infrastructure/apps
1
0
Fork 0
Code Issues Pull requests7 Projects Releases Packages Wiki Activity Actions

Compare commits

..

77 commits
9de688ac1f ... 07bff868a3

Author SHA1 Message Date
Peter
07bff868a3 chore(deps): update registry.k8s.io/sig-storage/csi-provisioner docker tag to v5 2024-08-28 03:34:33 +00:00
Peter
3f0a7fecd5 chore(deps): update helm release cloudnative-pg to v0.22.0 2024-08-26 08:21:25 +00:00
Peter
b6d242913a chore(deps): update helm release kube-prometheus-stack to v62.3.0 2024-08-26 07:59:10 +00:00
Peter
bd3e3fb11d chore(deps): update code.icb4dc0.de/infrastructure/images/ente/photos docker tag to v0.9.27 2024-08-26 07:54:01 +00:00
Peter
9b44a17e7d chore(deps): update code.icb4dc0.de/infrastructure/images/ente/cast docker tag to v0.9.27 2024-08-26 07:53:48 +00:00
Peter
3ee675b4fc chore(deps): update helm release argo-cd to v7.4.5 2024-08-26 07:32:48 +00:00
Peter
57494b5225 chore(deps): update code.icb4dc0.de/infrastructure/images/argocd docker tag to v2.12.2 2024-08-26 07:32:21 +00:00
Peter
b5c47c9254 chore(deps): update code.forgejo.org/forgejo/runner docker tag to v3.5.1 2024-08-24 09:34:57 +00:00
Peter
78bb78f83c chore(deps): update helm release meilisearch to v0.9.1 2024-08-24 09:34:17 +00:00
Peter
c5c3d4ff6d chore(deps): update forgejo docker tag to v8.2.0 2024-08-22 17:45:46 +00:00
Peter
85e53900fb chore(deps): update helm release coder to v2.14.2 2024-08-22 17:40:03 +00:00
Peter
3119515482 chore(deps): update docker.dragonflydb.io/dragonflydb/operator docker tag to v1.1.7 2024-08-22 17:33:10 +00:00
Peter Kurfer
548cde94a5
fix(cnpg): increase max connections 2024-08-22 19:32:06 +02:00
Peter Kurfer
094ef18553
fix(pgbouncer): revert back to session mode 2024-08-21 09:04:29 +02:00
Peter Kurfer
9160ab95df
fix(linkwarden): use pgbouncer where possible 2024-08-20 21:38:04 +02:00
Peter Kurfer
73b3eae0f0
fix: switch to transaction mode for pgbouncer 2024-08-20 21:20:04 +02:00
Peter Kurfer
0ec8fbf5b9
fix(umami): don't use pgbouncer 2024-08-20 21:11:05 +02:00
Peter Kurfer
33ddbde17b
feat(vikunja): switch to pooler for DB 2024-08-20 20:53:24 +02:00
Peter Kurfer
2ed60f7f25
feat(grafana): provision new DB 2024-08-20 20:17:57 +02:00
Peter
2a7240b3f6 chore(deps): update helm release kube-prometheus-stack to v62 2024-08-20 09:45:41 +00:00
Peter
5752f56c1b chore(deps): update ghcr.io/linkwarden/linkwarden docker tag to v2.7.1 2024-08-20 09:44:55 +00:00
Peter
60c4f44e25 chore(deps): update code.icb4dc0.de/infrastructure/images/argocd docker tag to v2.12.1 2024-08-19 09:37:00 +00:00
Peter
3c65bb4213 chore(deps): update helm release argo-cd to v7.4.4 2024-08-17 21:04:06 +00:00
Peter
8973da87d5 chore(deps): update helm release cert-manager to v1.15.3 2024-08-17 21:03:02 +00:00
Peter Kurfer
67d1d73232
feat(vikunja): switch to new DB 2024-08-16 15:12:05 +02:00
Peter Kurfer
50d735c368
feat(vikunja): provision new DB 2024-08-16 15:06:47 +02:00
Peter Kurfer
39678d3acf
chore(cnpg): enable monitoring of pgbouncer 2024-08-16 14:10:35 +02:00
Peter Kurfer
cf85d6a35e
feat(zipline): switch to new DB 2024-08-16 13:43:14 +02:00
Peter Kurfer
7c29ecf46d
feat(zipline): provision new DB 2024-08-16 13:31:20 +02:00
Peter Kurfer
119804e9fe
feat(umami): switch to new DB 2024-08-16 13:20:59 +02:00
Peter Kurfer
04ba2c63d7
feat(umami): provision new DB 2024-08-16 13:10:35 +02:00
Peter Kurfer
00231308c5
feat(cnpg): increase resources 2024-08-15 15:56:07 +02:00
Peter Kurfer
cbd75e1400
feat(noco): switch to new DB 2024-08-15 15:43:01 +02:00
Peter Kurfer
1a12309a12
feat(noco): provision new DB 2024-08-15 15:38:06 +02:00
Peter Kurfer
f815d05d58
feat(linkwarden): switch to new DB 2024-08-15 15:26:55 +02:00
Peter Kurfer
a4e87ba7ff
feat(linkwarden): provision new DB 2024-08-15 15:20:33 +02:00
Peter Kurfer
eaddde77c1
feat(hedgedoc): switch to new DB instance 2024-08-15 15:13:53 +02:00
Peter Kurfer
1e612bc89d
feat(hedgedoc): provision new DB 2024-08-15 15:06:47 +02:00
Peter Kurfer
e1d949b5a5
fix(fider): HTTP routes 2024-08-15 15:01:17 +02:00
Peter Kurfer
6b79d1fcf3
feat(fider): switch to new DB 2024-08-15 14:53:18 +02:00
Peter Kurfer
15552bba71
feat(fider): provision new DB 2024-08-15 14:41:58 +02:00
Peter Kurfer
6e55c2c6ce
refactor(vaultwarden): move to new DB 2024-08-15 14:32:06 +02:00
Peter Kurfer
4d8204a524
feat(vaultwarden): provision new DB 2024-08-15 14:24:47 +02:00
Peter Kurfer
c3f2a1b6cd
refactor(ente): switch to new DB 2024-08-15 14:16:24 +02:00
Peter Kurfer
21dfe900f2
feat(ente): provision new DB 2024-08-15 14:08:10 +02:00
Peter Kurfer
aaa2c3a497
feat(coder): update Coder connection string 2024-08-15 11:48:12 +02:00
Peter Kurfer
487603b1a5
feat(coder): bootstrap new DB 2024-08-15 11:25:21 +02:00
Peter Kurfer
8f5c83a681
refactor(prometheus): get rid of label selectors 2024-08-15 11:08:18 +02:00
Peter Kurfer
32e7426ae6
refactor(forgejo): switch to new DB cluster 2024-08-15 11:08:16 +02:00
Peter
47875352e1 chore(deps): update docker.io/nocodb/nocodb docker tag to v0.255.0 2024-08-15 03:33:59 +00:00
Peter Kurfer
0e1d6d0f6f
feat(forgejo): include DB config 2024-08-14 21:53:04 +02:00
Peter Kurfer
b394051f70
feat(forgejo): prepare new database 2024-08-14 21:51:45 +02:00
Peter Kurfer
43b37e9b50
fix(postgres): pooler name 2024-08-14 21:49:51 +02:00
Peter Kurfer
6930d5141b
fix(postgres): move pooler to right namespace 2024-08-14 21:44:22 +02:00
Peter Kurfer
1fe2f119da
feat(postgres): deploy connection pooler 2024-08-14 21:43:10 +02:00
Peter Kurfer
caede76c19
fix(postgres): include CRDs 2024-08-14 21:31:47 +02:00
Peter Kurfer
a39444b044
fix(postgres): configure AWS region 2024-08-14 21:21:02 +02:00
Peter Kurfer
eee5845b8d
refactor(postgres): custom bucket for cnpg backup 2024-08-14 20:48:01 +02:00
Peter Kurfer
80e8dbfdaa
fix: allow ext_pgo_admin to login 2024-08-14 20:41:33 +02:00
Peter Kurfer
84b3e7740e
feat(postgres): configure ext-postgres-operator 2024-08-14 20:35:02 +02:00
Peter Kurfer
5c78f39f9e
fix(cnpg): configure object store endpoint 2024-08-14 20:18:29 +02:00
Peter Kurfer
03352a4e7d
fix(cnpg): set namespace for backup 2024-08-14 20:08:25 +02:00
Peter Kurfer
dbe213da6a
feat(cnpg): configure backup 2024-08-14 20:05:16 +02:00
Peter
00ed2b58f7 chore(deps): update helm release hcloud-csi to v2.9.0 2024-08-14 11:14:37 +00:00
Peter
91cc37c529 chore(deps): update docker docker tag to v27.1.2 2024-08-14 03:35:53 +00:00
Peter
a52afb8ce0 chore(deps): update helm release kube-prometheus-stack to v61.9.0 2024-08-13 16:35:15 +00:00
Peter Kurfer
9448795a4e
chore(contour): bump CRDs 2024-08-13 18:31:58 +02:00
Peter
231d6ffb8e chore(deps): update ghcr.io/dani-garcia/vaultwarden docker tag to v1.32.0 2024-08-13 16:27:58 +00:00
Peter
f164b367e2 chore(deps): update helm release argo-cd to v7.4.3 2024-08-13 11:29:09 +00:00
Peter
d8f583cb70 chore(deps): update forgejo docker tag to v8.1.2 2024-08-13 03:33:31 +00:00
Peter
f29ffccc90 chore(deps): update forgejo docker tag to v8.1.1 2024-08-11 16:23:39 +00:00
Peter
44d334b16c chore(deps): update docker.io/nocodb/nocodb docker tag to v0.252.0 2024-08-10 03:34:27 +00:00
Peter
0f61088c49 chore(deps): update helm release meilisearch to v0.9.0 2024-08-08 15:51:22 +00:00
Peter
da07529ca7 chore(deps): update helm release kube-prometheus-stack to v61.7.2 2024-08-08 15:50:48 +00:00
Peter
1e18d82f7a chore(deps): update helm release argo-cd to v7.4.2 2024-08-08 15:34:11 +00:00
Peter
db14ac1371 chore(deps): update helm release coder to v2.14.1 2024-08-08 03:33:36 +00:00
Peter
6d912bd045 chore(deps): update helm release coder to v2.14.0 2024-08-07 03:34:13 +00:00
66 changed files with 14838 additions and 7795 deletions

4
argocd/kustomization.yaml
View file

@ -13,7 +13,7 @@ resources:
images:
- name: argocd
newName: code.icb4dc0.de/infrastructure/images/argocd
newTag: v2.12.0
newTag: v2.12.2
labels:
- includeSelectors: true
@ -26,7 +26,7 @@ helmCharts:
repo: https://argoproj.github.io/argo-helm
releaseName: argo-cd
namespace: argo-system
version: "7.4.1"
version: "7.4.5"
valuesFile: config/values.argo-cd.yaml
apiVersions:
- monitoring.coreos.com/v1

2
cert-manager/kustomization.yaml
View file

@ -12,7 +12,7 @@ resources:
helmCharts:
- name: cert-manager
repo: https://charts.jetstack.io
version: "v1.15.2"
version: "v1.15.3"
releaseName: cert-manager
namespace: kube-system
valuesFile: config/values.cert-manager.yaml

6
cnpg/kustomization.yaml
View file

@ -6,14 +6,17 @@ resources:
- resources/secrets/ext-pgo-admin.yaml
- resources/secrets/cnpg-backup-creds.yaml
- resources/cluster.yaml
- resources/backup.yaml
- resources/pool.yaml
helmCharts:
- releaseName: cnpg
name: cloudnative-pg
repo: https://cloudnative-pg.github.io/charts
version: 0.21.6
version: 0.22.0
valuesFile: config/values.cnpg.yaml
namespace: postgres-system
includeCRDs: true
- releaseName: ext-pgo
name: ext-postgres-operator
@ -21,3 +24,4 @@ helmCharts:
version: 1.2.6
valuesFile: config/values.ext-pgo.yaml
namespace: postgres
includeCRDs: true

11
cnpg/resources/backup.yaml Normal file
View file

@ -0,0 +1,11 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: daily-backup
namespace: postgres
spec:
schedule: "0 1 * * *"
backupOwnerReference: self
cluster:
name: app-cluster

21
cnpg/resources/cluster.yaml
View file

@ -6,13 +6,22 @@ metadata:
spec:
instances: 2
postgresql:
parameters:
max_connections: "150"
managed:
roles:
- name: ext_pgo_admin
ensure: present
login: true
superuser: true
createrole: true
createdb: true
inherit: true
connectionLimit: -1
passwordSecret:
name: ext-pgo-admin
storage:
size: 10Gi
@ -20,7 +29,8 @@ spec:
backup:
barmanObjectStore:
destinationPath: cnpg
destinationPath: "s3://cnpg/app-cluster/"
endpointURL: "http://garage.garage.svc:3900"
s3Credentials:
accessKeyId:
name: cnpg-backup-creds
@ -28,15 +38,20 @@ spec:
secretAccessKey:
name: cnpg-backup-creds
key: ACCESS_SECRET_KEY
region:
name: cnpg-backup-creds
key: AWS_REGION
wal:
compression: snappy
retentionPolicy: "30d"
resources:
requests:
cpu: 100m
memory: 400Mi
memory: 600Mi
limits:
cpu: 500m
memory: 800Mi
memory: 900Mi
affinity:
enablePodAntiAffinity: true

18
cnpg/resources/pool.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: postgresql.cnpg.io/v1
kind: Pooler
metadata:
name: app-cluster-pooler-rw
namespace: postgres
spec:
cluster:
name: app-cluster
instances: 3
type: rw
pgbouncer:
poolMode: session
parameters:
max_client_conn: "1000"
default_pool_size: "10"
monitoring:
enablePodMonitor: true

BIN
cnpg/resources/secrets/cnpg-backup-creds.yaml
View file

Binary file not shown.

BIN
cnpg/resources/secrets/ext-pgo-creds.yaml
View file

Binary file not shown.

4
coder/config/values.coder.yml
View file

@ -10,8 +10,8 @@ coder:
- name: CODER_PG_CONNECTION_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-coder
key: uri
name: coder-db-credentials-coder
key: PQ_URL
- name: CODER_DISABLE_PASSWORD_AUTH
value: "true"
- name: CODER_OIDC_ISSUER_URL

4
coder/kustomization.yaml
View file

@ -7,12 +7,14 @@ resources:
- "resources/namespace.yaml"
- "resources/http_routes.yaml"
- "resources/secret.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
helmCharts:
- name: coder
repo: https://helm.coder.com/v2
releaseName: coder
namespace: coder
version: "2.13.3"
version: "2.14.2"
valuesFile: config/values.coder.yml
skipTests: true

8
coder/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: coder
spec:
database: coder
dropOnDelete: false

12
coder/resources/db/user.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: coder
spec:
role: coder
database: coder
secretName: coder-db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@{{.Host}}:5432/{{.Database}}?sslmode=require&search_path=coder"

195
contour/crds/contour.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: contourconfigurations.projectcontour.io
spec:
preserveUnknownFields: false
@ -120,6 +120,12 @@ spec:
defaults to 3.
format: int32
type: integer
perHostMaxConnections:
description: |-
PerHostMaxConnections is the maximum number of connections
that Envoy will allow to each individual host in a cluster.
format: int32
type: integer
type: object
dnsLookupFamily:
description: |-
@ -600,9 +606,9 @@ spec:
description: |-
FeatureFlags defines toggle to enable new contour features.
Available toggles are:
useEndpointSlices - configures contour to fetch endpoint data
from k8s endpoint slices. defaults to false and reading endpoint
data from the k8s endpoints.
useEndpointSlices - Configures contour to fetch endpoint data
from k8s endpoint slices. defaults to true,
If false then reads endpoint data from the k8s endpoints.
items:
type: string
type: array
@ -1141,8 +1147,10 @@ spec:
type:
description: |-
Defines the XDSServer to use for `contour serve`.
Values: `contour` (default), `envoy`.
Values: `envoy` (default), `contour (deprecated)`.
Other values will produce an error.
Deprecated: this field will be removed in a future release when
the `contour` xDS server implementation is removed.
type: string
type: object
type: object
@ -1360,7 +1368,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: contourdeployments.projectcontour.io
spec:
preserveUnknownFields: false
@ -1814,6 +1822,8 @@ spec:
to container and the other way around.
When not set, MountPropagationNone is used.
This field is beta in 1.10.
When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
(which defaults to None).
type: string
name:
description: This must match the Name of a Volume.
@ -1823,6 +1833,21 @@ spec:
Mounted read-only if true, read-write otherwise (false or unspecified).
Defaults to false.
type: boolean
recursiveReadOnly:
description: |-
RecursiveReadOnly specifies whether read-only mounts should be handled
recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made
recursively read-only. If this field is set to IfPossible, the mount is made
recursively read-only, if it is supported by the container runtime. If this
field is set to Enabled, the mount is made recursively read-only if it is
supported by the container runtime, otherwise the pod will not be started and
an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to
None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.
type: string
subPath:
description: |-
Path within the volume from which the container's volume should be mounted.
@ -1950,6 +1975,7 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
path:
description: 'path is Optional: Used as the mounted
root, rather than the full Ceph tree, default is /'
@ -1971,10 +1997,15 @@ spec:
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -2010,10 +2041,15 @@ spec:
to OpenStack.
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -2078,11 +2114,17 @@ spec:
- path
type: object
type: array
x-kubernetes-list-type: atomic
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional specify whether the ConfigMap
@ -2115,10 +2157,15 @@ spec:
secret object contains more than one secret, all secret references are passed.
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -2162,8 +2209,8 @@ spec:
properties:
fieldRef:
description: 'Required: Selects a field of the
pod: only annotations, labels, name and namespace
are supported.'
pod: only annotations, labels, name, namespace
and uid are supported.'
properties:
apiVersion:
description: Version of the schema the FieldPath
@ -2222,6 +2269,7 @@ spec:
- path
type: object
type: array
x-kubernetes-list-type: atomic
type: object
emptyDir:
description: |-
@ -2313,6 +2361,7 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
dataSource:
description: |-
dataSource field can be used to specify either:
@ -2457,11 +2506,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@ -2489,7 +2540,7 @@ spec:
If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
type: string
volumeMode:
@ -2533,6 +2584,7 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
wwids:
description: |-
wwids Optional: FC volume world wide identifiers (wwids)
@ -2540,6 +2592,7 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
type: object
flexVolume:
description: |-
@ -2576,10 +2629,15 @@ spec:
scripts.
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -2760,6 +2818,7 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
readOnly:
description: |-
readOnly here will force the ReadOnly setting in VolumeMounts.
@ -2770,10 +2829,15 @@ spec:
target and initiator authentication
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -2944,11 +3008,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
@ -3027,11 +3093,17 @@ spec:
- path
type: object
type: array
x-kubernetes-list-type: atomic
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional specify whether the
@ -3054,7 +3126,7 @@ spec:
fieldRef:
description: 'Required: Selects a field
of the pod: only annotations, labels,
name and namespace are supported.'
name, namespace and uid are supported.'
properties:
apiVersion:
description: Version of the schema
@ -3118,6 +3190,7 @@ spec:
- path
type: object
type: array
x-kubernetes-list-type: atomic
type: object
secret:
description: secret information about the secret
@ -3161,11 +3234,17 @@ spec:
- path
type: object
type: array
x-kubernetes-list-type: atomic
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
optional:
description: optional field specify whether
@ -3204,6 +3283,7 @@ spec:
type: object
type: object
type: array
x-kubernetes-list-type: atomic
type: object
quobyte:
description: quobyte represents a Quobyte mount on the host
@ -3274,6 +3354,7 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
pool:
description: |-
pool is the rados pool name.
@ -3294,10 +3375,15 @@ spec:
More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -3341,10 +3427,15 @@ spec:
sensitive information. If this is not provided, Login operation will fail.
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -3429,6 +3520,7 @@ spec:
- path
type: object
type: array
x-kubernetes-list-type: atomic
optional:
description: optional field specify whether the Secret
or its keys must be defined
@ -3460,10 +3552,15 @@ spec:
credentials. If not specified, default values will be attempted.
properties:
name:
default: ""
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
type: string
type: object
x-kubernetes-map-type: atomic
@ -3805,6 +3902,12 @@ spec:
Service; defaults to 3.
format: int32
type: integer
perHostMaxConnections:
description: |-
PerHostMaxConnections is the maximum number of connections
that Envoy will allow to each individual host in a cluster.
format: int32
type: integer
type: object
dnsLookupFamily:
description: |-
@ -4285,9 +4388,9 @@ spec:
description: |-
FeatureFlags defines toggle to enable new contour features.
Available toggles are:
useEndpointSlices - configures contour to fetch endpoint data
from k8s endpoint slices. defaults to false and reading endpoint
data from the k8s endpoints.
useEndpointSlices - Configures contour to fetch endpoint data
from k8s endpoint slices. defaults to true,
If false then reads endpoint data from the k8s endpoints.
items:
type: string
type: array
@ -4828,8 +4931,10 @@ spec:
type:
description: |-
Defines the XDSServer to use for `contour serve`.
Values: `contour` (default), `envoy`.
Values: `envoy` (default), `contour (deprecated)`.
Other values will produce an error.
Deprecated: this field will be removed in a future release when
the `contour` xDS server implementation is removed.
type: string
type: object
type: object
@ -4923,7 +5028,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: extensionservices.projectcontour.io
spec:
preserveUnknownFields: false
@ -4968,6 +5073,39 @@ spec:
description: ExtensionServiceSpec defines the desired state of an ExtensionService
resource.
properties:
circuitBreakerPolicy:
description: |-
CircuitBreakerPolicy specifies the circuit breaker budget across the extension service.
If defined this overrides the global circuit breaker budget.
properties:
maxConnections:
description: The maximum number of connections that a single Envoy
instance allows to the Kubernetes Service; defaults to 1024.
format: int32
type: integer
maxPendingRequests:
description: The maximum number of pending requests that a single
Envoy instance allows to the Kubernetes Service; defaults to
1024.
format: int32
type: integer
maxRequests:
description: The maximum parallel requests a single Envoy instance
allows to the Kubernetes Service; defaults to 1024
format: int32
type: integer
maxRetries:
description: The maximum number of parallel retries a single Envoy
instance allows to the Kubernetes Service; defaults to 3.
format: int32
type: integer
perHostMaxConnections:
description: |-
PerHostMaxConnections is the maximum number of connections
that Envoy will allow to each individual host in a cluster.
format: int32
type: integer
type: object
loadBalancerPolicy:
description: |-
The policy for load balancing GRPC service requests. Note that the
@ -5371,7 +5509,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: httpproxies.projectcontour.io
spec:
preserveUnknownFields: false
@ -8226,6 +8364,7 @@ spec:
x-kubernetes-list-type: atomic
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: object
required:
@ -8241,7 +8380,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.15.0
name: tlscertificatedelegations.projectcontour.io
spec:
preserveUnknownFields: false

21928
contour/crds/gateway.yaml
View file

File diff suppressed because it is too large Load diff

2
dragonfly-operator/kustomization.yaml
View file

@ -9,7 +9,7 @@ images:
newTag: v0.16.0
- name: dragonfly-operator
newName: docker.dragonflydb.io/dragonflydb/operator
newTag: v1.1.6
newTag: v1.1.7
resources:

6
ente/kustomization.yaml
View file

@ -10,10 +10,10 @@ images:
newTag: cdbf8c5f0971cb383df03c6b2f72ffb85387beef
- name: photos
newName: code.icb4dc0.de/infrastructure/images/ente/photos
newTag: v0.9.16
newTag: v0.9.27
- name: cast
newName: code.icb4dc0.de/infrastructure/images/ente/cast
newTag: v0.9.16
newTag: v0.9.27
labels:
- includeSelectors: true
@ -23,6 +23,8 @@ labels:
resources:
- resources/namespace.yaml
- resources/museum/db/db.yaml
- resources/museum/db/user.yaml
- resources/museum/deployment.yaml
- resources/museum/service.yaml
- resources/photos/deployment.yaml

8
ente/resources/museum/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: ente
spec:
database: ente
dropOnDelete: false

10
ente/resources/museum/db/user.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: ente
spec:
role: ente
database: ente-ente
secretName: ente-db-credentials
privileges: OWNER

16
ente/resources/museum/deployment.yaml
View file

@ -23,23 +23,23 @@ spec:
- name: ENTE_DB_HOST
valueFrom:
secretKeyRef:
name: default-cluster-pguser-ente
key: host
name: ente-db-credentials-ente-ente
key: HOST
- name: ENTE_DB_NAME
valueFrom:
secretKeyRef:
name: default-cluster-pguser-ente
key: dbname
name: ente-db-credentials-ente-ente
key: DATABASE_NAME
- name: ENTE_DB_USER
valueFrom:
secretKeyRef:
name: default-cluster-pguser-ente
key: user
name: ente-db-credentials-ente-ente
key: LOGIN
- name: ENTE_DB_PASSWORD
valueFrom:
secretKeyRef:
name: default-cluster-pguser-ente
key: password
name: ente-db-credentials-ente-ente
key: PASSWORD
- name: ENTE_DB_SSLMODE
value: require
resources:

BIN
fider/config/fider.env
View file

Binary file not shown.

2
fider/kustomization.yaml
View file

@ -11,6 +11,8 @@ labels:
resources:
- "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/http_routes.yaml"

8
fider/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: fider
spec:
database: fider
dropOnDelete: false

12
fider/resources/db/user.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: fider
spec:
role: fider
database: fider
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

5
fider/resources/deployment.yaml
View file

@ -26,6 +26,11 @@ spec:
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-fider
key: PQ_URL
envFrom:
- secretRef:
name: fider-config

50
fider/resources/http_routes.yaml
View file

@ -28,10 +28,56 @@ spec:
parentRefs:
- name: contour
namespace: projectcontour
sectionName: https
hostnames:
- fider.icb4dc0.de
- login.fider.icb4dc0.de
- community.buildr.icb4dc0.de
rules:
- backendRefs:
- name: fider
port: 3000
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: fider-login-https
spec:
parentRefs:
- name: contour
namespace: projectcontour
sectionName: fider-login
hostnames:
- fider.icb4dc0.de
rules:
- backendRefs:
- name: fider
port: 3000
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: inetmock-fider-https
spec:
parentRefs:
- name: contour
namespace: projectcontour
sectionName: inetmock-fider-community
hostnames:
- community.inetmock.icb4dc0.de
rules:
- backendRefs:
- name: fider
port: 3000
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: buildr-fider-https
spec:
parentRefs:
- name: contour
namespace: projectcontour
sectionName: buildr-fider-community
hostnames:
- community.inetmock.icb4dc0.de
rules:
- backendRefs:

4
forgejo/config/values.forgejo.yaml
View file

@ -91,9 +91,9 @@ gitea:
STORAGE_TYPE: minio
database:
DB_TYPE: postgres
HOST: default-cluster-primary.postgres.svc
HOST: app-cluster-pooler-rw.postgres.svc
NAME: forgejo
USER: forgejo
USER: forgejo-6a95jj
SSL_MODE: require
log_sql: "false"
cache:

10
forgejo/kustomization.yaml
View file

@ -12,12 +12,14 @@ labels:
images:
- name: act_runner
newName: code.forgejo.org/forgejo/runner
newTag: "3.5.0"
newTag: "3.5.1"
- name: dind
newName: docker
newTag: 27.1.1-dind
newTag: 27.1.2-dind
resources:
- resources/db/db.yaml
- resources/db/user.yaml
- resources/secrets/admin-credentials.yaml
- resources/secrets/infra-credentials.yaml
- resources/secrets/meili-credentials.yaml
@ -46,7 +48,7 @@ helmCharts:
repo: oci://codeberg.org/forgejo-contrib
releaseName: forgejo
namespace: forgejo
version: "8.1.0"
version: "8.2.0"
valuesFile: config/values.forgejo.yaml
skipTests: true
apiVersions:
@ -55,6 +57,6 @@ helmCharts:
repo: https://meilisearch.github.io/meilisearch-kubernetes
releaseName: forgejo-indexer
namespace: forgejo
version: "0.8.0"
version: "0.9.1"
valuesFile: config/values.meilisearch.yaml
skipTests: true

8
forgejo/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: forgejo
spec:
database: forgejo
dropOnDelete: false

10
forgejo/resources/db/user.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: forgejo
spec:
role: forgejo
database: forgejo
secretName: forgejo-db-credentials
privileges: OWNER

BIN
forgejo/resources/secrets/infra-credentials.yaml
View file

Binary file not shown.

2
hcloud/kustomization.yaml
View file

@ -19,5 +19,5 @@ helmCharts:
repo: https://charts.hetzner.cloud
releaseName: hcloud-csi-driver
namespace: kube-system
version: "2.8.0"
version: "2.9.0"
valuesFile: config/values.csi.yaml

2
hedgedoc/kustomization.yaml
View file

@ -16,6 +16,8 @@ labels:
resources:
- "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/http_routes.yaml"

8
hedgedoc/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: hedgedoc
spec:
database: hedgedoc
dropOnDelete: false

12
hedgedoc/resources/db/user.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: hedgedoc
spec:
role: hedgedoc
database: hedgedoc
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

4
hedgedoc/resources/deployment.yaml
View file

@ -19,8 +19,8 @@ spec:
- name: CMD_DB_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-hedgedoc
key: uri
name: db-credentials-hedgedoc
key: PQ_URL
- name: NODE_EXTRA_CA_CERTS
value: /certs/ca.crt
envFrom:

31
kube-prometheus/config/values.prometheus.yaml
View file

@ -15,24 +15,9 @@ prometheus:
retention: 7d
nodeSelector:
kubernetes.io/arch: arm64
serviceMonitorNamespaceSelector:
matchLabels:
prometheus: default
serviceMonitorSelector:
matchLabels:
prometheus: default
ruleSelector:
matchLabels:
prometheus: default
ruleNamespaceSelector:
matchLabels:
prometheus: default
podMonitorSelector:
matchLabels:
prometheus: default
podMonitorNamespaceSelector:
matchLabels:
prometheus: default
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
ruleSelectorNilUsesHelmValues: false
resources:
requests:
memory: 1500Mi
@ -89,17 +74,17 @@ grafana:
enabled: false
envFromSecrets:
- name: grafana-auth
- name: grafana-db
- name: db-credentials-grafana
grafana.ini:
server:
domain: grafana.icb4dc0.de
root_url: "https://%(domain)s"
database:
type: postgres
host: default-cluster-primary.postgres.svc:5432
name: grafana
user: "${GF_DB_USER}"
password: "${GF_DB_PASSWORD}"
host: app-cluster-pooler-rw.postgres.svc:5432
name: "${DATABASE_NAME}"
user: "${LOGIN}"
password: "${PASSWORD}"
ssl_mode: require
auth:
disable_login_form: true

4
kube-prometheus/kustomization.yaml
View file

@ -7,6 +7,8 @@ resources:
- resources/secret.grafana-admin.yaml
- resources/secret.auth.yaml
- resources/secret.db.yaml
- resources/db/db.yaml
- resources/db/user.yaml
- resources/http_routes.grafana.yaml
helmCharts:
@ -15,5 +17,5 @@ helmCharts:
includeCRDs: true
namespace: observability-system
releaseName: prometheus
version: "61.7.1"
version: "62.3.0"
valuesFile: config/values.prometheus.yaml

8
kube-prometheus/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: grafana
spec:
database: grafana
dropOnDelete: false

10
kube-prometheus/resources/db/user.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: grafana
spec:
role: grafana
database: grafana
secretName: db-credentials
privileges: OWNER

4
linkwarden/kustomization.yaml
View file

@ -11,10 +11,12 @@ labels:
images:
- name: linkwarden
newName: ghcr.io/linkwarden/linkwarden
newTag: "v2.6.2"
newTag: "v2.7.1"
resources:
- "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/http_routes.yaml"

8
linkwarden/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: linkwarden
spec:
database: linkwarden
dropOnDelete: false

13
linkwarden/resources/db/user.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: linkwarden
spec:
role: linkwarden
database: linkwarden
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require&pgbouncer=true"
PQ_MIGRATE_URL: "postgresql://{{.Role}}:{{.Password}}@{{.Host}}:5432/{{.Database}}?sslmode=require"

8
linkwarden/resources/deployment.yaml
View file

@ -30,8 +30,8 @@ spec:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-linkwarden
key: uri
name: db-credentials-linkwarden
key: PQ_MIGRATE_URL
containers:
- name: linkwarden
image: linkwarden
@ -41,8 +41,8 @@ spec:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-linkwarden
key: uri
name: db-credentials-linkwarden
key: PQ_URL
envFrom:
- secretRef:
name: linkwarden-config

BIN
nocodb/config/nocodb.env
View file

Binary file not shown.

4
nocodb/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: nocodb
images:
- name: nocodb
newName: docker.io/nocodb/nocodb
newTag: 0.251.3
newTag: 0.255.0
labels:
- includeSelectors: true
@ -16,6 +16,8 @@ labels:
resources:
- resources/namespace.yaml
- resources/db/db.yaml
- resources/db/user.yaml
- resources/dragonfly.yaml
- resources/pvc.yaml
- resources/deployment.yaml

8
nocodb/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: noco
spec:
database: noco
dropOnDelete: false

12
nocodb/resources/db/user.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: noco
spec:
role: noco
database: noco
secretName: db-credentials
privileges: OWNER
secretTemplate:
NC_DB_JSON: '{"client": "pg","connection": {"host": "app-cluster-pooler-rw.postgres.svc","port": 5432,"user": "{{.Role}}","password": "{{.Password}}","database": "{{.Database}}","ssl": {"ca": "-----BEGIN CERTIFICATE-----\nMIIBkjCCATigAwIBAgIQDfi4fTFY2eKrhN88nKEUDTAKBggqhkjOPQQDAjApMREw\nDwYDVQQLEwhwb3N0Z3JlczEUMBIGA1UEAxMLYXBwLWNsdXN0ZXIwHhcNMjQwODE0\nMTg0MzIzWhcNMjQxMTEyMTg0MzIzWjApMREwDwYDVQQLEwhwb3N0Z3JlczEUMBIG\nA1UEAxMLYXBwLWNsdXN0ZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQotXOi\nx9tfnUaG7A6T6x5YuBgKCvBAGw7q0C0teHWRIxSaoaiD6KV21juVpAgKoZckXA8x\niZW0GUHOoAUrCV7Ao0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB\n/zAdBgNVHQ4EFgQUuMEs3ztFClbC2agTqXkfkB1GHjkwCgYIKoZIzj0EAwIDSAAw\nRQIgK6FHhGYZ/FwxG8dDq2czVLvLCs+yozZZhNuhZBeT8v0CIQDhwRgJNeMxKtRS\nu3ziF4E4aniICEqa/To3Lvaa1cJJiQ==\n-----END CERTIFICATE-----","key": "","cert": "","rejectUnauthorized": false}}}'

6
nocodb/resources/deployment.yaml
View file

@ -19,6 +19,12 @@ spec:
containers:
- name: nocodb
image: nocodb
env:
- name: NC_DB_JSON
valueFrom:
secretKeyRef:
name: db-credentials-noco
key: NC_DB_JSON
envFrom:
- secretRef:
name: nocodb-config

2
s3-csi/kustomization.yaml
View file

@ -13,7 +13,7 @@ images:
newTag: v2.10.1
- name: provisioner
newName: registry.k8s.io/sig-storage/csi-provisioner
newTag: v5.0.2
newTag: v5.1.0
- name: csi
newName: code.icb4dc0.de/infrastructure/csi-s3
newTag: 0.38.3

2
umami/kustomization.yaml
View file

@ -16,6 +16,8 @@ labels:
resources:
- "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/http_route.yaml"

8
umami/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: umami
spec:
database: umami
dropOnDelete: false

12
umami/resources/db/user.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: umami
spec:
role: umami
database: umami
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@{{.Host}}:5432/{{.Database}}"

8
umami/resources/deployment.yaml
View file

@ -25,8 +25,8 @@ spec:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-umami
key: uri
name: db-credentials-umami
key: PQ_URL
envFrom:
- configMapRef:
name: umami-config
@ -53,8 +53,8 @@ spec:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-umami
key: uri
name: db-credentials-umami
key: PQ_URL
envFrom:
- configMapRef:
name: umami-config

4
vaultwarden/kustomization.yaml
View file

@ -12,10 +12,12 @@ labels:
images:
- name: vaultwarden
newName: ghcr.io/dani-garcia/vaultwarden
newTag: "1.31.0-alpine"
newTag: "1.32.0-alpine"
resources:
- "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/pvc.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"

8
vaultwarden/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: vaultwarden
spec:
database: vaultwarden
dropOnDelete: false

12
vaultwarden/resources/db/user.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: vaultwarden
spec:
role: vaultwarden
database: vaultwarden
secretName: vaultwarden-db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

4
vaultwarden/resources/deployment.yaml
View file

@ -24,8 +24,8 @@ spec:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vaultwarden
key: uri
name: vaultwarden-db-credentials-vaultwarden
key: PQ_URL
resources:
limits:
memory: "128Mi"

2
vikunja/kustomization.yaml
View file

@ -19,6 +19,8 @@ labels:
resources:
- resources/namespace.yaml
- resources/db/db.yaml
- resources/db/user.yaml
- resources/api/dragonfly.yaml
- resources/api/pvc.yaml
- resources/api/deployment.yaml

17
vikunja/resources/api/deployment.yaml
View file

@ -30,25 +30,22 @@ spec:
- name: VIKUNJA_DATABASE_SSLMODE
value: require
- name: VIKUNJA_DATABASE_HOST
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: host
value: app-cluster-pooler-rw.postgres.svc
- name: VIKUNJA_DATABASE_DATABASE
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: dbname
name: db-credentials-vikunja
key: DATABASE_NAME
- name: VIKUNJA_DATABASE_USER
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: user
name: db-credentials-vikunja
key: LOGIN
- name: VIKUNJA_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: password
name: db-credentials-vikunja
key: PASSWORD
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:

8
vikunja/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: vikunja
spec:
database: vikunja
dropOnDelete: false

10
vikunja/resources/db/user.yaml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: vikunja
spec:
role: vikunja
database: vikunja
secretName: db-credentials
privileges: OWNER

BIN
zipline/config/zipline.env
View file

Binary file not shown.

2
zipline/kustomization.yaml
View file

@ -16,6 +16,8 @@ labels:
resources:
- "resources/namespace.yaml"
- "resources/db/db.yaml"
- "resources/db/user.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/http_route.yaml"

8
zipline/resources/db/db.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: Postgres
metadata:
name: zipline
spec:
database: zipline
dropOnDelete: false

12
zipline/resources/db/user.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: db.movetokube.com/v1alpha1
kind: PostgresUser
metadata:
name: zipline
spec:
role: zipline
database: zipline
secretName: db-credentials
privileges: OWNER
secretTemplate:
PQ_URL: "postgresql://{{.Role}}:{{.Password}}@app-cluster-pooler-rw.postgres.svc:5432/{{.Database}}?sslmode=require"

6
zipline/resources/deployment.yaml
View file

@ -16,6 +16,12 @@ spec:
containers:
- name: zipline
image: zipline
env:
- name: CORE_DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials-zipline
key: PQ_URL
envFrom:
- secretRef:
name: zipline-config