Compare commits
No commits in common. "main" and "30_openproject_prod" have entirely different histories.
main
...
30_openpro
6 changed files with 126 additions and 39 deletions
|
|
@ -50,6 +50,41 @@ spec:
|
|||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: aaron-drone-runner
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
sources:
|
||||
- chart: drone-runner-kube
|
||||
repoURL: https://charts.drone.io
|
||||
targetRevision: 0.1.10
|
||||
helm:
|
||||
releaseName: drone-runner
|
||||
values: |
|
||||
extraSecretNamesForEnvFrom:
|
||||
- drone-secrets
|
||||
rbac:
|
||||
buildNamespaces:
|
||||
- aaron-drone
|
||||
env:
|
||||
DRONE_RPC_HOST: drone.ar21.de
|
||||
DRONE_RPC_PROTO: https
|
||||
DRONE_NAMESPACE_DEFAULT: drone
|
||||
- repoURL: https://git.ar21.de/aaron/k8s-deployments.git
|
||||
targetRevision: HEAD
|
||||
path: drone
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: aaron-drone
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
prune: false
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: aaron-hoylogo
|
||||
namespace: argocd
|
||||
|
|
@ -118,7 +153,7 @@ spec:
|
|||
sources:
|
||||
- chart: cloudnative-pg
|
||||
repoURL: https://cloudnative-pg.io/charts
|
||||
targetRevision: 0.23.2
|
||||
targetRevision: 0.23.0
|
||||
helm:
|
||||
releaseName: cloudnative-pg
|
||||
destination:
|
||||
|
|
@ -140,7 +175,7 @@ spec:
|
|||
sources:
|
||||
- repoURL: https://charts.openproject.org
|
||||
chart: openproject
|
||||
targetRevision: 9.8.1
|
||||
targetRevision: 9.6.0
|
||||
helm:
|
||||
releaseName: openproject
|
||||
valueFiles:
|
||||
|
|
|
|||
5
drone/kustomization.yaml
Normal file
5
drone/kustomization.yaml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
generators:
|
||||
- ./secret-generator.yaml
|
||||
11
drone/secret-generator.yaml
Normal file
11
drone/secret-generator.yaml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: secret-generator
|
||||
annotations:
|
||||
config.kubernetes.io/function: |
|
||||
exec:
|
||||
path: ksops
|
||||
files:
|
||||
- ./secret.yaml
|
||||
45
drone/secret.yaml
Normal file
45
drone/secret.yaml
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: drone-secrets
|
||||
type: Opaque
|
||||
data:
|
||||
DRONE_RPC_SECRET: ENC[AES256_GCM,data:jrF3Y4c6HVYse2h8MhzPMTfLhD2VLmAGyr4yxjf0gFspTAVLcYwNtoJbjnI=,iv:7xGbWm5exOTDYJc3Uwj++9HWheyJI+F0SypeAmK7HcI=,tag:ksWv+zzc8fH9a193cNwYXA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cWRBQzFHTzR0WUNhc0Rl
|
||||
dWlaTE9BTUFBb250c1ZaVjRrVUY3MjBXcDNjCmgwMjRzcFlmc3NhRUhkdHJHa3BV
|
||||
bis5VWNCY1JFZ0ZpcjhJUWcxZXluZ0kKLS0tIFk1NnhSMWxvZ0JuSTFTV1lwY1Na
|
||||
UW1YSVplRWNZc0o2UjNDUG5CUncvbk0KR/UDgABlTT4wA7CcE31LkPOMk7sXM6jr
|
||||
rccWRqlgEyvD3AgRPQNUEZ/3nJbORhFLDt8jxsT4POFsDtZvxH1f2g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYkljMUlGZmtnNTU4dnR2
|
||||
dXFyMkNUeFVHMENZa3d0a3MxNGpyYlhSS0VBClVXaXBVTU9GWkNjWk9OakNxakJK
|
||||
a29VNzZ1UGFqNFhWclRONUw5dFo0WVUKLS0tIEQzS2ZxeldzZFY0cWlvRzIvVkl1
|
||||
MGJpczFOcThtTlVrSUROMytRNVVkc0kK0iO5dHZA/PhRGczCqFa1frXGMfJE30Cq
|
||||
ZVfX5HcndP/87F5dv8FO2A9EJz4riz/TjuOpxIUhinDul7JI0T4KQw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUXREYjJEUmVwZ1ZTTmZh
|
||||
cnp4K3dYdmczQ3o5RWFzMlF3NTRrOHFaSzA4CnBFbXk2MXVpVUxudXBMRWJwQ0JW
|
||||
S2M3UEp1Qys3L0J1KzNsV1R3d05zamcKLS0tIDhMaDFmeG1vZWkzWDBKWGVoNWJS
|
||||
REFDWXpDUkVkSnkzSmNiMzd6a2ZsbUEKFoDTBpjI/VCPCeqE+hVNk0zswNEWbnNw
|
||||
TTwVfQ1xOXD5FeH8B+9zHo14UTi/Cp9T4OIcYNduKar7K0rQLlgz6A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-13T20:19:15Z"
|
||||
mac: ENC[AES256_GCM,data:kCdPeuBOut4sXFYcp5uStaERQL8steUy1MZ51hWlP7sDfHpoKIV2oEEbRDlVy/2+no58WfH161J8gy5dw+B+ambwkcBShUA3D8yR8akX3ZlCSPR+Xp/KsUrtM5CtBmWpCiaI+0RZUnEXcRRWYPzHA4g2Hmrlg5mMmcD63zmV100=,iv:nXWlCN+DNLovf26fyCMDc0GmVtCaKB18pZUVpbqfjzw=,tag:QNT0A0SN8Vt992WAukNpmA==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.9.1
|
||||
|
|
@ -2,22 +2,20 @@ apiVersion: postgresql.cnpg.io/v1
|
|||
kind: Cluster
|
||||
metadata:
|
||||
name: openproject
|
||||
annotations:
|
||||
cnpg.io/skipEmptyWalArchiveCheck: enabled
|
||||
spec:
|
||||
instances: 3
|
||||
storage:
|
||||
size: 1Gi
|
||||
bootstrap:
|
||||
recovery:
|
||||
source: clusterBackup
|
||||
#recoveryTarget:
|
||||
# targetTime: "2025-02-12 21:00:00.00000+00"
|
||||
# bootstrap:
|
||||
# recovery:
|
||||
# source: clusterBackup
|
||||
# recoveryTarget:
|
||||
# targetTime: "2025-02-12 21:00:00.00000+00"
|
||||
backup:
|
||||
barmanObjectStore:
|
||||
destinationPath: "s3://openproject/backups"
|
||||
endpointURL: "https://fsn1.your-objectstorage.com"
|
||||
serverName: "db" # in case of restore change this
|
||||
serverName: "new-openproject"
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: openproject-secret
|
||||
|
|
@ -28,30 +26,19 @@ spec:
|
|||
wal:
|
||||
compression: gzip
|
||||
retentionPolicy: "30d"
|
||||
externalClusters:
|
||||
- name: clusterBackup
|
||||
barmanObjectStore:
|
||||
destinationPath: "s3://openproject/backups"
|
||||
endpointURL: "https://fsn1.your-objectstorage.com"
|
||||
serverName: "db"
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: openproject-secret
|
||||
key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID
|
||||
secretAccessKey:
|
||||
name: openproject-secret
|
||||
key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY
|
||||
wal:
|
||||
maxParallel: 8
|
||||
compression: gzip
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: ScheduledBackup
|
||||
metadata:
|
||||
name: backup-openproject
|
||||
spec:
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupOwnerReference: self
|
||||
cluster:
|
||||
name: openproject
|
||||
# externalClusters:
|
||||
# - name: clusterBackup
|
||||
# barmanObjectStore:
|
||||
# destinationPath: "s3://openproject/backups"
|
||||
# endpointURL: "https://fsn1.your-objectstorage.com"
|
||||
# serverName: openproject
|
||||
# s3Credentials:
|
||||
# accessKeyId:
|
||||
# name: openproject-secret
|
||||
# key: OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID
|
||||
# secretAccessKey:
|
||||
# name: openproject-secret
|
||||
# key: OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY
|
||||
# wal:
|
||||
# maxParallel: 8
|
||||
# compression: gzip
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
image:
|
||||
registry: git.ar21.de
|
||||
repository: aaron/openproject
|
||||
tag: '40'
|
||||
tag: '30'
|
||||
appInit:
|
||||
resources:
|
||||
limits:
|
||||
|
|
@ -21,6 +21,10 @@ workers:
|
|||
environment:
|
||||
OPENPROJECT_DISABLE__PASSWORD__LOGIN: true
|
||||
openproject:
|
||||
admin_user:
|
||||
password_reset: 'true'
|
||||
name: Aaron Riedel
|
||||
mail: aaron@ar21.de
|
||||
extraEnvVarsSecret: openproject-secret
|
||||
oidc:
|
||||
enabled: true
|
||||
|
|
@ -47,7 +51,7 @@ s3:
|
|||
postgresql:
|
||||
bundled: false
|
||||
connection:
|
||||
host: openproject-rw.aaron-openproject.svc.cluster.local
|
||||
host: openproject-rw.openproject.svc.cluster.local
|
||||
port: 5432
|
||||
auth:
|
||||
existingSecret: openproject-app
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue