diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 5071e96..d200aaa 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -29,7 +29,7 @@ spec: sources: - chart: woodpecker repoURL: https://woodpecker-ci.org/ - targetRevision: 2.0.2 + targetRevision: 2.0.3 helm: releaseName: woodpecker valueFiles: diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 1dd04d0..18dda15 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -39,7 +39,7 @@ spec: sources: - repoURL: https://argoproj.github.io/argo-helm chart: argo-cd - targetRevision: 7.7.10 + targetRevision: 7.7.11 helm: releaseName: argo valueFiles: @@ -460,3 +460,23 @@ spec: - CreateNamespace=true automated: prune: false +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: traefik-certmanager + namespace: argocd +spec: + project: default + source: + repoURL: https://git.ar21.de/yolokube/core-deployments.git + targetRevision: HEAD + path: traefik-certmanager/overlay + destination: + server: https://kubernetes.default.svc + namespace: traefik + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: false diff --git a/authentik/manifest.yaml b/authentik/manifest.yaml index ec25954..5100720 100644 --- a/authentik/manifest.yaml +++ b/authentik/manifest.yaml @@ -92,7 +92,7 @@ spec: secretKeyRef: key: authentik_host_insecure name: authentik-outpost-api - image: ghcr.io/goauthentik/proxy:2024.12.0 + image: ghcr.io/goauthentik/proxy:2024.12.1 name: proxy ports: - containerPort: 9000 diff --git a/longhorn/values.yaml b/longhorn/values.yaml index f01868b..c2a8347 100644 --- a/longhorn/values.yaml +++ b/longhorn/values.yaml @@ -12,6 +12,7 @@ persistence: "isGroup":false } ]' + disableRevisionCounter: false defaultSettings: defaultDataPath: /storage1 backupTarget: "s3://yolokube-backups@weur/" diff --git a/traefik-certmanager/base/kustomization.yaml b/traefik-certmanager/base/kustomization.yaml new file mode 100644 index 0000000..df9d748 --- /dev/null +++ b/traefik-certmanager/base/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - traefik-certmanager.yaml diff --git a/traefik-certmanager/base/traefik-certmanager.yaml b/traefik-certmanager/base/traefik-certmanager.yaml new file mode 100644 index 0000000..2eade77 --- /dev/null +++ b/traefik-certmanager/base/traefik-certmanager.yaml @@ -0,0 +1,66 @@ +# from https://github.com/ncsa/traefik-certmanager +# +# Used to automatically create cert request for IngressRoute Objects +# +# Added by Aaron +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-certmanager + namespace: traefik +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-certmanager +rules: +- apiGroups: ["traefik.io"] + resources: ["ingressroutes"] + verbs: ["watch", "patch"] +- apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "create", "delete"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-certmanager +subjects: +- kind: ServiceAccount + name: traefik-certmanager + namespace: traefik +roleRef: + kind: ClusterRole + name: traefik-certmanager + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: traefik-certmanager + namespace: traefik +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: traefik-certmanager + template: + metadata: + labels: + app.kubernetes.io/name: traefik-certmanager + spec: + serviceAccount: traefik-certmanager + containers: + - name: traefik-certmanager + image: git.ar21.de/yolokube/traefik-certmanager:latest + imagePullPolicy: Always + env: + - name: ISSUER_NAME + value: letsencrypt-prod + - name: ISSUER_KIND + value: ClusterIssuer + - name: CERT_CLEANUP + value: "true" + - name: PATCH_SECRETNAME + value: "true" diff --git a/traefik-certmanager/overlay/kustomization.yaml b/traefik-certmanager/overlay/kustomization.yaml new file mode 100644 index 0000000..7d9d4b1 --- /dev/null +++ b/traefik-certmanager/overlay/kustomization.yaml @@ -0,0 +1,8 @@ +resources: +- ../base +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: git.ar21.de/yolokube/traefik-certmanager + newName: git.ar21.de/yolokube/traefik-certmanager + newTag: "2" diff --git a/traefik/dashboard-cert.yaml b/traefik/dashboard-cert.yaml deleted file mode 100644 index b567b03..0000000 --- a/traefik/dashboard-cert.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: traefik-cert - namespace: traefik -spec: - secretName: traefik-tls-key - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - dnsNames: - - traefik.services.yolokube.de diff --git a/woodpecker/grpc-ingress/ingress.yaml b/woodpecker/grpc-ingress/ingress.yaml index 1fcc5a3..0573e30 100644 --- a/woodpecker/grpc-ingress/ingress.yaml +++ b/woodpecker/grpc-ingress/ingress.yaml @@ -16,28 +16,20 @@ spec: port: 9000 targetPort: grpc --- -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute metadata: - annotations: - kubernetes.io/tls-acme: "true" - traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c - traefik.ingress.kubernetes.io/service.serversscheme: h2c - name: woodpecker-grpc namespace: woodpecker + name: woodpecker-grpc spec: - rules: - - host: "woodpecker-grpc.apps.yolokube.de" - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: woodpecker-grpc - port: - name: grpc + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`) + services: + - name: woodpecker-grpc + port: grpc + scheme: h2c tls: - - hosts: - - woodpecker-grpc.apps.yolokube.de - secretName: woodpecker-grpc-tls-key + secretName: woodpecker-grpc-tls-key