DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DeveloperDurp:prd
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd
..
compare: DeveloperDurp:f12b7aa5320d51078598bb0a90078965b0cd5bfb
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd

56 Commits
prd ... f12b7aa532

Author SHA1 Message Date
DeveloperDurp
f12b7aa532 update resource 2024-08-30 04:56:01 -05:00
DeveloperDurp
8ec254f59c enable autoscaller 2024-08-30 04:52:29 -05:00
DeveloperDurp
33fd621ec8 add resource limits 2024-08-30 04:51:35 -05:00
DeveloperDurp
89b8364fe5 add resource limits 2024-08-30 04:49:03 -05:00
DeveloperDurp
52038a7585 update 2024-08-29 05:04:25 -05:00
DeveloperDurp
885ab5e3d7 update 2024-08-29 05:02:08 -05:00
DeveloperDurp
7843ae7c29 update 2024-08-29 04:57:40 -05:00
DeveloperDurp
e2d1e01708 update 2024-08-29 04:55:28 -05:00
DeveloperDurp
e8cafed885 update 2024-08-29 04:50:55 -05:00
DeveloperDurp
62b7efad89 update 2024-08-27 04:58:07 -05:00
DeveloperDurp
47ddf2fd28 update 2024-08-25 06:32:15 -05:00
DeveloperDurp
31b689d5fe update 2024-08-25 06:28:15 -05:00
DeveloperDurp
5ef03e6dbe update 2024-08-25 06:27:05 -05:00
DeveloperDurp
38bb3538a3 update 2024-08-25 06:22:33 -05:00
DeveloperDurp
8c77e53669 update 2024-08-25 06:20:12 -05:00
DeveloperDurp
44aac27362 update 2024-08-25 06:19:34 -05:00
DeveloperDurp
0f4048072d update 2024-08-25 06:11:13 -05:00
DeveloperDurp
b6f0c41d5d update 2024-08-25 06:09:41 -05:00
DeveloperDurp
3259cd6f37 update 2024-08-25 06:07:19 -05:00
DeveloperDurp
418162a9e0 update 2024-08-25 05:43:48 -05:00
DeveloperDurp
de022ea46b update 2024-08-25 05:33:43 -05:00
DeveloperDurp
a50214eafc update 2024-08-25 05:32:20 -05:00
DeveloperDurp
be2ee6274a update 2024-08-25 05:12:54 -05:00
DeveloperDurp
1fbe3dbc95 update 2024-08-25 05:08:59 -05:00
DeveloperDurp
f8a13c4bff update 2024-08-25 05:05:59 -05:00
DeveloperDurp
c9d77c5eec update 2024-08-25 05:03:23 -05:00
DeveloperDurp
3457eba0a2 update 2024-08-25 04:52:22 -05:00
DeveloperDurp
738d19edfa update 2024-08-25 04:40:58 -05:00
DeveloperDurp
23d397e5d4 update 2024-08-25 04:35:16 -05:00
DeveloperDurp
10bfb6fd54 update 2024-08-25 04:34:31 -05:00
DeveloperDurp
0ff6377bd6 update 2024-08-24 21:30:35 -05:00
DeveloperDurp
8d92151ad3 update 2024-08-24 21:29:00 -05:00
DeveloperDurp
3f74860c28 update 2024-08-24 21:28:14 -05:00
DeveloperDurp
f12af0f92f update 2024-08-24 21:28:03 -05:00
DeveloperDurp
86a5af321d update 2024-08-24 21:25:12 -05:00
DeveloperDurp
4a1e4f980d update 2024-08-24 21:23:10 -05:00
DeveloperDurp
bf6c021d8b update 2024-08-24 21:09:10 -05:00
DeveloperDurp
0abc90d9cd update 2024-08-24 21:08:06 -05:00
DeveloperDurp
e2cabee7dd update 2024-08-24 20:57:18 -05:00
DeveloperDurp
1f2fd56d89 update 2024-08-24 20:56:13 -05:00
DeveloperDurp
785a256258 update 2024-08-24 20:47:17 -05:00
DeveloperDurp
26c3a919c6 update 2024-08-24 20:33:10 -05:00
DeveloperDurp
280298cc0a update 2024-08-24 20:31:37 -05:00
DeveloperDurp
f5b4c58367 update 2024-08-24 20:30:21 -05:00
DeveloperDurp
0a3f3d99d7 update 2024-08-24 20:29:32 -05:00
DeveloperDurp
21405024f7 add pfsense 2024-08-24 20:23:35 -05:00
DeveloperDurp
61110282d5 update 2024-08-11 07:57:18 -05:00
DeveloperDurp
5765f9b5d7 revert 2024-08-11 07:50:53 -05:00
DeveloperDurp
f70c55dcf2 update 2024-08-11 07:48:13 -05:00
DeveloperDurp
b2212a6608 move to nfs 2024-08-11 07:47:05 -05:00
DeveloperDurp
5e5a7b3803 update 2024-08-11 07:40:16 -05:00
DeveloperDurp
b1272fc052 remove proxy 2024-08-04 07:25:42 -05:00
DeveloperDurp
c2298c51b1 update 2024-07-21 08:54:15 -05:00
DeveloperDurp
40e98020bb update 2024-07-21 08:47:10 -05:00
DeveloperDurp
30331572e5 Update Chart 2024-05-29 02:21:27 +00:00
DeveloperDurp
ef367a7d10 move branch to prd 2024-05-11 06:24:20 -05:00
82 changed files with 1708 additions and 405 deletions
Expand all files Collapse all files

23
argocd/templates/InternalProxy.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: internalproxy
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: internalproxy
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: internalproxy
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

2
argocd/templates/argocd.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: argocd
destination:
namespace: argocd

2
argocd/templates/authentik.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: authentik
destination:
namespace: authentik

2
argocd/templates/bitwarden.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: bitwarden
directory:
recurse: true

2
argocd/templates/cert-manager.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: cert-manager
destination:
namespace: cert-manager

2
argocd/templates/crossplane.yml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: crossplane
destination:
namespace: crossplane

2
argocd/templates/durpapi.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: durpapi
destination:
namespace: durpapi

2
argocd/templates/durpot.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: durpot
destination:
namespace: durpot

2
argocd/templates/external-dns.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: external-dns
destination:
namespace: external-dns

2
argocd/templates/external-secrets.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: external-secrets
destination:
namespace: external-secrets

2
argocd/templates/gatekeeper.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: gatekeeper
destination:
namespace: gatekeeper

2
argocd/templates/gitlab-runner.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: gitlab-runner
destination:
namespace: gitlab-runner

2
argocd/templates/heimdall.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: heimdall
destination:
namespace: heimdall

2
argocd/templates/krakend.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: krakend
destination:
namespace: krakend

2
argocd/templates/kube-prometheus-stack.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: kube-prometheus-stack
destination:
namespace: kube-prometheus-stack

2
argocd/templates/kubeclarity.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: kubeclarity
destination:
namespace: kubeclarity

2
argocd/templates/littlelink.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: littlelink
directory:
recurse: true

2
argocd/templates/longhorn.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: longhorn
destination:
namespace: longhorn-system

3
argocd/templates/metallb-system.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: metallb-system
destination:
namespace: metallb-system
@@ -19,3 +19,4 @@ spec:
syncOptions:
- CreateNamespace=true

2
argocd/templates/nfs-client.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: nfs-client
directory:
recurse: true

2
argocd/templates/open-webui.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: open-webui
destination:
namespace: open-webui

2
argocd/templates/traefik.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: traefik
destination:
namespace: traefik

2
argocd/templates/uptimekuma.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: uptimekuma
directory:
recurse: true

2
argocd/templates/vault.yaml
View File

@@ -7,7 +7,7 @@ spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: prd
targetRevision: main
path: vault
destination:
namespace: vault

6
argocd/values.yaml
View File

@@ -33,13 +33,13 @@ argo-cd:
cm:
create: true
annotations: {}
url: https://argocd.internal.prd.durp.info
url: https://argocd.internal.durp.info
oidc.tls.insecure.skip.verify: "true"
dex.config: |
connectors:
- config:
issuer: https://authentik.prd.durp.info/application/o/argocd/
clientID: lKuMgyYaOlQMNAUSjsRVYgkwZG9UT6CeFWeTLAcl
issuer: https://authentik.durp.info/application/o/argocd/
clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
clientSecret: $client-secret:clientSecret
insecureEnableGroups: true
scopes:

10
authentik/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`authentik.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`authentik.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: authentik-server
@@ -25,9 +25,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "authentik.prd.durp.info"
commonName: "authentik.durp.info"
dnsNames:
- "authentik.prd.durp.info"
- "authentik.durp.info"
---
@@ -36,7 +36,7 @@ apiVersion: v1
metadata:
name: authentik-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: authentik.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
spec:
type: ExternalName
externalName:.prd.durp.info
externalName: durp.info

15
authentik/values.yaml
View File

@@ -1,8 +1,6 @@
authentik:
global:
env:
- name: AUTHENTIK_REDIS__DB
value: "1"
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
@@ -34,16 +32,9 @@ authentik:
registry: registry.internal.durp.info
repository: bitnami/postgresql
pullPolicy: Always
auth:
username: "authentik"
existingSecret: db-pass
secretKeys:
adminPasswordKey: dbpass
userPasswordKey: dbpass
#postgresqlUsername: "authentik"
#postgresqlDatabase: "authentik"
#existingSecret: db-pass
postgresqlUsername: "authentik"
postgresqlDatabase: "authentik"
existingSecret: db-pass
persistence:
enabled: true
storageClass: longhorn

6
bitwarden/templates/deployment.yaml
View File

@@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: bitwarden
image: registry.internal.durp.info/vaultwarden/server:1.30.5
image: registry.internal.durp.info/vaultwarden/server:1.30.3
imagePullPolicy: Always
volumeMounts:
- name: bitwarden-pvc
@@ -28,7 +28,7 @@ spec:
containerPort: 80
env:
- name: SIGNUPS_ALLOWED
value: "TRUE"
value: "FALSE"
- name: INVITATIONS_ALLOWED
value: "FALSE"
- name: WEBSOCKET_ENABLED
@@ -39,7 +39,7 @@ spec:
value: "80"
- name: ROCKET_WORKERS
value: "10"
- name: ADMIN_TOKEN
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: bitwarden-secret

31
bitwarden/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`bitwarden.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: bitwarden
@@ -25,9 +25,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "bitwarden.prd.durp.info"
commonName: "bitwarden.durp.info"
dnsNames:
- "bitwarden.prd.durp.info"
- "bitwarden.durp.info"
---
@@ -36,28 +36,7 @@ apiVersion: v1
metadata:
name: bitwarden-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: bitwarden.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
spec:
type: ExternalName
externalName:.prd.durp.info
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: bitwarden-admin-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`bitwarden.prd.durp.info`) && PathPrefix(`/admin`)
kind: Rule
middlewares:
- name: whitelist
namespace: traefik
services:
- name: bitwarden
port: 80
tls:
secretName: bitwarden-tls
externalName: durp.info

0
cert-manager/templates/letsencrypt-production.yaml → cert-manager/templates/letsencrypt-prroduction.yaml
View File

13
cert-manager/templates/self-signed.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-cluster-issuer
spec:
selfSigned: {}

2
crossplane/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies:
- name: crossplane
repository: https://charts.crossplane.io/stable
version: 1.16.0
version: 1.12.0

2
crossplane/templates/gitlab.yml
View File

@@ -3,7 +3,7 @@ kind: Provider
metadata:
name: provider-gitlab
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.7.0
package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
---
apiVersion: external-secrets.io/v1beta1

186
crossplane/values.yaml
View File

@@ -1,186 +0,0 @@
# helm-docs renders these comments into markdown. Use markdown formatting where
# appropiate.
#
# -- The number of Crossplane pod `replicas` to deploy.
replicas: 1
# -- The deployment strategy for the Crossplane and RBAC Manager pods.
deploymentStrategy: RollingUpdate
image:
# -- Repository for the Crossplane pod image.
repository: xpkg.upbound.io/crossplane/crossplane
# -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
tag: ""
# -- The image pull policy used for Crossplane and RBAC Manager pods.
pullPolicy: IfNotPresent
# -- Add `nodeSelectors` to the Crossplane pod deployment.
nodeSelector: {}
# -- Add `tolerations` to the Crossplane pod deployment.
tolerations: []
# -- Add `affinities` to the Crossplane pod deployment.
affinity: {}
# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
hostNetwork: false
# -- Specify the `dnsPolicy` to be used by the Crossplane pod.
dnsPolicy: ""
# -- Add custom `labels` to the Crossplane pod deployment.
customLabels: {}
# -- Add custom `annotations` to the Crossplane pod deployment.
customAnnotations: {}
serviceAccount:
# -- Add custom `annotations` to the Crossplane ServiceAccount.
customAnnotations: {}
# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
leaderElection: true
# -- Add custom arguments to the Crossplane pod.
args: []
provider:
# -- A list of Provider packages to install.
packages: []
configuration:
# -- A list of Configuration packages to install.
packages: []
function:
# -- A list of Function packages to install
packages: []
# -- The imagePullSecret names to add to the Crossplane ServiceAccount.
imagePullSecrets: []
registryCaBundleConfig:
# -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
name: ""
# -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
key: ""
service:
# -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
customAnnotations: {}
webhooks:
# -- Enable webhooks for Crossplane and installed Provider packages.
enabled: true
rbacManager:
# -- Deploy the RBAC Manager pod and its required roles.
deploy: true
# -- Don't install aggregated Crossplane ClusterRoles.
skipAggregatedClusterRoles: false
# -- The number of RBAC Manager pod `replicas` to deploy.
replicas: 1
# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
leaderElection: true
# -- Add custom arguments to the RBAC Manager pod.
args: []
# -- Add `nodeSelectors` to the RBAC Manager pod deployment.
nodeSelector: {}
# -- Add `tolerations` to the RBAC Manager pod deployment.
tolerations: []
# -- Add `affinities` to the RBAC Manager pod deployment.
affinity: {}
# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
priorityClassName: ""
resourcesCrossplane:
limits:
# -- CPU resource limits for the Crossplane pod.
cpu: 500m
# -- Memory resource limits for the Crossplane pod.
memory: 1024Mi
requests:
# -- CPU resource requests for the Crossplane pod.
cpu: 100m
# -- Memory resource requests for the Crossplane pod.
memory: 256Mi
securityContextCrossplane:
# -- The user ID used by the Crossplane pod.
runAsUser: 65532
# -- The group ID used by the Crossplane pod.
runAsGroup: 65532
# -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
allowPrivilegeEscalation: false
# -- Set the Crossplane pod root file system as read-only.
readOnlyRootFilesystem: true
packageCache:
# -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
medium: ""
# -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
sizeLimit: 20Mi
# -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
pvc: ""
# -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
configMap: ""
resourcesRBACManager:
limits:
# -- CPU resource limits for the RBAC Manager pod.
cpu: 100m
# -- Memory resource limits for the RBAC Manager pod.
memory: 512Mi
requests:
# -- CPU resource requests for the RBAC Manager pod.
cpu: 100m
# -- Memory resource requests for the RBAC Manager pod.
memory: 256Mi
securityContextRBACManager:
# -- The user ID used by the RBAC Manager pod.
runAsUser: 65532
# -- The group ID used by the RBAC Manager pod.
runAsGroup: 65532
# -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
allowPrivilegeEscalation: false
# -- Set the RBAC Manager pod root file system as read-only.
readOnlyRootFilesystem: true
metrics:
# -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
enabled: false
# -- Add custom environmental variables to the Crossplane pod deployment.
# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
extraEnvVarsCrossplane: {}
# -- Add custom environmental variables to the RBAC Manager pod deployment.
# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
extraEnvVarsRBACManager: {}
# -- Add a custom `securityContext` to the Crossplane pod.
podSecurityContextCrossplane: {}
# -- Add a custom `securityContext` to the RBAC Manager pod.
podSecurityContextRBACManager: {}
# -- Add custom `volumes` to the Crossplane pod.
extraVolumesCrossplane: {}
# -- Add custom `volumeMounts` to the Crossplane pod.
extraVolumeMountsCrossplane: {}
# -- To add arbitrary Kubernetes Objects during a Helm Install
extraObjects: []
# - apiVersion: pkg.crossplane.io/v1alpha1
# kind: ControllerConfig
# metadata:
# name: aws-config
# annotations:
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example
# helm.sh/hook: post-install
# spec:
# podSecurityContext:
# fsGroup: 2000

12
durpapi/Chart.yaml
View File

@@ -1,11 +1,13 @@
description: A Helm chart for Kubernetes
apiVersion: v2
name: durpapi
description: A Helm chart for Kubernetes
type: application
version: 0.1.0-dev0184
appVersion: 0.1.0
dependencies:
- condition: postgresql.enabled
name: postgresql
version: 12.5.*
repository: https://charts.bitnami.com/bitnami
version: 0.1.0-dev0184
apiVersion: v2
type: application
name: postgresql

6
durpapi/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host("api.prd.durp.info") && PathPrefix(`/api`)
- match: Host("api.durp.info") && PathPrefix(`/api`)
kind: Rule
middlewares:
- name: jwt
@@ -24,7 +24,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host("api.prd.durp.info") && PathPrefix(`/swagger`)
- match: Host("api.durp.info") && PathPrefix(`/swagger`)
kind: Rule
services:
- name: "durpapi-service"
@@ -41,4 +41,4 @@ spec:
jwt:
Required: true
Keys:
- https://authentik.prd.durp.info/application/o/api/jwks/
- https://authentik.durp.info/application/o/api/jwks

6
durpapi/values.yaml
View File

@@ -10,15 +10,15 @@ deployment:
probe:
readiness:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
liveness:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
startup:
httpGet:
path: /api/health/gethealth
path: /health/gethealth
port: 8080
service:
type: ClusterIP

2
external-dns/values.yaml
View File

@@ -4,7 +4,7 @@ external-dns:
image:
pullPolicy: Always
txtPrefix: "prd-"
sources:
- service

12
heimdall/templates/ingress.yaml
View File

@@ -7,7 +7,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`heimdall.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`heimdall.durp.info`) && PathPrefix(`/`)
middlewares:
- name: authentik-proxy-provider
namespace: traefik
@@ -15,7 +15,7 @@ spec:
services:
- name: heimdall
port: 80
- match: Host(`heimdall.prd.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
- match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
@@ -35,9 +35,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "heimdall.prd.durp.info"
commonName: "heimdall.durp.info"
dnsNames:
- "heimdall.prd.durp.info"
- "heimdall.durp.info"
---
@@ -46,7 +46,7 @@ apiVersion: v1
metadata:
name: heimdall-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: heimdall.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
spec:
type: ExternalName
externalName:.prd.durp.info
externalName: durp.info

7
internalproxy/Chart.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v2
name: internalproxy
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "0.1.0"

18
argocd/templates/ingress.yaml → internalproxy/templates/argocd.yaml
View File

@@ -8,9 +8,9 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`argocd.internal.prd.durp.info`)
- match: Host(`argocd.internal.durp.info`)
middlewares:
- name: internal-only
- name: whitelist
namespace: traefik
kind: Rule
services:
@@ -22,6 +22,16 @@ spec:
---
kind: Service
apiVersion: v1
metadata:
name: argocd-server
spec:
type: ExternalName
externalName: argocd-server.argocd.svc.cluster.local
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
@@ -31,6 +41,6 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "argocd.internal.prd.durp.info"
commonName: "argocd.internal.durp.info"
dnsNames:
- "argocd.internal.prd.durp.info"
- "argocd.internal.durp.info"

63
internalproxy/templates/blueiris.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: blueiris
spec:
ports:
- name: app
port: 81
protocol: TCP
targetPort: 81
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: blueiris
subsets:
- addresses:
- ip: 192.168.99.2
ports:
- name: app
port: 81
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blueiris-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: blueiris
port: 81
scheme: http
tls:
secretName: blueiris-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: blueiris-tls
spec:
secretName: blueiris-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "blueiris.internal.durp.info"
dnsNames:
- "blueiris.internal.durp.info"

70
internalproxy/templates/duplicati-ingress.yaml Normal file
View File

@@ -0,0 +1,70 @@
apiVersion: v1
kind: Service
metadata:
name: duplicati
spec:
ports:
- name: app
port: 8200
protocol: TCP
targetPort: 8200
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: duplicati
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8200
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: duplicati-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: duplicati
port: 8200
- match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
namespace: authentik
port: 9000
tls:
secretName: duplicati-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: duplicati-tls
spec:
secretName: duplicati-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "duplicati.internal.durp.info"
dnsNames:
- "duplicati.internal.durp.info"

72
internalproxy/templates/gitea.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: gitea
spec:
ports:
- name: app
port: 3000
protocol: TCP
targetPort: 3000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: gitea
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: gitea
port: 3000
scheme: http
tls:
secretName: gitea-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: gitea-tls
spec:
secretName: gitea-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "gitea.durp.info"
dnsNames:
- "gitea.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: gitea-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: gitea.durp.info
spec:
type: ExternalName
externalName: durp.info

72
internalproxy/templates/jellyfin.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: jellyfin
spec:
ports:
- name: app
port: 8096
protocol: TCP
targetPort: 8096
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: jellyfin
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8096
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: jellyfin-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: jellyfin
port: 8096
scheme: http
tls:
secretName: jellyfin-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jellyfin-tls
spec:
secretName: jellyfin-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "jellyfin.durp.info"
dnsNames:
- "jellyfin.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: jellyfin-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: jellyfin.durp.info
spec:
type: ExternalName
externalName: durp.info

72
internalproxy/templates/kasm.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: kasm
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: kasm
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kasm-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`kasm.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: kasm
port: 443
scheme: https
tls:
secretName: kasm-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kasm-tls
spec:
secretName: kasm-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "kasm.durp.info"
dnsNames:
- "kasm.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: kasm-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: kasm.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/minio.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
ports:
- name: app
port: 9769
protocol: TCP
targetPort: 9769
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: minio
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9769
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: minio-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: minio
port: 9769
scheme: http
tls:
secretName: minio-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: minio-tls
spec:
secretName: minio-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "minio.internal.durp.info"
dnsNames:
- "minio.internal.durp.info"

71
internalproxy/templates/nexus.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: v1
kind: Service
metadata:
name: nexus
spec:
ports:
- name: app
port: 8081
protocol: TCP
targetPort: 8081
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: nexus
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8081
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nexus-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`nexus.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: nexus
port: 8081
tls:
secretName: nexus-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nexus-tls
spec:
secretName: nexus-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "nexus.durp.info"
dnsNames:
- "nexus.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: nexus-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: nexus.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/octopus.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: octopus
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: octopus
subsets:
- addresses:
- ip: 192.168.20.105
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: octopus-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: octopus
port: 443
scheme: https
tls:
secretName: octopus-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: octopus-tls
spec:
secretName: octopus-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "octopus.internal.durp.info"
dnsNames:
- "octopus.internal.durp.info"

101
internalproxy/templates/ollama.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ollama-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: ollama-secret
data:
- secretKey: users
remoteRef:
key: secrets/internalproxy/ollama
property: users
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ollama-basic-auth
spec:
basicAuth:
secret: ollama-secret
---
apiVersion: v1
kind: Service
metadata:
name: ollama
spec:
ports:
- name: app
port: 11435
protocol: TCP
targetPort: 11435
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: ollama
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 11435
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ollama-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`ollama.durp.info`) && PathPrefix(`/`)
middlewares:
- name: ollama-basic-auth
kind: Rule
services:
- name: ollama
port: 11435
tls:
secretName: ollama-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ollama-tls
spec:
secretName: ollama-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "ollama.durp.info"
dnsNames:
- "ollama.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: ollama-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/pfsense.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: pfsense
spec:
ports:
- name: app
port: 10443
protocol: TCP
targetPort: 10443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: pfsense
subsets:
- addresses:
- ip: 192.168.20.1
ports:
- name: app
port: 10443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: pfsense-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: pfsense
port: 10443
scheme: https
tls:
secretName: pfsense-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: pfsense-tls
spec:
secretName: pfsense-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "pfsense.internal.durp.info"
dnsNames:
- "pfsense.internal.durp.info"

72
internalproxy/templates/plex.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Service
metadata:
name: plex
spec:
ports:
- name: app
port: 32400
protocol: TCP
targetPort: 32400
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: plex
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 32400
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: plex-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`plex.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: plex
port: 32400
scheme: https
tls:
secretName: plex-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: plex-tls
spec:
secretName: plex-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "plex.durp.info"
dnsNames:
- "plex.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: plex-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: plex.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/portainer.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: portainer
spec:
ports:
- name: app
port: 9443
protocol: TCP
targetPort: 9443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: portainer
subsets:
- addresses:
- ip: 192.168.20.104
ports:
- name: app
port: 9443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: portainer-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: portainer
port: 9443
scheme: https
tls:
secretName: portainer-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: portainer-tls
spec:
secretName: portainer-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "portainer.internal.durp.info"
dnsNames:
- "portainer.internal.durp.info"

63
internalproxy/templates/proxmox.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: proxmox
spec:
ports:
- name: app
port: 8006
protocol: TCP
targetPort: 8006
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: proxmox
subsets:
- addresses:
- ip: 192.168.21.252
ports:
- name: app
port: 8006
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: proxmox-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: proxmox
port: 8006
scheme: https
tls:
secretName: proxmox-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: proxmox-tls
spec:
secretName: proxmox-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "proxmox.internal.durp.info"
dnsNames:
- "proxmox.internal.durp.info"

59
internalproxy/templates/registry-internal.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: Service
metadata:
name: registry-internal
spec:
ports:
- name: app
port: 5000
protocol: TCP
targetPort: 5000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: registry-internal
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 5000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: registry-internal-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`registry.internal.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: registry-internal
port: 5000
tls:
secretName: registry-internal-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-internal-tls
spec:
secretName: registry-internal-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "registry.internal.durp.info"
dnsNames:
- "registry.internal.durp.info"

71
internalproxy/templates/registry.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: v1
kind: Service
metadata:
name: registry
spec:
ports:
- name: app
port: 5000
protocol: TCP
targetPort: 5000
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: registry
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 5000
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: registry-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`registry.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: registry
port: 5000
tls:
secretName: registry-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-tls
spec:
secretName: registry-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "registry.durp.info"
dnsNames:
- "registry.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: registry-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: registry.durp.info
spec:
type: ExternalName
externalName: durp.info

63
internalproxy/templates/s3.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: s3
spec:
ports:
- name: app
port: 9768
protocol: TCP
targetPort: 9768
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: s3
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 9768
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: s3-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: s3
port: 9768
scheme: http
tls:
secretName: s3-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: s3-tls
spec:
secretName: s3-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "s3.internal.durp.info"
dnsNames:
- "s3.internal.durp.info"

63
internalproxy/templates/semaphore.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: semaphore
spec:
ports:
- name: app
port: 3001
protocol: TCP
targetPort: 3001
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: semaphore
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 3001
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: semaphore-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: semaphore
port: 3001
scheme: http
tls:
secretName: semaphore-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: semaphore-tls
spec:
secretName: semaphore-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "semaphore.internal.durp.info"
dnsNames:
- "semaphore.internal.durp.info"

82
internalproxy/templates/smokeping.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: v1
kind: Service
metadata:
name: smokeping
spec:
ports:
- name: app
port: 81
protocol: TCP
targetPort: 81
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: smokeping
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 81
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: smokeping-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`smokeping.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: smokeping
port: 81
- match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
namespace: authentik
port: 9000
tls:
secretName: smokeping-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: smokeping-tls
spec:
secretName: smokeping-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "smokeping.durp.info"
dnsNames:
- "smokeping.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: smokeping-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info
spec:
type: ExternalName
externalName: durp.info

74
internalproxy/templates/speedtest.yaml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: v1
kind: Service
metadata:
name: speedtest
spec:
ports:
- name: app
port: 6580
protocol: TCP
targetPort: 6580
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: speedtest
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 6580
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: speedtest-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`speedtest.durp.info`) && PathPrefix(`/`)
kind: Rule
middlewares:
- name: authentik-proxy-provider
namespace: traefik
services:
- name: speedtest
port: 6580
tls:
secretName: speedtest-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: speedtest-tls
spec:
secretName: speedtest-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "speedtest.durp.info"
dnsNames:
- "speedtest.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: speedtest-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info
spec:
type: ExternalName
externalName: durp.info

67
internalproxy/templates/tdarr.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: v1
kind: Service
metadata:
name: tdarr
spec:
ports:
- name: app
port: 8267
protocol: TCP
targetPort: 8267
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: tdarr
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 8267
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: tdarr-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`tdarr.internal.durp.info`)
middlewares:
- name: whitelist
namespace: traefik
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: tdarr
port: 8267
scheme: http
tls:
secretName: tdarr-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: tdarr-tls
spec:
secretName: tdarr-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "tdarr.internal.durp.info"
dnsNames:
- "tdarr.internal.durp.info"

63
internalproxy/templates/unraid.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: unraid
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: unraid
subsets:
- addresses:
- ip: 192.168.20.253
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: unraid-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: unraid
port: 443
scheme: https
tls:
secretName: unraid-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: unraid-tls
spec:
secretName: unraid-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "unraid.internal.durp.info"
dnsNames:
- "unraid.internal.durp.info"

63
internalproxy/templates/wazuh.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: wazuh
spec:
ports:
- name: app
port: 443
protocol: TCP
targetPort: 443
clusterIP: None
type: ClusterIP
---
apiVersion: v1
kind: Endpoints
metadata:
name: wazuh
subsets:
- addresses:
- ip: 192.168.20.102
ports:
- name: app
port: 443
protocol: TCP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wazuh-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: wazuh
port: 443
scheme: https
tls:
secretName: wazuh-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wazuh-tls
spec:
secretName: wazuh-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "wazuh.internal.durp.info"
dnsNames:
- "wazuh.internal.durp.info"

12
krakend/templates/ingress.yaml
View File

@@ -7,9 +7,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "api.prd.durp.info"
commonName: "api.durp.info"
dnsNames:
- "api.prd.durp.info"
- "api.durp.info"
---
@@ -21,7 +21,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`api.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`api.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: krakend-service
@@ -37,10 +37,10 @@ apiVersion: v1
metadata:
name: api-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: api.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: api.durp.info
spec:
type: ExternalName
externalName:.prd.durp.info
externalName: durp.info
---
@@ -49,7 +49,7 @@ apiVersion: v1
metadata:
name: api-developer-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: developer.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: developer.durp.info
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
type: ExternalName

16
kube-prometheus-stack/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`grafana.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`grafana.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: grafana
@@ -25,9 +25,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "grafana.prd.durp.info"
commonName: "grafana.durp.info"
dnsNames:
- "grafana.prd.durp.info"
- "grafana.durp.info"
---
@@ -39,7 +39,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`alertmanager.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`alertmanager.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
@@ -63,9 +63,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "alertmanager.prd.durp.info"
commonName: "alertmanager.durp.info"
dnsNames:
- "alertmanager.prd.durp.info"
- "alertmanager.durp.info"
---
@@ -74,7 +74,7 @@ apiVersion: v1
metadata:
name: grafana-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: grafana.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: grafana.durp.info
spec:
type: ExternalName
externalName:.prd.durp.info
externalName: durp.info

10
kubeclarity/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`kubeclarity.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`kubeclarity.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
@@ -30,9 +30,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "kubeclarity.prd.durp.info"
commonName: "kubeclarity.durp.info"
dnsNames:
- "kubeclarity.prd.durp.info"
- "kubeclarity.durp.info"
---
@@ -41,7 +41,7 @@ apiVersion: v1
metadata:
name: kubeclarity-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: kubeclarity.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: kubeclarity.durp.info
spec:
type: ExternalName
externalName:.prd.durp.info
externalName: durp.info

10
littlelink/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`links.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`links.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: littlelink
@@ -25,9 +25,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "links.prd.durp.info"
commonName: "links.durp.info"
dnsNames:
- "links.prd.durp.info"
- "links.durp.info"
---
@@ -36,7 +36,7 @@ apiVersion: v1
metadata:
name: links-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: links.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: links.durp.info
spec:
type: ExternalName
externalName:.prd.durp.info
externalName: durp.info

2
longhorn/Chart.yaml
View File

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
dependencies:
- name: longhorn
repository: https://charts.longhorn.io
version: 1.6.1
version: 1.3.2

12
longhorn/templates/ingress.yaml
View File

@@ -6,17 +6,17 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`longhorn.internal.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/`)
middlewares:
- name: whitelist
namespace: traefik
#- name: authentik-proxy-provider
# namespace: traefik
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: longhorn-frontend
port: 80
- match: Host(`longhorn.internal.prd.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
- match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
@@ -36,6 +36,6 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "longhorn.internal.prd.durp.info"
commonName: "longhorn.internal.durp.info"
dnsNames:
- "longhorn.internal.prd.durp.info"
- "longhorn.internal.durp.info"

8
longhorn/values.yaml
View File

@@ -47,7 +47,7 @@ longhorn:
persistence:
defaultClass: true
defaultFsType: ext4
defaultClassReplicaCount: 1
defaultClassReplicaCount: 3
defaultDataLocality: disabled # best-effort otherwise
reclaimPolicy: Retain
migratable: false
@@ -57,7 +57,7 @@ longhorn:
{
"name":"backup",
"task":"backup",
"cron":"0 */6 * * *",
"cron":"0 0 * * ?",
"retain":24
}
]'
@@ -76,7 +76,7 @@ longhorn:
snapshotterReplicaCount: ~
defaultSettings:
backupTarget: S3://longhorn-prd@us-east-1/
backupTarget: S3://longhorn-master@us-east-1/
backupTargetCredentialSecret: longhorn-backup-token-secret
allowRecurringJobWhileVolumeDetached: ~
createDefaultDiskLabeledNodes: ~
@@ -238,7 +238,7 @@ longhorn:
# certificate:
# Configure a pod security policy in the Longhorn namespace to allow privileged pods
enablePSP: false
enablePSP: true
## Specify override namespace, specifically this is useful for using longhorn as sub-chart
## and its release namespace is not the `longhorn-system`

1
metallb-system/Chart.yaml
View File

@@ -10,3 +10,4 @@ dependencies:
- name: metallb
repository: https://metallb.github.io/metallb
version: 0.14.5

3
metallb-system/templates/config.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: cheap
spec:
addresses:
- 192.168.11.130-192.168.11.140
- 192.168.20.130-192.168.20.140
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
@@ -14,3 +14,4 @@ metadata:
spec:
ipAddressPools:
- cheap

1
metallb-system/values.yaml
View File

@@ -194,3 +194,4 @@ metallb:
validationFailurePolicy: Fail
frrk8s:
enabled: false

4
nfs-client/templates/provisioner.yml
View File

@@ -34,9 +34,9 @@ spec:
- name: NFS_SERVER
value: 192.168.20.253
- name: NFS_PATH
value: /mnt/user/k3s-dev
value: /mnt/user/k3s
volumes:
- name: nfs-client-ssd
nfs:
server: 192.168.20.253
path: /mnt/user/k3s-dev
path: /mnt/user/k3s

10
open-webui/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`open-webui.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`open-webui.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: open-webui
@@ -25,9 +25,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "open-webui.prd.durp.info"
commonName: "open-webui.durp.info"
dnsNames:
- "open-webui.prd.durp.info"
- "open-webui.durp.info"
---
@@ -36,7 +36,7 @@ apiVersion: v1
metadata:
name: open-webui-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: open-webui.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: open-webui.durp.info
spec:
type: ExternalName
externalName: prd.durp.info
externalName: durp.info

8
traefik/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik.internal.prd.durp.info`)
- match: Host(`traefik.internal.durp.info`)
middlewares:
- name: authentik-proxy-provider
namespace: traefik
@@ -14,7 +14,7 @@ spec:
services:
- name: api@internal
kind: TraefikService
- match: Host(`traefik.internal.prd.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
- match: Host(`traefik.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
@@ -34,6 +34,6 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "traefik.internal.prd.durp.info"
commonName: "traefik.internal.durp.info"
dnsNames:
- "traefik.internal.prd.durp.info"
- "traefik.internal.durp.info"

9
traefik/templates/middleware-chain.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: internal-only
spec:
chain:
middlewares:
- name: traefik-real-ip
- name: whitelist

21
traefik/templates/middlewares.yaml
View File

@@ -20,30 +20,17 @@ spec:
- X-authentik-meta-app
- X-authentik-meta-version
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: whitelist
namespace: traefik
spec:
ipWhiteList:
sourceRange:
- 192.168.10.1/32
- 192.168.30.1/24
- 192.168.20.1/32
- 10.0.0.0/8
ipStrategy:
depth: 1
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-real-ip
spec:
plugin:
traefik-real-ip:
excludednets:
- "1.1.1.1/24"
- 192.168.30.0/24
- 192.168.130.0/24

32
traefik/values.yaml
View File

@@ -502,8 +502,6 @@ traefik:
- "--log.level=DEBUG"
- --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin
- --experimental.plugins.jwt.version=v0.7.0
- --experimental.plugins.traefik-real-ip.moduleName=github.com/soulbalz/traefik-real-ip
- --experimental.plugins.traefik-real-ip.version=v1.0.3
# Environment variables to be passed to Traefik's binary
@@ -580,10 +578,9 @@ traefik:
redirectTo: websecure
#
# Trust forwarded headers information (X-Forwarded-*).
forwardedHeaders:
trustedIPs:
- "192.168.11.1"
insecure: false
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
# Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
@@ -611,10 +608,9 @@ traefik:
# advertisedPort: 4443
#
## Trust forwarded headers information (X-Forwarded-*).
forwardedHeaders:
trustedIPs:
- "192.168.11.1"
insecure: false
#forwardedHeaders:
# trustedIPs: []
# insecure: false
#
## Enable the Proxy Protocol header parsing for the entry point
#proxyProtocol:
@@ -734,7 +730,7 @@ traefik:
## Create HorizontalPodAutoscaler object.
##
autoscaling:
enabled: false
enabled: true
minReplicas: 1
maxReplicas: 10
metrics:
@@ -823,13 +819,13 @@ traefik:
# Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "300m"
memory: "256Mi"
# This example pod anti-affinity forces the scheduler to put traefik pods
# on nodes where no other traefik pods are scheduled.

10
uptimekuma/templates/ingress.yaml
View File

@@ -6,7 +6,7 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`kuma.prd.durp.info`) && PathPrefix(`/`)
- match: Host(`kuma.durp.info`) && PathPrefix(`/`)
middlewares:
- name: authentik-proxy-provider
namespace: traefik
@@ -28,9 +28,9 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "kuma.prd.durp.info"
commonName: "kuma.durp.info"
dnsNames:
- "kuma.prd.durp.info"
- "kuma.durp.info"
---
@@ -39,7 +39,7 @@ apiVersion: v1
metadata:
name: heimdall-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: kuma.prd.durp.info
external-dns.alpha.kubernetes.io/hostname: kuma.durp.info
spec:
type: ExternalName
externalName: prd.durp.info
externalName: durp.info

8
vault/templates/ingress.yaml
View File

@@ -8,9 +8,9 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`vault.internal.prd.durp.info`)
- match: Host(`vault.internal.durp.info`)
middlewares:
- name: internal-only
- name: whitelist
namespace: traefik
kind: Rule
services:
@@ -31,7 +31,7 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "vault.internal.prd.durp.info"
commonName: "vault.internal.durp.info"
dnsNames:
- "vault.internal.prd.durp.info"
- "vault.internal.durp.info"

17
vault/values.yaml
View File

@@ -14,7 +14,7 @@ vault:
injector:
enabled: "-"
replicas: 2
replicas: 3
leaderElector:
enabled: true
@@ -39,14 +39,13 @@ vault:
ha:
enabled: false
replicas: 3
resources: {}
# resources:
# requests:
# memory: 256Mi
# cpu: 250m
# limits:
# memory: 256Mi
# cpu: 250m
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m
dataStorage:
enabled: true