From 2578e6951d3f0bf3325df231e4a243622f1d2dc8 Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Thu, 26 Oct 2023 21:57:43 +0200 Subject: [PATCH] refactor: use SOPS to encrypt secrets --- .sops.yaml | 5 + apps/drone/.gitignore | 1 + .../config/values.drone-runner-arm64.yaml | 29 ++ .../config/values.drone-runner-x86-64.yaml | 27 ++ apps/drone/base/config/values.drone.yaml | 42 +++ apps/drone/base/config/values.keydb.yaml | 31 ++ apps/drone/base/kustomization.yaml | 40 +++ apps/drone/kustomization.yaml | 20 ++ apps/drone/resources/cluster_role.yaml | 44 +++ .../resources/drone-runner-secrets.enc.yaml | 37 +++ apps/drone/resources/drone-secrets.enc.yaml | 45 +++ apps/drone/resources/namespaces.yaml | 28 ++ apps/drone/resources/role_bindings.yaml | 42 +++ apps/drone/resources/sa.yaml | 6 + apps/drone/resources/sa_secret.yaml | 9 + apps/drone/secret-generator.yaml | 12 + .../files => apps/hedgedoc}/config/base.env | 0 .../hedgedoc}/kustomization.yaml | 4 + apps/hedgedoc/resources/config.enc.yaml | 41 +++ .../hedgedoc}/resources/deployment.yaml | 0 .../hedgedoc}/resources/ingress.yaml | 6 + apps/hedgedoc/resources/namespace.yaml | 7 + .../hedgedoc}/resources/service.yaml | 0 apps/hedgedoc/secret-generator.yaml | 11 + apps/homepage/config/oauth2-proxy.env | 11 + apps/homepage/kustomization.yaml | 34 +++ apps/homepage/resources/cluster_role.yaml | 49 +++ .../resources/cluster_role_binding.yaml | 15 + apps/homepage/resources/config.enc.yaml | 43 +++ apps/homepage/resources/deployment.yaml | 64 ++++ apps/homepage/resources/ingress.yaml | 25 ++ apps/homepage/resources/namespace.yaml | 7 + apps/homepage/resources/sa.yaml | 9 + apps/homepage/resources/sa_secret.yaml | 10 + apps/homepage/resources/service.yaml | 16 + apps/homepage/secret-generator.yaml | 11 + apps/nocodb/.gitignore | 1 + .../files => apps/nocodb}/config/base.env | 0 .../nocodb/config/values.keydb.yaml | 0 .../files => apps/nocodb}/kustomization.yaml | 12 + apps/nocodb/resources/config.enc.yaml | 43 +++ .../nocodb}/resources/deployment.yaml | 0 .../nocodb}/resources/ingress.yaml | 6 + apps/nocodb/resources/namespace.yaml | 7 + .../files => apps/nocodb}/resources/pvc.yaml | 0 .../nocodb}/resources/service.yaml | 0 apps/nocodb/secret-generator.yaml | 11 + .../files => apps/zipline}/config/base.env | 0 .../files => apps/zipline}/kustomization.yaml | 4 + apps/zipline/resources/config.enc.yaml | 41 +++ .../zipline}/resources/deployment.yaml | 0 .../zipline}/resources/ingress.yaml | 6 + apps/zipline/resources/namespace.yaml | 7 + .../zipline}/resources/service.yaml | 0 apps/zipline/secret-generator.yaml | 11 + k8s/configure_cluster.yaml | 4 - k8s/inventory/group_vars/all.yml | 285 +++++++++--------- k8s/roles/coder/templates/values.coder.yml.j2 | 6 + k8s/roles/drone/templates/values.drone.yml.j2 | 6 + .../gitea/templates/values.forgejo.yml.j2 | 6 + k8s/roles/hedgedoc/tasks/main.yml | 38 --- .../k3s/control-plane/files/traefik.yaml | 4 + k8s/roles/nocodb/tasks/main.yml | 51 ---- k8s/roles/zipline/tasks/main.yml | 39 --- test.yaml | 1 + 65 files changed, 1101 insertions(+), 269 deletions(-) create mode 100644 .sops.yaml create mode 100644 apps/drone/.gitignore create mode 100644 apps/drone/base/config/values.drone-runner-arm64.yaml create mode 100644 apps/drone/base/config/values.drone-runner-x86-64.yaml create mode 100644 apps/drone/base/config/values.drone.yaml create mode 100644 apps/drone/base/config/values.keydb.yaml create mode 100644 apps/drone/base/kustomization.yaml create mode 100644 apps/drone/kustomization.yaml create mode 100644 apps/drone/resources/cluster_role.yaml create mode 100644 apps/drone/resources/drone-runner-secrets.enc.yaml create mode 100644 apps/drone/resources/drone-secrets.enc.yaml create mode 100644 apps/drone/resources/namespaces.yaml create mode 100644 apps/drone/resources/role_bindings.yaml create mode 100644 apps/drone/resources/sa.yaml create mode 100644 apps/drone/resources/sa_secret.yaml create mode 100644 apps/drone/secret-generator.yaml rename {k8s/roles/hedgedoc/files => apps/hedgedoc}/config/base.env (100%) rename {k8s/roles/hedgedoc/files => apps/hedgedoc}/kustomization.yaml (86%) create mode 100644 apps/hedgedoc/resources/config.enc.yaml rename {k8s/roles/hedgedoc/files => apps/hedgedoc}/resources/deployment.yaml (100%) rename {k8s/roles/hedgedoc/files => apps/hedgedoc}/resources/ingress.yaml (56%) create mode 100644 apps/hedgedoc/resources/namespace.yaml rename {k8s/roles/hedgedoc/files => apps/hedgedoc}/resources/service.yaml (100%) create mode 100644 apps/hedgedoc/secret-generator.yaml create mode 100644 apps/homepage/config/oauth2-proxy.env create mode 100644 apps/homepage/kustomization.yaml create mode 100644 apps/homepage/resources/cluster_role.yaml create mode 100644 apps/homepage/resources/cluster_role_binding.yaml create mode 100644 apps/homepage/resources/config.enc.yaml create mode 100644 apps/homepage/resources/deployment.yaml create mode 100644 apps/homepage/resources/ingress.yaml create mode 100644 apps/homepage/resources/namespace.yaml create mode 100644 apps/homepage/resources/sa.yaml create mode 100644 apps/homepage/resources/sa_secret.yaml create mode 100644 apps/homepage/resources/service.yaml create mode 100644 apps/homepage/secret-generator.yaml create mode 100644 apps/nocodb/.gitignore rename {k8s/roles/nocodb/files => apps/nocodb}/config/base.env (100%) rename k8s/roles/nocodb/templates/values.nextcloud-keydb.yml.j2 => apps/nocodb/config/values.keydb.yaml (100%) rename {k8s/roles/nocodb/files => apps/nocodb}/kustomization.yaml (64%) create mode 100644 apps/nocodb/resources/config.enc.yaml rename {k8s/roles/nocodb/files => apps/nocodb}/resources/deployment.yaml (100%) rename {k8s/roles/nocodb/files => apps/nocodb}/resources/ingress.yaml (61%) create mode 100644 apps/nocodb/resources/namespace.yaml rename {k8s/roles/nocodb/files => apps/nocodb}/resources/pvc.yaml (100%) rename {k8s/roles/nocodb/files => apps/nocodb}/resources/service.yaml (100%) create mode 100644 apps/nocodb/secret-generator.yaml rename {k8s/roles/zipline/files => apps/zipline}/config/base.env (100%) rename {k8s/roles/zipline/files => apps/zipline}/kustomization.yaml (86%) create mode 100644 apps/zipline/resources/config.enc.yaml rename {k8s/roles/zipline/files => apps/zipline}/resources/deployment.yaml (100%) rename {k8s/roles/zipline/files => apps/zipline}/resources/ingress.yaml (61%) create mode 100644 apps/zipline/resources/namespace.yaml rename {k8s/roles/zipline/files => apps/zipline}/resources/service.yaml (100%) create mode 100644 apps/zipline/secret-generator.yaml delete mode 100644 k8s/roles/hedgedoc/tasks/main.yml delete mode 100644 k8s/roles/nocodb/tasks/main.yml delete mode 100644 k8s/roles/zipline/tasks/main.yml create mode 100644 test.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..e182974 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - unencrypted_regex: "^(apiVersion|metadata|kind|type)$" + age: > + age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we, + age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr \ No newline at end of file diff --git a/apps/drone/.gitignore b/apps/drone/.gitignore new file mode 100644 index 0000000..711a39c --- /dev/null +++ b/apps/drone/.gitignore @@ -0,0 +1 @@ +charts/ \ No newline at end of file diff --git a/apps/drone/base/config/values.drone-runner-arm64.yaml b/apps/drone/base/config/values.drone-runner-arm64.yaml new file mode 100644 index 0000000..fe7db1a --- /dev/null +++ b/apps/drone/base/config/values.drone-runner-arm64.yaml @@ -0,0 +1,29 @@ +image: + tag: 1.8.3 + +replicaCount: 4 + +extraSecretNamesForEnvFrom: + - drone-runner-secrets + +env: + DRONE_RUNNER_PRIVILEGED_IMAGES: code.icb4dc0.de/inetmock/inetmock + DRONE_RPC_HOST: drone.drone.svc.cluster.local:8080 + DRONE_RPC_PROTO: http + DRONE_RUNNER_CAPACITY: 1 + +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - drone-runner-docker + topologyKey: kubernetes.io/hostname + +nodeSelector: + kubernetes.io/arch: arm64 \ No newline at end of file diff --git a/apps/drone/base/config/values.drone-runner-x86-64.yaml b/apps/drone/base/config/values.drone-runner-x86-64.yaml new file mode 100644 index 0000000..e110a53 --- /dev/null +++ b/apps/drone/base/config/values.drone-runner-x86-64.yaml @@ -0,0 +1,27 @@ +image: + tag: 1.8.3 + +extraSecretNamesForEnvFrom: + - drone-runner-secrets + +env: + DRONE_RUNNER_PRIVILEGED_IMAGES: code.icb4dc0.de/inetmock/inetmock + DRONE_RPC_HOST: drone.drone.svc.cluster.local:8080 + DRONE_RPC_PROTO: http + DRONE_RUNNER_CAPACITY: 1 + +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - drone-runner-docker + topologyKey: kubernetes.io/hostname + +nodeSelector: + kubernetes.io/arch: amd64 \ No newline at end of file diff --git a/apps/drone/base/config/values.drone.yaml b/apps/drone/base/config/values.drone.yaml new file mode 100644 index 0000000..8e4b8bb --- /dev/null +++ b/apps/drone/base/config/values.drone.yaml @@ -0,0 +1,42 @@ +image: + tag: 2.20.0 + +ingress: + enabled: true + annotations: + gethomepage.dev/description: CI/CD system + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: drone.png + gethomepage.dev/name: Drone CI/CD + hosts: + - host: drone.icb4dc0.de + paths: + - path: / + pathType: Prefix + +service: + port: 8080 + +persistentVolume: + enabled: false + +extraSecretNamesForEnvFrom: + - drone-secrets + +env: + ## REQUIRED: Set the user-visible Drone hostname, sans protocol. + ## Ref: https://docs.drone.io/installation/reference/drone-server-host/ + ## + DRONE_SERVER_HOST: "drone.icb4dc0.de" + DRONE_SERVER_PROTO: https + + DRONE_DATABASE_DRIVER: postgres + DRONE_GIT_ALWAYS_AUTH: true + + DRONE_S3_ENDPOINT: http://minio.minio.svc.cluster.local:9000 + DRONE_S3_BUCKET: drone + DRONE_S3_PATH_STYLE: true + AWS_DEFAULT_REGION: us-east-1 + AWS_REGION: us-east-1 + DRONE_REDIS_CONNECTION: redis://drone-session-cache-keydb:6379 \ No newline at end of file diff --git a/apps/drone/base/config/values.keydb.yaml b/apps/drone/base/config/values.keydb.yaml new file mode 100644 index 0000000..3059dd4 --- /dev/null +++ b/apps/drone/base/config/values.keydb.yaml @@ -0,0 +1,31 @@ +imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb +imageTag: v6.3.2 + +podDisruptionBudget: + enabled: true +persistentVolume: + enabled: false + +resources: + requests: + cpu: 10m + memory: 60Mi + limits: + cpu: 100m + memory: 128Mi + +serviceMonitor: + enabled: true + labels: + prometheus: default + +exporter: + enabled: true + imageTag: v1.51.0 + resources: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: 150m + memory: 100Mi \ No newline at end of file diff --git a/apps/drone/base/kustomization.yaml b/apps/drone/base/kustomization.yaml new file mode 100644 index 0000000..973743a --- /dev/null +++ b/apps/drone/base/kustomization.yaml @@ -0,0 +1,40 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: drone + +commonLabels: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +commonAnnotations: + "helm.sh/resource-policy": keep + +helmCharts: + - name: keydb + repo: https://enapter.github.io/charts/ + releaseName: drone-session-cache + namespace: nocodb + version: "0.48.0" + valuesFile: config/values.keydb.yaml + + - name: drone + repo: https://charts.drone.io + releaseName: drone + namespace: drone + version: "0.6.3" + valuesFile: config/values.drone.yaml + + - name: drone-runner-docker + repo: https://charts.drone.io + releaseName: drone-kube-runner-arm64 + namespace: drone + version: "0.6.0" + valuesFile: config/values.drone-runner-arm64.yaml + + - name: drone-runner-docker + repo: https://charts.drone.io + releaseName: drone-kube-runner-x86-64 + namespace: drone + version: "0.6.0" + valuesFile: config/values.drone-runner-x86-64.yaml \ No newline at end of file diff --git a/apps/drone/kustomization.yaml b/apps/drone/kustomization.yaml new file mode 100644 index 0000000..949d098 --- /dev/null +++ b/apps/drone/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +commonLabels: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +commonAnnotations: + "helm.sh/resource-policy": keep + +resources: + - "base/" + - "resources/namespaces.yaml" + - "resources/sa.yaml" + - "resources/sa_secret.yaml" + - "resources/cluster_role.yaml" + - "resources/role_bindings.yaml" + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/apps/drone/resources/cluster_role.yaml b/apps/drone/resources/cluster_role.yaml new file mode 100644 index 0000000..e1cc4ff --- /dev/null +++ b/apps/drone/resources/cluster_role.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: drone-deploy +rules: +- apiGroups: [""] + resources: + - secrets + - configmaps + - pods + - services + - persistentvolumeclaims + - serviceaccounts + verbs: ["*"] +- apiGroups: ["apps"] + resources: + - replicasets + - deployments + - statefulsets + verbs: ["*"] +- apiGroups: ["batch"] + resources: + - jobs + - cronjobs + verbs: ["*"] +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["*"] +- apiGroups: ["networking.k8s.io"] + resources: + - ingresses + verbs: ["*"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + - rolebindings + verbs: ["*"] +- apiGroups: ["monitoring.coreos.com"] + resources: + - podmonitors + - servicemonitors + verbs: ["*"] \ No newline at end of file diff --git a/apps/drone/resources/drone-runner-secrets.enc.yaml b/apps/drone/resources/drone-runner-secrets.enc.yaml new file mode 100644 index 0000000..a077d14 --- /dev/null +++ b/apps/drone/resources/drone-runner-secrets.enc.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Secret +metadata: + name: drone-runner-secrets + namespace: drone +type: Opaque +stringData: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:HEXPjEhzVd32+DrxgsZUj3wSX21QCuMjHiwR1P+OhOI=,iv:DWcpdvoO5x3pAbAYtHPC0t8CCzUV6EHBeM5pwNxH/yw=,tag:oLRLwOmbNMsOD2NclOQwFg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldVdpMWV2eW85bzJ2aDQr + a0dQcEtZZHRvdG5iTGlBc1dQRFRLbVVoZEJVCkluZnFqTkZoL2p5QUdReWtHVFlE + bzhMMldBNG83TzlhTlZrL1dLRi82aEEKLS0tIDBka2xPN2E0ZE1ZN2RYUlNFcmZu + eURnd1RpYzZ4NmdRSUN3aXVYVDYwWVUKeUhg2fbE+L1Dr4re0kuJ0Lhhf38lJiZ3 + 7D0szVTlCoIcFQFMOUNwpNdYGuBkyXhJgpSpyUhIuPGE5gxkrLZI1g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTWEyaWZXd3pSVFQ4NnV3 + N3c2S2RUQTU1MDZwQ0tuVVk0bmxIU1NuY0hBCitQdE1JYm9MRjNrN2kzSmNOWUQ0 + UCtZODZRaUhiTnhvSjBVUk94ZDFDWFkKLS0tIFo2bVlUbUFOUk9ESmdvKzkrQlY2 + QzVTTjVsb0ovT1JNRUw2dXQrcnVJUm8KvQ4hyDw8ImxrSzn5qpo9xkkQnapDXwKl + lfV9wESEo23V5MO/ZMxGBl1S1RzR10abcwkuzpYNfDr5DW4wvKPdYA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-26T19:23:40Z" + mac: ENC[AES256_GCM,data:eFCDA4wsm056C1Vzjer5whxItNoZNk7w3c0VvcpIMN0qrP6u7vZjEezsrT9OGv/sh7DLvVRx6qmIKZ6tw8kc7cutZB7OqfqwYLTTkPcXbVPIwCubjc4LseyFeXGhPQmQH52c8SCtKM/Ft9WMdlE624mpACLUXp7aKvGuiRkwREs=,iv:Qbt+GkUyYeopknU+z4nQ96q6blmuKS3gShQ8GuZ/qFw=,tag:OpUHMsil1ij3FbWIe43FAQ==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/apps/drone/resources/drone-secrets.enc.yaml b/apps/drone/resources/drone-secrets.enc.yaml new file mode 100644 index 0000000..f35c692 --- /dev/null +++ b/apps/drone/resources/drone-secrets.enc.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: Secret +metadata: + name: drone-secrets + namespace: drone +type: Opaque +stringData: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:bLbQALnKFmjIWayuvgJK+w==,iv:MXpJa4ctbumf8u7erB66dpu6umQFmcKry0rJijECSpQ=,tag:UE8z+UW4ulwG9i3NKyfO4w==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5oEn7d5MII2h1swwLS2YKHXLUYdTLZ9c4NU+j3xjk/I+ZdXZkXsy4mfewxWCZT+AmJHlJY2A1pB5t0nKFw5H,iv:bgoy8y+eOuIRPSuN7LZSQLVPnRjTVhBhUXJ2Vn54acc=,tag:LeuivYJtkSXtoMVRGz1F5A==,type:str] + DRONE_COOKIE_SECRET: ENC[AES256_GCM,data:zG8FSKnxIRVk7cCbtIP6VC2tbM+FfjFcg5Y6mTE19Tw=,iv:Ac50qD8l7CwtGxFFITl/0dMq1McHbztU7320v4pPWFs=,tag:JZCwGhJ+NQ/pdpULMzI+pQ==,type:str] + DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:qoH2QxBMwK+24ZsWe0F5VcbINvreEIdyT258uusu7BjjzEOWql8b5h8Ipj8fUK4lsPR+WnqG68TlGRYEZFM12o9EB7IPs8R47ERE6qfFN1Sdi5Vdf4kmEYWPnsJrJyc7mzovLTFJLwr85ZpYv64aSw7n0io13y0=,iv:1+xiSO+htrq381gpIri9/2I4CkzGSfT2Av0h3RXEQ5Q=,tag:f9Mg2CDo0HlkWpBkl6j+nw==,type:str] + DRONE_DATABASE_SECRET: ENC[AES256_GCM,data:qSNVcSzH0y0pCY07Y3yDjfMaPZFtPWEmf3tqq076n7o=,iv:XNJaU2kQJeS7iMJyIoAkwzVS3QdqLAZy/FbE3VFvYXU=,tag:FPYbmgQ8/VSkMexXko+7Nw==,type:str] + DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:jTR4bxuyrxt5llnRDuBHnughiIyzKQ2JEylh16wjZDIyWrid,iv:NrUudI15R+ZiaL3M/k70Mdfm20aerCWjDs6R0MHC4Hc=,tag:kfX4fNcCP4Xy//V72WzDrg==,type:str] + DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:0t8swJmx5qSvx7q9GsuRU+FOfcKxelIzDm5u16Nypfrqf5m9CbqmT39Uibj1wL8dWwx04Xo4mxc=,iv:agqn9RVuDq9WXly1AvckabpIyOqyK+0E89u4iItKRn4=,tag:KZLQlq+61QZtFGY/CnlQ2w==,type:str] + DRONE_GITEA_SERVER: ENC[AES256_GCM,data:BgMZnIL6OM5r4N+L4RU9t8Pf2XOEMYA=,iv:4dbpEY3iCMmwEOPwp40VDkOIYUOfCkOnRXsmf9P/acE=,tag:1Vb6R/s+sK1UnZBIkZXxKQ==,type:str] + DRONE_RPC_SECRET: ENC[AES256_GCM,data:dyaF1jehSfCk+3lbuPffibwpXEQCggb1O7YRNu1Li7Q=,iv:wBlkUev6z1F9n+BjDfa5NAXjBbGm94AEfdUqiwrxUek=,tag:y66eOgLjTnYA3ZYFgWMKTg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHUXdoTlVUYW1kSEp1eVF6 + OFVUbndGRjEvR0ppOW94K2ZEekpCTjNXQlU4ClpsRkVKd2JSTldacm9Ddm9OZ2N0 + Q0dtRUpTMmdIZkRwaDBHNUpmbG1Wbk0KLS0tIHM2OW9MYUord0pTT1ZRSXQvLzlN + VWR5WmNSTUF4MWNnVW5kQnBKUVZWNkkKErKeKJge7brrhxxZqlE7SOxQVcRczPhH + yd/bmsHwg84yOOsJejwXTMAmZcEns6qIHpq6PE7icqnsm40H6Ms1zQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RGhBQmZxY3BVK1JyY2JF + SUZDbUpQbUliQUpGM0VPQ3J3Y2txNXVVZlU0Ck1KY0NoM3IycUNPV0pkeWliVVNM + KzA5a0trQTN2ZDFmZUV3ZnlNVFF5K0kKLS0tIGdJWFJrNUU4UHFZSnNCMWMwSW5S + VGN1VEJlL3RxOXVwNmo3RTk4aUhEb1EKtAHu3KqQ7EH7SQE/Dvc6gfuSmkcsy3+c + 1xxDYh69cMHkV3q4Wfnqg/DyWUq6D7OE4tVAuzNfo1SzZuBHXXCdQQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-26T19:21:02Z" + mac: ENC[AES256_GCM,data:lwiL9GLN8fDPfIrKxqciJXOz7vUbgxtayfqQwrxp94TTOTaAnraKIy60RlkP2PJUuj9Rdcl7sTLSWRrkwgUq08xvNjEOnQ70TuWQAaSR9J0udWsvPQWn951xr3lzzkE6M6ZI/3JCX87gXrocAih1ogpU9b6uz4zUiuhuHk8UogI=,iv:OZJhT0XFhsU2+HZ1YhqAsZniGeBipQqYcP6CJFJjTac=,tag:LYzqKBUiw7ETaRETVOym5A==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/apps/drone/resources/namespaces.yaml b/apps/drone/resources/namespaces.yaml new file mode 100644 index 0000000..8d59bad --- /dev/null +++ b/apps/drone/resources/namespaces.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: drone + labels: + prometheus: default +--- +apiVersion: v1 +kind: Namespace +metadata: + name: inetmock + labels: + prometheus: default +--- +apiVersion: v1 +kind: Namespace +metadata: + name: blog + labels: + prometheus: default +--- +apiVersion: v1 +kind: Namespace +metadata: + name: buildr + labels: + prometheus: default \ No newline at end of file diff --git a/apps/drone/resources/role_bindings.yaml b/apps/drone/resources/role_bindings.yaml new file mode 100644 index 0000000..d5f604f --- /dev/null +++ b/apps/drone/resources/role_bindings.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: drone-deploy-blog + namespace: blog +subjects: +- kind: ServiceAccount + name: drone-deploy + namespace: drone +roleRef: + kind: ClusterRole + name: drone-deploy + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: drone-deploy-inetmock + namespace: inetmock +subjects: +- kind: ServiceAccount + name: drone-deploy + namespace: drone +roleRef: + kind: ClusterRole + name: drone-deploy + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: drone-deploy-buildr + namespace: buildr +subjects: +- kind: ServiceAccount + name: drone-deploy + namespace: drone +roleRef: + kind: ClusterRole + name: drone-deploy + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/apps/drone/resources/sa.yaml b/apps/drone/resources/sa.yaml new file mode 100644 index 0000000..74d0ac9 --- /dev/null +++ b/apps/drone/resources/sa.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: drone-deploy + namespace: drone \ No newline at end of file diff --git a/apps/drone/resources/sa_secret.yaml b/apps/drone/resources/sa_secret.yaml new file mode 100644 index 0000000..a59b1d9 --- /dev/null +++ b/apps/drone/resources/sa_secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: drone-deploy + namespace: drone + annotations: + kubernetes.io/service-account.name: drone-deploy +type: kubernetes.io/service-account-token \ No newline at end of file diff --git a/apps/drone/secret-generator.yaml b/apps/drone/secret-generator.yaml new file mode 100644 index 0000000..f0d0eac --- /dev/null +++ b/apps/drone/secret-generator.yaml @@ -0,0 +1,12 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + # Specify a name + name: drone-secrets-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./resources/drone-secrets.enc.yaml + - ./resources/drone-runner-secrets.enc.yaml \ No newline at end of file diff --git a/k8s/roles/hedgedoc/files/config/base.env b/apps/hedgedoc/config/base.env similarity index 100% rename from k8s/roles/hedgedoc/files/config/base.env rename to apps/hedgedoc/config/base.env diff --git a/k8s/roles/hedgedoc/files/kustomization.yaml b/apps/hedgedoc/kustomization.yaml similarity index 86% rename from k8s/roles/hedgedoc/files/kustomization.yaml rename to apps/hedgedoc/kustomization.yaml index d1babe8..11f996e 100644 --- a/k8s/roles/hedgedoc/files/kustomization.yaml +++ b/apps/hedgedoc/kustomization.yaml @@ -13,10 +13,14 @@ commonLabels: app.kubernetes.io/managed-by: kustomize resources: + - "resources/namespace.yaml" - "resources/deployment.yaml" - "resources/service.yaml" - "resources/ingress.yaml" +generators: + - ./secret-generator.yaml + secretGenerator: - name: hedgedoc-base-config envs: diff --git a/apps/hedgedoc/resources/config.enc.yaml b/apps/hedgedoc/resources/config.enc.yaml new file mode 100644 index 0000000..87973d7 --- /dev/null +++ b/apps/hedgedoc/resources/config.enc.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hedgedoc-secret-config +type: Opaque +stringData: + CMD_DB_URL: ENC[AES256_GCM,data:4nqueG0hIb5fPQbPJll+keWZVODpFxBUhVkeHTKJ2/J8Kpj8DMuU41HLQ1+iGFiUtEdv2LPvbgDOeXT4UR3zjDdGL96SpKbLQIKQlNjPWNfUXeHASkiIiMHh9Y7z3d/s2coopzk9ULTHs5XIMywCUoY8DX4=,iv:drx1hQdbsLbPSojSL79TFop1wni2KxNPJ+KwlOL9WQo=,tag:4JbriWueqRye/n3rnBpSkw==,type:str] + CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:X35aVIq7gnKpmqDRc7GTPA==,iv:awU1uonCr4xtgUB5/aFWWQOH+ztD8VQVj4b0wX/Lrwg=,tag:5VYSNlAVGuW1WGQHJfrsvA==,type:str] + CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:jM21N3cxeiKh/IJJY9Tka4cj77yzTmI6F8lxA/H69XErUnOy8Ve8NQWCGb6NkZvHCVelfs2FUoPtVitNbXte,iv:jNVspSWVTCco0R6sbRdn8EyIzA5YPziMzUrpf0q57ow=,tag:Oo6ppZnPo9umgCYMEDC8Zg==,type:str] + CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str] + CMD_OAUTH2_CLIENT_SECRET: ENC[AES256_GCM,data:biyLVbyONbJK2V16Zz9/MVdpdqu3iTzsyBVx0iKK5MCyNfU1Y0lV9g88w44junGvvby/LWOAEGs=,iv:uSRtuu+bHpt8JOVfw5BpCXjqWW07x0jJ8Ja2pIcoQf4=,tag:He4d6BrE1V9OJbNH3hrPcQ==,type:str] + CMD_SESSION_SECRET: ENC[AES256_GCM,data:Nq6arL1aE69BeTRjx4pA90xZqcOtqOb3R/Zt98FyIVd+Uq53dWsqURG2M+IQpvl9MEpY8FpUNY0=,iv:JaOAe8YgNVnDBzV2x1TSqMJq36Qwqazk6cCkWwseBZc=,tag:FMKKOhow/w5HLwfNarQdjQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cHVKUm5Nby9hSjdOM3JY + UWs0UWdrNC9FOVd1b1VjK1BmYVdwZng4T2tvCnBhYVdNbGFwWnBPMkJiSk1pbHlv + aGJTRjdsb1JrSHpIMk5JWEZNOTBoc0kKLS0tIEZscSs4SFVIVG5NanlUQU1IM1hv + M1F2WE1taWZ2bG0reU1EYWw2K1pZK2cKSHxed4HgSf0vKNGBMuFaS99znRPphkoF + TgjkD7nI/nyvflV0Bs1lqMlWZJsyY9+HaLp38j95mAcXc224SSBMxw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtd3k2MzQ2aGx0NmwzYU95 + QkVNVkJuQmdrOEUwM3FJNGFOZndxYWFTeVFZCmo3RnRQakxoelV6WmJHK3UyMnBZ + NTMvYkxqWHhYbjVBSkV5YjZlZTdndjQKLS0tICs5UlQwNHAvdW5oYXlqYTFFOEM5 + ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B + WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-25T20:06:34Z" + mac: ENC[AES256_GCM,data:WbkEZi02UASYMudLJVaQpuB7blx4UDm80dBiN0zPad6n5tRs+W0g5cahhMa9LkFH6mlUQbGTk4ndjQZgVeXVBE8LKyfvz+tlAP7+OR6yFx3AsHG1KCORolDJkFAQbqmV6fprvE0OxZZgPtu6OkSEMw2s5tdpRYr2EV1E2y7X0NU=,iv:AUeybEhdKQJNqBtTgpLWojk4x0aEpT5QFisEAQCFmWg=,tag:hAWw0vd8lzKeWbS1nb7fJA==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/k8s/roles/hedgedoc/files/resources/deployment.yaml b/apps/hedgedoc/resources/deployment.yaml similarity index 100% rename from k8s/roles/hedgedoc/files/resources/deployment.yaml rename to apps/hedgedoc/resources/deployment.yaml diff --git a/k8s/roles/hedgedoc/files/resources/ingress.yaml b/apps/hedgedoc/resources/ingress.yaml similarity index 56% rename from k8s/roles/hedgedoc/files/resources/ingress.yaml rename to apps/hedgedoc/resources/ingress.yaml index d60d33c..08b9dbe 100644 --- a/k8s/roles/hedgedoc/files/resources/ingress.yaml +++ b/apps/hedgedoc/resources/ingress.yaml @@ -3,6 +3,12 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: hedgedoc + annotations: + gethomepage.dev/description: Markdown scratch pad + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: https://md.icb4dc0.de/icons/android-chrome-192x192.png + gethomepage.dev/name: HedgeDoc spec: rules: - host: md.icb4dc0.de diff --git a/apps/hedgedoc/resources/namespace.yaml b/apps/hedgedoc/resources/namespace.yaml new file mode 100644 index 0000000..11e4e32 --- /dev/null +++ b/apps/hedgedoc/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: hedgedoc + labels: + prometheus: default \ No newline at end of file diff --git a/k8s/roles/hedgedoc/files/resources/service.yaml b/apps/hedgedoc/resources/service.yaml similarity index 100% rename from k8s/roles/hedgedoc/files/resources/service.yaml rename to apps/hedgedoc/resources/service.yaml diff --git a/apps/hedgedoc/secret-generator.yaml b/apps/hedgedoc/secret-generator.yaml new file mode 100644 index 0000000..6dc7149 --- /dev/null +++ b/apps/hedgedoc/secret-generator.yaml @@ -0,0 +1,11 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + # Specify a name + name: hedgedoc-config-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./resources/config.enc.yaml \ No newline at end of file diff --git a/apps/homepage/config/oauth2-proxy.env b/apps/homepage/config/oauth2-proxy.env new file mode 100644 index 0000000..fe185d7 --- /dev/null +++ b/apps/homepage/config/oauth2-proxy.env @@ -0,0 +1,11 @@ +OAUTH2_PROXY_PROVIDER=github +OAUTH2_PROXY_PROVIDER_DISPLAY_NAME=Forgejo +OAUTH2_PROXY_REDIRECT_URL=https://home.icb4dc0.de/oauth2/callback +OAUTH2_PROXY_LOGIN_URL=https://code.icb4dc0.de/login/oauth/authorize +OAUTH2_PROXY_REDEEM_URL=https://code.icb4dc0.de/login/oauth/access_token +OAUTH2_PROXY_VALIDATE_URL=https://code.icb4dc0.de/api/v1/user +OAUTH2_PROXY_REVERSE_PROXY=true +OAUTH2_PROXY_UPSTREAMS=http://127.0.0.1:3000 +OAUTH2_PROXY_EMAIL_DOMAINS=* +OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:3001 +OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true \ No newline at end of file diff --git a/apps/homepage/kustomization.yaml b/apps/homepage/kustomization.yaml new file mode 100644 index 0000000..fcd8797 --- /dev/null +++ b/apps/homepage/kustomization.yaml @@ -0,0 +1,34 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: homepage + +images: +- name: homepage + newName: ghcr.io/gethomepage/homepage + newTag: "v0.7.4" +- name: oauth2-proxy + newName: quay.io/oauth2-proxy/oauth2-proxy + newTag: v7.5.1 + +commonLabels: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +resources: + - "resources/namespace.yaml" + - "resources/sa.yaml" + - "resources/sa_secret.yaml" + - "resources/cluster_role.yaml" + - "resources/cluster_role_binding.yaml" + - "resources/deployment.yaml" + - "resources/service.yaml" + - "resources/ingress.yaml" + +generators: + - ./secret-generator.yaml + +secretGenerator: + - name: oauth2-proxy-base-config + envs: + - "config/oauth2-proxy.env" \ No newline at end of file diff --git a/apps/homepage/resources/cluster_role.yaml b/apps/homepage/resources/cluster_role.yaml new file mode 100644 index 0000000..099af66 --- /dev/null +++ b/apps/homepage/resources/cluster_role.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + - nodes + verbs: + - get + - list + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - apiGroups: + - traefik.containo.us + resources: + - ingressroutes + - ingressroutes/status + verbs: + - get + - list + - apiGroups: + - metrics.k8s.io + resources: + - nodes + - pods + verbs: + - get + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - get + - list \ No newline at end of file diff --git a/apps/homepage/resources/cluster_role_binding.yaml b/apps/homepage/resources/cluster_role_binding.yaml new file mode 100644 index 0000000..dfacea2 --- /dev/null +++ b/apps/homepage/resources/cluster_role_binding.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: homepage +subjects: + - kind: ServiceAccount + name: homepage + namespace: default \ No newline at end of file diff --git a/apps/homepage/resources/config.enc.yaml b/apps/homepage/resources/config.enc.yaml new file mode 100644 index 0000000..e960f35 --- /dev/null +++ b/apps/homepage/resources/config.enc.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Secret +metadata: + name: homepage-config +type: Opaque +stringData: + bookmarks.yaml: ENC[AES256_GCM,data:EpNhM/Uaoo/zGpsbsrmLvNSSAplc1pUrOA1LP2wZY4zh3fgHc/f47e95j59Wa9YScGbEx3/+nzUbvQmW2i1zjV+9pLQRcBg6RsBWhRcwLlmcTA==,iv:5pxGhroFCqv1jaDQY0FZN1ReJ3H6HSrdaQFWzekKczU=,tag:ebhZM3Ux5SwbXupEA+qsHw==,type:str] + custom.css: "" + custom.js: "" + docker.yaml: "" + kubernetes.yaml: ENC[AES256_GCM,data:I+/V1rEWrQ5AH7mt8g==,iv:hMiXMxRKXLaJItecxULvDkzV0pdF1VwridsfgvG6pKU=,tag:9c9lLvSsHPqPZnBbWcm0/Q==,type:str] + services.yaml: ENC[AES256_GCM,data:3d8SWZ/mmKnAkaC3IHpsuz8pbB2+XA5dKb+skTbpnxOhJmEHpTVpzEPS7s7AdaPZbuHPSN2HMgURKF3/tgwNSje7a20W+ApUc1nNfqBnCldzz14gVJp9X4JVtY/9COc3lmSBgkFoQTv/HmLlxtIps3eYfUU2lfabZiMMYWKKvJ9kpIDamsQCwmwP2w/scf5bUXs7xmmq7tLZHuEY4R3e1cuZrlukF3ZhIyIugCb6G7J8zAPZxMnaQ+shewLaRijcPqk+Oj8GgucPnr8IGLC83QXpbbE5XhSCYNNSWYDXyDukuBoulQuzJTR3UfmmdiqKCT+U2m06p+JeEnXOtOe0ovjMc/cb2e9UruBp4NqMBKw0ZaXKJBb4dRkDgBr8KZm5iHFFqO9b6aVDQR8g/CB4dMJ+2F6uXf2nGdEoMTW9x3Jdzgssvu1E8GIGA69l5CaDfY02n1s9pJQnSewK5oft2f9VKKbXVZ+C3Hbvfo/hLi6hGQCuwLYABPYfSlTXbc4w1mNHjMH79axO0lQfra3RPHdl9zfLc8yvaAMn4JGSb4m4yk/85ymX46QHrQL7OWoM8zpiknCrbRmty9hSRQ0j2IoKXBeZf/xuzhukZqJbJztfOs7RrALZg33z/U/xmGnNdTKVpBf3gF6Oltvt1alzfnWSjpBUAgpVtpUdXPtqm7EiCCwDbk7qWGm/hJpY9gfl+GLRZ5iieUroycGahqFMJV3u20/DD8vAjf1H30a1uenDfmiEqdqRCUFndsY/hWAMik+dZKu1RBrWNp1v/CJqxJ8=,iv:KBXZ45bV9tosXm8isbs+twA9ghQ5T++6NUOt+zzaC/4=,tag:19ivPWPlJP8kI2qeRUVvqw==,type:str] + settings.yaml: ENC[AES256_GCM,data:yvYu7VrWPeDZWEeiLCx7ow76HRgmEWVAfczOkZFlpc1Yrq5ASISiXhk=,iv:2s0Kz25YMh7yZ6CotJhFdLEiAbvEFYNzp3ghksbWm28=,tag:q1bl1+s24KGgj8N7cpEjVw==,type:str] + widgets.yaml: ENC[AES256_GCM,data:ph9yvrX38L1RqCi8L0fjPQF7BmNNksdBiZdhBUoomw+xjF+99Nn+fj6AQVo2WvFy8LKsx++lT36eAO1WJR4i1HvTjTcIPSzMcVeM7TxvEsNEX9ZVzxqaneo7w3/R6FcjnAHLqMbDya9oqmEVUkBiwXcfQevWEZLff0KLWBeDdH8ILRGY0DLwSteWw2bwnkhsJkUahMbNihA6x4aKGMTQwQjJOGlh8WGDEC9fvq+BVu0bfJ5Oqy4eO2pynI6sGdHlX30456puDFxhha3Hc/Okckoek2+G6CfMFC1u5NSfatqqSNaWmgRFtJlRkDuAoGupMQhlocKrlHWG9KyLwAp75PiK5/P1bu9+5YlkBHipiJMQaeqnh+3E7BRY/QL7Q4dsgVA1c+lRwgh2iY+6snWIlPfxGHYt5aJIPjdGynDZCS6lO5eUhjvRzYFDUjjVUhllLTwJodqTYBqZj3sqMnIjlV1AN0eKDilAD7A3ovMFGeFaqXAMkJ1qqTO98Q0EtqlC1m7TLnbuuYT24R3t7F35jvFMAkapIAoE4kTaChwq5FRwtWSf25IDXhfK0Yc30j9374fYZ6Hj95sf1GtRp/n2Hv9mVZ7RN13uelHJAqK+QBdIGNGLE7eamMhrOjcI8LkQMc7doMWsqgAFgdrZ1rp2HLayVa0cxCU7tTcJn2qCamTYFRquEO/oNaCwdNHTsKWH/phzEwz9BEz/c0vNEc0xLn3cXIUbwL0/C9DFyA+HHLNiAP/KkRAa+cWNnCyihkdSGTK82p9yiAZG74c+ZJPWFOi2XakTmSM=,iv:hUKLr3J6G660sUJbHx7y40q4sU2Zve64KAHdVxe8nGg=,tag:dIRk9SulLYfE0Th3eX12xA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQVVaUUl4NjV6RkdpTzh3 + WEZIR3hScC9RaDlHMnJscjdWN1RZMXVmSEhNCnZsUGtuOGV6MWVadHdZcGpjOU9j + UDNPNW1WRXdWT0Z3SndDeWkxWEQ5SkUKLS0tIEsrSXZyTHI5dmt2dktsZDFrTm92 + VTVlZTNqUFR3eXNBVW1DMVVLSzZJSkUKPy0xO7yQuuy+fzngITe71drKxsRvZUoI + je3yUDNG0oNk/vVLityGc0p+4K0YBTCwQbNReEtG3gaNytcM75zcGw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3K2lNaUgvZjJqV3V5MzVy + ald4MTVIUWU1WG1ES1Yza0JhaWhFTDFCMVNnClRqajloVm51WnZsNG9SSGFDUG5S + YnZwZ2NGVlowaTJIcGtid0crVlZ2a2MKLS0tIHNuaEhtd3VXcDNKYzUxZjE1ZEkv + dWZHWXNNQlBIRTA1dFZXdXM1ZzlFSXMK3BJyrwoIRldG3lrGpNKiMA0QWNQA1jt1 + zEqT2pgENYG8SZLXHKH3Ywrb9fNjHYPajLC6bYxkwTqTSIziNiwmaQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-25T19:41:17Z" + mac: ENC[AES256_GCM,data:bsjhBINLZxZUB+KUMKmJ1gFD+bkzZ9xSX0iClGRmBZb7dh2rMNPKjCfPGRdYkLEcVbREbbHYPgw74RrHYlc7cjDWiNQEB2i8xkPCScE5B8xQxmHQOIkWW4u2IR26vqPhslXI5ucYi9ojO6I5vrtbuIdxvVAdHUyqjNOz1o4/vFY=,iv:cwMx4ItAph0ETcJf6MJhIDd49eK7G7Bk9bGCksNhF0M=,tag:uv8Qd8jbnTRQKiz8BhXSOg==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/apps/homepage/resources/deployment.yaml b/apps/homepage/resources/deployment.yaml new file mode 100644 index 0000000..ad178aa --- /dev/null +++ b/apps/homepage/resources/deployment.yaml @@ -0,0 +1,64 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: homepage + template: + metadata: + labels: + app.kubernetes.io/name: homepage + spec: + serviceAccountName: homepage + automountServiceAccountToken: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + containers: + - name: homepage + image: homepage + volumeMounts: + - mountPath: /app/config + name: homepage-config + readOnly: true + - mountPath: /app/config/logs + name: logs + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 512Mi + cpu: 200m + - name: oauth2-proxy + image: oauth2-proxy + envFrom: + - secretRef: + name: oauth2-proxy-base-config + - secretRef: + name: oauth2-proxy-secret-config + ports: + - name: http + containerPort: 3001 + protocol: TCP + resources: + requests: + memory: 50Mi + cpu: 10m + limits: + memory: 100Mi + cpu: 20m + volumes: + - name: homepage-config + secret: + secretName: homepage-config + - name: logs + emptyDir: {} \ No newline at end of file diff --git a/apps/homepage/resources/ingress.yaml b/apps/homepage/resources/ingress.yaml new file mode 100644 index 0000000..252bdc4 --- /dev/null +++ b/apps/homepage/resources/ingress.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage + annotations: + gethomepage.dev/description: THE home page + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: homepage.png + gethomepage.dev/name: Homepage +spec: + rules: + - host: "home.icb4dc0.de" + http: + paths: + - path: "/" + pathType: Prefix + backend: + service: + name: homepage + port: + number: 3000 \ No newline at end of file diff --git a/apps/homepage/resources/namespace.yaml b/apps/homepage/resources/namespace.yaml new file mode 100644 index 0000000..72042c3 --- /dev/null +++ b/apps/homepage/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: homepage + labels: + prometheus: default \ No newline at end of file diff --git a/apps/homepage/resources/sa.yaml b/apps/homepage/resources/sa.yaml new file mode 100644 index 0000000..ea558c5 --- /dev/null +++ b/apps/homepage/resources/sa.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage +secrets: + - name: homepage \ No newline at end of file diff --git a/apps/homepage/resources/sa_secret.yaml b/apps/homepage/resources/sa_secret.yaml new file mode 100644 index 0000000..9460a80 --- /dev/null +++ b/apps/homepage/resources/sa_secret.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage + annotations: + kubernetes.io/service-account.name: homepage \ No newline at end of file diff --git a/apps/homepage/resources/service.yaml b/apps/homepage/resources/service.yaml new file mode 100644 index 0000000..dba034a --- /dev/null +++ b/apps/homepage/resources/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage + annotations: {} +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: homepage \ No newline at end of file diff --git a/apps/homepage/secret-generator.yaml b/apps/homepage/secret-generator.yaml new file mode 100644 index 0000000..5e05287 --- /dev/null +++ b/apps/homepage/secret-generator.yaml @@ -0,0 +1,11 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + # Specify a name + name: homepage-config-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./resources/config.enc.yaml \ No newline at end of file diff --git a/apps/nocodb/.gitignore b/apps/nocodb/.gitignore new file mode 100644 index 0000000..711a39c --- /dev/null +++ b/apps/nocodb/.gitignore @@ -0,0 +1 @@ +charts/ \ No newline at end of file diff --git a/k8s/roles/nocodb/files/config/base.env b/apps/nocodb/config/base.env similarity index 100% rename from k8s/roles/nocodb/files/config/base.env rename to apps/nocodb/config/base.env diff --git a/k8s/roles/nocodb/templates/values.nextcloud-keydb.yml.j2 b/apps/nocodb/config/values.keydb.yaml similarity index 100% rename from k8s/roles/nocodb/templates/values.nextcloud-keydb.yml.j2 rename to apps/nocodb/config/values.keydb.yaml diff --git a/k8s/roles/nocodb/files/kustomization.yaml b/apps/nocodb/kustomization.yaml similarity index 64% rename from k8s/roles/nocodb/files/kustomization.yaml rename to apps/nocodb/kustomization.yaml index 519eb1b..9329f11 100644 --- a/k8s/roles/nocodb/files/kustomization.yaml +++ b/apps/nocodb/kustomization.yaml @@ -13,12 +13,24 @@ commonLabels: app.kubernetes.io/managed-by: kustomize resources: + - "resources/namespace.yaml" - "resources/pvc.yaml" - "resources/deployment.yaml" - "resources/service.yaml" - "resources/ingress.yaml" +generators: + - ./secret-generator.yaml + secretGenerator: - name: nocodb-base-config envs: - "config/base.env" + +helmCharts: + - name: keydb + repo: https://enapter.github.io/charts/ + releaseName: nocodb-keydb + namespace: nocodb + version: "0.48.0" + valuesFile: config/values.keydb.yaml \ No newline at end of file diff --git a/apps/nocodb/resources/config.enc.yaml b/apps/nocodb/resources/config.enc.yaml new file mode 100644 index 0000000..a3aa246 --- /dev/null +++ b/apps/nocodb/resources/config.enc.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Secret +metadata: + name: nocodb-secret-config +type: Opaque +stringData: + #ENC[AES256_GCM,data:Hs6V,iv:5x3mHRFQ64to+CJGDDx+JNW1IEnHJ/ybe6JeecPJNeE=,tag:PBkuJceINQDF0YdjqmtcjA==,type:comment] + NC_DB: ENC[AES256_GCM,data:OkLE4jyqG4jH0bSH0bU0oGrm5ARbXOaw91MQOM6IfqVMOd0Z+Z9z6bHc1iFrt5NvQlNeJm/ivHxaj3fX0kyOp5Y5JQq9sJfkOPaOxYbI2Z5VCQymxFreT/5sH/it8cLqpkt2G5r1PIpch0p3,iv:nuv8A73AYhCWhIRp0o3IN2YV0xo7l/gtlv8EgBeJ4uk=,tag:FyNH9FvTz3P+kod52kCHLw==,type:str] + #ENC[AES256_GCM,data:MQnRuJg=,iv:E82k3W8MaSx0BM7hXCkY1tN+H7D5S1kDPKmvP3Gi4/4=,tag:H4502GVmN8WvwPsiek5VpA==,type:comment] + NC_AUTH_JWT_SECRET: ENC[AES256_GCM,data:Js/NIpruZBw9hqvEP8cC0poEh5jf99mPd7fpDEJYsfNf5bGNN1hdXgypl8Y=,iv:aYw84L2YA4NBkICn/kP8eo345O4hEE87MwodzmlAGZk=,tag:5wyFoE9zpV9bp1ltheVHIQ==,type:str] + NC_ADMIN_PASSWORD: ENC[AES256_GCM,data:sKchDix8Q5VtC56G6cjT1rbO4h0/wzy+bFm9TUbhtvA=,iv:eR7nEDGn18t8hPMZK2xV26EvmrGmiWGuGFF1vgR0giA=,tag:KHLXghuZ8FE2oQ5HOkQbiQ==,type:str] + #ENC[AES256_GCM,data:48558Bjlc8t8SgJRrG1FH1Bs,iv:7wiJ1kI5A373sHUZXdHzJVC+jRTtI9fCLal3uo3TQXg=,tag:QOC0SCF9aJQNp/Gir6UyMw==,type:comment] + NC_S3_ACCESS_KEY: ENC[AES256_GCM,data:5KLAyGVTRJmdv+Pf4VLtxA==,iv:YluvNO+9YH9i/kJiiAwriQx5+zd1WXuvR0Grne8hHk0=,tag:WsULzFKDgHspG/hfBLQuOg==,type:str] + NC_S3_ACCESS_SECRET: ENC[AES256_GCM,data:Zquz2bKAYoHYWvKde1HqlNSC7kD66xYS9ZU51RYvWaYZGCk1vP+mC1iqmSRn0L9yjictpDJU6QtTzm9QTDBT,iv:oHaWAXWIqdz3DCtTuzeoN1OGE4dn6iNKR43b/VF4Evo=,tag:+1ROQuBjpceJHDkCFhz4Yg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUkJmeVlidTVPTXhJanJT + WmFwMXB5d0hRVFFkTnJmK2JGbmVYNWYza1JjCjNCK0xnTFViN0o3Y1FKellnelR4 + dk9qM1A4NHgvYWZpNW1wRVFHZnVrbk0KLS0tICttWE13RVF6Y3N5RFpMenpsQmp0 + aElkeEVMN0hnS25QamEyZGNHRkY1Q2cKxi/tu37yGgnUh5pbO3gb+aWp0P4SJZQj + 8uW0zavu2ppT4gk/3v3u8ty8sD5rCSaBih0XM2f8+i6LdFHIzcQE6Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCb2pGSHlvKzFQdFNoQ2V6 + ditvYXFNVllETXJIbk9ETHEraWN4Mjk5bkJRCnVyT0YySU5CTk1DUUlCazhOeWYz + WVpMVVIrc3BqTU41d0tkaHNTa2NoQ1EKLS0tIGRwVEJQejBDL0kwYnIyaVJVOEla + UmFSZEd1ekI1alFVOG1qUVNBcHFUQlUKW7idC59jIRv2NgxxwDIMAYRe9tvBI6or + rjkpmb3b1ONLX470pY4FtmejOw02rm7YoeFTLPSePQgeK/+7tE3P+Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-26T19:51:21Z" + mac: ENC[AES256_GCM,data:Fv6ttgDO4Y+SOwxNh6Qa14EZXvYbao9SL8wekODKs4S7jhY16pGfziMkqWXkc7pzb+BszeBO9Ajc+XZ5GpGg5EAbSdb8faZgsg1lBN6JM4ptbV7E8F6wB3iBNDb0aW4W3Oq35b4CBzjUbP7Sh+SkxnSpla8LLK/wZTs+fMhkTZs=,iv:3KjNdKoM3FEvlaT0YeeQVcBSoc3v1exmBl0FYYCXrLc=,tag:E1qsnAqpCMUjE9Xng9EQdw==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/k8s/roles/nocodb/files/resources/deployment.yaml b/apps/nocodb/resources/deployment.yaml similarity index 100% rename from k8s/roles/nocodb/files/resources/deployment.yaml rename to apps/nocodb/resources/deployment.yaml diff --git a/k8s/roles/nocodb/files/resources/ingress.yaml b/apps/nocodb/resources/ingress.yaml similarity index 61% rename from k8s/roles/nocodb/files/resources/ingress.yaml rename to apps/nocodb/resources/ingress.yaml index 4779b74..803abdc 100644 --- a/k8s/roles/nocodb/files/resources/ingress.yaml +++ b/apps/nocodb/resources/ingress.yaml @@ -3,6 +3,12 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nocodb + annotations: + gethomepage.dev/description: Data workspace + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: nocodb.png + gethomepage.dev/name: NocoDB spec: rules: - host: noco.icb4dc0.de diff --git a/apps/nocodb/resources/namespace.yaml b/apps/nocodb/resources/namespace.yaml new file mode 100644 index 0000000..cdd57da --- /dev/null +++ b/apps/nocodb/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: nocodb + labels: + prometheus: default \ No newline at end of file diff --git a/k8s/roles/nocodb/files/resources/pvc.yaml b/apps/nocodb/resources/pvc.yaml similarity index 100% rename from k8s/roles/nocodb/files/resources/pvc.yaml rename to apps/nocodb/resources/pvc.yaml diff --git a/k8s/roles/nocodb/files/resources/service.yaml b/apps/nocodb/resources/service.yaml similarity index 100% rename from k8s/roles/nocodb/files/resources/service.yaml rename to apps/nocodb/resources/service.yaml diff --git a/apps/nocodb/secret-generator.yaml b/apps/nocodb/secret-generator.yaml new file mode 100644 index 0000000..6823d9c --- /dev/null +++ b/apps/nocodb/secret-generator.yaml @@ -0,0 +1,11 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + # Specify a name + name: nocodb-config-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./resources/config.enc.yaml \ No newline at end of file diff --git a/k8s/roles/zipline/files/config/base.env b/apps/zipline/config/base.env similarity index 100% rename from k8s/roles/zipline/files/config/base.env rename to apps/zipline/config/base.env diff --git a/k8s/roles/zipline/files/kustomization.yaml b/apps/zipline/kustomization.yaml similarity index 86% rename from k8s/roles/zipline/files/kustomization.yaml rename to apps/zipline/kustomization.yaml index 3983e93..4a73626 100644 --- a/k8s/roles/zipline/files/kustomization.yaml +++ b/apps/zipline/kustomization.yaml @@ -13,10 +13,14 @@ commonLabels: app.kubernetes.io/managed-by: kustomize resources: + - "resources/namespace.yaml" - "resources/deployment.yaml" - "resources/service.yaml" - "resources/ingress.yaml" +generators: + - ./secret-generator.yaml + secretGenerator: - name: zipline-base-config envs: diff --git a/apps/zipline/resources/config.enc.yaml b/apps/zipline/resources/config.enc.yaml new file mode 100644 index 0000000..835354b --- /dev/null +++ b/apps/zipline/resources/config.enc.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Secret +metadata: + name: zipline-secret-config +type: Opaque +stringData: + CORE_DATABASE_URL: ENC[AES256_GCM,data:yfEb6JfVXws1d9hgLggSCMd3Wj6IN9oul9Atc3mnv6Wf61b7RXzvRxAm6Jh9kI8/4Rujb5AAfUGSFcfSFGTtLE+ZrCNO5FN+sYmviDpegMBZPLj0/FBipCsAqqhbVMjDpIgIzFsEDplJ+w5loY3LQvLs,iv:TDED4Us+87Y58SiBZMLbjo98uEFaQoQGoMz5VtoR16M=,tag:mUlgfZEDyTRcjNIyygBQsQ==,type:str] + CORE_SECRET: ENC[AES256_GCM,data:taa93xNb8h0vUVdWgDQ69+PQr541weQQmGJWau+2fXdTm13VtOLv2sH430Y=,iv:vxh60WKz2MM62O1AA4Uzxsz8rvxkdQTKxBfpjAOa1KY=,tag:OF5fOv5W+2U4yaRHOo2ohA==,type:str] + DATASOURCE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:v9qPjC25URN5AANOsXYCpQ==,iv:PuBrLEVmME3nFLPLW/KZQ9cBm0xjdLJg3NZ+ywktP2E=,tag:Xy0xeViZ1TD4g72VdpCSrA==,type:str] + DATASOURCE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:YkErE1Enmw70fD53Q1xs175zm58SGPblj3lUXFwG01i7vLXFPhlw3MezcF9Oi6a9Lobw/NzYVhXVaZZjVJ8w,iv:zy/F9GwdE2aR3sGCd7aCurcsBRI5e0qHVqvBuZxFtm0=,tag:1DstmxoIX0yCe4X5Gz4YeQ==,type:str] + OAUTH_GITHUB_CLIENT_ID: ENC[AES256_GCM,data:7a773t7iacejEQayPqUbkKxL2XY=,iv:tfZuc2oTEmB/LI1BvPTbPVoA07kSW0AG4FH+8yJ72/A=,tag:B/kD0/rOW38trSpe+LVH5w==,type:str] + OAUTH_GITHUB_CLIENT_SECRET: ENC[AES256_GCM,data:IgxkqECtYbUdc3u/o2AATlQVkVPtcRU0+zvjwBLWNoPYdneWd2YBJg==,iv:XQq/HjK3wca31T8g5zqIreJ58Ar6GptLK3Um0Eh1CHY=,tag:lfvAOFAtj57mPPHdIdW7mQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEWWFBMUF2aGpEK0dNdGQy + aHdxY084UnNZS2xrQ21McnYzTlpsOFFwVjN3CkRuNWlTeE5ObEFwRGZsekJFV3pJ + QW9mNk1xMDBmb2hlRENRUGF2MmF2NGMKLS0tIFVtUkdyWU9ZTmwxSVh6dVRIM1hK + Q3NxUHV0T2JjM0krZStCWDQ2RmdRc0EKS6LHARFCZ/9Vww3TyhrEBgvOY/lWGDLP + cRvq9w+7qQYgsO0KCC+hfxDVbtZdbRku/2ZXr9cv8Vv/PgFJhwHScA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbVZXMUFPbWovc0lnek5J + WC9zaEZTaWh1V2pLbFhBQXBvSjBtcFp1MGx3CnFRSlpGTkJEMjNhd283ekNhYnIw + Q28rS2trMVN5UWljZkJoTmdHWjBNeEkKLS0tIFhWYjV0TzhnVzAyT0RvWHB5Vjlm + eEQxM25tM2FxY1RvNEhxQWk2cE1wdTgKFq1rbrN1ScKuujg2xyRaESwswoMu2+zr + LvIVDhLTl4jyUb0WH8Iy8/xQhUhsp7KJnccXFoCc5TFE7QzEKfrv6Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-10-26T18:54:35Z" + mac: ENC[AES256_GCM,data:Vzm8EBTJXvPNFeV/6UlnVzeId41SiiVpEftTdrDBxTD+5bDU6xq047MzLGGzo4dhFmxOXD7PMbQw40fcEZz2+DT9BOzuk8JBDIN7d+WhOtrwXjP6fqtvqpYqc9Go1VHbhVpNApYyK7fhz7eqfARmlZNam7XD5dySJnjccuXSujk=,iv:4CW3t7b8EsFtMnHQ24oDOhnffNmTRnK2x4MTaXiPHRE=,tag:9+ZFYyAatfc4dUnY67RzAQ==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/k8s/roles/zipline/files/resources/deployment.yaml b/apps/zipline/resources/deployment.yaml similarity index 100% rename from k8s/roles/zipline/files/resources/deployment.yaml rename to apps/zipline/resources/deployment.yaml diff --git a/k8s/roles/zipline/files/resources/ingress.yaml b/apps/zipline/resources/ingress.yaml similarity index 61% rename from k8s/roles/zipline/files/resources/ingress.yaml rename to apps/zipline/resources/ingress.yaml index 5f9d5bc..22f2010 100644 --- a/k8s/roles/zipline/files/resources/ingress.yaml +++ b/apps/zipline/resources/ingress.yaml @@ -3,6 +3,12 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: zipline + annotations: + gethomepage.dev/description: Sharing is caring + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: zipline.png + gethomepage.dev/name: Zipline spec: rules: - host: share.icb4dc0.de diff --git a/apps/zipline/resources/namespace.yaml b/apps/zipline/resources/namespace.yaml new file mode 100644 index 0000000..c2c1e5e --- /dev/null +++ b/apps/zipline/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: zipline + labels: + prometheus: default \ No newline at end of file diff --git a/k8s/roles/zipline/files/resources/service.yaml b/apps/zipline/resources/service.yaml similarity index 100% rename from k8s/roles/zipline/files/resources/service.yaml rename to apps/zipline/resources/service.yaml diff --git a/apps/zipline/secret-generator.yaml b/apps/zipline/secret-generator.yaml new file mode 100644 index 0000000..d662774 --- /dev/null +++ b/apps/zipline/secret-generator.yaml @@ -0,0 +1,11 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + # Specify a name + name: zipline-config-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./resources/config.enc.yaml \ No newline at end of file diff --git a/k8s/configure_cluster.yaml b/k8s/configure_cluster.yaml index f8610e5..690b5e0 100644 --- a/k8s/configure_cluster.yaml +++ b/k8s/configure_cluster.yaml @@ -3,14 +3,10 @@ roles: - role: cifs-csi - role: coder - - role: hedgedoc - - role: nocodb - role: prometheus - role: postgres - role: hcloud - role: minio - role: gitea - - role: drone - role: fider - role: nextcloud - - role: zipline diff --git a/k8s/inventory/group_vars/all.yml b/k8s/inventory/group_vars/all.yml index cd90027..f58eca0 100644 --- a/k8s/inventory/group_vars/all.yml +++ b/k8s/inventory/group_vars/all.yml @@ -1,138 +1,149 @@ $ANSIBLE_VAULT;1.1;AES256 -65613032633935633062303533363430366230613563656130383863333566316132333861633230 -6534656562653935303135303966646433373832313136300a623636646431623465616561333730 -36353534353162353234366665303865656563643862636235376339303633353137373661393562 -6264353137396138380a646637643535313833373330386533373739363532306138373633623063 -63393561353362333361356164333264313666313764626639383935386139623837356335383130 -33613437653132356238316165383238306161633361613831383836366233373831636561643230 -30626464383862633235656562656136613236336161386666633737383664626530643630393962 -34383436653039626430303364316337663433383332393532653431313734363430353430663331 -30356164623039633066616266623239633139333264666636323039623663623136623566363737 -31353666626237393639633532303664346138306162303461363537653234393837353039316436 -31616137623664336437653130656566396466336262373063313364343632633038346336383036 -38343261356566356335646563653962343230313061626536336362636133353361303364653437 -37353535666465646135323536373066646332313361623034343038303038613530616561653339 -64333766643431326534646364396630383262623861346434623139613930373539383733623636 -30313934313766626566613063623038393632663432666233356566646364313861316361363164 -61333237353336616666366437326239353264323338656361386161346166633135653665373261 -37363064343061643165663732376133646135353337356331333666373631336664323531373533 -30306539616661366536353739656331396565393138626162323735373366383563343130656366 -61616664363338616132363534343431346536373363326266393864346138323939643937366466 -37656331386166333130343237623639663964333333376434663030343835626438333731366466 -65653539373535383364326635343462653638363436646436656162336566343030616366383937 -32336637333261613035666664663636353931353234636664656336366464356463303038303736 -34326432386436616335313632363566326362653565303366613966306433663163313832613361 -33653231316630623430386164633530646635393734383239303863333566643963303962323139 -38643736646563656638303265313537343235613765323435333136613330623336373065393165 -33616433333234633333626563323265666434383465353936333835393439323035663535356165 -36303962353130643136326136613338336335633033633835366438643236383463376133343266 -33343862376233396537623334386135663139376665303331373630663039383630383234313164 -66653764353064616366373661613065356264373939663537643361373831343830393065336232 -36343531393233626632396338656539666539306131306336313239393935383432623631613664 -65373634396537386461663332646132356333363634303561656235636337393238363366396362 -30303862376631353031653662356230633734376337326336663132333661643836346139666563 -30393564353565323664363730646364316132373939336135343463306636656535653262333132 -63366135646235653539636632626463313434613033616136386433666539313065313832653338 -32396533303130323633333336303363623263316433653932343332336438366431343161666432 -34623739333062636532376230393264303638353934643361616636306236613939323134326130 -39316365636434653265366432636134363935326335636133356639656165356336613034613039 -37333538383136336335313234303134343739363038323836323538623932333362366162333630 -37343236616539343266313665373662363665303063333134393830336433343431666166313665 -39396335313731393233383234663031396634333034303661636434376634333533633265666230 -34633561623139666363663165653264653533653939306234313637353062656330316335663865 -33613634346265646162653163303239386263303132323831366538626136363331636162376231 -38363464623830343630336238323532363564353130323237343265626230346332356537636633 -64393666643830376535363730663430623230343564646264623237363332393639656434626235 -64303637623930373137666332643233326137343864343735623237386531323638326465353861 -64343234653065626163313836663832306161386464376231363164646366383066313437393631 -36343234643237653463643265623036303436333362666433623061376436633762346634396662 -39396661653037373862313730633130653033393566313064336135636162316563303531373134 -35643862613962653261383633646331353533333332666535636163303930323031616363323136 -39616233326636636231366435616439373330333439346563343937633764326130323231373730 -33346230336334623633376633366566656636643738323864626666623832313830363132613430 -37613133343433343932343965666563663132353763313261613738386338623030303437313238 -36616637646433383466333866363638363733366136313436313765653730316330663533626130 -30383763633762613638643136366665306537373366396339316136646462653039373231623832 -33303461633531303737623061643063366238396464303832353334356336623164363238656230 -36323931333066343033303961313765363930353039653530633531346532316663323966346535 -32313132366639653666626661356235313236613130303662343935643534373433323763633032 -62333963373264323736396639376530653434353036336562393434383639366163316232353439 -38363630343138323864653031333830363330633363376165373239313263316234616131336139 -35333332633135323266396334313432323633633834633764316432373532633865323766616438 -64303833333366386562326630616635663336373562303861366437663238376438663166313666 -38393462663939623035323337393538666166306263393662663432323334653833666532363432 -32366333313161306134623130613161353863346233663030633166616434643232653530653336 -30333739656463393639663663313331346636353062306237323739373639326338386338303065 -38383961396239636661373534316639333461323539323262326332366263313933396563616161 -61663232326162616565313232303836353431666663623734656136643936323266336261326331 -34353262393361653863393630363434636361616334376236626465393263346162356636356664 -30616238346138663432303666353839373465613464366234653364333763613930663933336332 -63616261633430353530336531623365623031336566356464653234636639316438383237343464 -30303034333630336633383462316437636161353630396531623737333132306161373436326632 -64646535343735623961356538333735396236336266366632336139613136303762643734323234 -30343536363438623030646430383935383130643665633533383566303631333130303866343564 -62353639353531653265326164336231373063396235346464373539666161636333396463666532 -33336638623362613165333834336133356462626331393030623537353862663431383830323539 -61346461306361616632353563396131623536653165396664313764353463363331616466383465 -36333666323031306462373332623534613831333962633237666431393331633632313730646535 -63626265303239383162373136323661323934623861393265346366366462616534343537373333 -32373030353030613262323837393931386430613733653730333362383335646138366530386364 -37633263313832653666643266343434396565353762623736346563336663316630626435383639 -65323234346238346437636238326566613366623561313635623938343735656461353639636263 -34663834346532366361393835363037336230656436323735363261373032326137343663636262 -37663534633434616231306338376264613133626162366639666137663337646631313637326161 -39316163666162353335353365376531356264613332386630393736393362356432303437313261 -30643664396461323839333938376533393062313531313336396164653434363633636335623431 -36353864346434663166396561343537356636343337616136303133643131326233313731303637 -33663135343534363434326537636234613130383834633839636465346535393364306266316237 -34366133666665313463343535313130333636626433383331336538313665666536326234306666 -63306430383937633732636437356130353034623265343436613665373264613666343835626130 -64633937333134393266343366376430346366386363333836613039666639363935663232316165 -38663263643731343066356639306466363364646132313830663232613730303037393563326231 -35373864666136656364323933643166383438316666646631326433323261353830626338373832 -61633361393632363738623236626262646564353636633261383635353366373034353763663831 -37326630323538326136653737366134623132303535613131623663383662326331633530636239 -62356333306263303861666336616661306562656233623038313361613635316264346164313061 -63626161353335646165643065373061323334353238383464396336323266326662333438383761 -34653239313165306232393163646433313533643038326636373565633836653435656263616663 -62326330316231313330633934623638646135326439666431663838613264386530343762323031 -66366361393533386565353062633331666431316437353138383533386164623763353838623938 -64356462353962333535356631326266336463656337336230383733366162626431393230376538 -38373731323162326566613934633739346133633135666238386231316661376161663038393430 -39393130386138366433393836663666613236333537313432663436323431613462306135343239 -64613635303930303864636231636134666632376264343663343131626631653936643038633334 -63343139613434366134646561363139343861393763343834313266303337656635366666326233 -62313535326437646136623631346431313938353139316434653938323162366331373063343639 -31333466656430376538373332336364623233346634373431656130643133313664366132626536 -61363265663566633530626632666262333034316335363434313835333333393434623536303635 -37346431633236336635316131393931333335363432313438383334326661643966316131626533 -39313333656531626633643366616438316466313936656135323032646532323761666563313033 -39613064613631346366303632343638643464356537653631313664376339633334366362653365 -63666136353630323866326535343131616531663865613530646332356161313134643561623934 -62333631643434613461323461303339333564666530393135363338666565643432633539396131 -34366335653939666433313235313763376537376165393636613066326338386139393865666534 -30376635343030613933336564653363623539643836376337306162353539373435623836623532 -61626336396465653766366266653832346666343837653034356336373239343665313831306162 -31306138613739303439343164393162636366356430396538303661323033663434306666376366 -65663065313165313461323734393236613933323634356138386165326535303262663337343031 -64396439323530636265353139313733303764373738613462643466343666656661383561313765 -30626164393037343134383137333333333131356231323431613661373736393237373964376633 -38346165653732306239393864633537626530323662353466343861363265393562343230313731 -38366261633733623338303565626561396231323266373836303264326532653036363866653363 -33396139326230616336343631383335393765343866366234366639333063633661323733636232 -63373932353665333662303038386637343332383364623163326262316233383466646338303134 -36356434666637313636346361366461326634333064306433613839356466333865303739306564 -62376339646639383133393233326437326337623434613930333663356334643562306566646131 -62653238626162613430363835346338363431656163633461626234306365383530633531323238 -35613364383131303634363431336632313039643562393332353835326534376261313761346366 -62353234343366386438343830343237306333383761313564636134323963643466383239393538 -61363663313438636663663933393165346337336638353239316134653733663337656437653663 -35383564353235393661616139353336623563336237613838363937363537656638383236373335 -63323730363363303233653733383735626365363465316235386632393931633063623662633838 -37383436376263373537376330323836383036353661373734653238383034303962373766363139 -63316131386333383736333736336534346539396334333734336666303239376432376437643866 -33663032343534346362626539386438363538303239313638663830336131393632393136353234 -31623263653862383431376436393130616339663666663630356262646566343163393263353831 -37666330666562393865303835353166616334376234323061646636303639343332633631656234 -36393830323435303538653938636132383730353538336539303863643331666534626336353731 -37626631313238646532323963393439636433666664363264306132386563366432 +32616231373536333534333134333639396335323730386466333964323263326332356662653264 +3038646138613833306131396563636263313536626630360a393138343635646461366465353537 +61633861303137363930623139306435643034323739386537656333366466646664386138633762 +3366353962656531620a393162393638653963636563643636616436373030316263626133376263 +65396561623631633134663133383863363932633661663265633361386165616436326366386461 +66326230626337643737313738313031323638393234633236383764333035343162326364363364 +66323130643831663734616635373131386435373832363732373462313236366337323438396631 +36666430316131386235646138383461396564616363646639343833613964323864386536343766 +31376432656337646131386136366563373562663236636137396363316333623336306262386266 +63383330613163323332663666373163626535303934313232646330366561303664393634303137 +31396135656338643037306239623634613632643365313866366166366430616435363332653564 +62393366643765616564363465303565393362663461383066613033646634363635373437303638 +62656139626233663465333232343437326138376137316163373936366530626638363335356565 +61373339383762623135356531646564623834323130633538306330616530396638393833383938 +30326361373065333966613430633638303931396530636335326338653237633535663033373734 +65643831633538393434313030306432363664626435326238343631336661323461373965376162 +38336466393631393564313365393263333638663539386536336135636635613566356566653030 +33353530316264626330643830623166613233353262363461346135646135396337356639323035 +64616435363366306138613565366236623963666632303566356565373130353961643163356365 +64663031346362356237313437316136376661373063353338383137363865393163353632343966 +62626262383262613739623635393966653730323263636462613966633135633938336535323062 +66326363636463313633313036386138323330346538376666616437373932366235373163393061 +65383036333264636633643332356363383634663234643031333866376664646232643735333064 +35653231363261636365336362326533636461363331623665623465306234623061623161366663 +64373063373631643166306433383834396165656231643566386438653535386131376531633164 +65633136653862313233623033383463623534633934376364313535323133323134643430623531 +31353234316436306437643565623064663262616638333031343138623165633939616465613932 +62353939613061326639303936663534303531396330336135383663343435363362313737323762 +34366161353030653839383532613234653864373138343934333862366339363334336337656335 +32393666613333363331353236633563333931363965633064613431316133323637643639623439 +37616537613437656539313031316639376136386136653932346264386562623562333632386136 +65346662663539656163363331346166623862666666656638383434616333303062643365636561 +37376465393237666134303564306164316334626334383865333161303137323235616437666137 +32323830376530636133386464656533386137626135393762383462313935613961656332303132 +38356262663962333465393635613963333434333865326633383033353361663064653833396232 +37396136353036623861643538616132636332613835643738366531303339663761346636383030 +33383030336137343235633439343339646332613735316366656264306134386561323637336136 +31353466313561353664623034363662383136626166633033366430383738323766313832633565 +36386338663131666264396238623731656464316261646630346333623737633130373336653066 +65306336366436303930393337626630653634333666373461666337623337366235323236656537 +36663863323938313333626433323635623933313364353433616239393566333366353334616262 +65653538653834373834383066323636396364356666343638353766623033666133386237306137 +32393836306435336634646661623137663935653535616162376338636462343430353966306435 +63343132656332323635636261326330306530316666666661653833613339373363643466626163 +34353962616564316162656530643335356637643166356334393035633736633534353838313830 +36656666383130396539333861613738396364366132626539643735353465653033393934393530 +30656664376462333236363236326238623337323665663930653964356566353033396236663434 +33656332326434326632356239343931653430363465623735343237656639373536666131636163 +64656539626130633463303739653439396534313536373336393630363538623466663936353765 +36663139643132333937353032363538663138383365383866656530643439303136316363386430 +62646266396364656565323539333538623437303530663837653864363537316134316532316530 +62663438396137313331636233396630326535633364336162376432663730356439663861393264 +30636339633863356362373865663561383162363431393832373664393965363834653263353632 +61376137663963616433363866636331376634623664623639373333343461616563633030333634 +38646238353035663438343734616166316236643138643362343865633565666231366465633662 +37363830316161303033623537616639663738303964373662373933353035623064626166653835 +61343038383735353566636464376639376636353264366136613934383238396230633034313464 +61353039643964303766663031623065396464343935353630386631396631633262363962633962 +65313435396130633936663031386237306365633833303766336365356434636131383930316337 +65656566613065376334363065396332363138346130633230643935376339643339616632666631 +35376361393262663736316666346138303031323431623461646234363635353366366336323532 +34353361386466323162623330343137633933663639303631656636346238376531653361656464 +32353838326534396130346233313965303365303332653539343562623136373531363939633466 +66336666633239396130393836363961633233643435613463343262623132316535343962333433 +35633233353631666536383633353462313630353762643764643264663137633636333635303935 +39663036633833306561326165393962613963343135373365336432336638316438383639396161 +35353136636664383435383031383064303039653766653735336339353365313465666337353839 +39323132636639323637316665373132346462613633643633653536626561376161366132393164 +32353930303265396163373236653534383536666537366238356362623237393264306133623035 +64613764373862366635336139326235313138663165313335663433306336353332626236366639 +61343336613762636630366538393564356130363263636562626438333534613437663635633431 +33613438343134393963393563316437373364356632323865343132356435366565306138363133 +36346135636339626263353663376236393238656131326233653666333336636536303562356231 +64306135333764333136356131616264346266323562346466333830303664313336333263313861 +37333235623635613934313561306437333962363931323235653337643331343037333039326434 +65323031653265656237623535383035393562353365656161353634646666393965313332353736 +33666234336432333038326430343461353365326263313638363665623435613333653032353637 +66663934613038643131653266643539646437323132383966383665643838623862613333663433 +65343866306134613134656633336534333334313033626565663062363961306139376631373466 +38343937383338343136626634343366363863663663373538653931353765303839326136643365 +63663665656238323961396433663530363535616337636361616137393066653234383434636539 +37326366646534313934313261366463326335323662643930326665306431306632333036313863 +36303966393865353762346431643132626266653733336530626132376261363438326537616535 +61336339653839643463343365643336643431613533376237333731316334656439326565663035 +33326465646437623638336437613839316231343563303032613835653362616261646162646363 +35383530383230396332356238373866633962653362336230646335393138323131313661613166 +36323430623161343462653830373938393766353230373765613463313531323533313838346630 +35633035613639353638323239306262366232363537643562643330373961623964363432393161 +30626433663139303331636435343639666532626136623865366261623266323162643730346363 +36333864343832613961323461353239383663643030306434623165343938613739303836613064 +33636566336561326335346535623232393636663139313866323233393437373139636636353338 +30363132636131303734336564353066336233613138633262313936646134303837656466363064 +39643337336237396235356333356331613665323766333064643239393530643937663736386631 +35366366653431353730343066643938373937306464626636373562353534353232326263656463 +38636134376432396465653130663132366462323362633539396464653764366566346462313537 +35613933333864373435336637666362316131313064326136653862663366346437663134323532 +31386563306464333631653530626265383838323138616334396564333139643038623639383264 +39336331333630633732383231373266376134623265373434373438383363663130303030653664 +39383639613830343132613763656433366431666666376430626464363961303564663737613736 +39363339356136656464613366363933643263386464336565646538633938333930386135666132 +65396137626634316361346435623435383931656262336230343634373231323866306331323565 +61663162393965643361323734303362303030316262623332346131613865616563303961363933 +61373931636566376131323262313132663838373635336438613334626264666635633931333733 +61643739313763303564376362373536343035633234313562383565363865643761666364303333 +31343230646161666463313465316464343239383936646135623839646234623365616332373234 +61353966336666353034663034333037663539333963333737303532313062303938666433323461 +30623833656565363061646665623861663564396362366562393161363539613036353139353635 +38623965313934353764323666636231356263653837363633306463636632646166313434333637 +32623937383730303233323532646430306239333564303935353963363863313937383839386335 +31663939356333393834626535383961356464333132333662333032613036386530636564323938 +38393863353563353533323166343430326435616666386366663835306361376535303365343366 +36633265316637313732653335633230306531313637356131316437643230303266356537393037 +66303564333561656335383530323063643437616562326435653433306263633932363065323662 +35653065663738326633343732373939323362623035323137363366646234313165376230663538 +65616238303363636334343434613132636234343431323530343738613530313730373261306562 +36326538663164396565303762623366396633323961373633363365303038643435366436623366 +62656162383936663434323335336565313031346361373636613665356433396533323461653339 +39626131386466623836653766376666663765396430343334343237616464366163656532646232 +37323239376438353166363834313937393033373737376135326462646564333931303734613335 +35386564666132366236336337656136633733323132653065386435386562663436646263383638 +36376636646563303264646562316166656331363065383035393330656161353065663062323732 +62393237353035303736643032623662333637346364343762373534326134343063613734306565 +66636636663933383236663062323661393435633235313639633162636638346335613735656435 +66633736343630663765343034323466333261356433343137346237393035643665396136363533 +30353233393662613234633139386164366166623562346630313638366362306531383938623130 +30386461353065333730303037663338393765663239353666376565633336643530396566323765 +36366232326531653164393138353435303230663639633531376562663638656262343863373136 +63366330633330633139313664663638313534386266393830613766373732346431646131353134 +39653962303433373066613463386431343838376536326630613066383865643032303031386361 +30636136333363666430396330633134366461396630363464613465373166633031303431626438 +31643665306265323061393264343936393661306166643261343835616439353939363463353139 +38373365303539333965633733373830363865373737623061383232643130623463333037666135 +35363038663435313330396433613230373132363939613262306532383636383636623730363732 +32313534353634393834363331653264353436656264363636616133333432323263303734316330 +38636336323934316165626337393639376361626137643033396432343336323562386265613962 +64393061626465336135323137303566316337336131646336623062396432333134393966643230 +61623165346338353432386637653630663132353861363839383564643439336363656631393730 +65316162396631393139663664663761643539323664623730316231653534646163653465333565 +35363937316231346261626564393464303033393433313361663964353937393438376130303933 +36333234303833656130363939316363653136316236363166353539323137623630646333366562 +33623136323031656162373363653663363237346235356563333161643565303861373638626162 +37656561353230373133363362613562643130356163623664376238376337323037653136636364 +36313933663162303861336230326630373837653866373935643138613666393933313463633164 +35333739663932666635353231633163653335386635316637376331323430663962393334326265 +38626336646332326361376137663737656631353235373433353563373335313566383164343437 +32626634616264336265323632323433343938633232633161643665366231616362383137656239 +64386365383066326361303331376334626431666662616439303537333337366131313733386633 +34373232666238303537 diff --git a/k8s/roles/coder/templates/values.coder.yml.j2 b/k8s/roles/coder/templates/values.coder.yml.j2 index d02ae76..9fca99a 100644 --- a/k8s/roles/coder/templates/values.coder.yml.j2 +++ b/k8s/roles/coder/templates/values.coder.yml.j2 @@ -4,6 +4,12 @@ coder: enable: true host: ide.icb4dc0.de wildcardHost: "*.ide.icb4dc0.de" + annotations: + gethomepage.dev/description: Remote IDE + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: coder.png + gethomepage.dev/name: Coder env: - name: CODER_WILDCARD_ACCESS_URL value: '*.ide.icb4dc0.de' diff --git a/k8s/roles/drone/templates/values.drone.yml.j2 b/k8s/roles/drone/templates/values.drone.yml.j2 index 7d6c000..8e4b8bb 100644 --- a/k8s/roles/drone/templates/values.drone.yml.j2 +++ b/k8s/roles/drone/templates/values.drone.yml.j2 @@ -3,6 +3,12 @@ image: ingress: enabled: true + annotations: + gethomepage.dev/description: CI/CD system + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: drone.png + gethomepage.dev/name: Drone CI/CD hosts: - host: drone.icb4dc0.de paths: diff --git a/k8s/roles/gitea/templates/values.forgejo.yml.j2 b/k8s/roles/gitea/templates/values.forgejo.yml.j2 index 0f6e2ec..3fc11c1 100644 --- a/k8s/roles/gitea/templates/values.forgejo.yml.j2 +++ b/k8s/roles/gitea/templates/values.forgejo.yml.j2 @@ -8,6 +8,12 @@ service: ingress: enabled: true + annotations: + gethomepage.dev/description: where to code goes to + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Apps + gethomepage.dev/icon: forgejo.png + gethomepage.dev/name: Forgejo hosts: - host: code.icb4dc0.de paths: diff --git a/k8s/roles/hedgedoc/tasks/main.yml b/k8s/roles/hedgedoc/tasks/main.yml deleted file mode 100644 index 1bb3149..0000000 --- a/k8s/roles/hedgedoc/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Create HedgeDoc namespace - kubernetes.core.k8s: - name: hedgedoc - api_version: v1 - kind: Namespace - state: present - definition: - metadata: - labels: - prometheus: default - -- name: Create HedgeDoc secrets - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: hedgedoc-secret-config - namespace: hedgedoc - data: - # Auth - CMD_OAUTH2_CLIENT_ID: "{{ hedgedoc.auth.clientId | b64encode }}" - CMD_OAUTH2_CLIENT_SECRET: "{{ hedgedoc.auth.clientSecret | b64encode }}" - - # DB - CMD_DB_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/hedgedoc' | format(hedgedoc.db.user, hedgedoc.db.password) | b64encode }}" - - # Image upload - CMD_MINIO_ACCESS_KEY: "{{ minio.rootUser | b64encode }}" - CMD_MINIO_SECRET_KEY: "{{ minio.rootPassword | b64encode }}" - - CMD_SESSION_SECRET: "{{ hedgedoc.session.secret | b64encode}}" - -- name: Deploy HedgeDoc kustomization - k8s: - definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" diff --git a/k8s/roles/k3s/control-plane/files/traefik.yaml b/k8s/roles/k3s/control-plane/files/traefik.yaml index 047175e..7544d3c 100644 --- a/k8s/roles/k3s/control-plane/files/traefik.yaml +++ b/k8s/roles/k3s/control-plane/files/traefik.yaml @@ -9,6 +9,10 @@ spec: version: 24.0.0 valuesContent: |- ports: + traefik: + port: 9000 + exposedPort: 9000 + expose: true web: nodePort: 32080 forwardedHeaders: diff --git a/k8s/roles/nocodb/tasks/main.yml b/k8s/roles/nocodb/tasks/main.yml deleted file mode 100644 index c27926b..0000000 --- a/k8s/roles/nocodb/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Create NocoDB namespace - kubernetes.core.k8s: - name: nocodb - api_version: v1 - kind: Namespace - state: present - definition: - metadata: - labels: - prometheus: default - -# TODO deploy KeyDB for cache -- name: Add KeyDB chart repo - kubernetes.core.helm_repository: - name: enapter - repo_url: https://enapter.github.io/charts/ - -- name: Deploy KeyDB chart - kubernetes.core.helm: - name: nocodb-keydb - chart_ref: enapter/keydb - release_namespace: nocodb - chart_version: "0.48.0" - update_repo_cache: true - release_values: "{{ lookup('template', 'values.nextcloud-keydb.yml.j2') | from_yaml }}" - -- name: Create NocoDB secrets - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: nocodb-secret-config - namespace: nocodb - data: - # DB - NC_DB: "{{ 'pg://postgres-15-postgresql.postgres.svc.cluster.local:5432?u=%s&p=%s&d=noco' | format(nocodb.db.user, nocodb.db.password) | b64encode }}" - - # Auth - NC_AUTH_JWT_SECRET: "{{ nocodb.jwtSecret | b64encode }}" - NC_ADMIN_PASSWORD: "{{ nocodb.auth.adminPassword | b64encode }}" - - # S3 storage plugin - NC_S3_ACCESS_KEY: "{{ minio.rootUser | b64encode }}" - NC_S3_ACCESS_SECRET: "{{ minio.rootPassword | b64encode }}" - -- name: Deploy NocoDB kustomization - k8s: - definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" diff --git a/k8s/roles/zipline/tasks/main.yml b/k8s/roles/zipline/tasks/main.yml deleted file mode 100644 index 50cb1c7..0000000 --- a/k8s/roles/zipline/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Create Zipline namespace - kubernetes.core.k8s: - name: zipline - api_version: v1 - kind: Namespace - state: present - definition: - metadata: - labels: - prometheus: default - -- name: Create Zipline secrets - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: zipline-secret-config - namespace: zipline - data: - # Auth - CORE_SECRET: "{{ zipline.auth.secret | b64encode }}" - - # DB - CORE_DATABASE_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/zipline' | format(zipline.db.user, zipline.db.password) | b64encode }}" - - # Datasource - DATASOURCE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}" - DATASOURCE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}" - - # Auth - OAUTH_GITHUB_CLIENT_ID: "{{ zipline.auth.clientId | b64encode }}" - OAUTH_GITHUB_CLIENT_SECRET: "{{ zipline.auth.clientSecret | b64encode }}" - -- name: Deploy Zipline kustomization - k8s: - definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" diff --git a/test.yaml b/test.yaml new file mode 100644 index 0000000..bb56b05 --- /dev/null +++ b/test.yaml @@ -0,0 +1 @@ +hello: world