DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: DeveloperDurp:main
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd
...
pull from: DeveloperDurp:dmz
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd

31 Commits
main ... dmz

Author SHA1 Message Date
DeveloperDurp
c5e1681c5e update 2024-08-07 05:48:59 -05:00
DeveloperDurp
3caef94aa2 update 2024-08-07 05:48:43 -05:00
DeveloperDurp
d1b5b53626 update 2024-08-07 05:47:57 -05:00
DeveloperDurp
1fb05b911d update 2024-08-07 05:46:58 -05:00
DeveloperDurp
35e46caf8e update 2024-08-07 05:35:50 -05:00
DeveloperDurp
1488f5c3bd update 2024-08-07 05:35:03 -05:00
DeveloperDurp
6d743b8812 update 2024-08-07 05:34:15 -05:00
DeveloperDurp
23a5ebef45 update 2024-08-07 05:33:45 -05:00
DeveloperDurp
c904e0260a update 2024-08-07 05:33:23 -05:00
DeveloperDurp
b4adf6bfe1 update 2024-08-07 05:28:09 -05:00
DeveloperDurp
51c5eed833 update 2024-08-07 05:26:28 -05:00
DeveloperDurp
f308a5c672 update 2024-08-06 05:11:29 -05:00
DeveloperDurp
305a418382 update 2024-08-06 04:55:02 -05:00
DeveloperDurp
86d3fe8b38 update 2024-08-05 05:04:11 -05:00
DeveloperDurp
3df7190f90 update 2024-08-05 04:59:37 -05:00
DeveloperDurp
27dd5ed7b7 update 2024-08-05 04:58:12 -05:00
DeveloperDurp
d5d746743c test secret in same namespace 2024-08-05 04:52:21 -05:00
DeveloperDurp
b794d2945f update 2024-08-05 04:51:46 -05:00
DeveloperDurp
26b4774589 update 2024-08-04 10:53:35 -05:00
DeveloperDurp
16ff689f49 update 2024-08-04 10:47:47 -05:00
DeveloperDurp
45bf00db84 update 2024-08-04 10:40:35 -05:00
DeveloperDurp
0045af169d update 2024-08-04 10:39:19 -05:00
DeveloperDurp
3fe64ede97 update 2024-08-04 10:36:59 -05:00
DeveloperDurp
e4afc699b3 update 2024-08-04 10:35:13 -05:00
DeveloperDurp
aacf1e8656 update 2024-08-04 10:34:29 -05:00
DeveloperDurp
3c3bd1bfa0 update 2024-08-04 10:00:54 -05:00
DeveloperDurp
654f2b4d85 update 2024-08-04 09:53:37 -05:00
DeveloperDurp
1c04237918 update 2024-08-04 09:48:25 -05:00
DeveloperDurp
a8a881dd7c update 2024-08-04 09:44:38 -05:00
DeveloperDurp
43579b8f6e update 2024-08-04 09:34:19 -05:00
DeveloperDurp
e0eaa1a96c update 2024-08-04 09:33:10 -05:00
82 changed files with 84 additions and 3119 deletions
Expand all files Collapse all files

2
argocd/templates/InternalProxy.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: internalproxy
directory:
recurse: true

2
argocd/templates/argocd.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: argocd
destination:
namespace: argocd

21
argocd/templates/authentik.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: authentik
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: authentik
destination:
namespace: authentik
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

23
argocd/templates/bitwarden.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: bitwarden
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: bitwarden
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: bitwarden
syncPolicy:
automated:
prune: true
selfHeal: false
syncOptions:
- CreateNamespace=true

2
argocd/templates/cert-manager.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: cert-manager
destination:
namespace: cert-manager

20
argocd/templates/crossplane.yml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: crossplane
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: crossplane
destination:
namespace: crossplane
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/durpapi.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: durpapi
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: durpapi
destination:
namespace: durpapi
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/durpot.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: durpot
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: durpot
destination:
namespace: durpot
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

2
argocd/templates/external-dns.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: external-dns
destination:
namespace: external-dns

2
argocd/templates/external-secrets.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: external-secrets
destination:
namespace: external-secrets

2
argocd/templates/gatekeeper.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: gatekeeper
destination:
namespace: gatekeeper

2
argocd/templates/gitlab-runner.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: gitlab-runner
destination:
namespace: gitlab-runner

20
argocd/templates/heimdall.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: heimdall
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: heimdall
destination:
namespace: heimdall
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/krakend.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: krakend
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: krakend
destination:
namespace: krakend
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

2
argocd/templates/kube-prometheus-stack.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: kube-prometheus-stack
destination:
namespace: kube-prometheus-stack

2
argocd/templates/kubeclarity.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: kubeclarity
destination:
namespace: kubeclarity

22
argocd/templates/littlelink.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: littlelink
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: littlelink
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: littlelink
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

2
argocd/templates/longhorn.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: longhorn
destination:
namespace: longhorn-system

2
argocd/templates/metallb-system.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: metallb-system
destination:
namespace: metallb-system

23
argocd/templates/nfs-client.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nfs-client
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: nfs-client
directory:
recurse: true
destination:
namespace: nfs-client
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/open-webui.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: open-webui
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: open-webui
destination:
namespace: open-webui
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

17
argocd/templates/secrets.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-argocd
labels:
app.kubernetes.io/part-of: argocd
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: client-secret
data:
- secretKey: clientSecret
remoteRef:
key: secrets/argocd/authentik
property: clientsecret

2
argocd/templates/traefik.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: traefik
destination:
namespace: traefik

2
argocd/templates/uptimekuma.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: uptimekuma
directory:
recurse: true

2
argocd/templates/vault.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
targetRevision: dmz
path: vault
destination:
namespace: vault

12
authentik/Chart.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v2
name: authentik
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: authentik
repository: https://charts.goauthentik.io
version: 2024.4.1

24
authentik/templates/authentik-pv.yaml
View File

@@ -1,24 +0,0 @@
#apiVersion: v1
#kind: PersistentVolume
#metadata:
# annotations:
# pv.kubernetes.io/provisioned-by: durp.info/nfs
# finalizers:
# - kubernetes.io/pv-protection
# name: authentik-pv
#spec:
# accessModes:
# - ReadWriteMany
# capacity:
# storage: 10Gi
# claimRef:
# apiVersion: v1
# kind: PersistentVolumeClaim
# name: authentik-pvc
# namespace: authentik
# nfs:
# path: /mnt/user/k3s/authentik
# server: 192.168.20.253
# persistentVolumeReclaimPolicy: Retain
# storageClassName: nfs-storage
# volumeMode: Filesystem

18
authentik/templates/authentik-pvc.yaml
View File

@@ -1,18 +0,0 @@
#apiVersion: v1
#kind: PersistentVolumeClaim
#metadata:
# labels:
# app.kubernetes.io/component: app
# app.kubernetes.io/instance: authentik
# app.kubernetes.io/managed-by: Helm
# app.kubernetes.io/name: authentik
# helm.sh/chart: authentik-2.14.4
# name: authentik-pvc
# namespace: authentik
#spec:
# accessModes:
# - ReadWriteMany
# resources:
# requests:
# storage: 10Gi
# storageClassName: nfs-storage

42
authentik/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: authentik-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`authentik.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: authentik-server
port: 80
tls:
secretName: authentik-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: authentik-tls
spec:
secretName: authentik-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "authentik.durp.info"
dnsNames:
- "authentik.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: authentik-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
spec:
type: ExternalName
externalName: durp.info

28
authentik/templates/secrets.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: authentik-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: db-pass
data:
- secretKey: dbpass
remoteRef:
key: secrets/authentik/database
property: dbpass
- secretKey: secretkey
remoteRef:
key: secrets/authentik/database
property: secretkey
- secretKey: postgresql-postgres-password
remoteRef:
key: secrets/authentik/database
property: dbpass
- secretKey: postgresql-password
remoteRef:
key: secrets/authentik/database
property: dbpass

51
authentik/values.yaml
View File

@@ -1,51 +0,0 @@
authentik:
global:
env:
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: db-pass
key: dbpass
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: db-pass
key: secretkey
revisionHistoryLimit: 1
image:
repository: registry.internal.durp.info/goauthentik/server
pullPolicy: Always
authentik:
outposts:
container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
postgresql:
host: '{{ .Release.Name }}-postgresql-hl'
name: "authentik"
user: "authentik"
port: 5432
server:
name: server
replicas: 3
postgresql:
enabled: true
image:
registry: registry.internal.durp.info
repository: bitnami/postgresql
pullPolicy: Always
postgresqlUsername: "authentik"
postgresqlDatabase: "authentik"
existingSecret: db-pass
persistence:
enabled: true
storageClass: longhorn
accessModes:
- ReadWriteMany
redis:
enabled: true
image:
registry: registry.internal.durp.info
repository: bitnami/redis
pullPolicy: Always
architecture: standalone
auth:
enabled: false

7
bitwarden/Chart.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v2
name: bitwarden
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

25
bitwarden/templates/bitwarden-pv.yaml
View File

@@ -1,25 +0,0 @@
#apiVersion: v1
#kind: PersistentVolume
#metadata:
# annotations:
# pv.kubernetes.io/provisioned-by: durp.info/nfs
# finalizers:
# - kubernetes.io/pv-protection
# name: bitwarden-pv
#spec:
# accessModes:
# - ReadWriteMany
# capacity:
# storage: 10Gi
# claimRef:
# apiVersion: v1
# kind: PersistentVolumeClaim
# name: bitwarden-pvc
# namespace: bitwarden
# nfs:
# path: /mnt/user/k3s/bitwarden
# server: 192.168.20.253
# persistentVolumeReclaimPolicy: Retain
# storageClassName: nfs-storage
# volumeMode: Filesystem
#

11
bitwarden/templates/bitwarden-pvc.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bitwarden-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi

50
bitwarden/templates/deployment.yaml
View File

@@ -1,50 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: bitwarden
name: bitwarden
labels:
app: bitwarden
spec:
selector:
matchLabels:
app: bitwarden
replicas: 1
template:
metadata:
labels:
app: bitwarden
spec:
containers:
- name: bitwarden
image: registry.internal.durp.info/vaultwarden/server:1.30.3
imagePullPolicy: Always
volumeMounts:
- name: bitwarden-pvc
mountPath: /data
subPath: bitwaren-data
ports:
- name: http
containerPort: 80
env:
- name: SIGNUPS_ALLOWED
value: "FALSE"
- name: INVITATIONS_ALLOWED
value: "FALSE"
- name: WEBSOCKET_ENABLED
value: "TRUE"
- name: ROCKET_ENV
value: "staging"
- name: ROCKET_PORT
value: "80"
- name: ROCKET_WORKERS
value: "10"
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: bitwarden-secret
key: ADMIN_TOKEN
volumes:
- name: bitwarden-pvc
persistentVolumeClaim:
claimName: bitwarden-pvc

42
bitwarden/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: bitwarden-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: bitwarden
port: 80
tls:
secretName: bitwarden-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bitwarden-tls
spec:
secretName: bitwarden-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "bitwarden.durp.info"
dnsNames:
- "bitwarden.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: bitwarden-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
spec:
type: ExternalName
externalName: durp.info

16
bitwarden/templates/secrets.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: bitwarden-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: bitwarden-secret
data:
- secretKey: ADMIN_TOKEN
remoteRef:
key: secrets/bitwarden/admin
property: ADMIN_TOKEN

12
bitwarden/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bitwarden
spec:
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
selector:
app: bitwarden

12
crossplane/Chart.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v2
name: crossplane
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: crossplane
repository: https://charts.crossplane.io/stable
version: 1.12.0

55
crossplane/templates/gitlab.yml
View File

@@ -1,55 +0,0 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-gitlab
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitlab-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: gitlab-secret
data:
- secretKey: accesstoken
remoteRef:
key: secrets/gitlab/token
property: accesstoken
---
#apiVersion: gitlab.crossplane.io/v1beta1
#kind: ProviderConfig
#metadata:
# name: gitlab-provider
#spec:
# baseURL: https://gitlab.com/
# credentials:
# source: Secret
# secretRef:
# namespace: crossplane
# name: gitlab-secret
# key: accesstoken
#
#---
#
#apiVersion: projects.gitlab.crossplane.io/v1alpha1
#kind: Project
#metadata:
# name: example-project
#spec:
# deletionPolicy: Orphan
# forProvider:
# name: "Example Project"
# description: "example project description"
# providerConfigRef:
# name: gitlab-provider
# policy:
# resolution: Optional
# resolve: Always

1506
dashboards/nginx-dashboard.yaml
View File

File diff suppressed because it is too large Load Diff

11
durpapi/Chart.yaml
View File

@@ -1,11 +0,0 @@
type: application
appVersion: 0.1.0
description: A Helm chart for Kubernetes
name: durpapi
dependencies:
- condition: postgresql.enabled
version: 12.5.*
repository: https://charts.bitnami.com/bitnami
name: postgresql
apiVersion: v2
version: test

38
durpapi/templates/deployment.yaml
View File

@@ -1,38 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Chart.Name }}
labels:
app: {{ .Chart.Name }}
spec:
revisionHistoryLimit: 1
selector:
matchLabels:
app: {{ .Chart.Name }}
replicas: {{ .Values.deployment.hpa.minReplicas }}
template:
metadata:
labels:
app: {{ .Chart.Name }}
spec:
containers:
- name: api
image: "{{ .Values.deployment.image }}:{{ default .Chart.Version .Values.deployment.tag }}"
imagePullPolicy: {{ .Values.deployment.imagePullPolicy }}
readinessProbe:
{{- toYaml .Values.deployment.probe.readiness | nindent 12 }}
livenessProbe:
{{- toYaml .Values.deployment.probe.liveness | nindent 12 }}
startupProbe:
{{- toYaml .Values.deployment.probe.startup | nindent 12 }}
ports:
- name: http
containerPort: {{ .Values.service.targetport }}
env:
- name: host
value: {{ .Values.swagger.host }}
- name: version
value: {{ default .Chart.Version .Values.deployment.tag }}
envFrom:
- secretRef:
name: {{ .Values.deployment.secretfile }}

24
durpapi/templates/hpa.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ .Chart.Name }}-hpa"
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ .Chart.Name }}
minReplicas: {{ .Values.deployment.hpa.minReplicas }}
maxReplicas: {{ .Values.deployment.hpa.maxReplicas }}
metrics:
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 40

44
durpapi/templates/ingress.yaml
View File

@@ -1,44 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: "{{ .Chart.Name }}-ingress"
spec:
entryPoints:
- websecure
routes:
- match: Host("api.durp.info") && PathPrefix(`/api`)
kind: Rule
middlewares:
- name: jwt
services:
- name: "durpapi-service"
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: "{{ .Chart.Name }}-swagger"
spec:
entryPoints:
- websecure
routes:
- match: Host("api.durp.info") && PathPrefix(`/swagger`)
kind: Rule
services:
- name: "durpapi-service"
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: jwt
spec:
plugin:
jwt:
Required: true
Keys:
- https://authentik.durp.info/application/o/api/jwks

39
durpapi/templates/secrets.yaml
View File

@@ -1,39 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: durpapi-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: durpapi-secret
data:
- secretKey: db_host
remoteRef:
key: secrets/durpapi/postgres
property: db_host
- secretKey: db_port
remoteRef:
key: secrets/durpapi/postgres
property: db_port
- secretKey: db_pass
remoteRef:
key: secrets/durpapi/postgres
property: db_pass
- secretKey: db_user
remoteRef:
key: secrets/durpapi/postgres
property: db_user
- secretKey: db_sslmode
remoteRef:
key: secrets/durpapi/postgres
property: db_sslmode
- secretKey: db_name
remoteRef:
key: secrets/durpapi/postgres
property: db_name
- secretKey: llamaurl
remoteRef:
key: secrets/durpapi/llamaurl
property: llamaurl

12
durpapi/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ .Chart.Name }}-service"
spec:
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetport }}
protocol: TCP
selector:
app: {{ .Chart.Name }}

39
durpapi/values.yaml
View File

@@ -1,39 +0,0 @@
ingress:
enabled: false
deployment:
image: registry.internal.durp.info/developerdurp/durpapi
secretfile: durpapi-secret
imagePullPolicy: Always
hpa:
minReplicas: 3
maxReplicas: 10
probe:
readiness:
httpGet:
path: /api/health/gethealth
port: 8080
liveness:
httpGet:
path: /api/health/gethealth
port: 8080
startup:
httpGet:
path: /api/health/gethealth
port: 8080
service:
type: ClusterIP
port: 80
targetport: 8080
swagger:
host: api.durp.info
postgresql:
enabled: true
auth:
existingSecret: durpapi-secret
secretKeys:
adminPasswordKey: db_pass
userPasswordKey: db_pass
replicationPasswordKey: db_pass
database: postgres
username: postgres

11
durpot/Chart.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v2
name: durpapi
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: durpot
repository: https://gitlab.com/api/v4/projects/45025485/packages/helm/stable
version: 0.1.0-dev0038

43
durpot/templates/secrets.yaml
View File

@@ -1,43 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: durpot-secert
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: durpot-secret
data:
- secretKey: OPENAI_API_KEY
remoteRef:
key: secrets/durpot/openai
property: OPENAI_API_KEY
- secretKey: BOTPREFIX
remoteRef:
key: secrets/durpot/discord
property: BOTPREFIX
- secretKey: ChannelID
remoteRef:
key: secrets/durpot/discord
property: ChannelID
- secretKey: TOKEN
remoteRef:
key: secrets/durpot/discord
property: TOKEN
- secretKey: ClientID
remoteRef:
key: secrets/durpot/auth
property: ClientID
- secretKey: Password
remoteRef:
key: secrets/durpot/auth
property: Password
- secretKey: TokenURL
remoteRef:
key: secrets/durpot/auth
property: TokenURL
- secretKey: Username
remoteRef:
key: secrets/durpot/auth
property: Username

4
external-dns/values.yaml
View File

@@ -4,10 +4,10 @@ external-dns:
image:
pullPolicy: Always
txtPrefix: "dmz-"
sources:
- service
provider: cloudflare
cloudflare:
secretName : "external-dns"

33
external-secrets/templates/secret-store.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
spec:
provider:
vault:
server: "https://vault.internal.prd.durp.info"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "dmz-external-secrets"
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: cloudflare-api-token-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: cloudflare-api-token-secret
data:
- secretKey: cloudflare-api-token-secret
remoteRef:
key: secrets/cert-manager
property: cloudflare-api-token-secret

11
heimdall/Chart.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v2
name: heimdall
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: heimdall
repository: https://djjudas21.github.io/charts/
version: 8.5.2

52
heimdall/templates/ingress.yaml
View File

@@ -1,52 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
name: heimdall-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`heimdall.durp.info`) && PathPrefix(`/`)
middlewares:
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: heimdall
port: 80
- match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
namespace: authentik
port: 9000
tls:
secretName: heimdall-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: heimdall-tls
spec:
secretName: heimdall-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "heimdall.durp.info"
dnsNames:
- "heimdall.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: heimdall-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
spec:
type: ExternalName
externalName: durp.info

28
heimdall/values.yaml
View File

@@ -1,28 +0,0 @@
heimdall:
image:
registry:
repository: registry.internal.durp.info/linuxserver/heimdall
pullPolicy: Always
env:
TZ: UTC
PUID: "1000"
PGID: "1000"
service:
main:
annotations:
external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
external-dns.alpha.kubernetes.io/target: home.durp.info
ports:
http:
port: 80
ingress:
main:
enabled: false
persistence:
config:
enabled: true

7
krakend/Chart.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v2
name: krakend
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

39
krakend/templates/deployments.yaml
View File

@@ -1,39 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: krakend
name: krakend
labels:
app: krakend
spec:
selector:
matchLabels:
app: krakend
replicas: 1
template:
metadata:
labels:
app: krakend
spec:
volumes:
- name: krakend-secret
secret:
secretName: krakend-secret
containers:
- name: krakend
image: registry.internal.durp.info/devopsfaith/krakend:2.4.3
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /__health
port: 8080
readinessProbe:
httpGet:
path: /__health
port: 8080
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: krakend-secret
mountPath: /etc/krakend

56
krakend/templates/ingress.yaml
View File

@@ -1,56 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: api-tls
spec:
secretName: api-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "api.durp.info"
dnsNames:
- "api.durp.info"
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: krakend-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`api.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: krakend-service
port: 8080
scheme: http
tls:
secretName: api-tls
---
kind: Service
apiVersion: v1
metadata:
name: api-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: api.durp.info
spec:
type: ExternalName
externalName: durp.info
---
kind: Service
apiVersion: v1
metadata:
name: api-developer-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: developer.durp.info
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
type: ExternalName
externalName: developerdurp.github.io

15
krakend/templates/secrets.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: krakend-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: krakend-secret
data:
- secretKey: krakend.json
remoteRef:
key: secrets/krakend/config
property: config

12
krakend/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: krakend-service
spec:
ports:
- name: http
port: 8080
targetPort: 8080
protocol: TCP
selector:
app: krakend

0
littlelink/Chart.yaml
View File

99
littlelink/templates/deployment.yaml
View File

@@ -1,99 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: littlelink
name: littlelink
labels:
app: littlelink
spec:
selector:
matchLabels:
app: littlelink
replicas: 1
template:
metadata:
labels:
app: littlelink
spec:
containers:
- name: littlelink
image: registry.internal.durp.info/techno-tim/littlelink-server:latest
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthcheck
port: 3000
readinessProbe:
httpGet:
path: /healthcheck
port: 3000
env:
- name: META_TITLE
value: DeveloperDurp
- name: META_DESCRIPTION
value: The Durpy Developer
- name: META_AUTHOR
value: DeveloperDurp
- name: LANG
value: en
- name: META_INDEX_STATUS
value: all
- name: OG_TITLE
value: DeveloperDurp
- name: OG_DESCRIPTION
value: DeveloperDurp
- name: OG_URL
value: https://gitlab.com/developerdurp
- name: OG_IMAGE
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : OG_IMAGE_WIDTH
value: "400"
- name : OG_IMAGE_HEIGHT
value: "400"
- name : THEME
value: Dark
- name : FAVICON_URL
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : AVATAR_URL
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : AVATAR_2X_URL
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : AVATAR_ALT
value: DeveloperDurp Profile Pic
- name : NAME
value: DeveloperDurp
- name : BIO
value: Sup Nerd,
- name : BUTTON_ORDER
value: GITHUB,GITLAB,YOUTUBE,TWITTER,COFFEE,EMAIL
- name : TWITTER
value: https://twitter.com/developerdurp
- name : GITHUB
value: https://github.com/DeveloperDurp
- name : GITLAB
value: https://gitlab.com/developerdurp
- name: YOUTUBE
value: https://www.youtube.com/channel/UC1rGa6s6kER_gLpIQsxeMVQ
- name : EMAIL
value: DeveloperDurp@durp.info
- name : EMAIL_TEXT
value: DeveloperDurp@durp.info
- name : FOOTER
value: DeveloperDurp © 2022
- name: CUSTOM_BUTTON_TEXT
value: BuyMeACoffee
- name: CUSTOM_BUTTON_URL
value: https://www.buymeacoffee.com/DeveloperDurp
- name: CUSTOM_BUTTON_COLOR
value: '#ffdd00'
- name: CUSTOM_BUTTON_TEXT_COLOR
value: '#000000'
- name: CUSTOM_BUTTON_ALT_TEXT
value: Support
- name: CUSTOM_BUTTON_NAME
value: COFFEE
- name: CUSTOM_BUTTON_ICON
value: fa-solid fa-cup-togo
ports:
- name: http
containerPort: 3000

42
littlelink/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: littlelink-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`links.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: littlelink
port: 80
tls:
secretName: littlelink-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: littlelink-tls
spec:
secretName: littlelink-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "links.durp.info"
dnsNames:
- "links.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: links-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: links.durp.info
spec:
type: ExternalName
externalName: durp.info

12
littlelink/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: littlelink
spec:
ports:
- name: http
port: 80
targetPort: 3000
protocol: TCP
selector:
app: littlelink

4
metallb-system/templates/config.yaml
View File

@@ -4,12 +4,12 @@ metadata:
name: cheap
spec:
addresses:
- 192.168.20.130-192.168.20.140
- 192.168.20.34-192.168.20.39
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: poop
name: pool
namespace: metallb-system
spec:
ipAddressPools:

8
nfs-client/Chart.yml
View File

@@ -1,8 +0,0 @@
apiVersion: v2
name: nfs-client
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

12
nfs-client/templates/cluster-role-binding.yml
View File

@@ -1,12 +0,0 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: nfs-client
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io

20
nfs-client/templates/cluster-role.yml
View File

@@ -1,20 +0,0 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]

42
nfs-client/templates/provisioner.yml
View File

@@ -1,42 +0,0 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-client-provisioner
namespace: nfs-client
spec:
selector:
matchLabels:
app: nfs-client-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
memory: 1Gi
volumeMounts:
- name: nfs-client-ssd
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: durp.info/nfs
- name: NFS_SERVER
value: 192.168.20.253
- name: NFS_PATH
value: /mnt/user/k3s
volumes:
- name: nfs-client-ssd
nfs:
server: 192.168.20.253
path: /mnt/user/k3s

13
nfs-client/templates/role-binding.yml
View File

@@ -1,13 +0,0 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: nfs-client
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: nfs-client
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io

9
nfs-client/templates/role.yml
View File

@@ -1,9 +0,0 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: nfs-client
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]

5
nfs-client/templates/service-account.yml
View File

@@ -1,5 +0,0 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: nfs-client-provisioner
namespace: nfs-client

10
nfs-client/templates/storage-class.yml
View File

@@ -1,10 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-storage
annotations:
storageclass.kubernetes.io/is-default-class: "false"
provisioner: durp.info/nfs
parameters:
archiveOnDelete: "false"
reclaimPolicy: Retain

7
open-webui/Chart.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v2
name: open-webui
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

37
open-webui/templates/deployment.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: open-webui
name: open-webui
labels:
app: open-webui
spec:
selector:
matchLabels:
app: open-webui
replicas: 1
template:
metadata:
labels:
app: open-webui
spec:
containers:
- name: open-webui
image: registry.internal.durp.info/open-webui/open-webui:main
imagePullPolicy: Always
volumeMounts:
- name: open-webui-pvc
mountPath: /app/backend/data
ports:
- name: http
containerPort: 8080
env:
- name: OLLAMA_BASE_URL
valueFrom:
secretKeyRef:
name: open-webui-secret
key: OLLAMA_BASE_URL
volumes:
- name: open-webui-pvc
persistentVolumeClaim:
claimName: open-webui-pvc

42
open-webui/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: open-webui-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`open-webui.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: open-webui
port: 8080
tls:
secretName: open-webui-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: open-webui-tls
spec:
secretName: open-webui-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "open-webui.durp.info"
dnsNames:
- "open-webui.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: open-webui-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: open-webui.durp.info
spec:
type: ExternalName
externalName: durp.info

11
open-webui/templates/pvc.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: open-webui-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi

16
open-webui/templates/secrets.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: open-webui-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: open-webui-secret
data:
- secretKey: OLLAMA_BASE_URL
remoteRef:
key: secrets/open-webui
property: OLLAMA_BASE_URL

12
open-webui/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: open-webui
spec:
ports:
- name: http
port: 8080
targetPort: 8080
protocol: TCP
selector:
app: open-webui

37
vault/templates/ingress.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: vault-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`vault.internal.durp.info`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: vault
port: 8200
scheme: http
tls:
secretName: vault-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: vault-tls
spec:
secretName: vault-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "vault.internal.durp.info"
dnsNames:
- "vault.internal.durp.info"

44
vault/templates/secret-store.yaml
View File

@@ -1,14 +1,30 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"
#apiVersion: external-secrets.io/v1beta1
#kind: ClusterSecretStore
#metadata:
# name: vault
#spec:
# provider:
# vault:
# server: "http://vault.vault.svc.cluster.local:8200"
# path: "secrets"
# version: "v2"
# auth:
# kubernetes:
# mountPath: "kubernetes"
# role: "dmz-external-secrets"
#---
#apiVersion: external-secrets.io/v1beta1
#kind: ClusterSecretStore
#metadata:
# name: vault
#spec:
# provider:
# vault:
# server: "https://vault.internal.prd.durp.info"
# path: "secrets"
# version: "v2"
# auth:
# tokenSecretRef:
# name: vault-token
# key: token
# namespace: external-secrets

38
vault/values.yaml
View File

@@ -1,6 +1,7 @@
vault:
global:
externalVaultAddr: "https://vault.internal.prd.durp.info"
image:
repository: "registry.internal.durp.info/hashicorp/vault-k8s"
@@ -11,10 +12,11 @@ vault:
repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2"
injector:
enabled: "-"
replicas: 3
replicas: 2
leaderElector:
enabled: true
@@ -30,37 +32,3 @@ vault:
repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2"
server:
enabled: "-"
image:
repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2"
pullPolicy: Always
ha:
enabled: false
replicas: 3
resources: {}
# resources:
# requests:
# memory: 256Mi
# cpu: 250m
# limits:
# memory: 256Mi
# cpu: 250m
dataStorage:
enabled: true
size: 10Gi
storageClass: longhorn
accessMode: ReadWriteOnce
auditStorage:
enabled: false
size: 10Gi
mountPath: "/vault/audit"
storageClass: longhorn
accessMode: ReadWriteOnce
ui:
enabled: false
externalPort: 8200
targetPort: 8200