Compare commits
16 commits
bcc08ee332
...
6eb2b99ea9
Author | SHA1 | Date | |
---|---|---|---|
Renovate Bot | 6eb2b99ea9 | ||
Tobias Brunner | fac4aeac46 | ||
Tobias Brunner | a1637c1934 | ||
Tobias Brunner | d0e73a0320 | ||
Tobias Brunner | 6a8d02f3c5 | ||
Tobias Brunner | de744855b1 | ||
Tobias Brunner | b2abb7abbc | ||
Tobias Brunner | 712ddd8bce | ||
Tobias Brunner | 15b67fd424 | ||
Tobias Brunner | 4faaf56612 | ||
Tobias Brunner | 28b53dc4d8 | ||
Tobias Brunner | d837dd1d91 | ||
Tobias Brunner | 20c827e702 | ||
Tobias Brunner | a89acd7f90 | ||
Tobias Brunner | aef7c573c9 | ||
Tobias Brunner | e5ece619da |
|
@ -255,9 +255,7 @@ spec:
|
|||
limits:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
requests: {}
|
||||
volumes:
|
||||
- name: certs
|
||||
secret:
|
||||
|
|
|
@ -75,9 +75,7 @@ spec:
|
|||
protocol: TCP
|
||||
name: http
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
requests: {}
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
|
@ -95,9 +93,7 @@ spec:
|
|||
- name: TIMEOUT
|
||||
value: "120"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
requests: {}
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
|
@ -110,9 +106,7 @@ spec:
|
|||
- name: SEARCH_BACKEND_PASSWORD
|
||||
value: ItDoesNtM4tt3rrITsLOCAL
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
requests: {}
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
|
|
|
@ -39,8 +39,8 @@ spec:
|
|||
port: http
|
||||
resources:
|
||||
requests:
|
||||
memory: 64Mi
|
||||
cpu: 150m
|
||||
memory: 32Mi
|
||||
cpu: 10m
|
||||
limits:
|
||||
memory: 256Mi
|
||||
cpu: 300m
|
||||
|
|
|
@ -82,8 +82,8 @@ spec:
|
|||
port: http
|
||||
resources:
|
||||
requests:
|
||||
memory: 64Mi
|
||||
cpu: 150m
|
||||
memory: 32Mi
|
||||
cpu: 10m
|
||||
limits:
|
||||
memory: 256Mi
|
||||
cpu: 300m
|
||||
|
|
39
apps/zurrli/offen/deployment.yaml
Normal file
39
apps/zurrli/offen/deployment.yaml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: offen
|
||||
name: offen
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: offen
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: offen
|
||||
spec:
|
||||
containers:
|
||||
- image: docker.io/offen/offen:v1.4.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: offen
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: offen-config
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: http
|
||||
protocol: TCP
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /var/opt/offen
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: data
|
|
@ -1,26 +1,24 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: takahe
|
||||
labels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: webserver
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod-desec
|
||||
traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
|
||||
name: offen
|
||||
spec:
|
||||
rules:
|
||||
- host: social.tobru.ch
|
||||
- host: offen.tobru.ch
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: webserver
|
||||
name: offen
|
||||
port:
|
||||
name: web
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- social.tobru.ch
|
||||
secretName: ingress-cert
|
||||
- hosts:
|
||||
- offen.tobru.ch
|
||||
secretName: ingress-cert
|
9
apps/zurrli/offen/kustomization.yaml
Normal file
9
apps/zurrli/offen/kustomization.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- pvc.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
|
@ -1,13 +1,13 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: data
|
||||
labels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: webserver
|
||||
name: takahe-media
|
||||
app: offen
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
|
@ -3,5 +3,4 @@ kind: ksops
|
|||
metadata:
|
||||
name: secret-generator
|
||||
files:
|
||||
- postgresql-creds.sops.yaml
|
||||
- takahe-secrets.sops.yaml
|
||||
- secret.sops.yaml
|
33
apps/zurrli/offen/secret.sops.yaml
Normal file
33
apps/zurrli/offen/secret.sops.yaml
Normal file
|
@ -0,0 +1,33 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: offen-config
|
||||
type: Opaque
|
||||
stringData:
|
||||
OFFEN_SECRET: ENC[AES256_GCM,data:bbIiLvi4o7Uiyc6JJQ/mMAEsjjRS7JBo,iv:ZiteE3UDqCfuHGRFclVBYjG3Y6V69CKgtSjoV57XURQ=,tag:uAj1S1VZHyEjcVyuV4gLSA==,type:str]
|
||||
OFFEN_SMTP_USER: ENC[AES256_GCM,data:7q//l3w7+W9WASUFYFBrk2BK,iv:N4t5IJl7OvUDiuAxcJ52XejETZrOBEoFRr+PkujOprQ=,tag:T54fiuAvMGuxqoYsW+r1UQ==,type:str]
|
||||
OFFEN_SMTP_PASSWORD: ENC[AES256_GCM,data:uDrEWL+wAcRCTAg8FV3FGb8DNcg8AE48F2fCeSRLj3hSmQoTvrIP5uxKSO4uia9eJzU=,iv:gCh7MlcCDpkt7wj5HtipvFgGC92FiDOWQZvzcWmdf7s=,tag:YStTA4adV+YyhCnbfGUgLg==,type:str]
|
||||
OFFEN_SMTP_HOST: ENC[AES256_GCM,data:qvxIQVvOuY2xGKKCPGxntASD5w==,iv:IOP47WvkJm0PO2UNFWhcwZy8Ilifv1gugMOlhjFRK34=,tag:U+Va47/AGOm3GGAdbT4FMA==,type:str]
|
||||
OFFEN_SMTP_PORT: ENC[AES256_GCM,data:JQvr,iv:UGm7yVz6rteRLeNAFyUWvRGSjcSMcg7T4beyAcdkB7g=,tag:C/XgPl6ijxVkWwO/CUyOSQ==,type:str]
|
||||
OFFEN_SMTP_SENDER: ENC[AES256_GCM,data:pJUoCTjUgD91ic7CpWBO5Nm6,iv:xop+dCT6/2uwCM0RnJ4v94rSkKXx5kBMMitwAaK6QPk=,tag:ptKPDaTxvNhzhQuGQIAUdg==,type:str]
|
||||
OFFEN_SMTP_AUTHTYPE: ENC[AES256_GCM,data:0l/2flE=,iv:nUWARBncNWo3kLS32spui1FNBaAyXm3WvHSQJZ3AE04=,tag:E4LfMTzg0xUVHv3wWd4COA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5NHFjYjVGd216dXpuVWVT
|
||||
eXJ0c3pyTnpoaVlLb3RZbVc5dFJnWkZXbjFNCjk0MkViSGcwS1VwOUVySHB4Wlg3
|
||||
bU9OUS9McnNMTmNKb2Z1TkhhbU9mVEkKLS0tIDBuNGREd2FLMDdLUmpydy9DV1ZL
|
||||
NHc2UE1EbXJSSnhiWGFjbnBhcVphNHcKrPHBIun54437HXmWlG5EHtbwAm5gqGg0
|
||||
oQVe3p5fwTeNNl4qivi2yP5I6dnDhKELWc1LSZE5evi5AOYUPJdl4g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-16T17:41:32Z"
|
||||
mac: ENC[AES256_GCM,data:1EPXLW6/1rfL37UecReFGbsBHBTjRnsxBUxF6f7/quveQXab5WhxWf6Ry/74v5o7o4182IHgpPZ+ZLunWS9BWwJfKLS8g9HTmrmAjJNtSjtUGWFhUDCkGJh4RMg7OzEWWuXkMxA+jgwRpyDziMH+VW3oy5JUljRnd/zb40RcOhM=,iv:UKzEFEhIF2dCSWeRMDs7dyuNFNpUcgFdi6ZqGoP63H8=,tag:Ho5Yex6exo/NkcqHjQtVhA==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
15
apps/zurrli/offen/service.yaml
Normal file
15
apps/zurrli/offen/service.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: offen
|
||||
name: offen
|
||||
spec:
|
||||
ports:
|
||||
- name: offen
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 80
|
||||
selector:
|
||||
app: offen
|
||||
type: ClusterIP
|
|
@ -53,7 +53,13 @@ spec:
|
|||
securityContext:
|
||||
runAsUser: 9999
|
||||
runAsGroup: 9999
|
||||
resources: {}
|
||||
resources:
|
||||
requests:
|
||||
memory: 32Mi
|
||||
cpu: 10m
|
||||
limits:
|
||||
memory: 256Mi
|
||||
cpu: 300m
|
||||
- name: recorder
|
||||
env:
|
||||
- name: OTR_HOST
|
||||
|
@ -91,9 +97,9 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
memory: 32Mi
|
||||
cpu: 100m
|
||||
cpu: 10m
|
||||
limits:
|
||||
memory: 1Gi
|
||||
memory: 512Mi
|
||||
cpu: 1000m
|
||||
- name: metrics
|
||||
env:
|
||||
|
@ -118,7 +124,7 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
memory: 32Mi
|
||||
cpu: 100m
|
||||
cpu: 10m
|
||||
limits:
|
||||
memory: 128Mi
|
||||
cpu: 300m
|
||||
|
|
|
@ -21,7 +21,7 @@ spec:
|
|||
fsGroup: 10001
|
||||
containers:
|
||||
- name: rauthy
|
||||
image: ghcr.io/sebadob/rauthy:0.22.1-lite
|
||||
image: ghcr.io/sebadob/rauthy:0.23.1-lite
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
# User ID 10001 is actually built into the container at the creation for
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: takahe-config
|
||||
data:
|
||||
PGHOST: db-postgresql
|
||||
PGUSER: takahe
|
||||
PGDATABASE: takahe
|
||||
TAKAHE_MEDIA_BACKEND: local://
|
||||
TAKAHE_MEDIA_ROOT: /media
|
||||
TAKAHE_MEDIA_URL: https://social.tobru.ch/media/
|
||||
TAKAHE_MAIN_DOMAIN: social.tobru.ch
|
||||
TAKAHE_EMAIL_FROM: automation@tobru.ch
|
||||
TAKAHE_USE_PROXY_HEADERS: "true"
|
|
@ -1,43 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: stator
|
||||
labels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: stator
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: stator
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: stator
|
||||
spec:
|
||||
containers:
|
||||
- name: stator
|
||||
image: jointakahe/takahe:0.11.0
|
||||
args:
|
||||
- python3
|
||||
- manage.py
|
||||
- runstator
|
||||
env:
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgresql-creds
|
||||
key: USER_PASSWORD
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: takahe-config
|
||||
- secretRef:
|
||||
name: takahe-secrets
|
||||
resources:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: 1
|
|
@ -1,95 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: webserver
|
||||
labels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: webserver
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: webserver
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: webserver
|
||||
spec:
|
||||
initContainers:
|
||||
- name: migrations
|
||||
image: jointakahe/takahe:0.11.0
|
||||
args:
|
||||
- python3
|
||||
- manage.py
|
||||
- migrate
|
||||
env:
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgresql-creds
|
||||
key: USER_PASSWORD
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: takahe-config
|
||||
- secretRef:
|
||||
name: takahe-secrets
|
||||
containers:
|
||||
- name: webserver
|
||||
image: jointakahe/takahe:0.11.0
|
||||
args:
|
||||
- gunicorn
|
||||
- takahe.wsgi:application
|
||||
- -w
|
||||
- "6"
|
||||
- -b
|
||||
- "0.0.0.0:8000"
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
env:
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgresql-creds
|
||||
key: USER_PASSWORD
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: takahe-config
|
||||
- secretRef:
|
||||
name: takahe-secrets
|
||||
volumeMounts:
|
||||
- name: cache
|
||||
mountPath: /cache
|
||||
- name: media
|
||||
mountPath: /media
|
||||
resources:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: 1
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8000
|
||||
periodSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8000
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 8000
|
||||
initialDelaySeconds: 2
|
||||
failureThreshold: 30
|
||||
periodSeconds: 2
|
||||
volumes:
|
||||
- name: cache
|
||||
emptyDir: {}
|
||||
- name: media
|
||||
persistentVolumeClaim:
|
||||
claimName: takahe-media
|
|
@ -1,32 +0,0 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: takahe
|
||||
resources:
|
||||
- configmap.yaml
|
||||
- pvc.yaml
|
||||
- deployment-webserver.yaml
|
||||
- deployment-stator.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
helmCharts:
|
||||
- name: postgresql
|
||||
releaseName: db
|
||||
version: 12.1.7
|
||||
repo: https://charts.bitnami.com/bitnami
|
||||
valuesInline:
|
||||
auth:
|
||||
username: takahe
|
||||
database: takahe
|
||||
existingSecret: postgresql-creds
|
||||
secretKeys:
|
||||
adminPasswordKey: ADMIN_PASSWORD
|
||||
userPasswordKey: USER_PASSWORD
|
||||
primary:
|
||||
persistence:
|
||||
storageClass: local-path
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
|
@ -1,28 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: postgresql-creds
|
||||
stringData:
|
||||
ADMIN_PASSWORD: ENC[AES256_GCM,data:rN2LbjOeE9CP+yaaJi6ikgl8eCui1HRgFRBl5JINXZw=,iv:CXuIbeT6DwMnFVq/azUl9b8MsT7RR+W+AcTs9L99P5M=,tag:aEtvZq27ldTpV6fGiwcBMw==,type:str]
|
||||
USER_PASSWORD: ENC[AES256_GCM,data:2+IUtu2+FNLuTtjD6MbvAIBc/mYtWCCvEDJTcynXe30=,iv:9nEfs+TpD+YLRKUrfalBeV+kLEzGqamxdF8D92SZ0es=,tag:s0vvxNm6v/CGDLjBT6bQ0A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMzdtWDNDUWROQkdyS2I2
|
||||
aDNrUkpDK3R5TWNLVzJORE82MGlGZGkrOUQ4CmVSUDRRVkZoYWgvSjJlZk5idjFT
|
||||
NXIzNG1paXZpdFFzY1A0akVwemlwTG8KLS0tIFJYa09DS00vTmxzYWd6ZnJTaE10
|
||||
ZXVTblAxbjIwNEd6QWtxTUFTYU52ZFEKJTE2+b8FIJ/JuPc8ixYMIwyLnydcS4yE
|
||||
4T18gWlPgbpow1sHpJ8KLNF+KLGh5XmmG50QDWGvhQuywhs/cNgdyQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-08T17:00:33Z"
|
||||
mac: ENC[AES256_GCM,data:ATRiA9PB/nL3HaoB2MJZtHo9bCVWGdjjBetkicMZfvrSfcdeYEix4FsnKoeEdQNlUnFD0Sk8sDZ3Ei675lTGlNgTu3ZAei/OHGuNW9PS5AfKNO+nf8cTxQ9WXWNdpPphzpkD2MZHzH/KbHGoWS93bLTa0UVXZIgTuHXyTXHm9Tk=,iv:rnay9+2hD1PD4D2UrGI359ntIqqEVXbPGNUPAPTC7ro=,tag:90obrfNiwv4ZBaopH7sHdg==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -1,15 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: webserver
|
||||
labels:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: webserver
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 8000
|
||||
name: web
|
||||
selector:
|
||||
app.kubernetes.io/name: takahe
|
||||
app.kubernetes.io/component: webserver
|
|
@ -1,28 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: takahe-secrets
|
||||
stringData:
|
||||
TAKAHE_SECRET_KEY: ENC[AES256_GCM,data:HLZbtZgId3u6q0Ewy+d1uYVuf36veZo/1uwLzTrhg7+Zmpl5ljvvw/TvMafOqxre7Oxc1gpuGIRP96QAzeaaXw==,iv:We8CvA7DfC8Ub3MgOGSv9nG2ORENbavCt5cr59HAeCw=,tag:CehxloNCwyFX7iaHtAhqJw==,type:str]
|
||||
TAKAHE_EMAIL_SERVER: ENC[AES256_GCM,data:Drbx5wqhDVQYw4am805Aumhncj18MHzDBR41gSc68B4TlZyMCg+g7QvkrSp44fsU4BGeN2NZfL3KPLwlm/Xq35DbmD3pLybdf892b2Ziag==,iv:dcff9QnQAJ7nJ0zezuQnI9y9C04TXGstFYtPFt2S1rE=,tag:g4U/6IZTB/BA7lSJNtjSEQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWEw3VHd4U0J1S0xrWnZC
|
||||
UmRaczBnTW93enVBMTBxVlgvRW1VdEtvcUFvCmhjbjVoQWJaZUNBcnBJRUtVeW1l
|
||||
QklMTHNtMHpzaUZuRVdqTE1lWXpGR1UKLS0tIDFCbGxkOUord0dKZzE4Y2tSbXFi
|
||||
ZUpvb2N4U1puTW1TMExQMWV3TUlhQVkKTcatdFn2ujwNgP8vT48XaGRU+T4EnHEb
|
||||
ecJl7wSCdELjEbzAvAgf0ynjg069scLj1jitEQdF+jicPsiwZruh0w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-08T21:01:32Z"
|
||||
mac: ENC[AES256_GCM,data:rel3B/iZsU1j5Jz5O5vc5qYnzBzxuh8IISxf3uTMyI8yYUJh056Cz4u4n07J8ugh+YduvQ+rWHiGQXjeK3AAtU7Fop5kjSJI3pdjlIGnhDv4dBOWIlwkypNVjIvdYWtsbfqlnp+JyKrDaUWkwXFEJfFec9M/LM8EihwswGAFtu0=,iv:/f/iGZFBvh7+fLr5tTcSx4G0AyYUEyiGVJeNG1M5LYI=,tag:fybjqWp9jnhDj4kfzSj+jA==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -33,12 +33,12 @@ spec:
|
|||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
requests:
|
||||
memory: 32Mi
|
||||
cpu: 10m
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
volumeMounts:
|
||||
- mountPath: /etc/caddy
|
||||
name: caddyfile
|
||||
|
|
|
@ -47,10 +47,11 @@ spec:
|
|||
privileged: true
|
||||
resources:
|
||||
requests:
|
||||
memory: 64Mi
|
||||
cpu: "100m"
|
||||
memory: 32Mi
|
||||
cpu: 10m
|
||||
limits:
|
||||
memory: 256Mi
|
||||
cpu: 500m
|
||||
volumeMounts:
|
||||
- name: cfgmap
|
||||
mountPath: /etc/wireguard/wg0.conf
|
||||
|
|
|
@ -17,3 +17,6 @@ spec:
|
|||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
managedNamespaceMetadata:
|
||||
labels:
|
||||
goldilocks.fairwinds.com/enabled: "true"
|
|
@ -1,19 +1,19 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: takahe
|
||||
name: offen
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: apps
|
||||
source:
|
||||
path: apps/zurrli/takahe
|
||||
path: apps/zurrli/offen
|
||||
repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
|
||||
targetRevision: HEAD
|
||||
destination:
|
||||
namespace: takahe
|
||||
namespace: offen
|
||||
server: https://kubernetes.default.svc
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- CreateNamespace=true
|
20
argoapps/zurrli/system/dashboard.yaml
Normal file
20
argoapps/zurrli/system/dashboard.yaml
Normal file
|
@ -0,0 +1,20 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: dashboard
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
source:
|
||||
chart: kubernetes-dashboard
|
||||
repoURL: https://kubernetes.github.io/dashboard/
|
||||
targetRevision: 7.4.0
|
||||
destination:
|
||||
namespace: dashboard
|
||||
server: https://kubernetes.default.svc
|
||||
project: system
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
41
argoapps/zurrli/system/goldilocks.yaml
Normal file
41
argoapps/zurrli/system/goldilocks.yaml
Normal file
|
@ -0,0 +1,41 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: goldilocks
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
sources:
|
||||
- chart: vpa
|
||||
repoURL: https://charts.fairwinds.com/stable
|
||||
targetRevision: 4.4.6
|
||||
helm:
|
||||
values: |
|
||||
updater:
|
||||
enabled: false
|
||||
admissionController:
|
||||
enabled: false
|
||||
- chart: goldilocks
|
||||
repoURL: https://charts.fairwinds.com/stable
|
||||
targetRevision: 8.0.1
|
||||
helm:
|
||||
values: |
|
||||
vpa:
|
||||
enabled: false
|
||||
image:
|
||||
tag: v4.11.1
|
||||
pullPolicy: IfNotPresent
|
||||
dashboard:
|
||||
replicaCount: 1
|
||||
destination:
|
||||
namespace: goldilocks
|
||||
server: https://kubernetes.default.svc
|
||||
project: system
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
managedNamespaceMetadata:
|
||||
labels:
|
||||
goldilocks.fairwinds.com/enabled: "true"
|
Loading…
Reference in a new issue