Compare commits
3 Commits
tmp/secret
...
renovate/m
| Author | SHA1 | Date | |
|---|---|---|---|
024f2c4ce7
|
|||
| 3e6cd3df24 | |||
|
70f1dac7c6
|
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "argocd.labels" -}}
|
||||
{{ include "argocd.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "argocd.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: argocd-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-oidc-authentik
|
||||
{{- include "argocd.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
@@ -27,8 +28,9 @@ metadata:
|
||||
name: argocd-notifications-ntfy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-notifications-ntfy
|
||||
{{- include "argocd.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "audiobookshelf.labels" -}}
|
||||
{{ include "audiobookshelf.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "audiobookshelf.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "audiobookshelf.booksNfsName" -}}
|
||||
audiobookshelf-books-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "audiobookshelf.audiobooksNfsName" -}}
|
||||
audiobookshelf-audiobooks-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "audiobookshelf.podcastsNfsName" -}}
|
||||
audiobookshelf-podcasts-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: audiobookshelf-config-apprise
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-config-apprise
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
volumeName: {{ .Template.Name }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -19,13 +20,14 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
volumeName: {{ .Template.Name }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -37,13 +39,14 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
volumeName: {{ .Template.Name }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -25,11 +26,12 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -49,11 +51,12 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
|
||||
{{- include "audiobookshelf.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "authentik.labels" -}}
|
||||
{{ include "authentik.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "authentik.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: authentik-key
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-key
|
||||
{{- include "authentik.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@@ -1,12 +1,13 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-tailscale
|
||||
name: authentik-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
{{- include "authentik.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
spec:
|
||||
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: allow-outpost-cross-namespace-access
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: allow-outpost-cross-namespace-access
|
||||
{{- include "authentik.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
from:
|
||||
- group: gateway.networking.k8s.io
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "backrest.labels" -}}
|
||||
{{ include "backrest.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "backrest.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "backrest.storageNfsName" -}}
|
||||
backrest-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "backrest.shareNfsName" -}}
|
||||
backrest-nfs-share
|
||||
{{- end -}}
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{- include "backrest.storageNfsName" . }}
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{- include "backrest.storageNfsName" . }}
|
||||
volumeName: {{ .Template.Name }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -19,13 +20,14 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{- include "backrest.shareNfsName" . }}
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{- include "backrest.shareNfsName" . }}
|
||||
volumeName: {{ .Template.Name }}
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{- include "backrest.storageNfsName" . }}
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -25,11 +26,12 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{- include "backrest.shareNfsName" . }}
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
|
||||
{{- include "backrest.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "bazarr.labels" -}}
|
||||
{{ include "bazarr.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "bazarr.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "bazarr.storageNfsName" -}}
|
||||
bazarr-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: bazarr-key
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bazarr-key
|
||||
{{- include "bazarr.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{- include "bazarr.storageNfsName" . }}
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
|
||||
{{- include "bazarr.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{- include "bazarr.storageNfsName" . }}
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
|
||||
{{- include "bazarr.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cert-manager.labels" -}}
|
||||
{{ include "cert-manager.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cert-manager.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "cert-manager.cloudflareSecretName" -}}
|
||||
cert-manager-cloudflare-api-token
|
||||
{{- end -}}
|
||||
{{- define "cert-manager.cloudflareSecretKey" -}}
|
||||
api-token
|
||||
{{- end -}}
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: letsencrypt-issuer
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: letsencrypt-issuer
|
||||
{{- include "cert-manager.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
acme:
|
||||
email: alexanderlebens@gmail.com
|
||||
@@ -21,5 +22,5 @@ spec:
|
||||
cloudflare:
|
||||
email: alexanderlebens@gmail.com
|
||||
apiTokenSecretRef:
|
||||
name: {{- include "cert-manager.cloudflareSecretName" . }}
|
||||
key: {{- include "cert-manager.cloudflareSecretKey" . }}
|
||||
name: cloudflare-api-token
|
||||
key: api-token
|
||||
|
||||
@@ -1,17 +1,18 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{- include "cert-manager.cloudflareSecretName" . }}
|
||||
name: cloudflare-api-token
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }}
|
||||
{{- include "cert-manager.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: {{- include "cert-manager.cloudflareSecretKey" . }}
|
||||
- secretKey: api-token
|
||||
remoteRef:
|
||||
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
|
||||
property: token
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cilium.labels" -}}
|
||||
{{ include "cilium.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cilium.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,19 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPAdvertisement
|
||||
# metadata:
|
||||
# name: cilium-bgp-advertisements
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# advertisements:
|
||||
# - advertisementType: "Service"
|
||||
# service:
|
||||
# addresses:
|
||||
# - ExternalIP
|
||||
# - LoadBalancerIP
|
||||
# selector:
|
||||
# matchExpressions:
|
||||
# - {key: somekey, operator: NotIn, values: ['never-used-value']}
|
||||
@@ -0,0 +1,22 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPClusterConfig
|
||||
# metadata:
|
||||
# name: cilium-bgp
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# nodeSelector:
|
||||
# matchLabels:
|
||||
# node-role.kubernetes.io/bgp: "65020"
|
||||
# bgpInstances:
|
||||
# - name: "65020"
|
||||
# localASN: 65020
|
||||
# peers:
|
||||
# - name: "udm-65000"
|
||||
# peerASN: 65000
|
||||
# peerAddress: 192.168.1.1
|
||||
# peerConfigRef:
|
||||
# name: "cilium-peer"
|
||||
@@ -0,0 +1,23 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPPeerConfig
|
||||
# metadata:
|
||||
# name: cilium-peer
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# timers:
|
||||
# holdTimeSeconds: 9
|
||||
# keepAliveTimeSeconds: 3
|
||||
# ebgpMultihop: 4
|
||||
# gracefulRestart:
|
||||
# enabled: true
|
||||
# restartTimeSeconds: 15
|
||||
# families:
|
||||
# - afi: ipv4
|
||||
# safi: unicast
|
||||
# advertisements:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: cilium-bgp-advertisements
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: default-ip-pool
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: default-ip-pool
|
||||
{{- include "cilium.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.1.21"
|
||||
@@ -18,8 +19,9 @@ metadata:
|
||||
name: bgp-ip-pool
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bgp-ip-pool
|
||||
{{- include "cilium.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.2.100"
|
||||
|
||||
45
clusters/cl01tl/helm/cilium/templates/gateway.yaml
Normal file
45
clusters/cl01tl/helm/cilium/templates/gateway.yaml
Normal file
@@ -0,0 +1,45 @@
|
||||
# apiVersion: gateway.networking.k8s.io/v1
|
||||
# kind: Gateway
|
||||
# metadata:
|
||||
# name: cilium-tls-gateway
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# annotations:
|
||||
# cert-manager.io/cluster-issuer: letsencrypt-issuer
|
||||
# spec:
|
||||
# addresses:
|
||||
# - type: IPAddress
|
||||
# value: 10.232.1.23
|
||||
# gatewayClassName: cilium
|
||||
# listeners:
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: '*.alexlebens.net'
|
||||
# name: https
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
# tls:
|
||||
# certificateRefs:
|
||||
# - group: ''
|
||||
# kind: Secret
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: 'alexlebens.net'
|
||||
# name: https-domain
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
# tls:
|
||||
# certificateRefs:
|
||||
# - group: ''
|
||||
# kind: Secret
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: hubble
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: hubble
|
||||
{{- include "cilium.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "dawarich.labels" -}}
|
||||
{{ include "dawarich.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "dawarich.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -4,8 +4,9 @@ metadata:
|
||||
name: dawarich-key
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-key
|
||||
{{- include "dawarich.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
@@ -23,8 +24,9 @@ metadata:
|
||||
name: dawarich-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-oidc-authentik
|
||||
{{- include "dawarich.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
|
||||
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
|
||||
appVersion: 0.7.1
|
||||
appVersion: 0.8.0
|
||||
|
||||
@@ -12,7 +12,7 @@ medialyze:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/frederikemmer/medialyze
|
||||
tag: 0.7.1@sha256:c28cfd5cafe2b34136efaba5ba825440a2160cda3116ecb266454eac07a37e49
|
||||
tag: 0.8.0@sha256:80aa5ce70d8644ce8321f97856a1c0ede5dfeaaba305c514ceefebf89c8985ef
|
||||
env:
|
||||
- name: HOST_PORT
|
||||
value: 8080
|
||||
|
||||
@@ -31,4 +31,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
|
||||
# renovate: datasource=github-releases depName=hashicorp/vault
|
||||
appVersion: 1.21.4
|
||||
appVersion: 2.0.0
|
||||
|
||||
@@ -8,7 +8,7 @@ vault:
|
||||
enabled: true
|
||||
image:
|
||||
repository: hashicorp/vault
|
||||
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
|
||||
tag: 2.0.0@sha256:e40c741ed95bb271425e3e6ca6c222d620cf8682f6f7a1b1e7c9d49d0aba484b
|
||||
updateStrategyType: RollingUpdate
|
||||
logLevel: debug
|
||||
logFormat: standard
|
||||
@@ -111,7 +111,7 @@ snapshot:
|
||||
snapshot:
|
||||
image:
|
||||
repository: hashicorp/vault
|
||||
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
|
||||
tag: 2.0.0@sha256:e40c741ed95bb271425e3e6ca6c222d620cf8682f6f7a1b1e7c9d49d0aba484b
|
||||
command:
|
||||
- /bin/ash
|
||||
args:
|
||||
|
||||
Reference in New Issue
Block a user