K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'refs/heads/main' into app/plex

Browse Source
This commit is contained in:
Edward Cheng
2024-07-24 17:44:16 +10:00
parent 0486964fc2 12908c7c96
commit 6ff872cdb6
48 changed files with 1292 additions and 799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
apps/chattts/base/deployment.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: chattts
namespace: chattts
labels:
app.kubernetes.io/name: chattts
spec:
selector:
matchLabels:
app.kubernetes.io/name: chattts
template:
metadata:
labels:
app.kubernetes.io/name: chattts
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: chattts
image: lcs13324/chattts:v1.0
securityContext:
allowPrivilegeEscalation: false
ports:
- protocol: TCP
containerPort: 8888
name: http
nodeSelector:
kubernetes.io/arch: amd64

5
apps/chattts/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml

17
apps/chattts/base/service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: chattts
namespace: chattts
labels:
app.kubernetes.io/name: chattts
spec:
selector:
app.kubernetes.io/name: chattts
type: ClusterIP
internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 8888
targetPort: 8888
name: http

4
apps/chattts/env/k3s-cluster/kustomization.yaml vendored Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base

1
apps/gitea/env/k3s-cluster/deployment.yaml → apps/gitea/base/deployment.yaml
View File

@@ -16,6 +16,7 @@ spec:
labels:
app.kubernetes.io/name: gitea
spec:
priorityClassName: system-cluster-critical
serviceAccountName: gitea
securityContext:
runAsUser: 1000

0
apps/gitea/env/k3s-cluster/ingress.yaml → apps/gitea/base/ingress.yaml
View File

7
apps/gitea/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml
- ./service-account.yaml
- ./ingress.yaml

0
apps/gitea/env/k3s-cluster/service-account.yaml → apps/gitea/base/service-account.yaml
View File

0
apps/gitea/env/k3s-cluster/service.yaml → apps/gitea/base/service.yaml
View File

778
apps/gitea/base/values.yaml Normal file
View File

@@ -0,0 +1,778 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override gitea.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override gitea.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonAnnotations Common annotations to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
##
extraDeploy: []
## @section Gitea parameters
##
## Bitnami Gitea image version
## ref: https://hub.docker.com/r/bitnami/gitea/tags/
## @param image.registry [default: REGISTRY_NAME] Gitea image registry
## @param image.repository [default: REPOSITORY_NAME/gitea] Gitea Image name
## @skip image.tag Gitea Image tag
## @param image.digest Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Gitea image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/gitea
tag: 1.22.1-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: true
## @param adminUsername User of the application
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminUsername: bn_user
## @param adminPassword Application password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminPassword: ""
## @param adminEmail Admin email
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminEmail: user@example.com
## @param appName Gitea application name
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
appName: gitea
## @param runMode Gitea application host
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
runMode: prod
## @param exposeSSH Make the SSH server accesible
##
exposeSSH: true
## @param rootURL UI Root URL (for link generation)
##
rootURL: ""
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: Recreate
## @param priorityClassName Gitea pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraEnvVars Extra environment variables
## For example:
##
extraEnvVars: []
# - name: BEARER_AUTH
# value: true
## @param extraEnvVarsCM ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)
##
extraEnvVarsSecret: ""
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
##
extraVolumeMounts: []
## @param initContainers Add additional init containers to the pod (evaluated as a template)
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param pdb.create Enable/disable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @param sidecars Attach additional containers to the pod (evaluated as a template)
##
sidecars: []
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param existingSecret Name of a secret with the application password
##
existingSecret: ""
## @param existingSecretKey Key inside the existing secret containing the password
##
existingSecretKey: "admin-password"
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea/#smtp-configuration
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password
##
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
## @param smtpExistingSecret The name of an existing secret with SMTP credentials
## NOTE: Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 3000
ssh: 2222
## @param extraContainerPorts Optionally specify extra list of additional ports for Gitea container(s)
## e.g:
## extraContainerPorts:
## - name: myservice
## containerPort: 9090
##
extraContainerPorts: []
## Enable OpenID Configurations
## @param openid.enableSignIn Enable sign in with OpenID
## @param openid.enableSignUp Enable sign up with OpenID
openid:
enableSignIn: false
enableSignUp: false
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass PVC Storage Class for Gitea volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes PVC Access Mode for Gitea volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for Gitea volume
##
size: 8Gi
## @param persistence.dataSource Custom PVC data source
##
dataSource: {}
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: "gitea-pvc"
## @param persistence.hostPath If defined, the gitea-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.selector Selector to match an existing Persistent Volume for Gitea data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## Gitea container's resource requests and limits
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable Gitea pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Gitea pods' group ID
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for startup probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /
initialDelaySeconds: 600
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 600
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## Configure extra options for readiness probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template
##
lifecycleHooks: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Add additional labels to the pod (evaluated as a template)
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @section Traffic Exposure Parameters
##
## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.ports.http Service HTTP port
## @param service.ports.ssh Service SSH port
##
ports:
http: 10080
ssh: 10022
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the Gitea Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.nodePorts [object] Kubernetes node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
ssh: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.clusterIP Gitea service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Additional custom annotations for Gitea service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure the ingress resource that allows you to access the
## Gitea installation. Set up the URL
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: true
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: "nginx"
## @param ingress.hostname Default host for the ingress resource
##
hostname: "gitea.cluster.edward.sydney"
## @param ingress.path The Path to Gitea. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: gitea.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - gitea.local
## secretName: gitea.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: gitea.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Other Parameters
##
## Service account for Gitea to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for Gitea pod
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Database parameters
##
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
## @param postgresql.service.ports.postgresql PostgreSQL service port
##
postgresql:
enabled: false
auth:
username: bn_gitea
password: ""
database: bitnami_gitea
existingSecret: ""
architecture: standalone
service:
ports:
postgresql: 5432
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for JupyterHub
## @param externalDatabase.password Password for the non-root username for JupyterHub
## @param externalDatabase.database JupyterHub database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
##
externalDatabase:
host: ""
port: 5432
user: postgres
database: gitea
password: ""
existingSecret: ""
existingSecretPasswordKey: "db-password"
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}

11
apps/gitea/env/k3s-cluster/kustomization.yaml vendored
View File

@@ -1,7 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml
- ./service-account.yaml
- ./ingress.yaml
helmCharts:
- name: gitea
repo: oci://registry-1.docker.io/bitnamicharts
version: 2.3.14
releaseName: gitea
valuesFile: values.yaml

784
apps/gitea/env/k3s-cluster/values.yaml vendored
View File

@@ -1,778 +1,36 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
defaultStorageClass: ""
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
##
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override gitea.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override gitea.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonAnnotations Common annotations to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonAnnotations: {}
## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template
##
commonLabels: {}
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template).
##
extraDeploy: []
## @section Gitea parameters
##
## Bitnami Gitea image version
## ref: https://hub.docker.com/r/bitnami/gitea/tags/
## @param image.registry [default: REGISTRY_NAME] Gitea image registry
## @param image.repository [default: REPOSITORY_NAME/gitea] Gitea Image name
## @skip image.tag Gitea Image tag
## @param image.digest Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Gitea image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: docker.io
repository: bitnami/gitea
tag: 1.22.1-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
debug: true
## @param adminUsername User of the application
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminUsername: bn_user
## @param adminPassword Application password
## Defaults to a random 10-character alphanumeric string if not set
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminPassword: ""
## @param adminEmail Admin email
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
adminEmail: user@example.com
## @param appName Gitea application name
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
appName: gitea
## @param runMode Gitea application host
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration
##
runMode: prod
## @param exposeSSH Make the SSH server accesible
##
exposeSSH: true
## @param rootURL UI Root URL (for link generation)
##
rootURL: ""
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
##
updateStrategy:
type: Recreate
## @param priorityClassName Gitea pods' priorityClassName
##
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
## @param hostAliases [array] Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param extraEnvVars Extra environment variables
## For example:
##
extraEnvVars: []
# - name: BEARER_AUTH
# value: true
## @param extraEnvVarsCM ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data)
##
extraEnvVarsSecret: ""
## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts`
##
extraVolumes: []
## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`.
##
extraVolumeMounts: []
## @param initContainers Add additional init containers to the pod (evaluated as a template)
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param pdb.create Enable/disable a Pod Disruption Budget creation
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
##
pdb:
create: true
minAvailable: ""
maxUnavailable: ""
## @param sidecars Attach additional containers to the pod (evaluated as a template)
##
sidecars: []
## @param tolerations Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param existingSecret Name of a secret with the application password
##
existingSecret: ""
## @param existingSecretKey Key inside the existing secret containing the password
##
namespaceOverride: "gitea"
podAntiAffinityPreset: ""
adminUsername: "gitea_admin"
adminEmail: "edward@cheng.sydney"
appName: "gitea"
existingSecret: "gitea-secrets"
existingSecretKey: "admin-password"
## SMTP mail delivery configuration
## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea/#smtp-configuration
## @param smtpHost SMTP host
## @param smtpPort SMTP port
## @param smtpUser SMTP user
## @param smtpPassword SMTP password
##
smtpHost: ""
smtpPort: ""
smtpUser: ""
smtpPassword: ""
## @param smtpExistingSecret The name of an existing secret with SMTP credentials
## NOTE: Must contain key `smtp-password`
## NOTE: When it's set, the `smtpPassword` parameter is ignored
##
smtpExistingSecret: ""
## @param containerPorts [object] Container ports
##
containerPorts:
http: 3000
ssh: 2222
## @param extraContainerPorts Optionally specify extra list of additional ports for Gitea container(s)
## e.g:
## extraContainerPorts:
## - name: myservice
## containerPort: 9090
##
extraContainerPorts: []
## Enable OpenID Configurations
## @param openid.enableSignIn Enable sign in with OpenID
## @param openid.enableSignUp Enable sign up with OpenID
openid:
enableSignIn: false
enableSignUp: false
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
##
smtpHost: "smtp.gmail.com"
smtpPort: "587"
smtpUser: "me@edward.sydney"
smtpExistingSecret: "gitea-secrets"
persistence:
## @param persistence.enabled Enable persistence using PVC
##
enabled: true
## @param persistence.storageClass PVC Storage Class for Gitea volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.accessModes PVC Access Mode for Gitea volume
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for Gitea volume
##
size: 8Gi
## @param persistence.dataSource Custom PVC data source
##
dataSource: {}
## @param persistence.existingClaim A manually managed Persistent Volume Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
##
existingClaim: "gitea-pvc"
## @param persistence.hostPath If defined, the gitea-data volume will mount to the specified hostPath.
## Requires persistence.enabled: true
## Requires persistence.existingClaim: nil|false
## Default: nil.
##
hostPath: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.selector Selector to match an existing Persistent Volume for Gitea data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## Gitea container's resource requests and limits
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enable Gitea pods' Security Context
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
## @param podSecurityContext.fsGroup Gitea pods' group ID
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled containers' Security Context
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param containerSecurityContext.privileged Set container's Security Context privileged
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for startup probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.path Request path for startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
path: /
initialDelaySeconds: 600
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
## Configure extra options for liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 600
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## Configure extra options for readiness probe
## Gitea core exposes / to unauthenticated requests, making it a good
## default startup and readiness path. However, that may not always be the
## case. For example, if the image value is overridden to an image containing a
## module that alters that route, or an image that does not auto-install Gitea.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.path Request path for readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
path: /
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 30
failureThreshold: 5
successThreshold: 1
## @param customStartupProbe Override default startup probe
##
customStartupProbe: {}
## @param customLivenessProbe Override default liveness probe
##
customLivenessProbe: {}
## @param customReadinessProbe Override default readiness probe
##
customReadinessProbe: {}
## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template
##
lifecycleHooks: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Add additional labels to the pod (evaluated as a template)
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @section Traffic Exposure Parameters
##
## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer
##
service:
## @param service.type Kubernetes Service type
##
type: LoadBalancer
## @param service.ports.http Service HTTP port
## @param service.ports.ssh Service SSH port
##
ports:
http: 10080
ssh: 10022
## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`)
## e.g:
## loadBalancerSourceRanges:
## - 0.0.0.0/0
##
loadBalancerSourceRanges: []
## @param service.loadBalancerIP loadBalancerIP for the Gitea Service (optional, cloud specific)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.nodePorts [object] Kubernetes node port
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
## https: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
ssh: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.clusterIP Gitea service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Additional custom annotations for Gitea service
##
annotations: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policy configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure the ingress resource that allows you to access the
## Gitea installation. Set up the URL
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: true
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: "nginx"
## @param ingress.hostname Default host for the ingress resource
##
hostname: "gitea.cluster.edward.sydney"
## @param ingress.path The Path to Gitea. You may need to set this to '/*' in order to use this
## with ALB ingress controllers.
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: gitea.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - gitea.local
## secretName: gitea.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: gitea.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Other Parameters
##
## Service account for Gitea to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Enable creation of ServiceAccount for Gitea pod
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: false
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Database parameters
##
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
## @param postgresql.service.ports.postgresql PostgreSQL service port
##
create: false
postgresql:
enabled: false
auth:
username: bn_gitea
password: ""
database: bitnami_gitea
existingSecret: ""
architecture: standalone
service:
ports:
postgresql: 5432
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for JupyterHub
## @param externalDatabase.password Password for the non-root username for JupyterHub
## @param externalDatabase.database JupyterHub database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
##
externalDatabase:
host: ""
port: 5432
user: postgres
database: gitea
password: ""
existingSecret: ""
host: "postgresql-primary.argocd.svc.cluster.local"
user: "gitea_user"
existingSecret: "gitea-secrets"
existingSecretPasswordKey: "db-password"
## @section Volume Permissions parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name
## @skip volumePermissions.image.tag Init container volume-permissions image tag
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r25
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi

0
apps/kavita/base/development.yaml → apps/kavita/base/deployment.yaml
View File

2
apps/kavita/base/kustomization.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./development.yaml
- deployment.yaml
- ./service.yaml

8
apps/kubernetes-dashboard/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
- name: kubernetes-dashboard
repo: https://kubernetes.github.io/dashboard/
version: 7.5.0
releaseName: kubernetes-dashboard
valuesFile: values.yaml

8
apps/kubernetes-dashboard/base/values.yaml Normal file
View File

@@ -0,0 +1,8 @@
app:
ingress:
enabled: true
hosts:
- k3s-dashboard.cluster.edward.sydney
ingressClassName: nginx
tls:
enabled: false

12
apps/kubernetes-dashboard/env/k3s-cluster/cluster-role.yaml vendored Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: argocd

12
apps/kubernetes-dashboard/env/k3s-cluster/config.json vendored Normal file
View File

@@ -0,0 +1,12 @@
{
"appName": "kubernetes-dashboard",
"userGivenName": "kubernetes-dashboard",
"namespace": "argocd",
"destNamespace": "argocd",
"destServer": "https://kubernetes.default.svc",
"srcPath": "apps/kubernetes-dashboard/env/k3s-cluster",
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
"srcTargetRevision": "",
"labels": null,
"annotations": null
}

6
apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml vendored Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
- ./service-account.yaml
- ./cluster-role.yaml

5
apps/kubernetes-dashboard/env/k3s-cluster/service-account.yaml vendored Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: argocd

76
apps/nextcloud/base/deployment.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
namespace: nextcloud
labels:
app.kubernetes.io/name: nextcloud
spec:
selector:
matchLabels:
app.kubernetes.io/name: nextcloud
template:
metadata:
labels:
app.kubernetes.io/name: nextcloud
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: nextcloud
image: nextcloud/all-in-one:latest
securityContext:
allowPrivilegeEscalation: false
env:
- name: SKIP_DOMAIN_VALIDATION
value: "true"
- name: APACHE_PORT
value: "11000"
- name: APACHE_IP_BINDING
value: "0.0.0.0"
ports:
- protocol: TCP
containerPort: 80
name: 80-tcp
- protocol: TCP
containerPort: 8080
name: 8080-tcp
- protocol: TCP
containerPort: 8443
name: 8443-tcp
- protocol: TCP
containerPort: 3478
name: 3478-tcp
- protocol: UDP
containerPort: 3478
name: 3478-udp
volumeMounts:
- name: nextcloud_aio_mastercontainer
mountPath: /mnt/docker-aio-config
- name: nextcloud_aio_nextcloud
mountPath: /mnt/ncdata
- name: nextcloud_storagebox
mountPath: /mnt/storagebox
- name: docker-socket
mountPath: /var/run/docker.sock
readOnly: true
volumes:
- name: nextcloud_aio_mastercontainer
hostPath:
path: /mnt/nfs/AppData/nextcloud/config
type: Directory
- name: nextcloud_aio_nextcloud
hostPath:
path: /mnt/nfs/AppData/nextcloud/data
type: Directory
- name: nextcloud_storagebox
hostPath:
path: /mnt/nfs/AppData/nextcloud/storagebox
type: Directory
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
nodeSelector:
kubernetes.io/arch: amd64

21
apps/nextcloud/base/ingress.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud-ingress
namespace: nextcloud
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
rules:
- host: "nextcloud.cluster.edward.sydney"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: nextcloud
port:
number: 8080

6
apps/nextcloud/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml
- ./ingress.yaml

25
apps/nextcloud/base/service.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
name: nextcloud
namespace: nextcloud
labels:
app.kubernetes.io/name: nextcloud
spec:
selector:
app.kubernetes.io/name: nextcloud
type: ClusterIP
internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 80
targetPort: 80
name: 80-tcp
- protocol: TCP
port: 8080
targetPort: 8080
name: 8080-tcp
- protocol: TCP
port: 8443
targetPort: 8443
name: 8443-tcp

4
apps/nextcloud/env/k3s-cluster/kustomization.yaml vendored Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base

28
apps/rlpa-server/base/deployment.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: rlpa-server
namespace: rlpa
labels:
app.kubernetes.io/name: rlpa-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: rlpa-server
template:
metadata:
labels:
app.kubernetes.io/name: rlpa-server
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: rlpa-server
image: damonto/estkme-cloud:1.0.11
securityContext:
allowPrivilegeEscalation: false
ports:
- protocol: TCP
containerPort: 1888
name: api

5
apps/rlpa-server/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml

17
apps/rlpa-server/base/service.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: rlpa-server
namespace: rlpa
labels:
app.kubernetes.io/name: rlpa
spec:
selector:
app.kubernetes.io/name: rlpa
type: ClusterIP
internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 1888
targetPort: 1888
name: rlpa-tcp

10
apps/gitea/env/k3s-cluster/config.json → apps/rlpa-server/env/k3s-cluster/config.json vendored
View File

@@ -1,10 +1,10 @@
{
"appName": "gitea",
"userGivenName": "gitea",
"namespace": "gitea",
"destNamespace": "gitea",
"appName": "rlpa-server",
"userGivenName": "rlpa-server",
"namespace": "rlpa",
"destNamespace": "rlpa",
"destServer": "https://kubernetes.default.svc",
"srcPath": "apps/gitea/env/k3s-cluster",
"srcPath": "apps/rlpa-server/env/k3s-cluster",
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
"srcTargetRevision": "",
"labels": null,

4
apps/rlpa-server/env/k3s-cluster/kustomization.yaml vendored Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base

12
apps/sonarqube/env/k3s-cluster/config.json vendored
View File

@@ -1,12 +0,0 @@
{
"appName": "sonarqube",
"userGivenName": "sonarqube",
"namespace": "sonarqube",
"destNamespace": "sonarqube",
"destServer": "https://kubernetes.default.svc",
"srcPath": "apps/sonarqube/env/k3s-cluster",
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
"srcTargetRevision": "",
"labels": null,
"annotations": null
}

2
apps/sonarqube/env/k3s-cluster/values.yaml vendored
View File

@@ -1,3 +1,5 @@
priorityClassName: system-cluster-critical
namespaceOverride: "sonarqube"
clusterDomain: sonarqube.cluster.edward.sydney
sonarqubeUsername: sonarqube
existingSecret: "sonarqube-secrets"

55
infrastructures/couchdb/env/k3s-cluster/deployment.yaml vendored Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: couchdb
namespace: couchdb
labels:
app.kubernetes.io/name: couchdb
spec:
selector:
matchLabels:
app.kubernetes.io/name: couchdb
template:
metadata:
labels:
app.kubernetes.io/name: couchdb
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: couchdb
image: bitnami/couchdb:3.3.3
securityContext:
allowPrivilegeEscalation: false
env:
- name: COUCHDB_PORT_NUMBER
value: "7777"
- name: COUCHDB_PASSWORD
valueFrom:
secretKeyRef:
name: couchdb-secrets
key: password
- name: COUCHDB_SECRET
valueFrom:
secretKeyRef:
name: couchdb-secrets
key: secrets
ports:
- protocol: TCP
containerPort: 7777
name: couchdb-port
volumeMounts:
- name: couchdb-data
mountPath: /bitnami/couchdb
- name: couchdb-config
mountPath: /opt/bitnami/couchdb/etc/
volumes:
- name: couchdb-data
hostPath:
path: /mnt/nfs/AppData/couchdb
type: Directory
- name: couchdb-config
hostPath:
path: /mnt/nfs/AppData/couchdb/etc
type: Directory

21
infrastructures/couchdb/env/k3s-cluster/ingress.yaml vendored Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: couchdb-ingress
namespace: couchdb
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
rules:
- host: "couchdb.cluster.edward.sydney"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: couchdb
port:
number: 7777

6
infrastructures/couchdb/env/k3s-cluster/kustomization.yaml vendored Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./service.yaml
- ./deployment.yaml
- ./ingress.yaml

17
infrastructures/couchdb/env/k3s-cluster/service.yaml vendored Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: couchdb
namespace: couchdb
labels:
app.kubernetes.io/name: couchdb
spec:
selector:
app.kubernetes.io/name: couchdb
type: ClusterIP
internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 7777
targetPort: 7777
name: couchdb-port

2
infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml vendored
View File

@@ -6,7 +6,7 @@ metadata:
labels:
app: prometheus-node-exporter
spec:
replicas: 3
replicas: 4
selector:
matchLabels:
app: prometheus-node-exporter

23
resources/app-secrets/env/k3s-cluster/templates/couchdb.yaml vendored Normal file
View File

@@ -0,0 +1,23 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
creationTimestamp: null
name: couchdb-secrets
namespace: couchdb
spec:
encryptedData:
password: AgBJ7gxhdpF7pdKjzp/95NYxEqCHGQ/dOiZ2rrjxwXkfm1COqV6D47V8FahZ0g515B3JmQG/fJmylp5bfEN3TcEG5VwMLQPm3p8NvjLWIpDX3W1kf70YxA4Qqr+rlKadHI9wd2pqVOHY5bJDx9ELmSu2k1E9hVxhaEXkwY9BB0GLnYv3jbEbNrC0qq/gPg7QW9gJQd5zRzjo/B3M/ufHjtb/H45zwvMUU4zHx37HTkk5fuu1ucskd39RarDLYm9lWtxM5aEPLR3g/4mCGB+cLmb97lZlFJI4W6utKAq77spDnafyY9se0+ScxIzoS7uDo/+qdEODWrXGrHM10LyaN8AQfoQYlS2IzaJxrWyXtKKsm6LGzU5kUHYpM1qB3KA49HaR1aKLECgYEcgT0fDJhugzYetm6a9o+CW6KoWd7+APQDQJabBO1fmBsCY6xXVXba+Jm+g3Yrz4OLWKmGmC4Sdj33Eb2ZezxuJphqGTKGVcH5bZeDGkE+CErjJYTsh9pERfTG/pOsTkI9e1ao9HeleWgLFhIUdm23+kFuar9PA+R/1sFH1CqINpSb921jaQC7+AnjnRZM5XJ0qEGU0SrEsvBizjlzCPMQmGQGPL5tPu3Bz0aYhiaXM8kDlqwakV9OKggXS3ebwCfc1J1gJmFvk61AS8xArNfTyPK5qXfbG91JJ8QGiMe5cy9HbHg1iqZvWbs6e6qdsHcF966fGo/W6KgJpIz1GH7Jc=
secrets: AgA+WJ9+LiXPqT/QlvkVOTNzVXAWOKrpcPS3YGz8eUvox1P1l8yxRw+K2fYD8el5RYK6t191oVMaGBeVq1ort8dvMVkswUwGCu7WwQchW34bIgWjmbEof+9KWXDJhewVlZFOdtWn5BeRlRdCzOmNjEcNmbBTAc1fXkYv9CziW1dWEzkEpuWaVpI9A5okDpk5v8cbbBaNGcLrbuHQPzrI2E3yQUdTo2zdXk/By2ZrfUQh576OTn8GvEiWrZXCSCwplGQW4YYEp+k2yjTs+cSPY8p2MNTcR/csMAuPVs55XpvH9W0CMVsMvE+D24oVd7AczU9E416Ftl1nIGxxoLtvIDOjY54eD4wACWXJZ5K+ok7gAlq4ER7hhTvlJMcCvjN3am5/TZ9tYkcsO6jgkFjTRi3eVDP4pwGwCu1VN327MumjDXwKdupOM1weN8g+QVKsLYcvTQm4DKqweZ5ak/4452rooEzrVH0FNv7x4fjpwHJJpGvYfxo81tuHKOmwU4VjoOEiPck5zByG72oXUr8UHpeYKV911T5H+3vVTPHGoeujZfKCV25j1BXABHAd/6xYMtGPe5owmgwFAN00CeNTfv1AhGPUHQ4H0hSOyYRkBJFWCyMOBJSqGsaQYkfDF0BIUEl0myTPzLy6tEqFrPoc5vCrMkwDejgfmjgnHUNE23CXbIwKQyMW7N8tYNS7qTNWy12foPG/8iXdUaZGxHeL1rEhmCNecL+3qwE=
template:
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
sealedsecrets.bitnami.com/cluster-wide: "true"
sealedsecrets.bitnami.com/managed: "true"
creationTimestamp: null
name: couchdb-secrets
namespace: couchdb
type: Opaque

12
resources/app-secrets/env/k3s-cluster/templates/gitea.yaml vendored
View File

@@ -9,15 +9,9 @@ metadata:
namespace: gitea
spec:
encryptedData:
admin_email: AgA9oimJQpXAdvmQRSd84ygn/l5bSr+o8Cv10oY6qZA6Qp+FpK90o3433HWPrGGXJ+ewGJ4r1LGH7wyHlrsdem8EphjKdqz73WMSnv4Wtjao2P1txOjEmpusn3444j0fT3d8PY+8Q07x0Mj2AGqOIyzAHZfykT9AgX+xJygVv7jt1pjO4KYdtfD2QPt+jPShxpVXD+IP/euf+6rVNbudk/vJgGO4I/ITLlX2tL28vClHEzLst3Us4R81WFztcCbPc93wxvO6QFy5AlrA5CVP2lQJCj/E6uYbc1sO3WdrmkKVyecYd67nVstqp8CWf7qclBuDpj16IDDC+93jbGR6AydvQCgb3tAOGpW9IWghCoiHlWawcMqwbdweVYNF+Z7Rssprt4m60X0+sdMtq7vp43wIqJHWq8jZeLwlEKJDyT96uL5kfnmRpo0tTzbAbQVKBZ5hskJm+ga3Tld42nZytlXx3occ5qABRF5CotqTEtaT9JNPX3yPOVcVegUpmQeQa65Ssg7cJagC9ud1hwoYe/IxOub4xogh+gEDdIipiPGxHDdFZFXCwAVkEJdfBbH5zFXNpr7t8jt0TBkOLvsGzMsgZxqIXHVMrOW/a73urLXiflzEzmU6NET1jji7gwS6rj1Q/cKTNI5R9EsElafGsKy+jsF/BUMiNqInrMbOs+edyaM4S6enYMZU5pJ0HBBdF3AQRZKPSzXn1TFLQYsXkhm0UPC/
admin_password: AgBUy2a0J9nZxlngZu9Wl/NaRt+7GtpV1JJbFUNdYgNVInvUL6RO7dQz7zzKepmo4yuBIId7GA/NWvxd4qP9Mwm6/hIGuwNaRzK4vtJrDG0O1pUjJz3gDD5snFYtUEVf1XmBm7YklMy3fNWif7BNbBhHB/RjgD01fpFL5s1y36UxHoicaaLB/iWJXv+ZvKRpnmbsAuxtIwH2Cn0i/mJR0elk80I2ZfwXjfmv49u/R7L86g6aq/XpeFfJ+q0t0ZTzfA98HA6GtUqDw58lshTFbXOwYV5h6JDoKs3yLucu0Q+L6LteEj1PHYB7yDH3/25gMi0ckzJP/Hz8dde8BwO3UQDZtIZ7SvOznXMd3DIj6693URnp4LwPC3UZKqZMUFpGVuZAWQa6w8rmRSBqbsSIwYdEDoAz3Cmw/EJjGQpfs6/n8UZgZ6P78T5cCOEBTpbd1lRR7KcaJqU4mFCJHPSHrxMPi7zEXVrtXEYqIwWN1YrHvFxw8FN+H/Dyq3B6g45hj786uRjOFkbS6I/mgmo9IUhQQgKn9H5K5ze9WGLGl00LR8JPYAdvMnC14IzTVeceU44G/fbZStP9mkayZsBlA/OvGFTg14qC5o6agjB0vZmQkyFYKm7h36Bu/UcLUljNmN7IruLd4zbn+N77mGatjMufJP9tQkfv4YL5NWxUz1v5UY+WG0JIjLj+svawce9xJftk9LJ185VHlnHztFoutTI8e6l7PQ==
admin_username: AgC4ih1J5E8YEKBWLrgCbApElhIF75+B7504aIAVM3GfnUI7sdKIlxfjCAR+4vtja6CpTlwNN9GHyq+jNeBQN662R1mm2P4p3/V1tZ3dpwi1xAaPn0JoFVnILO/mkwHGvfKaXeiAscZoVm+s4TNQ5vXNRyPaCNW72tHxBfkTXQOXUyf9sWIX0Mq8eEa6uAkAs/MKwOrU4q2UWn5ASjpy1m/AMJyDB4O/XifxcuAV110ragDLnKJVPoKsw2xdYMSF7nWt2mlKYGzRJKuNYSBZOaUGM4/oqKtPMr2TUxv/ktqZaJ9x2O0kRV+GIJdYJo+XWtZVZtuYN9YZ1++m0A/QECp4ADlh8Vyq7qXPBNYa2k3m6K6yWJk14gl1t+Pamg4fveR0gB52Ow0xFJl6856NfB3/umtWk21TVN1Sx/aZrspJqzqNY9FM0XCZXd4M800LnqwkNdHzuSwNe6kD9Hb1P8v/SrCPfjdhZpFv4msCCXQ8AJ2hx7DV8v8SqYXqjsCrPDxVdcvyOZMEhNXwN53BajE/6dkvy0oFg3aWCd/mupqbPrVdij5+vaEpuyaD8EfnB2K9fOF4XgKYivBAZwvkF3eO81vkrEpqMSABbo2WC+isbWGBsnmzVAw1MNpUj4Vy4pIWJSY+S/fwqRUvF7TMuixW1X6+ZUyhwu3T966o3gm6a1p2D2/B/oil7jYfn8NP+386FjN9/xeMZ6ar5Q==
app_name: AgCshGi1SYnZS+R/EVHGyEPOdwYPKSGHd3Q/1MeG00bHp4JK/hMoOf2qnXdIFk08F/uGaJfRajjMXWi/D8aTiFxAMkpg2Ao4Ow5jg7tX42gvXk2qiav6LDf+Vx2jpcBBIrqAt8GBwNBYOJ8g7WMTYqSU8KyFRjGo4ZS6r840OVmyKNzHWLh6S9QICYjSjw/4XGdSdGu7zSFnHxEzM9SnD4K4R5Ndmlkog3gikTMaRApGLg964E+hUQ9VG1hzlhuOtfrgmau9mdELK1zv76JoVqRkLG9ikR05R7OJIzaF/2ozvZWQcIvyApb6axREuBBNbMjn6o3EW83zxO0zUZFbqon0pEUBoPmPC584kQU2DfJjNf8CzBPPMBQVYv4UCPiMdax1xnV5Wm06AuLW9zG3WH5Myf8Zv/qsvISfvtwym4LC+NDLVztc+x8FFERJYsMG/+ndpY+R5Ln1PIZ/8tE6BgSQ0Y3m1ep+gr9H1ZfFEhqcbIE0yWzPsmW+F5xsIhQwm0F025jUF1y7IA1T55N92nHkEcyuwfu2z4kKuEm+AT1hGOk3a2tpVbdEvLXDpl0irfaOyiiunH06jvhliKgfHxCwQGihSD7lfEJUapSh17rXcGEDFXvOGsql4448JuQHB8j5Hdn7xGImF7VtzP0V738rXyMzgtoiwb0QTNl+TopnoUHXElu255ZekHX5RT7LagM8p3kx3g==
db_host: AgA7m/x+3dVniLN1p2QhvuFNQKBZ1g+554+q02kbp498LEvg7xlabvcYdYkK+PHi+KoirykenJqyo3eZdwe1LkoSqAgp3LJNF/xWKU1ulpVhZRk68VgGcMdG70cKH9uk9irbOxSRkt/d07yeY1Ba/68PrYy56Lf03hnNyh+RyCMpISy3q7+EwZc6oiqcmV6rxr0AbP1iqV6G6kDVa0iQEerOnOZ0clXjZOERyhGFAv2jEqHuKQXdJ+Su9YIduqoQj+/7yrhmi+ifj33dGAQrZxZlIFcd5PdPJMhSo5WsjCP6bP6a10hi5m0bv6z56Z7dgqHeXzXPJnpnU1fjb4crrJRkSOJzR2mtVlLI8UGdNU7hkYFNvrV4lNDXhcyd8W8cTMCVIJzIW9g5mporMZdghlCwwZkti1CpAshLlKeF3iOUdX0nYWVGNLURg6Kkvta2GwbL3rVMxgZ5HTcWoulvMT12aRPRxGhsyLvXiAS9C+b6XQSSl1k2lvpoLDOhQJdoCHXByUxi3YBElAdfNZ+IQ1Mc855+ZOz1UO7lHiqadpCnVgT32TnZVwGZJKE/B8Sr7AfRtp4n//g6q1XlMdTwkyFtHP36dPKidnUd2ReYzysvMThvVy45dSMXBET6x8t4k4QbhjtSMHMunKLmVsur3tTb3T6t03T4NG3tb4+oWofxCCBCrFUIlddawLodZv7fP+AuuqKrumJWfYfF8xNIwVzTC98U+Kq2OsXyCw/7PLXhc4jbNeQes8TBmcaNJDxV+w==
db_name: AgApTQ4a2gBfYYAeXjkkO3CsJouadi8n4TZzyPW+KMtbgFXq0RP6T3jwPnf9SWFlZxkoDUtwiQWOXPN6jc/B+pd3CU/dpqCBD/Nf/BX91VoWvzyYXnBHkLzTiU7CXBn3J5omjLnm16YrAaxxk3b/L6RZSqX1DVunlXBIgIHYY2egyKWx2YblH2DXF65eI0eQ3wjy1nf4akdVEOZJnP2nPb36Rvs6ZYo5UjuxqkeVNum5+R7R4yTmdbADdyZPswxczSh3NT8/7dJA56Sg+BXDrdNlpahoApDfLWm/S58XDN4bQt7bE180nbeFYnNMcxdNTqkldAzfLff4CWfeTmK+F9sHCmtB1af9NZrR2/mLG3+v8tUP+EsLUbp8HeAxV3TXqaaAEOCI0lRT3/YDHnCuS/nNGndwfCUHyJhjA/dCpkY4mol4Y592bCf3RomdZOH5dSlwc/opRn+hJKzWsFZgUxG4miQ09Htti9op4gK5cX1NVmUegSLeLF9GtxzTd0/Qf2u3t8yTqIGNCjohtWnHY8pI4q9oZmc6hw/62y1nFhCnEPuxsqkYQr0Y6+CjQ0/D1eHQCLR2pe6tjvy4rgJBiIwG1Ns/ipNrC/7pegb+XwQ35lVDGvO9knlCzYwnt4piBYly3/I4NW3oswHLvC0488FXcJt0jtVTGZKQCGFwzZs84ZtnrHuAZqiKsoWCMirc2KnIdJePcQ==
db_password: AgBdld/wramisqL57iY8Uc3OtssE+T3bIWoRugg9NcKBEG5CgHtBjO1wlS/LVPKBi0wrliFfpwGuXZWl7GemhFi1AxVLZ3NuR5R4sRG/+jFwc4AktaugrUIxnAgRetLBYPQMxOnsVVU4hnPfTHjd8WK7mciLzaqvMaVWHLV2PFQhGFAyag0Ud97qZ1FnlqYFPyg1JK/Hiv6sQ+zS6CqrMwtlcJHRjvZntDXe5EMV7pObxFoxuCI68SGB9yDiYZIHbD/wBbZ7B1coQVVeqIGOkxDfKUk3xz1CfXoH9Jp9uHVayssa5kh1cEjuyyiaqE4laHH5bgDBWSU32ZhABZR4uVHOrOAf3p2EZvriCJVYGQ4TYKlzJlf8H3/F1B8lTlyXxBgcKjyZskCaYG9/V12WxoeQPfucH1nN4WJi8mwcD9GqnbHC6UE6Q6EW8QG9D/iIdv6kAzrVXixhSHrSOLUf4N6hDQ/E37IuWLwdSGfIseCGShX7Er/7aRTILMX5v4zrTZbs4ih+rWzy0vDIhe4jl8N8MTQqtvpryfCSdFxqIk00MMh9zBftFXKAVXKk/1AQclAQHc/b/fgZrM9kbAX1Jo2zKblD07tas+/9vlL4MQ70UDsmz37/6uAhA4diQi8tmiqIMxoeTnqs1f5HMDkVuy7hyLV/Xg4ZA2U9RmdqnpGcmrWc1BpUf8cL4AjItf6tSdWc+ch6UvDx/lBzDeJpJsezTjnsQA==
db_port: AgB7IN1Gs3WBKPvMujyS1e9AqxotjmQOv2QfOqX6dGEYEET4Ay067xcdbyns6oczUnuQyKpIr79oZzeezevPM+RTVYCwEyTxF84Qcs9h/psY61cYOEwNcIu+m5iP+qb2sFlopK6QZk03zPyd1XZ5TlRw6Nv2Nt3gPvoksgG7L0CM8xWvcpcG2/khh9UuckUGErcaK3nMxdKAKZLjVaVdRIC78u03NEc4cj9KH7r/Zz5PZXOVlZyUAxCtUMe0NHs7bFhRp5Boxa+Jz0cfJ4fDZlwHgMQLxi8nQbKmZf1B3HY4+zUYShBrxWWFBimqpctJDFpV4z5DHJVTeFSxgPXh0t5qsYikeeVqDnbGMx+4yyno3+IkD+Se73z7boS5sbYhPtifm1dS88DbAMDckMAiR5ktDLbItSwGoxGTegqmhbvUtxhpzl64Q6yrrQetJ/sT/j+Q6YWCqrnhQvgcR9rasFCUswGmnr0cF9jYVRkDHpK4Ehwf8HNriyY1RlDnopBGtx+t7hUb7yrNoSnJQEVSCKCMkxOzP9gMsfZptO66MWsX+Jbr9vQV88Wzqshe5oYTJk8UkqeOqZLPp5aKs/5uv/BJNGwJbDuMlXmX8ZU5c4jn0FyzGeamqxqttgIonXgo0eeR4FwV5NTLgX1h5IETMKHBsNbzmJuu9fF92pycYVeb3AngMMKveLqkN2y/s/bKBNGFtcyh
db_user: AgCwCgsYWuB3S4PaAA/WSoTrqABcJnFrmu8ud6FUk4tQjhBySGlODANZVI9XoHh16iNRMSLiVlUihiyr8d/Dh9TP7Q4nwKlLoRmObbH5hyqPEC+y+phccwC8OSQ8pA/Xy1mv+dQhH8Ssz3hR2UGdS8BBEeBgnLZYJR1B0zOrAijCnv6lsdDY6dIuLv3ijsRtIzHIT2Q1UcvJrd3cP16PT2xKw+3X7rPURkMRwbDKyKslhpJeVohVc7SoG04SUXZ7GUtR0S02WIrd3UXfjXcrV1fa5C5ssRN9CEMs0TWBo+0q/tp81mPFYPEbdWsKGBZ+1VxGL0PnbiMJBizGq3YOBU3KY2irXSipsWXeoZOOK8d4E8lnT0toVKFSafp8tkASxT7pEgVrJ5QPlcT5wO/eMehNQ4ZMc1DPAUHD740il1q2Zse9JMsa5sYu5SCsvaAC5ON0w6111AM9OS5t3jxN/lMhcZFqAtcLtDL9Ut68KBtvWEnPJdqnT8mRjR0bH0wLrjv1Irzdt7yHHIkZRjLRaxWXrnNfj/UaRkAsCRtD0aqtWe/grU7pj7ud9i5b849gJl9Ps6zsvwtW4ZBWDtn6TWUjn1dhKqOz78qG561YqTRSE784O66vZwHlAsq9Ow2K/mQCBdOA39vJgIg+xtyMvRG1Upissq2WOzECyY+9jsOBowVKcSKSCUBADHF7oNJqcTcez/zNIZ1viNbB
admin-password: AgBOc0Fe32b91T1Y2x1A+NtK+IP/P8J/3z0XHP/+3yP1Nrzl6PvQbyNXPZCCpjH1CSek+8JmkfXKtOXd1MQ6/AFfRo6MaNV4fmW3UZsrEyjx69pKuif1Ej32y2JM22sMvHzfgDDjeyqpZQ19DTh/rtLoGkV5QQkeQ7Pnd6zX0ksrUezrKBzIv4NcSkzLzU0NBkmPS4VSrO52x95xqdDmI9KtYDVaBaJ0MRkltsrHXHPqjVFlDchuXTBD+D6sL2VMB0fLvyNAAgYnQV8dlMxyoV3zn/zdlXofy4INtQ6ZbK/WEIV+2aujyYAs787197CXc6QJGGhXo4WWfSbSueAVHcGu9RZJFcMugslwnGKtqC3oCTkqHWqvXkMRCZsVVu4dxxoHvxe39B0/J31ZF650mrkxOMaxFpIszGievFmdFhgcsicrgUXCDbkxIH+Uphs+piZK0Ec3c20oINZKjlZbKXQW3Pb2Ln85FGnIEelE7svryzv5mrr9C4SBvU0j4O/4q5XMZa8iU7ncX1crK7fzYjlSzHl0xPmuT/hyoSf7ULRnZxjiYqPffoAyjMxlWmbI81VqgMEMFkchhMWgDYelfki0FDtbn2RXBLB/MHe9blXr42GaW8SIbnQeFt4ATD1JLeqJyaCmH3mpBuSoJb6ngdeswfZDneumQfufQ6wwLCwoARLXGpEJD9Bcl5GrNxqXB7qc0E1jVZIEEVXM4XL0i8GBqnoA6A==
db-password: AgAPxChdWn6aw0hn9qcstz2BBE+sr6wEYhHgQ8MjoFsS1bQXoEE0B9KS3Z1L8bo9Xo+gvlk6funXa2X+Cdl11AYy1mzGCJDLpZu6EIrI2dpQd0aMHCyUspB0PZ8fGvIcNsxcDFRUwWt0IZ4LyxUNXsekbets0RpreDI3rDtoutcJWaKPI4LZKAK9bLyC5WAcLaJf/bj3JxCMcIzWqg6XvY6L1qRjVQxvZ7Fubs9IsbyTFWryINfS019IVSFa/iwXSNwk6f9fv8e0clkbw/xzvVZTLP7uRDxacsZWasjUofxNTNlHeYnBvjTQTfDvIcUEriQ4RyZyk+3wzh6n7zwbJ/fKKzRq11xFAsEnmkxtEtlU2bmphd0xfhZvuXvbN04zv5pHlYjU7qWSdYSY338NsD9LeJS/Jt8pUv2icOwk3DUDmMcsGC74vdvaNCPfkBkmAp5lxf+WnMaIJcEQU4gJ52EdPR1tqbMqJ/t3FYQeSA1erPq7LHoczzN3t+GfctxLLQGqY1OikDJdza+aX55QIDbRX5g3EetTklxZuTMRMtSFCdByaRiwPyutQaBSBxQkPSv4rkOoHFc8trHmfj3/nQtcjNVH3kyrR7rmw2hiSd6QJ05KCu83FTjh7qvlCPY0taltE6mmCb+PgWmMg8bg+jhqdbmIwnugB6RvdrKJkB1RE4w3KRpPXt4yE229OeKU8JNrHG4vG0HbY6nzXVplDMVMc0/A8A==
smtp-password: AgDeVCiOlfLQReoytKqcV7sRQ59SGPo7pu/7wdsaLbpl8wA0PJ8W2ucgMsj6vi1Qemyz7z4+aq+E1SzIl59woC2eouusPNyjk52LfD3R2z2bChkHsfy8P49Cb31YPuL+qcByxUR1aJvbWegToEMUFaqDFsJno1wxLmDmWjLEYtIdspEhCWnWNdnpuSXD4VyXAAJjElNQj81SYGbXdcD6BrLf9iOBX1PdghwigsDqQ12vdGUUMRNKWm5Rw5mkkh0XveaCAFEfegE5XC007qyx/3wte9FhbDPdx94+Svrj2vdQv/WjLVJVPpjKbIkd1pBf5LmrFUK7yPdlXzkqmBnIN16ZLB2CSzVNN3EPAuG+ZAlD4Sm7kKtSb/uiZX5Le7niJQ+K0bwvsjtO3VLSV6HLbFO5Mw16klvZ4jWHcAA21/mfl4OjHKv9yagIfELm3LdlNPvwJfyA7v7L8aHEnPtUbl7iXajHCg2uTofBX14/XZk8EcK/IxouNOvqMTIxxcUiufIWUgBm6/q0BDnghyia4oJYFAOTA484RlM9Cfv1Alta/9S5buKwSGkhDM/NZZ8qYt4SqIVhYxBUaYZnz+DqmzEVDm8C8u+1PlJxr29LiPneqq2Edvze5MRJOgIdqHeP+mVdISs1L4eI0yJodv8eddGf7QDcE/V8m9I0g3n3nCFGXILBWkoZ0XK448YC39QfopJwAkzJUnTxmhfcn7rOM2Z8G4pL
template:
metadata:
annotations:

4
resources/app-volumes/env/k3s-cluster/templates/gitea-pv.yaml vendored
View File

@@ -24,7 +24,7 @@ spec:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
- key: kubernetes.io/arch
operator: In
values:
- rpi5-cluster-node-2
- arm64

1
resources/ingress-nginx-configmap/base/configmap.yaml
View File

@@ -6,6 +6,7 @@ metadata:
data:
"53": "adguard-home/adguard-home:53"
"853": "adguard-home/adguard-home:853"
"1888": "rlpa/rlpa-server:1888"
"5443": "adguard-home/adguard-home:5443"
"6060": "adguard-home/adguard-home:6060"
---

9
resources/namespaces/base/chattts.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
creationTimestamp: null
name: chattts
spec: {}
status: {}

9
resources/namespaces/base/couchdb.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
creationTimestamp: null
name: couchdb
spec: {}
status: {}

4
resources/namespaces/base/kustomization.yaml
View File

@@ -5,9 +5,11 @@ resources:
- ./app-secrets.yaml
- ./app-volumes.yaml
- ./cert-manager.yaml
- ./chattts.yaml
- ./code-server.yaml
- ./coder.yaml
- ./consul.yaml
- ./couchdb.yaml
- ./dokuwiki.yaml
- ./gitea.yaml
- ./homer.yaml
@@ -19,6 +21,7 @@ resources:
- ./minio.yaml
- ./mongodb.yaml
- ./new-relic.yaml
- ./nextcloud.yaml
- ./nexus.yaml
- ./plex.yaml
- ./postgresql.yaml
@@ -27,6 +30,7 @@ resources:
- ./qbittorrent.yaml
- ./redis.yaml
- ./renovate.yaml
- ./rlpa.yaml
- ./snippet-box.yaml
- ./sonarqube.yaml
- ./uptime-kuma.yaml

9
resources/namespaces/base/nextcloud.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
creationTimestamp: null
name: nextcloud
spec: {}
status: {}

9
resources/namespaces/base/rlpa.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
creationTimestamp: null
name: rlpa
spec: {}
status: {}

4
scripts/ingress-nginx/patch-ingress-nginx.sh
View File

@@ -1,4 +1,6 @@
#!/bin/bash
set -e
kubectl patch service ingress-nginx-controller -n argocd --patch-file ports.yaml
fileName=$1
kubectl patch service ingress-nginx-controller -n argocd --patch-file $fileName.yaml

6
scripts/ingress-nginx/rlpa.yaml Normal file
View File

@@ -0,0 +1,6 @@
spec:
ports:
- name: rlpa-tcp
port: 1888
targetPort: 1888
protocol: TCP