fix sealed secret

renovate test
fix
2023-12-07 16:39:01 +01:00 · 2023-12-07 16:36:57 +01:00 · 2023-12-07 00:58:39 +01:00 · 2023-12-07 00:46:53 +01:00 · 2023-12-06 21:19:57 +01:00 · 2023-12-06 19:46:20 +01:00
22 changed files with 174 additions and 84 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 *.secret.yaml
 charts/
--- a/README.md
+++ b/README.md
@ -8,16 +8,15 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+4SlRIV9wOKYZbBrPuW18K6GGjnDEviCYQvGQuKOm0
 ```
 ### Initial setup
-On a running (but otherwise bare) k3s instance run:
+On a running (and sealed-secrets installed) k3s instance run:
 ```
 kubectl apply -k infrastructure/argocd
 ```
 This will install argocd and CRDs in a dedicated namespace along with the app-of-apps configured under `kluster-deployments/`.
 The app-of-apps will bootstrap a fully featured cluster with the following components
- postgres instance
+- postgres instance with backups
 - backup of all nfs PVCs using restic
- traefik along with metallb as a publicly accessible reverse proxy
+- traefik (along with metallb as a publicly accessible reverse proxy)
 - an nfs-provisioner creating PVCs on-demand
 - the bitnami sealedsecrets-operator
 - a range of selfhosted apps
--- a/apps/adguard/deployment.yaml
+++ b/apps/adguard/deployment.yaml
@ -28,7 +28,7 @@ spec:
        env:
        - name: TZ
          value: Europe/Berlin
-        image: adguard/adguardhome:v0.107.7
+        image: adguard/adguardhome:v0.107.41
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
--- a/apps/adguard/ingress.yaml
+++ b/apps/adguard/ingress.yaml
@ -1,42 +1,15 @@
 # apiVersion: traefik.containo.us/v1alpha1
 # kind: Middleware
 # metadata:
 #   name: authentik-auth
 #   namespace: adguard
 # spec:
 #   forwardAuth:
 #     address: https://adguard.kluster.moll.re/outpost.goauthentik.io/auth/traefik
 #     trustForwardHeader: true
 #     authResponseHeaders:
 #       - X-authentik-username
 #       - X-authentik-groups
 #       - X-authentik-email
 #       - X-authentik-name
 #       - X-authentik-uid
 #       - X-authentik-jwt
 #       - X-authentik-meta-jwks
 #       - X-authentik-meta-outpost
 #       - X-authentik-meta-provider
 #       - X-authentik-meta-app
 #       - X-authentik-meta-version
 # ---
 apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
+kind: IngressRouteTCP
 metadata:
-  name: adguard-ingress
+  name: adguard-tls-ingress
  namespace: adguard
 spec:
  entryPoints:
-    - websecure
+    - dnsovertls
  routes:
-    - match: Host(`adguard.kluster.moll.re`)
+    - match: HostSNI(`adguard.kluster.moll.re`)
      kind: Rule
      # middlewares:
      #   - name: authentik-auth
      services:
-        - name: adguard-home
+        - name: adguard-adguard-home-dns-tcp
-          port: 3000
+          port: 53
  tls:
    certResolver: default-tls
--- a/infrastructure/backup/base/cronjob.yaml
+++ b/infrastructure/backup/base/cronjob.yaml
@ -18,12 +18,15 @@ spec:
          # run after completion of initContainers
          - name: ntfy-command-send
            image: curlimages/curl
-            command: ["curl"]
+            command:
              - /bin/sh
              - -c
            args:
              - >-
                curl
                https://ntfy.kluster.moll.re/backup
                -H "Title: ${OPERATION}"
                -d "Finished successfully"
                https://ntfy.kluster.moll.re/backup
            env:
              - name: OPERATION
                value: "PLACEHOLDER"
--- a/infrastructure/backup/postgres/postgres.sealedsecret.yaml
+++ b/infrastructure/backup/postgres/postgres.sealedsecret.yaml
@ -15,7 +15,7 @@
      }
    },
    "encryptedData": {
-      "password": "AgBKXybtQWxHVX0UeQ9z5VOSJp9dadp+j+8VxBzyh37BdfLA9l5YppOWgK2RpmQmFmcrrxr7u2SgyJ4rP60n0r8LHLcmPTXAUJe5b07HTVOLn8Q4C9ObEkWVXBycmI5Kc8vHZ+OW8T3s/QqrnLIlQPOq56mjsWjO24O/72aUl4IzlrSq3NYPAMpQOwfgoam/4ZaHed6+Im40eQalkEWRlk5KOkSayWsrNJNccAhnZ8JapCP25pVVfz5xJc9286jNqTCgGt1Ez3xTXbd3LPI2QgeonIPU9zqlXeQgjS/UuAIuKyEW7ypD2/7lLoU1Yk4XMzIreVSrYgfy7ylnC++FPZBI+32/ocbEgpXPX9O/gb2tQLANVEn9BwVyPe3MW/vB63ryyfhtrPQbNJCJNnwKlsoS+HcVYBGAAtjdUYD4/2fKabH7Th2SlMIJvGBwhxpJo1bnblHoTUQ/Ao5gaUIcZC0qCnd9ZKVRKwtFsJrgqnEAapd9dNdDu9RBxVKAUa0TS+ahnXBaC87lvydb/9PxLz+J7E27oInt9coFEHpaZFNdt0QJXUqs3DF0JO7ll3wC+R1iDUWRY3NKf/bpiGgkwk3VtUkIXcW5biaD7lF8inrLVzktvQGET/CbYre5ws9qj5xF4NUYUivYexiP8isScnbrys671GizUjxFoPQpWotEHmZ9DNsIYOF3OvewKjDllpo1izKmY1Y="
+      "password": "AgBZViaCuD8Zm/nkDe95xVZXgeRVJ0zE64e8efigBrkM+XUT9ber034QY5USZWalJ8nC930FB5t4N96D+LyWWXiLrYQvnYHpsi+wxJd3H/EimQo1IJ7XKNHxRC226NGX8ugb9Lez71IZaldyK3tAX0yoQ5/j304+mzetP/535EKYjZ7NucYE7KMUDsb5JsAaswd2H5fIl61PK/lEVN9AJLIo9MKL0zbGDOJCh1WNG6bUn0oi825R9AT80QulXFl/qxBHQT8R/u1AIqJDnrhLf8CiMBCs60K4D/A/F3uFwzsfGF4t2tDrowbPnGL7abAfe+DeHW8WSQoiMQWe/rTb4mnaErRNWSWmSwOcFNtUt9QQG4LvH44RTLaXKxbNfZphsNtBYk+F8SPngOok8FxoyycwUwDbA5clCt/Kh9bMOfUQpXrPc/rfXR5FO23kxM8h2pfC7QYNej0k3LexcikdQrpqRj9yMAVMSI7xF35Tfc5buqasIDlgRxTSi2Pn/fAFIK3QqY7YQWZOYzuD3w6aTUx0trmHNTycmotKV/kbni/ZOMmf6NMGbZs5R3VbmA1vFtdp9YVD5dJ0t0aTXTdNuWjeC0+vQF0lnXPWonRYf65e8KOwcuDjTYU6ghDfQPngJ01FFoTgiF+X/1iZ+7uvIeIULak8dMIQz6CqfrCkahkimz5u2c+b3ZPlNnXRyPmZE/1JscLXaKuXvg=="
    }
  }
 }
--- a/infrastructure/renovate/cronjob.yaml
+++ b/infrastructure/renovate/cronjob.yaml
@ -0,0 +1,26 @@
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: renovate
 spec:
  schedule: '@hourly'
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - name: renovate
              # Update this to the latest available and then enable Renovate on
              # the manifest
              image: renovate/renovate:35
              args:
                - user/repo
              # Environment Variables
              env:
                - name: LOG_LEVEL
                  value: debug
              envFrom:
                - secretRef:
                    name: renovate-env
          restartPolicy: Never
--- a/infrastructure/renovate/env.sealedsecret.yaml
+++ b/infrastructure/renovate/env.sealedsecret.yaml
@ -0,0 +1,28 @@
 {
  "kind": "SealedSecret",
  "apiVersion": "bitnami.com/v1alpha1",
  "metadata": {
    "name": "renovate-env",
    "namespace": "renovate",
    "creationTimestamp": null
  },
  "spec": {
    "template": {
      "metadata": {
        "name": "renovate-env",
        "namespace": "renovate",
        "creationTimestamp": null
      },
      "type": "Opaque"
    },
    "encryptedData": {
      "RENOVATE_AUTODISCOVER": "AgCi+SttRaCTLc7WgBxUiYS56TFgY67zBsMDtRSYbCSXs1XpoTyzOiT0X1gRki8VkGUiI4KQSu/Tph5qbgLnmqrGi7SvzMYzz+vuvPNH9vTPHNnuu92deG1MOxzogybmu3utJyybImWCiv1r7huZuKOLnBhs+r3qC+tImQ6ZcBSvSvVzTQsX5MIed68Xhkx/ZJkoDMAI7MkqZsNsWZbbuQ2HSBpnAkcgUTey3nbO3168aV4Pa/fQhomyTp62v71lVmoYtPmElCrhJUCOlMSSqKxv8zNSCiZImJRTszb1+VeJF2OrfGh8PK6qVWBlY0COiy/VXuVPgJLzPmUJD5yv0qTWITh0c23N4KahNrTfx6l96ctQWY6pU9dJo8fnMLBR4RLxVnQiq8vVDrwFytzQkLtj1E1SP/DCKhk84b2ZfPji+y4teQN0L68VQeZJCvzsxzgkksqDfatOxMyAmx1prkuNM1AlUmYuba8mDvLeViSWxk1pS+qYiaZTAl5GSVHDWSCU02HmoQkmUsSfvEgHUna4Jp86io0GXAyTXjidJf+RpbQ+dTNXAL+m1/3HxhlSDG48idclJJ0oIedF/FzVD53B6QvkqGqAypYrHm4A61DZLSZrvTYE4GuHXKbF75rbvktnC07sTMm/a1tr4zym9Q7ngG3NtDA+WrCe4P/e8m+tO1GwRuC2OW2owWrhpAelAQEu0Ten",
      "RENOVATE_ENDPOINT": "AgAZuBCJeukXw54Na4CR8hJT/OW4KnO7ztLk2IGFGknkwFv7olxfE8X/j9IDps+EKL5Sq0I27jq5ZYaAg8i7mmrF6IxeC25Ri2nhl9/vIzFs6h+UtbBe7Yqel7ysnQ/wZ9+cOfedOr0vO7s4edYAKwmmHNDwKFG/YwXs4XyfS/f5lMQ3W3Ecu0ML9z0wfzzzjbixaE4jPHEkTD6FegiP3tPN1xoU3hQO91Sv46hZ5eh7dDwXwH8BU6GUUb/nKeIGrKekQVrBxDt867A+sRiRtcSvhMxg7w9fFV+CyY4z9cehOUwh/Mf6BTANIoGXCFdWZcWP8RvnpkcDTaolhlKkBZ3CHbyGUPdtENVK/0mPyWC8lss2BXIl5bV7SGoTIlCxWLOdfP/RIGL+1FcpDg+n/H46jeDI+4vSWZapu8jGAaDTlDtwMvq3XbKHcpjBmIr8aKG++LU8gNrGf+lhulbFjn+VZC26+M/aGVrY1U7rOt7HTF/L1Q40k1J6IDbpsX08UiacQwvIpcgs6RZ0bdng2xY+3kEfdFVxwKGwHkL3LJrxb09P3WfSEDpV7aTh/dhXwVCfRJpiTeOopiZMRH4etXNmLPoZi2E+NZSAnYVV8BuQAS0ETopTu8WKK41+yr2r0PXbiYBLElji8ckfnMaA5//ocgwUqtaBTNs4duKRfUI6f1tunZWvlkwzzU++ib5pn81D35dYFrN9cM7I/+P6fCaUt2yYaJHzQtcNvrn0N/P6zYHI",
      "RENOVATE_GIT_AUTHOR": "AgCtYOZW5mAfiMqhx4CZfPFCtT/MSMmnYOWG210yrac88zx1epHgMlaVoZ1eD9l5kIjOw86QoYLHCOXFm/aE88BbEmuCWG3fh+/sHiXgztBHwOaHBd9EkS48/aVRx/CeapNfjtqB9HpvdV4uD9/zxfRz9+f1kQiibW4cy5Jmbd69L1i4k1h4NW/9LdznBZGIaw4XM8At5sXYNfetQH/IG7OJCwZ+nG/ESfHayF2p0s44R+lkDVHNcy7193iznfFHZjgZ13dr3Sy14JNPmrRba0ySRkcsXW8+oiUckKqaW6SMFNxev5o0ys1S8dothyxDJIPeKfRLVnqkO7aWsQqpVQVFnXBCs1bA1A90gkpMow1qm2WDAa80qI79GZWbNWOyHUzt0Y7UcjPcVyiJjd2DhWBVA8vn9UGhj7FN2vU2L0zrB3DDTYP6dKmVCo61Z2P3RGP7+BFk7+bIb65cE+LZvDhM3ED94aTuZ+ol2pQWzp/Kxle6zGznS7NZ1Lb04997UKW8isrebmYsALh3ljXmcgB4X/jH8F29wqeAMsY0ystotzeRZ/rtB06qa7qmlBkYXBY5sV8GqohAxRotr6I+CKeFIf9wm4DBQaVMc7lJqstvuCA5G94Rh30QRGMInfRW0vaXukhLMpuOYtBSXLNjlYFRLxTT7tjUJdhyQqbdTNRHNIA4noABoXIXPCscpAGPhgNipoiOfadmsNZEhf/rBlAZtDTSOg19LV82RwfJ3lhB0eDp",
      "RENOVATE_GIT_URL": "AgBzTC6keBSA+o7Ppfj/af7D+ebwpbDkIH7Vv8oRePPWvnbamtzcTmsamjW11Xn0w6eRGYZm6cnbP9GnGnjn6/VyCFpl+jTUm/pZNQjthpm4VEi3stvQtt9TdSnguWZILWbb60JwFQcBVNdyOlj+ow/yD39LgK28McOfSHg5zw93IX8OkqqHyI2VIZ53u5xtARTL04Hni6/KF8qY6rjukncV7pwn5y+zWvcfMICmBiazI1FJjuj6O3jznDffYmvOUOOaxCQK82OipY5zGg3sznjdJnXt6emAznO+i0NIc9xYl5qWWm9onXdjLxDzoLjxdQQNwQ2JNvROCeWs7E7LZzcUYhjfhNUBTRZb3Y1mqH4OcVKauEZcKhp5kFKM2gwI1SutGmZltMjCvbnEav7Hjp0ZQN4ybIP+yJVNNTpUtSw7sdu3Ectoe7rsSBOPgT8fQvLeWyqLL/cBxkOnmsVBmt7tTfgBmrodhYM/p2Fl1MFpxNQQsXDB7PdArs3s6ZQrgWmvvuZAk73knUxWL9vGZRJU6EbXb6clPrLNJlNz8xJjCvub4o2U8rykhTV6n/g/IgcO0GKm/vDijWgaktFS9zzQLWdpdyV2ptAbPm2o0CWW04WBxthhY8NOG7C2HcRWB9IvZByED2ghLDXA9Rzcn7VfP7Qo9ed7ZoJRlChwmY8kcFS2lccPvqKzV+oQq1cQkWpIyMzv+TZK0w==",
      "RENOVATE_GIT_USERNAME": "AgBfBA0vZhMRs7SU2zMaVzYzCQ01q4wVBfU0YkYbs8WrWAPVl+1DWt+c7q5XaBU5QG3hXCZKiyXTq8nldTT06zXswd41DuYN473c3de2PJwuLpyC3Kxp40od7flcMiUOGznm8MlPtn/SteN4GDIifud7y0sawbvNsm5Mfqu6aqMRQamzhxnJw/hUXXd07O5G1A1QXYmSiWLKAGykjdOphad/OScW+gJ+gNjnh2RsFhrUxZqP7Lwa7echhTkMcVmfFX0BQFK7pRbAKqQwxFBWWRbFQvfdYTqOqkkYa4abEUzNz8rcVbsDTIGVJHUGxMWcy2CkqjeeAYFO96NIr34LQ92gF+in6EQVZhKmbdOWDFhV7mrV84Wew7qJLnzWVNOAacm+E1cSh1pWBX71SIJ9oTHm64Lz8T6+YLR/WxbETMKs+HoYBZRnyISOTMtnQFOyiC9rPhBpUFtC8Q7UuQlntiXubz/JtXxu1mbT1Rq69y9QDRObIE0597XxOrxMCuwCOWU27SrbQd3ne923d1UmSWpaN8O5DYuu5GTJQuG6C669uBzO6L9f2iL7ykLZTcs37i7rAzLqBjWKwCm6zyz2MdztXhllJNgblYB943Whx8Rw9GbAZnmapQ8DAd5fzPaR6FjhUuZ/C4XnmhsQ8h81iCssWiI/sXW1Jl68mP48/aMVXDJCar+9avMls+p7pYjt7g+/RHQ6SehqmA==",
      "RENOVATE_PLATFORM": "AgAWNczM1n5N2YtAFClfIRRJ3l1iP34fSP/dx+ffbtDsfQJvp8EqJmAOIyrSXbcY9aqST6jGQvTaHpUMBbtaUXyakAn5sGC7CtAJYo5pJ6wKUygJ36q5uhpfj4ocyqNZuipBEVMbPcE3Jt+s0bnS1bmQRCQOSSm89nWf669gZGCfgVEvEYmHXGmXLgYbPTCBhjLLPyx5ZzeVoF+D+RG945a/GtOxChRAkm4eTFMJ6gzzSThbi3/9rFWohpXM6VJynpv8/X1sYEbaUuGh4sYSxYK9X9YGYR9vn+U5uPBvpBtsctvHY3JoLL/9pNKw9fu6JltBm8ynItV+I2nkssP4UROkVamu8Q8YzXuXYS+H5D5q74qy+J21QgKIKzxhQ08gvCbYH+1C2x0NSjZtjqKHutzhp6rLAEXQrMUS+1HwHxYzsxLJZzI2xwPNc829EwSWq/VkeS8jS7sUU1oKOikfbxpatvvMUX6t0VNDlsFoAbcTVrOwipTs6Cosu5ttiwr213KkuZ6eTWUnOxyZgLyNYBimuwhcvfEazmn/VG74qWTCRM2b7EtBcj/q997K7euMIEPAYfMZ1L3tr58szJ/ZSUYoe3x5W5DOAwv7Ut9gmtf4GlmajLkUmgP/bIInae8D/LweWXnPRb7PrQE46za7aNVcMBN6xLVeuIStA+g9dSsYpVfflhbGsuTAKo8g7oveaHOuPxKARg==",
      "RENOVATE_TOKEN": "AgB2UWMGLKcFyG0PTMrykaZaUqFJmM5JEPYAMRxzMWR00JfAXjnArCkWFZtyQ/oc7YKmHUGE1D2ChFYJrxZzCyRwgukLf2w0vUh+lfS8Iv9bpZv6PHhGLSXw1IaBan7Bm1f1GN5ig1S4jrZNqCJI4Lc8w/Wb8Mtw8Zsk+toBMZjaa7bfhceoFKhFbaKRc8LDMCwatV0gGM8m8TPji5rpCAJJ2xd9HQdDkoAFu75aYV0qbXsE7MOm5cjjqrxKQWtevOWYi5tcbUvwQFm+1mAkpe/52a61j4Iu1hIqjTb8f6ONu8ut88UfpbYoiZNgtjASrbCYAiEK49qY3HAHcoYhnuWHdREQbxjOk2f/vx12QXEvs/1QzdK3CF67qctZ9QEWn6xI8MRKw/KiUWCXjh8WEQvdAhQ9MGLH1kWMLq/km+TQm6N6gDjbCo3kov/qhLl4iqMJYR0A4mqJGN9yJHG4kC3YcYmOElw0K8/P4zKR6HBJNCQU47+pvhOnaiiMyH9uOOek3Sad52mRdhFa9f7o/Suojlep0W17GETvyz5Z5W4YqxBk0qPcVc2dK8YkpQnAoZ8pJoJSX7N+mI3jsHyTT3swu6PR1sAL9owpV2lVcs3GWDN4I8IAmQ4ZuBXhfkRDnLq7EYhD0HyZ2w1ySfHc8P43PfTBrUFllkDuxpwv6LuimTuR6kgVAaSAvuIrOkfq53OhWtYWRJzt5JPxu+V40QpeSZXetLb/iqEY1lgVEYeKAEHc5SfPwtTN"
    }
  }
 }
--- a/infrastructure/renovate/kustomization.yaml
+++ b/infrastructure/renovate/kustomization.yaml
@ -0,0 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources: 
 - namespace.yaml
 - env.sealedsecret.yaml
 - cronjob.yaml
 namespace: renovate
--- a/infrastructure/renovate/namespace.yaml
+++ b/infrastructure/renovate/namespace.yaml
@ -0,0 +1,5 @@
 # namespace.yaml
 apiVersion: v1
 kind: Namespace
 metadata:
  name: placeholder
--- a/infrastructure/traefik-system/config.values.yaml
+++ b/infrastructure/traefik-system/config.values.yaml
@ -1,2 +0,0 @@
 name: traefik
 chart: traefik/traefik
--- a/infrastructure/traefik-system/configmap.yaml
+++ b/infrastructure/traefik-system/configmap.yaml
@ -2,7 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: traefik-config
  namespace: traefik-system
 data:
  traefik.toml: |
    [ping]
@ -69,6 +68,8 @@ data:
        address = ":9100"
      [entryPoints.traefik]
        address = ":9000"
      [entryPoints.dnsovertls] # route dns over https to other pods but provide own certificate
        address = ":853"
    [metrics]
      [metrics.influxDB2]
--- a/infrastructure/traefik-system/kustomization.yaml
+++ b/infrastructure/traefik-system/kustomization.yaml
@ -0,0 +1,20 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources: 
  - namespace.yaml
  - pvc.yaml
  - configmap.yaml
 namespace: traefik-system
 helmCharts:
  - name: traefik
    releaseName: traefik
    version: 26.0.0
    valuesFile: values.yaml
    repo: https://helm.traefik.io/traefik
  # - name: telegraf
  #   releaseName: telegraf?
  #   version: "?"
  #   valuesFile: telegraf.values.yaml
  #   repo: https://helm.influxdata.com/
--- a/infrastructure/traefik-system/namespace.yaml
+++ b/infrastructure/traefik-system/namespace.yaml
@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: placeholder
--- a/infrastructure/traefik-system/pvc.yaml
+++ b/infrastructure/traefik-system/pvc.yaml
@ -1,13 +1,10 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
  namespace: traefik-system
  name: traefik-certificate
 spec:
  # storageClassName: fast
  capacity:
    storage: "10Mi"
  # volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  nfs:
@ -17,13 +14,12 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  namespace: traefik-system
  name: traefik-certificate
 spec:
  # storageClassName: fast
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: "10Mi"
  volumeName: traefik-certificate
  storageClassName: ""
--- a/infrastructure/traefik-system/telegraf.config.values.yaml
+++ b/infrastructure/traefik-system/telegraf.config.values.yaml
@ -1,2 +0,0 @@
 name: telegraf-traefik
 chart: influxdata/telegraf
--- a/infrastructure/traefik-system/values.yaml
+++ b/infrastructure/traefik-system/values.yaml
@ -1,11 +1,3 @@
 # Default values for Traefik
 image:
  name: traefik
  # defaults to appVersion
  tag: ""
  pullPolicy: IfNotPresent
 #
 # Configure the deployment
 #
@ -90,8 +82,8 @@ pilot:
 experimental:
  http3:
    enabled: false
-  plugins:
+  # plugins:
-    enabled: false
+  #   enabled: false
  kubernetesGateway:
    enabled: false
@ -158,12 +150,6 @@ volumes: []
  #     name: traefik-config
 # - name: public-cert
 #   mountPath: "/certs"
 #   type: secret
 # - name: '{{ printf "%s-configs" .Release.Name }}'
 #   mountPath: "/config"
 #   type: configMap
 # Additional volumeMounts to add to the Traefik container
 additionalVolumeMounts:
@ -192,24 +178,17 @@ additionalArguments: []
 env:
  - name: TZ
    value: "Europe/Berlin"
 # - name: SOME_VAR
 #   value: some-var-value
 # - name: SOME_VAR_FROM_CONFIG_MAP
 #   valueFrom:
 #     configMapRef:
 #       name: configmap-name
 #       key: config-key
 # - name: SOME_SECRET
 #   valueFrom:
 #     secretKeyRef:
 #       name: secret-name
 #       key: secret-key
 # Configure ports
-ports: {} # leave unconfigured to use the values from the toml file
+ports:
  # add a new one, the other ones are kept the same.
  dnsovertls:
    port: 853
    expose: true
    exposedPort: 853
    protocol: TCP
 envFrom: []
--- a/kluster-deployments/kustomization.yaml
+++ b/kluster-deployments/kustomization.yaml
@ -5,10 +5,15 @@ namespace: argocd
 resources:
  # infrastructure
  - projects.yaml
  - nfs/
  - backup/
-  - argocd-imageupdate/
+  # - argocd-imageupdate/
  - renovate/
  - traefik/
  # simple apps
  - whoami/
  - journal/
  - immich/
--- a/kluster-deployments/renovate/application.yaml
+++ b/kluster-deployments/renovate/application.yaml
@ -0,0 +1,19 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: renovate-application
  namespace: argocd
 spec:
  project: infrastructure
  source:
    repoURL: https://github.com/moll-re/k3s-infra.git
    targetRevision: main
    path: infrastructure/renovate
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/kluster-deployments/renovate/kustomization.yaml
+++ b/kluster-deployments/renovate/kustomization.yaml
@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - application.yaml
--- a/kluster-deployments/traefik/application.yaml
+++ b/kluster-deployments/traefik/application.yaml
@ -0,0 +1,19 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: traefik-application
  namespace: argocd
 spec:
  project: infrastructure
  source:
    repoURL: https://github.com/moll-re/k3s-infra.git
    targetRevision: main
    path: infrastructure/traefik-system
  destination:
    server: https://kubernetes.default.svc
    namespace: traefik-system
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/kluster-deployments/traefik/kustomization.yaml
+++ b/kluster-deployments/traefik/kustomization.yaml
@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - application.yaml
Author	SHA1	Message	Date
Remy Moll	733b65eed8	fix sealed secret	2023-12-07 16:39:01 +01:00
Remy Moll	f7a8e9c280	renovate test	2023-12-07 16:36:57 +01:00
Remy Moll	b90d090645	fix	2023-12-07 00:58:39 +01:00
Remy Moll	2a2a644cec	fix storageclass name	2023-12-07 00:46:53 +01:00
Remy Moll	63693026cf	fix deployment	2023-12-06 21:19:57 +01:00
Remy Moll	ab3dba75c5	automatically deploy traefik	2023-12-06 19:46:20 +01:00
Remy Moll	8d381d8b93	Curl again	2023-12-04 18:02:10 +01:00
Remy Moll	2d8148c137	update notify	2023-12-02 19:24:18 +01:00
Remy Moll	0c4e6f7c70	once more	2023-11-30 12:08:34 +01:00
Remy Moll	7e1204e089	update postgres secret	2023-11-30 12:06:00 +01:00
		`@ -1,2 +0,0 @@`
			`name: telegraf-traefik`
			`chart: influxdata/telegraf`