yolokube/core-deployments
yolokube/core-deployments
2
3
Fork 0
Code Issues 3 Pull requests Projects Wiki Activity

Merge pull request 'Add yamllint to Woodpecker CI' (#154) from improce_ci into main
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details

Browse source 
Reviewed-on: #154
Reviewed-by: Aaron Riedel <git@ar21.de>
This commit is contained in:
Tom Neuber 2024-10-07 13:45:49 +02:00
commit e868463399
67 changed files with 702 additions and 631 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.drone.yml
View file

@ -1,7 +1,8 @@
---
kind: pipeline
name: deploy
steps:
- name: kustomize build dashboard (prod + staging)
- name: kustomize build dashboard (prod + staging)
image: git.ar21.de/aaron/kustomize-ci
commands:
- cd /deployment-repo
@ -18,7 +19,7 @@ steps:
- main
event:
- push
- name: kustomize build dashboard (staging)
- name: kustomize build dashboard (staging)
image: git.ar21.de/aaron/kustomize-ci
commands:
- cd /deployment-repo
@ -38,7 +39,7 @@ steps:
- main
event:
- push
- name: kustomize push dashboard changes (prod + staging)
- name: kustomize push dashboard changes (prod + staging)
image: appleboy/drone-git-push
settings:
branch: main
@ -57,7 +58,7 @@ steps:
- main
event:
- push
- name: kustomize push dashboard changes (staging)
- name: kustomize push dashboard changes (staging)
image: appleboy/drone-git-push
settings:
branch: main
@ -78,9 +79,9 @@ steps:
event:
- push
volumes:
- name: deployment-repo
- name: deployment-repo
temp: {}
- name: staging-repo
- name: staging-repo
temp: {}
when:
event:

8
.woodpecker/.yamllint.yaml Normal file
View file

@ -0,0 +1,8 @@
---
steps:
- name: linting
image: cytopia/yamllint:latest
commands:
- yamllint -f colored -s .
when:
- event: push

10
.yamllint Normal file
View file

@ -0,0 +1,10 @@
---
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
extends: default
rules:
line-length: disable

1
argo/kustomization.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

1
argo/secret-generator.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

1
argo/secret.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

1
argo/sops-secret.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

1
argo/values.yaml
View file

@ -1,3 +1,4 @@
---
global:
domain: argo.services.yolokube.de
configs:

1
authentik/kustomization.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

1
authentik/manifest.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

1
authentik/secret-generator.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

1
authentik/secret.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

1
cert-manager/namespace.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

1
cert-manager/values.yaml
View file

@ -1,3 +1,4 @@
---
namespace: cert-manager
replicaCount: 3
podDisruptionBudget:

1
cilium/values.yaml
View file

@ -1,3 +1,4 @@
---
encryption:
enabled: false
ipam:

1
dashboard/base/dashboard.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

3
dashboard/base/kustomization.yaml
View file

@ -1,4 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- dashboard.yaml
- dashboard.yaml

5
dashboard/overlays/prod/kustomization.yaml
View file

@ -1,9 +1,10 @@
---
resources:
- ../../base
- ../../base
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: "96"
namespace: dashboard

11
dashboard/overlays/staging/kustomization.yaml
View file

@ -1,28 +1,29 @@
---
resources:
- ../../base
- ../../base
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: staging-95
namespace: dashboard-staging
patches:
- patch: |-
- patch: |-
- op: replace
path: /spec/rules/0/host
value: "dashboard-staging.services.yolokube.de"
target:
kind: Ingress
name: dashboard-ingress
- patch: |-
- patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: "dashboard-staging.services.yolokube.de"
target:
kind: Ingress
name: dashboard-ingress
- patch: |-
- patch: |-
- op: replace
path: /spec/replicas
value: 1

1
ingress/values.yaml
View file

@ -1,3 +1,4 @@
---
controller:
enableSnippets: true
hostNetwork: true

1
loki/kustomization.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

1
loki/namespace.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

1
loki/secret-generator.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

1
loki/secret.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

1
loki/values.yaml
View file

@ -1,3 +1,4 @@
---
loki:
auth_enabled: false
persistence:

1
longhorn/kustomization.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

1
longhorn/namespace.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

1
longhorn/recurringjobs.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: longhorn.io/v1beta1
kind: RecurringJob
metadata:

1
longhorn/secret-generator.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

9
longhorn/secret.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:
@ -7,11 +8,11 @@ type: Opaque
data:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
#ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
# ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
#ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
#ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
#ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
# ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
# ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
# ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
sops:
kms: []
gcp_kms: []

1
longhorn/storageclass.yaml
View file

@ -1,3 +1,4 @@
---
# this is the storageclass manifest for the logs and metrics volumes
kind: StorageClass
apiVersion: storage.k8s.io/v1

1
longhorn/values.yaml
View file

@ -1,3 +1,4 @@
---
persistence:
recurringJobSelector:
enable: true

1
longhorn/volumesnapshotclass.yaml
View file

@ -1,3 +1,4 @@
---
kind: VolumeSnapshotClass
apiVersion: snapshot.storage.k8s.io/v1
metadata:

1
node-labeler/node-labeler.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

1
prometheus/kustomization.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

1
prometheus/namespace.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

1
prometheus/secret-generator.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

1
prometheus/secret.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

1
prometheus/service-monitor-longhorn.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:

1
prometheus/templates.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: ConfigMap
metadata:

1
prometheus/values.yaml
View file

@ -1,3 +1,4 @@
---
alertmanager:
alertmanagerSpec:
podAntiAffinity: "hard"

1
quota/quotad.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:

28
tests/test-egress.yaml
View file

@ -1,17 +1,17 @@
#---
#apiVersion: v1
#kind: Namespace
#metadata:
# ---
# apiVersion: v1
# kind: Namespace
# metadata:
# name: egress
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: egress-deployment
# namespace: egress
# labels:
# app: egress
#spec:
# spec:
# replicas: 3
# selector:
# matchLabels:
@ -26,15 +26,15 @@
# image: curlimages/curl
# command: ['/usr/bin/curl']
# args: ['-s', '-L', '-4', 'ip.hetzner.com']
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: egress6-deployment
# namespace: egress
# labels:
# app: egress6
#spec:
# spec:
# replicas: 3
# selector:
# matchLabels:

50
tests/test-storage.yaml
View file

@ -1,31 +1,31 @@
### example app "privatebin" to test storage
#---
#apiVersion: v1
#kind: Namespace
#metadata:
# ## example app "privatebin" to test storage
# ---
# apiVersion: v1
# kind: Namespace
# metadata:
# name: paste
#---
#apiVersion: v1
#kind: PersistentVolumeClaim
#metadata:
# ---
# apiVersion: v1
# kind: PersistentVolumeClaim
# metadata:
# name: paste-pvc
# namespace: paste
#spec:
# spec:
# accessModes:
# - ReadWriteOnce
# volumeMode: Filesystem
# resources:
# requests:
# storage: 8Gi
#---
#apiVersion: apps/v1
#kind: Deployment
#metadata:
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: paste-deployment
# namespace: paste
# labels:
# app: paste
#spec:
# spec:
# replicas: 1
# selector:
# matchLabels:
@ -49,28 +49,28 @@
# - name: paste-volume
# persistentVolumeClaim:
# claimName: paste-pvc
#---
#apiVersion: v1
#kind: Service
#metadata:
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: paste-service
# namespace: paste
#spec:
# spec:
# selector:
# app: paste
# ports:
# - protocol: TCP
# port: 80
# targetPort: 8080
#---
#apiVersion: networking.k8s.io/v1
#kind: Ingress
#metadata:
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# annotations:
# kubernetes.io/tls-acme: "true"
# name: paste-ingress
# namespace: paste
#spec:
# spec:
# rules:
# - host: "paste.apps.yolokube.de"
# http:

1
thanos/2-objectstore-secret.enc.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

1
thanos/kustomization.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

1
thanos/secret-generator.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

1
traefik/basicauth.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:

1
traefik/secondingressclass.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:

1
traefik/values.yaml
View file

@ -1,3 +1,4 @@
---
deployment:
kind: DaemonSet
minReadySeconds: 120

1
vcluster/aaron.yaml
View file

@ -1,3 +1,4 @@
---
controlPlane:
distro:
k8s:

1
vcluster/ingress-aaron.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:

1
vcluster/tom.yaml
View file

@ -1,3 +1,4 @@
---
controlPlane:
distro:
k8s:

1
woodpecker/secrets/kustomization.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:

1
woodpecker/secrets/secret-generator.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:

1
woodpecker/secrets/secrets.enc.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Secret
metadata:

1
woodpecker/values/values.yaml
View file

@ -1,3 +1,4 @@
---
server:
ingress:
# -- Enable the ingress for the server component