Compare commits

..

2 commits

Author SHA1 Message Date
8a57dfc0e0 appflowy/service.yaml hinzugefügt
Some checks failed
ci/woodpecker/push/yamllint Pipeline failed
2024-11-03 18:14:31 +01:00
d083f9313a appflowy/namespace.yaml hinzugefügt
Some checks failed
ci/woodpecker/push/yamllint Pipeline failed
2024-11-03 17:25:02 +01:00
38 changed files with 128 additions and 564 deletions

View file

@ -29,7 +29,7 @@ spec:
sources:
- chart: woodpecker
repoURL: https://woodpecker-ci.org/
targetRevision: 2.0.3
targetRevision: 1.6.0
helm:
releaseName: woodpecker
valueFiles:
@ -93,24 +93,3 @@ spec:
automated:
selfHeal: false
prune: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sb-server-monitor
namespace: argocd
spec:
project: default
source:
repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: sb-server-monitor
destination:
server: https://kubernetes.default.svc
namespace: sb-server-monitor
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
selfHeal: true
prune: true

View file

@ -9,7 +9,7 @@ spec:
sources:
- repoURL: https://traefik.github.io/charts
chart: traefik
targetRevision: 33.2.1
targetRevision: 32.1.1
helm:
releaseName: traefik
valueFiles:
@ -39,7 +39,7 @@ spec:
sources:
- repoURL: https://argoproj.github.io/argo-helm
chart: argo-cd
targetRevision: 7.7.11
targetRevision: 7.6.12
helm:
releaseName: argo
valueFiles:
@ -106,7 +106,7 @@ spec:
sources:
- chart: kube-prometheus-stack
repoURL: https://prometheus-community.github.io/helm-charts
targetRevision: 67.3.1
targetRevision: 65.0.0
helm:
releaseName: prometheus
valueFiles:
@ -157,7 +157,7 @@ spec:
sources:
- chart: cilium
repoURL: https://helm.cilium.io/
targetRevision: 1.16.5
targetRevision: 1.16.3
helm:
releaseName: cilium-cni
valueFiles:
@ -280,7 +280,7 @@ spec:
sources:
- chart: loki
repoURL: https://grafana.github.io/helm-charts
targetRevision: 6.24.0
targetRevision: 6.18.0
helm:
releaseName: loki
valueFiles:
@ -380,9 +380,9 @@ metadata:
spec:
project: default
source:
repoURL: https://git.ar21.de/yolokube/core-deployments.git
repoURL: https://git.ar21.de/yolokube/grafana-backuper-deployment.git
targetRevision: HEAD
path: grafana-backuper
path: "overlay"
destination:
server: https://kubernetes.default.svc
namespace: grafana-backuper
@ -401,7 +401,7 @@ spec:
sources:
- repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: v1.16.2
targetRevision: v1.16.1
helm:
releaseName: cert-manager
valueFiles:
@ -460,23 +460,3 @@ spec:
- CreateNamespace=true
automated:
prune: false
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik-certmanager
namespace: argocd
spec:
project: default
source:
repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: traefik-certmanager/overlay
destination:
server: https://kubernetes.default.svc
namespace: traefik
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: false

7
appflowy/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: appflowy
name: appflowy

30
appflowy/service.yaml Normal file
View file

@ -0,0 +1,30 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app: appflowy-gotrue
name: appflowy-gotrue
namespace: appflowy
spec:
ports:
- name: goetrue
port: 9999
selector:
app: appflowy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: appflowy-cloud
name: appflowy-cloud
namespace: appflowy
spec:
ports:
- name: cloud
port: 8000
selector:
app: appflowy
type: ClusterIP

View file

@ -92,7 +92,7 @@ spec:
secretKeyRef:
key: authentik_host_insecure
name: authentik-outpost-api
image: ghcr.io/goauthentik/proxy:2024.12.1
image: ghcr.io/goauthentik/proxy:2024.8.3
name: proxy
ports:
- containerPort: 9000

View file

@ -5,5 +5,5 @@ kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: "275"
newTag: "187"
namespace: dashboard

View file

@ -5,7 +5,7 @@ kind: Kustomization
images:
- name: git.ar21.de/yolokube/dashboard
newName: git.ar21.de/yolokube/dashboard
newTag: staging-274
newTag: staging-186
namespace: dashboard-staging
patches:
- patch: |-

View file

@ -32,10 +32,10 @@ spec:
protocol: TCP
resources:
limits:
cpu: 1000m
cpu: 800m
memory: 128Mi
requests:
cpu: 400m
cpu: 200m
memory: 32Mi
volumeMounts:
- mountPath: /var/run/fail2ban/fail2ban.sock

View file

@ -36,10 +36,6 @@ spec:
- env:
- name: GEOIP_LISTEN_ADDRESS
value: :8080
- name: GEOIP_EXPORTER_ADDRESS
value: :9191
- name: GEOIP_ENABLE_EXPORTER
value: "true"
- name: GEOIP_DATA_URL
value: https://data.neuber.io/data.csv
image: git.ar21.de/yolokube/country-geo-locations:latest
@ -49,9 +45,6 @@ spec:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 9191
name: http-metrics
protocol: TCP
readinessProbe:
httpGet:
httpHeaders:

View file

@ -10,8 +10,8 @@ kind: Kustomization
images:
- name: git.ar21.de/yolokube/country-geo-locations
newName: git.ar21.de/yolokube/country-geo-locations
newTag: "62"
newTag: "29"
- name: git.ar21.de/yolokube/fail2ban-prometheus-exporter
newName: git.ar21.de/yolokube/fail2ban-prometheus-exporter
newTag: "102"
newTag: "48"
namespace: fail2ban-prometheus

View file

@ -13,10 +13,6 @@ spec:
- name: http
port: 80
targetPort: http
- name: http-metrics
port: 9191
protocol: TCP
targetPort: 9191
selector:
app: fail2ban-geoip
type: ClusterIP

View file

@ -26,31 +26,3 @@ spec:
matchLabels:
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-prometheus-exporter
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app: fail2ban-geoip
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-geoip
name: fail2ban-geoip-servicemonitor
namespace: fail2ban-prometheus
spec:
attachMetadata:
node: false
endpoints:
- interval: 10s
path: /metrics
port: http-metrics
relabelings:
- action: replace
sourceLabels:
- __meta_kubernetes_endpoint_node_name
targetLabel: node
scheme: http
jobLabel: jobLabel
selector:
matchLabels:
app.kubernetes.io/instance: fail2ban-prometheus
app.kubernetes.io/name: fail2ban-geoip

View file

@ -1,5 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: grafana-backuper

View file

@ -1,58 +0,0 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: grafana-backuper
namespace: grafana-backuper
spec:
schedule: "0 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 3
jobTemplate:
spec:
ttlSecondsAfterFinished: 3600
template:
spec:
containers:
- name: grafana-backuper
image: git.ar21.de/yolokube/grafana-backuper:latest
env:
- name: GB_GRAFANA_URL
value: "http://prometheus-grafana.prometheus/api"
- name: GB_GRAFANA_TOKEN
valueFrom:
secretKeyRef:
name: grafana-secrets
key: grafana-auth-token
- name: GB_GIT_REPO
value: "https://git.ar21.de/yolokube/grafana-dashboards.git"
- name: GB_GIT_BRANCH
value: "main"
- name: GB_GIT_USER
valueFrom:
secretKeyRef:
name: git-secrets
key: git-user
- name: GB_GIT_EMAIL
valueFrom:
secretKeyRef:
name: git-secrets
key: git-email
- name: GB_GIT_PASS
valueFrom:
secretKeyRef:
name: git-secrets
key: git-pass
- name: GB_SIGNING_KEY
value: /app/keys/signing-key.asc
- name: GB_SEQUENCE
value: "backup,restore"
volumeMounts:
- name: key-volume
mountPath: /app/keys
imagePullPolicy: IfNotPresent
volumes:
- name: key-volume
secret:
secretName: gpg-key
restartPolicy: Never

File diff suppressed because one or more lines are too long

View file

@ -1,12 +0,0 @@
generators:
- secret-generator.yaml
resources:
- 0-namespace.yaml
- 1-cronjob.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/grafana-backuper
newName: git.ar21.de/yolokube/grafana-backuper
newTag: "33"
namespace: grafana-backuper

View file

@ -1,11 +0,0 @@
---
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- 2-secret.yaml

View file

@ -6,7 +6,7 @@ metadata:
namespace: longhorn-system
spec:
cron: "40 * * * *"
task: "snapshot"
task: "backup"
retain: 12
concurrency: 2
---

View file

@ -6,13 +6,13 @@ metadata:
namespace: longhorn-system
type: Opaque
data:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:4kZPRNprd1eQe4tqGkVYs5lgGI6JLkdtxkW85g==,iv:AQ6Z8X8VeqvlQfSOp2RX9X+blPclrJ1MUDGRvlGH3EI=,tag:p0vao7xV3DOb8TMZ7MnOEA==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:0hXGgxGA84hu+KpCKbLVkd+ghup9ZPb77XjRl5Ouy7MWAskQVvovvy+j8tl2L329ckPdgYxfGdo=,iv:H5pzOdD4i1c57zWMMSTdo+cW+tqO6kyNlt7w/5cv4/k=,tag:6xDkVvTxfw6JlhnO/bfZbg==,type:str]
# ENC[AES256_GCM,data:Vx/DzAeiBwPH6UR8uJWzEqKkyPcrhHBAtNbme9gCiXIqkJuwyL7XDVv0LxbZ6EUTeeKUbCEFDwgCUv3VlQqLZy76pWhQ7UHg6YsoegAVh3U9UYlD4ySJAVLO3+EruUFbBpu+Z0KuNhrXQDluns8WIOzZGdgRgCTM2FDcrgpuiElxFTh1WF7bFRs1bmCiH3jNun4udnZ5aYaiqNlUzzv+P76IdDKWHO8Hhx/WBE/G0gbrGgK+SAa1gU3WYFXqzsipuU1LYKwJ2fpHxPNWei6m5lWHPc+IjdnSNASKW5E1NpXagYGby8nvorbIc6ncGbchc+mC4DKm7CAofvHGIKDkOvUKi4KYAAtpuxoUUwAcdXdqaR9Quxx+358Ax1qh0q+3A+U6kOaIeD/8KCia3vp/Xjem7H0iEutyVmglR05eypqMcBvwx1XWEw==,iv:Nd4MtiUT1zNQJWIjACnNal8URcqNFkV+rscnOBTjkqs=,tag:YFo/xMz4sIFI0fPENXTQnw==,type:comment]
AWS_ENDPOINTS: ENC[AES256_GCM,data:PU28KCvIGZ1zDlCDITP8DD7zInsof5Greb05yzCUeY0VtH4NQVFWNOdNeBbuQl+Z,iv:3jO/fnHdjEKXvd+JecBgxrMfBCOeAgGRcVjIw42OUOg=,tag:Cx56308yFW1gcKwuwvJy9Q==,type:str]
# ENC[AES256_GCM,data:aRsCbIvtGR7oXsa784OZviwTYKTKrRnzurgbgDpxeWa5LeUbODJoEtYZ7EDd9q+7T4GUT0doN4NADT3tfrpkcVF1/me0cJP8SAPPzdyRnFkWYwHdcFwpaug4dhjdTVhH3AnmR7tY9odrpXu8oh80Ug4V4kFtgObBa2Sb85x3p2Apn6PGRor8p56G95EE6AHy51bRK/0924AFNJYHHgdlUbftTP79owBwGxqfDtTsA2iF2K5oyZBCzfFRevDYGZv4VkyxM+Jn70JubMvC+25SwwmSLraJeaiCGGXIWut0lo9U9SKxoAkhhsbypSduKiupYdV+tknetEuN0xlWEip3kO584d5sQ77ZQZU0NkO/scQEGQ5cNWlCvpsURSuCsQYtN8kZ2wnNx2CYIVK1+iRFyr14naXAnpLqJhYGRa5U9g0nMDUQmLa5e6R5K0KlgfPQWH8AN6ZG9jlKu/3RwuUYHTM/6+SQ+GMwvA7zLPlBwxYq0f+uPxhcGLh2rlY=,iv:V32ZLstCviLMljxlBUyrlXYhXd1oA9wGtzu1o3+pdmk=,tag:6dyCf2hhfXqDwQyzRX+iNA==,type:comment]
# ENC[AES256_GCM,data:uoEFaivWcAh7WqOe4pFvmfuXi3JybpyiHirK+Xi6HR2bwP5D4gwUNAY96LiwJ0OV0xZ204R1PkX2vSkoOVEfX49gQxCrzEQh9EynLOkx27d5nqUOYJ6jtjKve719B9pGIqVnaGjbrrq+OpCdUq+qquyTX+WyE3J3yOep2z1WrsyljFRpwyEa6eXxNnp9C9MOBtxoHp8kksiIM1njPrdix65EoKPnSdUNsjyq6yCrmpCHMzbb350h5fRIZBC3DvjK0NYzjlKPElLE8xYnZrKk0OI3OrHRfvZZSqaM0Qe374FESG1yaBcWapFRR6gzXsUO6U2UW2YiRKQDHeO23a7k8wmO1+kF9fzG+Eix/FTfpOpged3AksRrvrjtOn6DiOEn3d1xZG9qI3nrNlzy2mxUfx3OAH0syT/H19mGUdT7GWEd53sNJjCteKV9g3XTWoDV1zIPJaqsHYG+cf8SgleQxgrnLqlJ4AESbm0RTsntSfm/e7HA8E4NBanICSzi229/cTcu3aAgzKR+pH97jHh1d+oUoMD+ptlz29YcdM7sYs4qFihMFG+DBGS+TLyhfnRVH4RBkH7JpJ+jYfKGQrZbOfpgdVrHq6tUUsSAZYn1cwI=,iv:FgI1Xwb5jotVCZOZWAAA+1LfGdYHqz6nBtjY6VjuPgE=,tag:HXr4uv0tFMKqnqf+5Fd3TQ==,type:comment]
# ENC[AES256_GCM,data:S/P9l0rJozDfGv3TDGy0MIDs5YvBln7BFL2c+QSUmhgLB89nrxR1t3NQlQQwMRpG7w3sXpr3vHnn1WEuFGBYFku+54vOmWp+EyWKKnUvt9rFkjE4e0mx23T81yzXd7aaoC1+1JNNYMAATnmLBY0lCVFHr4Nyn4Gw2VmjFhtU6SkgNy4FcnyUiG9OUxtkqj1stgNa/fpyq/VhNkC0v7yFk0nqJWk9YSynH5hGqvS367akGk1vsHGCOlG0ej4E4MRj5459BLW9J5o+sPsQUxxiOnoZZWOp5pM7rG/qZyW5kYQqcmQPpvx4TmnKFpbDNgXMCiLax/1pzyPxWoe3sy+n1XpKbjLY5WJZ1j1XOiv1BFSwh1DPVrr8qQdvIT0ZSWnDQg4BwodpPli56mVVU+6tFyQQUitKaPkJTXgzAQjI+qnzb7UV3+UMRqVG3eS6naRXpT52aJ1SFSVa1dndPZK5jFNI80GGTIH3XMBeoA1/8PnO/rz//lO0Ik36SJYRoksUzB0r3cgikn2uhOLr1UUcEJk5fh5N7rkQRW2URpG4BTIxMeCSxCsHRr9IXwkAgnXxRoI4fueXrFwB0yTKt0cWA1wGlbo/TwrrUS/tv5TIGa/OKpWzKBfJ5+Pv7krZio4S20rJ5LgQTF7ed2U+8X9EIX391Wpzp0BLNA9zp19MPQYVroSy1YE7fL2p9BguLEzdLhQnLf012Q/QpjD6viLUa9QkwWqfejfKegNUfCgKqd+V+SqbezhPof8c97k=,iv:M/6W8wStPgv5NQKH8rkXHRBobk/7UkjuoHbJarjAF+Y=,tag:L5iGKql3zhbYNqPXkx+3MQ==,type:comment]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
# ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
# ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
# ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
# ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
sops:
kms: []
gcp_kms: []
@ -22,32 +22,32 @@ sops:
- recipient: age1mraede6gqxkh2rkeq5fjrcflp7emenl2qn885asxvtx5erga2pdqujuexz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQmhEOFlmNGpCUys4c2Zl
K29RdUpxbCtkbEdqWGhjcW1xTGp6c09lUFM4ClliK1hLQzVtQ0RpZW4zLzhWeDAz
SkNNdUtCQ0JxYXZ6aGZTeEpYTVk0bGcKLS0tIHFKRzdFdlR5dlRrVFhtZzFVazBa
c1l4enNuc0QwZTMycjVYdm5CWmxYWW8KeIfVkmMC+YBSpX1SYQyCtwRNWaOpQgXE
WN/hCyWaxiG7gwYuolUmeZVgN71WWyJFymdQUwTMNPe795lSqWx33A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIUUV2UTR2dUpxWlpKWjNM
WDI2NVRUK0EvZkdjZ3N0OXFNclNJdzlIRXlZCmZBOUErb2pZUHZlNVpGLzhTUlRK
N21nSjM3RzRRdXR4QStyakdYRExCOHMKLS0tIHdJczRmNnBDMmJjNm9WeXlvU1cx
U1lFckFhTWloSmI0LzJoWDJDSExnbHcK4Sz2SU5czvG58HiQtn4AJbltSwfikS3A
JUKhzPja3ZgHhmed+Bs9SLyKcQ1gm+ou1JLjqJ2/0s2MEAoTnQ9aCw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s9nvc4rxj3kaj4apmzzn8fmjrudrvdhgu70rg04we9hyse5aadsq7kmckn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRy9PZnZFZXlqeitndHc2
V1djOXdmanZuSTVuc0U1TTJuSmNETnpORHpvCmZYL1pPRng1Z0lHRE5Pby9MTDNj
VWZVbjBkSjZtWmRpNVFjTGFDdHlUeXMKLS0tIGk2aFdiLzcyKzZSQnhuVTBLK2Fp
c3EvQWJaVCsxMkphSm5JTnN3cHl0NVEKYMAk1Nb5tG9kHvaLmybQkp17HDlDRZgT
qaq3KD9GxhlR3zieW0SPxNAaxiOegZy2qsftARRhFq5a42nEaXH2Qg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OEVaTk9IUzR1bkNneitF
dGtadHJjRUJUYTREV0J2M3Z2dzJCSnpEREZNCkpZZnFxNE1QMU5UUXNITXJpV2Rt
dUcvaUw4aC9iQzhIRXVmYmlpUmhqRm8KLS0tIDUxRGxsQldqWWlFeXJITXg2RkhX
bkwvRVlsSDYyZGJkbU94bFUxdnN2VkkKg9LB1b0aD/GqpbRIZD1hIcNaRWr4eybL
17orZ6j01e84zMutrinpOP1sTMyqCEBYG2FrEAnRaTxRkOW7SaVHIw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SXpqL3MxUlBleWN0bGta
MWpoZGlXT1p3V2hWSzJCdzF0ZnV5VTJLKzN3CnQxSnZmR0dpVEZMdTJSSGIyME1h
THlmakVzdUNGczVqYnh3NkkyT0dmbGsKLS0tIGh4MjZvWlN4VGIyMWlpUmo4bTZr
enM5VUpmUFlodUY0YkI5ZE1PTHNzamsKZ9wzXs9tmGBztTVsFjO8BVOJGSQVYSXy
46BrF45tbufUGXlqSlRkxo5TYY3NLbHZkBxawNIqlLiaAnQc2qaZDg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZ3FUMlpFRVdrVVZxdXdo
b2pJZ0lValNUMUlZcGRVb296QjlPM1JPZUFrCkVDWlhZNEYxaVRnd2FTWFRtSHcr
eTN0ZERFSWpPa0lyczF2TEk5dTB4d00KLS0tIHZ2MzdpUTd1eHdicHduQzJsRzAr
SU5ibzRiK3Q2RnVNRUhjVm5YSFNmc0UKNA0uHFT1L8RuQR6TmiopYCgLBxsLp0bU
vsS68gQieQI94bBiMOsJQTzLSWBc9juvuBdHhRoyYhkzJ75TAifNVQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-06T01:22:24Z"
mac: ENC[AES256_GCM,data:2uNXiOi1RduF2dqAR41eakZxdiqpTPk7B+AAuCppDbUNsL0JAMB3VKexyc4oNLN1kjuH1JN2mQWLXOY3mfbGwZfL2u0TqZU6IavNsRwJhyHLmZ+Smd0oNWk6Ff06B90zo2wQmRHQYPMtUdgi9vF72qKOGxuDmuB4XI6pPkmDhxo=,iv:Yxs56ofaHkzo8NERxU6YllfwknirVHb3mFebRqeFT+A=,tag:0rV6kPjRTYi5XYBrR4y34Q==,type:str]
lastmodified: "2024-09-30T19:48:48Z"
mac: ENC[AES256_GCM,data:cu2bF925hVUs69HmKzs3sc61rN3hNWwN0x6VyBhoobNDF7IJ65Aw/iSYSh80EdoDy4WQq0lfr4SO8sayqs3vxgTwFpujcjnQ16rgq0q00V8e+iDlR78h/SbYp+cuFiu6QBKSl9a/vHfRSTSOAOt0zF+cPYl25Htas5L7S12xJ68=,iv:wDkA8egy2ONoRaUYXV915ID6JX+myOmStxdXXtC66sw=,tag:UxoGQpiB023vcwSc3es21Q==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.1
version: 3.9.0

View file

@ -12,10 +12,9 @@ persistence:
"isGroup":false
}
]'
disableRevisionCounter: false
defaultSettings:
defaultDataPath: /storage1
backupTarget: "s3://yolokube-backups@weur/"
backupTarget: "s3://yolokube-backup@weur/"
backupTargetCredentialSecret: longhorn-backup-target
replicaAutoBalance: best-effort
defaultLonghornStaticStorageClass: longhorn

View file

@ -1,12 +1,9 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"dependencyDashboard": true,
"enabledManagers": [
"argocd",
"kubernetes"
],
"enabledManagers": ["argocd"],
"argocd": {
"fileMatch": ["^app-files/.*\\.yaml$"]
"fileMatch": ["^app-files/core-deployments\\.yaml$"]
},
"kubernetes": {
"enabled": true,

View file

@ -1,8 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: sb-server-monitor
prometheus: yolokube
name: sb-server-monitor

View file

@ -1,9 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: sb-server-monitor
app.kubernetes.io/name: sb-server-monitor-exporter
name: sb-server-monitor-exporter-service-account
namespace: sb-server-monitor

View file

@ -1,42 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: sb-server-monitor-exporter
app.kubernetes.io/instance: sb-server-monitor
app.kubernetes.io/name: sb-server-monitor-exporter
name: sb-server-monitor-exporter
namespace: sb-server-monitor
spec:
replicas: 1
selector:
matchLabels:
app: sb-server-monitor-exporter
template:
metadata:
labels:
app: sb-server-monitor-exporter
app.kubernetes.io/instance: sb-server-monitor
app.kubernetes.io/name: sb-server-monitor-exporter
spec:
containers:
- env:
- name: SBSERVERMONITOR_SCRAPE_INTERVAL
value: "300"
image: git.ar21.de/yolokube/sb-server-monitor:latest
imagePullPolicy: IfNotPresent
name: sb-server-monitor-exporter
ports:
- containerPort: 9192
name: http-metrics
protocol: TCP
resources:
limits:
cpu: "2"
memory: 4Gi
requests:
cpu: 500m
memory: 2Gi
restartPolicy: Always
serviceAccountName: sb-server-monitor-exporter-service-account

View file

@ -1,19 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app: sb-server-monitor-exporter
app.kubernetes.io/instance: sb-server-monitor
app.kubernetes.io/name: sb-server-monitor-exporter
name: sb-server-monitor-exporter
namespace: sb-server-monitor
spec:
ports:
- name: http-metrics
port: 9192
protocol: TCP
targetPort: 9192
selector:
app: sb-server-monitor-exporter
type: ClusterIP

View file

@ -1,28 +0,0 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app: sb-server-monitor-exporter
app.kubernetes.io/instance: sb-server-monitor
app.kubernetes.io/name: sb-server-monitor-exporter
name: sb-server-monitor-exporter-servicemonitor
namespace: sb-server-monitor
spec:
attachMetadata:
node: false
endpoints:
- interval: 5m
path: /metrics
port: http-metrics
relabelings:
- action: replace
sourceLabels:
- __meta_kubernetes_endpoint_node_name
targetLabel: node
scheme: http
jobLabel: jobLabel
selector:
matchLabels:
app.kubernetes.io/instance: sb-server-monitor
app.kubernetes.io/name: sb-server-monitor-exporter

View file

@ -1,13 +0,0 @@
resources:
- ./0-namespace.yaml
- ./1-service-account.yaml
- ./2-deployment.yaml
- ./3-service.yaml
- ./4-service-monitor.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/sb-server-monitor
newName: git.ar21.de/yolokube/sb-server-monitor
newTag: "26"
namespace: sb-server-monitor

View file

@ -22,7 +22,7 @@ spec:
fsGroup: 1001
containers:
- name: querier
image: quay.io/thanos/thanos:v0.37.2
image: quay.io/thanos/thanos:v0.36.1
args:
- query
- --log.level=info
@ -63,7 +63,7 @@ spec:
cpu: 100m
memory: 256Mi
limits:
cpu: 750m
cpu: 500m
memory: 2Gi
---
apiVersion: v1

View file

@ -36,7 +36,7 @@ spec:
mountPath: /data
containers:
- name: storegateway
image: quay.io/thanos/thanos:v0.37.2
image: quay.io/thanos/thanos:v0.36.1
securityContext:
runAsUser: 1001
args:
@ -78,7 +78,7 @@ spec:
memory: 512Mi
limits:
cpu: 1000m
memory: 5Gi
memory: 1.5Gi
volumeMounts:
- name: objstore
mountPath: /conf/objstore.yml

View file

@ -46,7 +46,7 @@ spec:
mountPath: /data
containers:
- name: compactor
image: quay.io/thanos/thanos:v0.37.2
image: quay.io/thanos/thanos:v0.36.1
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1001
@ -85,11 +85,11 @@ spec:
timeoutSeconds: 30
resources:
requests:
cpu: 200m
cpu: 100m
memory: 256Mi
limits:
cpu: 750m
memory: 500Mi
cpu: 500m
memory: 256Mi
volumeMounts:
- name: objstore
mountPath: /conf/objstore.yml

View file

@ -54,18 +54,6 @@ spec:
serviceAccount: thanos
securityContext:
fsGroup: 1001
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- receiver
topologyKey: kubernetes.io/hostname
weight: 1
initContainers:
- name: init-chmod-data
image: docker.io/bitnami/minideb:buster
@ -83,7 +71,7 @@ spec:
mountPath: /data
containers:
- name: receiver
image: quay.io/thanos/thanos:v0.37.2
image: quay.io/thanos/thanos:v0.36.1
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1001
@ -164,7 +152,7 @@ spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 40Gi
storage: 30Gi
---
apiVersion: v1
kind: Service
@ -205,18 +193,6 @@ spec:
serviceAccount: thanos
securityContext:
fsGroup: 1001
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- receiver
topologyKey: kubernetes.io/hostname
weight: 1
initContainers:
- name: init-chmod-data
image: docker.io/bitnami/minideb:buster
@ -234,7 +210,7 @@ spec:
mountPath: /data
containers:
- name: receiver
image: quay.io/thanos/thanos:v0.37.2
image: quay.io/thanos/thanos:v0.36.1
imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 1001
@ -315,7 +291,7 @@ spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 40Gi
storage: 30Gi
---
apiVersion: v1
kind: Service

View file

@ -1,5 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- traefik-certmanager.yaml

View file

@ -1,66 +0,0 @@
# from https://github.com/ncsa/traefik-certmanager
#
# Used to automatically create cert request for IngressRoute Objects
#
# Added by Aaron
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-certmanager
namespace: traefik
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-certmanager
rules:
- apiGroups: ["traefik.io"]
resources: ["ingressroutes"]
verbs: ["watch", "patch"]
- apiGroups: ["cert-manager.io"]
resources: ["certificates"]
verbs: ["get", "create", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-certmanager
subjects:
- kind: ServiceAccount
name: traefik-certmanager
namespace: traefik
roleRef:
kind: ClusterRole
name: traefik-certmanager
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-certmanager
namespace: traefik
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: traefik-certmanager
template:
metadata:
labels:
app.kubernetes.io/name: traefik-certmanager
spec:
serviceAccount: traefik-certmanager
containers:
- name: traefik-certmanager
image: git.ar21.de/yolokube/traefik-certmanager:latest
imagePullPolicy: Always
env:
- name: ISSUER_NAME
value: letsencrypt-prod
- name: ISSUER_KIND
value: ClusterIssuer
- name: CERT_CLEANUP
value: "true"
- name: PATCH_SECRETNAME
value: "true"

View file

@ -1,8 +0,0 @@
resources:
- ../base
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: git.ar21.de/yolokube/traefik-certmanager
newName: git.ar21.de/yolokube/traefik-certmanager
newTag: "2"

View file

@ -0,0 +1,13 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: traefik-cert
namespace: traefik
spec:
secretName: traefik-tls-key
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- traefik.services.yolokube.de

View file

@ -33,9 +33,6 @@ updateStrategy:
maxSurge: 0
providers:
kubernetesIngress:
publishedService:
enabled: false
kubernetesCRD:
allowCrossNamespace: true

View file

@ -16,20 +16,28 @@ spec:
port: 9000
targetPort: grpc
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: woodpecker
annotations:
kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/loadbalancer.server.scheme: h2c
traefik.ingress.kubernetes.io/service.serversscheme: h2c
name: woodpecker-grpc
namespace: woodpecker
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`woodpecker-grpc.apps.yolokube.de`) && Header(`Content-Type`, `application/grpc`)
services:
- name: woodpecker-grpc
port: grpc
scheme: h2c
rules:
- host: "woodpecker-grpc.apps.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: woodpecker-grpc
port:
name: grpc
tls:
secretName: woodpecker-grpc-tls-key
- hosts:
- woodpecker-grpc.apps.yolokube.de
secretName: woodpecker-grpc-tls-key

View file

@ -29,7 +29,6 @@ server:
WOODPECKER_LOG_LEVEL: "error"
extraSecretNamesForEnvFrom:
- woodpecker-forgejo
createAgentSecret: false
agent:
extraSecretNamesForEnvFrom:
- woodpecker-forgejo
@ -37,5 +36,3 @@ agent:
env:
WOODPECKER_MAX_WORKFLOWS: 2
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: 'longhorn-local'
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 2G
mapAgentSecret: false