diff --git a/app-files/apps.yaml b/app-files/apps.yaml index d200aaa..5071e96 100644 --- a/app-files/apps.yaml +++ b/app-files/apps.yaml @@ -29,7 +29,7 @@ spec: sources: - chart: woodpecker repoURL: https://woodpecker-ci.org/ - targetRevision: 2.0.3 + targetRevision: 2.0.2 helm: releaseName: woodpecker valueFiles: diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 18dda15..1dd04d0 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -39,7 +39,7 @@ spec: sources: - repoURL: https://argoproj.github.io/argo-helm chart: argo-cd - targetRevision: 7.7.11 + targetRevision: 7.7.10 helm: releaseName: argo valueFiles: @@ -460,23 +460,3 @@ spec: - CreateNamespace=true automated: prune: false ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: traefik-certmanager - namespace: argocd -spec: - project: default - source: - repoURL: https://git.ar21.de/yolokube/core-deployments.git - targetRevision: HEAD - path: traefik-certmanager/overlay - destination: - server: https://kubernetes.default.svc - namespace: traefik - syncPolicy: - syncOptions: - - CreateNamespace=true - automated: - prune: false diff --git a/authentik/manifest.yaml b/authentik/manifest.yaml index 5100720..ec25954 100644 --- a/authentik/manifest.yaml +++ b/authentik/manifest.yaml @@ -92,7 +92,7 @@ spec: secretKeyRef: key: authentik_host_insecure name: authentik-outpost-api - image: ghcr.io/goauthentik/proxy:2024.12.1 + image: ghcr.io/goauthentik/proxy:2024.12.0 name: proxy ports: - containerPort: 9000 diff --git a/longhorn/values.yaml b/longhorn/values.yaml index c2a8347..f01868b 100644 --- a/longhorn/values.yaml +++ b/longhorn/values.yaml @@ -12,7 +12,6 @@ persistence: "isGroup":false } ]' - disableRevisionCounter: false defaultSettings: defaultDataPath: /storage1 backupTarget: "s3://yolokube-backups@weur/" diff --git a/traefik-certmanager/base/kustomization.yaml b/traefik-certmanager/base/kustomization.yaml deleted file mode 100644 index df9d748..0000000 --- a/traefik-certmanager/base/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - traefik-certmanager.yaml diff --git a/traefik-certmanager/base/traefik-certmanager.yaml b/traefik-certmanager/base/traefik-certmanager.yaml deleted file mode 100644 index 2eade77..0000000 --- a/traefik-certmanager/base/traefik-certmanager.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# from https://github.com/ncsa/traefik-certmanager -# -# Used to automatically create cert request for IngressRoute Objects -# -# Added by Aaron ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: traefik-certmanager - namespace: traefik ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: traefik-certmanager -rules: -- apiGroups: ["traefik.io"] - resources: ["ingressroutes"] - verbs: ["watch", "patch"] -- apiGroups: ["cert-manager.io"] - resources: ["certificates"] - verbs: ["get", "create", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: traefik-certmanager -subjects: -- kind: ServiceAccount - name: traefik-certmanager - namespace: traefik -roleRef: - kind: ClusterRole - name: traefik-certmanager - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-certmanager - namespace: traefik -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: traefik-certmanager - template: - metadata: - labels: - app.kubernetes.io/name: traefik-certmanager - spec: - serviceAccount: traefik-certmanager - containers: - - name: traefik-certmanager - image: git.ar21.de/yolokube/traefik-certmanager:latest - imagePullPolicy: Always - env: - - name: ISSUER_NAME - value: letsencrypt-prod - - name: ISSUER_KIND - value: ClusterIssuer - - name: CERT_CLEANUP - value: "true" - - name: PATCH_SECRETNAME - value: "true" diff --git a/traefik-certmanager/overlay/kustomization.yaml b/traefik-certmanager/overlay/kustomization.yaml deleted file mode 100644 index 7d9d4b1..0000000 --- a/traefik-certmanager/overlay/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -resources: -- ../base -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: git.ar21.de/yolokube/traefik-certmanager - newName: git.ar21.de/yolokube/traefik-certmanager - newTag: "2" diff --git a/traefik/dashboard-cert.yaml b/traefik/dashboard-cert.yaml new file mode 100644 index 0000000..b567b03 --- /dev/null +++ b/traefik/dashboard-cert.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: traefik-cert + namespace: traefik +spec: + secretName: traefik-tls-key + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - traefik.services.yolokube.de diff --git a/woodpecker/grpc-ingress/ingress.yaml b/woodpecker/grpc-ingress/ingress.yaml index 0573e30..1fcc5a3 100644 --- a/woodpecker/grpc-ingress/ingress.yaml +++ b/woodpecker/grpc-ingress/ingress.yaml @@ -16,20 +16,28 @@ spec: port: 9000 targetPort: grpc --- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute +apiVersion: networking.k8s.io/v1 +kind: Ingress metadata: - namespace: woodpecker + annotations: + kubernetes.io/tls-acme: "true" + traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c + traefik.ingress.kubernetes.io/service.serversscheme: h2c name: woodpecker-grpc + namespace: woodpecker spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`) - services: - - name: woodpecker-grpc - port: grpc - scheme: h2c + rules: + - host: "woodpecker-grpc.apps.yolokube.de" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: woodpecker-grpc + port: + name: grpc tls: - secretName: woodpecker-grpc-tls-key + - hosts: + - woodpecker-grpc.apps.yolokube.de + secretName: woodpecker-grpc-tls-key