This commit is contained in:
parent
ac0f1f7dc9
commit
ceca1f3bc9
30 changed files with 1971 additions and 45 deletions
1
coder/.gitignore
vendored
Normal file
1
coder/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
charts/
|
37
coder/config/secrets.enc.yml
Normal file
37
coder/config/secrets.enc.yml
Normal file
|
@ -0,0 +1,37 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: coder-secrets
|
||||
type: Opaque
|
||||
stringData:
|
||||
OIDC_CLIENT_ID: ENC[AES256_GCM,data:4KD0RPoRdY23wwkwqoXFloAl3VHQsaVJq46psw/tybCic+g6,iv:LQuY/nTVbD8J62Ia4QNRPQq+mP2BX5cOufIOpaqdjHk=,tag:2hB0sZ6fG/Mdi/Mxi123yw==,type:str]
|
||||
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:8F2gjA8bMyh+g/MPppOtO8pGSvvjoNse2jPAYcH2vyfXNRNR2hn3OF56OkqAQUDgKh3mOMMIlOA=,iv:MSpf7TueXeJ9bJ9gMJAR7m97sbe/GG0GhIsDKOS8U5g=,tag:dJwpuxdG2tjEGSkoynstrg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNllWNkJSdm8rblRWQWY0
|
||||
U05Bdkw4OUlhTmZTY2VPOXp3UStKMTZpTGpRCmlxRVFlREtuSG85Zk4vb2lIZm1H
|
||||
SG9hTjc5bmppS0ZWNDVkajBHY2FlcnMKLS0tIGVPQTVHTktPbGVORys4Vk9pdEZp
|
||||
ZnhvczRaK09YL0crK0hwYUllZXErSk0K23F5ItL9qHYbuNVuWGzpgaXMN5LNwc+n
|
||||
LAtAoDwhsNhxNFTU+164rtjwHQ+NMp/xNIHiWMeOBz8zSkqCDAhxJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaU5ldHg2RjVqdUQxMysv
|
||||
d05jaEFsMXF6QXNlZ2I0SjhGb2pEeHl2WXh3CmtZcG1WZXY3SnBBTTU2cFh6Z1Vo
|
||||
RGd1OGt1cUhXc2VoUmJJaHJhRlQ1QVUKLS0tIEhscmZWU3Y2UFI2UVorbXVoQ2Yz
|
||||
VElCdDBrcEt0amlJUmlldENtSjYyczQK8BueJyu/9pJSqa3eYT/bW705O+Wzd6OF
|
||||
+COLZ8HmD6RFy6K+1uqRqy8ETfSqsaNC06ZdBtH3VKNPOk0ayAuWeg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-21T13:40:45Z"
|
||||
mac: ENC[AES256_GCM,data:nxoSscCX6drScTysPpdPCwNBpJ7IFjIHEDsoVtsMaC2XufxBHNs5iZLv0vc/QfPK4xTRuEjWxhpFq/XiqTkcArpj/19PopKawa9JAKwSjK+9h83rvhK2r0j8QUmKpx9CfRS4uR2e/u2SCLyGtoAFsZD/nwQYFh3o3y0GfpCz3FE=,iv:V/j4zOf2D9SFSJsr7v8/IM8Sor+pJDL520vXSQUwW6w=,tag:lvNKkyw51qVM/j0WB987JA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||
version: 3.8.1
|
63
coder/config/values.coder.yml
Normal file
63
coder/config/values.coder.yml
Normal file
|
@ -0,0 +1,63 @@
|
|||
---
|
||||
coder:
|
||||
ingress:
|
||||
enable: true
|
||||
host: ide.icb4dc0.de
|
||||
wildcardHost: "*.ide.icb4dc0.de"
|
||||
annotations:
|
||||
gethomepage.dev/description: Remote IDE
|
||||
gethomepage.dev/enabled: "true"
|
||||
gethomepage.dev/group: Apps
|
||||
gethomepage.dev/icon: coder.png
|
||||
gethomepage.dev/name: Coder
|
||||
env:
|
||||
- name: CODER_WILDCARD_ACCESS_URL
|
||||
value: '*.ide.icb4dc0.de'
|
||||
- name: CODER_ACCESS_URL
|
||||
value: "https://ide.icb4dc0.de"
|
||||
- name: CODER_PG_CONNECTION_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: default-cluster-pguser-coder
|
||||
key: uri
|
||||
- name: CODER_DISABLE_PASSWORD_AUTH
|
||||
value: "true"
|
||||
- name: CODER_OIDC_ISSUER_URL
|
||||
value: "https://code.icb4dc0.de/"
|
||||
- name: CODER_OIDC_SIGN_IN_TEXT
|
||||
value: "Sign in with Gitea"
|
||||
- name: CODER_OIDC_ICON_URL
|
||||
value: https://gitea.io/images/gitea.png
|
||||
- name: CODER_OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: coder-secrets
|
||||
key: OIDC_CLIENT_ID
|
||||
- name: CODER_OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: coder-secrets
|
||||
key: OIDC_CLIENT_SECRET
|
||||
- name: CODER_GITAUTH_0_ID
|
||||
value: primary-forgejo
|
||||
- name: CODER_GITAUTH_0_TYPE
|
||||
value: gitlab
|
||||
- name: CODER_GITAUTH_0_AUTH_URL
|
||||
value: https://code.icb4dc0.de/login/oauth/authorize
|
||||
- name: CODER_GITAUTH_0_TOKEN_URL
|
||||
value: https://code.icb4dc0.de/login/oauth/access_token
|
||||
- name: CODER_GITAUTH_0_VALIDATE_URL
|
||||
value: https://code.icb4dc0.de/login/oauth/userinfo
|
||||
- name: CODER_GITAUTH_0_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: coder-secrets
|
||||
key: OIDC_CLIENT_ID
|
||||
- name: CODER_GITAUTH_0_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: coder-secrets
|
||||
key: OIDC_CLIENT_SECRET
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
19
coder/kustomization.yaml
Normal file
19
coder/kustomization.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: coder
|
||||
|
||||
resources:
|
||||
- "resources/namespace.yaml"
|
||||
|
||||
helmCharts:
|
||||
- name: coder
|
||||
repo: https://helm.coder.com/v2
|
||||
releaseName: coder
|
||||
namespace: coder
|
||||
version: "2.5.1"
|
||||
valuesFile: config/values.coder.yml
|
||||
skipTests: true
|
||||
|
||||
generators:
|
||||
- ./secret-generator.yaml
|
7
coder/resources/namespace.yaml
Normal file
7
coder/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: coder
|
||||
labels:
|
||||
prometheus: default
|
10
coder/secret-generator.yaml
Normal file
10
coder/secret-generator.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: coder-secret-generator
|
||||
annotations:
|
||||
config.kubernetes.io/function: |
|
||||
exec:
|
||||
path: ksops
|
||||
files:
|
||||
- ./config/secrets.enc.yml
|
|
@ -26,6 +26,14 @@ spec:
|
|||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- arm64
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
|
|
|
@ -8,9 +8,11 @@ images:
|
|||
newName: quay.io/hedgedoc/hedgedoc
|
||||
newTag: "1.9.9"
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
resources:
|
||||
- "resources/namespace.yaml"
|
||||
|
|
|
@ -4,7 +4,6 @@ metadata:
|
|||
name: hedgedoc-secret-config
|
||||
type: Opaque
|
||||
stringData:
|
||||
CMD_DB_URL: ENC[AES256_GCM,data:4nqueG0hIb5fPQbPJll+keWZVODpFxBUhVkeHTKJ2/J8Kpj8DMuU41HLQ1+iGFiUtEdv2LPvbgDOeXT4UR3zjDdGL96SpKbLQIKQlNjPWNfUXeHASkiIiMHh9Y7z3d/s2coopzk9ULTHs5XIMywCUoY8DX4=,iv:drx1hQdbsLbPSojSL79TFop1wni2KxNPJ+KwlOL9WQo=,tag:4JbriWueqRye/n3rnBpSkw==,type:str]
|
||||
CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:VqudURssSgmCDVhCRjak2TDG10pwvCNfi0w9FlEh4SI=,iv:VGavO528JfqsUVyvWSAlWkMTXJAmLUablaGZ3VCEtq8=,tag:unvEa2k/9AzfVMEnhCDB1Q==,type:str]
|
||||
CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:/iQq6wnoH/WwEzApap6szpr7z+KZJ+twcuINgqtbHOMDXeVz9Yi7cjC0hGlqQHZTCO4jR5gp+OwdIkzRk0zDsw==,iv:1OHm8K3AA340q0xkNCF3RsPpcpKmUE5Yibu+IWIZ7+E=,tag:cB/pckdoEZQlzlRVWoYKmA==,type:str]
|
||||
CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str]
|
||||
|
@ -34,8 +33,8 @@ sops:
|
|||
ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B
|
||||
WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-08T19:19:28Z"
|
||||
mac: ENC[AES256_GCM,data:mG1SOLX1AFuPuJ3v8o12ofU+rHD/Iwwp3xFfIoayHp+K/w8btnwZ1rrbzZLRwZfR2nnxF9Rn4UZ2d1v6B9z2Dlz/p4EDc2pDyyhgWFCoJgf1J3w7Gj7b1C9ukoGrxcQ0RaZjhhZrU0XjN5EyfTgxcl1e5UahOrHVUu5OMBukkKg=,iv:2M5gtUdMpsYmLZkuaWXoHGGKPM9pvXwEpqqRjhSN8yo=,tag:ORpppvL5KKXRVgIwAoTOCw==,type:str]
|
||||
lastmodified: "2023-12-20T20:40:53Z"
|
||||
mac: ENC[AES256_GCM,data:DcoiksdfIUl5cCC8mSbzAUO9lWTeotr/UNMwIa+Z7aq9s4tzVn3YBbAPh5by5U7PVqAPkutoBjUk1IXCqWykkGXw/k9n7mAZn5AiCweLNY/d0gmKTpCUsGqaTg8gH7gQJy6+TNGxnq+Wm4GQNHAduYMJXS4/UdJcIAAc/id4JXo=,iv:+OYzaUHdJN4daTrAg561LxS0i6lozZ+OylhxubZplYc=,tag:7gElSJeGIaqXzjYTe9OTZQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||
version: 3.8.1
|
||||
|
|
|
@ -15,6 +15,14 @@ spec:
|
|||
containers:
|
||||
- name: hedgedoc
|
||||
image: hedgedoc
|
||||
env:
|
||||
- name: CMD_DB_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: default-cluster-pguser-hedgedoc
|
||||
key: uri
|
||||
- name: NODE_EXTRA_CA_CERTS
|
||||
value: /certs/ca.crt
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: hedgedoc-base-config
|
||||
|
@ -27,6 +35,9 @@ spec:
|
|||
volumeMounts:
|
||||
- name: upload-tmp
|
||||
mountPath: /tmp
|
||||
- name: pg-certs
|
||||
mountPath: /certs
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
memory: "168Mi"
|
||||
|
@ -44,7 +55,20 @@ spec:
|
|||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- arm64
|
||||
volumes:
|
||||
- name: upload-tmp
|
||||
emptyDir:
|
||||
sizeLimit: 500Mi
|
||||
- name: pg-certs
|
||||
secret:
|
||||
secretName: default-cluster-cluster-cert
|
|
@ -11,9 +11,11 @@ images:
|
|||
newName: quay.io/oauth2-proxy/oauth2-proxy
|
||||
newTag: v7.5.1
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
resources:
|
||||
- "resources/namespace.yaml"
|
||||
|
|
48
linkwarden/config/secrets.enc.yaml
Normal file
48
linkwarden/config/secrets.enc.yaml
Normal file
|
@ -0,0 +1,48 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: linkwarden-config
|
||||
type: Opaque
|
||||
stringData:
|
||||
NEXTAUTH_SECRET: ENC[AES256_GCM,data:qljN/QafFYQwk9tZzfUom864wmLBkOA6sZLezygCqpmTPxo6T7VWP2Z6hoI=,iv:HZHCtzraMHTaTjlTRdSs0T6gaREUVWwg4tst7lGgWjs=,tag:g4WXVJ4zcoH8HcPBprkiiA==,type:str]
|
||||
NEXTAUTH_URL: ENC[AES256_GCM,data:WqEQhQHOgitq66YKbF0SV4iox3rb0713TATzZE+iNxEccm27,iv:urUC/cmks3renR3kkGpw8hHYwVrwz5JXf7QXXQq2ElA=,tag:Vucguui87xJWGCT+M1SaZw==,type:str]
|
||||
NEXT_PUBLIC_DISABLE_REGISTRATION: ENC[AES256_GCM,data:r7mA+g==,iv:hTpGulLYK10DoCAYc3Hp6BlKQBeKHkV3A6BUJku9ZjQ=,tag:5gpMkBYkySIO8RGG4dzaew==,type:str]
|
||||
SPACES_KEY: ENC[AES256_GCM,data:BF1RGNTId/gzEATiHqI4DwAeSSz0QBk1MVtQCs91K84=,iv:4jKC+G/c8MZ/kNyt9n6Hn7YvSYNWegTEzcQ9Z63i6U4=,tag:05l1AVPhFN4H53b5/FM4fw==,type:str]
|
||||
SPACES_SECRET: ENC[AES256_GCM,data:UwWvKzmHsLE4y1+yeZEjP+swVO5+Ss/Dj8YJz/V1xq9sbvI4dyswuUeOJ6xzl4fbPUYW4gMCELhLBYz4s6eOZw==,iv:fvt2J66VPFMY4bLn+18rpxOPFRJi2ynikfQGNSn0PoY=,tag:F4XGCCJq+1uvl1LdBBES1A==,type:str]
|
||||
SPACES_ENDPOINT: ENC[AES256_GCM,data:9V9UgB1YgSqyXQO6VogyDHTRpS++OmDvWdGYEoaAoSHrBMhrDq2YW7mCLSNA8HOpFCLWN5AF9FqbsjA/dB/7Gio=,iv:S3Js7k/hoLJeDIbZWPdPlupdNKaupAaqFoWWiFgHs7Q=,tag:5deMT1/t78VOduFs5pTuxA==,type:str]
|
||||
SPACES_BUCKET_NAME: ENC[AES256_GCM,data:/T9L2eHlrpX74w==,iv:pGzRxFLGYOEf8LeuzOrc7GVTHQ9lbp4YjFWSS03OQNM=,tag:S6iWpQANHebGAK+7lhAqwg==,type:str]
|
||||
SPACES_REGION: ENC[AES256_GCM,data:kP0CGw==,iv:bniAW1+xg7y1qnSqh9qAUM1LG1geVs7AIvbqn+fH/CU=,tag:GyWNCgK8PSJWnUOfDg3X+w==,type:str]
|
||||
SPACES_FORCE_PATH_STYLE: ENC[AES256_GCM,data:JSXD7Q==,iv:JMbqKZO4SdYBglZySpDY56vTiCKDCeBlRjKD4uwFQOg=,tag:6gsT1+BWbGA1Ce05iaK/1Q==,type:str]
|
||||
NEXT_PUBLIC_KEYCLOAK_ENABLED: ENC[AES256_GCM,data:5ePOxQ==,iv:B3Xv/z0Bcv4u2nzNQSHFZGQeuAw6kkZIi4V2gkkGesk=,tag:ZLzKaf55W1DXzXhQ0NRPWQ==,type:str]
|
||||
KEYCLOAK_ISSUER: ENC[AES256_GCM,data:I710NmdNMWyheJD5i+zXgV8I3LCa9dc=,iv:17dX+n20fkq+m98i47WeKeJ+f5l+rg9oq08/Ki8hmg8=,tag:5HdizFf2WM2X9X/rMsZH9Q==,type:str]
|
||||
KEYCLOAK_CLIENT_ID: ENC[AES256_GCM,data:aUrLGjG5Pt6yAdI1sGMS7qmDg70oiUMciLAwfpNsyscMv9nk,iv:29JZfzF8sPmIvyWPw+VjzgTRJr+aSjDN6IGZmt7JFYM=,tag:pX6w2++QHwED/46njtM/Qg==,type:str]
|
||||
KEYCLOAK_CLIENT_SECRET: ENC[AES256_GCM,data:yrz8bwNmEvjl0zeul2EfcyBrvp1VhDJYIVA/2ttIvEVuvB9M0XzOAtV/KHxZXv544mQ+/HsORMY=,iv:GL0vMgvm5zIfV4+zWUmAnTv7FTJvF0jQzfoxqFMB0ho=,tag:jzwQYN2sB6EoS/owF0wNMg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkb2dXQkVHOW9aVGozUkVG
|
||||
QTkyWVBkQ1F4MVVmN0Z2ZGhUVi9oR1puYWpZCm5xcXM1VU9pOE5iR1VUQmZOQlBq
|
||||
V2N0ZG5mWGJMTW43V3ZDWUJhQ2RwVUkKLS0tIDYvSkpQQnkyb2ZvOGwxcXM3ZUVh
|
||||
NnkwcUJna1FSTXpMY1RxS05TV2lCWEUK63y4d4TS0JWdNPy2DCFsrnPVoWF3HaF2
|
||||
hMFBIt7bKNrEMChwJ0IWCtCS4EoatYKrFSwuIQHBGPiDgQuHij90Rg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQUZFaXFCbFVoVEVNS3hP
|
||||
bmt0YXJhbk9BUDdkT1M1N0h0UXZ3V0dCOEVjCkQ5Wmt6VjMwNTZmUGk2Z0srU2lo
|
||||
OU8waDhDMHE3SDRaOUNxc2pZallnd0UKLS0tIHNkOEhudkR4SmVhRGd1VStQLzBZ
|
||||
aVVYZ3JDSDhKdFZZZXdycnUyTml0VXcKTg087ZASI5RraNAD8rnHa5OUaYEdRte/
|
||||
OyVbfwvYm79jQipgTwoctCmVuL8lMjnoKuDZnMT6UEgV6ziHKrqIZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-21T12:25:42Z"
|
||||
mac: ENC[AES256_GCM,data:U2rRu3TPyXjt2YnR7cQrsRYvWS41zgDonqglfJPnnrSegoe/JmNn2jIU6iljJEruGmhxNGxh1KE8KHn2mJ2M6GWJ0TMW6JBiQ0Yl6UXBYAnMrw5FYfIThtB8gxvEUtoQ8fES9jCyqneHE5DWe0kbdMqaU9uf/G4nwUMAyWdVAdA=,iv:AejpeLY6pooJ4MOIbXjSAr9d6JjFx7FTkygs8Jy91Ug=,tag:7/RNNFY5ZhkxJ88bL4v55Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||
version: 3.8.1
|
23
linkwarden/kustomization.yaml
Normal file
23
linkwarden/kustomization.yaml
Normal file
|
@ -0,0 +1,23 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: linkwarden
|
||||
|
||||
labels:
|
||||
- pairs:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
images:
|
||||
- name: linkwarden
|
||||
newName: ghcr.io/linkwarden/linkwarden
|
||||
newTag: "v2.3.0"
|
||||
|
||||
resources:
|
||||
- "resources/namespace.yaml"
|
||||
- "resources/deployment.yaml"
|
||||
- "resources/service.yaml"
|
||||
- "resources/ingress.yaml"
|
||||
|
||||
generators:
|
||||
- ./secret-generator.yaml
|
80
linkwarden/resources/deployment.yaml
Normal file
80
linkwarden/resources/deployment.yaml
Normal file
|
@ -0,0 +1,80 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: linkwarden
|
||||
labels:
|
||||
app.kubernetes.io/name: linkwarden
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: linkwarden
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: linkwarden
|
||||
spec:
|
||||
initContainers:
|
||||
- name: install-packages
|
||||
image: linkwarden
|
||||
command: ["/bin/bash", "-c", "npx playwright install"]
|
||||
volumeMounts:
|
||||
- name: node-cache
|
||||
mountPath: /home/node/.cache
|
||||
containers:
|
||||
- name: linkwarden
|
||||
image: linkwarden
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: default-cluster-pguser-linkwarden
|
||||
key: uri
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: linkwarden-config
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
protocol: TCP
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: next-cache
|
||||
mountPath: /data/.next/cache
|
||||
- name: node-cache
|
||||
mountPath: /home/node/.cache
|
||||
resources:
|
||||
requests:
|
||||
memory: "384Mi"
|
||||
cpu: "50m"
|
||||
limits:
|
||||
memory: "768Mi"
|
||||
cpu: "500m"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: false
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- arm64
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
volumes:
|
||||
- name: next-cache
|
||||
emptyDir:
|
||||
sizeLimit: 250Mi
|
||||
- name: node-cache
|
||||
emptyDir:
|
||||
sizeLimit: 1500Mi
|
23
linkwarden/resources/ingress.yaml
Normal file
23
linkwarden/resources/ingress.yaml
Normal file
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: linkwarden
|
||||
annotations:
|
||||
gethomepage.dev/description: Store links to find them later
|
||||
gethomepage.dev/enabled: "true"
|
||||
gethomepage.dev/group: Apps
|
||||
gethomepage.dev/icon: linkwarden.png
|
||||
gethomepage.dev/name: Linkwarden
|
||||
spec:
|
||||
rules:
|
||||
- host: links.icb4dc0.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: /
|
||||
backend:
|
||||
service:
|
||||
name: linkwarden
|
||||
port:
|
||||
number: 3000
|
7
linkwarden/resources/namespace.yaml
Normal file
7
linkwarden/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: linkwarden
|
||||
labels:
|
||||
prometheus: default
|
12
linkwarden/resources/service.yaml
Normal file
12
linkwarden/resources/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: linkwarden
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: linkwarden
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
targetPort: 3000
|
10
linkwarden/secret-generator.yaml
Normal file
10
linkwarden/secret-generator.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: linkwarden-secret-generator
|
||||
annotations:
|
||||
config.kubernetes.io/function: |
|
||||
exec:
|
||||
path: ksops
|
||||
files:
|
||||
- ./config/secrets.enc.yaml
|
|
@ -6,18 +6,19 @@ labels:
|
|||
pairs:
|
||||
app.kubernetes.io/name: pgo
|
||||
# The version below should match the version on the PostgresCluster CRD
|
||||
app.kubernetes.io/version: 5.4.3
|
||||
app.kubernetes.io/version: 5.5.0
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
|
||||
images:
|
||||
- name: postgres-operator
|
||||
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
|
||||
newTag: ubi8-5.4.3-0
|
||||
newTag: ubi8-5.5.0-0
|
||||
|
||||
resources:
|
||||
- resources/namespace.yaml
|
||||
- resources/crd/postgresclusters.yaml
|
||||
- resources/crd/pgupgrades.yaml
|
||||
- resources/crd/pgadmins.yaml
|
||||
- resources/rbac/service_account.yaml
|
||||
- resources/rbac/role.yaml
|
||||
- resources/rbac/role_binding.yaml
|
||||
|
|
1532
postgres-operator/resources/crd/pgadmins.yaml
Normal file
1532
postgres-operator/resources/crd/pgadmins.yaml
Normal file
File diff suppressed because it is too large
Load diff
|
@ -6,7 +6,7 @@ metadata:
|
|||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/name: pgo
|
||||
app.kubernetes.io/version: 5.4.3
|
||||
app.kubernetes.io/version: 5.5.0
|
||||
name: pgupgrades.postgres-operator.crunchydata.com
|
||||
spec:
|
||||
group: postgres-operator.crunchydata.com
|
||||
|
|
|
@ -6,7 +6,7 @@ metadata:
|
|||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/name: pgo
|
||||
app.kubernetes.io/version: 5.4.3
|
||||
app.kubernetes.io/version: 5.5.0
|
||||
name: postgresclusters.postgres-operator.crunchydata.com
|
||||
spec:
|
||||
group: postgres-operator.crunchydata.com
|
||||
|
|
|
@ -5,7 +5,7 @@ metadata:
|
|||
name: default-cluster
|
||||
namespace: postgres
|
||||
spec:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.5-0
|
||||
postgresVersion: 15
|
||||
users:
|
||||
- name: postgres
|
||||
|
@ -27,6 +27,9 @@ spec:
|
|||
- name: hedgedoc
|
||||
databases:
|
||||
- hedgedoc
|
||||
- name: linkwarden
|
||||
databases:
|
||||
- linkwarden
|
||||
- name: nextcloud
|
||||
databases:
|
||||
- nextcloud
|
||||
|
@ -65,7 +68,7 @@ spec:
|
|||
|
||||
backups:
|
||||
pgbackrest:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-2
|
||||
configuration:
|
||||
- secret:
|
||||
name: pgo-s3-creds
|
||||
|
|
|
@ -61,3 +61,13 @@ spec:
|
|||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
serviceAccountName: pgo
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- arm64
|
|
@ -102,6 +102,7 @@ rules:
|
|||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgadmins
|
||||
- pgupgrades
|
||||
verbs:
|
||||
- get
|
||||
|
@ -110,18 +111,19 @@ rules:
|
|||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgadmins/finalizers
|
||||
- pgupgrades/finalizers
|
||||
- postgresclusters/finalizers
|
||||
verbs:
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgadmins/status
|
||||
- pgupgrades/status
|
||||
- postgresclusters/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
|
@ -131,18 +133,6 @@ rules:
|
|||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/status
|
||||
verbs:
|
||||
- patch
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
|
|
|
@ -12,4 +12,3 @@ roleRef:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pgo
|
||||
namespace: postgres-system
|
|
@ -3,9 +3,11 @@ kind: Kustomization
|
|||
|
||||
namespace: vaultwarden
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
images:
|
||||
- name: vaultwarden
|
||||
|
|
|
@ -35,6 +35,16 @@ spec:
|
|||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
- arm64
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
|
|
|
@ -11,9 +11,11 @@ images:
|
|||
newName: docker.io/vikunja/frontend
|
||||
newTag: "0.21.0"
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
resources:
|
||||
- resources/namespace.yaml
|
||||
|
|
|
@ -8,9 +8,11 @@ images:
|
|||
newName: ghcr.io/diced/zipline
|
||||
newTag: "3.7.7"
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
labels:
|
||||
- includeSelectors: true
|
||||
pairs:
|
||||
app.kubernetes.io/instance: icb4dc0de
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
resources:
|
||||
- "resources/namespace.yaml"
|
||||
|
|
Loading…
Reference in a new issue