yolokube/core-deployments
yolokube/core-deployments
2
3
Fork 0
Code Issues 2 Pull requests 1 Projects Wiki Activity

Compare commits

base: yolokube:f9fba09257f93dd4cc367f8646bde149788b662d
Branches Tags
yolokube:main
yolokube:renovate/ghcr.io-goauthentik-proxy-2025.x
yolokube:262_fail2ban_prometheus_exporter
yolokube:469_dashboard_prod
..
compare: yolokube:4633238bceeaed6a5af5531a106d39da05f82add
Branches Tags
yolokube:main
yolokube:renovate/ghcr.io-goauthentik-proxy-2025.x
yolokube:262_fail2ban_prometheus_exporter
yolokube:469_dashboard_prod

1 commit
f9fba09257 ... 4633238bce

Author SHA1 Message Date
Renovate Bot
4633238bce
Update ghcr.io/goauthentik/proxy Docker tag to v2024.12.0
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
2024-12-19 19:03:16 +00:00
9 changed files with 37 additions and 116 deletions
Show stats Expand all files Collapse all files

2
app-files/apps.yaml
View file

@ -29,7 +29,7 @@ spec:
sources: sources:
- chart: woodpecker - chart: woodpecker
repoURL: https://woodpecker-ci.org/ repoURL: https://woodpecker-ci.org/
targetRevision: 2.0.3 targetRevision: 2.0.2
helm: helm:
releaseName: woodpecker releaseName: woodpecker
valueFiles: valueFiles:

22
app-files/core-deployments.yaml
View file

@ -39,7 +39,7 @@ spec:
sources: sources:
- repoURL: https://argoproj.github.io/argo-helm - repoURL: https://argoproj.github.io/argo-helm
chart: argo-cd chart: argo-cd
targetRevision: 7.7.11 targetRevision: 7.7.10
helm: helm:
releaseName: argo releaseName: argo
valueFiles: valueFiles:
@ -460,23 +460,3 @@ spec:
- CreateNamespace=true - CreateNamespace=true
automated: automated:
prune: false prune: false
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik-certmanager
namespace: argocd
spec:
project: default
source:
repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: traefik-certmanager/overlay
destination:
server: https://kubernetes.default.svc
namespace: traefik
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: false

2
authentik/manifest.yaml
View file

@ -92,7 +92,7 @@ spec:
secretKeyRef: secretKeyRef:
key: authentik_host_insecure key: authentik_host_insecure
name: authentik-outpost-api name: authentik-outpost-api
image: ghcr.io/goauthentik/proxy:2024.12.1 image: ghcr.io/goauthentik/proxy:2024.12.0
name: proxy name: proxy
ports: ports:
- containerPort: 9000 - containerPort: 9000

1
longhorn/values.yaml
View file

@ -12,7 +12,6 @@ persistence:
"isGroup":false "isGroup":false
} }
]' ]'
disableRevisionCounter: false
defaultSettings: defaultSettings:
defaultDataPath: /storage1 defaultDataPath: /storage1
backupTarget: "s3://yolokube-backups@weur/" backupTarget: "s3://yolokube-backups@weur/"

5
traefik-certmanager/base/kustomization.yaml
View file

@ -1,5 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- traefik-certmanager.yaml

66
traefik-certmanager/base/traefik-certmanager.yaml
View file

@ -1,66 +0,0 @@
# from https://github.com/ncsa/traefik-certmanager
#
# Used to automatically create cert request for IngressRoute Objects
#
# Added by Aaron
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-certmanager
namespace: traefik
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-certmanager
rules:
- apiGroups: ["traefik.io"]
resources: ["ingressroutes"]
verbs: ["watch", "patch"]
- apiGroups: ["cert-manager.io"]
resources: ["certificates"]
verbs: ["get", "create", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-certmanager
subjects:
- kind: ServiceAccount
name: traefik-certmanager
namespace: traefik
roleRef:
kind: ClusterRole
name: traefik-certmanager
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-certmanager
namespace: traefik
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: traefik-certmanager
template:
metadata:
labels:
app.kubernetes.io/name: traefik-certmanager
spec:
serviceAccount: traefik-certmanager
containers:
- name: traefik-certmanager
image: git.ar21.de/yolokube/traefik-certmanager:latest
imagePullPolicy: Always
env:
- name: ISSUER_NAME
value: letsencrypt-prod
- name: ISSUER_KIND
value: ClusterIssuer
- name: CERT_CLEANUP
value: "true"
- name: PATCH_SECRETNAME
value: "true"

8
traefik-certmanager/overlay/kustomization.yaml
View file

@ -1,8 +0,0 @@
resources:
- ../base
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/traefik-certmanager
newName: git.ar21.de/yolokube/traefik-certmanager
newTag: "2"

13
traefik/dashboard-cert.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: traefik-cert
namespace: traefik
spec:
secretName: traefik-tls-key
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- traefik.services.yolokube.de

34
woodpecker/grpc-ingress/ingress.yaml
View file

@ -16,20 +16,28 @@ spec:
port: 9000 port: 9000
targetPort: grpc targetPort: grpc
--- ---
apiVersion: traefik.io/v1alpha1 apiVersion: networking.k8s.io/v1
kind: IngressRoute kind: Ingress
metadata: metadata:
namespace: woodpecker annotations:
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c
traefik.ingress.kubernetes.io/service.serversscheme: h2c
name: woodpecker-grpc name: woodpecker-grpc
namespace: woodpecker
spec: spec:
entryPoints: rules:
- websecure - host: "woodpecker-grpc.apps.yolokube.de"
routes: http:
- kind: Rule paths:
match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`) - pathType: Prefix
services: path: "/"
- name: woodpecker-grpc backend:
port: grpc service:
scheme: h2c name: woodpecker-grpc
port:
name: grpc
tls: tls:
secretName: woodpecker-grpc-tls-key - hosts:
- woodpecker-grpc.apps.yolokube.de
secretName: woodpecker-grpc-tls-key