
- name: node-cache
mountPath: /home/node/.cache
resources:
requests:
memory: "384Mi"
cpu: "50m"
limits:
memory: "768Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
volumes:
- name: next-cache
emptyDir:
sizeLimit: 250Mi
- name: node-cache
emptyDir:
sizeLimit: 1500Mi

View file

@ -0,0 +1,23 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: linkwarden
annotations:
gethomepage.dev/description: Store links to find them later
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: linkwarden.png
gethomepage.dev/name: Linkwarden
spec:
rules:
- host: links.icb4dc0.de
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: linkwarden
port:
number: 3000

View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: linkwarden
labels:
prometheus: default

View file

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: linkwarden
spec:
selector:
app.kubernetes.io/name: linkwarden
ports:
- protocol: TCP
port: 3000
targetPort: 3000

View file

@ -0,0 +1,10 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: linkwarden-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./config/secrets.enc.yaml

View file

@ -6,18 +6,19 @@ labels:
pairs: pairs:
app.kubernetes.io/name: pgo app.kubernetes.io/name: pgo
# The version below should match the version on the PostgresCluster CRD # The version below should match the version on the PostgresCluster CRD
app.kubernetes.io/version: 5.4.3 app.kubernetes.io/version: 5.5.0
postgres-operator.crunchydata.com/control-plane: postgres-operator postgres-operator.crunchydata.com/control-plane: postgres-operator
images: images:
- name: postgres-operator - name: postgres-operator
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
newTag: ubi8-5.4.3-0 newTag: ubi8-5.5.0-0
resources: resources:
- resources/namespace.yaml - resources/namespace.yaml
- resources/crd/postgresclusters.yaml - resources/crd/postgresclusters.yaml
- resources/crd/pgupgrades.yaml - resources/crd/pgupgrades.yaml
- resources/crd/pgadmins.yaml
- resources/rbac/service_account.yaml - resources/rbac/service_account.yaml
- resources/rbac/role.yaml - resources/rbac/role.yaml
- resources/rbac/role_binding.yaml - resources/rbac/role_binding.yaml

File diff suppressed because it is too large Load diff

View file

@ -6,7 +6,7 @@ metadata:
creationTimestamp: null creationTimestamp: null
labels: labels:
app.kubernetes.io/name: pgo app.kubernetes.io/name: pgo
app.kubernetes.io/version: 5.4.3 app.kubernetes.io/version: 5.5.0
name: pgupgrades.postgres-operator.crunchydata.com name: pgupgrades.postgres-operator.crunchydata.com
spec: spec:
group: postgres-operator.crunchydata.com group: postgres-operator.crunchydata.com
@ -1072,4 +1072,4 @@ spec:
served: true served: true
storage: true storage: true
subresources: subresources:
status: {} status: {}

View file

@ -6,7 +6,7 @@ metadata:
creationTimestamp: null creationTimestamp: null
labels: labels:
app.kubernetes.io/name: pgo app.kubernetes.io/name: pgo
app.kubernetes.io/version: 5.4.3 app.kubernetes.io/version: 5.5.0
name: postgresclusters.postgres-operator.crunchydata.com name: postgresclusters.postgres-operator.crunchydata.com
spec: spec:
group: postgres-operator.crunchydata.com group: postgres-operator.crunchydata.com
@ -15462,4 +15462,4 @@ spec:
served: true served: true
storage: true storage: true
subresources: subresources:
status: {} status: {}

View file

@ -5,7 +5,7 @@ metadata:
name: default-cluster name: default-cluster
namespace: postgres namespace: postgres
spec: spec:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1 image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.5-0
postgresVersion: 15 postgresVersion: 15
users: users:
- name: postgres - name: postgres
@ -27,6 +27,9 @@ spec:
- name: hedgedoc - name: hedgedoc
databases: databases:
- hedgedoc - hedgedoc
- name: linkwarden
databases:
- linkwarden
- name: nextcloud - name: nextcloud
databases: databases:
- nextcloud - nextcloud
@ -65,7 +68,7 @@ spec:
backups: backups:
pgbackrest: pgbackrest:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1 image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-2
configuration: configuration:
- secret: - secret:
name: pgo-s3-creds name: pgo-s3-creds

View file

@ -60,4 +60,14 @@ spec:
capabilities: { drop: [ALL] } capabilities: { drop: [ALL] }
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
serviceAccountName: pgo serviceAccountName: pgo
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64

View file

@ -102,6 +102,7 @@ rules:
- apiGroups: - apiGroups:
- postgres-operator.crunchydata.com - postgres-operator.crunchydata.com
resources: resources:
- pgadmins
- pgupgrades - pgupgrades
verbs: verbs:
- get - get
@ -110,18 +111,19 @@ rules:
- apiGroups: - apiGroups:
- postgres-operator.crunchydata.com - postgres-operator.crunchydata.com
resources: resources:
- pgadmins/finalizers
- pgupgrades/finalizers - pgupgrades/finalizers
- postgresclusters/finalizers
verbs: verbs:
- patch
- update - update
- apiGroups: - apiGroups:
- postgres-operator.crunchydata.com - postgres-operator.crunchydata.com
resources: resources:
- pgadmins/status
- pgupgrades/status - pgupgrades/status
- postgresclusters/status
verbs: verbs:
- get
- patch - patch
- watch
- apiGroups: - apiGroups:
- postgres-operator.crunchydata.com - postgres-operator.crunchydata.com
resources: resources:
@ -131,18 +133,6 @@ rules:
- list - list
- patch - patch
- watch - watch
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- postgresclusters/finalizers
verbs:
- update
- apiGroups:
- postgres-operator.crunchydata.com
resources:
- postgresclusters/status
verbs:
- patch
- apiGroups: - apiGroups:
- rbac.authorization.k8s.io - rbac.authorization.k8s.io
resources: resources:

View file

@ -11,5 +11,4 @@ roleRef:
name: postgres-operator name: postgres-operator
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: pgo name: pgo
namespace: postgres-system

View file

@ -3,9 +3,11 @@ kind: Kustomization
namespace: vaultwarden namespace: vaultwarden
commonLabels: labels:
app.kubernetes.io/instance: icb4dc0de - includeSelectors: true
app.kubernetes.io/managed-by: kustomize pairs:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
images: images:
- name: vaultwarden - name: vaultwarden

View file

@ -35,6 +35,16 @@ spec:
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /data mountPath: /data
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
volumes: volumes:
- name: data - name: data
persistentVolumeClaim: persistentVolumeClaim:

View file

@ -11,9 +11,11 @@ images:
newName: docker.io/vikunja/frontend newName: docker.io/vikunja/frontend
newTag: "0.21.0" newTag: "0.21.0"
commonLabels: labels:
app.kubernetes.io/instance: icb4dc0de - includeSelectors: true
app.kubernetes.io/managed-by: kustomize pairs:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
resources: resources:
- resources/namespace.yaml - resources/namespace.yaml

View file

@ -8,9 +8,11 @@ images:
newName: ghcr.io/diced/zipline newName: ghcr.io/diced/zipline
newTag: "3.7.7" newTag: "3.7.7"
commonLabels: labels:
app.kubernetes.io/instance: icb4dc0de - includeSelectors: true
app.kubernetes.io/managed-by: kustomize pairs:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"