aaron/k8s-deployments
1
0
Fork 0
Code Issues 2 Pull requests 2 Activity

Compare commits

merge into: aaron:3_openproject_prod
Branches Tags
aaron:main
aaron:renovate/openproject-9.x
aaron:10_openproject_prod
aaron:8_openproject_prod
aaron:3_openproject_prod
...
pull from: aaron:main
Branches Tags
aaron:main
aaron:renovate/openproject-9.x
aaron:10_openproject_prod
aaron:8_openproject_prod
aaron:3_openproject_prod

14 commits
3_openproj ... main

Author SHA1 Message Date
Aaron Riedel
1107adf9d4
configure backups for openproject db 2024-11-16 13:19:17 +01:00
Aaron Riedel
af5c76e636 Merge pull request 'chore(deps): update helm release argo-cd to v7.7.3' (#5) from renovate/argo-cd-7.x into main 
Reviewed-on: #5
 2024-11-14 20:51:52 +01:00
Renovate Bot
0add562953
chore(deps): update helm release argo-cd to v7.7.3 2024-11-13 11:03:59 +00:00
aaron
00357ee904 HOYLOGO: update image tag to 4 (done automagically via Forgejo pipeline) 2024-11-07 22:28:20 +00:00
Aaron Riedel
5772d11eb7
change openproject settings 2024-11-06 22:16:32 +01:00
Aaron Riedel
c95043b123
change secrets to bamboozle helm 2024-11-06 21:56:16 +01:00
Aaron Riedel
ebc3577cc2
fix openproject 2024-11-06 21:27:06 +01:00
Aaron Riedel
de6c171944
openprofile change config 2024-11-06 20:46:40 +01:00
Aaron Riedel
6cd34e5492 Merge pull request 'chore(deps): update helm release argo-cd to v7.7.0' (#3) from renovate/argo-cd-7.x into main 
Reviewed-on: #3
 2024-11-06 20:29:55 +01:00
Renovate Bot
abef34f175
chore(deps): update helm release argo-cd to v7.7.0 2024-11-05 21:03:53 +00:00
Aaron Riedel
9f44c74414 Merge pull request 'OPENPROJECT: update image tag to 6' (#2) from 6_openproject_prod into main 
Reviewed-on: #2
 2024-11-05 21:49:43 +01:00
aaron
cc725ac74f openproject: update image tag to 6 (done automagically via Woodpecker pipeline) 2024-11-05 20:45:19 +00:00
Aaron Riedel
16307d70e3 Merge pull request 'OPENPROJECT: update image tag to 5' (#1) from 5_openproject_prod into main 
Reviewed-on: #1
 2024-11-05 21:37:25 +01:00
aaron
f5c65b0df3 openproject: update image tag to 5 (done automagically via Woodpecker pipeline) 2024-11-05 20:36:23 +00:00
5 changed files with 53 additions and 71 deletions
Show stats Expand all files Collapse all files

4
app-files/apps.yaml
View file

@ -27,7 +27,7 @@ spec:
sources: sources:
- repoURL: https://argoproj.github.io/argo-helm - repoURL: https://argoproj.github.io/argo-helm
chart: argo-cd chart: argo-cd
targetRevision: 7.6.8 targetRevision: 7.7.3
helm: helm:
releaseName: argo releaseName: argo
valueFiles: valueFiles:
@ -193,5 +193,5 @@ spec:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
selfHeal: true selfHeal: false
prune: false prune: false

2
hoylogo/overlays/prod/kustomization.yaml
View file

@ -5,7 +5,7 @@ resources:
images: images:
- name: git.ar21.de/aaron/hoylogo - name: git.ar21.de/aaron/hoylogo
newName: git.ar21.de/aaron/hoylogo newName: git.ar21.de/aaron/hoylogo
newTag: "27" newTag: "4"
namespace: hoylogo namespace: hoylogo
patches: patches:
- patch: |- - patch: |-

14
openproject/db.yaml
View file

@ -7,3 +7,17 @@ spec:
instances: 3 instances: 3
storage: storage:
size: 1Gi size: 1Gi
backup:
barmanObjectStore:
destinationPath: "s3://openproject/backups"
endpointURL: "https://fsn1.your-objectstorage.com"
s3Credentials:
accessKeyId:
name: openproject-secret
key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID
secretAccessKey:
name: openproject-secret
key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY
wal:
compression: gzip
retentionPolicy: "30d"

52
openproject/secret.yaml
View file

@ -7,8 +7,10 @@ metadata:
app.kubernetes.io/name: openproject-secret app.kubernetes.io/name: openproject-secret
app.kubernetes.io/part-of: openproject app.kubernetes.io/part-of: openproject
stringData: stringData:
clientId: ENC[AES256_GCM,data:pNsfXlI13/jOdNXbtzTrk0oYB2viicauXdzVtjljC8pd9qFXCQrnrA==,iv:x6HGIX29SedgGJiRCHwIFAXbA9ucnpO+QS1Xlgsbdks=,tag:3A53qjsmJJin2+9AA/MAuQ==,type:str] OPENPROJECT_OPENID__CONNECT_AUTHENTIK_IDENTIFIER: ENC[AES256_GCM,data:YRSk6WbIi03tMl5PE+jVeWUjiEsMogGSjcd71DWmdhrs9hx0gHz/6Q==,iv:9a5cATFe+sGFVvIcIq702XZpWbwCpkEgbHL04WC73RU=,tag:t/TAeA5lkVS4V5EWZjP96w==,type:str]
clientSecret: ENC[AES256_GCM,data:dlBFp8ImgzMIpymOesrCgNBnSHkVHH/PZwMTJ2tXVjpHXnif7AAx5VMbsvk6dpDxRQPX8RTBzTVqhJbHv87Bqso3vwu7K/tjstf+iBIpTHfz6O0u5Qc6f1/ZJorb1mMk0nB3+MOZuOnVv/LkkDv7LCa6R2HSkzALZMvmLIhMuiI=,iv:NpkQxa0DhvJOCF831KeEq35wxqQ6v6/TJpM87Gnpzbc=,tag:2JcM1oAmY3HqWNVl2AAnyA==,type:str] OPENPROJECT_OPENID__CONNECT_AUTHENTIK_SECRET: ENC[AES256_GCM,data:iP1vQTVCS9iB5qBvsT4HCpXg/7vEaqEvMBG8pkjapx7fwdzUvPnumqT/4kjT2A0G0B8hvbNbLXlBx3u3bznUjFCyQXizDmsP7y5IewtQD9x1Gjcc/3PyijUauXTIYt3DjjhJqStiDsc855LGbdBukowdQNZwTdHGYkEmZmlyNnw=,iv:msO6nSphjMFwnRZ+bzyPJDOMfAVMpYzf6bXq6m5OYJU=,tag:zxYWhn3zXHKdGNwyAoOq6g==,type:str]
OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: ENC[AES256_GCM,data:d4kh/eBE35VT5dE3oIAQiIIaC54=,iv:0/Tvwi5zWHetytYPWsSTEcVX8cc7MjwQQpgD2j/2blg=,tag:WTuGgku1aQYcChf1dTShBw==,type:str]
OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: ENC[AES256_GCM,data:MrOc+zr6qkv+55vjuCciijW1bnjKyjxr0mbbH/IajNjMvDIVqq7GDg==,iv:0+GBZuWA6t5Pp5gKeIczrFKdTYMznV2fTSuJxS/y6Do=,tag:zq9QtqFANlUFJL737Sa8jw==,type:str]
type: Opaque type: Opaque
sops: sops:
kms: [] kms: []
@ -34,50 +36,8 @@ sops:
cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9 cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9
d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ== d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-04T21:12:27Z" lastmodified: "2024-11-06T20:53:34Z"
mac: ENC[AES256_GCM,data:wI/Z9/ilDAoIeYmRDwqa6cm7vnOyCKLPV3rxinVO8hhP3aVQisIJlKZH5iSZTAqE+bF0451Sqj8Ei00CiH/OXl8z7s92HeE2z2paHO51SutcLUM1RttKBcWsmdGnSvpqatlED9gziAeT487V3yECts+BS2zHppTtf+DRhjYVrd0=,iv:Pt4Jq1LFAJZo9oQmcv3PTDHmRb2HWI+gGUH/gzIuQ5s=,tag:PIcgRGoIm1tmaR6kRRIb0A==,type:str] mac: ENC[AES256_GCM,data:3LaUkQy4IViYIjKHOJ71pIcPipv3p44ENAd31270uGsZNmOAlGqPcylF7Dlc475UfKrHXAZaagGKF80VkTaE6xca+Uq9ihUg0U5ovLyVbxBXMEjmycCBJXaKry17kju3eQec5dinqEBQ7+uU39lSKdhGPPvbZDYxu3WeZBWzrSQ=,iv:VN+W6S8t9RW06DnSoo+AY630bo4PVF027qtanv2YRh8=,tag:urMNwqclobcL7bxCJY5NbA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0
---
apiVersion: v1
kind: Secret
metadata:
name: openproject-s3
namespace: openproject
labels:
app.kubernetes.io/name: openproject-s3
app.kubernetes.io/part-of: openproject
stringData:
accessKeyId: ENC[AES256_GCM,data:vp+0gIUcQ1zFZZ+FzMsjrIEnLJQ=,iv:1vO4ZESGnGHpf/Jy3mQdrRwv7DgRv2bJNppKQ+Qpi6A=,tag:1DHkZJ9bpc9P4nd2O/3nkg==,type:str]
secretAccessKey: ENC[AES256_GCM,data:ppZZ3LRQKOKeBzj4OUuiQLFDxKA1MQm8HhhdoLdpOaTDHVmxlCgRDw==,iv:oZPdTGkNPdjU4rqO6IjZcrI9t0yhlkIqHFKUTBOBr0M=,tag:M5LK3hdw8hCJ7i/tQsmj4A==,type:str]
type: Opaque
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByT0xDY1ZMNUtydlZqNyt4
RGZhYTJCaTdoaUNDcUU3c2djUFFrb1NPWmdBClM4ZXZ6aUU0WU1NdmFLYWlHUVBy
VlU0VlZnRnQwenJPdGRSTFBac1ZlSTgKLS0tIGowNGZBZjgyMGxJbTZvOWRLS2Jr
ZTczeDVvYytjK0dzUDY0QXdaUlVyN3cKM+tC9agxFrnjpfPXoNXxCinTNXJ2gHyO
xmkLs958EAJZ8LuFfne01Sak/7ojRny+PzKb9TudIggCUoxAW8S0+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU2dyTnc3eCtSNFVBeFQ3
bTFndGdUYXVTdnpnRTJVQjI3Z0RRZ0FkQzJ3CjZ6ZHBpU2w1MDRFUzJQL1FKS1Ex
N011MUcyY0hlV0lYREo3Tmhhc1NXZG8KLS0tIGZpa3IyU244OXRGZ1hQdVlJbzZr
cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9
d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-04T21:12:27Z"
mac: ENC[AES256_GCM,data:wI/Z9/ilDAoIeYmRDwqa6cm7vnOyCKLPV3rxinVO8hhP3aVQisIJlKZH5iSZTAqE+bF0451Sqj8Ei00CiH/OXl8z7s92HeE2z2paHO51SutcLUM1RttKBcWsmdGnSvpqatlED9gziAeT487V3yECts+BS2zHppTtf+DRhjYVrd0=,iv:Pt4Jq1LFAJZo9oQmcv3PTDHmRb2HWI+gGUH/gzIuQ5s=,tag:PIcgRGoIm1tmaR6kRRIb0A==,type:str]
pgp: [] pgp: []
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.9.0 version: 3.9.0

52
openproject/values.yaml
View file

@ -1,40 +1,48 @@
image: image:
registry: "git.ar21.de" registry: git.ar21.de
repository: "aaron/openproject" repository: aaron/openproject
tag: "2" tag: '6'
appInit: appInit:
resources: resources:
limits: limits:
memory: "4Gi" memory: 4Gi
requests: requests:
memory: "4Gi" memory: 4Gi
clusterDomain: "project.aaronriedel.de" clusterDomain: project.aaronriedel.de
ingress: ingress:
annotations: annotations:
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: 'true'
host: "project.aaronriedel.de" host: project.aaronriedel.de
tls: tls:
secretName: openproject-tls secretName: openproject-tls
workers: workers:
default: default:
replicas: 2 replicas: 2
environment:
OPENPROJECT_DISABLE__PASSWORD__LOGIN: true
openproject: openproject:
admin_user:
password_reset: "true"
name: "Aaron Riedel"
mail: "aaron@ar21.de"
extraEnvVarsSecret: openproject-secret
oidc: oidc:
enabled: true enabled: true
provider: "Keycloak" provider: authentik
displayName: "aaronID" displayName: aaronID
host: "auth.ar21.de" host: auth.ar21.de
existingSecret: openproject-secret identifier: null
userinfoEndpoint: "https://auth.ar21.de/application/o/userinfo/" secret: null
tokenEndpoint: "https://auth.ar21.de/application/o/token/" userinfoEndpoint: /application/o/userinfo/
authorizationEndpoint: "https://auth.ar21.de/application/o/authorize/" tokenEndpoint: /application/o/token/
endSessionEndpoint: "https://auth.ar21.de/application/o/openproject/end-session/" authorizationEndpoint: /application/o/authorize/
endSessionEndpoint: /application/o/openproject/end-session/
scope: "[openid email profile]"
persistence: persistence:
enabled: false enabled: false
s3: s3:
enabled: true enabled: true
auth:
existingSecret: openproject-s3
region: fsn1 region: fsn1
bucketName: openproject bucketName: openproject
endpoint: https://fsn1.your-objectstorage.com endpoint: https://fsn1.your-objectstorage.com
@ -49,7 +57,7 @@ postgresql:
auth: auth:
existingSecret: openproject-app existingSecret: openproject-app
secretKeys: secretKeys:
adminPasswordKey: "password" adminPasswordKey: password
userPasswordKey: "password" userPasswordKey: password
username: "app" username: app
database: "app" database: app