yolokube/core-deployments
yolokube/core-deployments
2
3
Fork 0
Code Issues 2 Pull requests 4 Projects Wiki Activity

Compare commits

base: yolokube:3b5b845fd0675107b9a1616a2b1c1b7497aefcc6
Branches Tags
yolokube:main
yolokube:589_dashboard_staging
yolokube:587_dashboard_staging
yolokube:renovate/ghcr.io-woodpecker-ci-helm-woodpecker-3.x
yolokube:renovate/argo-cd-8.x
..
compare: yolokube:6742923ccead2ccabc9c14ffddb13ec941e7638e
Branches Tags
yolokube:589_dashboard_staging
yolokube:main
yolokube:587_dashboard_staging
yolokube:renovate/ghcr.io-woodpecker-ci-helm-woodpecker-3.x
yolokube:renovate/argo-cd-8.x

No commits in common. "3b5b845fd0675107b9a1616a2b1c1b7497aefcc6" and "6742923ccead2ccabc9c14ffddb13ec941e7638e" have entirely different histories.
3b5b845fd0 ... 6742923cce

10 changed files with 57 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored
View file

@ -1,4 +1,4 @@
**/secret.yaml
**/temp.yaml **/temp.yaml
**/credentials **/credentials
**/.DS_Store **/.DS_Store
*.agekey

11
.sops.yaml
View file

@ -1,11 +0,0 @@
---
keys:
- &argo age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
- &tom age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
creation_rules:
- path_regex: .*
encrypted_regex: ^(data|stringData)$
key_groups:
- age:
- *argo
- *tom

25
app-files/core-deployments.yaml
View file

@ -32,26 +32,14 @@ spec:
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: argo name: argocd-ingress
namespace: argocd namespace: argocd
spec: spec:
project: default project: default
sources: source:
- repoURL: https://argoproj.github.io/argo-helm repoURL: https://git.ar21.de/yolokube/core-deployments.git
chart: argo-cd targetRevision: HEAD
targetRevision: 7.6.6 path: argo
helm:
releaseName: argo
valueFiles:
- $values/argo/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: argo
kustomize:
buildOptions: "--enable-alpha-plugins --enable-exec"
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
namespace: argocd namespace: argocd
@ -59,8 +47,7 @@ spec:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
selfHeal: true prune: true
prune: false
--- ---
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application

26
argo/cm.yaml
View file

@ -9,7 +9,6 @@ metadata:
app.kubernetes.io/name: argocd-cm app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
data: data:
kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"
statusbadge.enabled: "true" statusbadge.enabled: "true"
resource.customizations: | resource.customizations: |
networking.k8s.io/Ingress: networking.k8s.io/Ingress:
@ -34,3 +33,28 @@ data:
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
requestedScopes: ["openid", "profile", "email"] requestedScopes: ["openid", "profile", "email"]
logoutURL: https://auth.ar21.de/application/o/yolokube-argocd/end-session/ logoutURL: https://auth.ar21.de/application/o/yolokube-argocd/end-session/
---
kind: ConfigMap
apiVersion: v1
metadata:
name: argocd-cmd-params-cm
namespace: argocd
labels:
app.kubernetes.io/instance: argocd-ingress
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
data:
server.insecure: "true"
---
kind: ConfigMap
apiVersion: v1
metadata:
name: argocd-rbac-cm
namespace: argocd
labels:
app.kubernetes.io/instance: argocd-ingress
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
data:
policy.csv: |
g, yolokube-general, role:admin

24
argo/ingress.yaml Normal file
View file

@ -0,0 +1,24 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/tls-acme: "true"
name: argocd-ingress
namespace: argocd
spec:
rules:
- host: "argo.services.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: argocd-server
port:
number: 80
tls:
- hosts:
- argo.services.yolokube.de
secretName: argocd-tls-key

6
argo/kustomization.yaml
View file

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ./secret-generator.yaml
resources:
- ./cm.yaml

10
argo/secret-generator.yaml
View file

@ -1,10 +0,0 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./sops-secret.yaml

37
argo/sops-secret.yaml
View file

@ -1,37 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: sops-age
namespace: argocd
type: Opaque
data:
keys.txt: ENC[AES256_GCM,data:EQvfQQy6rco2iqbVLn/3jxsNTcU1tbfCkkAP9D3ggD/MJcIaQ3ZdxonbnnYUS34mmhEwba9R3vn80EQCj0M5jU5ucMeU+E25HbQAJFPBI2pvXuRQy8nMVtRwgrJZdaFKBUzGjtNrSj04y1y6QdIsIMqkn8byi5RthJ86IYo4if4WNPJp1EyiM/3+PTn/fLT/QtzU83LUz8D/hPTtUYJCxyeHEYBuC/niHfT1NgqsBRspI13bPUmxBjmtew1docQL61QSRdflopD7vxb9b6elQ/Zj4vs/TK0ILT5do1KkRGnZT8hRTnqnArcLdTr8xR5gVlIFFInncvzdLPsN,iv:JvuOYExMwMBlgM/W83ttlnvUPkuFPVvkBNwzumBxpLU=,tag:AXJOv4ZO0znONF9VG+5j3g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeitkMzBjTGxSM09RTnFB
N0UxRytKMmszMHhKVFY3b0pNcHIwWHcwbUNjClY4cHMvemhzRkNXRVhtcVRtN1c4
OGtaWFkwTWYwNHNTL3lMVmlYOGREYTAKLS0tIEZxNm1IMmFxdzB2dUhvdlNsUUxl
UHdKaW8ydkpoLzQ0dEVyc0plaVhCTlUK6PF6CVvLDDTIozhRYHZxgcNeeKQPJAPr
Ay/35PSwzZ4RVJyAKqyhkkQSXkwLsytV1AC527NEZbmBniGgioyFHA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1BmeUNLT1RQR3cybzQx
aTRJVXkzQTFmNVowTmpVckJHdmRWTlVtSEV3Cm1oakp0c0NoRnF5c3pIb01ja2g3
UE1hUXV2bmNqeFlPM2tsY0J0UndYVTgKLS0tIDRBaGVBK0xlSFVFVVdXZjQ1RXhQ
UUo1Q0lXVjNGWllzYnlJS29qZHdZZGsK8Z1JWhY9HSY5xm6gZaT3TB2eqMysNxgL
MDk4gaQq8qbrMF/jN40ljt1ZgtAlY2gQKFyqygUNiwgHxN8iC2upng==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-30T17:09:05Z"
mac: ENC[AES256_GCM,data:Qvm2+3NQy9oywWveAhJdvnmg9tQzdCwjQSczYAS2j5Y0nPw3VeCT27Efm0A591fsvUhjukcDnX2ogEkKtPPJgq5VAJtGLXh2akAdjFxYxm8UPkgw8e6ev/R4kQQdTQ0if8qeeIO3CHEvAKhmrGimbg4DDHgPvyGoiHtTbBBFFr0=,iv:EDmPxMOXpHdyTmGbHFYAholnzi+WLc+GBXmu0k3GAuE=,tag:ThMbGppwFUocX7g2bsWI7w==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.0

51
argo/values.yaml
View file

@ -1,51 +0,0 @@
global:
domain: argo.services.yolokube.de
configs:
cm:
create: false
params:
create: true
server.insecure: true
rbac:
create: true
policy.csv: |
g, yolokube-general, role:admin
server:
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
tls: true
repoServer:
volumes:
- name: custom-tools
emptyDir: {}
- name: sops-key
secret:
secretName: sops-age
initContainers:
- name: install-ksops
image: viaductoss/ksops:v4.3.2
command: ["/bin/sh", "-c"]
args:
- echo "Installing KSOPS...";
mv ksops /custom-tools/;
mv kustomize /custom-tools/;
echo "Done.";
volumeMounts:
- mountPath: /custom-tools
name: custom-tools
volumeMounts:
- mountPath: /usr/local/bin/kustomize
name: custom-tools
subPath: kustomize
- mountPath: /usr/local/bin/ksops
name: custom-tools
subPath: ksops
- mountPath: /.config/sops/age
name: sops-key
env:
- name: XDG_CONFIG_HOME
value: /.config
- name: SOPS_AGE_KEY_FILE
value: /.config/sops/age/keys.txt

4
renovate.json
View file

@ -5,10 +5,6 @@
"argocd": { "argocd": {
"fileMatch": ["^app-files/core-deployments\\.yaml$"] "fileMatch": ["^app-files/core-deployments\\.yaml$"]
}, },
"kubernetes": {
"enabled": true,
"fileMatch": ["\\.yaml$"]
},
"packageRules": [ "packageRules": [
{ {
"matchPackageNames": ["kube-prometheus-stack"], "matchPackageNames": ["kube-prometheus-stack"],