Compare commits
20 commits
4633238bce
...
f9fba09257
| Author | SHA1 | Date | |
|---|---|---|---|
f9fba09257
|
|||
| d6149d3776 | |||
| df5a0bbc51 | |||
| 7e372b22d0 | |||
a75173a8b6
|
|||
| 938810692a | |||
|
dcb0d1649f
|
|||
| f66a016af6 | |||
|
3fbcf0294a
|
|||
| 82e18b5db7 | |||
|
440bd10432
|
|||
| 4e6caed22a | |||
|
d44c9fbc34
|
|||
|
689aecd870
|
|||
| dbdce019db | |||
d772cb55ff
|
|||
| d10867b542 | |||
|
6a300830b5
|
|||
| f4796e756f | |||
|
bcc870f0f9
|
9 changed files with 116 additions and 37 deletions
|
|
@ -29,7 +29,7 @@ spec:
|
||||||
sources:
|
sources:
|
||||||
- chart: woodpecker
|
- chart: woodpecker
|
||||||
repoURL: https://woodpecker-ci.org/
|
repoURL: https://woodpecker-ci.org/
|
||||||
targetRevision: 2.0.2
|
targetRevision: 2.0.3
|
||||||
helm:
|
helm:
|
||||||
releaseName: woodpecker
|
releaseName: woodpecker
|
||||||
valueFiles:
|
valueFiles:
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ spec:
|
||||||
sources:
|
sources:
|
||||||
- repoURL: https://argoproj.github.io/argo-helm
|
- repoURL: https://argoproj.github.io/argo-helm
|
||||||
chart: argo-cd
|
chart: argo-cd
|
||||||
targetRevision: 7.7.10
|
targetRevision: 7.7.11
|
||||||
helm:
|
helm:
|
||||||
releaseName: argo
|
releaseName: argo
|
||||||
valueFiles:
|
valueFiles:
|
||||||
|
|
@ -460,3 +460,23 @@ spec:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
automated:
|
automated:
|
||||||
prune: false
|
prune: false
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
|
targetRevision: HEAD
|
||||||
|
path: traefik-certmanager/overlay
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: traefik
|
||||||
|
syncPolicy:
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
automated:
|
||||||
|
prune: false
|
||||||
|
|
|
||||||
|
|
@ -92,7 +92,7 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: authentik_host_insecure
|
key: authentik_host_insecure
|
||||||
name: authentik-outpost-api
|
name: authentik-outpost-api
|
||||||
image: ghcr.io/goauthentik/proxy:2024.12.0
|
image: ghcr.io/goauthentik/proxy:2024.12.1
|
||||||
name: proxy
|
name: proxy
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 9000
|
- containerPort: 9000
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@ persistence:
|
||||||
"isGroup":false
|
"isGroup":false
|
||||||
}
|
}
|
||||||
]'
|
]'
|
||||||
|
disableRevisionCounter: false
|
||||||
defaultSettings:
|
defaultSettings:
|
||||||
defaultDataPath: /storage1
|
defaultDataPath: /storage1
|
||||||
backupTarget: "s3://yolokube-backups@weur/"
|
backupTarget: "s3://yolokube-backups@weur/"
|
||||||
|
|
|
||||||
5
traefik-certmanager/base/kustomization.yaml
Normal file
5
traefik-certmanager/base/kustomization.yaml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- traefik-certmanager.yaml
|
||||||
66
traefik-certmanager/base/traefik-certmanager.yaml
Normal file
66
traefik-certmanager/base/traefik-certmanager.yaml
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
# from https://github.com/ncsa/traefik-certmanager
|
||||||
|
#
|
||||||
|
# Used to automatically create cert request for IngressRoute Objects
|
||||||
|
#
|
||||||
|
# Added by Aaron
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
namespace: traefik
|
||||||
|
---
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["traefik.io"]
|
||||||
|
resources: ["ingressroutes"]
|
||||||
|
verbs: ["watch", "patch"]
|
||||||
|
- apiGroups: ["cert-manager.io"]
|
||||||
|
resources: ["certificates"]
|
||||||
|
verbs: ["get", "create", "delete"]
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: traefik-certmanager
|
||||||
|
namespace: traefik
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: traefik-certmanager
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: traefik-certmanager
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: traefik-certmanager
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: traefik-certmanager
|
||||||
|
spec:
|
||||||
|
serviceAccount: traefik-certmanager
|
||||||
|
containers:
|
||||||
|
- name: traefik-certmanager
|
||||||
|
image: git.ar21.de/yolokube/traefik-certmanager:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
env:
|
||||||
|
- name: ISSUER_NAME
|
||||||
|
value: letsencrypt-prod
|
||||||
|
- name: ISSUER_KIND
|
||||||
|
value: ClusterIssuer
|
||||||
|
- name: CERT_CLEANUP
|
||||||
|
value: "true"
|
||||||
|
- name: PATCH_SECRETNAME
|
||||||
|
value: "true"
|
||||||
8
traefik-certmanager/overlay/kustomization.yaml
Normal file
8
traefik-certmanager/overlay/kustomization.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
resources:
|
||||||
|
- ../base
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
images:
|
||||||
|
- name: git.ar21.de/yolokube/traefik-certmanager
|
||||||
|
newName: git.ar21.de/yolokube/traefik-certmanager
|
||||||
|
newTag: "2"
|
||||||
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: traefik-cert
|
|
||||||
namespace: traefik
|
|
||||||
spec:
|
|
||||||
secretName: traefik-tls-key
|
|
||||||
issuerRef:
|
|
||||||
name: letsencrypt-prod
|
|
||||||
kind: ClusterIssuer
|
|
||||||
dnsNames:
|
|
||||||
- traefik.services.yolokube.de
|
|
||||||
|
|
@ -16,28 +16,20 @@ spec:
|
||||||
port: 9000
|
port: 9000
|
||||||
targetPort: grpc
|
targetPort: grpc
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Ingress
|
kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
|
||||||
kubernetes.io/tls-acme: "true"
|
|
||||||
traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c
|
|
||||||
traefik.ingress.kubernetes.io/service.serversscheme: h2c
|
|
||||||
name: woodpecker-grpc
|
|
||||||
namespace: woodpecker
|
namespace: woodpecker
|
||||||
|
name: woodpecker-grpc
|
||||||
spec:
|
spec:
|
||||||
rules:
|
entryPoints:
|
||||||
- host: "woodpecker-grpc.apps.yolokube.de"
|
- websecure
|
||||||
http:
|
routes:
|
||||||
paths:
|
- kind: Rule
|
||||||
- pathType: Prefix
|
match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`)
|
||||||
path: "/"
|
services:
|
||||||
backend:
|
- name: woodpecker-grpc
|
||||||
service:
|
port: grpc
|
||||||
name: woodpecker-grpc
|
scheme: h2c
|
||||||
port:
|
|
||||||
name: grpc
|
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
secretName: woodpecker-grpc-tls-key
|
||||||
- woodpecker-grpc.apps.yolokube.de
|
|
||||||
secretName: woodpecker-grpc-tls-key
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue