DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DeveloperDurp:prd
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd
..
compare: DeveloperDurp:a1b05d6f8a2043bd22d76cd97378503e6a88659d
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd

102 Commits
prd ... a1b05d6f8a

Author SHA1 Message Date
DeveloperDurp
a1b05d6f8a Update chart version 2024-09-30 04:47:53 -05:00
DeveloperDurp
8ca00e2715 Update chart version 2024-09-30 04:45:20 -05:00
DeveloperDurp
7cbe7932f1 Update chart version 2024-09-30 04:41:20 -05:00
DeveloperDurp
97d73b36c4 Update chart version 2024-09-29 08:56:15 -05:00
DeveloperDurp
679742ab45 Update chart version 2024-09-29 08:55:44 -05:00
DeveloperDurp
9b1680cfc8 Update chart version 2024-09-29 08:54:11 -05:00
DeveloperDurp
dd3ca7c9a4 Update chart version 2024-09-29 08:51:08 -05:00
DeveloperDurp
4a67df78b3 Update chart version 2024-09-29 08:45:48 -05:00
DeveloperDurp
dde4eac238 Update chart version 2024-09-29 08:43:25 -05:00
DeveloperDurp
f9987ac705 Update chart version 2024-09-29 08:43:01 -05:00
DeveloperDurp
6705352a10 Update chart version 2024-09-29 08:41:06 -05:00
DeveloperDurp
599e86e1a9 Update chart version 2024-09-29 08:37:42 -05:00
DeveloperDurp
4826c5beb6 Update chart version 2024-09-29 08:33:29 -05:00
DeveloperDurp
1284e2ec60 Update chart version 2024-09-29 08:28:14 -05:00
DeveloperDurp
7f6e182084 Update chart version 2024-09-29 07:50:40 -05:00
DeveloperDurp
a565952e0c Update chart version 2024-09-29 07:48:50 -05:00
DeveloperDurp
f64bdfbedd Update chart version 2024-09-29 07:39:11 -05:00
DeveloperDurp
e6a8aa74b4 Update chart version 2024-09-29 07:34:52 -05:00
DeveloperDurp
b1c45f939b Update chart version 2024-09-29 07:29:39 -05:00
DeveloperDurp
3bfec1450f Update chart version 2024-09-29 07:23:46 -05:00
DeveloperDurp
d5224c0c7f Update chart version 2024-09-29 07:20:05 -05:00
DeveloperDurp
4e37bfb8dc Update chart version 2024-09-29 07:13:09 -05:00
DeveloperDurp
45ae3523b9 Update chart version 2024-09-29 06:43:58 -05:00
DeveloperDurp
1151680f65 Update chart version 2024-09-29 06:42:16 -05:00
DeveloperDurp
1aefb8163b Update chart version 2024-09-29 06:39:44 -05:00
DeveloperDurp
e935822058 Update chart version 2024-09-29 06:35:39 -05:00
DeveloperDurp
49b23b1788 Update chart version 2024-09-29 06:22:50 -05:00
DeveloperDurp
bd2def6d46 Update chart version 2024-09-29 06:18:47 -05:00
DeveloperDurp
10fcd43274 Update chart version 2024-09-13 06:23:48 -05:00
DeveloperDurp
126c6e6f45 Update chart version 2024-09-13 06:20:00 -05:00
DeveloperDurp
10ce90a460 Update chart version 2024-09-13 06:17:56 -05:00
DeveloperDurp
c3cd2c0b8b Update chart version 2024-09-13 06:14:44 -05:00
DeveloperDurp
8b74b2efb6 Update chart version 2024-09-13 06:10:15 -05:00
DeveloperDurp
eecf949f86 Update worker count 2024-09-10 04:48:15 -05:00
DeveloperDurp
2b951b2814 update authentik version 2024-09-10 04:43:57 -05:00
DeveloperDurp
a1293abaf6 update 2024-08-31 07:40:14 -05:00
DeveloperDurp
5781c6ddda update 2024-08-31 07:23:47 -05:00
DeveloperDurp
42fc48bb27 update 2024-08-31 07:22:25 -05:00
DeveloperDurp
0f908a1460 update 2024-08-31 07:19:33 -05:00
DeveloperDurp
1febc6915e update 2024-08-31 07:14:08 -05:00
DeveloperDurp
a99e0649dd update 2024-08-31 07:11:20 -05:00
DeveloperDurp
d28f17120b upupdate 2024-08-30 05:08:33 -05:00
DeveloperDurp
44d099ad9e update 2024-08-30 05:04:57 -05:00
DeveloperDurp
5c866c2eb7 update 2024-08-30 05:04:25 -05:00
DeveloperDurp
216cece298 update 2024-08-30 05:03:40 -05:00
DeveloperDurp
f16da3d3a8 update resources 2024-08-30 04:58:02 -05:00
DeveloperDurp
f12b7aa532 update resource 2024-08-30 04:56:01 -05:00
DeveloperDurp
8ec254f59c enable autoscaller 2024-08-30 04:52:29 -05:00
DeveloperDurp
33fd621ec8 add resource limits 2024-08-30 04:51:35 -05:00
DeveloperDurp
89b8364fe5 add resource limits 2024-08-30 04:49:03 -05:00
DeveloperDurp
52038a7585 update 2024-08-29 05:04:25 -05:00
DeveloperDurp
885ab5e3d7 update 2024-08-29 05:02:08 -05:00
DeveloperDurp
7843ae7c29 update 2024-08-29 04:57:40 -05:00
DeveloperDurp
e2d1e01708 update 2024-08-29 04:55:28 -05:00
DeveloperDurp
e8cafed885 update 2024-08-29 04:50:55 -05:00
DeveloperDurp
62b7efad89 update 2024-08-27 04:58:07 -05:00
DeveloperDurp
47ddf2fd28 update 2024-08-25 06:32:15 -05:00
DeveloperDurp
31b689d5fe update 2024-08-25 06:28:15 -05:00
DeveloperDurp
5ef03e6dbe update 2024-08-25 06:27:05 -05:00
DeveloperDurp
38bb3538a3 update 2024-08-25 06:22:33 -05:00
DeveloperDurp
8c77e53669 update 2024-08-25 06:20:12 -05:00
DeveloperDurp
44aac27362 update 2024-08-25 06:19:34 -05:00
DeveloperDurp
0f4048072d update 2024-08-25 06:11:13 -05:00
DeveloperDurp
b6f0c41d5d update 2024-08-25 06:09:41 -05:00
DeveloperDurp
3259cd6f37 update 2024-08-25 06:07:19 -05:00
DeveloperDurp
418162a9e0 update 2024-08-25 05:43:48 -05:00
DeveloperDurp
de022ea46b update 2024-08-25 05:33:43 -05:00
DeveloperDurp
a50214eafc update 2024-08-25 05:32:20 -05:00
DeveloperDurp
be2ee6274a update 2024-08-25 05:12:54 -05:00
DeveloperDurp
1fbe3dbc95 update 2024-08-25 05:08:59 -05:00
DeveloperDurp
f8a13c4bff update 2024-08-25 05:05:59 -05:00
DeveloperDurp
c9d77c5eec update 2024-08-25 05:03:23 -05:00
DeveloperDurp
3457eba0a2 update 2024-08-25 04:52:22 -05:00
DeveloperDurp
738d19edfa update 2024-08-25 04:40:58 -05:00
DeveloperDurp
23d397e5d4 update 2024-08-25 04:35:16 -05:00
DeveloperDurp
10bfb6fd54 update 2024-08-25 04:34:31 -05:00
DeveloperDurp
0ff6377bd6 update 2024-08-24 21:30:35 -05:00
DeveloperDurp
8d92151ad3 update 2024-08-24 21:29:00 -05:00
DeveloperDurp
3f74860c28 update 2024-08-24 21:28:14 -05:00
DeveloperDurp
f12af0f92f update 2024-08-24 21:28:03 -05:00
DeveloperDurp
86a5af321d update 2024-08-24 21:25:12 -05:00
DeveloperDurp
4a1e4f980d update 2024-08-24 21:23:10 -05:00
DeveloperDurp
bf6c021d8b update 2024-08-24 21:09:10 -05:00
DeveloperDurp
0abc90d9cd update 2024-08-24 21:08:06 -05:00
DeveloperDurp
e2cabee7dd update 2024-08-24 20:57:18 -05:00
DeveloperDurp
1f2fd56d89 update 2024-08-24 20:56:13 -05:00
DeveloperDurp
785a256258 update 2024-08-24 20:47:17 -05:00
DeveloperDurp
26c3a919c6 update 2024-08-24 20:33:10 -05:00
DeveloperDurp
280298cc0a update 2024-08-24 20:31:37 -05:00
DeveloperDurp
f5b4c58367 update 2024-08-24 20:30:21 -05:00
DeveloperDurp
0a3f3d99d7 update 2024-08-24 20:29:32 -05:00
DeveloperDurp
21405024f7 add pfsense 2024-08-24 20:23:35 -05:00
DeveloperDurp
61110282d5 update 2024-08-11 07:57:18 -05:00
DeveloperDurp
5765f9b5d7 revert 2024-08-11 07:50:53 -05:00
DeveloperDurp
f70c55dcf2 update 2024-08-11 07:48:13 -05:00
DeveloperDurp
b2212a6608 move to nfs 2024-08-11 07:47:05 -05:00
DeveloperDurp
5e5a7b3803 update 2024-08-11 07:40:16 -05:00
DeveloperDurp
b1272fc052 remove proxy 2024-08-04 07:25:42 -05:00
DeveloperDurp
c2298c51b1 update 2024-07-21 08:54:15 -05:00
DeveloperDurp
40e98020bb update 2024-07-21 08:47:10 -05:00
DeveloperDurp
30331572e5 Update Chart 2024-05-29 02:21:27 +00:00
DeveloperDurp
ef367a7d10 move branch to prd 2024-05-11 06:24:20 -05:00
96 changed files with 2085 additions and 740 deletions
Expand all files Collapse all files

2
argocd/Chart.yaml
View File

@@ -9,6 +9,6 @@ appVersion: "1.16.0"
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 6.7.11 version: 6.11.1

23
argocd/templates/InternalProxy.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: internalproxy
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: internalproxy
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: internalproxy
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

41
argocd/templates/argocd.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: argocd path: argocd
destination: destination:
namespace: argocd namespace: argocd
@@ -18,3 +18,42 @@ spec:
selfHeal: true selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: argocd-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.internal.durp.info`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: argocd-server
port: 443
scheme: https
tls:
secretName: argocd-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: argocd-tls
spec:
secretName: argocd-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "argocd.internal.durp.info"
dnsNames:
- "argocd.internal.durp.info"

2
argocd/templates/authentik.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: authentik path: authentik
destination: destination:
namespace: authentik namespace: authentik

2
argocd/templates/bitwarden.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: bitwarden path: bitwarden
directory: directory:
recurse: true recurse: true

2
argocd/templates/cert-manager.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: cert-manager path: cert-manager
destination: destination:
namespace: cert-manager namespace: cert-manager

2
argocd/templates/crossplane.yml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: crossplane path: crossplane
destination: destination:
namespace: crossplane namespace: crossplane

2
argocd/templates/durpapi.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: durpapi path: durpapi
destination: destination:
namespace: durpapi namespace: durpapi

2
argocd/templates/durpot.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: durpot path: durpot
destination: destination:
namespace: durpot namespace: durpot

2
argocd/templates/external-dns.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: external-dns path: external-dns
destination: destination:
namespace: external-dns namespace: external-dns

2
argocd/templates/external-secrets.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: external-secrets path: external-secrets
destination: destination:
namespace: external-secrets namespace: external-secrets

2
argocd/templates/gatekeeper.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: gatekeeper path: gatekeeper
destination: destination:
namespace: gatekeeper namespace: gatekeeper

2
argocd/templates/gitlab-runner.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: gitlab-runner path: gitlab-runner
destination: destination:
namespace: gitlab-runner namespace: gitlab-runner

2
argocd/templates/heimdall.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: heimdall path: heimdall
destination: destination:
namespace: heimdall namespace: heimdall

36
argocd/templates/ingress.yaml
View File

@@ -1,36 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.internal.prd.durp.info`)
middlewares:
- name: internal-only
namespace: traefik
kind: Rule
services:
- name: argocd-server
port: 443
scheme: https
tls:
secretName: argocd-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: argocd-tls
spec:
secretName: argocd-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "argocd.internal.prd.durp.info"
dnsNames:
- "argocd.internal.prd.durp.info"

2
argocd/templates/krakend.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: krakend path: krakend
destination: destination:
namespace: krakend namespace: krakend

2
argocd/templates/kube-prometheus-stack.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: kube-prometheus-stack path: kube-prometheus-stack
destination: destination:
namespace: kube-prometheus-stack namespace: kube-prometheus-stack

2
argocd/templates/kubeclarity.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: kubeclarity path: kubeclarity
destination: destination:
namespace: kubeclarity namespace: kubeclarity

2
argocd/templates/littlelink.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: littlelink path: littlelink
directory: directory:
recurse: true recurse: true

2
argocd/templates/longhorn.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: longhorn path: longhorn
destination: destination:
namespace: longhorn-system namespace: longhorn-system

3
argocd/templates/metallb-system.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: metallb-system path: metallb-system
destination: destination:
namespace: metallb-system namespace: metallb-system
@@ -19,3 +19,4 @@ spec:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true

2
argocd/templates/nfs-client.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: nfs-client path: nfs-client
directory: directory:
recurse: true recurse: true

2
argocd/templates/open-webui.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: open-webui path: open-webui
destination: destination:
namespace: open-webui namespace: open-webui

2
argocd/templates/traefik.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: traefik path: traefik
destination: destination:
namespace: traefik namespace: traefik

2
argocd/templates/uptimekuma.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: uptimekuma path: uptimekuma
directory: directory:
recurse: true recurse: true

2
argocd/templates/vault.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default project: default
source: source:
repoURL: https://gitlab.com/developerdurp/homelab.git repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd targetRevision: main
path: vault path: vault
destination: destination:
namespace: vault namespace: vault

6
argocd/values.yaml
View File

@@ -33,13 +33,13 @@ argo-cd:
cm: cm:
create: true create: true
annotations: {} annotations: {}
url: https://argocd.internal.prd.durp.info url: https://argocd.internal.durp.info
oidc.tls.insecure.skip.verify: "true" oidc.tls.insecure.skip.verify: "true"
dex.config: | dex.config: |
connectors: connectors:
- config: - config:
issuer: https://authentik.prd.durp.info/application/o/argocd/ issuer: https://authentik.durp.info/application/o/argocd/
clientID: lKuMgyYaOlQMNAUSjsRVYgkwZG9UT6CeFWeTLAcl clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
clientSecret: $client-secret:clientSecret clientSecret: $client-secret:clientSecret
insecureEnableGroups: true insecureEnableGroups: true
scopes: scopes:

2
authentik/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies: dependencies:
- name: authentik - name: authentik
repository: https://charts.goauthentik.io repository: https://charts.goauthentik.io
version: 2024.4.1 version: 2024.8.3

10
authentik/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`authentik.prd.durp.info`) && PathPrefix(`/`) - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
kind: Rule kind: Rule
services: services:
- name: authentik-server - name: authentik-server
@@ -25,9 +25,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "authentik.prd.durp.info" commonName: "authentik.durp.info"
dnsNames: dnsNames:
- "authentik.prd.durp.info" - "authentik.durp.info"
--- ---
@@ -36,7 +36,7 @@ apiVersion: v1
metadata: metadata:
name: authentik-external-dns name: authentik-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: authentik.prd.durp.info external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName:.prd.durp.info externalName: durp.info

17
authentik/values.yaml
View File

@@ -1,8 +1,6 @@
authentik: authentik:
global: global:
env: env:
- name: AUTHENTIK_REDIS__DB
value: "1"
- name: AUTHENTIK_POSTGRESQL__PASSWORD - name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -28,22 +26,17 @@ authentik:
server: server:
name: server name: server
replicas: 3 replicas: 3
worker:
replicas: 3
postgresql: postgresql:
enabled: true enabled: true
image: image:
registry: registry.internal.durp.info registry: registry.internal.durp.info
repository: bitnami/postgresql repository: bitnami/postgresql
pullPolicy: Always pullPolicy: Always
auth: postgresqlUsername: "authentik"
username: "authentik" postgresqlDatabase: "authentik"
existingSecret: db-pass existingSecret: db-pass
secretKeys:
adminPasswordKey: dbpass
userPasswordKey: dbpass
#postgresqlUsername: "authentik"
#postgresqlDatabase: "authentik"
#existingSecret: db-pass
persistence: persistence:
enabled: true enabled: true
storageClass: longhorn storageClass: longhorn

6
bitwarden/templates/deployment.yaml
View File

@@ -17,7 +17,7 @@ spec:
spec: spec:
containers: containers:
- name: bitwarden - name: bitwarden
image: registry.internal.durp.info/vaultwarden/server:1.30.5 image: registry.internal.durp.info/vaultwarden/server:1.32.0
imagePullPolicy: Always imagePullPolicy: Always
volumeMounts: volumeMounts:
- name: bitwarden-pvc - name: bitwarden-pvc
@@ -28,7 +28,7 @@ spec:
containerPort: 80 containerPort: 80
env: env:
- name: SIGNUPS_ALLOWED - name: SIGNUPS_ALLOWED
value: "TRUE" value: "FALSE"
- name: INVITATIONS_ALLOWED - name: INVITATIONS_ALLOWED
value: "FALSE" value: "FALSE"
- name: WEBSOCKET_ENABLED - name: WEBSOCKET_ENABLED
@@ -39,7 +39,7 @@ spec:
value: "80" value: "80"
- name: ROCKET_WORKERS - name: ROCKET_WORKERS
value: "10" value: "10"
- name: ADMIN_TOKEN - name: SECRET_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: bitwarden-secret name: bitwarden-secret

31
bitwarden/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`bitwarden.prd.durp.info`) && PathPrefix(`/`) - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
kind: Rule kind: Rule
services: services:
- name: bitwarden - name: bitwarden
@@ -25,9 +25,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "bitwarden.prd.durp.info" commonName: "bitwarden.durp.info"
dnsNames: dnsNames:
- "bitwarden.prd.durp.info" - "bitwarden.durp.info"
--- ---
@@ -36,28 +36,7 @@ apiVersion: v1
metadata: metadata:
name: bitwarden-external-dns name: bitwarden-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: bitwarden.prd.durp.info external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName:.prd.durp.info externalName: durp.info
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: bitwarden-admin-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`bitwarden.prd.durp.info`) && PathPrefix(`/admin`)
kind: Rule
middlewares:
- name: whitelist
namespace: traefik
services:
- name: bitwarden
port: 80
tls:
secretName: bitwarden-tls

2
cert-manager/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: cert-manager - name: cert-manager
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
version: 1.*.* version: v1.15.3

0
cert-manager/templates/letsencrypt-production.yaml → cert-manager/templates/letsencrypt-prroduction.yaml
View File

13
cert-manager/templates/self-signed.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-cluster-issuer
spec:
selfSigned: {}

2
crossplane/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies: dependencies:
- name: crossplane - name: crossplane
repository: https://charts.crossplane.io/stable repository: https://charts.crossplane.io/stable
version: 1.16.0 version: 1.17.1

2
crossplane/templates/gitlab.yml
View File

@@ -3,7 +3,7 @@ kind: Provider
metadata: metadata:
name: provider-gitlab name: provider-gitlab
spec: spec:
package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.7.0 package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
--- ---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1

186
crossplane/values.yaml
View File

@@ -1,186 +0,0 @@
# helm-docs renders these comments into markdown. Use markdown formatting where
# appropiate.
#
# -- The number of Crossplane pod `replicas` to deploy.
replicas: 1
# -- The deployment strategy for the Crossplane and RBAC Manager pods.
deploymentStrategy: RollingUpdate
image:
# -- Repository for the Crossplane pod image.
repository: xpkg.upbound.io/crossplane/crossplane
# -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
tag: ""
# -- The image pull policy used for Crossplane and RBAC Manager pods.
pullPolicy: IfNotPresent
# -- Add `nodeSelectors` to the Crossplane pod deployment.
nodeSelector: {}
# -- Add `tolerations` to the Crossplane pod deployment.
tolerations: []
# -- Add `affinities` to the Crossplane pod deployment.
affinity: {}
# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
hostNetwork: false
# -- Specify the `dnsPolicy` to be used by the Crossplane pod.
dnsPolicy: ""
# -- Add custom `labels` to the Crossplane pod deployment.
customLabels: {}
# -- Add custom `annotations` to the Crossplane pod deployment.
customAnnotations: {}
serviceAccount:
# -- Add custom `annotations` to the Crossplane ServiceAccount.
customAnnotations: {}
# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
leaderElection: true
# -- Add custom arguments to the Crossplane pod.
args: []
provider:
# -- A list of Provider packages to install.
packages: []
configuration:
# -- A list of Configuration packages to install.
packages: []
function:
# -- A list of Function packages to install
packages: []
# -- The imagePullSecret names to add to the Crossplane ServiceAccount.
imagePullSecrets: []
registryCaBundleConfig:
# -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
name: ""
# -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
key: ""
service:
# -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
customAnnotations: {}
webhooks:
# -- Enable webhooks for Crossplane and installed Provider packages.
enabled: true
rbacManager:
# -- Deploy the RBAC Manager pod and its required roles.
deploy: true
# -- Don't install aggregated Crossplane ClusterRoles.
skipAggregatedClusterRoles: false
# -- The number of RBAC Manager pod `replicas` to deploy.
replicas: 1
# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
leaderElection: true
# -- Add custom arguments to the RBAC Manager pod.
args: []
# -- Add `nodeSelectors` to the RBAC Manager pod deployment.
nodeSelector: {}
# -- Add `tolerations` to the RBAC Manager pod deployment.
tolerations: []
# -- Add `affinities` to the RBAC Manager pod deployment.
affinity: {}
# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
priorityClassName: ""
resourcesCrossplane:
limits:
# -- CPU resource limits for the Crossplane pod.
cpu: 500m
# -- Memory resource limits for the Crossplane pod.
memory: 1024Mi
requests:
# -- CPU resource requests for the Crossplane pod.
cpu: 100m
# -- Memory resource requests for the Crossplane pod.
memory: 256Mi
securityContextCrossplane:
# -- The user ID used by the Crossplane pod.
runAsUser: 65532
# -- The group ID used by the Crossplane pod.
runAsGroup: 65532
# -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
allowPrivilegeEscalation: false
# -- Set the Crossplane pod root file system as read-only.
readOnlyRootFilesystem: true
packageCache:
# -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
medium: ""
# -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
sizeLimit: 20Mi
# -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
pvc: ""
# -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
configMap: ""
resourcesRBACManager:
limits:
# -- CPU resource limits for the RBAC Manager pod.
cpu: 100m
# -- Memory resource limits for the RBAC Manager pod.
memory: 512Mi
requests:
# -- CPU resource requests for the RBAC Manager pod.
cpu: 100m
# -- Memory resource requests for the RBAC Manager pod.
memory: 256Mi
securityContextRBACManager:
# -- The user ID used by the RBAC Manager pod.
runAsUser: 65532
# -- The group ID used by the RBAC Manager pod.
runAsGroup: 65532
# -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
allowPrivilegeEscalation: false
# -- Set the RBAC Manager pod root file system as read-only.
readOnlyRootFilesystem: true
metrics:
# -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
enabled: false
# -- Add custom environmental variables to the Crossplane pod deployment.
# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
extraEnvVarsCrossplane: {}
# -- Add custom environmental variables to the RBAC Manager pod deployment.
# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
extraEnvVarsRBACManager: {}
# -- Add a custom `securityContext` to the Crossplane pod.
podSecurityContextCrossplane: {}
# -- Add a custom `securityContext` to the RBAC Manager pod.
podSecurityContextRBACManager: {}
# -- Add custom `volumes` to the Crossplane pod.
extraVolumesCrossplane: {}
# -- Add custom `volumeMounts` to the Crossplane pod.
extraVolumeMountsCrossplane: {}
# -- To add arbitrary Kubernetes Objects during a Helm Install
extraObjects: []
# - apiVersion: pkg.crossplane.io/v1alpha1
# kind: ControllerConfig
# metadata:
# name: aws-config
# annotations:
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example
# helm.sh/hook: post-install
# spec:
# podSecurityContext:
# fsGroup: 2000

12
durpapi/Chart.yaml
View File

@@ -1,11 +1,13 @@
description: A Helm chart for Kubernetes apiVersion: v2
name: durpapi name: durpapi
description: A Helm chart for Kubernetes
type: application
version: 0.1.0-dev0184
appVersion: 0.1.0 appVersion: 0.1.0
dependencies: dependencies:
- condition: postgresql.enabled - condition: postgresql.enabled
name: postgresql
version: 12.5.* version: 12.5.*
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 0.1.0-dev0184 name: postgresql
apiVersion: v2
type: application

6
durpapi/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host("api.prd.durp.info") && PathPrefix(`/api`) - match: Host("api.durp.info") && PathPrefix(`/api`)
kind: Rule kind: Rule
middlewares: middlewares:
- name: jwt - name: jwt
@@ -24,7 +24,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host("api.prd.durp.info") && PathPrefix(`/swagger`) - match: Host("api.durp.info") && PathPrefix(`/swagger`)
kind: Rule kind: Rule
services: services:
- name: "durpapi-service" - name: "durpapi-service"
@@ -41,4 +41,4 @@ spec:
jwt: jwt:
Required: true Required: true
Keys: Keys:
- https://authentik.prd.durp.info/application/o/api/jwks/ - https://authentik.durp.info/application/o/api/jwks

6
durpapi/values.yaml
View File

@@ -10,15 +10,15 @@ deployment:
probe: probe:
readiness: readiness:
httpGet: httpGet:
path: /api/health/gethealth path: /health/gethealth
port: 8080 port: 8080
liveness: liveness:
httpGet: httpGet:
path: /api/health/gethealth path: /health/gethealth
port: 8080 port: 8080
startup: startup:
httpGet: httpGet:
path: /api/health/gethealth path: /health/gethealth
port: 8080 port: 8080
service: service:
type: ClusterIP type: ClusterIP

2
external-dns/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: external-dns - name: external-dns
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 6.20.3 version: 8.3.8

4
external-dns/values.yaml
View File

@@ -4,10 +4,10 @@ external-dns:
image: image:
pullPolicy: Always pullPolicy: Always
txtPrefix: "prd-"
sources: sources:
- service - service
provider: cloudflare provider: cloudflare
cloudflare: cloudflare:
secretName : "external-dns" secretName : "external-dns"

2
external-secrets/Chart.yaml
View File

@@ -8,5 +8,5 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 0.8.1 version: 0.10.4

2
gatekeeper/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: gatekeeper - name: gatekeeper
repository: https://open-policy-agent.github.io/gatekeeper/charts repository: https://open-policy-agent.github.io/gatekeeper/charts
version: 3.14.0 version: 3.17.1

555
gatekeeper/values.yaml
View File

@@ -1,277 +1,278 @@
gatekeeper: #gatekeeper:
replicas: 3 # replicas: 3
revisionHistoryLimit: 10 # revisionHistoryLimit: 10
auditInterval: 60 # auditInterval: 60
metricsBackends: ["prometheus"] # metricsBackends: ["prometheus"]
auditMatchKindOnly: false # auditMatchKindOnly: false
constraintViolationsLimit: 20 # constraintViolationsLimit: 20
auditFromCache: false # auditFromCache: false
disableMutation: false # disableMutation: false
disableValidatingWebhook: false # disableValidatingWebhook: false
validatingWebhookName: gatekeeper-validating-webhook-configuration # validatingWebhookName: gatekeeper-validating-webhook-configuration
validatingWebhookTimeoutSeconds: 3 # validatingWebhookTimeoutSeconds: 3
validatingWebhookFailurePolicy: Ignore # validatingWebhookFailurePolicy: Ignore
validatingWebhookAnnotations: {} # validatingWebhookAnnotations: {}
validatingWebhookExemptNamespacesLabels: {} # validatingWebhookExemptNamespacesLabels: {}
validatingWebhookObjectSelector: {} # validatingWebhookObjectSelector: {}
validatingWebhookCheckIgnoreFailurePolicy: Fail # validatingWebhookCheckIgnoreFailurePolicy: Fail
validatingWebhookCustomRules: {} # validatingWebhookCustomRules: {}
validatingWebhookURL: null # validatingWebhookURL: null
enableDeleteOperations: false # enableDeleteOperations: false
enableExternalData: true # enableExternalData: true
enableGeneratorResourceExpansion: true # enableGeneratorResourceExpansion: true
enableTLSHealthcheck: false # enableTLSHealthcheck: false
maxServingThreads: -1 # maxServingThreads: -1
mutatingWebhookName: gatekeeper-mutating-webhook-configuration # mutatingWebhookName: gatekeeper-mutating-webhook-configuration
mutatingWebhookFailurePolicy: Ignore # mutatingWebhookFailurePolicy: Ignore
mutatingWebhookReinvocationPolicy: Never # mutatingWebhookReinvocationPolicy: Never
mutatingWebhookAnnotations: {} # mutatingWebhookAnnotations: {}
mutatingWebhookExemptNamespacesLabels: {} # mutatingWebhookExemptNamespacesLabels: {}
mutatingWebhookObjectSelector: {} # mutatingWebhookObjectSelector: {}
mutatingWebhookTimeoutSeconds: 1 # mutatingWebhookTimeoutSeconds: 1
mutatingWebhookCustomRules: {} # mutatingWebhookCustomRules: {}
mutatingWebhookURL: null # mutatingWebhookURL: null
mutationAnnotations: false # mutationAnnotations: false
auditChunkSize: 500 # auditChunkSize: 500
logLevel: INFO # logLevel: INFO
logDenies: false # logDenies: false
logMutations: false # logMutations: false
emitAdmissionEvents: false # emitAdmissionEvents: false
emitAuditEvents: false # emitAuditEvents: false
admissionEventsInvolvedNamespace: false # admissionEventsInvolvedNamespace: false
auditEventsInvolvedNamespace: false # auditEventsInvolvedNamespace: false
resourceQuota: true # resourceQuota: true
externaldataProviderResponseCacheTTL: 3m # externaldataProviderResponseCacheTTL: 3m
image: # image:
repository: openpolicyagent/gatekeeper # repository: openpolicyagent/gatekeeper
crdRepository: openpolicyagent/gatekeeper-crds # crdRepository: openpolicyagent/gatekeeper-crds
release: v3.15.0-beta.0 # release: v3.15.0-beta.0
pullPolicy: Always # pullPolicy: Always
pullSecrets: [] # pullSecrets: []
preInstall: # preInstall:
crdRepository: # crdRepository:
image: # image:
repository: null # repository: null
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
postUpgrade: # postUpgrade:
labelNamespace: # labelNamespace:
enabled: false # enabled: false
image: # image:
repository: openpolicyagent/gatekeeper-crds # repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
extraNamespaces: [] # extraNamespaces: []
podSecurity: ["pod-security.kubernetes.io/audit=restricted", # podSecurity: ["pod-security.kubernetes.io/audit=restricted",
"pod-security.kubernetes.io/audit-version=latest", # "pod-security.kubernetes.io/audit-version=latest",
"pod-security.kubernetes.io/warn=restricted", # "pod-security.kubernetes.io/warn=restricted",
"pod-security.kubernetes.io/warn-version=latest", # "pod-security.kubernetes.io/warn-version=latest",
"pod-security.kubernetes.io/enforce=restricted", # "pod-security.kubernetes.io/enforce=restricted",
"pod-security.kubernetes.io/enforce-version=v1.24"] # "pod-security.kubernetes.io/enforce-version=v1.24"]
extraAnnotations: {} # extraAnnotations: {}
priorityClassName: "" # priorityClassName: ""
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: {} # resources: {}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
postInstall: # postInstall:
labelNamespace: # labelNamespace:
enabled: true # enabled: true
extraRules: [] # extraRules: []
image: # image:
repository: openpolicyagent/gatekeeper-crds # repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
extraNamespaces: [] # extraNamespaces: []
podSecurity: ["pod-security.kubernetes.io/audit=restricted", # podSecurity: ["pod-security.kubernetes.io/audit=restricted",
"pod-security.kubernetes.io/audit-version=latest", # "pod-security.kubernetes.io/audit-version=latest",
"pod-security.kubernetes.io/warn=restricted", # "pod-security.kubernetes.io/warn=restricted",
"pod-security.kubernetes.io/warn-version=latest", # "pod-security.kubernetes.io/warn-version=latest",
"pod-security.kubernetes.io/enforce=restricted", # "pod-security.kubernetes.io/enforce=restricted",
"pod-security.kubernetes.io/enforce-version=v1.24"] # "pod-security.kubernetes.io/enforce-version=v1.24"]
extraAnnotations: {} # extraAnnotations: {}
priorityClassName: "" # priorityClassName: ""
probeWebhook: # probeWebhook:
enabled: true # enabled: true
image: # image:
repository: curlimages/curl # repository: curlimages/curl
tag: 7.83.1 # tag: 7.83.1
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
waitTimeout: 60 # waitTimeout: 60
httpTimeout: 2 # httpTimeout: 2
insecureHTTPS: false # insecureHTTPS: false
priorityClassName: "" # priorityClassName: ""
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
preUninstall: # preUninstall:
deleteWebhookConfigurations: # deleteWebhookConfigurations:
extraRules: [] # extraRules: []
enabled: false # enabled: false
image: # image:
repository: openpolicyagent/gatekeeper-crds # repository: openpolicyagent/gatekeeper-crds
tag: v3.15.0-beta.0 # tag: v3.15.0-beta.0
pullPolicy: IfNotPresent # pullPolicy: IfNotPresent
pullSecrets: [] # pullSecrets: []
priorityClassName: "" # priorityClassName: ""
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: {} # resources: {}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
podAnnotations: {} # podAnnotations: {}
auditPodAnnotations: {} # auditPodAnnotations: {}
podLabels: {} # podLabels: {}
podCountLimit: "100" # podCountLimit: "100"
secretAnnotations: {} # secretAnnotations: {}
enableRuntimeDefaultSeccompProfile: true # enableRuntimeDefaultSeccompProfile: true
controllerManager: # controllerManager:
exemptNamespaces: [] # exemptNamespaces: []
exemptNamespacePrefixes: [] # exemptNamespacePrefixes: []
hostNetwork: false # hostNetwork: false
dnsPolicy: ClusterFirst # dnsPolicy: ClusterFirst
port: 8443 # port: 8443
metricsPort: 8888 # metricsPort: 8888
healthPort: 9090 # healthPort: 9090
readinessTimeout: 1 # readinessTimeout: 1
livenessTimeout: 1 # livenessTimeout: 1
priorityClassName: system-cluster-critical # priorityClassName: system-cluster-critical
disableCertRotation: false # disableCertRotation: false
tlsMinVersion: 1.3 # tlsMinVersion: 1.3
clientCertName: "" # clientCertName: ""
strategyType: RollingUpdate # strategyType: RollingUpdate
affinity: # affinity:
podAntiAffinity: # podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution: # preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm: # - podAffinityTerm:
labelSelector: # labelSelector:
matchExpressions: # matchExpressions:
- key: gatekeeper.sh/operation # - key: gatekeeper.sh/operation
operator: In # operator: In
values: # values:
- webhook # - webhook
topologyKey: kubernetes.io/hostname # topologyKey: kubernetes.io/hostname
weight: 100 # weight: 100
topologySpreadConstraints: [] # topologySpreadConstraints: []
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: # resources:
limits: # limits:
memory: 512Mi # memory: 512Mi
requests: # requests:
cpu: 100m # cpu: 100m
memory: 512Mi # memory: 512Mi
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
podSecurityContext: # podSecurityContext:
fsGroup: 999 # fsGroup: 999
supplementalGroups: # supplementalGroups:
- 999 # - 999
extraRules: [] # extraRules: []
networkPolicy: # networkPolicy:
enabled: false # enabled: false
ingress: { } # ingress: { }
# - from: # # - from:
# - ipBlock: # # - ipBlock:
# cidr: 0.0.0.0/0 # # cidr: 0.0.0.0/0
audit: # audit:
enablePubsub: false # enablePubsub: false
connection: audit-connection # connection: audit-connection
channel: audit-channel # channel: audit-channel
hostNetwork: false # hostNetwork: false
dnsPolicy: ClusterFirst # dnsPolicy: ClusterFirst
metricsPort: 8888 # metricsPort: 8888
healthPort: 9090 # healthPort: 9090
readinessTimeout: 1 # readinessTimeout: 1
livenessTimeout: 1 # livenessTimeout: 1
priorityClassName: system-cluster-critical # priorityClassName: system-cluster-critical
disableCertRotation: false # disableCertRotation: false
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: # resources:
limits: # limits:
memory: 512Mi # memory: 512Mi
requests: # requests:
cpu: 100m # cpu: 100m
memory: 512Mi # memory: 512Mi
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 999 # runAsGroup: 999
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 1000 # runAsUser: 1000
podSecurityContext: # podSecurityContext:
fsGroup: 999 # fsGroup: 999
supplementalGroups: # supplementalGroups:
- 999 # - 999
writeToRAMDisk: false # writeToRAMDisk: false
extraRules: [] # extraRules: []
crds: # crds:
affinity: {} # affinity: {}
tolerations: [] # tolerations: []
nodeSelector: {kubernetes.io/os: linux} # nodeSelector: {kubernetes.io/os: linux}
resources: {} # resources: {}
securityContext: # securityContext:
allowPrivilegeEscalation: false # allowPrivilegeEscalation: false
capabilities: # capabilities:
drop: # drop:
- ALL # - ALL
readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
runAsGroup: 65532 # runAsGroup: 65532
runAsNonRoot: true # runAsNonRoot: true
runAsUser: 65532 # runAsUser: 65532
pdb: # pdb:
controllerManager: # controllerManager:
minAvailable: 1 # minAvailable: 1
service: {} # service: {}
disabledBuiltins: ["{http.send}"] # disabledBuiltins: ["{http.send}"]
psp: # psp:
enabled: true # enabled: true
upgradeCRDs: # upgradeCRDs:
enabled: true # enabled: true
extraRules: [] # extraRules: []
priorityClassName: "" # priorityClassName: ""
rbac: # rbac:
create: true # create: true
externalCertInjection: # externalCertInjection:
enabled: false # enabled: false
secretName: gatekeeper-webhook-server-cert # secretName: gatekeeper-webhook-server-cert
#

2
gitlab-runner/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: gitlab-runner - name: gitlab-runner
repository: https://charts.gitlab.io/ repository: https://charts.gitlab.io/
version: 0.43.0 version: 0.69.0

2
heimdall/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: heimdall - name: heimdall
repository: https://djjudas21.github.io/charts/ repository: https://djjudas21.github.io/charts/
version: 8.5.2 version: 8.5.4

12
heimdall/templates/ingress.yaml
View File

@@ -7,7 +7,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`heimdall.prd.durp.info`) && PathPrefix(`/`) - match: Host(`heimdall.durp.info`) && PathPrefix(`/`)
middlewares: middlewares:
- name: authentik-proxy-provider - name: authentik-proxy-provider
namespace: traefik namespace: traefik
@@ -15,7 +15,7 @@ spec:
services: services:
- name: heimdall - name: heimdall
port: 80 port: 80
- match: Host(`heimdall.prd.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule kind: Rule
services: services:
- name: ak-outpost-authentik-embedded-outpost - name: ak-outpost-authentik-embedded-outpost
@@ -35,9 +35,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "heimdall.prd.durp.info" commonName: "heimdall.durp.info"
dnsNames: dnsNames:
- "heimdall.prd.durp.info" - "heimdall.durp.info"
--- ---
@@ -46,7 +46,7 @@ apiVersion: v1
metadata: metadata:
name: heimdall-external-dns name: heimdall-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: heimdall.prd.durp.info external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName:.prd.durp.info externalName: durp.info

7
internalproxy/Chart.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v2
name: internalproxy
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "0.1.0"

46
internalproxy/templates/argocd.yaml Normal file
View File

@@ -0,0 +1,46 @@
#apiVersion: traefik.io/v1alpha1
#kind: IngressRoute
#metadata:
# name: argocd-ingress
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-production
#spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`argocd.internal.durp.info`)
# middlewares:
# - name: whitelist
# namespace: traefik
# kind: Rule
# services:
# - name: argocd-server
# port: 443
# scheme: https
# tls:
# secretName: argocd-tls
#
#---
#
#kind: Service
#apiVersion: v1
#metadata:
# name: argocd-server
#spec:
# type: ExternalName
# externalName: argocd-server.argocd.svc.cluster.local
#
#---
#
#apiVersion: cert-manager.io/v1
#kind: Certificate
#metadata:
# name: argocd-tls
#spec:
# secretName: argocd-tls
# issuerRef:
# name: letsencrypt-production
# kind: ClusterIssuer
# commonName: "argocd.internal.durp.info"
# dnsNames:
# - "argocd.internal.durp.info"

63
internalproxy/templates/blueiris.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: blueiris
spec:
ports:
- name: app
port: 81
protocol: TCP
targetPort: 81
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: blueiris
subsets:
- addresses:
- ip: 192.168.99.2
ports:
- name: app
port: 81
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blueiris-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: blueiris
port: 81
scheme: http
tls:
secretName: blueiris-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: blueiris-tls
spec:
secretName: blueiris-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "blueiris.internal.durp.info"
dnsNames:
- "blueiris.internal.durp.info"

70
internalproxy/templates/duplicati-ingress.yaml Normal file
View File

@@ -0,0 +1,70 @@
apiVersion: v1
kind: Service
metadata:
name: duplicati
spec:
ports:
- name: app
port: 8200
protocol: TCP
targetPort: 8200
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: duplicati
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8200
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: duplicati-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: duplicati
port: 8200
- match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
namespace: authentik
port: 9000
tls:
secretName: duplicati-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: duplicati-tls
spec:
secretName: duplicati-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "duplicati.internal.durp.info"
dnsNames:
- "duplicati.internal.durp.info"

72
internalproxy/templates/gitea.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: gitea
spec:
ports:
- name: app
port: 3000
protocol: TCP
targetPort: 3000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: gitea
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: gitea
port: 3000
scheme: http
tls:
secretName: gitea-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-tls
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "gitea.durp.info"
dnsNames:
- "gitea.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: gitea-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: gitea.durp.info
spec:
type: ExternalName
externalName: durp.info

72
internalproxy/templates/jellyfin.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: jellyfin
spec:
ports:
- name: app
port: 8096
protocol: TCP
targetPort: 8096
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: jellyfin
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8096
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: jellyfin-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: jellyfin
port: 8096
scheme: http
tls:
secretName: jellyfin-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jellyfin-tls
spec:
secretName: jellyfin-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "jellyfin.durp.info"
dnsNames:
- "jellyfin.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: jellyfin-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: jellyfin.durp.info
spec:
type: ExternalName
externalName: durp.info

72
internalproxy/templates/kasm.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: kasm
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: kasm
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kasm-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`kasm.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: kasm
port: 443
scheme: https
tls:
secretName: kasm-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kasm-tls
spec:
secretName: kasm-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "kasm.durp.info"
dnsNames:
- "kasm.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: kasm-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: kasm.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/minio.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
ports:
- name: app
port: 9769
protocol: TCP
targetPort: 9769
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: minio
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9769
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: minio-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: minio
port: 9769
scheme: http
tls:
secretName: minio-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: minio-tls
spec:
secretName: minio-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "minio.internal.durp.info"
dnsNames:
- "minio.internal.durp.info"

71
internalproxy/templates/nexus.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: v1
kind: Service
metadata:
name: nexus
spec:
ports:
- name: app
port: 8081
protocol: TCP
targetPort: 8081
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: nexus
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8081
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nexus-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`nexus.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: nexus
port: 8081
tls:
secretName: nexus-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nexus-tls
spec:
secretName: nexus-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "nexus.durp.info"
dnsNames:
- "nexus.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: nexus-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: nexus.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/octopus.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: octopus
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: octopus
subsets:
- addresses:
- ip: 192.168.20.105
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: octopus-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: octopus
port: 443
scheme: https
tls:
secretName: octopus-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: octopus-tls
spec:
secretName: octopus-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "octopus.internal.durp.info"
dnsNames:
- "octopus.internal.durp.info"

101
internalproxy/templates/ollama.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ollama-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: ollama-secret
data:
- secretKey: users
remoteRef:
key: secrets/internalproxy/ollama
property: users
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ollama-basic-auth
spec:
basicAuth:
secret: ollama-secret
---
apiVersion: v1
kind: Service
metadata:
name: ollama
spec:
ports:
- name: app
port: 11435
protocol: TCP
targetPort: 11435
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: ollama
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 11435
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ollama-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`ollama.durp.info`) && PathPrefix(`/`)
middlewares:
- name: ollama-basic-auth
kind: Rule
services:
- name: ollama
port: 11435
tls:
secretName: ollama-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ollama-tls
spec:
secretName: ollama-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "ollama.durp.info"
dnsNames:
- "ollama.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: ollama-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/pfsense.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: pfsense
spec:
ports:
- name: app
port: 10443
protocol: TCP
targetPort: 10443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: pfsense
subsets:
- addresses:
- ip: 192.168.20.1
ports:
- name: app
port: 10443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pfsense-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: pfsense
port: 10443
scheme: https
tls:
secretName: pfsense-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: pfsense-tls
spec:
secretName: pfsense-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "pfsense.internal.durp.info"
dnsNames:
- "pfsense.internal.durp.info"

72
internalproxy/templates/plex.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: plex
spec:
ports:
- name: app
port: 32400
protocol: TCP
targetPort: 32400
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: plex
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 32400
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: plex-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`plex.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: plex
port: 32400
scheme: https
tls:
secretName: plex-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: plex-tls
spec:
secretName: plex-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "plex.durp.info"
dnsNames:
- "plex.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: plex-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: plex.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/portainer.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: portainer
spec:
ports:
- name: app
port: 9443
protocol: TCP
targetPort: 9443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: portainer
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 9443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: portainer-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: portainer
port: 9443
scheme: https
tls:
secretName: portainer-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: portainer-tls
spec:
secretName: portainer-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "portainer.internal.durp.info"
dnsNames:
- "portainer.internal.durp.info"

63
internalproxy/templates/proxmox.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: proxmox
spec:
ports:
- name: app
port: 8006
protocol: TCP
targetPort: 8006
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: proxmox
subsets:
- addresses:
- ip: 192.168.21.252
ports:
- name: app
port: 8006
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: proxmox-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: proxmox
port: 8006
scheme: https
tls:
secretName: proxmox-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: proxmox-tls
spec:
secretName: proxmox-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "proxmox.internal.durp.info"
dnsNames:
- "proxmox.internal.durp.info"

59
internalproxy/templates/registry-internal.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: Service
metadata:
name: registry-internal
spec:
ports:
- name: app
port: 5000
protocol: TCP
targetPort: 5000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: registry-internal
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 5000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: registry-internal-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`registry.internal.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: registry-internal
port: 5000
tls:
secretName: registry-internal-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-internal-tls
spec:
secretName: registry-internal-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "registry.internal.durp.info"
dnsNames:
- "registry.internal.durp.info"

71
internalproxy/templates/registry.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: v1
kind: Service
metadata:
name: registry
spec:
ports:
- name: app
port: 5000
protocol: TCP
targetPort: 5000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: registry
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 5000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: registry-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`registry.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: registry
port: 5000
tls:
secretName: registry-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-tls
spec:
secretName: registry-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "registry.durp.info"
dnsNames:
- "registry.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: registry-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: registry.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/s3.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: s3
spec:
ports:
- name: app
port: 9768
protocol: TCP
targetPort: 9768
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: s3
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9768
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: s3-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: s3
port: 9768
scheme: http
tls:
secretName: s3-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: s3-tls
spec:
secretName: s3-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "s3.internal.durp.info"
dnsNames:
- "s3.internal.durp.info"

63
internalproxy/templates/semaphore.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: semaphore
spec:
ports:
- name: app
port: 3001
protocol: TCP
targetPort: 3001
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: semaphore
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3001
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: semaphore-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: semaphore
port: 3001
scheme: http
tls:
secretName: semaphore-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: semaphore-tls
spec:
secretName: semaphore-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "semaphore.internal.durp.info"
dnsNames:
- "semaphore.internal.durp.info"

82
internalproxy/templates/smokeping.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: v1
kind: Service
metadata:
name: smokeping
spec:
ports:
- name: app
port: 81
protocol: TCP
targetPort: 81
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: smokeping
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 81
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: smokeping-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`smokeping.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: smokeping
port: 81
- match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
namespace: authentik
port: 9000
tls:
secretName: smokeping-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: smokeping-tls
spec:
secretName: smokeping-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "smokeping.durp.info"
dnsNames:
- "smokeping.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: smokeping-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info
spec:
type: ExternalName
externalName: durp.info

74
internalproxy/templates/speedtest.yaml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: v1
kind: Service
metadata:
name: speedtest
spec:
ports:
- name: app
port: 6580
protocol: TCP
targetPort: 6580
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: speedtest
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 6580
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: speedtest-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`speedtest.durp.info`) && PathPrefix(`/`)
kind: Rule
middlewares:
- name: authentik-proxy-provider
namespace: traefik
services:
- name: speedtest
port: 6580
tls:
secretName: speedtest-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: speedtest-tls
spec:
secretName: speedtest-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "speedtest.durp.info"
dnsNames:
- "speedtest.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: speedtest-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info
spec:
type: ExternalName
externalName: durp.info

67
internalproxy/templates/tdarr.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
kind: Service
metadata:
name: tdarr
spec:
ports:
- name: app
port: 8267
protocol: TCP
targetPort: 8267
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: tdarr
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8267
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: tdarr-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`tdarr.internal.durp.info`)
middlewares:
- name: whitelist
namespace: traefik
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: tdarr
port: 8267
scheme: http
tls:
secretName: tdarr-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: tdarr-tls
spec:
secretName: tdarr-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "tdarr.internal.durp.info"
dnsNames:
- "tdarr.internal.durp.info"

63
internalproxy/templates/unraid.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: unraid
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: unraid
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: unraid-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: unraid
port: 443
scheme: https
tls:
secretName: unraid-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: unraid-tls
spec:
secretName: unraid-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "unraid.internal.durp.info"
dnsNames:
- "unraid.internal.durp.info"

63
internalproxy/templates/wazuh.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: wazuh
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: wazuh
subsets:
- addresses:
- ip: 192.168.20.102
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wazuh-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: wazuh
port: 443
scheme: https
tls:
secretName: wazuh-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wazuh-tls
spec:
secretName: wazuh-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "wazuh.internal.durp.info"
dnsNames:
- "wazuh.internal.durp.info"

12
krakend/templates/ingress.yaml
View File

@@ -7,9 +7,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "api.prd.durp.info" commonName: "api.durp.info"
dnsNames: dnsNames:
- "api.prd.durp.info" - "api.durp.info"
--- ---
@@ -21,7 +21,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`api.prd.durp.info`) && PathPrefix(`/`) - match: Host(`api.durp.info`) && PathPrefix(`/`)
kind: Rule kind: Rule
services: services:
- name: krakend-service - name: krakend-service
@@ -37,10 +37,10 @@ apiVersion: v1
metadata: metadata:
name: api-external-dns name: api-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: api.prd.durp.info external-dns.alpha.kubernetes.io/hostname: api.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName:.prd.durp.info externalName: durp.info
--- ---
@@ -49,7 +49,7 @@ apiVersion: v1
metadata: metadata:
name: api-developer-dns name: api-developer-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: developer.prd.durp.info external-dns.alpha.kubernetes.io/hostname: developer.durp.info
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec: spec:
type: ExternalName type: ExternalName

2
kube-prometheus-stack/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: https://prometheus-community.github.io/helm-charts repository: https://prometheus-community.github.io/helm-charts
version: 40.5.0 version: 63.1.0

16
kube-prometheus-stack/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`grafana.prd.durp.info`) && PathPrefix(`/`) - match: Host(`grafana.durp.info`) && PathPrefix(`/`)
kind: Rule kind: Rule
services: services:
- name: grafana - name: grafana
@@ -25,9 +25,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "grafana.prd.durp.info" commonName: "grafana.durp.info"
dnsNames: dnsNames:
- "grafana.prd.durp.info" - "grafana.durp.info"
--- ---
@@ -39,7 +39,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`alertmanager.prd.durp.info`) && PathPrefix(`/`) - match: Host(`alertmanager.durp.info`) && PathPrefix(`/`)
middlewares: middlewares:
- name: whitelist - name: whitelist
namespace: traefik namespace: traefik
@@ -63,9 +63,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "alertmanager.prd.durp.info" commonName: "alertmanager.durp.info"
dnsNames: dnsNames:
- "alertmanager.prd.durp.info" - "alertmanager.durp.info"
--- ---
@@ -74,7 +74,7 @@ apiVersion: v1
metadata: metadata:
name: grafana-external-dns name: grafana-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: grafana.prd.durp.info external-dns.alpha.kubernetes.io/hostname: grafana.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName:.prd.durp.info externalName: durp.info

2
kubeclarity/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: kubeclarity - name: kubeclarity
repository: https://openclarity.github.io/kubeclarity repository: https://openclarity.github.io/kubeclarity
version: 2.22.0 version: 2.23.3

10
kubeclarity/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`kubeclarity.prd.durp.info`) && PathPrefix(`/`) - match: Host(`kubeclarity.durp.info`) && PathPrefix(`/`)
middlewares: middlewares:
- name: whitelist - name: whitelist
namespace: traefik namespace: traefik
@@ -30,9 +30,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "kubeclarity.prd.durp.info" commonName: "kubeclarity.durp.info"
dnsNames: dnsNames:
- "kubeclarity.prd.durp.info" - "kubeclarity.durp.info"
--- ---
@@ -41,7 +41,7 @@ apiVersion: v1
metadata: metadata:
name: kubeclarity-external-dns name: kubeclarity-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: kubeclarity.prd.durp.info external-dns.alpha.kubernetes.io/hostname: kubeclarity.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName:.prd.durp.info externalName: durp.info

10
littlelink/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`links.prd.durp.info`) && PathPrefix(`/`) - match: Host(`links.durp.info`) && PathPrefix(`/`)
kind: Rule kind: Rule
services: services:
- name: littlelink - name: littlelink
@@ -25,9 +25,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "links.prd.durp.info" commonName: "links.durp.info"
dnsNames: dnsNames:
- "links.prd.durp.info" - "links.durp.info"
--- ---
@@ -36,7 +36,7 @@ apiVersion: v1
metadata: metadata:
name: links-external-dns name: links-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: links.prd.durp.info external-dns.alpha.kubernetes.io/hostname: links.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName:.prd.durp.info externalName: durp.info

2
longhorn/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies: dependencies:
- name: longhorn - name: longhorn
repository: https://charts.longhorn.io repository: https://charts.longhorn.io
version: 1.6.1 version: 1.7.1

12
longhorn/templates/ingress.yaml
View File

@@ -6,17 +6,17 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`longhorn.internal.prd.durp.info`) && PathPrefix(`/`) - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/`)
middlewares: middlewares:
- name: whitelist - name: whitelist
namespace: traefik namespace: traefik
#- name: authentik-proxy-provider - name: authentik-proxy-provider
# namespace: traefik namespace: traefik
kind: Rule kind: Rule
services: services:
- name: longhorn-frontend - name: longhorn-frontend
port: 80 port: 80
- match: Host(`longhorn.internal.prd.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule kind: Rule
services: services:
- name: ak-outpost-authentik-embedded-outpost - name: ak-outpost-authentik-embedded-outpost
@@ -36,6 +36,6 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "longhorn.internal.prd.durp.info" commonName: "longhorn.internal.durp.info"
dnsNames: dnsNames:
- "longhorn.internal.prd.durp.info" - "longhorn.internal.durp.info"

8
longhorn/values.yaml
View File

@@ -47,7 +47,7 @@ longhorn:
persistence: persistence:
defaultClass: true defaultClass: true
defaultFsType: ext4 defaultFsType: ext4
defaultClassReplicaCount: 1 defaultClassReplicaCount: 3
defaultDataLocality: disabled # best-effort otherwise defaultDataLocality: disabled # best-effort otherwise
reclaimPolicy: Retain reclaimPolicy: Retain
migratable: false migratable: false
@@ -57,7 +57,7 @@ longhorn:
{ {
"name":"backup", "name":"backup",
"task":"backup", "task":"backup",
"cron":"0 */6 * * *", "cron":"0 0 * * ?",
"retain":24 "retain":24
} }
]' ]'
@@ -76,7 +76,7 @@ longhorn:
snapshotterReplicaCount: ~ snapshotterReplicaCount: ~
defaultSettings: defaultSettings:
backupTarget: S3://longhorn-prd@us-east-1/ backupTarget: S3://longhorn-master@us-east-1/
backupTargetCredentialSecret: longhorn-backup-token-secret backupTargetCredentialSecret: longhorn-backup-token-secret
allowRecurringJobWhileVolumeDetached: ~ allowRecurringJobWhileVolumeDetached: ~
createDefaultDiskLabeledNodes: ~ createDefaultDiskLabeledNodes: ~
@@ -238,7 +238,7 @@ longhorn:
# certificate: # certificate:
# Configure a pod security policy in the Longhorn namespace to allow privileged pods # Configure a pod security policy in the Longhorn namespace to allow privileged pods
enablePSP: false enablePSP: true
## Specify override namespace, specifically this is useful for using longhorn as sub-chart ## Specify override namespace, specifically this is useful for using longhorn as sub-chart
## and its release namespace is not the `longhorn-system` ## and its release namespace is not the `longhorn-system`

3
metallb-system/Chart.yaml
View File

@@ -9,4 +9,5 @@ appVersion: "1.16.0"
dependencies: dependencies:
- name: metallb - name: metallb
repository: https://metallb.github.io/metallb repository: https://metallb.github.io/metallb
version: 0.14.5 version: 0.14.8

3
metallb-system/templates/config.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: cheap name: cheap
spec: spec:
addresses: addresses:
- 192.168.11.130-192.168.11.140 - 192.168.20.130-192.168.20.140
--- ---
apiVersion: metallb.io/v1beta1 apiVersion: metallb.io/v1beta1
kind: L2Advertisement kind: L2Advertisement
@@ -14,3 +14,4 @@ metadata:
spec: spec:
ipAddressPools: ipAddressPools:
- cheap - cheap

1
metallb-system/values.yaml
View File

@@ -194,3 +194,4 @@ metallb:
validationFailurePolicy: Fail validationFailurePolicy: Fail
frrk8s: frrk8s:
enabled: false enabled: false

4
nfs-client/templates/provisioner.yml
View File

@@ -34,9 +34,9 @@ spec:
- name: NFS_SERVER - name: NFS_SERVER
value: 192.168.20.253 value: 192.168.20.253
- name: NFS_PATH - name: NFS_PATH
value: /mnt/user/k3s-dev value: /mnt/user/k3s
volumes: volumes:
- name: nfs-client-ssd - name: nfs-client-ssd
nfs: nfs:
server: 192.168.20.253 server: 192.168.20.253
path: /mnt/user/k3s-dev path: /mnt/user/k3s

10
open-webui/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`open-webui.prd.durp.info`) && PathPrefix(`/`) - match: Host(`open-webui.durp.info`) && PathPrefix(`/`)
kind: Rule kind: Rule
services: services:
- name: open-webui - name: open-webui
@@ -25,9 +25,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "open-webui.prd.durp.info" commonName: "open-webui.durp.info"
dnsNames: dnsNames:
- "open-webui.prd.durp.info" - "open-webui.durp.info"
--- ---
@@ -36,7 +36,7 @@ apiVersion: v1
metadata: metadata:
name: open-webui-external-dns name: open-webui-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: open-webui.prd.durp.info external-dns.alpha.kubernetes.io/hostname: open-webui.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName: prd.durp.info externalName: durp.info

2
traefik/Chart.yaml
View File

@@ -8,4 +8,4 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: traefik - name: traefik
repository: https://traefik.github.io/charts repository: https://traefik.github.io/charts
version: 22.1.0 version: 24.0.0

8
traefik/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`traefik.internal.prd.durp.info`) - match: Host(`traefik.internal.durp.info`)
middlewares: middlewares:
- name: authentik-proxy-provider - name: authentik-proxy-provider
namespace: traefik namespace: traefik
@@ -14,7 +14,7 @@ spec:
services: services:
- name: api@internal - name: api@internal
kind: TraefikService kind: TraefikService
- match: Host(`traefik.internal.prd.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) - match: Host(`traefik.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule kind: Rule
services: services:
- name: ak-outpost-authentik-embedded-outpost - name: ak-outpost-authentik-embedded-outpost
@@ -34,6 +34,6 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "traefik.internal.prd.durp.info" commonName: "traefik.internal.durp.info"
dnsNames: dnsNames:
- "traefik.internal.prd.durp.info" - "traefik.internal.durp.info"

9
traefik/templates/middleware-chain.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: internal-only
spec:
chain:
middlewares:
- name: traefik-real-ip
- name: whitelist

21
traefik/templates/middlewares.yaml
View File

@@ -20,30 +20,17 @@ spec:
- X-authentik-meta-app - X-authentik-meta-app
- X-authentik-meta-version - X-authentik-meta-version
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: whitelist name: whitelist
namespace: traefik
spec: spec:
ipWhiteList: ipWhiteList:
sourceRange: sourceRange:
- 192.168.10.1/32 - 192.168.20.1/32
- 192.168.30.1/24
- 10.0.0.0/8 - 10.0.0.0/8
ipStrategy: - 192.168.30.0/24
depth: 1 - 192.168.130.0/24
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-real-ip
spec:
plugin:
traefik-real-ip:
excludednets:
- "1.1.1.1/24"

48
traefik/values.yaml
View File

@@ -502,8 +502,6 @@ traefik:
- "--log.level=DEBUG" - "--log.level=DEBUG"
- --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin - --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin
- --experimental.plugins.jwt.version=v0.7.0 - --experimental.plugins.jwt.version=v0.7.0
- --experimental.plugins.traefik-real-ip.moduleName=github.com/soulbalz/traefik-real-ip
- --experimental.plugins.traefik-real-ip.version=v1.0.3
# Environment variables to be passed to Traefik's binary # Environment variables to be passed to Traefik's binary
@@ -580,10 +578,9 @@ traefik:
redirectTo: websecure redirectTo: websecure
# #
# Trust forwarded headers information (X-Forwarded-*). # Trust forwarded headers information (X-Forwarded-*).
forwardedHeaders: # forwardedHeaders:
trustedIPs: # trustedIPs: []
- "192.168.11.1" # insecure: false
insecure: false
# #
# Enable the Proxy Protocol header parsing for the entry point # Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol: # proxyProtocol:
@@ -611,10 +608,9 @@ traefik:
# advertisedPort: 4443 # advertisedPort: 4443
# #
## Trust forwarded headers information (X-Forwarded-*). ## Trust forwarded headers information (X-Forwarded-*).
forwardedHeaders: #forwardedHeaders:
trustedIPs: # trustedIPs: []
- "192.168.11.1" # insecure: false
insecure: false
# #
## Enable the Proxy Protocol header parsing for the entry point ## Enable the Proxy Protocol header parsing for the entry point
#proxyProtocol: #proxyProtocol:
@@ -734,22 +730,22 @@ traefik:
## Create HorizontalPodAutoscaler object. ## Create HorizontalPodAutoscaler object.
## ##
autoscaling: autoscaling:
enabled: false enabled: true
minReplicas: 1 minReplicas: 3
maxReplicas: 10 maxReplicas: 10
metrics: metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 60
- type: Resource - type: Resource
resource: resource:
name: memory name: memory
target: target:
type: Utilization type: Utilization
averageUtilization: 60 averageUtilization: 80
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
behavior: behavior:
scaleDown: scaleDown:
stabilizationWindowSeconds: 300 stabilizationWindowSeconds: 300
@@ -823,13 +819,13 @@ traefik:
# Additional serviceAccount annotations (e.g. for oidc authentication) # Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {} serviceAccountAnnotations: {}
resources: {} resources:
# requests: requests:
# cpu: "100m" cpu: "100m"
# memory: "50Mi" memory: "128Mi"
# limits: limits:
# cpu: "300m" cpu: "300m"
# memory: "150Mi" memory: "256Mi"
# This example pod anti-affinity forces the scheduler to put traefik pods # This example pod anti-affinity forces the scheduler to put traefik pods
# on nodes where no other traefik pods are scheduled. # on nodes where no other traefik pods are scheduled.

10
uptimekuma/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`kuma.prd.durp.info`) && PathPrefix(`/`) - match: Host(`kuma.durp.info`) && PathPrefix(`/`)
middlewares: middlewares:
- name: authentik-proxy-provider - name: authentik-proxy-provider
namespace: traefik namespace: traefik
@@ -28,9 +28,9 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "kuma.prd.durp.info" commonName: "kuma.durp.info"
dnsNames: dnsNames:
- "kuma.prd.durp.info" - "kuma.durp.info"
--- ---
@@ -39,7 +39,7 @@ apiVersion: v1
metadata: metadata:
name: heimdall-external-dns name: heimdall-external-dns
annotations: annotations:
external-dns.alpha.kubernetes.io/hostname: kuma.prd.durp.info external-dns.alpha.kubernetes.io/hostname: kuma.durp.info
spec: spec:
type: ExternalName type: ExternalName
externalName: prd.durp.info externalName: durp.info

2
vault/Chart.yaml
View File

@@ -8,5 +8,5 @@ appVersion: 0.0.1
dependencies: dependencies:
- name: vault - name: vault
repository: https://helm.releases.hashicorp.com repository: https://helm.releases.hashicorp.com
version: 0.27.0 version: 0.28.1

8
vault/templates/ingress.yaml
View File

@@ -8,9 +8,9 @@ spec:
entryPoints: entryPoints:
- websecure - websecure
routes: routes:
- match: Host(`vault.internal.prd.durp.info`) - match: Host(`vault.internal.durp.info`)
middlewares: middlewares:
- name: internal-only - name: whitelist
namespace: traefik namespace: traefik
kind: Rule kind: Rule
services: services:
@@ -31,7 +31,7 @@ spec:
issuerRef: issuerRef:
name: letsencrypt-production name: letsencrypt-production
kind: ClusterIssuer kind: ClusterIssuer
commonName: "vault.internal.prd.durp.info" commonName: "vault.internal.durp.info"
dnsNames: dnsNames:
- "vault.internal.prd.durp.info" - "vault.internal.durp.info"

27
vault/values.yaml
View File

@@ -4,17 +4,17 @@ vault:
image: image:
repository: "registry.internal.durp.info/hashicorp/vault-k8s" repository: "registry.internal.durp.info/hashicorp/vault-k8s"
tag: "1.3.1" tag: "1.4.2"
pullPolicy: Always pullPolicy: Always
agentImage: agentImage:
repository: "registry.internal.durp.info/hashicorp/vault" repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2" tag: "1.17.6"
injector: injector:
enabled: "-" enabled: "-"
replicas: 2 replicas: 3
leaderElector: leaderElector:
enabled: true enabled: true
@@ -23,30 +23,29 @@ vault:
image: image:
repository: "registry.internal.durp.info/hashicorp/vault-k8s" repository: "registry.internal.durp.info/hashicorp/vault-k8s"
tag: "1.3.1" tag: "1.4.2"
pullPolicy: Always pullPolicy: Always
agentImage: agentImage:
repository: "registry.internal.durp.info/hashicorp/vault" repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2" tag: "1.17.6"
server: server:
enabled: "-" enabled: "-"
image: image:
repository: "registry.internal.durp.info/hashicorp/vault" repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2" tag: "1.17.6"
pullPolicy: Always pullPolicy: Always
ha: ha:
enabled: false enabled: false
replicas: 3 replicas: 3
resources: {} resources:
# resources: requests:
# requests: memory: 256Mi
# memory: 256Mi cpu: 250m
# cpu: 250m limits:
# limits: memory: 256Mi
# memory: 256Mi cpu: 250m
# cpu: 250m
dataStorage: dataStorage:
enabled: true enabled: true