This commit is contained in:
parent
79f73d2dd2
commit
7ac99af974
11
kubernetes/atuin/VaultAuth.yaml
Normal file
11
kubernetes/atuin/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: atuin
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/atuin/VaultStaticSecret-postgres-atuin.yaml
Normal file
14
kubernetes/atuin/VaultStaticSecret-postgres-atuin.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: postgres-atuin
|
||||||
|
namespace: atuin
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: postgres-atuin
|
||||||
|
mount: kv
|
||||||
|
path: atuin/postgres-atuin
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
6
kubernetes/atuin/kustomization.yaml
Normal file
6
kubernetes/atuin/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-postgres-atuin.yaml
|
||||||
|
- deployment.yaml
|
11
kubernetes/authentik/VaultAuth.yaml
Normal file
11
kubernetes/authentik/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: authentik
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: authentik-secrets
|
||||||
|
namespace: authentik
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: authentik-secrets
|
||||||
|
mount: kv
|
||||||
|
path: authentik/authentik-secrets
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: postgres-authentik
|
||||||
|
namespace: authentik
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: postgres-authentik
|
||||||
|
mount: kv
|
||||||
|
path: authentik/postgres-authentik
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,12 +1,15 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
helmCharts:
|
||||||
|
- kubeVersion: '1.30'
|
||||||
|
name: authentik
|
||||||
|
namespace: authentik
|
||||||
|
releaseName: authentik
|
||||||
|
repo: https://charts.goauthentik.io
|
||||||
|
valuesFile: ./authentik.yml
|
||||||
|
version: 2024.6.0
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: authentik
|
namespace: authentik
|
||||||
|
resources:
|
||||||
helmCharts:
|
- VaultAuth.yaml
|
||||||
- name: authentik
|
- VaultStaticSecret-postgres-authentik.yaml
|
||||||
repo: https://charts.goauthentik.io
|
- VaultStaticSecret-authentik-secrets.yaml
|
||||||
releaseName: authentik
|
|
||||||
namespace: authentik
|
|
||||||
version: 2024.6.0
|
|
||||||
valuesFile: ./authentik.yml
|
|
||||||
kubeVersion: "1.30"
|
|
||||||
|
|
11
kubernetes/cert-manager/VaultAuth.yaml
Normal file
11
kubernetes/cert-manager/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: cert-manager
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: cloudflare-cert-api
|
||||||
|
namespace: cert-manager
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: cloudflare-cert-api
|
||||||
|
mount: kv
|
||||||
|
path: cert-manager/cloudflare-cert-api
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
6
kubernetes/cert-manager/kustomization.yaml
Normal file
6
kubernetes/cert-manager/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: cert-manager
|
||||||
|
resources:
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-cloudflare-cert-api.yaml
|
11
kubernetes/cloudflare/VaultAuth.yaml
Normal file
11
kubernetes/cloudflare/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: cloudflare
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: cloudflare-exporter
|
||||||
|
namespace: cloudflare
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: cloudflare-exporter
|
||||||
|
mount: kv
|
||||||
|
path: cloudflare/cloudflare-exporter
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: tunnel-credentials
|
||||||
|
namespace: cloudflare
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: tunnel-credentials
|
||||||
|
mount: kv
|
||||||
|
path: cloudflare/tunnel-credentials
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,20 +1,22 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
helmCharts:
|
||||||
|
- kubeVersion: '1.30'
|
||||||
|
name: cloudflare-exporter
|
||||||
|
releaseName: cloudflare-exporter
|
||||||
|
repo: https://lablabs.github.io/cloudflare-exporter
|
||||||
|
valuesInline:
|
||||||
|
image:
|
||||||
|
tag: 0.0.16
|
||||||
|
secretRef: cloudflare-exporter
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
release: prometheus
|
||||||
|
version: 0.2.1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: cloudflare
|
namespace: cloudflare
|
||||||
resources:
|
resources:
|
||||||
- cloudflared.yml
|
- cloudflared.yml
|
||||||
|
- VaultAuth.yaml
|
||||||
helmCharts:
|
- VaultStaticSecret-tunnel-credentials.yaml
|
||||||
- name: cloudflare-exporter
|
- VaultStaticSecret-cloudflare-exporter.yaml
|
||||||
releaseName: cloudflare-exporter
|
|
||||||
version: 0.2.1
|
|
||||||
repo: https://lablabs.github.io/cloudflare-exporter
|
|
||||||
valuesInline:
|
|
||||||
image:
|
|
||||||
tag: "0.0.16"
|
|
||||||
secretRef: "cloudflare-exporter"
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
labels:
|
|
||||||
release: "prometheus"
|
|
||||||
kubeVersion: "1.30"
|
|
||||||
|
|
11
kubernetes/duplikate/VaultAuth.yaml
Normal file
11
kubernetes/duplikate/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: duplikate
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/duplikate/VaultStaticSecret-duplikate.yaml
Normal file
14
kubernetes/duplikate/VaultStaticSecret-duplikate.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: duplikate
|
||||||
|
namespace: duplikate
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: duplikate
|
||||||
|
mount: kv
|
||||||
|
path: duplikate/duplikate
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,20 +1,20 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
|
||||||
namespace: duplikate
|
|
||||||
resources:
|
|
||||||
- Deployment-duplikate.yaml
|
|
||||||
- InfisicalSecret-duplikate.yaml
|
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: redis
|
- name: redis
|
||||||
releaseName: duplikate-redis
|
releaseName: duplikate-redis
|
||||||
version: 18.6.1
|
|
||||||
repo: https://charts.bitnami.com/bitnami
|
repo: https://charts.bitnami.com/bitnami
|
||||||
valuesInline:
|
valuesInline:
|
||||||
|
architecture: standalone
|
||||||
auth:
|
auth:
|
||||||
enabled: false
|
enabled: false
|
||||||
architecture: standalone
|
|
||||||
image:
|
image:
|
||||||
registry: registry.redict.io
|
registry: registry.redict.io
|
||||||
repository: redict
|
repository: redict
|
||||||
tag: 7.3-compat
|
tag: 7.3-compat
|
||||||
|
version: 18.6.1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: duplikate
|
||||||
|
resources:
|
||||||
|
- Deployment-duplikate.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-duplikate.yaml
|
||||||
|
|
11
kubernetes/e6-gallery/VaultAuth.yaml
Normal file
11
kubernetes/e6-gallery/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: e6-gallery
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/e6-gallery/VaultStaticSecret-regcred.yaml
Normal file
14
kubernetes/e6-gallery/VaultStaticSecret-regcred.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: regcred
|
||||||
|
namespace: e6-gallery
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: regcred
|
||||||
|
mount: kv
|
||||||
|
path: e6-gallery/regcred
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
9
kubernetes/e6-gallery/kustomization.yaml
Normal file
9
kubernetes/e6-gallery/kustomization.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: e6-gallery
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-regcred.yaml
|
||||||
|
- e6-gallery.yaml
|
12
kubernetes/endpoints/Endpoints-secrets.yaml
Normal file
12
kubernetes/endpoints/Endpoints-secrets.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Endpoints
|
||||||
|
metadata:
|
||||||
|
name: secrets
|
||||||
|
namespace: endpoints
|
||||||
|
subsets:
|
||||||
|
- addresses:
|
||||||
|
- ip: 192.168.50.147
|
||||||
|
ports:
|
||||||
|
- name: vault
|
||||||
|
port: 8200
|
||||||
|
protocol: TCP
|
22
kubernetes/endpoints/Ingress-secrets.yaml
Normal file
22
kubernetes/endpoints/Ingress-secrets.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
||||||
|
name: secrets
|
||||||
|
namespace: endpoints
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: secrets.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- backend:
|
||||||
|
service:
|
||||||
|
name: secrets
|
||||||
|
port:
|
||||||
|
number: 8200
|
||||||
|
path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- secrets.gmem.ca
|
10
kubernetes/endpoints/Service-secrets.yaml
Normal file
10
kubernetes/endpoints/Service-secrets.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: secrets
|
||||||
|
namespace: endpoints
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: secrets
|
||||||
|
port: 8200
|
||||||
|
targetPort: 8200
|
|
@ -16,3 +16,6 @@ resources:
|
||||||
- Ingress-ibiza.yaml
|
- Ingress-ibiza.yaml
|
||||||
- Ingress-proxmox.yaml
|
- Ingress-proxmox.yaml
|
||||||
- Ingress-tokyo.yaml
|
- Ingress-tokyo.yaml
|
||||||
|
- Endpoints-secrets.yaml
|
||||||
|
- Ingress-secrets.yaml
|
||||||
|
- Service-secrets.yaml
|
||||||
|
|
11
kubernetes/homepage/VaultAuth.yaml
Normal file
11
kubernetes/homepage/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: homepage
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/homepage/VaultStaticSecret-homepage-config.yaml
Normal file
14
kubernetes/homepage/VaultStaticSecret-homepage-config.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: homepage-config
|
||||||
|
namespace: homepage
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: homepage-config
|
||||||
|
mount: kv
|
||||||
|
path: homepage/homepage-config
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,16 +1,16 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
helmCharts:
|
||||||
|
- kubeVersion: '1.30'
|
||||||
|
name: homepage
|
||||||
|
namespace: homepage
|
||||||
|
releaseName: homepage
|
||||||
|
repo: https://jameswynn.github.io/helm-charts
|
||||||
|
valuesFile: ./homepage.yaml
|
||||||
|
version: 1.2.3
|
||||||
|
kind: Kustomization
|
||||||
namespace: homepage
|
namespace: homepage
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- path: ./deployment.yaml
|
- path: ./deployment.yaml
|
||||||
|
resources:
|
||||||
helmCharts:
|
- ./VaultStaticSecret-homepage-config.yaml
|
||||||
- name: homepage
|
- ./VaultAuth.yaml
|
||||||
repo: https://jameswynn.github.io/helm-charts
|
|
||||||
releaseName: homepage
|
|
||||||
namespace: homepage
|
|
||||||
version: 1.2.3
|
|
||||||
kubeVersion: "1.30"
|
|
||||||
valuesFile: ./homepage.yaml
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
infisical:
|
|
||||||
fullnameOverride: infisical
|
|
||||||
image:
|
|
||||||
tag: v0.70.1-postgres
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
hostName: secrets.gmem.ca
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- secrets.gmem.ca
|
|
||||||
postgresql:
|
|
||||||
enabled: false
|
|
|
@ -1,19 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
namespace: infisical
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: infisical-standalone
|
|
||||||
repo: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts
|
|
||||||
releaseName: infisical
|
|
||||||
namespace: infisical
|
|
||||||
version: 1.0.8
|
|
||||||
valuesFile: ./infvalues.yml
|
|
||||||
kubeVersion: "1.30"
|
|
||||||
- name: secrets-operator
|
|
||||||
repo: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts
|
|
||||||
releaseName: secrets-operator-1718466666
|
|
||||||
namespace: infisical
|
|
||||||
version: 0.6.2
|
|
||||||
kubeVersion: "1.30"
|
|
|
@ -1,12 +1,12 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
helmCharts:
|
||||||
|
- kubeVersion: '1.30'
|
||||||
|
name: ingress-nginx
|
||||||
|
namespace: ingress-nginx
|
||||||
|
releaseName: ingress-nginx
|
||||||
|
repo: https://kubernetes.github.io/ingress-nginx
|
||||||
|
valuesFile: ./nginx.yaml
|
||||||
|
version: 4.10.1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: ingress-nginx
|
namespace: ingress-nginx
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: ingress-nginx
|
|
||||||
repo: https://kubernetes.github.io/ingress-nginx
|
|
||||||
releaseName: ingress-nginx
|
|
||||||
namespace: ingress-nginx
|
|
||||||
version: 4.10.1
|
|
||||||
valuesFile: ./nginx.yaml
|
|
||||||
kubeVersion: "1.30"
|
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
data:
|
|
||||||
config: 'listen ircs://
|
|
||||||
|
|
||||||
listen unix+admin:///app/admin
|
|
||||||
|
|
||||||
listen ws+insecure://
|
|
||||||
|
|
||||||
listen http+prometheus://localhost:9090
|
|
||||||
|
|
||||||
hostname irc.gmem.ca
|
|
||||||
|
|
||||||
title irc.gmem.ca
|
|
||||||
|
|
||||||
db postgres "dbname=soju"
|
|
||||||
|
|
||||||
message-store db
|
|
||||||
|
|
||||||
tls /ssl/tls.crt /ssl/tls.key
|
|
||||||
|
|
||||||
'
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: soju-4a44ac46db
|
|
||||||
namespace: irc
|
|
|
@ -47,12 +47,12 @@ spec:
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/soju/config
|
- mountPath: /etc/soju/config
|
||||||
name: config
|
name: config
|
||||||
subPath: config
|
subPath: config.in
|
||||||
- mountPath: /ssl
|
- mountPath: /ssl
|
||||||
name: ssl
|
name: ssl
|
||||||
volumes:
|
volumes:
|
||||||
- configMap:
|
- configMap:
|
||||||
name: soju-4a44ac46db
|
name: soju
|
||||||
name: config
|
name: config
|
||||||
- name: ssl
|
- name: ssl
|
||||||
secret:
|
secret:
|
||||||
|
|
11
kubernetes/irc/VaultAuth.yaml
Normal file
11
kubernetes/irc/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: irc
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/irc/VaultStaticSecret-postgres-soju.yaml
Normal file
14
kubernetes/irc/VaultStaticSecret-postgres-soju.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: postgres-soju
|
||||||
|
namespace: irc
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: postgres-soju
|
||||||
|
mount: kv
|
||||||
|
path: irc/postgres-soju
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
14
kubernetes/irc/VaultStaticSecret-soju.yaml
Normal file
14
kubernetes/irc/VaultStaticSecret-soju.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: soju
|
||||||
|
namespace: irc
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: soju
|
||||||
|
mount: kv
|
||||||
|
path: irc/soju
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
9
kubernetes/irc/config.in
Normal file
9
kubernetes/irc/config.in
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
listen ircs://
|
||||||
|
listen unix+admin:///app/admin
|
||||||
|
listen ws+insecure://
|
||||||
|
listen http+prometheus://localhost:9090
|
||||||
|
hostname irc.gmem.ca
|
||||||
|
title irc.gmem.ca
|
||||||
|
db postgres "dbname=soju"
|
||||||
|
message-store db
|
||||||
|
tls /ssl/tls.crt /ssl/tls.key
|
|
@ -1,10 +1,21 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: irc
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ConfigMap-soju-4a44ac46db.yaml
|
|
||||||
- Deployment-gamja.yaml
|
- Deployment-gamja.yaml
|
||||||
- Deployment-soju.yaml
|
- Deployment-soju.yaml
|
||||||
- Service-gamja.yaml
|
- Service-gamja.yaml
|
||||||
- Service-soju.yaml
|
- Service-soju.yaml
|
||||||
- Service-soju-ws.yaml
|
- Service-soju-ws.yaml
|
||||||
- Ingress-irc.yaml
|
- Ingress-irc.yaml
|
||||||
|
- irc-cert.yml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-postgres-soju.yaml
|
||||||
|
- VaultStaticSecret-soju.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: soju
|
||||||
|
files:
|
||||||
|
- config.in
|
||||||
|
|
11
kubernetes/jellyseerr/VaultAuth.yaml
Normal file
11
kubernetes/jellyseerr/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: jellyseerr
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/jellyseerr/VaultStaticSecret-jellyseerr.yaml
Normal file
14
kubernetes/jellyseerr/VaultStaticSecret-jellyseerr.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: jellyseerr
|
||||||
|
namespace: jellyseerr
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: jellyseerr
|
||||||
|
mount: kv
|
||||||
|
path: jellyseerr/jellyseerr
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -4,3 +4,5 @@ resources:
|
||||||
- Deployment-jellyseerr.yaml
|
- Deployment-jellyseerr.yaml
|
||||||
- Service-jellyseerr.yaml
|
- Service-jellyseerr.yaml
|
||||||
- Ingress-jellyseerr.yaml
|
- Ingress-jellyseerr.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-jellyseerr.yaml
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
- atuin
|
||||||
|
- authentik
|
||||||
- duplikate
|
- duplikate
|
||||||
- miniflux
|
- miniflux
|
||||||
- nitter
|
- nitter
|
||||||
|
@ -20,6 +21,8 @@ resources:
|
||||||
- endpoints
|
- endpoints
|
||||||
- ingress-nginx
|
- ingress-nginx
|
||||||
- homepage
|
- homepage
|
||||||
- infisical
|
|
||||||
- nfs-subdir-external-provisioner
|
- nfs-subdir-external-provisioner
|
||||||
- misc
|
- misc
|
||||||
|
- vault-secrets-operator
|
||||||
|
- vaultwarden
|
||||||
|
- smarthome
|
||||||
|
|
11
kubernetes/minecraft-invites/VaultAuth.yaml
Normal file
11
kubernetes/minecraft-invites/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: minecraft-invites
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: whitelistmanager
|
||||||
|
namespace: minecraft-invites
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: whitelistmanager
|
||||||
|
mount: kv
|
||||||
|
path: whitelistmanager/whitelistmanager
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -6,3 +6,5 @@ resources:
|
||||||
- Service-whitelistmanager.yaml
|
- Service-whitelistmanager.yaml
|
||||||
- Service-whitelistmanager-frontend.yaml
|
- Service-whitelistmanager-frontend.yaml
|
||||||
- Ingress-whitelistmanager.yaml
|
- Ingress-whitelistmanager.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-whitelistmanager.yaml
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
data:
|
|
||||||
BASE_URL: https://rss.gmem.ca/
|
|
||||||
CLEANUP_ARCHIVE_UNREAD_DAYS: '60'
|
|
||||||
CREATE_ADMIN: '1'
|
|
||||||
METRICS_ALLOWED_NETWORKS: 0.0.0.0/0
|
|
||||||
METRICS_COLLECTOR: '1'
|
|
||||||
OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://authentik.gmem.ca/application/o/miniflux/
|
|
||||||
OAUTH2_PROVIDER: oidc
|
|
||||||
OAUTH2_REDIRECT_URL: https://rss.gmem.ca/oauth2/oidc/callback
|
|
||||||
OAUTH2_USER_CREATION: '1'
|
|
||||||
RUN_MIGRATIONS: '1'
|
|
||||||
YOUTUBE_EMBED_URL_OVERRIDE: https://piped.gmem.ca/embed/
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: miniflux-a4c33abb52
|
|
||||||
namespace: miniflux
|
|
|
@ -22,7 +22,7 @@ spec:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: miniflux
|
name: miniflux
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: miniflux-a4c33abb52
|
name: miniflux
|
||||||
image: docker.io/miniflux/miniflux
|
image: docker.io/miniflux/miniflux
|
||||||
name: miniflux
|
name: miniflux
|
||||||
ports:
|
ports:
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
apiVersion: secrets.infisical.com/v1alpha1
|
|
||||||
kind: InfisicalSecret
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: miniflux
|
|
||||||
namespace: miniflux
|
|
||||||
spec:
|
|
||||||
authentication:
|
|
||||||
kubernetesAuth:
|
|
||||||
identityId: 68d1f432-7b0a-4e4a-b439-acbbbc160f1e
|
|
||||||
secretsScope:
|
|
||||||
envSlug: prod
|
|
||||||
projectSlug: kubernetes-homelab-dp67
|
|
||||||
secretsPath: /miniflux
|
|
||||||
serviceAccountRef:
|
|
||||||
name: infisical-auth
|
|
||||||
namespace: infisical
|
|
||||||
hostAPI: http://infisical:8080
|
|
||||||
managedSecretReference:
|
|
||||||
creationPolicy: Owner
|
|
||||||
secretName: miniflux
|
|
||||||
secretNamespace: miniflux
|
|
||||||
resyncInterval: 10
|
|
11
kubernetes/miniflux/VaultAuth.yaml
Normal file
11
kubernetes/miniflux/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: miniflux
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/miniflux/VaultStaticSecret-miniflux.yaml
Normal file
14
kubernetes/miniflux/VaultStaticSecret-miniflux.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: miniflux
|
||||||
|
namespace: miniflux
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: miniflux
|
||||||
|
mount: kv
|
||||||
|
path: miniflux/miniflux
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,9 +1,14 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ConfigMap-miniflux-a4c33abb52.yaml
|
|
||||||
- Deployment-miniflux.yaml
|
- Deployment-miniflux.yaml
|
||||||
- Service-miniflux.yaml
|
- Service-miniflux.yaml
|
||||||
- ServiceMonitor-miniflux.yaml
|
- ServiceMonitor-miniflux.yaml
|
||||||
- Ingress-miniflux.yaml
|
- Ingress-miniflux.yaml
|
||||||
- InfisicalSecret-miniflux.yaml
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-miniflux.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: miniflux
|
||||||
|
envs:
|
||||||
|
- miniflux.env
|
||||||
|
|
11
kubernetes/miniflux/miniflux.env
Normal file
11
kubernetes/miniflux/miniflux.env
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
BASE_URL=https://rss.gmem.ca/
|
||||||
|
CLEANUP_ARCHIVE_UNREAD_DAYS=60
|
||||||
|
CREATE_ADMIN=1
|
||||||
|
METRICS_ALLOWED_NETWORKS=0.0.0.0/0
|
||||||
|
METRICS_COLLECTOR=1
|
||||||
|
OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://authentik.gmem.ca/application/o/miniflux/
|
||||||
|
OAUTH2_PROVIDER=oidc
|
||||||
|
OAUTH2_REDIRECT_URL=https://rss.gmem.ca/oauth2/oidc/callback
|
||||||
|
OAUTH2_USER_CREATION=1
|
||||||
|
RUN_MIGRATIONS=1
|
||||||
|
YOUTUBE_EMBED_URL_OVERRIDE=https://piped.gmem.ca/embed/
|
|
@ -1,12 +1,7 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- atuin.yaml
|
|
||||||
- e6-gallery.yaml
|
|
||||||
- hue.yml
|
|
||||||
- issuer.yml
|
- issuer.yml
|
||||||
- nginx-podmonitor.yml
|
- nginx-podmonitor.yml
|
||||||
- ntfy.yaml
|
- ntfy.yaml
|
||||||
- tools.yml
|
- tools.yml
|
||||||
- vaultwarden.yml
|
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
helmCharts:
|
||||||
|
- kubeVersion: '1.30'
|
||||||
|
name: nfs-subdir-external-provisioner
|
||||||
|
namespace: nfs-subdir-external-provisioner
|
||||||
|
releaseName: nfs-subdir-external-provisioner
|
||||||
|
repo: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
|
||||||
|
valuesFile: ./nfs-provisioner-values.yml
|
||||||
|
version: 4.0.18
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: nfs-subdir-external-provisioner
|
namespace: nfs-subdir-external-provisioner
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: nfs-subdir-external-provisioner
|
|
||||||
repo: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
|
|
||||||
releaseName: nfs-subdir-external-provisioner
|
|
||||||
namespace: nfs-subdir-external-provisioner
|
|
||||||
version: 4.0.18
|
|
||||||
valuesFile: ./nfs-provisioner-values.yml
|
|
||||||
kubeVersion: "1.30"
|
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
data:
|
|
||||||
NITTER_EXTERNAL_URL: https://nitter.gmem.ca
|
|
||||||
NITTER_URL: http://nitter:8080
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: nitter-bot-5d9aefaae4
|
|
||||||
namespace: nitter
|
|
|
@ -1,45 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
data:
|
|
||||||
master.conf: 'dir /data
|
|
||||||
|
|
||||||
# User-supplied master configuration:
|
|
||||||
|
|
||||||
rename-command FLUSHDB ""
|
|
||||||
|
|
||||||
rename-command FLUSHALL ""
|
|
||||||
|
|
||||||
# End of master configuration'
|
|
||||||
redis.conf: '# User-supplied common configuration:
|
|
||||||
|
|
||||||
# Enable AOF https://redis.io/topics/persistence#append-only-file
|
|
||||||
|
|
||||||
appendonly yes
|
|
||||||
|
|
||||||
# Disable RDB persistence, AOF persistence already enabled.
|
|
||||||
|
|
||||||
save ""
|
|
||||||
|
|
||||||
# End of common configuration'
|
|
||||||
replica.conf: 'dir /data
|
|
||||||
|
|
||||||
# User-supplied replica configuration:
|
|
||||||
|
|
||||||
rename-command FLUSHDB ""
|
|
||||||
|
|
||||||
rename-command FLUSHALL ""
|
|
||||||
|
|
||||||
# End of replica configuration'
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/instance: nitter-redis
|
|
||||||
app.kubernetes.io/managed-by: Helm
|
|
||||||
app.kubernetes.io/name: redis
|
|
||||||
app.kubernetes.io/version: 7.2.3
|
|
||||||
helm.sh/chart: redis-18.6.1
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: nitter-redis-configuration-4712c8e029
|
|
||||||
namespace: nitter
|
|
|
@ -1,63 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
data:
|
|
||||||
ping_liveness_local.sh: "#!/bin/bash\n\n[[ -f $REDIS_PASSWORD_FILE ]] && export\
|
|
||||||
\ REDIS_PASSWORD=\"$(< \"${REDIS_PASSWORD_FILE}\")\"\n[[ -n \"$REDIS_PASSWORD\"\
|
|
||||||
\ ]] && export REDISCLI_AUTH=\"$REDIS_PASSWORD\"\nresponse=$(\n timeout -s 15\
|
|
||||||
\ $1 \\\n redis-cli \\\n -h localhost \\\n -p $REDIS_PORT \\\n ping\n\
|
|
||||||
)\nif [ \"$?\" -eq \"124\" ]; then\n echo \"Timed out\"\n exit 1\nfi\nresponseFirstWord=$(echo\
|
|
||||||
\ $response | head -n1 | awk '{print $1;}')\nif [ \"$response\" != \"PONG\" ]\
|
|
||||||
\ && [ \"$responseFirstWord\" != \"LOADING\" ] && [ \"$responseFirstWord\" !=\
|
|
||||||
\ \"MASTERDOWN\" ]; then\n echo \"$response\"\n exit 1\nfi"
|
|
||||||
ping_liveness_local_and_master.sh: 'script_dir="$(dirname "$0")"
|
|
||||||
|
|
||||||
exit_status=0
|
|
||||||
|
|
||||||
"$script_dir/ping_liveness_local.sh" $1 || exit_status=$?
|
|
||||||
|
|
||||||
"$script_dir/ping_liveness_master.sh" $1 || exit_status=$?
|
|
||||||
|
|
||||||
exit $exit_status'
|
|
||||||
ping_liveness_master.sh: "#!/bin/bash\n\n[[ -f $REDIS_MASTER_PASSWORD_FILE ]] &&\
|
|
||||||
\ export REDIS_MASTER_PASSWORD=\"$(< \"${REDIS_MASTER_PASSWORD_FILE}\")\"\n[[\
|
|
||||||
\ -n \"$REDIS_MASTER_PASSWORD\" ]] && export REDISCLI_AUTH=\"$REDIS_MASTER_PASSWORD\"\
|
|
||||||
\nresponse=$(\n timeout -s 15 $1 \\\n redis-cli \\\n -h $REDIS_MASTER_HOST\
|
|
||||||
\ \\\n -p $REDIS_MASTER_PORT_NUMBER \\\n ping\n)\nif [ \"$?\" -eq \"124\"\
|
|
||||||
\ ]; then\n echo \"Timed out\"\n exit 1\nfi\nresponseFirstWord=$(echo $response\
|
|
||||||
\ | head -n1 | awk '{print $1;}')\nif [ \"$response\" != \"PONG\" ] && [ \"$responseFirstWord\"\
|
|
||||||
\ != \"LOADING\" ]; then\n echo \"$response\"\n exit 1\nfi"
|
|
||||||
ping_readiness_local.sh: "#!/bin/bash\n\n[[ -f $REDIS_PASSWORD_FILE ]] && export\
|
|
||||||
\ REDIS_PASSWORD=\"$(< \"${REDIS_PASSWORD_FILE}\")\"\n[[ -n \"$REDIS_PASSWORD\"\
|
|
||||||
\ ]] && export REDISCLI_AUTH=\"$REDIS_PASSWORD\"\nresponse=$(\n timeout -s 15\
|
|
||||||
\ $1 \\\n redis-cli \\\n -h localhost \\\n -p $REDIS_PORT \\\n ping\n\
|
|
||||||
)\nif [ \"$?\" -eq \"124\" ]; then\n echo \"Timed out\"\n exit 1\nfi\nif [ \"\
|
|
||||||
$response\" != \"PONG\" ]; then\n echo \"$response\"\n exit 1\nfi"
|
|
||||||
ping_readiness_local_and_master.sh: 'script_dir="$(dirname "$0")"
|
|
||||||
|
|
||||||
exit_status=0
|
|
||||||
|
|
||||||
"$script_dir/ping_readiness_local.sh" $1 || exit_status=$?
|
|
||||||
|
|
||||||
"$script_dir/ping_readiness_master.sh" $1 || exit_status=$?
|
|
||||||
|
|
||||||
exit $exit_status'
|
|
||||||
ping_readiness_master.sh: "#!/bin/bash\n\n[[ -f $REDIS_MASTER_PASSWORD_FILE ]] &&\
|
|
||||||
\ export REDIS_MASTER_PASSWORD=\"$(< \"${REDIS_MASTER_PASSWORD_FILE}\")\"\n[[\
|
|
||||||
\ -n \"$REDIS_MASTER_PASSWORD\" ]] && export REDISCLI_AUTH=\"$REDIS_MASTER_PASSWORD\"\
|
|
||||||
\nresponse=$(\n timeout -s 15 $1 \\\n redis-cli \\\n -h $REDIS_MASTER_HOST\
|
|
||||||
\ \\\n -p $REDIS_MASTER_PORT_NUMBER \\\n ping\n)\nif [ \"$?\" -eq \"124\"\
|
|
||||||
\ ]; then\n echo \"Timed out\"\n exit 1\nfi\nif [ \"$response\" != \"PONG\"\
|
|
||||||
\ ]; then\n echo \"$response\"\n exit 1\nfi"
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/instance: nitter-redis
|
|
||||||
app.kubernetes.io/managed-by: Helm
|
|
||||||
app.kubernetes.io/name: redis
|
|
||||||
app.kubernetes.io/version: 7.2.3
|
|
||||||
helm.sh/chart: redis-18.6.1
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: nitter-redis-health-05691b979f
|
|
||||||
namespace: nitter
|
|
|
@ -1,24 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
data:
|
|
||||||
start-master.sh: "#!/bin/bash\n\n[[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD=\"\
|
|
||||||
$(< \"${REDIS_PASSWORD_FILE}\")\"\nif [[ -f /opt/bitnami/redis/mounted-etc/master.conf\
|
|
||||||
\ ]];then\n cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf\n\
|
|
||||||
fi\nif [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then\n cp /opt/bitnami/redis/mounted-etc/redis.conf\
|
|
||||||
\ /opt/bitnami/redis/etc/redis.conf\nfi\nARGS=(\"--port\" \"${REDIS_PORT}\")\n\
|
|
||||||
ARGS+=(\"--protected-mode\" \"no\")\nARGS+=(\"--include\" \"/opt/bitnami/redis/etc/redis.conf\"\
|
|
||||||
)\nARGS+=(\"--include\" \"/opt/bitnami/redis/etc/master.conf\")\nexec redis-server\
|
|
||||||
\ \"${ARGS[@]}\"\n"
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubenix/k8s-version: '1.30'
|
|
||||||
kubenix/project-name: kubenix
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/instance: nitter-redis
|
|
||||||
app.kubernetes.io/managed-by: Helm
|
|
||||||
app.kubernetes.io/name: redis
|
|
||||||
app.kubernetes.io/version: 7.2.3
|
|
||||||
helm.sh/chart: redis-18.6.1
|
|
||||||
kubenix/hash: e672eb08bf0db5ef675b3b6036ca047f43b4614f
|
|
||||||
name: nitter-redis-scripts-a4596108c1
|
|
||||||
namespace: nitter
|
|
11
kubernetes/nitter/VaultAuth.yaml
Normal file
11
kubernetes/nitter/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: nitter
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/nitter/VaultStaticSecret-nitter-bot.yaml
Normal file
14
kubernetes/nitter/VaultStaticSecret-nitter-bot.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: nitter-bot
|
||||||
|
namespace: nitter
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: nitter-bot
|
||||||
|
mount: kv
|
||||||
|
path: nitter/nitter-bot
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
14
kubernetes/nitter/VaultStaticSecret-nitter.yaml
Normal file
14
kubernetes/nitter/VaultStaticSecret-nitter.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: nitter
|
||||||
|
namespace: nitter
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: nitter
|
||||||
|
mount: kv
|
||||||
|
path: nitter/nitter
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,15 +1,27 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: nitter
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ConfigMap-nitter-bot-5d9aefaae4.yaml
|
|
||||||
- ConfigMap-nitter-redis-configuration-4712c8e029.yaml
|
|
||||||
- ConfigMap-nitter-redis-health-05691b979f.yaml
|
|
||||||
- ConfigMap-nitter-redis-scripts-a4596108c1.yaml
|
|
||||||
- Deployment-nitter.yaml
|
- Deployment-nitter.yaml
|
||||||
- StatefulSet-nitter-bot.yaml
|
- StatefulSet-nitter-bot.yaml
|
||||||
- StatefulSet-nitter-redis-master.yaml
|
|
||||||
- Service-nitter.yaml
|
- Service-nitter.yaml
|
||||||
- Service-nitter-redis-headless.yaml
|
|
||||||
- Service-nitter-redis-master.yaml
|
|
||||||
- ServiceAccount-nitter-redis.yaml
|
|
||||||
- Ingress-nitter.yaml
|
- Ingress-nitter.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-nitter-bot.yaml
|
||||||
|
- VaultStaticSecret-nitter.yaml
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: redis
|
||||||
|
releaseName: nitter-redis
|
||||||
|
repo: https://charts.bitnami.com/bitnami
|
||||||
|
valuesInline:
|
||||||
|
architecture: standalone
|
||||||
|
auth:
|
||||||
|
enabled: false
|
||||||
|
image:
|
||||||
|
registry: registry.redict.io
|
||||||
|
repository: redict
|
||||||
|
tag: 7.3-compat
|
||||||
|
version: 18.6.1
|
||||||
|
|
11
kubernetes/piped/VaultAuth.yaml
Normal file
11
kubernetes/piped/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: piped
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/piped/VaultStaticSecret-postgres-piped.yaml
Normal file
14
kubernetes/piped/VaultStaticSecret-postgres-piped.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: postgres-piped
|
||||||
|
namespace: piped
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: postgres-piped
|
||||||
|
mount: kv
|
||||||
|
path: piped/postgres-piped
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -3,12 +3,5 @@ kind: Kustomization
|
||||||
namespace: piped
|
namespace: piped
|
||||||
resources:
|
resources:
|
||||||
- CronJob-piped-refresh.yaml
|
- CronJob-piped-refresh.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
# Requires a server-side Helm render and apply.
|
- VaultStaticSecret-postgres-piped.yaml
|
||||||
# helmCharts:
|
|
||||||
# - name: piped
|
|
||||||
# releaseName: piped
|
|
||||||
# version: 5.2.0
|
|
||||||
# repo: https://helm.piped.video
|
|
||||||
# valuesFile: ./helm.yaml
|
|
||||||
# kubeVersion: "1.30"
|
|
||||||
|
|
11
kubernetes/prometheus/VaultAuth.yaml
Normal file
11
kubernetes/prometheus/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: prometheus
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: nextdns-exporter
|
||||||
|
namespace: prometheus
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: nextdns-exporter
|
||||||
|
mount: kv
|
||||||
|
path: prometheus/nextdns-exporter
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: nextdns-ts-exporter
|
||||||
|
namespace: prometheus
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: nextdns-ts-exporter
|
||||||
|
mount: kv
|
||||||
|
path: prometheus/nextdns-ts-exporter
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: prometheus-remote-basic-auth
|
||||||
|
namespace: prometheus
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: prometheus-remote-basic-auth
|
||||||
|
mount: kv
|
||||||
|
path: prometheus/prometheus-remote-basic-auth
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,19 +1,11 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
namespace: prometheus
|
namespace: prometheus
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- Deployment-nextdns-exporter.yaml
|
- Deployment-nextdns-exporter.yaml
|
||||||
- Service-nextdns-exporter-metrics.yaml
|
- Service-nextdns-exporter-metrics.yaml
|
||||||
- ServiceMonitor-nextdns-exporter.yaml
|
- ServiceMonitor-nextdns-exporter.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
# Simply doesn't work for some reason :(
|
- VaultStaticSecret-nextdns-exporter.yaml
|
||||||
# helmCharts:
|
- VaultStaticSecret-nextdns-ts-exporter.yaml
|
||||||
# - name: kube-prometheus-stack
|
- VaultStaticSecret-prometheus-remote-basic-auth.yaml
|
||||||
# repo: https://prometheus-community.github.io/helm-charts
|
|
||||||
# releaseName: prometheus
|
|
||||||
# namespace: prometheus
|
|
||||||
# version: 61.1.0
|
|
||||||
# valuesFile: ./prometheus-agent.yml
|
|
||||||
# kubeVersion: "1.30"
|
|
||||||
|
|
|
@ -4,3 +4,4 @@ resources:
|
||||||
- Deployment-redlib.yaml
|
- Deployment-redlib.yaml
|
||||||
- Service-redlib.yaml
|
- Service-redlib.yaml
|
||||||
- Ingress-redlib.yaml
|
- Ingress-redlib.yaml
|
||||||
|
|
||||||
|
|
11
kubernetes/searxng/VaultAuth.yaml
Normal file
11
kubernetes/searxng/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: searxng
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/searxng/VaultStaticSecret-searxng.yaml
Normal file
14
kubernetes/searxng/VaultStaticSecret-searxng.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: searxng
|
||||||
|
namespace: searxng
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: searxng
|
||||||
|
mount: kv
|
||||||
|
path: searxng/searxng
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -1,4 +1,17 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
helmCharts:
|
||||||
|
- name: redis
|
||||||
|
releaseName: searxng-redis
|
||||||
|
repo: https://charts.bitnami.com/bitnami
|
||||||
|
valuesInline:
|
||||||
|
architecture: standalone
|
||||||
|
auth:
|
||||||
|
enabled: false
|
||||||
|
image:
|
||||||
|
registry: registry.redict.io
|
||||||
|
repository: redict
|
||||||
|
tag: 7.3-compat
|
||||||
|
version: 18.6.1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
namespace: searxng
|
namespace: searxng
|
||||||
resources:
|
resources:
|
||||||
|
@ -6,17 +19,5 @@ resources:
|
||||||
- Deployment-searxng.yaml
|
- Deployment-searxng.yaml
|
||||||
- Service-searxng.yaml
|
- Service-searxng.yaml
|
||||||
- Ingress-searxng.yaml
|
- Ingress-searxng.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
helmCharts:
|
- VaultStaticSecret-searxng.yaml
|
||||||
- name: redis
|
|
||||||
releaseName: searxng-redis
|
|
||||||
version: 18.6.1
|
|
||||||
repo: https://charts.bitnami.com/bitnami
|
|
||||||
valuesInline:
|
|
||||||
auth:
|
|
||||||
enabled: false
|
|
||||||
architecture: standalone
|
|
||||||
image:
|
|
||||||
registry: registry.redict.io
|
|
||||||
repository: redict
|
|
||||||
tag: 7.3-compat
|
|
||||||
|
|
11
kubernetes/smarthome/VaultAuth.yaml
Normal file
11
kubernetes/smarthome/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: smarthome
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/smarthome/VaultStaticSecret-hue.yaml
Normal file
14
kubernetes/smarthome/VaultStaticSecret-hue.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: hue
|
||||||
|
namespace: smarthome
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: hue
|
||||||
|
mount: kv
|
||||||
|
path: smarthome/hue
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
10
kubernetes/smarthome/kustomization.yaml
Normal file
10
kubernetes/smarthome/kustomization.yaml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: smarthome
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- homebridge.yaml
|
||||||
|
- hue.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-hue.yaml
|
11
kubernetes/tclip/VaultAuth.yaml
Normal file
11
kubernetes/tclip/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: tclip
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/tclip/VaultStaticSecret-tclip.yaml
Normal file
14
kubernetes/tclip/VaultStaticSecret-tclip.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: tclip
|
||||||
|
namespace: tclip
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: tclip
|
||||||
|
mount: kv
|
||||||
|
path: tclip/tclip
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -4,3 +4,5 @@ resources:
|
||||||
- StatefulSet-tclip.yaml
|
- StatefulSet-tclip.yaml
|
||||||
- Service-tclip.yaml
|
- Service-tclip.yaml
|
||||||
- Ingress-tclip.yaml
|
- Ingress-tclip.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-tclip.yaml
|
||||||
|
|
26
kubernetes/vault-secrets-operator/crb.yaml
Normal file
26
kubernetes/vault-secrets-operator/crb.yaml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: vault-auth
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: vault-auth
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/service-account.name: vault-auth
|
||||||
|
type: kubernetes.io/service-account-token
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: role-tokenreview-binding
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:auth-delegator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: vault-auth
|
||||||
|
namespace: default
|
21
kubernetes/vault-secrets-operator/kustomization.yaml
Normal file
21
kubernetes/vault-secrets-operator/kustomization.yaml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
helmCharts:
|
||||||
|
- includeCrds: true
|
||||||
|
kubeVersion: '1.30'
|
||||||
|
name: vault-secrets-operator
|
||||||
|
namespace: vault-secrets-operator
|
||||||
|
releaseName: vault-secrets-operator
|
||||||
|
repo: https://helm.releases.hashicorp.com
|
||||||
|
valuesInline:
|
||||||
|
defaultVaultConnection:
|
||||||
|
address: https://secrets.gmem.ca
|
||||||
|
enabled: true
|
||||||
|
skipTLSVerify: false
|
||||||
|
tests:
|
||||||
|
enabled: false
|
||||||
|
version: 0.7.1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: vault-secrets-operator
|
||||||
|
resources:
|
||||||
|
- ./crb.yaml
|
||||||
|
|
11
kubernetes/vaultwarden/VaultAuth.yaml
Normal file
11
kubernetes/vaultwarden/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: vaultwarden
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
14
kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml
Normal file
14
kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: vaultwarden
|
||||||
|
namespace: vaultwarden
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: vaultwarden
|
||||||
|
mount: kv
|
||||||
|
path: vaultwarden/vaultwarden
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
6
kubernetes/vaultwarden/kustomization.yaml
Normal file
6
kubernetes/vaultwarden/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- VaultAuth.yaml
|
||||||
|
- VaultStaticSecret-vaultwarden.yaml
|
||||||
|
- deployment.yaml
|
11
kubernetes/vrchat/VaultAuth.yaml
Normal file
11
kubernetes/vrchat/VaultAuth.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: vrchat
|
||||||
|
spec:
|
||||||
|
kubernetes:
|
||||||
|
role: reader
|
||||||
|
serviceAccount: default
|
||||||
|
method: kubernetes
|
||||||
|
mount: kubernetes
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: vrchat-prometheus-adapter
|
||||||
|
namespace: vrchat
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: vrchat-prometheus-adapter
|
||||||
|
mount: kv
|
||||||
|
path: vrchat-prometheus-adapter
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
|
@ -4,3 +4,4 @@ resources:
|
||||||
- Deployment-vrchat-prometheus-adapter.yaml
|
- Deployment-vrchat-prometheus-adapter.yaml
|
||||||
- Service-vrchat-prometheus-adapter.yaml
|
- Service-vrchat-prometheus-adapter.yaml
|
||||||
- ServiceMonitor-vrchat-prometheus-adapter.yaml
|
- ServiceMonitor-vrchat-prometheus-adapter.yaml
|
||||||
|
- VaultAuth.yaml
|
||||||
|
|
Loading…
Reference in a new issue