Compare commits
1 Commits
main
...
feature/ma
| Author | SHA1 | Date | |
|---|---|---|---|
| 563f85bc6b |
@ -27,10 +27,7 @@ data:
|
|||||||
ratelimit_whitelist: []
|
ratelimit_whitelist: []
|
||||||
refuse_any: true
|
refuse_any: true
|
||||||
upstream_dns:
|
upstream_dns:
|
||||||
- tls://1.1.1.1
|
- https://dns10.quad9.net/dns-query
|
||||||
- tls://dns.google
|
|
||||||
- tls://p0.freedns.controld.com
|
|
||||||
- tls://dns.quad9.net
|
|
||||||
upstream_dns_file: ""
|
upstream_dns_file: ""
|
||||||
bootstrap_dns:
|
bootstrap_dns:
|
||||||
- 9.9.9.10
|
- 9.9.9.10
|
||||||
@ -38,7 +35,8 @@ data:
|
|||||||
- 2620:fe::10
|
- 2620:fe::10
|
||||||
- 2620:fe::fe:10
|
- 2620:fe::fe:10
|
||||||
fallback_dns: []
|
fallback_dns: []
|
||||||
upstream_mode: load_balance
|
all_servers: false
|
||||||
|
fastest_addr: false
|
||||||
fastest_timeout: 1s
|
fastest_timeout: 1s
|
||||||
allowed_clients: []
|
allowed_clients: []
|
||||||
disallowed_clients: []
|
disallowed_clients: []
|
||||||
@ -74,8 +72,6 @@ data:
|
|||||||
dns64_prefixes: []
|
dns64_prefixes: []
|
||||||
serve_http3: false
|
serve_http3: false
|
||||||
use_http3_upstreams: false
|
use_http3_upstreams: false
|
||||||
serve_plain_dns: true
|
|
||||||
hostsfile_enabled: true
|
|
||||||
tls:
|
tls:
|
||||||
enabled: false
|
enabled: false
|
||||||
server_name: ""
|
server_name: ""
|
||||||
@ -92,14 +88,12 @@ data:
|
|||||||
private_key_path: ""
|
private_key_path: ""
|
||||||
strict_sni_check: false
|
strict_sni_check: false
|
||||||
querylog:
|
querylog:
|
||||||
dir_path: ""
|
|
||||||
ignored: []
|
ignored: []
|
||||||
interval: 2160h
|
interval: 2160h
|
||||||
size_memory: 1000
|
size_memory: 1000
|
||||||
enabled: true
|
enabled: true
|
||||||
file_enabled: true
|
file_enabled: true
|
||||||
statistics:
|
statistics:
|
||||||
dir_path: ""
|
|
||||||
ignored: []
|
ignored: []
|
||||||
interval: 24h
|
interval: 24h
|
||||||
enabled: true
|
enabled: true
|
||||||
@ -116,10 +110,6 @@ data:
|
|||||||
url: https://someonewhocares.org/hosts/zero/hosts
|
url: https://someonewhocares.org/hosts/zero/hosts
|
||||||
name: Dan Pollock's List
|
name: Dan Pollock's List
|
||||||
id: 1684963532
|
id: 1684963532
|
||||||
- enabled: true
|
|
||||||
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt
|
|
||||||
name: Peter Lowe's Blocklist
|
|
||||||
id: 1735824753
|
|
||||||
whitelist_filters: []
|
whitelist_filters: []
|
||||||
user_rules: []
|
user_rules: []
|
||||||
dhcp:
|
dhcp:
|
||||||
@ -144,36 +134,13 @@ data:
|
|||||||
blocking_ipv6: ""
|
blocking_ipv6: ""
|
||||||
blocked_services:
|
blocked_services:
|
||||||
schedule:
|
schedule:
|
||||||
time_zone: Europe/Berlin
|
time_zone: UTC
|
||||||
sun:
|
ids: []
|
||||||
start: 18h
|
|
||||||
end: 23h59m
|
|
||||||
mon:
|
|
||||||
start: 18h
|
|
||||||
end: 23h59m
|
|
||||||
tue:
|
|
||||||
start: 18h
|
|
||||||
end: 23h59m
|
|
||||||
wed:
|
|
||||||
start: 18h
|
|
||||||
end: 23h59m
|
|
||||||
thu:
|
|
||||||
start: 18h
|
|
||||||
end: 23h59m
|
|
||||||
fri:
|
|
||||||
start: 18h
|
|
||||||
end: 23h59m
|
|
||||||
sat:
|
|
||||||
start: 18h
|
|
||||||
end: 23h59m
|
|
||||||
ids:
|
|
||||||
- reddit
|
|
||||||
protection_disabled_until: null
|
protection_disabled_until: null
|
||||||
safe_search:
|
safe_search:
|
||||||
enabled: false
|
enabled: false
|
||||||
bing: true
|
bing: true
|
||||||
duckduckgo: true
|
duckduckgo: true
|
||||||
ecosia: true
|
|
||||||
google: true
|
google: true
|
||||||
pixabay: true
|
pixabay: true
|
||||||
yandex: true
|
yandex: true
|
||||||
@ -182,13 +149,11 @@ data:
|
|||||||
parental_block_host: family-block.dns.adguard.com
|
parental_block_host: family-block.dns.adguard.com
|
||||||
safebrowsing_block_host: standard-block.dns.adguard.com
|
safebrowsing_block_host: standard-block.dns.adguard.com
|
||||||
rewrites: []
|
rewrites: []
|
||||||
safe_fs_patterns:
|
|
||||||
- /opt/adguardhome/data/userfilters/*
|
|
||||||
safebrowsing_cache_size: 1048576
|
safebrowsing_cache_size: 1048576
|
||||||
safesearch_cache_size: 1048576
|
safesearch_cache_size: 1048576
|
||||||
parental_cache_size: 1048576
|
parental_cache_size: 1048576
|
||||||
cache_time: 30
|
cache_time: 30
|
||||||
filters_update_interval: 168
|
filters_update_interval: 24
|
||||||
blocked_response_ttl: 10
|
blocked_response_ttl: 10
|
||||||
filtering_enabled: true
|
filtering_enabled: true
|
||||||
parental_enabled: true
|
parental_enabled: true
|
||||||
@ -203,7 +168,6 @@ data:
|
|||||||
hosts: true
|
hosts: true
|
||||||
persistent: []
|
persistent: []
|
||||||
log:
|
log:
|
||||||
enabled: true
|
|
||||||
file: ""
|
file: ""
|
||||||
max_backups: 0
|
max_backups: 0
|
||||||
max_size: 100
|
max_size: 100
|
||||||
@ -215,4 +179,4 @@ data:
|
|||||||
group: ""
|
group: ""
|
||||||
user: ""
|
user: ""
|
||||||
rlimit_nofile: 0
|
rlimit_nofile: 0
|
||||||
schema_version: 29
|
schema_version: 27
|
||||||
|
|||||||
@ -10,7 +10,7 @@ resources:
|
|||||||
images:
|
images:
|
||||||
- name: adguard/adguardhome
|
- name: adguard/adguardhome
|
||||||
newName: adguard/adguardhome
|
newName: adguard/adguardhome
|
||||||
newTag: v0.107.61
|
newTag: v0.107.53
|
||||||
|
|
||||||
namespace: adguard
|
namespace: adguard
|
||||||
|
|
||||||
|
|||||||
@ -12,4 +12,4 @@ namespace: audiobookshelf
|
|||||||
images:
|
images:
|
||||||
- name: audiobookshelf
|
- name: audiobookshelf
|
||||||
newName: ghcr.io/advplyr/audiobookshelf
|
newName: ghcr.io/advplyr/audiobookshelf
|
||||||
newTag: "2.21.0"
|
newTag: "2.15.0"
|
||||||
|
|||||||
@ -1,41 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: code-server
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: code-server
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: code-server
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: code-server
|
|
||||||
image: code-server
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
env:
|
|
||||||
- name: TZ
|
|
||||||
value: Europe/Berlin
|
|
||||||
- name: CONFIG_PATH
|
|
||||||
value: /data/config
|
|
||||||
- name: METADATA_PATH
|
|
||||||
value: /data/metadata
|
|
||||||
volumeMounts:
|
|
||||||
- name: data
|
|
||||||
mountPath: /home/coder
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: "50m"
|
|
||||||
memory: "100Mi"
|
|
||||||
limits:
|
|
||||||
cpu: "6"
|
|
||||||
memory: "16Gi"
|
|
||||||
volumes:
|
|
||||||
- name: data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: code-server-data
|
|
||||||
|
|
||||||
@ -1,17 +0,0 @@
|
|||||||
apiVersion: traefik.io/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: audiobookshelf-ingressroute
|
|
||||||
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`code.kluster.moll.re`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: code-server-web
|
|
||||||
port: 8080
|
|
||||||
|
|
||||||
tls:
|
|
||||||
certResolver: default-tls
|
|
||||||
@ -1,15 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- pvc.yaml
|
|
||||||
- deployment.yaml
|
|
||||||
- service.yaml
|
|
||||||
- ingress.yaml
|
|
||||||
|
|
||||||
namespace: code-server
|
|
||||||
|
|
||||||
images:
|
|
||||||
- name: code-server
|
|
||||||
newName: ghcr.io/coder/code-server
|
|
||||||
newTag: 4.99.3-fedora
|
|
||||||
@ -1,11 +0,0 @@
|
|||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: code-server-data
|
|
||||||
spec:
|
|
||||||
storageClassName: "nfs-client"
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 10Gi
|
|
||||||
@ -1,11 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: code-server-web
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app: code-server
|
|
||||||
ports:
|
|
||||||
- port: 8080
|
|
||||||
targetPort: 8080
|
|
||||||
type: LoadBalancer
|
|
||||||
@ -1,17 +1,18 @@
|
|||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: IngressRoute
|
kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
name: kitchenowl-ingressroute
|
name: dendrite-ingressroute
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`kitchen.kluster.moll.re`)
|
- match: Host(`dendrite.kluster.moll.re`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: kitchenowl-web
|
- name: dendrite
|
||||||
port: 8080
|
port: 8008
|
||||||
|
# scheme: https
|
||||||
|
|
||||||
tls:
|
tls:
|
||||||
certResolver: default-tls
|
certResolver: default-tls
|
||||||
16
apps/dendrite/kustomization.yaml
Normal file
16
apps/dendrite/kustomization.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- postgres.yaml
|
||||||
|
- postgres-user.secret.yaml
|
||||||
|
- ingress.yaml
|
||||||
|
|
||||||
|
namespace: dendrite
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: dendrite
|
||||||
|
releaseName: dendrite
|
||||||
|
version: 0.13.5
|
||||||
|
valuesFile: values.yaml
|
||||||
|
repo: https://matrix-org.github.io/dendrite/
|
||||||
25
apps/dendrite/postgres.yaml
Normal file
25
apps/dendrite/postgres.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
apiVersion: postgresql.cnpg.io/v1
|
||||||
|
kind: Cluster
|
||||||
|
metadata:
|
||||||
|
name: dendrite-postgres
|
||||||
|
spec:
|
||||||
|
instances: 1
|
||||||
|
imageName: ghcr.io/cloudnative-pg/postgresql:16.4
|
||||||
|
bootstrap:
|
||||||
|
initdb:
|
||||||
|
owner: dendrite
|
||||||
|
database: dendrite
|
||||||
|
secret:
|
||||||
|
name: postgres-password
|
||||||
|
|
||||||
|
# Persistent storage configuration
|
||||||
|
storage:
|
||||||
|
size: 2Gi
|
||||||
|
pvcTemplate:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 2Gi
|
||||||
|
storageClassName: nfs-client
|
||||||
|
volumeMode: Filesystem
|
||||||
287
apps/dendrite/values.yaml
Normal file
287
apps/dendrite/values.yaml
Normal file
@ -0,0 +1,287 @@
|
|||||||
|
|
||||||
|
# signing key to use
|
||||||
|
signing_key:
|
||||||
|
# -- Create a new signing key, if not exists
|
||||||
|
create: true
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
jetstream:
|
||||||
|
# -- PVC Storage Request for the jetstream volume
|
||||||
|
capacity: "1Gi"
|
||||||
|
# -- The storage class to use for volume claims.
|
||||||
|
storageClass: "nfs-client"
|
||||||
|
media:
|
||||||
|
# -- PVC Storage Request for the media volume
|
||||||
|
capacity: "1Gi"
|
||||||
|
# -- The storage class to use for volume claims.
|
||||||
|
storageClass: "nfs-client"
|
||||||
|
search:
|
||||||
|
# -- PVC Storage Request for the search volume
|
||||||
|
capacity: "1Gi"
|
||||||
|
# -- The storage class to use for volume claims.
|
||||||
|
storageClass: "nfs-client"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
dendrite_config:
|
||||||
|
version: 2
|
||||||
|
global:
|
||||||
|
# -- **REQUIRED** Servername for this Dendrite deployment.
|
||||||
|
server_name: "dendrite.kluster.moll.re"
|
||||||
|
|
||||||
|
# -- The server name to delegate server-server communications to, with optional port
|
||||||
|
# e.g. localhost:443
|
||||||
|
well_known_server_name: ""
|
||||||
|
|
||||||
|
# -- The server name to delegate client-server communications to, with optional port
|
||||||
|
# e.g. localhost:443
|
||||||
|
well_known_client_name: ""
|
||||||
|
|
||||||
|
# -- Lists of domains that the server will trust as identity servers to verify third
|
||||||
|
# party identifiers such as phone numbers and email addresses.
|
||||||
|
trusted_third_party_id_servers:
|
||||||
|
- matrix.org
|
||||||
|
- vector.im
|
||||||
|
|
||||||
|
# -- The paths and expiry timestamps (as a UNIX timestamp in millisecond precision)
|
||||||
|
# to old signing keys that were formerly in use on this domain name. These
|
||||||
|
# keys will not be used for federation request or event signing, but will be
|
||||||
|
# provided to any other homeserver that asks when trying to verify old events.
|
||||||
|
old_private_keys:
|
||||||
|
# If the old private key file is available:
|
||||||
|
# - private_key: old_matrix_key.pem
|
||||||
|
# expired_at: 1601024554498
|
||||||
|
# If only the public key (in base64 format) and key ID are known:
|
||||||
|
# - public_key: mn59Kxfdq9VziYHSBzI7+EDPDcBS2Xl7jeUdiiQcOnM=
|
||||||
|
# key_id: ed25519:mykeyid
|
||||||
|
# expired_at: 1601024554498
|
||||||
|
|
||||||
|
# -- Disable federation. Dendrite will not be able to make any outbound HTTP requests
|
||||||
|
# to other servers and the federation API will not be exposed.
|
||||||
|
disable_federation: false
|
||||||
|
|
||||||
|
key_validity_period: 168h0m0s
|
||||||
|
|
||||||
|
database:
|
||||||
|
# -- The connection string for connections to Postgres.
|
||||||
|
# This will be set automatically if using the Postgres dependency
|
||||||
|
connection_string: "postgresql://dendrite:supersecretpassword!@dendrite-postgres-rw/dendrite"
|
||||||
|
# -- Default database maximum open connections
|
||||||
|
max_open_conns: 90
|
||||||
|
# -- Default database maximum idle connections
|
||||||
|
max_idle_conns: 5
|
||||||
|
# -- Default database maximum lifetime
|
||||||
|
conn_max_lifetime: -1
|
||||||
|
|
||||||
|
jetstream:
|
||||||
|
# -- Persistent directory to store JetStream streams in.
|
||||||
|
storage_path: "/data/jetstream"
|
||||||
|
# -- NATS JetStream server addresses if not using internal NATS.
|
||||||
|
addresses: []
|
||||||
|
# -- The prefix for JetStream streams
|
||||||
|
topic_prefix: "Dendrite"
|
||||||
|
# -- Keep all data in memory. (**NOTE**: This is overriden in Helm to `false`)
|
||||||
|
in_memory: false
|
||||||
|
# -- Disables TLS validation. This should **NOT** be used in production.
|
||||||
|
disable_tls_validation: true
|
||||||
|
|
||||||
|
cache:
|
||||||
|
# -- The estimated maximum size for the global cache in bytes, or in terabytes,
|
||||||
|
# gigabytes, megabytes or kilobytes when the appropriate 'tb', 'gb', 'mb' or
|
||||||
|
# 'kb' suffix is specified. Note that this is not a hard limit, nor is it a
|
||||||
|
# memory limit for the entire process. A cache that is too small may ultimately
|
||||||
|
# provide little or no benefit.
|
||||||
|
max_size_estimated: 1gb
|
||||||
|
# -- The maximum amount of time that a cache entry can live for in memory before
|
||||||
|
# it will be evicted and/or refreshed from the database. Lower values result in
|
||||||
|
# easier admission of new cache entries but may also increase database load in
|
||||||
|
# comparison to higher values, so adjust conservatively. Higher values may make
|
||||||
|
# it harder for new items to make it into the cache, e.g. if new rooms suddenly
|
||||||
|
# become popular.
|
||||||
|
max_age: 1h
|
||||||
|
|
||||||
|
report_stats:
|
||||||
|
# -- Configures phone-home statistics reporting. These statistics contain the server
|
||||||
|
# name, number of active users and some information on your deployment config.
|
||||||
|
# We use this information to understand how Dendrite is being used in the wild.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
presence:
|
||||||
|
# -- Controls whether we receive presence events from other servers
|
||||||
|
enable_inbound: false
|
||||||
|
# -- Controls whether we send presence events for our local users to other servers.
|
||||||
|
# (_May increase CPU/memory usage_)
|
||||||
|
enable_outbound: false
|
||||||
|
|
||||||
|
server_notices:
|
||||||
|
# -- Server notices allows server admins to send messages to all users on the server.
|
||||||
|
enabled: false
|
||||||
|
# -- The local part for the user sending server notices.
|
||||||
|
local_part: "_server"
|
||||||
|
# -- The display name for the user sending server notices.
|
||||||
|
display_name: "Server Alerts"
|
||||||
|
# -- The avatar URL (as a mxc:// URL) name for the user sending server notices.
|
||||||
|
avatar_url: ""
|
||||||
|
# The room name to be used when sending server notices. This room name will
|
||||||
|
# appear in user clients.
|
||||||
|
room_name: "Server Alerts"
|
||||||
|
|
||||||
|
# prometheus metrics
|
||||||
|
metrics:
|
||||||
|
# -- Whether or not Prometheus metrics are enabled.
|
||||||
|
enabled: false
|
||||||
|
# HTTP basic authentication to protect access to monitoring.
|
||||||
|
basic_auth:
|
||||||
|
# -- HTTP basic authentication username
|
||||||
|
user: "metrics"
|
||||||
|
# -- HTTP basic authentication password
|
||||||
|
password: metrics
|
||||||
|
|
||||||
|
app_service_api:
|
||||||
|
# -- Disable the validation of TLS certificates of appservices. This is
|
||||||
|
# not recommended in production since it may allow appservice traffic
|
||||||
|
# to be sent to an insecure endpoint.
|
||||||
|
disable_tls_validation: false
|
||||||
|
# -- Appservice config files to load on startup. (**NOTE**: This is overriden by Helm, if a folder `./appservices/` exists)
|
||||||
|
config_files: []
|
||||||
|
|
||||||
|
client_api:
|
||||||
|
# -- Prevents new users from being able to register on this homeserver, except when
|
||||||
|
# using the registration shared secret below.
|
||||||
|
registration_disabled: true
|
||||||
|
|
||||||
|
# Prevents new guest accounts from being created. Guest registration is also
|
||||||
|
# disabled implicitly by setting 'registration_disabled' above.
|
||||||
|
guests_disabled: true
|
||||||
|
|
||||||
|
# -- If set, allows registration by anyone who knows the shared secret, regardless of
|
||||||
|
# whether registration is otherwise disabled.
|
||||||
|
registration_shared_secret: "supersecretpassword"
|
||||||
|
|
||||||
|
|
||||||
|
# TURN server information that this homeserver should send to clients.
|
||||||
|
turn:
|
||||||
|
# -- Duration for how long users should be considered valid ([see time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more)
|
||||||
|
turn_user_lifetime: "24h"
|
||||||
|
turn_uris: []
|
||||||
|
turn_shared_secret: ""
|
||||||
|
# -- The TURN username
|
||||||
|
turn_username: ""
|
||||||
|
# -- The TURN password
|
||||||
|
turn_password: ""
|
||||||
|
|
||||||
|
rate_limiting:
|
||||||
|
# -- Enable rate limiting
|
||||||
|
enabled: true
|
||||||
|
# -- After how many requests a rate limit should be activated
|
||||||
|
threshold: 20
|
||||||
|
# -- Cooloff time in milliseconds
|
||||||
|
cooloff_ms: 500
|
||||||
|
# -- Users which should be exempt from rate limiting
|
||||||
|
exempt_user_ids:
|
||||||
|
|
||||||
|
federation_api:
|
||||||
|
# -- Federation failure threshold. How many consecutive failures that we should
|
||||||
|
# tolerate when sending federation requests to a specific server. The backoff
|
||||||
|
# is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc.
|
||||||
|
# The default value is 16 if not specified, which is circa 18 hours.
|
||||||
|
send_max_retries: 16
|
||||||
|
# -- Disable TLS validation. This should **NOT** be used in production.
|
||||||
|
disable_tls_validation: false
|
||||||
|
prefer_direct_fetch: false
|
||||||
|
# -- Prevents Dendrite from keeping HTTP connections
|
||||||
|
# open for reuse for future requests. Connections will be closed quicker
|
||||||
|
# but we may spend more time on TLS handshakes instead.
|
||||||
|
disable_http_keepalives: false
|
||||||
|
# -- Perspective keyservers, to use as a backup when direct key fetch
|
||||||
|
# requests don't succeed.
|
||||||
|
# @default -- See value.yaml
|
||||||
|
key_perspectives:
|
||||||
|
- server_name: matrix.org
|
||||||
|
keys:
|
||||||
|
- key_id: ed25519:auto
|
||||||
|
public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
|
||||||
|
- key_id: ed25519:a_RXGa
|
||||||
|
public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
|
||||||
|
|
||||||
|
media_api:
|
||||||
|
# -- The path to store media files (e.g. avatars) in
|
||||||
|
base_path: "/data/media_store"
|
||||||
|
# -- The max file size for uploaded media files
|
||||||
|
max_file_size_bytes: 10485760
|
||||||
|
# Whether to dynamically generate thumbnails if needed.
|
||||||
|
dynamic_thumbnails: false
|
||||||
|
# -- The maximum number of simultaneous thumbnail generators to run.
|
||||||
|
max_thumbnail_generators: 10
|
||||||
|
# -- A list of thumbnail sizes to be generated for media content.
|
||||||
|
# @default -- See value.yaml
|
||||||
|
thumbnail_sizes:
|
||||||
|
- width: 32
|
||||||
|
height: 32
|
||||||
|
method: crop
|
||||||
|
- width: 96
|
||||||
|
height: 96
|
||||||
|
method: crop
|
||||||
|
- width: 640
|
||||||
|
height: 480
|
||||||
|
method: scale
|
||||||
|
|
||||||
|
sync_api:
|
||||||
|
# -- This option controls which HTTP header to inspect to find the real remote IP
|
||||||
|
# address of the client. This is likely required if Dendrite is running behind
|
||||||
|
# a reverse proxy server.
|
||||||
|
real_ip_header: X-Real-IP
|
||||||
|
# -- Configuration for the full-text search engine.
|
||||||
|
search:
|
||||||
|
# -- Whether fulltext search is enabled.
|
||||||
|
enabled: true
|
||||||
|
# -- The path to store the search index in.
|
||||||
|
index_path: "/data/search"
|
||||||
|
# -- The language most likely to be used on the server - used when indexing, to
|
||||||
|
# ensure the returned results match expectations. A full list of possible languages
|
||||||
|
# can be found [here](https://github.com/matrix-org/dendrite/blob/76db8e90defdfb9e61f6caea8a312c5d60bcc005/internal/fulltext/bleve.go#L25-L46)
|
||||||
|
language: "en"
|
||||||
|
|
||||||
|
user_api:
|
||||||
|
# -- bcrypt cost to use when hashing passwords.
|
||||||
|
# (ranges from 4-31; 4 being least secure, 31 being most secure; _NOTE: Using a too high value can cause clients to timeout and uses more CPU._)
|
||||||
|
bcrypt_cost: 10
|
||||||
|
# -- OpenID Token lifetime in milliseconds.
|
||||||
|
openid_token_lifetime_ms: 3600000
|
||||||
|
# - Disable TLS validation when hitting push gateways. This should **NOT** be used in production.
|
||||||
|
push_gateway_disable_tls_validation: false
|
||||||
|
# -- Rooms to join users to after registration
|
||||||
|
auto_join_rooms: []
|
||||||
|
|
||||||
|
# -- Default logging configuration
|
||||||
|
logging:
|
||||||
|
- type: std
|
||||||
|
level: info
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
# -- Enable and configure postgres as the database for dendrite.
|
||||||
|
# @default -- See value.yaml
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
# -- Create an ingress for the deployment
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: ClusterIP
|
||||||
|
port: 8008
|
||||||
|
|
||||||
|
prometheus:
|
||||||
|
servicemonitor:
|
||||||
|
# -- Enable ServiceMonitor for Prometheus-Operator for scrape metric-endpoint
|
||||||
|
enabled: false
|
||||||
|
# -- Extra Labels on ServiceMonitor for selector of Prometheus Instance
|
||||||
|
labels: {}
|
||||||
|
rules:
|
||||||
|
# -- Enable PrometheusRules for Prometheus-Operator for setup alerting
|
||||||
|
enabled: false
|
||||||
|
# -- Extra Labels on PrometheusRules for selector of Prometheus Instance
|
||||||
|
labels: {}
|
||||||
|
# -- additional alertrules (no default alertrules are provided)
|
||||||
|
additionalRules: []
|
||||||
|
|
||||||
@ -13,4 +13,4 @@ namespace: files
|
|||||||
images:
|
images:
|
||||||
- name: ocis
|
- name: ocis
|
||||||
newName: owncloud/ocis
|
newName: owncloud/ocis
|
||||||
newTag: "7.1.2"
|
newTag: "5.0.8"
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@ -13,4 +13,4 @@ resources:
|
|||||||
images:
|
images:
|
||||||
- name: actualbudget
|
- name: actualbudget
|
||||||
newName: actualbudget/actual-server
|
newName: actualbudget/actual-server
|
||||||
newTag: 25.4.0
|
newTag: 24.10.1
|
||||||
|
|||||||
@ -1,17 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: grafana-admin-secret
|
|
||||||
namespace: grafana
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
password: AgAU6g/CwKj+1gPpt4DLvLsS0YCvJdVHWw4W4bRhibE9brVvcJtGB3D9MTJrSLVVwusaE6OR59og7oW5ge3yTd/9bbclXYLrxEi7OwvkQjCvo8MfD8yhJO9nV4Xs9Mjk2Z4SHGYuq6wvcssuJrpz5f0XEC7ocTRA+u0UaE+/b4FrYF71uyKGvj8GSXgLZUjGPFsGfPzwJn7cLBmlclVHx1xGbFpUc042m5Mulpn0QolFQnOwZiW4PL8pQyz1MXVRwCsz0RJd5apZL3XJ4X7BLMoAp+diHQ2xi3zoU9VScp+J2QgvFdRKgDa6v7Jz1f+HCwq5W/DoegwFXBrcMIfF2YrnvTnc1PCVwD9IHOeylO7J2hfi8teQiqTvvRlVgdBTLqoqlVovemf5k6ke6JfjTwnsJjTNnL7MKN5Qt0o7N2XRZ3ba9jp8cKbI7fyFQKaU2QEf2PIkp82kEnixmpA1aATgeA3W4E5Km7sKHUEB81+pwnOe54tzD2ShgQX/+UiswhWYTT+gdZKL1udBBemUDC0z9PSJNTPTy+hq+G4CIzVQUYxlioM3c+3geF7YLU8yXisj84pk44GN9KX3z5x+M2+LZL7agAWPUjxtrP2V+id7dNJQfCm0aSMeo57dVfb4zlBUAAgKIKjX+j1KqCVqE9zEO2F/QX7mY6MJTP2me3wmY7JAVRJ7d6bbkyyoDhs8JErLYLp0A+Eh+qx8nWgM9ErPVSA0
|
|
||||||
user: AgB8ZLG2EuERjg1nKdH/xadbUuIR2c8a9gF5fE8ctrp4DNDLLuuqmjyoHRiWpkrtfnE1yKg1rPP+asV9Lj5iVmE9J+OB3QUOeFS4MHciBNj7pa68zfFgnHP4kxMX6aXyKRQrYruYjHwfzCpOM1zyTEphuGlnokjQXxjF/mZsoM2NWn7WGReqfxqH95tJXfs9AUC5vVv/PHqd+KKRZH7+G1AnWVJ7RFQHedR7wyftO4/rkm8deMuZWtOLl25fAOyOr7+hSqT69s9/uTKSLJXjobSqtulqsR+v5lkwx2ThNKzmcEcuoenKG6lk8XLRSIscccZH3JTPh6IknQWUOC4nmYj+XUxE8Go0RX/4eL+D/6FrYrtp0gr3HOCLAGU4vAHMeKfJoyqykJVnvY6QY6bFgaziyOlWaoEHpg6g0vHHDwyX7HIDcQfJZGOLH9dhrWJ2sOkzyuuxfqWEgz/M2eBW4EUAudHwfTLPocSMUI+D6fjeciMojet5uxWMP7ZHh/E061f5+Vfk6CKYd9Kpi69Xah8KEyyHYP5NImkdIwjgllaEAd/FBE2+QJyTVZlUQC7y9ObagDMCUFaFbTS5QOLh5BOJDL5buEYFWG0IhoH47SC/pKeEOQH//uvoo27K9zvxTOQN1YOTrxCozmexMOsTIdhvU0dOnJDBrThSHKYLCeIokDOgUUT52FqDH51RoLoK3UkyGbMoq+M=
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: grafana-admin-secret
|
|
||||||
namespace: grafana
|
|
||||||
type: Opaque
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: grafana-auth
|
|
||||||
namespace: grafana
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
client_secret: AgCEdC1/ERlPQyQP+bd9gcW33Yrvl4uRbx+RF5AY4vYAquOzxmLTygMl/WZlB5wlCE5idIHgto6/fUWVZrQbmfClRqsW2pFoddKQAtS9cQNXwMjLCm7e0lXk9GM9O3ZwktmklFbCu8XewHmefGHhoJ28vPxPMaINv1fM4zYKvNz5RHf0dJfTHgxb68wRYjAbE/eJpRcVE3a29Yw6Gfa8Mb+cFI7RTHvjuv9LBgWqM6b3qvvJ4wYR2WKuiQrnJ5xAtHpMAI/2R80qq151wlaZueDZ1PwjRBHURkmPTmwZnrMrmIugNge7Tpww+ArZlG9kDfSu1aTJidbXbcpN6fyt1qARTCYrBlbn60PTYLnPL/NObvMCpjS6DsYsYz7MJ7WoOupu46Ib5paZHmak+CilC6lb9LjJj4EKfRsagZmWT07JavhHBW/tqjB3GToccIz4fOAOdA9aU51J4wCL2ctp2SgzCEKe2EaBK/f9nDd9ASmmon9PDwRDVtG8yTukrNcZHNzodi09Af81DB0RNa36Z3Sjt5xu94paN+mjiOWGf2JduVEq+60NbPvDbPE9e1aVH3DdQcij2WGZaTE8dAGLSsLoOkIq3m2E+Mbk1Re1gI9H18xJM72ivb5uDe7pzReyvO5DY4Pfq8JgQhPxWcDq9ScmWS6Bb+jdCKytFq5NafSAl+akPbbwN+1GFu33if/P5D9I2TwOA8V1wyVU
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: grafana-auth
|
|
||||||
namespace: grafana
|
|
||||||
type: Opaque
|
|
||||||
@ -14,7 +14,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: homeassistant
|
- name: homeassistant
|
||||||
image: homeassistant
|
image: homeassistant/home-assistant
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8123
|
- containerPort: 8123
|
||||||
env:
|
env:
|
||||||
|
|||||||
@ -13,6 +13,6 @@ resources:
|
|||||||
|
|
||||||
|
|
||||||
images:
|
images:
|
||||||
- name: homeassistant
|
- name: homeassistant/home-assistant
|
||||||
newName: homeassistant/home-assistant
|
newName: homeassistant/home-assistant
|
||||||
newTag: "2025.4"
|
newTag: "2024.10"
|
||||||
|
|||||||
@ -1,5 +1,14 @@
|
|||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: stripprefix
|
||||||
|
spec:
|
||||||
|
stripPrefix:
|
||||||
|
prefixes:
|
||||||
|
- /api
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: websocket
|
name: websocket
|
||||||
spec:
|
spec:
|
||||||
@ -12,18 +21,19 @@ spec:
|
|||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: IngressRoute
|
kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
name: immich-ingressroute
|
name: immich-ingressroute
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`immich.kluster.moll.re`)
|
- match: Host(`immich.kluster.moll.re`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: immich-server
|
- name: immich-server
|
||||||
port: 2283
|
port: 3001
|
||||||
middlewares:
|
passHostHeader: true
|
||||||
- name: websocket
|
middlewares:
|
||||||
tls:
|
- name: websocket
|
||||||
certResolver: default-tls
|
tls:
|
||||||
|
certResolver: default-tls
|
||||||
|
|||||||
@ -6,7 +6,6 @@ resources:
|
|||||||
- pvc.yaml
|
- pvc.yaml
|
||||||
- postgres.yaml
|
- postgres.yaml
|
||||||
- postgres.sealedsecret.yaml
|
- postgres.sealedsecret.yaml
|
||||||
- servicemonitor.yaml
|
|
||||||
|
|
||||||
|
|
||||||
namespace: immich
|
namespace: immich
|
||||||
@ -15,20 +14,20 @@ namespace: immich
|
|||||||
helmCharts:
|
helmCharts:
|
||||||
- name: immich
|
- name: immich
|
||||||
releaseName: immich
|
releaseName: immich
|
||||||
version: 0.9.2
|
version: 0.8.1
|
||||||
valuesFile: values.yaml
|
valuesFile: values.yaml
|
||||||
repo: https://immich-app.github.io/immich-charts
|
repo: https://immich-app.github.io/immich-charts
|
||||||
|
|
||||||
|
|
||||||
images:
|
images:
|
||||||
- name: ghcr.io/immich-app/immich-machine-learning
|
- name: ghcr.io/immich-app/immich-machine-learning
|
||||||
newTag: v1.132.3
|
newTag: v1.117.0
|
||||||
- name: ghcr.io/immich-app/immich-server
|
- name: ghcr.io/immich-app/immich-server
|
||||||
newTag: v1.132.3
|
newTag: v1.117.0
|
||||||
|
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- path: patch-redis-pvc.yaml
|
- path: patch-redis-pvc.yaml
|
||||||
target:
|
target:
|
||||||
kind: StatefulSet
|
kind: StatefulSet
|
||||||
name: immich-redis-master
|
name: immich-redis-master
|
||||||
@ -1,14 +0,0 @@
|
|||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: immich-service-monitor
|
|
||||||
spec:
|
|
||||||
endpoints:
|
|
||||||
- port: metrics-api
|
|
||||||
scheme: http
|
|
||||||
- port: metrics-ms
|
|
||||||
scheme: http
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: server
|
|
||||||
app.kubernetes.io/service: immich-server
|
|
||||||
@ -37,6 +37,10 @@ immich:
|
|||||||
existingClaim: data
|
existingClaim: data
|
||||||
|
|
||||||
# Dependencies
|
# Dependencies
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
enabled: true
|
enabled: true
|
||||||
architecture: standalone
|
architecture: standalone
|
||||||
|
|||||||
@ -1,42 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: kitchenowl
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: kitchenowl
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: kitchenowl
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: kitchenowl
|
|
||||||
image: kitchenowl
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
env:
|
|
||||||
- name: TZ
|
|
||||||
value: Europe/Berlin
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: kitchenowl-config
|
|
||||||
- secretRef:
|
|
||||||
name: kitchenowl-oauth
|
|
||||||
volumeMounts:
|
|
||||||
- name: data
|
|
||||||
mountPath: /data
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: "50m"
|
|
||||||
memory: "100Mi"
|
|
||||||
limits:
|
|
||||||
cpu: "100m"
|
|
||||||
memory: "1Gi"
|
|
||||||
volumes:
|
|
||||||
- name: data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: kitchenowl-data
|
|
||||||
|
|
||||||
@ -1,7 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: kitchenowl-config
|
|
||||||
data:
|
|
||||||
FRONT_URL: https://kitchen.kluster.moll.re
|
|
||||||
DISABLE_USERNAME_PASSWORD_LOGIN: "true"
|
|
||||||
@ -1,19 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: kitchenowl-oauth
|
|
||||||
namespace: kitchenowl
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
JWT_SECRET_KEY: AgAclRIJS25ACVe4NqLQbAree6c6WpTBHnLpe3ZQJ0ScHG/EbW/ooABZj7y1ABAn/mCc+hBYXYHm81FNUfUtSuLKi2UlORbTCsfmisYH49WX0Lpku9LTM/8az9tjE0tjUUrJZcRUuJfdNJMDPQx7IPjUQ7sKk/exFnkPEbK98+AElXyHpPKXd9dxiCgll0n+ksbF9BDUR8KY8IB2Zvh4cXPww578qe/9XYnxLV8uY9K8KPvhl7NI40SIaL4PX8KmsDlBh1bpOR/OxhIwAGEZDQp/KROy6msrIOYW4SHM9nlSUSD4WvV8UjcbV1oNnYpE1usFOuxSfQlJ1zlFepKUv40JykyunvQv9nqVbEogsrS4o5N3gNEaB9yyFSHIlevp32LVpAuZu3cNplmT+Zg7+ODpCWIcVgmOAeapvB+X7H4ScbKVcYLAzrRFDtnS4Vo1M+RERhr0AuMU/tz0lGs99oRkCw2ZIg015R125u0VcRNqzgCtbBM5BFiKiP2kYrHn02Q6o5tRWxDQfrfb0mnfD5c/gM4+btlfM6DZMpr/l1kLlm8PDEpPGbkhK1XiAyJ4erHPDMLcmZXrSyxX9R1g8n7vnLnkqx5LkGmnltQI2FM7StxC6IrMlxY0nPnkq1lHhTz7yCpQJNXgfXZLVvov+f6jlD6WJhYHZCL/hIFfx3ybjGYZwJ0m84lH0OQJQw5dtsbPVqqoYZIPieqdRmHw7M7TTmFuQJXD94lZj5gsln1sMqs=
|
|
||||||
OIDC_CLIENT_ID: AgDOxWtGCiFrIP5aWHimrR6bu0uMS1/i1v1Kzo1lIR3j3zlw/Da2oCPNx1ZuhNAp9UMIs2euc8mtrWkyv4R6pcci+IxXiGzlQNBSkMfWu4DwhwlEdnVyCVehfE00t0ytBxX6NeLfS1b8JOtH9yo3e22fdaeTwn/iwGLNwi1BJxMmzk9pVp7jzXH09Zia8UvUmXw5GyGpIOIiGcIfaXkr1ZnY2l30jTw8eS7HaouzfWHWTpNXkMLN3qim4vs/B1Sgz/y9tUyVo/qMhWLdEcVklYHT7xHx03SPD7RtK+zdYZCqvDtj+tsdpYHt05zeGV+wflNQuiocjwP8TW7vhtbjKrf9lQIxB5CErju178ELOVrpsPBAYMgdEl7qZeKdSpydIwe3VbOg3XJ7O/Ps1KSnRYwrCvgE4ZCMm3geHyJxSiKRhBcuVYz5JkNd5ylD0Eq9NL5RCqJ4szL9NaGNPbzkvcdZzAnbTYFTzyqZ+XHX/BUFisXl5bKNHtaqAsOK8woGYnxJiawKRrwDUmHXU4RB3QiPCPhHSLU7OkvU+XDhyQqLa8bKEQzj9dUf4bX3Savk4noiRsXMYJznAlgMPo0Q4taxVIoyQHELYwIIdP5YRuw27B9wKUR7e2hhu4FTOEcyhwuFql3OuAjq8HJCDX6+COkL2WYFFxWBnbSCYEdzfbMBCHjrUUonijcQluU2VbaHODNMAvB16MRKapAW
|
|
||||||
OIDC_CLIENT_SECRET: AgAylnSUXwInlh/WvyCiFz+8asbCSZA6kk84Rt6l7bHVYw34c58lJHsZK2OvOIlHuaMe/ewnTqxVd0hI1Azl+wd/5NygMYlntKquq0vuzlhLrGc3u+0SOn9N2P6quA3slF9KR94CYsDx9ogy+EsEoA1yrsydB8S0g9W8syraR1MtpM0ZkcJ/D78OZ6qzyXUuBNAZc+iX/r96NvoMiGNYavgG7npOJh/pkKNYPuNkt4zpbAFjVyoCfgZd4V2nmZ6dhEVy8odW+jcsMn6OJ1OZVlPb1beq49lBEcaJqk83ZtKbq2evtBYHw9YAnENVq92ecenw/YL5LXUhOxeN0M9Amo99/O6pQwwrT1mtZqhTTeTIZTAxqmJKgyxGhE4DJUR/s71bc7K9hd2WvdAYnCyVC2uGa0MwXp4V7UuaN9GerldT8lcFxOpRnD7yroqVTqebjAJIkIinp5NNZ2ZP/LCiCwKKHHT19Pchn615WOPTofC6es/spIdQ8a1Nf2J5YzvRjsduFS55U6tMaC7cuV8kqKH9xTTf/sDHt+68wVEAO9koAe1zpO+zR2Pq3VuCnvcDGIwXopXjvyjfujEEhEWZl51PVJLZqtkP5Wg2wHvlgjJBbbIGTrqh4xa9pK7wLDM2hUFx1q/YKqwfP0EGVTc96G8Wermj0DtIqclqFLr54DtxVe+Rr8J4edG6YQ26/seYsrZ1Oq2PejHQt8u9EzQYAtYYlBsw2ujCWys6KrbhaVr3
|
|
||||||
OIDC_ISSUER: AgA2JPd5axkL5YIRA95qm/iH8wgM2J0AjKjgGClWabYJ3UKIk0hi/L/zR+1Pw9Z+6amYXj7Q0FxLqCcNYG+H5ABxnqUi7Gl8gvfVbegaO3q5QiO27g18RMDssNHDSun8PPaxHBvBD68hxgsaXntu8sZavCGdwEK0TzLJi7eH/4jtHlofzfYgaCsGqeOBgvs/q87PVJ/qxazXlY9e7abbRAKl9ZMY7Wga58/IU2HhWwYMvI53yQyGMcKf3XiI9iNHgIcj1+TmlgQo+PRKyopNfzgFbey7on8woQXphY+ioqQ0hyworpxAVoWlvzKKopt1xBDr4zxzkzbWyxtjwPVOOH3iyenZz8tZa/JkNYWxkWHbh0KCs9yUIji3D3shQOFM/NtE17THsQm3NgpZ2lg9ET1v6uXqwfOLiQ+J1JQLwNFnYeruH2lK4EGt2nDCq2VycOIjW4kMpiJ4LiT8gap9HwYjTpAn+opicYn5e9fmpgiHdMPvrsG1m9edg0cbwdSpEelliHnAUfKsxMV2e1fLsga6yrhBLSXIQs8rbURRa6wqVvGoLB86a9Q5Rm94Jfm0Sa9v5LMGRYvqO5LbLrjrR8e/2r17pHQE8ynMQCAW1yVTe09FcgRwYhDUohfThtjIh16sdoC97eUel7fo/POt3atP69JsCIBZstprhVtBIBssmavpIotVqi8F2/yUkhrZR26mH3gsOxkNTEk6XzHHtJRu0cU+BmObTvYgMi3DHg==
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: kitchenowl-oauth
|
|
||||||
namespace: kitchenowl
|
|
||||||
type: Opaque
|
|
||||||
@ -1,17 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- pvc.yaml
|
|
||||||
- kitchenowl-oauth.sealedsecret.yaml
|
|
||||||
- kitchenowl-config.configmap.yaml
|
|
||||||
- deployment.yaml
|
|
||||||
- service.yaml
|
|
||||||
- ingress.yaml
|
|
||||||
|
|
||||||
namespace: kitchenowl
|
|
||||||
|
|
||||||
images:
|
|
||||||
- name: kitchenowl
|
|
||||||
newName: tombursch/kitchenowl
|
|
||||||
newTag: v0.6.11
|
|
||||||
@ -1,11 +0,0 @@
|
|||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: kitchenowl-data
|
|
||||||
spec:
|
|
||||||
storageClassName: "nfs-client"
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 1Gi
|
|
||||||
@ -1,10 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: kitchenowl-web
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app: kitchenowl
|
|
||||||
ports:
|
|
||||||
- port: 8080
|
|
||||||
targetPort: 8080
|
|
||||||
@ -1,40 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: linkding
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: linkding
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: linkding
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: linkding
|
|
||||||
image: linkding
|
|
||||||
ports:
|
|
||||||
- containerPort: 9090
|
|
||||||
env:
|
|
||||||
- name: TZ
|
|
||||||
value: Europe/Berlin
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: oauth-config
|
|
||||||
|
|
||||||
volumeMounts:
|
|
||||||
- name: linkding-data
|
|
||||||
mountPath: /etc/linkding/data
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: "100m"
|
|
||||||
memory: "200Mi"
|
|
||||||
limits:
|
|
||||||
cpu: "1"
|
|
||||||
memory: "1Gi"
|
|
||||||
volumes:
|
|
||||||
- name: linkding-data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: data
|
|
||||||
@ -1,17 +0,0 @@
|
|||||||
apiVersion: traefik.io/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: linkding-ingressroute
|
|
||||||
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`linkding.kluster.moll.re`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: linkding-web
|
|
||||||
port: 9090
|
|
||||||
|
|
||||||
tls:
|
|
||||||
certResolver: default-tls
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- ingress.yaml
|
|
||||||
- service.yaml
|
|
||||||
- pvc.yaml
|
|
||||||
- deployment.yaml
|
|
||||||
- oauth.sealedsecret.yaml
|
|
||||||
|
|
||||||
namespace: linkding
|
|
||||||
|
|
||||||
images:
|
|
||||||
- name: linkding
|
|
||||||
newName: sissbruecker/linkding
|
|
||||||
newTag: "1.39.1"
|
|
||||||
@ -1,4 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: placeholder
|
|
||||||
@ -1,22 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: oauth-config
|
|
||||||
namespace: linkding
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
LD_ENABLE_OIDC: AgBfiwAdh1RD8gpzzVnF6y3c8kn5NFbms0T74pmj1aaFD0uQd/dqIxrvZxiBMzgqdrrVUCxRlpG3tiJYMpDEVXQPwRj8uuAizYFEP4uuGFpCtErjb+Y+aOdXSPRCVPbIqROiE+qswNT5KkJm6rR3FPckWipiQdzfpoq+G00MARKqzo4sNrx8+JzgoBFbS/tVPej3VdmDy8iceeVCQ2dJs+roRw+jOfCxqiUjHH5SyoZPnCTlmTZcwr3F9gBGEWGyEl0FNVgL/ku7WEL2COeIIE/2r4RWPqZU4DkPtIv/J4Dosxuw7EQnC5kzTgJGB/TF9Mn/FcS7iYQZKATvWzjC/cTdwZ+aG1qZGz87wM4fxQ05GhgEUkVOlGgxlzxk9BUL3l9Xsaa1KTivaQ4dvB/jm3j12b9rPfO2CXB4jPK7Pk1vKbr5icPXa8dyFY4hiJ1PYh/295a7ZM02n3ao4uHw8KSaxK9GxsCFBxr59q+6ZpjOGnTHZvKGfJHn3jEcIT8k89J5gqrlWjLqR50TEJj3jPZ3QDPN/u1Bf0wAoIOGK7jpnwIXQpacudU2pxZNWC2KtdZbcF9QzuOqKVFABmabdCkBtLa34cyZdweBaCfLRg1Ic0yxrWGzctnwM0Rfd+OzsEpLB7GHKllV597znF5QiK3rQrl5TmgHf0jC1OmMsBkNYCRo2AhYsBN5nli0dgD1y028rsW6
|
|
||||||
OIDC_OP_AUTHORIZATION_ENDPOINT: AgBYHGF/D1tzWRy2issyi3oZjYK/m5cuwdlHuqboPBBHybfTwCkvSfWAL8FSGAgoLYWZEwwoGr5GDSCnAWfhoYwVgCxWw7y4IohCkUSrwbzTVwJxoRTeWIilzwAdH2zX3mZJVHTYCQiLTCjv+MPRsF5FZP4+STtgfecK5Fjgb3sIfZa/yazbN6jf7bdaR91yX2iddeZn7B80aQvu3jOkujPX9yCJz/H+1BN35CtC7KLhFrKgw6uvfQi3g90On5uBHwrC53ve4rEvcOgi575WBA3fDYW4RxNb8yxxocQOuqNRa3jUa/RIjOnX9tFoG/QIXY89DUSsgpAZFWIlV4np4KOe4V+xWT1khz2TPRDaakDumkNmE/sAjpYfGX13+88A0N/hO9o2aXJhEXOFZ5eulyAwDdIodMg6lQTG43OhdSZLFfR5TrnzkVR1pIzwPMutgf8jai4dyYK+SV+oyGeZosNpD484gzhjMGkz8Djs7/cADcvJVmGfWWYvjenlfvFC5lK7F+355o9L38fUeG2lhRw8NsPWuzsiH7m6GaSEfEPcdqj/AohArtUnf9cfF04tocPwCuNLeIgR42W+cfapD9g14sN9v4Z7g/5IQSqL2EhNR9xQMoIT9BkBEhI9JR518Yds/Z89Lg0HsMw6UCrkg6um1If80gjHyRa7JrfxzepKifWNn9/suHlhecaeXcSOKMCCFYDtHyvO4/gCe8/PXjyVc/SUZNBDJsDOikVvVJfKqDlEkimfl+BISzkMv5ALxGDHMRc=
|
|
||||||
OIDC_OP_JWKS_ENDPOINT: AgAg+6Ty8o++uc+UfaVNtJviu1A771rtazn9pj7KafqgIx1xNuPtUBwGEScfku8glUy0bS8r7MyMNlUe3sIYfnDKQmmHBVHFoiJ0IjLZP/pV51A4fT2DUrFv9pnIemqjFD2jew5ToXhuHwUc+Y3LvX8M8aPpB/J+DjIIvgKQe2faHyWt4c24jOZaH56xJhI114LIXD0A7Qvq4O7UfpIUNfYSMojTH7VURptL18Mh1YRKJmil1PmRIstX9Smr3ltAG9Rw032v9ISdDmV+OyuhPo1Wk3AU85RdOQ9hZGMSFXQXFEqQUp/N76n875KDUMT4W57//YGFRUrm8w4oB+PlkjGV2pG7DNYVxUZEmi5UXwY8fTI+KljAZHSk/YOSku+gc75hWYXX6s3g/R6/IWmr9sV5O5N0bc3guQ96nnRmjuzb3HebM0hPfPS+6/xn29erTDETs1bvfCQ9oWNMomDsH4FVz5gC+zwrUvUD3Af3TVsU5g+lfOE83+pmMMWcJFn8Z0uldud0jR27o/ftKgBDmUaGi3zCQWJrYxtXehBy9fo0K7QpbYnLHvNnXVX9fGQ0PZNMc8N0wYZUDuhOv114lqfbVR5dHYoger4iT0xC+SHcWGgvyjqb4YI7bfnY+bnh8TLfuI/ttw1l7/ev79/yvjrtgPuBwN9ygUxENLR2Ur1Cc/u72d+ST4NIg5esth+y9Z2JdP/3+nlYctnyakWhEkUyBPK+5Iyacv29t1bMXoesB6Ub5WsXaw==
|
|
||||||
OIDC_OP_TOKEN_ENDPOINT: AgBRpyDYbQlq7dcqJ2Gd+CfSRZRgvpuUsIngAXX85dt0dChYhQ/YvnFl9r3GqsXNBrWQBa0uE7t+uXxo+oobjgfSibq28kQBL92PM/s7OctINTJBN3q0Gdv43vnliS69/WR21kZkLuAmPne1nL+FZJXavIUF8N6CX3gKb4WMdv+Rl4AAmUo9vsB1C7mxDcS1CppUeJ8KdF5qkb8Xag28Lv2rDA7W9Ne+tNGFi4q/UWqdU76iUxrHu/Kfg6RD0rYlOaW+0b3A5Rvj5oU8ho1Z/eIsA9NaZNYBQjtGAk9fiD2EB9IcFi6kYv5zGZsRcPTzMv/35Wh+lV8I3mDRGcfkmzQsZ8Hcfx7c3zpemZqvY7LMgrvO5AatWKYZUFPsTcaT/mVFmAaVuq5PqeuCQhqekug3rdQxxf2n1cWMMnbptf4g19oTFKx3FtXImpPk97Iv9RbMATKHE/nnfin5/7PtQNn9VBBW785hzzB7cs+IiEzdjGu7MnFlKaGEoS94eZtgLSEmpIMeXFW6V0rXHQ6J+CUjBjiEpAh6LKsh4De+IrWFuzAYH0jwowuY2r4VX3jx+Yv8SFEJ5AfDYbvx8qX1zy1dGfsQvrAai298QCOTizLmeuJLMIC0qlNLZWrYhf8XzF2/N8/bC0R0Pyr+6Jxo8HrtHyFcnl8ckHycWosCOkQmQIbX+vOffOpQ6vYUkHM4MqIAiTl6G+bxjtxBZUTXvqX1sKCEO7pccL8gJZQ+ICN9nP785JAd4eW2JeGW
|
|
||||||
OIDC_OP_USER_ENDPOINT: AgBD4amxFPHYQR6JWjNTsPM63NNI+f9DgZ9+whv5f3bUo7KNtB05vAYYQtAdMYJR+5499S6t0BYwOi4cNxQVJyga1bKogqih3EI/QlJeLvoFvDFj2wEMmCkT5MS+qemtPJwXK7JTHzUFX74b+S/a30/mvWKkMRHzc+G+E678/RDIScFJFssfJVMJB4Kp9T4y+v9jJAKZRixkx2lOR48JR5umXwxm+xQGaexeJOv0MZY4Am4P/nJcWM+Gk1Ka/ih+VAJRLsu9dgvShytQ1OHaAPMRu6H7Wb2bLrzpz4rTcGbZA3aTgHfItjWQpBV3fhNvyNW8QRbRFSyxHBC4snqW5Bl77u4KdMicwL/0x1JhwP6cx+/TVEyZ2n+5Y5PyOW+E7LXtiZGZ/eRw3xVLxvrFDwY0EBMqAUWHyQjwlZLctjxgBud5XDtT4athaNq5hnCELMepRI05kF+o5ECxKWoFXN5rXrwrlcgftCV9PTZbP8pkxyau8O28C4YX07J65G9ntV3VIg9tAXww6X68YHIQEdAgjNOI1soWt15q582OlhXBTTKAf/QU7mrSCn5FH0Q4Z7VLIsJwMz0orGB69Qxo/lLF7z+pQEE4PArceoLi7cffQV/+VzUBOACDdfKFiN3LTDuoMm6lvkAOdmzXccmXlEGvNEwLR+8Ac26Ld4fAnEFSLIJpwQHheIQRY19qbN5+cOa+RmuOroxWWA2P/8uSlp4kXVvAmPJOt8PprI3h8iRG5zBv+J8kE8wpI1scJdDr
|
|
||||||
OIDC_RP_CLIENT_ID: AgCOGuVP8BVfAT5FRmmJLptdv+8vtppOgpzJ2LXU3vR3sjQE4MLKgWwoAyrnkAa2IMrsmkg5+pyHBDlp1AMba3OTVZmhyEVLrFe/vCiL45hEaW2l6kiwlIW3nZnoJlGG2Ugj4SX8YCQGlyr19vEFcPdieWlKpHfda/EP4xYhXMSzXCxFCtT7uGjgnBlrV0uXeFCezYGzvmA4SbDli7fvGv5H85cwgUlMdSn2ZIP3DAxQ8gP0ETF6KaOK5QVP0e/7kw9SK3oo4XHE2c8AjHLFFnmz/uf07+7LuOunSqunolbVy+Lm2mHHnzx+0PBmMYvl7FHY/TkBZaVjVaZtrELbFYaraop8iE6hFMvOYNa/1BFY1x0aeRfPb0jt5IPnuebllnEh4P7JUQxef4Bqbjp8u7P+uOBWnQbeMEp5F3rWE8qy09NnjsKPz87Jw9pb0aPgXWLKVHjJpArhcb6gTJLESCw9kgT+c0pYI0s3BYmwNkJ+6wxflvTLb5z3YyY5/+8/s3PgDz6Hj4tyA8tBru/KQwnBVMw0GhF5YwlZ4SYHPwVX+ZMj9UQc6swNsrxKLqs5Ci7KjvzEDUJ4/aW+rv8naoCiebIJrbmLB8iSqNGh90s1S9BJsQaWXbKYday3spt0eg+tH/iQgAnUAjd9RK3TxkkmWVjmeUc/rOltsbaIvy6/WdyKnF8/f9B03Pm5eal73yC7reFyGYiXvA==
|
|
||||||
OIDC_RP_CLIENT_SECRET: AgA+Q9osGcUgiGsyPfHph3vGiNBjmL7pK3JlaE4PoI+eGsvb+3Ozf9KnfHSMm2R0fq/eukFn6i25MZ/mKYliVSIcjWbnGDFSysiCAwirKTUXoFUo87zmguNUPr8Rr45m1AIaJb31T4MKeFQRHSg715rs/6fKlbejUWUBZuMTN1DXkWr+00atj0JmmZPScSfRmwKNsHnoZCUWFE/DaFChpoCU4fCp5vL9P2LcdzsY84vue8y7Trg0e/LpEi6+DzSoxurE9jwjoUauXmZnOSW3jFgy+u5c9Oa3RC+IB/UUsmHI8eUVOXGdQsSFufrAMd1uyPRa2g+aCX0zX5boZC9dTGqaT+D/6xXnMFsvw5K+K4Y/QZ+j9ZHx0232sPCFVi2HaYHV51c2Xi6tizy+/0J27/4gvaVREXw94pmsaI5rt9sNDHoKw6LwkPO8heqkYzfIWhAg5vKswDn/MWAVTIzIubdTvrDjVWxoJ2FM9sCUsai/X7rj6QUiVTgbWuYYO0hMrT2Q9y05n68hWOmpqmna4/JGIE+N48h0/wAHLsLeV4ZNLJdJhQovOSkYsB5FIYPTuihFASLhE+uf8VBwSfYlwcWORz7dssAYvCJAx3huYZCSHrT4WPtLt4Ok/IuplXvVbZ/d6NISqE/g+BiNmN7r4DZQ/QbN4TD9t6BQESKkTqPHYIiVtZHdalgPFFSS8JP2wv50mSh/imjlX51ruHGQbVbIfZnfJGwLEL0KN/Zn3BMrNtMgCqEs3itnGQQnBchQ
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: oauth-config
|
|
||||||
namespace: linkding
|
|
||||||
type: Opaque
|
|
||||||
@ -1,11 +0,0 @@
|
|||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: data
|
|
||||||
spec:
|
|
||||||
storageClassName: "nfs-client"
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 1Gi
|
|
||||||
@ -1,13 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: linkding-web
|
|
||||||
labels:
|
|
||||||
app: linkding
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app: linkding
|
|
||||||
ports:
|
|
||||||
- port: 9090
|
|
||||||
targetPort: 9090
|
|
||||||
name: http
|
|
||||||
@ -12,4 +12,4 @@ resources:
|
|||||||
images:
|
images:
|
||||||
- name: jellyfin/jellyfin
|
- name: jellyfin/jellyfin
|
||||||
newName: jellyfin/jellyfin
|
newName: jellyfin/jellyfin
|
||||||
newTag: 10.10.7
|
newTag: 10.9.11
|
||||||
|
|||||||
@ -1,11 +1,3 @@
|
|||||||
## Setup
|
|
||||||
Because minecraft is quite sensitive to io performance, we want the data to be stored on a local disk. But hostpath is not well supported in talos (and is not persistent), so we use an ephemeral volume instead. In order to do this, we create an emptyDir volume and mount it to the pod.
|
|
||||||
|
|
||||||
We use an initContaier that copies the data to the local storage. Afterwards, copying from the local storage back to the persistent storage is handled by a preStop lifecycle event.
|
|
||||||
|
|
||||||
This way, we can have the best of both worlds: fast local storage and persistent storage.
|
|
||||||
|
|
||||||
|
|
||||||
## Sending a command
|
## Sending a command
|
||||||
```
|
```
|
||||||
kubectl exec -it -n minecraft deploy/minecraft-server -- /bin/bash
|
kubectl exec -it -n minecraft deploy/minecraft-server -- /bin/bash
|
||||||
|
|||||||
@ -7,7 +7,7 @@ metadata:
|
|||||||
namespace: minecraft
|
namespace: minecraft
|
||||||
spec:
|
spec:
|
||||||
encryptedData:
|
encryptedData:
|
||||||
key: AgDG6apUvB38rB9tH+/ya5Af/32IUJjHiEGZFdYYqesuqyPB/qf99EtC/7CwqD6bDQQPVycJVcxwZuF8QtYfPXzv//yMkqEUJ2G1/Q5J8I6bjNGLR636UhliUpCkH1QDOspWJUjwKDVxlFN9l0g9UajvxnqLyGzbWPeay0sJEBvAY8ltEZpLP21V+GD+HgPk3HIfSFFBMsULS6GPCjMaFxkxQb6cG3K4Ej4NHCHRGOmax+4Rk7lwMyAHlXLlrwj/ytxrnHDWrugLIJE9KKmJn6UVNTuk6olgkhleg2PixV7oOiDVyu9ZQP8wbdppzRix6dnIcFEYJ1ZDK1rNF5QErYO0gBytiJnSsdFO0jUMsdBrho2FgUc5GgIdmgXWJJz3lrGFqXaRVvbPsBZTUAsQRh2+4IfqfWmAkEjBcjs1K8WWJfS+rO9e02KoHBT4decdsd8Qfr5EFdPIzMrkUoRMI9CJnIa5u2nR08Hhd9iojbL64FZ26kXMODtEdKmlo+HwjufLX5rYJVSfOyZYzivd/kgKA87YTFaMLKej07w3ofGrPYSoCnmLfJyoQdNyJhdonBDsgM1GgRWQZDpgJ1df0SB02A5lZ4V7lHWr8KlANv9YLuMoZnVehsH1NZjNQHDInIRiTLahEBbjcJzQz4vU1UWG100ATszEYKOUVkzPnTgkqKYU99ZQ23bHP8z7iAWQeumb6V84NTi6jNITBvU4yTFLuAiI3nW34Vb1mFVLwfWqMjEYX8gBB4yMSaVshB/japfkyXU0pYg4mK9gsB4=
|
key: AgBYeAiejdmxDBorvgnxQX5YvUhR3NId2vfWybMKlc27e6D/bKglLNyZMk70xSnFAPjcDmZ20mYjFPYvDOr9T6IU/REJ8QlzoKAn0xW779R4SkIxRToT+dJv+OM2avgQ9uqp7vja29xeXMjYAnQML+QGZKcrT8mE04G/Ty8rdUiv3yUXK5HFAR3SUF35aVLdlthLjpRkv1s0R7GAP4L2pNzBJNV3i37viceUSSjU0zpOa23fsQOkPAs67AIukAJBqh/hyF/hR9H1GeYZNTI3OcHcvC2iNk/XGstvv0Zy6ApzoebsfWGdsbVn+QUI0EBw+mSTPqpl71cbkz0v4S4XAVndosxWpe6AIgm5MBTU0FXIyGyoFDe1aMPq8BXiQikYVwB48oVNh9KF0xXX5AOG0whB/FEsL3OJsiNQvQ3R/Hru43JBn64oxjVtLfM3E7u8v/xr1VQahX8dylDmb4s5EV01U6O4y19Ou4td1eEMlhpJb0fBPDRUYuWxZAEDGmp+U4tAakyPed11VkcZPPn9fKAAcv8sGs3TYAbbF18hqsBnv2Wd+i7ZEvKwmdmfR/T0r1TJGsvKI7jaW0QtH256XrSxQp7a52qMKMVQWOSKw2k27t/IkRhxT2Prw4GfJvaVr4RozUaBf3LV/hfDWlDfmM2zg3X9W8HkzjotGg021OLxsa0Wzmhffvb8h4bvZwxeq3U1xaJocqXui7z0rT2pF4z3wYHR/lPtexHcOA2M8gfBGKb1rBKh+kW+N+/ZfVLNI0mokg5vrTO2nR2rb4c=
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
|
|||||||
@ -4,27 +4,14 @@ metadata:
|
|||||||
name: start-server
|
name: start-server
|
||||||
spec:
|
spec:
|
||||||
template:
|
template:
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: minecraft-server
|
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
initContainers:
|
|
||||||
- name: copy-data-to-local
|
|
||||||
image: alpine
|
|
||||||
command: ["/bin/sh"]
|
|
||||||
args: ["-c", "cp -r /data/* /local-data/"]
|
|
||||||
volumeMounts:
|
|
||||||
- name: local-data
|
|
||||||
mountPath: /local-data
|
|
||||||
- name: minecraft-data
|
|
||||||
mountPath: /data
|
|
||||||
containers:
|
containers:
|
||||||
- name: minecraft-server
|
- name: minecraft-server
|
||||||
image: minecraft
|
image: minecraft
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: "11000Mi"
|
memory: "10000Mi"
|
||||||
cpu: "5"
|
cpu: "5"
|
||||||
requests:
|
requests:
|
||||||
memory: "1500Mi"
|
memory: "1500Mi"
|
||||||
@ -42,13 +29,13 @@ spec:
|
|||||||
name: curseforge-api
|
name: curseforge-api
|
||||||
key: key
|
key: key
|
||||||
- name: CF_PAGE_URL
|
- name: CF_PAGE_URL
|
||||||
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/5925838"
|
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/5413446"
|
||||||
- name: VERSION
|
- name: VERSION
|
||||||
value: "1.18.2"
|
value: "1.18.2"
|
||||||
- name: INIT_MEMORY
|
- name: INIT_MEMORY
|
||||||
value: "1G"
|
value: "1G"
|
||||||
- name: MAX_MEMORY
|
- name: MAX_MEMORY
|
||||||
value: "10G"
|
value: "8G"
|
||||||
- name: MOTD
|
- name: MOTD
|
||||||
value: "VaultHunters baby!"
|
value: "VaultHunters baby!"
|
||||||
- name: ENABLE_RCON
|
- name: ENABLE_RCON
|
||||||
@ -56,37 +43,15 @@ spec:
|
|||||||
- name: CREATE_CONSOLE_IN_PIPE
|
- name: CREATE_CONSOLE_IN_PIPE
|
||||||
value: "true"
|
value: "true"
|
||||||
- name: ONLINE_MODE
|
- name: ONLINE_MODE
|
||||||
value: "false"
|
value: "true"
|
||||||
- name: ENABLE_AUTOSTOP
|
- name: ENABLE_AUTOSTOP
|
||||||
value: "true"
|
value: "true"
|
||||||
- name: AUTOSTOP_TIMEOUT_EST
|
|
||||||
value: "1800" # stop 30 min after last disconnect
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: local-data
|
|
||||||
mountPath: /data
|
|
||||||
|
|
||||||
- name: copy-data-to-persistent
|
|
||||||
image: rsync
|
|
||||||
command: ["/bin/sh"]
|
|
||||||
# args: ["-c", "sleep infinity"]
|
|
||||||
args: ["/run-rsync.sh"]
|
|
||||||
volumeMounts:
|
|
||||||
- name: local-data
|
|
||||||
mountPath: /local-data
|
|
||||||
- name: minecraft-data
|
- name: minecraft-data
|
||||||
mountPath: /persistent-data
|
mountPath: /data
|
||||||
- name: rsync-config
|
|
||||||
mountPath: /run-rsync.sh
|
|
||||||
subPath: run-rsync.sh
|
|
||||||
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- name: minecraft-data
|
- name: minecraft-data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: minecraft-data
|
claimName: minecraft-data
|
||||||
- name: local-data
|
|
||||||
emptyDir: {}
|
|
||||||
- name: rsync-config
|
|
||||||
configMap:
|
|
||||||
name: rsync-config
|
|
||||||
defaultMode: 0777
|
|
||||||
|
|||||||
@ -8,7 +8,6 @@ resources:
|
|||||||
- pvc.yaml
|
- pvc.yaml
|
||||||
- job.yaml
|
- job.yaml
|
||||||
- service.yaml
|
- service.yaml
|
||||||
- rsync.configmap.yaml
|
|
||||||
- curseforge.sealedsecret.yaml
|
- curseforge.sealedsecret.yaml
|
||||||
|
|
||||||
|
|
||||||
@ -16,9 +15,3 @@ images:
|
|||||||
- name: minecraft
|
- name: minecraft
|
||||||
newName: itzg/minecraft-server
|
newName: itzg/minecraft-server
|
||||||
newTag: java21
|
newTag: java21
|
||||||
- name: alpine
|
|
||||||
newName: alpine
|
|
||||||
newTag: "3.21"
|
|
||||||
- name: rsync
|
|
||||||
newName: eeacms/rsync
|
|
||||||
newTag: "2.6"
|
|
||||||
|
|||||||
@ -1,42 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: rsync-config
|
|
||||||
data:
|
|
||||||
run-rsync.sh: |-
|
|
||||||
#!/bin/sh
|
|
||||||
set -eu
|
|
||||||
echo "Starting rsync..."
|
|
||||||
|
|
||||||
no_change_count=0
|
|
||||||
|
|
||||||
while [ "$no_change_count" -lt 3 ]; do
|
|
||||||
# use the i flag to get per line output of each change
|
|
||||||
rsync_output=$(rsync -avzi --delete /local-data/ /persistent-data/)
|
|
||||||
# echo "$rsync_output"
|
|
||||||
|
|
||||||
# in this format rsync outputs at least 4 lines:
|
|
||||||
# ---
|
|
||||||
# sending incremental file list
|
|
||||||
#
|
|
||||||
# sent 145,483 bytes received 717 bytes 26,581.82 bytes/sec
|
|
||||||
# total size is 708,682,765 speedup is 4,847.35
|
|
||||||
# ---
|
|
||||||
# even though a non-zero number of bytes is sent, no changes were made
|
|
||||||
|
|
||||||
line_count=$(echo "$rsync_output" | wc -l)
|
|
||||||
|
|
||||||
if [ "$line_count" -eq 4 ]; then
|
|
||||||
echo "Rsync output was: $rsync_output"
|
|
||||||
no_change_count=$((no_change_count + 1))
|
|
||||||
echo "No changes detected. Incrementing no_change_count to $no_change_count."
|
|
||||||
else
|
|
||||||
no_change_count=0
|
|
||||||
echo "Changes detected. Resetting no_change_count to 0."
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Rsync completed. Sleeping for 10 minutes..."
|
|
||||||
sleep 600
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "No changes detected for 3 consecutive runs. Exiting."
|
|
||||||
17
apps/monitoring/grafana-admin.sealedsecret.yaml
Normal file
17
apps/monitoring/grafana-admin.sealedsecret.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: grafana-admin-secret
|
||||||
|
namespace: monitoring
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
password: AgAwMLnsYN1y8JQSqgGQbNG/8jKensTDsEw6ogITdkhDRlJcg8HQ5t7a6xLzNCrLHLJiQW8YOoyLT4lvFkBRMOa2EYcrDvBiRD0PjygWLIscKa7dA+jpAUf/icD9zsiDnTym2yf+VUANcmEgE6DiNvlcsrcmYqiR4pKVUTDlKPNOjOpTJ3nXETb3/sbt69E0JSGwtkvusYQSXKLU9KLbciihv+ycdkdlC9xy9myd4+vYZYXSh/eAvyZeb/hsmdSX7yaASmupMvet6Qsdt99PNzFQxtbQH+LQvYalVZ8bjWZQvCN/p0bA4H15otKBfe8rtEwVthgvyEvo6TK0Mg0pFY/b3AOGFmImnT3rDmgG6S8KTZH0Jce17ksFqvELQmHjqHuYpQsPDl44glM8kWRJ9Mf/Z424LRwZlJNVcOkuVl4qFqPUjzd2rWIyF0RaD0BE012C0ThJxKn2l17lVJbNtdUiR3qNpW01ot2m0CgKd2kXbjDmgRgAll4WgrukfCIn9ZnE0gVCFLJuK3MOQAaipFYy/bDO0izwl9T8nldgcI8OfiC3NTk2O+Es5jJRXu0oJGaC3HrTB7wXiwOoELvAsxLTPxKBiN9mCHCMtZX0PEtrio0dFRQ6Pi5xPng0KVT0I9dvGNsPdhPETNOB913WEvbgP8Gt3cj016nCzk51eUsYbXPpNL2B4kmbIhecqW/8kwKQPwYjVlBSXj3NxjzwMY6PvOl1
|
||||||
|
user: AgBqmjCYGMqy5zBE+vhtsynOvhWdHWDJDyl1D+laBtLjXTJwzRbNTdunHYo1ekwyqQ6Cr5pi4YMiLxAl1LIHF+Lfsp2QlY+ResAGzp9WgSBtNQDX3EmLDQofeWxMUDdMtMsE9wiKLCfNGDkRDsGquXTz+YFq03m1vH9cB8Bp+1ClWOTui+/Ce0MZlWsJZX1W8WXH7XTirtwUo0s53pc4AplUUH97ZEK3KSIxWa3gLCn0sAPDDLPX+JVA2xtpMq1XuVFiFifjzEtG2h0dejiF35FtSAR+rR4YmEfimk3QpRDfOqV5QUxvjCG+dTV49upSevF2mvbHW+o+lB6vEc6l9cZXvlbnMdaep3NmOsJcJ8wQIdFpFK4iVzFOTKSEbzLPlZ/J+sjS5vDXsfthorIO2faMA1iIf+I663zNxQU5btaK4TNYOZQlrFVjAmioRLkDhGZ6tDUPX/zMv+Crt+0HCwyEyhmvFZckDvezTZrxARSXXMKBVcvjHCyUNkz7ubZRiMU0PGM7fYuHr659e+XMRvj+LFA68ZaEIzCQpCFJenWWYAXgUdRG4LQ1LP2MwvRHpkOYSoRkHIpX7jOfhX82A60h/ta/CdbWifqNyL9OecvE3FKsZu/Kr0taw9W6nm6FBhQLgFkOnFrqp9dWnxfHruXuDBgcn0iE8nR7Ht2zS7hfQPeR4a3Y0xK3Plqbzdrb9HKnWQQhf14=
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: grafana-admin-secret
|
||||||
|
namespace: monitoring
|
||||||
|
type: Opaque
|
||||||
16
apps/monitoring/grafana-auth.sealedsecret.yaml
Normal file
16
apps/monitoring/grafana-auth.sealedsecret.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: grafana-auth
|
||||||
|
namespace: monitoring
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
client_secret: AgCcKsnS3u2eI+fNVC9hAZ3QRFOHFErAzs5aQgX51CSdJwM03SZUoTyrDi5JPcHUVyS3MbevFH5piMhDTARMI3bLOjYlcwMbpf77JCPa7o95Y9asA/FW3lXicYt3biN9xBXJBz7Ws3fVRtEzyf6DmbGedT9gaX8aPwrUVbP19RdyJiuu76oB1A/jdUkX4K+X6kVvmoP/BWdypk/kdQJrzBNt00DIXF4NHfYey36AuhpBtqYZs4faA/tBXMXLE4RxPNtcHwNfVjnRj3v3qzNufD1fnweJvLq2UfLMrQjoR9XDVnM0zkpautylkI7yrvcoEH7ljnf6b1FMogOEZUfH1BIdqTd/WwrrlCqE58OPfJWthIfN+pQ8LvdHsGo3jc9gXvfXS2cStyhP06eTZ4D79kG+RtDQGOsD/Wpx7EcM6hbB3+dIjcs3wEAIGjpIVtY9JayW8YeRnFApMuhDST1+hscm+LdoGvaSTlAuGzv9BbVrPX/Fo9XKeYHlbG/x71Er+vF8WbW0wUa46MHLvbEy376XIdJDYi+vjl4eqznZ6YhvPbawhoKXT8ZcKUcUAjVcMue/O/jCSPZplbn3vdSCeqPTiqVqDw9PTMIeWFUepgPMxiGpFRAqdwIecFBnYItq0dXoGlFrZpo0S6AECgZjxzUR5EgdkdPlDDs2CN+d9yP7f2S+gmL7AIlQr74NW1GrTGw2x/rD4IJhunh7
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: grafana-auth
|
||||||
|
namespace: monitoring
|
||||||
|
type: Opaque
|
||||||
@ -35,17 +35,13 @@ datasources:
|
|||||||
datasources.yaml:
|
datasources.yaml:
|
||||||
apiVersion: 1
|
apiVersion: 1
|
||||||
datasources:
|
datasources:
|
||||||
- name: Prometheus
|
|
||||||
type: prometheus
|
|
||||||
url: http://prometheus.monitoring.svc:9090
|
|
||||||
isDefault: true
|
|
||||||
- name: Thanos
|
- name: Thanos
|
||||||
type: prometheus
|
type: prometheus
|
||||||
url: http://thanos-querier.monitoring.svc:10902
|
url: http://thanos-querier.prometheus.svc:10902
|
||||||
isDefault: false
|
isDefault: true
|
||||||
- name: Loki
|
- name: Prometheus
|
||||||
type: loki
|
type: prometheus
|
||||||
url: http://loki.monitoring.svc:3100
|
url: http://prometheus.prometheus.svc:9090
|
||||||
isDefault: false
|
isDefault: false
|
||||||
|
|
||||||
dashboardProviders:
|
dashboardProviders:
|
||||||
@ -94,5 +90,4 @@ grafana.ini:
|
|||||||
api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
|
api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
|
||||||
tls_skip_verify_insecure: true
|
tls_skip_verify_insecure: true
|
||||||
auto_login: true
|
auto_login: true
|
||||||
use_pkce: true
|
use_pkce: true
|
||||||
role_attribute_path: contains(groups[*], 'apps_admin') && 'Admin' || 'Editor'
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
namespace: grafana
|
namespace: monitoring
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
@ -17,5 +17,5 @@ helmCharts:
|
|||||||
- releaseName: grafana
|
- releaseName: grafana
|
||||||
name: grafana
|
name: grafana
|
||||||
repo: https://grafana.github.io/helm-charts
|
repo: https://grafana.github.io/helm-charts
|
||||||
version: 8.14.1
|
version: 8.5.4
|
||||||
valuesFile: grafana.values.yaml
|
valuesFile: grafana.values.yaml
|
||||||
@ -55,7 +55,7 @@ spec:
|
|||||||
memory: "200Mi"
|
memory: "200Mi"
|
||||||
limits:
|
limits:
|
||||||
cpu: "2"
|
cpu: "2"
|
||||||
memory: "4Gi"
|
memory: "1Gi"
|
||||||
volumes:
|
volumes:
|
||||||
- name: data
|
- name: data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
|
|||||||
@ -14,14 +14,14 @@ namespace: paperless
|
|||||||
images:
|
images:
|
||||||
- name: paperless
|
- name: paperless
|
||||||
newName: ghcr.io/paperless-ngx/paperless-ngx
|
newName: ghcr.io/paperless-ngx/paperless-ngx
|
||||||
newTag: "2.15.3"
|
newTag: "2.12.1"
|
||||||
|
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: redis
|
- name: redis
|
||||||
releaseName: redis
|
releaseName: redis
|
||||||
repo: https://charts.bitnami.com/bitnami
|
repo: https://charts.bitnami.com/bitnami
|
||||||
version: 20.13.4
|
version: 20.1.5
|
||||||
valuesInline:
|
valuesInline:
|
||||||
auth:
|
auth:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
@ -14,4 +14,3 @@ spec:
|
|||||||
port: 9000
|
port: 9000
|
||||||
tls:
|
tls:
|
||||||
certResolver: default-tls
|
certResolver: default-tls
|
||||||
|
|
||||||
|
|||||||
@ -13,5 +13,5 @@ resources:
|
|||||||
|
|
||||||
images:
|
images:
|
||||||
- name: mealie
|
- name: mealie
|
||||||
newTag: v2.8.0
|
newTag: v1.12.0
|
||||||
newName: ghcr.io/mealie-recipes/mealie
|
newName: ghcr.io/mealie-recipes/mealie
|
||||||
@ -7,17 +7,17 @@ metadata:
|
|||||||
namespace: recipes
|
namespace: recipes
|
||||||
spec:
|
spec:
|
||||||
encryptedData:
|
encryptedData:
|
||||||
OIDC_ADMIN_GROUP: AgChDLTJLcQutEytCeipPcd9KOPQzh2LiObcGcqSBv54IojcwOSYrdKODrF3l8IR98L4PH7sAvS756vlZy+UxElgtwa951zqYGwf3SHoBMU8fl3QU7ZG44vGHKAZ8+gi1ybDaImUW6xH3TK24PSWH8bvwjLs2JAGCUQ1hPzOQ7yQQRPRTRk8jbhDkBefy718eSMqTSrxJqakIPgicZcIeMg16d7pFMkztEuo8iZCPTF8XgDbY0HVJ/pGxAf/rgerLCeOfdKF1tJRulUt1VzmX4A7Votyg521twa6RIN2NvgJHRYEmMPTosrBO/i70OwYcy8QI3PaWisoId0MFSSYk+n1iCU0EM3pXVal5rDoji4EVjazcuRjZ+TQ4SZh6jkRrHGyDNtrs1w7Hdw0GSwb8ONoGPiZF+qU34kDQH7tkNZ+iaG5in8kwSbZoLH2vrdUv/2yNXtHGFM4eJNwcfwMqs1wbS3zt2c73JQ0HgE2c4ocy4iTJbtd13fouNH+MPFl6BJXcMjvMdUaxerEFZQhhdvyx69ATMyLsUqgodr+vSFo+uA9gtv5JPyiA8HPJPJ05plSBAS/QxaV+F9NCbmI/XG2MM/i55dy5dX3lLaTehDtZ/TZK/mVHlkue+4lHisrtXFL2UGlqdX/QPNX+ccZ0qLKjnvobflBPqPr0y35KE+QNOVNlup2mVJjMr/dgNqi6Xm34UwX4GaW9y5Q
|
OIDC_ADMIN_GROUP: AgCTE4M54XEyKP1cHcsosZwIp5GYcvZPIzb7sgOpvVJb7mzKT9kYFOqUkwc1eyn4bjqaXu6SJyP3M4ss3K7CgkNWMsSjBVrYpP6yqsREoWqoETwwecSxRS7hrK8pJb6kRKBKyLDd2oaFMxeg0y1lm9+ul4HwNL+uPcNLSX7KRue1Hy5xqjDNlwL2mzU9JVVZGqEW8FyvPCRKMPliQtK7WpTUbadKbltN9RKrRa4PqFW9xyBrg8Al35Xj7HrNfwt8YAUDeq+73QMLtbP3y2orSck2I46h9DKW4foqYWGnVh/272fvQSXDr3tr8Il969o5M/IfVzpRS74f4zU0LeI4POxT9EgBL2sALoKhxil0EZGJ3dsPREvSS7eccCMY8n0AQE8rOT8AHyRDhd8RzsCoyPoDTAJJWf4oGS4aSH/N7f6CvsMF2EdOSCghBWC7klfRFxraWcbTiFRi5ICxlFL4GkiB9svNWpQlCkiduR9RZTop1DU+xJK2XgBmTampbjlEiS+yf9L7tXpCRvp+vRcxHwlvsMUncIxUzY3CPTST6FrVOL0BMtLeKI+MmgaCxgzo6BBAUKBZSCJbJKLTrcnhviLJnxYXKYPah5ozfk5XBzcz4C7dWuhN6N1Uwa08nDtHbuN9Mj0AWElT3HAqf3naowVBeXgLV6vRNTwYOIVoqGhyVG0O65DpwuxUdFZMUBpmhFz1QTpAZ6cbDZbL
|
||||||
OIDC_AUTH_ENABLED: AgCC/9BtmP59y8keEx9z6f2ifXdatpR4BBSCpLlpELjSBPAk5QrZ5v50n8Raz6zUt7+HVL5CYsShGRPoVqTd+evEqDCbbY+0y8fu0Xrapcq2V0I+DBfOzob0V53HpIzHdcAEyGXEqhE9zTDoTlZszmUCQzB/ih7Jr8V0bq3AKh9n+y4REYsHoiecPPb1MeuJmp9mfuSU+dVqvW8GYwumLQmpH1+PrWeQvf94y48yMJ78wroR3MoUIrTPuVe0RCAK+A25ODrXSaT9et0qx4mzS+qW2Vjpyh7MiNQhJdaYrGHlcUcje9C/RRsqzFdwXQqONwAAQUfH21fxMjpyAD4O3pc5X31kZ216w4iTp5DlTYBH7Ci8sUySaweQT1XdCBTqZTd+Q1fkU9UJqkLFZZ0Vds6K0GSQlqxcL43t5jp96n5uCm4qgaEX7oBpz6CqYM0Zh1OsfFe3ju3IBaPLNpboY9BwXaOlnYIMS+BR7hZGWf45cyEjL5IyEQIfpCw9drTzwnQAkiHtWo/8gzgds9FcW0cVPNx8XQjlZYw/voYhFJZcpNkwk+wl4Vs6kHPwtYAhR7nHj7nyqyd72IEutd0LZSL2ICMFKQ3XbYKa7JZlKLeL0gy3YKm8D5I+BRDBR4AB8MrjzSkJR0C+FOHVMImxLIHblEtVoOla4xWbu9aa+fB5hUrJ9EpwSiBYJWQzKshHx6cvX7Zc
|
OIDC_AUTH_ENABLED: AgAQ48wodtQ11peCbSpBL61n28GMeMJPq6cmb0a39x/n+AJGOZbjcE2e/xdFu06J+ahHTehi2QtwWxlRBi4Op6sbjdn5cXkTZ+8vGB3v/JQZQzJpGraFT1WTPZ9onYXTLl8iGsZSteF3iaxSOMzLswMahDvk/DCNrIY78mkTpqSC3Pggf9GnAWTQKOnuTFYyStBaL9ExyDBiJkbFahm/bC8h7QG9OXD93bDQrApS/W6LF+3CU6TOKj1VXmeVuMpxGdasC4B5ShL9kvBz66i5P7BJYjPfTEJfIACIFzZQmLJwxzfST1kV0urdQ9PZmcvQLapxGI4xUssD275hSPrUE6XXMLyo0BzVEBPq5QsMW5UZB1sOPQMcIajdzWagByFJWcBU1mFMwJXVUHQXlsMDEl1pDTGbSS660XCS1aAtmVb19ToXH/GIEkWlohiNpVqI+D8ypoAwMzF1FnHGvyxF6maHV4vZA4zDE7bT4S+E6dEmXM2cc0essUDlbwgOTLi/3fuqxIar3Dub857H0B9++SeriHrSUJD1A/9IOZQQNsAOwEOylK+9BuyhHYFVzk9l2lKnCRYqif75wusyoly+4yBS69LGzg4mc4Bk6LejZe91VnZLlZB3M6fZzS87qWoSKuEibxJ469KVrCPNc5mn33gfg5nW/05rSYcBnl1VazPmA18sZyX1nWnQUwwErg98jGn7Ft0q
|
||||||
OIDC_AUTO_REDIRECT: AgB6K8H8eDmuaRhPeeKVtkPBzvtdEgNzBeqBLEPOW5tE0YiWT53mlQaW8eMtCUI/yvIKY8Tjcwg/CoiAgtboalS+HoJ5vUqfBBgeqYRE8xdRw6QJhLjKIViyg/wsTp0epmL50XX2qg6FINVWT6A8P3OXmVP+kxxr5dZDJ5jT7Af1j3XC0uGZWja9DWkfz7AXiUh89kekGqO4rkplQIBmPOUl9re1D5JFuL7mCmqBo4MNHV0baf451+XaOQF5jKT/luyHkvjs2V0+YZY7BvBqmqg3Dt+buAMyFnXAziVgcpSRzPQtGSCq9WJK5JsDfZltTVkzyJP83Vb3fPtOnBs+7ZWYshOh/1r84hbdEUOjTec9zcYQY/1MGc+4t6DsK0st03cNYWhKBBeN8nmUGMfca5kGWnRx5nJ6rjrF+Tw7yXJdjRiZ5Kom+VwcBtT7bXsxpoUYqAY1W4oUhpCrGGG6431DbUbjWMSaHPDiGdF6rIMD3OmbOaUxGTooCvesoRTdia9pO5Jk/c694N1MVKW+SNInuyZZ3BI8oxi74NV1zZYwTCADHSvWShuqCkZtnX1Rz1kNlI2e++HFnObvfbdXSyDymwJ0WX8rO8sXJYzEkJLv021Tdn64+1jBKviAi7m7FfS9/E07AR7OWyEjv2KYgxsZMC3KR8mEs9WZYYqkvCuKdWQofpLOTjkMVJ69X37EKUCGzUvr
|
OIDC_AUTO_REDIRECT: AgBuLoXhaCs86FfeiagJQg2bnz99Poebydj212AdXpt66Lx1nciFlJMzZ03ahJiF5T8lalxPLSzkHnc5VHBT8yRSrKe1lCisDmXVv9SBBoZHntu9zQdJeChkkHImxILlJVZk4steD2CyIBDj2xjbjUfRjFYJX4F1WrzSDXG4Vf5bal8tPXNuqbHEGfx7xw9CRetMD4cfDESyKl7FgbXi4vyLgGyNTnKTAvY1w72Y7WKminiScj7S39TZZIVH7wJyvvsNEv7MCgwaPeT+W5pNwpx34oqfumTHTeJUwQWccwCnZknhOl9jwNRJ4cHFAsVArT1yvjLCbMir9p1DvP2w0R/A8CzPgDQxbJno1QKeGnw02YVlsYH5KiOKkQQdT6/kT+kk444Mg0JLPbG7XZSUZXGmVl5n31DuDFvTGum5BQOwFzYfOim1MM1OJyFiM7XuaCZCzSMNUQHtLGv3kBHZFhIS5PXqMjfdV/RAv3QhZgAnJzGYLEDawOwy4KwIXTk9b55OX7AyEwQzwMlJUujg/+IJP28BH71tgVtgQsVDnWVT2GtWW+UMamXhqh+YK6VD2BZ/81D/p0BEGq8m/dweP/qv3MK/CGBjgtIFOHnEcNZkqMH4HhrxFeu6fabUpT6+C5cGNyYJSEFpbUqjJRb7vBPIu/ewb8Y43SNikzaSp3/1A2LtkGDyzcRckQYTuFIiIg5r3jcg
|
||||||
OIDC_CLIENT_ID: AgBosCGO5L+/1WJIGaNA4Z6vbqJL57JtuRXQDEICAiTJns4YBqvpbiIg+LZ6b5DDwHi0uq/v1yd61TV0+A6U7t5LYjRsywryseP+vGycDQlPWIBAegs/gVzMspNOrJe+g00VEfbrkZl9U63WMKAVBJS4Qd+MHzgnSxZ0IFMP/vaSE7JQ25LqSMjWs/OOBF4EJbTf9RV35/6kk6VpYIOLlT9Y4FaFwilj1Fve7YROIms5RykrLeEhIw/XeKjviyZqbE+rRsM+3lo0FPwVTruTGNbqLBrYox2FSVK6y+xPp9IHREu+17gf7ROLSj8PIhG3Q0mWOSfdv2qbB7RxOfNf4eGwy1m4rL+DDwLU/g2rZNnIvxa2C+l927ADFj5fJCuBPV9o8PtJjD5zsE2wpdqJ/PJMpg0106LylewH662hvIYL3u5s3Pc3mW0jPElgygnZYihSRxzxvEYdfw7+gV4alhlU++X/C/qwbzw1g+ZqgbVYH/jZxixsAu7fOiFRW2G0qkvnKnwJstnjs/Q81R816dnRylETxtINTpyvSF5MAPE1g0HL2Ocs1rOqLsL68FpPnI9GgOD0bkStuYSq+6adMyPmJgyzOqa9sGjhQvrLI4AISx0YVDZLaG7UIp18UF9AFQhImkv6hh8jpOHR1sYmmWKBwbyBJHtEpDn4/RKGjb2v/AHvUtZcE9TAM7kQeP1fRWPXPcA3SfF7
|
OIDC_CLIENT_ID: AgBQiUtbuXKJABinO8VfjQ+yIj0a4AEvKboHd544CxYdx1OfZd0DZLsKpkowZS+Wl5QiheC/+8HFqsRzzwKas2i4IyOpihhSW/xd6X7XjDtu2Tjwuol1oRel5AmBpBj6Kl6zTvgLbHE+iUaJi7u5f2Pw0w2vXAJWxg9nhOFVEfTVtKaafYqVVXPB1KTqRPzwR5zsTuIZToEx0BvA95yWM5oKRPnjlSLk1vHMBDPqdgUq+7u+7qhj7C+rvhI7nuTOWRk0NzsELBl3AyAg82w0r+I9H7buU8OHPEhVOID//UIc/wL/QuaJNxeFiU+rM6K0CD6MMGQanuUngaEr/ZpEdxe82hGSuaLik2mWfvG4J4328a1bmmTT/JgPPDQW8Xtg68Tsqj9zT4rfaVt/+TttMMgj4oAFkyVLGZkp1sfgIX5zT7gHc0fCusTR5gGNLJ5PmHyqCu9D2jP1ERLRltiyXH6wms8+aACj+wsmo1OKUjmqrtqtAWNwZz2bmOJhhUgkP1mPz4o2LeECjBPPv9uPWkMb67ZUI4+Qp8o7J0SgQt4ZlRqhg04Rh5MxCY9TvbhLxQD5QqTktmGYWo6cDVnIEIKd/XOSG9pBT6bTGsRLicgRxjDwm/0ZU1Y3stI6UhONKYA1HG8rso8ZfRLvDsgp1Zb8tH/GAw+bl2HkOw1DbyFXWeRxau3RPwTym3GYjFgWZhP5ScOu2Rjg
|
||||||
OIDC_CLIENT_SECRET: AgAI7LDC9J+IQk6qPSxs5PSyr5fKAflxBxfCd2IcjQUKc4mCLzWdcQkyxXuOqLETCpT9yNFlRA+g0k3Bc+Sp+Y9rmF9nS9EyshezZOMT8/G5bacEBXgxxlqyTQUqXp7FpKK30lrBvxa56xDeatF5G6H68lLfJ86K2FH35f8IvRJv+GqFrOQ+PL1M9Kl+N6XpNihy70+jpDornbNpyr48yFawAone6zKg9qFxeJ4FHPL5wYrS0r++JoEoCGo4XZ34mPHQ1jiK3wPiiuGhf6dbAvh/wlCH2+ehiTnOQwKUY5C12gVwafOrA5BRI/TBjlTrAEG1qjxdff10fkkuFaa3Y07V+lz316H1+8xdzPVNDN5bG0hVVVWmj1jAuqUnOqPEfzPOc4jUFVom2wSXI1SS3n1oeDnTiO/5vkmTRcQZdGeuLM0+StTtXHmbtrfU6ZyfdtKoZ209jR997pYmNf8PrDbhKtcvJaxbT6RHqXpJwk4fKtQeLInY0Pl0HSg3f+OVLdikESgX8mJm/nGJxwN/y1cSjLawMoZhbvHP4aWKWokLxAvX4pfUfm9iv5fm2pwQ2eWWKAI0P9I1l9Dbbs0u2HC7QLI3EsJFQ/D1gkhall8cLPQmg9LnsXpnxnKXtIMLS8sNqE5TyXTX1AvFJz79dT7nezS20TLF2chZ1ch6tpM0n7JNYVaD5Rgxqc9XFpUvJrGHYjSR7twjXZd0XRVXCOBKWwe6aSdPi5OXtu1tBvvXTjoqMbQrGgk=
|
OIDC_CONFIGURATION_URL: AgBiXJGc7WugRqlUE58fVPkkKkka3G39lhajhuR7EQePZ1HdE1D02/XncXgRO0r7C4kPAX3oZ1Uczo0XAMxQxAZye9NNFNei7E4rlc3BTNOOxCc2Uj57DjuqFA74cHcjs0xRCJ1KVMEcGX8zdG85v/qEI9Oru7vQf8YT3giTKNHDZMgeyrbCMFNS0cyXniseMMVIkiX0ky6TfcFdn84bZiqJYwXwnNNzeM/kJe01NvEe3DuvxZTEme8LNkie7CTgaMHfEYeXZWIh+JqkIPW+48uDYe4ojf/Ts9P2jwzf6qW8XyqwlLti0MxoVH6IqbLbJ9JVJZ94WNMm2tcjigD1eSV2klNxXYZefyqqratQpfi7Ou/KXdfs9Reijj7dtfZDOnztVouS7ivBLlufqdxgyJrnQok1MxQloZs602CBPRDE+oSHGh5ean2wbJLqt/Vl9NxcsFZpWI4tazZ0DUhD5pgS4MXoG8D+RXIz4++nfn+XhYhv84vP4VJh6kCF84dKSYDFUKkAMGJSZRDCcs4jaORO/DZLUUnytnOHV8Mo2ypfC9KgETdnbXWT7OcdCQPesABE/l2lN9KDYHxL6DqE3GibmCqE7yk6TOF36pmVeEsECeBkmcl2DpHVu9PRBiwO0YVTGUr9AVmwO3vAR+2LAVHkDmU+jn/e5SFHg2dkEpWDORC7Zn4vZrjy3pmTJdxBthVwTYqmdnWk4uvppyKP2l6MBtaVPqtB35sDuYtLGSFV1FLBJGJueW+Kk2cGbNxJJEEhBUf6ZHCDWLrZEJPN
|
||||||
OIDC_CONFIGURATION_URL: AgCZnFFlMYEQgPBXanDrQRdfPad/xux4wIVXpPfOqsDGzWSYu0HYDuoO8cETdf0fI0dppwAb9167Iz+sz9t36b4jb5X4nXTVWa4Co90s3uDwRsvMcg1dNMK8EDABxlGS9XThwehs6qXyYSN06CF+SyrGZonDgVcXb0pEW5B/EHFc5TwRrvYvVe9z8v8JbNehQet3HxXZBepkuntI5CzCkCseTvOiKV6oohr9l1DaK8e0IHQdq7XZshdZ7/CmafVY87fGElC5J2nhAML10fXHwyJ8HA99mwLFIvBLnlAc4KnG3FS2uysvoKrUs+GPXRgXMBlsL67upV5jO2B7VKQRpy0VcO7oYiwMV7Lc9EkOOgVNghIKGkCVQqN3JOuaNg3vuJlutDjLlDk+oCBP0BvYkZ1U+1NmndKRG/7YNXJ+MOe3KZ2gWGZgQLzpbmQRq81FxTn2rSNhZyBsMHyviIZFqZJyXnln6xPRIi4uuxtRQY9PLVcwHd6Q9hi6n8QGBYNc+AEsGwy+9upkZ6hpyo4hcOCJi/e0aUH92+Y/feNGYAPFBHP1sTHP2sEbVFISQadDdsxQIvQvaJy0J9+UKghz/qAsipkBYc2mv/waJwlpnFqDoCTOIkIadutyBAehkXawNsDXcWPU52hGpQ6dQQKCIxsRKBO0JQsI5rFf4jc/PxfSUYu2Fps34mmMggAb00UBLDb2arNdI/OcSirZ04XSp6G7Eeqn6gfMfrrhnnqpg7zokXXNMcLPJcrV0jHflauahmft5+LnWHfYVa0uNAJP
|
OIDC_GROUPS_CLAIM: AgBjsoq/VaSx/P7PnODa2TIiSy/noUFrVmPuIPAyjoZP/w62zmwTqy8Ln4yRKywmsy+n9CMGgauUzkEU8HSuWJ0Moxzt+NBRpuA3nL5R8b0hMsdQXCvY3L5zqyvPH7hfY1LRVcM5cVyzTR2CTVUNbO04EeGaFt8Mh8tsmyHk+Cf8VidbkeqgEpee8tNO638F4xQGx9aob7H7UVKOou8CdpOvH3zsNFzGmSbwv9qm1sgcTxkZkjt8cGH/c4k30p8szcMFQmUK7dzrZAma5bDPg5BuwspCnRXoGVWLYN02jHYDg/08qLpL/vL+pPpChf0DMB4j2M+s5EDHnbcfT7S7pf2NkHCnWINCJSKLMUIcBSFXXEkbmSrHo1Ft6aHf/i6JHld4CT0dQs5AyK68mCzkZTWoHU6MM8+/3/J3J/TWkSP8HOyBY3gWPOU4hYEQQQlJp3T+mnnua70mo/vMr4CuZFyxLjz872CDwG5WfZkzJxM69s0XRkHEmsXi7VYjn7NThrqhh2lqbiIIJNpAemjruRl49T3gtfstVdxfgp3dfz/H/4FWRy5KY5XDUjGwYBXDCpaEey42CFSiT1w9yXV67emahUwKekvq1vvuz2bWzaTYGtCW77WzCO1cC26hORPAYbZZxgSeDgWmxMIhJF6tVFNSAu11rMjcMUKErujC5cKWb8N4DuF0H4cQv36SESKBdVCOMPzPxDg=
|
||||||
OIDC_PROVIDER_NAME: AgBI3oFosMR5sPgr6JqFPJX8U8A2XNNYpZ7C4XIW9VPeczIU5NUNQaePowps509Y0ddHXPwASr0OeTgIVU2Z68Hg6Tpj8CehL+P+DaFMOqMOub0qmrakLBBaWcaXprQi2eys7mP9jqiC4iMx23w1Yen9lid9FSjLIEpfLE1VsPzAUcrvGMW8dbgwchrxKnb0HG0e/bsyaLubzEZWHfPaUo4cSWQf4KWAhYBlfZQAbNPkatOskzKw7nZ03X6RI5oub6hjcBclRjMh28MsExIRJDwWtB/inwLpWEAiPOU7xQmjQJdC2BqmKXHyTk6Z9rnwgUjG3pgH74mNH7/pF1ekOK220JYTbMa6Uga0r/v971AlC6RBEo8kuaJ/xptSdHp8lfg1spJ1sYobV782+zmJ0rc615BsYwef4lcFDBSXKnk42NhUNY6OORNbwD/tW/Mxac3o1OOoe3mSgRnFXJLqTh9i7D6kN7TiQ8HXNgkEfZKoqCloKo2TKW2gB++hXJTiZ1ItocaDPbPSIaq3LJsIw6YwwkXxBQeOmZhYLpaPI8dHjn1h8Jg2CPKNQJdAossrsHpBrEM+UXA1HxVmUCv/q5WIum+tO1d7sKeCuZ/g0JOcNK/tX2+tYY5fDT2G97GrXSGpgZgIfhYhWStYfkcOdB5ayqj0ncadZ0uJ3akFWBLHAr6sYemmVtW+BYbMLTTjlprGq8EIu3Kyqw==
|
OIDC_PROVIDER_NAME: AgBHYuK2JYedcaHwDca/c1RKzq8YgO9cJ0lXPY2+ain+lwFJwZ7oMOPevVOq3RoUHznEYbRxKw0CLE+110NFr16bav4bn4pXRD5CeqQDAWPIxxouu+w2NgWijnqfKnVYrtrprQlfGO9mYsZiEGj/sbftX2Wd73L7oXp/6Ab+28rnxtv3KF46wXo8yfqzOGf+QRQKdT+2pv58zjN3UCGrSANirLHvmY8+a73YiVW8/xuJZN4og3JbPW65FwBpgnvQCaHKFTbPyPIpILx7sKz2yxGzT6Jt2PeSjdwou/fT70tmrwOVucbHJkKUsd/jkI0gzRPLr9Fo5LcALAKQsn70hNQIRgTFgCy4ILurJMBKeYtHkNMdnBwKRh4NlTgJB2vNXq604480ta20Z3E2m3DUxW6XPFTQN9uC5/7IT0e/F4UgQai6HENwAqIPGuOM4eKeouw8pr+RoLMI76Z0B6xWhLRqxrZknzwzOngpaku8w9SeJPkifSFwxxFjacAqFrMwLGT1kg/KIJcBa3BUK8gVRLzqJd9hq1hQtavmm6T3W9PW8yCG3IP4b/Kxsm0+B1pXSaFC2a3elFu5lgw7JeJO22NwPmCUw3cX/zfYcn4u1MSsn2Wlr5tLNwjfpeGXb0w9eGStEZNKpj/OLo5W6sxdO1PIdCRd/IdxFuDd3q3G9cJTP7aMjeWSQhr7bzgzx1K78zZ9h4Qiw4YXrw==
|
||||||
OIDC_REMEMBER_ME: AgA0vxQG7k6gaMmviyTVccCkIl4r37YHX97gO8ZlFtZFhBNIXti7Ocn3R2paSf5J4A7xT5Ml5imfdn1jS6XXBM/z6oXA7kvyrh5V04vcueGXtOk6PSzdqMB+qsmZr8VuY+41CllUwXyXGDLMCzQ6tA9K1rdLEQoA8TYdDi3KI91vb4JgOTaAum+JHXI8N3ZguzXyF7nTR/nTtoqvKoD9b6/B69Gu7FDuef0AEAf/aFYQb6JSNeStKbYYyNjY30/MdECEf5Y5kl6mtAT54KwNiz/GF9JMKa3yAO4XVc0Pq3Fo4BoptW/8yyngnhrjB8c6/LydTbwQgrxXO6JJKOnLMMrNq+llBNFyBqUD3ZyVzY3CRAetL3loAdoA+zTQCAKMoRjL22m48yyxdBSC9Fwy9crb95DqJaEQa1M5UrDqt3uWsEoJhrT5dUUnC45N4Yk9/cTWLMf/xSqP9tRWVcw4wyU8b/ptuCTqq6WvMVeS+MCLCnQnZB6s/sdFQBm7x75P2llro7iwYp72YRAfV1jZavUXc6XxdVvvyFV8Q4bNRxLvXgjnuvD+6STTmqzlceVkxcv1KvDyvjxHtcy4qxr3dU0h+vmo7kkTFfcaJpmIP4CTVc+lkNvj6FvkXwtmiW/RMG7kW8ES7I+tHSD2hJle8FWciAwP9iZadszTVOSgyx+S7alOXGczUDAe0bpWqeNnIBkJYpX0
|
OIDC_REMEMBER_ME: AgARqfhGDWYi0iqE//vNsJfgZBYJklJ7KUUHm3GkD27gNk0JtOobt/RlE3UV4cBGkstjGQkEGldkwshtQk/hAuuu8Qb9PpeDxQOUABAFX7NDcr2hWnDosFSShq724ycY6B63vjzahMBYEGo9tAB07VPy6RtvZDH5EGYcubfSe2GgX/P9VcKq64eO2NkOHJWc1A9cPqQGYqFi3YZkN1yaix7kRW7sL627Slv3nU/yLpFpEwUi9ayzDBCDxfiBZoRZh+Gy4VpD2S0XmTNYgr+uRTmFxEm0gL4qvualqahssswG6x+l6S+KizbLOkhNmLtZ12t166mZLWlzUPQKiJwEiWUK5DfJs2LtZCWyqVko9972df+buaQ4yPEBO212OoM1gF0P0JaTJ7TNzo0hhYxDIBZPIx9RnG7XzqI+sccj/OLQMeyB4p9gbbKHP4YJyyYQTSPK3dHG8BFdfUDyyq1tv5IkzKRHmy48xaumN6KCPsCqrpr8j1XL9oLPGPtDgf9VRjfp01FkTg9ujskxjnfAt6fNw8JThMyRUdInagos8Wh/qxPPV33yN+EvQaooXxq1FhvZtLVAXsErzqXnNbLBmQGx87IpBT4KMpXBWmQ7+XaiFCWXQ2pdXRtwL9IT7c6dtyCpUpYtlVjYuh8L64W8GJuRUjzg6pRbcw0205MFUZfWuOObAHK67K+ChNgzzsCCy4GHVtpp
|
||||||
OIDC_SIGNUP_ENABLED: AgB/TkKgJ1GioaGCvyXVA+RRHJ64/KqBt19dNm3LUdxGrhQYOq0zDmNET26w8FneYXrP4zH3IY+ZvXkS3L5i9PNBXkUGhXaoNXPx2KYm6c6YeGkrW+sDlCVPFx2zypCIgXNpJHiTIb2vfZHTyVMvmpo1m9nlQVfdueFV5ToLwt4pWR04VYCzXoaSILqJAuX5IBkhac8hsr4yc6u+RuLhtDTmziB/3+/FWA+Gsv82U8CNDBCMAyLZ+439F9aiJv+scOzVzzmmIxfCz4GPzfiTmMcwlsAjqMs42C62x8m+yoPAs9/Ur7f0p7JYE8fjYQbWP2OliJic2Nm9KaS/o8akojIKlIN36Y1I/srimuH9LbuRJlwRQjTQ4qq3quiW7Z/7Tgsm71ISPqeLUHO2xR0714MnDMW+dOwRoQzBaNZepo2aEb2DhiVzT1OLsSeGCs6UOTau9sjd5ow+pCBZWUNPAzrcskw4cSfoHGfWiMf6wytCp6agiwnogM9wMAdjFXi9VnHxNmn4oViCmeg/y36z0RDyW1p8fU5fv68qWoqiPH5lbzJUcKDzW9HpfcuaGaAKJrr3RbEqdqxh6pc8hLwzzCo+FxiX/UAnMd+2BCFWzEQzWznyin2Z9vv4d7dYYiKRmoLxNQO5T6xSZvv0DYd9dhSxy8HB/viZuBh7AiprORuh26jCotcbKZq13/x5xC7qm7t4WQzO
|
OIDC_SIGNUP_ENABLED: AgBju2S3K1/i7oEsF+KyOIAyduYJMqA5c/spXNVDtFDgrf5+v8dIa25b1LyNZWctBPLZrcuviQtY3uJWgBbY4cKagheBlwN/eCijghdFLR5U9iFNJUv31zkmnVeOAZqkLKAmO1fmHfgqrZ8+UG5YlaRXcGsMjtuCuteKhF+/ss8VxWNwsWVcJc+xcfK11UG/ogrQ3+h/Ii1RCiS5WSMmQB3uNRvyNQEdDJHdtK6gifK5ZHboHN36Rx3DEzyr3eDeIJasyYgfDtepTBTyw5cb/7yFhRMSraHTpGy3uxJwzzNL1YdCi2EHyllJMea1/AvxUQXQAxD3zOSmNwQdroE8NU/Y+Y/vuCOLVrLeveHaTUWvI9PkIlIxbU1Xql7UGf7s+Y1PTnG7aXWNYNuTCgaw03TO5bhAPX1tBubVT9oVUZgjOH+XGY4nImtBOt/1bJ2xmciC6t2nt+8lUxLfNuFS/876vJokYtd22YHGqHuGSLhAdWg7LcwIilx4iCB3OY0ORBtdE0hDOu5KR282vRqGu5vi977k6kD7sL2far0fHjpb8rOaJqfy56UsF1CjClqQWB0F2vPh/ZNjecC87ei0ds3hCEhGtXxYYdJ1u9U3lZHyvA37NxKaagTHZCmhgs4M6Pdqm5YjsO0iDorv+aBnRkZysqzdG8LPuZNy7BkqxejW9icS5+b4TeJgCButl2Cb2RO77tda
|
||||||
OIDC_USER_CLAIM: AgA/FYOGrV1qHlvdlJd8HNOdG2VlAVTo6nEoAtJRn3G7z3OkexS3O51x3TsiIhpKliaFl2/ATZFk5okUnUSeoibqpxpLNVMpVF6VX6IrnjxdbtznGpyz7sIri9RvKZwTpuDT8wNrJ2q7t1xwvnK7QYxKzf+rIkQqcSzN9k0QF7XPE7ijeWSjqMpbjRya+vxjWR12L5BRmtUgjrm7J/8uRMkVQQtl3/Y0c99qMwj91v1F37RejoqOLC6OFdCOhVvwatq0C+y3F7BB6Zl2EQBYoinVuSfmlJ9rorSyAeNeeVb7s5vm+WflB4Dn+taJAFCuGiq7DK8n1XDvkW7kThlJckdXBfEiCOlzYCSdiJ33ToV2mWo0zSOZC5UrYslx5hhzwdb+Nw7/74c3g0TeV8doLWhczpd38eYEkYrFIZdQdBtwK+Lwlb7Bq2eT9X3l73uE2ho+u+o2o4RtQdCw00TouBJQBf/vhyEfk6eWuhHikIUVSQAOm8mCKaOseH+m0RMrpbDDRbl7pcrozSUJjP1eygTVPJwQF6uFjIbvNHsodP1ld83HTR3vMfwfwwngocEonnayUDeYfk2KOdWONUFmfh6k6miULhNr7QVnTit6b7EwsrLuu8UqJzih/pINELf/mA2oliD2TCQH6WwSu+G7W/BjECO2ANyJE/1UQxQxaw8NtmRtcuIU6cdHi7ow5ENYLnYb1GXQBH4TGGZgKBaBGUEz5gQ=
|
OIDC_USER_CLAIM: AgCKYNaYTjJxEFBsijRDPNXRH2nodeUMG6SBa/emB6QKNh9jnQISn9poaZXZ8Tc/xwy1sLJ3m02x+Uh7/PE+A/jiQ26uc8FVvnjvzzUOaily9Hj+xgKZnjQHmNpxPBfj3pzomWZIEoEHybsWGrae1jDzIBxSeKbMYgTGfwJoWt9n4lnQ1Z++Z5/Texp7o+oV5ZJqsEqvjebTUT+nwWaDicKpDA/QbAjD+ysCim+gh8q8FXDCHZKNgD4OcXONTpDR185EpBYV0EKSMytlz5bdBSKHxVUACTATjf3WrFDG5NtckzmJA3bA85Xl39Jxi9pLP9D0SLk5cSOLkwNbLVL1EeQ4Q2FApXcPGhmEAgan11HQo2vJW3Dsn1R3G69zNC2ArMC6Dz6pH5f8nFId5lyTKsQQs25fCf/BV2we3910a9hGKAEPdkp27xGczu0mBdo3LLWeiFaQcDo326N2pqNm3119mdCdu5I7rhjGGvOLZ7z1c8XwS9NdE0Kb3iQZLqu1xr/FSeQZLd9NNF6qYtyFM3CtdqKSgdM4vpsRkqMEiZA84u7hdglXohuaVOjIaQD66bi0He1LemzyzRkRD57zxdVSvubKIQmedNpeG2yOT7pjZqVEk7FwWPaWZZiK61UhBZNvGXUKSMEWVJ1DIr9QBsK2E4/EGdqWKa/A5+75PKvv1TpINTw26z9schtduuPfaGO4Z/2ThfPlYFwD2eoVMZpAYjI=
|
||||||
OIDC_USER_GROUP: AgBIMaa7sVROh0jXJQLrnKVKzCRg2Xg55d4Xp5sQFQ/hBlrFwSE+fj/Irx2hGx8TiuotN3wG0dIJgxLt2IGcXSZoO4iABz6tI88yJgP6InRjU83qxFusjxljOb7JI4Vz/OV4XpxMEibcv+TF2z2669p+6hBbdgGwWAO0luCYPKgwTZWDZr9J2KOqCK0rs2uVtR//UnfUNTM8IbEHDxKJ9aKmB3Xxpgo6xw5ydx2V5J6juXF7gZbthGapgerEMx0D+cdCQwyRmZZaA03IuZbNqgouYPpMJr15vCGsyZWM3mOJ1GOBSnZVTsubmd0WO199LDognEjKNTN+IPbTZUp53zMjcFf9bCfHNZe/+bTs3Jyb2IEH57OAjuMhiA8gU8oBPq9i+CI+NH76MTXrIKdiLtUAfQ0Br1bdR72AmWNpaIC2cGA60QVAtTvHtr/SZBkaQos+KpVXeHVG9WiK4ejfVkFX5r3EjVxPQFs7sGw4DCuytaNjSM66vWqsodC38bKqB5RACR2ApDJXGgQtA5L3jFHzV/Qb66S0I5WsX1+u3E8Sx53Q2/xI/MKnK0VrLy1Pnlrb7GWNyyOQJhB764D8UwA6ElTt29/IkJu6c378yOGsZSNMd689mfoPLeYhby9DMLgQOFMRx5euXIzojpuomtuclP80BzGUHBvLKLKZGLf8HiN8ko0X250MdAouFa3EhNvKjaQ6YYa5
|
OIDC_USER_GROUP: AgCTGx9h4At2lcx4tN5YUBN2PRHG9ex3curTTq4kid+kKQXRUOYckYC3LNzC7aIbJ8byhFHtJVF/T37olPkgJjWzPN6C16C9eGDv8bgq6JnG9faveeXr2zjcceZ9O3bSb4sRxlQ5Zke1Asc2olYP/H6br4VPDdKkDsJ5h5/B/W/dd9FDXuPAbTp32bK/l+3YStR4Zpmaldt4hostPu9TXfE+UxJqcLCFMtQuHsHEtFV3Pimt0XIkoNPsodpKKoAhje8vNwk5YYSlhzH13XgZvKcP43z8bfekicOgRNM6T27sVGRrFM4sE635406sOXWXbxJzwlBQJTqajCtX+tAtei3LHdr0l1sjjyMDzlREUq6RYt/6klMZrLW5gsdma769AFA76JX+e+wjekmv72/aqUVn9635IamFM1J6+jIWKdWo76vJwzR/EisO12vkSbocSoAEsUxc3rGMN2aLZEvo0LjsjENKlj8fNxog5i+4jO9Bc0AXEQaFhlQwPdIKlylQPhrSiW/cnDG1WemDn+e77a9NiOkDxMXGequzdC5KyIeIrSjITXpg1MQNa039yIKkjfVL0uMsH7OL7+qzKPSPm5LOABBxKducSHHK4t364YD+8e7KeQStHjaCTpcxgf43at4BKuQ31Ty2bWfpMRofGRBvJPusgjXrdutNEAIVrzFfW11o0Yx06U7CRF5198yXHCig3zKgxgQW
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
|
|||||||
@ -1,48 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: stump
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: stump
|
|
||||||
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: stump
|
|
||||||
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: stump
|
|
||||||
image: stump
|
|
||||||
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: "64Mi"
|
|
||||||
cpu: "250m"
|
|
||||||
limits:
|
|
||||||
memory: "128Mi"
|
|
||||||
cpu: "500m"
|
|
||||||
|
|
||||||
ports:
|
|
||||||
- containerPort: 10801
|
|
||||||
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: stump-config
|
|
||||||
|
|
||||||
volumeMounts:
|
|
||||||
- name: stump-data
|
|
||||||
mountPath: /data
|
|
||||||
- name: stump-config
|
|
||||||
mountPath: /config
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- name: stump-config
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: stump-config
|
|
||||||
- name: stump-data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: stump-data
|
|
||||||
@ -1,17 +0,0 @@
|
|||||||
apiVersion: traefik.io/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: stump-ingressroute
|
|
||||||
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`stump.kluster.moll.re`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: stump-web
|
|
||||||
port: 10801
|
|
||||||
|
|
||||||
tls:
|
|
||||||
certResolver: default-tls
|
|
||||||
@ -1,17 +0,0 @@
|
|||||||
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- pvc.yaml
|
|
||||||
- stump-config.configmap.yaml
|
|
||||||
- deployment.yaml
|
|
||||||
- service.yaml
|
|
||||||
- ingress.yaml
|
|
||||||
|
|
||||||
namespace: stump
|
|
||||||
|
|
||||||
images:
|
|
||||||
- name: stump
|
|
||||||
newName: aaronleopold/stump
|
|
||||||
newTag: "0.0.10"
|
|
||||||
@ -1,4 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: placeholder
|
|
||||||
@ -1,23 +0,0 @@
|
|||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: stump-data
|
|
||||||
spec:
|
|
||||||
storageClassName: "nfs-client"
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 10Gi
|
|
||||||
---
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: stump-config
|
|
||||||
spec:
|
|
||||||
storageClassName: "nfs-client"
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 10Gi
|
|
||||||
@ -1,10 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: stump-web
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app: stump
|
|
||||||
ports:
|
|
||||||
- port: 10801
|
|
||||||
targetPort: 10801
|
|
||||||
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: stump-config
|
|
||||||
data:
|
|
||||||
STUMP_ENABLE_UPLOAD: "true"
|
|
||||||
STUMP_CONFIG_DIR: /config
|
|
||||||
ENABLE_KOREADER_SYNC: "true"
|
|
||||||
@ -1,43 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: todos
|
|
||||||
labels:
|
|
||||||
app: todos
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: todos
|
|
||||||
replicas: 1
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: todos
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: todos
|
|
||||||
image: todos
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 100Mi
|
|
||||||
limits:
|
|
||||||
cpu: 200m
|
|
||||||
memory: 200Mi
|
|
||||||
|
|
||||||
ports:
|
|
||||||
- containerPort: 3456
|
|
||||||
name: web
|
|
||||||
volumeMounts:
|
|
||||||
- name: data
|
|
||||||
mountPath: /db
|
|
||||||
- name: config
|
|
||||||
mountPath: /app/vikunja/config.yml
|
|
||||||
subPath: config.yml
|
|
||||||
volumes:
|
|
||||||
- name: data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: data
|
|
||||||
- name: config
|
|
||||||
secret:
|
|
||||||
secretName: todos-config
|
|
||||||
@ -7,11 +7,15 @@ spec:
|
|||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
|
- match: Host(`todos.kluster.moll.re`) && PathPrefix(`/api/v1`)
|
||||||
- match: Host(`todos.kluster.moll.re`)
|
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: todos-web
|
- name: todos-api
|
||||||
port: 3456
|
port: 3456
|
||||||
|
- match: Host(`todos.kluster.moll.re`) && PathPrefix(`/`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: todos-frontend
|
||||||
|
port: 80
|
||||||
tls:
|
tls:
|
||||||
certResolver: default-tls
|
certResolver: default-tls
|
||||||
|
|||||||
@ -6,13 +6,13 @@ namespace: todos
|
|||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- pvc.yaml
|
- pvc.yaml
|
||||||
- todos-config.sealedsecret.yaml
|
|
||||||
- deployment.yaml
|
|
||||||
- service.yaml
|
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
|
|
||||||
|
|
||||||
images:
|
# helmCharts:
|
||||||
- name: todos
|
# - name: vikunja
|
||||||
newName: vikunja/vikunja
|
# version: 0.1.5
|
||||||
newTag: 0.24.6
|
# repo: https://charts.oecis.io
|
||||||
|
# valuesFile: values.yaml
|
||||||
|
# releaseName: todos
|
||||||
|
# managed by argocd directly
|
||||||
|
|||||||
@ -1,11 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: todos-web
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app: todos
|
|
||||||
ports:
|
|
||||||
- name: todos
|
|
||||||
port: 3456
|
|
||||||
targetPort: 3456
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: todos-config
|
|
||||||
namespace: todos
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
config.yml: AgBRKmf5GSn6EcCH4r+I/lJkNiwZp0Pa/TFloYlPzqJ1aQWrTRDCLiljHYs1n/PTBWWv5SdWj+3Uvx4M+tzTXpRTp1dWomJ1C8pUDpf4N7SSZeAMoJxz5/mSUpA1YsYwiy/jhOzSsaeC80JX9WTXhCE5cnox/OUjcDf62vVg/7kgy8tHYpCSRmTGMah82642gP0/rlLpp+ctb29oYttmL0fWafHMRHgZYwkO1Ol7tmfbVOfr/bQljTQD3h/f0+ef2s3kDNtAkXSBAwHo6TfukB5bZi+pj3q3TLHAWU/belC38RZtIYW7trJf20WzbxxWKcS7rnQ8GHJqpbNgoWdnBQgP5OGHzySnQrdIAWLvOxw3JdJ8S1ZMbZfWASGpeIdfTI1p99Bhu1MGE3nnAzUCM93sLySE/mjjGDPdA9+Q7orgLGX3ct+w4deu1ABLR/HWxFYvPah11xs+MyzBFVh2rRj+MMzSWwQmbo+widmHWnzx6fjTiLd8eyGmvz1M9hBwFjqUTjbAR70S4xx2ALlYqAtbmJUk07PmTdTMhvokvaY5NX7Ylahx2oFE2q/FxMBwvPZVyI9tSbrZHEK9a67QaXnnwyfSqj3nErNkpdAa/zSJ9M6SG5cJrJvZCBn5cFg6pxtY65wZoj0GWMZ5kF2oqxDuekdjitWGMTp5q6ROJYSs/o3Lc/Abga9pSZYEtNrHr68tJuSeO61s9TjUftbkxkJ97/dwTfVQOd7aJui2EDp8NVcZg0CkEOgI7tt0nOEsll30RWS46QJwUbJM34FD646bpEk50K/GsIvFovKjZjtoCjeKczGdMpYS2XFwEMb8UjgSATxcVYjSWwvx+7prEChvoyVcg8Bi8ZEGcBVxSAD9fJu8PtyPBeijs7ZVwVyGGxiSafd3gAPU8spSuvbEDl/VZAKy9k2vrI2c/gtTqwaIasnBHudIbbNqDHlTlH8dk0z+kuNg/AzqheZWireMvBvgQ3TlHan0RN6+vVpZCY5XbzWkj/DEmoor8UfeuYt3GD7/JHniAorMPj61n2od7TLXmLunPG/B/zNpJCgJ8LgtUriDDZno99IDCXaZ/MO2+jppMaKizl83axxrv9HUTYDDgtX4RqLLdutd4i/AsOe0GgayFrOjUtDVOL6MKhX7dRJfbNsL5IcGEVZ1cdzcjjazoDpSlDdMC6E1XNS1NWprqUpmfjFPtFk1FWW3oRF3iEYUimngYvy6oTx3d70EZ+eOdEvp6A+aHbmG6fyEQb3AKYhMIOsn4AbKpDLjTsHiqWNGwT9ummS5kOLhnWBBB4ohDpCl4UMCtP61+1lhtx//Jne8QFAoq31MMFcCO2X3b2JfD6egLDc8Vwju6NHNy7jrmkponKqKxQPSs0w9Aj2biUBuFkMCiAik0Cf1fPk59bjJqs2ypwURDPAs1ShPoSU=
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: todos-config
|
|
||||||
namespace: todos
|
|
||||||
type: Opaque
|
|
||||||
51
apps/todos/values.yaml
Normal file
51
apps/todos/values.yaml
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
######################
|
||||||
|
# VIKUNJA COMPONENTS #
|
||||||
|
######################
|
||||||
|
# You can find the default values that this `values.yaml` overrides, in the comment at the top of this file.
|
||||||
|
api:
|
||||||
|
enabled: true
|
||||||
|
image:
|
||||||
|
tag: 0.22.1
|
||||||
|
persistence:
|
||||||
|
# This is your Vikunja data will live, you can either let
|
||||||
|
# the chart create a new PVC for you or provide an existing one.
|
||||||
|
data:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: data
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
mountPath: /app/vikunja/files
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
configMaps:
|
||||||
|
# The configuration for Vikunja's api.
|
||||||
|
# https://vikunja.io/docs/config-options/
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
data:
|
||||||
|
config.yml: |
|
||||||
|
service:
|
||||||
|
frontendUrl: https://todos.kluster.moll.re
|
||||||
|
database:
|
||||||
|
type: sqlite
|
||||||
|
path: /app/vikunja/files/vikunja.db
|
||||||
|
registration: false
|
||||||
|
env:
|
||||||
|
|
||||||
|
frontend:
|
||||||
|
enabled: true
|
||||||
|
image:
|
||||||
|
tag: 0.22.1
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
enabled: false
|
||||||
|
redis:
|
||||||
|
enabled: false
|
||||||
|
typesense:
|
||||||
|
enabled: false
|
||||||
@ -1,8 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: argocd-cmd-params-cm
|
|
||||||
data:
|
|
||||||
# server.insecure: "true"
|
|
||||||
# DID NOT FIX RELOAD LOOPS
|
|
||||||
# application.namespaces: "*"
|
|
||||||
@ -12,11 +12,10 @@ data:
|
|||||||
# If you want to store sensitive data in another Kubernetes Secret, instead of argocd-secret. ArgoCD knows to check the keys under data in your Kubernetes Secret for a corresponding key whenever a value in a configmap or secret starts with $, then your Kubernetes Secret name and : (colon).
|
# If you want to store sensitive data in another Kubernetes Secret, instead of argocd-secret. ArgoCD knows to check the keys under data in your Kubernetes Secret for a corresponding key whenever a value in a configmap or secret starts with $, then your Kubernetes Secret name and : (colon).
|
||||||
clientSecret: $argocd-oauth:client-secret
|
clientSecret: $argocd-oauth:client-secret
|
||||||
|
|
||||||
|
skipAudienceCheckWhenTokenHasNoAudience: true
|
||||||
|
|
||||||
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
|
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
|
||||||
requestedScopes: ["openid", "profile", "email", "groups"]
|
requestedScopes: ["openid", "profile", "email", "groups"]
|
||||||
|
|
||||||
# Optional set of OIDC claims to request on the ID token.
|
# Optional set of OIDC claims to request on the ID token.
|
||||||
requestedIDTokenClaims: {"groups": {"essential": true}}
|
requestedIDTokenClaims: {"groups": {"essential": true}}
|
||||||
|
|
||||||
|
|
||||||
@ -7,12 +7,10 @@ metadata:
|
|||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
encryptedData:
|
encryptedData:
|
||||||
client-secret: AgBmXMtAHgooKGgj3s/ndddVxxOXqUYyGev5BeUoAYL9IYYT3yB54cQp7v1suEwVGUJQQPOgc3YDUeS5kdOLcpYi7mOi7/aJYPmUHx1DU644JsebpeqJNMFt52SCynLjP9Vntlbkji9mPCQj0tHGhqleA+3y9mamuz3tZ+kaSY4+qUywXekMQz13YQgagQc+0BK2xzUzVedNj2AB0NmCIs8oOIL1ZL0iMi/+/a1VSh/pzm3Tv/ap3w5nqP6FUbZLcL0hU6+VTa6ZqoDcIIEm5x23tDXwgbHM7CJ5E/bHu+cNrvVO9XqI5x4KRIe/TDJGmO3oZ4bdeU2mtIxTXIHG3kKFCQzKPqteffctEusvdyqkpCqPsLUny8loOQKX8XjY6K6a7fMsYUsKkJ1Le3Zuif0AhzNvDCX69pz3uPEOf6ZR2pU0B0g3fc3gIwIuY97WiHzHg++pLJ6/yT32Ja9Ub6k72fJDA1HvvAOY0+fXoJdOwkJCfGFF/dXLp2M1/3xxDI05mJeFywE9NYBrb2yRNN9XAdwSJ5mpRnyiyBlMv/1W52yDBCavyMR+vLlyxaXGeVHvDSTdGCY8bCBEz2kbm3WEFxGR/LM3ls6d8WvvT5YJ+RxxEYSN/o0Zi233AK53toni+e2luBBIjUITa+QUIxpeWrz2aAe19PO+XiDHu8G2sErWxwE336USCnOiFIkqeJpBqtfOm0sWnxmQWhucMqTlGYdbus+DBkWWM23JLFuRsOI/VawqRg==
|
client-secret: AgAGtwiMd6OOz2IT2QJJR6unSYgLqNVJCb63a6hHko749nK8Kx1WgLwCYT/UURQYUusqMMPkNqbkA+jLUgh92fa7MKhtj4GysSvWavB+j8oFWT3YZbNcYNoJsTxg8mIRKiMFmp5um703e5RtGCv7eiOWdVtHftVv1BycPVeVHUuLU5usc8lmgnTTEPiRUEUB8MjGd7bIEgJ9q5oAiRTiwefickS1NgC02K2K8hVAhG/VkP0lqYn0xYgsy4W4i/7Q7AxRxCwX3y23spjXNUCRJRYvgF7Cf+MHdBgk6xPtvJF3jDLJfw8H2ilUx0GaxkESCDIE/FSVlbhMXmUdVYB9SLVo9K/tzqHe536ufGWO+U7H92mhZl5oZcA7qP9iXLUy13sAY/slixbKT6y4BJ3Tnt/pK1IydASsOE/uuwuN5q6AHWvG++DSHEPfE8xOH3bRVph8aIJD9hi8UlH7KGlEDPIaY3twpaJDUweaGVRTEnjvxW/hKfp2SF8A0PtGDeKSSii/XBZjxjROdOvE2+xM/WTVdVqddvErzogEKfljMvb5Z4OQiNj7fFvFMVuRD55To8p/cYZu+KHx+D8tuUMH3zk6AdADs/0bjI0xAz3PJUAmVp4RE4k0vP8LAImF5rWkIyVUcvJmP8S90jf0d7usJaEFd1ZayFLyUnwGAkP8ua2RiupnNUrZ/49A31cGm1RCpw00DGEJ/5VK6VMP1+T4KOUP5pB90FUYVHUv6S8dAg==
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
labels:
|
|
||||||
app.kubernetes.io/part-of: argocd
|
|
||||||
name: argocd-oauth
|
name: argocd-oauth
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
type: Opaque
|
type: Opaque
|
||||||
|
|||||||
@ -1,11 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: argocd-rbac-cm
|
|
||||||
data:
|
|
||||||
policy.csv: |
|
|
||||||
# use oidc group apps_admin as admin group in argocd
|
|
||||||
g, apps_admin, role:admin
|
|
||||||
g, argocd, role:readonly
|
|
||||||
# all other user that might have entered via oidc, are blocked: deny everything
|
|
||||||
policy.default: deny
|
|
||||||
@ -3,8 +3,4 @@ kind: ConfigMap
|
|||||||
metadata:
|
metadata:
|
||||||
name: argocd-cm
|
name: argocd-cm
|
||||||
data:
|
data:
|
||||||
kustomize.buildOptions: --enable-helm
|
kustomize.buildOptions: --enable-helm
|
||||||
# switch to annotation based resource tracking as per
|
|
||||||
# https://argo-cd.readthedocs.io/en/stable/user-guide/resource_tracking/
|
|
||||||
application.resourceTrackingMethod: annotation+label
|
|
||||||
admin.enabled: "false"
|
|
||||||
@ -1,17 +1,19 @@
|
|||||||
|
---
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: IngressRoute
|
kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
name: argocd-ingressroute
|
name: argocd-ingressroute
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- kind: Rule
|
|
||||||
match: Host(`argocd.kluster.moll.re`)
|
- match: Host(`argocd.kluster.moll.re`)
|
||||||
services:
|
kind: Rule
|
||||||
- name: argocd-server
|
services:
|
||||||
port: 443
|
- name: argocd-server
|
||||||
scheme: https
|
port: 443
|
||||||
tls:
|
|
||||||
certResolver: default-tls
|
tls:
|
||||||
|
certResolver: default-tls
|
||||||
|
|||||||
@ -3,20 +3,15 @@ kind: Kustomization
|
|||||||
|
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
resources:
|
resources:
|
||||||
|
- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.3/manifests/install.yaml
|
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
- argo-apps.application.yaml
|
- argo-apps.application.yaml
|
||||||
- bootstrap-repo.sealedsecret.yaml
|
- bootstrap-repo.sealedsecret.yaml
|
||||||
- argocd-oauth.sealedsecret.yaml
|
- argocd-oauth.sealedsecret.yaml
|
||||||
- servicemonitor.yaml
|
|
||||||
# DID NOT FIX RELOAD LOOPS
|
|
||||||
# - github.com/argoproj/argo-cd/examples/k8s-rbac/argocd-server-applications?ref=master
|
|
||||||
|
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- path: argocd.configmap.yaml
|
|
||||||
- path: known-hosts.configmap.yaml
|
- path: known-hosts.configmap.yaml
|
||||||
|
- path: argocd.configmap.yaml
|
||||||
- path: argocd-oauth.configmap.yaml
|
- path: argocd-oauth.configmap.yaml
|
||||||
- path: argocd-rbac.configmap.yaml
|
|
||||||
- path: argocd-cmd-params.configmap.yaml
|
|
||||||
|
|||||||
@ -2,5 +2,3 @@ apiVersion: v1
|
|||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: argocd
|
name: argocd
|
||||||
labels:
|
|
||||||
pod-security.kubernetes.io/enforce: privileged
|
|
||||||
|
|||||||
@ -1,77 +0,0 @@
|
|||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: argocd-metrics
|
|
||||||
labels:
|
|
||||||
release: prometheus-operator
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: argocd-metrics
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: argocd-server-metrics
|
|
||||||
labels:
|
|
||||||
release: prometheus-operator
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: argocd-server-metrics
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: argocd-repo-server-metrics
|
|
||||||
labels:
|
|
||||||
release: prometheus-operator
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: argocd-repo-server
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: argocd-applicationset-controller-metrics
|
|
||||||
labels:
|
|
||||||
release: prometheus-operator
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: argocd-applicationset-controller
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: argocd-dex-server
|
|
||||||
labels:
|
|
||||||
release: prometheus-operator
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: argocd-dex-server
|
|
||||||
endpoints:
|
|
||||||
- port: metrics
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: ServiceMonitor
|
|
||||||
metadata:
|
|
||||||
name: argocd-redis-haproxy-metrics
|
|
||||||
labels:
|
|
||||||
release: prometheus-operator
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: argocd-redis-ha-haproxy
|
|
||||||
endpoints:
|
|
||||||
- port: http-exporter-port
|
|
||||||
@ -1,10 +0,0 @@
|
|||||||
### Adding clients
|
|
||||||
|
|
||||||
Generate a new secret + hash:
|
|
||||||
```
|
|
||||||
k exec -it -n authelia deployments/authelia -- authelia crypto hash generate pbkdf2
|
|
||||||
```
|
|
||||||
|
|
||||||
give the client the hash, store the secret in `authelia-oidc.secret.yaml` and seal it.
|
|
||||||
|
|
||||||
}cnnhzH|Mf/yLn(v4rF#>KnGMgUS+TY
|
|
||||||
@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: authelia-internal
|
|
||||||
namespace: authelia
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
identity_providers.oidc.hmac.key: AgBiAFMdVNGubsvfYu9oi6SE1AF8ZmiSbiSPjZhrSjpw8J8vN0Zjm/4TQX+I+qD7GQu0zO72D2hF/26fBZrLx2N1IJAj0va1NYEkmGgAaYa3lVC948n5OzyNPpOwfFCMBKo/BJwh0VeZ0wa7gm6L7+Gfk+YutGmkNa7Cuf+F/e8LxlT0MHlyoj+YGzeNEWkm2uUv73f74ND+a15AnBkvGMfm5A8vt/EdN3IOqD8EUCwRpf+lqhrJe9Mwp28kHp4NdO2W97I40BWA7LFXQco7CuhjNafHkpaNMZ1bkbYLjlpqyC6Xs7bCZU9wMIPOHL9cGt2QvfQG5gMWrJmJsyes9qadBk/TKmqPi3iPH2DzUYO2vMETI765RVrL6IVOwxXc663JxfpZVQTiCSXz8oCVYZ7Ka7gcjXSPTMSxwD2cBVG9KDwjntYaXTairO/Kyx0HiPbbXzhENYkqY7oZvJde/l83l5TvPi+M4/a0Pa8COq8voRw+Fkrfw/qhPDn4AZnuanceOLog3xfrXw0Z45rZ34unovKP+3NjTdBUX5YB8OgGd5tXc4Ur6oK8nxt5IhQ1EzJkh1VEUU8pbDaw9EX1xCKZxVk86MEzW7zqFZWRve5Sp34CJdwHcUk8hLs2PweEzyvibLJIACn1mQoM6nC+Wep5iYXjUzQ9qobItzKFpw/mGsceCu8VqNoBtQBws+I47EF2NkzT45szvxF9tvSzmgmRBHtzES11bqePopHvye4310pywFYJ/WeiWOLEn1IEd4rrTJ6zIoqU1QH9qHShT4SoT0uC5wqz+Tgl64OdMIHKwQLcWih7A5lcDMv+jPV1Xvd52g3EYx13epNTPHtHwi4sBlFi1VuDrwXgTAlnpvM6N5Ij0qNNK5NMcWHerbLyOaMzng1pOtRfYA5UKGG4KYQd49vh5Fw9mHsk9/lelT+iyTs4GhA=
|
|
||||||
identity_validation.reset_password.jwt.hmac.key: AgCOsW1JBwnAB7BEIkEwqTLNHX5N/HrqHoxz7axdr3ppES7BnPKGRak846aKHrUVEykAV470SCgdwomTh/KBVAvHtml9L8h+FBu24rDbqZjHnL/BVy+2SkukNoVq6A2vDQRI521HBZntQQljhG0XTFTMMyI7tUhhM/PwmzeyZpKsDPcw6EJAMk9ERxdYtM7iaYEIAAcn0N2NPI7+I/A7nMKYpx4oGr79tobQyM1aDQF2VFwlRq1vqCrkEzBtPUPa9SrfnFE2GrIJlIR3xh/h5SmXCaAjF0uZFjPBPMrHSU4XtZVqtmwIEXpXFqjf+M6N5LTA5rKEviHV5oSJ4sDbMC1GMzwYw8u1Z2gvi/sP87ncbtSbW6ereAXC/5i7/bkOiyBlwVbNV+YcY6RlHG6DzEO/4Fqx9ET6XJhms1TcNb8Cp/VA7NS79IYbtnnZozefHnZAKQa7k/SR8tUVcVET2LhW6/j4QhxhFsASbws/yaZkEKdQnDqCpDlMkXKWxAt/7wlu/URTKlYTtCV5tvhrDj14Hdvs2CtpbXsYuf9FEn6OkRjFFXtr2c8tlOgh63qLoDfgmc+NlfLmkOGEtfEi9KCt9UY4qBAh2bc0PkkKod5JhMoiBUCwc2H8WlXAeUj2v7UmB5fvaP+IbeNKGf6+v8adVW3m7tckFeARG71QHkv049EKVfNyIP+CvBhEFZwTMNtzYGhr280zpEuvKowVXYlLp9pSBA/3vEIFcsnNzQfg2eFzsETOVtHXd7KnPoRKk29fTXmgIKdMThaSgvs72LoGdiYpYPaVrRKgCeqCah697bsOo6q2gv/jAeofRkcoaUx3sMb8nZJ3fnijr5Z5DFq6PM2VyJy8PlgfoIKO/w1nkQ==
|
|
||||||
oidc.jwks.key: AgCuYKmdCv3LcmH8zpNAuS5oeHjf/cEmcAlGjRfv2CtfXmlYhcysDLeo2Cyn9kMUEPyRwxhQ/b9G6ZfkfuIh83v4j8PFBitoyaAmDNLmhn/tEjxUG4ddRZ+X1m+Skqs/QyGSt8w4iCBv2tzVV8v9mbbh0GSEk4Nz/tOi8oyUBF/RF0Pgan7JubQ9E7uT2c2rD+hVeWJx9dL6Vv6z/OdbNEjpDvlMNjpQBqMj7H0dMXSnMIxoQHXn2TduI/2qoc84qfNf8diGaG9DN/lrm4rebPwQZvwkidSKEGCCca8ICwXEN2b2q2TijiaVGJPtpd+R9n3BDa8SHi94ptwxuWwHEQBA5QlkK5TMUT8SGLzUIJK5Z/sX7QQcTxxSX2pySA+3eKveBIiHJeLjiuABkioo9uZMoWsp/piwZBQy5xB7yF2WIGz6cAg1Y098Khw8ZYrnYrJSHG35/Ai9270eiJOvdXDvOdiXEbxUhI6EGwypl1E18AevE3Pe6OcthEfwErbYdEevSNSfUNthC6gFh/PM8qCEi9ZpX1IrbDq/4lyPltKNbhev7OJuci2CF4kc/kMu9Swdih2p4UV/FOHk6z0hfpjxuqXBwdQYcNOZvyZgnGNjb0fqtrKN953A8Skb8+g1XeWzOVxRYGLi/M/oUaWiy2ksLgxlEhKgSzlQ2al0qMBTdr+I+W3bm1HjITocnEFHR54x7+i6V9LydtWXqy08xH1p4LXi56+PtoUQ6901nE8vyofVcuoV1tqqrnVv+L7XHqsM2qGgdvsYlYBttt3zBy/JbOTcUhVe0KIjRGtuAF2MPJWSxcyFc0crfC7dYmKllV3sKO+MowyDjDQ7OQ3MxgPufLKMRJUAB1XsX5BUE5HyQketKHE5hYWzLR+PmQPShq6wc/Er36jPBLkGUsNVJhUdPewbEzZEcqeBdDsncXUwZjcjAlclWpM1VYxT71BLBT0SUL6YyoeesW0RZ+LG/reD9klfYQM5vfhXTDax5crOcp5BIo8T7mJEYIFBvUU0ruAi3Ur7GqgSCCE8AAcILTeqex22KP6JcFUB7nzFsn3PlUv1lJ+TJutmUe3aGXjVMQGD2B3s5cMHCcqMD302gj39gLVsCV4gQo2hb+UeZcfz7X2ltJ0H6ch/CHeLZbBQoCreVVDWBcoMl4tncdbrkdFK0Bo1tCjY+MScsYATswn4/fbEIKALBVO4gS/WI4NcbGl6HXyNnJvbYv+6l48EHcTHtMqER1hur7Wkso3YpC5zHx7RVfnuCTXP9kWPcCCr1VMj4Uth86LB5xi4FIs3X8DvoyOTVgUyu4T9tedldhMurOh8qt/kqxdxjKkREFk80sH2kb61xPypY/779hLXG9PeDHLFyETYgdHiJWSv8UhizVVOBErjKUljWZ2y5zZam8DNKI6QRislPE++pYsqQw2Pe0iyjjcSWMAriCVJW1klkgmOkEoweFjD98CIUWJUcJx/as1YOIc+QqtVRKH/1AA/CuPrPJWfPXzGBfNFXveQB/G9lvJ4MNfVLNdAz5kUv6bGnGaAyR2LFTl/ficNZv8IFBQvHi91CLe0PjMoq32SO/wCJMX9f7yESWgFnCWS/HfuzWJR+f30hbsM/JbE8hXQQ8/VPgzgRkaKPz3XW9j4w6Wb2mBX3GAYtRtGUKfWsOJWIOjKDlqd73HiIM31MUsiDMgo4DdSV9ocEuH+Y8EiAgtK8P1nSUp2Y6wRVZ5dMz471GC/qAtZS2eYEYzbe57sX2i+pjmA790O28fZauEipPs4d8tbUyef+wPD+aJLyYLRX+R19IU5y+Hk7VdFoi/o+5roDyqAESYfOKhY2dRV6MjLvgbb0g4spJBPefFppKxEW46pi/zMniqUmel+czm704i9/Hr8LrZHUwHQqPN+iLqLTvQQo9Uj0xNzeM+fF4BG+QpYPPl8hNlRFcz/H486i7z1qIRjDvCHko5nQx6nMjJgY3DVyCV6w92NvWKsuWtJ5S+LyCe3Mt2z3R+l7JVntf0xPcAaUjruEnPC9jkpiD7GtZJaeqqm9X6NwanPrTD9KRw3czDyN00H51tmqut/St0O9ThpCNDDO06TrtvWIGmbO3zuBLawOnYniISNhpwpCO1jfV5J8zg8iv57LclG1O7LcwqAbLg6fdYNRnViIn3FRmwrIunSjcL+KbQP6sPQRHqiRxUbO0jp8v48wfzrxc1V4hzvrzlMQzIFRwqGKRjRaHzsBVjln1Ec8Bbg3bvVVCr60rVNVQEy40ldTz22nNjecAUp88v5DXqslHgwD1jEA7rDAmjAIpdN0fVOZBHKxalXVzq/cYssuAMg8NgJXCoLvi+mZj+iR8LsV4OtrSd8nJSCADrVrLJwccHjRo0GnPBD3jJFchy77gPN+8OnzRXPVVuuMSOjrxfAfrjwCUkj3KybOH3MMLu5NUFz27DcpLRxBqACQOtSOshkuuJuk1FXIexssFMZvO2StYecv5R880WX0LqZwKNTJRqQOXTGaV1VWNEexSu4iegOtaX0UZQNyDyHygNU9JXsve4u/2Sd6VyTy/i69XouFCY21DE/fonqBGuIen+TqxshpPJGy3HZJ7Y044rFCcWyTjzz8XH5s836CUWmwri+DsGeT/L/E3C+zR17ImU1Na4IA8f11ThR5aaomfTEwbNseFr8L51dJrgQl/QgRJrViHwowLDVClCbhszVKFg7i0ERRjSNNxZ9tUluOyCHSeg4wP1DOERumYwj5oV9I0isAOpG5cCDUDMrrZP831YmeUgJsH5aciRZmho9/p+Q0R+s7v0PA2HKtRNOfIm1VWSL7y185LKvYO6DPfZNDnOFobwg9ANP7H7kdE1GOlsnEQYWTFlc8wtRLfENNCHlBUwrIGJUoNPlSHVG3PXGz4vah6wwJD/QBH+9TKtLvdV1+2T4+cdCIn08MbdlHDKvWLraMtmSOTJKNJxtXOuXfdAuGYIoqyc1Em7nbV/Oo4de/n1zWkrwZPeTx7d9D1Io/ana8+2LlJEjrIltr4IzdnuCtImbANCDA45VFmlq87s+2lYdbKDvDMNUviw//s80G3qTT3VpGFnnyEF6TsJzpTJ7PrpE1A0PMufNbg8kJTMBifBU+XzoBDTqBwPzim4VqwazuScOqzwZDTgLdQhGzeo1bKIJKHrLOEgZm1KCp+tjPPhnhK0zIGUjqB+UL2+3IvHDmVr9ly7buGub+kuyBiXnoIr4B6bwa7cpFgNU9zmTng+hFlTDgfSLBlz+69knYDlEpgE6BsVfTcXFpfVgS/eRHH04OrYB0t7kwUD0Ku+Ljpn6nd/x7/gcDOGaiQH7TpW1qKTF8E5+sfbn7f8j6fGYRT7dDQ0n4ljZ8qAYsPw3k+hY1MBIiNqAfQKpwTc88yB6EmB7Ul1N28tsLTuEGCCHtXvhTaQLTFzTVoKdtn5B8eNJDqOdBc5+g0qPgp1W8cVESH9nc80pcGo382GND/QllOEmmaKEasYEzPeMJAcPM4UxMuXF7SnadQweoCTIPXuQyZW+eKlMW4RlC5DHQ1m4NymrN6GFptQtTiG5v182BR2ibp4NogkEyZhHeMCtGXZV6QgGbnoJ24ii0vY4iO/08YgXOxDLcH83vvdiya/WxO/75rRVH052z0doEC4jLUleLEs398o59LBEolHSyPYOemzHLOkSB7w6acxiuujb9nujMuE2im5httFXKhq0cu6ytxlVKtKbVwB1y5lZigpTAh9FZXki8OBNIEa1FwtrYsoLz4hJP2CyRqUrHCY9WmCDTOUFTq7NrltBL2+wFvbPAtJbrzM0ALJYNaOb7J5N8R8sP3voXaL5DEEFoS57+xSvtx+lIOCNweJqzzZMoxZ2p9JL6qaJxG+EJIGTeHhWMxX9UJTJJACgB2W/cZyCaD43E5XIxSC6czgdOgwii27fFAJKJabmj+FsSwYBMiyHiFE=
|
|
||||||
session.encryption.key: AgB6LuT3btnwlDtP19iS6TAA6hz5t2gtXn93/sKI+ANzRvDtAUEJf934pWS0xhWu8Zfqwe5YuPy6Hb7CYG1Xk76Z3IFAEKcENcAA4Ngl6f80yBPgaL+6pzkeHyouYhpuRFenPoCcoa60OuusnDBUvBO0v6Mtqd39nACDJwdrJH0VzoLiWlMPzNsqJSkX+qNumrFlahqEtpswgoQBFtgljfMh8jCfAiqtwwe4Gx77B3GHNDuRQ7tSKhq5pSPUfDE9i/a1fb5yd1z8mlDkbivb0/yhvBsUi7stV9TE7HpBcsxtd6vSzt+MgXsflFfHZ9HU7oVVS0PuDzeDEXac9r2XDA96eUdhz/9NF3d9BvBMZqsi4YlF9tvsODNR7BofF5axxuRb2sptVwM5HuexXhG6S2PPpjLWi0BnY2P4Y12rXUhtYTisKgk7J1H5kZ1XYdjySFIQpMnWvdQD4TDmvqCi2YbnDts5labuFPQmgdrguRbqb1W94Pwg3SOuhJdsNJkfvXFBOOPf2eJBdGsrv4hOFiWt87pNh5Idzi9DAsV9CHZyLwxchwSpNre3yb1TnrTUE9xuQexY/xviAKAc1XjLsKyapryyAtv1AF6UnZMECDyElyenWblPBlWyOYTAWk8yiYl11C/2cipP6+pv8/XpbHKaQKGVQLIQdixXVGKRZwChTo5b3wliSJD2FXiC7ZkWfjOHlgXa+1DNYEoAlUfIU+IMdTP+x82QIjeYRH5wmhujd0JrYu4AygU1Zg==
|
|
||||||
storage.encryption.key: AgBOR7VfqNstwSBQ3pZIuHUo6m6bcbqTRluZ+G52d2djiyYm2E6FEfzeNrVgPSyw/9CuWXnzzQRyyGVvwP9FwtF6wWqNByhtY4sHd4xoHLEv3L4ZNRvNCf/iCGw0yI46k7nGifvIGw7BNWMkzGVOY+926aa9CAahxh27nQf0dztuFM3DPX4ASKpJ7c3IRGbMi0x0gPTU+Z1/3JLlhn+WvM95UpbPq75LHSzo4A2YfdluZEOpvvo8M5NnPgvHIvRC3tjZuXsDJwRQhqLVa8oFdrjJ7DvMonScKyv4IF/fttd4K0h+g/WZqCRix1dw/7LburKVicYBLl4IQJDIDORKXIUqU1M7i28UVF6DBe/r6jBTGDJcqv9Zor5hoQHuswyC0p+2+sm0EGUvGJLGJ4aqq5UBSsZyD98vMwGT3H3sofIqESHJo4O6rOSo+NFag2P/E1Ij2PFN2+wJTMRJ467CPnzEC85/mm3Tii+NRRb4CKEuxh+zfmVB/Bpny+7zjL7atS3BFR95PbI1jM5yI4uu1uHaVJaXjI3nQKYKjYetS3POOdxae5YRs8CywtZWkv+wUnlbPlzB7XRObQ2yzwNj8tZL8/846TykafDsvPB51B4wAnY8w1LaxNYBTZHQGco/rO7fUNEbuwPyDcbDtUaNxbUD7Yfu1pUY2fay0YtTLDlm1FEZePm9LLKQVj2K703Hu4YA2F/wKhcWKfjtijaC6z8KTaPQiVpjhA==
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: authelia-internal
|
|
||||||
namespace: authelia
|
|
||||||
type: Opaque
|
|
||||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -7,7 +7,7 @@ metadata:
|
|||||||
namespace: authelia
|
namespace: authelia
|
||||||
spec:
|
spec:
|
||||||
encryptedData:
|
encryptedData:
|
||||||
smtp.yml: AgCfZqHvV3N/S7C3BCeBZv5erYNnbc3yuhYswXBxJUmvfWt/oyEi0VM9830cV740zF532ZteMaEC47Yer1dm1zwBb8degsSPOnivTU3HVN1MQKMxB0T9roN7ytXnS48dIVLlZAy5/7AqU/+F081zJeGW/8lsQKJ7QVa3zG7BDGJmaExxttrB5ZsSiVmFldSQap1FNIcPFU1O4N1w59r29IsUNbOVpnb4NqONBBh7Lt/RoUwYVmdMT8OxOAtgovft1z+KuZN2ZnvBlm3EgY70wAWTs/tSmZLWuDGa8yo0M6LPIjO9zlc+l1YuI25AqGHDuhGU+H+gQWZhtIglwKHtU8oUuDchWxQpb4tJSokpyegkWrpty8vBEEGK9CtLk13EmPUHTPicv9XYgwxvROeXB7+6/gQC8Yc/PzjjZwSrNo8SC/rF4VJY9jXMJ2nS7UkubcfdOY/bKhu1jZENrav7Zd/z5hiy2stg2LFJ2rnzIrSKeYWN3ygR24KRGh/7Bpwz6LhCkPdrfJJyymA+Azwq06CoyyPTLkYRMpTdkzx8zLNCvfQfmEKYRxRcXVBDfSr/Wn/9QNmCAG/rp1Ep23xRYegQRTUyGD2JVVSjE0WcMRRnqb70IYfEPk4w5TS14RcO2/59Lvs+1mF8g9JfLhrxOjLDAvnSKjN5KZ3PgLdpqbkcVjUb0Hs18SAilmZhs5cQtNR++LqYePIe1r7R3V9IPIvPudCs7/2BrLLpuREhTdQIiA3catZ6kLZgHuh/KswFEDAcZ1NisSNvZZLAKTHupIe7XjBp+0zGHLZ7hgbA/Ojf4e6M4RLjqR41Uix+stkKuwWwdoXs/YAf2GUl6+4fb/8iPVUwPA7XHf92ALxv5neNEDlo4awXvuBQG8XdmaCqkYXBe1GE+vgmzfQhr1gjcO1VxvpsAJXT9/Ak1whQbs8kLfwxDfGp3CYQxx+eaxxm4Q2xumeQYXHFyhNZ5d5XOpmlx9EovRwM/uGoZdslykZ27ZbKRMYcqwhJ16CS/y5ptMcEbB1RkqodM55UCslR/fo+9aJejX0x8V91U2bm8eFrDFhFJsM6Z6oClxOXeAbSoE8m4KclRWTtF4+CIXq+qszdWzwqrHBWvKAtVwGo3L08Sxw24ajT9Rw1Ay2kvb4xO2SVzIRhHdzIFpF6iSiDqBJsSH7SL0kP1C07j3vl95qZBp01BW8BUnVxFyqOVMvVnXMaNQZdFrsq4MVEsxDftgciF9oE8rVv4Q==
|
smtp.yml: AgAHiNwse+aFYVoun500VoUTUKg22yDSn+cD9pLO4HKG26nqmOxkiTSi5BELpzWouqHXiHNwYLEKPv13ZFJX6AFfFskspBfe+svLvLSzEvtH8kNCSJar0G5jcACEk27xcCxTN0nhmjc6L9lmZF8UUth7l5Mrsl0EG+79pCNYhUtjy16g7HdbmYgmgrY6d7VWCen2R4HZK4A9zPx+8HEsoMzUD0mG+uKKKfmqYaxJ563Gzp7trDcQRXd4tmea9MM8t+bk9TYCDvBj9JbsNuIdzFk8MArlvlesDYqiJj/8wny49NoVyX8vvGVDF3Y5s+OmKA9+MoBIYNc4oT4FLcc14wpnMnk5WgbKtTYfExcGTdTWuTTVWPsF18dvbKTU3C6dnf2kh9T8CydIdu27jwrBbChWffxNbh5nlLlQT3Xvogai8o6qhMn+EqTnw/u93OIxNzPEooVP349VVW/mlhGX3od/IlVzXiIlQIxL5EP2pRCXL2T1KONvkpbClJ/BTuwfjRZTXz3ZaRhaTPdBAZ+bpkRkt+kEAecjqaf9EF+pHy+dOaR4tIrwBWBbrAy47iV4e/Q60B97bRHzgo9N1uaYonGmyzmyVc9TXIkhf7PIlu/cSyDaHKdobVx0AA0p2usi5D1QYMcS9fngXyM1U9imO6QiYopysxQ9gJL8rfuySRJ/YQ6JJ71fLdMxsiQ0r21D7v7LEdJK5SKLovpnmPgk4PBoL9E4ZPE6g5zRXZFj1IxpKkOqRMpyBzBvas9Q1OFFs0Y79kGtyWIXb7Z2HGYmMU1us9Pm95xVF/V34sAtMIEz7qi+SaXQHFvyqbaiJ48U8qHhHL5y+lt9e8PGmQo0tRWfHMejs5BCcFAEZKDiif6zUEsjV/WC9WKO9NUjvRiu0CYCq5z9QzKaZQqWo0LPeM6DMY8pT3w4OqpJ/OLyMfbdoWT/uQ1JW5npApGifL0lhWRIkQHCG7oZA/BkJfbiexV8jwtToS+UX/s9HkbkuQ/O4zDte8qg/Xzh5TOj5AxlAPN6wGCwd6t1RTSITSKVMnTpFabkEvPYnGeiyWU8TrckvaKmhRUNoj2ZWQCCffHKp/bimEHxRqFnW6B+cu35reTjFc2dqp12EhCBR727G0EARx3Gt/LSdPh8OYt+Bs0rLaHiUrCJh4HRBJPmg0PARVwDL7OWx6pwtclnrALmfELKKaopy6yFctDogOtkvxHbL8DNhJqNuQJo6ttzlHhz4bnQcWb2K92HIw==
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
@ -5,255 +6,80 @@ ingress:
|
|||||||
pod:
|
pod:
|
||||||
kind: 'Deployment'
|
kind: 'Deployment'
|
||||||
replicas: 1
|
replicas: 1
|
||||||
|
extraVolumes:
|
||||||
|
- name: config-ldap
|
||||||
|
secret:
|
||||||
|
secretName: authelia-ldap
|
||||||
|
- name: config-oidc
|
||||||
|
secret:
|
||||||
|
secretName: authelia-oidc
|
||||||
|
- name: config-smtp
|
||||||
|
secret:
|
||||||
|
secretName: authelia-smtp
|
||||||
|
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: config-ldap
|
||||||
|
mountPath: /extra-config/ldap.yml
|
||||||
|
readOnly: true
|
||||||
|
- name: config-oidc
|
||||||
|
mountPath: /extra-config/oidc.yml
|
||||||
|
readOnly: true
|
||||||
|
- name: config-smtp
|
||||||
|
mountPath: /extra-config/smtp.yml
|
||||||
|
readOnly: true
|
||||||
|
|
||||||
|
|
||||||
##
|
##
|
||||||
## Authelia Config Map Generator
|
## Authelia Config Map Generator
|
||||||
##
|
##
|
||||||
configMap:
|
configMap:
|
||||||
key: 'configuration.yaml'
|
|
||||||
# include sub-maps wich OVERRIDE the values generated by the helm chart
|
# Enable the configMap source for the Authelia config.
|
||||||
|
# If this is false you need to provide a volumeMount via PV/PVC or other means that mounts to /config.
|
||||||
|
disabled: false
|
||||||
|
key: 'configuration.yml'
|
||||||
|
# do not use a pre-existing configMap
|
||||||
|
# BUT, include sub-maps wich OVERRIDE the values generated by the helm chart
|
||||||
extraConfigs:
|
extraConfigs:
|
||||||
- /secrets/authelia-smtp/smtp.yml
|
- /extra-config/ldap.yml
|
||||||
|
- /extra-config/oidc.yml
|
||||||
|
- /extra-config/smtp.yml
|
||||||
# many of the values remain default from the helm chart
|
|
||||||
authentication_backend:
|
|
||||||
ldap:
|
|
||||||
enabled: true
|
|
||||||
implementation: 'custom'
|
|
||||||
address: 'ldap://lldap:3890'
|
|
||||||
base_dn: 'DC=moll,DC=re'
|
|
||||||
additional_users_dn: 'OU=people'
|
|
||||||
users_filter: "(&({username_attribute}={input})(objectClass=person))"
|
|
||||||
additional_groups_dn: 'OU=groups'
|
|
||||||
groups_filter: "(member={dn})"
|
|
||||||
|
|
||||||
## The username of the admin user.
|
|
||||||
user: 'uid=authelia,ou=people,dc=moll,dc=re'
|
|
||||||
password:
|
|
||||||
# ## Disables this secret and leaves configuring it entirely up to you.
|
|
||||||
# disabled: false
|
|
||||||
|
|
||||||
# ## The secret name. The ~ name is special as it is the secret we generate either automatically or via the
|
|
||||||
# ## secret_value option below.
|
|
||||||
# secret_name: ~
|
|
||||||
|
|
||||||
# ## The value of a generated secret when using the ~ secret_name.
|
|
||||||
# value: ''
|
|
||||||
|
|
||||||
# ## The path to the secret. If it has a '/' prefix it's assumed to be an absolute path within the pod. Otherwise
|
|
||||||
# ## it uses the format '{mountPath}/{secret_name}/{path}' where '{mountPath}' refers to the 'secret.mountPath'
|
|
||||||
# ## value, '{secret_name}' is the secret_name above, and '{path}' is this value.
|
|
||||||
path: 'authentication.ldap.password.txt'
|
|
||||||
secret_name: authelia-ldap
|
|
||||||
|
|
||||||
attributes:
|
|
||||||
display_name: displayName
|
|
||||||
username: uid
|
|
||||||
group_name: cn
|
|
||||||
mail: mail
|
|
||||||
file:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
|
|
||||||
session:
|
session:
|
||||||
inactivity: '2d'
|
|
||||||
expiration: '7d'
|
|
||||||
remember_me: '1M'
|
|
||||||
cookies:
|
cookies:
|
||||||
- name: authelia_session
|
- name: authelia_session
|
||||||
domain: auth.kluster.moll.re
|
domain: auth.kluster.moll.re
|
||||||
encryption_key:
|
|
||||||
secret_name: authelia-internal
|
|
||||||
|
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
encryption_key:
|
encryption_key:
|
||||||
secret_name: authelia-internal
|
value: 'authelia-encryption-key'
|
||||||
|
|
||||||
local:
|
local:
|
||||||
enabled: true
|
enabled: true
|
||||||
file: /config/db.sqlite3
|
file: /config/db.sqlite3
|
||||||
|
|
||||||
|
|
||||||
identity_validation:
|
##
|
||||||
reset_password:
|
## Authelia Secret Configuration.
|
||||||
secret:
|
##
|
||||||
secret_name: authelia-internal
|
secret:
|
||||||
path: 'identity_validation.reset_password.jwt.hmac.key'
|
|
||||||
|
disabled: false
|
||||||
|
|
||||||
|
existingSecret: ''
|
||||||
|
|
||||||
|
|
||||||
identity_providers:
|
certificates:
|
||||||
oidc:
|
# don't use the pre-existing secret
|
||||||
enabled: true
|
existingSecret: ''
|
||||||
hmac_secret:
|
|
||||||
secret_name: authelia-internal
|
|
||||||
path: 'identity_providers.oidc.hmac.key'
|
|
||||||
|
|
||||||
# lifespans:
|
|
||||||
# access_token: '1 hour'
|
|
||||||
# authorize_code: '1 minute'
|
|
||||||
# id_token: '1 hour'
|
|
||||||
# refresh_token: '1 hour and 30 minutes'
|
|
||||||
|
|
||||||
jwks:
|
|
||||||
- algorithm: 'RS256'
|
|
||||||
key:
|
|
||||||
path: '/secrets/authelia-internal/oidc.jwks.key'
|
|
||||||
|
|
||||||
cors:
|
|
||||||
allowed_origins_from_client_redirect_uris: true
|
|
||||||
|
|
||||||
clients:
|
|
||||||
- client_id: 'grafana'
|
|
||||||
client_name: 'Grafana'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.grafana'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
require_pkce: true
|
|
||||||
pkce_challenge_method: 'S256'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://grafana.kluster.moll.re/login/generic_oauth'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'profile'
|
|
||||||
- 'groups'
|
|
||||||
- 'email'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_post'
|
|
||||||
consent_mode: 'implicit'
|
|
||||||
- client_id: 'recipes'
|
|
||||||
client_name: 'Recipes'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.recipes'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
require_pkce: true
|
|
||||||
pkce_challenge_method: 'S256'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://recipes.kluster.moll.re/login'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'email'
|
|
||||||
- 'profile'
|
|
||||||
- 'groups'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_basic'
|
|
||||||
consent_mode: 'implicit'
|
|
||||||
- client_id: 'gitea'
|
|
||||||
client_name: 'Gitea'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.gitea'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://git.kluster.moll.re/user/oauth2/authelia/callback'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'email'
|
|
||||||
- 'profile'
|
|
||||||
- 'groups'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_basic'
|
|
||||||
consent_mode: 'implicit'
|
|
||||||
- client_id: 'argocd'
|
|
||||||
client_name: 'Argo CD'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.argocd'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://argocd.kluster.moll.re/auth/callback'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'groups'
|
|
||||||
- 'email'
|
|
||||||
- 'profile'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_post'
|
|
||||||
consent_mode: 'implicit'
|
|
||||||
- client_id: 'paperless'
|
|
||||||
client_name: 'Paperless'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.paperless'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://paperless.kluster.moll.re/accounts/oidc/authelia/login/callback/'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'profile'
|
|
||||||
- 'email'
|
|
||||||
- 'groups'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_basic'
|
|
||||||
consent_mode: 'implicit'
|
|
||||||
- client_id: 'linkding'
|
|
||||||
client_name: 'LinkDing'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.linkding'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://linkding.kluster.moll.re/oidc/callback/'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'groups'
|
|
||||||
- 'email'
|
|
||||||
- 'profile'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_post'
|
|
||||||
consent_mode: 'implicit'
|
|
||||||
- client_id: 'todos'
|
|
||||||
client_name: 'Todos'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.todos'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://todos.kluster.moll.re/auth/openid/authelia'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'groups'
|
|
||||||
- 'email'
|
|
||||||
- 'profile'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_basic'
|
|
||||||
consent_mode: 'implicit'
|
|
||||||
- client_id: 'kitchenowl'
|
|
||||||
client_name: 'KitchenOwl'
|
|
||||||
client_secret:
|
|
||||||
path: '/secrets/authelia-oidc/client.kitchenowl'
|
|
||||||
public: false
|
|
||||||
token_endpoint_auth_method: 'client_secret_post'
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://kitchen.kluster.moll.re/signin/redirect'
|
|
||||||
- kitchenowl:///signin/redirect
|
|
||||||
# mobile app as well
|
|
||||||
scopes:
|
|
||||||
- openid
|
|
||||||
- email
|
|
||||||
- profile
|
|
||||||
|
|
||||||
|
|
||||||
# notifier
|
|
||||||
# is set through a secret
|
|
||||||
|
|
||||||
|
|
||||||
|
##
|
||||||
|
## Authelia Persistence Configuration.
|
||||||
|
##
|
||||||
|
## Useful in scenarios where you need persistent storage.
|
||||||
|
## Auth Provider Use Case: file; we recommend you use the ldap provider instead.
|
||||||
|
## Storage Provider Use Case: local; we recommend you use the mysql/mariadb or postgres provider instead.
|
||||||
|
## Configuration Use Case: when you want to manually configure the configuration entirely (set configMap.enabled = false).
|
||||||
|
##
|
||||||
persistence:
|
persistence:
|
||||||
enabled: true
|
enabled: true
|
||||||
storageClass: 'nfs-client'
|
storageClass: 'nfs-client'
|
||||||
|
|
||||||
|
|
||||||
secret:
|
|
||||||
mountPath: '/secrets'
|
|
||||||
additionalSecrets:
|
|
||||||
# the oidc client secrets referenced in the oidc config
|
|
||||||
authelia-oidc: {}
|
|
||||||
authelia-internal: {}
|
|
||||||
authelia-ldap: {}
|
|
||||||
authelia-smtp: {}
|
|
||||||
|
|||||||
@ -14,7 +14,6 @@ resources:
|
|||||||
- authelia-ldap.sealedsecret.yaml
|
- authelia-ldap.sealedsecret.yaml
|
||||||
- authelia-oidc.sealedsecret.yaml
|
- authelia-oidc.sealedsecret.yaml
|
||||||
- authelia-smtp.sealedsecret.yaml
|
- authelia-smtp.sealedsecret.yaml
|
||||||
- authelia-internal.sealedsecret.yaml
|
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
|
|
||||||
|
|
||||||
@ -27,6 +26,6 @@ images:
|
|||||||
helmCharts:
|
helmCharts:
|
||||||
- name: authelia
|
- name: authelia
|
||||||
releaseName: authelia
|
releaseName: authelia
|
||||||
version: 0.10.6
|
version: 0.9.9
|
||||||
repo: https://charts.authelia.com
|
repo: https://charts.authelia.com
|
||||||
valuesFile: authelia.values.yaml
|
valuesFile: authelia.values.yaml
|
||||||
|
|||||||
0
infrastructure/authelia/lldap.ingress.yaml
Normal file
0
infrastructure/authelia/lldap.ingress.yaml
Normal file
@ -11,8 +11,8 @@ resources:
|
|||||||
images:
|
images:
|
||||||
- name: octodns
|
- name: octodns
|
||||||
newName: octodns/octodns # has all plugins
|
newName: octodns/octodns # has all plugins
|
||||||
newTag: "2025.05"
|
newTag: "2024.09"
|
||||||
|
|
||||||
- name: git
|
- name: git
|
||||||
newName: alpine/git
|
newName: alpine/git
|
||||||
newTag: "v2.47.2"
|
newTag: "v2.45.2"
|
||||||
@ -1,6 +1,3 @@
|
|||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
|
|
||||||
|
|
||||||
## @section Service
|
## @section Service
|
||||||
service:
|
service:
|
||||||
@ -59,8 +56,7 @@ ingress:
|
|||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 1
|
cpu: 1
|
||||||
memory: 5Gi
|
memory: 1Gi
|
||||||
# high memory should be allowed to handle package uploads
|
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
memory: 128Mi
|
memory: 128Mi
|
||||||
@ -100,7 +96,6 @@ gitea:
|
|||||||
email: "gitea@delete.me"
|
email: "gitea@delete.me"
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
# service monitor is configured manually
|
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
|
## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
|
||||||
@ -121,10 +116,6 @@ gitea:
|
|||||||
indexer:
|
indexer:
|
||||||
ISSUE_INDEXER_TYPE: bleve
|
ISSUE_INDEXER_TYPE: bleve
|
||||||
REPO_INDEXER_ENABLED: false
|
REPO_INDEXER_ENABLED: false
|
||||||
service:
|
|
||||||
DISABLE_REGISTRATION: true
|
|
||||||
oauth2_client:
|
|
||||||
ENABLE_AUTO_REGISTRATION: true
|
|
||||||
|
|
||||||
oauth:
|
oauth:
|
||||||
- name: authelia
|
- name: authelia
|
||||||
@ -134,9 +125,7 @@ gitea:
|
|||||||
existingSecret: gitea-oauth
|
existingSecret: gitea-oauth
|
||||||
required-claim-name: groups
|
required-claim-name: groups
|
||||||
required-claim-value: gitea
|
required-claim-value: gitea
|
||||||
group-claim-name: groups
|
|
||||||
admin-group: apps_admin
|
admin-group: apps_admin
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# since we want to reuse the postgres secret, we cannot directly use it in
|
# since we want to reuse the postgres secret, we cannot directly use it in
|
||||||
|
|||||||
@ -23,6 +23,6 @@ helmCharts:
|
|||||||
- name: gitea
|
- name: gitea
|
||||||
namespace: gitea # needs to be set explicitly for svc to be referenced correctly
|
namespace: gitea # needs to be set explicitly for svc to be referenced correctly
|
||||||
releaseName: gitea
|
releaseName: gitea
|
||||||
version: 11.0.1
|
version: 10.4.1
|
||||||
valuesFile: gitea.values.yaml
|
valuesFile: gitea.values.yaml
|
||||||
repo: https://dl.gitea.io/charts/
|
repo: https://dl.gitea.io/charts/
|
||||||
|
|||||||
@ -7,9 +7,9 @@ metadata:
|
|||||||
namespace: gitea
|
namespace: gitea
|
||||||
spec:
|
spec:
|
||||||
encryptedData:
|
encryptedData:
|
||||||
database: AgDONZUiFyHQLH3lq7vBovX5fqIDdxViQr8PFAh3hnHM8PqJpZ5MCkBL65hVuKmQ6EgrMj+0smPbfk9Rfwq42wFw+i2cgTgN69G9iMwp47+ng5GADPiQ2tIJQNFfqz9VQP0mmu9VXnckoBU0HXQmV21jkK2AKk5YHVLmIhu++1g8LjjYSBMP8iYiritOuyHbOn8OP26FmqBvnTCGg4pFzd/WIhsj7Zz9BeP+AOP/BTA+VZCOqBJJDzztHp9xYamcWslDX2snQG1Iw/rs4zyBVx+sWWPJgkiLmY1aRDnVYmwkh9RC81usrtrC9FZ6VYoxsufGj+Ie25hbbUukqKFuwk3V0dbZTRGa+4xHr7535fDYSxFm8/dkAyh8yM03VUy/2dhrtv9qWM1Yu50tcEoe/YoBdwItyNk/AELjfCvfXzwDttzsl85QVtSil+V6WRhpiQlH5EGhqSMzH9eduAddMrIEMQiSqn9J/vME5j7fJhgFs0bP7kqB9UKT6yTIU8QchRRUUYZwEFevLox01dRtJDoa8DVuO1G2LDZVUEoHrfEvFwzRGhuBH9B2yXAZLXgXbOreoiPi76xI0fw9VNXJ90KYcpwuMv8MykdNWQLsyCraf/WJIXMpm+UEVMqArJnscky0K1YHX6eQeQx0BU5hEeIAZucOwimSv2jJLqlBK/heiMgfp0pWu2lIu+tQ4AarkFsWNdbiBA==
|
database: AgB8FeAX7Dx/SO/deoqeIRNPMe7DwgKtwFznjntm9TNnEJQDLVVu+D80eolcrTTOhlZJZgtKvpM9xgw7DLtKG+ARACaPYgaMW2m4V/B87Z3xAU0DCF16sv9LVIfNA8KyQZWYthEcWLpqoB0zVFBrb2PxI8QIV22QkNG4oITMCv/Xjf7P+pTa6iWWSLdPcR2tQVfkHsdWWJvtLcrLkI7i+sWjQOW8tgV8QAcQr5JcxEjSgb3X1J3R1EEVHsPAqQcdpUB7eQ7T9SbIaIpTXw05Tant42GMgALVx2J5TAzqLPdaVaUlKVRoN26eVthYhY9qKbskXkXZp/0Sa/RxXoVHt1jMyZFicMzp5w5yC3DZd9gTtsZOrn21NS1QAVh6twB2bxtf7EHjpS5AyvhaF9qbbGkZtUh4IhFSOpd6bMGZLZqQMcH+Ih9b+jv0j3cLBLY0Bzsj4u5yLvoqhOBcxLoVnW3N3x248y3ZUWkO7hPwP+Lo5FOX/cmK9VHvn5ZhNWNNO9xv0LYSzhqnAvVyTgvAGLDTrZbnp36Q+JkqlhrhFQoQkXRQ2HHNU5CC+o59OL0RnshJg4UUed1ETmOPCJmcPZdKNvfUiW1PUB2AwDeWhRyN6wjwzreioSN6qHrxctXpEQohTwzGeG+rgG0tj9V3yHn1Er1j0pR6S9VJBkaQ0qnaInSthxSC5MkXTKXFmW8YfHQqXKmQcQ==
|
||||||
password: AgAp0473gvkk/8OFkxg59+LArAD7v8rRryOuYnScxkhJxSngXnnLXYr2iaeOMgjWryOPtWEWa0F6+hDaTtsp+vhg0X8rtdvyonV/I/I/K5rV70N/bao+kIf5LfcntZ6RjGaQtaeHjh15tY3LxmJ3PdJpDcLJXn1+iBsfTnEEsBFDKolD2RcXwH+74feX+Q8bG7KkAo4r0OfEaO/KC2FCC8vg/AHgzNUFL08mnK7DPgNjgNc3MYk/+Ey91LfvMD9NfuO1xrlsV6gy12gVwZV14kfAqHL4DvifmaHY14hScJC3tK6HqmSitKmNRcJZ3Ad2y7rS63X6DeaXmKFpDDYk69ubfVWBT5CWaBHfYHCWJqJITtoJq4PdLp7xRchRrZblqLUKnTrs8Dmry4qapa/uAma4k84ZSnFl6XeM8n8ZYpx3Tx91fwsYLCWiGX7AblFsEmzsT7jf0wTri7HYyNcF1s5YhL59ZO7iGzruAJRDA4BMrXWFrNjsDQrCR4FTYDIr4cR05mi9nPd2C5dAzZtARpBQZgr/lruE3GKgalYF0oxIJGYKcDbCO5pntAPpL/7rbhdjVtvpUg2d+wJYkVIn6zTaOmr0TCnMOzFPzwwbxrr7U8opfYcjep2XeVOfHKfitrgKwFCwO/CsbP+ao0b6PT7K9KGqrI5lVrEAO+pOU6s3Omgm3AJGzGEIzIXCnkeD2dYsRrfyHM0zQ23+iUyUk8x3XIItFe7cq34X935y+bbViqAQ
|
password: AgB+i/mSHnQJnBpRu1cGwKzqrqoSzKfbGkxWTv57ozmiVkEendzudwKu+3MJQh9fHrBwUa0Cu2OqIzGqMQIwDKC5+LDiYAnDOfacu/VBX6mWVABIeg8fqU/PRqym/sGxJtcmwPdo8H8zJm+/vyPpLv4dkYYjHFkAhF3QShq1qMhfeaB/vd6ZNjQEfvCWX14V2F/RTq8skuwQkVQJoz9OsaF+KiTmKC7R1aeZaTUUCFIWGGIq9V2k3O7VAITGJanAT5IYo+epQf2HLsC2xyIUs9prk1rF0yUishgc2bsb4joPULl/G2VUgafH9SKQ37TFqZi2z20gVutrkLyuCMk25tW7m+z4+YCC/dJ9aW/31sFUwSnVhdYh6gwsnNP5GzSguAoOq+6izVD8hV2QzfdIYPrIZyADI7HY9o4LK8YuRS5KgJdaCU3kWYY+tVTSvkGFCWu5q/pBihBG2bN83asTHZcnkocMEvCaTsbPq2CN8/WCRZJs84M6CEzCioNmuGAmUU+fEF/MVEZtTI+6yCrJkOEHdVywtdLufNPGFut97XF+YvJZ1UZ6AW546JGmlmEMFukNHi1XDBm/mWL8e1H6xwLe6I9rwL6YTDrji3IixdERS+a6tq2vcksU5EjW9x9WYt6ctZD/cfhEFAvpssJLCs2vmjNgMhmilPoTppvXyUYnE4bCZuVFRrO/a+ogjXUU2nkqnyKQsA==
|
||||||
username: AgBInyjzij13Ea3HB2CPXENjd6g5dJ3j3p3hgbO7oT5ld/GFgcwgjkduq5D8edouDzKEcoPMrAAS0XX46d9l618ZMxxKGdNq+Yw8intpziaI5AB9xDPesP5+mjXw08Clf5GfTMQW9SqYbNVm+GGwIKo05P3Z+cLtv8l8jqqJbMmEMQ9Ir/gRgPVbpPKFC4zX4BTuIKpaRrPiyraD2hmGXrvDaFBIt8lSmLyEh3UclW5cTBJQIRnstBv8mbIRDf4zS/bJtQPknncVASBVVHynEauMTqd4+sPdG/8y7KYsrH3rfrXWLEecmiu9E7mgxw7M6qur8qoi88KX3Ydjngy56mj3nQQ8k1knc8I50cg6yT42Z6vaKeAoqtDzkxEvOlIzXZVwikPAuIf7B7VPZSE6qz7Xgo4QQ5FGONE5JnFGLosqSqEMnBtOXEZgHCrOerJo2f3Mw1fkaJ2OLnd93w97IODIM3LU8bVsRFbjiRYPbZiM2H5f6Rnsw3M7/qlkdmXyda4xnOeSp3i39UfSrtIAJO8HPo9lk+ANOBO7Q8SBAkFXH8V2Hva4NSKtPwmBZjtOGeUDB7Nfv2KT4jvQRBdlpfLtDMDzBmq2sL7ua2Uq5u6FDy0tAmWeU4m3GGSNlheVQZSfAW3+icvs/WlqotAloTy12Dq/H6DgcRI0W2V0bRxoIQ3z6N+cAHbL892g8wdPUFu9mSBZhA==
|
username: AgCS0tZPssPP8LFwMdTWrXd64oYKb/vmEH8ir+fnc7MgnPkW9kop+hF2X7/KIWTVNe1MAkreW40DxZ6/T4UO7gGTGv52BItcQp87Rr+RMZ5Y720bhivBC33zmDXlWR7TQDMqo733cdcWRnMDvCSvzKV1Mn18iF0VqhOlDZITcyConmKIWcuzzElt90iYtC9o3UIYw6crBD6l9ikrFwU1wH9mL+FdvM8fWG83qkbJGoaqjxj5FEgMXwXFUWVzUqC8dEe8wiHcyq7eeFpyXrF7/WtAiZOwPBy6EG4zFQoRSihR+qme+pZdXP+fHVzGrcBsMxjW4l16R1MmyS9PLpA3r+LdX81K7XHPEctNihrV4U1Dmb2fkANcP2SV95Moftb160WRkfR1cElHxOJs0kaKbZ0P4k74U2UFaZSVIEw85fYm1TE0C5qnpFKktOhOhSKcia+XGG58TQLuosQCYH+P1OZ1LbFfj9O/NBmqWnH2dBIRCC5Ba6b+nNpOQaSztMeEOCSCdYmglS9MmP34zzFjusZ8hAj7ebe25gCo1UCSxYR/xEjrGQsyXY9VB9IPjVO8F7Ms9ex3KITYoib5HcMFCvDUOKl3SOmsJmzf/ahufHXRr/NdPFAoqLU6sehcNAx8LKp/795h3N3PBqol/y9Kv4xbAquz8/qY0giHJfaWcKP/LuVZ81s6MvQlnqn/UWXWzQgNo/RbZw==
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
creationTimestamp: null
|
creationTimestamp: null
|
||||||
|
|||||||
@ -4,7 +4,7 @@ metadata:
|
|||||||
name: gitea-postgres
|
name: gitea-postgres
|
||||||
spec:
|
spec:
|
||||||
instances: 1
|
instances: 1
|
||||||
imageName: ghcr.io/cloudnative-pg/postgresql:16
|
imageName: ghcr.io/cloudnative-pg/postgresql:11
|
||||||
bootstrap:
|
bootstrap:
|
||||||
initdb:
|
initdb:
|
||||||
owner: gitea
|
owner: gitea
|
||||||
|
|||||||
@ -10,6 +10,6 @@ namespace: metallb-system
|
|||||||
helmCharts:
|
helmCharts:
|
||||||
- name: metallb
|
- name: metallb
|
||||||
repo: https://metallb.github.io/metallb
|
repo: https://metallb.github.io/metallb
|
||||||
version: 0.14.9
|
version: 0.14.8
|
||||||
releaseName: metallb
|
releaseName: metallb
|
||||||
valuesFile: values.yaml
|
valuesFile: values.yaml
|
||||||
|
|||||||
@ -1,33 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: monitoring
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
# prometheus-operator crds
|
|
||||||
- https://github.com/prometheus-operator/prometheus-operator?ref=v0.82.0
|
|
||||||
# single prometheus instance with a thanos sidecar
|
|
||||||
- prometheus.yaml
|
|
||||||
- thanos-store.statefulset.yaml
|
|
||||||
- thanos-query.deployment.yaml
|
|
||||||
- thanos-objstore-config.sealedsecret.yaml
|
|
||||||
|
|
||||||
|
|
||||||
images:
|
|
||||||
- name: thanos
|
|
||||||
newName: quay.io/thanos/thanos
|
|
||||||
newTag: v0.38.0
|
|
||||||
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: loki
|
|
||||||
releaseName: loki
|
|
||||||
repo: https://grafana.github.io/helm-charts
|
|
||||||
version: 6.29.0
|
|
||||||
valuesFile: loki.values.yaml
|
|
||||||
- name: prometheus-node-exporter
|
|
||||||
releaseName: prometheus-node-exporter
|
|
||||||
repo: https://prometheus-community.github.io/helm-charts
|
|
||||||
version: 4.45.3
|
|
||||||
valuesFile: prometheus-node-exporter.values.yaml
|
|
||||||
@ -1,86 +0,0 @@
|
|||||||
loki:
|
|
||||||
commonConfig:
|
|
||||||
replication_factor: 1
|
|
||||||
schemaConfig:
|
|
||||||
configs:
|
|
||||||
- from: "2024-04-01"
|
|
||||||
store: tsdb
|
|
||||||
object_store: filesystem
|
|
||||||
schema: v13
|
|
||||||
index:
|
|
||||||
prefix: loki_index_
|
|
||||||
period: 24h
|
|
||||||
auth_enabled: false
|
|
||||||
pattern_ingester:
|
|
||||||
enabled: true
|
|
||||||
limits_config:
|
|
||||||
allow_structured_metadata: true
|
|
||||||
volume_enabled: true
|
|
||||||
retention_period: 672h # 28 days retention
|
|
||||||
ruler:
|
|
||||||
enable_api: true
|
|
||||||
storage:
|
|
||||||
bucketNames:
|
|
||||||
# don't care since we use the filesystem
|
|
||||||
chunks: NOTUSED
|
|
||||||
ruler: NOTUSED
|
|
||||||
admin: NOTUSED
|
|
||||||
|
|
||||||
type: filesystem
|
|
||||||
filesystem:
|
|
||||||
chunks_directory: /var/loki/chunks
|
|
||||||
rules_directory: /var/loki/rules
|
|
||||||
admin_api_directory: /var/loki/admin
|
|
||||||
|
|
||||||
minio:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
deploymentMode: SingleBinary
|
|
||||||
|
|
||||||
singleBinary:
|
|
||||||
replicas: 1
|
|
||||||
persistence:
|
|
||||||
# -- Enable StatefulSetAutoDeletePVC feature
|
|
||||||
enableStatefulSetAutoDeletePVC: true
|
|
||||||
# -- Enable persistent disk
|
|
||||||
enabled: true
|
|
||||||
# -- Size of persistent disk
|
|
||||||
size: 10Gi
|
|
||||||
# -- Storage class to be used.
|
|
||||||
# If defined, storageClassName: <storageClass>.
|
|
||||||
# If set to "-", storageClassName: "", which disables dynamic provisioning.
|
|
||||||
# If empty or set to null, no storageClassName spec is
|
|
||||||
# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
|
|
||||||
storageClass: nfs-client
|
|
||||||
|
|
||||||
|
|
||||||
# -- Section for configuring optional Helm test
|
|
||||||
helm:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
|
|
||||||
# Zero out replica counts of other deployment modes
|
|
||||||
backend:
|
|
||||||
replicas: 0
|
|
||||||
read:
|
|
||||||
replicas: 0
|
|
||||||
write:
|
|
||||||
replicas: 0
|
|
||||||
ingester:
|
|
||||||
replicas: 0
|
|
||||||
querier:
|
|
||||||
replicas: 0
|
|
||||||
queryFrontend:
|
|
||||||
replicas: 0
|
|
||||||
queryScheduler:
|
|
||||||
replicas: 0
|
|
||||||
distributor:
|
|
||||||
replicas: 0
|
|
||||||
compactor:
|
|
||||||
replicas: 0
|
|
||||||
indexGateway:
|
|
||||||
replicas: 0
|
|
||||||
bloomCompactor:
|
|
||||||
replicas: 0
|
|
||||||
bloomGateway:
|
|
||||||
replicas: 0
|
|
||||||
@ -1,6 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: placeholder
|
|
||||||
labels:
|
|
||||||
pod-security.kubernetes.io/enforce: privileged
|
|
||||||
@ -1,18 +0,0 @@
|
|||||||
prometheus:
|
|
||||||
monitor:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
jobLabel: "node-exporter"
|
|
||||||
selectorOverride:
|
|
||||||
app.kubernetes.io/name: prometheus-node-exporter
|
|
||||||
app.kubernetes.io/part-of: prometheus-node-exporter
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: 200m
|
|
||||||
memory: 50Mi
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 30Mi
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: thanos-objstore-config
|
|
||||||
namespace: monitoring
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
thanos.yaml: AgAqlul2V1idfgbWvq/0ljSFlxOOsQmwlGd+jRvDDyi1nlR8woHrp7lW6AxJ/8mBtb5htCuJzLgx+HVrN/EN+fRn5xG3D5+8xs4jWBOQ49MgLSAjJavFPcVY5xiBpGaw/N8aotlbfv6Wa2/+cmiAzVDPwnOj5zCS/EU58Tu2YFeVSbMUlu0NFAeyBW0DVT2enuVLToP4Ge4T0U9F99NHOh2zlVG82iI+4RxCu/WBkOU/urVleGwCYkcr/ItmXiwRXbwnWUtEUf28Q4ArpuZXFkKZUMoIwOjkXgOn/ySBLVvf0yy1+WOcYAIX9ouxu6i4T1GAZO9RnKeMJOIyebI3EOMA2dxQFpQg2/XhhHz2Ds2oDX/yr7vXbZJGyiCvTnnFUvFALKWIjRXXWphdqHDk6iP8tFIKVFsn7UxgMVFRcs6DmcMpBgFOcjpHr4HFZap5G9hI3cscmkNfwU+JOXkDEGRpZkkECza4wlQln8Wptq1qa+I+DSclqLOcvoEvNCJCIIgh5tINJ0KiZcrBvymUZZ9VduH4TFHR/UQK7M7It892TDNUlIp2UDWiuQ2DJysOJXmvSiNo8PGWSyDJwKJPhaWqXz9RUsb4D8gq/a+0qC7DOICrJEUj7WL8dwaKoQa32Cf+wopwrjFWSE7pAfiBJo+Dqa9jHIDv2hVsdU8NXqiFK35XHyUT4i0KWc+UZg4ObotGxYMvRtJuc3S7ZGTJ4YKDP5iThuNSuNd1pd1YjirpvVtL2o5BYh2i55F3DfVREofYpBCjK1e43mHOwEUYZ7Ff6p1+S0PXZnkL53xHMiiW3yr0v1g2ZYk7vzkENb9epzm24fNX/4ZiJdb0glEJmB674bgDSeh9PA5q8nJIKk6vsbrzfaAYWIn5Ai9MPbAVfg9pPkMyy9ydd+SqecujkWm++4dHqB1WJUg=
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: thanos-objstore-config
|
|
||||||
namespace: monitoring
|
|
||||||
type: Opaque
|
|
||||||
@ -1,23 +1,3 @@
|
|||||||
# Rebuilding the kluster
|
# Rebuilding the kluster
|
||||||
|
|
||||||
When rebuilding the kluster from scratch, the CNPG containers will be considered as new and will be set up according to their `initdb` config.
|
When rebuilding the kluster from scratch, the CNPG containers
|
||||||
|
|
||||||
Since most of the clusters here are formally defined as a fresh clusters, the following will happen:
|
|
||||||
- in the relevant PVC the `pgdata` folder will be renamed to `pgdata-old`
|
|
||||||
- a fresh `pgdata` folder will be created
|
|
||||||
- a database with RBAC as defined in the `initdb` config will be created
|
|
||||||
|
|
||||||
This is problematic since the PVC content is the actual state of the database in the present setup. In order to get back to a functional state, some manual intervention is therefore required.
|
|
||||||
|
|
||||||
1. Bootstrap the kubernetes cluster
|
|
||||||
2. Wait for the CNPG containers to be up and running - they will be setup fresh at this point
|
|
||||||
3. follow the procedure from [https://cloudnative-pg.io/documentation/1.20/declarative_hibernation/](https://cloudnative-pg.io/documentation/1.20/declarative_hibernation/):
|
|
||||||
- hibernate the postgresql cluster
|
|
||||||
- wait for the pod to be shut down
|
|
||||||
- copy the `pgdata-old` content to the `pgdata` folder
|
|
||||||
- de-hibernate the postgresql cluster
|
|
||||||
4. The database should now be in a functional state
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Also see https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#preserving-changes-made-to-an-applications-annotations-and-labels
|
|
||||||
@ -9,6 +9,6 @@ namespace: pg-ha
|
|||||||
helmCharts:
|
helmCharts:
|
||||||
- name: cloudnative-pg
|
- name: cloudnative-pg
|
||||||
releaseName: pg-controller
|
releaseName: pg-controller
|
||||||
version: 0.23.2
|
version: 0.22.0
|
||||||
valuesFile: values.yaml
|
valuesFile: values.yaml
|
||||||
repo: https://cloudnative-pg.io/charts/
|
repo: https://cloudnative-pg.io/charts/
|
||||||
|
|||||||
20
infrastructure/prometheus/kustomization.yaml
Normal file
20
infrastructure/prometheus/kustomization.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: prometheus
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
# prometheus-operator crds
|
||||||
|
- https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.70.0/bundle.yaml
|
||||||
|
- prometheus.yaml
|
||||||
|
- thanos-objstore-config.sealedsecret.yaml
|
||||||
|
# thanos deployment from kube-thanos project
|
||||||
|
- thanos-store.statefulset.yaml
|
||||||
|
- thanos-query.deployment.yaml
|
||||||
|
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: thanos
|
||||||
|
newName: quay.io/thanos/thanos
|
||||||
|
newTag: v0.36.1
|
||||||
@ -39,7 +39,7 @@ roleRef:
|
|||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: prometheus
|
name: prometheus
|
||||||
namespace: monitoring # needs to be the same as in the kustomization.yaml
|
namespace: prometheus # needs to be the same as in the kustomization.yaml
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: Prometheus
|
kind: Prometheus
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user