From 23b7b3c7ec132dff3783fcc497ebc9d06a2afe7b Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Tue, 25 Jul 2023 09:32:29 -0500 Subject: [PATCH] update --- cert-manager/templates/sealedsecret.yaml | 17 -- durpot/templates/secrets.yaml | 23 +- external-dns/templates/secrets.yaml | 21 +- gitlab-runner/templates/secrets.yaml | 24 +- invidious/Chart.yaml | 22 -- invidious/templates/_helpers.tpl | 16 -- invidious/templates/configmap.yaml | 242 ------------------ invidious/templates/deployment.yaml | 61 ----- invidious/templates/hpa.yaml | 18 -- invidious/templates/ingress.yaml | 42 --- invidious/templates/service.yaml | 20 -- invidious/values.yaml | 61 ----- .../templates/grafana-secrets-sealed.yaml | 25 +- longhorn/templates/secrets.yaml | 21 +- 14 files changed, 14 insertions(+), 599 deletions(-) delete mode 100644 invidious/Chart.yaml delete mode 100644 invidious/templates/_helpers.tpl delete mode 100644 invidious/templates/configmap.yaml delete mode 100644 invidious/templates/deployment.yaml delete mode 100644 invidious/templates/hpa.yaml delete mode 100644 invidious/templates/ingress.yaml delete mode 100644 invidious/templates/service.yaml delete mode 100644 invidious/values.yaml diff --git a/cert-manager/templates/sealedsecret.yaml b/cert-manager/templates/sealedsecret.yaml index a82d570..37a2e92 100644 --- a/cert-manager/templates/sealedsecret.yaml +++ b/cert-manager/templates/sealedsecret.yaml @@ -1,20 +1,3 @@ -#apiVersion: bitnami.com/v1alpha1 -#kind: SealedSecret -#metadata: -# creationTimestamp: null -# name: cloudflare-api-token-secret -# namespace: cert-manager -#spec: -# encryptedData: -# api-token: AgByFA+3NxZ6EPc0kt99+9+aFFRoYN0L82HPYilEtkxBKWdIc70k6SAmOAGUQnrBbCulWSq+qLaGSOk7l/ul2IzJLLitpluJbb2Ck2qiZyAoGCaO0V+rdZxzrOpKnDrEk8/puvz1jbfRbiDvPzz1/x/U3hG6InXzj63wU+WYsu3xCEcVrPSlEUILK0DeAVJipdn/5Auw5ckgVMZ6j+Fjcp94INWUw/Z7wiiebXOgeh5BxvFiYw9Pk7CMMRqdIkDT30ynCgn9v2Gl280P/J6QCByljGkr7b6gOXgYw/KIxSsl2mzv9Ar2+ZWvka9nqykdL8dE3Ju3MtFTPCNv+REdEZH+EubxXeE+WS+hYhMVoPPIt/47yh6Pu1xU7Ms8aLXlUMBxIzonBTcyRvktH2Mc86CWPXYYdfi7885iq/uRt4hJN3akAh4zazfBwJ/FCVzrJb+zMfozwR4tPiGwb2HxfggAy0UW0SYxUNGbwmr7J+9g5QOFyNrtPqsslH5piGHtERtegpB4MngdNFLln3oidt+ef0//Y3E+V4c2vY+t0OirgRgJ59UVhEFDLUgvaHNjJ2PGlmyQa98hSzYfpmm/4sAsTAIM/W/oRwtsA2arOjg79An397upqbepBVqYe0wqHML50eE1C3mX9bwtdq4+W3A1GmpadYl9n2HrtLF/rTPenFVLqzodN7VLBRNU8f49Xc7s9hEHnlMegrh/drYC2ckn3w/V2s1Yya8RUQiGnqztdOAJqCwL1o/f -# template: -# data: null -# metadata: -# creationTimestamp: null -# name: cloudflare-api-token-secret -# namespace: cert-manager -#--- - apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: diff --git a/durpot/templates/secrets.yaml b/durpot/templates/secrets.yaml index f5a64c2..792f909 100644 --- a/durpot/templates/secrets.yaml +++ b/durpot/templates/secrets.yaml @@ -1,11 +1,11 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: vault-durpot + name: durpot-secert spec: secretStoreRef: - name: vault-durpot - kind: SecretStore + name: vault + kind: ClusterSecretStore target: name: durpot-secret data: @@ -41,20 +41,3 @@ spec: remoteRef: key: secrets/durpot/auth property: Username - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: SecretStore -metadata: - name: vault-durpot -spec: - provider: - vault: - server: "http://vault.vault.svc.cluster.local:8200" - path: "secrets" - version: "v2" - auth: - kubernetes: - mountPath: "kubernetes" - role: "external-secrets" \ No newline at end of file diff --git a/external-dns/templates/secrets.yaml b/external-dns/templates/secrets.yaml index 42ade25..142c03a 100644 --- a/external-dns/templates/secrets.yaml +++ b/external-dns/templates/secrets.yaml @@ -1,11 +1,11 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: external-dns + name: external-dns-secret spec: secretStoreRef: name: vault - kind: SecretStore + kind: ClusterSecretStore target: name: external-dns data: @@ -21,20 +21,3 @@ spec: remoteRef: key: secrets/external-dns/cloudflare property: cloudflare_api_token - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: SecretStore -metadata: - name: vault -spec: - provider: - vault: - server: "http://vault.vault.svc.cluster.local:8200" - path: "secrets" - version: "v2" - auth: - kubernetes: - mountPath: "kubernetes" - role: "external-secrets" \ No newline at end of file diff --git a/gitlab-runner/templates/secrets.yaml b/gitlab-runner/templates/secrets.yaml index bb6ebf0..784ef11 100644 --- a/gitlab-runner/templates/secrets.yaml +++ b/gitlab-runner/templates/secrets.yaml @@ -1,11 +1,11 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: vault-gitlab + name: gitlab-secret spec: secretStoreRef: - name: vault-gitlab - kind: SecretStore + name: vault + kind: ClusterSecretStore target: name: gitlab-secret data: @@ -17,21 +17,3 @@ spec: remoteRef: key: secrets/gitlab/runner property: runner-token - - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: SecretStore -metadata: - name: vault-gitlab -spec: - provider: - vault: - server: "http://vault.vault.svc.cluster.local:8200" - path: "secrets" - version: "v2" - auth: - kubernetes: - mountPath: "kubernetes" - role: "external-secrets" \ No newline at end of file diff --git a/invidious/Chart.yaml b/invidious/Chart.yaml deleted file mode 100644 index 4e4295b..0000000 --- a/invidious/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v2 -name: invidious -description: Invidious is an alternative front-end to YouTube -version: 1.1.1 -appVersion: 0.20.1 -keywords: -- youtube -- proxy -- video -- privacy -home: https://invidio.us/ -icon: https://raw.githubusercontent.com/iv-org/invidious/05988c1c49851b7d0094fca16aeaf6382a7f64ab/assets/favicon-32x32.png -sources: -- https://github.com/iv-org/invidious -maintainers: -- name: Leon Klingele - email: mail@leonklingele.de -dependencies: -- name: postgresql - version: ~12.1.6 - repository: "https://charts.bitnami.com/bitnami/" -engine: gotpl diff --git a/invidious/templates/_helpers.tpl b/invidious/templates/_helpers.tpl deleted file mode 100644 index 52158b7..0000000 --- a/invidious/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "invidious.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "invidious.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/invidious/templates/configmap.yaml b/invidious/templates/configmap.yaml deleted file mode 100644 index 4ef0669..0000000 --- a/invidious/templates/configmap.yaml +++ /dev/null @@ -1,242 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "invidious.fullname" . }} - labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} -data: - INVIDIOUS_CONFIG: | -{{ toYaml .Values.config | indent 4 }} - ---- - -apiVersion: v1 -data: - annotations.sql: | - -- Table: public.annotations - - -- DROP TABLE public.annotations; - - CREATE TABLE IF NOT EXISTS public.annotations - ( - id text NOT NULL, - annotations xml, - CONSTRAINT annotations_id_key UNIQUE (id) - ); - - GRANT ALL ON TABLE public.annotations TO current_user; - channel_videos.sql: |+ - -- Table: public.channel_videos - - -- DROP TABLE public.channel_videos; - - CREATE TABLE IF NOT EXISTS public.channel_videos - ( - id text NOT NULL, - title text, - published timestamp with time zone, - updated timestamp with time zone, - ucid text, - author text, - length_seconds integer, - live_now boolean, - premiere_timestamp timestamp with time zone, - views bigint, - CONSTRAINT channel_videos_id_key UNIQUE (id) - ); - - GRANT ALL ON TABLE public.channel_videos TO current_user; - - -- Index: public.channel_videos_ucid_idx - - -- DROP INDEX public.channel_videos_ucid_idx; - - CREATE INDEX IF NOT EXISTS channel_videos_ucid_idx - ON public.channel_videos - USING btree - (ucid COLLATE pg_catalog."default"); - - channels.sql: |+ - -- Table: public.channels - - -- DROP TABLE public.channels; - - CREATE TABLE IF NOT EXISTS public.channels - ( - id text NOT NULL, - author text, - updated timestamp with time zone, - deleted boolean, - subscribed timestamp with time zone, - CONSTRAINT channels_id_key UNIQUE (id) - ); - - GRANT ALL ON TABLE public.channels TO current_user; - - -- Index: public.channels_id_idx - - -- DROP INDEX public.channels_id_idx; - - CREATE INDEX IF NOT EXISTS channels_id_idx - ON public.channels - USING btree - (id COLLATE pg_catalog."default"); - - nonces.sql: |+ - -- Table: public.nonces - - -- DROP TABLE public.nonces; - - CREATE TABLE IF NOT EXISTS public.nonces - ( - nonce text, - expire timestamp with time zone, - CONSTRAINT nonces_id_key UNIQUE (nonce) - ); - - GRANT ALL ON TABLE public.nonces TO current_user; - - -- Index: public.nonces_nonce_idx - - -- DROP INDEX public.nonces_nonce_idx; - - CREATE INDEX IF NOT EXISTS nonces_nonce_idx - ON public.nonces - USING btree - (nonce COLLATE pg_catalog."default"); - - playlist_videos.sql: | - -- Table: public.playlist_videos - - -- DROP TABLE public.playlist_videos; - - CREATE TABLE IF NOT EXISTS public.playlist_videos - ( - title text, - id text, - author text, - ucid text, - length_seconds integer, - published timestamptz, - plid text references playlists(id), - index int8, - live_now boolean, - PRIMARY KEY (index,plid) - ); - - GRANT ALL ON TABLE public.playlist_videos TO current_user; - playlists.sql: | - -- Type: public.privacy - - -- DROP TYPE public.privacy; - - CREATE TYPE public.privacy AS ENUM - ( - 'Public', - 'Unlisted', - 'Private' - ); - - -- Table: public.playlists - - -- DROP TABLE public.playlists; - - CREATE TABLE IF NOT EXISTS public.playlists - ( - title text, - id text primary key, - author text, - description text, - video_count integer, - created timestamptz, - updated timestamptz, - privacy privacy, - index int8[] - ); - - GRANT ALL ON public.playlists TO current_user; - session_ids.sql: |+ - -- Table: public.session_ids - - -- DROP TABLE public.session_ids; - - CREATE TABLE IF NOT EXISTS public.session_ids - ( - id text NOT NULL, - email text, - issued timestamp with time zone, - CONSTRAINT session_ids_pkey PRIMARY KEY (id) - ); - - GRANT ALL ON TABLE public.session_ids TO current_user; - - -- Index: public.session_ids_id_idx - - -- DROP INDEX public.session_ids_id_idx; - - CREATE INDEX IF NOT EXISTS session_ids_id_idx - ON public.session_ids - USING btree - (id COLLATE pg_catalog."default"); - - users.sql: |+ - -- Table: public.users - - -- DROP TABLE public.users; - - CREATE TABLE IF NOT EXISTS public.users - ( - updated timestamp with time zone, - notifications text[], - subscriptions text[], - email text NOT NULL, - preferences text, - password text, - token text, - watched text[], - feed_needs_update boolean, - CONSTRAINT users_email_key UNIQUE (email) - ); - - GRANT ALL ON TABLE public.users TO current_user; - - -- Index: public.email_unique_idx - - -- DROP INDEX public.email_unique_idx; - - CREATE UNIQUE INDEX IF NOT EXISTS email_unique_idx - ON public.users - USING btree - (lower(email) COLLATE pg_catalog."default"); - - videos.sql: |+ - -- Table: public.videos - - -- DROP TABLE public.videos; - - CREATE UNLOGGED TABLE IF NOT EXISTS public.videos - ( - id text NOT NULL, - info text, - updated timestamp with time zone, - CONSTRAINT videos_pkey PRIMARY KEY (id) - ); - - GRANT ALL ON TABLE public.videos TO current_user; - - -- Index: public.id_idx - - -- DROP INDEX public.id_idx; - - CREATE UNIQUE INDEX IF NOT EXISTS id_idx - ON public.videos - USING btree - (id COLLATE pg_catalog."default"); - -kind: ConfigMap -metadata: - creationTimestamp: null - name: invidious-postgresql-init - diff --git a/invidious/templates/deployment.yaml b/invidious/templates/deployment.yaml deleted file mode 100644 index bb0b832..0000000 --- a/invidious/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "invidious.fullname" . }} - labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "invidious.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} - spec: - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} - initContainers: - - name: wait-for-postgresql - image: postgres - args: - - /bin/sh - - -c - - until pg_isready -h {{ .Values.config.db.host }} -p {{ .Values.config.db.port }} -U {{ .Values.config.db.user }}; do echo waiting for database; sleep 2; done; - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: 3000 - env: - - name: INVIDIOUS_CONFIG - valueFrom: - configMapKeyRef: - key: INVIDIOUS_CONFIG - name: {{ template "invidious.fullname" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }} - capabilities: - drop: - - ALL - resources: -{{ toYaml .Values.resources | indent 10 }} - readinessProbe: - httpGet: - port: 3000 - path: / - livenessProbe: - httpGet: - port: 3000 - path: / - initialDelaySeconds: 15 - restartPolicy: Always diff --git a/invidious/templates/hpa.yaml b/invidious/templates/hpa.yaml deleted file mode 100644 index c6fbefe..0000000 --- a/invidious/templates/hpa.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "invidious.fullname" . }} - labels: - app: {{ template "invidious.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: {{ .Release.Name }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "invidious.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - targetCPUUtilizationPercentage: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} -{{- end }} diff --git a/invidious/templates/ingress.yaml b/invidious/templates/ingress.yaml deleted file mode 100644 index 292b6b9..0000000 --- a/invidious/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: invidious-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`invidious.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: invidious-invidious - port: 3000 - tls: - secretName: invidious-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: invidious-tls -spec: - secretName: invidious-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "invidious.durp.info" - dnsNames: - - "invidious.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: invidious-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: invidious.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/invidious/templates/service.yaml b/invidious/templates/service.yaml deleted file mode 100644 index 01454d4..0000000 --- a/invidious/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "invidious.fullname" . }} - labels: - app: {{ template "invidious.name" . }} - chart: {{ .Chart.Name }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.service.type }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: 3000 - selector: - app: {{ template "invidious.name" . }} - release: {{ .Release.Name }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} diff --git a/invidious/values.yaml b/invidious/values.yaml deleted file mode 100644 index ada633d..0000000 --- a/invidious/values.yaml +++ /dev/null @@ -1,61 +0,0 @@ -name: invidious - -image: - repository: registry.durp.info/invidious/invidious - tag: latest - pullPolicy: Always - -replicaCount: 1 - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 16 - targetCPUUtilizationPercentage: 50 - -service: - type: ClusterIP - port: 3000 - #loadBalancerIP: - -resources: {} - #requests: - # cpu: 100m - # memory: 64Mi - #limits: - # cpu: 800m - # memory: 512Mi - -securityContext: - allowPrivilegeEscalation: false - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - -# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql -postgresql: - image: - tag: 13 - auth: - username: kemal - password: kemal - database: invidious - primary: - initdb: - username: kemal - password: kemal - scriptsConfigMap: invidious-postgresql-init - -# Adapted from ../config/config.yml -config: - channel_threads: 1 - feed_threads: 1 - db: - user: kemal - password: kemal - host: invidious-postgresql - port: 5432 - dbname: invidious - full_refresh: false - https_only: false - domain: diff --git a/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml b/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml index 08d00fe..716d4e5 100644 --- a/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml +++ b/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml @@ -4,8 +4,8 @@ metadata: name: vault-grafana-oauth spec: secretStoreRef: - name: vault-kube-prometheus - kind: SecretStore + name: vault + kind: ClusterSecretStore target: name: grafana-oauth data: @@ -26,8 +26,8 @@ metadata: name: vault-admin-credentials spec: secretStoreRef: - name: vault-kube-prometheus - kind: SecretStore + name: vault + kind: ClusterSecretStore target: name: grafana-admin-credentials data: @@ -39,20 +39,3 @@ spec: remoteRef: key: secrets/kube-prometheus/grafana/admin property: admin-user - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: SecretStore -metadata: - name: vault-kube-prometheus -spec: - provider: - vault: - server: "http://vault.vault.svc.cluster.local:8200" - path: "secrets" - version: "v2" - auth: - kubernetes: - mountPath: "kubernetes" - role: "external-secrets" \ No newline at end of file diff --git a/longhorn/templates/secrets.yaml b/longhorn/templates/secrets.yaml index 4bcbbc4..c10ab89 100644 --- a/longhorn/templates/secrets.yaml +++ b/longhorn/templates/secrets.yaml @@ -5,8 +5,8 @@ metadata: name: external-longhorn-backup-token-secret spec: secretStoreRef: - name: vault-longhorn - kind: SecretStore + name: vault + kind: ClusterSecretStore target: name: longhorn-backup-token-secret data: @@ -22,20 +22,3 @@ spec: remoteRef: key: secrets/longhorn/backup property: AWS_SECRET_ACCESS_KEY - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: SecretStore -metadata: - name: vault-longhorn -spec: - provider: - vault: - server: "http://vault.vault.svc.cluster.local:8200" - path: "secrets" - version: "v2" - auth: - kubernetes: - mountPath: "kubernetes" - role: "external-secrets" \ No newline at end of file