diff --git a/app-files/apps.yaml b/app-files/apps.yaml index a9bd050..fa5fb2e 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -50,6 +50,41 @@ spec: --- apiVersion: argoproj.io/v1alpha1 kind: Application +metadata: + name: aaron-drone-runner + namespace: argocd +spec: + project: default + sources: + - chart: drone-runner-kube + repoURL: https://charts.drone.io + targetRevision: 0.1.10 + helm: + releaseName: drone-runner + values: | + extraSecretNamesForEnvFrom: + - drone-secrets + rbac: + buildNamespaces: + - aaron-drone + env: + DRONE_RPC_HOST: drone.ar21.de + DRONE_RPC_PROTO: https + DRONE_NAMESPACE_DEFAULT: drone + - repoURL: https://git.ar21.de/aaron/k8s-deployments.git + targetRevision: HEAD + path: drone + destination: + server: https://kubernetes.default.svc + namespace: aaron-drone + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: false +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application metadata: name: aaron-hoylogo namespace: argocd @@ -118,7 +153,7 @@ spec: sources: - chart: cloudnative-pg repoURL: https://cloudnative-pg.io/charts - targetRevision: 0.23.2 + targetRevision: 0.23.0 helm: releaseName: cloudnative-pg destination: @@ -140,7 +175,7 @@ spec: sources: - repoURL: https://charts.openproject.org chart: openproject - targetRevision: 9.10.0 + targetRevision: 9.7.0 helm: releaseName: openproject valueFiles: diff --git a/drone/kustomization.yaml b/drone/kustomization.yaml new file mode 100644 index 0000000..d840c3c --- /dev/null +++ b/drone/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generators: + - ./secret-generator.yaml diff --git a/drone/secret-generator.yaml b/drone/secret-generator.yaml new file mode 100644 index 0000000..7f9b73e --- /dev/null +++ b/drone/secret-generator.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./secret.yaml diff --git a/drone/secret.yaml b/drone/secret.yaml new file mode 100644 index 0000000..5aa2a4c --- /dev/null +++ b/drone/secret.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: Secret +metadata: + name: drone-secrets +type: Opaque +data: + DRONE_RPC_SECRET: ENC[AES256_GCM,data:jrF3Y4c6HVYse2h8MhzPMTfLhD2VLmAGyr4yxjf0gFspTAVLcYwNtoJbjnI=,iv:7xGbWm5exOTDYJc3Uwj++9HWheyJI+F0SypeAmK7HcI=,tag:ksWv+zzc8fH9a193cNwYXA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cWRBQzFHTzR0WUNhc0Rl + dWlaTE9BTUFBb250c1ZaVjRrVUY3MjBXcDNjCmgwMjRzcFlmc3NhRUhkdHJHa3BV + bis5VWNCY1JFZ0ZpcjhJUWcxZXluZ0kKLS0tIFk1NnhSMWxvZ0JuSTFTV1lwY1Na + UW1YSVplRWNZc0o2UjNDUG5CUncvbk0KR/UDgABlTT4wA7CcE31LkPOMk7sXM6jr + rccWRqlgEyvD3AgRPQNUEZ/3nJbORhFLDt8jxsT4POFsDtZvxH1f2g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkljMUlGZmtnNTU4dnR2 + dXFyMkNUeFVHMENZa3d0a3MxNGpyYlhSS0VBClVXaXBVTU9GWkNjWk9OakNxakJK + a29VNzZ1UGFqNFhWclRONUw5dFo0WVUKLS0tIEQzS2ZxeldzZFY0cWlvRzIvVkl1 + MGJpczFOcThtTlVrSUROMytRNVVkc0kK0iO5dHZA/PhRGczCqFa1frXGMfJE30Cq + ZVfX5HcndP/87F5dv8FO2A9EJz4riz/TjuOpxIUhinDul7JI0T4KQw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUXREYjJEUmVwZ1ZTTmZh + cnp4K3dYdmczQ3o5RWFzMlF3NTRrOHFaSzA4CnBFbXk2MXVpVUxudXBMRWJwQ0JW + S2M3UEp1Qys3L0J1KzNsV1R3d05zamcKLS0tIDhMaDFmeG1vZWkzWDBKWGVoNWJS + REFDWXpDUkVkSnkzSmNiMzd6a2ZsbUEKFoDTBpjI/VCPCeqE+hVNk0zswNEWbnNw + TTwVfQ1xOXD5FeH8B+9zHo14UTi/Cp9T4OIcYNduKar7K0rQLlgz6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-13T20:19:15Z" + mac: ENC[AES256_GCM,data:kCdPeuBOut4sXFYcp5uStaERQL8steUy1MZ51hWlP7sDfHpoKIV2oEEbRDlVy/2+no58WfH161J8gy5dw+B+ambwkcBShUA3D8yR8akX3ZlCSPR+Xp/KsUrtM5CtBmWpCiaI+0RZUnEXcRRWYPzHA4g2Hmrlg5mMmcD63zmV100=,iv:nXWlCN+DNLovf26fyCMDc0GmVtCaKB18pZUVpbqfjzw=,tag:QNT0A0SN8Vt992WAukNpmA==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/openproject/db.yaml b/openproject/db.yaml index 9ff8cef..85f33fb 100644 --- a/openproject/db.yaml +++ b/openproject/db.yaml @@ -17,7 +17,7 @@ spec: barmanObjectStore: destinationPath: "s3://openproject/backups" endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "db" # in case of restore change this + serverName: "openproject-backup" # in case of restore change this s3Credentials: accessKeyId: name: openproject-secret @@ -33,7 +33,7 @@ spec: barmanObjectStore: destinationPath: "s3://openproject/backups" endpointURL: "https://fsn1.your-objectstorage.com" - serverName: "db" + serverName: "openproject-backup" s3Credentials: accessKeyId: name: openproject-secret diff --git a/openproject/values.yaml b/openproject/values.yaml index 248477a..29df62f 100644 --- a/openproject/values.yaml +++ b/openproject/values.yaml @@ -1,7 +1,7 @@ image: registry: git.ar21.de repository: aaron/openproject - tag: '45' + tag: '36' appInit: resources: limits: @@ -21,6 +21,10 @@ workers: environment: OPENPROJECT_DISABLE__PASSWORD__LOGIN: true openproject: + admin_user: + password_reset: 'true' + name: Aaron Riedel + mail: aaron@ar21.de extraEnvVarsSecret: openproject-secret oidc: enabled: true