From 0ac1d722a387452802d68051ae754e43be8cd26a Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Wed, 8 Nov 2023 21:28:51 +0100 Subject: [PATCH] refactor: postgres-operator and migration --- .drone.yml | 92 ------ apps/drone/base/config/values.drone.yaml | 6 +- apps/drone/resources/drone-secrets.enc.yaml | 10 +- apps/forgejo/config/values.forgejo.yaml | 15 +- apps/forgejo/resources/credentials.enc.yaml | 10 +- apps/ghostcms/Dockerfile | 11 - apps/ghostcms/config/base.env | 15 - apps/ghostcms/kustomization.yaml | 8 +- apps/ghostcms/resources/creds.enc.yaml | 14 +- apps/ghostcms/resources/deployment.yaml | 80 +++-- apps/ghostcms/resources/pvc.yaml | 13 + apps/hedgedoc/config/base.env | 6 +- apps/hedgedoc/resources/config.enc.yaml | 8 +- apps/hedgedoc/resources/deployment.yaml | 9 +- apps/nocodb/config/base.env | 2 - apps/nocodb/kustomization.yaml | 2 +- apps/nocodb/resources/config.enc.yaml | 9 +- apps/nocodb/resources/deployment.yaml | 5 + apps/postgres-operator/kustomization.yaml | 8 +- .../resources/db/default-cluster.yaml | 77 +++++ .../resources/db/pgo-s3-creds.enc.yaml | 37 +++ apps/postgres-operator/resources/manager.yaml | 1 + .../resources/namespace.yaml | 7 + .../resources/rbac/role_binding.yaml | 3 +- .../resources/rbac/service_account.yaml | 1 + apps/postgres-operator/secret-generator.yaml | 10 + apps/vikunja/kustomization.yaml | 28 ++ apps/vikunja/resources/api/config.enc.yaml | 36 +++ apps/vikunja/resources/api/deployment.yaml | 82 +++++ apps/vikunja/resources/api/pvc.yaml | 13 + apps/vikunja/resources/api/service.yaml | 14 + apps/vikunja/resources/ingress.yaml | 30 ++ apps/vikunja/resources/namespace.yaml | 7 + apps/vikunja/resources/ui/deployment.yaml | 32 ++ apps/vikunja/resources/ui/service.yaml | 13 + apps/vikunja/secret-generator.yaml | 10 + apps/zipline/config/base.env | 5 +- apps/zipline/resources/config.enc.yaml | 10 +- k8s/configure_cluster.yaml | 13 +- k8s/inventory/group_vars/all.yml | 304 +++++++++--------- k8s/roles/fider/files/config/base.env | 2 +- k8s/roles/fider/tasks/main.yml | 6 +- k8s/roles/minio/files/values.minio.yaml | 14 - k8s/roles/minio/tasks/main.yml | 38 --- k8s/roles/nextcloud/tasks/main.yml | 2 +- .../templates/values.nextcloud.yml.j2 | 2 +- k8s/roles/prometheus/tasks/main.yaml | 24 +- k8s/roles/prometheus/templates/values.yaml.j2 | 4 +- 48 files changed, 719 insertions(+), 429 deletions(-) delete mode 100644 apps/ghostcms/Dockerfile delete mode 100644 apps/ghostcms/config/base.env create mode 100644 apps/ghostcms/resources/pvc.yaml create mode 100644 apps/postgres-operator/resources/db/default-cluster.yaml create mode 100644 apps/postgres-operator/resources/db/pgo-s3-creds.enc.yaml create mode 100644 apps/postgres-operator/secret-generator.yaml create mode 100644 apps/vikunja/kustomization.yaml create mode 100644 apps/vikunja/resources/api/config.enc.yaml create mode 100644 apps/vikunja/resources/api/deployment.yaml create mode 100644 apps/vikunja/resources/api/pvc.yaml create mode 100644 apps/vikunja/resources/api/service.yaml create mode 100644 apps/vikunja/resources/ingress.yaml create mode 100644 apps/vikunja/resources/namespace.yaml create mode 100644 apps/vikunja/resources/ui/deployment.yaml create mode 100644 apps/vikunja/resources/ui/service.yaml create mode 100644 apps/vikunja/secret-generator.yaml delete mode 100644 k8s/roles/minio/files/values.minio.yaml delete mode 100644 k8s/roles/minio/tasks/main.yml diff --git a/.drone.yml b/.drone.yml index 058ed1e..11727a5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -28,95 +28,3 @@ steps: IMAGE_REGISTRY: code.icb4dc0.de IMAGE_REPO: prskr/infrastructure/keydb IMAGE_TAG: v6.3.3 - ---- -kind: pipeline -type: docker -name: arm64 - -platform: - arch: arm64 - -steps: -- name: manifest - image: quay.io/buildah/stable - network_mode: host - privileged: true - commands: - - | - buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}" - buildah bud \ - --tag "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" \ - --arch $${IMAGE_ARCH} \ - apps/ghostcms - buildah push "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" - environment: - GITEA_USER: prskr - GITEA_TOKEN: - from_secret: gitea_token - IMAGE_REGISTRY: code.icb4dc0.de - IMAGE_REPO: prskr/ghostcms - IMAGE_TAG: 5.71.0-alpine_arm64 - IMAGE_ARCH: arm64 ---- -kind: pipeline -type: docker -name: amd64 - -platform: - arch: amd64 - -steps: -- name: manifest - image: quay.io/buildah/stable - network_mode: host - privileged: true - commands: - - | - buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}" - buildah bud \ - --tag "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" \ - --arch $${IMAGE_ARCH} \ - apps/ghostcms - buildah push "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" - environment: - GITEA_USER: prskr - GITEA_TOKEN: - from_secret: gitea_token - IMAGE_REGISTRY: code.icb4dc0.de - IMAGE_REPO: prskr/ghostcms - IMAGE_TAG: 5.71.0-alpine_amd64 - IMAGE_ARCH: amd64 ---- -kind: pipeline -type: docker -name: manifest - -platform: - arch: arm64 - -depends_on: - - amd64 - - arm64 - -steps: -- name: manifest - image: quay.io/buildah/stable - network_mode: host - privileged: true - commands: - - | - buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}" - buildah manifest create "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" - buildah pull --arch amd64 "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_amd64" - buildah pull --arch arm64 "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_arm64" - buildah manifest add "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_amd64" - buildah manifest add "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_arm64" - buildah manifest push --all "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" - environment: - GITEA_USER: prskr - GITEA_TOKEN: - from_secret: gitea_token - IMAGE_REGISTRY: code.icb4dc0.de - IMAGE_REPO: prskr/ghostcms - IMAGE_TAG: 5.71.0-alpine diff --git a/apps/drone/base/config/values.drone.yaml b/apps/drone/base/config/values.drone.yaml index 8e4b8bb..383973b 100644 --- a/apps/drone/base/config/values.drone.yaml +++ b/apps/drone/base/config/values.drone.yaml @@ -33,10 +33,12 @@ env: DRONE_DATABASE_DRIVER: postgres DRONE_GIT_ALWAYS_AUTH: true + DRONE_LOGS_DEBUG: true - DRONE_S3_ENDPOINT: http://minio.minio.svc.cluster.local:9000 + DRONE_S3_ENDPOINT: https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com DRONE_S3_BUCKET: drone DRONE_S3_PATH_STYLE: true - AWS_DEFAULT_REGION: us-east-1 + DRONE_S3_SKIP_VERIFY: true AWS_REGION: us-east-1 + AWS_DEFAULT_REGION: us-east-1 DRONE_REDIS_CONNECTION: redis://drone-session-cache-keydb:6379 \ No newline at end of file diff --git a/apps/drone/resources/drone-secrets.enc.yaml b/apps/drone/resources/drone-secrets.enc.yaml index f35c692..f67fba7 100644 --- a/apps/drone/resources/drone-secrets.enc.yaml +++ b/apps/drone/resources/drone-secrets.enc.yaml @@ -5,10 +5,10 @@ metadata: namespace: drone type: Opaque stringData: - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:bLbQALnKFmjIWayuvgJK+w==,iv:MXpJa4ctbumf8u7erB66dpu6umQFmcKry0rJijECSpQ=,tag:UE8z+UW4ulwG9i3NKyfO4w==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5oEn7d5MII2h1swwLS2YKHXLUYdTLZ9c4NU+j3xjk/I+ZdXZkXsy4mfewxWCZT+AmJHlJY2A1pB5t0nKFw5H,iv:bgoy8y+eOuIRPSuN7LZSQLVPnRjTVhBhUXJ2Vn54acc=,tag:LeuivYJtkSXtoMVRGz1F5A==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:HWUsFOc2tD8CnEm4m4+2nuynOOW6lbUrtROLaPNgkmI=,iv:pmfvhL69opyb/MPlLRNjhjid5ORtE/E1B2/tCdOJKIc=,tag:xUVez9qJc4eBR14HeHyYmA==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:skSkCr5p1YpNqeiwUz1zTUstRb9wbaSUVOzCgyLJxf9kKXWpPjQOQxve7s5m6iNhwgxICBmjNgxA6f2wYXrF2w==,iv:h/kNCcbYfXDGyH1oUz1A2Nfeb/AM92msQQ65YXHu+o4=,tag:xv7tm2PtVOCBtJ45K6H/QA==,type:str] DRONE_COOKIE_SECRET: ENC[AES256_GCM,data:zG8FSKnxIRVk7cCbtIP6VC2tbM+FfjFcg5Y6mTE19Tw=,iv:Ac50qD8l7CwtGxFFITl/0dMq1McHbztU7320v4pPWFs=,tag:JZCwGhJ+NQ/pdpULMzI+pQ==,type:str] - DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:qoH2QxBMwK+24ZsWe0F5VcbINvreEIdyT258uusu7BjjzEOWql8b5h8Ipj8fUK4lsPR+WnqG68TlGRYEZFM12o9EB7IPs8R47ERE6qfFN1Sdi5Vdf4kmEYWPnsJrJyc7mzovLTFJLwr85ZpYv64aSw7n0io13y0=,iv:1+xiSO+htrq381gpIri9/2I4CkzGSfT2Av0h3RXEQ5Q=,tag:f9Mg2CDo0HlkWpBkl6j+nw==,type:str] + DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:j5sqt/EpuGOHQH2p+kuwm/CYIxT0DviopKST2MrTpXR+Jh20NRgiq9CnYFTzCIHQZaSsO16b4Gyu0ViXgYSEK5t0j0QNnEjo8/z+ko6mOYEMyAbdAUuBmS9i/vbCb0HaXTpoTy3RG7Vjxif3WqDf,iv:b1rssEhX4K/cHNEytIuLW8NZaOPSnOokmhH+kBggyN8=,tag:Ns4lIcSWntsT1zpKMNd7cg==,type:str] DRONE_DATABASE_SECRET: ENC[AES256_GCM,data:qSNVcSzH0y0pCY07Y3yDjfMaPZFtPWEmf3tqq076n7o=,iv:XNJaU2kQJeS7iMJyIoAkwzVS3QdqLAZy/FbE3VFvYXU=,tag:FPYbmgQ8/VSkMexXko+7Nw==,type:str] DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:jTR4bxuyrxt5llnRDuBHnughiIyzKQ2JEylh16wjZDIyWrid,iv:NrUudI15R+ZiaL3M/k70Mdfm20aerCWjDs6R0MHC4Hc=,tag:kfX4fNcCP4Xy//V72WzDrg==,type:str] DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:0t8swJmx5qSvx7q9GsuRU+FOfcKxelIzDm5u16Nypfrqf5m9CbqmT39Uibj1wL8dWwx04Xo4mxc=,iv:agqn9RVuDq9WXly1AvckabpIyOqyK+0E89u4iItKRn4=,tag:KZLQlq+61QZtFGY/CnlQ2w==,type:str] @@ -38,8 +38,8 @@ sops: VGN1VEJlL3RxOXVwNmo3RTk4aUhEb1EKtAHu3KqQ7EH7SQE/Dvc6gfuSmkcsy3+c 1xxDYh69cMHkV3q4Wfnqg/DyWUq6D7OE4tVAuzNfo1SzZuBHXXCdQQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-26T19:21:02Z" - mac: ENC[AES256_GCM,data:lwiL9GLN8fDPfIrKxqciJXOz7vUbgxtayfqQwrxp94TTOTaAnraKIy60RlkP2PJUuj9Rdcl7sTLSWRrkwgUq08xvNjEOnQ70TuWQAaSR9J0udWsvPQWn951xr3lzzkE6M6ZI/3JCX87gXrocAih1ogpU9b6uz4zUiuhuHk8UogI=,iv:OZJhT0XFhsU2+HZ1YhqAsZniGeBipQqYcP6CJFJjTac=,tag:LYzqKBUiw7ETaRETVOym5A==,type:str] + lastmodified: "2023-11-08T18:21:47Z" + mac: ENC[AES256_GCM,data:Lblzygh5+S25J2c1bH+hlKE9DGkmYAzI+BcBfpoLs3uB16NIyIku833XN0jEerpxINSiJMClLBVzZ2uKCpDCfcxxz0rJIldtoUqOzKtxTtcziMt6VXoG3h5m9pPbILzGU27uzo/D7E9SbXAUAmTGYsEFLx/R7bZYWMCdhgCOO0I=,iv:tnjm+xhTCie9W8LPG4MYCK3KNMZBa8TJPmzpYxZ0HQc=,tag:R4W/OU/aNCz5S7pXHjIWbg==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1 diff --git a/apps/forgejo/config/values.forgejo.yaml b/apps/forgejo/config/values.forgejo.yaml index ab5f5aa..c225bc2 100644 --- a/apps/forgejo/config/values.forgejo.yaml +++ b/apps/forgejo/config/values.forgejo.yaml @@ -73,24 +73,25 @@ gitea: DEFAULT_USER_IS_RESTRICTED: 'true' storage: STORAGE_TYPE: minio - MINIO_ENDPOINT: minio.minio.svc.cluster.local:9000 + MINIO_ENDPOINT: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com:443 MINIO_BUCKET: gitea MINIO_LOCATION: us-east-1 - MINIO_USE_SSL: 'false' + MINIO_USE_SSL: 'true' attachment: ALLOWED_TYPES: .bz2,.gz,.md,.pdf,.tgz,.txt,.zip,.tar.gz,.txt,application/gzip,application/x-gzip,application/x-gtar,application/x-tgz,application/x-compressed-tar,text/plain MAX_SIZE: 30 MAX_FILES: 15 STORAGE_TYPE: minio - MINIO_ENDPOINT: minio.minio.svc.cluster.local:9000 + MINIO_ENDPOINT: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com:443 MINIO_BUCKET: gitea MINIO_LOCATION: us-east-1 - MINIO_USE_SSL: 'false' + MINIO_USE_SSL: 'true' database: DB_TYPE: postgres - HOST: postgres-15-postgresql.postgres.svc.cluster.local:5432 - NAME: gitea - USER: gitea + HOST: default-cluster-primary.postgres.svc + NAME: forgejo + USER: forgejo + SSL_MODE: require log_sql: "false" metrics: ENABLED: true diff --git a/apps/forgejo/resources/credentials.enc.yaml b/apps/forgejo/resources/credentials.enc.yaml index ad63607..e74f538 100644 --- a/apps/forgejo/resources/credentials.enc.yaml +++ b/apps/forgejo/resources/credentials.enc.yaml @@ -4,9 +4,9 @@ metadata: name: forgejo-credentials type: Opaque stringData: - database: ENC[AES256_GCM,data:XnZgkrfXpUElOMMqXKSYn4tFNPcKznUZ/U+ZKWnioqC3,iv:s6cwX7Pcic4GSdJUkAp79VZmTjWvaMQGRpRBLym7G+U=,tag:yzSUbsiG9hpTQhkXLK3ZsA==,type:str] - attachment: ENC[AES256_GCM,data:pdNzbwfjEFKk4XBNA+/mKKy/SWQD1cFnu8JuEsZfIoRUM3u6qmcw0Hc8H1epsE+YcLpjfIxM7SLGS+pSaYBHSCltyk4IoJ0kPOetAwg+JcHorzUawKbPTOfRzgZFuSG/x7fze3I3RabWA+hpqM/+8ioVe8ecMRqxiyf8iA==,iv:fs9AzB8mkd4p5yVvaoPh4Hf9RMYv2b6l0dj+sMajhqo=,tag:gIvxxD40wFQH7WhzMWkcZw==,type:str] - storage: ENC[AES256_GCM,data:ESAb9DiIldMUINDnK/xMt8DmFbuFnumHSoDVGS9HBABkKBfb5zKvqNXLq9NIm4KGNKojAoy+axgZwv1sAFZNMLTuDQNOczEJ9yPyr3IbuQHXWKpyDyN6nlY26FLH0ib6JuL6n15s67IaFPYuFa1ukfQn9IRTKnwmY8OK+w==,iv:tmQ4Xtl3rmI/mhBPlTbsVL5yTrDbHZlIc+I4Dx1SeP4=,tag:SWqOxnHg3yE1H8mrroAOtg==,type:str] + database: ENC[AES256_GCM,data:kTQSEpMRi0ze+d0nsYerRFfhlS8VzZ7stF6AaXCKg4c=,iv:ZK+l+N2LTmXiJ7eHbNpgq5cQ2geXJJVUwcnhqSvJaTk=,tag:zfK4sXZVg89aXNco2zVYkw==,type:str] + attachment: ENC[AES256_GCM,data:1yXF5ynIGQ8gv6F9SkehA+xnwlI0b1BuZAaSpmymNF/nm01rM5St0G2HBRAQp9i9HeJuRL3DitywAXqVyT1Usx5PFZrK3DnN1NoCCKFEOq5E3JFDQcVrisWtqab562y4ucR5GlynZHG+mjWEExTldnCoQc03KM8m/JsHI4Z5lV23/p+yrSMu/GpxERsu,iv:Llsh9nftLztMX5+3HML0u3hnaKoFKADR0Lj8WCDtsaU=,tag:yH65vLuB+/jUL+Rvaxt6CA==,type:str] + storage: ENC[AES256_GCM,data:6RyQ4kXlBexGZbHd8/RO7TdZ6jv+I9LC7rqHfZo9949G4FWDS47PdAtMWWV9IG/k2RziB//aBe8E7C5uvFWIpSQF7p4gxNTmdSzRq4/e1HrSdOKZ2+GdDPAzD7PWo7L7GhDN5iuAlUKAVsl/DFJWUkH6vFWPmVf3nJ/sW5MRjpjgzWuAzQAgdJttCxEi,iv:Xoy0TJ4QSoyY/b+EWkFEnx3OlBQSXNLJQL3nwTOv6Tg=,tag:7E2AMs7IkdZkN99cb7gAAg==,type:str] sops: kms: [] gcp_kms: [] @@ -31,8 +31,8 @@ sops: bHk2WG41aDdPeWVJR0NjRWZOVnVMS2cKLZZt2VNc5XdqW9Cknr2Re7pW2+s5CSYj hQyzCSAPp8hN9mietVqzX3eyFf9ngYJ96TjvBd+2dduxchxAEoi4tQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-30T09:24:54Z" - mac: ENC[AES256_GCM,data:pE1MqMtsOmDcpI2N2BK++JLwENVMiN6fhjiqfqsjg0iq90nmmdm55Ot8AW9TK1EHdjBpghMjoIJoF4hI72RPnc6DunZPE/q5LZrTnW37do+EmF+KzSFz4goDovkj9KvAcyjY8b3PobpwX7wtNvRjaUqy1pr6WJZjntkHTojUUSg=,iv:CAGiBKa/ydi4n51dbSxqC9pJ5Wlh87rk9tiJYCoFmTg=,tag:v4ZvCi77mhVjZ90QNtscsQ==,type:str] + lastmodified: "2023-11-07T21:04:47Z" + mac: ENC[AES256_GCM,data:+9JzeBV2UT8O+d98Pvmx4+IujahWvuIIQijjW/JYaE6vbNfzcp21L+3jtU4JZb5Yj3KTySLvlaMvHKDxER/xHsIbYKUF0MMm90eJnccxiiJ7YhPKMkHmRhGbNEP60COv01O1bba4RrAqFdS0velAo74PmYFZO0gAX5T0080+4KQ=,iv:9J6QCO1J4scRCQklRtc62rcNSaVxsKfgqHpjsITruZM=,tag:jlUKMcYvSWmG7KpUOhNN5A==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1 diff --git a/apps/ghostcms/Dockerfile b/apps/ghostcms/Dockerfile deleted file mode 100644 index cb32575..0000000 --- a/apps/ghostcms/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -ARG GHOST_IMAGE_TAG=5.71.0-alpine - -FROM docker.io/node:18-alpine AS s3-storage-adapter - -WORKDIR /s3 - -RUN npm install ghos3 - -FROM docker.io/ghost:${GHOST_IMAGE_TAG} - -COPY --from=s3-storage-adapter /s3/node_modules/ghos3/* ./content/adapters/storage/s3 \ No newline at end of file diff --git a/apps/ghostcms/config/base.env b/apps/ghostcms/config/base.env deleted file mode 100644 index 46c93f0..0000000 --- a/apps/ghostcms/config/base.env +++ /dev/null @@ -1,15 +0,0 @@ -database__client=mysql -database__connection__host=ghostcms-db -database__connection__database=ghostcms -server__host=0.0.0.0 -server__port=2368 -storage__active=s3 -storage__media__adapter=s3 -storage__files__adapter=s3 -storage__s3__region=us-east-1 -storage__s3__bucket=ghostcms -storage__s3__endpoint=minio.minio.svc.cluster.local:9000 -storage__s3__forcePathStyle=true -cache__imageSizes__adapter=Redis -cache__Redis__host=ghostcms-keydb.ghostcms.svc -cache__Redis__port=6379 \ No newline at end of file diff --git a/apps/ghostcms/kustomization.yaml b/apps/ghostcms/kustomization.yaml index aaf367b..3377aa9 100644 --- a/apps/ghostcms/kustomization.yaml +++ b/apps/ghostcms/kustomization.yaml @@ -5,7 +5,7 @@ namespace: ghostcms images: - name: ghostcms - newName: code.icb4dc0.de/prskr/ghostcms + newName: docker.io/ghost newTag: 5.71.0-alpine commonLabels: @@ -15,6 +15,7 @@ commonLabels: resources: - resources/namespace.yaml - resources/db.yaml + - resources/pvc.yaml - resources/deployment.yaml - resources/service.yaml - resources/ingress.yaml @@ -22,11 +23,6 @@ resources: generators: - ./secret-generator.yaml -secretGenerator: - - name: ghostcms-base-config - envs: - - "config/base.env" - helmCharts: - name: keydb repo: https://enapter.github.io/charts/ diff --git a/apps/ghostcms/resources/creds.enc.yaml b/apps/ghostcms/resources/creds.enc.yaml index 618a94e..044b6b9 100644 --- a/apps/ghostcms/resources/creds.enc.yaml +++ b/apps/ghostcms/resources/creds.enc.yaml @@ -4,10 +4,12 @@ metadata: name: ghostcms-secret-config type: Opaque stringData: - database__connection__user: ENC[AES256_GCM,data:RB9Ne7UwdiE=,iv:i+qC2xTv2I6iQfJnzui1V+M3YOCu7OD9qmtY6G1pp3A=,tag:PPe9wMGHeM7fItM+GJhchA==,type:str] - database__connection__password: ENC[AES256_GCM,data:EH5AnurBZlQPpybbS+mbFgMQk2H6GXrXlw2nDDChoaU=,iv:wShvZE2GEUG4OVBoSydE9MbFPO9T70QG4H65lf4itWw=,tag:J7fKtAVGWEYvXDWfC7ZNIQ==,type:str] - adapters__storage__s3__accessKeyId: ENC[AES256_GCM,data:zRnYiP0OGRJhYYuYGwjwgw==,iv:3S53/I21EW+ONOdU5lriqcnwEfCa74GK2NVwbOfnUlg=,tag:+Aljr4KLvC0/38LmYbSfpw==,type:str] - adapters__storage__s3__secretAccessKey: ENC[AES256_GCM,data:lK3nL/2VwcA1znIol0mtZOdbTEXoplnh7kb30xj8A/hLUVeWhDXf5EqGXlI5tsBHme2i51KjDTzk+taFEZkb,iv:0nwuVhcoW+7HB9EreZ6jlpzXkxYSAMNbX4wUAHzH0yU=,tag:frst/SlL3sgmM+wRAgQBJQ==,type:str] + database__client: ENC[AES256_GCM,data:sr6EfhI=,iv:pOo9u6/twN/F7O9B2TDoB5Zs5FC60vyLYtvJVDMUtV0=,tag:v2CLpeiV5CVzLK7pKAFbKA==,type:str] + database__connection__host: ENC[AES256_GCM,data:f8eQyV/1OvXQdHs/DtW6q1NbHqLIqbMi,iv:F0ChUjxJunyuKG2hKwHjylaHTDLA9SgMNMMX93aHo7c=,tag:4DcCiD1JRSqPd/KQSsyHsg==,type:str] + database__connection__user: ENC[AES256_GCM,data:zq6qSDV2N18=,iv:Pdt16Av6sw6iAEBPDu6W06AFsgBq7wkhTaxkyQahhac=,tag:RJesMhyVRK5VFFsJQsWeoA==,type:str] + database__connection__password: ENC[AES256_GCM,data:irsrzl+G4+HHosntR8/Y6BEuHmi5WAJEsZf+jwzlsbo=,iv:29BoRix+4CpMIjcFKFFDXTxEaQjHwERUTvxWwUgkLas=,tag:WoB18ym4MxO20oAnqxP5GQ==,type:str] + database__connection__database: ENC[AES256_GCM,data:+tiIhcFt06I=,iv:kwX/n8+4LW5eKmST3wxhdvPcmZoxtEh6zJ+spbvccPM=,tag:ZlwXxLRfZ6XpGE3hRga/2g==,type:str] + url: ENC[AES256_GCM,data:iNCEULqcDoiGhvAA1y80mbL0+lOzCxo=,iv:lw+5Sk1tRPJFOqIKH1MaQn7RvG02Hg0kmLTIT7JSeNE=,tag:vGNQVyRrnu1kBLYNEdNIzA==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +34,8 @@ sops: UnE2NTVSSUp1OEVFVDd5bHJYOEZpaVkKqmw9GLZavqaPQOJjGhLqXo4ggfmFDgXz C9HNxeDVr2kY452gleVS/YFTPWo0QPevl0SjpZg2gvnz28qLDSNXYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-31T17:51:51Z" - mac: ENC[AES256_GCM,data:MMIdx3HIiclIbWDpMkxNiC9cGpzZysYtqZCObA8jBB39GdokRbIFaNS1JQuZ/6u3KyTj2X15HDvgphUWzjTIgl1nYvEumEj6ZyI82VqKP59BBOQ3jCz3rTvLqcqkI+HHd6CUzHehElS11xFZ1VV8CmcGrzhNtoGfIcpFr/7W0/E=,iv:HySrtTaz23uYOOOEnEDY34AGxFYyFRQ92xaD4kCQxe8=,tag:VqBbHcQIxJZRig+Krl3EFg==,type:str] + lastmodified: "2023-11-02T19:37:36Z" + mac: ENC[AES256_GCM,data:W1Q9cRmdgxtpREVPzbI9kF3wEFFkF9vWTek8n6sNEDyYd2sew9FQ0gaqoA2bSKro8ff4iLBpwChQIhM7AZbiw5CP0OjUZMWbcjw8YeJEwowIZ+jp3D4qrMuAfjdqhoAJf2G75RyWsChsRG2fPyQ0rVU0sPJf3haiA0MziZi97xM=,iv:yghPQbr5/CLZIeltIGPXYozs08KdcmypSOTO+OrZiHk=,tag:nIh+ntR5wcLJm2AihwhQ9A==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1 diff --git a/apps/ghostcms/resources/deployment.yaml b/apps/ghostcms/resources/deployment.yaml index 2e27c15..a4705fb 100644 --- a/apps/ghostcms/resources/deployment.yaml +++ b/apps/ghostcms/resources/deployment.yaml @@ -4,6 +4,8 @@ kind: Deployment metadata: name: ghostcms spec: + strategy: + type: Recreate selector: matchLabels: app.kubernetes.io/name: ghostcms @@ -12,30 +14,56 @@ spec: labels: app.kubernetes.io/name: ghostcms spec: + initContainers: + - name: plugins + image: ghostcms + imagePullPolicy: Always + command: + - /bin/ash + - -c + - '-' + args: + - | + if [ ! -d "/var/lib/ghost/content/adapters/storage/s3" ]; then + npm install --prefix /tmp ghos3 + mkdir -p /var/lib/ghost/content/adapters/storage/s3 + cp -r /tmp/node_modules/ghos3/* /var/lib/ghost/content/adapters/storage/s3 + fi + volumeMounts: + - name: ghost-content + mountPath: /var/lib/ghost/content containers: - - name: ghostcms - image: ghostcms - ports: - - containerPort: 2368 - env: - - name: NODE_ENV - value: production - envFrom: - - secretRef: - name: ghostcms-base-config - - secretRef: - name: ghostcms-secret-config - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - privileged: false - runAsUser: 1000 - runAsGroup: 1000 - resources: - limits: - memory: "384Mi" - cpu: "100m" \ No newline at end of file + - name: ghostcms + image: ghostcms + imagePullPolicy: Always + envFrom: + - secretRef: + name: ghostcms-secret-config + ports: + - containerPort: 2368 + env: + - name: NODE_ENV + value: production + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + privileged: false + resources: + limits: + memory: "384Mi" + cpu: "100m" + volumeMounts: + - name: ghost-content + mountPath: /var/lib/ghost/content + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + runAsNonRoot: true + volumes: + - name: ghost-content + persistentVolumeClaim: + claimName: ghost-content diff --git a/apps/ghostcms/resources/pvc.yaml b/apps/ghostcms/resources/pvc.yaml new file mode 100644 index 0000000..2b89858 --- /dev/null +++ b/apps/ghostcms/resources/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ghost-content +spec: + storageClassName: hcloud-volumes + resources: + requests: + storage: 10Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce diff --git a/apps/hedgedoc/config/base.env b/apps/hedgedoc/config/base.env index d9245e1..d2265e3 100644 --- a/apps/hedgedoc/config/base.env +++ b/apps/hedgedoc/config/base.env @@ -31,6 +31,8 @@ CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username CMD_IMAGE_UPLOAD_TYPE=minio -CMD_MINIO_ENDPOINT=minio.minio.svc.cluster.local -CMD_MINIO_PORT=9000 +CMD_S3_BUCKET=hedgedoc +CMD_S3_PUBLIC_FILES=false +CMD_MINIO_ENDPOINT=2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com +CMD_MINIO_PORT=443 CMD_MINIO_SECURE=true \ No newline at end of file diff --git a/apps/hedgedoc/resources/config.enc.yaml b/apps/hedgedoc/resources/config.enc.yaml index 87973d7..ac1bce8 100644 --- a/apps/hedgedoc/resources/config.enc.yaml +++ b/apps/hedgedoc/resources/config.enc.yaml @@ -5,8 +5,8 @@ metadata: type: Opaque stringData: CMD_DB_URL: ENC[AES256_GCM,data:4nqueG0hIb5fPQbPJll+keWZVODpFxBUhVkeHTKJ2/J8Kpj8DMuU41HLQ1+iGFiUtEdv2LPvbgDOeXT4UR3zjDdGL96SpKbLQIKQlNjPWNfUXeHASkiIiMHh9Y7z3d/s2coopzk9ULTHs5XIMywCUoY8DX4=,iv:drx1hQdbsLbPSojSL79TFop1wni2KxNPJ+KwlOL9WQo=,tag:4JbriWueqRye/n3rnBpSkw==,type:str] - CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:X35aVIq7gnKpmqDRc7GTPA==,iv:awU1uonCr4xtgUB5/aFWWQOH+ztD8VQVj4b0wX/Lrwg=,tag:5VYSNlAVGuW1WGQHJfrsvA==,type:str] - CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:jM21N3cxeiKh/IJJY9Tka4cj77yzTmI6F8lxA/H69XErUnOy8Ve8NQWCGb6NkZvHCVelfs2FUoPtVitNbXte,iv:jNVspSWVTCco0R6sbRdn8EyIzA5YPziMzUrpf0q57ow=,tag:Oo6ppZnPo9umgCYMEDC8Zg==,type:str] + CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:VqudURssSgmCDVhCRjak2TDG10pwvCNfi0w9FlEh4SI=,iv:VGavO528JfqsUVyvWSAlWkMTXJAmLUablaGZ3VCEtq8=,tag:unvEa2k/9AzfVMEnhCDB1Q==,type:str] + CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:/iQq6wnoH/WwEzApap6szpr7z+KZJ+twcuINgqtbHOMDXeVz9Yi7cjC0hGlqQHZTCO4jR5gp+OwdIkzRk0zDsw==,iv:1OHm8K3AA340q0xkNCF3RsPpcpKmUE5Yibu+IWIZ7+E=,tag:cB/pckdoEZQlzlRVWoYKmA==,type:str] CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str] CMD_OAUTH2_CLIENT_SECRET: ENC[AES256_GCM,data:biyLVbyONbJK2V16Zz9/MVdpdqu3iTzsyBVx0iKK5MCyNfU1Y0lV9g88w44junGvvby/LWOAEGs=,iv:uSRtuu+bHpt8JOVfw5BpCXjqWW07x0jJ8Ja2pIcoQf4=,tag:He4d6BrE1V9OJbNH3hrPcQ==,type:str] CMD_SESSION_SECRET: ENC[AES256_GCM,data:Nq6arL1aE69BeTRjx4pA90xZqcOtqOb3R/Zt98FyIVd+Uq53dWsqURG2M+IQpvl9MEpY8FpUNY0=,iv:JaOAe8YgNVnDBzV2x1TSqMJq36Qwqazk6cCkWwseBZc=,tag:FMKKOhow/w5HLwfNarQdjQ==,type:str] @@ -34,8 +34,8 @@ sops: ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-25T20:06:34Z" - mac: ENC[AES256_GCM,data:WbkEZi02UASYMudLJVaQpuB7blx4UDm80dBiN0zPad6n5tRs+W0g5cahhMa9LkFH6mlUQbGTk4ndjQZgVeXVBE8LKyfvz+tlAP7+OR6yFx3AsHG1KCORolDJkFAQbqmV6fprvE0OxZZgPtu6OkSEMw2s5tdpRYr2EV1E2y7X0NU=,iv:AUeybEhdKQJNqBtTgpLWojk4x0aEpT5QFisEAQCFmWg=,tag:hAWw0vd8lzKeWbS1nb7fJA==,type:str] + lastmodified: "2023-11-08T19:19:28Z" + mac: ENC[AES256_GCM,data:mG1SOLX1AFuPuJ3v8o12ofU+rHD/Iwwp3xFfIoayHp+K/w8btnwZ1rrbzZLRwZfR2nnxF9Rn4UZ2d1v6B9z2Dlz/p4EDc2pDyyhgWFCoJgf1J3w7Gj7b1C9ukoGrxcQ0RaZjhhZrU0XjN5EyfTgxcl1e5UahOrHVUu5OMBukkKg=,iv:2M5gtUdMpsYmLZkuaWXoHGGKPM9pvXwEpqqRjhSN8yo=,tag:ORpppvL5KKXRVgIwAoTOCw==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1 diff --git a/apps/hedgedoc/resources/deployment.yaml b/apps/hedgedoc/resources/deployment.yaml index 518c53b..b52c4fc 100644 --- a/apps/hedgedoc/resources/deployment.yaml +++ b/apps/hedgedoc/resources/deployment.yaml @@ -24,6 +24,9 @@ spec: - containerPort: 3000 protocol: TCP name: web + volumeMounts: + - name: upload-tmp + mountPath: /tmp resources: requests: memory: "168Mi" @@ -40,4 +43,8 @@ spec: securityContext: runAsUser: 1000 runAsGroup: 1000 - runAsNonRoot: true \ No newline at end of file + runAsNonRoot: true + volumes: + - name: upload-tmp + emptyDir: + sizeLimit: 500Mi \ No newline at end of file diff --git a/apps/nocodb/config/base.env b/apps/nocodb/config/base.env index 0077731..0d3bb01 100644 --- a/apps/nocodb/config/base.env +++ b/apps/nocodb/config/base.env @@ -5,7 +5,5 @@ DB_QUERY_LIMIT_MAX=1000 DB_QUERY_LIMIT_MIN=1 NC_JWT_EXPIRES_IN=1h NC_DISABLE_TELE=true -NC_S3_REGION=us-east-1 -NC_S3_BUCKET_NAME=noco NC_ADMIN_EMAIL=peter.kurfer@gmail.com NC_REDIS_URL=redis://nocodb-keydb:6379/0 \ No newline at end of file diff --git a/apps/nocodb/kustomization.yaml b/apps/nocodb/kustomization.yaml index 9329f11..0cdf33d 100644 --- a/apps/nocodb/kustomization.yaml +++ b/apps/nocodb/kustomization.yaml @@ -6,7 +6,7 @@ namespace: nocodb images: - name: nocodb newName: docker.io/nocodb/nocodb - newTag: "0.202.4" + newTag: "0.202.5" commonLabels: app.kubernetes.io/instance: icb4dc0de diff --git a/apps/nocodb/resources/config.enc.yaml b/apps/nocodb/resources/config.enc.yaml index a3aa246..3aa7fad 100644 --- a/apps/nocodb/resources/config.enc.yaml +++ b/apps/nocodb/resources/config.enc.yaml @@ -5,13 +5,10 @@ metadata: type: Opaque stringData: #ENC[AES256_GCM,data:Hs6V,iv:5x3mHRFQ64to+CJGDDx+JNW1IEnHJ/ybe6JeecPJNeE=,tag:PBkuJceINQDF0YdjqmtcjA==,type:comment] - NC_DB: ENC[AES256_GCM,data:OkLE4jyqG4jH0bSH0bU0oGrm5ARbXOaw91MQOM6IfqVMOd0Z+Z9z6bHc1iFrt5NvQlNeJm/ivHxaj3fX0kyOp5Y5JQq9sJfkOPaOxYbI2Z5VCQymxFreT/5sH/it8cLqpkt2G5r1PIpch0p3,iv:nuv8A73AYhCWhIRp0o3IN2YV0xo7l/gtlv8EgBeJ4uk=,tag:FyNH9FvTz3P+kod52kCHLw==,type:str] + NC_DB_JSON: ENC[AES256_GCM,data:z2Ersb4CH2aQKdO8f4lxWfxUnNvYA5ese5hMsAnDT5uuaSGCUIIOEYhbREbbu/3rZhIrOMm10S3DZAlDDmc+Z1a4UeRHTsO5WEA9eyMG4mq5+6FV2FELORn+23jhpLgn9rP17IP5fSPlmWp6RdGsdsvXCFbHrz5YEofIlxJYQDL8ix/toTkVjKynNheqzU2bSyTQTfC7ZzDmGaCw43OtB4lo4S1flrNDyZubsqIAM3E8igOCTLbXf7ak9AMwTIs2jo/HAj5ErWXcdgBUZkNOPOYGbdKAIBdMS49EUsX4k5CAKZEmU14VGdWYwwpthAQ2osOELuZleXdlAdkhqFGgBG5zwKpDqV5EZ9HkbQtgL81gDnVR+nVXgU/Lnor2qS32szWl3xNskk0wyB/9OdbvJwV4L9yuLW0rwWI07aBWRACfXAvtDL/kUi7YPzC2ZueFw6628Bfjif3gUbm++plNpkDPKJw+MJRXvDqjCnB+ewaZ7O1nqQh7BjO0ZjkrOsJqm1HaCr8FpXVc5i8PrkYCIPrVA8zcdbu7AO/ngLpmN7AfcXOwjXKdFKdtwVgkK3mJBh976vGFRPTc0+4ENt3OnDVRIb+A0AdGuqWWNp9ctkjDGv4Ne2sH7dwCnnK0r0yORyfkr5ZQRUT8YCd42hUnEUlP54TDBMH9ZOpZX/nYKbv9BfFPRPP44hbYElkLtwAM02DkJX9EEW2yILGVE/roMrDlham+VNNSB7/Hrm7aUEWYwOBk9XghxOC1vhrxaG9LPZHhsKBakX/Jz1I3lWpcDf4ILa4clfej4M5gYwzMYY9P38G+MAzjnmyrjrgSvPVw8dZw9d6X4X+CRNKPXWm2UYLQHFHODkx1F4yH3aXQUy7nkCosX9SK03/kuBFo5FcARSudsYDJ9Y8SSTVtn3rTJeZF2hFww5tstZ3Ca0jTz75kaWYwvj4DpCd3AKw7/b9pw6DNCpPg07ipFI+fPjLVY+wXy1S+e8HmB6041BiMmc3dDyd4r0vuCH8a8b3Gna6/E4SyQWEv2dhEBAcKb5Eekdf8u9aSMjT7z9fVfrG7V5FQXZ+U46OgbNIUYKzQkJzO5WfRwVhbtUWlqV+YGIaBdq4V6lt0eNq5gdWSgY4pXLBOFtELbJN4wkwqeNh30vJAqmyT+SzfZxxEhire/kRAUFArql2m1aaWUEUw1rwMED8NIRryrQsBSirUFtHPSJM8NtU5/9bvZmS73prn3PTYJfKSVxD8b4c9/5O8WMWL9DxcLNRt863DT1p/RzA=,iv:dLiu9WddIz9iO3cOT7jny4PpdxiN7R/YccF/aaEy6Rc=,tag:w71GGULEaSzy0vrh4gOLvQ==,type:str] #ENC[AES256_GCM,data:MQnRuJg=,iv:E82k3W8MaSx0BM7hXCkY1tN+H7D5S1kDPKmvP3Gi4/4=,tag:H4502GVmN8WvwPsiek5VpA==,type:comment] NC_AUTH_JWT_SECRET: ENC[AES256_GCM,data:Js/NIpruZBw9hqvEP8cC0poEh5jf99mPd7fpDEJYsfNf5bGNN1hdXgypl8Y=,iv:aYw84L2YA4NBkICn/kP8eo345O4hEE87MwodzmlAGZk=,tag:5wyFoE9zpV9bp1ltheVHIQ==,type:str] NC_ADMIN_PASSWORD: ENC[AES256_GCM,data:sKchDix8Q5VtC56G6cjT1rbO4h0/wzy+bFm9TUbhtvA=,iv:eR7nEDGn18t8hPMZK2xV26EvmrGmiWGuGFF1vgR0giA=,tag:KHLXghuZ8FE2oQ5HOkQbiQ==,type:str] - #ENC[AES256_GCM,data:48558Bjlc8t8SgJRrG1FH1Bs,iv:7wiJ1kI5A373sHUZXdHzJVC+jRTtI9fCLal3uo3TQXg=,tag:QOC0SCF9aJQNp/Gir6UyMw==,type:comment] - NC_S3_ACCESS_KEY: ENC[AES256_GCM,data:5KLAyGVTRJmdv+Pf4VLtxA==,iv:YluvNO+9YH9i/kJiiAwriQx5+zd1WXuvR0Grne8hHk0=,tag:WsULzFKDgHspG/hfBLQuOg==,type:str] - NC_S3_ACCESS_SECRET: ENC[AES256_GCM,data:Zquz2bKAYoHYWvKde1HqlNSC7kD66xYS9ZU51RYvWaYZGCk1vP+mC1iqmSRn0L9yjictpDJU6QtTzm9QTDBT,iv:oHaWAXWIqdz3DCtTuzeoN1OGE4dn6iNKR43b/VF4Evo=,tag:+1ROQuBjpceJHDkCFhz4Yg==,type:str] sops: kms: [] gcp_kms: [] @@ -36,8 +33,8 @@ sops: UmFSZEd1ekI1alFVOG1qUVNBcHFUQlUKW7idC59jIRv2NgxxwDIMAYRe9tvBI6or rjkpmb3b1ONLX470pY4FtmejOw02rm7YoeFTLPSePQgeK/+7tE3P+Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-26T19:51:21Z" - mac: ENC[AES256_GCM,data:Fv6ttgDO4Y+SOwxNh6Qa14EZXvYbao9SL8wekODKs4S7jhY16pGfziMkqWXkc7pzb+BszeBO9Ajc+XZ5GpGg5EAbSdb8faZgsg1lBN6JM4ptbV7E8F6wB3iBNDb0aW4W3Oq35b4CBzjUbP7Sh+SkxnSpla8LLK/wZTs+fMhkTZs=,iv:3KjNdKoM3FEvlaT0YeeQVcBSoc3v1exmBl0FYYCXrLc=,tag:E1qsnAqpCMUjE9Xng9EQdw==,type:str] + lastmodified: "2023-11-08T20:15:51Z" + mac: ENC[AES256_GCM,data:Hvm/nLFI9TV9r8QxLzGM/dWRTX96TFcSUlEo1Q5nWfXym3pAI8LXqtxOri8IF9aZYdo87G9u3K+IPoGHL+1rYchYRF5O9T/Dez5lm9rMBc0z3dvq3gU0HKVjNaK9bso0b7Z90VSilbb7S0ZgI8gd2Xc//jgKnRrlMTeNVVgICQ0=,iv:icFu9+L4zlFLY62J7z+/1xwkTilUh2a1ZhrkCkbWyPI=,tag:L5QgfT9w2S2N+EIugXABuQ==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1 diff --git a/apps/nocodb/resources/deployment.yaml b/apps/nocodb/resources/deployment.yaml index c3b1a9e..c1fbe68 100644 --- a/apps/nocodb/resources/deployment.yaml +++ b/apps/nocodb/resources/deployment.yaml @@ -32,6 +32,8 @@ spec: name: nocodb-metadata - mountPath: /usr/src/app/ name: app-volume + - mountPath: /tmp + name: app-tmp livenessProbe: httpGet: path: /api/v1/health @@ -72,6 +74,9 @@ spec: - name: app-volume emptyDir: sizeLimit: 1500Mi + - name: app-tmp + emptyDir: + sizeLimit: 500Mi securityContext: runAsUser: 1000 runAsGroup: 1000 diff --git a/apps/postgres-operator/kustomization.yaml b/apps/postgres-operator/kustomization.yaml index 383aded..2200e73 100644 --- a/apps/postgres-operator/kustomization.yaml +++ b/apps/postgres-operator/kustomization.yaml @@ -1,8 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: postgres-system - labels: - includeTemplates: true pairs: @@ -23,4 +21,8 @@ resources: - resources/rbac/service_account.yaml - resources/rbac/role.yaml - resources/rbac/role_binding.yaml - - resources/manager.yaml \ No newline at end of file + - resources/manager.yaml + - resources/db/default-cluster.yaml + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/apps/postgres-operator/resources/db/default-cluster.yaml b/apps/postgres-operator/resources/db/default-cluster.yaml new file mode 100644 index 0000000..c63f61a --- /dev/null +++ b/apps/postgres-operator/resources/db/default-cluster.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: postgres-operator.crunchydata.com/v1beta1 +kind: PostgresCluster +metadata: + name: default-cluster + namespace: postgres +spec: + image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1 + postgresVersion: 15 + users: + - name: postgres + - name: coder + databases: + - coder + - name: drone + databases: + - drone + - name: fider + databases: + - fider + - name: forgejo + databases: + - forgejo + - name: grafana + databases: + - grafana + - name: hedgedoc + databases: + - hedgedoc + - name: nextcloud + databases: + - nextcloud + - name: noco + databases: + - noco + - name: vikunja + databases: + - vikunja + - name: zipline + databases: + - zipline + instances: + - name: instance1 + replicas: 2 + dataVolumeClaimSpec: + storageClassName: hcloud-volumes + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 10Gi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + postgres-operator.crunchydata.com/cluster: default-cluster + postgres-operator.crunchydata.com/instance-set: instance1 + + backups: + pgbackrest: + image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1 + configuration: + - secret: + name: pgo-s3-creds + global: + repo1-path: /pgbackrest/default-cluster/repo1 + repo1-s3-uri-style: path + repos: + - name: repo1 + s3: + bucket: backup + endpoint: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com + region: us-east-1 \ No newline at end of file diff --git a/apps/postgres-operator/resources/db/pgo-s3-creds.enc.yaml b/apps/postgres-operator/resources/db/pgo-s3-creds.enc.yaml new file mode 100644 index 0000000..79f5b0f --- /dev/null +++ b/apps/postgres-operator/resources/db/pgo-s3-creds.enc.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pgo-s3-creds + namespace: postgres +type: Opaque +stringData: + s3.conf: ENC[AES256_GCM,data:nd12eOx2aXNyvUyNxZVP7v9dgh/P51f5UM+vgvP2odnBX9dzE79/2/kI5dn/hJsa/6Jibmk/3Pvexl9PTc1BmYFogVXfkVH04RhH1iaP6Jsl8oycIaG4oPdPgfwSseZlGCmSIBP+GTRoQ8mUmNDVxaSb4SwYHI9vjTalxoSyo+vnE8ABBt7h5J5QgXo=,iv:av60ntIqiRfv7gum585jjO1McCOXmMVD+voBuWfukm0=,tag:+GgMk3Z16JFyfLvsHH/m0Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoU3pnbVhrREF3d3ZiU040 + UjU1TUMraXhlV0k3aGprSnZvaUZncDU3Q1hFCkZtMklKS0VWS0w1SllxQ3lKYmxC + b2NFSitjSEtqMEpiZnNmeEhPb2RBa28KLS0tIFYxQ2w1aW1zaFVGY1RZekJVOEdH + UGZwVWhNTHdCS1hDMjJYcy9kVittTlEKLMWQALBbEmqMLx2gGMWr6m6CHb7vP9k3 + lIZNhA5nwpH2R7TSbbNpnzsq3yhC9ClM8smfAmr+02rUK6T4RYaZiQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RVRxb2h5WjRFc0xBdE5m + b0JrbHJvM1pCZDlFVXU4bG0wdVpnQjRRaUd3CmphMU9LbGx4NURrNUlUekJMUHN6 + ZVFncDgvcXdNeVVjSk52LzZ1N2NmSk0KLS0tIEJvQlBnNHFEQnVvZFZESDlRSHox + RHhmT1VJWHNsK2QrS1p1dEkyM2JrcTQKs4gzaEY/ofkMHkD03Yu9JIgnR12c5LWm + 2bwb+wJ056Sxz2jwC66gW2F7CcX8tIBOuWW99JqfHhFBj9oYZGoDxw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-11-07T18:09:57Z" + mac: ENC[AES256_GCM,data:yndsk1ZStyVRDFm8h3dTARBzsiXAgWNNvrVmQeHuzYAYO78UxDXljbuQHBIJHGpSD4jEZl569cy3VY8Wk8ulUHHJM82LSMtYeAabv3GMJIpPxMHsczngBpbqmLQEpW6Yb6EB8eY7F8gL0MtZu46r4Dw9zZJKmGW6V1cIPK6G6As=,iv:udMhvZbf966Rdyl/2I/0IQL6kOvUOY4OSQMj+bWEKvM=,tag:BQPy3GoWP9FKcH6+o4B/8g==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/apps/postgres-operator/resources/manager.yaml b/apps/postgres-operator/resources/manager.yaml index 3df7948..c8249d3 100644 --- a/apps/postgres-operator/resources/manager.yaml +++ b/apps/postgres-operator/resources/manager.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: pgo + namespace: postgres-system labels: postgres-operator.crunchydata.com/control-plane: postgres-operator spec: diff --git a/apps/postgres-operator/resources/namespace.yaml b/apps/postgres-operator/resources/namespace.yaml index fc96571..0f6f46f 100644 --- a/apps/postgres-operator/resources/namespace.yaml +++ b/apps/postgres-operator/resources/namespace.yaml @@ -3,5 +3,12 @@ apiVersion: v1 kind: Namespace metadata: name: postgres-system + labels: + prometheus: default +--- +apiVersion: v1 +kind: Namespace +metadata: + name: postgres labels: prometheus: default \ No newline at end of file diff --git a/apps/postgres-operator/resources/rbac/role_binding.yaml b/apps/postgres-operator/resources/rbac/role_binding.yaml index 1503ee9..2d515c4 100644 --- a/apps/postgres-operator/resources/rbac/role_binding.yaml +++ b/apps/postgres-operator/resources/rbac/role_binding.yaml @@ -11,4 +11,5 @@ roleRef: name: postgres-operator subjects: - kind: ServiceAccount - name: pgo \ No newline at end of file + name: pgo + namespace: postgres-system \ No newline at end of file diff --git a/apps/postgres-operator/resources/rbac/service_account.yaml b/apps/postgres-operator/resources/rbac/service_account.yaml index 2524456..ecc1114 100644 --- a/apps/postgres-operator/resources/rbac/service_account.yaml +++ b/apps/postgres-operator/resources/rbac/service_account.yaml @@ -3,5 +3,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: pgo + namespace: postgres-system labels: postgres-operator.crunchydata.com/control-plane: postgres-operator \ No newline at end of file diff --git a/apps/postgres-operator/secret-generator.yaml b/apps/postgres-operator/secret-generator.yaml new file mode 100644 index 0000000..5b77529 --- /dev/null +++ b/apps/postgres-operator/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: postgres-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./resources/db/pgo-s3-creds.enc.yaml \ No newline at end of file diff --git a/apps/vikunja/kustomization.yaml b/apps/vikunja/kustomization.yaml new file mode 100644 index 0000000..15f548f --- /dev/null +++ b/apps/vikunja/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: vikunja + +images: + - name: vikunja-api + newName: docker.io/vikunja/api + newTag: latest + - name: vikunja-ui + newName: docker.io/vikunja/frontend + newTag: latest + +commonLabels: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +resources: + - resources/namespace.yaml + - resources/api/pvc.yaml + - resources/api/deployment.yaml + - resources/api/service.yaml + - resources/ui/deployment.yaml + - resources/ui/service.yaml + - resources/ingress.yaml + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/apps/vikunja/resources/api/config.enc.yaml b/apps/vikunja/resources/api/config.enc.yaml new file mode 100644 index 0000000..9c20734 --- /dev/null +++ b/apps/vikunja/resources/api/config.enc.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vikunja-config +type: Opaque +stringData: + config.yml: ENC[AES256_GCM,data:tmSeQoniqMDqsVqhpBvEZaSgQtXXwJFShVtwaUW/z43tsOybO38w1NkkyjPnOxVLb0SWkznSG5bDdvDPEXgk7EXBA2N29+hnDpp6kxE2MPQbIzLlNgZrfLC6tjEZtezOmXrZE6Xb5kleljuHFN+ph9WGes2m/ha7++fVKf/GD48MytqmC7SPBAJpitROXfx8NkqI2fhJIHkBhRsfTVy4Ur69dTryFt7xGLsC1ckxOWZebf7TYj10bpVPLAtxyLN7Os+l4Hl9GGbfjWMQ9lkSzIat3l4BNnkIWoZ2CoRqla2z/POn1crMJm7xeMkx1f6yB45NQM9r+/9HSbk3LDNGw5rgqrwkShj+/aXk2ePzGJK5O6zUSUidZpPpTLmxPNSaCu7QVmz6XR9zfzoXa4Ppdee4vbnqTa6FxUeM/oGcFI68X8kqRR+UImbjTrFKzFOPRw3hU7zHVwg2Wzh/k/4R+GNpLTLU+RlrT3dw9IvRFIERb15XTJzfId5+nWIxoMaH6tjaib84HVe1wtaRahYZNoYi7WZ748fiSx1b+AWRnxhCfK2EsQjul5Zdh2SSkYZysHi9Bmog,iv:K41jhC1s98trTYvcceAQOxx+ckAHrx22HLa5U6CYxWk=,tag:r7m/tjgYfaW3Wpfl8cJKTA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRkFMcWRyNE9tMU5NVkVs + UmNsSFVDN3k4SDJxK2tva1Rza2xuR2ExcUhVCndua28xNUZBaVlGeTJ0TG0xMlpo + cTB5ZTBkMzZ4NW03T1ZacmVGRnZMUXMKLS0tIEYyVGdMZlVCTHREdnBOR3h3NU4x + UzBWYXdMS3RadXpEQmN6cVBBUUpHWkUKugUfHbVc5+0597P5r8k8bAIcXHx2BfFe + DVdOoxLasWTXvz1GWTFuzvin3Z42GB9zCnjfzkEnwXbATwQy26MhaQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndE9JcHB5NWtBRDZLYTQ4 + QXhJRG93bEtXYUlmRWhKWC93Mng2YUtDN2ljCmE3RklOdTN2dE42Q0RSc0djSXpX + UzBkdXRPVHJ2YUFDR0REeSt5YS9NNEUKLS0tIGJGR0pBWUp3Vm5tMVNneUtaQ1NB + UnE2NTVSSUp1OEVFVDd5bHJYOEZpaVkKqmw9GLZavqaPQOJjGhLqXo4ggfmFDgXz + C9HNxeDVr2kY452gleVS/YFTPWo0QPevl0SjpZg2gvnz28qLDSNXYQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-11-03T13:04:43Z" + mac: ENC[AES256_GCM,data:V29XEZk91KgM0cgTFO6qtwWcY73o+mSFTEVw5MN/NJoEPEHtzcnGXVcHePSvtVEWdWajOX8mz51WM/5sV/B3+Iah3tHNXXzlyCte/kBBa+8NTWvWXSrVUAY0b+W7kRAaAHtXIwYrHwMGkyN+lvNRTAXEcs21OSmM7n375nDsmlY=,iv:wTEKdY34e6B1lxM9qiOGcm5MWIa7RP5wYewwafz+X7A=,tag:XoGiBJwplBWyhVcqaJhkng==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/apps/vikunja/resources/api/deployment.yaml b/apps/vikunja/resources/api/deployment.yaml new file mode 100644 index 0000000..f6038c5 --- /dev/null +++ b/apps/vikunja/resources/api/deployment.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vikunja-api +spec: + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: vikunja + app.kubernetes.io/component: api + app.kubernetes.io/part-of: vikunja + template: + metadata: + labels: + app.kubernetes.io/name: vikunja + app.kubernetes.io/component: api + app.kubernetes.io/part-of: vikunja + spec: + containers: + - name: vikunja-api + image: vikunja-api + command: + - /app/vikunja/vikunja + env: + - name: VIKUNJA_DATABASE_TYPE + value: postgres + - name: VIKUNJA_SERVICE_FRONTENDURL + value: https://todo.icb4dc0.de + - name: VIKUNJA_DATABASE_SSLMODE + value: require + - name: VIKUNJA_DATABASE_HOST + valueFrom: + secretKeyRef: + name: default-cluster-pguser-vikunja + key: host + - name: VIKUNJA_DATABASE_DATABASE + valueFrom: + secretKeyRef: + name: default-cluster-pguser-vikunja + key: dbname + - name: VIKUNJA_DATABASE_USER + valueFrom: + secretKeyRef: + name: default-cluster-pguser-vikunja + key: user + - name: VIKUNJA_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: default-cluster-pguser-vikunja + key: password + ports: + - containerPort: 3456 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + privileged: false + resources: + limits: + memory: "384Mi" + cpu: "100m" + volumeMounts: + - name: vikunja-config + mountPath: /etc/vikunja + - name: vikunja-content + mountPath: /app/vikunja/files + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + runAsNonRoot: false + volumes: + - name: vikunja-config + secret: + secretName: vikunja-config + - name: vikunja-content + persistentVolumeClaim: + claimName: vikunja-content diff --git a/apps/vikunja/resources/api/pvc.yaml b/apps/vikunja/resources/api/pvc.yaml new file mode 100644 index 0000000..b219c88 --- /dev/null +++ b/apps/vikunja/resources/api/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vikunja-content +spec: + storageClassName: hcloud-volumes + resources: + requests: + storage: 10Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce diff --git a/apps/vikunja/resources/api/service.yaml b/apps/vikunja/resources/api/service.yaml new file mode 100644 index 0000000..255dd99 --- /dev/null +++ b/apps/vikunja/resources/api/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vikunja-api +spec: + selector: + app.kubernetes.io/name: vikunja + app.kubernetes.io/component: api + app.kubernetes.io/part-of: vikunja + ports: + - protocol: TCP + port: 3456 + targetPort: 3456 \ No newline at end of file diff --git a/apps/vikunja/resources/ingress.yaml b/apps/vikunja/resources/ingress.yaml new file mode 100644 index 0000000..aa55542 --- /dev/null +++ b/apps/vikunja/resources/ingress.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vikunja + annotations: + gethomepage.dev/description: ToDos + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: vikunja.png + gethomepage.dev/name: Vikunja +spec: + rules: + - host: todo.icb4dc0.de + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: vikunja-ui + port: + number: 8080 + - pathType: Prefix + path: /api/v1 + backend: + service: + name: vikunja-api + port: + number: 3456 \ No newline at end of file diff --git a/apps/vikunja/resources/namespace.yaml b/apps/vikunja/resources/namespace.yaml new file mode 100644 index 0000000..2066398 --- /dev/null +++ b/apps/vikunja/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: vikunja + labels: + prometheus: default \ No newline at end of file diff --git a/apps/vikunja/resources/ui/deployment.yaml b/apps/vikunja/resources/ui/deployment.yaml new file mode 100644 index 0000000..9be7cfd --- /dev/null +++ b/apps/vikunja/resources/ui/deployment.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vikunja-ui +spec: + selector: + matchLabels: + app.kubernetes.io/name: vikunja + app.kubernetes.io/component: ui + app.kubernetes.io/part-of: vikunja + template: + metadata: + labels: + app.kubernetes.io/name: vikunja + app.kubernetes.io/component: ui + app.kubernetes.io/part-of: vikunja + spec: + containers: + - name: vikunja-ui + image: vikunja-ui + env: + - name: VIKUNJA_API_URL + value: https://todo.icb4dc0.de/api/v1 + - name: VIKUNJA_HTTP_PORT + value: "8080" + resources: + limits: + memory: "128Mi" + cpu: "50m" + ports: + - containerPort: 8080 \ No newline at end of file diff --git a/apps/vikunja/resources/ui/service.yaml b/apps/vikunja/resources/ui/service.yaml new file mode 100644 index 0000000..145fcdb --- /dev/null +++ b/apps/vikunja/resources/ui/service.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vikunja-ui +spec: + selector: + app.kubernetes.io/name: vikunja + app.kubernetes.io/component: ui + app.kubernetes.io/part-of: vikunja + ports: + - port: 8080 + targetPort: 8080 diff --git a/apps/vikunja/secret-generator.yaml b/apps/vikunja/secret-generator.yaml new file mode 100644 index 0000000..afb66ee --- /dev/null +++ b/apps/vikunja/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: vikunja-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./resources/api/config.enc.yaml \ No newline at end of file diff --git a/apps/zipline/config/base.env b/apps/zipline/config/base.env index a51a5c9..8f703c2 100644 --- a/apps/zipline/config/base.env +++ b/apps/zipline/config/base.env @@ -3,10 +3,11 @@ CORE_HOST=0.0.0.0 CORE_PORT=3000 CORE_LOGGER=true DATASOURCE_TYPE=s3 -DATASOURCE_S3_ENDPOINT=minio.minio.svc.cluster.local -DATASOURCE_S3_PORT=9000 +DATASOURCE_S3_ENDPOINT=2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com +DATASOURCE_S3_PORT=443 DATASOURCE_S3_BUCKET=zipline DATASOURCE_S3_FORCE_S3_PATH=true +DATASOURCE_S3_USE_SSL=true DATASOURCE_S3_REGION=us-east-1 FEATURES_INVITES=true FEATURES_OAUTH_REGISTRATION=true diff --git a/apps/zipline/resources/config.enc.yaml b/apps/zipline/resources/config.enc.yaml index 835354b..09a7a08 100644 --- a/apps/zipline/resources/config.enc.yaml +++ b/apps/zipline/resources/config.enc.yaml @@ -4,10 +4,10 @@ metadata: name: zipline-secret-config type: Opaque stringData: - CORE_DATABASE_URL: ENC[AES256_GCM,data:yfEb6JfVXws1d9hgLggSCMd3Wj6IN9oul9Atc3mnv6Wf61b7RXzvRxAm6Jh9kI8/4Rujb5AAfUGSFcfSFGTtLE+ZrCNO5FN+sYmviDpegMBZPLj0/FBipCsAqqhbVMjDpIgIzFsEDplJ+w5loY3LQvLs,iv:TDED4Us+87Y58SiBZMLbjo98uEFaQoQGoMz5VtoR16M=,tag:mUlgfZEDyTRcjNIyygBQsQ==,type:str] + CORE_DATABASE_URL: ENC[AES256_GCM,data:5wI/kj0+X2vx4898sQS9Axhgp20IQh1xpbQgZOgobvYRvPxni7ad3RDd6misLSGF4eTeNWn7LQltf5aONGmvC6C6ueAF+sZhnzQPRfXZS2msiL8CtWXaON3Vo+boPqUNfoGHpg2+NH3tm+L1r3HwZDQkWg==,iv:hMTkTw/oLPFs4XVRnCViKNxKmE7OBlcLQa+aXgqnWes=,tag:Au1mkU0XBQPPumGvx+VWvw==,type:str] CORE_SECRET: ENC[AES256_GCM,data:taa93xNb8h0vUVdWgDQ69+PQr541weQQmGJWau+2fXdTm13VtOLv2sH430Y=,iv:vxh60WKz2MM62O1AA4Uzxsz8rvxkdQTKxBfpjAOa1KY=,tag:OF5fOv5W+2U4yaRHOo2ohA==,type:str] - DATASOURCE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:v9qPjC25URN5AANOsXYCpQ==,iv:PuBrLEVmME3nFLPLW/KZQ9cBm0xjdLJg3NZ+ywktP2E=,tag:Xy0xeViZ1TD4g72VdpCSrA==,type:str] - DATASOURCE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:YkErE1Enmw70fD53Q1xs175zm58SGPblj3lUXFwG01i7vLXFPhlw3MezcF9Oi6a9Lobw/NzYVhXVaZZjVJ8w,iv:zy/F9GwdE2aR3sGCd7aCurcsBRI5e0qHVqvBuZxFtm0=,tag:1DstmxoIX0yCe4X5Gz4YeQ==,type:str] + DATASOURCE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:WcbIP7ir/5/j14GSXprxNGSQxnNhSxZHdqNk5k4EKy0=,iv:fCWBiA2vXbNFTQhjaoOl5Lhy5oKmIfnJr80El3O2SXY=,tag:uaPwWdtR2y07nuxzti14JA==,type:str] + DATASOURCE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:52dOiJH4BxDVgHBLGAHVv0yocB4VWJx7RPUQ4ge012T9gU8k2jYJ2Y3aL3Y+mFqdB24S6HJZ918dR0aglhiQyA==,iv:j+cs1zkb3VY3AVdbGeNcdIJ1S9ytSwfxwGt5/S96dsI=,tag:iy+Xgc97GierA74BYtHMZg==,type:str] OAUTH_GITHUB_CLIENT_ID: ENC[AES256_GCM,data:7a773t7iacejEQayPqUbkKxL2XY=,iv:tfZuc2oTEmB/LI1BvPTbPVoA07kSW0AG4FH+8yJ72/A=,tag:B/kD0/rOW38trSpe+LVH5w==,type:str] OAUTH_GITHUB_CLIENT_SECRET: ENC[AES256_GCM,data:IgxkqECtYbUdc3u/o2AATlQVkVPtcRU0+zvjwBLWNoPYdneWd2YBJg==,iv:XQq/HjK3wca31T8g5zqIreJ58Ar6GptLK3Um0Eh1CHY=,tag:lfvAOFAtj57mPPHdIdW7mQ==,type:str] sops: @@ -34,8 +34,8 @@ sops: eEQxM25tM2FxY1RvNEhxQWk2cE1wdTgKFq1rbrN1ScKuujg2xyRaESwswoMu2+zr LvIVDhLTl4jyUb0WH8Iy8/xQhUhsp7KJnccXFoCc5TFE7QzEKfrv6Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-26T18:54:35Z" - mac: ENC[AES256_GCM,data:Vzm8EBTJXvPNFeV/6UlnVzeId41SiiVpEftTdrDBxTD+5bDU6xq047MzLGGzo4dhFmxOXD7PMbQw40fcEZz2+DT9BOzuk8JBDIN7d+WhOtrwXjP6fqtvqpYqc9Go1VHbhVpNApYyK7fhz7eqfARmlZNam7XD5dySJnjccuXSujk=,iv:4CW3t7b8EsFtMnHQ24oDOhnffNmTRnK2x4MTaXiPHRE=,tag:9+ZFYyAatfc4dUnY67RzAQ==,type:str] + lastmodified: "2023-11-08T20:23:36Z" + mac: ENC[AES256_GCM,data:+PwY2NaAQTCbWAWl5sovsb0dang4WmUBI6FIjtwn2OzCIkUkvKvsHOl5sVoj8DyiQJT46Ui4xDwB/kKDUwobmQZXxaorJrEmBv1tfF7NBXIilrs0JWprxQ/0AZZY94KrQ/1lgcZ/a+Ax5JXDUxmHh81gM224X2sHLKS4tAaTfzY=,iv:vWHbCE50vIoI4uQMexywNB+HiBo43F2Ne067ITK2f1I=,tag:q8zqd8FCjdEYXhADlOg/yA==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1 diff --git a/k8s/configure_cluster.yaml b/k8s/configure_cluster.yaml index a962cda..25cd8a4 100644 --- a/k8s/configure_cluster.yaml +++ b/k8s/configure_cluster.yaml @@ -1,11 +1,10 @@ - name: Configure cluster hosts: localhost roles: - - role: cifs-csi - - role: coder - - role: prometheus - - role: postgres - - role: hcloud - - role: minio - - role: fider + # - role: cifs-csi + # - role: coder + # - role: prometheus + # - role: postgres + # - role: hcloud + # - role: fider - role: nextcloud diff --git a/k8s/inventory/group_vars/all.yml b/k8s/inventory/group_vars/all.yml index f58eca0..5caaf2a 100644 --- a/k8s/inventory/group_vars/all.yml +++ b/k8s/inventory/group_vars/all.yml @@ -1,149 +1,157 @@ $ANSIBLE_VAULT;1.1;AES256 -32616231373536333534333134333639396335323730386466333964323263326332356662653264 -3038646138613833306131396563636263313536626630360a393138343635646461366465353537 -61633861303137363930623139306435643034323739386537656333366466646664386138633762 -3366353962656531620a393162393638653963636563643636616436373030316263626133376263 -65396561623631633134663133383863363932633661663265633361386165616436326366386461 -66326230626337643737313738313031323638393234633236383764333035343162326364363364 -66323130643831663734616635373131386435373832363732373462313236366337323438396631 -36666430316131386235646138383461396564616363646639343833613964323864386536343766 -31376432656337646131386136366563373562663236636137396363316333623336306262386266 -63383330613163323332663666373163626535303934313232646330366561303664393634303137 -31396135656338643037306239623634613632643365313866366166366430616435363332653564 -62393366643765616564363465303565393362663461383066613033646634363635373437303638 -62656139626233663465333232343437326138376137316163373936366530626638363335356565 -61373339383762623135356531646564623834323130633538306330616530396638393833383938 -30326361373065333966613430633638303931396530636335326338653237633535663033373734 -65643831633538393434313030306432363664626435326238343631336661323461373965376162 -38336466393631393564313365393263333638663539386536336135636635613566356566653030 -33353530316264626330643830623166613233353262363461346135646135396337356639323035 -64616435363366306138613565366236623963666632303566356565373130353961643163356365 -64663031346362356237313437316136376661373063353338383137363865393163353632343966 -62626262383262613739623635393966653730323263636462613966633135633938336535323062 -66326363636463313633313036386138323330346538376666616437373932366235373163393061 -65383036333264636633643332356363383634663234643031333866376664646232643735333064 -35653231363261636365336362326533636461363331623665623465306234623061623161366663 -64373063373631643166306433383834396165656231643566386438653535386131376531633164 -65633136653862313233623033383463623534633934376364313535323133323134643430623531 -31353234316436306437643565623064663262616638333031343138623165633939616465613932 -62353939613061326639303936663534303531396330336135383663343435363362313737323762 -34366161353030653839383532613234653864373138343934333862366339363334336337656335 -32393666613333363331353236633563333931363965633064613431316133323637643639623439 -37616537613437656539313031316639376136386136653932346264386562623562333632386136 -65346662663539656163363331346166623862666666656638383434616333303062643365636561 -37376465393237666134303564306164316334626334383865333161303137323235616437666137 -32323830376530636133386464656533386137626135393762383462313935613961656332303132 -38356262663962333465393635613963333434333865326633383033353361663064653833396232 -37396136353036623861643538616132636332613835643738366531303339663761346636383030 -33383030336137343235633439343339646332613735316366656264306134386561323637336136 -31353466313561353664623034363662383136626166633033366430383738323766313832633565 -36386338663131666264396238623731656464316261646630346333623737633130373336653066 -65306336366436303930393337626630653634333666373461666337623337366235323236656537 -36663863323938313333626433323635623933313364353433616239393566333366353334616262 -65653538653834373834383066323636396364356666343638353766623033666133386237306137 -32393836306435336634646661623137663935653535616162376338636462343430353966306435 -63343132656332323635636261326330306530316666666661653833613339373363643466626163 -34353962616564316162656530643335356637643166356334393035633736633534353838313830 -36656666383130396539333861613738396364366132626539643735353465653033393934393530 -30656664376462333236363236326238623337323665663930653964356566353033396236663434 -33656332326434326632356239343931653430363465623735343237656639373536666131636163 -64656539626130633463303739653439396534313536373336393630363538623466663936353765 -36663139643132333937353032363538663138383365383866656530643439303136316363386430 -62646266396364656565323539333538623437303530663837653864363537316134316532316530 -62663438396137313331636233396630326535633364336162376432663730356439663861393264 -30636339633863356362373865663561383162363431393832373664393965363834653263353632 -61376137663963616433363866636331376634623664623639373333343461616563633030333634 -38646238353035663438343734616166316236643138643362343865633565666231366465633662 -37363830316161303033623537616639663738303964373662373933353035623064626166653835 -61343038383735353566636464376639376636353264366136613934383238396230633034313464 -61353039643964303766663031623065396464343935353630386631396631633262363962633962 -65313435396130633936663031386237306365633833303766336365356434636131383930316337 -65656566613065376334363065396332363138346130633230643935376339643339616632666631 -35376361393262663736316666346138303031323431623461646234363635353366366336323532 -34353361386466323162623330343137633933663639303631656636346238376531653361656464 -32353838326534396130346233313965303365303332653539343562623136373531363939633466 -66336666633239396130393836363961633233643435613463343262623132316535343962333433 -35633233353631666536383633353462313630353762643764643264663137633636333635303935 -39663036633833306561326165393962613963343135373365336432336638316438383639396161 -35353136636664383435383031383064303039653766653735336339353365313465666337353839 -39323132636639323637316665373132346462613633643633653536626561376161366132393164 -32353930303265396163373236653534383536666537366238356362623237393264306133623035 -64613764373862366635336139326235313138663165313335663433306336353332626236366639 -61343336613762636630366538393564356130363263636562626438333534613437663635633431 -33613438343134393963393563316437373364356632323865343132356435366565306138363133 -36346135636339626263353663376236393238656131326233653666333336636536303562356231 -64306135333764333136356131616264346266323562346466333830303664313336333263313861 -37333235623635613934313561306437333962363931323235653337643331343037333039326434 -65323031653265656237623535383035393562353365656161353634646666393965313332353736 -33666234336432333038326430343461353365326263313638363665623435613333653032353637 -66663934613038643131653266643539646437323132383966383665643838623862613333663433 -65343866306134613134656633336534333334313033626565663062363961306139376631373466 -38343937383338343136626634343366363863663663373538653931353765303839326136643365 -63663665656238323961396433663530363535616337636361616137393066653234383434636539 -37326366646534313934313261366463326335323662643930326665306431306632333036313863 -36303966393865353762346431643132626266653733336530626132376261363438326537616535 -61336339653839643463343365643336643431613533376237333731316334656439326565663035 -33326465646437623638336437613839316231343563303032613835653362616261646162646363 -35383530383230396332356238373866633962653362336230646335393138323131313661613166 -36323430623161343462653830373938393766353230373765613463313531323533313838346630 -35633035613639353638323239306262366232363537643562643330373961623964363432393161 -30626433663139303331636435343639666532626136623865366261623266323162643730346363 -36333864343832613961323461353239383663643030306434623165343938613739303836613064 -33636566336561326335346535623232393636663139313866323233393437373139636636353338 -30363132636131303734336564353066336233613138633262313936646134303837656466363064 -39643337336237396235356333356331613665323766333064643239393530643937663736386631 -35366366653431353730343066643938373937306464626636373562353534353232326263656463 -38636134376432396465653130663132366462323362633539396464653764366566346462313537 -35613933333864373435336637666362316131313064326136653862663366346437663134323532 -31386563306464333631653530626265383838323138616334396564333139643038623639383264 -39336331333630633732383231373266376134623265373434373438383363663130303030653664 -39383639613830343132613763656433366431666666376430626464363961303564663737613736 -39363339356136656464613366363933643263386464336565646538633938333930386135666132 -65396137626634316361346435623435383931656262336230343634373231323866306331323565 -61663162393965643361323734303362303030316262623332346131613865616563303961363933 -61373931636566376131323262313132663838373635336438613334626264666635633931333733 -61643739313763303564376362373536343035633234313562383565363865643761666364303333 -31343230646161666463313465316464343239383936646135623839646234623365616332373234 -61353966336666353034663034333037663539333963333737303532313062303938666433323461 -30623833656565363061646665623861663564396362366562393161363539613036353139353635 -38623965313934353764323666636231356263653837363633306463636632646166313434333637 -32623937383730303233323532646430306239333564303935353963363863313937383839386335 -31663939356333393834626535383961356464333132333662333032613036386530636564323938 -38393863353563353533323166343430326435616666386366663835306361376535303365343366 -36633265316637313732653335633230306531313637356131316437643230303266356537393037 -66303564333561656335383530323063643437616562326435653433306263633932363065323662 -35653065663738326633343732373939323362623035323137363366646234313165376230663538 -65616238303363636334343434613132636234343431323530343738613530313730373261306562 -36326538663164396565303762623366396633323961373633363365303038643435366436623366 -62656162383936663434323335336565313031346361373636613665356433396533323461653339 -39626131386466623836653766376666663765396430343334343237616464366163656532646232 -37323239376438353166363834313937393033373737376135326462646564333931303734613335 -35386564666132366236336337656136633733323132653065386435386562663436646263383638 -36376636646563303264646562316166656331363065383035393330656161353065663062323732 -62393237353035303736643032623662333637346364343762373534326134343063613734306565 -66636636663933383236663062323661393435633235313639633162636638346335613735656435 -66633736343630663765343034323466333261356433343137346237393035643665396136363533 -30353233393662613234633139386164366166623562346630313638366362306531383938623130 -30386461353065333730303037663338393765663239353666376565633336643530396566323765 -36366232326531653164393138353435303230663639633531376562663638656262343863373136 -63366330633330633139313664663638313534386266393830613766373732346431646131353134 -39653962303433373066613463386431343838376536326630613066383865643032303031386361 -30636136333363666430396330633134366461396630363464613465373166633031303431626438 -31643665306265323061393264343936393661306166643261343835616439353939363463353139 -38373365303539333965633733373830363865373737623061383232643130623463333037666135 -35363038663435313330396433613230373132363939613262306532383636383636623730363732 -32313534353634393834363331653264353436656264363636616133333432323263303734316330 -38636336323934316165626337393639376361626137643033396432343336323562386265613962 -64393061626465336135323137303566316337336131646336623062396432333134393966643230 -61623165346338353432386637653630663132353861363839383564643439336363656631393730 -65316162396631393139663664663761643539323664623730316231653534646163653465333565 -35363937316231346261626564393464303033393433313361663964353937393438376130303933 -36333234303833656130363939316363653136316236363166353539323137623630646333366562 -33623136323031656162373363653663363237346235356563333161643565303861373638626162 -37656561353230373133363362613562643130356163623664376238376337323037653136636364 -36313933663162303861336230326630373837653866373935643138613666393933313463633164 -35333739663932666635353231633163653335386635316637376331323430663962393334326265 -38626336646332326361376137663737656631353235373433353563373335313566383164343437 -32626634616264336265323632323433343938633232633161643665366231616362383137656239 -64386365383066326361303331376334626431666662616439303537333337366131313733386633 -34373232666238303537 +38303064643634643931393932353266653032316631303432633136323165376165653136396533 +6436393762353630373231366530366239316337303066360a336132663334336462656533303134 +66643134373439633931366638316365306330303334613033396238333361333434653833393039 +3538396130653538330a616264386230396633346131663032663764353937313162333630333365 +35323064636531363937613563333336636634393763613730386237393633653136616165313034 +65396166373334386236396266616639333866616434666337626433323233363461316666383034 +63373131376239353330316236306464303739386139663439616339363636666137613137336336 +65393462386436376137656363333362393265396537323632646561373030303263613466383534 +35353834646461363661356430646463383663626135663133643633633335383763326438646462 +64393062646264386364343638326562646130313330316162633636356233363661613033303965 +32346565373839663233336338366536333636306333353839633761326638393538343638343436 +38313466393836336137643162663862313732303161356161343234393965393337346161666535 +34336534356463653331643163653032643631343832323838633862353339303632353033343761 +66356465323838313966623832396338316436616162633866386262306134623134393430393737 +66333664333133376638306238393534303230386133346661636435373035323736306230613132 +66633838303939636564346333666636336434303839303565363063666430623866356232646336 +39316636616239646538636537396336363933376136663263633830623235303038613030326337 +37633264376534303061343539653538633137316464386438653639613035613962646431626436 +38656437323963663935353430303462653865353666346362343536623836653733366538323239 +37316330303131333238303263653235303063616230663139396130646432626664636531343934 +30383665316364303661373330373838383565323637636532333961363863316235366264373634 +62313936386334326332313235366461613636376533333262623262636539656336633531643435 +36613435383763303761646263653139633233346661306265333365376135306238663465313331 +64326139306338633664646437363639373564643131616436343163313838346137396462373536 +33376530636130623437623561343239663163346232316664326533316339353165623735343236 +37626136626662633561616233666338353863633330323933373863316462623361633066646632 +63386565626537363932643534633730346564326163383064303735656164636439353039333138 +61656238356462303836633361663938346436666638316233356631646365666636376134396133 +37346366663363306336326532666439353333666137663832363064316331316337613763633863 +33333665316432373965356261613638613261633937383365653936666538346432353838613162 +63376534313135646331626662623037376363323465653963376431633835643238386161383630 +39313436643566326630336639663464316538323262623238666662653364626432353963626333 +30663335613265383138626532653061643933336664346266396263363130386162613637353561 +65643464376536323139613566653633633533666438323838666230383638316266646334326632 +36306130383138656565366638323766656261636564346464616339633465303539343137636465 +35346238326161356634313136323331393539663965353635616439393765643731373238663131 +36383036663166373562376333393236383266653337613766386636303638666362613264336231 +32373164326538613432356136353935623930663965323932653133343836636566353739383766 +65386266383665653835386634653531623161346165383335376165316538316130353432343533 +35306431663135626162636165613464326538633163383563383166353236643038616631653233 +36613330373130376364303662356464343462303039383934316432346539393130336662376364 +32306537656436393438373565373735363530323366336431363165393033326661343732366333 +31333031326633616536636338393932643337376237666533383238343761663538303235633036 +61366433326662623663376331316363643633356335353939336462636335656263313665663333 +36306361353432663639616339616338346663346532356534303165393664636263333861343066 +31636266643861316539353639616163393535393935343763313863656438613733643866323363 +36316337393936623836356332373239663365303863616563343833336337633731303063376431 +66653139353764313631333134383262666331316632623438316537343039396539643130376631 +38623134393339363033623136393538633830363764323661623332356139303035653236623265 +63653366343133303564626231396336666533316534356230363664333231313862393631346432 +37336231656262633763356162656264623363633237643661393337323034613338336239376331 +65663833613564353139666332613062373162333831393636363835373237636464356235323836 +61363532383939653638376464393232303636353836613936623362646661316534313366643337 +37633534333465306330303433353264636534303037616639316464336161393339636462393738 +31336563303134336133313737653933373137393532623238396464636665613166633438623132 +65346161646362653661376639366636653336373364636439316363656530386334333233336530 +36663137643736356264636438363837363561353666333232343639343361646534396166316163 +34373262336332373961326631363065613364316131633838616539333632373835653333616535 +31343034373939353834313532383264343939303931366632386362663065303637356362306564 +36376365393865323036613165303538343938343132663137626635643031653637383961613861 +65303366363236386431373761346261353466613035616331613835333332303235613834346439 +33646634393434323164363631393639616661336233346562646461613231613064646331633932 +35376538663764303137616138353030353664646564356534363139643836613937303838343239 +32623739376332633531363766343862353530313837353535346337623337333238353231303636 +62616134323730623732313633343230613735663766353665636538383761346131313634393036 +61646163343332653339643933326665366536383365376535643265613535396137663962666538 +32626166326462306331313133343736323664646234376239623861643833383839373439343139 +33386536366435653861363738333338316162383365636632343431376131656562616432313163 +39623066386638396662653338656533373135393338623037383037353865626566366131363639 +64393462656135623237623832373063626166633166663337653633396332393364316331326136 +30316563386434333534656163656639663031323265643462626136616435376262346336633534 +64626533623535323061373834326139326634396564343861356366323461313334326165633336 +33323639613765623431363661613065386561373639646333333132313263356535396363333134 +61346237323565383632393031373635656135383162633066653730366562336265653136393934 +30613231643132633936326531303131663139633630323734643166316636626338373136333266 +62623165363536393766626438613934613532323566646634383263663331623461393335666265 +61653063633030633866353630623038653463383131613332626630323835373836656138333335 +63323335393737323134333065633733343631333638373463356531313562383532653137653063 +33363065306662353633666535373961643862613161626664613634303233376664373566336666 +64643862346563666261363938306464383931383035326262316135343662343338393164336233 +63373361303034306134396365323466303139363062383537353862393964316664313238393233 +37313732633732303535316437663865653537613330616466623531656461636530623163393465 +66353233616133343935663061666130643536623634396363383930373761623732323066666264 +38666332353038666665636561323561383037353864316365343635313764653966366531396331 +32306531323763353736333231386663616662663834616263316565393736323239636163323031 +34616437316564666335343735356435306231616331363038393136663733643934356462313566 +37623032363135306633343964343464333434396366303162613135633365343436376363656164 +30646334613266613638326665313930343163303238336362633061366337346338313430663165 +37336536343632356538343536373033363263376630626666643563646331306438653262386530 +61346362653338383865656131363165353634393739323465613865373437633166643861356536 +64333139636233646166376361393937643937383765306362613662383537663765363961353263 +30313637646536373233343033653936613233373635616366343463323837616537396539643036 +33346435636164333362303461323237383937343366356534633435633631616233383539636562 +66356461303735323863633465356133303339333139326133366465353435373962663435383863 +34323931653465306336356132396235623135333061623538616632613834393630393663373638 +32316331343438386564386238323764313033396535663461626163393166386534373061636530 +64633236636139393164613862623338313839623233353963363866363530663032633264356563 +62366636626230383032353930656134363061366262643234343838306566366463333430373630 +32316563616461313764306434633133366361383938616339383161653563313930313165353962 +37326466393438383762656335653763316236633139363562306332373030313639666363346633 +63656531633934633261653331383531653831663331373932613665643430323063376331656438 +33666639646530613735366665666238336263663066373234663332373533313031633565643535 +61653465623462633131393864393964316561643562343966316166373035656436376361336564 +32363339363666616335376630613137333761333239653534376666386438396438333363313530 +61643638353139313931323765313336653263636433633765666535643532636362656539633632 +31393964373434366435613763343737646235313236613361666334656237333438303265313630 +35366233393561303432383834656537373562336633316437316432383031383431653931393763 +66616664363735663261383732333438356237653830326336666666343761653963393533653037 +35643339346566396634356137323661663037373830373438613866376333613838356362303934 +33373361633437326265353035653033656436346539396166626634633530316465656630326134 +37353265363533653938363337643039336464633962663130383032643664663536323664303138 +39323661316636316361393534376338346666636336656234363166356461383732313164393231 +61633936336162663464353631313931373533313861633335383662343131653566343863326432 +33333961323231623239356437393166636463323465613234346434373264323565633162626535 +64643337366439633736623933393761623266363036313763376535643834366633663937376564 +61336238336130323632653138326536656165346237663463336336303363623838633665393330 +65376236303564336434613566613565363366613065356334623734616134373239663430373631 +37333862386364653262336436313639656565356233376239363565396638393761616466653763 +33323238626434316334376264653831346236616332383533333964643832356330363439393433 +34666532396661333439346430656637343033323831663962613838616132663365393465613435 +64656534316164343839633063323431613135633665613630656265366334333262636363346531 +30356331373464663736656661373661356265393064346539313034356334633437313838346338 +61663137353733383333363836343130326662343633336637616134393163663939316663333738 +61316333663862643038663466343733636465383739376363396534373061666430336163376265 +39663066303534343936323032393038396139373733663133336330363436643638643561343465 +62343930653539356664643934613433336462363634616439346338303161656632616435633831 +31343934313636323665303037303862376236333765323436343734303535663565303237656237 +30373431643631623232646265393839653538383636333230663563393531653637303237376465 +36353235623839653630353663306135353131343537656338343631386263653833393234333238 +30353232303433396434393730666662373230343838616264363466393365326239333537363138 +35363163333564373865366265373566363763326466653164313636626337336636623834643335 +36643564323839316435633032376433393938393030643531636265663635366331346137396339 +38663831643237646239353463343662633931613464326132376139303764643930636265656466 +35646530643330356662623238646635316134663962613164323566653231363464313530356263 +64376335636266613333653361353739306131373364316335623764306566366535633530376432 +32356363626633633138623132666638623236353539366531643637383030636239656138386537 +34303431623039316565613036626531666638343835633133393533306334323866623630393462 +65343832663434323338313433376135333439336133636438373938386233386633633337346362 +30303062633735363339323934393730373761333133333166636639623764383330383732343061 +39623735356238333333616362646137376562333432313535323835383263633165323930303461 +32396662643664333566653239306137636430313434393335633161336330386637343261633737 +32323337383834366563626565363639663536346538386466623936396636666339353037646166 +30346238323164663839386364333963313336666435393935613730616433346630613463383938 +65343736343764373465316261383731626631363661613639393162643566646365333061323035 +66623030363961356335663334376530313961366235646431336538336162383632363264643639 +65646531373964323635386134343032313137633239363030633539383639373965656135316334 +62343131643333383131323662366163326137343933323539383063373066363561643665363063 +36653036643930313835343631383631326231653762323433336238396332386133303132373462 +62333366383133326161343537623833323431323732393433333839656464373433396531653262 +64313930656162326637656534323263393336303235653362323632316138663166363864653164 +31383462373033616137623339633031343235623537353130333235613464636333383064376137 +64313365356335636235616333313965366264366134376235333565323132313636643239376639 +64373439636230623537663834653763616133356537313566306261343933386130623566373165 +35663263393034306134633630643463383063643339623533383235646266363234336562303636 +65623238343936353933313465363330333361323262656535653133396538366462306564643265 +32636362633239633162 diff --git a/k8s/roles/fider/files/config/base.env b/k8s/roles/fider/files/config/base.env index 73ce8e2..70c4000 100644 --- a/k8s/roles/fider/files/config/base.env +++ b/k8s/roles/fider/files/config/base.env @@ -17,5 +17,5 @@ EMAIL_SMTP_ENABLE_STARTTLS='true' # Blog storage BLOB_STORAGE=s3 BLOB_STORAGE_S3_REGION=us-east-1 -BLOB_STORAGE_S3_ENDPOINT_URL=http://minio.minio.svc.cluster.local:9000 +BLOB_STORAGE_S3_ENDPOINT_URL=https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com BLOB_STORAGE_S3_BUCKET=fider diff --git a/k8s/roles/fider/tasks/main.yml b/k8s/roles/fider/tasks/main.yml index 66788b2..4029abc 100644 --- a/k8s/roles/fider/tasks/main.yml +++ b/k8s/roles/fider/tasks/main.yml @@ -22,7 +22,7 @@ namespace: fider data: # Connection string to the PostgreSQL database - DATABASE_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/fider?sslmode=disable' | format(fider.db.user, fider.db.password) | b64encode }}" + DATABASE_URL: "{{ 'postgres://%s:%s@default-cluster-primary.postgres.svc:5432/fider?sslmode=require' | format(fider.db.user, fider.db.password) | b64encode }}" # SMTP credentials EMAIL_NOREPLY: "{{ fider.smtp.user | b64encode }}" @@ -37,8 +37,8 @@ OAUTH_GITHUB_SECRET: "{{ fider.github.clientSecret | b64encode }}" # Blob storage - BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}" - BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}" + BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ fider.blob.accessKeyId | b64encode }}" + BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ fider.blob.secretAccessKey | b64encode }}" - name: Deploy Fider kustomization k8s: diff --git a/k8s/roles/minio/files/values.minio.yaml b/k8s/roles/minio/files/values.minio.yaml deleted file mode 100644 index 11b84d9..0000000 --- a/k8s/roles/minio/files/values.minio.yaml +++ /dev/null @@ -1,14 +0,0 @@ -mode: standalone -existingSecret: minio-credentials -persistence: - enabled: true - storageClass: hcloud-volumes - size: 50Gi - -resources: - requests: - memory: 250Mi - cpu: 100m - limits: - memory: 384Mi - cpu: 250m diff --git a/k8s/roles/minio/tasks/main.yml b/k8s/roles/minio/tasks/main.yml deleted file mode 100644 index 1c45aed..0000000 --- a/k8s/roles/minio/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Create MinIO namespace - kubernetes.core.k8s: - name: minio - api_version: v1 - kind: Namespace - state: present - definition: - metadata: - labels: - prometheus: default - -- name: Create MinIO secret - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: minio-credentials - namespace: minio - data: - rootUser: "{{ minio.rootUser | b64encode }}" - rootPassword: "{{ minio.rootPassword | b64encode }}" - -- name: Add MinIO chart repo - kubernetes.core.helm_repository: - name: minio - repo_url: https://charts.min.io/ - - -- name: Deploy MinIO chart - kubernetes.core.helm: - name: minio - chart_ref: minio/minio - release_namespace: minio - chart_version: 5.0.9 - release_values: "{{ lookup('ansible.builtin.file', 'values.minio.yaml') | from_yaml }}" diff --git a/k8s/roles/nextcloud/tasks/main.yml b/k8s/roles/nextcloud/tasks/main.yml index 275d83e..9ad5613 100644 --- a/k8s/roles/nextcloud/tasks/main.yml +++ b/k8s/roles/nextcloud/tasks/main.yml @@ -34,6 +34,6 @@ name: nextcloud chart_ref: nextcloud/nextcloud release_namespace: nextcloud - chart_version: "4.3.5" + chart_version: "4.4.0" update_repo_cache: true release_values: "{{ lookup('template', 'values.nextcloud.yml.j2') | from_yaml }}" \ No newline at end of file diff --git a/k8s/roles/nextcloud/templates/values.nextcloud.yml.j2 b/k8s/roles/nextcloud/templates/values.nextcloud.yml.j2 index 30ef730..61a498c 100644 --- a/k8s/roles/nextcloud/templates/values.nextcloud.yml.j2 +++ b/k8s/roles/nextcloud/templates/values.nextcloud.yml.j2 @@ -79,7 +79,7 @@ internalDatabase: externalDatabase: enabled: true type: postgresql - host: postgres-15-postgresql.postgres.svc.cluster.local:5432 + host: default-cluster-primary.postgres.svc:5432;sslmode=require database: nextcloud user: "{{ nextcloud.db.username }}" password: "{{ nextcloud.db.password }}" diff --git a/k8s/roles/prometheus/tasks/main.yaml b/k8s/roles/prometheus/tasks/main.yaml index fbe1e58..d03e6de 100644 --- a/k8s/roles/prometheus/tasks/main.yaml +++ b/k8s/roles/prometheus/tasks/main.yaml @@ -28,18 +28,18 @@ user: "{{ grafana.admin.user | b64encode }}" password: "{{ grafana.admin.password | b64encode }}" -- name: Update Prometheus operator CRDs - kubernetes.core.k8s: - state: present - definition: "{{ lookup('ansible.builtin.url', item, split_lines=False) | from_yaml }}" - loop: - - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml - - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml - - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml - - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml - - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml - - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml - - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# - name: Update Prometheus operator CRDs +# kubernetes.core.k8s: +# state: present +# definition: "{{ lookup('ansible.builtin.url', item, split_lines=False) | from_yaml }}" +# loop: +# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml - name: Deploy Prometheus chart kubernetes.core.helm: diff --git a/k8s/roles/prometheus/templates/values.yaml.j2 b/k8s/roles/prometheus/templates/values.yaml.j2 index b8a864f..25a57a1 100644 --- a/k8s/roles/prometheus/templates/values.yaml.j2 +++ b/k8s/roles/prometheus/templates/values.yaml.j2 @@ -93,11 +93,11 @@ grafana: root_url: "https://%(domain)s" database: type: postgres - host: postgres-15-postgresql.postgres.svc.cluster.local:5432 + host: default-cluster-primary.postgres.svc:5432 name: grafana user: "{{ grafana.db.user }}" password: "{{ grafana.db.password }}" - ssl_mode: disable + ssl_mode: require auth: disable_login_form: true auth.generic_oauth: