From 036b58950a9164ede99166df680148e8715b529f Mon Sep 17 00:00:00 2001 From: renovate Date: Wed, 19 Mar 2025 12:08:36 +0000 Subject: [PATCH 01/10] openproject: update image tag to 38 (done automagically via Woodpecker pipeline) --- openproject/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index d4e7a95..e3f6825 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -1,7 +1,7 @@ image: registry: git.ar21.de repository: aaron/openproject - tag: '36' + tag: '38' appInit: resources: limits: From ca79a67d0e4c248e9daa21ce063d3f6fa58a436b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 20 Mar 2025 16:04:27 +0000 Subject: [PATCH 02/10] chore(deps): update helm release openproject to v9.8.1 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 7447a65..94e31d8 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -140,7 +140,7 @@ spec: sources: - repoURL: https://charts.openproject.org chart: openproject - targetRevision: 9.7.2 + targetRevision: 9.8.1 helm: releaseName: openproject valueFiles: From 5ea16a7a2c25dd583d0197c798c70aca65adbd7c Mon Sep 17 00:00:00 2001 From: renovate Date: Thu, 20 Mar 2025 17:09:03 +0000 Subject: [PATCH 03/10] openproject: update image tag to 40 (done automagically via Woodpecker pipeline) --- openproject/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index d4e7a95..5150feb 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -1,7 +1,7 @@ image: registry: git.ar21.de repository: aaron/openproject - tag: '36' + tag: '40' appInit: resources: limits: From 8ff9647ab5b26544cce69abd68201ef1fae7ca24 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 16 Apr 2025 11:04:24 +0000 Subject: [PATCH 04/10] chore(deps): update helm release openproject to v9.10.0 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 94e31d8..a9bd050 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -140,7 +140,7 @@ spec: sources: - repoURL: https://charts.openproject.org chart: openproject - targetRevision: 9.8.1 + targetRevision: 9.10.0 helm: releaseName: openproject valueFiles: From 8eca61447844287f0fbe881724ca1284f271e85f Mon Sep 17 00:00:00 2001 From: renovate Date: Sat, 26 Apr 2025 18:17:34 +0000 Subject: [PATCH 05/10] openproject: update image tag to 45 (done automagically via Woodpecker pipeline) --- openproject/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index 5150feb..248477a 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -1,7 +1,7 @@ image: registry: git.ar21.de repository: aaron/openproject - tag: '40' + tag: '45' appInit: resources: limits: From c3a93d614b513cba0b885569f816f0af4d33399d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 23 May 2025 14:04:16 +0000 Subject: [PATCH 06/10] chore(deps): update helm release cloudnative-pg to v0.24.0 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index a9bd050..cfd5f44 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -118,7 +118,7 @@ spec: sources: - chart: cloudnative-pg repoURL: https://cloudnative-pg.io/charts - targetRevision: 0.23.2 + targetRevision: 0.24.0 helm: releaseName: cloudnative-pg destination: From 114eba71d7481e326ab239636f8cec0eaf90fe6a Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 13 Jul 2025 11:39:50 +0200 Subject: [PATCH 07/10] remove openproject --- app-files/apps.yaml | 31 ----------------- openproject/db.yaml | 57 ------------------------------ openproject/kustomization.yaml | 7 ---- openproject/secret-generator.yaml | 11 ------ openproject/secret.yaml | 51 --------------------------- openproject/values.yaml | 58 ------------------------------- 6 files changed, 215 deletions(-) delete mode 100644 openproject/db.yaml delete mode 100644 openproject/kustomization.yaml delete mode 100644 openproject/secret-generator.yaml delete mode 100644 openproject/secret.yaml delete mode 100644 openproject/values.yaml diff --git a/app-files/apps.yaml b/app-files/apps.yaml index a9bd050..8acde18 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -129,34 +129,3 @@ spec: - CreateNamespace=true automated: prune: false ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: aaron-openproject - namespace: argocd -spec: - project: default - sources: - - repoURL: https://charts.openproject.org - chart: openproject - targetRevision: 9.10.0 - helm: - releaseName: openproject - valueFiles: - - $values/openproject/values.yaml - - repoURL: https://git.ar21.de/aaron/k8s-deployments.git - targetRevision: HEAD - ref: values - - repoURL: https://git.ar21.de/aaron/k8s-deployments.git - targetRevision: HEAD - path: openproject - destination: - server: https://kubernetes.default.svc - namespace: aaron-openproject - syncPolicy: - syncOptions: - - CreateNamespace=true - automated: - selfHeal: false - prune: false diff --git a/openproject/db.yaml b/openproject/db.yaml deleted file mode 100644 index 9ff8cef..0000000 --- a/openproject/db.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: openproject - annotations: - cnpg.io/skipEmptyWalArchiveCheck: enabled -spec: - instances: 3 - storage: - size: 1Gi - bootstrap: - recovery: - source: clusterBackup - #recoveryTarget: - # targetTime: "2025-02-12 21:00:00.00000+00" - backup: - barmanObjectStore: - destinationPath: "s3://openproject/backups" - endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "db" # in case of restore change this - s3Credentials: - accessKeyId: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID - secretAccessKey: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY - wal: - compression: gzip - retentionPolicy: "30d" - externalClusters: - - name: clusterBackup - barmanObjectStore: - destinationPath: "s3://openproject/backups" - endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "db" - s3Credentials: - accessKeyId: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID - secretAccessKey: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY - wal: - maxParallel: 8 - compression: gzip ---- -apiVersion: postgresql.cnpg.io/v1 -kind: ScheduledBackup -metadata: - name: backup-openproject -spec: - immediate: true - schedule: "0 0 0 * * *" - backupOwnerReference: self - cluster: - name: openproject diff --git a/openproject/kustomization.yaml b/openproject/kustomization.yaml deleted file mode 100644 index d507cbe..0000000 --- a/openproject/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -generators: - - ./secret-generator.yaml -resources: - - ./db.yaml diff --git a/openproject/secret-generator.yaml b/openproject/secret-generator.yaml deleted file mode 100644 index 7f9b73e..0000000 --- a/openproject/secret-generator.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - ./secret.yaml diff --git a/openproject/secret.yaml b/openproject/secret.yaml deleted file mode 100644 index 4c3356d..0000000 --- a/openproject/secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: openproject-secret - labels: - app.kubernetes.io/name: openproject-secret - app.kubernetes.io/part-of: openproject -stringData: - OPENPROJECT_OPENID__CONNECT_AUTHENTIK_IDENTIFIER: ENC[AES256_GCM,data:u0EqZSaIBVEavmNVevNcO1ZtlMHZfdXDi4s0Rfjo9NyeIIsN3rHWuQ==,iv:mvhGi5w/kCOQGcTaQz8FOeGBvaP0NSH4DRzFhA5IwQg=,tag:P9CYCymCpWPZ0+0Ujc0rrQ==,type:str] - OPENPROJECT_OPENID__CONNECT_AUTHENTIK_SECRET: ENC[AES256_GCM,data:z17lplltjJd+LnmceX9Hdak6BHVaZ1nSHWt4FMiSbCtl02igdA5i3jozUyagwy4y+B5TMrla+BmK5KMFoZsalpThJZjWFcOZyo8BtQOeAEODXnwNg6Sznmhvya4BTEzdzkqbeOIYp/38rkcSUeTDPwo1ca+M9tb2udfvTmIg6FA=,iv:XEOCc5uUu4s5DQTnClCv1W89x4T+TS4zQS/G6V9UedI=,tag:GjY97MANIMAKEOgelbeprQ==,type:str] - OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: ENC[AES256_GCM,data:0vVJDBN9yl+K+LAAfvtMMQPX2YM=,iv:7PXtPZsYlOffhJMu4l6MRgBKkC8sI4R+6DFWIGK3rJ8=,tag:4XEdO10j8VXMCDst86KYFw==,type:str] - OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: ENC[AES256_GCM,data:OAZ1embfVUQBorMd69mBaGy0fAI4TEjuwDzCyriWQwtlSr/xsi1ypQ==,iv:eOu/LwYxsoCKbx61gmioLm8Zn1rfIVd2Qsil03r6Kro=,tag:/hRprgV+c9Qpwsbpkdj1xg==,type:str] -type: Opaque -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6U3ZOaHd3Q21ZbVZudjZp - Y1BKMUdhU2ZQU1M2ZVlpNnVLMlRhNnZyTlJvCnI2TWZGR04yTWhUTllwUDI4aVlF - d24veFJwSmV0Y2NjL3l5ZW44a0F0d2cKLS0tIDdTMndsTk53Y3Q5WEpiQUFCRHZt - QXY5NTYyNldCSnFaQmE1QklTUURETDQKNlWFVA6qHmKDazv48PVygwV4/4cgBtKK - IYPcP2N0/T0rDw2ngw4lNdHJ90doTTmlUjiPYDmmfopGOi1XpoG2dQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbDlvVldrL2lCMzhsMjg4 - aHo5aExVWVBDTGl0RGtqUEZQS1JyWGRvZFFnCkNyMzc2WS9aS1doa1Y2R09JM0NJ - eWZRbEtNdTN1YWE4N3hqVDRRekZ0cDQKLS0tIE5oT1FCQlY2TDRlM3JSM2p4ckM4 - bHBpKzUvVi9YbHNNcjZEanVOeXB4SDQKFAV1upJgJzRlXzEB9FEW2sSeebC8dGt8 - xdfRIMKXn1pnf64N69ZnJ+hbcDvuMPnoSBsZ7W95nF0lItYfDIyHFw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUdDEyanpERGpaMFV2cE5n - dmg3QjYzNkk3R2c0Yk1OTHlpRlZLRkYrNXlBCjJYdWRNeVVCR1FEVXBoZlJwU0Fn - aDFpbG1nbXRUOHBZcG9jMGZqeFM1OUkKLS0tIHZkYkQ0dlN1UDBZajRhVWZXUHVR - ci9LK2JjSlVvaDR2UFpwWGZmMDhQbDgKxcvqSMhGzpxoP2OSdjs2KsA9cd36j+xO - JYBFmTQnb4oTTzMQZxMAowaiqDt4fLsD6fXcwBnclq2SwAGsOlzvJw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-13T20:19:15Z" - mac: ENC[AES256_GCM,data:qloZYbT1ht2wTzTVD5O57C/VVHy80yT0bIpB+mSjF9yvvDF38rpUS3FuZFoXoDeyaniCml3IUV3Bww/lHXoHI/nPr70Vsl+Q2n9FdUnD1JKfI/kLqvk+XM5HB8qqY4XFXhjwZOGrbN3v5Stgi+CWb2s8518g8OCSdR8pyaWDSqc=,iv:4v77gZzMfjMYyF4K4BOBCdYbxk0wa3zrruy7VD7Tux0=,tag:50/uxJDqgvaEItqMepWwoA==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.9.1 diff --git a/openproject/values.yaml b/openproject/values.yaml deleted file mode 100644 index 248477a..0000000 --- a/openproject/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -image: - registry: git.ar21.de - repository: aaron/openproject - tag: '45' -appInit: - resources: - limits: - memory: 4Gi - requests: - memory: 4Gi -clusterDomain: project.aaronriedel.de -ingress: - annotations: - kubernetes.io/tls-acme: 'true' - host: project.aaronriedel.de - tls: - secretName: openproject-tls -workers: - default: - replicas: 2 -environment: - OPENPROJECT_DISABLE__PASSWORD__LOGIN: true -openproject: - extraEnvVarsSecret: openproject-secret - oidc: - enabled: true - provider: authentik - displayName: aaronID - host: auth.ar21.de - identifier: null - secret: null - userinfoEndpoint: /application/o/userinfo/ - tokenEndpoint: /application/o/token/ - authorizationEndpoint: /application/o/authorize/ - endSessionEndpoint: /application/o/openproject/end-session/ - scope: '[openid email profile]' -persistence: - enabled: false -s3: - enabled: true - region: fsn1 - bucketName: openproject - endpoint: https://fsn1.your-objectstorage.com - pathStyle: true - enableSignatureV4Streaming: false - directUploads: false -postgresql: - bundled: false - connection: - host: openproject-rw.aaron-openproject.svc.cluster.local - port: 5432 - auth: - existingSecret: openproject-app - secretKeys: - adminPasswordKey: password - userPasswordKey: password - username: app - database: app From 5368b899746f5eff0bb3b79c10949b63c99f468f Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 13 Jul 2025 11:47:42 +0200 Subject: [PATCH 08/10] set "automated" flags for argo --- app-files/apps.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 8acde18..4fac3c2 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -16,6 +16,7 @@ spec: syncPolicy: automated: prune: false + selfHeal: true --- #apiVersion: argoproj.io/v1alpha1 #kind: Application @@ -67,6 +68,7 @@ spec: - CreateNamespace=true automated: prune: true + selfHeal: true --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -87,6 +89,7 @@ spec: - CreateNamespace=true automated: prune: true + selfHeal: true --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -107,6 +110,7 @@ spec: - CreateNamespace=true automated: prune: true + selfHeal: true --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -128,4 +132,5 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: false + prune: true + selfHeal: true From d2793366a51f6ada378b9d7e335013ede8f9d4da Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 13 Jul 2025 11:52:54 +0200 Subject: [PATCH 09/10] set serverside apply for cnpg --- app-files/apps.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 78e4f68..722a8aa 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -131,6 +131,7 @@ spec: syncPolicy: syncOptions: - CreateNamespace=true + - ServerSideApply=true automated: prune: true selfHeal: true From 569a77f4c3c8cc396e8a6214977b89bdc8b933d1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 13 Jul 2025 10:04:09 +0000 Subject: [PATCH 10/10] chore(config): migrate config renovate.json --- renovate.json | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/renovate.json b/renovate.json index 6eb5df5..b09d564 100644 --- a/renovate.json +++ b/renovate.json @@ -1,10 +1,13 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "dependencyDashboard": true, - "enabledManagers": ["argocd"], + "enabledManagers": [ + "argocd" + ], "argocd": { - "fileMatch": ["^app-files/apps\\.yaml$"] + "managerFilePatterns": [ + "/^app-files/apps\\.yaml$/" + ] }, - "packageRules": [ - ] + "packageRules": [] }