This commit is contained in:
2026-05-05 00:26:41 +02:00
commit 7587c86541
32 changed files with 33914 additions and 0 deletions

View File

@@ -0,0 +1,10 @@
# https://kubernetes.io/docs/concepts/configuration/configmap/
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmd-params-cm
namespace: argocd
data:
server.insecure: true
---

View File

12
manifests/argo/cert.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: argo-tls
namespace: argocd
spec:
secretName: argo-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames:
- argo.milasholsting.dk

View File

@@ -0,0 +1,27 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: argocd-server
namespace: argocd
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`argo.milasholsting.dk`)
priority: 10
services:
- name: argocd-server
port: 80
- kind: Rule
match: Host(`argo.milasholsting.dk`) && Header(`Content-Type`, `application/grpc`)
priority: 11
services:
- name: argocd-server
port: 80
scheme: h2c
tls:
secretName: argo-tls
domains:
- main: argo.milasholsting.dk

33375
manifests/argo/install.yaml Normal file

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,8 @@
namespace: argocd
resources:
- ./install.yaml
- ./namespace.yaml
- ./ingress.yaml
- ./cert.yaml
- ./argo-cmd-params.yaml

View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: argocd

View File

@@ -0,0 +1,12 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: hetzer-cert-manager
namespace: cert-manager
spec:
repo: https://charts.hetzner.cloud
chart: cert-manager-webhook-hetzner
targetNamespace: cert-manager
version: 0.7.0
valuesContent: |-

View File

@@ -0,0 +1,4 @@
resources:
- ./hetzner-cert-manager.yaml
- ./secret.yaml
- ./rbac.yaml

View File

@@ -0,0 +1,24 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cert-manager-webhook-hetzner:solver
rules:
- apiGroups:
- acme.hetzner.com
resources:
- '*'
verbs:
- 'create'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cert-manager-webhook-hetzner:solver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-webhook-hetzner:solver
subjects:
- name: cert-manager
namespace: cert-manager
kind: ServiceAccount

View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: hetzner-secret
namespace: cert-manager
type: Opaque
stringData:
api-token: "Sv4A7eb7nIqsX92vyN78czp4tzqlNP7T8EiocupF5oxY7K6ZMMGGFrgTKmJPs77C"

View File

@@ -0,0 +1,14 @@
# https://kubernetes.io/docs/concepts/configuration/secret/
apiVersion: v1
kind: Secret
metadata:
name: gitea-admin
namespace: devops
type: Opaque
stringData:
username: admin
password: SuperSecertPassword1234
# Example:
# password: {{ .Values.password | b64enc }}
---

View File

@@ -0,0 +1,50 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: gitea
namespace: devops
spec:
repo: https://dl.gitea.io/charts/
chart: gitea
targetNamespace: devops
version: 12.5.3
valuesContent: |-
image:
registry: docker.io
repository: commitgo/gitea-ee
tag: 25.4.3
rootless: true
pullPolicy: IfNotPresent
service:
http:
type: ClusterIP
ssh:
type: ClusterIP
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
hosts:
- host: gitea.milasholsting.dk
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- gitea.milasholsting.dk
gitea:
admin:
existingSecret: gitea-admin
config:
server:
DOMAIN: gitea.milasholsting.dk
ROOT_URL: https://gitea.milasholsting.dk/
persistence:
size: 20Gi
storageClass: local-path

View File

@@ -0,0 +1,46 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: gitea
namespace: devops
spec:
valuesContent: |-
image:
registry: docker.io
repository: commitgo/gitea-ee
tag: 25.4.3
rootless: true
pullPolicy: IfNotPresent
service:
http:
type: ClusterIP
ssh:
type: ClusterIP
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
hosts:
- host: gitea.milasholsting.dk
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- gitea.milasholsting.dk
gitea:
admin:
existingSecret: gitea-admin
config:
server:
DOMAIN: gitea.milasholsting.dk
ROOT_URL: https://gitea.milasholsting.dk/
persistence:
size: 20Gi
storageClass: local-path

View File

@@ -0,0 +1,6 @@
namespace: devops
resources:
- ./namespace.yaml
- ./gitea-admin-secret.yaml
- ./gitea.yaml

View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: devops

13
manifests/s3/cert.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: rustfs-cert
namespace: s3storage # Ensure this matches your app's namespace
spec:
secretName: rustfs-tls-cert
issuerRef:
name: letsencrypt-prod # This must match your ClusterIssuer name
kind: ClusterIssuer
dnsNames:
- s3.milasholsting.dk
- console.s3.milasholsting.dk

View File

@@ -0,0 +1,8 @@
namespace: s3storage
resources:
- ./rustfs.yaml
- ./namespace.yaml
- ./rustfs-ingress.yaml
- ./rustfsChartConfig.yaml
# - ./cert.yaml

View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: s3storage

View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: rustfs-ingress
namespace: s3storage
spec:
entryPoints:
- websecure
routes:
- match: Host(`s3.milasholsting.dk`)
kind: Rule
services:
- name: rustfs-svc
port: 9000
sticky:
cookie:
httpOnly: true
name: s3-routing
secure: true
- match: Host(`console.s3.milasholsting.dk`)
kind: Rule
services:
- name: rustfs-svc
port: 9001
tls:
secretName: rustfs-tls-cert

32
manifests/s3/rustfs.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: rustfs
namespace: s3storage
spec:
repo: https://charts.rustfs.com
chart: rustfs
targetNamespace: s3storage
version: 0.0.82
valuesContent: |-
# Standalone mode: single pod with single PVC
mode:
standalone:
enabled: true
distributed:
enabled: false
# Optional: adjust storage sizes (default 256Mi each)
storageclass:
name: local-path
dataStorageSize: 15Gi
logStorageSize: 1Gi
ingress:
enabled: false
# Optional: change default credentials
secret:
rustfs:
access_key: rustfsadmin
secret_key: f82g6toxn5xlwac6cd8bjwfl

View File

@@ -0,0 +1,28 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rustfs
namespace: s3storage
spec:
valuesContent: |-
# Standalone mode: single pod with single PVC
mode:
standalone:
enabled: true
distributed:
enabled: false
# Optional: adjust storage sizes (default 256Mi each)
storageclass:
name: local-path
dataStorageSize: 15Gi
logStorageSize: 1Gi
ingress:
enabled: false
# Optional: change default credentials
secret:
rustfs:
access_key: rustfsadmin
secret_key: f82g6toxn5xlwac6cd8bjwfl