infrastructure/apps
1
0
Fork 0
Code Issues Pull requests7 Projects Releases Packages Wiki Activity Actions

Compare commits

..

1 commit
07bff868a3 ... 9de688ac1f

Author SHA1 Message Date
Peter
9de688ac1f chore(deps): update registry.k8s.io/sig-storage/csi-provisioner docker tag to v5 2024-08-06 18:07:19 +00:00
66 changed files with 7794 additions and 14837 deletions

4
argocd/kustomization.yaml
View file

@ -13,7 +13,7 @@ resources:
images: images:
- name: argocd - name: argocd
newName: code.icb4dc0.de/infrastructure/images/argocd newName: code.icb4dc0.de/infrastructure/images/argocd
newTag: v2.12.2 newTag: v2.12.0
labels: labels:
- includeSelectors: true - includeSelectors: true
@ -26,7 +26,7 @@ helmCharts:
repo: https://argoproj.github.io/argo-helm repo: https://argoproj.github.io/argo-helm
releaseName: argo-cd releaseName: argo-cd
namespace: argo-system namespace: argo-system
version: "7.4.5" version: "7.4.1"
valuesFile: config/values.argo-cd.yaml valuesFile: config/values.argo-cd.yaml
apiVersions: apiVersions:
- monitoring.coreos.com/v1 - monitoring.coreos.com/v1

2
cert-manager/kustomization.yaml
View file

@ -12,7 +12,7 @@ resources:
helmCharts: helmCharts:
- name: cert-manager - name: cert-manager
repo: https://charts.jetstack.io repo: https://charts.jetstack.io
version: "v1.15.3" version: "v1.15.2"
releaseName: cert-manager releaseName: cert-manager
namespace: kube-system namespace: kube-system
valuesFile: config/values.cert-manager.yaml valuesFile: config/values.cert-manager.yaml

6
cnpg/kustomization.yaml
View file

@ -6,17 +6,14 @@ resources:
- resources/secrets/ext-pgo-admin.yaml - resources/secrets/ext-pgo-admin.yaml
- resources/secrets/cnpg-backup-creds.yaml - resources/secrets/cnpg-backup-creds.yaml
- resources/cluster.yaml - resources/cluster.yaml
- resources/backup.yaml
- resources/pool.yaml
helmCharts: helmCharts:
- releaseName: cnpg - releaseName: cnpg
name: cloudnative-pg name: cloudnative-pg
repo: https://cloudnative-pg.github.io/charts repo: https://cloudnative-pg.github.io/charts
version: 0.22.0 version: 0.21.6
valuesFile: config/values.cnpg.yaml valuesFile: config/values.cnpg.yaml
namespace: postgres-system namespace: postgres-system
includeCRDs: true
- releaseName: ext-pgo - releaseName: ext-pgo
name: ext-postgres-operator name: ext-postgres-operator
@ -24,4 +21,3 @@ helmCharts:
version: 1.2.6 version: 1.2.6
valuesFile: config/values.ext-pgo.yaml valuesFile: config/values.ext-pgo.yaml
namespace: postgres namespace: postgres
includeCRDs: true

11
cnpg/resources/backup.yaml
View file

@ -1,11 +0,0 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: daily-backup
namespace: postgres
spec:
schedule: "0 1 * * *"
backupOwnerReference: self
cluster:
name: app-cluster

21
cnpg/resources/cluster.yaml
View file

@ -6,22 +6,13 @@ metadata:
spec: spec:
instances: 2 instances: 2
postgresql:
parameters:
max_connections: "150"
managed: managed:
roles: roles:
- name: ext_pgo_admin - name: ext_pgo_admin
ensure: present ensure: present
login: true
superuser: true superuser: true
createrole: true createrole: true
createdb: true createdb: true
inherit: true
connectionLimit: -1
passwordSecret:
name: ext-pgo-admin
storage: storage:
size: 10Gi size: 10Gi
@ -29,8 +20,7 @@ spec:
backup: backup:
barmanObjectStore: barmanObjectStore:
destinationPath: "s3://cnpg/app-cluster/" destinationPath: cnpg
endpointURL: "http://garage.garage.svc:3900"
s3Credentials: s3Credentials:
accessKeyId: accessKeyId:
name: cnpg-backup-creds name: cnpg-backup-creds
@ -38,20 +28,15 @@ spec:
secretAccessKey: secretAccessKey:
name: cnpg-backup-creds name: cnpg-backup-creds
key: ACCESS_SECRET_KEY key: ACCESS_SECRET_KEY
region:
name: cnpg-backup-creds
key: AWS_REGION
wal:
compression: snappy
retentionPolicy: "30d" retentionPolicy: "30d"
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
memory: 600Mi memory: 400Mi
limits: limits:
cpu: 500m cpu: 500m
memory: 900Mi memory: 800Mi
affinity: affinity:
enablePodAntiAffinity: true enablePodAntiAffinity: true

18
cnpg/resources/pool.yaml
View file

@ -1,18 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: app-cluster-pooler-rw
namespace: postgres
spec:
cluster:
name: app-cluster
instances: 3
type: rw
pgbouncer:
poolMode: session
parameters:
max_client_conn: "1000"
default_pool_size: "10"
monitoring:
enablePodMonitor: true

BIN
cnpg/resources/secrets/cnpg-backup-creds.yaml
View file

Binary file not shown.

BIN
cnpg/resources/secrets/ext-pgo-creds.yaml
View file

Binary file not shown.

4
coder/config/values.coder.yml
View file

@ -10,8 +10,8 @@ coder:
- name: CODER_PG_CONNECTION_URL - name: CODER_PG_CONNECTION_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: coder-db-credentials-coder name: default-cluster-pguser-coder
key: PQ_URL key: uri
- name: CODER_DISABLE_PASSWORD_AUTH - name: CODER_DISABLE_PASSWORD_AUTH
value: "true" value: "true"
- name: CODER_OIDC_ISSUER_URL - name: CODER_OIDC_ISSUER_URL

4
coder/kustomization.yaml
View file

@ -7,14 +7,12 @@ resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"
- "resources/http_routes.yaml" - "resources/http_routes.yaml"
- "resources/secret.yaml" - "resources/secret.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
helmCharts: helmCharts:
- name: coder - name: coder
repo: https://helm.coder.com/v2 repo: https://helm.coder.com/v2
releaseName: coder releaseName: coder
namespace: coder namespace: coder
version: "2.14.2" version: "2.13.3"
valuesFile: config/values.coder.yml valuesFile: config/values.coder.yml
skipTests: true skipTests: true

8
coder/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: coder
spec:
database: coder
dropOnDelete: false

12
coder/resources/db/user.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: coder
spec:
role: coder
database: coder
secretName: coder-db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@{{.Host}}:5432/{{.Database}}?sslmode=require&search_path=coder"

195
contour/crds/contour.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.15.0 controller-gen.kubebuilder.io/version: v0.14.0
name: contourconfigurations.projectcontour.io name: contourconfigurations.projectcontour.io
spec: spec:
preserveUnknownFields: false preserveUnknownFields: false
@ -120,12 +120,6 @@ spec:
defaults to 3. defaults to 3.
format: int32 format: int32
type: integer type: integer
perHostMaxConnections:
description: |-
PerHostMaxConnections is the maximum number of connections
that Envoy will allow to each individual host in a cluster.
format: int32
type: integer
type: object type: object
dnsLookupFamily: dnsLookupFamily:
description: |- description: |-
@ -606,9 +600,9 @@ spec:
description: |- description: |-
FeatureFlags defines toggle to enable new contour features. FeatureFlags defines toggle to enable new contour features.
Available toggles are: Available toggles are:
useEndpointSlices - Configures contour to fetch endpoint data useEndpointSlices - configures contour to fetch endpoint data
from k8s endpoint slices. defaults to true, from k8s endpoint slices. defaults to false and reading endpoint
If false then reads endpoint data from the k8s endpoints. data from the k8s endpoints.
items: items:
type: string type: string
type: array type: array
@ -1147,10 +1141,8 @@ spec:
type: type:
description: |- description: |-
Defines the XDSServer to use for `contour serve`. Defines the XDSServer to use for `contour serve`.
Values: `envoy` (default), `contour (deprecated)`. Values: `contour` (default), `envoy`.
Other values will produce an error. Other values will produce an error.
Deprecated: this field will be removed in a future release when
the `contour` xDS server implementation is removed.
type: string type: string
type: object type: object
type: object type: object
@ -1368,7 +1360,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.15.0 controller-gen.kubebuilder.io/version: v0.14.0
name: contourdeployments.projectcontour.io name: contourdeployments.projectcontour.io
spec: spec:
preserveUnknownFields: false preserveUnknownFields: false
@ -1822,8 +1814,6 @@ spec:
to container and the other way around. to container and the other way around.
When not set, MountPropagationNone is used. When not set, MountPropagationNone is used.
This field is beta in 1.10. This field is beta in 1.10.
When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
(which defaults to None).
type: string type: string
name: name:
description: This must match the Name of a Volume. description: This must match the Name of a Volume.
@ -1833,21 +1823,6 @@ spec:
Mounted read-only if true, read-write otherwise (false or unspecified). Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false. Defaults to false.
type: boolean type: boolean
recursiveReadOnly:
description: |-
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath: subPath:
description: |- description: |-
Path within the volume from which the container's volume should be mounted. Path within the volume from which the container's volume should be mounted.
@ -1975,7 +1950,6 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
path: path:
description: 'path is Optional: Used as the mounted description: 'path is Optional: Used as the mounted
root, rather than the full Ceph tree, default is /' root, rather than the full Ceph tree, default is /'
@ -1997,15 +1971,10 @@ spec:
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -2041,15 +2010,10 @@ spec:
to OpenStack. to OpenStack.
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -2114,17 +2078,11 @@ spec:
- path - path
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
optional: optional:
description: optional specify whether the ConfigMap description: optional specify whether the ConfigMap
@ -2157,15 +2115,10 @@ spec:
secret object contains more than one secret, all secret references are passed. secret object contains more than one secret, all secret references are passed.
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -2209,8 +2162,8 @@ spec:
properties: properties:
fieldRef: fieldRef:
description: 'Required: Selects a field of the description: 'Required: Selects a field of the
pod: only annotations, labels, name, namespace pod: only annotations, labels, name and namespace
and uid are supported.' are supported.'
properties: properties:
apiVersion: apiVersion:
description: Version of the schema the FieldPath description: Version of the schema the FieldPath
@ -2269,7 +2222,6 @@ spec:
- path - path
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
type: object type: object
emptyDir: emptyDir:
description: |- description: |-
@ -2361,7 +2313,6 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
dataSource: dataSource:
description: |- description: |-
dataSource field can be used to specify either: dataSource field can be used to specify either:
@ -2506,13 +2457,11 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
@ -2540,7 +2489,7 @@ spec:
If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists. exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
type: string type: string
volumeMode: volumeMode:
@ -2584,7 +2533,6 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
wwids: wwids:
description: |- description: |-
wwids Optional: FC volume world wide identifiers (wwids) wwids Optional: FC volume world wide identifiers (wwids)
@ -2592,7 +2540,6 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
type: object type: object
flexVolume: flexVolume:
description: |- description: |-
@ -2629,15 +2576,10 @@ spec:
scripts. scripts.
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -2818,7 +2760,6 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
readOnly: readOnly:
description: |- description: |-
readOnly here will force the ReadOnly setting in VolumeMounts. readOnly here will force the ReadOnly setting in VolumeMounts.
@ -2829,15 +2770,10 @@ spec:
target and initiator authentication target and initiator authentication
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -3008,13 +2944,11 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
@ -3093,17 +3027,11 @@ spec:
- path - path
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
optional: optional:
description: optional specify whether the description: optional specify whether the
@ -3126,7 +3054,7 @@ spec:
fieldRef: fieldRef:
description: 'Required: Selects a field description: 'Required: Selects a field
of the pod: only annotations, labels, of the pod: only annotations, labels,
name, namespace and uid are supported.' name and namespace are supported.'
properties: properties:
apiVersion: apiVersion:
description: Version of the schema description: Version of the schema
@ -3190,7 +3118,6 @@ spec:
- path - path
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
type: object type: object
secret: secret:
description: secret information about the secret description: secret information about the secret
@ -3234,17 +3161,11 @@ spec:
- path - path
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
optional: optional:
description: optional field specify whether description: optional field specify whether
@ -3283,7 +3204,6 @@ spec:
type: object type: object
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
type: object type: object
quobyte: quobyte:
description: quobyte represents a Quobyte mount on the host description: quobyte represents a Quobyte mount on the host
@ -3354,7 +3274,6 @@ spec:
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
pool: pool:
description: |- description: |-
pool is the rados pool name. pool is the rados pool name.
@ -3375,15 +3294,10 @@ spec:
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -3427,15 +3341,10 @@ spec:
sensitive information. If this is not provided, Login operation will fail. sensitive information. If this is not provided, Login operation will fail.
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -3520,7 +3429,6 @@ spec:
- path - path
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
optional: optional:
description: optional field specify whether the Secret description: optional field specify whether the Secret
or its keys must be defined or its keys must be defined
@ -3552,15 +3460,10 @@ spec:
credentials. If not specified, default values will be attempted. credentials. If not specified, default values will be attempted.
properties: properties:
name: name:
default: ""
description: |- description: |-
Name of the referent. Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. TODO: Add other useful fields. apiVersion, kind, uid?
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -3902,12 +3805,6 @@ spec:
Service; defaults to 3. Service; defaults to 3.
format: int32 format: int32
type: integer type: integer
perHostMaxConnections:
description: |-
PerHostMaxConnections is the maximum number of connections
that Envoy will allow to each individual host in a cluster.
format: int32
type: integer
type: object type: object
dnsLookupFamily: dnsLookupFamily:
description: |- description: |-
@ -4388,9 +4285,9 @@ spec:
description: |- description: |-
FeatureFlags defines toggle to enable new contour features. FeatureFlags defines toggle to enable new contour features.
Available toggles are: Available toggles are:
useEndpointSlices - Configures contour to fetch endpoint data useEndpointSlices - configures contour to fetch endpoint data
from k8s endpoint slices. defaults to true, from k8s endpoint slices. defaults to false and reading endpoint
If false then reads endpoint data from the k8s endpoints. data from the k8s endpoints.
items: items:
type: string type: string
type: array type: array
@ -4931,10 +4828,8 @@ spec:
type: type:
description: |- description: |-
Defines the XDSServer to use for `contour serve`. Defines the XDSServer to use for `contour serve`.
Values: `envoy` (default), `contour (deprecated)`. Values: `contour` (default), `envoy`.
Other values will produce an error. Other values will produce an error.
Deprecated: this field will be removed in a future release when
the `contour` xDS server implementation is removed.
type: string type: string
type: object type: object
type: object type: object
@ -5028,7 +4923,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.15.0 controller-gen.kubebuilder.io/version: v0.14.0
name: extensionservices.projectcontour.io name: extensionservices.projectcontour.io
spec: spec:
preserveUnknownFields: false preserveUnknownFields: false
@ -5073,39 +4968,6 @@ spec:
description: ExtensionServiceSpec defines the desired state of an ExtensionService description: ExtensionServiceSpec defines the desired state of an ExtensionService
resource. resource.
properties: properties:
circuitBreakerPolicy:
description: |-
CircuitBreakerPolicy specifies the circuit breaker budget across the extension service.
If defined this overrides the global circuit breaker budget.
properties:
maxConnections:
description: The maximum number of connections that a single Envoy
instance allows to the Kubernetes Service; defaults to 1024.
format: int32
type: integer
maxPendingRequests:
description: The maximum number of pending requests that a single
Envoy instance allows to the Kubernetes Service; defaults to
1024.
format: int32
type: integer
maxRequests:
description: The maximum parallel requests a single Envoy instance
allows to the Kubernetes Service; defaults to 1024
format: int32
type: integer
maxRetries:
description: The maximum number of parallel retries a single Envoy
instance allows to the Kubernetes Service; defaults to 3.
format: int32
type: integer
perHostMaxConnections:
description: |-
PerHostMaxConnections is the maximum number of connections
that Envoy will allow to each individual host in a cluster.
format: int32
type: integer
type: object
loadBalancerPolicy: loadBalancerPolicy:
description: |- description: |-
The policy for load balancing GRPC service requests. Note that the The policy for load balancing GRPC service requests. Note that the
@ -5509,7 +5371,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.15.0 controller-gen.kubebuilder.io/version: v0.14.0
name: httpproxies.projectcontour.io name: httpproxies.projectcontour.io
spec: spec:
preserveUnknownFields: false preserveUnknownFields: false
@ -8364,7 +8226,6 @@ spec:
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
type: object type: object
type: object type: object
required: required:
@ -8380,7 +8241,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.15.0 controller-gen.kubebuilder.io/version: v0.14.0
name: tlscertificatedelegations.projectcontour.io name: tlscertificatedelegations.projectcontour.io
spec: spec:
preserveUnknownFields: false preserveUnknownFields: false

21926
contour/crds/gateway.yaml
View file

File diff suppressed because it is too large Load diff

2
dragonfly-operator/kustomization.yaml
View file

@ -9,7 +9,7 @@ images:
newTag: v0.16.0 newTag: v0.16.0
- name: dragonfly-operator - name: dragonfly-operator
newName: docker.dragonflydb.io/dragonflydb/operator newName: docker.dragonflydb.io/dragonflydb/operator
newTag: v1.1.7 newTag: v1.1.6
resources: resources:

6
ente/kustomization.yaml
View file

@ -10,10 +10,10 @@ images:
newTag: cdbf8c5f0971cb383df03c6b2f72ffb85387beef newTag: cdbf8c5f0971cb383df03c6b2f72ffb85387beef
- name: photos - name: photos
newName: code.icb4dc0.de/infrastructure/images/ente/photos newName: code.icb4dc0.de/infrastructure/images/ente/photos
newTag: v0.9.27 newTag: v0.9.16
- name: cast - name: cast
newName: code.icb4dc0.de/infrastructure/images/ente/cast newName: code.icb4dc0.de/infrastructure/images/ente/cast
newTag: v0.9.27 newTag: v0.9.16
labels: labels:
- includeSelectors: true - includeSelectors: true
@ -23,8 +23,6 @@ labels:
resources: resources:
- resources/namespace.yaml - resources/namespace.yaml
- resources/museum/db/db.yaml
- resources/museum/db/user.yaml
- resources/museum/deployment.yaml - resources/museum/deployment.yaml
- resources/museum/service.yaml - resources/museum/service.yaml
- resources/photos/deployment.yaml - resources/photos/deployment.yaml

8
ente/resources/museum/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: ente
spec:
database: ente
dropOnDelete: false

10
ente/resources/museum/db/user.yaml
View file

@ -1,10 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: ente
spec:
role: ente
database: ente-ente
secretName: ente-db-credentials
privileges: OWNER

16
ente/resources/museum/deployment.yaml
View file

@ -23,23 +23,23 @@ spec:
- name: ENTE_DB_HOST - name: ENTE_DB_HOST
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ente-db-credentials-ente-ente name: default-cluster-pguser-ente
key: HOST key: host
- name: ENTE_DB_NAME - name: ENTE_DB_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ente-db-credentials-ente-ente name: default-cluster-pguser-ente
key: DATABASE_NAME key: dbname
- name: ENTE_DB_USER - name: ENTE_DB_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ente-db-credentials-ente-ente name: default-cluster-pguser-ente
key: LOGIN key: user
- name: ENTE_DB_PASSWORD - name: ENTE_DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ente-db-credentials-ente-ente name: default-cluster-pguser-ente
key: PASSWORD key: password
- name: ENTE_DB_SSLMODE - name: ENTE_DB_SSLMODE
value: require value: require
resources: resources:

BIN
fider/config/fider.env
View file

Binary file not shown.

2
fider/kustomization.yaml
View file

@ -11,8 +11,6 @@ labels:
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/http_routes.yaml" - "resources/http_routes.yaml"

8
fider/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: fider
spec:
database: fider
dropOnDelete: false

12
fider/resources/db/user.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: fider
spec:
role: fider
database: fider
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

5
fider/resources/deployment.yaml
View file

@ -26,11 +26,6 @@ spec:
valueFrom: valueFrom:
resourceFieldRef: resourceFieldRef:
resource: limits.memory resource: limits.memory
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-fider
key: PQ_URL
envFrom: envFrom:
- secretRef: - secretRef:
name: fider-config name: fider-config

50
fider/resources/http_routes.yaml
View file

@ -28,56 +28,10 @@ spec:
parentRefs: parentRefs:
- name: contour - name: contour
namespace: projectcontour namespace: projectcontour
sectionName: https
hostnames: hostnames:
- fider.icb4dc0.de - fider.icb4dc0.de
rules: - login.fider.icb4dc0.de
- backendRefs: - community.buildr.icb4dc0.de
- name: fider
port: 3000
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: fider-login-https
spec:
parentRefs:
- name: contour
namespace: projectcontour
sectionName: fider-login
hostnames:
- fider.icb4dc0.de
rules:
- backendRefs:
- name: fider
port: 3000
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: inetmock-fider-https
spec:
parentRefs:
- name: contour
namespace: projectcontour
sectionName: inetmock-fider-community
hostnames:
- community.inetmock.icb4dc0.de
rules:
- backendRefs:
- name: fider
port: 3000
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: buildr-fider-https
spec:
parentRefs:
- name: contour
namespace: projectcontour
sectionName: buildr-fider-community
hostnames:
- community.inetmock.icb4dc0.de - community.inetmock.icb4dc0.de
rules: rules:
- backendRefs: - backendRefs:

4
forgejo/config/values.forgejo.yaml
View file

@ -91,9 +91,9 @@ gitea:
STORAGE_TYPE: minio STORAGE_TYPE: minio
database: database:
DB_TYPE: postgres DB_TYPE: postgres
HOST: app-cluster-pooler-rw.postgres.svc HOST: default-cluster-primary.postgres.svc
NAME: forgejo NAME: forgejo
USER: forgejo-6a95jj USER: forgejo
SSL_MODE: require SSL_MODE: require
log_sql: "false" log_sql: "false"
cache: cache:

10
forgejo/kustomization.yaml
View file

@ -12,14 +12,12 @@ labels:
images: images:
- name: act_runner - name: act_runner
newName: code.forgejo.org/forgejo/runner newName: code.forgejo.org/forgejo/runner
newTag: "3.5.1" newTag: "3.5.0"
- name: dind - name: dind
newName: docker newName: docker
newTag: 27.1.2-dind newTag: 27.1.1-dind
resources: resources:
- resources/db/db.yaml
- resources/db/user.yaml
- resources/secrets/admin-credentials.yaml - resources/secrets/admin-credentials.yaml
- resources/secrets/infra-credentials.yaml - resources/secrets/infra-credentials.yaml
- resources/secrets/meili-credentials.yaml - resources/secrets/meili-credentials.yaml
@ -48,7 +46,7 @@ helmCharts:
repo: oci://codeberg.org/forgejo-contrib repo: oci://codeberg.org/forgejo-contrib
releaseName: forgejo releaseName: forgejo
namespace: forgejo namespace: forgejo
version: "8.2.0" version: "8.1.0"
valuesFile: config/values.forgejo.yaml valuesFile: config/values.forgejo.yaml
skipTests: true skipTests: true
apiVersions: apiVersions:
@ -57,6 +55,6 @@ helmCharts:
repo: https://meilisearch.github.io/meilisearch-kubernetes repo: https://meilisearch.github.io/meilisearch-kubernetes
releaseName: forgejo-indexer releaseName: forgejo-indexer
namespace: forgejo namespace: forgejo
version: "0.9.1" version: "0.8.0"
valuesFile: config/values.meilisearch.yaml valuesFile: config/values.meilisearch.yaml
skipTests: true skipTests: true

8
forgejo/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: forgejo
spec:
database: forgejo
dropOnDelete: false

10
forgejo/resources/db/user.yaml
View file

@ -1,10 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: forgejo
spec:
role: forgejo
database: forgejo
secretName: forgejo-db-credentials
privileges: OWNER

BIN
forgejo/resources/secrets/infra-credentials.yaml
View file

Binary file not shown.

2
hcloud/kustomization.yaml
View file

@ -19,5 +19,5 @@ helmCharts:
repo: https://charts.hetzner.cloud repo: https://charts.hetzner.cloud
releaseName: hcloud-csi-driver releaseName: hcloud-csi-driver
namespace: kube-system namespace: kube-system
version: "2.9.0" version: "2.8.0"
valuesFile: config/values.csi.yaml valuesFile: config/values.csi.yaml

2
hedgedoc/kustomization.yaml
View file

@ -16,8 +16,6 @@ labels:
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/http_routes.yaml" - "resources/http_routes.yaml"

8
hedgedoc/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: hedgedoc
spec:
database: hedgedoc
dropOnDelete: false

12
hedgedoc/resources/db/user.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: hedgedoc
spec:
role: hedgedoc
database: hedgedoc
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

4
hedgedoc/resources/deployment.yaml
View file

@ -19,8 +19,8 @@ spec:
- name: CMD_DB_URL - name: CMD_DB_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-hedgedoc name: default-cluster-pguser-hedgedoc
key: PQ_URL key: uri
- name: NODE_EXTRA_CA_CERTS - name: NODE_EXTRA_CA_CERTS
value: /certs/ca.crt value: /certs/ca.crt
envFrom: envFrom:

31
kube-prometheus/config/values.prometheus.yaml
View file

@ -15,9 +15,24 @@ prometheus:
retention: 7d retention: 7d
nodeSelector: nodeSelector:
kubernetes.io/arch: arm64 kubernetes.io/arch: arm64
serviceMonitorSelectorNilUsesHelmValues: false serviceMonitorNamespaceSelector:
podMonitorSelectorNilUsesHelmValues: false matchLabels:
ruleSelectorNilUsesHelmValues: false prometheus: default
serviceMonitorSelector:
matchLabels:
prometheus: default
ruleSelector:
matchLabels:
prometheus: default
ruleNamespaceSelector:
matchLabels:
prometheus: default
podMonitorSelector:
matchLabels:
prometheus: default
podMonitorNamespaceSelector:
matchLabels:
prometheus: default
resources: resources:
requests: requests:
memory: 1500Mi memory: 1500Mi
@ -74,17 +89,17 @@ grafana:
enabled: false enabled: false
envFromSecrets: envFromSecrets:
- name: grafana-auth - name: grafana-auth
- name: db-credentials-grafana - name: grafana-db
grafana.ini: grafana.ini:
server: server:
domain: grafana.icb4dc0.de domain: grafana.icb4dc0.de
root_url: "https://%(domain)s" root_url: "https://%(domain)s"
database: database:
type: postgres type: postgres
host: app-cluster-pooler-rw.postgres.svc:5432 host: default-cluster-primary.postgres.svc:5432
name: "${DATABASE_NAME}" name: grafana
user: "${LOGIN}" user: "${GF_DB_USER}"
password: "${PASSWORD}" password: "${GF_DB_PASSWORD}"
ssl_mode: require ssl_mode: require
auth: auth:
disable_login_form: true disable_login_form: true

4
kube-prometheus/kustomization.yaml
View file

@ -7,8 +7,6 @@ resources:
- resources/secret.grafana-admin.yaml - resources/secret.grafana-admin.yaml
- resources/secret.auth.yaml - resources/secret.auth.yaml
- resources/secret.db.yaml - resources/secret.db.yaml
- resources/db/db.yaml
- resources/db/user.yaml
- resources/http_routes.grafana.yaml - resources/http_routes.grafana.yaml
helmCharts: helmCharts:
@ -17,5 +15,5 @@ helmCharts:
includeCRDs: true includeCRDs: true
namespace: observability-system namespace: observability-system
releaseName: prometheus releaseName: prometheus
version: "62.3.0" version: "61.7.1"
valuesFile: config/values.prometheus.yaml valuesFile: config/values.prometheus.yaml

8
kube-prometheus/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: grafana
spec:
database: grafana
dropOnDelete: false

10
kube-prometheus/resources/db/user.yaml
View file

@ -1,10 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: grafana
spec:
role: grafana
database: grafana
secretName: db-credentials
privileges: OWNER

4
linkwarden/kustomization.yaml
View file

@ -11,12 +11,10 @@ labels:
images: images:
- name: linkwarden - name: linkwarden
newName: ghcr.io/linkwarden/linkwarden newName: ghcr.io/linkwarden/linkwarden
newTag: "v2.7.1" newTag: "v2.6.2"
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/http_routes.yaml" - "resources/http_routes.yaml"

8
linkwarden/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: linkwarden
spec:
database: linkwarden
dropOnDelete: false

13
linkwarden/resources/db/user.yaml
View file

@ -1,13 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: linkwarden
spec:
role: linkwarden
database: linkwarden
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require&pgbouncer=true"
PQ_MIGRATE_URL: "postgresql://{{.Role}}:{{.Password}}@{{.Host}}:5432/{{.Database}}?sslmode=require"

8
linkwarden/resources/deployment.yaml
View file

@ -30,8 +30,8 @@ spec:
- name: DATABASE_URL - name: DATABASE_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-linkwarden name: default-cluster-pguser-linkwarden
key: PQ_MIGRATE_URL key: uri
containers: containers:
- name: linkwarden - name: linkwarden
image: linkwarden image: linkwarden
@ -41,8 +41,8 @@ spec:
- name: DATABASE_URL - name: DATABASE_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-linkwarden name: default-cluster-pguser-linkwarden
key: PQ_URL key: uri
envFrom: envFrom:
- secretRef: - secretRef:
name: linkwarden-config name: linkwarden-config

BIN
nocodb/config/nocodb.env
View file

Binary file not shown.

4
nocodb/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: nocodb
images: images:
- name: nocodb - name: nocodb
newName: docker.io/nocodb/nocodb newName: docker.io/nocodb/nocodb
newTag: 0.255.0 newTag: 0.251.3
labels: labels:
- includeSelectors: true - includeSelectors: true
@ -16,8 +16,6 @@ labels:
resources: resources:
- resources/namespace.yaml - resources/namespace.yaml
- resources/db/db.yaml
- resources/db/user.yaml
- resources/dragonfly.yaml - resources/dragonfly.yaml
- resources/pvc.yaml - resources/pvc.yaml
- resources/deployment.yaml - resources/deployment.yaml

8
nocodb/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: noco
spec:
database: noco
dropOnDelete: false

12
nocodb/resources/db/user.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: noco
spec:
role: noco
database: noco
secretName: db-credentials
privileges: OWNER
secretTemplate:
NC_DB_JSON: '{"client": "pg","connection": {"host": "app-cluster-pooler-rw.postgres.svc","port": 5432,"user": "{{.Role}}","password": "{{.Password}}","database": "{{.Database}}","ssl": {"ca": "-----BEGIN CERTIFICATE-----\nMIIBkjCCATigAwIBAgIQDfi4fTFY2eKrhN88nKEUDTAKBggqhkjOPQQDAjApMREw\nDwYDVQQLEwhwb3N0Z3JlczEUMBIGA1UEAxMLYXBwLWNsdXN0ZXIwHhcNMjQwODE0\nMTg0MzIzWhcNMjQxMTEyMTg0MzIzWjApMREwDwYDVQQLEwhwb3N0Z3JlczEUMBIG\nA1UEAxMLYXBwLWNsdXN0ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQotXOi\nx9tfnUaG7A6T6x5YuBgKCvBAGw7q0C0teHWRIxSaoaiD6KV21juVpAgKoZckXA8x\niZW0GUHOoAUrCV7Ao0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB\n/zAdBgNVHQ4EFgQUuMEs3ztFClbC2agTqXkfkB1GHjkwCgYIKoZIzj0EAwIDSAAw\nRQIgK6FHhGYZ/FwxG8dDq2czVLvLCs+yozZZhNuhZBeT8v0CIQDhwRgJNeMxKtRS\nu3ziF4E4aniICEqa/To3Lvaa1cJJiQ==\n-----END CERTIFICATE-----","key": "","cert": "","rejectUnauthorized": false}}}'

6
nocodb/resources/deployment.yaml
View file

@ -19,12 +19,6 @@ spec:
containers: containers:
- name: nocodb - name: nocodb
image: nocodb image: nocodb
env:
- name: NC_DB_JSON
valueFrom:
secretKeyRef:
name: db-credentials-noco
key: NC_DB_JSON
envFrom: envFrom:
- secretRef: - secretRef:
name: nocodb-config name: nocodb-config

2
s3-csi/kustomization.yaml
View file

@ -13,7 +13,7 @@ images:
newTag: v2.10.1 newTag: v2.10.1
- name: provisioner - name: provisioner
newName: registry.k8s.io/sig-storage/csi-provisioner newName: registry.k8s.io/sig-storage/csi-provisioner
newTag: v5.1.0 newTag: v5.0.2
- name: csi - name: csi
newName: code.icb4dc0.de/infrastructure/csi-s3 newName: code.icb4dc0.de/infrastructure/csi-s3
newTag: 0.38.3 newTag: 0.38.3

2
umami/kustomization.yaml
View file

@ -16,8 +16,6 @@ labels:
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/http_route.yaml" - "resources/http_route.yaml"

8
umami/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: umami
spec:
database: umami
dropOnDelete: false

12
umami/resources/db/user.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: umami
spec:
role: umami
database: umami
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@{{.Host}}:5432/{{.Database}}"

8
umami/resources/deployment.yaml
View file

@ -25,8 +25,8 @@ spec:
- name: DATABASE_URL - name: DATABASE_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-umami name: default-cluster-pguser-umami
key: PQ_URL key: uri
envFrom: envFrom:
- configMapRef: - configMapRef:
name: umami-config name: umami-config
@ -53,8 +53,8 @@ spec:
- name: DATABASE_URL - name: DATABASE_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-umami name: default-cluster-pguser-umami
key: PQ_URL key: uri
envFrom: envFrom:
- configMapRef: - configMapRef:
name: umami-config name: umami-config

4
vaultwarden/kustomization.yaml
View file

@ -12,12 +12,10 @@ labels:
images: images:
- name: vaultwarden - name: vaultwarden
newName: ghcr.io/dani-garcia/vaultwarden newName: ghcr.io/dani-garcia/vaultwarden
newTag: "1.32.0-alpine" newTag: "1.31.0-alpine"
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/pvc.yaml" - "resources/pvc.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"

8
vaultwarden/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: vaultwarden
spec:
database: vaultwarden
dropOnDelete: false

12
vaultwarden/resources/db/user.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: vaultwarden
spec:
role: vaultwarden
database: vaultwarden
secretName: vaultwarden-db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

4
vaultwarden/resources/deployment.yaml
View file

@ -24,8 +24,8 @@ spec:
- name: DATABASE_URL - name: DATABASE_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: vaultwarden-db-credentials-vaultwarden name: default-cluster-pguser-vaultwarden
key: PQ_URL key: uri
resources: resources:
limits: limits:
memory: "128Mi" memory: "128Mi"

2
vikunja/kustomization.yaml
View file

@ -19,8 +19,6 @@ labels:
resources: resources:
- resources/namespace.yaml - resources/namespace.yaml
- resources/db/db.yaml
- resources/db/user.yaml
- resources/api/dragonfly.yaml - resources/api/dragonfly.yaml
- resources/api/pvc.yaml - resources/api/pvc.yaml
- resources/api/deployment.yaml - resources/api/deployment.yaml

17
vikunja/resources/api/deployment.yaml
View file

@ -30,22 +30,25 @@ spec:
- name: VIKUNJA_DATABASE_SSLMODE - name: VIKUNJA_DATABASE_SSLMODE
value: require value: require
- name: VIKUNJA_DATABASE_HOST - name: VIKUNJA_DATABASE_HOST
value: app-cluster-pooler-rw.postgres.svc valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: host
- name: VIKUNJA_DATABASE_DATABASE - name: VIKUNJA_DATABASE_DATABASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-vikunja name: default-cluster-pguser-vikunja
key: DATABASE_NAME key: dbname
- name: VIKUNJA_DATABASE_USER - name: VIKUNJA_DATABASE_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-vikunja name: default-cluster-pguser-vikunja
key: LOGIN key: user
- name: VIKUNJA_DATABASE_PASSWORD - name: VIKUNJA_DATABASE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: db-credentials-vikunja name: default-cluster-pguser-vikunja
key: PASSWORD key: password
- name: GOMEMLIMIT - name: GOMEMLIMIT
valueFrom: valueFrom:
resourceFieldRef: resourceFieldRef:

8
vikunja/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: vikunja
spec:
database: vikunja
dropOnDelete: false

10
vikunja/resources/db/user.yaml
View file

@ -1,10 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: vikunja
spec:
role: vikunja
database: vikunja
secretName: db-credentials
privileges: OWNER

BIN
zipline/config/zipline.env
View file

Binary file not shown.

2
zipline/kustomization.yaml
View file

@ -16,8 +16,6 @@ labels:
resources: resources:
- "resources/namespace.yaml" - "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml" - "resources/deployment.yaml"
- "resources/service.yaml" - "resources/service.yaml"
- "resources/http_route.yaml" - "resources/http_route.yaml"

8
zipline/resources/db/db.yaml
View file

@ -1,8 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: zipline
spec:
database: zipline
dropOnDelete: false

12
zipline/resources/db/user.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: zipline
spec:
role: zipline
database: zipline
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

6
zipline/resources/deployment.yaml
View file

@ -16,12 +16,6 @@ spec:
containers: containers:
- name: zipline - name: zipline
image: zipline image: zipline
env:
- name: CORE_DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-zipline
key: PQ_URL
envFrom: envFrom:
- secretRef: - secretRef:
name: zipline-config name: zipline-config