K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update chartmuseum using helm chart

Browse Source
This commit is contained in:
Edward Cheng
2024-09-06 18:08:27 +10:00
parent 42dfaf1aaf
commit 729759d2bb
9 changed files with 108 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
apps/chartmuseum/base/deployment.yaml
View File

@@ -1,45 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: chartmuseum
namespace: chartmuseum
labels:
app.kubernetes.io/name: chartmuseum
spec:
selector:
matchLabels:
app.kubernetes.io/name: chartmuseum
template:
metadata:
labels:
app.kubernetes.io/name: chartmuseum
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
containers:
- name: homer
image: ghcr.io/helm/chartmuseum:v0.16.2
securityContext:
allowPrivilegeEscalation: false
env:
- name: DEBUG
value: "1"
- name: STORAGE
value: "local"
- name: STORAGE_LOCAL_ROOTDIR
value: "/charts"
ports:
- protocol: TCP
containerPort: 8080
name: http
volumeMounts:
- name: charts
mountPath: /charts
volumes:
- name: charts
hostPath:
path: /mnt/nfs/AppData/chartmuseum/charts
type: Directory
nodeSelector:
kubernetes.io/os: linux

5
apps/chartmuseum/base/kustomization.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./deployment.yaml
- ./service.yaml

20
apps/chartmuseum/base/service.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: chartmuseum
namespace: chartmuseum
annotations:
metallb.universe.tf/address-pool: k3s-cluster-ip-pool
metallb.universe.tf/allow-shared-ip: k3s-cluster
labels:
app.kubernetes.io/name: chartmuseum
spec:
selector:
app.kubernetes.io/name: chartmuseum
type: LoadBalancer
internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 8899
targetPort: 8080
name: http

35
apps/chartmuseum/env/k3s-cluster/ingress.yaml vendored
View File

@@ -1,35 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: chartmuseum-ingress
namespace: chartmuseum
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- "chartmuseum.cluster.edward.sydney"
secretName: "chartmuseum-tls"
rules:
- host: "chartmuseum.cluster.edward.sydney"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: chartmuseum
port:
number: 8899
- host: "chartmuseum.cluster.local"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: chartmuseum
port:
number: 8899

9
apps/chartmuseum/env/k3s-cluster/kustomization.yaml vendored
View File

@@ -1,5 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
- ./ingress.yaml
helmCharts:
- name: chartmuseum
repo: https://chartmuseum.github.io/charts
version: 3.10.3
releaseName: chartmuseum
valuesFile: values.yaml

25
apps/chartmuseum/env/k3s-cluster/values.yaml vendored Normal file
View File

@@ -0,0 +1,25 @@
env:
open:
AUTH_ANONYMOUS_GET: true
CACHE: redis
CACHE_REDIS_ADDR: redis-master.redis.svc.cluster.local:6379
CACHE_REDIS_DB: chartmuseum
existingSecret: chartmuseum-secrets
existingSecretMappings:
BASIC_AUTH_USER: auth-user
BASIC_AUTH_PASS: auth-password
CACHE_REDIS_PASSWORD: redis-password
deployment:
service:
type: LoadBalancer
externalPort: 8899
persistent:
enabled: true
existingClaim: chartmuseum-pvc
ingress:
enabled: true
hosts:
- name: chartmuseum.cluster.edward.sydney
tls: true
tlsSecret: chartmuseum-tls
ingressClassName: nginx

24
resources/app-secrets/env/k3s-cluster/templates/chartmuseum-secrets.yaml vendored Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
annotations:
sealedsecrets.bitnami.com/cluster-wide: "true"
creationTimestamp: null
name: chartmuseum-secrets
namespace: chartmuseum
spec:
encryptedData:
auth-password: AgB4Pi+VpFytFfMCAed5SqLwFPvpAPPH2lznhPWtTfBgwUZwe2c14OeBTYeJp+u1dyOmkR751MH5czKHAkHrFbkFOATpTZoJpoUeS9LhTQ60d3yeQHHJEJRPR6d0Z5qsRa3julOxhGbZhxQQcG40bAD1n3c8UYWzrv0ct2YsYHQu6uQCkc6TR94kqsZfHiH40DMRVKMyJumWnpvxwAy5JH02p4C3l7sF204IVapkWFnA6Nv7HNZRBgmKoSU9whl9dnwPvgkHiLgS6RZysXSQ3Q/xIj28cs4WvBltoD5XBW0/9RPUMdM+tsBv5r2Vj99dhEXDLV9dDLYcxqc3G9D3iey4/106nro7P+WCAXKdW5EJ2DIHDmlqFwoMRM8Te97WZnnyYmdsxxpPff/tF62FjPSIxes/o/M6iSWiU0uWNTJPe0InrEhtyHMY0focbK6FN/t9O05VuRumWC8i3S1GS1dIgWsR8B2+9e6Pmf8jRGArYuuKMh6wQ1KqcuadYCP56GQNA9KgVamSxs6FxDOBeWLPcGQ2eVp81dBlDAKfVPPGOBXQqlkgh22Vcg3kSdMsbDmC3Ow+FPoXcUDr3hUt8H79P5CweXrJjn4aRtMah1J/j2CxqUO+fUTKTwDlHPX7th2lTL8Xw6c1BECuz9aDOhnR/sO6Gp7eWLdVIzr+yjv8q4rDH60hQ61LjS2R3697Kpm2zAauX/PQOrapCapwWxTNyWWF4ayuEck=
auth-user: AgCXfcKXd6TLL62lg/3/xCFOXnPsl6kAt48tTpBAxW4YjylpSM2IPTyalP5T0+ZdxemHe1z5Sa5pTFzIWp5p/qcovXBTTzdPNvQ0k10DSq8bCOfNVfGnbFn9wx/y8sWKQeAhZ4iPQyaWeQBXVd9eVn7oVfiVkG88wBE+gO7m2lPwYyFqksJHbbO3MH5pNHmx+ko/PrjY3KtE5zUcmDdsKzN2A+H3rx0a1LulGnWhPAV5vrI6z3/JUPB3CunglncKO1ywC8Sq8XPpnhK8MJxqOej/5oS7J1HbBnpY5DCIb2Jo3Mxc8ThLslVZaxO7GwWNdn1mvO2RtmGsCYCgr/wdP9/r2hDLEIg6VeaufsKTi3dYhyFHXTHN9SD7sPid0rUbF2NRgsgS0LzwIIAA1NgQ+ze4ho7MPI4XtSViL/+dpeVL0WtMWdXxSGEzbRikCS90s6M7UzTAbKEEDWUaIjsPXtJaU14kWQZ1K0ZrEQnMU0dPraAn0GHUOiz7h0n6WX2+hcsopPGodoSeSxnkrAsQJQXlRtjZy6Ic2GXBEaMGZCRo78vjy1HK6Tug4drVEOw5BhIJ6BJVCCnUrVk9tZoWO5lZK6qcSNPMsIuieWwoRi0R1SPSjYcvlDPjfiCuw5cl0EUImZ0j8O9tmfl51riilkZgXYUHCHBYsws7awXU6x5xW3u+NC9yJxOBoDMtdDviOX6uYcxbLUiQSRFUow==
redis-password: AgBfpHaVOpvERYuiWG5IPvjijdrOBjKwJmQRTSblWVz+pDQRS5OKBpjAvUH350y+CEuqoMx7jfD5OJrUhx/W9nkAT+Kmbp2txhEr7vhJ+kNbRBwyA34vdCYPwilCqRQmhDk6SVj0sBHx/gLoAFYYuy+RoT1Qc0g+I4nbqiQcAs9GaAbmiJbiv0fsL3hXRcxz5DUWwHlqIwMcVhkPyAt71Z/PWHRG/SFYoRXoKajb4+/k+U3Xz13n29KVQmU71zh5kHoN1npBlKO/lEvXXVRv9AaOy00k9GpDpjxdrqLevov++NlvvLWH+s4tKiNtkUQltnSCvCmFan5Ym93TC3D4QCJMUGn/GtEHlG05fCoJ4iTm2l/urZKCk8JLMbegOXDBPvdbbUh13BUwBcQgk+huztdjIUEJLTZH3xoVxKLmp1hPXsHqyMuvC9xe1dTgTNbciJeOKCWRJ2gpBC0HR0pikOvkVWWOIjhUYV+M1LN/gXa30FkUtMvnJ9QVC3gS6g+4iVAkFDQVHfsTLH3OeICucBilTUFXcan8Lt11u6NxNnt8MkMDWIgK7dRJ9UAnR7YRrHOBO4wTRd3XzkQH1Wa+JySrx/EvYmK73iPVbBb3/3ifGL9dcU/KJxzqkMuGRgCrKnds0rP7IiD0g6hRwPGKkFvqw7IQPnTV5AZYkhVytfUaxPCqcooQl5oTeDP1yiAW4BHmDnkZ2mPXN2Yhe42FtsMY1/nvIg==
template:
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
sealedsecrets.bitnami.com/cluster-wide: "true"
sealedsecrets.bitnami.com/managed: "true"
creationTimestamp: null
name: chartmuseum-secrets
namespace: chartmuseum
type: Opaque

38
resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pv.yaml vendored Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: chartmuseum-pv
namespace: chartmuseum
labels:
type: local
spec:
storageClassName: local-path
volumeMode: Filesystem
capacity:
storage: 256Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
local:
path: "/mnt/nfs/AppData/chartmuseum/charts"
claimRef:
apiVersion: v1
kind: PersistentVolumeClaim
name: chartmuseum-pvc
namespace: chartmuseum
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/hostname
operator: In
values:
- k3s-cluster-node-y

15
resources/app-volumes/env/k3s-cluster/templates/chartmuseum-pvc.yaml vendored Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chartmuseum-pvc
namespace: chartmuseum
labels:
name: chartmuseum-pvc
spec:
storageClassName: local-path
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 256Gi