diff --git a/argocd/Chart.yaml b/argocd/Chart.yaml deleted file mode 100644 index cdccf8c..0000000 --- a/argocd/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v2 -name: argocd -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" - -dependencies: -- name: argo-cd - repository: https://argoproj.github.io/argo-helm - version: 6.11.1 - - diff --git a/argocd/templates/InternalProxy.yaml b/argocd/templates/InternalProxy.yaml deleted file mode 100644 index ca9bcc0..0000000 --- a/argocd/templates/InternalProxy.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: internalproxy - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/internalproxy - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: internalproxy - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/argocd.yaml b/argocd/templates/argocd.yaml deleted file mode 100644 index e93aa4f..0000000 --- a/argocd/templates/argocd.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: argocd - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/argocd - destination: - namespace: argocd - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - ---- - -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: argocd-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production -spec: - entryPoints: - - websecure - routes: - - match: Host(`argocd.internal.durp.info`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: argocd-server - port: 443 - scheme: https - tls: - secretName: argocd-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: argocd-tls -spec: - secretName: argocd-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "argocd.internal.durp.info" - dnsNames: - - "argocd.internal.durp.info" diff --git a/argocd/templates/authentik.yaml b/argocd/templates/authentik.yaml deleted file mode 100644 index 5abfb3b..0000000 --- a/argocd/templates/authentik.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: authentik - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/authentik - destination: - namespace: authentik - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/bitwarden.yaml b/argocd/templates/bitwarden.yaml deleted file mode 100644 index ed56924..0000000 --- a/argocd/templates/bitwarden.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: bitwarden - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/bitwarden - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: bitwarden - syncPolicy: - automated: - prune: true - selfHeal: false - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/cert-manager.yaml b/argocd/templates/cert-manager.yaml deleted file mode 100644 index fc11c13..0000000 --- a/argocd/templates/cert-manager.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cert-manager - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/cert-manager - destination: - namespace: cert-manager - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/crossplane.yml b/argocd/templates/crossplane.yml deleted file mode 100644 index 91473eb..0000000 --- a/argocd/templates/crossplane.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: crossplane - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/crossplane - destination: - namespace: crossplane - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/durpapi.yaml b/argocd/templates/durpapi.yaml deleted file mode 100644 index aeefcc1..0000000 --- a/argocd/templates/durpapi.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: durpapi - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/durpapi - destination: - namespace: durpapi - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/durpot.yaml b/argocd/templates/durpot.yaml deleted file mode 100644 index 7a97eb4..0000000 --- a/argocd/templates/durpot.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: durpot - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/durpot - destination: - namespace: durpot - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/external-dns.yaml b/argocd/templates/external-dns.yaml deleted file mode 100644 index 5cf21a5..0000000 --- a/argocd/templates/external-dns.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: external-dns - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/external-dns - destination: - namespace: external-dns - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/external-secrets.yaml b/argocd/templates/external-secrets.yaml deleted file mode 100644 index 04f8f1d..0000000 --- a/argocd/templates/external-secrets.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: external-secrets - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/external-secrets - destination: - namespace: external-secrets - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/gatekeeper.yaml b/argocd/templates/gatekeeper.yaml deleted file mode 100644 index d9a0265..0000000 --- a/argocd/templates/gatekeeper.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: gatekeeper - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/gatekeeper - destination: - namespace: gatekeeper - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/gitlab-runner.yaml b/argocd/templates/gitlab-runner.yaml deleted file mode 100644 index 13f4ebd..0000000 --- a/argocd/templates/gitlab-runner.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: gitlab-runner - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/gitlab-runner - destination: - namespace: gitlab-runner - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/heimdall.yaml b/argocd/templates/heimdall.yaml deleted file mode 100644 index 333a761..0000000 --- a/argocd/templates/heimdall.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: heimdall - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/heimdall - destination: - namespace: heimdall - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/krakend.yaml b/argocd/templates/krakend.yaml deleted file mode 100644 index e5ed113..0000000 --- a/argocd/templates/krakend.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: krakend - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/krakend - destination: - namespace: krakend - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/kube-prometheus-stack.yaml b/argocd/templates/kube-prometheus-stack.yaml deleted file mode 100644 index ab57dfa..0000000 --- a/argocd/templates/kube-prometheus-stack.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kube-prometheus-stack - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/kube-prometheus-stack - destination: - namespace: kube-prometheus-stack - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/kubeclarity.yaml b/argocd/templates/kubeclarity.yaml deleted file mode 100644 index f2db3c0..0000000 --- a/argocd/templates/kubeclarity.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kubeclarity - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/kubeclarity - destination: - namespace: kubeclarity - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/littlelink.yaml b/argocd/templates/littlelink.yaml deleted file mode 100644 index 856ac87..0000000 --- a/argocd/templates/littlelink.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: littlelink - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/littlelink - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: littlelink - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/longhorn.yaml b/argocd/templates/longhorn.yaml deleted file mode 100644 index 1e857c5..0000000 --- a/argocd/templates/longhorn.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: longhorn-system - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/longhorn - destination: - namespace: longhorn-system - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/metallb-system.yaml b/argocd/templates/metallb-system.yaml deleted file mode 100644 index d343453..0000000 --- a/argocd/templates/metallb-system.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: metallb-system - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/metallb-system - destination: - namespace: metallb-system - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - - diff --git a/argocd/templates/nfs-client.yaml b/argocd/templates/nfs-client.yaml deleted file mode 100644 index a299095..0000000 --- a/argocd/templates/nfs-client.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: nfs-client - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/nfs-client - directory: - recurse: true - destination: - namespace: nfs-client - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/open-webui.yaml b/argocd/templates/open-webui.yaml deleted file mode 100644 index beb59a6..0000000 --- a/argocd/templates/open-webui.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: open-webui - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/open-webui - destination: - namespace: open-webui - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/secrets.yaml b/argocd/templates/secrets.yaml deleted file mode 100644 index baeaaee..0000000 --- a/argocd/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-argocd - labels: - app.kubernetes.io/part-of: argocd -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: client-secret - data: - - secretKey: clientSecret - remoteRef: - key: secrets/argocd/authentik - property: clientsecret diff --git a/argocd/templates/traefik.yaml b/argocd/templates/traefik.yaml deleted file mode 100644 index e336d57..0000000 --- a/argocd/templates/traefik.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: traefik - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/traefik - destination: - namespace: traefik - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/argocd/templates/uptimekuma.yaml b/argocd/templates/uptimekuma.yaml deleted file mode 100644 index 1d2c5e6..0000000 --- a/argocd/templates/uptimekuma.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: uptimekuma - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/uptimekuma - directory: - recurse: true - destination: - server: https://kubernetes.default.svc - namespace: uptimekuma - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - diff --git a/argocd/templates/vault.yaml b/argocd/templates/vault.yaml deleted file mode 100644 index 6f4cf72..0000000 --- a/argocd/templates/vault.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vault - namespace: argocd -spec: - project: default - source: - repoURL: https://gitlab.com/developerdurp/homelab.git - targetRevision: main - path: master/vault - destination: - namespace: vault - name: in-cluster - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - jqPathExpressions: - - .webhooks[]?.clientConfig.caBundle diff --git a/argocd/values.yaml b/argocd/values.yaml deleted file mode 100644 index 47a56e3..0000000 --- a/argocd/values.yaml +++ /dev/null @@ -1,62 +0,0 @@ -argo-cd: - - global: - revisionHistoryLimit: 1 - image: - repository: registry.internal.durp.info/argoproj/argocd - imagePullPolicy: Always - - server: - #extraArgs: - # - --dex-server-plaintext - # - --dex-server=argocd-dex-server:5556 - # oidc.config: | - # name: AzureAD - # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 - # clientID: CLIENT_ID - # clientSecret: $oidc.azuread.clientSecret - # requestedIDTokenClaims: - # groups: - # essential: true - # requestedScopes: - # - openid - # - profile - # - email - - dex: - enabled: true - image: - repository: registry.internal.durp.info/dexidp/dex - imagePullPolicy: Always - - configs: - cm: - create: true - annotations: {} - url: https://argocd.internal.durp.info - oidc.tls.insecure.skip.verify: "true" - dex.config: | - connectors: - - config: - issuer: https://authentik.durp.info/application/o/argocd/ - clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625 - clientSecret: $client-secret:clientSecret - insecureEnableGroups: true - scopes: - - openid - - profile - - email - - groups - name: authentik - type: oidc - id: authentik - - rbac: - create: true - policy.csv: | - g, ArgoCD Admins, role:admin - scopes: "[groups]" - - server: - route: - enabled: false diff --git a/authentik/Chart.yaml b/authentik/Chart.yaml deleted file mode 100644 index c87b677..0000000 --- a/authentik/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -name: authentik -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" - -dependencies: -- name: authentik - repository: https://charts.goauthentik.io - version: 2024.8.3 \ No newline at end of file diff --git a/authentik/templates/authentik-pv.yaml b/authentik/templates/authentik-pv.yaml deleted file mode 100644 index 8fbc2e2..0000000 --- a/authentik/templates/authentik-pv.yaml +++ /dev/null @@ -1,24 +0,0 @@ -#apiVersion: v1 -#kind: PersistentVolume -#metadata: -# annotations: -# pv.kubernetes.io/provisioned-by: durp.info/nfs -# finalizers: -# - kubernetes.io/pv-protection -# name: authentik-pv -#spec: -# accessModes: -# - ReadWriteMany -# capacity: -# storage: 10Gi -# claimRef: -# apiVersion: v1 -# kind: PersistentVolumeClaim -# name: authentik-pvc -# namespace: authentik -# nfs: -# path: /mnt/user/k3s/authentik -# server: 192.168.20.253 -# persistentVolumeReclaimPolicy: Retain -# storageClassName: nfs-storage -# volumeMode: Filesystem diff --git a/authentik/templates/authentik-pvc.yaml b/authentik/templates/authentik-pvc.yaml deleted file mode 100644 index f22640b..0000000 --- a/authentik/templates/authentik-pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -#apiVersion: v1 -#kind: PersistentVolumeClaim -#metadata: -# labels: -# app.kubernetes.io/component: app -# app.kubernetes.io/instance: authentik -# app.kubernetes.io/managed-by: Helm -# app.kubernetes.io/name: authentik -# helm.sh/chart: authentik-2.14.4 -# name: authentik-pvc -# namespace: authentik -#spec: -# accessModes: -# - ReadWriteMany -# resources: -# requests: -# storage: 10Gi -# storageClassName: nfs-storage \ No newline at end of file diff --git a/authentik/templates/ingress.yaml b/authentik/templates/ingress.yaml deleted file mode 100644 index ac10303..0000000 --- a/authentik/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: authentik-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`authentik.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: authentik-server - port: 80 - tls: - secretName: authentik-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: authentik-tls -spec: - secretName: authentik-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "authentik.durp.info" - dnsNames: - - "authentik.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: authentik-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: authentik.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/authentik/templates/secrets.yaml b/authentik/templates/secrets.yaml deleted file mode 100644 index 07b7747..0000000 --- a/authentik/templates/secrets.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: authentik-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: db-pass - data: - - secretKey: dbpass - remoteRef: - key: secrets/authentik/database - property: dbpass - - secretKey: secretkey - remoteRef: - key: secrets/authentik/database - property: secretkey - - secretKey: postgresql-postgres-password - remoteRef: - key: secrets/authentik/database - property: dbpass - - secretKey: postgresql-password - remoteRef: - key: secrets/authentik/database - property: dbpass - diff --git a/authentik/values.yaml b/authentik/values.yaml deleted file mode 100644 index 716e081..0000000 --- a/authentik/values.yaml +++ /dev/null @@ -1,56 +0,0 @@ -authentik: - global: - env: - - name: AUTHENTIK_POSTGRESQL__PASSWORD - valueFrom: - secretKeyRef: - name: db-pass - key: dbpass - - name: AUTHENTIK_SECRET_KEY - valueFrom: - secretKeyRef: - name: db-pass - key: secretkey - revisionHistoryLimit: 1 - image: - repository: registry.internal.durp.info/goauthentik/server - pullPolicy: Always - authentik: - outposts: - container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s - postgresql: - host: '{{ .Release.Name }}-postgresql-hl' - name: "authentik" - user: "authentik" - port: 5432 - server: - name: server - replicas: 3 - worker: - replicas: 3 - postgresql: - enabled: true - image: - registry: registry.internal.durp.info - repository: bitnami/postgresql - pullPolicy: Always - postgresqlUsername: "authentik" - postgresqlDatabase: "authentik" - existingSecret: db-pass - persistence: - enabled: true - storageClass: longhorn - accessModes: - - ReadWriteMany - redis: - enabled: true - master: - persistence: - enabled: false - image: - registry: registry.internal.durp.info - repository: bitnami/redis - pullPolicy: Always - architecture: standalone - auth: - enabled: false diff --git a/bitwarden/Chart.yaml b/bitwarden/Chart.yaml deleted file mode 100644 index cfdd821..0000000 --- a/bitwarden/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: bitwarden -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" diff --git a/bitwarden/templates/bitwarden-pv.yaml b/bitwarden/templates/bitwarden-pv.yaml deleted file mode 100644 index ff647d1..0000000 --- a/bitwarden/templates/bitwarden-pv.yaml +++ /dev/null @@ -1,25 +0,0 @@ -#apiVersion: v1 -#kind: PersistentVolume -#metadata: -# annotations: -# pv.kubernetes.io/provisioned-by: durp.info/nfs -# finalizers: -# - kubernetes.io/pv-protection -# name: bitwarden-pv -#spec: -# accessModes: -# - ReadWriteMany -# capacity: -# storage: 10Gi -# claimRef: -# apiVersion: v1 -# kind: PersistentVolumeClaim -# name: bitwarden-pvc -# namespace: bitwarden -# nfs: -# path: /mnt/user/k3s/bitwarden -# server: 192.168.20.253 -# persistentVolumeReclaimPolicy: Retain -# storageClassName: nfs-storage -# volumeMode: Filesystem -# \ No newline at end of file diff --git a/bitwarden/templates/bitwarden-pvc.yaml b/bitwarden/templates/bitwarden-pvc.yaml deleted file mode 100644 index 333af4d..0000000 --- a/bitwarden/templates/bitwarden-pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bitwarden-pvc -spec: - storageClassName: longhorn - accessModes: - - ReadWriteMany - resources: - requests: - storage: 10Gi diff --git a/bitwarden/templates/deployment.yaml b/bitwarden/templates/deployment.yaml deleted file mode 100644 index 7d9c28b..0000000 --- a/bitwarden/templates/deployment.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: bitwarden - name: bitwarden - labels: - app: bitwarden -spec: - selector: - matchLabels: - app: bitwarden - replicas: 1 - template: - metadata: - labels: - app: bitwarden - spec: - containers: - - name: bitwarden - image: registry.internal.durp.info/vaultwarden/server:1.32.0 - imagePullPolicy: Always - volumeMounts: - - name: bitwarden-pvc - mountPath: /data - subPath: bitwaren-data - ports: - - name: http - containerPort: 80 - env: - - name: SIGNUPS_ALLOWED - value: "FALSE" - - name: INVITATIONS_ALLOWED - value: "FALSE" - - name: WEBSOCKET_ENABLED - value: "TRUE" - - name: ROCKET_ENV - value: "staging" - - name: ROCKET_PORT - value: "80" - - name: ROCKET_WORKERS - value: "10" - - name: SECRET_USERNAME - valueFrom: - secretKeyRef: - name: bitwarden-secret - key: ADMIN_TOKEN - volumes: - - name: bitwarden-pvc - persistentVolumeClaim: - claimName: bitwarden-pvc diff --git a/bitwarden/templates/ingress.yaml b/bitwarden/templates/ingress.yaml deleted file mode 100644 index 8a9a628..0000000 --- a/bitwarden/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: bitwarden-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: bitwarden - port: 80 - tls: - secretName: bitwarden-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: bitwarden-tls -spec: - secretName: bitwarden-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "bitwarden.durp.info" - dnsNames: - - "bitwarden.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: bitwarden-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/bitwarden/templates/secrets.yaml b/bitwarden/templates/secrets.yaml deleted file mode 100644 index 7a8d858..0000000 --- a/bitwarden/templates/secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: bitwarden-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: bitwarden-secret - data: - - secretKey: ADMIN_TOKEN - remoteRef: - key: secrets/bitwarden/admin - property: ADMIN_TOKEN - diff --git a/bitwarden/templates/service.yaml b/bitwarden/templates/service.yaml deleted file mode 100644 index df30857..0000000 --- a/bitwarden/templates/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bitwarden -spec: - ports: - - name: http - port: 80 - targetPort: 80 - protocol: TCP - selector: - app: bitwarden \ No newline at end of file diff --git a/cert-manager/Chart.yaml b/cert-manager/Chart.yaml deleted file mode 100644 index e14d98b..0000000 --- a/cert-manager/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: cert-manager -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: cert-manager - repository: https://charts.jetstack.io - version: v1.15.3 diff --git a/cert-manager/templates/letsencrypt-prroduction.yaml b/cert-manager/templates/letsencrypt-prroduction.yaml deleted file mode 100644 index 034ed9b..0000000 --- a/cert-manager/templates/letsencrypt-prroduction.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-production - solvers: - - dns01: - cloudflare: - email: developerdurp@durp.info - apiTokenSecretRef: - name: cloudflare-api-token-secret - key: cloudflare-api-token-secret diff --git a/cert-manager/templates/letsencrypt-staging.yaml b/cert-manager/templates/letsencrypt-staging.yaml deleted file mode 100644 index b6ae4f9..0000000 --- a/cert-manager/templates/letsencrypt-staging.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-staging - solvers: - - dns01: - cloudflare: - email: developerdurp@durp.info - apiTokenSecretRef: - name: cloudflare-api-token-secret - key: cloudflare-api-token-secret \ No newline at end of file diff --git a/cert-manager/templates/sealedsecret.yaml b/cert-manager/templates/sealedsecret.yaml deleted file mode 100644 index 37a2e92..0000000 --- a/cert-manager/templates/sealedsecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: cloudflare-api-token-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: cloudflare-api-token-secret - data: - - secretKey: cloudflare-api-token-secret - remoteRef: - key: secrets/cert-manager - property: cloudflare-api-token-secret - diff --git a/cert-manager/values.yaml b/cert-manager/values.yaml deleted file mode 100644 index 36f403b..0000000 --- a/cert-manager/values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -cert-manager: - image: - registry: registry.internal.durp.info - repository: jetstack/cert-manager-controller - pullPolicy: Always - installCRDs: true - replicaCount: 3 - extraArgs: - - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 - - --dns01-recursive-nameservers-only - podDnsPolicy: None - podDnsConfig: - nameservers: - - "1.1.1.1" - - "1.0.0.1" - webhook: - image: - registry: registry.internal.durp.info - repository: jetstack/cert-manager-webhook - pullPolicy: Always - cainjector: - image: - registry: registry.internal.durp.info - repository: jetstack/cert-manager-cainjector - pullPolicy: Always \ No newline at end of file diff --git a/crossplane/Chart.yaml b/crossplane/Chart.yaml deleted file mode 100644 index b0a80b7..0000000 --- a/crossplane/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -name: crossplane -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" - -dependencies: -- name: crossplane - repository: https://charts.crossplane.io/stable - version: 1.17.1 diff --git a/crossplane/templates/gitlab.yml b/crossplane/templates/gitlab.yml deleted file mode 100644 index 3a20b9c..0000000 --- a/crossplane/templates/gitlab.yml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: pkg.crossplane.io/v1 -kind: Provider -metadata: - name: provider-gitlab -spec: - package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0 ---- - -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitlab-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: gitlab-secret - data: - - secretKey: accesstoken - remoteRef: - key: secrets/gitlab/token - property: accesstoken - ---- - -#apiVersion: gitlab.crossplane.io/v1beta1 -#kind: ProviderConfig -#metadata: -# name: gitlab-provider -#spec: -# baseURL: https://gitlab.com/ -# credentials: -# source: Secret -# secretRef: -# namespace: crossplane -# name: gitlab-secret -# key: accesstoken -# -#--- -# -#apiVersion: projects.gitlab.crossplane.io/v1alpha1 -#kind: Project -#metadata: -# name: example-project -#spec: -# deletionPolicy: Orphan -# forProvider: -# name: "Example Project" -# description: "example project description" -# providerConfigRef: -# name: gitlab-provider -# policy: -# resolution: Optional -# resolve: Always diff --git a/dashboards/nginx-dashboard.yaml b/dashboards/nginx-dashboard.yaml deleted file mode 100644 index 333a6c5..0000000 --- a/dashboards/nginx-dashboard.yaml +++ /dev/null @@ -1,1506 +0,0 @@ -apiVersion: v1 -data: - nginx-ingress-controller_rev1.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "enable": true, - "expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)", - "hide": false, - "iconColor": "rgba(255, 96, 96, 1)", - "limit": 100, - "name": "Config Reloads", - "showIn": 0, - "step": "30s", - "tagKeys": "controller_class", - "tags": [], - "titleFormat": "Config Reloaded", - "type": "tags" - } - ] - }, - "description": "Ingress-nginx supports a rich collection of prometheus metrics. If you have prometheus and grafana installed on your cluster then prometheus will already be scraping this data due to the scrape annotation on the deployment.", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 9614, - "graphTooltip": 0, - "id": 27, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "ops" - }, - "overrides": [] - }, - "id": 20, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.6", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "title": "Controller Request Volume", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 0 - }, - "id": 82, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.6", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "title": "Controller Connections", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(245, 54, 54, 0.9)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 95 - }, - { - "color": "rgba(50, 172, 45, 0.97)", - "value": 99 - } - ] - }, - "unit": "percentunit" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 0 - }, - "id": 21, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.6", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",status!~\"[4-5].*\"}[2m])) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "title": "Controller Success Rate (non-4|5xx responses)", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "decimals": 0, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 18, - "y": 0 - }, - "id": 81, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.6", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "avg(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "title": "Config Reloads", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "decimals": 0, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 21, - "y": 0 - }, - "id": 83, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.6", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "count(nginx_ingress_controller_config_last_reload_successful{controller_pod=~\"$controller\",controller_namespace=~\"$namespace\"} == 0)", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "title": "Last Config Failed", - "type": "stat" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 3 - }, - "height": "200px", - "hiddenSeries": false, - "id": 86, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.6", - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "metric": "network", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Ingress Request Volume", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "logBase": 1, - "show": true - }, - { - "format": "Bps", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 3 - }, - "hiddenSeries": false, - "id": 87, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.6", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Ingress Success Rate (non-4|5xx responses)", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 1, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 10 - }, - "height": "200px", - "hiddenSeries": false, - "id": 32, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.6", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum (irate (nginx_ingress_controller_request_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "Received", - "metric": "network", - "refId": "A", - "step": 10 - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "- sum (irate (nginx_ingress_controller_response_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "hide": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "Sent", - "metric": "network", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Network I/O pressure", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "logBase": 1, - "show": true - }, - { - "format": "Bps", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 10 - }, - "hiddenSeries": false, - "id": 77, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.6", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "avg(nginx_ingress_controller_nginx_process_resident_memory_bytes{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}) ", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "nginx", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Average Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": false - } - ], - "yaxis": { - "align": false - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "decimals": 3, - "editable": false, - "error": false, - "fill": 0, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 10 - }, - "height": "", - "hiddenSeries": false, - "id": 79, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "9.1.6", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "nginx", - "metric": "container_cpu", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt" - } - ], - "timeRegions": [], - "title": "Average CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "cores", - "logBase": 1, - "show": true - }, - { - "format": "short", - "logBase": 1, - "show": true - } - ], - "yaxis": { - "align": false - } - }, - { - "columns": [], - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 16 - }, - "hideTimeOverride": false, - "id": 75, - "links": [], - "pageSize": 7, - "repeatDirection": "h", - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": true - }, - "styles": [ - { - "alias": "Ingress", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "ingress", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "Requests", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "ops" - }, - { - "alias": "Errors", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": false, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P90 Latency", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P99 Latency", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "IN", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "OUT", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #G", - "thresholds": [], - "type": "number", - "unit": "Bps" - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "C" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "D" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "E" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "F" - }, - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "G" - } - ], - "title": "Ingress Percentile Response Times and Transfer Rates", - "transform": "table", - "type": "table-old" - }, - { - "columns": [ - { - "text": "Current", - "value": "current" - } - ], - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 24 - }, - "height": "1024", - "id": 85, - "links": [], - "pageSize": 7, - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "align": "auto", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "TTL", - "align": "auto", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Current", - "thresholds": [ - "0", - "691200" - ], - "type": "number", - "unit": "s" - }, - { - "alias": "", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ host }}", - "metric": "gke_letsencrypt_cert_expiration", - "refId": "A", - "step": 1 - } - ], - "title": "Ingress Certificate Expiry", - "transform": "timeseries_aggregations", - "type": "table-old" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [ - "nginx" - ], - "templating": { - "list": [ - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": { - "query": "label_values(nginx_ingress_controller_config_hash, controller_namespace)", - "refId": "Prometheus-namespace-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Controller Class", - "multi": false, - "name": "controller_class", - "options": [], - "query": { - "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\"}, controller_class) ", - "refId": "Prometheus-controller_class-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Controller", - "multi": false, - "name": "controller", - "options": [], - "query": { - "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ", - "refId": "Prometheus-controller-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, - "definition": "", - "hide": 0, - "includeAll": true, - "label": "Ingress", - "multi": false, - "name": "ingress", - "options": [], - "query": { - "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller=~\"$controller\"}, ingress) ", - "refId": "Prometheus-ingress-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 2, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "2m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "NGINX Ingress controller", - "uid": "nginx", - "version": 1, - "weekStart": "" - } -kind: ConfigMap -metadata: - labels: - grafana_dashboard: "1" - creationTimestamp: null - name: nginx-dashboard - namespace: kube-prometheus-stack \ No newline at end of file diff --git a/durpapi/Chart.yaml b/durpapi/Chart.yaml deleted file mode 100644 index 078c7e0..0000000 --- a/durpapi/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -name: durpapi -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0-dev0184 -appVersion: 0.1.0 - -dependencies: -- condition: postgresql.enabled - version: 12.5.* - repository: https://charts.bitnami.com/bitnami - name: postgresql diff --git a/durpapi/templates/deployment.yaml b/durpapi/templates/deployment.yaml deleted file mode 100644 index 0f42dfb..0000000 --- a/durpapi/templates/deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Chart.Name }} - labels: - app: {{ .Chart.Name }} -spec: - revisionHistoryLimit: 1 - selector: - matchLabels: - app: {{ .Chart.Name }} - replicas: {{ .Values.deployment.hpa.minReplicas }} - template: - metadata: - labels: - app: {{ .Chart.Name }} - spec: - containers: - - name: api - image: "{{ .Values.deployment.image }}:{{ default .Chart.Version .Values.deployment.tag }}" - imagePullPolicy: {{ .Values.deployment.imagePullPolicy }} - readinessProbe: - {{- toYaml .Values.deployment.probe.readiness | nindent 12 }} - livenessProbe: - {{- toYaml .Values.deployment.probe.liveness | nindent 12 }} - startupProbe: - {{- toYaml .Values.deployment.probe.startup | nindent 12 }} - ports: - - name: http - containerPort: {{ .Values.service.targetport }} - env: - - name: host - value: {{ .Values.swagger.host }} - - name: version - value: {{ default .Chart.Version .Values.deployment.tag }} - envFrom: - - secretRef: - name: {{ .Values.deployment.secretfile }} diff --git a/durpapi/templates/hpa.yaml b/durpapi/templates/hpa.yaml deleted file mode 100644 index 68d484d..0000000 --- a/durpapi/templates/hpa.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: "{{ .Chart.Name }}-hpa" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ .Chart.Name }} - minReplicas: {{ .Values.deployment.hpa.minReplicas }} - maxReplicas: {{ .Values.deployment.hpa.maxReplicas }} - metrics: - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 80 - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 40 diff --git a/durpapi/templates/ingress.yaml b/durpapi/templates/ingress.yaml deleted file mode 100644 index bd268dd..0000000 --- a/durpapi/templates/ingress.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: "{{ .Chart.Name }}-ingress" -spec: - entryPoints: - - websecure - routes: - - match: Host("api.durp.info") && PathPrefix(`/api`) - kind: Rule - middlewares: - - name: jwt - services: - - name: "durpapi-service" - port: 80 - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: "{{ .Chart.Name }}-swagger" -spec: - entryPoints: - - websecure - routes: - - match: Host("api.durp.info") && PathPrefix(`/swagger`) - kind: Rule - services: - - name: "durpapi-service" - port: 80 - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: jwt -spec: - plugin: - jwt: - Required: true - Keys: - - https://authentik.durp.info/application/o/api/jwks diff --git a/durpapi/templates/secrets.yaml b/durpapi/templates/secrets.yaml deleted file mode 100644 index 0157b5b..0000000 --- a/durpapi/templates/secrets.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: durpapi-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: durpapi-secret - data: - - secretKey: db_host - remoteRef: - key: secrets/durpapi/postgres - property: db_host - - secretKey: db_port - remoteRef: - key: secrets/durpapi/postgres - property: db_port - - secretKey: db_pass - remoteRef: - key: secrets/durpapi/postgres - property: db_pass - - secretKey: db_user - remoteRef: - key: secrets/durpapi/postgres - property: db_user - - secretKey: db_sslmode - remoteRef: - key: secrets/durpapi/postgres - property: db_sslmode - - secretKey: db_name - remoteRef: - key: secrets/durpapi/postgres - property: db_name - - secretKey: llamaurl - remoteRef: - key: secrets/durpapi/llamaurl - property: llamaurl \ No newline at end of file diff --git a/durpapi/templates/service.yaml b/durpapi/templates/service.yaml deleted file mode 100644 index 2cab669..0000000 --- a/durpapi/templates/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ .Chart.Name }}-service" -spec: - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetport }} - protocol: TCP - selector: - app: {{ .Chart.Name }} diff --git a/durpapi/values.yaml b/durpapi/values.yaml deleted file mode 100644 index 9e9eeab..0000000 --- a/durpapi/values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -ingress: - enabled: false -deployment: - image: registry.internal.durp.info/developerdurp/durpapi - secretfile: durpapi-secret - imagePullPolicy: Always - hpa: - minReplicas: 3 - maxReplicas: 10 - probe: - readiness: - httpGet: - path: /health/gethealth - port: 8080 - liveness: - httpGet: - path: /health/gethealth - port: 8080 - startup: - httpGet: - path: /health/gethealth - port: 8080 -service: - type: ClusterIP - port: 80 - targetport: 8080 - -swagger: - host: api.durp.info -postgresql: - enabled: true - auth: - existingSecret: durpapi-secret - secretKeys: - adminPasswordKey: db_pass - userPasswordKey: db_pass - replicationPasswordKey: db_pass - database: postgres - username: postgres diff --git a/durpot/Chart.yaml b/durpot/Chart.yaml deleted file mode 100644 index c21a834..0000000 --- a/durpot/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: durpapi -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: durpot - repository: https://gitlab.com/api/v4/projects/45025485/packages/helm/stable - version: 0.1.0-dev0038 diff --git a/durpot/templates/secrets.yaml b/durpot/templates/secrets.yaml deleted file mode 100644 index 792f909..0000000 --- a/durpot/templates/secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: durpot-secert -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: durpot-secret - data: - - secretKey: OPENAI_API_KEY - remoteRef: - key: secrets/durpot/openai - property: OPENAI_API_KEY - - secretKey: BOTPREFIX - remoteRef: - key: secrets/durpot/discord - property: BOTPREFIX - - secretKey: ChannelID - remoteRef: - key: secrets/durpot/discord - property: ChannelID - - secretKey: TOKEN - remoteRef: - key: secrets/durpot/discord - property: TOKEN - - secretKey: ClientID - remoteRef: - key: secrets/durpot/auth - property: ClientID - - secretKey: Password - remoteRef: - key: secrets/durpot/auth - property: Password - - secretKey: TokenURL - remoteRef: - key: secrets/durpot/auth - property: TokenURL - - secretKey: Username - remoteRef: - key: secrets/durpot/auth - property: Username diff --git a/external-dns/Chart.yaml b/external-dns/Chart.yaml deleted file mode 100644 index 8fb36bc..0000000 --- a/external-dns/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ - -apiVersion: v2 -name: external-dns -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: external-dns - repository: https://charts.bitnami.com/bitnami - version: 8.3.8 diff --git a/external-dns/templates/secrets.yaml b/external-dns/templates/secrets.yaml deleted file mode 100644 index 142c03a..0000000 --- a/external-dns/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: external-dns-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: external-dns - data: - - secretKey: cloudflare_api_email - remoteRef: - key: secrets/external-dns/cloudflare - property: cloudflare_api_email - - secretKey: cloudflare_api_key - remoteRef: - key: secrets/external-dns/cloudflare - property: cloudflare_api_key - - secretKey: cloudflare_api_token - remoteRef: - key: secrets/external-dns/cloudflare - property: cloudflare_api_token diff --git a/external-dns/values.yaml b/external-dns/values.yaml deleted file mode 100644 index 68abe91..0000000 --- a/external-dns/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -external-dns: - global: - imageRegistry: "registry.internal.durp.info" - - image: - pullPolicy: Always - - sources: - - service - - provider: cloudflare - cloudflare: - secretName : "external-dns" - proxied: false - - policy: sync diff --git a/external-secrets/Chart.yaml b/external-secrets/Chart.yaml deleted file mode 100644 index 5b9982f..0000000 --- a/external-secrets/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -name: external-secrets -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: external-secrets - repository: https://charts.external-secrets.io - version: 0.10.4 - diff --git a/external-secrets/values.yaml b/external-secrets/values.yaml deleted file mode 100644 index a720adb..0000000 --- a/external-secrets/values.yaml +++ /dev/null @@ -1,463 +0,0 @@ -external-secrets: - replicaCount: 3 - - # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) - revisionHistoryLimit: 10 - - image: - repository: ghcr.io/external-secrets/external-secrets - pullPolicy: Always - # -- The image tag to use. The default is the chart appVersion. - # There are different image flavours available, like distroless and ubi. - # Please see GitHub release notes for image tags for these flavors. - # By default the distroless image is used. - tag: "" - - # -- If set, install and upgrade CRDs through helm chart. - installCRDs: true - - crds: - # -- If true, create CRDs for Cluster External Secret. - createClusterExternalSecret: true - # -- If true, create CRDs for Cluster Secret Store. - createClusterSecretStore: true - # -- If true, create CRDs for Push Secret. - createPushSecret: true - annotations: {} - conversion: - enabled: true - - imagePullSecrets: [] - nameOverride: "" - fullnameOverride: "" - - # -- If true, external-secrets will perform leader election between instances to ensure no more - # than one instance of external-secrets operates at a time. - leaderElect: true - - # -- If set external secrets will filter matching - # Secret Stores with the appropriate controller values. - controllerClass: "" - - # -- If true external secrets will use recommended kubernetes - # annotations as prometheus metric labels. - extendedMetricLabels: false - - # -- If set external secrets are only reconciled in the - # provided namespace - scopedNamespace: "" - - # -- Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace - # and implicitly disable cluster stores and cluster external secrets - scopedRBAC: false - - # -- if true, the operator will process cluster external secret. Else, it will ignore them. - processClusterExternalSecret: true - - # -- if true, the operator will process cluster store. Else, it will ignore them. - processClusterStore: true - - # -- Specifies whether an external secret operator deployment be created. - createOperator: true - - # -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at - # a time. - concurrent: 1 - - serviceAccount: - # -- Specifies whether a service account should be created. - create: true - # -- Automounts the service account token in all containers of the pod - automount: true - # -- Annotations to add to the service account. - annotations: {} - # -- Extra Labels to add to the service account. - extraLabels: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - name: "" - - rbac: - # -- Specifies whether role and rolebinding resources should be created. - create: true - - ## -- Extra environment variables to add to container. - extraEnv: [] - - ## -- Map of extra arguments to pass to container. - extraArgs: {} - - ## -- Extra volumes to pass to pod. - extraVolumes: [] - - ## -- Extra volumes to mount to the container. - extraVolumeMounts: [] - - ## -- Extra containers to add to the pod. - extraContainers: [] - - # -- Annotations to add to Deployment - deploymentAnnotations: {} - - # -- Annotations to add to Pod - podAnnotations: {} - - podLabels: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - prometheus: - # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead. - enabled: false - service: - # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead. - port: 8080 - - serviceMonitor: - # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics - enabled: false - - # -- namespace where you want to install ServiceMonitors - namespace: "" - - # -- Additional labels - additionalLabels: {} - - # -- Interval to scrape metrics - interval: 30s - - # -- Timeout if metrics can't be retrieved in given time interval - scrapeTimeout: 25s - - # -- Let prometheus add an exported_ prefix to conflicting labels - honorLabels: false - - # -- Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) - metricRelabelings: [] - # - action: replace - # regex: (.*) - # replacement: $1 - # sourceLabels: - # - exported_namespace - # targetLabel: namespace - - # -- Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - metrics: - service: - # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics - enabled: false - - # -- Metrics service port to scrape - port: 8080 - - # -- Additional service annotations - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # -- Pod priority class name. - priorityClassName: "" - - # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - podDisruptionBudget: - enabled: false - minAvailable: 1 - # maxUnavailable: 1 - - # -- Run the controller on the host network - hostNetwork: false - - webhook: - # -- Specifies whether a webhook deployment be created. - create: true - # -- Specifices the time to check if the cert is valid - certCheckInterval: "5m" - # -- Specifices the lookaheadInterval for certificate validity - lookaheadInterval: "" - replicaCount: 1 - - # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) - revisionHistoryLimit: 10 - - certDir: /tmp/certs - # -- Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore - failurePolicy: Fail - # -- Specifies if webhook pod should use hostNetwork or not. - hostNetwork: false - image: - repository: ghcr.io/external-secrets/external-secrets - pullPolicy: IfNotPresent - # -- The image tag to use. The default is the chart appVersion. - tag: "" - imagePullSecrets: [] - nameOverride: "" - fullnameOverride: "" - # -- The port the webhook will listen to - port: 10250 - rbac: - # -- Specifies whether role and rolebinding resources should be created. - create: true - serviceAccount: - # -- Specifies whether a service account should be created. - create: true - # -- Automounts the service account token in all containers of the pod - automount: true - # -- Annotations to add to the service account. - annotations: {} - # -- Extra Labels to add to the service account. - extraLabels: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - name: "" - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # -- Pod priority class name. - priorityClassName: "" - - # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - podDisruptionBudget: - enabled: false - minAvailable: 1 - # maxUnavailable: 1 - prometheus: - # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead - enabled: false - service: - # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead - port: 8080 - - serviceMonitor: - # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics - enabled: false - - # -- Additional labels - additionalLabels: {} - - # -- Interval to scrape metrics - interval: 30s - - # -- Timeout if metrics can't be retrieved in given time interval - scrapeTimeout: 25s - - metrics: - service: - # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics - enabled: false - - # -- Metrics service port to scrape - port: 8080 - - # -- Additional service annotations - annotations: {} - - - readinessProbe: - # -- Address for readiness probe - address: "" - # -- ReadinessProbe port for kubelet - port: 8081 - - - ## -- Extra environment variables to add to container. - extraEnv: [] - - ## -- Map of extra arguments to pass to container. - extraArgs: {} - - ## -- Extra volumes to pass to pod. - extraVolumes: [] - - ## -- Extra volumes to mount to the container. - extraVolumeMounts: [] - - # -- Annotations to add to Secret - secretAnnotations: {} - - # -- Annotations to add to Deployment - deploymentAnnotations: {} - - # -- Annotations to add to Pod - podAnnotations: {} - - podLabels: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - certController: - # -- Specifies whether a certificate controller deployment be created. - create: true - requeueInterval: "5m" - replicaCount: 1 - - # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) - revisionHistoryLimit: 10 - - image: - repository: ghcr.io/external-secrets/external-secrets - pullPolicy: Always - tag: "" - imagePullSecrets: [] - nameOverride: "" - fullnameOverride: "" - rbac: - # -- Specifies whether role and rolebinding resources should be created. - create: true - serviceAccount: - # -- Specifies whether a service account should be created. - create: true - # -- Automounts the service account token in all containers of the pod - automount: true - # -- Annotations to add to the service account. - annotations: {} - # -- Extra Labels to add to the service account. - extraLabels: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - name: "" - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # -- Run the certController on the host network - hostNetwork: false - - # -- Pod priority class name. - priorityClassName: "" - - # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - podDisruptionBudget: - enabled: false - minAvailable: 1 - # maxUnavailable: 1 - - prometheus: - # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead - enabled: false - service: - # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead - port: 8080 - - serviceMonitor: - # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics - enabled: false - - # -- Additional labels - additionalLabels: {} - - # -- Interval to scrape metrics - interval: 30s - - # -- Timeout if metrics can't be retrieved in given time interval - scrapeTimeout: 25s - - metrics: - service: - # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics - enabled: false - - # -- Metrics service port to scrape - port: 8080 - - # -- Additional service annotations - annotations: {} - - ## -- Extra environment variables to add to container. - extraEnv: [] - - ## -- Map of extra arguments to pass to container. - extraArgs: {} - - - ## -- Extra volumes to pass to pod. - extraVolumes: [] - - ## -- Extra volumes to mount to the container. - extraVolumeMounts: [] - - # -- Annotations to add to Deployment - deploymentAnnotations: {} - - # -- Annotations to add to Pod - podAnnotations: {} - - podLabels: {} - - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - # -- Specifies `dnsOptions` to deployment - dnsConfig: {} diff --git a/gatekeeper/Chart.yaml b/gatekeeper/Chart.yaml deleted file mode 100644 index ec42676..0000000 --- a/gatekeeper/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: gatekeeper -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: gatekeeper - repository: https://open-policy-agent.github.io/gatekeeper/charts - version: 3.17.1 diff --git a/gatekeeper/values.yaml b/gatekeeper/values.yaml deleted file mode 100644 index 0b0c6e7..0000000 --- a/gatekeeper/values.yaml +++ /dev/null @@ -1,278 +0,0 @@ -#gatekeeper: -# replicas: 3 -# revisionHistoryLimit: 10 -# auditInterval: 60 -# metricsBackends: ["prometheus"] -# auditMatchKindOnly: false -# constraintViolationsLimit: 20 -# auditFromCache: false -# disableMutation: false -# disableValidatingWebhook: false -# validatingWebhookName: gatekeeper-validating-webhook-configuration -# validatingWebhookTimeoutSeconds: 3 -# validatingWebhookFailurePolicy: Ignore -# validatingWebhookAnnotations: {} -# validatingWebhookExemptNamespacesLabels: {} -# validatingWebhookObjectSelector: {} -# validatingWebhookCheckIgnoreFailurePolicy: Fail -# validatingWebhookCustomRules: {} -# validatingWebhookURL: null -# enableDeleteOperations: false -# enableExternalData: true -# enableGeneratorResourceExpansion: true -# enableTLSHealthcheck: false -# maxServingThreads: -1 -# mutatingWebhookName: gatekeeper-mutating-webhook-configuration -# mutatingWebhookFailurePolicy: Ignore -# mutatingWebhookReinvocationPolicy: Never -# mutatingWebhookAnnotations: {} -# mutatingWebhookExemptNamespacesLabels: {} -# mutatingWebhookObjectSelector: {} -# mutatingWebhookTimeoutSeconds: 1 -# mutatingWebhookCustomRules: {} -# mutatingWebhookURL: null -# mutationAnnotations: false -# auditChunkSize: 500 -# logLevel: INFO -# logDenies: false -# logMutations: false -# emitAdmissionEvents: false -# emitAuditEvents: false -# admissionEventsInvolvedNamespace: false -# auditEventsInvolvedNamespace: false -# resourceQuota: true -# externaldataProviderResponseCacheTTL: 3m -# image: -# repository: openpolicyagent/gatekeeper -# crdRepository: openpolicyagent/gatekeeper-crds -# release: v3.15.0-beta.0 -# pullPolicy: Always -# pullSecrets: [] -# preInstall: -# crdRepository: -# image: -# repository: null -# tag: v3.15.0-beta.0 -# postUpgrade: -# labelNamespace: -# enabled: false -# image: -# repository: openpolicyagent/gatekeeper-crds -# tag: v3.15.0-beta.0 -# pullPolicy: IfNotPresent -# pullSecrets: [] -# extraNamespaces: [] -# podSecurity: ["pod-security.kubernetes.io/audit=restricted", -# "pod-security.kubernetes.io/audit-version=latest", -# "pod-security.kubernetes.io/warn=restricted", -# "pod-security.kubernetes.io/warn-version=latest", -# "pod-security.kubernetes.io/enforce=restricted", -# "pod-security.kubernetes.io/enforce-version=v1.24"] -# extraAnnotations: {} -# priorityClassName: "" -# affinity: {} -# tolerations: [] -# nodeSelector: {kubernetes.io/os: linux} -# resources: {} -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsGroup: 999 -# runAsNonRoot: true -# runAsUser: 1000 -# postInstall: -# labelNamespace: -# enabled: true -# extraRules: [] -# image: -# repository: openpolicyagent/gatekeeper-crds -# tag: v3.15.0-beta.0 -# pullPolicy: IfNotPresent -# pullSecrets: [] -# extraNamespaces: [] -# podSecurity: ["pod-security.kubernetes.io/audit=restricted", -# "pod-security.kubernetes.io/audit-version=latest", -# "pod-security.kubernetes.io/warn=restricted", -# "pod-security.kubernetes.io/warn-version=latest", -# "pod-security.kubernetes.io/enforce=restricted", -# "pod-security.kubernetes.io/enforce-version=v1.24"] -# extraAnnotations: {} -# priorityClassName: "" -# probeWebhook: -# enabled: true -# image: -# repository: curlimages/curl -# tag: 7.83.1 -# pullPolicy: IfNotPresent -# pullSecrets: [] -# waitTimeout: 60 -# httpTimeout: 2 -# insecureHTTPS: false -# priorityClassName: "" -# affinity: {} -# tolerations: [] -# nodeSelector: {kubernetes.io/os: linux} -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsGroup: 999 -# runAsNonRoot: true -# runAsUser: 1000 -# preUninstall: -# deleteWebhookConfigurations: -# extraRules: [] -# enabled: false -# image: -# repository: openpolicyagent/gatekeeper-crds -# tag: v3.15.0-beta.0 -# pullPolicy: IfNotPresent -# pullSecrets: [] -# priorityClassName: "" -# affinity: {} -# tolerations: [] -# nodeSelector: {kubernetes.io/os: linux} -# resources: {} -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsGroup: 999 -# runAsNonRoot: true -# runAsUser: 1000 -# podAnnotations: {} -# auditPodAnnotations: {} -# podLabels: {} -# podCountLimit: "100" -# secretAnnotations: {} -# enableRuntimeDefaultSeccompProfile: true -# controllerManager: -# exemptNamespaces: [] -# exemptNamespacePrefixes: [] -# hostNetwork: false -# dnsPolicy: ClusterFirst -# port: 8443 -# metricsPort: 8888 -# healthPort: 9090 -# readinessTimeout: 1 -# livenessTimeout: 1 -# priorityClassName: system-cluster-critical -# disableCertRotation: false -# tlsMinVersion: 1.3 -# clientCertName: "" -# strategyType: RollingUpdate -# affinity: -# podAntiAffinity: -# preferredDuringSchedulingIgnoredDuringExecution: -# - podAffinityTerm: -# labelSelector: -# matchExpressions: -# - key: gatekeeper.sh/operation -# operator: In -# values: -# - webhook -# topologyKey: kubernetes.io/hostname -# weight: 100 -# topologySpreadConstraints: [] -# tolerations: [] -# nodeSelector: {kubernetes.io/os: linux} -# resources: -# limits: -# memory: 512Mi -# requests: -# cpu: 100m -# memory: 512Mi -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsGroup: 999 -# runAsNonRoot: true -# runAsUser: 1000 -# podSecurityContext: -# fsGroup: 999 -# supplementalGroups: -# - 999 -# extraRules: [] -# networkPolicy: -# enabled: false -# ingress: { } -# # - from: -# # - ipBlock: -# # cidr: 0.0.0.0/0 -# audit: -# enablePubsub: false -# connection: audit-connection -# channel: audit-channel -# hostNetwork: false -# dnsPolicy: ClusterFirst -# metricsPort: 8888 -# healthPort: 9090 -# readinessTimeout: 1 -# livenessTimeout: 1 -# priorityClassName: system-cluster-critical -# disableCertRotation: false -# affinity: {} -# tolerations: [] -# nodeSelector: {kubernetes.io/os: linux} -# resources: -# limits: -# memory: 512Mi -# requests: -# cpu: 100m -# memory: 512Mi -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsGroup: 999 -# runAsNonRoot: true -# runAsUser: 1000 -# podSecurityContext: -# fsGroup: 999 -# supplementalGroups: -# - 999 -# writeToRAMDisk: false -# extraRules: [] -# crds: -# affinity: {} -# tolerations: [] -# nodeSelector: {kubernetes.io/os: linux} -# resources: {} -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsGroup: 65532 -# runAsNonRoot: true -# runAsUser: 65532 -# pdb: -# controllerManager: -# minAvailable: 1 -# service: {} -# disabledBuiltins: ["{http.send}"] -# psp: -# enabled: true -# upgradeCRDs: -# enabled: true -# extraRules: [] -# priorityClassName: "" -# rbac: -# create: true -# externalCertInjection: -# enabled: false -# secretName: gatekeeper-webhook-server-cert -# \ No newline at end of file diff --git a/gitlab-runner/Chart.yaml b/gitlab-runner/Chart.yaml deleted file mode 100644 index f64e829..0000000 --- a/gitlab-runner/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: gitlab-runner -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: gitlab-runner - repository: https://charts.gitlab.io/ - version: 0.69.0 diff --git a/gitlab-runner/templates/secrets.yaml b/gitlab-runner/templates/secrets.yaml deleted file mode 100644 index 784ef11..0000000 --- a/gitlab-runner/templates/secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: gitlab-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: gitlab-secret - data: - - secretKey: runner-registration-token - remoteRef: - key: secrets/gitlab/runner - property: runner-registration-token - - secretKey: runner-token - remoteRef: - key: secrets/gitlab/runner - property: runner-token diff --git a/gitlab-runner/values.yaml b/gitlab-runner/values.yaml deleted file mode 100644 index 0cc62b8..0000000 --- a/gitlab-runner/values.yaml +++ /dev/null @@ -1,71 +0,0 @@ -gitlab-runner: - - image: - registry: registry.internal.durp.info - image: gitlab-org/gitlab-runner - - imagePullPolicy: Always - gitlabUrl: https://gitlab.com/ - unregisterRunner: true - terminationGracePeriodSeconds: 3600 - concurrent: 10 - checkInterval: 30 - - rbac: - create: true - rules: [] - clusterWideAccess: false - podSecurityPolicy: - enabled: false - resourceNames: - - gitlab-runner - - metrics: - enabled: true - serviceMonitor: - enabled: true - service: - enabled: true - annotations: {} - - runners: - config: | - [[runners]] - [runners.kubernetes] - namespace = "{{.Release.Namespace}}" - image = "ubuntu:22.04" - privileged = true - - executor: kubernetes - name: "k3s" - runUntagged: true - privileged: true - secret: gitlab-secret - #builds: - #cpuLimit: 200m - #cpuLimitOverwriteMaxAllowed: 400m - #memoryLimit: 256Mi - #memoryLimitOverwriteMaxAllowed: 512Mi - #cpuRequests: 100m - #cpuRequestsOverwriteMaxAllowed: 200m - #memoryRequests: 128Mi - #memoryRequestsOverwriteMaxAllowed: 256Mi - - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsNonRoot: true - privileged: false - capabilities: - drop: ["ALL"] - - podSecurityContext: - runAsUser: 100 - fsGroup: 65533 - - resources: - limits: - memory: 2Gi - requests: - memory: 128Mi - cpu: 500m \ No newline at end of file diff --git a/heimdall/Chart.yaml b/heimdall/Chart.yaml deleted file mode 100644 index 39dbf54..0000000 --- a/heimdall/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: heimdall -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: heimdall - repository: https://djjudas21.github.io/charts/ - version: 8.5.4 diff --git a/heimdall/templates/ingress.yaml b/heimdall/templates/ingress.yaml deleted file mode 100644 index 98b6144..0000000 --- a/heimdall/templates/ingress.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - annotations: - name: heimdall-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`heimdall.durp.info`) && PathPrefix(`/`) - middlewares: - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: heimdall - port: 80 - - match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - kind: Rule - services: - - name: ak-outpost-authentik-embedded-outpost - namespace: authentik - port: 9000 - tls: - secretName: heimdall-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: heimdall-tls -spec: - secretName: heimdall-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "heimdall.durp.info" - dnsNames: - - "heimdall.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: heimdall-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/heimdall/values.yaml b/heimdall/values.yaml deleted file mode 100644 index e93ca43..0000000 --- a/heimdall/values.yaml +++ /dev/null @@ -1,28 +0,0 @@ -heimdall: - - image: - registry: - repository: registry.internal.durp.info/linuxserver/heimdall - pullPolicy: Always - - env: - TZ: UTC - PUID: "1000" - PGID: "1000" - - service: - main: - annotations: - external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info - external-dns.alpha.kubernetes.io/target: home.durp.info - ports: - http: - port: 80 - - ingress: - main: - enabled: false - - persistence: - config: - enabled: true diff --git a/internalproxy/Chart.yaml b/internalproxy/Chart.yaml deleted file mode 100644 index 71c9b0d..0000000 --- a/internalproxy/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: internalproxy -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "0.1.0" diff --git a/internalproxy/templates/argocd.yaml b/internalproxy/templates/argocd.yaml deleted file mode 100644 index 9a82e9e..0000000 --- a/internalproxy/templates/argocd.yaml +++ /dev/null @@ -1,46 +0,0 @@ -#apiVersion: traefik.io/v1alpha1 -#kind: IngressRoute -#metadata: -# name: argocd-ingress -# annotations: -# cert-manager.io/cluster-issuer: letsencrypt-production -#spec: -# entryPoints: -# - websecure -# routes: -# - match: Host(`argocd.internal.durp.info`) -# middlewares: -# - name: whitelist -# namespace: traefik -# kind: Rule -# services: -# - name: argocd-server -# port: 443 -# scheme: https -# tls: -# secretName: argocd-tls -# -#--- -# -#kind: Service -#apiVersion: v1 -#metadata: -# name: argocd-server -#spec: -# type: ExternalName -# externalName: argocd-server.argocd.svc.cluster.local -# -#--- -# -#apiVersion: cert-manager.io/v1 -#kind: Certificate -#metadata: -# name: argocd-tls -#spec: -# secretName: argocd-tls -# issuerRef: -# name: letsencrypt-production -# kind: ClusterIssuer -# commonName: "argocd.internal.durp.info" -# dnsNames: -# - "argocd.internal.durp.info" \ No newline at end of file diff --git a/internalproxy/templates/blueiris.yaml b/internalproxy/templates/blueiris.yaml deleted file mode 100644 index 5f120c9..0000000 --- a/internalproxy/templates/blueiris.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: blueiris -spec: - ports: - - name: app - port: 81 - protocol: TCP - targetPort: 81 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: blueiris -subsets: - - addresses: - - ip: 192.168.99.2 - ports: - - name: app - port: 81 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: blueiris-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: blueiris - port: 81 - scheme: http - tls: - secretName: blueiris-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: blueiris-tls -spec: - secretName: blueiris-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "blueiris.internal.durp.info" - dnsNames: - - "blueiris.internal.durp.info" diff --git a/internalproxy/templates/duplicati-ingress.yaml b/internalproxy/templates/duplicati-ingress.yaml deleted file mode 100644 index d51c391..0000000 --- a/internalproxy/templates/duplicati-ingress.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: duplicati -spec: - ports: - - name: app - port: 8200 - protocol: TCP - targetPort: 8200 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: duplicati -subsets: -- addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 8200 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: duplicati-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: duplicati - port: 8200 - - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - kind: Rule - services: - - name: ak-outpost-authentik-embedded-outpost - namespace: authentik - port: 9000 - tls: - secretName: duplicati-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: duplicati-tls -spec: - secretName: duplicati-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "duplicati.internal.durp.info" - dnsNames: - - "duplicati.internal.durp.info" \ No newline at end of file diff --git a/internalproxy/templates/gitea.yaml b/internalproxy/templates/gitea.yaml deleted file mode 100644 index ec29631..0000000 --- a/internalproxy/templates/gitea.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: gitea -spec: - ports: - - name: app - port: 3000 - protocol: TCP - targetPort: 3000 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: gitea -subsets: - - addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 3000 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: gitea-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`gitea.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: gitea - port: 3000 - scheme: http - tls: - secretName: gitea-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: gitea-tls -spec: - secretName: gitea-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "gitea.durp.info" - dnsNames: - - "gitea.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: gitea-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: gitea.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/internalproxy/templates/jellyfin.yaml b/internalproxy/templates/jellyfin.yaml deleted file mode 100644 index 1b919bf..0000000 --- a/internalproxy/templates/jellyfin.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: jellyfin -spec: - ports: - - name: app - port: 8096 - protocol: TCP - targetPort: 8096 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: jellyfin -subsets: - - addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 8096 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: jellyfin-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`jellyfin.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: jellyfin - port: 8096 - scheme: http - tls: - secretName: jellyfin-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: jellyfin-tls -spec: - secretName: jellyfin-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "jellyfin.durp.info" - dnsNames: - - "jellyfin.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: jellyfin-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: jellyfin.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/internalproxy/templates/kasm.yaml b/internalproxy/templates/kasm.yaml deleted file mode 100644 index 7f756e0..0000000 --- a/internalproxy/templates/kasm.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kasm -spec: - ports: - - name: app - port: 443 - protocol: TCP - targetPort: 443 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: kasm -subsets: - - addresses: - - ip: 192.168.20.104 - ports: - - name: app - port: 443 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: kasm-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`kasm.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: kasm - port: 443 - scheme: https - tls: - secretName: kasm-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: kasm-tls -spec: - secretName: kasm-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "kasm.durp.info" - dnsNames: - - "kasm.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: kasm-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: kasm.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/internalproxy/templates/minio.yaml b/internalproxy/templates/minio.yaml deleted file mode 100644 index aa191b6..0000000 --- a/internalproxy/templates/minio.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: minio -spec: - ports: - - name: app - port: 9769 - protocol: TCP - targetPort: 9769 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: minio -subsets: - - addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 9769 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: minio-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`minio.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: minio - port: 9769 - scheme: http - tls: - secretName: minio-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: minio-tls -spec: - secretName: minio-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "minio.internal.durp.info" - dnsNames: - - "minio.internal.durp.info" diff --git a/internalproxy/templates/nexus.yaml b/internalproxy/templates/nexus.yaml deleted file mode 100644 index 7074102..0000000 --- a/internalproxy/templates/nexus.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nexus -spec: - ports: - - name: app - port: 8081 - protocol: TCP - targetPort: 8081 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: nexus -subsets: -- addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 8081 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: nexus-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`nexus.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: nexus - port: 8081 - tls: - secretName: nexus-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nexus-tls -spec: - secretName: nexus-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "nexus.durp.info" - dnsNames: - - "nexus.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: nexus-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: nexus.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/internalproxy/templates/octopus.yaml b/internalproxy/templates/octopus.yaml deleted file mode 100644 index e0e5d78..0000000 --- a/internalproxy/templates/octopus.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: octopus -spec: - ports: - - name: app - port: 443 - protocol: TCP - targetPort: 443 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: octopus -subsets: - - addresses: - - ip: 192.168.20.105 - ports: - - name: app - port: 443 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: octopus-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: octopus - port: 443 - scheme: https - tls: - secretName: octopus-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: octopus-tls -spec: - secretName: octopus-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "octopus.internal.durp.info" - dnsNames: - - "octopus.internal.durp.info" diff --git a/internalproxy/templates/ollama.yaml b/internalproxy/templates/ollama.yaml deleted file mode 100644 index 75e8691..0000000 --- a/internalproxy/templates/ollama.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: ollama-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: ollama-secret - data: - - secretKey: users - remoteRef: - key: secrets/internalproxy/ollama - property: users - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: ollama-basic-auth -spec: - basicAuth: - headerField: x-api-key - secret: ollama-secret - ---- - -apiVersion: v1 -kind: Service -metadata: - name: ollama -spec: - ports: - - name: app - port: 11435 - protocol: TCP - targetPort: 11435 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: ollama -subsets: - - addresses: - - ip: 192.168.20.104 - ports: - - name: app - port: 11435 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: ollama-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`ollama.durp.info`) && PathPrefix(`/`) - middlewares: - - name: ollama-basic-auth - kind: Rule - services: - - name: ollama - port: 11435 - tls: - secretName: ollama-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: ollama-tls -spec: - secretName: ollama-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "ollama.durp.info" - dnsNames: - - "ollama.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: ollama-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: ollama.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/internalproxy/templates/pfsense.yaml b/internalproxy/templates/pfsense.yaml deleted file mode 100644 index 45d45e8..0000000 --- a/internalproxy/templates/pfsense.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: pfsense -spec: - ports: - - name: app - port: 10443 - protocol: TCP - targetPort: 10443 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: pfsense -subsets: - - addresses: - - ip: 192.168.20.1 - ports: - - name: app - port: 10443 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: pfsense-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: pfsense - port: 10443 - scheme: https - tls: - secretName: pfsense-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: pfsense-tls -spec: - secretName: pfsense-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "pfsense.internal.durp.info" - dnsNames: - - "pfsense.internal.durp.info" diff --git a/internalproxy/templates/plex.yaml b/internalproxy/templates/plex.yaml deleted file mode 100644 index 81f6426..0000000 --- a/internalproxy/templates/plex.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: plex -spec: - ports: - - name: app - port: 32400 - protocol: TCP - targetPort: 32400 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: plex -subsets: - - addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 32400 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: plex-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`plex.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: plex - port: 32400 - scheme: https - tls: - secretName: plex-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: plex-tls -spec: - secretName: plex-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "plex.durp.info" - dnsNames: - - "plex.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: plex-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: plex.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/internalproxy/templates/portainer.yaml b/internalproxy/templates/portainer.yaml deleted file mode 100644 index 5c22061..0000000 --- a/internalproxy/templates/portainer.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: portainer -spec: - ports: - - name: app - port: 9443 - protocol: TCP - targetPort: 9443 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: portainer -subsets: - - addresses: - - ip: 192.168.20.104 - ports: - - name: app - port: 9443 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: portainer-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: portainer - port: 9443 - scheme: https - tls: - secretName: portainer-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: portainer-tls -spec: - secretName: portainer-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "portainer.internal.durp.info" - dnsNames: - - "portainer.internal.durp.info" diff --git a/internalproxy/templates/proxmox.yaml b/internalproxy/templates/proxmox.yaml deleted file mode 100644 index fd0343a..0000000 --- a/internalproxy/templates/proxmox.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: proxmox -spec: - ports: - - name: app - port: 8006 - protocol: TCP - targetPort: 8006 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: proxmox -subsets: - - addresses: - - ip: 192.168.21.252 - ports: - - name: app - port: 8006 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: proxmox-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: proxmox - port: 8006 - scheme: https - tls: - secretName: proxmox-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: proxmox-tls -spec: - secretName: proxmox-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "proxmox.internal.durp.info" - dnsNames: - - "proxmox.internal.durp.info" diff --git a/internalproxy/templates/registry-internal.yaml b/internalproxy/templates/registry-internal.yaml deleted file mode 100644 index 27561fe..0000000 --- a/internalproxy/templates/registry-internal.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: registry-internal -spec: - ports: - - name: app - port: 5000 - protocol: TCP - targetPort: 5000 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: registry-internal -subsets: -- addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 5000 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: registry-internal-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`registry.internal.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: registry-internal - port: 5000 - tls: - secretName: registry-internal-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: registry-internal-tls -spec: - secretName: registry-internal-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "registry.internal.durp.info" - dnsNames: - - "registry.internal.durp.info" diff --git a/internalproxy/templates/registry.yaml b/internalproxy/templates/registry.yaml deleted file mode 100644 index b4ac19a..0000000 --- a/internalproxy/templates/registry.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: registry -spec: - ports: - - name: app - port: 5000 - protocol: TCP - targetPort: 5000 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: registry -subsets: -- addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 5000 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: registry-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`registry.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: registry - port: 5000 - tls: - secretName: registry-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: registry-tls -spec: - secretName: registry-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "registry.durp.info" - dnsNames: - - "registry.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: registry-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: registry.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/internalproxy/templates/s3.yaml b/internalproxy/templates/s3.yaml deleted file mode 100644 index cd52fb6..0000000 --- a/internalproxy/templates/s3.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: s3 -spec: - ports: - - name: app - port: 9768 - protocol: TCP - targetPort: 9768 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: s3 -subsets: - - addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 9768 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: s3-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`s3.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: s3 - port: 9768 - scheme: http - tls: - secretName: s3-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: s3-tls -spec: - secretName: s3-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "s3.internal.durp.info" - dnsNames: - - "s3.internal.durp.info" diff --git a/internalproxy/templates/semaphore.yaml b/internalproxy/templates/semaphore.yaml deleted file mode 100644 index ffd81dc..0000000 --- a/internalproxy/templates/semaphore.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: semaphore -spec: - ports: - - name: app - port: 3001 - protocol: TCP - targetPort: 3001 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: semaphore -subsets: - - addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 3001 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: semaphore-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: semaphore - port: 3001 - scheme: http - tls: - secretName: semaphore-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: semaphore-tls -spec: - secretName: semaphore-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "semaphore.internal.durp.info" - dnsNames: - - "semaphore.internal.durp.info" diff --git a/internalproxy/templates/smokeping.yaml b/internalproxy/templates/smokeping.yaml deleted file mode 100644 index 8a76738..0000000 --- a/internalproxy/templates/smokeping.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: smokeping -spec: - ports: - - name: app - port: 81 - protocol: TCP - targetPort: 81 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: smokeping -subsets: -- addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 81 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: smokeping-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`smokeping.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: smokeping - port: 81 - - match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - kind: Rule - services: - - name: ak-outpost-authentik-embedded-outpost - namespace: authentik - port: 9000 - tls: - secretName: smokeping-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: smokeping-tls -spec: - secretName: smokeping-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "smokeping.durp.info" - dnsNames: - - "smokeping.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: smokeping-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/internalproxy/templates/speedtest.yaml b/internalproxy/templates/speedtest.yaml deleted file mode 100644 index e034917..0000000 --- a/internalproxy/templates/speedtest.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: speedtest -spec: - ports: - - name: app - port: 6580 - protocol: TCP - targetPort: 6580 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: speedtest -subsets: -- addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 6580 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: speedtest-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`speedtest.durp.info`) && PathPrefix(`/`) - kind: Rule - middlewares: - - name: authentik-proxy-provider - namespace: traefik - services: - - name: speedtest - port: 6580 - tls: - secretName: speedtest-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: speedtest-tls -spec: - secretName: speedtest-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "speedtest.durp.info" - dnsNames: - - "speedtest.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: speedtest-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/internalproxy/templates/tdarr.yaml b/internalproxy/templates/tdarr.yaml deleted file mode 100644 index c4403b9..0000000 --- a/internalproxy/templates/tdarr.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tdarr -spec: - ports: - - name: app - port: 8267 - protocol: TCP - targetPort: 8267 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: tdarr -subsets: -- addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 8267 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: tdarr-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production -spec: - entryPoints: - - websecure - routes: - - match: Host(`tdarr.internal.durp.info`) - middlewares: - - name: whitelist - namespace: traefik - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: tdarr - port: 8267 - scheme: http - tls: - secretName: tdarr-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: tdarr-tls -spec: - secretName: tdarr-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "tdarr.internal.durp.info" - dnsNames: - - "tdarr.internal.durp.info" diff --git a/internalproxy/templates/unraid.yaml b/internalproxy/templates/unraid.yaml deleted file mode 100644 index 9c62edc..0000000 --- a/internalproxy/templates/unraid.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: unraid -spec: - ports: - - name: app - port: 443 - protocol: TCP - targetPort: 443 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: unraid -subsets: - - addresses: - - ip: 192.168.20.253 - ports: - - name: app - port: 443 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: unraid-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: unraid - port: 443 - scheme: https - tls: - secretName: unraid-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: unraid-tls -spec: - secretName: unraid-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "unraid.internal.durp.info" - dnsNames: - - "unraid.internal.durp.info" diff --git a/internalproxy/templates/wazuh.yaml b/internalproxy/templates/wazuh.yaml deleted file mode 100644 index 5a5d853..0000000 --- a/internalproxy/templates/wazuh.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: wazuh -spec: - ports: - - name: app - port: 443 - protocol: TCP - targetPort: 443 - clusterIP: None - type: ClusterIP - ---- - -apiVersion: v1 -kind: Endpoints -metadata: - name: wazuh -subsets: - - addresses: - - ip: 192.168.20.102 - ports: - - name: app - port: 443 - protocol: TCP - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: wazuh-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: wazuh - port: 443 - scheme: https - tls: - secretName: wazuh-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: wazuh-tls -spec: - secretName: wazuh-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "wazuh.internal.durp.info" - dnsNames: - - "wazuh.internal.durp.info" diff --git a/krakend/Chart.yaml b/krakend/Chart.yaml deleted file mode 100644 index d998c9f..0000000 --- a/krakend/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: krakend -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" \ No newline at end of file diff --git a/krakend/templates/deployments.yaml b/krakend/templates/deployments.yaml deleted file mode 100644 index ce50302..0000000 --- a/krakend/templates/deployments.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: krakend - name: krakend - labels: - app: krakend -spec: - selector: - matchLabels: - app: krakend - replicas: 1 - template: - metadata: - labels: - app: krakend - spec: - volumes: - - name: krakend-secret - secret: - secretName: krakend-secret - containers: - - name: krakend - image: registry.internal.durp.info/devopsfaith/krakend:2.4.3 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /__health - port: 8080 - readinessProbe: - httpGet: - path: /__health - port: 8080 - ports: - - name: http - containerPort: 8080 - volumeMounts: - - name: krakend-secret - mountPath: /etc/krakend \ No newline at end of file diff --git a/krakend/templates/ingress.yaml b/krakend/templates/ingress.yaml deleted file mode 100644 index a8c08eb..0000000 --- a/krakend/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: api-tls -spec: - secretName: api-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "api.durp.info" - dnsNames: - - "api.durp.info" - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: krakend-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`api.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: krakend-service - port: 8080 - scheme: http - tls: - secretName: api-tls - ---- - -kind: Service -apiVersion: v1 -metadata: - name: api-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: api.durp.info -spec: - type: ExternalName - externalName: durp.info - ---- - -kind: Service -apiVersion: v1 -metadata: - name: api-developer-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: developer.durp.info - external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" -spec: - type: ExternalName - externalName: developerdurp.github.io diff --git a/krakend/templates/secrets.yaml b/krakend/templates/secrets.yaml deleted file mode 100644 index 2eb1a9d..0000000 --- a/krakend/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: krakend-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: krakend-secret - data: - - secretKey: krakend.json - remoteRef: - key: secrets/krakend/config - property: config \ No newline at end of file diff --git a/krakend/templates/service.yaml b/krakend/templates/service.yaml deleted file mode 100644 index d5393f3..0000000 --- a/krakend/templates/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: krakend-service -spec: - ports: - - name: http - port: 8080 - targetPort: 8080 - protocol: TCP - selector: - app: krakend \ No newline at end of file diff --git a/kube-prometheus-stack/Chart.yaml b/kube-prometheus-stack/Chart.yaml deleted file mode 100644 index ecb4ab2..0000000 --- a/kube-prometheus-stack/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -name: kube-prometheus-stack -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" - -dependencies: -- name: kube-prometheus-stack - repository: https://prometheus-community.github.io/helm-charts - version: 63.1.0 diff --git a/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml b/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml deleted file mode 100644 index 716d4e5..0000000 --- a/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-grafana-oauth -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: grafana-oauth - data: - - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - remoteRef: - key: secrets/kube-prometheus/grafana/oauth - property: GF_AUTH_GENERIC_OAUTH_CLIENT_ID - - secretKey: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - remoteRef: - key: secrets/kube-prometheus/grafana/oauth - property: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: vault-admin-credentials -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: grafana-admin-credentials - data: - - secretKey: admin-password - remoteRef: - key: secrets/kube-prometheus/grafana/admin - property: admin-password - - secretKey: admin-user - remoteRef: - key: secrets/kube-prometheus/grafana/admin - property: admin-user diff --git a/kube-prometheus-stack/templates/ingress.yaml b/kube-prometheus-stack/templates/ingress.yaml deleted file mode 100644 index caf0ee1..0000000 --- a/kube-prometheus-stack/templates/ingress.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: grafana-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`grafana.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: grafana - port: 80 - tls: - secretName: grafana-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: grafana-tls -spec: - secretName: grafana-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "grafana.durp.info" - dnsNames: - - "grafana.durp.info" - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: alertmanager-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`alertmanager.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: prometheus-alertmanager - port: 9093 - tls: - secretName: alertmanager-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: alertmanager-tls -spec: - secretName: alertmanager-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "alertmanager.durp.info" - dnsNames: - - "alertmanager.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: grafana-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: grafana.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/kube-prometheus-stack/values.yaml b/kube-prometheus-stack/values.yaml deleted file mode 100644 index 19436ac..0000000 --- a/kube-prometheus-stack/values.yaml +++ /dev/null @@ -1,203 +0,0 @@ -kube-prometheus-stack: - fullnameOverride: prometheus - - defaultRules: - create: true - rules: - alertmanager: true - etcd: true - configReloaders: true - general: true - k8s: true - kubeApiserverAvailability: true - kubeApiserverBurnrate: true - kubeApiserverHistogram: true - kubeApiserverSlos: true - kubelet: true - kubeProxy: true - kubePrometheusGeneral: true - kubePrometheusNodeRecording: true - kubernetesApps: true - kubernetesResources: true - kubernetesStorage: true - kubernetesSystem: true - kubeScheduler: true - kubeStateMetrics: true - network: true - node: true - nodeExporterAlerting: true - nodeExporterRecording: true - prometheus: true - prometheusOperator: true - - alertmanager: - fullnameOverride: alertmanager - enabled: true - ingress: - enabled: false - grafana: - enabled: true - fullnameOverride: grafana - forceDeployDatasources: false - forceDeployDashboards: false - defaultDashboardsEnabled: true - defaultDashboardsTimezone: utc - plugins: - - grafana-polystat-panel - serviceMonitor: - enabled: true - admin: - existingSecret: grafana-admin-credentials - userKey: admin-user - passwordKey: admin-password - ingress: - enabled: false - grafana.ini: - server: - root_url: https://grafana.durp.info - auth.generic_oauth: - enabled: true - scopes: openid profile email - auth_url: https://authentik.durp.info/application/o/authorize/ - token_url: https://authentik.durp.info/application/o/token/ - api_url: https://authentik.durp.info/application/o/userinfo/ - envFromSecret: "grafana-oauth" - - kubeApiServer: - enabled: true - - kubelet: - enabled: true - serviceMonitor: - metricRelabelings: - - action: replace - sourceLabels: - - node - targetLabel: instance - - kubeControllerManager: - enabled: true - endpoints: # ips of servers - - 192.168.20.121 - - 192.168.20.122 - - 192.168.20.123 - - coreDns: - enabled: false - - kubeDns: - enabled: false - - kubeEtcd: - enabled: true - endpoints: # ips of servers - - 192.168.20.121 - - 192.168.20.122 - - 192.168.20.123 - service: - enabled: true - port: 2381 - targetPort: 2381 - - kubeScheduler: - enabled: true - endpoints: # ips of servers - - 192.168.20.121 - - 192.168.20.122 - - 192.168.20.123 - - kubeProxy: - enabled: true - endpoints: # ips of servers - - 192.168.20.121 - - 192.168.20.122 - - 192.168.20.123 - - kubeStateMetrics: - enabled: true - - kube-state-metrics: - fullnameOverride: kube-state-metrics - selfMonitor: - enabled: true - prometheus: - monitor: - enabled: true - relabelings: - - action: replace - regex: (.*) - replacement: $1 - sourceLabels: - - __meta_kubernetes_pod_node_name - targetLabel: kubernetes_node - - nodeExporter: - enabled: true - serviceMonitor: - relabelings: - - action: replace - regex: (.*) - replacement: $1 - sourceLabels: - - __meta_kubernetes_pod_node_name - targetLabel: kubernetes_node - - prometheus-node-exporter: - fullnameOverride: node-exporter - podLabels: - jobLabel: node-exporter - extraArgs: - - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ - service: - portName: http-metrics - prometheus: - monitor: - enabled: true - relabelings: - - action: replace - regex: (.*) - replacement: $1 - sourceLabels: - - __meta_kubernetes_pod_node_name - targetLabel: kubernetes_node - resources: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 2048Mi - - prometheusOperator: - enabled: true - prometheusConfigReloader: - resources: - requests: - cpu: 200m - memory: 50Mi - limits: - memory: 100Mi - - prometheus: - enabled: true - prometheusSpec: - replicas: 1 - replicaExternalLabelName: "replica" - ruleSelectorNilUsesHelmValues: false - serviceMonitorSelectorNilUsesHelmValues: false - podMonitorSelectorNilUsesHelmValues: false - probeSelectorNilUsesHelmValues: false - retention: 6h - enableAdminAPI: true - walCompression: true - storageSpec: - volumeClaimTemplate: - spec: - storageClassName: nfs-storage - accessModes: ["ReadWriteMany"] - resources: - requests: - storage: 50Gi - - thanosRuler: - enabled: false diff --git a/kubeclarity/Chart.yaml b/kubeclarity/Chart.yaml deleted file mode 100644 index 4eef59a..0000000 --- a/kubeclarity/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: kubeclarity -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: kubeclarity - repository: https://openclarity.github.io/kubeclarity - version: 2.23.3 diff --git a/kubeclarity/templates/ingress.yaml b/kubeclarity/templates/ingress.yaml deleted file mode 100644 index 77b67a7..0000000 --- a/kubeclarity/templates/ingress.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: kubeclarity-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`kubeclarity.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: kubeclarity-kubeclarity - port: 8080 - tls: - secretName: kubeclarity-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: kubeclarity-tls -spec: - secretName: kubeclarity-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "kubeclarity.durp.info" - dnsNames: - - "kubeclarity.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: kubeclarity-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: kubeclarity.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/kubeclarity/values.yaml b/kubeclarity/values.yaml deleted file mode 100644 index 0bb5078..0000000 --- a/kubeclarity/values.yaml +++ /dev/null @@ -1,235 +0,0 @@ -kubeclarity: - global: - databasePassword: kubeclarity - docker: - registry: "registry.internal.durp.info/openclarity" - tag: "latest" - imagePullPolicy: Always - - curl: - image: - registry: "registry.internal.durp.info" - repository: curlimages/curl - tag: 7.87.0 - - kubeclarity: - docker: - imageName: "" - - logLevel: warning - - enableDBInfoLog: false - - prometheus: - enabled: false - - podAnnotations: {} - - service: - type: ClusterIP - port: 8080 - annotations: {} - - ingress: - enabled: false - - resources: - requests: - memory: "200Mi" - cpu: "100m" - limits: - memory: "1000Mi" - cpu: "1000m" - - initContainers: - resources: - requests: - memory: "100Mi" - cpu: "100m" - limits: - memory: "200Mi" - cpu: "200m" - - kubeclarity-runtime-scan: - httpsProxy: "" - httpProxy: "" - resultServicePort: 8888 - - labels: - app: kubeclarity-scanner - sidecar.istio.io/inject: "false" - - namespace: "" - - registry: - skipVerifyTlS: "false" - useHTTP: "false" - - cis-docker-benchmark-scanner: - resources: - requests: - memory: "50Mi" - cpu: "50m" - limits: - memory: "1000Mi" - cpu: "1000m" - - vulnerability-scanner: - resources: - requests: - memory: "50Mi" - cpu: "50m" - limits: - memory: "1000Mi" - cpu: "1000m" - - analyzer: - analyzerList: "syft gomod trivy" - analyzerScope: "squashed" - - trivy: - enabled: true - timeout: "300" - - scanner: - scannerList: "grype trivy" - - grype: - enabled: true - mode: "REMOTE" - - remote-grype: - timeout: "2m" - - dependency-track: - enabled: false - insecureSkipVerify: "true" - disableTls: "true" - apiserverAddress: "dependency-track-apiserver.dependency-track" - apiKey: "" - - trivy: - enabled: true - timeout: "300" - - kubeclarity-grype-server: - enabled: true - - docker: - imageRepo: "registry.internal.durp.info/openclarity" - imageTag: "v0.6.0" - imagePullPolicy: Always - - logLevel: warning - - servicePort: 9991 - - resources: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "1000m" - memory: "1G" - - kubeclarity-trivy-server: - enabled: true - - ## Docker Image values. - image: - registry: registry.internal.durp.info - repository: aquasec/trivy - tag: 0.44.1 - pullPolicy: Always - - persistence: - enabled: false - - podSecurityContext: - runAsUser: 1001 - runAsNonRoot: true - fsGroup: 1001 - - securityContext: - privileged: false - readOnlyRootFilesystem: true - - trivy: - debugMode: false - - service: - port: 9992 - - resources: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "1000m" - memory: "1G" - - - kubeclarity-sbom-db: - docker: - imageName: "" - logLevel: warning - - servicePort: 8080 - - resources: - requests: - memory: "20Mi" - cpu: "10m" - limits: - memory: "1Gi" - cpu: "200m" - - kubeclarity-postgresql: - enabled: true - - image: - registry: registry.internal.durp.info - repository: bitnami/postgresql - tag: 14.6.0-debian-11-r31 - - auth: - existingSecret: kubeclarity-postgresql-secret - username: postgres - database: kubeclarity - sslMode: disable - - service: - ports: - postgresql: 5432 - - serviceAccount: - enabled: true - securityContext: - enabled: true - fsGroup: 1001 - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - volumePermissions: - enabled: false - securityContext: - runAsUser: 1001 - shmVolume: - chmod: - enabled: true - - resources: - requests: - memory: "256Mi" - cpu: "250m" - limits: - memory: "1000Mi" - cpu: "1000m" - - kubeclarity-postgresql-external: - enabled: false - - kubeclarity-postgresql-secret: - create: true - secretKey: "postgres-password" diff --git a/littlelink/Chart.yaml b/littlelink/Chart.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/littlelink/templates/deployment.yaml b/littlelink/templates/deployment.yaml deleted file mode 100644 index b713b86..0000000 --- a/littlelink/templates/deployment.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: littlelink - name: littlelink - labels: - app: littlelink -spec: - selector: - matchLabels: - app: littlelink - replicas: 1 - template: - metadata: - labels: - app: littlelink - spec: - containers: - - name: littlelink - image: registry.internal.durp.info/techno-tim/littlelink-server:latest - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthcheck - port: 3000 - readinessProbe: - httpGet: - path: /healthcheck - port: 3000 - env: - - name: META_TITLE - value: DeveloperDurp - - name: META_DESCRIPTION - value: The Durpy Developer - - name: META_AUTHOR - value: DeveloperDurp - - name: LANG - value: en - - name: META_INDEX_STATUS - value: all - - name: OG_TITLE - value: DeveloperDurp - - name: OG_DESCRIPTION - value: DeveloperDurp - - name: OG_URL - value: https://gitlab.com/developerdurp - - name: OG_IMAGE - value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png - - name : OG_IMAGE_WIDTH - value: "400" - - name : OG_IMAGE_HEIGHT - value: "400" - - name : THEME - value: Dark - - name : FAVICON_URL - value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png - - name : AVATAR_URL - value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png - - name : AVATAR_2X_URL - value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png - - name : AVATAR_ALT - value: DeveloperDurp Profile Pic - - name : NAME - value: DeveloperDurp - - name : BIO - value: Sup Nerd, - - name : BUTTON_ORDER - value: GITHUB,GITLAB,YOUTUBE,TWITTER,COFFEE,EMAIL - - name : TWITTER - value: https://twitter.com/developerdurp - - name : GITHUB - value: https://github.com/DeveloperDurp - - name : GITLAB - value: https://gitlab.com/developerdurp - - name: YOUTUBE - value: https://www.youtube.com/channel/UC1rGa6s6kER_gLpIQsxeMVQ - - name : EMAIL - value: DeveloperDurp@durp.info - - name : EMAIL_TEXT - value: DeveloperDurp@durp.info - - name : FOOTER - value: DeveloperDurp © 2022 - - name: CUSTOM_BUTTON_TEXT - value: BuyMeACoffee - - name: CUSTOM_BUTTON_URL - value: https://www.buymeacoffee.com/DeveloperDurp - - name: CUSTOM_BUTTON_COLOR - value: '#ffdd00' - - name: CUSTOM_BUTTON_TEXT_COLOR - value: '#000000' - - name: CUSTOM_BUTTON_ALT_TEXT - value: Support - - name: CUSTOM_BUTTON_NAME - value: COFFEE - - name: CUSTOM_BUTTON_ICON - value: fa-solid fa-cup-togo - ports: - - name: http - containerPort: 3000 diff --git a/littlelink/templates/ingress.yaml b/littlelink/templates/ingress.yaml deleted file mode 100644 index 194f31e..0000000 --- a/littlelink/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: littlelink-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`links.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: littlelink - port: 80 - tls: - secretName: littlelink-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: littlelink-tls -spec: - secretName: littlelink-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "links.durp.info" - dnsNames: - - "links.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: links-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: links.durp.info -spec: - type: ExternalName - externalName: durp.info \ No newline at end of file diff --git a/littlelink/templates/service.yaml b/littlelink/templates/service.yaml deleted file mode 100644 index 445d527..0000000 --- a/littlelink/templates/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: littlelink -spec: - ports: - - name: http - port: 80 - targetPort: 3000 - protocol: TCP - selector: - app: littlelink \ No newline at end of file diff --git a/longhorn/Chart.yaml b/longhorn/Chart.yaml deleted file mode 100644 index fde2188..0000000 --- a/longhorn/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -name: longhorn-system -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" - -dependencies: -- name: longhorn - repository: https://charts.longhorn.io - version: 1.7.1 \ No newline at end of file diff --git a/longhorn/templates/ingress.yaml b/longhorn/templates/ingress.yaml deleted file mode 100644 index df2e071..0000000 --- a/longhorn/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: longhorn-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/`) - middlewares: - - name: whitelist - namespace: traefik - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: longhorn-frontend - port: 80 - - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - kind: Rule - services: - - name: ak-outpost-authentik-embedded-outpost - namespace: authentik - port: 9000 - tls: - secretName: longhorn-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: longhorn-tls -spec: - secretName: longhorn-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "longhorn.internal.durp.info" - dnsNames: - - "longhorn.internal.durp.info" diff --git a/longhorn/templates/secrets.yaml b/longhorn/templates/secrets.yaml deleted file mode 100644 index c10ab89..0000000 --- a/longhorn/templates/secrets.yaml +++ /dev/null @@ -1,24 +0,0 @@ - -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: external-longhorn-backup-token-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: longhorn-backup-token-secret - data: - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - key: secrets/longhorn/backup - property: AWS_ACCESS_KEY_ID - - secretKey: AWS_ENDPOINTS - remoteRef: - key: secrets/longhorn/backup - property: AWS_ENDPOINTS - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - key: secrets/longhorn/backup - property: AWS_SECRET_ACCESS_KEY diff --git a/longhorn/values.yaml b/longhorn/values.yaml deleted file mode 100644 index 647385b..0000000 --- a/longhorn/values.yaml +++ /dev/null @@ -1,253 +0,0 @@ -longhorn: - - # Default values for longhorn. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - global: - cattle: - systemDefaultRegistry: "" - - image: - longhorn: - engine: - repository: longhornio/longhorn-engine - manager: - repository: longhornio/longhorn-manager - ui: - repository: longhornio/longhorn-ui - instanceManager: - repository: longhornio/longhorn-instance-manager - shareManager: - repository: longhornio/longhorn-share-manager - backingImageManager: - repository: longhornio/backing-image-manager - csi: - attacher: - repository: longhornio/csi-attacher - provisioner: - repository: longhornio/csi-provisioner - nodeDriverRegistrar: - repository: longhornio/csi-node-driver-registrar - resizer: - repository: longhornio/csi-resizer - snapshotter: - repository: longhornio/csi-snapshotter - pullPolicy: Always - - service: - ui: - type: ClusterIP - nodePort: null - manager: - type: ClusterIP - nodePort: "" - loadBalancerIP: "" - loadBalancerSourceRanges: "" - - persistence: - defaultClass: true - defaultFsType: ext4 - defaultClassReplicaCount: 3 - defaultDataLocality: disabled # best-effort otherwise - reclaimPolicy: Retain - migratable: false - recurringJobSelector: - enable: true - jobList: '[ - { - "name":"backup", - "task":"backup", - "cron":"0 0 * * ?", - "retain":24 - } - ]' - backingImage: - enable: false - name: ~ - dataSourceType: ~ - dataSourceParameters: ~ - expectedChecksum: ~ - - csi: - kubeletRootDir: ~ - attacherReplicaCount: ~ - provisionerReplicaCount: ~ - resizerReplicaCount: ~ - snapshotterReplicaCount: ~ - - defaultSettings: - backupTarget: S3://longhorn-master@us-east-1/ - backupTargetCredentialSecret: longhorn-backup-token-secret - allowRecurringJobWhileVolumeDetached: ~ - createDefaultDiskLabeledNodes: ~ - defaultDataPath: ~ - defaultDataLocality: ~ - replicaSoftAntiAffinity: ~ - replicaAutoBalance: ~ - storageOverProvisioningPercentage: ~ - storageMinimalAvailablePercentage: ~ - upgradeChecker: ~ - defaultReplicaCount: ~ - defaultLonghornStaticStorageClass: longhorn - backupstorePollInterval: ~ - taintToleration: ~ - systemManagedComponentsNodeSelector: ~ - priorityClass: ~ - autoSalvage: ~ - autoDeletePodWhenVolumeDetachedUnexpectedly: ~ - disableSchedulingOnCordonedNode: ~ - replicaZoneSoftAntiAffinity: ~ - nodeDownPodDeletionPolicy: ~ - allowNodeDrainWithLastHealthyReplica: ~ - mkfsExt4Parameters: ~ - disableReplicaRebuild: ~ - replicaReplenishmentWaitInterval: ~ - concurrentReplicaRebuildPerNodeLimit: ~ - disableRevisionCounter: ~ - systemManagedPodsImagePullPolicy: ~ - allowVolumeCreationWithDegradedAvailability: ~ - autoCleanupSystemGeneratedSnapshot: ~ - concurrentAutomaticEngineUpgradePerNodeLimit: ~ - backingImageCleanupWaitInterval: ~ - backingImageRecoveryWaitInterval: ~ - guaranteedEngineManagerCPU: ~ - guaranteedReplicaManagerCPU: ~ - kubernetesClusterAutoscalerEnabled: ~ - orphanAutoDeletion: ~ - storageNetwork: ~ - privateRegistry: - createSecret: ~ - registryUrl: ~ - registryUser: ~ - registryPasswd: ~ - registrySecret: ~ - - longhornManager: - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - - longhornDriver: - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - - longhornUI: - priorityClass: ~ - tolerations: [] - ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above - ## and uncomment this example block - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - nodeSelector: {} - ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above - ## and uncomment this example block - # label-key1: "label-value1" - # label-key2: "label-value2" - - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # - - ingress: - ## Set to true to enable ingress record generation - enabled: false - - ## Add ingressClassName to the Ingress - ## Can replace the kubernetes.io/ingress.class annotation on v1.18+ - ingressClassName: nginx - - host: longhorn.internal.durp.info - - ## Set this to true in order to enable TLS on the ingress record - ## A side effect of this will be that the backend service will be connected at port 443 - tls: - - secretName: longhorn-tls - hosts: - - longhorn.internal.durp.info - - ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS - tlsSecret: longhorn-tls - - ## If ingress is enabled you can set the default ingress path - ## then you can access the UI by using the following full path {{host}}+{{path}} - path: / - - ## Ingress annotations done as key:value pairs - ## If you're using kube-lego, you will want to add: - ## kubernetes.io/tls-acme: true - ## - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/auth-url: |- - http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx - nginx.ingress.kubernetes.io/auth-signin: |- - https://longhorn.internal.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri - nginx.ingress.kubernetes.io/auth-response-headers: |- - Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid - nginx.ingress.kubernetes.io/auth-snippet: | - proxy_set_header X-Forwarded-Host $http_host; - - secrets: - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - # - name: longhorn.local-tls - # key: - # certificate: - - # Configure a pod security policy in the Longhorn namespace to allow privileged pods - enablePSP: true - - ## Specify override namespace, specifically this is useful for using longhorn as sub-chart - ## and its release namespace is not the `longhorn-system` - namespaceOverride: "" - - # Annotations to add to the Longhorn Manager DaemonSet Pods. Optional. - annotations: {} - - serviceAccount: - # Annotations to add to the service account - annotations: {} - diff --git a/metallb-system/Chart.yaml b/metallb-system/Chart.yaml deleted file mode 100644 index 0f6506f..0000000 --- a/metallb-system/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -name: metallb-system -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" - -dependencies: -- name: metallb - repository: https://metallb.github.io/metallb - version: 0.14.8 - diff --git a/metallb-system/templates/config.yaml b/metallb-system/templates/config.yaml deleted file mode 100644 index e44285d..0000000 --- a/metallb-system/templates/config.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: cheap -spec: - addresses: - - 192.168.20.130-192.168.20.140 ---- -apiVersion: metallb.io/v1beta1 -kind: L2Advertisement -metadata: - name: poop - namespace: metallb-system -spec: - ipAddressPools: - - cheap - diff --git a/metallb-system/values.yaml b/metallb-system/values.yaml deleted file mode 100644 index 260551d..0000000 --- a/metallb-system/values.yaml +++ /dev/null @@ -1,197 +0,0 @@ -metallb: - imagePullSecrets: [] - nameOverride: "" - fullnameOverride: "" - loadBalancerClass: "" - - rbac: - create: true - - prometheus: - scrapeAnnotations: false - metricsPort: 7472 - speakerMetricsTLSSecret: "" - controllerMetricsTLSSecret: "" - rbacPrometheus: true - serviceAccount: "" - namespace: "" - rbacProxy: - repository: gcr.io/kubebuilder/kube-rbac-proxy - tag: v0.12.0 - pullPolicy: - podMonitor: - enabled: false - additionalLabels: {} - annotations: {} - jobLabel: "app.kubernetes.io/name" - interval: - metricRelabelings: [] - relabelings: [] - serviceMonitor: - enabled: false - speaker: - additionalLabels: {} - annotations: {} - tlsConfig: - insecureSkipVerify: true - controller: - additionalLabels: {} - annotations: {} - tlsConfig: - insecureSkipVerify: true - jobLabel: "app.kubernetes.io/name" - interval: - metricRelabelings: [] - relabelings: [] - prometheusRule: - enabled: false - additionalLabels: {} - annotations: {} - staleConfig: - enabled: true - labels: - severity: warning - configNotLoaded: - enabled: true - labels: - severity: warning - addressPoolExhausted: - enabled: true - labels: - severity: alert - addressPoolUsage: - enabled: true - thresholds: - - percent: 75 - labels: - severity: warning - - percent: 85 - labels: - severity: warning - - percent: 95 - labels: - severity: alert - bgpSessionDown: - enabled: true - labels: - severity: alert - - extraAlerts: [] - - controller: - enabled: true - # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` - logLevel: info - image: - repository: quay.io/metallb/controller - tag: - pullPolicy: - strategy: - type: RollingUpdate - serviceAccount: - create: true - name: "" - annotations: {} - securityContext: - runAsNonRoot: true - runAsUser: 65534 - fsGroup: 65534 - resources: {} - nodeSelector: {} - tolerations: [] - priorityClassName: "" - runtimeClassName: "" - affinity: {} - podAnnotations: {} - labels: {} - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - tlsMinVersion: "VersionTLS12" - tlsCipherSuites: "" - - extraContainers: [] - - speaker: - enabled: true - logLevel: debug - tolerateMaster: true - memberlist: - enabled: true - mlBindPort: 7946 - mlBindAddrOverride: "" - mlSecretKeyPath: "/etc/ml_secret_key" - excludeInterfaces: - enabled: true - ignoreExcludeLB: false - - image: - repository: quay.io/metallb/speaker - tag: - pullPolicy: - updateStrategy: - type: RollingUpdate - serviceAccount: - create: true - name: "" - annotations: {} - securityContext: {} - resources: {} - nodeSelector: {} - tolerations: [] - priorityClassName: "" - affinity: {} - runtimeClassName: "" - podAnnotations: {} - labels: - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/warn: privileged - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - startupProbe: - enabled: true - failureThreshold: 30 - periodSeconds: 5 - frr: - enabled: true - image: - repository: quay.io/frrouting/frr - tag: 9.0.2 - pullPolicy: - metricsPort: 7473 - resources: {} - reloader: - resources: {} - frrMetrics: - resources: {} - extraContainers: [] - crds: - enabled: true - validationFailurePolicy: Fail - frrk8s: - enabled: false - diff --git a/nfs-client/Chart.yml b/nfs-client/Chart.yml deleted file mode 100644 index 217f2c1..0000000 --- a/nfs-client/Chart.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -name: nfs-client -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" - diff --git a/nfs-client/templates/cluster-role-binding.yml b/nfs-client/templates/cluster-role-binding.yml deleted file mode 100644 index 427d8c6..0000000 --- a/nfs-client/templates/cluster-role-binding.yml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: run-nfs-client-provisioner -subjects: - - kind: ServiceAccount - name: nfs-client-provisioner - namespace: nfs-client -roleRef: - kind: ClusterRole - name: nfs-client-provisioner-runner - apiGroup: rbac.authorization.k8s.io diff --git a/nfs-client/templates/cluster-role.yml b/nfs-client/templates/cluster-role.yml deleted file mode 100644 index fa6ed20..0000000 --- a/nfs-client/templates/cluster-role.yml +++ /dev/null @@ -1,20 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: nfs-client-provisioner-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] diff --git a/nfs-client/templates/provisioner.yml b/nfs-client/templates/provisioner.yml deleted file mode 100644 index c76fe8c..0000000 --- a/nfs-client/templates/provisioner.yml +++ /dev/null @@ -1,42 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: nfs-client-provisioner - namespace: nfs-client -spec: - selector: - matchLabels: - app: nfs-client-provisioner - replicas: 1 - strategy: - type: Recreate - template: - metadata: - labels: - app: nfs-client-provisioner - spec: - serviceAccountName: nfs-client-provisioner - containers: - - name: nfs-client-provisioner - image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0 - resources: - requests: - cpu: 500m - memory: 512Mi - limits: - memory: 1Gi - volumeMounts: - - name: nfs-client-ssd - mountPath: /persistentvolumes - env: - - name: PROVISIONER_NAME - value: durp.info/nfs - - name: NFS_SERVER - value: 192.168.20.253 - - name: NFS_PATH - value: /mnt/user/k3s - volumes: - - name: nfs-client-ssd - nfs: - server: 192.168.20.253 - path: /mnt/user/k3s diff --git a/nfs-client/templates/role-binding.yml b/nfs-client/templates/role-binding.yml deleted file mode 100644 index fb0f085..0000000 --- a/nfs-client/templates/role-binding.yml +++ /dev/null @@ -1,13 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: leader-locking-nfs-client-provisioner - namespace: nfs-client -subjects: - - kind: ServiceAccount - name: nfs-client-provisioner - namespace: nfs-client -roleRef: - kind: Role - name: leader-locking-nfs-client-provisioner - apiGroup: rbac.authorization.k8s.io diff --git a/nfs-client/templates/role.yml b/nfs-client/templates/role.yml deleted file mode 100644 index 910346d..0000000 --- a/nfs-client/templates/role.yml +++ /dev/null @@ -1,9 +0,0 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: leader-locking-nfs-client-provisioner - namespace: nfs-client -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] diff --git a/nfs-client/templates/service-account.yml b/nfs-client/templates/service-account.yml deleted file mode 100644 index ef9b4d7..0000000 --- a/nfs-client/templates/service-account.yml +++ /dev/null @@ -1,5 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: nfs-client-provisioner - namespace: nfs-client diff --git a/nfs-client/templates/storage-class.yml b/nfs-client/templates/storage-class.yml deleted file mode 100644 index b615fe1..0000000 --- a/nfs-client/templates/storage-class.yml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: nfs-storage - annotations: - storageclass.kubernetes.io/is-default-class: "false" -provisioner: durp.info/nfs -parameters: - archiveOnDelete: "false" -reclaimPolicy: Retain diff --git a/open-webui/Chart.yaml b/open-webui/Chart.yaml deleted file mode 100644 index 1561d60..0000000 --- a/open-webui/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: open-webui -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" diff --git a/open-webui/templates/deployment.yaml b/open-webui/templates/deployment.yaml deleted file mode 100644 index 7a51d0f..0000000 --- a/open-webui/templates/deployment.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: open-webui - name: open-webui - labels: - app: open-webui -spec: - selector: - matchLabels: - app: open-webui - replicas: 1 - template: - metadata: - labels: - app: open-webui - spec: - containers: - - name: open-webui - image: registry.internal.durp.info/open-webui/open-webui:main - imagePullPolicy: Always - volumeMounts: - - name: open-webui-pvc - mountPath: /app/backend/data - ports: - - name: http - containerPort: 8080 - env: - - name: OLLAMA_BASE_URL - valueFrom: - secretKeyRef: - name: open-webui-secret - key: OLLAMA_BASE_URL - volumes: - - name: open-webui-pvc - persistentVolumeClaim: - claimName: open-webui-pvc diff --git a/open-webui/templates/ingress.yaml b/open-webui/templates/ingress.yaml deleted file mode 100644 index 6331e92..0000000 --- a/open-webui/templates/ingress.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: open-webui-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`open-webui.durp.info`) && PathPrefix(`/`) - kind: Rule - services: - - name: open-webui - port: 8080 - tls: - secretName: open-webui-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: open-webui-tls -spec: - secretName: open-webui-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "open-webui.durp.info" - dnsNames: - - "open-webui.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: open-webui-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: open-webui.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/open-webui/templates/pvc.yaml b/open-webui/templates/pvc.yaml deleted file mode 100644 index 63a3280..0000000 --- a/open-webui/templates/pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: open-webui-pvc -spec: - storageClassName: longhorn - accessModes: - - ReadWriteMany - resources: - requests: - storage: 10Gi diff --git a/open-webui/templates/secrets.yaml b/open-webui/templates/secrets.yaml deleted file mode 100644 index 1fe6fec..0000000 --- a/open-webui/templates/secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: open-webui-secret -spec: - secretStoreRef: - name: vault - kind: ClusterSecretStore - target: - name: open-webui-secret - data: - - secretKey: OLLAMA_BASE_URL - remoteRef: - key: secrets/open-webui - property: OLLAMA_BASE_URL - diff --git a/open-webui/templates/service.yaml b/open-webui/templates/service.yaml deleted file mode 100644 index cd93455..0000000 --- a/open-webui/templates/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: open-webui -spec: - ports: - - name: http - port: 8080 - targetPort: 8080 - protocol: TCP - selector: - app: open-webui diff --git a/traefik/Chart.yaml b/traefik/Chart.yaml deleted file mode 100644 index 5378476..0000000 --- a/traefik/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: traefik -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: traefik - repository: https://traefik.github.io/charts - version: 24.0.0 diff --git a/traefik/templates/ingress.yaml b/traefik/templates/ingress.yaml deleted file mode 100644 index a165566..0000000 --- a/traefik/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: traefik-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`traefik.internal.durp.info`) - middlewares: - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: api@internal - kind: TraefikService - - match: Host(`traefik.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - kind: Rule - services: - - name: ak-outpost-authentik-embedded-outpost - namespace: authentik - port: 9000 - tls: - secretName: traefik-tls - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: traefik-tls - namespace: traefik -spec: - secretName: traefik-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "traefik.internal.durp.info" - dnsNames: - - "traefik.internal.durp.info" \ No newline at end of file diff --git a/traefik/templates/middlewares.yaml b/traefik/templates/middlewares.yaml deleted file mode 100644 index 6ed5f31..0000000 --- a/traefik/templates/middlewares.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: authentik-proxy-provider - namespace: traefik -spec: - forwardAuth: - address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik - trustForwardHeader: true - authResponseHeaders: - - X-authentik-username - - X-authentik-groups - - X-authentik-email - - X-authentik-name - - X-authentik-uid - - X-authentik-jwt - - X-authentik-meta-jwks - - X-authentik-meta-outpost - - X-authentik-meta-provider - - X-authentik-meta-app - - X-authentik-meta-version - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: whitelist - namespace: traefik -spec: - ipWhiteList: - sourceRange: - - 192.168.20.0/24 - - 10.0.0.0/8 - - 192.168.30.0/24 - - 192.168.130.0/24 - - 192.168.131.0/24 diff --git a/traefik/values.yaml b/traefik/values.yaml deleted file mode 100644 index de51762..0000000 --- a/traefik/values.yaml +++ /dev/null @@ -1,887 +0,0 @@ -traefik: - # Default values for Traefik - image: - registry: docker.io - repository: traefik - # defaults to appVersion - tag: "" - pullPolicy: Always - - # - # Configure integration with Traefik Hub - # - hub: - ## Enabling Hub will: - # * enable Traefik Hub integration on Traefik - # * add `traefikhub-tunl` endpoint - # * enable Prometheus metrics with addRoutersLabels - # * enable allowExternalNameServices on KubernetesIngress provider - # * enable allowCrossNamespace on KubernetesCRD provider - # * add an internal (ClusterIP) Service, dedicated for Traefik Hub - enabled: true - ## Default port can be changed - # tunnelPort: 9901 - ## TLS is optional. Insecure is mutually exclusive with any other options - # tls: - # insecure: false - # ca: "/path/to/ca.pem" - # cert: "/path/to/cert.pem" - # key: "/path/to/key.pem" - - # - # Configure the deployment - # - deployment: - enabled: true - # Can be either Deployment or DaemonSet - kind: Deployment - # Number of pods of the deployment (only applies when kind == Deployment) - replicas: 3 - # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) - revisionHistoryLimit: 1 - # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down - terminationGracePeriodSeconds: 60 - # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available - minReadySeconds: 0 - # Additional deployment annotations (e.g. for jaeger-operator sidecar injection) - annotations: {} - # Additional deployment labels (e.g. for filtering deployment by custom labels) - labels: {} - # Additional pod annotations (e.g. for mesh injection or prometheus scraping) - podAnnotations: {} - # Additional Pod labels (e.g. for filtering Pod by custom labels) - podLabels: {} - # Additional containers (e.g. for metric offloading sidecars) - additionalContainers: [] - # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host - # - name: socat-proxy - # image: alpine/socat:1.0.5 - # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"] - # volumeMounts: - # - name: dsdsocket - # mountPath: /socket - # Additional volumes available for use with initContainers and additionalContainers - additionalVolumes: [] - # - name: dsdsocket - # hostPath: - # path: /var/run/statsd-exporter - # Additional initContainers (e.g. for setting file permission as shown below) - initContainers: [] - # The "volume-permissions" init container is required if you run into permission issues. - # Related issue: https://github.com/traefik/traefik-helm-chart/issues/396 - # - name: volume-permissions - # image: busybox:latest - # command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"] - # securityContext: - # runAsNonRoot: true - # runAsGroup: 65532 - # runAsUser: 65532 - # volumeMounts: - # - name: data - # mountPath: /data - # Use process namespace sharing - shareProcessNamespace: false - # Custom pod DNS policy. Apply if `hostNetwork: true` - # dnsPolicy: ClusterFirstWithHostNet - # Additional imagePullSecrets - imagePullSecrets: [] - # - name: myRegistryKeySecretName - # Pod lifecycle actions - lifecycle: {} - # preStop: - # exec: - # command: ["/bin/sh", "-c", "sleep 40"] - # postStart: - # httpGet: - # path: /ping - # port: 9000 - # host: localhost - # scheme: HTTP - - # Pod disruption budget - podDisruptionBudget: - enabled: false - # maxUnavailable: 1 - # maxUnavailable: 33% - # minAvailable: 0 - # minAvailable: 25% - - # Create a default IngressClass for Traefik - ingressClass: - enabled: true - isDefaultClass: false - - # Enable experimental features - experimental: - v3: - enabled: false - plugins: - enabled: true - kubernetesGateway: - enabled: false - gateway: - enabled: true - # certificate: - # group: "core" - # kind: "Secret" - # name: "mysecret" - # By default, Gateway would be created to the Namespace you are deploying Traefik to. - # You may create that Gateway in another namespace, setting its name below: - # namespace: default - # Additional gateway annotations (e.g. for cert-manager.io/issuer) - # annotations: - # cert-manager.io/issuer: letsencrypt - - # Create an IngressRoute for the dashboard - ingressRoute: - dashboard: - enabled: true - # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) - annotations: {} - # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) - labels: {} - # The router match rule used for the dashboard ingressRoute - matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`) - # Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure). - # By default, it's using traefik entrypoint, which is not exposed. - # /!\ Do not expose your dashboard without any protection over the internet /!\ - entryPoints: ["traefik"] - # Additional ingressRoute middlewares (e.g. for authentication) - middlewares: [] - # TLS options (e.g. secret containing certificate) - tls: {} - - # Customize updateStrategy of traefik pods - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 - - # Customize liveness and readiness probe values. - readinessProbe: - failureThreshold: 1 - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - - # - # Configure providers - # - providers: - kubernetesCRD: - enabled: true - allowCrossNamespace: true - allowExternalNameServices: false - allowEmptyServices: false - # ingressClass: traefik-internal - # labelSelector: environment=production,method=traefik - namespaces: [] - # - "default" - - kubernetesIngress: - enabled: true - allowExternalNameServices: false - allowEmptyServices: false - # ingressClass: traefik-internal - # labelSelector: environment=production,method=traefik - namespaces: [] - # - "default" - # IP used for Kubernetes Ingress endpoints - publishedService: - enabled: false - # Published Kubernetes Service to copy status from. Format: namespace/servicename - # By default this Traefik service - # pathOverride: "" - - # - # Add volumes to the traefik pod. The volume name will be passed to tpl. - # This can be used to mount a cert pair or a configmap that holds a config.toml file. - # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: - # additionalArguments: - # - "--providers.file.filename=/config/dynamic.toml" - # - "--ping" - # - "--ping.entrypoint=web" - volumes: [] - # - name: public-cert - # mountPath: "/certs" - # type: secret - # - name: '{{ printf "%s-configs" .Release.Name }}' - # mountPath: "/config" - # type: configMap - - # Additional volumeMounts to add to the Traefik container - additionalVolumeMounts: [] - # For instance when using a logshipper for access logs - # - name: traefik-logs - # mountPath: /var/log/traefik - - ## Logs - ## https://docs.traefik.io/observability/logs/ - logs: - ## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). - general: - # By default, the logs use a text format (common), but you can - # also ask for the json format in the format option - # format: json - # By default, the level is set to ERROR. - # Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - level: ERROR - access: - # To enable access logs - enabled: false - ## By default, logs are written using the Common Log Format (CLF) on stdout. - ## To write logs in JSON, use json in the format option. - ## If the given format is unsupported, the default (CLF) is used instead. - # format: json - # filePath: "/var/log/traefik/access.log - ## To write the logs in an asynchronous fashion, specify a bufferingSize option. - ## This option represents the number of log lines Traefik will keep in memory before writing - ## them to the selected output. In some cases, this option can greatly help performances. - # bufferingSize: 100 - ## Filtering https://docs.traefik.io/observability/access-logs/#filtering - filters: {} - # statuscodes: "200,300-302" - # retryattempts: true - # minduration: 10ms - ## Fields - ## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers - fields: - general: - defaultmode: keep - names: {} - ## Examples: - # ClientUsername: drop - headers: - defaultmode: drop - names: {} - ## Examples: - # User-Agent: redact - # Authorization: drop - # Content-Type: keep - - metrics: - ## Prometheus is enabled by default. - ## It can be disabled by setting "prometheus: null" - prometheus: - ## Entry point used to expose metrics. - entryPoint: metrics - ## Enable metrics on entry points. Default=true - # addEntryPointsLabels: false - ## Enable metrics on routers. Default=false - # addRoutersLabels: true - ## Enable metrics on services. Default=true - # addServicesLabels: false - ## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0" - # buckets: "0.5,1.0,2.5" - ## When manualRouting is true, it disables the default internal router in - ## order to allow creating a custom router for prometheus@internal service. - # manualRouting: true - # datadog: - # ## Address instructs exporter to send metrics to datadog-agent at this address. - # address: "127.0.0.1:8125" - # ## The interval used by the exporter to push metrics to datadog-agent. Default=10s - # # pushInterval: 30s - # ## The prefix to use for metrics collection. Default="traefik" - # # prefix: traefik - # ## Enable metrics on entry points. Default=true - # # addEntryPointsLabels: false - # ## Enable metrics on routers. Default=false - # # addRoutersLabels: true - # ## Enable metrics on services. Default=true - # # addServicesLabels: false - # influxdb: - # ## Address instructs exporter to send metrics to influxdb at this address. - # address: localhost:8089 - # ## InfluxDB's address protocol (udp or http). Default="udp" - # protocol: udp - # ## InfluxDB database used when protocol is http. Default="" - # # database: "" - # ## InfluxDB retention policy used when protocol is http. Default="" - # # retentionPolicy: "" - # ## InfluxDB username (only with http). Default="" - # # username: "" - # ## InfluxDB password (only with http). Default="" - # # password: "" - # ## The interval used by the exporter to push metrics to influxdb. Default=10s - # # pushInterval: 30s - # ## Additional labels (influxdb tags) on all metrics. - # # additionalLabels: - # # env: production - # # foo: bar - # ## Enable metrics on entry points. Default=true - # # addEntryPointsLabels: false - # ## Enable metrics on routers. Default=false - # # addRoutersLabels: true - # ## Enable metrics on services. Default=true - # # addServicesLabels: false - # influxdb2: - # ## Address instructs exporter to send metrics to influxdb v2 at this address. - # address: localhost:8086 - # ## Token with which to connect to InfluxDB v2. - # token: xxx - # ## Organisation where metrics will be stored. - # org: "" - # ## Bucket where metrics will be stored. - # bucket: "" - # ## The interval used by the exporter to push metrics to influxdb. Default=10s - # # pushInterval: 30s - # ## Additional labels (influxdb tags) on all metrics. - # # additionalLabels: - # # env: production - # # foo: bar - # ## Enable metrics on entry points. Default=true - # # addEntryPointsLabels: false - # ## Enable metrics on routers. Default=false - # # addRoutersLabels: true - # ## Enable metrics on services. Default=true - # # addServicesLabels: false - # statsd: - # ## Address instructs exporter to send metrics to statsd at this address. - # address: localhost:8125 - # ## The interval used by the exporter to push metrics to influxdb. Default=10s - # # pushInterval: 30s - # ## The prefix to use for metrics collection. Default="traefik" - # # prefix: traefik - # ## Enable metrics on entry points. Default=true - # # addEntryPointsLabels: false - # ## Enable metrics on routers. Default=false - # # addRoutersLabels: true - # ## Enable metrics on services. Default=true - # # addServicesLabels: false - # openTelemetry: - # ## Address of the OpenTelemetry Collector to send metrics to. - # address: "localhost:4318" - # ## Enable metrics on entry points. - # addEntryPointsLabels: true - # ## Enable metrics on routers. - # addRoutersLabels: true - # ## Enable metrics on services. - # addServicesLabels: true - # ## Explicit boundaries for Histogram data points. - # explicitBoundaries: - # - "0.1" - # - "0.3" - # - "1.2" - # - "5.0" - # ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. - # headers: - # foo: bar - # test: test - # ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. - # insecure: true - # ## Interval at which metrics are sent to the OpenTelemetry Collector. - # pushInterval: 10s - # ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport. - # path: /foo/v1/traces - # ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. - # tls: - # ## The path to the certificate authority, it defaults to the system bundle. - # ca: path/to/ca.crt - # ## The path to the public certificate. When using this option, setting the key option is required. - # cert: path/to/foo.cert - # ## The path to the private key. When using this option, setting the cert option is required. - # key: path/to/key.key - # ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. - # insecureSkipVerify: true - # ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. - # grpc: true - - ## - ## enable optional CRDs for Prometheus Operator - ## - ## Create a dedicated metrics service for use with ServiceMonitor - ## When hub.enabled is set to true, it's not needed: it will use hub service. - # service: - # enabled: false - # labels: {} - # annotations: {} - ## When set to true, it won't check if Prometheus Operator CRDs are deployed - # disableAPICheck: false - # serviceMonitor: - # metricRelabelings: [] - # - sourceLabels: [__name__] - # separator: ; - # regex: ^fluentd_output_status_buffer_(oldest|newest)_.+ - # replacement: $1 - # action: drop - # relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - # jobLabel: traefik - # interval: 30s - # honorLabels: true - # # (Optional) - # # scrapeTimeout: 5s - # # honorTimestamps: true - # # enableHttp2: true - # # followRedirects: true - # # additionalLabels: - # # foo: bar - # # namespace: "another-namespace" - # # namespaceSelector: {} - # prometheusRule: - # additionalLabels: {} - # namespace: "another-namespace" - # rules: - # - alert: TraefikDown - # expr: up{job="traefik"} == 0 - # for: 5m - # labels: - # context: traefik - # severity: warning - # annotations: - # summary: "Traefik Down" - # description: "{{ $labels.pod }} on {{ $labels.nodename }} is down" - - tracing: {} - # instana: - # localAgentHost: 127.0.0.1 - # localAgentPort: 42699 - # logLevel: info - # enableAutoProfile: true - # datadog: - # localAgentHostPort: 127.0.0.1:8126 - # debug: false - # globalTag: "" - # prioritySampling: false - # jaeger: - # samplingServerURL: http://localhost:5778/sampling - # samplingType: const - # samplingParam: 1.0 - # localAgentHostPort: 127.0.0.1:6831 - # gen128Bit: false - # propagation: jaeger - # traceContextHeaderName: uber-trace-id - # disableAttemptReconnecting: true - # collector: - # endpoint: "" - # user: "" - # password: "" - # zipkin: - # httpEndpoint: http://localhost:9411/api/v2/spans - # sameSpan: false - # id128Bit: true - # sampleRate: 1.0 - # haystack: - # localAgentHost: 127.0.0.1 - # localAgentPort: 35000 - # globalTag: "" - # traceIDHeaderName: "" - # parentIDHeaderName: "" - # spanIDHeaderName: "" - # baggagePrefixHeaderName: "" - # elastic: - # serverURL: http://localhost:8200 - # secretToken: "" - # serviceEnvironment: "" - - globalArguments: - - "--global.checknewversion=false" - - "--global.sendanonymoususage=false" - - # - # Configure Traefik static configuration - # Additional arguments to be passed at Traefik's binary - # All available options available on https://docs.traefik.io/reference/static-configuration/cli/ - ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` - additionalArguments: - - "--serversTransport.insecureSkipVerify=true" - - "--log.level=DEBUG" - - --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin - - --experimental.plugins.jwt.version=v0.7.0 - - - # Environment variables to be passed to Traefik's binary - env: [] - # - name: SOME_VAR - # value: some-var-value - # - name: SOME_VAR_FROM_CONFIG_MAP - # valueFrom: - # configMapRef: - # name: configmap-name - # key: config-key - # - name: SOME_SECRET - # valueFrom: - # secretKeyRef: - # name: secret-name - # key: secret-key - - envFrom: [] - # - configMapRef: - # name: config-map-name - # - secretRef: - # name: secret-name - - # Configure ports - ports: - # The name of this one can't be changed as it is used for the readiness and - # liveness probes, but you can adjust its config to your liking - traefik: - port: 9000 - # Use hostPort if set. - # hostPort: 9000 - # - # Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which - # means it's listening on all your interfaces and all your IPs. You may want - # to set this value if you need traefik to listen on specific interface - # only. - # hostIP: 192.168.100.10 - - # Override the liveness/readiness port. This is useful to integrate traefik - # with an external Load Balancer that performs healthchecks. - # Default: ports.traefik.port - # healthchecksPort: 9000 - - # Override the liveness/readiness scheme. Useful for getting ping to - # respond on websecure entryPoint. - # healthchecksScheme: HTTPS - - # Defines whether the port is exposed if service.type is LoadBalancer or - # NodePort. - # - # You SHOULD NOT expose the traefik port on production deployments. - # If you want to access it from outside of your cluster, - # use `kubectl port-forward` or create a secure ingress - expose: false - # The exposed port for this service - exposedPort: 9000 - # The port protocol (TCP/UDP) - protocol: TCP - web: - ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint. - # asDefault: true - port: 8000 - # hostPort: 8000 - expose: true - exposedPort: 80 - # The port protocol (TCP/UDP) - protocol: TCP - # Use nodeport if set. This is useful if you have configured Traefik in a - # LoadBalancer. - # nodePort: 32080 - # Port Redirections - # Added in 2.2, you can make permanent redirects via entrypoints. - # https://docs.traefik.io/routing/entrypoints/#redirection - redirectTo: websecure - # - # Trust forwarded headers information (X-Forwarded-*). - # forwardedHeaders: - # trustedIPs: [] - # insecure: false - # - # Enable the Proxy Protocol header parsing for the entry point - # proxyProtocol: - # trustedIPs: [] - # insecure: false - websecure: - ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint. - # asDefault: true - port: 8443 - # hostPort: 8443 - expose: true - exposedPort: 443 - ## The port protocol (TCP/UDP) - protocol: TCP - # nodePort: 32443 - # - ## Enable HTTP/3 on the entrypoint - ## Enabling it will also enable http3 experimental feature - ## https://doc.traefik.io/traefik/routing/entrypoints/#http3 - ## There are known limitations when trying to listen on same ports for - ## TCP & UDP (Http3). There is a workaround in this chart using dual Service. - ## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741 - http3: - enabled: false - # advertisedPort: 4443 - # - ## Trust forwarded headers information (X-Forwarded-*). - #forwardedHeaders: - # trustedIPs: [] - # insecure: false - # - ## Enable the Proxy Protocol header parsing for the entry point - #proxyProtocol: - # trustedIPs: [] - # insecure: false - # - ## Set TLS at the entrypoint - ## https://doc.traefik.io/traefik/routing/entrypoints/#tls - tls: - enabled: true - # this is the name of a TLSOption definition - options: "" - certResolver: "" - domains: [] - # - main: example.com - # sans: - # - foo.example.com - # - bar.example.com - # - # One can apply Middlewares on an entrypoint - # https://doc.traefik.io/traefik/middlewares/overview/ - # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares - # /!\ It introduces here a link between your static configuration and your dynamic configuration /!\ - # It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace - # middlewares: - # - namespace-name1@kubernetescrd - # - namespace-name2@kubernetescrd - middlewares: [] - metrics: - # When using hostNetwork, use another port to avoid conflict with node exporter: - # https://github.com/prometheus/prometheus/wiki/Default-port-allocations - port: 9100 - # hostPort: 9100 - # Defines whether the port is exposed if service.type is LoadBalancer or - # NodePort. - # - # You may not want to expose the metrics port on production deployments. - # If you want to access it from outside of your cluster, - # use `kubectl port-forward` or create a secure ingress - expose: false - # The exposed port for this service - exposedPort: 9100 - # The port protocol (TCP/UDP) - protocol: TCP - - # TLS Options are created as TLSOption CRDs - # https://doc.traefik.io/traefik/https/tls/#tls-options - # When using `labelSelector`, you'll need to set labels on tlsOption accordingly. - # Example: - # tlsOptions: - # default: - # labels: {} - # sniStrict: true - # preferServerCipherSuites: true - # customOptions: - # labels: {} - # curvePreferences: - # - CurveP521 - # - CurveP384 - tlsOptions: {} - - # TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate - # https://doc.traefik.io/traefik/https/tls/#default-certificate - # Example: - # tlsStore: - # default: - # defaultCertificate: - # secretName: tls-cert - tlsStore: {} - - # Options for the main traefik service, where the entrypoints traffic comes - # from. - service: - enabled: true - ## Single service is using `MixedProtocolLBService` feature gate. - ## When set to false, it will create two Service, one for TCP and one for UDP. - single: true - type: LoadBalancer - # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) - annotations: {} - # Additional annotations for TCP service only - annotationsTCP: {} - # Additional annotations for UDP service only - annotationsUDP: {} - # Additional service labels (e.g. for filtering Service by custom labels) - labels: {} - # Additional entries here will be added to the service spec. - # Cannot contain type, selector or ports entries. - spec: - externalTrafficPolicy: Local - # loadBalancerIP: "1.2.3.4" - # clusterIP: "2.3.4.5" - loadBalancerSourceRanges: [] - # - 192.168.0.1/32 - # - 172.16.0.0/16 - externalIPs: [] - # - 1.2.3.4 - ## One of SingleStack, PreferDualStack, or RequireDualStack. - # ipFamilyPolicy: SingleStack - ## List of IP families (e.g. IPv4 and/or IPv6). - ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - # ipFamilies: - # - IPv4 - # - IPv6 - ## - ## An additionnal and optional internal Service. - ## Same parameters as external Service - # internal: - # type: ClusterIP - # # labels: {} - # # annotations: {} - # # spec: {} - # # loadBalancerSourceRanges: [] - # # externalIPs: [] - # # ipFamilies: [ "IPv4","IPv6" ] - - ## Create HorizontalPodAutoscaler object. - ## - autoscaling: - enabled: true - minReplicas: 3 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 80 - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 80 - behavior: - scaleDown: - stabilizationWindowSeconds: 300 - policies: - - type: Pods - value: 1 - periodSeconds: 60 - - # Enable persistence using Persistent Volume Claims - # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - # It can be used to store TLS certificates, see `storage` in certResolvers - persistence: - enabled: false - name: data - # existingClaim: "" - accessMode: ReadWriteOnce - size: 128Mi - # storageClass: "" - # volumeName: "" - path: /data - annotations: {} - # subPath: "" # only mount a subpath of the Volume into the pod - - certResolvers: {} - # letsencrypt: - # # for challenge options cf. https://doc.traefik.io/traefik/https/acme/ - # email: email@example.com - # dnsChallenge: - # # also add the provider's required configuration under env - # # or expand then from secrets/configmaps with envfrom - # # cf. https://doc.traefik.io/traefik/https/acme/#providers - # provider: digitalocean - # # add futher options for the dns challenge as needed - # # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge - # delayBeforeCheck: 30 - # resolvers: - # - 1.1.1.1 - # - 8.8.8.8 - # tlsChallenge: true - # httpChallenge: - # entryPoint: "web" - # # It has to match the path with a persistent volume - # storage: /data/acme.json - - # If hostNetwork is true, runs traefik in the host network namespace - # To prevent unschedulabel pods due to port collisions, if hostNetwork=true - # and replicas>1, a pod anti-affinity is recommended and will be set if the - # affinity is left as default. - hostNetwork: false - - # Whether Role Based Access Control objects like roles and rolebindings should be created - rbac: - enabled: true - # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces. - # If set to true, installs Role and RoleBinding. Providers will only watch target namespace. - namespaced: false - # Enable user-facing roles - # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - # aggregateTo: [ "admin" ] - - # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding - podSecurityPolicy: - enabled: false - - # The service account the pods will use to interact with the Kubernetes API - serviceAccount: - # If set, an existing service account is used - # If not set, a service account is created automatically using the fullname template - name: "" - - # Additional serviceAccount annotations (e.g. for oidc authentication) - serviceAccountAnnotations: {} - - resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "300m" - memory: "256Mi" - - # This example pod anti-affinity forces the scheduler to put traefik pods - # on nodes where no other traefik pods are scheduled. - # It should be used when hostNetwork: true to prevent port conflicts - affinity: {} - # podAntiAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # - labelSelector: - # matchLabels: - # app.kubernetes.io/name: '{{ template "traefik.name" . }}' - # app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}' - # topologyKey: kubernetes.io/hostname - - nodeSelector: {} - tolerations: [] - topologySpreadConstraints: [] - # # This example topologySpreadConstraints forces the scheduler to put traefik pods - # # on nodes where no other traefik pods are scheduled. - # - labelSelector: - # matchLabels: - # app: '{{ template "traefik.name" . }}' - # maxSkew: 1 - # topologyKey: kubernetes.io/hostname - # whenUnsatisfiable: DoNotSchedule - - # Pods can have priority. - # Priority indicates the importance of a Pod relative to other Pods. - priorityClassName: "" - - # Set the container security context - # To run the container with ports below 1024 this will need to be adjust to run as root - securityContext: - capabilities: - drop: [ALL] - readOnlyRootFilesystem: true - - podSecurityContext: - # # /!\ When setting fsGroup, Kubernetes will recursively changes ownership and - # # permissions for the contents of each volume to match the fsGroup. This can - # # be an issue when storing sensitive content like TLS Certificates /!\ - # fsGroup: 65532 - fsGroupChangePolicy: "OnRootMismatch" - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 - - # - # Extra objects to deploy (value evaluated as a template) - # - # In some cases, it can avoid the need for additional, extended or adhoc deployments. - # See #595 for more details and traefik/tests/values/extra.yaml for example. - extraObjects: [] - - # This will override the default Release Namespace for Helm. - # It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules` - # namespaceOverride: traefik - # - ## This will override the default app.kubernetes.io/instance label for all Objects. - # instanceLabelOverride: traefik diff --git a/uptimekuma/Chart.yaml b/uptimekuma/Chart.yaml deleted file mode 100644 index 0dcf730..0000000 --- a/uptimekuma/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: uptimekuma -description: A Helm chart for Kubernetes -type: application - -version: 0.1.0 -appVersion: "1.16.0" diff --git a/uptimekuma/templates/deployment.yaml b/uptimekuma/templates/deployment.yaml deleted file mode 100644 index 21ce3c0..0000000 --- a/uptimekuma/templates/deployment.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - component: uptime-kuma - name: deployment -spec: - selector: - matchLabels: - component: uptime-kuma - replicas: 1 - strategy: - type: Recreate - - template: - metadata: - labels: - component: uptime-kuma - spec: - containers: - - name: app - image: registry.internal.durp.info/louislam/uptime-kuma:1 - ports: - - containerPort: 3001 - volumeMounts: - - mountPath: /app/data - name: storage - #livenessProbe: - #exec: - #command: - #- node - #- extra/healthcheck.js - readinessProbe: - httpGet: - path: / - port: 3001 - scheme: HTTP - - volumes: - - name: storage - persistentVolumeClaim: - claimName: uptimekuma-pvc diff --git a/uptimekuma/templates/ingress.yaml b/uptimekuma/templates/ingress.yaml deleted file mode 100644 index 3df2689..0000000 --- a/uptimekuma/templates/ingress.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: kuma-ingress -spec: - entryPoints: - - websecure - routes: - - match: Host(`kuma.durp.info`) && PathPrefix(`/`) - middlewares: - - name: authentik-proxy-provider - namespace: traefik - kind: Rule - services: - - name: service - port: 3001 - tls: - secretName: kuma-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: kuma-tls -spec: - secretName: kuma-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "kuma.durp.info" - dnsNames: - - "kuma.durp.info" - ---- - -kind: Service -apiVersion: v1 -metadata: - name: heimdall-external-dns - annotations: - external-dns.alpha.kubernetes.io/hostname: kuma.durp.info -spec: - type: ExternalName - externalName: durp.info diff --git a/uptimekuma/templates/kuma-pv.yaml b/uptimekuma/templates/kuma-pv.yaml deleted file mode 100644 index e17e5a7..0000000 --- a/uptimekuma/templates/kuma-pv.yaml +++ /dev/null @@ -1,25 +0,0 @@ -#apiVersion: v1 -#kind: PersistentVolume -#metadata: -# annotations: -# pv.kubernetes.io/provisioned-by: durp.info/nfs -# finalizers: -# - kubernetes.io/pv-protection -# name: uptimekuma-pv -#spec: -# accessModes: -# - ReadWriteMany -# capacity: -# storage: 10Gi -# claimRef: -# apiVersion: v1 -# kind: PersistentVolumeClaim -# name: uptimekuma-pvc -# namespace: uptimekuma -# nfs: -# path: /mnt/user/k3s/uptimekuma -# server: 192.168.20.253 -# persistentVolumeReclaimPolicy: Retain -# storageClassName: nfs-storage -# volumeMode: Filesystem -# \ No newline at end of file diff --git a/uptimekuma/templates/kuma-pvc.yaml b/uptimekuma/templates/kuma-pvc.yaml deleted file mode 100644 index ab76bf0..0000000 --- a/uptimekuma/templates/kuma-pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: uptimekuma-pvc - namespace: uptimekuma -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 10Gi - storageClassName: longhorn \ No newline at end of file diff --git a/uptimekuma/templates/service.yaml b/uptimekuma/templates/service.yaml deleted file mode 100644 index cad08e7..0000000 --- a/uptimekuma/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: service -spec: - selector: - component: uptime-kuma - type: ClusterIP - ports: - - name: http - port: 3001 - targetPort: 3001 - protocol: TCP \ No newline at end of file diff --git a/vault/Chart.yaml b/vault/Chart.yaml deleted file mode 100644 index 1ad2d4a..0000000 --- a/vault/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -name: vault -description: A Helm chart for Kubernetes -type: application -version: 0.0.1 -appVersion: 0.0.1 - -dependencies: -- name: vault - repository: https://helm.releases.hashicorp.com - version: 0.28.1 - diff --git a/vault/templates/ingress.yaml b/vault/templates/ingress.yaml deleted file mode 100644 index 8998087..0000000 --- a/vault/templates/ingress.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: vault-ingress - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production -spec: - entryPoints: - - websecure - routes: - - match: Host(`vault.internal.durp.info`) - middlewares: - - name: whitelist - namespace: traefik - kind: Rule - services: - - name: vault - port: 8200 - scheme: http - tls: - secretName: vault-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: vault-tls -spec: - secretName: vault-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "vault.internal.durp.info" - dnsNames: - - "vault.internal.durp.info" - diff --git a/vault/templates/secret-store.yaml b/vault/templates/secret-store.yaml deleted file mode 100644 index e7cca3a..0000000 --- a/vault/templates/secret-store.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ClusterSecretStore -metadata: - name: vault -spec: - provider: - vault: - server: "http://vault.vault.svc.cluster.local:8200" - path: "secrets" - version: "v2" - auth: - kubernetes: - mountPath: "kubernetes" - role: "external-secrets" diff --git a/vault/values.yaml b/vault/values.yaml deleted file mode 100644 index b7c6d88..0000000 --- a/vault/values.yaml +++ /dev/null @@ -1,65 +0,0 @@ -vault: - - global: - - image: - repository: "registry.internal.durp.info/hashicorp/vault-k8s" - tag: "1.4.2" - pullPolicy: Always - - agentImage: - repository: "registry.internal.durp.info/hashicorp/vault" - tag: "1.17.6" - - injector: - enabled: "-" - - replicas: 3 - leaderElector: - enabled: true - - metrics: - enabled: true - - image: - repository: "registry.internal.durp.info/hashicorp/vault-k8s" - tag: "1.4.2" - pullPolicy: Always - - agentImage: - repository: "registry.internal.durp.info/hashicorp/vault" - tag: "1.17.6" - - server: - enabled: "-" - image: - repository: "registry.internal.durp.info/hashicorp/vault" - tag: "1.17.6" - pullPolicy: Always - ha: - enabled: false - replicas: 3 - resources: - requests: - memory: 256Mi - cpu: 250m - limits: - memory: 256Mi - cpu: 250m - - dataStorage: - enabled: true - size: 10Gi - storageClass: longhorn - accessMode: ReadWriteOnce - auditStorage: - enabled: false - size: 10Gi - mountPath: "/vault/audit" - storageClass: longhorn - accessMode: ReadWriteOnce - ui: - enabled: false - externalPort: 8200 - targetPort: 8200 -