Compare commits
1 Commits
renovate/p
...
85a872362a
| Author | SHA1 | Date | |
|---|---|---|---|
| 85a872362a |
5
.gitignore
vendored
5
.gitignore
vendored
@@ -3,7 +3,4 @@
|
||||
main.key
|
||||
|
||||
# Helm Chart files
|
||||
charts/
|
||||
|
||||
# Nix and local environment files
|
||||
.direnv/
|
||||
charts/
|
||||
52
README.md
52
README.md
@@ -1,7 +1,7 @@
|
||||
# Kluster setup and IaaC using argoCD
|
||||
|
||||
|
||||
### Description
|
||||
### Initial setup
|
||||
#### Requirements:
|
||||
- A running k3s instance
|
||||
- `sealedsecrets` deployed
|
||||
@@ -27,61 +27,21 @@ The app-of-apps will bootstrap a fully featured cluster with the following compo
|
||||
- immich
|
||||
- ...
|
||||
|
||||
## Setup instructions
|
||||
1. install sealedsecrets see [README](./infrastructure/sealedsecrets/README.md)
|
||||
#### Recap
|
||||
- install sealedsecrets see [README](./infrastructure/sealedsecrets/README.md)
|
||||
```bash
|
||||
kubectl apply -k infrastructure/sealedsecrets
|
||||
kubectl apply -f infrastructure/sealedsecrets/main.key
|
||||
kubectl delete pod -n kube-system -l name=sealed-secrets-controller
|
||||
```
|
||||
1. install argocd and the app-of-apps bundled with it
|
||||
- install argocd
|
||||
```bash
|
||||
kubectl apply -k infrastructure/argocd
|
||||
```
|
||||
|
||||
|
||||
> NOTE: The argocd kustomization already mentions some CRDs available only after the full bootstrapping (traefik). Some might fail to apply right away. Since the argo application is managed through argo as well, they will become available as all kluster applications are rolled out.
|
||||
- wait...
|
||||
|
||||
|
||||
### Adding an application
|
||||
1. todo
|
||||
1. Don't forget to add the status badge.
|
||||
todo
|
||||
|
||||
|
||||
|
||||
### Status
|
||||
[](https://argocd.kluster.moll.re/applications/authelia-application)
|
||||
[](https://argocd.kluster.moll.re/applications/backup-application)
|
||||
[](https://argocd.kluster.moll.re/applications/external-application)
|
||||
[](https://argocd.kluster.moll.re/applications/external-dns-application)
|
||||
[](https://argocd.kluster.moll.re/applications/gitea-application)
|
||||
[](https://argocd.kluster.moll.re/applications/metallb-application)
|
||||
[](https://argocd.kluster.moll.re/applications/monitoring-application)
|
||||
[](https://argocd.kluster.moll.re/applications/nfs-provisioner-application)
|
||||
[](https://argocd.kluster.moll.re/applications/pg-ha-application)
|
||||
[](https://argocd.kluster.moll.re/applications/renovate-application)
|
||||
[](https://argocd.kluster.moll.re/applications/sealedsecrets-application)
|
||||
[](https://argocd.kluster.moll.re/applications/traefik-application)
|
||||
|
||||
|
||||
---
|
||||
[](https://argocd.kluster.moll.re/applications/adguard-application)
|
||||
[](https://argocd.kluster.moll.re/applications/audiobookshelf-application)
|
||||
[](https://argocd.kluster.moll.re/applications/code-server-application)
|
||||
[](https://argocd.kluster.moll.re/applications/files-application)
|
||||
[](https://argocd.kluster.moll.re/applications/finance-application)
|
||||
[](https://argocd.kluster.moll.re/applications/grafana-application)
|
||||
[](https://argocd.kluster.moll.re/applications/homeassistant-application)
|
||||
[](https://argocd.kluster.moll.re/applications/immich-application)
|
||||
[](https://argocd.kluster.moll.re/applications/kitchenowl-application)
|
||||
[](https://argocd.kluster.moll.re/applications/linkding-application)
|
||||
[](https://argocd.kluster.moll.re/applications/media-application)
|
||||
[](https://argocd.kluster.moll.re/applications/minecraft-application)
|
||||
[](https://argocd.kluster.moll.re/applications/ntfy-application)
|
||||
[](https://argocd.kluster.moll.re/applications/paperless-application)
|
||||
[](https://argocd.kluster.moll.re/applications/recipes-application)
|
||||
[](https://argocd.kluster.moll.re/applications/rss-application)
|
||||
---
|
||||
[](https://argocd.kluster.moll.re/applications/journal-application)
|
||||
[](https://argocd.kluster.moll.re/applications/physics-application)
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ resources:
|
||||
images:
|
||||
- name: adguard/adguardhome
|
||||
newName: adguard/adguardhome
|
||||
newTag: v0.107.67
|
||||
newTag: v0.107.62
|
||||
|
||||
namespace: adguard
|
||||
|
||||
|
||||
@@ -12,4 +12,4 @@ namespace: audiobookshelf
|
||||
images:
|
||||
- name: audiobookshelf
|
||||
newName: ghcr.io/advplyr/audiobookshelf
|
||||
newTag: "2.29.0"
|
||||
newTag: "2.23.0"
|
||||
|
||||
@@ -12,4 +12,4 @@ namespace: code-server
|
||||
images:
|
||||
- name: code-server
|
||||
newName: ghcr.io/coder/code-server
|
||||
newTag: 4.104.3-fedora
|
||||
newTag: 4.100.2-fedora
|
||||
|
||||
@@ -13,4 +13,4 @@ namespace: files
|
||||
images:
|
||||
- name: ocis
|
||||
newName: owncloud/ocis
|
||||
newTag: "7.3.0"
|
||||
newTag: "7.1.3"
|
||||
|
||||
@@ -21,9 +21,6 @@ spec:
|
||||
env:
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: actualbudget-oidc
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
|
||||
@@ -9,9 +9,8 @@ resources:
|
||||
- actualbudget.deployment.yaml
|
||||
- actualbudget.service.yaml
|
||||
- actualbudget.ingress.yaml
|
||||
- oidc.sealedsecret.yaml
|
||||
|
||||
images:
|
||||
- name: actualbudget
|
||||
newName: actualbudget/actual-server
|
||||
newTag: 25.10.0
|
||||
newTag: 25.5.0
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: actualbudget-oidc
|
||||
namespace: finance
|
||||
spec:
|
||||
encryptedData:
|
||||
ACTUAL_OPENID_AUTH_METHOD: AgAhPqooAS/7R9S/X3KGfSfs3ClN38J9CEfkUTYAUvKGEehQ2Tz3thPNvhvnbz/gKRc7C172jgxoxaGMiVXi40Qa+I7Y8JVHefjoSd8NuubzQZU8ZK5KlYRgc5OnoPM3RLarHyZ2DFw5Q/ngv3sp1c5dSI4/604KSQPxVAFCnb/lnSkOsBggDRymWvYclx1NrLIClpLAFwHgCOm6g1kHCvtGIdBLxKOHsiRJm62+UyHt0GLkR0QFTDXBQxoBm9QR9kLjQqw/QqcOIVx1by0RHoHBI6HDEEIQVH3UgWqlMmIwm+a4KQeBEdEfWLn9YC8MGSdlQRlaZoi5ltFT2c/DWuMuRStnaOWbsMQVR+y6yJ2UNBe29uVQh6877iqfmAJvT6gXic73zI7Vkq6IFQ7veQPBaTi22HP/sxiElGI8rY0LtRHD4TctKSePaOPvsgrv8k8SpB5qYAft7UonbTPWzzRSSc4Y3Z4fQiD0x/uhtTqTTtukx39nzM2TjVGcJThWaxUGa07w1fjTafieFVwwreURBUpRK92X2NY3ovOdA9c1WrHfqIzVtpcnfQyCeA5D4XT2sBFk0+crwEm1GmtscjPkGnyctNMUSmkHd+QKw8EAmWxKge4+7rfOrZp5ZK7cBFJcB4gVQcxnm3bXr0qZyiA1udaxmSxVflQR2AjduvhKuE73AGPi0bJki5TvKJp6bavTotYfdMY=
|
||||
ACTUAL_OPENID_CLIENT_ID: AgA6X0uYaU1n4XSXVntmT4+NgahYkkMVx61OZP8ExnSMkRPlwQfErhNHrwKsTsnD8OzP3svhxBe5bwaI8O1OKF0k5pQWG0DbRfmBrwiep9nBsKPt+fQm0AJUsZ2sQNShusmsSEumBKbMD0CMPklVMq18tLpOIh/YaXM34lsOutW0SIx7HWWQsyLmoolEoRVdkKvDhoh3FXjKqzGYlr1uKuqYG7pJPsxEpsTs2pZTUIlB2gVcEqb/ZXxgkj01GDYzB519swIOfYdISj7oCR8VG90M9iDrgmxsPkWozMDxFjNo5JR2dB9wvP7ptFex8JonbZZXYZD7tE+36U8iys6Cjh6JGwr9luN1AxYYSkRrNWJd2CuID+8ujWptoTvRSO0RwiVVp5LhXe1l2GxLsS2UVtO+nbWH6DGMJei4DQ+LAxDXFR8FAvi7615cneN0umQfF4ZMUJirvxHA3tFN42tbnRmSCbLAZLNLhQq8VbRmkYOAN6LCzSKYlyhSyA3NM2HjRTFkXGUhOPL+3tPZJB4v0QlEhlhy1Ffxh2mbUXgmQ+ZHGUsBXEHfc/Gba6gJhsj6S2DkiAeZUW6euY5/v4vpveWsS+YS+BxH441//8mOJnrpsWrcQbM5yCk4WMnmpETy/VFEkc3dqYfVWHDfvwAeqjVfXAovXBmwOoCASG6qDf0P7FdeLFTHUNuahyNhBzhBAQ/yNpOkbzKTJFBWwnM=
|
||||
ACTUAL_OPENID_CLIENT_SECRET: AgAbJinP4E8rbGAw7BTfh/GB3XxQOfHiLFrgaikQbUIsmZu+Y6ktK7aJdcX2/g6yhHXX6z8p4xoYTaGgkpo8H0XWvUDT4ohqJVdJSWZgNx8MyzisVKi+51BEpslL4JvGo/ISjXT0hNeYGzFXlHnnr3LX+fuTVh3dKtk4t8nmR8SqaCCIyvKiBPmX/1QWo4Vrfw7OLpVlfGP0i3J7FrhjNgKMRWcQKQC4Ohk+NLHHghdtqzuFB8eKwcuBZmynKCVyblOhwZSL5WnyJPskWLMjNEizWuCubDdyHVY3ZqYLDe5dgoi7Gop5/xY7FEuEkmTL0g7LpKo4RkEKRLjsZwWtW+xN6HRRt7zGoUdIpo20ZnTtEH8C/qcxjHKUycFvzKLnk6ntq5rEdK2/MhBtMfd3a8pb4vpT9JNra1AWsB7zCUv4yc/FT0RpkL+1r1CVva4o+tzM8ojnm4o0ch6qsGb0IOYZvJx6sF7c6aj7c41YQK3ZrQF3bhhhEHYyWOBjy1V4T/GJPZ9CbhGG0PIsSvpW7d5pG5jNAwU/Xo6FL/vVUPwmSq/hCqYMSSSKNiMH/q/vzKyu5B5aQbNDAumzsLRqD/auJz8nAaUoLNBVHq+7zTs3wV7pEayY22teq/MN5PRtYOQLE5Ck60gv9Q70cfhgvTeK+eX4h9BbhfijCV/EiSYhLP7meeIpE80icdLUSkNROfW+0sf3RNbW5q3JX8PsW0h29VJgREJdlziLj2cCshe+ww==
|
||||
ACTUAL_OPENID_DISCOVERY_URL: AgAQVZX6r8SPkwwBR1dmUF/ahuZKkGSsU/GULe5PF7Nm75UadtjPb5aHAZjWE59MdV61DQZDa4KJz1/fW4xDUrJBuUElIRQH4oyMTQG12MSMauQpLd25SVU8ex2NYyerbd85j521FSxujP0l3941KGsENLt5wCx/idXu47txhAHgS81mj3CLfWzT5yyG+V1i48a24xK905v+ft5ZKuNLOxvVb6yZSBt1j/3egx49eB49CRk/dxYQtPpSw8Zb6KgaN+skjq5HTH/Neb4J92nlJ1aFPVKbFLbtxyIHDSoO35U8ODHEJVGKBbZjjfrrjCpmQYnZPEWN9s+xj2NAXZ7qANcJfbFEF/3bOiKZhc0jLM5MyhiMZoytn4FvGM8zxINC3z8zqaWJm1wiMXEUH3/FLUa2UWeHKQB14h0f5XGwytb3s/nPCoBnHhtOK1y4utJ2APsQhRsxySZjgYNRaRCarp8PntY7yB7VHYlv5Mitx+qBWcAUmcKp1I4NTnm1LORRGzIFcrJJKtQfqcW7GNuZDA3AiLGyOMVigcA93GnPbppor5BItE9FK/BKqrR4Bz31jXSO8S7pjhi3JxBIKEMmMZRVbyelJ9o7gTpqrBvO7KZ5v/L+mlE0J8D2LZoEWPqxfa/BE+QZfwIS3wDWQl1GTruaAM4u0bp4i9GkyK3hPVXnml3dNMElSG3GvNqHhhy1Boo1cHXHbQ5YzbkGgzL9fLkigVQCi0FKItyBxdGsui9U0OU5LNi0EGKBibs22mdDkp6f051GWeMidtSwz9j5
|
||||
ACTUAL_OPENID_SERVER_HOSTNAME: AgB+C31GqtPKbMifuTFYhwOgUwXph+RQYdnVQaVIaDiveE6Lydl/2HnTyFQIi2mhrbiCpDgegXuvGBoM7WHxlPepny5E66lY/cAdFaFDGMARqMXCRLVmvkt3U1IyNn9zPCPil0x+eAv2S/ETLm8Nj2OL9utxkdNBHub9xiGrE0d7qBeBfK1FNmainthYQUpnCsR7jowmmvYGuEyDwfG+suUooDdb5zaWmCJZRYk1jKD3zlu21N0sfciBJ/GpTdz/2V+NXqJJqs3r2zoB2GJPQ64pMuZHZ+yw8bYUkg7/QOHD2ofWmtzNOGGtiNRHAG8MtvF6ovc4Hgv5uu+4x413UP6pSIJsrHrXSHYP+mvu+ya3gNUn6YK2qymezrqbvUF/n7LoaDzTRqa0PmemtdskuABiwfqrdiOarxaWjomkXqnrBK6VkJ8PhOMDMv/j/c6zlXdhpnqlUyxMcjBjqicfNBWN8UByDIEw4D0rhibzOS4fIKjNHrmXHv39GNJsY90avhZqq42oTMJL0vcaj3v4pBZJdJ05TOvY7PQ/iUwnnczGqOtpAQtBKfCV2+PXp9o/64wOGc0Br322kSpzjIleWP9VWVgbqvwMjUGtlL+xTkCaOFpiYETxUim09c745WDc+YgU55rd5i/5t20wiKy7RSYnHvYOwvdjAlEgAnD0YZBXOQkL51nL9P+nOMAYBE0HiM1vYsd8R6h6Fk+G2gcs/2CLgwglqOtMwAm9A9+5qSqyMak6Z68=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: actualbudget-oidc
|
||||
namespace: finance
|
||||
@@ -85,14 +85,13 @@ grafana.ini:
|
||||
auth.generic_oauth:
|
||||
name: Authelia
|
||||
enabled: true
|
||||
icon: signin
|
||||
allow_sign_up: true
|
||||
client_id: grafana
|
||||
client_secret: ${AUTH_GRAFANA_CLIENT_SECRET}
|
||||
scopes: openid profile email groups
|
||||
empty_scopes: false
|
||||
auth_url: https://auth.kluster.moll.re/api/oidc/authorization
|
||||
token_url: https://auth.kluster.moll.re/api/oidc/token
|
||||
api_url: https://auth.kluster.moll.re/api/oidc/userinfo
|
||||
api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
|
||||
tls_skip_verify_insecure: true
|
||||
auto_login: true
|
||||
use_pkce: true
|
||||
|
||||
@@ -17,5 +17,5 @@ helmCharts:
|
||||
- releaseName: grafana
|
||||
name: grafana
|
||||
repo: https://grafana.github.io/helm-charts
|
||||
version: 10.1.2
|
||||
version: 9.2.1
|
||||
valuesFile: grafana.values.yaml
|
||||
|
||||
@@ -15,4 +15,4 @@ resources:
|
||||
images:
|
||||
- name: homeassistant
|
||||
newName: homeassistant/home-assistant
|
||||
newTag: "2025.10"
|
||||
newTag: "2025.5"
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: immich-postgresql
|
||||
spec:
|
||||
instances: 1
|
||||
imageName: ghcr.io/tensorchord/cloudnative-vectorchord:16-0.3.0
|
||||
|
||||
bootstrap:
|
||||
initdb:
|
||||
owner: immich
|
||||
database: immich
|
||||
secret:
|
||||
name: postgres-password
|
||||
dataChecksums: true
|
||||
postInitApplicationSQL:
|
||||
- ALTER USER immich WITH SUPERUSER;
|
||||
- CREATE EXTENSION IF NOT EXISTS vchord CASCADE;
|
||||
- CREATE EXTENSION IF NOT EXISTS "cube";
|
||||
- CREATE EXTENSION IF NOT EXISTS "earthdistance";
|
||||
|
||||
postgresql:
|
||||
shared_preload_libraries:
|
||||
- "vchord.so"
|
||||
|
||||
storage:
|
||||
size: 5Gi
|
||||
storageClass: nfs-client
|
||||
|
||||
monitoring:
|
||||
enablePodMonitor: true
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
memory: 1024Mi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 512Mi
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- ingress.yaml
|
||||
- pvc.yaml
|
||||
- immich.postgres.yaml
|
||||
- postgres.yaml
|
||||
- postgres.sealedsecret.yaml
|
||||
- servicemonitor.yaml
|
||||
|
||||
@@ -22,9 +22,9 @@ helmCharts:
|
||||
|
||||
images:
|
||||
- name: ghcr.io/immich-app/immich-machine-learning
|
||||
newTag: v1.144.1
|
||||
newTag: v1.132.3
|
||||
- name: ghcr.io/immich-app/immich-server
|
||||
newTag: v1.144.1
|
||||
newTag: v1.132.3
|
||||
|
||||
|
||||
patches:
|
||||
|
||||
@@ -6,8 +6,8 @@
|
||||
|
||||
env:
|
||||
REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
|
||||
DB_HOSTNAME: "immich-postgresql-rw"
|
||||
DB_USERNAME:
|
||||
DB_HOSTNAME: "immich-postgres-rw"
|
||||
DB_USERNAME:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-password
|
||||
@@ -56,7 +56,7 @@ machine-learning:
|
||||
persistence:
|
||||
cache:
|
||||
enabled: true
|
||||
size: 200Gi
|
||||
size: 10Gi
|
||||
# Optional: Set this to pvc to avoid downloading the ML models every start.
|
||||
type: emptyDir
|
||||
accessMode: ReadWriteMany
|
||||
|
||||
@@ -14,4 +14,4 @@ namespace: kitchenowl
|
||||
images:
|
||||
- name: kitchenowl
|
||||
newName: tombursch/kitchenowl
|
||||
newTag: v0.7.4
|
||||
newTag: v0.6.15
|
||||
|
||||
@@ -13,4 +13,4 @@ namespace: linkding
|
||||
images:
|
||||
- name: linkding
|
||||
newName: sissbruecker/linkding
|
||||
newTag: "1.44.1"
|
||||
newTag: "1.40.0"
|
||||
|
||||
@@ -42,7 +42,7 @@ spec:
|
||||
name: curseforge-api
|
||||
key: key
|
||||
- name: CF_PAGE_URL
|
||||
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/6807187"
|
||||
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/5925838"
|
||||
- name: VERSION
|
||||
value: "1.18.2"
|
||||
- name: INIT_MEMORY
|
||||
|
||||
@@ -18,7 +18,7 @@ images:
|
||||
newTag: java21
|
||||
- name: alpine
|
||||
newName: alpine
|
||||
newTag: "3.22"
|
||||
newTag: "3.21"
|
||||
- name: rsync
|
||||
newName: eeacms/rsync
|
||||
newTag: "3.0"
|
||||
newTag: "2.6"
|
||||
|
||||
@@ -13,4 +13,4 @@ resources:
|
||||
images:
|
||||
- name: binwiederhier/ntfy
|
||||
newName: binwiederhier/ntfy
|
||||
newTag: v2.14.0
|
||||
newTag: v2.11.0
|
||||
|
||||
@@ -14,14 +14,14 @@ namespace: paperless
|
||||
images:
|
||||
- name: paperless
|
||||
newName: ghcr.io/paperless-ngx/paperless-ngx
|
||||
newTag: "2.18.4"
|
||||
newTag: "2.16.2"
|
||||
|
||||
|
||||
helmCharts:
|
||||
- name: redis
|
||||
releaseName: redis
|
||||
repo: https://charts.bitnami.com/bitnami
|
||||
version: 23.2.1
|
||||
version: 21.1.8
|
||||
valuesInline:
|
||||
auth:
|
||||
enabled: false
|
||||
|
||||
@@ -13,5 +13,5 @@ resources:
|
||||
|
||||
images:
|
||||
- name: mealie
|
||||
newTag: v3.3.2
|
||||
newTag: v2.8.0
|
||||
newName: ghcr.io/mealie-recipes/mealie
|
||||
|
||||
@@ -14,4 +14,4 @@ namespace: stump
|
||||
images:
|
||||
- name: stump
|
||||
newName: aaronleopold/stump
|
||||
newTag: "0.0.12"
|
||||
newTag: "0.0.10"
|
||||
|
||||
15
default.nix
15
default.nix
@@ -1,15 +0,0 @@
|
||||
{ pkgs ? import <nixpkgs> {} }:
|
||||
pkgs.mkShell {
|
||||
name = "infra-shell";
|
||||
|
||||
|
||||
buildInputs = with pkgs; [
|
||||
kubeseal
|
||||
yq
|
||||
jq
|
||||
];
|
||||
|
||||
env = {
|
||||
};
|
||||
|
||||
}
|
||||
@@ -3,9 +3,9 @@ kind: ConfigMap
|
||||
metadata:
|
||||
name: argocd-cm
|
||||
data:
|
||||
# enable helm when using kustomize
|
||||
kustomize.buildOptions: --enable-helm
|
||||
# switch to annotation based resource tracking as per
|
||||
# https://argo-cd.readthedocs.io/en/stable/user-guide/resource_tracking/
|
||||
application.resourceTrackingMethod: annotation+label
|
||||
# disable admin user - use oidc
|
||||
admin.enabled: "false"
|
||||
# show neat status badges in the UI or as embeds
|
||||
statusbadge.enabled: "true"
|
||||
|
||||
@@ -4,7 +4,7 @@ kind: Kustomization
|
||||
namespace: argocd
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- https://github.com/argoproj/argo-cd//manifests/cluster-install?timeout=120&ref=v3.1.9
|
||||
- https://github.com/argoproj/argo-cd//manifests/cluster-install?timeout=120&ref=v3.0.4
|
||||
- ingress.yaml
|
||||
- argo-apps.application.yaml
|
||||
- bootstrap-repo.sealedsecret.yaml
|
||||
|
||||
@@ -6,3 +6,5 @@ k exec -it -n authelia deployments/authelia -- authelia crypto hash generate pb
|
||||
```
|
||||
|
||||
give the client the hash, store the secret in `authelia-oidc.secret.yaml` and seal it.
|
||||
|
||||
}cnnhzH|Mf/yLn(v4rF#>KnGMgUS+TY
|
||||
@@ -7,16 +7,14 @@ metadata:
|
||||
namespace: authelia
|
||||
spec:
|
||||
encryptedData:
|
||||
client.actualbudget: AgCfKgV0f3oEB+04Xk7qg3bE4omsXQQxTga/5O38714RNSSeYtcBTcVGbfu7jfOmuVOX8OXQPIWhcHRVnHdOyd75mEpAmYyHw5M9RfqoRHWRPgzu2lBIMHxrFXoy6Vr5b7UXAfpdKPcQddERFqSy+uklO1npwbPHh1YMdDxLGA7l+HQo+rVnShiUbFUJeuhUoZAsluO4awBWmG1jyiwVRjlc1MiQFnvy/lZHnJJ7PAGgZxtoKfG2zATuFaJXHLPuqhV/fPclegKCbY6FdaQUmiQqZqH2tQlsTNOykozY1/VToLJNQw4RZwhS1mA3giM+zPOzdwWtxZg9LLWzm9oZjNbJU0LZX6E2tmQ6vZl9UBRfVx5Vx1ermNTLmWkvFybX870uRRRTF79N83v5q2QbM4hVgSkKZwwplzodoveoQYtpPL6oJZFxiPBR8VoBtIG4gUHUiMmdKJg4Fs+IsvECOE87JmZHsHVgRhNcCi6uZrobk1D9CFCsyIJog0h/U5zxlMHc8GcTR+p+zvkawooD12n4TB/2lOm+yL3/VPx0j8Y1H2xuYk7EorMGsYiQ+Q//HNZkpGsTRlVYTQp3napvsbvBK+Ekh8tPHsIWGSQueK8k6T1wTAUQaBhWdorwKre8oeBpdG4BgX17MRmeYs+vkJx/sKGhBMHIx2wFROXZIWBzo37nHHRIfjSFkIcxZGwPLoQ9YSVn44XCRQh7zE2ZRzQKV+d5Hs70GHiaFwzZs+sd7wDd211p027AYdLIiDpBwO/f0bgQzvBMBNWZ83InGa9s+r2LruxVj+wD0dnw73SgEiZR2TvFdBpj2T+YMCcMnIVwulpm94cWhEIFgRQwIKmwdfTWB7HdN84Jf+bi4SgRcvpRVw==
|
||||
client.argocd: AgDArHcXxQMBvhBY0hwOYqal31JlFna7GQg6s41+XAUTsb1ahFeCCFfLv/WI993y5NMvH3CpnJtPFiunc1JT4yxLTZROKVrSrwjjrDKRuVt57lb8lz6gtNR3ucvpTXjqEO6FXTNL6w+j+ZIWybrdBUheQCj41aYvQ7TP3lTyLcxQSL/UpWLKnXW+jkibqsDqVVaGG26gNniOBg2GoI1bWHvZ+ZUBy/eZflOH9lgLo1vMNw9M+fP9EeuU3CDj717zS00n8X/vDAxGJF7AIVbllqNRX0NilgKwYCfoS79fuUYhzYSI1jYMPCQvdlTLa4bA88wfkomZstVgVtWxel0IaulDOnDgKYonkRqlCDYw+oMC/d4k3xKTEugfV9Ihx9isYZYv4+31v6QTkXFFj5VQlWSDDPllmV1XWfAdRDwT6CVhg5tKWOPWb/YHZJz+idDPEGn5qiklJ7Ar9YEJfuzkfAjCaq4XBjDFKyTfZGeTuLjbq6HnigKlQFdSNOG64QzBbQu6tmR5otipQDbquxhzGRDdCP3uPFy/CXNOn1J2UrGZamWdQzrO6lQQBypFHGAV4ltRrQcp72krPIeL4hPLr8WbUwbUFtESSN2aOYWqs+hnAmcxqy3hqEcouky1K+drgqsAgTp4EkRRwnQXHGrAi3bEeoPqoS8Ec0xfgs529322acKyjOLEObqtNuC/3hg5kNL2fu58MJeoJ1Q2U9pvbAsCrpHJHd9DmHbVwC6orBfL1P50USvTsFm+UikdJpfesLxEGDiUKSU2Al6ntHzswcB304J2Zdb8zrIZaFXs+bmSUoT1Ml+/PqySZc04Fgt7uNBh48nKsl2OlmdGKiKXafxTVBewYWJd6uDkji375i+Ji/5rEg==
|
||||
client.gitea: AgAs4pl1bs8nqBsenxhMHhq9mtCcbjMZpNeTNyUrWSRzUkJx9uoiQJ+plJgQ/xHl7vDbslLxDPF8Rx6rEns+tDdbaIp9LU8YADHqMbctV2PB+pp4wTkWSUamquA6Khrrgr4xQxCbzthL9/2QQJOBBNJsIFcJDfyFZZm5lzsrzVZ+lCpWmnSH5YUpdVAHbjyOZw+Oi+tnO6Zg/8lxjKEf20SFVCAKDly/VK6j8SvT9jzisBHL+uoxZ58fyKd7C3KWVJegBIuT9pIvxXc0jg+t5ltcXQcHyZfmk4mH8nWN96KWDTe42IRA6EGyxiruppAzQoKuNKisUj7grqsE3YbCmq3g4/Mp43FUlz0gqOmI4pwaV8BckVbyMNEyMxKGar6ymz5nWit5hX86U1jmvMrUcKsROJlm7DsyC258PgLwFspnbBhTEN7fJ7iEsTR4PdGPUTQ9rH3F42t3aYe3kCXXNz1wovwKmSt5Ex5S7UenVKfuZ2HvsAuZ+nZYW7zgVW9kf1PLz5jE5NYoieatmdk2O7gBUcXQBNqVwgvCmuiJbyv6jIz+Cyn753tOSZRqgrGH1i8B7EUzKsaQJcTTc+SZY7HVw9ohilirC4vrgSx9amYMCGxkOKhBEPVYSRN4N+Yt1A+ZsmiToAsotiQ4uzYY+UXQ3hAuiPzP7vJXDHAdPQZASwI4UdiMa26d3f/FqJJthnFnkg9GFvD4T2dqduepYsnxqN9t3IDYgQYba0vAIzmdmZW8UlyBise9yb5RfsJRmwvxG7yykRAoM+j2Fs070kBCF+ohTg9pWOEmry7HNu+fvMyUMKja7Bjm3gE+MAjgXquoILIW+ZeZud15yb0NkV4LQ78K/8YuYiGXC3aD+hv5IJmJjQ==
|
||||
client.grafana: AgBemPXmz04WdYAS9DerbbkoriqYiFwvvZfNYdfXo9eMwMGBnO17jTwlsKx5Vq+dB0UVqm16HutV41bB3BAtp8cSeFw0kivMdzVC2I0ZZ+bDWNzEKhCSdcH01THvvuoaeNWYusPuS8/cjbk/I551Im3EMSkryVjrErgvV5barf7Ox8+z5pSob+LfGGs0JJL5kOawGYEdjj3PGrYo/X0zA6EculcVyFiUJGf8ueQMshoTfUEUc0sR0LA+/ZN6LHG1ZjQ/Q6H8firrogf7luJ7Hp3S7vc/WFI3L1aE5E+u/tlDo6AelIgha+3lWtQXwwTiiiWRoxRDxU5pfJ5lUwHY9dxWefRNpQaNDZdthykLV2MZp9RW4Vfq8sZ7AnnSVQVH0wtsZLQG/m5EDb/mbBAnxLVZOFntyVtKQZ5UnMPbs0G/7tD0alkVBBR8iE4S+QMyUq9QVkGU6Tso3W1VrUdz8UfKIXGaf2eyeOzqNqXM81uYpRw4Tmv0XrDPrQ2QZ5ASd1VAnHxu9NoNOj4FEGvIJb9PaZAOHwYV8VW00uoqWYuabbo1T4uSAKijsf4ekdCvCfkBzcJsF3r8FWHbsCKcCLYp1mm7bQS5YUfa3FRWGQGbZvHI1SYrCTJzB2eZvTieIRts25CsQrBu4OOQGEpaUBLLOSaKi9Aa4yN01vOpxCcBtDdz9MdcNFFpt5hvHBTOef/lBvXOtLF1NGuFqczhpptfAM0zKqqdoYNs0d15vErdTaaUYliaW1xj01XJYwB6L4JM+YQZaOIfMv0APGzylcM+h9jCfQa2k5Kkgmz6RJoupdknddiji7LfZsmSSegE5a1DGrME7QDXa5hJ5OjSw7+5FIByaTcRBwpusr4mY0Q4q0DAdw==
|
||||
client.kitchenowl: AgA9v0zIBn//VmvUgu4yLhALCWP7Wiu0Q4lPgrqXOIoLYdAX1jh+7cpI4oIKak+MBtCfxnd+os5xFEG0Mvg8qs6/RxgoCFcEyzjHfU65sNol0/x8ZTXQSHLpyZxy85fK4oKaHyvolDW3nnpoy2nrw+NJvwQTPquqVzCMswAE37MoNiU64OXyJU1VJFDo9VNwzzxhz02xczEk5Gh/LeVDPk+EPKzXupct0BM4GN3PZnbsvO/46i8alem7D9JIPvB7+tWzmXnXKoQ+3os6Xbwqu4wDH1cJZYFd/VOXQWk3badO3QYlewF0qEbSLLxXnvdJbR3JaA6IMiZJQUDTypZ5Z84phdAzG9v+e7DGlr4bHPEGV3DZPWCg2rWHjleDuCNJlIQP+9Di/piiTRe6rsz9lI1oncYCVPwjxtS2tpKZO6HJ7mMiENivsRLpAq1xiclCbQ6UERpBb+fmTv8a6GCIer6GzhaioN/MLthaMRuIGTjKlwaeC5EPswY5Cj5pYWXB6xhGRjTtvMyKEtWt8VbOtgESkgq0ES0yYuP37ZcKWWJjTiVii4JR1JVW8hdmXxzw8iQ6eq27fi7fyEJhIDoozwvorohqktlzqGCnIXiUN/gUgFQiMdOSHYVh8BrFCq6MbXDq1AxnoKov2h5YBlj2FqrubVpLWIJWBp+xbTDNIFkIpmzOE8uKigeCAyMxeqEd/SLylDl/2wD4XiaMVXpUucGkWW3asNvYjXTUbxHHL610ricaaYS/0adK4YLUpgr+1jE5gNKwA5j3DliDuVZSNpppzdCvWD3vr2kTOvnJhH8IyGNAs5CZmsYNtd2VKoHHhPFXnO8iU2XT3DP6qez9vN4SCPkwhlyH7NaqMhxiYnYkcLXBIw==
|
||||
client.linkding: AgCeuXqdo0hFi0fsV+Lu6D5nPwOj4CuqrwIEZwlIubWi9/IOsXIOgJlMAH69yLymd0yXnA36hJU2/s7sXVj7bwpahNZXqAVFhfUCjP2ab95VXpawPFg7PpnjEPlODCkDnFffOf6DqYHQ5XRWfq0fTah+I18BkZWAbhCYD9qeYMRu/juluqiExP2yi63D2l5uDJpnM9QxxzH66toqPCqvFQ1tVWGEpNh4O6k4qB+t/1vj6DBcawbjVLINoiUahHgaHmkOzidZEo2shrBrLMZu/pUcR1sSjXCMHpcbSZC6zQUFkiDQ+K+cOrz7XE/vam6oYdwf/ks+kowWDKGDAyT6k0rRU3E0tW+PDRa61ffF7c9lWQDtqNUFJL5GhB2QcG58w1lWS97vdPdHNqOIrgBM8SUGaevshwl2HLsV7q5xRidgI9m3Z+OKwCaszC0HDQD7rRCwOhutvh9IP/FR1G2NhsWscjXocM9Sf2vMLiZU2RDVx281jc/EqgeMZ958O7LLR2ZfhDOBra+N0UZlhQfFdwCMSgyPpJ5HjAPia2ecON1LHi4XPqxMEEpMxtirSNSwrcvoM8OgxcOeYpdEX96TuZxtPiKjboy8h1WBMS3QD6b5F7C7LTrHu/BlluZigA4dfDEtn95XsHS7w4lGgWy9ukCRhXdjDQo/FAekFsGSuDDyBp7ecK1bpkvXaZBiaRVjq6eV7293rZdNzsk1kzhoIg67KFzBrDx1wofvJWTN6+pQOCD+f4LEvo0cL6YqWmDSW6SnfZV9/NaBq6B61YUwOACXVhAkZ9VVAN76RPl+KHth3FNTXvStjxnHfj0SMuPByemwG1MZ2SrZ6phcIQz8TJb8TS5l/fmaDH/QfLSFvvHv5gKi1Q==
|
||||
client.paperless: AgDVOPvaQwEd8qrzFj3NTcGW6luSiSwGLmQOGiKps7DNZYiIn4FBdII1I+J78h+B4wmZ3LnLrju8YAZ3s7G3aTvV+YJHxMhlAc7rO0wkq/IUeDzGb/AM4POusm58T2o0a8zD3z4C+iHYuE/gjT+lquUKxgKP4IYPXM6Ni7lhmewJ5PCyoznoTeYnRVwjsZomip37M8/h4hOID19HZpPWMGMXtMTWrNzgmbeiVFRTqIgqqKMnASuMfeauxfCl2u+C3OvaYxgIRyP4BNzmU7itFTcOgmaFd40V0RkaALFBiU82ot1L46FZSMeqIEjprvTIdCSlNITFweYvoYhNSA0+/kUAy21uyJFqnoFW6COT9RfHFgGvi13lk++ZrPJKIMGhK29z3dC5HsEf3Rb0W+BQ6yNFEc+LTL2/ejxZwTtymzkXftVj6U9xa+BjDjgXk45H3ZAy0uWfQnm2RGBTYN7+MEccRpYp3aMh73jH1aBQIPt0lQTwmbc5rh9pTdqu1/c3NDS6OO3H2cx/AIbyPTq0pdX9w61UHVbR+E9I25wrjqJeZIRe66MerlngFxiPJKygEnuN1Nz+1feECQoq59P4FbykI51NZO64gK647QhEsbMN1nCmKFOLcT96Rjf1JQruhgoO0ljhAB8JRK3oEBIfjJtJIC+gtFaPzgldr0spr7Q7+rmgkNJIggwMSlr+/UXycB5a58cIhS0cuAUm/UOLKCIQ3xjE9OuUdQA5J2eaO/54GSLCnSdOYuiXzEQuV2VRWST+RhRmVnSqugF6d/xWfkC/ahsXo1o8ZIWFabNaHQzYmofRybK0LNc/rN0t6z2Lv0aWdGlm32eyAcUfUIMsuSKK+rDozgAmXQdz4QEghWQm5Sz3Jw==
|
||||
client.recipes: AgBn5K5p5Nq5D9ishKI04kDR5uCvKuy4DN3vHuFwP2j3tWqrfJ9YfWGUBL4oE1Mod4071habqZaoP7nIHCWv8eoMwke9G2qFfJ7VZi0ezXeY1aTXDxn2qnPNf4MXYIVfbD5ZSU0nVPOETuJ2vsHg1R/pnfjMU1Ha9L/67ZnDsqona4259zCF5AfCV/kVsZWslAV8YrxDSlCobm2Vw202Me6CV6rFon6HmkZlO7on7LYfBL2tCHr4N1A1EOvVvF0Ua6vDexOJ0sGVjQWADEXy31H1a3c9lDizb1xqvCIcKXAYNKKGxiNrLh7TlWsK6dUX7OLUw/uDTryKwtwOl/GYfYJEX2wy3pK9PNWjjOUrpv4VoaGOKmObXQ/pIafI27r8WPTvPvm71YgUcsi1D+71a/iMWy7tXbHpvEB13qwn6/2zUSGcuGlaC8P91jRVi6xtnTg2XcvcgjeT4bTnpAEOYUZKBLqIP9qmLvxxsuVrvQoMisylYIyJzAAE+JJSYj019dP6JKgBKV6u6rPW7AkoT3Wsxkr8bwcvNSigW3c+PtbU8fvws8VY1HHTviNOflEwZePfGw+CfroS9y7hEQH2stNHaZ+5zXwjQ9+FLH4BlzbggavfL+AYY7zE5eOrL2WrD7c/1qMcDD4rxwrNwsz3mqZ9GXpe6PCxxU/W0RtLqMERx54b17ILC4Jq++XxzDyGZdUAzA8vYLhxQo/wgeWn7df6CVOM3acWbHeLAmPBM5FWKmEC1OShpzI/LmYFbLkosaAeLOWACeyl67GIwR573juRcr/6ITuUOgGXSdR5jMiqVT9Gu7x7pDkNJN+8Q4oAXITtfEaqb23M5KhtZuaZAWZgsdRpDTgPQNB2u4sBSYQluXsR3w==
|
||||
client.todos: AgDYtDtvcP0MXbzE60kLauD8piAsfJwSDNWexsFQyezMc9vEtq8UGza198mE59eNGeUgm8crZBqlfBbKCY2luB1dq+GrkTkZHCXztR2nKTxt0X0B7LJV4DVYwlNuji7HMJ/XR/ynfjVbGi4rtoZ7MXJYOhxoLPDCt7umwG2jIMhbmuBMf8q1EpUmgFtUxTNY7i5JQAvmlCp8rgdwdAePSHCeTS4KdPTyvaj3zN/EJSX7lnc1m1D11Xld8klBsde+zrdPjm+UJQFqKu2pHXMdM19G8tqSijNcCuCGkhjQkOrMv8VhudPs6kR2whPOXtSmr9X6gNXgZ024o79fz4hBlx47MrriVW4Th2f43Q5ISJ1KoXYgjXHMF5Dt0+C1ej/0x5DBokUapNAjBZsKEe1fBI2h52G+IFpvxMAHh6T2nIHPRaYGCznxuPeqWErachhQT5QXOI/7DBCO1h/GJo9KJ5UfkMTT6Qzis1RjU/t6cbXO2PoKrFPOjqYRcTIAQFUp7ylJ4Ep85gRidd0NONfc82y+LUZAwbzYTZ3ipckirsihFBW2IMjRD46+3LT9CzdJscr/kYPA7zbTrxxMPqPiDSKAyK3LPRm25u6cKQD8vM3+n6S5gYI2svlogR0zCcJiW8+8rIPk0kUzITioSYFUP6jXvuYNfdmq2VJPk5SNK9grMG/RM3Y4XDnWuMR8lUl3oA9/HMCviVzbJwgjSQNO4n1qsLIvuDr40KWSfaKH/UCm5zaf9jIDXzXRsXeHtSHsPfr+cN3WgsP35Do1CgHPzB0tihCfesFPAk5Jt0keg77G0O76rJsq0c4u0a4vtcSk4i40wVnb1wr+GUKXweR53LdJ7j6X/MFUs4KB4s1M4A9a0J0t9A==
|
||||
client.vaultwarden: AgC5Gimoj3+qhKQuDijPFX1niOpCx6b4MUHgRttOPKFYz19HgFzsbkuPiCcA0AsnaGSwS2wwOTv29ywpGeFzjGRk0vBUGYX6aCbGIkjs7GRvmIovLs5uHcgPsoRp1OOAH7eDdFGGSpQN+4312pLoKKmjp9cwFIAHaAs5IavCXIv8/Fk6h2sLslHqoO0LVP24qkilqV22IxRSV5mKxg1A5FW2mDUxWwSkditJYoQ89Bze6GbI6xIHHo6NZD5uaBzf7kGZyUPz77zFPTfBatmjJpVkqdvvBnCQF65qrZAXy5Rw1trYyEgGMM0vFaBm2R9YWrLfv7w1nhNNP/Gq0/XwDrz/KywMXujjp8jbOKUJmN02RJrinYYSV8Z3AXZ80V3pgVsCjPLnaY7LHa+l+f45RW3A7B1e58qUEeb/wCPXRP0ng72gIcbX7rTl926XrzK6d2Bkw0scKIIXoYYAtJ+AbzfKJCx4FsoUxTlXslhO+HAT3aM5ofwR/dgUnbQKRnTjGa9R7FwpUOLizxfZYcjUTDT3+Bgjx1eiShxveVD+v6JjjPvmWn370J/1t8CnxL4l7ylXj9YsL+4z2j/s9xNsN1HiuETBYQcZXw9kgcXaEhLRnIsbwpsa5Hw4PODujPUkwkc+VN34V1BNq891h1JvxHq57SAKf36cLosybHTIWaIRaLktgAdntj7/5vmQGtjnEvekXk6f82CEzEaOJvqE8jV62Q1KYiOjKi1r5dXmZ3xqwsh9nuluC+YBVhbI3fxKJ/xkKiMhpkF7S9JHIOCFuyAAqf/IS08fC+Rm51U2ImECeoTiyhKAm5q+Vco81IjzRnwiBHj02Zug4FIX7n8qgWLEr/f5643y3fkCpo5uY9TSQ/HK3Q==
|
||||
client.argocd: AgBWKTgzqy1UjMClw8+9MKCZAM53ErvunxeIMkyPkOvioGN5+QuvtT3rSCNJentXEhIK3V1mt0kYNb0yLei+W8o2Vgr/wqvPfA+JbtgfPKuHg1eayTXDB7TPXG8MzONM75pPEq6nTSz7YOfu5AU0OjX/3D4E8lBD3hCfEteAA6tbxplD0P17yEzQTspPbXh+YNRY8/BmRr4xbp3aDdekeYfrZ8HQaYOCs6vl3JH4SvYoPGxrsSS2muZEPESmWBBC72NcFVnpNG4i106qxwvMlfOwKz4+FQsHMZAdRYmXayefwMWTxOC4MN1VUE3S6FDZlU5Zds52qOF1bO8w0cLyFaILtcPkjV0w+7eCUhrYx3CzyaCnVAHBBwvUt3VZ+g7RESI+Qc0CDV5IwTpj0R0Z4K8ieGMr/gEU83Wm5Hv66aneZppAJV5E8BixIdFTAoZlLNXg3Q6R6I8PrcnTlF9IzBbrWBrE1MuYgvzIIZm4+lohV+jhJcOPgRANxVkDwAz1Sk3AfHFwKtxtzwjvpOyr+R49+I14GGyKtUcZjHioSUSiTqV4JOYvFmSDXsy5CrzFdO4zCn5jMhkGRWztBJY9nN1Ui5yODag2S7TVsCgcYNF0tItaNMHmhkez/NoWFDUvcNwr/+hGC+DQN0xoZTO3vskyW0RGKjBSnoI5QUnuJqFJsRymh7VpRvMr2C+0Tvk1nEoOoRmA65aRJScgp/acZl4UXhwOjyIpSNzai9kvIj5PVVf6+78z11h5c9w+vF1IDKCDGGgjrnXBeHFGoty35UVGOGOXQoQbLXyYu9ZWN6i6garwl5ATwea8oaUB1h1xweoqSz6xrHcLmjqWLbm8Me4eSA3TjvsD8gtnhAfnVAETxBT3UQ==
|
||||
client.gitea: AgBEIzadyU5+RT5nKUII3EPXfi4yl52FzvQQxEfX8T5845fAQh0/8ay/E3oXKjH/MvsnPWvIwBfAG3DZ6LBVt39SOA3+5csbcwgQn8ZSigfriowkGJKiSu/UhqloiCuIvzZwu7CrTUaAdrWdMOpYvVPts0TYUUdA5tcPGYyw4Sd4Z5hi22+NeMoCdMl67iag31I0PLEWl92WQcQ/V/sOKuLm0p8TEIZaPyCHLBwUPbD7Hvka6JhrkmkybnOJfmQLrHAblPptVlIOVwER3e3Wrzvh6YfOq3KUtFboeyLRRafOy4j5j0dWXj21WLznomH644ioUeysAG6gP/HZthuNMTUydz2dsWtIu5J82jP9bbjUibZeQIHjS1Y1eqPSd9lJWNjWBb69xuDIewLZ75rfOuTdVp83+iGkha2yhc8OEHBaXRFO3zDL/eYSuBGxLRtSR30WSHD6sgGmrGzSShAlM7MnuSU8tqeHtmLuKH85ls89HvVvgn6ZVj5+P6dmHctFM1tp8Q97nUeZZGbThT0DztKExNTdb1yCsb9m8lDxX7avGfBYvx7ntqBdxz5CurbFvEYi/9C98EYZycaurjUIRBjEgbT7vHkIIvJBy1JDVZYDFzNGkvZ0oOhehANvx9UNKeb32iCV3ypGE7oXF0/WFdFImSZWfTHVpqOUN+LJTnZylkwcyByp8Ut4R7xS5by/bBV846LK985fzCRWldHk0U7xli1FUvqHMvocOTsrwVjWtE0C9X+GDQMAJEP7z5xWlMCEePjEZq2/OPHXiRlDZ/rQfQS5zpkIZAK/vaiRCZ/arpN0RslwOzIDnnyFJB0jqhIsXf1JUDZUis7yLtnyaVh3I9a0EXrPu49ItBk7XdSNMYJ9Hg==
|
||||
client.grafana: AgAuT9f75mVVegFb5kC7v0wq/myoG6JlN8DLvY2tBqqCJ3pDMaFkVSALustQvUxpQ3UDFndKk3vF3rL/ot2h4R5dQO82guqR5rnyi7dGgf4+guV31V+Pz+cMKMNGDzvP6gq1+ePuGgR8Q70OKKk28Neiv1zd0quzKNY+Fmi3nYVonnKt7SDRrMgHdrak1jTyyBCDCl3k1S/kCjSsBUOfZuPDWxbSyKi8UvizwEm7QmK4ifsdA4IyaO6R5u/B9aQP4/eeb9uXaoBZVDWsrqi0ZHBavCnyJ79rYwDx+6ThsEbwYYsJ00omGts/1EPZL+1EpdJ97biIzapXpvlTRQwcxOZ0sXnA+5ig0Bs25u+T012HNZndYLcqmRsgKk+Iz7YjPRddaIFFEhttgubxCk/dMvzcchkOFI36gEC2TQCX7B7EcBAi6lQG7I7BVV0UrqmNhrzYCeY8AyNd9k6dNj+NslHfxM9QFIJmK8UnX4tx3OSJQJLaXN2ZG7TcPxv+Hn5z6A+PTE8+iwJ4mZmjxoVbyN+PYwz0m+uDqS4iDrd689NjFNy2lUxoCTtoYHs/U+GNOFD67YjT7DE9PbuS5zWlHCYM/W+5Hfasqs3/NgpbX6P44ZIMUBSdcgD/TEKyjP/ttjXG3FKVO/RkrJCNyUSHQKRlMJrzwEfwze3YQ1XKw5xLzDN8dTb1fkeDSE0EuGCtqH2S7cZE/3/w16PJ/ba5WR3v3CC99WQMMdeXLGP6C8PGq7Z/WErXlNLLPCsQKIMqlhoupm/r65SEcgf+OBI1iUG2dFNdB4VwFIU9UwHm2t3gcnU9Lq3DGQaOQusIHJgVF7UuamogkTfmCt6vxxIxXyPodiebZ520TeGgKIxvwTftxl+miw==
|
||||
client.kitchenowl: AgAb9vWFHkiFgsHs+1nrq65n+kT03igRLq3KWIvDg6EokA2TDXYb4KwYBZa1xcFwgT1iiLge71Y6spMRVkJdLAjRCaPCtSTGygzlZ7z9NFkn5O9YuWgkp+cPr62ElHpx9umKEx+Ug4vgyvrBk9eLWxdZZsiJZL6GcjUbMe/Mx2429mveg0kyfKg3XjraeU7xcHWwAj9PbjeRnhEewvr+9sdv3H1wA45E2+pZ9cZ+ETl9wXXNquUzUFSp8IOxzXwx34aDqjdnMbEgU3k2TEe3N9wU+r9vuzn4kesh0zEGkEfXhKtnGNSXFheU+aa/5cTfIp/GPfx3+dJ54LLWfVGU9X+COI70zvTEtAhgJptkWqJ7dVp6SLgQotvg3bTNohof1/6JDPKQvGvkQ3ALYMXYDd27NrmP3ZSJYdNGev0yDr6MXyNlv8SglnsRIpfMmPyl913/10DbvB5b0Tiy2xzmmODpG6Gk6EQquaJ2g+imaV8VPSdDOoRK+rDg2AH5KKRn8vxH7d/NRsmOmCxadqmyyWBbl9onu+TzSnjnPxyc2cl3EeqaaciXyh/eu3Ar27DVu1l6Iorv+N34Bttdti0TZgeeMD6/Y7eAXTry482ix26UOYmTH5+mGoGVAkh5BuWO2fR52vuEHV1T1VYVRK3+PX1OIeWEoEdPMvDokELc4W1Av4lVDKcacvNzuMZ1gpiXmdCNnYfDq9CbW00rS1/LPPUIdIyOfHg2q/OgxtkjiPUwWQCTc5NO8FPlQ2B4ZsJ51vfxl2zx19w9tgQVi7C7T7Iek/2Svz8QMiZtf9N3W8CoUp2RXktV+Z2yI3FWG55IzicRbVLWpeidRxuJTEdm8emgHSiMpDM9Uejv7pAs3QkLRX2+og==
|
||||
client.linkding: AgChIcLDfhCZshqJgG+H5exbWt29ms882BkAgDAopvbhbXE/e+I0tVw2FNDZWmKbI+i/Hlrvj4Bputn7pUcoAZf5W8FUJ2nOMhJjtjwMF6O0QzBje0Xrzi9eK91XWA3PRxbPOzBZYWlmWvwelYw0hCgfp1XRn3aXkPcpsZFV8Bb2KSXDSk39+UqIm1I4rR9hCXPMkorTUZOa/NYpDr4ieenbRS8PeeWATPzSxn0hN+RnXHnoUrKdO03px/2mYS4SYJrgZ2DrkGN7uz3/ARwqxxKcMBQeQCe0S3Udsw0tvvJbjeHJIQ3fzIz+BZdbKLgVuJa0ZNQxmuDVBFY+60d89nR6wKsyoRgC8y/sEHRpztUjiJC7WBiiJ/g80luMuo/7ZTIvu6u1I/eugsopJKUONv23cowdqthyzlsnKCsBTgfdzXuFy5YYoL7GPcybdpUcOA8upr15dE8vsN3UJEYJCZkw1V4iedzHVGPpo6tts4sewnzplH93QpwbVywMcSl1k8oeHqbdmh0srJ54hBFboyNRr2eQT+b43oFJZtQb3hhuZyO/uXKx44jeBoVYkmKCVldBBDE0FdQpAk2m6dtvXae37Eu7xHiWxY/KDzVxBzJn4NWboQRiTM9HQ7pLuAKgG+Ec1+nwfBgq3G9jZrdIN4/tWNvuBRuPrUTt7pwGJ7RCbMgSz9xbVFCxwBx8GwaNRFOH3/RoMdVwlUntRELYN7+pU9S0FS/VPnbVxOZbJI3ZHFj9n8qZ3lBD3SiHB4rNnirQf34CuEfnLigpSdskKdOsekXQybxVq68T63Ntf/yn/t0+nV5VdqpW0stqRBQaUq3yEqfAn0/HQ7nTgSbHf4ZsTMsAU+CSAewnig6qKTcS7a7Lrw==
|
||||
client.paperless: AgA4weCcn9z4H2WIqADKRpOMkCmA/6pci0SCKsTcS2nf6XuRG0pFufVqrVTe5jYIfAymKJs+Yzlf6V5ViE+3U/PhtBgHC1zifYBVkC0lSUUKx2YWkmrnSylAZZIYArC+kdNXU7pwIS4i8eCxeB8NhTtHBMXdfPig5kH/G6/FaL5RZ52Ly3jf3h2UP3JrWbk4dYijZbjvHsGNJMyDJ5cW2DtgMmFNMte2ScBuGpgF2tDiVKW7Zq2aEpVtVXvWjF2euuL39EFvLzPAIXeG4TaagBCnFfMVVxyrS8Dk63CiWQzTSaeBDbUhRuOGAYD0GELhSxpsKjOgm5AaOk/sJBjoAliFtSyejO30tP+5PBC+FE4RlJM5dMjHU8/9T/tBSOus3k7xWmExc5Eavf8yeXVmNeTJfC+Sji6QZxG5P9xisKXgn7EX+T4aKpeJ2FxAtL7NKgnrKeoztiHV2vJH6TepGjFejf5VJRjOP2QAJkX0ApnUVfhww4CjhBFo20zRYyI591ZMbw8PxlRFmAsXhL9XeaXQcl7nq2P2N0IdodtR9xMVlvpkuv11AZnzXjC8GfWgPE9vmDz5RW7Eo4WzWDaFVBL8Sjx+NZllV/qVHlJfbGgqgKmtzJWUZUATE9y9YwOG8PSKmw7fbIHccJ1o1HOG7BWIOQ/QIo94uQQWI0Z5ESRgaCsbf2oBX8HyYFdMA0s9sS9OdD1NWDTb1mVnhA8Pjq4XatA2PGlRPWBVD8YpjbeuNQXR4RuSuUvuKGOOO4Jsv0/ZXc4cUmPB3VWNzQO/0iNt8MOsZWjtQNiDBLZ3xVjRWo/p+Q7P+o1YCThuLxwdmyvAxkioRfR0DJY+ZrkErVnTv1CfLdS4ejf7ZYXcgsh5ZC8Kww==
|
||||
client.recipes: AgC3w8qEgD9fru8tJRi3mYSDbJVq5oG++x8XfeRKAQPXFtMKdFYAvn3zGPc4viavPnvE1mkHWSn0ECC+YKEThiXlI9ok1CKnspLrzi6oQlReCUnyJdu9e49xgV7kb5/SQsZbDlVmtluTi8j8y9AIUows/HsMjXgoNrG6RodAsWp5cauCgLBrqMk9nPuQVH1jTNFm27rMrJahLTjr/z/5chdiU6sjPH9EIDnaLEP3o8/ACpPTtwF4PYQszUVT3Uhn4YlekqAYMfEolBYsPLSDQyiDr1fwO3/4YUHNSO/+bN+7vscS+x8zozb750Oi9c1ARc8ENn6AiM3ZEd32ZJKqfqJ3+CxsXsuG7VjfHu3+gc4uqLTbwZ+BVacSoA7JObsoQEbWdCGWTNo5FMXrhIv+BKDB59eLKXTOlBfVTLlbh0P7tSR57fhSpBomcvvnQ+MtfSS9hDFMNiPhb135c8hjJcbMZ6xdQz6HARVtP5nVuPyDafbez6A+VT9sUDt29+oNf5qpk25526Q4GI/YlyvXH+3RT5q8syYuSIZsmh92qD5ZltffW5kRooCeskAryiyWdgyqjMAekR1dZR9wqvzRraDpY/neLvrpUAPl7U6kdlzuIdaJFTnXmNKc1wK5NaeAEf4wwO6H/ibWEzIJKQJcTlmi+0J1SfHcCULYZ5ASeAkSRUxpdVk16LCTHWbyHYFOYmGsmeMmRTYylB/FdOuUEZWrO5B99xw5baSvLN842v2JnwR27Mha3RvS0teSgbuXgG5kWWGGZs9oibsNaaNz9p1MPw/HR4M6PmfEJRsaz+cX02bVUVzdaXhoTZ/D0DoNe8lB+Ofupjl7jAGzEJpGbwK7cB1gnITa4blqyszrKg1dg2L+ZA==
|
||||
client.todos: AgBaZOU3D5ZEi2iZud0kLIgZVVNwWjreEDMiadtgZ99S236SOckGlqTes+6gcTcMUQe6CFcxatx8sXamGd9xtIwyZa/5jns4Ju0L4Tozf57uQS1CPY10wyLlPc/a/thn6dItfh5l0Fr+vQBmV0dlEJ12UM9iIH/w9raaf0VkDP/XbZw6PZ0lVoJp6u8LrjMIf5+pdlPOSytFNzB0EbWfQYGObD/zgt45V48+gE9jLolLIEz7QPMrUg0dj1RjWJE+dWXzv+4gCsRi/64gPUdkOZS4YWIlFP08jcDChzbqhVkqUXz3AOQOxF7+2NpD966dxWiYRQfDfFwb+V4vK8C4+DlQL8p22MxWt6iOhxpSoXVVlCInYxxhjpk/gpECqfu6gKlEexg+ekccAvkKVmBX9TbOjsurYFjL3JfuL057fjWIpvZhkQjJCQJiCgVGPtyVhoCzsKeyVDNJvXs6dYp8CMrRAcn/fdo4wI0/tva723ub++AsKSsXCRT+d+03FnBbjRrxSQdDiP4xYY6BqNfjwHGYSoULxtop5t2qt7PzFlpCxNjRe4NrkENCw8xDDSRrg4CLmazPi1Xs+MDeEP3cpi9sRzQx9u2JrvvHmsTeHjVY/MQHb072nLa6xAiUQoXQLMlzxJuwx0U5DmsMe6o8FfKaLikcS4CDKEAddLDI25z2XUBA9J7BTXdhtHB012S1COhouRqn333uKF/BnABI32/Afj9qsDy8VQ3iZyTKpLQUOrOzKKTenXy0b3VV9Vw3DoDPhEb9//fGrVoLdbXDpYaJScza9qg7QWmLqO8Cbk/83t1C28LWqZKWyMtq+QFQ1ANIbi53BopX8zBQargctEVielkpN5HqVCAIow0nQcGmZdZClg==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
|
||||
@@ -75,7 +75,7 @@ configMap:
|
||||
|
||||
local:
|
||||
enabled: true
|
||||
path: /config/db.sqlite3
|
||||
file: /config/db.sqlite3
|
||||
|
||||
|
||||
identity_validation:
|
||||
@@ -105,7 +105,7 @@ configMap:
|
||||
|
||||
cors:
|
||||
allowed_origins_from_client_redirect_uris: true
|
||||
|
||||
|
||||
clients:
|
||||
- client_id: 'grafana'
|
||||
client_name: 'Grafana'
|
||||
@@ -122,12 +122,8 @@ configMap:
|
||||
- 'profile'
|
||||
- 'groups'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
consent_mode: 'implicit'
|
||||
- client_id: 'recipes'
|
||||
client_name: 'Recipes'
|
||||
@@ -236,56 +232,13 @@ configMap:
|
||||
authorization_policy: 'one_factor'
|
||||
redirect_uris:
|
||||
- 'https://kitchen.kluster.moll.re/signin/redirect'
|
||||
- kitchenowl:/signin/redirect
|
||||
- kitchenowl:///signin/redirect
|
||||
# mobile app as well
|
||||
scopes:
|
||||
- openid
|
||||
- email
|
||||
- profile
|
||||
- client_id: 'actualbudget'
|
||||
client_name: 'Actual Budget'
|
||||
client_secret:
|
||||
path: '/secrets/authelia-oidc/client.actualbudget'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: false
|
||||
pkce_challenge_method: ''
|
||||
redirect_uris:
|
||||
- 'https://actualbudget.kluster.moll.re/openid/callback'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'groups'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
- client_id: 'vaultwarden'
|
||||
client_name: 'VaultWarden'
|
||||
client_secret:
|
||||
path: '/secrets/authelia-oidc/client.vaultwarden'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: false
|
||||
pkce_challenge_method: ''
|
||||
redirect_uris:
|
||||
- 'https://passwords.kluster.moll.re/identity/connect/oidc-signin'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'groups'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
|
||||
|
||||
# notifier
|
||||
# is set through a secret
|
||||
|
||||
@@ -27,6 +27,6 @@ images:
|
||||
helmCharts:
|
||||
- name: authelia
|
||||
releaseName: authelia
|
||||
version: 0.10.47
|
||||
version: 0.10.10
|
||||
repo: https://charts.authelia.com
|
||||
valuesFile: authelia.values.yaml
|
||||
|
||||
@@ -9,15 +9,55 @@ spec:
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: git
|
||||
image: git
|
||||
command: ["git"]
|
||||
args:
|
||||
- clone
|
||||
- https://git.kluster.moll.re/remoll/dns.git
|
||||
- /etc/octodns
|
||||
volumeMounts:
|
||||
- name: octodns-config
|
||||
mountPath: /etc/octodns
|
||||
containers:
|
||||
- name: dns
|
||||
image: dns
|
||||
- name: octodns
|
||||
image: octodns
|
||||
env:
|
||||
# - name: CLOUDFLARE_ACCOUNT_ID
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: cloudflare-api
|
||||
# key: CLOUDFLARE_ACCOUNT_ID
|
||||
- name: CLOUDFLARE_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cloudflare-api
|
||||
key: CLOUDFLARE_TOKEN
|
||||
# - name: CLOUDFLARE_EMAIL
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: cloudflare-api
|
||||
# key: CLOUDFLARE_EMAIL
|
||||
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- >-
|
||||
cd /etc/octodns
|
||||
&&
|
||||
pip install -r ./requirements.txt
|
||||
&&
|
||||
octodns-sync --config-file ./config.yaml --doit
|
||||
&&
|
||||
echo "done..."
|
||||
volumeMounts:
|
||||
- name: octodns-config
|
||||
mountPath: /etc/octodns
|
||||
|
||||
volumes:
|
||||
- name: octodns-config
|
||||
emptyDir: {}
|
||||
restartPolicy: Never
|
||||
|
||||
@@ -9,6 +9,10 @@ resources:
|
||||
- cronjob.yaml
|
||||
|
||||
images:
|
||||
- name: dns
|
||||
newName: git.kluster.moll.re/remoll/dns
|
||||
newTag: 0.0.2-build.68
|
||||
- name: octodns
|
||||
newName: octodns/octodns # has all plugins
|
||||
newTag: "2025.05"
|
||||
|
||||
- name: git
|
||||
newName: alpine/git
|
||||
newTag: "v2.47.2"
|
||||
@@ -1,14 +0,0 @@
|
||||
{
|
||||
"hostRules": [
|
||||
{
|
||||
"hostType": "docker",
|
||||
"matchHost": "git.kluster.moll.re"
|
||||
}
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"matchDatasources": ["docker"],
|
||||
"versioning": "regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)-build.(?<build>\\d+)$"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -23,6 +23,6 @@ helmCharts:
|
||||
- name: gitea
|
||||
namespace: gitea # needs to be set explicitly for svc to be referenced correctly
|
||||
releaseName: gitea
|
||||
version: 12.4.0
|
||||
version: 12.0.0
|
||||
valuesFile: gitea.values.yaml
|
||||
repo: https://dl.gitea.io/charts/
|
||||
|
||||
@@ -2,6 +2,7 @@ apiVersion: metallb.io/v1beta1
|
||||
kind: IPAddressPool
|
||||
metadata:
|
||||
name: default
|
||||
namespace: metallb-system
|
||||
spec:
|
||||
addresses:
|
||||
- 192.168.3.0/24
|
||||
@@ -9,8 +10,5 @@ spec:
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: L2Advertisement
|
||||
metadata:
|
||||
name: default
|
||||
# selector is left empty on purpose to match all IPAddressPools
|
||||
# spec:
|
||||
# ipAddressPools:
|
||||
# - default
|
||||
name: empty
|
||||
namespace: metallb-system
|
||||
@@ -1,12 +1,15 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- ipaddresspool.yaml
|
||||
|
||||
namespace: metallb-system
|
||||
|
||||
resources:
|
||||
# - namespace.yaml
|
||||
# namespace is already included in the remote kustomization
|
||||
# - github.com/metallb/metallb/config/native?ref=v0.15.2
|
||||
- github.com/metallb/metallb/config/frr?ref=v0.15.2
|
||||
- ipaddresspool.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: metallb
|
||||
repo: https://metallb.github.io/metallb
|
||||
version: 0.14.9
|
||||
releaseName: metallb
|
||||
valuesFile: values.yaml
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: metallb-system
|
||||
# labels:
|
||||
# pod-security.kubernetes.io/enforce: privileged
|
||||
name: placeholder
|
||||
labels:
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
|
||||
@@ -6,7 +6,7 @@ namespace: monitoring
|
||||
resources:
|
||||
- namespace.yaml
|
||||
# prometheus-operator crds
|
||||
- https://github.com/prometheus-operator/prometheus-operator?ref=v0.86.1
|
||||
- https://github.com/prometheus-operator/prometheus-operator?ref=v0.82.2
|
||||
# single prometheus instance with a thanos sidecar
|
||||
- prometheus.yaml
|
||||
- thanos-store.statefulset.yaml
|
||||
@@ -17,17 +17,17 @@ resources:
|
||||
images:
|
||||
- name: thanos
|
||||
newName: quay.io/thanos/thanos
|
||||
newTag: v0.39.2
|
||||
newTag: v0.38.0
|
||||
|
||||
|
||||
helmCharts:
|
||||
- name: loki
|
||||
releaseName: loki
|
||||
repo: https://grafana.github.io/helm-charts
|
||||
version: 6.44.0
|
||||
version: 6.30.1
|
||||
valuesFile: loki.values.yaml
|
||||
- name: prometheus-node-exporter
|
||||
releaseName: prometheus-node-exporter
|
||||
repo: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.48.0
|
||||
version: 4.46.1
|
||||
valuesFile: prometheus-node-exporter.values.yaml
|
||||
|
||||
@@ -30,6 +30,7 @@ loki:
|
||||
filesystem:
|
||||
chunks_directory: /var/loki/chunks
|
||||
rules_directory: /var/loki/rules
|
||||
admin_api_directory: /var/loki/admin
|
||||
|
||||
minio:
|
||||
enabled: false
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: config
|
||||
data:
|
||||
DOMAIN: "https://passwords.kluster.moll.re"
|
||||
SIGNUPS_ALLOWED: "false"
|
||||
INVITATIONS_ALLOWED: "true" # not sure about that?
|
||||
ADMIN_TOKEN: null # not set in order to disable the admin interface
|
||||
SHOW_PASSWORD_HINT: "false"
|
||||
|
||||
SSO_ENABLED: "true"
|
||||
SSO_ONLY: "true" # disable email+Master password authentication
|
||||
SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION: "true"
|
||||
# remaining SSO_ variables are set in a secret
|
||||
@@ -1,40 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: passwords
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: passwords
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: passwords
|
||||
spec:
|
||||
containers:
|
||||
- name: passwords
|
||||
image: vaultwarden
|
||||
ports:
|
||||
- containerPort: 80
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: config
|
||||
- secretRef:
|
||||
name: oidc-client-secret
|
||||
- secretRef:
|
||||
name: smtp-secret
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
memory: "200Mi"
|
||||
limits:
|
||||
cpu: "2"
|
||||
memory: "4Gi"
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: vaultwarden-data
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: passwords-ingressroute
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`passwords.kluster.moll.re`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: passwords-web
|
||||
port: 80
|
||||
|
||||
tls:
|
||||
certResolver: default-tls
|
||||
@@ -1,18 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- configmap.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
- oidc.sealedsecret.yaml
|
||||
- smtp.sealedsecret.yaml
|
||||
|
||||
namespace: passwords
|
||||
|
||||
images:
|
||||
- name: vaultwarden
|
||||
newName: vaultwarden/server
|
||||
newTag: testing # required for SSO support
|
||||
@@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: placeholder
|
||||
@@ -1,18 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oidc-client-secret
|
||||
namespace: passwords
|
||||
spec:
|
||||
encryptedData:
|
||||
SSO_AUTHORITY: AgCuaACGgTZhrOv5FDVbPIzVusjzvbwgrogCt1kZJsX7K3G1vCWZDRzPMJ06k0Ofb5Yvby/AcKx0UyPJwWDmhlk7geuYzG1G1pBk97fNTOzac7ZheCZ68LFshalT5F6dMJBSMTRz+uG3N+MztCyvCcKUxYUIkGbopf7is12FJhEIKNbrQe4C5H2SVHSIZ8udE4Nv2HqertLVKE9Z7CNmq4KV3UBAGqJEqBkITsN/qhgpHOjY1dQKK5myL89BYERQGBdoqKSUYJOZiEoINwj161QtG/H2Y9n6xlAVO4irsva/6m1BjA/7wfWAK8RJGX8N1e9axlxgIUH7HAA/bh+riLKvQea23NRqT9bsIOy+FRNEqTWXM4FiNxtmufi9gRHnLyQhrSQAB4Zuyzelsqn+aKDlCFGkE3NLuquychWly24pLtNa+9UPPOm0BZhbOzXOObXJOzbFIoBqxcKkwen3ca1YjyqOK1DryJevjczLVuWY+NprnjlH6BgdTyqPnI+FyXhLRa3nJCafkVfNaIJW8n1+P0hKiEwGVXiyU0fR40DaueBR8F8jr5MKlEFvdwJ8/IvkfMZUsccPVYIYw08Ama+vFrJidPvicM8gNpkqoU2TnSEEjBk0eX9jd6ahiwffE9s01uQFjcr6rNL+SiYXJCpp/Ti8v0iJ4C5ID9h0GS7v4IBOUYCGRYfWrYUlp3LFMB6Saq4a4DhTlxC3cORn0ini8dUPJLq0x8n1rzGt
|
||||
SSO_CLIENT_ID: AgB1oES4V0P53fkAch+aDkCHd6seVExYMGCU72H8Slky0j4FZ5LjtBpzGxro8sxxr/Ri2wEc1f+TC2hHWbdtUNwE3SwA0McPODS0nmmxPkSj1ZRHlVQtG9TkFdEHEeWJnECHX0y6hp/qbdYxF+2Pgz9YQtbdi8r49H2iwqfD/8/ojMzlvpdOJRdE+K/aYQ8Q08GBZCusLm8vCW+bDn6U9+aj72SCH0i91xoPWI6P9v96mcWOipK0COhYl32ypz5GLaNpyIhDccJvrAzVKZ0tGX01t6+JT2f0lZc2jjVosTk0nPhLTQdLYJC1TboPtqwzaRWwV/lm+St07cSaaxMT0CHqmoxwiqazNNgkgPzddOaduTpbid2I1rH/2jYKD8uY5UKTZYa+wxXF8KQBMCyRw2k1bdebvc20z53T0UtmRkquKXVq1WyOTZEH4bhqVapuMjyAF9vzR7Juga6lF9P68Er8lYr5MGeimslyRUVfrqdA4VTFO6sALHyrpkuYdHIwEi5ZlNb2pRzqaBFeQaaJYgiXPZMhcIRIfEOU8JQ5FWu++OzM75RF2YA1Ww70SZxHANn/K/ksyAqhZNgNFRm++6YQKfBI6z+N6ObjJPJE3J/WCHGCmVCQRa7lg73THqPXeqvfoSDgH8nTHamg8AshAKWxJuTD9mPXN4TqbxBuXuQBa9UGu/HNBMpYo2hHEHYIr42XZwScpo5qvo4RUQ==
|
||||
SSO_CLIENT_SECRET: AgBzGmskaj/eliwfsOzdRb1PdiSJC9vLr7CyCAqQ4QmxVXOSVbiJu39ud2alH+Rx8UZ51l5Wd9CkyizyVpD8AgREk8fpE8V0cRlDplj/OmGSJ5VtNyLLJko13PkPAB2scexapZ/PxZpJEkH5ONPvzvVKC8liUoz1XoEQEWAgDkSiRqgt1aVm4v1Fvl0Ift3eJtkWkU6xGrL7OwTnV/nCaNt6w7Fd/37uWYgosGvQivcy11/QoppgVARCWrFl9ZjjsimV5i2hfoRXvd+saUuMvRfD95+POB6+hRK0fvbnARXW0ePj7W9oWG9fAhSA7S/J0cnx3zFjpJ8QBvaHYXJ+rsDHsxlqRSFUVXgMGZ5cISTzIjPWaVRv5cU3WK0vEeT2gPHsebTX6JgguzT728rZA2r7BuMZF20f89GeV21iYksABWMC1MYwGfScBPHfyDqxhgc39wxZTdH5gz9/DhuHd5+0iLjwIwqsStqVu6W1SqpuFd0psfyVNFY0DkDS28gcliRPSNF0bJEA7QIsDl5NVAl1fXEG4QrJMQx6i5BTrfI6HDYW0nq3fT/fPlSipmbUf4OWQVTrEmot5UvFDowBemZNG2Z2+vgAE0bbnQKeqAifUr7KMUGf9bmj42r8x1TLiDAyI9h5iSU/y4WHLpzxg2GNgkLQ0mKcAJ/xHnaWNti/dr2pwzCSx2Apmvps8/AVuYP+unRxmlstYl1ko+esv4agfbg/43H2/dkNeA+5iQw=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oidc-client-secret
|
||||
namespace: passwords
|
||||
type: Opaque
|
||||
@@ -1,11 +0,0 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: vaultwarden-data
|
||||
spec:
|
||||
storageClassName: "nfs-client"
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
@@ -1,10 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: passwords-web
|
||||
spec:
|
||||
selector:
|
||||
app: passwords
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
@@ -1,21 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smtp-secret
|
||||
namespace: passwords
|
||||
spec:
|
||||
encryptedData:
|
||||
SMTP_FROM: AgAbhbyTdArio1wEn4/zj+AK4YaLyMtMkaPFqtVOU8UWAtEg8ko/tIXHj7nn/NVQt6sS2O9x02ShoVJC1HXqzG8reMLkzZg5cb0wtCSNpzHnLH2voH1p4KrgnHo1AznIkXoajcOHjWSYQ2/rAeCmuuEfPZ7jOWNMN2c5GWqm0mXsfqAUVxznC8sHCmIVdeHUcSaLRpwnvr2fjSrOqh+AI6df3tzCpQjfu+zf4Z2JSgvAPLCyCzj9NDDFqawpRRHinhbXk34ZYO00CrjCMqnxaBev7qXmPeDx4eTPR8WNyMzdO2Yx5vmmXNay+QhoO3eP6leQQyaGtYkQSep35wMyA46MmM+A4nQCMIFPFzBGAqle32L+u6KP5D9GWtmiGXWmdM8LOf2qt1wKiEfEZXldtc3hoKjM4NTb+0wgUXE+ZpVOQiorGta6jhAwJYhTDPO0rP6lC31G9EQ9bI5N+OpZpRK+EELNPrjEfTIfPUMg40B9DG3WK5yXTmC3DvHsCj25dnKokNvxcaZ3EhG6+k/5Z5zTESAMWuGepr34ROE5a0+zRLcOfVD9S5QwpqIxi8GJJuJvI/SAjUEPLY7pPsBLYKMl3zAGgAcI8yjAWhurgVS1DKhufTmp+hh+JypyLnCc4hUJIXaRwSJrBhezsajkxMmORboHM/d19SmUorzczo2i54LtTTTIRfAWui/EWc3QCSbfoPF6asESXD45M/yblI++EVfc
|
||||
SMTP_HOST: AgA2KfKxxUvzHrkbL4ZDUU/TuylhnhRSm3OGVSVGt54OFJqBuh4fCA2PSPzw84Kh46zJjX8vh5fjzN00gfHfqtm0K4W1D+i+UAz/JAIcQVAjPyjgVNPZUSNSrZrV2CDRMJ8HhbVYx8xiRb2kHV+HTjtINccdxjxR+OpfMn1lb+aA3zoI8yv9s2pkVrt1+T1GepXm9KMCd+rS3XSx2w9ujkPTaT3MwY66l/1i6agpY3MtNVXt+Y8pK9yx5mhjNRAnyfbCZfHzaswKGfDetOzkfmSy3ddP22uHOjbEKp99yQPxgY0bNwGhA137oUAgzmWu0Yn9z3KFz0G2as/tKTQT5240aJlHzFSsWfbW4Y4DQahQzbF45aS61SlKAsSXzPc/kyEE/Tizuh3eACY6yfw6Zs+R1y5Y27oS5/GNyAYdk/acM/C0nO3da5qBL0ItzMKYy3kufbOvDwt9na0uWV32JusYAeP81e9LRcxO7+a/oFlmwBtFMLExXWQEHwIIwWFC6RGlF0OOfZN9mXsqr1IDlRvDWN4b/YXkFQJBpySByxQ0xYUeHOAFSacGC8rPq68Scc7djyq8mTh87plBQzo4FL/rAch61Mmlp4VVsN6hyJ50CC1qfzsZ0bcFd+lh45T+lSg5OSGrw14F/01dhS5EoH5DVv6Ug9UY+0q0w1iST+6KH4/nxTJe/lBF9eAQEU+FHvyUfVZksHua0jdCQKSxXzLp
|
||||
SMTP_PASSWORD: AgBf3JVFUU16IVhPBcYkzZY4Qn5tNRahtsGygd8E6WGAxw90MY9/gmm+LWAEAYWc4ZNonCZiGR+JegkN4nmmxpiseYShW2Dp3rH33BOmVSAvnQttTCq4zV8jEk52Y49hmpIvEVh9nO6UVP4KujnEqz7rnL6I6dIsdkyXdDjZTnSgZlkn7FaAkfEdmpRtYH31qYOa8TyL0Q7PIzr/sJGn0YKvSH7a6w0FJ9RV0+t4pNuqLpiPltMX9B7RLLNm+TgzO37oA3cePAAtUR0PXFW8GnCB0KcAeoqZFc4UAzhwp9FX6oa7KUfvoWAq0RHzJfdAa8laVJtZcWP1lLOgyW6z7PeoUahjFscfDisp2aRl4jAIV5ZaOe3ZAYGOMFR0VyIt1vCaYKtdplSzlNVlGj8jvLY1rg5VVnXHNheaqmL1xAhB8uCCIcRKquCSU0wvd6YBKrUIDJX9d9IXkLvVfvAhdBnTLSkMHJErxWvu2dRm5HqiiGrvRjJewIz4n8rwUapykKX8ujlu9mf6sGxGuVbaOU+gZrNSIffz5GUewf38ZHcidAiPVsA6WnX93ZDVfZk0xObrzUQ+s4dmlZMrQFgvhv9Q2zJP0cEtMnGPsTy8klC4FeYVEWJyAXCyt3+2MbUZYf2H+yCOnHeRkzOejrrfvEep3BF8dzKmYnrmNClP2skZEPr2afttUo8a5CTs6gX6mckplUqHz2R4oi8/kispJf8Y
|
||||
SMTP_PORT: AgCYfANfQLW15FIgRb0AQoBXJ7mOBh8vb59eelZdm1aX66GlXMQOIi9yAIm/2fe1xOsYui+6do4JV7xlvYBOkC8JJ3MNZLdTrepRf6ejuM8QI7V7L2lXsRrPIqLEJOfO/rn3tHnuWbfXOw7UdSvt7x2BoB1XWGZuigsa66FGkTSCMlqKhJJngeSu5VeFGpSc4LANL/XGnXNc4tQdpZN9AjpPdSUTpexgY10Zd4ppvBR174XidRabe4WDs9H6uZj92Bpht3axq0fEYRwkDiNPQLFx8kkOKCU98xV7RVyqT8UnRE/Q+eng26lGNMa+c3bbN/6MYUmSe2RU2Ymaz2AJqMOBn72Y4blDMgOdrZEz/ITiOE3zzZG890qFq/lfLueIEwd7LmBpAZMDzsKYWs+7UI1EKAfavWIO9BUoH9JbVkUgAQ7YtPXLCxUeBvMTci5YlZKmNyhMP2fWnqYvhZXJNZYJqHEbtTQGAoLuD/5xupVhB0ouguwkjRvGwLHpQncbFfybhWIflcVjAgHH3AelKyhWNDLNZatIVqWIfmEcZpj1CbNbO3Pzb/kSa57cNZc0S/N/rrYQKR8vK6vpXxrmC5MouhdH0x45ONA2GqXHehqgdNayN8T6y3xfY7UqSUbksM2smWFY0gxqBoFdEkosSyvFPpqQnAzbiJWlsQDmSTmj0dodENotHQhRdrZSEuhFGkI7MVaW
|
||||
SMTP_SECURITY: AgApP3Kzb1qAZCassr3Q2YPCcc4zi0Py0ezXnixHF0GXVjbyEjjw+5EZ6LmtE4In+hu7HXhYKqwVi50VXmtb1sI17wK3hF8EXa+4jSZtAo/PKKKh4CkVVFqwIjyvtdnokXIJUkSHDMnIWLFG9Lblr5qib8tUyeyJH6vzbC7ai/nXZ7amGTJOx2HLKPal7QM1y7TAdeee1IFdlg05vJ/Dp2+EY13DLWwNvTr5+DgBVDGKALwHu54KnuKJCuXtptZvS1PuVL+55sEByUikU00u8ZZ0GVSNIJFHfYjtYMHWbw1gUiKvUb0GngEQ58/v8QPTsZNTDWcUjONy1ncGGQT7mrsarCZvY5EzJmWQgkzrLcEKOtQfSEJZvUAaxTa3WgvfUchhMAkLYN4Bml+wajQfnjmyKpPsMc11n4yQ0O+5pu17lIImtLiMA2+g1dSDs0mr6+AQIjOw6TDwU7u/7qM1xTUUvWBiOHaT4xnDi6TYOEHiQmGLXVz1TYCX1RX7Y0RtHkZHPTPACs+zY6VfWEaxFgK0r8+aykgRGMZLSsw+MVwzgxWt96iLQLpcO1qVhLpbOKFFdtxbava3FiSRlLdGHRX12WVcFmn2gun0SsxF2HAg5fT2Kt7aC9qSVoxH5ExtDg2uVFVpeltFPZ3UyyOLhXhwGF1VJR4tCts/MJKD0pWOpKCe92LMm4FGjt4ytWlMErbcfIbtCy1oqQ==
|
||||
SMTP_USERNAME: AgAWUwitsOQ1MGS4mJ4UzNsLvL8sgtVuMlua6sTdukpFPfZEcZaHBgWzw+Rv0HKCn8ebjp4dfGzmr/cIiMRGRe/ZbA8f6FMQg4lIlmHIJ1EbpGmfRL9m2bJRfl/aNifxTZD6Qgk4JBzlZIlwI6d9xB51sjFAPnEJmTM4AhC7bAhtTGHWLLdn33bXW/+aBWEz465cQdksTrketrHbz6O/Z77bL6Zh+zNwS7AwoQ2bUg/g9ORjRBirYJcojEYdQeDeBNWN3VUrbWENF/ouISvgSJFKeka/G2a9lMNbraSSLlru2xZOLdM5OTald+mi+VgdTDARiJFPL5tyhdUMe+8ZpIG1t2dUEasZZernXpoHyOckijufN92zyxfdXJu0RPIkC1w9zH5ArpoYjCxIzHz6e/wMvjqfEPbE7FtMfGHlzZZCikjt2+8+sDJ/mApgqYKNo68v6773ou6P0HTrti9fM8e2jlZ/nfe3xnzQL2XNjIC5wBc+f825y0U37QduoEeDCE+R3Uihxjq7dAg0omeNeKXChUJkPaX7QvDr1TnXaqSZZgoXZ3U0WujF9Z6A34CwAjJY0ao55ggwai0w0FyFOdUDv5P/bQU+1ex5l5m94MG3KwLmy9Pb3xyDXzpB9oWIskaBzN+v1XdWSRoRzzoZHV/KFJ1HYn1m4yww/JgAxTqiq4pNPKdxDGX+pL4e7U0SmuEPIRw85PpA
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smtp-secret
|
||||
namespace: passwords
|
||||
type: Opaque
|
||||
@@ -9,6 +9,6 @@ namespace: pg-ha
|
||||
helmCharts:
|
||||
- name: cloudnative-pg
|
||||
releaseName: pg-controller
|
||||
version: 0.26.1
|
||||
version: 0.24.0
|
||||
valuesFile: values.yaml
|
||||
repo: https://cloudnative-pg.io/charts/
|
||||
|
||||
@@ -11,4 +11,4 @@ resources:
|
||||
images:
|
||||
- name: renovate/renovate
|
||||
newName: renovate/renovate
|
||||
newTag: "41"
|
||||
newTag: "40"
|
||||
|
||||
@@ -9,4 +9,4 @@ resources:
|
||||
images:
|
||||
- name: controller
|
||||
newName: docker.io/bitnami/sealed-secrets-controller
|
||||
newTag: 0.32.2
|
||||
newTag: 0.29.0
|
||||
|
||||
@@ -5,15 +5,15 @@ metadata:
|
||||
data:
|
||||
traefik.toml: |
|
||||
[ping]
|
||||
|
||||
|
||||
[global]
|
||||
checkNewVersion = false
|
||||
# renovate does that
|
||||
sendAnonymousUsage = false
|
||||
|
||||
|
||||
[log]
|
||||
level = "INFO"
|
||||
|
||||
|
||||
[accessLog]
|
||||
[accessLog.fields]
|
||||
defaultMode = "keep"
|
||||
@@ -41,17 +41,17 @@ data:
|
||||
dashboard = true
|
||||
insecure = true
|
||||
debug = false
|
||||
|
||||
|
||||
[providers]
|
||||
[providers.kubernetesCRD]
|
||||
allowCrossNamespace = true
|
||||
[providers.kubernetesIngress]
|
||||
allowExternalNameServices = true
|
||||
ingressClass = "traefik"
|
||||
ingressClass = "traefik"
|
||||
|
||||
[serversTransport]
|
||||
insecureSkipVerify = true
|
||||
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
@@ -66,13 +66,13 @@ data:
|
||||
[entryPoints.websecure.forwardedHeaders]
|
||||
insecure = true
|
||||
# forward ip headers no matter where they come from
|
||||
|
||||
|
||||
[entryPoints.metrics]
|
||||
address = ":9100"
|
||||
|
||||
|
||||
[entryPoints.traefik]
|
||||
address = ":8080"
|
||||
|
||||
address = ":9000"
|
||||
|
||||
[entryPoints.dnsovertls]
|
||||
address = ":8853"
|
||||
# route dns over https to other pods but provide own certificate
|
||||
|
||||
@@ -13,6 +13,6 @@ namespace: traefik-system
|
||||
helmCharts:
|
||||
- name: traefik
|
||||
releaseName: traefik
|
||||
version: 37.2.0
|
||||
version: 35.4.0
|
||||
valuesFile: values.yaml
|
||||
repo: https://traefik.github.io/charts
|
||||
|
||||
@@ -23,7 +23,8 @@ ingressClass:
|
||||
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||
enabled: true
|
||||
isDefaultClass: true
|
||||
|
||||
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||
fallbackApiVersion: ""
|
||||
|
||||
# Activate Pilot integration
|
||||
pilot:
|
||||
@@ -66,11 +67,10 @@ providers:
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
allowExternalNameServices: true
|
||||
# Ingresses missing the annotation, having an empty value, or the value traefik are processed by default.
|
||||
# ingressClass: traefik
|
||||
ingressClass: traefik
|
||||
# labelSelector: environment=production,method=traefik
|
||||
|
||||
|
||||
|
||||
|
||||
# Additional volumeMounts to add to the Traefik container
|
||||
additionalVolumeMounts:
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: argocd-application
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: infrastructure
|
||||
source:
|
||||
repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
|
||||
targetRevision: main
|
||||
path: infrastructure/argocd
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: false
|
||||
# since other argo projects are added to this namespace (but not managed in this repo), they should not be deleted even though they are not referenced in this manifest
|
||||
selfHeal: true
|
||||
@@ -1,4 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- application.yaml
|
||||
@@ -9,9 +9,6 @@ resources:
|
||||
# - bootstrap-repo.sealedsecret.yaml already set for app of apps
|
||||
- gitea-repo.sealedsecret.yaml
|
||||
|
||||
# let argocd manage its own namespace
|
||||
- argocd/
|
||||
|
||||
# infrastructure apps
|
||||
- projects.yaml
|
||||
- nfs-provisioner/
|
||||
@@ -25,7 +22,6 @@ resources:
|
||||
- external-services/
|
||||
- monitoring/application.yaml
|
||||
- authelia/
|
||||
- passwords/
|
||||
|
||||
# simple apps
|
||||
- adguard/
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: passwords-application
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: infrastructure
|
||||
source:
|
||||
repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
|
||||
targetRevision: main
|
||||
path: infrastructure/passwords
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: passwords
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
ignoreDifferences:
|
||||
- group: apps/v1
|
||||
kind: Deployment
|
||||
jsonPointers:
|
||||
- /metadata/annotations
|
||||
@@ -1,4 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- application.yaml
|
||||
@@ -2,8 +2,7 @@
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"dependencyDashboard": true,
|
||||
"extends": [
|
||||
"local>remoll/k3s-infra//apps/immich/renovate.json",
|
||||
"local>remoll/k3s-infra//infrastructure/external-dns/renovate.json"
|
||||
"local>remoll/k3s-infra//apps/immich/renovate.json"
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user