From 201e0c35666743ec5fc62bc987584539d021bdd4 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 6 Sep 2024 17:27:12 +1000 Subject: [PATCH 1/4] update ingress for chartmuseum --- apps/chartmuseum/env/k3s-cluster/ingress.yaml | 7 +- .../templates/chartmuseum-tls.yaml | 67 +++++++++++++++++++ 2 files changed, 70 insertions(+), 4 deletions(-) create mode 100644 resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml diff --git a/apps/chartmuseum/env/k3s-cluster/ingress.yaml b/apps/chartmuseum/env/k3s-cluster/ingress.yaml index a8f74cb..3117804 100644 --- a/apps/chartmuseum/env/k3s-cluster/ingress.yaml +++ b/apps/chartmuseum/env/k3s-cluster/ingress.yaml @@ -2,17 +2,16 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: chartmuseum-ingress - namespace: argocd + namespace: chartmuseum annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/use-regex: "true" spec: ingressClassName: nginx tls: - hosts: - "chartmuseum.cluster.edward.sydney" - - "chartmuseum.cluster.local" - secretName: "ingress-tls" + secretName: "chartmuseum-tls" rules: - host: "chartmuseum.cluster.edward.sydney" http: diff --git a/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml b/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml new file mode 100644 index 0000000..8aa6da8 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml @@ -0,0 +1,67 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: chartmuseum-tls + namespace: chartmuseum +type: kubernetes.io/tls +stringData: + tls.crt: | + -----BEGIN CERTIFICATE----- + MIIDkDCCAxagAwIBAgISAzfHRyZrvk8WNGAHWrgbzciFMAoGCCqGSM49BAMDMDIx + CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF + NjAeFw0yNDA4MjgyMzUwMTRaFw0yNDExMjYyMzUwMTNaMCIxIDAeBgNVBAMMFyou + Y2x1c3Rlci5lZHdhcmQuc3lkbmV5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE + 8ud+9xO2ekXfvX8ghVd4rqJ/0nVqOAVvrxSNou17ofAhbKr6jhDhDuaKPPwu3r3t + YxcU/Ij1fviXhwLHU7psSqOCAhowggIWMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUE + FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU + 3cFhorY+2wTt4EVNA/3P6yN5m4gwHwYDVR0jBBgwFoAUkydGmAOpUWiOmNbEQkjb + I79YlNIwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTYuby5s + ZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8wIgYD + VR0RBBswGYIXKi5jbHVzdGVyLmVkd2FyZC5zeWRuZXkwEwYDVR0gBAwwCjAIBgZn + gQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwA/F0tP1yJHWJQdZRyEvg0S + 7ZA3fx+FauvBvyiF7PhkbgAAAZGbmzAXAAAEAwBIMEYCIQD/V43Jy0KHLodl+gtE + RyvGcUrk6mzrUp3bIeRJRIGX5AIhAI76WUuByT+oVAu9+gpTRmbPnaEjIz23pX+D + +wl3KGXMAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGRm5sw + DgAABAMARzBFAiATa1V7yZy0WU6Q1VhYFekp0w0RTqZuTLt7qHAFukH4IgIhAJ7J + h4W3Qu1xU9MzBiWVNfXyjt+xF/Z7psq0H3uC5QrUMAoGCCqGSM49BAMDA2gAMGUC + MGbxI061Ifmd5Ly5zXKUbkN2a3KwfGWNRcsnsJAMo/kztOGxACSObwsyhUzvByeV + 0gIxANVVMDZ7biW0CTXtTdPhcwB3tMbxqc5XLqCw4LUaw4dNa+mU7twxyZDGHjSb + 8kL+vg== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw + TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh + cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw + WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg + RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G + h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV + 6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw + gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD + ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj + v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB + AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g + BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu + Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc + MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL + pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp + eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH + pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 + s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu + h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv + YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 + ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 + LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ + EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY + Ig46v9mFmBvyH04= + -----END CERTIFICATE----- + tls.key: | + -----BEGIN PRIVATE KEY----- + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXuMIQX6LINaWverb + bXLW1pp43GDplg7gnSMfGVu04dShRANCAATy5373E7Z6Rd+9fyCFV3iuon/SdWo4 + BW+vFI2i7Xuh8CFsqvqOEOEO5oo8/C7eve1jFxT8iPV++JeHAsdTumxK + -----END PRIVATE KEY----- \ No newline at end of file From 2b66791a89edc6b23c44e154209d73f952936065 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 6 Sep 2024 17:27:35 +1000 Subject: [PATCH 2/4] update ingress for chartmuseum --- .../templates/chartmuseum-tls.yaml | 78 ++++--------------- 1 file changed, 17 insertions(+), 61 deletions(-) diff --git a/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml b/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml index 8aa6da8..068e5ec 100644 --- a/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml +++ b/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-tls.yaml @@ -1,67 +1,23 @@ -apiVersion: v1 -kind: Secret +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret metadata: annotations: - argocd.argoproj.io/sync-options: Prune=false sealedsecrets.bitnami.com/cluster-wide: "true" - sealedsecrets.bitnami.com/managed: "true" creationTimestamp: null name: chartmuseum-tls namespace: chartmuseum -type: kubernetes.io/tls -stringData: - tls.crt: | - -----BEGIN CERTIFICATE----- - MIIDkDCCAxagAwIBAgISAzfHRyZrvk8WNGAHWrgbzciFMAoGCCqGSM49BAMDMDIx - CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF - NjAeFw0yNDA4MjgyMzUwMTRaFw0yNDExMjYyMzUwMTNaMCIxIDAeBgNVBAMMFyou - Y2x1c3Rlci5lZHdhcmQuc3lkbmV5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE - 8ud+9xO2ekXfvX8ghVd4rqJ/0nVqOAVvrxSNou17ofAhbKr6jhDhDuaKPPwu3r3t - YxcU/Ij1fviXhwLHU7psSqOCAhowggIWMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUE - FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU - 3cFhorY+2wTt4EVNA/3P6yN5m4gwHwYDVR0jBBgwFoAUkydGmAOpUWiOmNbEQkjb - I79YlNIwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTYuby5s - ZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8wIgYD - VR0RBBswGYIXKi5jbHVzdGVyLmVkd2FyZC5zeWRuZXkwEwYDVR0gBAwwCjAIBgZn - gQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwA/F0tP1yJHWJQdZRyEvg0S - 7ZA3fx+FauvBvyiF7PhkbgAAAZGbmzAXAAAEAwBIMEYCIQD/V43Jy0KHLodl+gtE - RyvGcUrk6mzrUp3bIeRJRIGX5AIhAI76WUuByT+oVAu9+gpTRmbPnaEjIz23pX+D - +wl3KGXMAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGRm5sw - DgAABAMARzBFAiATa1V7yZy0WU6Q1VhYFekp0w0RTqZuTLt7qHAFukH4IgIhAJ7J - h4W3Qu1xU9MzBiWVNfXyjt+xF/Z7psq0H3uC5QrUMAoGCCqGSM49BAMDA2gAMGUC - MGbxI061Ifmd5Ly5zXKUbkN2a3KwfGWNRcsnsJAMo/kztOGxACSObwsyhUzvByeV - 0gIxANVVMDZ7biW0CTXtTdPhcwB3tMbxqc5XLqCw4LUaw4dNa+mU7twxyZDGHjSb - 8kL+vg== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw - TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh - cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw - WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg - RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G - h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV - 6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw - gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD - ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj - v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB - AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g - BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu - Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc - MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL - pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp - eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH - pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 - s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu - h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv - YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 - ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 - LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ - EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY - Ig46v9mFmBvyH04= - -----END CERTIFICATE----- - tls.key: | - -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXuMIQX6LINaWverb - bXLW1pp43GDplg7gnSMfGVu04dShRANCAATy5373E7Z6Rd+9fyCFV3iuon/SdWo4 - BW+vFI2i7Xuh8CFsqvqOEOEO5oo8/C7eve1jFxT8iPV++JeHAsdTumxK - -----END PRIVATE KEY----- \ No newline at end of file +spec: + encryptedData: + tls.crt: AgBW0zWynKk7jOjwGkZGd3rpyoYL2ihRwnauB9a+UI16/1+Phwom2didYgNIneKu6Byt6CE05N1Zt0kefditmWvT+5gogp5xmjGeFGmEA6AlVGZMOUTxG1Zi7Jc9kX0sIuTkPK7WEoIjlD4vhDo1AD9DycYgx3kr3aQB6LDB90Zihp+VM1zf30LhUa5F0k1VVJsYZgMri+q+TmKj11TtCQD76qiNNyUnGyDhR9ae7dqO71/TtW90+bF4PxluIbJXTPsH+3XH0iHfoENuZxgYYRrZHNXHPMnc5noIWI67IaIL6RHTGxaBIP3aX2hxf4+Vmt+pgqzgu+P08cCY90uwUmilx1COqBqFgOuo0JnwWUv68pygKwzX/6aEH1O2eeA6RpHmQTwbke7GXqfXodFCT41PjBnHYI1z317ocFM+RL0yXM/tI8q/yIR5NIGp9928KimvdwtYK/uqjgdRIy4OsvTUs6u6i4uABJJTv6B4zaysu958Jwm+5XbCYdcaDjWUjXZ4oB/ueel3fiA9hDrqnhS4gChthH/WXQuI4dw9Wi5Tz2CzeTrvjOEgtWKqTR6N2Wy4yn76tCp4XZ2m7/PShmxk2naWQCb5gqcMHT7v1ROQfUKRWDUv6rcvuqhbbIqoEdAloaOxLqqwzIR5/BgBorwte5zjafDmebsvgBD5tQpxpuuQArfN6443zttpDxUlIu94UAQGKAeDaPMpqPGgmXoLFXmo7TM+Mveyo0863C70XAGPuu/UJm4kAoum2LaWQNm2TB6Wkvw5u8I5Q2FgWcQhNuN5Qh7hi0nzHbhguvwwVpr1VhdZzUNgnmJeZYKAjYp8Cjlo35HJS3i8SB59EhLi/YXNmSSCqtojbkOxjEQhlZAzlex45Mj74J+qm66BXOkrkQrB5tyLlsFtxUIOCAioLpvdZOBaWdN5eOZp5nTtDNbr3cPwg0ekoPcL2+rUvw27eVm6t5NonafC/kG6119qD4skHL/w4MmL3+BORIpBZ4BBM+K4eqO0vBB004ldeW2iChU7SARuE00DgryyfFA/5yrSpa99SKG7ZggdYpQU6xydnTK+KHDCIbKW0UdDsCfdM/VswJP9zbQA/gRDH4n10VY3vjieFzsnYH5tjwctGT45BXmzf7VXvMdlDSTXLL7HUn0qfOahScfM+V99+Yzk1mnF58jwoqA9KZk6yNHsxsvG2TvzZ0EHtizqQTkNYG/SNBeDqdRpBFj86CPRmsA3kAfrLPoNEZzreC0OMyuTsvTabjiiQr/S/VvTH0GQPkKxxFG6Lw36w4RZkswLP6yqNEHcEP0ArPQTecveP/QBN8pTv0x8j1Zr3fdya27H7KTov5sn9HJJEewpwFonTd4QXUoJjTPkhZ3BXoEqglhBNUYTZxYwDHJGeJZIbv/sX45ZZPzxvjv4E/cZiZY7bGAKPjV9kVfO4dO4UNS4AMUgPQYmCH9NCHmIJutJb4vvtPnNKcxpa9PBCroh8GphmKPnBLtWIGWr7GJf4v5kfbYM0uwbqkxS/FaUbY3J3uMbWbHLdCNKJxgWRO+K9icBW++GoaNvw2VMcQjCqYZQI6FXEHlSJAc9o7nZ/BmCxlXjaAcKsGpEe9cWQHukNVGMlYJAJxVwhUM0r5MV1HPIsp4y8aDhdmIB+VBpaps/VUuG0E1+gmLt5hIRW7Zi+lDeKZ/t+C3e8Z5bMJ4YmUnTyQuGv+3udb6uvWgcgv/N2FWBwM6pfcwc3slNY//MDzW5AnnWFBSTfpjnRspsc15Vaiwqy99sNBi898XF0vR0Z1v1rEeoHLOG5prmMrFumYlPf/WQiTjwR8Qq+H4qov3s9/6ESkvMWHwZ7pHTsFaFwiCUeypBBloBG007Qce+HFWBGG03Z6q08+u8ecTkXrjjTG5eeXipxYjc+N9ZjlNGHev+dvzWzZ2zoFtN2lcYK5KH8WOrWrvXV4cAdgQbuB477n1yCu5XbKBAYGBQ/3dDrGRXKYkzmq6fsqsAK0cvvPdt3Zy6PmeOku/lSpvv5Vk/XA2b+TdGmsAWhMrWienCutex989C4waG2GDfv0ka4g2UaILcsLyj69qrU336lUbfPJfIa3ozWyaSrtjyLFizZG8ITEPTtyXzpW1n8wmOrV6TffMkV7Be3ugq2Iwwk5OFksWhxpbUa68ns0Nb0FrTPvzSDp2cIctkl1xo5WRy67S0ii6ks/+sTzrxLBPimDy6uYtM7+yy9/1I91sVZ+g5jQEzIur4499URskYbQd8BzxX2WkvtadQBZIOx/jxBDI/KWa4hBGY96h9p58OdtSQDylFWMOyi3Di7gVXWCurnd1AmoWoYjpKluBH4k6Ia1sSLBdEoME1Xtd2UvvfPGJMaIlDTf2gxC9iUxZ7oFXIqqWxuUqaIgUOvMSYX0fLUMjG6QjtJ2XrMeIzvttKsz+Ux55bA+ygdBpet/28PQON/z/UWpqdzI1YdJlfF/cnq1QupWyr+2Oi6WGqcshnoI1Jpqjr2UHE5qZHLXD8UboZm5IE5geWie0QAZzXcpPy7cLDAm6k5S9nck7HvJ1LALgr1P+BXCVxqbHl9W77RVyiuyw3lTjHdCPj1Ibxb0RiN3kWbeFfRfFWhsyY8mwUv9Nvb9I7bGUwAHy9eoNAPCY51MtVAKg0uD0wU62kZNzsV2HXHdP3ufNK5ybDYiEfeTucxOQuui09MHsq01ILYDFGk69rfG2XI6NaBss2X19tKIuVVI/WSoGNIBbp3UNQvZBrEgBg8hJek/cEdWO93HmaPl1uGtChTgSldmmJGBePselxdebPGmoLoCvqGqJhbKsOacORWxfd2S88Hi6Wjam2FyTc5DL5dKddLyAvFa505b4ydzTbqWzZbjQwj03inFk0uTXEuLxjBgatXiwhm7Y/fUfi2puzrqDhLBGazlcFdLpJduNJeXVTAEJTUnfrV3Ytjcl9NsMvbmBNV5pMEZAHNpeKRupvdap2xUNrsj+DbqA9ieN6hX8FdLY580ReBssN0kblUD9KNvAalFMq4Sn31T+VourhQSW+dXAiUuD8sZE0USQtVYTqtjhtX9lmLN8l3LTDWjwfPIyxzEwIbS+tzY48NwXkK3Saur+E+uGz1hovf3/JtvyGmwNnsu4a6jyIdYzPjbf0PnuheGi/I6hhqgIYoK99W8PgqlJLSBrT/1zfvNL+6LC6qeQXOHLEjoXF7VtoeLDK5D57iZwz3cKSq2rN1vrmKOUuxYYl0j1zz+YAlPX8rfyEX+I4nxqYkFM7O9+o4gBeMWK/R9shaSiIUaf9h2KvtRgvJjFAOFahlXwuYwPPYvyUangQ1bqhoTywxH+7K28lSirpfxPX/Ld5dGGB9PiG2y4Nk9TaSm1HL7UuVAvpYz3/EiPyv/JJsv8ZrwVVd1viRJlJJyxuOPeGqz4AFHb/lpLctmHfy6BV0kJujkFEqNndp5g2kkZpzpCEjPZ0VkzAU9R1Z+h3TafoNW5XTaA+UMjVwHKDfHbLgRzEDIawAilCr+eq28F8GD9YHCass5rnAUr9zPnAELZhiSDRMqYRt2fK4xg44xdHG8az6o5YB1I5qSHJoj3PErJ2WuxFCngHDq+TJNKL9rfOkx/7ZqFa6LFfpXDm/7j46Fm+rjLbsMSZczQZu8ARczw291qDFr+3E5PAXh5Kjr6fg9eQ0PNJt1Dj52ajWHQcMTR3WYMRi29PGSfVqRfbTlTFc/BW7TytIe7+2p8XXHw3/GksIdmK7p28wx27LgCUiigOhfDR/sw8EdfGRnJKEBY3YdvejTyuaDADnunjUn+Fj0S+VCWySJDk0EjHfd+NVtWz4WpnzUG+744OG/xmdEHVs0QS3sKco+TdBXmxI/YcJNcOy8dRtCJViJN6XV2ZPLi8s8EhRNSU/N7eProrV7/ggF59Pm/tKfnYtITOxwQqi/wHlVZskukzroEaYa9PCaVtM8jHfQUtnFngMWzARFo38DcSuDGd1hSwboN7qUoV6XNXhRqljOjoIV8Q8Dw/5mr3BwlZjniuHCMuSYfjWOe3hcFXSqa70nvCZAeRg7QgK9an5lZoocV4EPRYnwgl+38ql1tB1g2vQGnlbmBlO1S8g/sUsNGYZEzJdc84yAEsKCQQraWdIG2wQYHePymU+0nwr4478Z7sE73pf/iCAmD7jndV2X0pjHoCctX6ZQlvDbz22cF6zMtywXtZP4hCuXJAlscQ3TsS8j95kvTjz2QtY4YVSQfofHQ3eW18nRVw56YAZ/YxA/tbfg5U7cUc3w3Mcs6RQoGU5EGi6GUfHBsYgoE6I9p7TYfn0WFiHDNEH8nOStZigT2PQh7jRYWO30srC9bfRp5eb/7NtdZvbi8WkNPR/EGfh/aFK85W9U6sgTBo8If7ko4xI/lntXM5sRygR1KEgCis2OxUnDnT3axEXszT55EN4WobHa2QMxy3fC8dHZpLHq5bB7H1IONWj4Sv+Pq/TQHFLoqj3c8/pYA9vz0Spy2FaXlMzjmP+qPTnbe76zTJ94xDXY782IeVuda4kMqA7w== + tls.key: AgArw8SAEuMdxov4GSdWzNw0mbx4lD+bS0xEdNbuCPcOBuZG45cOAYnhaxIgsKh/2dKXtaaSepyrTthOCuLImmT3k/Fl64rBfT4L42X13EsR0MnDyvY5bHFZ58CTyuDKjFRBeS+uBzO8EfHqUZERFCVd9Y9E8bhKdwgq50Y6PPNp9KGESKtQFEIV2L8GS1Y9TxCtaMSnFK6iYbdW5zIKphSq7ui3WrZM6yLIWeOQ8qAWzw6NgY/dA2E7pmZt3aEBM1q/3fw1bbVRCQY074NVnXBU/l0qyY1zanyuokZ4JthoHv8COuICvqf9N9uFv5TlxgQg9VDLD4OdBhcbuSwd4u0JgjLqYfgFIYbdeSGQ33TxKTMkVfsRgCtdfl+G79d5YXzhPQvLcVX9ZlPGlmYS92VqWK+uL8DyXrQ5tuQ/eqShJ+ldSU/pFUMmtX0r0yFTbbrUMPmzwfuIXdeb2E2iIBU/OKLBxrK5E9+BbgTScM39VVNnovAbmHSS94Fyl6HbdcebpA9F9K+4HBthY/JT/41vLFOowmV0zsV7dU1iGWHWgpOxqtEcd/9VIYVs+sVKdSj+GZgbYZLAZjKegyVmWq57XKzyBIYO8U2l1m6hX5CT49xn8ZKGZMxje3bY819WvMtIkVa7z5yy/rZD54tPFh/HxjatGx0Z5YIF602wWpim5653OKKhbKkpCYHKvILfPSq0wfC+4MyJiN7pNXwuE88zHqJq1IwLAhpMxeWqaaqa5C5LE8nvEccXmo6LGmS/Kzw9ZbNZch5Aa7RMGkHVZwoB2H2eDWPeaCBJfP1MS32oLQPE4zhu/zDrCCk/XJErk9kqw245ZDb8oTMV+n2GsekQLdYKvlES5J5/+CT0ljb+0saz5/jWgral6tdmWWkDg3qtU/UYIJklcn9IHm48jQxgDqgSThPcX7WIKK6nL6TojbBZOL6ReHfVtIFmZiV0Ah6LFF7Ca2JjOXXdIz3MDWzlSud/cf2rBSEhxAu55Ln4vKyrLf9bMUdwvK1W+JvC2fIS + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: chartmuseum-tls + namespace: chartmuseum + type: kubernetes.io/tls From 729759d2bb49bf9331dab1661178b8dac303ed37 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 6 Sep 2024 18:08:27 +1000 Subject: [PATCH 3/4] update chartmuseum using helm chart --- apps/chartmuseum/base/deployment.yaml | 45 ------------------- apps/chartmuseum/base/kustomization.yaml | 5 --- apps/chartmuseum/base/service.yaml | 20 --------- apps/chartmuseum/env/k3s-cluster/ingress.yaml | 35 --------------- .../env/k3s-cluster/kustomization.yaml | 9 ++-- apps/chartmuseum/env/k3s-cluster/values.yaml | 25 +++++++++++ .../templates/chartmuseum-secrets.yaml | 24 ++++++++++ .../k3s-cluster/templates/chartmuseum-pv.yaml | 38 ++++++++++++++++ .../templates/chartmuseum-pvc.yaml | 15 +++++++ 9 files changed, 108 insertions(+), 108 deletions(-) delete mode 100644 apps/chartmuseum/base/deployment.yaml delete mode 100644 apps/chartmuseum/base/kustomization.yaml delete mode 100644 apps/chartmuseum/base/service.yaml delete mode 100644 apps/chartmuseum/env/k3s-cluster/ingress.yaml create mode 100644 apps/chartmuseum/env/k3s-cluster/values.yaml create mode 100644 resources/app-secrets/env/k3s-cluster/templates/chartmuseum-secrets.yaml create mode 100644 resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pv.yaml create mode 100644 resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pvc.yaml diff --git a/apps/chartmuseum/base/deployment.yaml b/apps/chartmuseum/base/deployment.yaml deleted file mode 100644 index 3ddbb8f..0000000 --- a/apps/chartmuseum/base/deployment.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: chartmuseum - namespace: chartmuseum - labels: - app.kubernetes.io/name: chartmuseum -spec: - selector: - matchLabels: - app.kubernetes.io/name: chartmuseum - template: - metadata: - labels: - app.kubernetes.io/name: chartmuseum - spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - containers: - - name: homer - image: ghcr.io/helm/chartmuseum:v0.16.2 - securityContext: - allowPrivilegeEscalation: false - env: - - name: DEBUG - value: "1" - - name: STORAGE - value: "local" - - name: STORAGE_LOCAL_ROOTDIR - value: "/charts" - ports: - - protocol: TCP - containerPort: 8080 - name: http - volumeMounts: - - name: charts - mountPath: /charts - volumes: - - name: charts - hostPath: - path: /mnt/nfs/AppData/chartmuseum/charts - type: Directory - nodeSelector: - kubernetes.io/os: linux diff --git a/apps/chartmuseum/base/kustomization.yaml b/apps/chartmuseum/base/kustomization.yaml deleted file mode 100644 index 87b09a3..0000000 --- a/apps/chartmuseum/base/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./deployment.yaml - - ./service.yaml \ No newline at end of file diff --git a/apps/chartmuseum/base/service.yaml b/apps/chartmuseum/base/service.yaml deleted file mode 100644 index 037e2e4..0000000 --- a/apps/chartmuseum/base/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: chartmuseum - namespace: chartmuseum - annotations: - metallb.universe.tf/address-pool: k3s-cluster-ip-pool - metallb.universe.tf/allow-shared-ip: k3s-cluster - labels: - app.kubernetes.io/name: chartmuseum -spec: - selector: - app.kubernetes.io/name: chartmuseum - type: LoadBalancer - internalTrafficPolicy: Cluster - ports: - - protocol: TCP - port: 8899 - targetPort: 8080 - name: http diff --git a/apps/chartmuseum/env/k3s-cluster/ingress.yaml b/apps/chartmuseum/env/k3s-cluster/ingress.yaml deleted file mode 100644 index 3117804..0000000 --- a/apps/chartmuseum/env/k3s-cluster/ingress.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: chartmuseum-ingress - namespace: chartmuseum - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/use-regex: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - "chartmuseum.cluster.edward.sydney" - secretName: "chartmuseum-tls" - rules: - - host: "chartmuseum.cluster.edward.sydney" - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: chartmuseum - port: - number: 8899 - - host: "chartmuseum.cluster.local" - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: chartmuseum - port: - number: 8899 \ No newline at end of file diff --git a/apps/chartmuseum/env/k3s-cluster/kustomization.yaml b/apps/chartmuseum/env/k3s-cluster/kustomization.yaml index 3ea3085..cce609c 100644 --- a/apps/chartmuseum/env/k3s-cluster/kustomization.yaml +++ b/apps/chartmuseum/env/k3s-cluster/kustomization.yaml @@ -1,5 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ../../base - - ./ingress.yaml \ No newline at end of file +helmCharts: + - name: chartmuseum + repo: https://chartmuseum.github.io/charts + version: 3.10.3 + releaseName: chartmuseum + valuesFile: values.yaml \ No newline at end of file diff --git a/apps/chartmuseum/env/k3s-cluster/values.yaml b/apps/chartmuseum/env/k3s-cluster/values.yaml new file mode 100644 index 0000000..2eebabc --- /dev/null +++ b/apps/chartmuseum/env/k3s-cluster/values.yaml @@ -0,0 +1,25 @@ +env: + open: + AUTH_ANONYMOUS_GET: true + CACHE: redis + CACHE_REDIS_ADDR: redis-master.redis.svc.cluster.local:6379 + CACHE_REDIS_DB: chartmuseum + existingSecret: chartmuseum-secrets + existingSecretMappings: + BASIC_AUTH_USER: auth-user + BASIC_AUTH_PASS: auth-password + CACHE_REDIS_PASSWORD: redis-password +deployment: +service: + type: LoadBalancer + externalPort: 8899 +persistent: + enabled: true + existingClaim: chartmuseum-pvc +ingress: + enabled: true + hosts: + - name: chartmuseum.cluster.edward.sydney + tls: true + tlsSecret: chartmuseum-tls + ingressClassName: nginx \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-secrets.yaml b/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-secrets.yaml new file mode 100644 index 0000000..2e9ef40 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/chartmuseum-secrets.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: chartmuseum-secrets + namespace: chartmuseum +spec: + encryptedData: + auth-password: AgB4Pi+VpFytFfMCAed5SqLwFPvpAPPH2lznhPWtTfBgwUZwe2c14OeBTYeJp+u1dyOmkR751MH5czKHAkHrFbkFOATpTZoJpoUeS9LhTQ60d3yeQHHJEJRPR6d0Z5qsRa3julOxhGbZhxQQcG40bAD1n3c8UYWzrv0ct2YsYHQu6uQCkc6TR94kqsZfHiH40DMRVKMyJumWnpvxwAy5JH02p4C3l7sF204IVapkWFnA6Nv7HNZRBgmKoSU9whl9dnwPvgkHiLgS6RZysXSQ3Q/xIj28cs4WvBltoD5XBW0/9RPUMdM+tsBv5r2Vj99dhEXDLV9dDLYcxqc3G9D3iey4/106nro7P+WCAXKdW5EJ2DIHDmlqFwoMRM8Te97WZnnyYmdsxxpPff/tF62FjPSIxes/o/M6iSWiU0uWNTJPe0InrEhtyHMY0focbK6FN/t9O05VuRumWC8i3S1GS1dIgWsR8B2+9e6Pmf8jRGArYuuKMh6wQ1KqcuadYCP56GQNA9KgVamSxs6FxDOBeWLPcGQ2eVp81dBlDAKfVPPGOBXQqlkgh22Vcg3kSdMsbDmC3Ow+FPoXcUDr3hUt8H79P5CweXrJjn4aRtMah1J/j2CxqUO+fUTKTwDlHPX7th2lTL8Xw6c1BECuz9aDOhnR/sO6Gp7eWLdVIzr+yjv8q4rDH60hQ61LjS2R3697Kpm2zAauX/PQOrapCapwWxTNyWWF4ayuEck= + auth-user: AgCXfcKXd6TLL62lg/3/xCFOXnPsl6kAt48tTpBAxW4YjylpSM2IPTyalP5T0+ZdxemHe1z5Sa5pTFzIWp5p/qcovXBTTzdPNvQ0k10DSq8bCOfNVfGnbFn9wx/y8sWKQeAhZ4iPQyaWeQBXVd9eVn7oVfiVkG88wBE+gO7m2lPwYyFqksJHbbO3MH5pNHmx+ko/PrjY3KtE5zUcmDdsKzN2A+H3rx0a1LulGnWhPAV5vrI6z3/JUPB3CunglncKO1ywC8Sq8XPpnhK8MJxqOej/5oS7J1HbBnpY5DCIb2Jo3Mxc8ThLslVZaxO7GwWNdn1mvO2RtmGsCYCgr/wdP9/r2hDLEIg6VeaufsKTi3dYhyFHXTHN9SD7sPid0rUbF2NRgsgS0LzwIIAA1NgQ+ze4ho7MPI4XtSViL/+dpeVL0WtMWdXxSGEzbRikCS90s6M7UzTAbKEEDWUaIjsPXtJaU14kWQZ1K0ZrEQnMU0dPraAn0GHUOiz7h0n6WX2+hcsopPGodoSeSxnkrAsQJQXlRtjZy6Ic2GXBEaMGZCRo78vjy1HK6Tug4drVEOw5BhIJ6BJVCCnUrVk9tZoWO5lZK6qcSNPMsIuieWwoRi0R1SPSjYcvlDPjfiCuw5cl0EUImZ0j8O9tmfl51riilkZgXYUHCHBYsws7awXU6x5xW3u+NC9yJxOBoDMtdDviOX6uYcxbLUiQSRFUow== + redis-password: AgBfpHaVOpvERYuiWG5IPvjijdrOBjKwJmQRTSblWVz+pDQRS5OKBpjAvUH350y+CEuqoMx7jfD5OJrUhx/W9nkAT+Kmbp2txhEr7vhJ+kNbRBwyA34vdCYPwilCqRQmhDk6SVj0sBHx/gLoAFYYuy+RoT1Qc0g+I4nbqiQcAs9GaAbmiJbiv0fsL3hXRcxz5DUWwHlqIwMcVhkPyAt71Z/PWHRG/SFYoRXoKajb4+/k+U3Xz13n29KVQmU71zh5kHoN1npBlKO/lEvXXVRv9AaOy00k9GpDpjxdrqLevov++NlvvLWH+s4tKiNtkUQltnSCvCmFan5Ym93TC3D4QCJMUGn/GtEHlG05fCoJ4iTm2l/urZKCk8JLMbegOXDBPvdbbUh13BUwBcQgk+huztdjIUEJLTZH3xoVxKLmp1hPXsHqyMuvC9xe1dTgTNbciJeOKCWRJ2gpBC0HR0pikOvkVWWOIjhUYV+M1LN/gXa30FkUtMvnJ9QVC3gS6g+4iVAkFDQVHfsTLH3OeICucBilTUFXcan8Lt11u6NxNnt8MkMDWIgK7dRJ9UAnR7YRrHOBO4wTRd3XzkQH1Wa+JySrx/EvYmK73iPVbBb3/3ifGL9dcU/KJxzqkMuGRgCrKnds0rP7IiD0g6hRwPGKkFvqw7IQPnTV5AZYkhVytfUaxPCqcooQl5oTeDP1yiAW4BHmDnkZ2mPXN2Yhe42FtsMY1/nvIg== + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: chartmuseum-secrets + namespace: chartmuseum + type: Opaque diff --git a/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pv.yaml b/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pv.yaml new file mode 100644 index 0000000..72c50e5 --- /dev/null +++ b/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pv.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: chartmuseum-pv + namespace: chartmuseum + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 256Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/chartmuseum/charts" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: chartmuseum-pvc + namespace: chartmuseum + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + - key: kubernetes.io/hostname + operator: In + values: + - k3s-cluster-node-y \ No newline at end of file diff --git a/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pvc.yaml b/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pvc.yaml new file mode 100644 index 0000000..e42b8a7 --- /dev/null +++ b/resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: chartmuseum-pvc + namespace: chartmuseum + labels: + name: chartmuseum-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Gi \ No newline at end of file From 8211dfb63ae5274612844a91cb16664391d5bd2e Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 6 Sep 2024 18:11:51 +1000 Subject: [PATCH 4/4] fix values --- apps/chartmuseum/env/k3s-cluster/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/chartmuseum/env/k3s-cluster/values.yaml b/apps/chartmuseum/env/k3s-cluster/values.yaml index 2eebabc..b3e4ee5 100644 --- a/apps/chartmuseum/env/k3s-cluster/values.yaml +++ b/apps/chartmuseum/env/k3s-cluster/values.yaml @@ -9,7 +9,6 @@ env: BASIC_AUTH_USER: auth-user BASIC_AUTH_PASS: auth-password CACHE_REDIS_PASSWORD: redis-password -deployment: service: type: LoadBalancer externalPort: 8899