DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DeveloperDurp:dmz
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd
...
compare: DeveloperDurp:97d73b36c4950c989a12b19b415aff62025592f1
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd

94 Commits
dmz ... 97d73b36c4

Author SHA1 Message Date
DeveloperDurp
97d73b36c4 Update chart version 2024-09-29 08:56:15 -05:00
DeveloperDurp
679742ab45 Update chart version 2024-09-29 08:55:44 -05:00
DeveloperDurp
9b1680cfc8 Update chart version 2024-09-29 08:54:11 -05:00
DeveloperDurp
dd3ca7c9a4 Update chart version 2024-09-29 08:51:08 -05:00
DeveloperDurp
4a67df78b3 Update chart version 2024-09-29 08:45:48 -05:00
DeveloperDurp
dde4eac238 Update chart version 2024-09-29 08:43:25 -05:00
DeveloperDurp
f9987ac705 Update chart version 2024-09-29 08:43:01 -05:00
DeveloperDurp
6705352a10 Update chart version 2024-09-29 08:41:06 -05:00
DeveloperDurp
599e86e1a9 Update chart version 2024-09-29 08:37:42 -05:00
DeveloperDurp
4826c5beb6 Update chart version 2024-09-29 08:33:29 -05:00
DeveloperDurp
1284e2ec60 Update chart version 2024-09-29 08:28:14 -05:00
DeveloperDurp
7f6e182084 Update chart version 2024-09-29 07:50:40 -05:00
DeveloperDurp
a565952e0c Update chart version 2024-09-29 07:48:50 -05:00
DeveloperDurp
f64bdfbedd Update chart version 2024-09-29 07:39:11 -05:00
DeveloperDurp
e6a8aa74b4 Update chart version 2024-09-29 07:34:52 -05:00
DeveloperDurp
b1c45f939b Update chart version 2024-09-29 07:29:39 -05:00
DeveloperDurp
3bfec1450f Update chart version 2024-09-29 07:23:46 -05:00
DeveloperDurp
d5224c0c7f Update chart version 2024-09-29 07:20:05 -05:00
DeveloperDurp
4e37bfb8dc Update chart version 2024-09-29 07:13:09 -05:00
DeveloperDurp
45ae3523b9 Update chart version 2024-09-29 06:43:58 -05:00
DeveloperDurp
1151680f65 Update chart version 2024-09-29 06:42:16 -05:00
DeveloperDurp
1aefb8163b Update chart version 2024-09-29 06:39:44 -05:00
DeveloperDurp
e935822058 Update chart version 2024-09-29 06:35:39 -05:00
DeveloperDurp
49b23b1788 Update chart version 2024-09-29 06:22:50 -05:00
DeveloperDurp
bd2def6d46 Update chart version 2024-09-29 06:18:47 -05:00
DeveloperDurp
10fcd43274 Update chart version 2024-09-13 06:23:48 -05:00
DeveloperDurp
126c6e6f45 Update chart version 2024-09-13 06:20:00 -05:00
DeveloperDurp
10ce90a460 Update chart version 2024-09-13 06:17:56 -05:00
DeveloperDurp
c3cd2c0b8b Update chart version 2024-09-13 06:14:44 -05:00
DeveloperDurp
8b74b2efb6 Update chart version 2024-09-13 06:10:15 -05:00
DeveloperDurp
eecf949f86 Update worker count 2024-09-10 04:48:15 -05:00
DeveloperDurp
2b951b2814 update authentik version 2024-09-10 04:43:57 -05:00
DeveloperDurp
a1293abaf6 update 2024-08-31 07:40:14 -05:00
DeveloperDurp
5781c6ddda update 2024-08-31 07:23:47 -05:00
DeveloperDurp
42fc48bb27 update 2024-08-31 07:22:25 -05:00
DeveloperDurp
0f908a1460 update 2024-08-31 07:19:33 -05:00
DeveloperDurp
1febc6915e update 2024-08-31 07:14:08 -05:00
DeveloperDurp
a99e0649dd update 2024-08-31 07:11:20 -05:00
DeveloperDurp
d28f17120b upupdate 2024-08-30 05:08:33 -05:00
DeveloperDurp
44d099ad9e update 2024-08-30 05:04:57 -05:00
DeveloperDurp
5c866c2eb7 update 2024-08-30 05:04:25 -05:00
DeveloperDurp
216cece298 update 2024-08-30 05:03:40 -05:00
DeveloperDurp
f16da3d3a8 update resources 2024-08-30 04:58:02 -05:00
DeveloperDurp
f12b7aa532 update resource 2024-08-30 04:56:01 -05:00
DeveloperDurp
8ec254f59c enable autoscaller 2024-08-30 04:52:29 -05:00
DeveloperDurp
33fd621ec8 add resource limits 2024-08-30 04:51:35 -05:00
DeveloperDurp
89b8364fe5 add resource limits 2024-08-30 04:49:03 -05:00
DeveloperDurp
52038a7585 update 2024-08-29 05:04:25 -05:00
DeveloperDurp
885ab5e3d7 update 2024-08-29 05:02:08 -05:00
DeveloperDurp
7843ae7c29 update 2024-08-29 04:57:40 -05:00
DeveloperDurp
e2d1e01708 update 2024-08-29 04:55:28 -05:00
DeveloperDurp
e8cafed885 update 2024-08-29 04:50:55 -05:00
DeveloperDurp
62b7efad89 update 2024-08-27 04:58:07 -05:00
DeveloperDurp
47ddf2fd28 update 2024-08-25 06:32:15 -05:00
DeveloperDurp
31b689d5fe update 2024-08-25 06:28:15 -05:00
DeveloperDurp
5ef03e6dbe update 2024-08-25 06:27:05 -05:00
DeveloperDurp
38bb3538a3 update 2024-08-25 06:22:33 -05:00
DeveloperDurp
8c77e53669 update 2024-08-25 06:20:12 -05:00
DeveloperDurp
44aac27362 update 2024-08-25 06:19:34 -05:00
DeveloperDurp
0f4048072d update 2024-08-25 06:11:13 -05:00
DeveloperDurp
b6f0c41d5d update 2024-08-25 06:09:41 -05:00
DeveloperDurp
3259cd6f37 update 2024-08-25 06:07:19 -05:00
DeveloperDurp
418162a9e0 update 2024-08-25 05:43:48 -05:00
DeveloperDurp
de022ea46b update 2024-08-25 05:33:43 -05:00
DeveloperDurp
a50214eafc update 2024-08-25 05:32:20 -05:00
DeveloperDurp
be2ee6274a update 2024-08-25 05:12:54 -05:00
DeveloperDurp
1fbe3dbc95 update 2024-08-25 05:08:59 -05:00
DeveloperDurp
f8a13c4bff update 2024-08-25 05:05:59 -05:00
DeveloperDurp
c9d77c5eec update 2024-08-25 05:03:23 -05:00
DeveloperDurp
3457eba0a2 update 2024-08-25 04:52:22 -05:00
DeveloperDurp
738d19edfa update 2024-08-25 04:40:58 -05:00
DeveloperDurp
23d397e5d4 update 2024-08-25 04:35:16 -05:00
DeveloperDurp
10bfb6fd54 update 2024-08-25 04:34:31 -05:00
DeveloperDurp
0ff6377bd6 update 2024-08-24 21:30:35 -05:00
DeveloperDurp
8d92151ad3 update 2024-08-24 21:29:00 -05:00
DeveloperDurp
3f74860c28 update 2024-08-24 21:28:14 -05:00
DeveloperDurp
f12af0f92f update 2024-08-24 21:28:03 -05:00
DeveloperDurp
86a5af321d update 2024-08-24 21:25:12 -05:00
DeveloperDurp
4a1e4f980d update 2024-08-24 21:23:10 -05:00
DeveloperDurp
bf6c021d8b update 2024-08-24 21:09:10 -05:00
DeveloperDurp
0abc90d9cd update 2024-08-24 21:08:06 -05:00
DeveloperDurp
e2cabee7dd update 2024-08-24 20:57:18 -05:00
DeveloperDurp
1f2fd56d89 update 2024-08-24 20:56:13 -05:00
DeveloperDurp
785a256258 update 2024-08-24 20:47:17 -05:00
DeveloperDurp
26c3a919c6 update 2024-08-24 20:33:10 -05:00
DeveloperDurp
280298cc0a update 2024-08-24 20:31:37 -05:00
DeveloperDurp
f5b4c58367 update 2024-08-24 20:30:21 -05:00
DeveloperDurp
0a3f3d99d7 update 2024-08-24 20:29:32 -05:00
DeveloperDurp
21405024f7 add pfsense 2024-08-24 20:23:35 -05:00
DeveloperDurp
61110282d5 update 2024-08-11 07:57:18 -05:00
DeveloperDurp
5765f9b5d7 revert 2024-08-11 07:50:53 -05:00
DeveloperDurp
f70c55dcf2 update 2024-08-11 07:48:13 -05:00
DeveloperDurp
b2212a6608 move to nfs 2024-08-11 07:47:05 -05:00
DeveloperDurp
5e5a7b3803 update 2024-08-11 07:40:16 -05:00
42 changed files with 1408 additions and 451 deletions
Expand all files Collapse all files

2
argocd/Chart.yaml
View File

@@ -9,6 +9,6 @@ appVersion: "1.16.0"
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 6.7.11
version: 6.11.1

39
argocd/templates/argocd.yaml
View File

@@ -18,3 +18,42 @@ spec:
selfHeal: true
syncOptions:
- CreateNamespace=true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: argocd-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.internal.durp.info`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: argocd-server
port: 443
scheme: https
tls:
secretName: argocd-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: argocd-tls
spec:
secretName: argocd-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "argocd.internal.durp.info"
dnsNames:
- "argocd.internal.durp.info"

2
authentik/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies:
- name: authentik
repository: https://charts.goauthentik.io
version: 2024.4.1
version: 2024.8.3

2
authentik/values.yaml
View File

@@ -26,6 +26,8 @@ authentik:
server:
name: server
replicas: 3
worker:
replicas: 3
postgresql:
enabled: true
image:

2
bitwarden/templates/deployment.yaml
View File

@@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: bitwarden
image: registry.internal.durp.info/vaultwarden/server:1.30.3
image: registry.internal.durp.info/vaultwarden/server:1.32.0
imagePullPolicy: Always
volumeMounts:
- name: bitwarden-pvc

2
cert-manager/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: 1.*.*
version: v1.15.3

2
crossplane/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies:
- name: crossplane
repository: https://charts.crossplane.io/stable
version: 1.12.0
version: 1.17.1

12
durpapi/Chart.yaml
View File

@@ -1,11 +1,13 @@
type: application
appVersion: 0.1.0
description: A Helm chart for Kubernetes
apiVersion: v2
name: durpapi
description: A Helm chart for Kubernetes
type: application
version: 0.1.0-dev0184
appVersion: 0.1.0
dependencies:
- condition: postgresql.enabled
version: 12.5.*
repository: https://charts.bitnami.com/bitnami
name: postgresql
apiVersion: v2
version: test

6
durpapi/values.yaml
View File

@@ -10,15 +10,15 @@ deployment:
probe:
readiness:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
liveness:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
startup:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
service:
type: ClusterIP

2
external-dns/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: 0.0.1
dependencies:
- name: external-dns
repository: https://charts.bitnami.com/bitnami
version: 6.20.3
version: 8.3.8

2
external-secrets/Chart.yaml
View File

@@ -8,5 +8,5 @@ appVersion: 0.0.1
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 0.8.1
version: 0.10.4

2
gatekeeper/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies:
- name: gatekeeper
repository: https://open-policy-agent.github.io/gatekeeper/charts
version: 3.14.0
version: 3.17.1

555
gatekeeper/values.yaml
View File

@@ -1,277 +1,278 @@
gatekeeper:
replicas: 3
revisionHistoryLimit: 10
auditInterval: 60
metricsBackends: ["prometheus"]
auditMatchKindOnly: false
constraintViolationsLimit: 20
auditFromCache: false
disableMutation: false
disableValidatingWebhook: false
validatingWebhookName: gatekeeper-validating-webhook-configuration
validatingWebhookTimeoutSeconds: 3
validatingWebhookFailurePolicy: Ignore
validatingWebhookAnnotations: {}
validatingWebhookExemptNamespacesLabels: {}
validatingWebhookObjectSelector: {}
validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {}
validatingWebhookURL: null
enableDeleteOperations: false
enableExternalData: true
enableGeneratorResourceExpansion: true
enableTLSHealthcheck: false
maxServingThreads: -1
mutatingWebhookName: gatekeeper-mutating-webhook-configuration
mutatingWebhookFailurePolicy: Ignore
mutatingWebhookReinvocationPolicy: Never
mutatingWebhookAnnotations: {}
mutatingWebhookExemptNamespacesLabels: {}
mutatingWebhookObjectSelector: {}
mutatingWebhookTimeoutSeconds: 1
mutatingWebhookCustomRules: {}
mutatingWebhookURL: null
mutationAnnotations: false
auditChunkSize: 500
logLevel: INFO
logDenies: false
logMutations: false
emitAdmissionEvents: false
emitAuditEvents: false
admissionEventsInvolvedNamespace: false
auditEventsInvolvedNamespace: false
resourceQuota: true
externaldataProviderResponseCacheTTL: 3m
image:
repository: openpolicyagent/gatekeeper
crdRepository: openpolicyagent/gatekeeper-crds
release: v3.15.0-beta.0
pullPolicy: Always
pullSecrets: []
preInstall:
crdRepository:
image:
repository: null
tag: v3.15.0-beta.0
postUpgrade:
labelNamespace:
enabled: false
image:
repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0
pullPolicy: IfNotPresent
pullSecrets: []
extraNamespaces: []
podSecurity: ["pod-security.kubernetes.io/audit=restricted",
"pod-security.kubernetes.io/audit-version=latest",
"pod-security.kubernetes.io/warn=restricted",
"pod-security.kubernetes.io/warn-version=latest",
"pod-security.kubernetes.io/enforce=restricted",
"pod-security.kubernetes.io/enforce-version=v1.24"]
extraAnnotations: {}
priorityClassName: ""
affinity: {}
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 999
runAsNonRoot: true
runAsUser: 1000
postInstall:
labelNamespace:
enabled: true
extraRules: []
image:
repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0
pullPolicy: IfNotPresent
pullSecrets: []
extraNamespaces: []
podSecurity: ["pod-security.kubernetes.io/audit=restricted",
"pod-security.kubernetes.io/audit-version=latest",
"pod-security.kubernetes.io/warn=restricted",
"pod-security.kubernetes.io/warn-version=latest",
"pod-security.kubernetes.io/enforce=restricted",
"pod-security.kubernetes.io/enforce-version=v1.24"]
extraAnnotations: {}
priorityClassName: ""
probeWebhook:
enabled: true
image:
repository: curlimages/curl
tag: 7.83.1
pullPolicy: IfNotPresent
pullSecrets: []
waitTimeout: 60
httpTimeout: 2
insecureHTTPS: false
priorityClassName: ""
affinity: {}
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 999
runAsNonRoot: true
runAsUser: 1000
preUninstall:
deleteWebhookConfigurations:
extraRules: []
enabled: false
image:
repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0
pullPolicy: IfNotPresent
pullSecrets: []
priorityClassName: ""
affinity: {}
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 999
runAsNonRoot: true
runAsUser: 1000
podAnnotations: {}
auditPodAnnotations: {}
podLabels: {}
podCountLimit: "100"
secretAnnotations: {}
enableRuntimeDefaultSeccompProfile: true
controllerManager:
exemptNamespaces: []
exemptNamespacePrefixes: []
hostNetwork: false
dnsPolicy: ClusterFirst
port: 8443
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
tlsMinVersion: 1.3
clientCertName: ""
strategyType: RollingUpdate
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: gatekeeper.sh/operation
operator: In
values:
- webhook
topologyKey: kubernetes.io/hostname
weight: 100
topologySpreadConstraints: []
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
resources:
limits:
memory: 512Mi
requests:
cpu: 100m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 999
runAsNonRoot: true
runAsUser: 1000
podSecurityContext:
fsGroup: 999
supplementalGroups:
- 999
extraRules: []
networkPolicy:
enabled: false
ingress: { }
# - from:
# - ipBlock:
# cidr: 0.0.0.0/0
audit:
enablePubsub: false
connection: audit-connection
channel: audit-channel
hostNetwork: false
dnsPolicy: ClusterFirst
metricsPort: 8888
healthPort: 9090
readinessTimeout: 1
livenessTimeout: 1
priorityClassName: system-cluster-critical
disableCertRotation: false
affinity: {}
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
resources:
limits:
memory: 512Mi
requests:
cpu: 100m
memory: 512Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 999
runAsNonRoot: true
runAsUser: 1000
podSecurityContext:
fsGroup: 999
supplementalGroups:
- 999
writeToRAMDisk: false
extraRules: []
crds:
affinity: {}
tolerations: []
nodeSelector: {kubernetes.io/os: linux}
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
pdb:
controllerManager:
minAvailable: 1
service: {}
disabledBuiltins: ["{http.send}"]
psp:
enabled: true
upgradeCRDs:
enabled: true
extraRules: []
priorityClassName: ""
rbac:
create: true
externalCertInjection:
enabled: false
secretName: gatekeeper-webhook-server-cert
#gatekeeper:
# replicas: 3
# revisionHistoryLimit: 10
# auditInterval: 60
# metricsBackends: ["prometheus"]
# auditMatchKindOnly: false
# constraintViolationsLimit: 20
# auditFromCache: false
# disableMutation: false
# disableValidatingWebhook: false
# validatingWebhookName: gatekeeper-validating-webhook-configuration
# validatingWebhookTimeoutSeconds: 3
# validatingWebhookFailurePolicy: Ignore
# validatingWebhookAnnotations: {}
# validatingWebhookExemptNamespacesLabels: {}
# validatingWebhookObjectSelector: {}
# validatingWebhookCheckIgnoreFailurePolicy: Fail
# validatingWebhookCustomRules: {}
# validatingWebhookURL: null
# enableDeleteOperations: false
# enableExternalData: true
# enableGeneratorResourceExpansion: true
# enableTLSHealthcheck: false
# maxServingThreads: -1
# mutatingWebhookName: gatekeeper-mutating-webhook-configuration
# mutatingWebhookFailurePolicy: Ignore
# mutatingWebhookReinvocationPolicy: Never
# mutatingWebhookAnnotations: {}
# mutatingWebhookExemptNamespacesLabels: {}
# mutatingWebhookObjectSelector: {}
# mutatingWebhookTimeoutSeconds: 1
# mutatingWebhookCustomRules: {}
# mutatingWebhookURL: null
# mutationAnnotations: false
# auditChunkSize: 500
# logLevel: INFO
# logDenies: false
# logMutations: false
# emitAdmissionEvents: false
# emitAuditEvents: false
# admissionEventsInvolvedNamespace: false
# auditEventsInvolvedNamespace: false
# resourceQuota: true
# externaldataProviderResponseCacheTTL: 3m
# image:
# repository: openpolicyagent/gatekeeper
# crdRepository: openpolicyagent/gatekeeper-crds
# release: v3.15.0-beta.0
# pullPolicy: Always
# pullSecrets: []
# preInstall:
# crdRepository:
# image:
# repository: null
# tag: v3.15.0-beta.0
# postUpgrade:
# labelNamespace:
# enabled: false
# image:
# repository: openpolicyagent/gatekeeper-crds
# tag: v3.15.0-beta.0
# pullPolicy: IfNotPresent
# pullSecrets: []
# extraNamespaces: []
# podSecurity: ["pod-security.kubernetes.io/audit=restricted",
# "pod-security.kubernetes.io/audit-version=latest",
# "pod-security.kubernetes.io/warn=restricted",
# "pod-security.kubernetes.io/warn-version=latest",
# "pod-security.kubernetes.io/enforce=restricted",
# "pod-security.kubernetes.io/enforce-version=v1.24"]
# extraAnnotations: {}
# priorityClassName: ""
# affinity: {}
# tolerations: []
# nodeSelector: {kubernetes.io/os: linux}
# resources: {}
# securityContext:
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsGroup: 999
# runAsNonRoot: true
# runAsUser: 1000
# postInstall:
# labelNamespace:
# enabled: true
# extraRules: []
# image:
# repository: openpolicyagent/gatekeeper-crds
# tag: v3.15.0-beta.0
# pullPolicy: IfNotPresent
# pullSecrets: []
# extraNamespaces: []
# podSecurity: ["pod-security.kubernetes.io/audit=restricted",
# "pod-security.kubernetes.io/audit-version=latest",
# "pod-security.kubernetes.io/warn=restricted",
# "pod-security.kubernetes.io/warn-version=latest",
# "pod-security.kubernetes.io/enforce=restricted",
# "pod-security.kubernetes.io/enforce-version=v1.24"]
# extraAnnotations: {}
# priorityClassName: ""
# probeWebhook:
# enabled: true
# image:
# repository: curlimages/curl
# tag: 7.83.1
# pullPolicy: IfNotPresent
# pullSecrets: []
# waitTimeout: 60
# httpTimeout: 2
# insecureHTTPS: false
# priorityClassName: ""
# affinity: {}
# tolerations: []
# nodeSelector: {kubernetes.io/os: linux}
# securityContext:
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsGroup: 999
# runAsNonRoot: true
# runAsUser: 1000
# preUninstall:
# deleteWebhookConfigurations:
# extraRules: []
# enabled: false
# image:
# repository: openpolicyagent/gatekeeper-crds
# tag: v3.15.0-beta.0
# pullPolicy: IfNotPresent
# pullSecrets: []
# priorityClassName: ""
# affinity: {}
# tolerations: []
# nodeSelector: {kubernetes.io/os: linux}
# resources: {}
# securityContext:
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsGroup: 999
# runAsNonRoot: true
# runAsUser: 1000
# podAnnotations: {}
# auditPodAnnotations: {}
# podLabels: {}
# podCountLimit: "100"
# secretAnnotations: {}
# enableRuntimeDefaultSeccompProfile: true
# controllerManager:
# exemptNamespaces: []
# exemptNamespacePrefixes: []
# hostNetwork: false
# dnsPolicy: ClusterFirst
# port: 8443
# metricsPort: 8888
# healthPort: 9090
# readinessTimeout: 1
# livenessTimeout: 1
# priorityClassName: system-cluster-critical
# disableCertRotation: false
# tlsMinVersion: 1.3
# clientCertName: ""
# strategyType: RollingUpdate
# affinity:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: gatekeeper.sh/operation
# operator: In
# values:
# - webhook
# topologyKey: kubernetes.io/hostname
# weight: 100
# topologySpreadConstraints: []
# tolerations: []
# nodeSelector: {kubernetes.io/os: linux}
# resources:
# limits:
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
# securityContext:
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsGroup: 999
# runAsNonRoot: true
# runAsUser: 1000
# podSecurityContext:
# fsGroup: 999
# supplementalGroups:
# - 999
# extraRules: []
# networkPolicy:
# enabled: false
# ingress: { }
# # - from:
# # - ipBlock:
# # cidr: 0.0.0.0/0
# audit:
# enablePubsub: false
# connection: audit-connection
# channel: audit-channel
# hostNetwork: false
# dnsPolicy: ClusterFirst
# metricsPort: 8888
# healthPort: 9090
# readinessTimeout: 1
# livenessTimeout: 1
# priorityClassName: system-cluster-critical
# disableCertRotation: false
# affinity: {}
# tolerations: []
# nodeSelector: {kubernetes.io/os: linux}
# resources:
# limits:
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi
# securityContext:
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsGroup: 999
# runAsNonRoot: true
# runAsUser: 1000
# podSecurityContext:
# fsGroup: 999
# supplementalGroups:
# - 999
# writeToRAMDisk: false
# extraRules: []
# crds:
# affinity: {}
# tolerations: []
# nodeSelector: {kubernetes.io/os: linux}
# resources: {}
# securityContext:
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsGroup: 65532
# runAsNonRoot: true
# runAsUser: 65532
# pdb:
# controllerManager:
# minAvailable: 1
# service: {}
# disabledBuiltins: ["{http.send}"]
# psp:
# enabled: true
# upgradeCRDs:
# enabled: true
# extraRules: []
# priorityClassName: ""
# rbac:
# create: true
# externalCertInjection:
# enabled: false
# secretName: gatekeeper-webhook-server-cert
#

2
gitlab-runner/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies:
- name: gitlab-runner
repository: https://charts.gitlab.io/
version: 0.43.0
version: 0.69.0

2
heimdall/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies:
- name: heimdall
repository: https://djjudas21.github.io/charts/
version: 8.5.2
version: 8.5.4

92
internalproxy/templates/argocd.yaml
View File

@@ -1,46 +1,46 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.internal.durp.info`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: argocd-server
port: 443
scheme: https
tls:
secretName: argocd-tls
---
kind: Service
apiVersion: v1
metadata:
name: argocd-server
spec:
type: ExternalName
externalName: argocd-server.argocd.svc.cluster.local
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: argocd-tls
spec:
secretName: argocd-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "argocd.internal.durp.info"
dnsNames:
- "argocd.internal.durp.info"
#apiVersion: traefik.io/v1alpha1
#kind: IngressRoute
#metadata:
# name: argocd-ingress
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-production
#spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`argocd.internal.durp.info`)
# middlewares:
# - name: whitelist
# namespace: traefik
# kind: Rule
# services:
# - name: argocd-server
# port: 443
# scheme: https
# tls:
# secretName: argocd-tls
#
#---
#
#kind: Service
#apiVersion: v1
#metadata:
# name: argocd-server
#spec:
# type: ExternalName
# externalName: argocd-server.argocd.svc.cluster.local
#
#---
#
#apiVersion: cert-manager.io/v1
#kind: Certificate
#metadata:
# name: argocd-tls
#spec:
# secretName: argocd-tls
# issuerRef:
# name: letsencrypt-production
# kind: ClusterIssuer
# commonName: "argocd.internal.durp.info"
# dnsNames:
# - "argocd.internal.durp.info"

63
internalproxy/templates/blueiris.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: blueiris
spec:
ports:
- name: app
port: 81
protocol: TCP
targetPort: 81
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: blueiris
subsets:
- addresses:
- ip: 192.168.99.2
ports:
- name: app
port: 81
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blueiris-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: blueiris
port: 81
scheme: http
tls:
secretName: blueiris-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: blueiris-tls
spec:
secretName: blueiris-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "blueiris.internal.durp.info"
dnsNames:
- "blueiris.internal.durp.info"

63
internalproxy/templates/gitea.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: gitea
spec:
ports:
- name: app
port: 3000
protocol: TCP
targetPort: 3000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: gitea
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: gitea
port: 3000
scheme: http
tls:
secretName: gitea-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-tls
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "gitea.durp.info"
dnsNames:
- "gitea.durp.info"
---
kind: Service
apiVersion: v1
metadata:

71
internalproxy/templates/guac.yaml
View File

@@ -1,71 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: guac-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: guac.durp.info
spec:
type: ExternalName
externalName: durp.info
---
apiVersion: v1
kind: Service
metadata:
name: guac
spec:
ports:
- name: app
port: 8082
protocol: TCP
targetPort: 8082
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: guac
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8082
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: guac-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`guac.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: guac
port: 8082
tls:
secretName: guac-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: guac-tls
spec:
secretName: guac-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "guac.durp.info"
dnsNames:
- "guac.durp.info"

63
internalproxy/templates/jellyfin.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: jellyfin
spec:
ports:
- name: app
port: 8096
protocol: TCP
targetPort: 8096
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: jellyfin
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8096
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: jellyfin-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: jellyfin
port: 8096
scheme: http
tls:
secretName: jellyfin-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jellyfin-tls
spec:
secretName: jellyfin-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "jellyfin.durp.info"
dnsNames:
- "jellyfin.durp.info"
---
kind: Service
apiVersion: v1
metadata:

63
internalproxy/templates/kasm.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: kasm
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: kasm
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kasm-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`kasm.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: kasm
port: 443
scheme: https
tls:
secretName: kasm-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kasm-tls
spec:
secretName: kasm-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "kasm.durp.info"
dnsNames:
- "kasm.durp.info"
---
kind: Service
apiVersion: v1
metadata:

63
internalproxy/templates/minio.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
ports:
- name: app
port: 9769
protocol: TCP
targetPort: 9769
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: minio
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9769
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: minio-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: minio
port: 9769
scheme: http
tls:
secretName: minio-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: minio-tls
spec:
secretName: minio-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "minio.internal.durp.info"
dnsNames:
- "minio.internal.durp.info"

63
internalproxy/templates/octopus.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: octopus
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: octopus
subsets:
- addresses:
- ip: 192.168.20.105
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: octopus-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: octopus
port: 443
scheme: https
tls:
secretName: octopus-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: octopus-tls
spec:
secretName: octopus-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "octopus.internal.durp.info"
dnsNames:
- "octopus.internal.durp.info"

101
internalproxy/templates/ollama.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ollama-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: ollama-secret
data:
- secretKey: users
remoteRef:
key: secrets/internalproxy/ollama
property: users
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ollama-basic-auth
spec:
basicAuth:
secret: ollama-secret
---
apiVersion: v1
kind: Service
metadata:
name: ollama
spec:
ports:
- name: app
port: 11435
protocol: TCP
targetPort: 11435
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: ollama
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 11435
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ollama-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`ollama.durp.info`) && PathPrefix(`/`)
middlewares:
- name: ollama-basic-auth
kind: Rule
services:
- name: ollama
port: 11435
tls:
secretName: ollama-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ollama-tls
spec:
secretName: ollama-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "ollama.durp.info"
dnsNames:
- "ollama.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: ollama-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/pfsense.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: pfsense
spec:
ports:
- name: app
port: 10443
protocol: TCP
targetPort: 10443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: pfsense
subsets:
- addresses:
- ip: 192.168.20.1
ports:
- name: app
port: 10443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pfsense-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: pfsense
port: 10443
scheme: https
tls:
secretName: pfsense-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: pfsense-tls
spec:
secretName: pfsense-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "pfsense.internal.durp.info"
dnsNames:
- "pfsense.internal.durp.info"

63
internalproxy/templates/plex.yaml
View File

@@ -1,3 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: plex
spec:
ports:
- name: app
port: 32400
protocol: TCP
targetPort: 32400
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: plex
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 32400
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: plex-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`plex.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: plex
port: 32400
scheme: https
tls:
secretName: plex-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: plex-tls
spec:
secretName: plex-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "plex.durp.info"
dnsNames:
- "plex.durp.info"
---
kind: Service
apiVersion: v1
metadata:

63
internalproxy/templates/portainer.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: portainer
spec:
ports:
- name: app
port: 9443
protocol: TCP
targetPort: 9443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: portainer
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 9443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: portainer-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: portainer
port: 9443
scheme: https
tls:
secretName: portainer-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: portainer-tls
spec:
secretName: portainer-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "portainer.internal.durp.info"
dnsNames:
- "portainer.internal.durp.info"

63
internalproxy/templates/proxmox.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: proxmox
spec:
ports:
- name: app
port: 8006
protocol: TCP
targetPort: 8006
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: proxmox
subsets:
- addresses:
- ip: 192.168.21.252
ports:
- name: app
port: 8006
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: proxmox-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: proxmox
port: 8006
scheme: https
tls:
secretName: proxmox-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: proxmox-tls
spec:
secretName: proxmox-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "proxmox.internal.durp.info"
dnsNames:
- "proxmox.internal.durp.info"

14
internalproxy/templates/registry-internal.yaml
View File

@@ -5,9 +5,9 @@ metadata:
spec:
ports:
- name: app
port: 5001
port: 5000
protocol: TCP
targetPort: 5001
targetPort: 5000
clusterIP: None
type: ClusterIP
@@ -22,7 +22,7 @@ subsets:
- ip: 192.168.20.253
ports:
- name: app
port: 5001
port: 5000
protocol: TCP
---
@@ -39,9 +39,9 @@ spec:
kind: Rule
services:
- name: registry-internal
port: 5001
port: 5000
tls:
secretName: registry-tls
secretName: registry-internal-tls
---
@@ -54,6 +54,6 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "registry.durp.info"
commonName: "registry.internal.durp.info"
dnsNames:
- "registry.durp.info"
- "registry.internal.durp.info"

63
internalproxy/templates/s3.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: s3
spec:
ports:
- name: app
port: 9768
protocol: TCP
targetPort: 9768
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: s3
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9768
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: s3-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: s3
port: 9768
scheme: http
tls:
secretName: s3-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: s3-tls
spec:
secretName: s3-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "s3.internal.durp.info"
dnsNames:
- "s3.internal.durp.info"

63
internalproxy/templates/semaphore.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: semaphore
spec:
ports:
- name: app
port: 3001
protocol: TCP
targetPort: 3001
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: semaphore
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3001
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: semaphore-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: semaphore
port: 3001
scheme: http
tls:
secretName: semaphore-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: semaphore-tls
spec:
secretName: semaphore-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "semaphore.internal.durp.info"
dnsNames:
- "semaphore.internal.durp.info"

63
internalproxy/templates/unraid.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: unraid
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: unraid
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: unraid-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: unraid
port: 443
scheme: https
tls:
secretName: unraid-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: unraid-tls
spec:
secretName: unraid-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "unraid.internal.durp.info"
dnsNames:
- "unraid.internal.durp.info"

63
internalproxy/templates/wazuh.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: wazuh
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: wazuh
subsets:
- addresses:
- ip: 192.168.20.102
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wazuh-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: wazuh
port: 443
scheme: https
tls:
secretName: wazuh-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wazuh-tls
spec:
secretName: wazuh-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "wazuh.internal.durp.info"
dnsNames:
- "wazuh.internal.durp.info"

2
kube-prometheus-stack/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies:
- name: kube-prometheus-stack
repository: https://prometheus-community.github.io/helm-charts
version: 40.5.0
version: 63.1.0

2
kubeclarity/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies:
- name: kubeclarity
repository: https://openclarity.github.io/kubeclarity
version: 2.22.0
version: 2.23.3

2
longhorn/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies:
- name: longhorn
repository: https://charts.longhorn.io
version: 1.3.2
version: 1.7.1

4
longhorn/values.yaml
View File

@@ -57,7 +57,7 @@ longhorn:
{
"name":"backup",
"task":"backup",
"cron":"0 */6 * * *",
"cron":"0 0 * * ?",
"retain":24
}
]'
@@ -76,7 +76,7 @@ longhorn:
snapshotterReplicaCount: ~
defaultSettings:
backupTarget: S3://longhorn@us-east-1/
backupTarget: S3://longhorn-master@us-east-1/
backupTargetCredentialSecret: longhorn-backup-token-secret
allowRecurringJobWhileVolumeDetached: ~
createDefaultDiskLabeledNodes: ~

2
metallb-system/Chart.yaml
View File

@@ -9,5 +9,5 @@ appVersion: "1.16.0"
dependencies:
- name: metallb
repository: https://metallb.github.io/metallb
version: 0.14.5
version: 0.14.8

2
traefik/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies:
- name: traefik
repository: https://traefik.github.io/charts
version: 22.1.0
version: 24.0.0

2
traefik/templates/middlewares.yaml
View File

@@ -32,3 +32,5 @@ spec:
sourceRange:
- 192.168.20.1/32
- 10.0.0.0/8
- 192.168.30.0/24
- 192.168.130.0/24

32
traefik/values.yaml
View File

@@ -730,22 +730,22 @@ traefik:
## Create HorizontalPodAutoscaler object.
##
autoscaling:
enabled: false
minReplicas: 1
enabled: true
minReplicas: 3
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 60
averageUtilization: 80
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
@@ -819,13 +819,13 @@ traefik:
# Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "300m"
memory: "256Mi"
# This example pod anti-affinity forces the scheduler to put traefik pods
# on nodes where no other traefik pods are scheduled.

15
vault/values.yaml
View File

@@ -39,14 +39,13 @@ vault:
ha:
enabled: false
replicas: 3
resources: {}
# resources:
# requests:
# memory: 256Mi
# cpu: 250m
# limits:
# memory: 256Mi
# cpu: 250m
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
dataStorage:
enabled: true