From 4633238bceeaed6a5af5531a106d39da05f82add Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 19 Dec 2024 19:03:16 +0000 Subject: [PATCH 01/12] Update ghcr.io/goauthentik/proxy Docker tag to v2024.12.0 --- authentik/manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/manifest.yaml b/authentik/manifest.yaml index dc3aae6..ec25954 100644 --- a/authentik/manifest.yaml +++ b/authentik/manifest.yaml @@ -92,7 +92,7 @@ spec: secretKeyRef: key: authentik_host_insecure name: authentik-outpost-api - image: ghcr.io/goauthentik/proxy:2024.10.5 + image: ghcr.io/goauthentik/proxy:2024.12.0 name: proxy ports: - containerPort: 9000 From bcc870f0f91eb14dc6ed84b49eb19ada031707bf Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Thu, 19 Dec 2024 22:10:45 +0100 Subject: [PATCH 02/12] [longhorn] disableRevisionCounter: false --- longhorn/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/longhorn/values.yaml b/longhorn/values.yaml index f01868b..c2a8347 100644 --- a/longhorn/values.yaml +++ b/longhorn/values.yaml @@ -12,6 +12,7 @@ persistence: "isGroup":false } ]' + disableRevisionCounter: false defaultSettings: defaultDataPath: /storage1 backupTarget: "s3://yolokube-backups@weur/" From 6a300830b5b93d92401ca01d06269ce73ede8270 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 21 Dec 2024 13:02:10 +0000 Subject: [PATCH 03/12] Update Helm release argo-cd to v7.7.11 --- app-files/core-deployments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 1dd04d0..5c68432 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -39,7 +39,7 @@ spec: sources: - repoURL: https://argoproj.github.io/argo-helm chart: argo-cd - targetRevision: 7.7.10 + targetRevision: 7.7.11 helm: releaseName: argo valueFiles: From d772cb55ff4bd91208ebc63b91ac8377d4610585 Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Sat, 21 Dec 2024 20:33:40 +0100 Subject: [PATCH 04/12] chore(woodpecker): remove deprecated chart URL --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 5071e96..3b7ab59 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -28,7 +28,7 @@ spec: project: default sources: - chart: woodpecker - repoURL: https://woodpecker-ci.org/ + repoURL: oci://ghcr.io/woodpecker-ci/helm targetRevision: 2.0.2 helm: releaseName: woodpecker From 689aecd870c9774fd30d0fe9fae3ceefe571f0cb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 22 Dec 2024 16:16:55 +0000 Subject: [PATCH 05/12] chore(deps): update ghcr.io/woodpecker-ci/helm/woodpecker docker tag to v2.0.3 --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index 3b7ab59..c614c0e 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -29,7 +29,7 @@ spec: sources: - chart: woodpecker repoURL: oci://ghcr.io/woodpecker-ci/helm - targetRevision: 2.0.2 + targetRevision: 2.0.3 helm: releaseName: woodpecker valueFiles: From d44c9fbc34da72fcf01aaed47f384489c6d37fb8 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 22 Dec 2024 18:16:44 +0100 Subject: [PATCH 06/12] new ingressroute for woodpecker --- traefik-certmanager/base/kustomization.yaml | 5 ++ .../base/traefik-certmanager.yaml | 66 +++++++++++++++++++ .../overlay/kustomization.yaml | 9 +++ traefik/dashboard-cert.yaml | 13 ---- woodpecker/grpc-ingress/ingress.yaml | 34 ++++------ 5 files changed, 93 insertions(+), 34 deletions(-) create mode 100644 traefik-certmanager/base/kustomization.yaml create mode 100644 traefik-certmanager/base/traefik-certmanager.yaml create mode 100644 traefik-certmanager/overlay/kustomization.yaml delete mode 100644 traefik/dashboard-cert.yaml diff --git a/traefik-certmanager/base/kustomization.yaml b/traefik-certmanager/base/kustomization.yaml new file mode 100644 index 0000000..df9d748 --- /dev/null +++ b/traefik-certmanager/base/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - traefik-certmanager.yaml diff --git a/traefik-certmanager/base/traefik-certmanager.yaml b/traefik-certmanager/base/traefik-certmanager.yaml new file mode 100644 index 0000000..2eade77 --- /dev/null +++ b/traefik-certmanager/base/traefik-certmanager.yaml @@ -0,0 +1,66 @@ +# from https://github.com/ncsa/traefik-certmanager +# +# Used to automatically create cert request for IngressRoute Objects +# +# Added by Aaron +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-certmanager + namespace: traefik +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-certmanager +rules: +- apiGroups: ["traefik.io"] + resources: ["ingressroutes"] + verbs: ["watch", "patch"] +- apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "create", "delete"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-certmanager +subjects: +- kind: ServiceAccount + name: traefik-certmanager + namespace: traefik +roleRef: + kind: ClusterRole + name: traefik-certmanager + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: traefik-certmanager + namespace: traefik +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: traefik-certmanager + template: + metadata: + labels: + app.kubernetes.io/name: traefik-certmanager + spec: + serviceAccount: traefik-certmanager + containers: + - name: traefik-certmanager + image: git.ar21.de/yolokube/traefik-certmanager:latest + imagePullPolicy: Always + env: + - name: ISSUER_NAME + value: letsencrypt-prod + - name: ISSUER_KIND + value: ClusterIssuer + - name: CERT_CLEANUP + value: "true" + - name: PATCH_SECRETNAME + value: "true" diff --git a/traefik-certmanager/overlay/kustomization.yaml b/traefik-certmanager/overlay/kustomization.yaml new file mode 100644 index 0000000..359b287 --- /dev/null +++ b/traefik-certmanager/overlay/kustomization.yaml @@ -0,0 +1,9 @@ +--- +resources: +- ../base +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: git.ar21.de/yolokube/traefik-certmanager + newName: git.ar21.de/yolokube/traefik-certmanager + newTag: "1" diff --git a/traefik/dashboard-cert.yaml b/traefik/dashboard-cert.yaml deleted file mode 100644 index b567b03..0000000 --- a/traefik/dashboard-cert.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: traefik-cert - namespace: traefik -spec: - secretName: traefik-tls-key - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - dnsNames: - - traefik.services.yolokube.de diff --git a/woodpecker/grpc-ingress/ingress.yaml b/woodpecker/grpc-ingress/ingress.yaml index 1fcc5a3..0573e30 100644 --- a/woodpecker/grpc-ingress/ingress.yaml +++ b/woodpecker/grpc-ingress/ingress.yaml @@ -16,28 +16,20 @@ spec: port: 9000 targetPort: grpc --- -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute metadata: - annotations: - kubernetes.io/tls-acme: "true" - traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c - traefik.ingress.kubernetes.io/service.serversscheme: h2c - name: woodpecker-grpc namespace: woodpecker + name: woodpecker-grpc spec: - rules: - - host: "woodpecker-grpc.apps.yolokube.de" - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: woodpecker-grpc - port: - name: grpc + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`) + services: + - name: woodpecker-grpc + port: grpc + scheme: h2c tls: - - hosts: - - woodpecker-grpc.apps.yolokube.de - secretName: woodpecker-grpc-tls-key + secretName: woodpecker-grpc-tls-key From 440bd10432b1aa8fd37346ad2c74a571460a5eaf Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 22 Dec 2024 18:34:34 +0100 Subject: [PATCH 07/12] Revert "Merge pull request 'chore(woodpecker): remove deprecated chart URL' (#439) from tn-adjust-woodpecker-url into main" This reverts commit dbdce019db383a5f2d91b361749becf4832b60d4, reversing changes made to d10867b542347c7a1fd215f3861acf98a9168396. --- app-files/apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-files/apps.yaml b/app-files/apps.yaml index c614c0e..d200aaa 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -28,7 +28,7 @@ spec: project: default sources: - chart: woodpecker - repoURL: oci://ghcr.io/woodpecker-ci/helm + repoURL: https://woodpecker-ci.org/ targetRevision: 2.0.3 helm: releaseName: woodpecker From 3fbcf0294af52c8eb915368b01719b22c7e297c2 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 22 Dec 2024 18:56:40 +0100 Subject: [PATCH 08/12] add traefik-certmanager --- app-files/core-deployments.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 5c68432..18dda15 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -460,3 +460,23 @@ spec: - CreateNamespace=true automated: prune: false +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: traefik-certmanager + namespace: argocd +spec: + project: default + source: + repoURL: https://git.ar21.de/yolokube/core-deployments.git + targetRevision: HEAD + path: traefik-certmanager/overlay + destination: + server: https://kubernetes.default.svc + namespace: traefik + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: false From dcb0d1649f9f6e660beccef95993ae6dba595762 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 22 Dec 2024 19:04:08 +0100 Subject: [PATCH 09/12] bump version for traefik-certmanager --- traefik-certmanager/overlay/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik-certmanager/overlay/kustomization.yaml b/traefik-certmanager/overlay/kustomization.yaml index 359b287..6b1778e 100644 --- a/traefik-certmanager/overlay/kustomization.yaml +++ b/traefik-certmanager/overlay/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/traefik-certmanager newName: git.ar21.de/yolokube/traefik-certmanager - newTag: "1" + newTag: "2" From a75173a8b6f1f34c4cc0d837a037a1b9cf17e24d Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 22 Dec 2024 19:41:06 +0100 Subject: [PATCH 10/12] bump --- traefik-certmanager/overlay/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik-certmanager/overlay/kustomization.yaml b/traefik-certmanager/overlay/kustomization.yaml index 6b1778e..b706ce7 100644 --- a/traefik-certmanager/overlay/kustomization.yaml +++ b/traefik-certmanager/overlay/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/traefik-certmanager newName: git.ar21.de/yolokube/traefik-certmanager - newTag: "2" + newTag: "3" From df5a0bbc51941cac2a272d2b3cd60cebb7b6049a Mon Sep 17 00:00:00 2001 From: tom Date: Mon, 23 Dec 2024 07:50:59 +0000 Subject: [PATCH 11/12] traefik-certmanager: update image tag to 2 (done automagically via Woodpecker pipeline) --- traefik-certmanager/overlay/kustomization.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/traefik-certmanager/overlay/kustomization.yaml b/traefik-certmanager/overlay/kustomization.yaml index b706ce7..7d9d4b1 100644 --- a/traefik-certmanager/overlay/kustomization.yaml +++ b/traefik-certmanager/overlay/kustomization.yaml @@ -1,4 +1,3 @@ ---- resources: - ../base apiVersion: kustomize.config.k8s.io/v1beta1 @@ -6,4 +5,4 @@ kind: Kustomization images: - name: git.ar21.de/yolokube/traefik-certmanager newName: git.ar21.de/yolokube/traefik-certmanager - newTag: "3" + newTag: "2" From f9fba09257f93dd4cc367f8646bde149788b662d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 23 Dec 2024 16:02:26 +0000 Subject: [PATCH 12/12] chore(deps): update ghcr.io/goauthentik/proxy docker tag to v2024.12.1 --- authentik/manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/manifest.yaml b/authentik/manifest.yaml index dc3aae6..5100720 100644 --- a/authentik/manifest.yaml +++ b/authentik/manifest.yaml @@ -92,7 +92,7 @@ spec: secretKeyRef: key: authentik_host_insecure name: authentik-outpost-api - image: ghcr.io/goauthentik/proxy:2024.10.5 + image: ghcr.io/goauthentik/proxy:2024.12.1 name: proxy ports: - containerPort: 9000