init
This commit is contained in:
10
manifests/argo/argo-cmd-params.yaml
Normal file
10
manifests/argo/argo-cmd-params.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
# https://kubernetes.io/docs/concepts/configuration/configmap/
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: argocd-cmd-params-cm
|
||||
namespace: argocd
|
||||
data:
|
||||
server.insecure: true
|
||||
---
|
||||
|
||||
0
manifests/argo/argocd.yaml
Normal file
0
manifests/argo/argocd.yaml
Normal file
12
manifests/argo/cert.yaml
Normal file
12
manifests/argo/cert.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: argo-tls
|
||||
namespace: argocd
|
||||
spec:
|
||||
secretName: argo-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- argo.milasholsting.dk
|
||||
27
manifests/argo/ingress.yaml
Normal file
27
manifests/argo/ingress.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: argocd-server
|
||||
namespace: argocd
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- kind: Rule
|
||||
match: Host(`argo.milasholsting.dk`)
|
||||
priority: 10
|
||||
services:
|
||||
- name: argocd-server
|
||||
port: 80
|
||||
- kind: Rule
|
||||
match: Host(`argo.milasholsting.dk`) && Header(`Content-Type`, `application/grpc`)
|
||||
priority: 11
|
||||
services:
|
||||
- name: argocd-server
|
||||
port: 80
|
||||
scheme: h2c
|
||||
tls:
|
||||
secretName: argo-tls
|
||||
domains:
|
||||
- main: argo.milasholsting.dk
|
||||
|
||||
33375
manifests/argo/install.yaml
Normal file
33375
manifests/argo/install.yaml
Normal file
File diff suppressed because it is too large
Load Diff
8
manifests/argo/kustomization.yaml
Normal file
8
manifests/argo/kustomization.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
namespace: argocd
|
||||
|
||||
resources:
|
||||
- ./install.yaml
|
||||
- ./namespace.yaml
|
||||
- ./ingress.yaml
|
||||
- ./cert.yaml
|
||||
- ./argo-cmd-params.yaml
|
||||
4
manifests/argo/namespace.yaml
Normal file
4
manifests/argo/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: argocd
|
||||
12
manifests/cert-manager/hetzner-cert-manager.yaml
Normal file
12
manifests/cert-manager/hetzner-cert-manager.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: hetzer-cert-manager
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
repo: https://charts.hetzner.cloud
|
||||
chart: cert-manager-webhook-hetzner
|
||||
targetNamespace: cert-manager
|
||||
version: 0.7.0
|
||||
valuesContent: |-
|
||||
|
||||
4
manifests/cert-manager/kustomization.yaml
Normal file
4
manifests/cert-manager/kustomization.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
resources:
|
||||
- ./hetzner-cert-manager.yaml
|
||||
- ./secret.yaml
|
||||
- ./rbac.yaml
|
||||
24
manifests/cert-manager/rbac.yaml
Normal file
24
manifests/cert-manager/rbac.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cert-manager-webhook-hetzner:solver
|
||||
rules:
|
||||
- apiGroups:
|
||||
- acme.hetzner.com
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- 'create'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: cert-manager-webhook-hetzner:solver
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cert-manager-webhook-hetzner:solver
|
||||
subjects:
|
||||
- name: cert-manager
|
||||
namespace: cert-manager
|
||||
kind: ServiceAccount
|
||||
8
manifests/cert-manager/secret.yaml
Normal file
8
manifests/cert-manager/secret.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: hetzner-secret
|
||||
namespace: cert-manager
|
||||
type: Opaque
|
||||
stringData:
|
||||
api-token: "Sv4A7eb7nIqsX92vyN78czp4tzqlNP7T8EiocupF5oxY7K6ZMMGGFrgTKmJPs77C"
|
||||
14
manifests/devops/gitea-admin-secret.yaml
Normal file
14
manifests/devops/gitea-admin-secret.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
# https://kubernetes.io/docs/concepts/configuration/secret/
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gitea-admin
|
||||
namespace: devops
|
||||
type: Opaque
|
||||
stringData:
|
||||
username: admin
|
||||
password: SuperSecertPassword1234
|
||||
# Example:
|
||||
# password: {{ .Values.password | b64enc }}
|
||||
---
|
||||
|
||||
50
manifests/devops/gitea.yaml
Normal file
50
manifests/devops/gitea.yaml
Normal file
@@ -0,0 +1,50 @@
|
||||
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: gitea
|
||||
namespace: devops
|
||||
spec:
|
||||
repo: https://dl.gitea.io/charts/
|
||||
chart: gitea
|
||||
targetNamespace: devops
|
||||
version: 12.5.3
|
||||
valuesContent: |-
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: commitgo/gitea-ee
|
||||
tag: 25.4.3
|
||||
rootless: true
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
hosts:
|
||||
- host: gitea.milasholsting.dk
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: gitea-tls
|
||||
hosts:
|
||||
- gitea.milasholsting.dk
|
||||
|
||||
gitea:
|
||||
admin:
|
||||
existingSecret: gitea-admin
|
||||
config:
|
||||
server:
|
||||
DOMAIN: gitea.milasholsting.dk
|
||||
ROOT_URL: https://gitea.milasholsting.dk/
|
||||
|
||||
persistence:
|
||||
size: 20Gi
|
||||
storageClass: local-path
|
||||
46
manifests/devops/giteaChartConfig.yaml
Normal file
46
manifests/devops/giteaChartConfig.yaml
Normal file
@@ -0,0 +1,46 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChartConfig
|
||||
metadata:
|
||||
name: gitea
|
||||
namespace: devops
|
||||
spec:
|
||||
valuesContent: |-
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: commitgo/gitea-ee
|
||||
tag: 25.4.3
|
||||
rootless: true
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
hosts:
|
||||
- host: gitea.milasholsting.dk
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- secretName: gitea-tls
|
||||
hosts:
|
||||
- gitea.milasholsting.dk
|
||||
|
||||
gitea:
|
||||
admin:
|
||||
existingSecret: gitea-admin
|
||||
config:
|
||||
server:
|
||||
DOMAIN: gitea.milasholsting.dk
|
||||
ROOT_URL: https://gitea.milasholsting.dk/
|
||||
|
||||
persistence:
|
||||
size: 20Gi
|
||||
storageClass: local-path
|
||||
|
||||
6
manifests/devops/kustomization.yaml
Normal file
6
manifests/devops/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
namespace: devops
|
||||
|
||||
resources:
|
||||
- ./namespace.yaml
|
||||
- ./gitea-admin-secret.yaml
|
||||
- ./gitea.yaml
|
||||
4
manifests/devops/namespace.yaml
Normal file
4
manifests/devops/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: devops
|
||||
13
manifests/s3/cert.yaml
Normal file
13
manifests/s3/cert.yaml
Normal file
@@ -0,0 +1,13 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: rustfs-cert
|
||||
namespace: s3storage # Ensure this matches your app's namespace
|
||||
spec:
|
||||
secretName: rustfs-tls-cert
|
||||
issuerRef:
|
||||
name: letsencrypt-prod # This must match your ClusterIssuer name
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- s3.milasholsting.dk
|
||||
- console.s3.milasholsting.dk
|
||||
8
manifests/s3/kustomization.yaml
Normal file
8
manifests/s3/kustomization.yaml
Normal file
@@ -0,0 +1,8 @@
|
||||
namespace: s3storage
|
||||
|
||||
resources:
|
||||
- ./rustfs.yaml
|
||||
- ./namespace.yaml
|
||||
- ./rustfs-ingress.yaml
|
||||
- ./rustfsChartConfig.yaml
|
||||
# - ./cert.yaml
|
||||
4
manifests/s3/namespace.yaml
Normal file
4
manifests/s3/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: s3storage
|
||||
26
manifests/s3/rustfs-ingress.yaml
Normal file
26
manifests/s3/rustfs-ingress.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: rustfs-ingress
|
||||
namespace: s3storage
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`s3.milasholsting.dk`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: rustfs-svc
|
||||
port: 9000
|
||||
sticky:
|
||||
cookie:
|
||||
httpOnly: true
|
||||
name: s3-routing
|
||||
secure: true
|
||||
- match: Host(`console.s3.milasholsting.dk`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: rustfs-svc
|
||||
port: 9001
|
||||
tls:
|
||||
secretName: rustfs-tls-cert
|
||||
32
manifests/s3/rustfs.yaml
Normal file
32
manifests/s3/rustfs.yaml
Normal file
@@ -0,0 +1,32 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChart
|
||||
metadata:
|
||||
name: rustfs
|
||||
namespace: s3storage
|
||||
spec:
|
||||
repo: https://charts.rustfs.com
|
||||
chart: rustfs
|
||||
targetNamespace: s3storage
|
||||
version: 0.0.82
|
||||
valuesContent: |-
|
||||
# Standalone mode: single pod with single PVC
|
||||
mode:
|
||||
standalone:
|
||||
enabled: true
|
||||
distributed:
|
||||
enabled: false
|
||||
|
||||
# Optional: adjust storage sizes (default 256Mi each)
|
||||
storageclass:
|
||||
name: local-path
|
||||
dataStorageSize: 15Gi
|
||||
logStorageSize: 1Gi
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
# Optional: change default credentials
|
||||
secret:
|
||||
rustfs:
|
||||
access_key: rustfsadmin
|
||||
secret_key: f82g6toxn5xlwac6cd8bjwfl
|
||||
|
||||
28
manifests/s3/rustfsChartConfig.yaml
Normal file
28
manifests/s3/rustfsChartConfig.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChartConfig
|
||||
metadata:
|
||||
name: rustfs
|
||||
namespace: s3storage
|
||||
spec:
|
||||
valuesContent: |-
|
||||
# Standalone mode: single pod with single PVC
|
||||
mode:
|
||||
standalone:
|
||||
enabled: true
|
||||
distributed:
|
||||
enabled: false
|
||||
|
||||
# Optional: adjust storage sizes (default 256Mi each)
|
||||
storageclass:
|
||||
name: local-path
|
||||
dataStorageSize: 15Gi
|
||||
logStorageSize: 1Gi
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
# Optional: change default credentials
|
||||
secret:
|
||||
rustfs:
|
||||
access_key: rustfsadmin
|
||||
secret_key: f82g6toxn5xlwac6cd8bjwfl
|
||||
Reference in New Issue
Block a user