remoll/k3s-infra
0
0
Fork 0
Code Issues1 Pull Requests4 Packages Projects Releases Wiki Activity

big architectural shift to use gitea for most deployments

Browse Source
This commit is contained in:
Remy Moll 2023-12-08 20:32:00 +01:00
parent 504535c907
commit fe60755d53
34 changed files with 344 additions and 598 deletions

5
README.md

@ -2,11 +2,6 @@
### Key to authorize against `git.kluster.moll.re` (ssh)
```
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+4SlRIV9wOKYZbBrPuW18K6GGjnDEviCYQvGQuKOm0 remy@ArchSpectre
```
### Initial setup
On a running (and sealed-secrets installed) k3s instance run:
```

497
apps/gitea/gitea.values.yaml

@ -1,497 +0,0 @@
# Default values for gitea.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## @section Global
#
## @param global.imageRegistry global image registry override
## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets`
## @param global.storageClass global storage class override
## @param global.hostAliases global hostAliases which will be added to the pod's hosts files
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
hostAliases: []
# - ip: 192.168.137.2
# hostnames:
# - example.com
## @param replicaCount number of replicas for the statefulset
replicaCount: 1
## @param clusterDomain cluster domain
clusterDomain: cluster.local
## @section Image
## @param image.registry image registry, e.g. gcr.io,docker.io
## @param image.repository Image to start for this pod
## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml.
## @param image.pullPolicy Image pull policy
## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher
image:
registry: ""
repository: gitea/gitea
# Overrides the image tag whose default is the chart appVersion.
tag: ""
pullPolicy: Always
rootless: false # only possible when running 1.14 or later
## @param imagePullSecrets Secret to use for pulling the image
imagePullSecrets: []
## @section Security
# Security context is only usable with rootless image due to image design
## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod.
podSecurityContext:
fsGroup: 1000
## @param containerSecurityContext Security context
containerSecurityContext: {}
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# # Add the SYS_CHROOT capability for root and rootless images if you intend to
# # run pods on nodes that use the container runtime cri-o. Otherwise, you will
# # get an error message from the SSH server that it is not possible to read from
# # the repository.
# # https://gitea.com/gitea/helm-chart/issues/161
# add:
# - SYS_CHROOT
# privileged: false
# readOnlyRootFilesystem: true
# runAsGroup: 1000
# runAsNonRoot: true
# runAsUser: 1000
## @deprecated The securityContext variable has been split two:
## - containerSecurityContext
## - podSecurityContext.
## @param securityContext Run init and Gitea containers as a specific securityContext
securityContext: {}
## @section Service
service:
## @param service.http.type Kubernetes service type for web traffic
## @param service.http.port Port number for web traffic
## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
## @param service.http.loadBalancerIP LoadBalancer IP setting
## @param service.http.nodePort NodePort for http service
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.http.externalIPs External IPs for service
## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
## @param service.http.annotations HTTP service annotations
http:
type: ClusterIP
port: 3000
clusterIP: None
nodePort:
externalTrafficPolicy:
externalIPs:
ipFamilyPolicy:
ipFamilies:
loadBalancerSourceRanges: []
annotations: {}
## @param service.ssh.type Kubernetes service type for ssh traffic
## @param service.ssh.port Port number for ssh traffic
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
## @param service.ssh.loadBalancerIP LoadBalancer IP setting
## @param service.ssh.nodePort NodePort for ssh service
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.ssh.externalIPs External IPs for service
## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.ssh.hostPort HostPort for ssh service
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
## @param service.ssh.annotations SSH service annotations
ssh:
type: LoadBalancer
port: 2222
loadBalancerIP: 192.168.3.3
nodePort:
externalTrafficPolicy:
externalIPs:
ipFamilyPolicy:
ipFamilies:
hostPort:
loadBalancerSourceRanges: []
annotations: {}
## @section Ingress
## @param ingress.enabled Enable ingress
## @param ingress.className Ingress class name
## @param ingress.annotations Ingress annotations
## @param ingress.hosts[0].host Default Ingress host
## @param ingress.hosts[0].paths[0].path Default Ingress path
## @param ingress.hosts[0].paths[0].pathType Ingress path type
## @param ingress.tls Ingress tls settings
## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd.
ingress:
enabled: false
# className: nginx
className:
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: git.example.com
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: chart-example-tls
# hosts:
# - git.example.com
# Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar
# If helm doesn't correctly detect your ingress API version you can set it here.
# apiVersion: networking.k8s.io/v1
## @section StatefulSet
#
## @param resources Kubernetes resources
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
## @param schedulerName Use an alternate scheduler, e.g. "stork"
schedulerName: ""
## @param nodeSelector NodeSelector for the statefulset
nodeSelector: {}
## @param tolerations Tolerations for the statefulset
tolerations: []
## @param affinity Affinity for the statefulset
affinity: {}
## @param dnsConfig dnsConfig for the statefulset
dnsConfig: {}
## @param priorityClassName priorityClassName for the statefulset
priorityClassName: ""
## @param statefulset.env Additional environment variables to pass to containers
## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod
## @param statefulset.labels Labels for the statefulset
## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created
statefulset:
env:
[]
# - name: VARIABLE
# value: my-value
terminationGracePeriodSeconds: 60
labels: {}
annotations: {}
## @section Persistence
#
## @param persistence.enabled Enable persistent storage
## @param persistence.existingClaim Use an existing claim to store repository information
## @param persistence.size Size for persistence to store repo information
## @param persistence.accessModes AccessMode for persistence
## @param persistence.labels Labels for the persistence volume claim to be created
## @param persistence.annotations Annotations for the persistence volume claim to be created
## @param persistence.storageClass Name of the storage class to use
## @param persistence.subPath Subdirectory of the volume to mount at
persistence:
enabled: true
existingClaim: gitea-data-nfs
size: 10Gi
accessModes:
- ReadWriteOnce
labels: {}
annotations: {}
storageClass:
subPath:
## @param extraVolumes Additional volumes to mount to the Gitea statefulset
extraVolumes: []
# - name: postgres-ssl-vol
# secret:
# secretName: gitea-postgres-ssl
## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates.
extraContainerVolumeMounts: []
## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration.
extraInitVolumeMounts: []
## @deprecated The extraVolumeMounts variable has been split two:
## - extraContainerVolumeMounts
## - extraInitVolumeMounts
## As an example, can be used to mount a client cert when connecting to an external Postgres server.
## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container
extraVolumeMounts: []
# - name: postgres-ssl-vol
# readOnly: true
# mountPath: "/pg-ssl"
## @section Init
## @param initPreScript Bash shell script copied verbatim to the start of the init-container.
initPreScript: ""
#
# initPreScript: |
# mkdir -p /data/git/.postgresql
# cp /pg-ssl/* /data/git/.postgresql/
# chown -R git:git /data/git/.postgresql/
# chmod 400 /data/git/.postgresql/postgresql.key
## @param initContainers.resources.limits initContainers.limits Kubernetes resource limits for init containers
## @param initContainers.resources.requests.cpu initContainers.requests.cpu Kubernetes cpu resource limits for init containers
## @param initContainers.resources.requests.memory initContainers.requests.memory Kubernetes memory resource limits for init containers
initContainers:
resources:
limits: {}
requests:
cpu: 100m
memory: 128Mi
# Configure commit/action signing prerequisites
## @section Signing
#
## @param signing.enabled Enable commit/action signing
## @param signing.gpgHome GPG home directory
## @param signing.privateKey Inline private gpg key for signed Gitea actions
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
signing:
enabled: false
gpgHome: /data/git/.gnupg
privateKey: ""
# privateKey: |-
# -----BEGIN PGP PRIVATE KEY BLOCK-----
# ...
# -----END PGP PRIVATE KEY BLOCK-----
existingSecret: ""
## @section Gitea
#
gitea:
## @param gitea.admin.username Username for the Gitea admin user
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
## @param gitea.admin.password Password for the Gitea admin user
## @param gitea.admin.email Email for the Gitea admin user
admin:
# existingSecret: gitea-admin-secret
existingSecret:
username: gitea_admin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
## @param gitea.metrics.enabled Enable Gitea metrics
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
## @param gitea.ldap LDAP configuration
ldap:
[]
# - name: "LDAP 1"
# existingSecret:
# securityProtocol:
# host:
# port:
# userSearchBase:
# userFilter:
# adminFilter:
# emailAttribute:
# bindDn:
# bindPassword:
# usernameAttribute:
# publicSSHKeyAttribute:
# Either specify inline `key` and `secret` or refer to them via `existingSecret`
## @param gitea.oauth OAuth configuration
oauth:
[]
# - name: 'OAuth 1'
# provider:
# key:
# secret:
# existingSecret:
# autoDiscoverUrl:
# useCustomUrls:
# customAuthUrl:
# customTokenUrl:
# customProfileUrl:
# customEmailUrl:
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
config:
APP_NAME: "Remy's personal git hosting"
server:
DOMAIN: git.kluster.moll.re
ROOT_URL: https://git.kluster.moll.re
SSH_LISTEN_PORT: 2222
actions:
ENABLED: true
## @param gitea.additionalConfigSources Additional configuration from secret or configmap
additionalConfigSources: []
# - secret:
# secretName: gitea-app-ini-oauth
# - configMap:
# name: gitea-app-ini-plaintext
## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables
additionalConfigFromEnvs: []
## @param gitea.podAnnotations Annotations for the Gitea pod
podAnnotations: {}
## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image.
ssh:
logLevel: "INFO"
## @section LivenessProbe
#
## @param gitea.livenessProbe.enabled Enable liveness probe
## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness
## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated
## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe
## @param gitea.livenessProbe.periodSeconds Period for liveness probe
## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe
## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe
# Modify the liveness probe for your needs or completely disable it by commenting out.
livenessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 200
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
## @section ReadinessProbe
#
## @param gitea.readinessProbe.enabled Enable readiness probe
## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness
## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated
## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe
## @param gitea.readinessProbe.periodSeconds Period for readiness probe
## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe
## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe
# Modify the readiness probe for your needs or completely disable it by commenting out.
readinessProbe:
enabled: true
tcpSocket:
port: http
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
# # Uncomment the startup probe to enable and modify it for your needs.
## @section StartupProbe
#
## @param gitea.startupProbe.enabled Enable startup probe
## @param gitea.startupProbe.tcpSocket.port Port to probe for startup
## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated
## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe
## @param gitea.startupProbe.periodSeconds Period for startup probe
## @param gitea.startupProbe.successThreshold Success threshold for startup probe
## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe
startupProbe:
enabled: false
tcpSocket:
port: http
initialDelaySeconds: 60
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
## @section Memcached
#
## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
## ref: https://hub.docker.com/r/bitnami/memcached/tags/
## @param memcached.service.ports.memcached Port for Memcached
memcached:
enabled: true
# image:
# registry: docker.io
# repository: bitnami/memcached
# tag: ""
# digest: ""
# pullPolicy: IfNotPresent
# pullSecrets: []
service:
ports:
memcached: 11211
## @section PostgreSQL
#
## @param postgresql.enabled Enable PostgreSQL
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
postgresql:
enabled: true
image:
tag: 11
# diagnosticMode:
# enabled: true
# containerSecurityContext:
# runAsUser: 0
global:
postgresql:
auth:
password: gitea
database: gitea
username: gitea
service:
ports:
postgresql: 5432
primary:
persistence:
size: 10Gi
existingClaim: gitea-postgresql-data-nfs
mountPath: /bitnami/postgresql/data
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
# Set it to false to skip this basic validation check.
## @section Advanced
## @param checkDeprecation Set it to false to skip this basic validation check.
## @param test.enabled Set it to false to disable test-connection Pod.
## @param test.image.name Image name for the wget container used in the test-connection Pod.
## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
checkDeprecation: true
test:
enabled: true
image:
name: busybox
tag: latest
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []

12
infrastructure/argocd-imageupdate/argocd-image-updater-config.configmap.yaml

@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-image-updater-config
data:
git.commit-message-template: |
[CI SKIP] automatic update of {{ .AppName }}
{{ range .AppChanges -}}
updates image {{ .Image }} tag '{{ .OldTag }}' to '{{ .NewTag }}'
{{ end -}}

13
infrastructure/argocd-imageupdate/kustomization.yaml

@ -1,13 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
# - https://github.com/argoproj-labs/argocd-image-updater/manifests/base
- https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/manifests/install.yaml
patchesStrategicMerge:
- argocd-image-updater-config.configmap.yaml

6
infrastructure/argocd/argo-apps.application.yaml

@ -6,8 +6,8 @@ metadata:
spec:
project: default
source:
repoURL: https://github.com/moll-re/k3s-infra.git
targetRevision: HEAD
repoURL: ssh://git@github.com:moll-re/bootstrap-k3s-infra.git
targetRevision: main
path: kluster-deployments
destination:
server: https://kubernetes.default.svc
@ -15,4 +15,4 @@ spec:
syncPolicy:
automated:
prune: true
# selfHeal: true
# selfHeal: true

26
infrastructure/argocd/bootstrap-repo.sealedsecret.yaml Normal file

@ -0,0 +1,26 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "bootstrap-repo",
"namespace": "argocd",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "bootstrap-repo",
"namespace": "argocd",
"creationTimestamp": null,
"labels": {
"argocd.argoproj.io/secret-type": "repository"
}
}
},
"encryptedData": {
"sshPrivateKey": "AgBHHe0LWnuOpQ+9LTItn8pWnga7J/n1x3EYTqh7m9nillUGXLkEeaduVW6dghaeoQ7QVIeVkPO7Vy3WqHMoZ7O8+cwP2pdy2jhIZy1VUyj56/AMSWOBBKyZpfpUMDnGpD8o8GPX4Ru66WDV5R7i4v7wuT7aYkeYLw3Kle3SOvjstTrsI93j2d328VJGb2f4Ci4bj4N87/L/AQcDh2EnAzPQ884CjwW9W3+1ihQZ85WNlryKaAB0Pl0Hvrq+Kmfaw4XFJnfWfzymzgvLjoDJ7SyYdKwX4yT0UjTl/cyCKcQgUgXlLOUCG/kEy42U/nXwBn9cRNwzd7R5laeCJzyks0Acm06JjUCvXNxUPEVQt0Jj1nlLOBR+dWqxQPFGwwA1eOs286I+kuOaR5l+5UVLrlqm64vcKIa/A5sSAAu3afjPY2XZ3ahJ0A8d3KGeTTKNOfXPxAu94oqG3fapDeSladcHlyINkrctGWaMG3e8x1Gn9l1cLeOs8gEXEBkUt/RADMtDC5vris3Xx8mCiRT43Y0x+ApGTZ6bmCNHaXphbB2hDzqKrHr570rr4fby/oDwxl65qydtaiapRto1s7QInkJLMR/ogoC653/7zsoofo3Uuh9Pvy4cx0kcDEhpi6I7Qzoa038blf0oqPwsUjNfmY/+fnf86CXCJDynZxy82d0PCqPbTp0HLFM+5//NA1556LXyJALDii4Gr0eBv5la+T2oZY5QPAyZm5Lh18ipyC/EtB6Xikmxsc0Q1e1k40DSMO728el+eKpNf5pgowaufuimh13vfUP3CzqGHVcexPTHQHe6l1LW4dSyxZJ2AJUiRDe4fZseyHk7qAlJrsfm1tRhXqEUmZnnUL1GNRWyp1icz2WztNou2u/XiO/tC9UBAGkmm4TnEV1N054pi9l5GyWkeZ02jZWtie0kXt/l0194nBzCsgLDW1nvIinX3wDCG7jBfhw7/ut0G/AyvIFgpIvs3jiIcuKgWiNczSwOjiH9wWuFL3jGJnnMdZ0XB7RJTtMmurpoqAfwQcuBmJJ0t2v/aJO0RA76bvEC4IkRUnhI3hoNseIdiVVr/0YfcSuvHLN92YgFGT57FmQrYPhZkbRbSBTIVT2/2ovNC/k++/FRHeGWTgUrpe9WFHusNJI9xOfvc4KhEqBiRjvoLH+c0UF5/t0C1et8uMkfPFOvRRkUyF4HgRhnA1MlzLuXjGc2At3+gy3TOGypbd9fwXE+wGBd/2EViJjMnIYvKLc=",
"type": "AgAL1BYxeqsLKWq6aHTCSc7PUGrcyX8X8DCn6xCP6cY+4VjmSD0B9/9wp56DWAPI+bpCRG0uEzgFofB7NdgB2HFnkMxDZeP0TzNhcGZSmXw2e7V89JHS5V/d1f63TDiYfU+Btbgap6P7dL4onfcp6DVzgJ/DMAF9dNAlfV23O9TooclWGRbJ2S5OcmFn/m88atledYnKEF6UOIUYOdwVUEC3DdC4zFhs53wA1KJBrgKNI2e/CsjCNBpM6hl2pCGguJJsEQSdmwDxBQ+juR+HYiacutdKCsDVpYwmNTmxiqUUyCW/i2SkIKoGKfo3RbsW/B0bne+cZPtWU5H2TJRThhMyrMaEwev4ijlT5yvKb5EybZ4Kf2ARxjgrkyRy+eEo93gIXb36fVM4Dahc8byRWLoJbYuDxzSbyrHP8VdFXAhqIiVrU0BGrUYdKBxUlh/8Ga2IlX4KSZm/9Fb9vC0GhCSKH2uYjBIvakOsRC3NreM53C/DHnzodRxom1mhaLAQk0OcD2EhpA3tRoIl0X32sLI2BC9TgS7NM/DNBgQRLefUUtz/cjw/h4D1DdA29iZbJdjefTDVj2PlypG/CU91nC1vnZKy2JcP+c066KQHcNPhYXyAyoaaxyM59XTNNdzsLaLKnnrPGz2VAW4UYu/WEblE8VcjNuXkKV0L4e3KZHVKdrJHFr0uKN28M8yQZyAihrq9Ejk=",
"url": "AgCP08jVVXsx9i7pj3Y7THiICavOZe3yJ5pB+TaphXthaQgnsqCGJ6QiK/7ibS+qc+K6XIP0GhEQL+uMk0/DCtxflYoBTTzCYodCdhXWUwInetegcfoyTPVbdStTbYyeFZ1drsdpAazUHrwyQ+imFUCyNw6UzCiEptyEM7xcmaAAGlj/7IFqgzJey/Qrt3Uwn/R7OtVQsHUUzp4ftXMajz9sNNNMbAAVN+W1e7UGdDmQjYvInCTR6ju4t//9WgnMp2jRpLT4kFFIgW4YuuBbZNp3kcFytGwdiiuguRvpfbI7wNS92zUWNI/AO7iCdgkba/hZ48gEM4GCbbFxp7/RRHSLQUaeuNZi/7NPYlx46A/GilA5/XwnXOwxWL8TG0HdLfU6UJwG62AILxxtisUtMrSyAQC0IO6zKDctK5j/uJ9LnpSzRcBChJ0SPaB6qye/MlOXjx+i7bkSNssq21aUCVYJgoBc5PfUU0i6msNlMHEH//yhGPnqU+wL+BKNTBGNxs/e1vNkl2ZwIGcaigViQX4/PsvoF/iMXJJTugQAKaamZDYZSzEIdZAcNX9QJzDYc++VvFNVZ4qAvfMtDSGQ/kWEwYFjQBPJ/+jziG9ZNua8OzKdOMovDNqzG2tmJhB4S6JEvw7N/41UTIy+52PQL15Cx+U5UYdrEutz88DsXht6wlW9zyfVWMRAOgkrQWu268rwYRU37XfXfrIJB0Znoz8khrDZMJTKuo8tkcCztxqMF0/xGYHY1vMoyVQg1FJcZ3uULsen"
}
}
}

2
infrastructure/argocd/known-hosts.configmap.yaml

@ -6,5 +6,7 @@ metadata:
app.kubernetes.io/part-of: argocd
name: argocd-ssh-known-hosts-cm
data:
# this is the fingerprint of the host key of git.kluster.moll.re
ssh_known_hosts: |
[git.kluster.moll.re]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTtII97BheLIPWTpxMLmuFGFb7C96kqdhf78x7yWhlu
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=

13
infrastructure/argocd/kustomization.yaml

@ -3,12 +3,13 @@ kind: Kustomization
namespace: argocd
resources:
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
- namespace.yaml
- ingress.yaml
- argo-apps.application.yaml
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
- namespace.yaml
- ingress.yaml
- argo-apps.application.yaml
- bootstrap-repo.sealedsecret.yaml
patches:
- path: known-hosts.configmap.yaml
- path: argocd.configmap.yaml
- path: known-hosts.configmap.yaml
- path: argocd.configmap.yaml

5
apps/gitea/drone-kube-runner.deployment.yaml → infrastructure/gitea/drone-kube-runner.deployment.yaml

@ -2,12 +2,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: drone-runner
namespace: gitea
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: gitea
name: drone-runner
rules:
- apiGroups:
@ -36,11 +34,9 @@ kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: drone-runner
namespace: gitea
subjects:
- kind: ServiceAccount
name: drone-runner
namespace: gitea
roleRef:
kind: Role
name: drone-runner
@ -51,7 +47,6 @@ roleRef:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: gitea
name: drone-runner
labels:
app.kubernetes.io/name: drone-runner

5
apps/gitea/drone-server.deployment.yaml → infrastructure/gitea/drone-server.deployment.yaml

@ -2,7 +2,6 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-server
namespace: gitea
labels:
app: drone-server
spec:
@ -59,7 +58,6 @@ apiVersion: v1
kind: Service
metadata:
name: drone-server
namespace: gitea
labels:
app: drone-server
@ -75,7 +73,6 @@ apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: drone-server-ingress
namespace: gitea
spec:
entryPoints:
@ -94,7 +91,6 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
namespace: gitea
name: drone-data-nfs
labels:
directory: drone
@ -112,7 +108,6 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: gitea
name: drone-data-nfs
spec:
# storageClassName: fast

0
apps/gitea/drone-servers.sealedsecret.yaml → infrastructure/gitea/drone-server.sealedsecret.yaml

1
apps/gitea/gitea.ingress.yaml → infrastructure/gitea/gitea.ingress.yaml

@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: gitea-ingress
namespace: gitea
spec:
entryPoints:
- websecure

8
apps/gitea/gitea.pvc.yaml → infrastructure/gitea/gitea.pvc.yaml

@ -2,13 +2,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
namespace: gitea
name: gitea-data-nfs
spec:
# storageClassName: fast
capacity:
storage: "10Gi"
# volumeMode: Filesystem
accessModes:
- ReadWriteOnce
nfs:
@ -18,7 +15,6 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: gitea
name: gitea-data-nfs
spec:
storageClassName: ""
@ -32,13 +28,10 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
namespace: gitea
name: gitea-postgresql-data-nfs
spec:
# storageClassName: fast
capacity:
storage: "5Gi"
# volumeMode: Filesystem
accessModes:
- ReadWriteOnce
nfs:
@ -50,7 +43,6 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: gitea
name: gitea-postgresql-data-nfs
spec:
storageClassName: nfs-client

217
infrastructure/gitea/gitea.values.yaml Normal file

@ -0,0 +1,217 @@
## @section Service
service:
## @param service.http.type Kubernetes service type for web traffic
## @param service.http.port Port number for web traffic
## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None
## @param service.http.loadBalancerIP LoadBalancer IP setting
## @param service.http.nodePort NodePort for http service
## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.http.externalIPs External IPs for service
## @param service.http.ipFamilyPolicy HTTP service dual-stack policy
## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer
## @param service.http.annotations HTTP service annotations
http:
type: ClusterIP
port: 3000
clusterIP: None
nodePort:
externalTrafficPolicy:
externalIPs:
ipFamilyPolicy:
ipFamilies:
loadBalancerSourceRanges: []
annotations: {}
## @param service.ssh.type Kubernetes service type for ssh traffic
## @param service.ssh.port Port number for ssh traffic
## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None
## @param service.ssh.loadBalancerIP LoadBalancer IP setting
## @param service.ssh.nodePort NodePort for ssh service
## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation
## @param service.ssh.externalIPs External IPs for service
## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy
## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/).
## @param service.ssh.hostPort HostPort for ssh service
## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer
## @param service.ssh.annotations SSH service annotations
ssh:
type: LoadBalancer
port: 2222
loadBalancerIP: 192.168.3.3
nodePort:
externalTrafficPolicy:
externalIPs:
ipFamilyPolicy:
ipFamilies:
hostPort:
loadBalancerSourceRanges: []
annotations: {}
## @section Ingress
ingress:
enabled: false
## @param resources Kubernetes resources
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## @section Persistence
#
## @param persistence.enabled Enable persistent storage
## @param persistence.existingClaim Use an existing claim to store repository information
## @param persistence.size Size for persistence to store repo information
## @param persistence.accessModes AccessMode for persistence
## @param persistence.labels Labels for the persistence volume claim to be created
## @param persistence.annotations Annotations for the persistence volume claim to be created
## @param persistence.storageClass Name of the storage class to use
## @param persistence.subPath Subdirectory of the volume to mount at
persistence:
enabled: true
existingClaim: gitea-data-nfs
size: 10Gi
accessModes:
- ReadWriteOnce
labels: {}
annotations: {}
storageClass:
subPath:
# Configure commit/action signing prerequisites
## @section Signing
#
## @param signing.enabled Enable commit/action signing
## @param signing.gpgHome GPG home directory
## @param signing.privateKey Inline private gpg key for signed Gitea actions
## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
signing:
enabled: false
gpgHome: /data/git/.gnupg
privateKey: ""
# privateKey: |-
# -----BEGIN PGP PRIVATE KEY BLOCK-----
# ...
# -----END PGP PRIVATE KEY BLOCK-----
existingSecret: ""
## @section Gitea
#
gitea:
## @param gitea.admin.username Username for the Gitea admin user
## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials
## @param gitea.admin.password Password for the Gitea admin user
## @param gitea.admin.email Email for the Gitea admin user
admin:
username: gitea_admin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
## @param gitea.metrics.enabled Enable Gitea metrics
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
config:
APP_NAME: "Remy's personal git hosting"
server:
DOMAIN: git.kluster.moll.re
ROOT_URL: https://git.kluster.moll.re
SSH_LISTEN_PORT: 2222
actions:
ENABLED: true
## @param gitea.ssh.logLevel Configure OpenSSH's log level. Only available for root-based Gitea image.
ssh:
logLevel: "INFO"
## @section Memcached
#
## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website.
## ref: https://hub.docker.com/r/bitnami/memcached/tags/
## @param memcached.service.ports.memcached Port for Memcached
memcached:
enabled: true
# image:
# registry: docker.io
# repository: bitnami/memcached
# tag: ""
# digest: ""
# pullPolicy: IfNotPresent
# pullSecrets: []
service:
ports:
memcached: 11211
## @section PostgreSQL
#
## @param postgresql.enabled Enable PostgreSQL
## @param postgresql.global.postgresql.auth.password Password for the `gitea` user (overrides `auth.password`)
## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`)
## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`)
## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume
postgresql:
enabled: true
image:
tag: 11
# diagnosticMode:
# enabled: true
# containerSecurityContext:
# runAsUser: 0
global:
postgresql:
auth:
password: gitea
database: gitea
username: gitea
service:
ports:
postgresql: 5432
primary:
persistence:
size: 10Gi
existingClaim: gitea-postgresql-data-nfs
mountPath: /bitnami/postgresql/data
postgresql-ha:
enabled: false
# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update.
# Set it to false to skip this basic validation check.
## @section Advanced
## @param checkDeprecation Set it to false to skip this basic validation check.
## @param test.enabled Set it to false to disable test-connection Pod.
## @param test.image.name Image name for the wget container used in the test-connection Pod.
## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
checkDeprecation: true
test:
enabled: true
image:
name: busybox
tag: latest
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []

19
infrastructure/gitea/kustomization.yaml Normal file

@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- gitea.pvc.yaml
- gitea.ingress.yaml
- drone-kube-runner.deployment.yaml
- drone-server.deployment.yaml
- drone-server.sealedsecret.yaml
namespace: gitea
helmCharts:
- name: gitea
releaseName: gitea
version: 9.6.1
valuesFile: gitea.values.yaml
repo: https://dl.gitea.io/charts/

4
infrastructure/gitea/namespace.yaml Normal file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

25
kluster-deployments/argocd-imageupdate/application.yaml

@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd-imageupdate
namespace: argocd
annotations:
argocd-image-updater.argoproj.io/image-list: quay.io/argoprojlabs/argocd-image-updater
argocd-image-updater.argoproj.io/alias.update-strategy: latest
argocd-image-updater.argoproj.io/git-branch: main
argocd-image-updater.argoproj.io/write-back-target: kustomization:/infrastructure/argocd-imageupdate/
argocd-image-updater.argoproj.io/write-back-method: git
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
targetRevision: main
path: infrastructure/argocd-imageupdate
destination:
server: https://kubernetes.default.svc
namespace: journal
syncPolicy:
automated:
prune: true
selfHeal: true

2
kluster-deployments/backup/backup.application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: infrastructure/backup/overlays/backup
destination:

2
kluster-deployments/backup/common.application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: infrastructure/backup/common
destination:

2
kluster-deployments/backup/postgres.backup.application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: infrastructure/backup/postgres
destination:

2
kluster-deployments/backup/prune.application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: infrastructure/backup/overlays/prune
destination:

26
kluster-deployments/gitea-repo.sealedsecret.yaml Normal file

@ -0,0 +1,26 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "gitea-repo",
"namespace": "argocd",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "gitea-repo",
"namespace": "argocd",
"creationTimestamp": null,
"labels": {
"argocd.argoproj.io/secret-type": "repository"
}
}
},
"encryptedData": {
"sshPrivateKey": "AgAuB46H/Fu7ql0wEurUAR5BZdntwc7VB2d7UyAOj7Tt++fcv4iTUe6KBqHkpCqDNwxClhtD5LBkyHFKWPUMKMcEgFzLVtx0GBhJ+xI040po2ktDy6tFuyQqA060sAo2aT5jP6kbMmfD2o3h8Lxm7QF2XzczYlTb3ldSa/TQTaBgJ97aGHu8Evlath5s2ykGRc3iSn4HdaRv4gXCQVPDhCF6rb2MgA4/VjWJi/IgQ2V0RChCAX3PvlfjZs1ekfHn2NkQkP7TuxXbG6kNdw0RKXi10NC9uNNEyxu0ydMIECuLJn2YVsTZ2xZgBuAdy1CtnKqk4sLg8LNoOqXlXBeLMdy7TS8IA5WFyn7BQBhOW6ppwEjDk2yb/6Icn4WhU4YdN3qF9BdaIu//opN2NKuI932x+QsqeHXnbRAd/ylGBD3QadOsm4aDAlFaaMR+fLecUTaERkWVvCAj35hAtgPzi081uLVxzWRSaTrT1GgwkmHa1Hlh9MnjZZvkAExiTdi03jseRSfGlNOY3QAQz59NCSLL3wMrDwF21Jyd/XpKiSUw5Qxw85ympxJMnpDCnUG+4n/eKcHA1zdpAEhhZ+cZumqrS63ApCHeICdRvodpeUkS/Fd6//IKH/pW2xsMP1NZ6wLn49YZTX+TJdTbXp1EKD0dmEwtDGvvkx10BjNIAGFrUeLEuCNXV7MVDvb0dBfAWw8+aIEV10vYahq04t9akeM0ZUkAabi87w1RHEnSlnFDNCpR7DFWPUOltDUfgMtH59ANDIwk30sRU52eSSIJsXrI4XG+keV9LwHho0u5CgD9sgYB+QAJPKccxFPBJ4XK4N27bTlG9W2hTepnnB4O+mb0ZfpkafFHtQDy55xLeTibAwuXkltAW9tZzzfAiGC0Dr4BP70nuXf+mzqzbcvOdjlHNcPfqhwDAe4mn2ozPBzzPrOuOkGCUhufqjoEqqePAoOPoPppw8EcV2C6H0ipJCfPMYXLAPJo3XWnHnmcgEp2DBcJOjRoIElAq5KVrit1hEdBrF/1+1n84ABmxB+BLBtSnMG/9wIwAqe8KDA5lDpXxGJEMymGqBuITKDWz7kJ1d1OBkQirmC921EZ596jpFb7xqAEp/mAeZbJdsInyWekF3Ge4ocbp8GobywKlsUzshoifwk/clQTVPmmhwcMxUY2JJujvKu3kyM2N56dDEN+HG0zM+OHOXzCMC08+B0t3i3cPWtfXvRcjXBDDjHRvwMx03qoDV1rw/vjew4=",
"type": "AgBUdBqiYmxFWjEKOnQQq3eyWKxbfFYKEjF1wFM3cR3GvYQ73l0Zv4t8O/IyXA1n/b8JJsjangSSRE8gwqep+WwM3DDI/93GF3R5Qej1jWfur7m04ZovCXK4l5ira8H6U4aJ9Cim9+HNMzRekchcCMQvHhXeYaNp+gYNQnajU41BFQM1f1G7UF1KyQim/wY3vneAU+FaIYY6+kvTEA/Xd8z7bPYDUP0nuCc0Qt6lWhxiPkNBPOjq0BWBBabWUS6sp8QYgMirbu58aspxcvbGn4nU6qN+O10JLe9NrJO3b6i/62WOk9/SwRF+zbFYnTUF71kgtiV6VkPoUqGZdrxwgP3oBW0PJUlNYu0/1mlfsV6yirrVb3ULMTwqylD2WQzh6uXO1n3z7YFixakJBFU/6rHyabQyM2xTqgQug3da2GGlrK5F4cX6obGM4qg3RX1rjGJtcVstgJJXubIXlwdUAo+ZpBGoXLY6FHweVe6tGsbKQYDB+nT5TAoKCjpfRnRGsM13VoS8EEKyekVF5lRw/3sb/rZT5MqdDoTnp/f7IhSr9as3u8FUBZ+lBk2T2gXcNrL5mHUisXXJjQmM5I7Yt/nKbkipw4+2yGXkx0wRcFmP0HpHam4TQiqrALaZ08HmrChWFtY3/dRJG7dmbawBCVeeKaC5D2FUPuGKCHI/VoFI5XXMIUrZjAUvu6Z5z0iOhloFEfc=",
"url": "AgBqFKApOGBV4LA7N/rcT7vfYs3E0RVC4GHokOZFsB99Z2V7FhxppM68Acx0x7G7Pstr9ZM7x9RfRaOkkiHMePvOfUWWMvONk+lbzlLDMEy77kZxZzIlo0kQYL1wGXw55yQi3a0y5iMnIQCrJTEZ/PGFzNThzgNR8aMF+QeN+VcZDCGKM73hISk59pv+Yv4awFTAtkbN56vMOnO0ycCrHulnnBBrJKujEFpBIXC2FM+oXf/P4M/WpwFE7qiDhOVEwQfyNXbnt8F4X9Pm4lUMPlEyv5w6xOxMX6ejB+8hTkGxq0akXvSL20qdS6fJcA5/Lv1LU//3OlgjkvFJ7cRxFUFZ9suBZ7ubHXDTERlXONhkKDzhuI4iRoUcJHUVZILON2nA/MY1Sy1+2fymmqc7EVv9XtIihs0WdfGTP9j0UhtV3UycFupA5SnhyT5fe5nPThVivDfElXc4zIHENJy8EE3AeVrgBIPabjsEUkktrmvC0BCPJSqUoa3I9EPtiDGf3QEh1Yktr71p3jMrbpZnJqEJ0a9SOFRQ0pedqU7w1gWciuF3aEhzO12MnnEOiRb+s57VBtR7KdgVXLz9Up5rDreCCGVKSQNRxC85KqtPhKv45BExHC4cA/hgbsbslGKaAbB7QfgpuhZ41A2VvLtd71yGBehCFbP6UY6oE14HzC6h/+mTmgrL7DcM8mkJm7W1wKxnd/WqXNfmrGH1k4Znlfz+kzHOS6izKE5TPtavITH0842iwtlJwckkuwDY4uu4MxmtfQVsVjGU"
}
}
}

18
kluster-deployments/gitea/application.yaml Normal file

@ -0,0 +1,18 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea-application
namespace: argocd
spec:
project: infrastructure
source:
repoURL: ssh://git@github.com:moll-re/bootstrap-k3s-infra.git
targetRevision: main
path: infrastructure/gitea
destination:
server: https://kubernetes.default.svc
namespace: gitea
syncPolicy:
automated:
prune: true
selfHeal: true

2
kluster-deployments/argocd-imageupdate/kustomization.yaml → kluster-deployments/gitea/kustomization.yaml

@ -1,4 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- application.yaml
- application.yaml

2
kluster-deployments/homeassistant/application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: apps
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/homeassistant
destination:

2
kluster-deployments/immich/application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: apps
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/immich
destination:

6
kluster-deployments/journal/repo.sealedsecret.yaml

@ -18,9 +18,9 @@
}
},
"encryptedData": {
"sshPrivateKey": "AgBXAxyJk0OIXCUQ+bGEX7lj9sqUXHtsu6vflyQpv7USUl5y6WxbTDupwv7ewkqR7tir8fE5NqL6BlTSK1qvUP1L/Ba6jHBkA8r5Yz3QH73fjdjsMj12S/DUhSvN/aoSzwQBF+VW1MIoAhBwjh47DINes+Dbo9fvc9BcXzY5CS8+FcSrzNvh4Jh7u2bv9Xi9RswyeAWdvjRB2gPd1sDWk0yFEdz8d/wvQJ6SmB/+dhuB5RqdvnHtLCZf+wTDbyTyhKR+zUVmv0MhgremDFr+2KEUbWmi1KKhg1uZti7UHZ6KbssltHSMe0LstVQeuzjBBN1YLnc8AIKbCZBh7j7+UJ0ApEwiyA8uet54tjAjD/ai87tZW9fcMXqjlwf/xfB33m8UWZ/RsB2ipUhTMTPgmFrqQ5iK6rCFAHz8MbWy86CE97a7kYq+IwivtOJf5q87KVvfRLR1r/9LGHc0JWIYXaIsBaIakW6lJqeHTrvRfBsucf8b3DJTv6bhih8XZha5oWNx/d0HL21Y8wuxMJ2nM5KMJ5q4Kqor71cWbTqH2Eus/JaW5uU0qQQg6YvuCMc9STTESkm3pn8SJRM/4VLgC9taA2lpT6XykqrnegnxAan22/4FfVdHq4aTsL57KCyIxxb2s3Xg2x3EDRoI0bplMl7G2LAqRSKRQ0OVUEawizI9UFaJ/LLYZtoq61tdTvcNbp/V+w62N5g/4HVrwAElC17GyxpQQmTn+8e3eOU+Vp46VYQgA0g/p/OumJP24IGOCwa4qdLLsxiv8lVLbIDMYQ8sLQyieqOoCwgXSUqJRClT19K/JAaHbdLt5l5ZpGwD13hciaxPOZnSafqMXI/aDQfaWTknuQMtYR8wT2KW19w/x3YQzSU3ntEh9phVFLkMaPScB+rrX5b8QJNBWmsG8Waong8b0kz0gEG7QZCUMZdQqfSGxuBaADg4tJR8VVnSwRlIRw02SsqbL1zi4MQvTNl8l5C6dRU2bgJNj/r6IYKoNlUBtU8lxZ8yqaIDljcnsf/orYjNHLOoXMUamyQl2AZDf89vzYthobhpVlVZKOxA6mcCYjkYCBhVhZ8h+2SckrNnRcU8rajIAjWzKVnhvabAVmsF6cw00+QsgUMaWPb3PSiEwXy1xEhhM591F8AAhHYR4VyDDYUkKQS9UXAUnFJRCWRicGUfnzcvd4EAi0/2Kmz1trUIiCF1f3XTa75ynz4ifzciOU8IwCz/Xw0+vjb8aJ6LCll07Eed2sk=",
"type": "AgBHGEdzEMcn4m58AZwrO2ifFldHAVmtcccH9oh0NGZC5waVFPjD3mQs+OeMzkMQmaBSyOM9FhuYT3fTAZn/Kk68mFj/qhl3U9WQlMB8F5tW0bVVqGFCRJgwH0t74FZiOl7rbz/x5eJybBv2mBZf9slH/iDJo/NrM+EvoawY5+oo7WITUWDf61yM8TAyA9074Z6gdp7mpx4rmAqSd2eVOBA0BQOCnSwYwM4xLDtCbEA19U9fjywPr0FLI1s4iIc3xbR+OxbGh0ke/SHIxQ8C0MfLudfNRZazk7lZ2GISwm1LhePTYVTOeYYtkp03NOjvDidv8WSXRIGYci9gdoNtfa1SqS8h3wUTgMyyA5C2+3nnGXx7NExGlS1nExcfxa0Y+sR/Z9Nldk+UlhBNZP+BtE7yAokXbfKTXzLqLfLq9jRDLlBQlqGiGrklCuNIIS84h0DZtAiE17C7THpHZGDguhxlVnFxCsnyApCjYYE/lKk4zg2/UumktPzPdrwyRl0EZtYChgnCmwtRNfqE1sYUnU6sQI5cQLOrzUVm+RGut+XEqOp14d684fRYkMgqxUdpIvRsO4y8SlSrHq0g5Tu9N3ykrk+l2u1EDOW1tr+JryKMFvQxJrJ+iJlpdXUUc4rFn42PRhhFZ4+xclOl/HqFlSa9m3ycAj+1c+bHrpcymxUonfik6ggDZR7LOKP/0CANuvaUBdU=",
"url": "AgA6Zj3U6h+Qnx+RklbDHcYo+m7F+cSkdqAKeEv0/q2czxoiWZcnNywkFhsLd2JsUZCM2k7/0Z6jdiEKmO7y5Pu6En2KCOHpwVft2GZPrFIa516UUxi53+vJP9VrM7GOMJH77AFZ5OeLM7eFu85TIl9QXe8ZXQeuGdlr3aWNDWY0JPYHMgqJj3XEWv8ebzBTIW30rA2Yykg3Lvfxh1iY5oNf8hJ1XIUTeYler4yysWUQe6FchYVmnv35n54mLRkNeK9I/5anpJdE8aptptX1H0Ci/tYtGts68fKlhMzxnaOjfsw7xvoNOhWfaqoUyT/L8xQnAO7EZiblfJc6Pwvw3rCmdPpIUwTju5pqItvBDRn5TYMsGn7vrzM6ycluXbjpvcGnlM0FkHsekrjJUj+uhy6ZrSHr9pJCGDuxuYDeI0mPVcVpeJDZYB4EE3JBP1UsupoYl96anOGO13NN0+zJOl6oaRIRE3aVLsxaJwfujk9mnh3kyn2waPY2NEcYTn3b8gGMYFsrN9jT1j9edFEx67wG4Gy93EorQDPX5pp31TE37qcknRqqfY/VXu4zcT9aPqm26Ndwhy6fCTSZzt6NRDT7PqUmgcDTN1pJnAZV77/Bh+gAEDzrlClAMDWes/6Fo7iHqtiWQz/LAAWrUJoUrF/wFdZ4Lf7Q8jB4RgaKTegRK3gZeGt1Rp7ljzcFosx9Tfp7M4sWOnk28NhJeHJjp0/TwtnRZ1IQxaaAojlAOubOksXGOa8sojYuYqcE9TatTjvK6T55dSwDxM8="
"sshPrivateKey": "AgCaTyeP8TwLWOOWsXbnH3lNnUxAWQIVG4+t+O4RWV7BS75LWp3ggmuiTX2mQF5D0B1VK1XB51hlCajQQW+LTZXUW3W8fn68wTi8FlbV5nSIpk+zAR3+07APGs09kwCwKDVBEZytMZdCGcJsEXghVTjgHL3eF73HPmORMKVvJ1D5Q6KfqX1s8XhbHE+LGM5qf30q8x+wfug7LacdFWbn0L/WR+k3Uw2EWh01M4loIBvERd48zGViYjWHZeOCAV3tu50KaiAwqlq//E0B1vIDouHDcma8EPr6OO5xCdTt6eLW+OWaDPVqKklhAXO4LiLVL6mpW+N+JTsCpyzSLxJyuLMrNoCvZsQpn1MqpNayRIx0n7Xmt2Ie9CBnKVcCF7v4kJofe2u558ZpOoUnZmB+iVOQVhonYVFW7IGfPjDpSNcI9RDicBRtnmBqzrLQwMv2kNG65eosjgtZtaPEF5Zo6mSYeutFuqjHy3J8HXJmtB5jTmXkHXEpRjMApoqKZyV4et0DF2QdZYrBSOnIY8r7ki8XvlN5bRHWD3irIT6ItzLQ/gb7A16MmqrjhIa9w6eiKhPk6sNJh9LBIadbBLluajPeVtf9B0Z4n1gcGKnrdv9ed+afgOLnT+rgwp5KTam2eeraoNp2gVG+Y6Yo1BUcjbbavpNTxCj8/V9/xd93tPtfl4FHdNveA8TowGqctwQ0T0z0BZ4puUt139QAPT85ckHt29h/1BtWvTIXea9IDD8NHt9MIG8y3v6ZzIbLoyhHhN9IWMqSeDu2r/lcLn+A38osF4WHBZyh+D9KMbKCn7EBck0o2LNfzzIcA4Py+xLEaSc9Zwrdp4H132VmQVoNWU1Ehkzd744kxIqzCvFU6nvYoxlnuV/Y9eP3cxSwSHbDqA+91pScDy76zanvUUcEmiSUN92GQEJV2/iCRbejvef1GClaEXc8rq6aTsb/w5NAaybT6dWV2LEMlY/wdx4TCqOVq3McYBZ6uOviShg2NC6qpDywG4h52uVVUd+LL12o16jeOzLPvIb0BZQYvPIFP2h3ur98zJSInN4vR7htwDYq7EbhyqF33LpgB+yqR3PLKShbpXjCtOPTnx6rXb9arUE7Dx8OHvXn+LnsKIUIJs2JbLAXwrMj42Z0c4BsdmcsVTphqcE8I4SqlTIibQGs3+BxRIo4c28t5Z+5SfmdAJctgLbyO+tCaR8gWBsx1myMIr/Z6vljAAI7AqKWU8RMi9o4aEBKvBNY1HQfHRc=",
"type": "AgAgzf5llrSWW7HI8d6QnLv31t0eKEbzwbL2ssPO11EqVSW4Pv5kudAOguQcuIN+8suBpvZ4DXyt7/lKc9A1uAzdpQM7B1bR7616MJLjVkKT4IIPc1dWRa8dXFS9w1bD9jAnNiJdu67nczVlbZbzdnQu4aGOmnHkvz7hD0eLmA/VUETZE/r1SPHLmeJBjz9O+6UNRjq35SJTIhjxoYBm5CQXPzJ7XxqDaQEwcvB8DycmgwrnxvTCAzoQaYJU4p8WsaVzlhgzh4TmHsNFzM92giLYBSnRPWUjDAPdtSEk8jZh5UjAIsptkQT4e+K5MYAiMJM4AfvSJEUHzvTJRHFfR/6IV7m7GSLe/IofQjYz9K/bh3aYoy42LdqF4uBDCZUVezsnwbreLJqbs9l++8fEFzfSfTQ4IMdDu1y5lTJazvvPBLhqRh39n255L9d9j/5T/xxnSZL0GaR1BR6gLMCzxSmHNAyu7HWZLHoCJDavDDPCaeu3VR6I7ek6BbI8aRTTcFkBxpIRBxSyNkc4brZnf0QTGcvJU4eaRbkasWltpANE/v092yIjMa5lmCChJuzBGGP9dCKeYSjAhcSr8Th1QtFaeoemGtM2uZkg7QZlmycvwZcWVi0RZReaW2r6oGpkAldzdLewHyf1AvNgSrG69NzRveJdtwGtfC/15T8Nen/npKrICPBegX6SqVosYgYyfDru0Vk=",
"url": "AgBInFis3TiCSRBVYNRJCn1NnBw3ynChue3akHMQkrLz5DccXtskw+Zr+Jl4ZTPohm5XRZbHKREq3/l7iv5+XRc+tqiCldZHVdPliH6bmSy0JWBR/0Gw2NhpIzF6gUaZR7FAhPdKTUcbnz/gdJEyLQYg+5jSHwqw/Mz/BUsxg1ngRbEeSpE6aYk0pbapmBLNxCkWROD3a5Vv3bOn461r71gE4VEZOlcxZkWhcFp0To8jgThkan2uDlx1hjtgCOLlih/5jkva6+ieVE7Fch7uUfcm+wWEOc2kIcZ4ARjP3vmVMSXiBLNRCEXyhtRAdvY8uvRC6vuIi2NBaaAGOqL26+sw8mbUm7dwdhlGGVuxGAwYKN9SY5L8YAgoYTWJ2LNIQqNXLUyThzRvb+40qvYETwH/Yd1qyKS5ZL+kMSKLRPHko0y79TKnZTLwhvKjzF9mbXhkLUm9zaB+54S2G5GmrCwzM62xIL+xW59P2+g0FDn5Pjhp7SoDhkFEuLi49LJ7HJs+Doyki9RIm9+Y+GxJeMdacvA6vZbmWJTnpcjq7TwUNOlA4RshMdJO38ZZm70EjS/pvFnNvufElYFMC060AVGXStx736tfRZL2xlRjzbKTeumJsVkm4yP/1ALaU2GVhKuzThZFAVSXDRSSpCLJWK/N5XHnOWeqH/Dwn8fZu9n0DJcMCyntOxqJyLHWXybJvJ7gn8gHskPSZZr+aB7tUX18GYpx7f2x9QPC/GMC/bzHBxXgVghxr+tCqFOYBzeSgLs264Ht653UVlo="
}
}
}

8
kluster-deployments/kustomization.yaml

@ -5,11 +5,15 @@ namespace: argocd
resources:
# infrastructure
# repo keys
# - bootstrap-repo.sealedsecret.yaml already set for app of apps
- gitea-repo.sealedsecret.yaml
# infrastructure apps
- projects.yaml
- nfs/
- backup/
# - argocd-imageupdate/
- gitea/
- renovate/
- traefik/

2
kluster-deployments/nfs/application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@github.com:moll-re/bootstrap-k3s-infra.git
targetRevision: main
path: infrastructure/nfs/
destination:

2
kluster-deployments/ntfy/application.yaml

@ -7,7 +7,7 @@ metadata:
spec:
project: apps
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/ntfy
destination:

2
kluster-deployments/renovate/application.yaml

@ -7,7 +7,7 @@ metadata:
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: infrastructure/renovate
destination:

2
kluster-deployments/rss/application.yaml

@ -7,7 +7,7 @@ metadata:
spec:
project: apps
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/rss
destination:

2
kluster-deployments/traefik/application.yaml

@ -7,7 +7,7 @@ metadata:
spec:
project: infrastructure
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@github.com:moll-re/bootstrap-k3s-infra.git
targetRevision: main
path: infrastructure/traefik-system
destination:

2
kluster-deployments/whoami/application.yaml

@ -6,7 +6,7 @@ metadata:
spec:
project: apps
source:
repoURL: https://github.com/moll-re/k3s-infra.git
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/whoami/overlays/main
destination: