From cac738ea3de740ad7f2598d16db0c561ee11d416 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 00:16:13 +1000 Subject: [PATCH 01/39] fix sonarqube namespace --- apps/sonarqube/env/k3s-cluster/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/sonarqube/env/k3s-cluster/values.yaml b/apps/sonarqube/env/k3s-cluster/values.yaml index b6f5e0c..2d6d50a 100644 --- a/apps/sonarqube/env/k3s-cluster/values.yaml +++ b/apps/sonarqube/env/k3s-cluster/values.yaml @@ -1,3 +1,4 @@ +namespaceOverride: "sonarqube" clusterDomain: sonarqube.cluster.edward.sydney sonarqubeUsername: sonarqube existingSecret: "sonarqube-secrets" From 171ac944289a113e5b21992c749c7a6b146818c0 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 00:48:13 +1000 Subject: [PATCH 02/39] test priorityClassName: system-cluster-critical for gitea and sonarqube --- apps/gitea/env/k3s-cluster/deployment.yaml | 1 + apps/sonarqube/env/k3s-cluster/values.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/apps/gitea/env/k3s-cluster/deployment.yaml b/apps/gitea/env/k3s-cluster/deployment.yaml index bc8f805..2245b15 100644 --- a/apps/gitea/env/k3s-cluster/deployment.yaml +++ b/apps/gitea/env/k3s-cluster/deployment.yaml @@ -16,6 +16,7 @@ spec: labels: app.kubernetes.io/name: gitea spec: + priorityClassName: system-cluster-critical serviceAccountName: gitea securityContext: runAsUser: 1000 diff --git a/apps/sonarqube/env/k3s-cluster/values.yaml b/apps/sonarqube/env/k3s-cluster/values.yaml index b6f5e0c..4b51595 100644 --- a/apps/sonarqube/env/k3s-cluster/values.yaml +++ b/apps/sonarqube/env/k3s-cluster/values.yaml @@ -1,3 +1,4 @@ +priorityClassName: system-cluster-critical clusterDomain: sonarqube.cluster.edward.sydney sonarqubeUsername: sonarqube existingSecret: "sonarqube-secrets" From 37aa6e468cc517bfd34c1a8777c4e9424e1b0ecf Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 01:15:01 +1000 Subject: [PATCH 03/39] add infra app couchdb --- .../couchdb/env/k3s-cluster/config.json | 12 ++++ .../couchdb/env/k3s-cluster/deployment.yaml | 55 +++++++++++++++++++ .../env/k3s-cluster/kustomization.yaml | 5 ++ .../couchdb/env/k3s-cluster/service.yaml | 17 ++++++ .../env/k3s-cluster/templates/couchdb.yaml | 23 ++++++++ resources/namespaces/base/couchdb.yaml | 9 +++ 6 files changed, 121 insertions(+) create mode 100644 infrastructures/couchdb/env/k3s-cluster/config.json create mode 100644 infrastructures/couchdb/env/k3s-cluster/deployment.yaml create mode 100644 infrastructures/couchdb/env/k3s-cluster/kustomization.yaml create mode 100644 infrastructures/couchdb/env/k3s-cluster/service.yaml create mode 100644 resources/app-secrets/env/k3s-cluster/templates/couchdb.yaml create mode 100644 resources/namespaces/base/couchdb.yaml diff --git a/infrastructures/couchdb/env/k3s-cluster/config.json b/infrastructures/couchdb/env/k3s-cluster/config.json new file mode 100644 index 0000000..460b4c5 --- /dev/null +++ b/infrastructures/couchdb/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "couchdb", + "userGivenName": "couchdb", + "namespace": "couchdb", + "destNamespace": "couchdb", + "destServer": "https://kubernetes.default.svc", + "srcPath": "infrastructures/couchdb/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/infrastructures/couchdb/env/k3s-cluster/deployment.yaml b/infrastructures/couchdb/env/k3s-cluster/deployment.yaml new file mode 100644 index 0000000..af42696 --- /dev/null +++ b/infrastructures/couchdb/env/k3s-cluster/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: couchdb + namespace: couchdb + labels: + app.kubernetes.io/name: couchdb +spec: + selector: + matchLabels: + app.kubernetes.io/name: couchdb + template: + metadata: + labels: + app.kubernetes.io/name: couchdb + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: couchdb + image: bitnami/couchdb:3.3.3 + securityContext: + allowPrivilegeEscalation: false + env: + - name: COUCHDB_PORT_NUMBER + value: "7777" + - name: COUCHDB_PASSWORD + valueFrom: + secretKeyRef: + name: couchdb-secrets + key: password + - name: COUCHDB_SECRET + valueFrom: + secretKeyRef: + name: couchdb-secrets + key: secrets + ports: + - protocol: TCP + containerPort: 7777 + name: couchdb_port + volumeMounts: + - name: couchdb-data + mountPath: /bitnami/couchdb + - name: couchdb-config + mountPath: /opt/bitnami/couchdb/etc/ + volumes: + - name: couchdb-data + hostPath: + path: /mnt/nfs/AppData/couchdb + type: Directory + - name: couchdb-config + hostPath: + path: /mnt/nfs/AppData/couchdb/etc + type: Directory diff --git a/infrastructures/couchdb/env/k3s-cluster/kustomization.yaml b/infrastructures/couchdb/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..d1c9249 --- /dev/null +++ b/infrastructures/couchdb/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./service.yaml + - ./deployment.yaml \ No newline at end of file diff --git a/infrastructures/couchdb/env/k3s-cluster/service.yaml b/infrastructures/couchdb/env/k3s-cluster/service.yaml new file mode 100644 index 0000000..ef06f72 --- /dev/null +++ b/infrastructures/couchdb/env/k3s-cluster/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: couchdb + namespace: couchdb + labels: + app.kubernetes.io/name: couchdb +spec: + selector: + app.kubernetes.io/name: couchdb + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 7777 + targetPort: couchdb_port + name: couchdb_port diff --git a/resources/app-secrets/env/k3s-cluster/templates/couchdb.yaml b/resources/app-secrets/env/k3s-cluster/templates/couchdb.yaml new file mode 100644 index 0000000..eb9f5ef --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/couchdb.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: couchdb-secrets + namespace: couchdb +spec: + encryptedData: + password: AgBJ7gxhdpF7pdKjzp/95NYxEqCHGQ/dOiZ2rrjxwXkfm1COqV6D47V8FahZ0g515B3JmQG/fJmylp5bfEN3TcEG5VwMLQPm3p8NvjLWIpDX3W1kf70YxA4Qqr+rlKadHI9wd2pqVOHY5bJDx9ELmSu2k1E9hVxhaEXkwY9BB0GLnYv3jbEbNrC0qq/gPg7QW9gJQd5zRzjo/B3M/ufHjtb/H45zwvMUU4zHx37HTkk5fuu1ucskd39RarDLYm9lWtxM5aEPLR3g/4mCGB+cLmb97lZlFJI4W6utKAq77spDnafyY9se0+ScxIzoS7uDo/+qdEODWrXGrHM10LyaN8AQfoQYlS2IzaJxrWyXtKKsm6LGzU5kUHYpM1qB3KA49HaR1aKLECgYEcgT0fDJhugzYetm6a9o+CW6KoWd7+APQDQJabBO1fmBsCY6xXVXba+Jm+g3Yrz4OLWKmGmC4Sdj33Eb2ZezxuJphqGTKGVcH5bZeDGkE+CErjJYTsh9pERfTG/pOsTkI9e1ao9HeleWgLFhIUdm23+kFuar9PA+R/1sFH1CqINpSb921jaQC7+AnjnRZM5XJ0qEGU0SrEsvBizjlzCPMQmGQGPL5tPu3Bz0aYhiaXM8kDlqwakV9OKggXS3ebwCfc1J1gJmFvk61AS8xArNfTyPK5qXfbG91JJ8QGiMe5cy9HbHg1iqZvWbs6e6qdsHcF966fGo/W6KgJpIz1GH7Jc= + secrets: AgA+WJ9+LiXPqT/QlvkVOTNzVXAWOKrpcPS3YGz8eUvox1P1l8yxRw+K2fYD8el5RYK6t191oVMaGBeVq1ort8dvMVkswUwGCu7WwQchW34bIgWjmbEof+9KWXDJhewVlZFOdtWn5BeRlRdCzOmNjEcNmbBTAc1fXkYv9CziW1dWEzkEpuWaVpI9A5okDpk5v8cbbBaNGcLrbuHQPzrI2E3yQUdTo2zdXk/By2ZrfUQh576OTn8GvEiWrZXCSCwplGQW4YYEp+k2yjTs+cSPY8p2MNTcR/csMAuPVs55XpvH9W0CMVsMvE+D24oVd7AczU9E416Ftl1nIGxxoLtvIDOjY54eD4wACWXJZ5K+ok7gAlq4ER7hhTvlJMcCvjN3am5/TZ9tYkcsO6jgkFjTRi3eVDP4pwGwCu1VN327MumjDXwKdupOM1weN8g+QVKsLYcvTQm4DKqweZ5ak/4452rooEzrVH0FNv7x4fjpwHJJpGvYfxo81tuHKOmwU4VjoOEiPck5zByG72oXUr8UHpeYKV911T5H+3vVTPHGoeujZfKCV25j1BXABHAd/6xYMtGPe5owmgwFAN00CeNTfv1AhGPUHQ4H0hSOyYRkBJFWCyMOBJSqGsaQYkfDF0BIUEl0myTPzLy6tEqFrPoc5vCrMkwDejgfmjgnHUNE23CXbIwKQyMW7N8tYNS7qTNWy12foPG/8iXdUaZGxHeL1rEhmCNecL+3qwE= + template: + metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: couchdb-secrets + namespace: couchdb + type: Opaque diff --git a/resources/namespaces/base/couchdb.yaml b/resources/namespaces/base/couchdb.yaml new file mode 100644 index 0000000..30b41b7 --- /dev/null +++ b/resources/namespaces/base/couchdb.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + creationTimestamp: null + name: couchdb +spec: {} +status: {} From 91f91a6c3fdd621012a5ce8a3b44a6ed99c23443 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 01:26:38 +1000 Subject: [PATCH 04/39] add infra app couchdb --- resources/namespaces/base/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/resources/namespaces/base/kustomization.yaml b/resources/namespaces/base/kustomization.yaml index 0c66174..596770f 100644 --- a/resources/namespaces/base/kustomization.yaml +++ b/resources/namespaces/base/kustomization.yaml @@ -8,6 +8,7 @@ resources: - ./code-server.yaml - ./coder.yaml - ./consul.yaml + - ./couchdb.yaml - ./dokuwiki.yaml - ./gitea.yaml - ./homer.yaml From ab02330db8ea3e4469a17572a886cb9ae1457f4c Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 01:29:31 +1000 Subject: [PATCH 05/39] add infra app couchdb --- infrastructures/couchdb/env/k3s-cluster/service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructures/couchdb/env/k3s-cluster/service.yaml b/infrastructures/couchdb/env/k3s-cluster/service.yaml index ef06f72..b91df62 100644 --- a/infrastructures/couchdb/env/k3s-cluster/service.yaml +++ b/infrastructures/couchdb/env/k3s-cluster/service.yaml @@ -13,5 +13,5 @@ spec: ports: - protocol: TCP port: 7777 - targetPort: couchdb_port + targetPort: 7777 name: couchdb_port From 2686a50cc8a64e1d1bf8f48e004b199d4c725827 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 01:47:10 +1000 Subject: [PATCH 06/39] fix port name --- infrastructures/couchdb/env/k3s-cluster/deployment.yaml | 2 +- infrastructures/couchdb/env/k3s-cluster/service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/infrastructures/couchdb/env/k3s-cluster/deployment.yaml b/infrastructures/couchdb/env/k3s-cluster/deployment.yaml index af42696..8fc5e57 100644 --- a/infrastructures/couchdb/env/k3s-cluster/deployment.yaml +++ b/infrastructures/couchdb/env/k3s-cluster/deployment.yaml @@ -38,7 +38,7 @@ spec: ports: - protocol: TCP containerPort: 7777 - name: couchdb_port + name: couchdb-port volumeMounts: - name: couchdb-data mountPath: /bitnami/couchdb diff --git a/infrastructures/couchdb/env/k3s-cluster/service.yaml b/infrastructures/couchdb/env/k3s-cluster/service.yaml index b91df62..f89a315 100644 --- a/infrastructures/couchdb/env/k3s-cluster/service.yaml +++ b/infrastructures/couchdb/env/k3s-cluster/service.yaml @@ -14,4 +14,4 @@ spec: - protocol: TCP port: 7777 targetPort: 7777 - name: couchdb_port + name: couchdb-port From a609b06d3063ad46a3ad7be27004acd1957b7d1b Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 01:56:01 +1000 Subject: [PATCH 07/39] add ingress for couchdb --- .../couchdb/env/k3s-cluster/ingress.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 infrastructures/couchdb/env/k3s-cluster/ingress.yaml diff --git a/infrastructures/couchdb/env/k3s-cluster/ingress.yaml b/infrastructures/couchdb/env/k3s-cluster/ingress.yaml new file mode 100644 index 0000000..5ae07b8 --- /dev/null +++ b/infrastructures/couchdb/env/k3s-cluster/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: couchdb-ingress + namespace: couchdb + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "couchdb.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: couchdb + port: + number: 7777 \ No newline at end of file From 5448407d93687f2818e9499c2c019c3f7e1ac95b Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 01:56:37 +1000 Subject: [PATCH 08/39] add ingress for couchdb --- infrastructures/couchdb/env/k3s-cluster/kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infrastructures/couchdb/env/k3s-cluster/kustomization.yaml b/infrastructures/couchdb/env/k3s-cluster/kustomization.yaml index d1c9249..68b2245 100644 --- a/infrastructures/couchdb/env/k3s-cluster/kustomization.yaml +++ b/infrastructures/couchdb/env/k3s-cluster/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./service.yaml - - ./deployment.yaml \ No newline at end of file + - ./deployment.yaml + - ./ingress.yaml \ No newline at end of file From ae7b08ea6877a9ab2c1a2da23b698c4f7bb2853b Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 14:09:31 +1000 Subject: [PATCH 09/39] add app chattts --- apps/chattts/base/deployment.yaml | 30 +++++++++++++++++++ apps/chattts/base/kustomization.yaml | 5 ++++ apps/chattts/base/service.yaml | 17 +++++++++++ apps/chattts/env/k3s-cluster/config.json | 12 ++++++++ .../env/k3s-cluster/kustomization.yaml | 4 +++ .../{development.yaml => deployment.yaml} | 0 apps/kavita/base/kustomization.yaml | 2 +- resources/namespaces/base/chattts.yaml | 9 ++++++ resources/namespaces/base/kustomization.yaml | 1 + 9 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 apps/chattts/base/deployment.yaml create mode 100644 apps/chattts/base/kustomization.yaml create mode 100644 apps/chattts/base/service.yaml create mode 100644 apps/chattts/env/k3s-cluster/config.json create mode 100644 apps/chattts/env/k3s-cluster/kustomization.yaml rename apps/kavita/base/{development.yaml => deployment.yaml} (100%) create mode 100644 resources/namespaces/base/chattts.yaml diff --git a/apps/chattts/base/deployment.yaml b/apps/chattts/base/deployment.yaml new file mode 100644 index 0000000..d2143e6 --- /dev/null +++ b/apps/chattts/base/deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: chattts + namespace: chattts + labels: + app.kubernetes.io/name: chattts +spec: + selector: + matchLabels: + app.kubernetes.io/name: chattts + template: + metadata: + labels: + app.kubernetes.io/name: chattts + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: chattts + image: lcs13324/chattts:v1.0 + securityContext: + allowPrivilegeEscalation: false + ports: + - protocol: TCP + containerPort: 8888 + name: http + nodeSelector: + kubernetes.io/arch: amd64 diff --git a/apps/chattts/base/kustomization.yaml b/apps/chattts/base/kustomization.yaml new file mode 100644 index 0000000..87b09a3 --- /dev/null +++ b/apps/chattts/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deployment.yaml + - ./service.yaml \ No newline at end of file diff --git a/apps/chattts/base/service.yaml b/apps/chattts/base/service.yaml new file mode 100644 index 0000000..16c2e8f --- /dev/null +++ b/apps/chattts/base/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: chattts + namespace: chattts + labels: + app.kubernetes.io/name: chattts +spec: + selector: + app.kubernetes.io/name: chattts + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 8888 + targetPort: 8888 + name: http diff --git a/apps/chattts/env/k3s-cluster/config.json b/apps/chattts/env/k3s-cluster/config.json new file mode 100644 index 0000000..e4835d9 --- /dev/null +++ b/apps/chattts/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "chattts", + "userGivenName": "chattts", + "namespace": "chattts", + "destNamespace": "chattts", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/chattts/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/chattts/env/k3s-cluster/kustomization.yaml b/apps/chattts/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a227ac4 --- /dev/null +++ b/apps/chattts/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base \ No newline at end of file diff --git a/apps/kavita/base/development.yaml b/apps/kavita/base/deployment.yaml similarity index 100% rename from apps/kavita/base/development.yaml rename to apps/kavita/base/deployment.yaml diff --git a/apps/kavita/base/kustomization.yaml b/apps/kavita/base/kustomization.yaml index 94ac935..d28ef8d 100644 --- a/apps/kavita/base/kustomization.yaml +++ b/apps/kavita/base/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./development.yaml + - deployment.yaml - ./service.yaml \ No newline at end of file diff --git a/resources/namespaces/base/chattts.yaml b/resources/namespaces/base/chattts.yaml new file mode 100644 index 0000000..7ff2701 --- /dev/null +++ b/resources/namespaces/base/chattts.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + creationTimestamp: null + name: chattts +spec: {} +status: {} diff --git a/resources/namespaces/base/kustomization.yaml b/resources/namespaces/base/kustomization.yaml index 596770f..af8aa1c 100644 --- a/resources/namespaces/base/kustomization.yaml +++ b/resources/namespaces/base/kustomization.yaml @@ -5,6 +5,7 @@ resources: - ./app-secrets.yaml - ./app-volumes.yaml - ./cert-manager.yaml + - ./chattts.yaml - ./code-server.yaml - ./coder.yaml - ./consul.yaml From 4350d68a4a1b9d43a7aa42e58c53ede74392a44b Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 14:10:56 +1000 Subject: [PATCH 10/39] disable gitea, sonarqube and couchdb --- apps/gitea/env/k3s-cluster/config.json | 12 ------------ apps/sonarqube/env/k3s-cluster/config.json | 12 ------------ infrastructures/couchdb/env/k3s-cluster/config.json | 12 ------------ 3 files changed, 36 deletions(-) delete mode 100644 apps/gitea/env/k3s-cluster/config.json delete mode 100644 apps/sonarqube/env/k3s-cluster/config.json delete mode 100644 infrastructures/couchdb/env/k3s-cluster/config.json diff --git a/apps/gitea/env/k3s-cluster/config.json b/apps/gitea/env/k3s-cluster/config.json deleted file mode 100644 index 05e65c8..0000000 --- a/apps/gitea/env/k3s-cluster/config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "appName": "gitea", - "userGivenName": "gitea", - "namespace": "gitea", - "destNamespace": "gitea", - "destServer": "https://kubernetes.default.svc", - "srcPath": "apps/gitea/env/k3s-cluster", - "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", - "srcTargetRevision": "", - "labels": null, - "annotations": null -} \ No newline at end of file diff --git a/apps/sonarqube/env/k3s-cluster/config.json b/apps/sonarqube/env/k3s-cluster/config.json deleted file mode 100644 index 6e7454a..0000000 --- a/apps/sonarqube/env/k3s-cluster/config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "appName": "sonarqube", - "userGivenName": "sonarqube", - "namespace": "sonarqube", - "destNamespace": "sonarqube", - "destServer": "https://kubernetes.default.svc", - "srcPath": "apps/sonarqube/env/k3s-cluster", - "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", - "srcTargetRevision": "", - "labels": null, - "annotations": null -} \ No newline at end of file diff --git a/infrastructures/couchdb/env/k3s-cluster/config.json b/infrastructures/couchdb/env/k3s-cluster/config.json deleted file mode 100644 index 460b4c5..0000000 --- a/infrastructures/couchdb/env/k3s-cluster/config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "appName": "couchdb", - "userGivenName": "couchdb", - "namespace": "couchdb", - "destNamespace": "couchdb", - "destServer": "https://kubernetes.default.svc", - "srcPath": "infrastructures/couchdb/env/k3s-cluster", - "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", - "srcTargetRevision": "", - "labels": null, - "annotations": null -} \ No newline at end of file From b35abbd2e9baabfe68e2901d3dc55e5b8d24ae9e Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 14:40:02 +1000 Subject: [PATCH 11/39] add app rlpa-server --- apps/rlpa-server/base/deployment.yaml | 28 +++++++++++++++++++ apps/rlpa-server/base/kustomization.yaml | 5 ++++ apps/rlpa-server/base/service.yaml | 17 +++++++++++ apps/rlpa-server/env/k3s-cluster/config.json | 12 ++++++++ .../env/k3s-cluster/kustomization.yaml | 4 +++ resources/namespaces/base/kustomization.yaml | 1 + resources/namespaces/base/rlpa.yaml | 9 ++++++ 7 files changed, 76 insertions(+) create mode 100644 apps/rlpa-server/base/deployment.yaml create mode 100644 apps/rlpa-server/base/kustomization.yaml create mode 100644 apps/rlpa-server/base/service.yaml create mode 100644 apps/rlpa-server/env/k3s-cluster/config.json create mode 100644 apps/rlpa-server/env/k3s-cluster/kustomization.yaml create mode 100644 resources/namespaces/base/rlpa.yaml diff --git a/apps/rlpa-server/base/deployment.yaml b/apps/rlpa-server/base/deployment.yaml new file mode 100644 index 0000000..09e00be --- /dev/null +++ b/apps/rlpa-server/base/deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rlpa-server + namespace: rlpa + labels: + app.kubernetes.io/name: rlpa-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: rlpa-server + template: + metadata: + labels: + app.kubernetes.io/name: rlpa-server + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: rlpa-server + image: damonto/estkme-cloud:1.0.11 + securityContext: + allowPrivilegeEscalation: false + ports: + - protocol: TCP + containerPort: 1888 + name: api diff --git a/apps/rlpa-server/base/kustomization.yaml b/apps/rlpa-server/base/kustomization.yaml new file mode 100644 index 0000000..87b09a3 --- /dev/null +++ b/apps/rlpa-server/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deployment.yaml + - ./service.yaml \ No newline at end of file diff --git a/apps/rlpa-server/base/service.yaml b/apps/rlpa-server/base/service.yaml new file mode 100644 index 0000000..84d2798 --- /dev/null +++ b/apps/rlpa-server/base/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: rlpa-server + namespace: rlpa + labels: + app.kubernetes.io/name: rlpa +spec: + selector: + app.kubernetes.io/name: rlpa + type: LoadBalancer + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 1888 + targetPort: 1888 + name: api diff --git a/apps/rlpa-server/env/k3s-cluster/config.json b/apps/rlpa-server/env/k3s-cluster/config.json new file mode 100644 index 0000000..f9cc359 --- /dev/null +++ b/apps/rlpa-server/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "rlpa-server", + "userGivenName": "rlpa-server", + "namespace": "rlpa", + "destNamespace": "rlpa", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/rlpa-server/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/rlpa-server/env/k3s-cluster/kustomization.yaml b/apps/rlpa-server/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a227ac4 --- /dev/null +++ b/apps/rlpa-server/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base \ No newline at end of file diff --git a/resources/namespaces/base/kustomization.yaml b/resources/namespaces/base/kustomization.yaml index af8aa1c..4e15856 100644 --- a/resources/namespaces/base/kustomization.yaml +++ b/resources/namespaces/base/kustomization.yaml @@ -28,6 +28,7 @@ resources: - ./qbittorrent.yaml - ./redis.yaml - ./renovate.yaml + - ./rlpa.yaml - ./snippet-box.yaml - ./sonarqube.yaml - ./uptime-kuma.yaml diff --git a/resources/namespaces/base/rlpa.yaml b/resources/namespaces/base/rlpa.yaml new file mode 100644 index 0000000..68f8632 --- /dev/null +++ b/resources/namespaces/base/rlpa.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + creationTimestamp: null + name: rlpa +spec: {} +status: {} From efa8258ca609a00834f86ceb7ef0bf0d8a880d5e Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 18:26:58 +1000 Subject: [PATCH 12/39] update image for rlpa server --- apps/rlpa-server/base/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/rlpa-server/base/deployment.yaml b/apps/rlpa-server/base/deployment.yaml index 09e00be..2cbc567 100644 --- a/apps/rlpa-server/base/deployment.yaml +++ b/apps/rlpa-server/base/deployment.yaml @@ -19,7 +19,7 @@ spec: runAsGroup: 1000 containers: - name: rlpa-server - image: damonto/estkme-cloud:1.0.11 + image: estkme/rlpa-server:1.0.0 securityContext: allowPrivilegeEscalation: false ports: From 5ef02bbb6bd77aa1f0cefb400149bfd59f1499f6 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 20:55:40 +1000 Subject: [PATCH 13/39] update image for rlpa server --- apps/rlpa-server/base/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/rlpa-server/base/deployment.yaml b/apps/rlpa-server/base/deployment.yaml index 2cbc567..09e00be 100644 --- a/apps/rlpa-server/base/deployment.yaml +++ b/apps/rlpa-server/base/deployment.yaml @@ -19,7 +19,7 @@ spec: runAsGroup: 1000 containers: - name: rlpa-server - image: estkme/rlpa-server:1.0.0 + image: damonto/estkme-cloud:1.0.11 securityContext: allowPrivilegeEscalation: false ports: From 39581fb9707b4eb849198b78841ef4b75f5b050d Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Mon, 22 Jul 2024 21:29:22 +1000 Subject: [PATCH 14/39] change ways to expose port for rlpa --- apps/rlpa-server/base/service.yaml | 4 ++-- resources/ingress-nginx-configmap/base/configmap.yaml | 1 + scripts/ingress-nginx/patch-ingress-nginx.sh | 4 +++- scripts/ingress-nginx/rlpa.yaml | 6 ++++++ 4 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 scripts/ingress-nginx/rlpa.yaml diff --git a/apps/rlpa-server/base/service.yaml b/apps/rlpa-server/base/service.yaml index 84d2798..24c8819 100644 --- a/apps/rlpa-server/base/service.yaml +++ b/apps/rlpa-server/base/service.yaml @@ -8,10 +8,10 @@ metadata: spec: selector: app.kubernetes.io/name: rlpa - type: LoadBalancer + type: ClusterIP internalTrafficPolicy: Cluster ports: - protocol: TCP port: 1888 targetPort: 1888 - name: api + name: rlpa-tcp diff --git a/resources/ingress-nginx-configmap/base/configmap.yaml b/resources/ingress-nginx-configmap/base/configmap.yaml index 2094a13..ee8cdf0 100644 --- a/resources/ingress-nginx-configmap/base/configmap.yaml +++ b/resources/ingress-nginx-configmap/base/configmap.yaml @@ -6,6 +6,7 @@ metadata: data: "53": "adguard-home/adguard-home:53" "853": "adguard-home/adguard-home:853" + "1888": "rlpa/rlpa-server:1888" "5443": "adguard-home/adguard-home:5443" "6060": "adguard-home/adguard-home:6060" --- diff --git a/scripts/ingress-nginx/patch-ingress-nginx.sh b/scripts/ingress-nginx/patch-ingress-nginx.sh index 44782c2..adfcfdc 100644 --- a/scripts/ingress-nginx/patch-ingress-nginx.sh +++ b/scripts/ingress-nginx/patch-ingress-nginx.sh @@ -1,4 +1,6 @@ #!/bin/bash set -e -kubectl patch service ingress-nginx-controller -n argocd --patch-file ports.yaml \ No newline at end of file +fileName=$1 + +kubectl patch service ingress-nginx-controller -n argocd --patch-file $fileName.yaml \ No newline at end of file diff --git a/scripts/ingress-nginx/rlpa.yaml b/scripts/ingress-nginx/rlpa.yaml new file mode 100644 index 0000000..1f551a6 --- /dev/null +++ b/scripts/ingress-nginx/rlpa.yaml @@ -0,0 +1,6 @@ +spec: + ports: + - name: rlpa-tcp + port: 1888 + targetPort: 1888 + protocol: TCP \ No newline at end of file From 28861f1fc2fa74ec7793d6122c8e77699113c6a8 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 01:08:28 +1000 Subject: [PATCH 15/39] refactor gitea --- .../{env/k3s-cluster => base}/deployment.yaml | 0 .../{env/k3s-cluster => base}/ingress.yaml | 0 apps/gitea/base/kustomization.yaml | 7 + .../k3s-cluster => base}/service-account.yaml | 0 .../{env/k3s-cluster => base}/service.yaml | 0 apps/gitea/base/values.yaml | 778 ++++++++++++++++++ apps/gitea/env/k3s-cluster/config.json | 12 + apps/gitea/env/k3s-cluster/kustomization.yaml | 11 +- apps/gitea/env/k3s-cluster/values.yaml | 778 +----------------- .../env/k3s-cluster/templates/gitea.yaml | 12 +- .../env/k3s-cluster/templates/gitea-pv.yaml | 4 +- 11 files changed, 822 insertions(+), 780 deletions(-) rename apps/gitea/{env/k3s-cluster => base}/deployment.yaml (100%) rename apps/gitea/{env/k3s-cluster => base}/ingress.yaml (100%) create mode 100644 apps/gitea/base/kustomization.yaml rename apps/gitea/{env/k3s-cluster => base}/service-account.yaml (100%) rename apps/gitea/{env/k3s-cluster => base}/service.yaml (100%) create mode 100644 apps/gitea/base/values.yaml create mode 100644 apps/gitea/env/k3s-cluster/config.json diff --git a/apps/gitea/env/k3s-cluster/deployment.yaml b/apps/gitea/base/deployment.yaml similarity index 100% rename from apps/gitea/env/k3s-cluster/deployment.yaml rename to apps/gitea/base/deployment.yaml diff --git a/apps/gitea/env/k3s-cluster/ingress.yaml b/apps/gitea/base/ingress.yaml similarity index 100% rename from apps/gitea/env/k3s-cluster/ingress.yaml rename to apps/gitea/base/ingress.yaml diff --git a/apps/gitea/base/kustomization.yaml b/apps/gitea/base/kustomization.yaml new file mode 100644 index 0000000..d6e4736 --- /dev/null +++ b/apps/gitea/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deployment.yaml + - ./service.yaml + - ./service-account.yaml + - ./ingress.yaml \ No newline at end of file diff --git a/apps/gitea/env/k3s-cluster/service-account.yaml b/apps/gitea/base/service-account.yaml similarity index 100% rename from apps/gitea/env/k3s-cluster/service-account.yaml rename to apps/gitea/base/service-account.yaml diff --git a/apps/gitea/env/k3s-cluster/service.yaml b/apps/gitea/base/service.yaml similarity index 100% rename from apps/gitea/env/k3s-cluster/service.yaml rename to apps/gitea/base/service.yaml diff --git a/apps/gitea/base/values.yaml b/apps/gitea/base/values.yaml new file mode 100644 index 0000000..5fe6525 --- /dev/null +++ b/apps/gitea/base/values.yaml @@ -0,0 +1,778 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters +## + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override gitea.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override gitea.fullname template +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonAnnotations Common annotations to add to all Gitea resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} +## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). +## +extraDeploy: [] +## @section Gitea parameters +## + +## Bitnami Gitea image version +## ref: https://hub.docker.com/r/bitnami/gitea/tags/ +## @param image.registry [default: REGISTRY_NAME] Gitea image registry +## @param image.repository [default: REPOSITORY_NAME/gitea] Gitea Image name +## @skip image.tag Gitea Image tag +## @param image.digest Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Gitea image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## @param image.debug Specify if debug logs should be enabled +## +image: + registry: docker.io + repository: bitnami/gitea + tag: 1.22.1-debian-12-r4 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: true +## @param adminUsername User of the application +## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration +## +adminUsername: bn_user +## @param adminPassword Application password +## Defaults to a random 10-character alphanumeric string if not set +## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration +## +adminPassword: "" +## @param adminEmail Admin email +## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration +## +adminEmail: user@example.com +## @param appName Gitea application name +## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration +## +appName: gitea +## @param runMode Gitea application host +## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration +## +runMode: prod +## @param exposeSSH Make the SSH server accesible +## +exposeSSH: true +## @param rootURL UI Root URL (for link generation) +## +rootURL: "" +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: Recreate +## @param priorityClassName Gitea pods' priorityClassName +## +priorityClassName: "" +## @param schedulerName Name of the k8s scheduler (other than default) +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## @param automountServiceAccountToken Mount Service Account token in pod +## +automountServiceAccountToken: false +## @param hostAliases [array] Add deployment host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param extraEnvVars Extra environment variables +## For example: +## +extraEnvVars: [] +# - name: BEARER_AUTH +# value: true +## @param extraEnvVarsCM ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) +## +extraEnvVarsSecret: "" +## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` +## +extraVolumes: [] +## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. +## +extraVolumeMounts: [] +## @param initContainers Add additional init containers to the pod (evaluated as a template) +## +initContainers: [] +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb +## @param pdb.create Enable/disable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. +## +pdb: + create: true + minAvailable: "" + maxUnavailable: "" +## @param sidecars Attach additional containers to the pod (evaluated as a template) +## +sidecars: [] +## @param tolerations Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param existingSecret Name of a secret with the application password +## +existingSecret: "" +## @param existingSecretKey Key inside the existing secret containing the password +## +existingSecretKey: "admin-password" +## SMTP mail delivery configuration +## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea/#smtp-configuration +## @param smtpHost SMTP host +## @param smtpPort SMTP port +## @param smtpUser SMTP user +## @param smtpPassword SMTP password +## +smtpHost: "" +smtpPort: "" +smtpUser: "" +smtpPassword: "" +## @param smtpExistingSecret The name of an existing secret with SMTP credentials +## NOTE: Must contain key `smtp-password` +## NOTE: When it's set, the `smtpPassword` parameter is ignored +## +smtpExistingSecret: "" +## @param containerPorts [object] Container ports +## +containerPorts: + http: 3000 + ssh: 2222 +## @param extraContainerPorts Optionally specify extra list of additional ports for Gitea container(s) +## e.g: +## extraContainerPorts: +## - name: myservice +## containerPort: 9090 +## +extraContainerPorts: [] +## Enable OpenID Configurations +## @param openid.enableSignIn Enable sign in with OpenID +## @param openid.enableSignUp Enable sign up with OpenID +openid: + enableSignIn: false + enableSignUp: false +## Enable persistence using Persistent Volume Claims +## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using PVC + ## + enabled: true + ## @param persistence.storageClass PVC Storage Class for Gitea volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param persistence.accessModes PVC Access Mode for Gitea volume + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size PVC Storage Request for Gitea volume + ## + size: 8Gi + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param persistence.existingClaim A manually managed Persistent Volume Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + existingClaim: "gitea-pvc" + ## @param persistence.hostPath If defined, the gitea-data volume will mount to the specified hostPath. + ## Requires persistence.enabled: true + ## Requires persistence.existingClaim: nil|false + ## Default: nil. + ## + hostPath: "" + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + ## @param persistence.selector Selector to match an existing Persistent Volume for Gitea data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. +## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. +## +nodeAffinityPreset: + type: "" + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +## +nodeSelector: {} +## Gitea container's resource requests and limits +## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "micro" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enable Gitea pods' Security Context +## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy +## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface +## @param podSecurityContext.supplementalGroups Set filesystem extra groups +## @param podSecurityContext.fsGroup Gitea pods' group ID +## +podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled containers' Security Context +## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container +## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup +## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot +## @param containerSecurityContext.privileged Set container's Security Context privileged +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem +## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped +## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile +## +containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" +## Configure extra options for startup probe +## Gitea core exposes / to unauthenticated requests, making it a good +## default startup and readiness path. However, that may not always be the +## case. For example, if the image value is overridden to an image containing a +## module that alters that route, or an image that does not auto-install Gitea. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param startupProbe.enabled Enable startupProbe +## @param startupProbe.path Request path for startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + path: / + initialDelaySeconds: 600 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 +## Configure extra options for liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 30 + failureThreshold: 5 + successThreshold: 1 +## Configure extra options for readiness probe +## Gitea core exposes / to unauthenticated requests, making it a good +## default startup and readiness path. However, that may not always be the +## case. For example, if the image value is overridden to an image containing a +## module that alters that route, or an image that does not auto-install Gitea. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.path Request path for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + path: / + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 30 + failureThreshold: 5 + successThreshold: 1 +## @param customStartupProbe Override default startup probe +## +customStartupProbe: {} +## @param customLivenessProbe Override default liveness probe +## +customLivenessProbe: {} +## @param customReadinessProbe Override default readiness probe +## +customReadinessProbe: {} +## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template +## +lifecycleHooks: {} +## @param podAnnotations Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels Add additional labels to the pod (evaluated as a template) +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @section Traffic Exposure Parameters +## + +## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer +## +service: + ## @param service.type Kubernetes Service type + ## + type: LoadBalancer + ## @param service.ports.http Service HTTP port + ## @param service.ports.ssh Service SSH port + ## + ports: + http: 10080 + ssh: 10022 + ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) + ## e.g: + ## loadBalancerSourceRanges: + ## - 0.0.0.0/0 + ## + loadBalancerSourceRanges: [] + ## @param service.loadBalancerIP loadBalancerIP for the Gitea Service (optional, cloud specific) + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.nodePorts [object] Kubernetes node port + ## nodePorts: + ## http: + ## https: + ## + nodePorts: + http: "" + ssh: "" + ## @param service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.clusterIP Gitea service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.annotations Additional custom annotations for Gitea service + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## Network Policy configuration +## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +## +networkPolicy: + ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param networkPolicy.allowExternal Don't require server label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## server label will have network access to the ports server is listening + ## on. When true, server will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + +## Configure the ingress resource that allows you to access the +## Gitea installation. Set up the URL +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress controller resource + ## + enabled: true + ## @param ingress.pathType Ingress Path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Override API Version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "nginx" + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: "gitea.cluster.edward.sydney" + ## @param ingress.path The Path to Gitea. You may need to set this to '/*' in order to use this + ## with ALB ingress controllers. + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: gitea.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - gitea.local + ## secretName: gitea.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## Example: + ## - name: gitea.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] +## @section Other Parameters +## + +## Service account for Gitea to use. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for Gitea pod + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: false + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## @section Database parameters +## + +## PostgreSQL chart configuration +## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml +## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart +## @param postgresql.auth.username Name for a custom user to create +## @param postgresql.auth.password Password for the custom user to create +## @param postgresql.auth.database Name for a custom database to create +## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials +## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) +## @param postgresql.service.ports.postgresql PostgreSQL service port +## +postgresql: + enabled: false + auth: + username: bn_gitea + password: "" + database: bitnami_gitea + existingSecret: "" + architecture: standalone + service: + ports: + postgresql: 5432 +## External PostgreSQL configuration +## All of these values are only used when postgresql.enabled is set to false +## @param externalDatabase.host Database host +## @param externalDatabase.port Database port number +## @param externalDatabase.user Non-root username for JupyterHub +## @param externalDatabase.password Password for the non-root username for JupyterHub +## @param externalDatabase.database JupyterHub database name +## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials +## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials +## +externalDatabase: + host: "" + port: 5432 + user: postgres + database: gitea + password: "" + existingSecret: "" + existingSecretPasswordKey: "db-password" +## @section Volume Permissions parameters +## + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name + ## @skip volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r25 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} diff --git a/apps/gitea/env/k3s-cluster/config.json b/apps/gitea/env/k3s-cluster/config.json new file mode 100644 index 0000000..05e65c8 --- /dev/null +++ b/apps/gitea/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "gitea", + "userGivenName": "gitea", + "namespace": "gitea", + "destNamespace": "gitea", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/gitea/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/gitea/env/k3s-cluster/kustomization.yaml b/apps/gitea/env/k3s-cluster/kustomization.yaml index d6e4736..8ec8b56 100644 --- a/apps/gitea/env/k3s-cluster/kustomization.yaml +++ b/apps/gitea/env/k3s-cluster/kustomization.yaml @@ -1,7 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - ./deployment.yaml - - ./service.yaml - - ./service-account.yaml - - ./ingress.yaml \ No newline at end of file +helmCharts: + - name: gitea + repo: oci://registry-1.docker.io/bitnamicharts + version: 2.3.14 + releaseName: gitea + valuesFile: values.yaml \ No newline at end of file diff --git a/apps/gitea/env/k3s-cluster/values.yaml b/apps/gitea/env/k3s-cluster/values.yaml index 5fe6525..19bd4a5 100644 --- a/apps/gitea/env/k3s-cluster/values.yaml +++ b/apps/gitea/env/k3s-cluster/values.yaml @@ -1,778 +1,28 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) -## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - defaultStorageClass: "" - storageClass: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters -## - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override gitea.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override gitea.fullname template -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param commonAnnotations Common annotations to add to all Gitea resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). -## -extraDeploy: [] -## @section Gitea parameters -## - -## Bitnami Gitea image version -## ref: https://hub.docker.com/r/bitnami/gitea/tags/ -## @param image.registry [default: REGISTRY_NAME] Gitea image registry -## @param image.repository [default: REPOSITORY_NAME/gitea] Gitea Image name -## @skip image.tag Gitea Image tag -## @param image.digest Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy Gitea image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/gitea - tag: 1.22.1-debian-12-r4 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: true -## @param adminUsername User of the application -## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration -## -adminUsername: bn_user -## @param adminPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration -## -adminPassword: "" -## @param adminEmail Admin email -## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration -## -adminEmail: user@example.com -## @param appName Gitea application name -## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration -## -appName: gitea -## @param runMode Gitea application host -## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea#configuration -## -runMode: prod -## @param exposeSSH Make the SSH server accesible -## -exposeSSH: true -## @param rootURL UI Root URL (for link generation) -## -rootURL: "" -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: Recreate -## @param priorityClassName Gitea pods' priorityClassName -## -priorityClassName: "" -## @param schedulerName Name of the k8s scheduler (other than default) -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment -## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## The value is evaluated as a template -## -topologySpreadConstraints: [] -## @param automountServiceAccountToken Mount Service Account token in pod -## -automountServiceAccountToken: false -## @param hostAliases [array] Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param extraEnvVars Extra environment variables -## For example: -## -extraEnvVars: [] -# - name: BEARER_AUTH -# value: true -## @param extraEnvVarsCM ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. -## -extraVolumeMounts: [] -## @param initContainers Add additional init containers to the pod (evaluated as a template) -## -initContainers: [] -## Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb -## @param pdb.create Enable/disable a Pod Disruption Budget creation -## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled -## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. -## -pdb: - create: true - minAvailable: "" - maxUnavailable: "" -## @param sidecars Attach additional containers to the pod (evaluated as a template) -## -sidecars: [] -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Name of a secret with the application password -## -existingSecret: "" -## @param existingSecretKey Key inside the existing secret containing the password -## +namespaceOverride: "gitea" +adminUsername: "gitea_admin" +adminEmail: "edward@cheng.sydney" +appName: "gitea" +existingSecret: "gitea-secrets" existingSecretKey: "admin-password" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/containers/tree/main/bitnami/gitea/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -## @param smtpExistingSecret The name of an existing secret with SMTP credentials -## NOTE: Must contain key `smtp-password` -## NOTE: When it's set, the `smtpPassword` parameter is ignored -## -smtpExistingSecret: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 3000 - ssh: 2222 -## @param extraContainerPorts Optionally specify extra list of additional ports for Gitea container(s) -## e.g: -## extraContainerPorts: -## - name: myservice -## containerPort: 9090 -## -extraContainerPorts: [] -## Enable OpenID Configurations -## @param openid.enableSignIn Enable sign in with OpenID -## @param openid.enableSignUp Enable sign up with OpenID -openid: - enableSignIn: false - enableSignUp: false -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -## +smtpHost: "smtp.gmail.com" +smtpPort: "587" +smtpUser: "me@edward.sydney" +smtpExistingSecret: "sonarqube-secrets" persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Gitea volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessModes PVC Access Mode for Gitea volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for Gitea volume - ## - size: 8Gi - ## @param persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param persistence.existingClaim A manually managed Persistent Volume Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## existingClaim: "gitea-pvc" - ## @param persistence.hostPath If defined, the gitea-data volume will mount to the specified hostPath. - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" - ## @param persistence.annotations Persistent Volume Claim annotations - ## - annotations: {} - ## @param persistence.selector Selector to match an existing Persistent Volume for Gitea data PVC - ## If set, the PVC can't have a PV dynamically provisioned for it - ## E.g. - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. -## -nodeAffinityPreset: - type: "" - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ -## -nodeSelector: {} -## Gitea container's resource requests and limits -## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). -## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 -## -resourcesPreset: "micro" -## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) -## Example: -## resources: -## requests: -## cpu: 2 -## memory: 512Mi -## limits: -## cpu: 3 -## memory: 1024Mi -## -resources: {} -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable Gitea pods' Security Context -## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy -## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface -## @param podSecurityContext.supplementalGroups Set filesystem extra groups -## @param podSecurityContext.fsGroup Gitea pods' group ID -## -podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container -## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser -## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup -## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## @param containerSecurityContext.privileged Set container's Security Context privileged -## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem -## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation -## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped -## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile -## -containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -## Configure extra options for startup probe -## Gitea core exposes / to unauthenticated requests, making it a good -## default startup and readiness path. However, that may not always be the -## case. For example, if the image value is overridden to an image containing a -## module that alters that route, or an image that does not auto-install Gitea. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.path Request path for startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - path: / - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 30 - failureThreshold: 5 - successThreshold: 1 -## Configure extra options for readiness probe -## Gitea core exposes / to unauthenticated requests, making it a good -## default startup and readiness path. However, that may not always be the -## case. For example, if the image value is overridden to an image containing a -## module that alters that route, or an image that does not auto-install Gitea. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: / - initialDelaySeconds: 30 - periodSeconds: 60 - timeoutSeconds: 30 - failureThreshold: 5 - successThreshold: 1 -## @param customStartupProbe Override default startup probe -## -customStartupProbe: {} -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Add additional labels to the pod (evaluated as a template) -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @section Traffic Exposure Parameters -## - -## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer -## service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.ports.http Service HTTP port - ## @param service.ports.ssh Service SSH port - ## ports: http: 10080 ssh: 10022 - ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) - ## e.g: - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP loadBalancerIP for the Gitea Service (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.nodePorts [object] Kubernetes node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - ssh: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.clusterIP Gitea service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.annotations Additional custom annotations for Gitea service - ## - annotations: {} - ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - -## Configure the ingress resource that allows you to access the -## Gitea installation. Set up the URL -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## ingress: - ## @param ingress.enabled Enable ingress controller resource - ## enabled: true - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## ingressClassName: "nginx" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: "gitea.cluster.edward.sydney" - ## @param ingress.path The Path to Gitea. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: gitea.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - gitea.local - ## secretName: gitea.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## Example: - ## - name: gitea.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## @section Other Parameters -## - -## Service account for Gitea to use. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for Gitea pod - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: false - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## @section Database parameters -## - -## PostgreSQL chart configuration -## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml -## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart -## @param postgresql.auth.username Name for a custom user to create -## @param postgresql.auth.password Password for the custom user to create -## @param postgresql.auth.database Name for a custom database to create -## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials -## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) -## @param postgresql.service.ports.postgresql PostgreSQL service port -## + name: gitea postgresql: enabled: false - auth: - username: bn_gitea - password: "" - database: bitnami_gitea - existingSecret: "" - architecture: standalone - service: - ports: - postgresql: 5432 -## External PostgreSQL configuration -## All of these values are only used when postgresql.enabled is set to false -## @param externalDatabase.host Database host -## @param externalDatabase.port Database port number -## @param externalDatabase.user Non-root username for JupyterHub -## @param externalDatabase.password Password for the non-root username for JupyterHub -## @param externalDatabase.database JupyterHub database name -## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials -## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials -## externalDatabase: - host: "" - port: 5432 - user: postgres - database: gitea - password: "" - existingSecret: "" - existingSecretPasswordKey: "db-password" -## @section Volume Permissions parameters -## - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image name - ## @skip volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r25 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} + host: "postgresql-primary.argocd.svc.cluster.local" + user: "gitea_user" + existingSecret: "gitea-secrets" + existingSecretPasswordKey: "db-password" \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/templates/gitea.yaml b/resources/app-secrets/env/k3s-cluster/templates/gitea.yaml index e20de64..c5fcb01 100644 --- a/resources/app-secrets/env/k3s-cluster/templates/gitea.yaml +++ b/resources/app-secrets/env/k3s-cluster/templates/gitea.yaml @@ -9,15 +9,9 @@ metadata: namespace: gitea spec: encryptedData: - admin_email: AgA9oimJQpXAdvmQRSd84ygn/l5bSr+o8Cv10oY6qZA6Qp+FpK90o3433HWPrGGXJ+ewGJ4r1LGH7wyHlrsdem8EphjKdqz73WMSnv4Wtjao2P1txOjEmpusn3444j0fT3d8PY+8Q07x0Mj2AGqOIyzAHZfykT9AgX+xJygVv7jt1pjO4KYdtfD2QPt+jPShxpVXD+IP/euf+6rVNbudk/vJgGO4I/ITLlX2tL28vClHEzLst3Us4R81WFztcCbPc93wxvO6QFy5AlrA5CVP2lQJCj/E6uYbc1sO3WdrmkKVyecYd67nVstqp8CWf7qclBuDpj16IDDC+93jbGR6AydvQCgb3tAOGpW9IWghCoiHlWawcMqwbdweVYNF+Z7Rssprt4m60X0+sdMtq7vp43wIqJHWq8jZeLwlEKJDyT96uL5kfnmRpo0tTzbAbQVKBZ5hskJm+ga3Tld42nZytlXx3occ5qABRF5CotqTEtaT9JNPX3yPOVcVegUpmQeQa65Ssg7cJagC9ud1hwoYe/IxOub4xogh+gEDdIipiPGxHDdFZFXCwAVkEJdfBbH5zFXNpr7t8jt0TBkOLvsGzMsgZxqIXHVMrOW/a73urLXiflzEzmU6NET1jji7gwS6rj1Q/cKTNI5R9EsElafGsKy+jsF/BUMiNqInrMbOs+edyaM4S6enYMZU5pJ0HBBdF3AQRZKPSzXn1TFLQYsXkhm0UPC/ - admin_password: AgBUy2a0J9nZxlngZu9Wl/NaRt+7GtpV1JJbFUNdYgNVInvUL6RO7dQz7zzKepmo4yuBIId7GA/NWvxd4qP9Mwm6/hIGuwNaRzK4vtJrDG0O1pUjJz3gDD5snFYtUEVf1XmBm7YklMy3fNWif7BNbBhHB/RjgD01fpFL5s1y36UxHoicaaLB/iWJXv+ZvKRpnmbsAuxtIwH2Cn0i/mJR0elk80I2ZfwXjfmv49u/R7L86g6aq/XpeFfJ+q0t0ZTzfA98HA6GtUqDw58lshTFbXOwYV5h6JDoKs3yLucu0Q+L6LteEj1PHYB7yDH3/25gMi0ckzJP/Hz8dde8BwO3UQDZtIZ7SvOznXMd3DIj6693URnp4LwPC3UZKqZMUFpGVuZAWQa6w8rmRSBqbsSIwYdEDoAz3Cmw/EJjGQpfs6/n8UZgZ6P78T5cCOEBTpbd1lRR7KcaJqU4mFCJHPSHrxMPi7zEXVrtXEYqIwWN1YrHvFxw8FN+H/Dyq3B6g45hj786uRjOFkbS6I/mgmo9IUhQQgKn9H5K5ze9WGLGl00LR8JPYAdvMnC14IzTVeceU44G/fbZStP9mkayZsBlA/OvGFTg14qC5o6agjB0vZmQkyFYKm7h36Bu/UcLUljNmN7IruLd4zbn+N77mGatjMufJP9tQkfv4YL5NWxUz1v5UY+WG0JIjLj+svawce9xJftk9LJ185VHlnHztFoutTI8e6l7PQ== - admin_username: AgC4ih1J5E8YEKBWLrgCbApElhIF75+B7504aIAVM3GfnUI7sdKIlxfjCAR+4vtja6CpTlwNN9GHyq+jNeBQN662R1mm2P4p3/V1tZ3dpwi1xAaPn0JoFVnILO/mkwHGvfKaXeiAscZoVm+s4TNQ5vXNRyPaCNW72tHxBfkTXQOXUyf9sWIX0Mq8eEa6uAkAs/MKwOrU4q2UWn5ASjpy1m/AMJyDB4O/XifxcuAV110ragDLnKJVPoKsw2xdYMSF7nWt2mlKYGzRJKuNYSBZOaUGM4/oqKtPMr2TUxv/ktqZaJ9x2O0kRV+GIJdYJo+XWtZVZtuYN9YZ1++m0A/QECp4ADlh8Vyq7qXPBNYa2k3m6K6yWJk14gl1t+Pamg4fveR0gB52Ow0xFJl6856NfB3/umtWk21TVN1Sx/aZrspJqzqNY9FM0XCZXd4M800LnqwkNdHzuSwNe6kD9Hb1P8v/SrCPfjdhZpFv4msCCXQ8AJ2hx7DV8v8SqYXqjsCrPDxVdcvyOZMEhNXwN53BajE/6dkvy0oFg3aWCd/mupqbPrVdij5+vaEpuyaD8EfnB2K9fOF4XgKYivBAZwvkF3eO81vkrEpqMSABbo2WC+isbWGBsnmzVAw1MNpUj4Vy4pIWJSY+S/fwqRUvF7TMuixW1X6+ZUyhwu3T966o3gm6a1p2D2/B/oil7jYfn8NP+386FjN9/xeMZ6ar5Q== - app_name: AgCshGi1SYnZS+R/EVHGyEPOdwYPKSGHd3Q/1MeG00bHp4JK/hMoOf2qnXdIFk08F/uGaJfRajjMXWi/D8aTiFxAMkpg2Ao4Ow5jg7tX42gvXk2qiav6LDf+Vx2jpcBBIrqAt8GBwNBYOJ8g7WMTYqSU8KyFRjGo4ZS6r840OVmyKNzHWLh6S9QICYjSjw/4XGdSdGu7zSFnHxEzM9SnD4K4R5Ndmlkog3gikTMaRApGLg964E+hUQ9VG1hzlhuOtfrgmau9mdELK1zv76JoVqRkLG9ikR05R7OJIzaF/2ozvZWQcIvyApb6axREuBBNbMjn6o3EW83zxO0zUZFbqon0pEUBoPmPC584kQU2DfJjNf8CzBPPMBQVYv4UCPiMdax1xnV5Wm06AuLW9zG3WH5Myf8Zv/qsvISfvtwym4LC+NDLVztc+x8FFERJYsMG/+ndpY+R5Ln1PIZ/8tE6BgSQ0Y3m1ep+gr9H1ZfFEhqcbIE0yWzPsmW+F5xsIhQwm0F025jUF1y7IA1T55N92nHkEcyuwfu2z4kKuEm+AT1hGOk3a2tpVbdEvLXDpl0irfaOyiiunH06jvhliKgfHxCwQGihSD7lfEJUapSh17rXcGEDFXvOGsql4448JuQHB8j5Hdn7xGImF7VtzP0V738rXyMzgtoiwb0QTNl+TopnoUHXElu255ZekHX5RT7LagM8p3kx3g== - db_host: AgA7m/x+3dVniLN1p2QhvuFNQKBZ1g+554+q02kbp498LEvg7xlabvcYdYkK+PHi+KoirykenJqyo3eZdwe1LkoSqAgp3LJNF/xWKU1ulpVhZRk68VgGcMdG70cKH9uk9irbOxSRkt/d07yeY1Ba/68PrYy56Lf03hnNyh+RyCMpISy3q7+EwZc6oiqcmV6rxr0AbP1iqV6G6kDVa0iQEerOnOZ0clXjZOERyhGFAv2jEqHuKQXdJ+Su9YIduqoQj+/7yrhmi+ifj33dGAQrZxZlIFcd5PdPJMhSo5WsjCP6bP6a10hi5m0bv6z56Z7dgqHeXzXPJnpnU1fjb4crrJRkSOJzR2mtVlLI8UGdNU7hkYFNvrV4lNDXhcyd8W8cTMCVIJzIW9g5mporMZdghlCwwZkti1CpAshLlKeF3iOUdX0nYWVGNLURg6Kkvta2GwbL3rVMxgZ5HTcWoulvMT12aRPRxGhsyLvXiAS9C+b6XQSSl1k2lvpoLDOhQJdoCHXByUxi3YBElAdfNZ+IQ1Mc855+ZOz1UO7lHiqadpCnVgT32TnZVwGZJKE/B8Sr7AfRtp4n//g6q1XlMdTwkyFtHP36dPKidnUd2ReYzysvMThvVy45dSMXBET6x8t4k4QbhjtSMHMunKLmVsur3tTb3T6t03T4NG3tb4+oWofxCCBCrFUIlddawLodZv7fP+AuuqKrumJWfYfF8xNIwVzTC98U+Kq2OsXyCw/7PLXhc4jbNeQes8TBmcaNJDxV+w== - db_name: AgApTQ4a2gBfYYAeXjkkO3CsJouadi8n4TZzyPW+KMtbgFXq0RP6T3jwPnf9SWFlZxkoDUtwiQWOXPN6jc/B+pd3CU/dpqCBD/Nf/BX91VoWvzyYXnBHkLzTiU7CXBn3J5omjLnm16YrAaxxk3b/L6RZSqX1DVunlXBIgIHYY2egyKWx2YblH2DXF65eI0eQ3wjy1nf4akdVEOZJnP2nPb36Rvs6ZYo5UjuxqkeVNum5+R7R4yTmdbADdyZPswxczSh3NT8/7dJA56Sg+BXDrdNlpahoApDfLWm/S58XDN4bQt7bE180nbeFYnNMcxdNTqkldAzfLff4CWfeTmK+F9sHCmtB1af9NZrR2/mLG3+v8tUP+EsLUbp8HeAxV3TXqaaAEOCI0lRT3/YDHnCuS/nNGndwfCUHyJhjA/dCpkY4mol4Y592bCf3RomdZOH5dSlwc/opRn+hJKzWsFZgUxG4miQ09Htti9op4gK5cX1NVmUegSLeLF9GtxzTd0/Qf2u3t8yTqIGNCjohtWnHY8pI4q9oZmc6hw/62y1nFhCnEPuxsqkYQr0Y6+CjQ0/D1eHQCLR2pe6tjvy4rgJBiIwG1Ns/ipNrC/7pegb+XwQ35lVDGvO9knlCzYwnt4piBYly3/I4NW3oswHLvC0488FXcJt0jtVTGZKQCGFwzZs84ZtnrHuAZqiKsoWCMirc2KnIdJePcQ== - db_password: AgBdld/wramisqL57iY8Uc3OtssE+T3bIWoRugg9NcKBEG5CgHtBjO1wlS/LVPKBi0wrliFfpwGuXZWl7GemhFi1AxVLZ3NuR5R4sRG/+jFwc4AktaugrUIxnAgRetLBYPQMxOnsVVU4hnPfTHjd8WK7mciLzaqvMaVWHLV2PFQhGFAyag0Ud97qZ1FnlqYFPyg1JK/Hiv6sQ+zS6CqrMwtlcJHRjvZntDXe5EMV7pObxFoxuCI68SGB9yDiYZIHbD/wBbZ7B1coQVVeqIGOkxDfKUk3xz1CfXoH9Jp9uHVayssa5kh1cEjuyyiaqE4laHH5bgDBWSU32ZhABZR4uVHOrOAf3p2EZvriCJVYGQ4TYKlzJlf8H3/F1B8lTlyXxBgcKjyZskCaYG9/V12WxoeQPfucH1nN4WJi8mwcD9GqnbHC6UE6Q6EW8QG9D/iIdv6kAzrVXixhSHrSOLUf4N6hDQ/E37IuWLwdSGfIseCGShX7Er/7aRTILMX5v4zrTZbs4ih+rWzy0vDIhe4jl8N8MTQqtvpryfCSdFxqIk00MMh9zBftFXKAVXKk/1AQclAQHc/b/fgZrM9kbAX1Jo2zKblD07tas+/9vlL4MQ70UDsmz37/6uAhA4diQi8tmiqIMxoeTnqs1f5HMDkVuy7hyLV/Xg4ZA2U9RmdqnpGcmrWc1BpUf8cL4AjItf6tSdWc+ch6UvDx/lBzDeJpJsezTjnsQA== - db_port: AgB7IN1Gs3WBKPvMujyS1e9AqxotjmQOv2QfOqX6dGEYEET4Ay067xcdbyns6oczUnuQyKpIr79oZzeezevPM+RTVYCwEyTxF84Qcs9h/psY61cYOEwNcIu+m5iP+qb2sFlopK6QZk03zPyd1XZ5TlRw6Nv2Nt3gPvoksgG7L0CM8xWvcpcG2/khh9UuckUGErcaK3nMxdKAKZLjVaVdRIC78u03NEc4cj9KH7r/Zz5PZXOVlZyUAxCtUMe0NHs7bFhRp5Boxa+Jz0cfJ4fDZlwHgMQLxi8nQbKmZf1B3HY4+zUYShBrxWWFBimqpctJDFpV4z5DHJVTeFSxgPXh0t5qsYikeeVqDnbGMx+4yyno3+IkD+Se73z7boS5sbYhPtifm1dS88DbAMDckMAiR5ktDLbItSwGoxGTegqmhbvUtxhpzl64Q6yrrQetJ/sT/j+Q6YWCqrnhQvgcR9rasFCUswGmnr0cF9jYVRkDHpK4Ehwf8HNriyY1RlDnopBGtx+t7hUb7yrNoSnJQEVSCKCMkxOzP9gMsfZptO66MWsX+Jbr9vQV88Wzqshe5oYTJk8UkqeOqZLPp5aKs/5uv/BJNGwJbDuMlXmX8ZU5c4jn0FyzGeamqxqttgIonXgo0eeR4FwV5NTLgX1h5IETMKHBsNbzmJuu9fF92pycYVeb3AngMMKveLqkN2y/s/bKBNGFtcyh - db_user: AgCwCgsYWuB3S4PaAA/WSoTrqABcJnFrmu8ud6FUk4tQjhBySGlODANZVI9XoHh16iNRMSLiVlUihiyr8d/Dh9TP7Q4nwKlLoRmObbH5hyqPEC+y+phccwC8OSQ8pA/Xy1mv+dQhH8Ssz3hR2UGdS8BBEeBgnLZYJR1B0zOrAijCnv6lsdDY6dIuLv3ijsRtIzHIT2Q1UcvJrd3cP16PT2xKw+3X7rPURkMRwbDKyKslhpJeVohVc7SoG04SUXZ7GUtR0S02WIrd3UXfjXcrV1fa5C5ssRN9CEMs0TWBo+0q/tp81mPFYPEbdWsKGBZ+1VxGL0PnbiMJBizGq3YOBU3KY2irXSipsWXeoZOOK8d4E8lnT0toVKFSafp8tkASxT7pEgVrJ5QPlcT5wO/eMehNQ4ZMc1DPAUHD740il1q2Zse9JMsa5sYu5SCsvaAC5ON0w6111AM9OS5t3jxN/lMhcZFqAtcLtDL9Ut68KBtvWEnPJdqnT8mRjR0bH0wLrjv1Irzdt7yHHIkZRjLRaxWXrnNfj/UaRkAsCRtD0aqtWe/grU7pj7ud9i5b849gJl9Ps6zsvwtW4ZBWDtn6TWUjn1dhKqOz78qG561YqTRSE784O66vZwHlAsq9Ow2K/mQCBdOA39vJgIg+xtyMvRG1Upissq2WOzECyY+9jsOBowVKcSKSCUBADHF7oNJqcTcez/zNIZ1viNbB + admin-password: AgBOc0Fe32b91T1Y2x1A+NtK+IP/P8J/3z0XHP/+3yP1Nrzl6PvQbyNXPZCCpjH1CSek+8JmkfXKtOXd1MQ6/AFfRo6MaNV4fmW3UZsrEyjx69pKuif1Ej32y2JM22sMvHzfgDDjeyqpZQ19DTh/rtLoGkV5QQkeQ7Pnd6zX0ksrUezrKBzIv4NcSkzLzU0NBkmPS4VSrO52x95xqdDmI9KtYDVaBaJ0MRkltsrHXHPqjVFlDchuXTBD+D6sL2VMB0fLvyNAAgYnQV8dlMxyoV3zn/zdlXofy4INtQ6ZbK/WEIV+2aujyYAs787197CXc6QJGGhXo4WWfSbSueAVHcGu9RZJFcMugslwnGKtqC3oCTkqHWqvXkMRCZsVVu4dxxoHvxe39B0/J31ZF650mrkxOMaxFpIszGievFmdFhgcsicrgUXCDbkxIH+Uphs+piZK0Ec3c20oINZKjlZbKXQW3Pb2Ln85FGnIEelE7svryzv5mrr9C4SBvU0j4O/4q5XMZa8iU7ncX1crK7fzYjlSzHl0xPmuT/hyoSf7ULRnZxjiYqPffoAyjMxlWmbI81VqgMEMFkchhMWgDYelfki0FDtbn2RXBLB/MHe9blXr42GaW8SIbnQeFt4ATD1JLeqJyaCmH3mpBuSoJb6ngdeswfZDneumQfufQ6wwLCwoARLXGpEJD9Bcl5GrNxqXB7qc0E1jVZIEEVXM4XL0i8GBqnoA6A== + db-password: AgAPxChdWn6aw0hn9qcstz2BBE+sr6wEYhHgQ8MjoFsS1bQXoEE0B9KS3Z1L8bo9Xo+gvlk6funXa2X+Cdl11AYy1mzGCJDLpZu6EIrI2dpQd0aMHCyUspB0PZ8fGvIcNsxcDFRUwWt0IZ4LyxUNXsekbets0RpreDI3rDtoutcJWaKPI4LZKAK9bLyC5WAcLaJf/bj3JxCMcIzWqg6XvY6L1qRjVQxvZ7Fubs9IsbyTFWryINfS019IVSFa/iwXSNwk6f9fv8e0clkbw/xzvVZTLP7uRDxacsZWasjUofxNTNlHeYnBvjTQTfDvIcUEriQ4RyZyk+3wzh6n7zwbJ/fKKzRq11xFAsEnmkxtEtlU2bmphd0xfhZvuXvbN04zv5pHlYjU7qWSdYSY338NsD9LeJS/Jt8pUv2icOwk3DUDmMcsGC74vdvaNCPfkBkmAp5lxf+WnMaIJcEQU4gJ52EdPR1tqbMqJ/t3FYQeSA1erPq7LHoczzN3t+GfctxLLQGqY1OikDJdza+aX55QIDbRX5g3EetTklxZuTMRMtSFCdByaRiwPyutQaBSBxQkPSv4rkOoHFc8trHmfj3/nQtcjNVH3kyrR7rmw2hiSd6QJ05KCu83FTjh7qvlCPY0taltE6mmCb+PgWmMg8bg+jhqdbmIwnugB6RvdrKJkB1RE4w3KRpPXt4yE229OeKU8JNrHG4vG0HbY6nzXVplDMVMc0/A8A== + smtp-password: AgDeVCiOlfLQReoytKqcV7sRQ59SGPo7pu/7wdsaLbpl8wA0PJ8W2ucgMsj6vi1Qemyz7z4+aq+E1SzIl59woC2eouusPNyjk52LfD3R2z2bChkHsfy8P49Cb31YPuL+qcByxUR1aJvbWegToEMUFaqDFsJno1wxLmDmWjLEYtIdspEhCWnWNdnpuSXD4VyXAAJjElNQj81SYGbXdcD6BrLf9iOBX1PdghwigsDqQ12vdGUUMRNKWm5Rw5mkkh0XveaCAFEfegE5XC007qyx/3wte9FhbDPdx94+Svrj2vdQv/WjLVJVPpjKbIkd1pBf5LmrFUK7yPdlXzkqmBnIN16ZLB2CSzVNN3EPAuG+ZAlD4Sm7kKtSb/uiZX5Le7niJQ+K0bwvsjtO3VLSV6HLbFO5Mw16klvZ4jWHcAA21/mfl4OjHKv9yagIfELm3LdlNPvwJfyA7v7L8aHEnPtUbl7iXajHCg2uTofBX14/XZk8EcK/IxouNOvqMTIxxcUiufIWUgBm6/q0BDnghyia4oJYFAOTA484RlM9Cfv1Alta/9S5buKwSGkhDM/NZZ8qYt4SqIVhYxBUaYZnz+DqmzEVDm8C8u+1PlJxr29LiPneqq2Edvze5MRJOgIdqHeP+mVdISs1L4eI0yJodv8eddGf7QDcE/V8m9I0g3n3nCFGXILBWkoZ0XK448YC39QfopJwAkzJUnTxmhfcn7rOM2Z8G4pL template: metadata: annotations: diff --git a/resources/app-volumes/env/k3s-cluster/templates/gitea-pv.yaml b/resources/app-volumes/env/k3s-cluster/templates/gitea-pv.yaml index 887278a..ad0e65a 100644 --- a/resources/app-volumes/env/k3s-cluster/templates/gitea-pv.yaml +++ b/resources/app-volumes/env/k3s-cluster/templates/gitea-pv.yaml @@ -24,7 +24,7 @@ spec: required: nodeSelectorTerms: - matchExpressions: - - key: kubernetes.io/hostname + - key: kubernetes.io/arch operator: In values: - - rpi5-cluster-node-2 \ No newline at end of file + - arm64 \ No newline at end of file From 85adeed24ccba154c67f657e86e459efdc516503 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 01:12:57 +1000 Subject: [PATCH 16/39] disable chattts --- apps/chattts/env/k3s-cluster/config.json | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 apps/chattts/env/k3s-cluster/config.json diff --git a/apps/chattts/env/k3s-cluster/config.json b/apps/chattts/env/k3s-cluster/config.json deleted file mode 100644 index e4835d9..0000000 --- a/apps/chattts/env/k3s-cluster/config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "appName": "chattts", - "userGivenName": "chattts", - "namespace": "chattts", - "destNamespace": "chattts", - "destServer": "https://kubernetes.default.svc", - "srcPath": "apps/chattts/env/k3s-cluster", - "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", - "srcTargetRevision": "", - "labels": null, - "annotations": null -} \ No newline at end of file From 4523cdd476c5625a573955ca6886494049f20fa1 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 01:15:22 +1000 Subject: [PATCH 17/39] fix gitea service account issue --- apps/gitea/env/k3s-cluster/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/apps/gitea/env/k3s-cluster/values.yaml b/apps/gitea/env/k3s-cluster/values.yaml index 19bd4a5..421fe30 100644 --- a/apps/gitea/env/k3s-cluster/values.yaml +++ b/apps/gitea/env/k3s-cluster/values.yaml @@ -17,8 +17,6 @@ service: ingress: enabled: true ingressClassName: "nginx" -serviceAccount: - name: gitea postgresql: enabled: false externalDatabase: From 50632736dc8d3cdec59e808830103530e8602f20 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 01:24:52 +1000 Subject: [PATCH 18/39] fix gitea service account issue --- apps/gitea/env/k3s-cluster/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/gitea/env/k3s-cluster/values.yaml b/apps/gitea/env/k3s-cluster/values.yaml index 421fe30..c6bcc4d 100644 --- a/apps/gitea/env/k3s-cluster/values.yaml +++ b/apps/gitea/env/k3s-cluster/values.yaml @@ -17,6 +17,8 @@ service: ingress: enabled: true ingressClassName: "nginx" +serviceAccount: + enabled: false postgresql: enabled: false externalDatabase: From 779b545d38c2b0534f0f7a702a25f8b143b3e442 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 16:47:04 +1000 Subject: [PATCH 19/39] fix gitea service account issue --- apps/gitea/env/k3s-cluster/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/gitea/env/k3s-cluster/values.yaml b/apps/gitea/env/k3s-cluster/values.yaml index c6bcc4d..849b4e5 100644 --- a/apps/gitea/env/k3s-cluster/values.yaml +++ b/apps/gitea/env/k3s-cluster/values.yaml @@ -7,7 +7,7 @@ existingSecretKey: "admin-password" smtpHost: "smtp.gmail.com" smtpPort: "587" smtpUser: "me@edward.sydney" -smtpExistingSecret: "sonarqube-secrets" +smtpExistingSecret: "gitea-secrets" persistence: existingClaim: "gitea-pvc" service: @@ -18,7 +18,7 @@ ingress: enabled: true ingressClassName: "nginx" serviceAccount: - enabled: false + create: false postgresql: enabled: false externalDatabase: From e5348e4db34deb31bae7430685123c6a34aab67d Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 17:15:49 +1000 Subject: [PATCH 20/39] add resources config values --- apps/gitea/env/k3s-cluster/values.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/apps/gitea/env/k3s-cluster/values.yaml b/apps/gitea/env/k3s-cluster/values.yaml index 849b4e5..8745a80 100644 --- a/apps/gitea/env/k3s-cluster/values.yaml +++ b/apps/gitea/env/k3s-cluster/values.yaml @@ -25,4 +25,11 @@ externalDatabase: host: "postgresql-primary.argocd.svc.cluster.local" user: "gitea_user" existingSecret: "gitea-secrets" - existingSecretPasswordKey: "db-password" \ No newline at end of file + existingSecretPasswordKey: "db-password" +resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 100m + memory: 256Mi \ No newline at end of file From c30b8b79b4176d5c73d8213ad6276ebe0bebc184 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 19:57:02 +1000 Subject: [PATCH 21/39] remove podAntiAffinityPreset in the deployment --- apps/gitea/env/k3s-cluster/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/gitea/env/k3s-cluster/values.yaml b/apps/gitea/env/k3s-cluster/values.yaml index 8745a80..a41474d 100644 --- a/apps/gitea/env/k3s-cluster/values.yaml +++ b/apps/gitea/env/k3s-cluster/values.yaml @@ -1,4 +1,5 @@ namespaceOverride: "gitea" +podAntiAffinityPreset: "" adminUsername: "gitea_admin" adminEmail: "edward@cheng.sydney" appName: "gitea" From ac182ec587212b555d8da87da442021272812711 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 23 Jul 2024 21:33:54 +1000 Subject: [PATCH 22/39] add app nextcloud --- apps/nextcloud/base/deployment.yaml | 55 +++++++++++++++++++ apps/nextcloud/base/ingress.yaml | 21 +++++++ apps/nextcloud/base/kustomization.yaml | 6 ++ apps/nextcloud/base/service.yaml | 25 +++++++++ apps/nextcloud/env/k3s-cluster/config.json | 12 ++++ .../env/k3s-cluster/kustomization.yaml | 4 ++ resources/namespaces/base/kustomization.yaml | 1 + resources/namespaces/base/nextcloud.yaml | 9 +++ 8 files changed, 133 insertions(+) create mode 100644 apps/nextcloud/base/deployment.yaml create mode 100644 apps/nextcloud/base/ingress.yaml create mode 100644 apps/nextcloud/base/kustomization.yaml create mode 100644 apps/nextcloud/base/service.yaml create mode 100644 apps/nextcloud/env/k3s-cluster/config.json create mode 100644 apps/nextcloud/env/k3s-cluster/kustomization.yaml create mode 100644 resources/namespaces/base/nextcloud.yaml diff --git a/apps/nextcloud/base/deployment.yaml b/apps/nextcloud/base/deployment.yaml new file mode 100644 index 0000000..3a579a5 --- /dev/null +++ b/apps/nextcloud/base/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: nextcloud + labels: + app.kubernetes.io/name: nextcloud +spec: + selector: + matchLabels: + app.kubernetes.io/name: nextcloud + template: + metadata: + labels: + app.kubernetes.io/name: nextcloud + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + containers: + - name: nextcloud + image: nextcloud/all-in-one + securityContext: + allowPrivilegeEscalation: false + ports: + - protocol: TCP + containerPort: 80 + name: 80-tcp + - protocol: TCP + containerPort: 8080 + name: 8080-tcp + - protocol: TCP + containerPort: 8443 + name: 8443-tcp + - protocol: TCP + containerPort: 3478 + name: 3478-tcp + - protocol: UDP + containerPort: 3478 + name: 3478-udp + volumeMounts: + - name: nextcloud_aio_mastercontainer + mountPath: /mnt/docker-aio-config + - name: docker-socket + mountPath: /var/run/docker.sock + readOnly: true + volumes: + - name: nextcloud_aio_mastercontainer + hostPath: + path: /mnt/nfs/AppData/nextcloud + type: Directory + - name: docker-socket + hostPath: + path: /var/run/docker.sock + type: Socket \ No newline at end of file diff --git a/apps/nextcloud/base/ingress.yaml b/apps/nextcloud/base/ingress.yaml new file mode 100644 index 0000000..a90b704 --- /dev/null +++ b/apps/nextcloud/base/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud-ingress + namespace: nextcloud + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "nextcloud.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: nextcloud + port: + number: 8080 \ No newline at end of file diff --git a/apps/nextcloud/base/kustomization.yaml b/apps/nextcloud/base/kustomization.yaml new file mode 100644 index 0000000..1ad0930 --- /dev/null +++ b/apps/nextcloud/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./deployment.yaml + - ./service.yaml + - ./ingress.yaml \ No newline at end of file diff --git a/apps/nextcloud/base/service.yaml b/apps/nextcloud/base/service.yaml new file mode 100644 index 0000000..6e5e791 --- /dev/null +++ b/apps/nextcloud/base/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: nextcloud + labels: + app.kubernetes.io/name: nextcloud +spec: + selector: + app.kubernetes.io/name: nextcloud + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 80 + targetPort: 80 + name: 80-tcp + - protocol: TCP + port: 8080 + targetPort: 8080 + name: 8080-tcp + - protocol: TCP + port: 8443 + targetPort: 8443 + name: 8443-tcp diff --git a/apps/nextcloud/env/k3s-cluster/config.json b/apps/nextcloud/env/k3s-cluster/config.json new file mode 100644 index 0000000..c9fb170 --- /dev/null +++ b/apps/nextcloud/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "nextcloud", + "userGivenName": "nextcloud", + "namespace": "nextcloud", + "destNamespace": "nextcloud", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/nextcloud/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/nextcloud/env/k3s-cluster/kustomization.yaml b/apps/nextcloud/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a227ac4 --- /dev/null +++ b/apps/nextcloud/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base \ No newline at end of file diff --git a/resources/namespaces/base/kustomization.yaml b/resources/namespaces/base/kustomization.yaml index 4e15856..f33cb14 100644 --- a/resources/namespaces/base/kustomization.yaml +++ b/resources/namespaces/base/kustomization.yaml @@ -21,6 +21,7 @@ resources: - ./minio.yaml - ./mongodb.yaml - ./new-relic.yaml + - ./nextcloud.yaml - ./nexus.yaml - ./postgresql.yaml - ./prometheus.yaml diff --git a/resources/namespaces/base/nextcloud.yaml b/resources/namespaces/base/nextcloud.yaml new file mode 100644 index 0000000..797692b --- /dev/null +++ b/resources/namespaces/base/nextcloud.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + creationTimestamp: null + name: nextcloud +spec: {} +status: {} From 9940b792e645b5b323a2b8adb27fd42c8608b30c Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 01:51:21 +1000 Subject: [PATCH 23/39] fixing volumes --- apps/nextcloud/base/deployment.yaml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/apps/nextcloud/base/deployment.yaml b/apps/nextcloud/base/deployment.yaml index 3a579a5..488e9e1 100644 --- a/apps/nextcloud/base/deployment.yaml +++ b/apps/nextcloud/base/deployment.yaml @@ -19,9 +19,12 @@ spec: runAsGroup: 1000 containers: - name: nextcloud - image: nextcloud/all-in-one + image: nextcloud/all-in-one:latest securityContext: allowPrivilegeEscalation: false + env: + - name: SKIP_DOMAIN_VALIDATION + value: "true" ports: - protocol: TCP containerPort: 80 @@ -41,15 +44,29 @@ spec: volumeMounts: - name: nextcloud_aio_mastercontainer mountPath: /mnt/docker-aio-config + - name: nextcloud_aio_nextcloud + mountPath: /mnt/ncdata + - name: nextcloud_storagebox + mountPath: /mnt/storagebox - name: docker-socket mountPath: /var/run/docker.sock readOnly: true volumes: - name: nextcloud_aio_mastercontainer hostPath: - path: /mnt/nfs/AppData/nextcloud + path: /mnt/nfs/AppData/nextcloud/config + type: Directory + - name: nextcloud_aio_nextcloud + hostPath: + path: /mnt/nfs/AppData/nextcloud/data + type: Directory + - name: nextcloud_storagebox + hostPath: + path: /mnt/nfs/AppData/nextcloud/storagebox type: Directory - name: docker-socket hostPath: path: /var/run/docker.sock - type: Socket \ No newline at end of file + type: Socket + nodeSelector: + kubernetes.io/arch: amd64 \ No newline at end of file From 1285efaa98f09de3584992dd784b0c88f3c82076 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 01:55:51 +1000 Subject: [PATCH 24/39] update ports --- apps/nextcloud/base/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/nextcloud/base/deployment.yaml b/apps/nextcloud/base/deployment.yaml index 488e9e1..28b32f9 100644 --- a/apps/nextcloud/base/deployment.yaml +++ b/apps/nextcloud/base/deployment.yaml @@ -25,6 +25,10 @@ spec: env: - name: SKIP_DOMAIN_VALIDATION value: "true" + - name: APACHE_PORT + value: "11000" + - name: APACHE_IP_BINDING + value: "0.0.0.0" ports: - protocol: TCP containerPort: 80 From 648900b9329041c20ce830392edf37820ba25523 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 06:52:11 +1000 Subject: [PATCH 25/39] add app kubernetes-dashboard --- .../base/kustomization.yaml | 8 +++++++ apps/kubernetes-dashboard/base/values.yaml | 24 +++++++++++++++++++ .../env/k3s-cluster/config.json | 12 ++++++++++ .../env/k3s-cluster/kustomization.yaml | 4 ++++ .../namespaces/base/kubernetes-dashboard.yaml | 9 +++++++ resources/namespaces/base/kustomization.yaml | 1 + 6 files changed, 58 insertions(+) create mode 100644 apps/kubernetes-dashboard/base/kustomization.yaml create mode 100644 apps/kubernetes-dashboard/base/values.yaml create mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/config.json create mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml create mode 100644 resources/namespaces/base/kubernetes-dashboard.yaml diff --git a/apps/kubernetes-dashboard/base/kustomization.yaml b/apps/kubernetes-dashboard/base/kustomization.yaml new file mode 100644 index 0000000..e539a2c --- /dev/null +++ b/apps/kubernetes-dashboard/base/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: kubernetes-dashboard + repo: https://kubernetes.github.io/dashboard/ + version: 7.5.0 + releaseName: kubernetes-dashboard + valuesFile: values.yaml \ No newline at end of file diff --git a/apps/kubernetes-dashboard/base/values.yaml b/apps/kubernetes-dashboard/base/values.yaml new file mode 100644 index 0000000..c374eb8 --- /dev/null +++ b/apps/kubernetes-dashboard/base/values.yaml @@ -0,0 +1,24 @@ +app: + ingress: + enabled: true + hosts: + - "k3s-dashboard.cluster.edward.sydney" + ingressClassName: nginx + tls: + enabled: false +auth: + volumes: + - name: tmp-volume + path: /mnt/nfs/AppData/kubernetes-dashboard/auth +api: + volumes: + - name: tmp-volume + path: /mnt/nfs/AppData/kubernetes-dashboard/auth +web: + volumes: + - name: tmp-volume + path: /mnt/nfs/AppData/kubernetes-dashboard/auth +metricsScraper: + volumes: + - name: tmp-volume + path: /mnt/nfs/AppData/kubernetes-dashboard/auth \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/config.json b/apps/kubernetes-dashboard/env/k3s-cluster/config.json new file mode 100644 index 0000000..135ed6a --- /dev/null +++ b/apps/kubernetes-dashboard/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "kubernetes-dashboard", + "userGivenName": "kubernetes-dashboard", + "namespace": "kubernetes-dashboard", + "destNamespace": "kubernetes-dashboard", + "destServer": "https://kubernetes.default.svc", + "srcPath": "apps/kubernetes-dashboard/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a227ac4 --- /dev/null +++ b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base \ No newline at end of file diff --git a/resources/namespaces/base/kubernetes-dashboard.yaml b/resources/namespaces/base/kubernetes-dashboard.yaml new file mode 100644 index 0000000..7ff2701 --- /dev/null +++ b/resources/namespaces/base/kubernetes-dashboard.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + creationTimestamp: null + name: chattts +spec: {} +status: {} diff --git a/resources/namespaces/base/kustomization.yaml b/resources/namespaces/base/kustomization.yaml index f33cb14..a02b932 100644 --- a/resources/namespaces/base/kustomization.yaml +++ b/resources/namespaces/base/kustomization.yaml @@ -16,6 +16,7 @@ resources: - ./ingress-nginx.yaml - ./jellyfin.yaml - ./kavita.yaml + - ./kubernetes-dashboard.yaml - ./local-path-storage.yaml - ./logstash.yaml - ./minio.yaml From 272f028cb6bb4f901c7d0a5bd6c5aa3be2c2bc05 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 06:56:36 +1000 Subject: [PATCH 26/39] diable gitea and nextcloud --- apps/gitea/env/k3s-cluster/config.json | 12 ------------ apps/nextcloud/env/k3s-cluster/config.json | 12 ------------ 2 files changed, 24 deletions(-) delete mode 100644 apps/gitea/env/k3s-cluster/config.json delete mode 100644 apps/nextcloud/env/k3s-cluster/config.json diff --git a/apps/gitea/env/k3s-cluster/config.json b/apps/gitea/env/k3s-cluster/config.json deleted file mode 100644 index 05e65c8..0000000 --- a/apps/gitea/env/k3s-cluster/config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "appName": "gitea", - "userGivenName": "gitea", - "namespace": "gitea", - "destNamespace": "gitea", - "destServer": "https://kubernetes.default.svc", - "srcPath": "apps/gitea/env/k3s-cluster", - "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", - "srcTargetRevision": "", - "labels": null, - "annotations": null -} \ No newline at end of file diff --git a/apps/nextcloud/env/k3s-cluster/config.json b/apps/nextcloud/env/k3s-cluster/config.json deleted file mode 100644 index c9fb170..0000000 --- a/apps/nextcloud/env/k3s-cluster/config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "appName": "nextcloud", - "userGivenName": "nextcloud", - "namespace": "nextcloud", - "destNamespace": "nextcloud", - "destServer": "https://kubernetes.default.svc", - "srcPath": "apps/nextcloud/env/k3s-cluster", - "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", - "srcTargetRevision": "", - "labels": null, - "annotations": null -} \ No newline at end of file From 4c924f23d27882a1a568c9d5ce9c44d93f177b68 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 06:58:56 +1000 Subject: [PATCH 27/39] fix namespace --- resources/namespaces/base/kubernetes-dashboard.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/namespaces/base/kubernetes-dashboard.yaml b/resources/namespaces/base/kubernetes-dashboard.yaml index 7ff2701..7310d7a 100644 --- a/resources/namespaces/base/kubernetes-dashboard.yaml +++ b/resources/namespaces/base/kubernetes-dashboard.yaml @@ -4,6 +4,6 @@ metadata: annotations: argocd.argoproj.io/sync-options: Prune=false creationTimestamp: null - name: chattts + name: kubernetes-dashboard spec: {} status: {} From db91b1d3221950f5c63d75e50a7c352d43fa348e Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:01:32 +1000 Subject: [PATCH 28/39] disable kong --- apps/kubernetes-dashboard/base/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/kubernetes-dashboard/base/values.yaml b/apps/kubernetes-dashboard/base/values.yaml index c374eb8..9be4546 100644 --- a/apps/kubernetes-dashboard/base/values.yaml +++ b/apps/kubernetes-dashboard/base/values.yaml @@ -21,4 +21,6 @@ web: metricsScraper: volumes: - name: tmp-volume - path: /mnt/nfs/AppData/kubernetes-dashboard/auth \ No newline at end of file + path: /mnt/nfs/AppData/kubernetes-dashboard/auth +kong: + enabled: false \ No newline at end of file From 00d38bf46b3eaa3a781c07ca13c28225e1f34a5d Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:07:24 +1000 Subject: [PATCH 29/39] create standalone ingress --- apps/kubernetes-dashboard/base/values.yaml | 8 ------- .../env/k3s-cluster/ingress.yaml | 21 +++++++++++++++++++ 2 files changed, 21 insertions(+), 8 deletions(-) create mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml diff --git a/apps/kubernetes-dashboard/base/values.yaml b/apps/kubernetes-dashboard/base/values.yaml index 9be4546..0ea1f6e 100644 --- a/apps/kubernetes-dashboard/base/values.yaml +++ b/apps/kubernetes-dashboard/base/values.yaml @@ -1,11 +1,3 @@ -app: - ingress: - enabled: true - hosts: - - "k3s-dashboard.cluster.edward.sydney" - ingressClassName: nginx - tls: - enabled: false auth: volumes: - name: tmp-volume diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml new file mode 100644 index 0000000..db3dcbc --- /dev/null +++ b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kubernetes-dashboard-ingress + namespace: kubernetes-dashboard + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + rules: + - host: "k3s-dashboard.cluster.edward.sydney" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: kubernetes-dashboard-web + port: + number: 8000 \ No newline at end of file From 234dcf803c349993d09cf65e9854963781e537f4 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:07:58 +1000 Subject: [PATCH 30/39] create standalone ingress --- apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml index a227ac4..3ea3085 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../base \ No newline at end of file + - ../../base + - ./ingress.yaml \ No newline at end of file From e5f7dd84b441ba63a7df618aed5bfc78c1b6d212 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:16:46 +1000 Subject: [PATCH 31/39] default values --- .../base/kustomization.yaml | 3 +-- apps/kubernetes-dashboard/base/values.yaml | 18 ------------------ .../env/k3s-cluster/ingress.yaml | 4 ++-- 3 files changed, 3 insertions(+), 22 deletions(-) delete mode 100644 apps/kubernetes-dashboard/base/values.yaml diff --git a/apps/kubernetes-dashboard/base/kustomization.yaml b/apps/kubernetes-dashboard/base/kustomization.yaml index e539a2c..dfef520 100644 --- a/apps/kubernetes-dashboard/base/kustomization.yaml +++ b/apps/kubernetes-dashboard/base/kustomization.yaml @@ -4,5 +4,4 @@ helmCharts: - name: kubernetes-dashboard repo: https://kubernetes.github.io/dashboard/ version: 7.5.0 - releaseName: kubernetes-dashboard - valuesFile: values.yaml \ No newline at end of file + releaseName: kubernetes-dashboard \ No newline at end of file diff --git a/apps/kubernetes-dashboard/base/values.yaml b/apps/kubernetes-dashboard/base/values.yaml deleted file mode 100644 index 0ea1f6e..0000000 --- a/apps/kubernetes-dashboard/base/values.yaml +++ /dev/null @@ -1,18 +0,0 @@ -auth: - volumes: - - name: tmp-volume - path: /mnt/nfs/AppData/kubernetes-dashboard/auth -api: - volumes: - - name: tmp-volume - path: /mnt/nfs/AppData/kubernetes-dashboard/auth -web: - volumes: - - name: tmp-volume - path: /mnt/nfs/AppData/kubernetes-dashboard/auth -metricsScraper: - volumes: - - name: tmp-volume - path: /mnt/nfs/AppData/kubernetes-dashboard/auth -kong: - enabled: false \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml index db3dcbc..c190812 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml @@ -16,6 +16,6 @@ spec: path: "/" backend: service: - name: kubernetes-dashboard-web + name: kubernetes-dashboard port: - number: 8000 \ No newline at end of file + number: 443 \ No newline at end of file From 60e33c2fb353fd73346a4c56e70d25f73532e3d1 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:34:58 +1000 Subject: [PATCH 32/39] patch fix for missing configmap --- .../env/k3s-cluster/configmap.yaml | 53 +++++++++++++++++++ .../env/k3s-cluster/kustomization.yaml | 1 + 2 files changed, 54 insertions(+) create mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml new file mode 100644 index 0000000..25487b0 --- /dev/null +++ b/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + "app.kubernetes.io/instance": "kubernetes-dashboard" + "app.kubernetes.io/managed-by": "Helm" + "app.kubernetes.io/part-of": "kubernetes-dashboard" + "argocd.argoproj.io/instance": "kubernetes-dashboard" + "helm.sh/chart": "kubernetes-dashboard-7.5.0" + name: kong-dbless-config +data: + kong.yml: | + _format_version: "3.0" + services: + - name: auth + host: kubernetes-dashboard-auth + port: 8000 + protocol: http + routes: + - name: authLogin + paths: + - /api/v1/login + strip_path: false + - name: authCsrf + paths: + - /api/v1/csrftoken/login + strip_path: false + - name: authMe + paths: + - /api/v1/me + strip_path: false + - name: api + host: kubernetes-dashboard-api + port: 8000 + protocol: http + routes: + - name: api + paths: + - /api + strip_path: false + - name: metrics + paths: + - /metrics + strip_path: false + - name: web + host: kubernetes-dashboard-web + port: 8000 + protocol: http + routes: + - name: root + paths: + - / + strip_path: false diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml index 3ea3085..68fc6ec 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ./configmap.yaml - ../../base - ./ingress.yaml \ No newline at end of file From 4682e03e8107f8822b4918c6a96bd3b1d68766cd Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:36:45 +1000 Subject: [PATCH 33/39] patch fix for missing configmap --- .../env/k3s-cluster/configmap.yaml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml index 25487b0..a9854de 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml @@ -1,13 +1,4 @@ apiVersion: v1 -kind: ConfigMap -metadata: - labels: - "app.kubernetes.io/instance": "kubernetes-dashboard" - "app.kubernetes.io/managed-by": "Helm" - "app.kubernetes.io/part-of": "kubernetes-dashboard" - "argocd.argoproj.io/instance": "kubernetes-dashboard" - "helm.sh/chart": "kubernetes-dashboard-7.5.0" - name: kong-dbless-config data: kong.yml: | _format_version: "3.0" @@ -51,3 +42,13 @@ data: paths: - / strip_path: false +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: kubernetes-dashboard + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + argocd.argoproj.io/instance: kubernetes-dashboard + helm.sh/chart: kubernetes-dashboard-7.5.0 + name: kong-dbless-config + namespace: argocd \ No newline at end of file From 2cae464224bebc33cac46acd3faa96fa998bef29 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:42:26 +1000 Subject: [PATCH 34/39] enable ingress --- .../base/kustomization.yaml | 3 ++- apps/kubernetes-dashboard/base/values.yaml | 8 +++++++ .../env/k3s-cluster/ingress.yaml | 21 ------------------- 3 files changed, 10 insertions(+), 22 deletions(-) create mode 100644 apps/kubernetes-dashboard/base/values.yaml delete mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml diff --git a/apps/kubernetes-dashboard/base/kustomization.yaml b/apps/kubernetes-dashboard/base/kustomization.yaml index dfef520..e539a2c 100644 --- a/apps/kubernetes-dashboard/base/kustomization.yaml +++ b/apps/kubernetes-dashboard/base/kustomization.yaml @@ -4,4 +4,5 @@ helmCharts: - name: kubernetes-dashboard repo: https://kubernetes.github.io/dashboard/ version: 7.5.0 - releaseName: kubernetes-dashboard \ No newline at end of file + releaseName: kubernetes-dashboard + valuesFile: values.yaml \ No newline at end of file diff --git a/apps/kubernetes-dashboard/base/values.yaml b/apps/kubernetes-dashboard/base/values.yaml new file mode 100644 index 0000000..007cea9 --- /dev/null +++ b/apps/kubernetes-dashboard/base/values.yaml @@ -0,0 +1,8 @@ +app: + ingress: + enabled: true + hosts: + - k3s-dashboard.cluster.edward.sydney + ingressClassName: nginx + tls: + enabled: false \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml deleted file mode 100644 index c190812..0000000 --- a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kubernetes-dashboard-ingress - namespace: kubernetes-dashboard - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/use-regex: "true" -spec: - ingressClassName: nginx - rules: - - host: "k3s-dashboard.cluster.edward.sydney" - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: kubernetes-dashboard - port: - number: 443 \ No newline at end of file From 9552296d0eb7750f597e080ca7d4cd4918bdfc29 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:42:38 +1000 Subject: [PATCH 35/39] enable ingress --- apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml index 68fc6ec..7a35b47 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./configmap.yaml - - ../../base - - ./ingress.yaml \ No newline at end of file + - ../../base \ No newline at end of file From 3eb5e80417fbf909a3d8ff3de2cbb89e9f152e89 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:52:54 +1000 Subject: [PATCH 36/39] standalone ingress to fix namespace issue --- .../base/kustomization.yaml | 3 +- apps/kubernetes-dashboard/base/values.yaml | 8 ----- .../env/k3s-cluster/ingress.yaml | 29 +++++++++++++++++++ .../env/k3s-cluster/kustomization.yaml | 3 +- 4 files changed, 32 insertions(+), 11 deletions(-) delete mode 100644 apps/kubernetes-dashboard/base/values.yaml create mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml diff --git a/apps/kubernetes-dashboard/base/kustomization.yaml b/apps/kubernetes-dashboard/base/kustomization.yaml index e539a2c..dfef520 100644 --- a/apps/kubernetes-dashboard/base/kustomization.yaml +++ b/apps/kubernetes-dashboard/base/kustomization.yaml @@ -4,5 +4,4 @@ helmCharts: - name: kubernetes-dashboard repo: https://kubernetes.github.io/dashboard/ version: 7.5.0 - releaseName: kubernetes-dashboard - valuesFile: values.yaml \ No newline at end of file + releaseName: kubernetes-dashboard \ No newline at end of file diff --git a/apps/kubernetes-dashboard/base/values.yaml b/apps/kubernetes-dashboard/base/values.yaml deleted file mode 100644 index 007cea9..0000000 --- a/apps/kubernetes-dashboard/base/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -app: - ingress: - enabled: true - hosts: - - k3s-dashboard.cluster.edward.sydney - ingressClassName: nginx - tls: - enabled: false \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml new file mode 100644 index 0000000..74a838e --- /dev/null +++ b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/issuer: selfsigned + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-passthrough: 'true' + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + labels: + app.kubernetes.io/instance: kubernetes-dashboard + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: kubernetes-dashboard + argocd.argoproj.io/instance: kubernetes-dashboard + helm.sh/chart: kubernetes-dashboard-7.5.0 + name: kubernetes-dashboard + namespace: argocd +spec: + ingressClassName: nginx + rules: + - host: k3s-dashboard.cluster.edward.sydney + http: + paths: + - backend: + service: + name: kubernetes-dashboard-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml index 7a35b47..68fc6ec 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./configmap.yaml - - ../../base \ No newline at end of file + - ../../base + - ./ingress.yaml \ No newline at end of file From 49ad1962b71b5c4565edd182429f91fc7398bb8a Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 07:58:54 +1000 Subject: [PATCH 37/39] fix namespace issue --- apps/kubernetes-dashboard/base/kustomization.yaml | 3 ++- apps/kubernetes-dashboard/base/values.yaml | 8 ++++++++ apps/kubernetes-dashboard/env/k3s-cluster/config.json | 4 ++-- .../env/k3s-cluster/kustomization.yaml | 4 +--- resources/namespaces/base/kubernetes-dashboard.yaml | 9 --------- resources/namespaces/base/kustomization.yaml | 1 - 6 files changed, 13 insertions(+), 16 deletions(-) create mode 100644 apps/kubernetes-dashboard/base/values.yaml delete mode 100644 resources/namespaces/base/kubernetes-dashboard.yaml diff --git a/apps/kubernetes-dashboard/base/kustomization.yaml b/apps/kubernetes-dashboard/base/kustomization.yaml index dfef520..e539a2c 100644 --- a/apps/kubernetes-dashboard/base/kustomization.yaml +++ b/apps/kubernetes-dashboard/base/kustomization.yaml @@ -4,4 +4,5 @@ helmCharts: - name: kubernetes-dashboard repo: https://kubernetes.github.io/dashboard/ version: 7.5.0 - releaseName: kubernetes-dashboard \ No newline at end of file + releaseName: kubernetes-dashboard + valuesFile: values.yaml \ No newline at end of file diff --git a/apps/kubernetes-dashboard/base/values.yaml b/apps/kubernetes-dashboard/base/values.yaml new file mode 100644 index 0000000..007cea9 --- /dev/null +++ b/apps/kubernetes-dashboard/base/values.yaml @@ -0,0 +1,8 @@ +app: + ingress: + enabled: true + hosts: + - k3s-dashboard.cluster.edward.sydney + ingressClassName: nginx + tls: + enabled: false \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/config.json b/apps/kubernetes-dashboard/env/k3s-cluster/config.json index 135ed6a..2d65284 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/config.json +++ b/apps/kubernetes-dashboard/env/k3s-cluster/config.json @@ -1,8 +1,8 @@ { "appName": "kubernetes-dashboard", "userGivenName": "kubernetes-dashboard", - "namespace": "kubernetes-dashboard", - "destNamespace": "kubernetes-dashboard", + "namespace": "argocd", + "destNamespace": "argocd", "destServer": "https://kubernetes.default.svc", "srcPath": "apps/kubernetes-dashboard/env/k3s-cluster", "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml index 68fc6ec..a227ac4 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml @@ -1,6 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./configmap.yaml - - ../../base - - ./ingress.yaml \ No newline at end of file + - ../../base \ No newline at end of file diff --git a/resources/namespaces/base/kubernetes-dashboard.yaml b/resources/namespaces/base/kubernetes-dashboard.yaml deleted file mode 100644 index 7310d7a..0000000 --- a/resources/namespaces/base/kubernetes-dashboard.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: - argocd.argoproj.io/sync-options: Prune=false - creationTimestamp: null - name: kubernetes-dashboard -spec: {} -status: {} diff --git a/resources/namespaces/base/kustomization.yaml b/resources/namespaces/base/kustomization.yaml index a02b932..f33cb14 100644 --- a/resources/namespaces/base/kustomization.yaml +++ b/resources/namespaces/base/kustomization.yaml @@ -16,7 +16,6 @@ resources: - ./ingress-nginx.yaml - ./jellyfin.yaml - ./kavita.yaml - - ./kubernetes-dashboard.yaml - ./local-path-storage.yaml - ./logstash.yaml - ./minio.yaml From db130c7ec6050dabe22f0c71966cdac6d20215ae Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 08:09:00 +1000 Subject: [PATCH 38/39] add service account with cluster-admin role for the token --- .../env/k3s-cluster/cluster-role.yaml | 12 +++++ .../env/k3s-cluster/configmap.yaml | 54 ------------------- .../env/k3s-cluster/ingress.yaml | 29 ---------- .../env/k3s-cluster/kustomization.yaml | 4 +- .../env/k3s-cluster/service-account.yaml | 5 ++ 5 files changed, 20 insertions(+), 84 deletions(-) create mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/cluster-role.yaml delete mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml delete mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml create mode 100644 apps/kubernetes-dashboard/env/k3s-cluster/service-account.yaml diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/cluster-role.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/cluster-role.yaml new file mode 100644 index 0000000..2e74aab --- /dev/null +++ b/apps/kubernetes-dashboard/env/k3s-cluster/cluster-role.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: admin-user + namespace: argocd \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml deleted file mode 100644 index a9854de..0000000 --- a/apps/kubernetes-dashboard/env/k3s-cluster/configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: v1 -data: - kong.yml: | - _format_version: "3.0" - services: - - name: auth - host: kubernetes-dashboard-auth - port: 8000 - protocol: http - routes: - - name: authLogin - paths: - - /api/v1/login - strip_path: false - - name: authCsrf - paths: - - /api/v1/csrftoken/login - strip_path: false - - name: authMe - paths: - - /api/v1/me - strip_path: false - - name: api - host: kubernetes-dashboard-api - port: 8000 - protocol: http - routes: - - name: api - paths: - - /api - strip_path: false - - name: metrics - paths: - - /metrics - strip_path: false - - name: web - host: kubernetes-dashboard-web - port: 8000 - protocol: http - routes: - - name: root - paths: - - / - strip_path: false -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/instance: kubernetes-dashboard - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kubernetes-dashboard - argocd.argoproj.io/instance: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-7.5.0 - name: kong-dbless-config - namespace: argocd \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml deleted file mode 100644 index 74a838e..0000000 --- a/apps/kubernetes-dashboard/env/k3s-cluster/ingress.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - cert-manager.io/issuer: selfsigned - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - nginx.ingress.kubernetes.io/ssl-passthrough: 'true' - nginx.ingress.kubernetes.io/ssl-redirect: 'true' - labels: - app.kubernetes.io/instance: kubernetes-dashboard - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: kubernetes-dashboard - argocd.argoproj.io/instance: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-7.5.0 - name: kubernetes-dashboard - namespace: argocd -spec: - ingressClassName: nginx - rules: - - host: k3s-dashboard.cluster.edward.sydney - http: - paths: - - backend: - service: - name: kubernetes-dashboard-kong-proxy - port: - number: 443 - path: / - pathType: ImplementationSpecific \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml index a227ac4..67271a1 100644 --- a/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml +++ b/apps/kubernetes-dashboard/env/k3s-cluster/kustomization.yaml @@ -1,4 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../base \ No newline at end of file + - ../../base + - ./service-account.yaml + - ./cluster-role.yaml \ No newline at end of file diff --git a/apps/kubernetes-dashboard/env/k3s-cluster/service-account.yaml b/apps/kubernetes-dashboard/env/k3s-cluster/service-account.yaml new file mode 100644 index 0000000..69dd136 --- /dev/null +++ b/apps/kubernetes-dashboard/env/k3s-cluster/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: argocd \ No newline at end of file From e0e26294cfba7162246bb6df0641d1a7539982a3 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Wed, 24 Jul 2024 08:19:43 +1000 Subject: [PATCH 39/39] update replica number for the node exporters --- .../prometheus-exporters/env/k3s-cluster/node-exporter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml b/infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml index fc39f2a..d58f1eb 100644 --- a/infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml +++ b/infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml @@ -6,7 +6,7 @@ metadata: labels: app: prometheus-node-exporter spec: - replicas: 3 + replicas: 4 selector: matchLabels: app: prometheus-node-exporter