tobru/gitops-zurrli
1
1
Fork 0
Code Issues 1 Pull requests 10 Activity

Compare commits

base: tobru:bcc08ee3327a6842fee312501ebf6e879acd0d75
Branches Tags
tobru:main
tobru:renovate/docker.io-solr-9.x
tobru:renovate/codeberg.org-forgejo-contrib-forgejo-6.x
tobru:renovate/ghcr.io-sebadob-rauthy-0.x
tobru:renovate/cilium-1.x
tobru:renovate/k8up-4.x
tobru:renovate/docker.io-postgres-15.x
tobru:renovate/docker.io-library-postgres-16.x
tobru:renovate/docker.io-pihole-pihole-2024.x
tobru:renovate/ghcr.io-gethomepage-homepage-0.x
tobru:renovate/quay.io-jetstack-cert-manager-webhook-1.x
tobru:rauthy
...
compare: tobru:6eb2b99ea907d9a62f72ba98e0829768aa51a852
Branches Tags
tobru:renovate/docker.io-solr-9.x
tobru:renovate/codeberg.org-forgejo-contrib-forgejo-6.x
tobru:main
tobru:renovate/ghcr.io-sebadob-rauthy-0.x
tobru:renovate/cilium-1.x
tobru:renovate/k8up-4.x
tobru:renovate/docker.io-postgres-15.x
tobru:renovate/docker.io-library-postgres-16.x
tobru:renovate/docker.io-pihole-pihole-2024.x
tobru:renovate/ghcr.io-gethomepage-homepage-0.x
tobru:renovate/quay.io-jetstack-cert-manager-webhook-1.x
tobru:rauthy

16 commits
bcc08ee332 ... 6eb2b99ea9

Author SHA1 Message Date
Renovate Bot 6eb2b99ea9 Update ghcr.io/sebadob/rauthy Docker tag to v0.23.1 2024-05-17 18:43:32 +00:00
Tobias Brunner fac4aeac46
offen smtp conf 2 2024-05-16 19:41:42 +02:00
Tobias Brunner a1637c1934
offen smtp conf 2024-05-16 19:39:13 +02:00
Tobias Brunner d0e73a0320
enable goldilocks on some ns 2024-05-16 19:25:24 +02:00
Tobias Brunner 6a8d02f3c5
split into two charts 2024-05-16 19:21:09 +02:00
Tobias Brunner de744855b1
correct yaml 2024-05-16 19:15:41 +02:00
Tobias Brunner b2abb7abbc
install goldilocks and vpa 2024-05-16 19:14:40 +02:00
Tobias Brunner 712ddd8bce
resource tweak for wgtsbridge 2024-05-16 19:04:37 +02:00
Tobias Brunner 15b67fd424
delete takahe - unused 2024-05-16 18:59:42 +02:00
Tobias Brunner 4faaf56612
another round of resource tweaks 2024-05-16 18:59:12 +02:00
Tobias Brunner 28b53dc4d8
use desec cluster issuer 2024-05-15 13:21:06 +02:00
Tobias Brunner d837dd1d91
correct secret form 2024-05-15 13:19:54 +02:00
Tobias Brunner 20c827e702
install offen 2024-05-15 13:14:01 +02:00
Tobias Brunner a89acd7f90
more resource tweaking 2024-05-15 09:47:14 +02:00
Tobias Brunner aef7c573c9
changes to resource management - stop takahe 2024-05-15 09:29:11 +02:00
Tobias Brunner e5ece619da
install k8s dashboard in zurrli 2024-05-14 21:58:44 +02:00
26 changed files with 203 additions and 302 deletions
Show stats Expand all files Collapse all files

4
apps/common/cert-manager/desec-webhook.yaml
View file

@ -255,9 +255,7 @@ spec:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 250m
memory: 256Mi
requests: {}
volumes:
- name: certs
secret:

12
apps/zurrli/archivebox/deployment.yaml
View file

@ -75,9 +75,7 @@ spec:
protocol: TCP
name: http
resources:
requests:
cpu: 100m
memory: 128Mi
requests: {}
limits:
cpu: 1000m
memory: 1Gi
@ -95,9 +93,7 @@ spec:
- name: TIMEOUT
value: "120"
resources:
requests:
cpu: 100m
memory: 128Mi
requests: {}
limits:
cpu: 1000m
memory: 1Gi
@ -110,9 +106,7 @@ spec:
- name: SEARCH_BACKEND_PASSWORD
value: ItDoesNtM4tt3rrITsLOCAL
resources:
requests:
cpu: 100m
memory: 128Mi
requests: {}
limits:
cpu: 1000m
memory: 1Gi

4
apps/zurrli/httpbin/deployment.yaml
View file

@ -39,8 +39,8 @@ spec:
port: http
resources:
requests:
memory: 64Mi
cpu: 150m
memory: 32Mi
cpu: 10m
limits:
memory: 256Mi
cpu: 300m

4
apps/zurrli/ipapi/deployment.yaml
View file

@ -82,8 +82,8 @@ spec:
port: http
resources:
requests:
memory: 64Mi
cpu: 150m
memory: 32Mi
cpu: 10m
limits:
memory: 256Mi
cpu: 300m

39
apps/zurrli/offen/deployment.yaml Normal file
View file

@ -0,0 +1,39 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: offen
name: offen
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: offen
strategy:
type: Recreate
template:
metadata:
labels:
app: offen
spec:
containers:
- image: docker.io/offen/offen:v1.4.0
imagePullPolicy: IfNotPresent
name: offen
envFrom:
- secretRef:
name: offen-config
ports:
- containerPort: 80
name: http
protocol: TCP
resources: {}
volumeMounts:
- name: data
mountPath: /var/opt/offen
volumes:
- name: data
persistentVolumeClaim:
claimName: data

20
apps/zurrli/takahe/ingress.yaml → apps/zurrli/offen/ingress.yaml
View file

@ -1,26 +1,24 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: takahe
labels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: webserver
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/cluster-issuer: letsencrypt-prod-desec
traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
name: offen
spec:
rules:
- host: social.tobru.ch
- host: offen.tobru.ch
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: webserver
name: offen
port:
name: web
number: 80
tls:
- hosts:
- social.tobru.ch
secretName: ingress-cert
- hosts:
- offen.tobru.ch
secretName: ingress-cert

9
apps/zurrli/offen/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pvc.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
generators:
- secret-generator.yaml

8
apps/zurrli/takahe/pvc.yaml → apps/zurrli/offen/pvc.yaml
View file

@ -1,13 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
labels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: webserver
name: takahe-media
app: offen
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 10Gi

3
apps/zurrli/takahe/secret-generator.yaml → apps/zurrli/offen/secret-generator.yaml
View file

@ -3,5 +3,4 @@ kind: ksops
metadata:
name: secret-generator
files:
- postgresql-creds.sops.yaml
- takahe-secrets.sops.yaml
- secret.sops.yaml

33
apps/zurrli/offen/secret.sops.yaml Normal file
View file

@ -0,0 +1,33 @@
apiVersion: v1
kind: Secret
metadata:
name: offen-config
type: Opaque
stringData:
OFFEN_SECRET: ENC[AES256_GCM,data:bbIiLvi4o7Uiyc6JJQ/mMAEsjjRS7JBo,iv:ZiteE3UDqCfuHGRFclVBYjG3Y6V69CKgtSjoV57XURQ=,tag:uAj1S1VZHyEjcVyuV4gLSA==,type:str]
OFFEN_SMTP_USER: ENC[AES256_GCM,data:7q//l3w7+W9WASUFYFBrk2BK,iv:N4t5IJl7OvUDiuAxcJ52XejETZrOBEoFRr+PkujOprQ=,tag:T54fiuAvMGuxqoYsW+r1UQ==,type:str]
OFFEN_SMTP_PASSWORD: ENC[AES256_GCM,data:uDrEWL+wAcRCTAg8FV3FGb8DNcg8AE48F2fCeSRLj3hSmQoTvrIP5uxKSO4uia9eJzU=,iv:gCh7MlcCDpkt7wj5HtipvFgGC92FiDOWQZvzcWmdf7s=,tag:YStTA4adV+YyhCnbfGUgLg==,type:str]
OFFEN_SMTP_HOST: ENC[AES256_GCM,data:qvxIQVvOuY2xGKKCPGxntASD5w==,iv:IOP47WvkJm0PO2UNFWhcwZy8Ilifv1gugMOlhjFRK34=,tag:U+Va47/AGOm3GGAdbT4FMA==,type:str]
OFFEN_SMTP_PORT: ENC[AES256_GCM,data:JQvr,iv:UGm7yVz6rteRLeNAFyUWvRGSjcSMcg7T4beyAcdkB7g=,tag:C/XgPl6ijxVkWwO/CUyOSQ==,type:str]
OFFEN_SMTP_SENDER: ENC[AES256_GCM,data:pJUoCTjUgD91ic7CpWBO5Nm6,iv:xop+dCT6/2uwCM0RnJ4v94rSkKXx5kBMMitwAaK6QPk=,tag:ptKPDaTxvNhzhQuGQIAUdg==,type:str]
OFFEN_SMTP_AUTHTYPE: ENC[AES256_GCM,data:0l/2flE=,iv:nUWARBncNWo3kLS32spui1FNBaAyXm3WvHSQJZ3AE04=,tag:E4LfMTzg0xUVHv3wWd4COA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NHFjYjVGd216dXpuVWVT
eXJ0c3pyTnpoaVlLb3RZbVc5dFJnWkZXbjFNCjk0MkViSGcwS1VwOUVySHB4Wlg3
bU9OUS9McnNMTmNKb2Z1TkhhbU9mVEkKLS0tIDBuNGREd2FLMDdLUmpydy9DV1ZL
NHc2UE1EbXJSSnhiWGFjbnBhcVphNHcKrPHBIun54437HXmWlG5EHtbwAm5gqGg0
oQVe3p5fwTeNNl4qivi2yP5I6dnDhKELWc1LSZE5evi5AOYUPJdl4g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-16T17:41:32Z"
mac: ENC[AES256_GCM,data:1EPXLW6/1rfL37UecReFGbsBHBTjRnsxBUxF6f7/quveQXab5WhxWf6Ry/74v5o7o4182IHgpPZ+ZLunWS9BWwJfKLS8g9HTmrmAjJNtSjtUGWFhUDCkGJh4RMg7OzEWWuXkMxA+jgwRpyDziMH+VW3oy5JUljRnd/zb40RcOhM=,iv:UKzEFEhIF2dCSWeRMDs7dyuNFNpUcgFdi6ZqGoP63H8=,tag:Ho5Yex6exo/NkcqHjQtVhA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1

15
apps/zurrli/offen/service.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: offen
name: offen
spec:
ports:
- name: offen
port: 80
protocol: TCP
targetPort: 80
selector:
app: offen
type: ClusterIP

14
apps/zurrli/owntracks/recorder/deployment.yaml
View file

@ -53,7 +53,13 @@ spec:
securityContext:
runAsUser: 9999
runAsGroup: 9999
resources: {}
resources:
requests:
memory: 32Mi
cpu: 10m
limits:
memory: 256Mi
cpu: 300m
- name: recorder
env:
- name: OTR_HOST
@ -91,9 +97,9 @@ spec:
resources:
requests:
memory: 32Mi
cpu: 100m
cpu: 10m
limits:
memory: 1Gi
memory: 512Mi
cpu: 1000m
- name: metrics
env:
@ -118,7 +124,7 @@ spec:
resources:
requests:
memory: 32Mi
cpu: 100m
cpu: 10m
limits:
memory: 128Mi
cpu: 300m

2
apps/zurrli/rauthy/statefulset.yaml
View file

@ -21,7 +21,7 @@ spec:
fsGroup: 10001
containers:
- name: rauthy
image: ghcr.io/sebadob/rauthy:0.22.1-lite
image: ghcr.io/sebadob/rauthy:0.23.1-lite
imagePullPolicy: IfNotPresent
securityContext:
# User ID 10001 is actually built into the container at the creation for

14
apps/zurrli/takahe/configmap.yaml
View file

@ -1,14 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: takahe-config
data:
PGHOST: db-postgresql
PGUSER: takahe
PGDATABASE: takahe
TAKAHE_MEDIA_BACKEND: local://
TAKAHE_MEDIA_ROOT: /media
TAKAHE_MEDIA_URL: https://social.tobru.ch/media/
TAKAHE_MAIN_DOMAIN: social.tobru.ch
TAKAHE_EMAIL_FROM: automation@tobru.ch
TAKAHE_USE_PROXY_HEADERS: "true"

43
apps/zurrli/takahe/deployment-stator.yaml
View file

@ -1,43 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: stator
labels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: stator
spec:
selector:
matchLabels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: stator
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: stator
spec:
containers:
- name: stator
image: jointakahe/takahe:0.11.0
args:
- python3
- manage.py
- runstator
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: postgresql-creds
key: USER_PASSWORD
envFrom:
- configMapRef:
name: takahe-config
- secretRef:
name: takahe-secrets
resources:
limits:
memory: "1024Mi"
cpu: 1

95
apps/zurrli/takahe/deployment-webserver.yaml
View file

@ -1,95 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: webserver
labels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: webserver
spec:
selector:
matchLabels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: webserver
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: webserver
spec:
initContainers:
- name: migrations
image: jointakahe/takahe:0.11.0
args:
- python3
- manage.py
- migrate
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: postgresql-creds
key: USER_PASSWORD
envFrom:
- configMapRef:
name: takahe-config
- secretRef:
name: takahe-secrets
containers:
- name: webserver
image: jointakahe/takahe:0.11.0
args:
- gunicorn
- takahe.wsgi:application
- -w
- "6"
- -b
- "0.0.0.0:8000"
ports:
- containerPort: 8000
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: postgresql-creds
key: USER_PASSWORD
envFrom:
- configMapRef:
name: takahe-config
- secretRef:
name: takahe-secrets
volumeMounts:
- name: cache
mountPath: /cache
- name: media
mountPath: /media
resources:
limits:
memory: "1024Mi"
cpu: 1
livenessProbe:
httpGet:
path: /
port: 8000
periodSeconds: 5
readinessProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
startupProbe:
httpGet:
path: /
port: 8000
initialDelaySeconds: 2
failureThreshold: 30
periodSeconds: 2
volumes:
- name: cache
emptyDir: {}
- name: media
persistentVolumeClaim:
claimName: takahe-media

32
apps/zurrli/takahe/kustomization.yaml
View file

@ -1,32 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: takahe
resources:
- configmap.yaml
- pvc.yaml
- deployment-webserver.yaml
- deployment-stator.yaml
- service.yaml
- ingress.yaml
generators:
- secret-generator.yaml
helmCharts:
- name: postgresql
releaseName: db
version: 12.1.7
repo: https://charts.bitnami.com/bitnami
valuesInline:
auth:
username: takahe
database: takahe
existingSecret: postgresql-creds
secretKeys:
adminPasswordKey: ADMIN_PASSWORD
userPasswordKey: USER_PASSWORD
primary:
persistence:
storageClass: local-path
metrics:
enabled: true
serviceMonitor:
enabled: true

28
apps/zurrli/takahe/postgresql-creds.sops.yaml
View file

@ -1,28 +0,0 @@
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: postgresql-creds
stringData:
ADMIN_PASSWORD: ENC[AES256_GCM,data:rN2LbjOeE9CP+yaaJi6ikgl8eCui1HRgFRBl5JINXZw=,iv:CXuIbeT6DwMnFVq/azUl9b8MsT7RR+W+AcTs9L99P5M=,tag:aEtvZq27ldTpV6fGiwcBMw==,type:str]
USER_PASSWORD: ENC[AES256_GCM,data:2+IUtu2+FNLuTtjD6MbvAIBc/mYtWCCvEDJTcynXe30=,iv:9nEfs+TpD+YLRKUrfalBeV+kLEzGqamxdF8D92SZ0es=,tag:s0vvxNm6v/CGDLjBT6bQ0A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMzdtWDNDUWROQkdyS2I2
aDNrUkpDK3R5TWNLVzJORE82MGlGZGkrOUQ4CmVSUDRRVkZoYWgvSjJlZk5idjFT
NXIzNG1paXZpdFFzY1A0akVwemlwTG8KLS0tIFJYa09DS00vTmxzYWd6ZnJTaE10
ZXVTblAxbjIwNEd6QWtxTUFTYU52ZFEKJTE2+b8FIJ/JuPc8ixYMIwyLnydcS4yE
4T18gWlPgbpow1sHpJ8KLNF+KLGh5XmmG50QDWGvhQuywhs/cNgdyQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-08T17:00:33Z"
mac: ENC[AES256_GCM,data:ATRiA9PB/nL3HaoB2MJZtHo9bCVWGdjjBetkicMZfvrSfcdeYEix4FsnKoeEdQNlUnFD0Sk8sDZ3Ei675lTGlNgTu3ZAei/OHGuNW9PS5AfKNO+nf8cTxQ9WXWNdpPphzpkD2MZHzH/KbHGoWS93bLTa0UVXZIgTuHXyTXHm9Tk=,iv:rnay9+2hD1PD4D2UrGI359ntIqqEVXbPGNUPAPTC7ro=,tag:90obrfNiwv4ZBaopH7sHdg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

15
apps/zurrli/takahe/service.yaml
View file

@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: webserver
labels:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: webserver
spec:
ports:
- port: 80
targetPort: 8000
name: web
selector:
app.kubernetes.io/name: takahe
app.kubernetes.io/component: webserver

28
apps/zurrli/takahe/takahe-secrets.sops.yaml
View file

@ -1,28 +0,0 @@
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: takahe-secrets
stringData:
TAKAHE_SECRET_KEY: ENC[AES256_GCM,data:HLZbtZgId3u6q0Ewy+d1uYVuf36veZo/1uwLzTrhg7+Zmpl5ljvvw/TvMafOqxre7Oxc1gpuGIRP96QAzeaaXw==,iv:We8CvA7DfC8Ub3MgOGSv9nG2ORENbavCt5cr59HAeCw=,tag:CehxloNCwyFX7iaHtAhqJw==,type:str]
TAKAHE_EMAIL_SERVER: ENC[AES256_GCM,data:Drbx5wqhDVQYw4am805Aumhncj18MHzDBR41gSc68B4TlZyMCg+g7QvkrSp44fsU4BGeN2NZfL3KPLwlm/Xq35DbmD3pLybdf892b2Ziag==,iv:dcff9QnQAJ7nJ0zezuQnI9y9C04TXGstFYtPFt2S1rE=,tag:g4U/6IZTB/BA7lSJNtjSEQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWEw3VHd4U0J1S0xrWnZC
UmRaczBnTW93enVBMTBxVlgvRW1VdEtvcUFvCmhjbjVoQWJaZUNBcnBJRUtVeW1l
QklMTHNtMHpzaUZuRVdqTE1lWXpGR1UKLS0tIDFCbGxkOUord0dKZzE4Y2tSbXFi
ZUpvb2N4U1puTW1TMExQMWV3TUlhQVkKTcatdFn2ujwNgP8vT48XaGRU+T4EnHEb
ecJl7wSCdELjEbzAvAgf0ynjg069scLj1jitEQdF+jicPsiwZruh0w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-08T21:01:32Z"
mac: ENC[AES256_GCM,data:rel3B/iZsU1j5Jz5O5vc5qYnzBzxuh8IISxf3uTMyI8yYUJh056Cz4u4n07J8ugh+YduvQ+rWHiGQXjeK3AAtU7Fop5kjSJI3pdjlIGnhDv4dBOWIlwkypNVjIvdYWtsbfqlnp+JyKrDaUWkwXFEJfFec9M/LM8EihwswGAFtu0=,iv:/f/iGZFBvh7+fLr5tTcSx4G0AyYUEyiGVJeNG1M5LYI=,tag:fybjqWp9jnhDj4kfzSj+jA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3

6
apps/zurrli/urlredirector/deployment.yaml
View file

@ -33,12 +33,12 @@ spec:
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
memory: 32Mi
cpu: 10m
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /etc/caddy
name: caddyfile

5
apps/zurrli/wgtsbridge/deployment.yaml
View file

@ -47,10 +47,11 @@ spec:
privileged: true
resources:
requests:
memory: 64Mi
cpu: "100m"
memory: 32Mi
cpu: 10m
limits:
memory: 256Mi
cpu: 500m
volumeMounts:
- name: cfgmap
mountPath: /etc/wireguard/wg0.conf

3
argoapps/zurrli/baserow.yaml
View file

@ -17,3 +17,6 @@ spec:
syncPolicy:
syncOptions:
- CreateNamespace=true
managedNamespaceMetadata:
labels:
goldilocks.fairwinds.com/enabled: "true"

8
argoapps/zurrli/takahe.yaml → argoapps/zurrli/offen.yaml
View file

@ -1,19 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: takahe
name: offen
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
path: apps/zurrli/takahe
path: apps/zurrli/offen
repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
targetRevision: HEAD
destination:
namespace: takahe
namespace: offen
server: https://kubernetes.default.svc
syncPolicy:
syncOptions:
- CreateNamespace=true
- CreateNamespace=true

20
argoapps/zurrli/system/dashboard.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dashboard
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
source:
chart: kubernetes-dashboard
repoURL: https://kubernetes.github.io/dashboard/
targetRevision: 7.4.0
destination:
namespace: dashboard
server: https://kubernetes.default.svc
project: system
syncPolicy:
syncOptions:
- CreateNamespace=true
- ServerSideApply=true

41
argoapps/zurrli/system/goldilocks.yaml Normal file
View file

@ -0,0 +1,41 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: goldilocks
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
sources:
- chart: vpa
repoURL: https://charts.fairwinds.com/stable
targetRevision: 4.4.6
helm:
values: |
updater:
enabled: false
admissionController:
enabled: false
- chart: goldilocks
repoURL: https://charts.fairwinds.com/stable
targetRevision: 8.0.1
helm:
values: |
vpa:
enabled: false
image:
tag: v4.11.1
pullPolicy: IfNotPresent
dashboard:
replicaCount: 1
destination:
namespace: goldilocks
server: https://kubernetes.default.svc
project: system
syncPolicy:
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
managedNamespaceMetadata:
labels:
goldilocks.fairwinds.com/enabled: "true"