From 3c04a04f5b70dcf28c6694b562e34e30f31fd90b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 19 Feb 2025 20:06:19 +0000 Subject: [PATCH 01/19] chore(deps): update helm release openproject to v9.7.0 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 22d1836..fa5fb2e 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -175,7 +175,7 @@ spec: sources: - repoURL: https://charts.openproject.org chart: openproject - targetRevision: 9.6.0 + targetRevision: 9.7.0 helm: releaseName: openproject valueFiles: From c33b788c5080a986465d0faa3e96aa98dcda1149 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Thu, 20 Feb 2025 20:04:05 +0100 Subject: [PATCH 02/19] fix cnpg backups --- openproject/db.yaml | 55 +++++++++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 22 deletions(-) diff --git a/openproject/db.yaml b/openproject/db.yaml index d0b33da..5e36749 100644 --- a/openproject/db.yaml +++ b/openproject/db.yaml @@ -6,16 +6,16 @@ spec: instances: 3 storage: size: 1Gi -# bootstrap: -# recovery: -# source: clusterBackup -# recoveryTarget: -# targetTime: "2025-02-12 21:00:00.00000+00" + bootstrap: + recovery: + source: clusterBackup + #recoveryTarget: + # targetTime: "2025-02-12 21:00:00.00000+00" backup: barmanObjectStore: destinationPath: "s3://openproject/backups" endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "new-openproject" + serverName: "newnew-openproject" # in case of restore change this s3Credentials: accessKeyId: name: openproject-secret @@ -26,19 +26,30 @@ spec: wal: compression: gzip retentionPolicy: "30d" -# externalClusters: -# - name: clusterBackup -# barmanObjectStore: -# destinationPath: "s3://openproject/backups" -# endpointURL: "https://fsn1.your-objectstorage.com" -# serverName: openproject -# s3Credentials: -# accessKeyId: -# name: openproject-secret -# key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID -# secretAccessKey: -# name: openproject-secret -# key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY -# wal: -# maxParallel: 8 -# compression: gzip + externalClusters: + - name: clusterBackup + barmanObjectStore: + destinationPath: "s3://openproject/backups" + endpointURL: "https://fsn1.your-objectstorage.com" + serverName: "newnew-openproject" + s3Credentials: + accessKeyId: + name: openproject-secret + key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID + secretAccessKey: + name: openproject-secret + key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY + wal: + maxParallel: 8 + compression: gzip +--- +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: backup-openproject +spec: + immediate: true + schedule: "0 0 0 * * *" + backupOwnerReference: self + cluster: + name: openproject From 88f5bb04f2d009fc324fa1420994b87ce3ab5092 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Thu, 20 Feb 2025 20:12:08 +0100 Subject: [PATCH 03/19] fix openproject namespace --- openproject/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index 7537799..0470016 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -51,7 +51,7 @@ s3: postgresql: bundled: false connection: - host: openproject-rw.openproject.svc.cluster.local + host: openproject-rw.aaron-openproject.svc.cluster.local port: 5432 auth: existingSecret: openproject-app From a2ea9111de5754ba8d56b12a64a7f3c889b409ec Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Thu, 20 Feb 2025 20:33:41 +0100 Subject: [PATCH 04/19] openproject restore --- openproject/db.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/openproject/db.yaml b/openproject/db.yaml index 5e36749..85f33fb 100644 --- a/openproject/db.yaml +++ b/openproject/db.yaml @@ -2,6 +2,8 @@ apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: openproject + annotations: + cnpg.io/skipEmptyWalArchiveCheck: enabled spec: instances: 3 storage: @@ -15,7 +17,7 @@ spec: barmanObjectStore: destinationPath: "s3://openproject/backups" endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "newnew-openproject" # in case of restore change this + serverName: "openproject-backup" # in case of restore change this s3Credentials: accessKeyId: name: openproject-secret @@ -31,7 +33,7 @@ spec: barmanObjectStore: destinationPath: "s3://openproject/backups" endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "newnew-openproject" + serverName: "openproject-backup" s3Credentials: accessKeyId: name: openproject-secret From 79c867e271077623fa67b2b97fe1d1759e7cae0e Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 5 Mar 2025 12:06:48 +0000 Subject: [PATCH 05/19] chore(deps): update helm release openproject to v9.7.2 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index fa5fb2e..412123c 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -175,7 +175,7 @@ spec: sources: - repoURL: https://charts.openproject.org chart: openproject - targetRevision: 9.7.0 + targetRevision: 9.7.2 helm: releaseName: openproject valueFiles: From 9b96f8b2908696deb6afc6a09214fb42ba4c02bc Mon Sep 17 00:00:00 2001 From: renovate Date: Wed, 5 Mar 2025 14:11:59 +0000 Subject: [PATCH 06/19] openproject: update image tag to 36 (done automagically via Woodpecker pipeline) --- openproject/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index 0470016..29df62f 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -1,7 +1,7 @@ image: registry: git.ar21.de repository: aaron/openproject - tag: '30' + tag: '36' appInit: resources: limits: From b1a3f676013329c97fd082b28f5163a139a7ef97 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 5 Mar 2025 17:06:50 +0000 Subject: [PATCH 07/19] chore(deps): update helm release cloudnative-pg to v0.23.2 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index fa5fb2e..14cc223 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -153,7 +153,7 @@ spec: sources: - chart: cloudnative-pg repoURL: https://cloudnative-pg.io/charts - targetRevision: 0.23.0 + targetRevision: 0.23.2 helm: releaseName: cloudnative-pg destination: From 38097bff59e1a2178a525e09a2f255bb706849ba Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Thu, 6 Mar 2025 21:35:59 +0100 Subject: [PATCH 08/19] openproject stuff --- openproject/db.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openproject/db.yaml b/openproject/db.yaml index 85f33fb..9ff8cef 100644 --- a/openproject/db.yaml +++ b/openproject/db.yaml @@ -17,7 +17,7 @@ spec: barmanObjectStore: destinationPath: "s3://openproject/backups" endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "openproject-backup" # in case of restore change this + serverName: "db" # in case of restore change this s3Credentials: accessKeyId: name: openproject-secret @@ -33,7 +33,7 @@ spec: barmanObjectStore: destinationPath: "s3://openproject/backups" endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "openproject-backup" + serverName: "db" s3Credentials: accessKeyId: name: openproject-secret From 7933147dc3daedca33bd9b8a3154943c34959756 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Tue, 11 Mar 2025 14:21:21 +0100 Subject: [PATCH 09/19] remove admin user from openproject --- openproject/values.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index 29df62f..d4e7a95 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -21,10 +21,6 @@ workers: environment: OPENPROJECT_DISABLE__PASSWORD__LOGIN: true openproject: - admin_user: - password_reset: 'true' - name: Aaron Riedel - mail: aaron@ar21.de extraEnvVarsSecret: openproject-secret oidc: enabled: true From 05c3a21f858a39788e17276682e97ad65a30bbc5 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Tue, 11 Mar 2025 19:27:34 +0100 Subject: [PATCH 10/19] yeet Drone --- app-files/apps.yaml | 35 ----------------------------- drone/kustomization.yaml | 5 ----- drone/secret-generator.yaml | 11 --------- drone/secret.yaml | 45 ------------------------------------- 4 files changed, 96 deletions(-) delete mode 100644 drone/kustomization.yaml delete mode 100644 drone/secret-generator.yaml delete mode 100644 drone/secret.yaml diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 3f9bfde..7447a65 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -50,41 +50,6 @@ spec: --- apiVersion: argoproj.io/v1alpha1 kind: Application -metadata: - name: aaron-drone-runner - namespace: argocd -spec: - project: default - sources: - - chart: drone-runner-kube - repoURL: https://charts.drone.io - targetRevision: 0.1.10 - helm: - releaseName: drone-runner - values: | - extraSecretNamesForEnvFrom: - - drone-secrets - rbac: - buildNamespaces: - - aaron-drone - env: - DRONE_RPC_HOST: drone.ar21.de - DRONE_RPC_PROTO: https - DRONE_NAMESPACE_DEFAULT: drone - - repoURL: https://git.ar21.de/aaron/k8s-deployments.git - targetRevision: HEAD - path: drone - destination: - server: https://kubernetes.default.svc - namespace: aaron-drone - syncPolicy: - syncOptions: - - CreateNamespace=true - automated: - prune: false ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application metadata: name: aaron-hoylogo namespace: argocd diff --git a/drone/kustomization.yaml b/drone/kustomization.yaml deleted file mode 100644 index d840c3c..0000000 --- a/drone/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -generators: - - ./secret-generator.yaml diff --git a/drone/secret-generator.yaml b/drone/secret-generator.yaml deleted file mode 100644 index 7f9b73e..0000000 --- a/drone/secret-generator.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - ./secret.yaml diff --git a/drone/secret.yaml b/drone/secret.yaml deleted file mode 100644 index 5aa2a4c..0000000 --- a/drone/secret.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: drone-secrets -type: Opaque -data: - DRONE_RPC_SECRET: ENC[AES256_GCM,data:jrF3Y4c6HVYse2h8MhzPMTfLhD2VLmAGyr4yxjf0gFspTAVLcYwNtoJbjnI=,iv:7xGbWm5exOTDYJc3Uwj++9HWheyJI+F0SypeAmK7HcI=,tag:ksWv+zzc8fH9a193cNwYXA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cWRBQzFHTzR0WUNhc0Rl - dWlaTE9BTUFBb250c1ZaVjRrVUY3MjBXcDNjCmgwMjRzcFlmc3NhRUhkdHJHa3BV - bis5VWNCY1JFZ0ZpcjhJUWcxZXluZ0kKLS0tIFk1NnhSMWxvZ0JuSTFTV1lwY1Na - UW1YSVplRWNZc0o2UjNDUG5CUncvbk0KR/UDgABlTT4wA7CcE31LkPOMk7sXM6jr - rccWRqlgEyvD3AgRPQNUEZ/3nJbORhFLDt8jxsT4POFsDtZvxH1f2g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkljMUlGZmtnNTU4dnR2 - dXFyMkNUeFVHMENZa3d0a3MxNGpyYlhSS0VBClVXaXBVTU9GWkNjWk9OakNxakJK - a29VNzZ1UGFqNFhWclRONUw5dFo0WVUKLS0tIEQzS2ZxeldzZFY0cWlvRzIvVkl1 - MGJpczFOcThtTlVrSUROMytRNVVkc0kK0iO5dHZA/PhRGczCqFa1frXGMfJE30Cq - ZVfX5HcndP/87F5dv8FO2A9EJz4riz/TjuOpxIUhinDul7JI0T4KQw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUXREYjJEUmVwZ1ZTTmZh - cnp4K3dYdmczQ3o5RWFzMlF3NTRrOHFaSzA4CnBFbXk2MXVpVUxudXBMRWJwQ0JW - S2M3UEp1Qys3L0J1KzNsV1R3d05zamcKLS0tIDhMaDFmeG1vZWkzWDBKWGVoNWJS - REFDWXpDUkVkSnkzSmNiMzd6a2ZsbUEKFoDTBpjI/VCPCeqE+hVNk0zswNEWbnNw - TTwVfQ1xOXD5FeH8B+9zHo14UTi/Cp9T4OIcYNduKar7K0rQLlgz6A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-13T20:19:15Z" - mac: ENC[AES256_GCM,data:kCdPeuBOut4sXFYcp5uStaERQL8steUy1MZ51hWlP7sDfHpoKIV2oEEbRDlVy/2+no58WfH161J8gy5dw+B+ambwkcBShUA3D8yR8akX3ZlCSPR+Xp/KsUrtM5CtBmWpCiaI+0RZUnEXcRRWYPzHA4g2Hmrlg5mMmcD63zmV100=,iv:nXWlCN+DNLovf26fyCMDc0GmVtCaKB18pZUVpbqfjzw=,tag:QNT0A0SN8Vt992WAukNpmA==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.9.1 From ca79a67d0e4c248e9daa21ce063d3f6fa58a436b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 20 Mar 2025 16:04:27 +0000 Subject: [PATCH 11/19] chore(deps): update helm release openproject to v9.8.1 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 7447a65..94e31d8 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -140,7 +140,7 @@ spec: sources: - repoURL: https://charts.openproject.org chart: openproject - targetRevision: 9.7.2 + targetRevision: 9.8.1 helm: releaseName: openproject valueFiles: From 5ea16a7a2c25dd583d0197c798c70aca65adbd7c Mon Sep 17 00:00:00 2001 From: renovate Date: Thu, 20 Mar 2025 17:09:03 +0000 Subject: [PATCH 12/19] openproject: update image tag to 40 (done automagically via Woodpecker pipeline) --- openproject/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index d4e7a95..5150feb 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -1,7 +1,7 @@ image: registry: git.ar21.de repository: aaron/openproject - tag: '36' + tag: '40' appInit: resources: limits: From 8ff9647ab5b26544cce69abd68201ef1fae7ca24 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 16 Apr 2025 11:04:24 +0000 Subject: [PATCH 13/19] chore(deps): update helm release openproject to v9.10.0 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 94e31d8..a9bd050 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -140,7 +140,7 @@ spec: sources: - repoURL: https://charts.openproject.org chart: openproject - targetRevision: 9.8.1 + targetRevision: 9.10.0 helm: releaseName: openproject valueFiles: From 8eca61447844287f0fbe881724ca1284f271e85f Mon Sep 17 00:00:00 2001 From: renovate Date: Sat, 26 Apr 2025 18:17:34 +0000 Subject: [PATCH 14/19] openproject: update image tag to 45 (done automagically via Woodpecker pipeline) --- openproject/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openproject/values.yaml b/openproject/values.yaml index 5150feb..248477a 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -1,7 +1,7 @@ image: registry: git.ar21.de repository: aaron/openproject - tag: '40' + tag: '45' appInit: resources: limits: From c3a93d614b513cba0b885569f816f0af4d33399d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 23 May 2025 14:04:16 +0000 Subject: [PATCH 15/19] chore(deps): update helm release cloudnative-pg to v0.24.0 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index a9bd050..cfd5f44 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -118,7 +118,7 @@ spec: sources: - chart: cloudnative-pg repoURL: https://cloudnative-pg.io/charts - targetRevision: 0.23.2 + targetRevision: 0.24.0 helm: releaseName: cloudnative-pg destination: From 114eba71d7481e326ab239636f8cec0eaf90fe6a Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 13 Jul 2025 11:39:50 +0200 Subject: [PATCH 16/19] remove openproject --- app-files/apps.yaml | 31 ----------------- openproject/db.yaml | 57 ------------------------------ openproject/kustomization.yaml | 7 ---- openproject/secret-generator.yaml | 11 ------ openproject/secret.yaml | 51 --------------------------- openproject/values.yaml | 58 ------------------------------- 6 files changed, 215 deletions(-) delete mode 100644 openproject/db.yaml delete mode 100644 openproject/kustomization.yaml delete mode 100644 openproject/secret-generator.yaml delete mode 100644 openproject/secret.yaml delete mode 100644 openproject/values.yaml diff --git a/app-files/apps.yaml b/app-files/apps.yaml index a9bd050..8acde18 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -129,34 +129,3 @@ spec: - CreateNamespace=true automated: prune: false ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: aaron-openproject - namespace: argocd -spec: - project: default - sources: - - repoURL: https://charts.openproject.org - chart: openproject - targetRevision: 9.10.0 - helm: - releaseName: openproject - valueFiles: - - $values/openproject/values.yaml - - repoURL: https://git.ar21.de/aaron/k8s-deployments.git - targetRevision: HEAD - ref: values - - repoURL: https://git.ar21.de/aaron/k8s-deployments.git - targetRevision: HEAD - path: openproject - destination: - server: https://kubernetes.default.svc - namespace: aaron-openproject - syncPolicy: - syncOptions: - - CreateNamespace=true - automated: - selfHeal: false - prune: false diff --git a/openproject/db.yaml b/openproject/db.yaml deleted file mode 100644 index 9ff8cef..0000000 --- a/openproject/db.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: openproject - annotations: - cnpg.io/skipEmptyWalArchiveCheck: enabled -spec: - instances: 3 - storage: - size: 1Gi - bootstrap: - recovery: - source: clusterBackup - #recoveryTarget: - # targetTime: "2025-02-12 21:00:00.00000+00" - backup: - barmanObjectStore: - destinationPath: "s3://openproject/backups" - endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "db" # in case of restore change this - s3Credentials: - accessKeyId: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID - secretAccessKey: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY - wal: - compression: gzip - retentionPolicy: "30d" - externalClusters: - - name: clusterBackup - barmanObjectStore: - destinationPath: "s3://openproject/backups" - endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "db" - s3Credentials: - accessKeyId: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID - secretAccessKey: - name: openproject-secret - key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY - wal: - maxParallel: 8 - compression: gzip ---- -apiVersion: postgresql.cnpg.io/v1 -kind: ScheduledBackup -metadata: - name: backup-openproject -spec: - immediate: true - schedule: "0 0 0 * * *" - backupOwnerReference: self - cluster: - name: openproject diff --git a/openproject/kustomization.yaml b/openproject/kustomization.yaml deleted file mode 100644 index d507cbe..0000000 --- a/openproject/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -generators: - - ./secret-generator.yaml -resources: - - ./db.yaml diff --git a/openproject/secret-generator.yaml b/openproject/secret-generator.yaml deleted file mode 100644 index 7f9b73e..0000000 --- a/openproject/secret-generator.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: viaduct.ai/v1 -kind: ksops -metadata: - name: secret-generator - annotations: - config.kubernetes.io/function: | - exec: - path: ksops -files: - - ./secret.yaml diff --git a/openproject/secret.yaml b/openproject/secret.yaml deleted file mode 100644 index 4c3356d..0000000 --- a/openproject/secret.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: openproject-secret - labels: - app.kubernetes.io/name: openproject-secret - app.kubernetes.io/part-of: openproject -stringData: - OPENPROJECT_OPENID__CONNECT_AUTHENTIK_IDENTIFIER: ENC[AES256_GCM,data:u0EqZSaIBVEavmNVevNcO1ZtlMHZfdXDi4s0Rfjo9NyeIIsN3rHWuQ==,iv:mvhGi5w/kCOQGcTaQz8FOeGBvaP0NSH4DRzFhA5IwQg=,tag:P9CYCymCpWPZ0+0Ujc0rrQ==,type:str] - OPENPROJECT_OPENID__CONNECT_AUTHENTIK_SECRET: ENC[AES256_GCM,data:z17lplltjJd+LnmceX9Hdak6BHVaZ1nSHWt4FMiSbCtl02igdA5i3jozUyagwy4y+B5TMrla+BmK5KMFoZsalpThJZjWFcOZyo8BtQOeAEODXnwNg6Sznmhvya4BTEzdzkqbeOIYp/38rkcSUeTDPwo1ca+M9tb2udfvTmIg6FA=,iv:XEOCc5uUu4s5DQTnClCv1W89x4T+TS4zQS/G6V9UedI=,tag:GjY97MANIMAKEOgelbeprQ==,type:str] - OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: ENC[AES256_GCM,data:0vVJDBN9yl+K+LAAfvtMMQPX2YM=,iv:7PXtPZsYlOffhJMu4l6MRgBKkC8sI4R+6DFWIGK3rJ8=,tag:4XEdO10j8VXMCDst86KYFw==,type:str] - OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: ENC[AES256_GCM,data:OAZ1embfVUQBorMd69mBaGy0fAI4TEjuwDzCyriWQwtlSr/xsi1ypQ==,iv:eOu/LwYxsoCKbx61gmioLm8Zn1rfIVd2Qsil03r6Kro=,tag:/hRprgV+c9Qpwsbpkdj1xg==,type:str] -type: Opaque -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6U3ZOaHd3Q21ZbVZudjZp - Y1BKMUdhU2ZQU1M2ZVlpNnVLMlRhNnZyTlJvCnI2TWZGR04yTWhUTllwUDI4aVlF - d24veFJwSmV0Y2NjL3l5ZW44a0F0d2cKLS0tIDdTMndsTk53Y3Q5WEpiQUFCRHZt - QXY5NTYyNldCSnFaQmE1QklTUURETDQKNlWFVA6qHmKDazv48PVygwV4/4cgBtKK - IYPcP2N0/T0rDw2ngw4lNdHJ90doTTmlUjiPYDmmfopGOi1XpoG2dQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbDlvVldrL2lCMzhsMjg4 - aHo5aExVWVBDTGl0RGtqUEZQS1JyWGRvZFFnCkNyMzc2WS9aS1doa1Y2R09JM0NJ - eWZRbEtNdTN1YWE4N3hqVDRRekZ0cDQKLS0tIE5oT1FCQlY2TDRlM3JSM2p4ckM4 - bHBpKzUvVi9YbHNNcjZEanVOeXB4SDQKFAV1upJgJzRlXzEB9FEW2sSeebC8dGt8 - xdfRIMKXn1pnf64N69ZnJ+hbcDvuMPnoSBsZ7W95nF0lItYfDIyHFw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUdDEyanpERGpaMFV2cE5n - dmg3QjYzNkk3R2c0Yk1OTHlpRlZLRkYrNXlBCjJYdWRNeVVCR1FEVXBoZlJwU0Fn - aDFpbG1nbXRUOHBZcG9jMGZqeFM1OUkKLS0tIHZkYkQ0dlN1UDBZajRhVWZXUHVR - ci9LK2JjSlVvaDR2UFpwWGZmMDhQbDgKxcvqSMhGzpxoP2OSdjs2KsA9cd36j+xO - JYBFmTQnb4oTTzMQZxMAowaiqDt4fLsD6fXcwBnclq2SwAGsOlzvJw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-13T20:19:15Z" - mac: ENC[AES256_GCM,data:qloZYbT1ht2wTzTVD5O57C/VVHy80yT0bIpB+mSjF9yvvDF38rpUS3FuZFoXoDeyaniCml3IUV3Bww/lHXoHI/nPr70Vsl+Q2n9FdUnD1JKfI/kLqvk+XM5HB8qqY4XFXhjwZOGrbN3v5Stgi+CWb2s8518g8OCSdR8pyaWDSqc=,iv:4v77gZzMfjMYyF4K4BOBCdYbxk0wa3zrruy7VD7Tux0=,tag:50/uxJDqgvaEItqMepWwoA==,type:str] - pgp: [] - encrypted_regex: ^(data|stringData)$ - version: 3.9.1 diff --git a/openproject/values.yaml b/openproject/values.yaml deleted file mode 100644 index 248477a..0000000 --- a/openproject/values.yaml +++ /dev/null @@ -1,58 +0,0 @@ -image: - registry: git.ar21.de - repository: aaron/openproject - tag: '45' -appInit: - resources: - limits: - memory: 4Gi - requests: - memory: 4Gi -clusterDomain: project.aaronriedel.de -ingress: - annotations: - kubernetes.io/tls-acme: 'true' - host: project.aaronriedel.de - tls: - secretName: openproject-tls -workers: - default: - replicas: 2 -environment: - OPENPROJECT_DISABLE__PASSWORD__LOGIN: true -openproject: - extraEnvVarsSecret: openproject-secret - oidc: - enabled: true - provider: authentik - displayName: aaronID - host: auth.ar21.de - identifier: null - secret: null - userinfoEndpoint: /application/o/userinfo/ - tokenEndpoint: /application/o/token/ - authorizationEndpoint: /application/o/authorize/ - endSessionEndpoint: /application/o/openproject/end-session/ - scope: '[openid email profile]' -persistence: - enabled: false -s3: - enabled: true - region: fsn1 - bucketName: openproject - endpoint: https://fsn1.your-objectstorage.com - pathStyle: true - enableSignatureV4Streaming: false - directUploads: false -postgresql: - bundled: false - connection: - host: openproject-rw.aaron-openproject.svc.cluster.local - port: 5432 - auth: - existingSecret: openproject-app - secretKeys: - adminPasswordKey: password - userPasswordKey: password - username: app - database: app From 5368b899746f5eff0bb3b79c10949b63c99f468f Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 13 Jul 2025 11:47:42 +0200 Subject: [PATCH 17/19] set "automated" flags for argo --- app-files/apps.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 8acde18..4fac3c2 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -16,6 +16,7 @@ spec: syncPolicy: automated: prune: false + selfHeal: true --- #apiVersion: argoproj.io/v1alpha1 #kind: Application @@ -67,6 +68,7 @@ spec: - CreateNamespace=true automated: prune: true + selfHeal: true --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -87,6 +89,7 @@ spec: - CreateNamespace=true automated: prune: true + selfHeal: true --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -107,6 +110,7 @@ spec: - CreateNamespace=true automated: prune: true + selfHeal: true --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -128,4 +132,5 @@ spec: syncOptions: - CreateNamespace=true automated: - prune: false + prune: true + selfHeal: true From d2793366a51f6ada378b9d7e335013ede8f9d4da Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 13 Jul 2025 11:52:54 +0200 Subject: [PATCH 18/19] set serverside apply for cnpg --- app-files/apps.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 78e4f68..722a8aa 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -131,6 +131,7 @@ spec: syncPolicy: syncOptions: - CreateNamespace=true + - ServerSideApply=true automated: prune: true selfHeal: true From 569a77f4c3c8cc396e8a6214977b89bdc8b933d1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 13 Jul 2025 10:04:09 +0000 Subject: [PATCH 19/19] chore(config): migrate config renovate.json --- renovate.json | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/renovate.json b/renovate.json index 6eb5df5..b09d564 100644 --- a/renovate.json +++ b/renovate.json @@ -1,10 +1,13 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "dependencyDashboard": true, - "enabledManagers": ["argocd"], + "enabledManagers": [ + "argocd" + ], "argocd": { - "fileMatch": ["^app-files/apps\\.yaml$"] + "managerFilePatterns": [ + "/^app-files/apps\\.yaml$/" + ] }, - "packageRules": [ - ] + "packageRules": [] }