Yes, this is how it works
This commit is contained in:
parent
91cd43c740
commit
1cbd509a76
49
CI/renovate/renovate-job.yaml
Normal file
49
CI/renovate/renovate-job.yaml
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
apiVersion: batch/v1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
name: renovate
|
||||||
|
spec:
|
||||||
|
schedule: "@hourly"
|
||||||
|
concurrencyPolicy: Forbid
|
||||||
|
jobTemplate:
|
||||||
|
spec:
|
||||||
|
ttlSecondsAfterFinished: 3600
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/arch: amd64
|
||||||
|
containers:
|
||||||
|
- name: renovate
|
||||||
|
|
||||||
|
# Update this to the latest available and then enable Renovate on
|
||||||
|
# the manifest
|
||||||
|
image: renovate/renovate:32.74.2
|
||||||
|
args:
|
||||||
|
- Roxedus/Argo
|
||||||
|
# Environment Variables
|
||||||
|
env:
|
||||||
|
- name: LOG_LEVEL
|
||||||
|
value: debug
|
||||||
|
- name: RENOVATE_PLATFORM
|
||||||
|
value: gitea
|
||||||
|
- name: RENOVATE_GIT_AUTHOR
|
||||||
|
value: "Botty McBottface <bot@roxedus.dev>"
|
||||||
|
- name: RENOVATE_ENDPOINT
|
||||||
|
value: "https://git.roxedus.dev/api/v1"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: renovate-pat
|
||||||
|
- secretRef:
|
||||||
|
name: renovate-gh
|
||||||
|
volumeMounts:
|
||||||
|
- name: work-volume
|
||||||
|
mountPath: /tmp/renovate/
|
||||||
|
restartPolicy: Never
|
||||||
|
tolerations:
|
||||||
|
- key: "node-role.kubernetes.io/control-plane"
|
||||||
|
operator: "Exists"
|
||||||
|
- key: "node-role.kubernetes.io/master"
|
||||||
|
operator: "Exists"
|
||||||
|
volumes:
|
||||||
|
- name: work-volume
|
||||||
|
emptyDir: {}
|
6
Charts/traefik/Chart.lock
Normal file
6
Charts/traefik/Chart.lock
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
dependencies:
|
||||||
|
- name: traefik
|
||||||
|
repository: https://helm.traefik.io/traefik
|
||||||
|
version: 10.24.0
|
||||||
|
digest: sha256:92dfb96eee281fd2d1f301df59247c33ae1ecda50dd9ffa2bcb58a0669b0958c
|
||||||
|
generated: "2022-07-02T19:48:05.815350227Z"
|
7
Charts/traefik/Chart.yaml
Normal file
7
Charts/traefik/Chart.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: traefik
|
||||||
|
version: 1.0.0
|
||||||
|
dependencies:
|
||||||
|
- name: traefik
|
||||||
|
version: 10.24.0
|
||||||
|
repository: https://helm.traefik.io/traefik
|
531
Charts/traefik/values.yaml
Normal file
531
Charts/traefik/values.yaml
Normal file
@ -0,0 +1,531 @@
|
|||||||
|
traefik:
|
||||||
|
# Default values for Traefik
|
||||||
|
image:
|
||||||
|
repository: &traefikImage library/traefik
|
||||||
|
name: *traefikImage
|
||||||
|
# defaults to appVersion
|
||||||
|
tag: v2.8.0
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
#
|
||||||
|
# Configure the deployment
|
||||||
|
#
|
||||||
|
deployment:
|
||||||
|
enabled: true
|
||||||
|
# Can be either Deployment or DaemonSet
|
||||||
|
kind: Deployment
|
||||||
|
# Number of pods of the deployment (only applies when kind == Deployment)
|
||||||
|
replicas: 1
|
||||||
|
# Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
|
||||||
|
terminationGracePeriodSeconds: 60
|
||||||
|
# The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
|
||||||
|
minReadySeconds: 0
|
||||||
|
# Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
|
||||||
|
annotations: {}
|
||||||
|
# Additional deployment labels (e.g. for filtering deployment by custom labels)
|
||||||
|
labels: {}
|
||||||
|
# Additional pod annotations (e.g. for mesh injection or prometheus scraping)
|
||||||
|
podAnnotations: {}
|
||||||
|
# Additional Pod labels (e.g. for filtering Pod by custom labels)
|
||||||
|
podLabels: {}
|
||||||
|
# Additional containers (e.g. for metric offloading sidecars)
|
||||||
|
additionalContainers:
|
||||||
|
# https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
|
||||||
|
- name: cloudflare
|
||||||
|
image: cloudflare/cloudflared:2022.6.3
|
||||||
|
args: ["tunnel", "--no-autoupdate", "run", "--token", "$(cloudflared)"]
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: "800m"
|
||||||
|
memory: "100Mi"
|
||||||
|
requests:
|
||||||
|
cpu: "300m"
|
||||||
|
memory: "40Mi"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: cloudflared-secrets
|
||||||
|
- image: ghcr.io/roxedus/pipelines:traefik-cloudflare-tunnel-cca7aa94
|
||||||
|
name: auto-cloudflare
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: "800m"
|
||||||
|
memory: "100Mi"
|
||||||
|
requests:
|
||||||
|
cpu: "300m"
|
||||||
|
memory: "40Mi"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: auto-cloudflared-secrets
|
||||||
|
env:
|
||||||
|
- name: TRAEFIK_SERVICE_ENDPOINT
|
||||||
|
value: http://localhost:8000
|
||||||
|
- name: TRAEFIK_API_ENDPOINT
|
||||||
|
value: http://localhost:9000
|
||||||
|
- name: TRAEFIK_ENTRYPOINT
|
||||||
|
value: web
|
||||||
|
# volumeMounts:
|
||||||
|
# - name: dsdsocket
|
||||||
|
# mountPath: /socket
|
||||||
|
# Additional volumes available for use with initContainers and additionalContainers
|
||||||
|
additionalVolumes:
|
||||||
|
[]
|
||||||
|
# - name: dsdsocket
|
||||||
|
# hostPath:
|
||||||
|
# path: /var/run/statsd-exporter
|
||||||
|
# Additional initContainers (e.g. for setting file permission as shown below)
|
||||||
|
initContainers:
|
||||||
|
[]
|
||||||
|
# The "volume-permissions" init container is required if you run into permission issues.
|
||||||
|
# Related issue: https://github.com/traefik/traefik/issues/6972
|
||||||
|
# - name: volume-permissions
|
||||||
|
# image: busybox:1.31.1
|
||||||
|
# command: ["sh", "-c", "chmod -Rv 600 /data/*"]
|
||||||
|
# volumeMounts:
|
||||||
|
# - name: data
|
||||||
|
# mountPath: /data
|
||||||
|
# Use process namespace sharing
|
||||||
|
shareProcessNamespace: false
|
||||||
|
# Custom pod DNS policy. Apply if `hostNetwork: true`
|
||||||
|
# dnsPolicy: ClusterFirstWithHostNet
|
||||||
|
# Additional imagePullSecrets
|
||||||
|
imagePullSecrets:
|
||||||
|
[]
|
||||||
|
# - name: myRegistryKeySecretName
|
||||||
|
|
||||||
|
# Pod disruption budget
|
||||||
|
podDisruptionBudget:
|
||||||
|
enabled: false
|
||||||
|
# maxUnavailable: 1
|
||||||
|
# maxUnavailable: 33%
|
||||||
|
# minAvailable: 0
|
||||||
|
# minAvailable: 25%
|
||||||
|
|
||||||
|
# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||||
|
ingressClass:
|
||||||
|
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||||
|
enabled: false
|
||||||
|
isDefaultClass: false
|
||||||
|
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||||
|
fallbackApiVersion: ""
|
||||||
|
|
||||||
|
# Activate Pilot integration
|
||||||
|
pilot:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
# Enable experimental features
|
||||||
|
experimental:
|
||||||
|
http3:
|
||||||
|
enabled: true
|
||||||
|
plugins:
|
||||||
|
enabled: false
|
||||||
|
kubernetesGateway:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Create an IngressRoute for the dashboard
|
||||||
|
ingressRoute:
|
||||||
|
dashboard:
|
||||||
|
enabled: false
|
||||||
|
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||||
|
annotations: {}
|
||||||
|
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||||
|
labels: {}
|
||||||
|
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 1
|
||||||
|
maxSurge: 1
|
||||||
|
|
||||||
|
# Customize liveness and readiness probe values.
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 1
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 2
|
||||||
|
|
||||||
|
livenessProbe:
|
||||||
|
failureThreshold: 3
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 2
|
||||||
|
|
||||||
|
#
|
||||||
|
# Configure providers
|
||||||
|
#
|
||||||
|
providers:
|
||||||
|
kubernetesCRD:
|
||||||
|
enabled: true
|
||||||
|
allowCrossNamespace: false
|
||||||
|
allowExternalNameServices: false
|
||||||
|
# ingressClass: traefik-internal
|
||||||
|
# labelSelector: environment=production,method=traefik
|
||||||
|
namespaces:
|
||||||
|
- "default"
|
||||||
|
|
||||||
|
kubernetesIngress:
|
||||||
|
enabled: true
|
||||||
|
allowExternalNameServices: false
|
||||||
|
allowEmptyServices: false
|
||||||
|
# ingressClass: traefik-internal
|
||||||
|
# labelSelector: environment=production,method=traefik
|
||||||
|
namespaces:
|
||||||
|
- "default"
|
||||||
|
# IP used for Kubernetes Ingress endpoints
|
||||||
|
publishedService:
|
||||||
|
enabled: false
|
||||||
|
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||||
|
# By default this Traefik service
|
||||||
|
# pathOverride: ""
|
||||||
|
|
||||||
|
#
|
||||||
|
# Add volumes to the traefik pod. The volume name will be passed to tpl.
|
||||||
|
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
|
||||||
|
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
||||||
|
# additionalArguments:
|
||||||
|
# - "--providers.file.filename=/config/dynamic.toml"
|
||||||
|
# - "--ping"
|
||||||
|
# - "--ping.entrypoint=web"
|
||||||
|
volumes:
|
||||||
|
[]
|
||||||
|
# - name: public-cert
|
||||||
|
# mountPath: "/certs"
|
||||||
|
# type: emptyDir
|
||||||
|
# - name: '{{ printf "%s-configs" .Release.Name }}'
|
||||||
|
# mountPath: "/config"
|
||||||
|
# type: configMap
|
||||||
|
|
||||||
|
# Additional volumeMounts to add to the Traefik container
|
||||||
|
additionalVolumeMounts:
|
||||||
|
[]
|
||||||
|
# For instance when using a logshipper for access logs
|
||||||
|
# - name: traefik-logs
|
||||||
|
# mountPath: /var/log/traefik
|
||||||
|
|
||||||
|
# Logs
|
||||||
|
# https://docs.traefik.io/observability/logs/
|
||||||
|
logs:
|
||||||
|
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
||||||
|
general:
|
||||||
|
# By default, the logs use a text format (common), but you can
|
||||||
|
# also ask for the json format in the format option
|
||||||
|
# format: json
|
||||||
|
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
|
||||||
|
level: ERROR
|
||||||
|
access:
|
||||||
|
# To enable access logs
|
||||||
|
enabled: false
|
||||||
|
# By default, logs are written using the Common Log Format (CLF).
|
||||||
|
# To write logs in JSON, use json in the format option.
|
||||||
|
# If the given format is unsupported, the default (CLF) is used instead.
|
||||||
|
# format: json
|
||||||
|
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
|
||||||
|
# This option represents the number of log lines Traefik will keep in memory before writing
|
||||||
|
# them to the selected output. In some cases, this option can greatly help performances.
|
||||||
|
# bufferingSize: 100
|
||||||
|
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
||||||
|
filters:
|
||||||
|
{}
|
||||||
|
# statuscodes: "200,300-302"
|
||||||
|
# retryattempts: true
|
||||||
|
# minduration: 10ms
|
||||||
|
# Fields
|
||||||
|
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||||
|
fields:
|
||||||
|
general:
|
||||||
|
defaultmode: keep
|
||||||
|
names:
|
||||||
|
{}
|
||||||
|
# Examples:
|
||||||
|
# ClientUsername: drop
|
||||||
|
headers:
|
||||||
|
defaultmode: drop
|
||||||
|
names:
|
||||||
|
{}
|
||||||
|
# Examples:
|
||||||
|
# User-Agent: redact
|
||||||
|
# Authorization: drop
|
||||||
|
# Content-Type: keep
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
# datadog:
|
||||||
|
# address: 127.0.0.1:8125
|
||||||
|
# influxdb:
|
||||||
|
# address: localhost:8089
|
||||||
|
# protocol: udp
|
||||||
|
prometheus:
|
||||||
|
entryPoint: metrics
|
||||||
|
# addRoutersLabels: true
|
||||||
|
# statsd:
|
||||||
|
# address: localhost:8125
|
||||||
|
|
||||||
|
tracing:
|
||||||
|
{}
|
||||||
|
# instana:
|
||||||
|
# enabled: true
|
||||||
|
# datadog:
|
||||||
|
# localAgentHostPort: 127.0.0.1:8126
|
||||||
|
# debug: false
|
||||||
|
# globalTag: ""
|
||||||
|
# prioritySampling: false
|
||||||
|
|
||||||
|
globalArguments:
|
||||||
|
- "--global.checknewversion"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Configure Traefik static configuration
|
||||||
|
# Additional arguments to be passed at Traefik's binary
|
||||||
|
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||||
|
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||||||
|
additionalArguments:
|
||||||
|
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
|
||||||
|
- "--api.insecure=true"
|
||||||
|
|
||||||
|
# certResolvers:
|
||||||
|
# cf:
|
||||||
|
# dnsChallenge:
|
||||||
|
# provider: cloudflare
|
||||||
|
# # add futher options for the dns challenge as needed
|
||||||
|
# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
|
||||||
|
# delayBeforeCheck: 30
|
||||||
|
# resolvers:
|
||||||
|
# - 1.1.1.1
|
||||||
|
# - 1.0.0.1
|
||||||
|
# # match the path to persistence
|
||||||
|
# storage: /data/acme.json
|
||||||
|
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
|
||||||
|
# - "--log.level=DEBUG"
|
||||||
|
|
||||||
|
# Environment variables to be passed to Traefik's binary
|
||||||
|
env: []
|
||||||
|
# - name: SOME_VAR
|
||||||
|
# value: some-var-value
|
||||||
|
# - name: SOME_VAR_FROM_CONFIG_MAP
|
||||||
|
# valueFrom:
|
||||||
|
# configMapRef:
|
||||||
|
# name: configmap-name
|
||||||
|
# key: config-key
|
||||||
|
# - name: SOME_SECRET
|
||||||
|
# valueFrom:
|
||||||
|
# secretKeyRef:
|
||||||
|
# name: secret-name
|
||||||
|
# key: secret-key
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
# - configMapRef:
|
||||||
|
# name: config-map-name
|
||||||
|
- secretRef:
|
||||||
|
name: traefik-secrets
|
||||||
|
|
||||||
|
# Configure ports
|
||||||
|
ports:
|
||||||
|
# The name of this one can't be changed as it is used for the readiness and
|
||||||
|
# liveness probes, but you can adjust its config to your liking
|
||||||
|
traefik:
|
||||||
|
port: 9000
|
||||||
|
expose: false
|
||||||
|
# The exposed port for this service
|
||||||
|
exposedPort: 9000
|
||||||
|
# The port protocol (TCP/UDP)
|
||||||
|
protocol: TCP
|
||||||
|
web:
|
||||||
|
port: 8000
|
||||||
|
# hostPort: 8000
|
||||||
|
expose: false
|
||||||
|
exposedPort: 80
|
||||||
|
# The port protocol (TCP/UDP)
|
||||||
|
protocol: TCP
|
||||||
|
# Use nodeport if set. This is useful if you have configured Traefik in a
|
||||||
|
# LoadBalancer
|
||||||
|
# nodePort: 32080
|
||||||
|
# Port Redirections
|
||||||
|
# Added in 2.2, you can make permanent redirects via entrypoints.
|
||||||
|
# https://docs.traefik.io/routing/entrypoints/#redirection
|
||||||
|
# redirectTo: websecure
|
||||||
|
websecure:
|
||||||
|
port: 8443
|
||||||
|
# hostPort: 8443
|
||||||
|
expose: false
|
||||||
|
exposedPort: 443
|
||||||
|
# The port protocol (TCP/UDP)
|
||||||
|
protocol: TCP
|
||||||
|
# nodePort: 32443
|
||||||
|
# Enable HTTP/3.
|
||||||
|
# Requires enabling experimental http3 feature and tls.
|
||||||
|
# Note that you cannot have a UDP entrypoint with the same port.
|
||||||
|
http3: true
|
||||||
|
# Set TLS at the entrypoint
|
||||||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||||||
|
tls:
|
||||||
|
enabled: true
|
||||||
|
# # this is the name of a TLSOption definition
|
||||||
|
# options: ""
|
||||||
|
# certResolver: cf
|
||||||
|
# domains:
|
||||||
|
# - main: roxedus.com
|
||||||
|
# sans:
|
||||||
|
# - "*.roxedus.com"
|
||||||
|
# - bar.example.com
|
||||||
|
metrics:
|
||||||
|
port: 9100
|
||||||
|
# hostPort: 9100
|
||||||
|
# Defines whether the port is exposed if service.type is LoadBalancer or
|
||||||
|
# NodePort.
|
||||||
|
#
|
||||||
|
# You may not want to expose the metrics port on production deployments.
|
||||||
|
# If you want to access it from outside of your cluster,
|
||||||
|
# use `kubectl port-forward` or create a secure ingress
|
||||||
|
expose: false
|
||||||
|
# The exposed port for this service
|
||||||
|
exposedPort: 9100
|
||||||
|
# The port protocol (TCP/UDP)
|
||||||
|
protocol: TCP
|
||||||
|
|
||||||
|
# TLS Options are created as TLSOption CRDs
|
||||||
|
# https://doc.traefik.io/traefik/https/tls/#tls-options
|
||||||
|
# Example:
|
||||||
|
tlsOptions:
|
||||||
|
default:
|
||||||
|
sniStrict: true
|
||||||
|
minVersion: VersionTLS12
|
||||||
|
# preferServerCipherSuites: true
|
||||||
|
# foobar:
|
||||||
|
# curvePreferences:
|
||||||
|
# - CurveP521
|
||||||
|
# - CurveP384
|
||||||
|
|
||||||
|
# Options for the main traefik service, where the entrypoints traffic comes
|
||||||
|
# from.
|
||||||
|
service:
|
||||||
|
enabled: false
|
||||||
|
type: NodePort
|
||||||
|
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
|
||||||
|
annotations: {}
|
||||||
|
# Additional annotations for TCP service only
|
||||||
|
annotationsTCP: {}
|
||||||
|
# Additional annotations for UDP service only
|
||||||
|
annotationsUDP: {}
|
||||||
|
# Additional service labels (e.g. for filtering Service by custom labels)
|
||||||
|
labels: {}
|
||||||
|
# Additional entries here will be added to the service spec.
|
||||||
|
# Cannot contain type, selector or ports entries.
|
||||||
|
spec:
|
||||||
|
{}
|
||||||
|
# externalTrafficPolicy: Cluster
|
||||||
|
# loadBalancerIP: "1.2.3.4"
|
||||||
|
# clusterIP: "2.3.4.5"
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
[]
|
||||||
|
# - 192.168.0.1/32
|
||||||
|
# - 172.16.0.0/16
|
||||||
|
externalIPs:
|
||||||
|
[]
|
||||||
|
# - 1.2.3.4
|
||||||
|
# One of SingleStack, PreferDualStack, or RequireDualStack.
|
||||||
|
# ipFamilyPolicy: SingleStack
|
||||||
|
# List of IP families (e.g. IPv4 and/or IPv6).
|
||||||
|
# ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
|
||||||
|
# ipFamilies:
|
||||||
|
# - IPv4
|
||||||
|
# - IPv6
|
||||||
|
|
||||||
|
## Create HorizontalPodAutoscaler object.
|
||||||
|
##
|
||||||
|
autoscaling:
|
||||||
|
enabled: false
|
||||||
|
# minReplicas: 1
|
||||||
|
# maxReplicas: 10
|
||||||
|
# metrics:
|
||||||
|
# - type: Resource
|
||||||
|
# resource:
|
||||||
|
# name: cpu
|
||||||
|
# targetAverageUtilization: 60
|
||||||
|
# - type: Resource
|
||||||
|
# resource:
|
||||||
|
# name: memory
|
||||||
|
# targetAverageUtilization: 60
|
||||||
|
|
||||||
|
# Enable persistence using Persistent Volume Claims
|
||||||
|
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
||||||
|
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
||||||
|
# additionalArguments:
|
||||||
|
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
|
||||||
|
# It will persist TLS certificates.
|
||||||
|
persistence:
|
||||||
|
enabled: false
|
||||||
|
name: data
|
||||||
|
# existingClaim: ""
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 128Mi
|
||||||
|
# storageClass: ""
|
||||||
|
path: /data
|
||||||
|
annotations: {}
|
||||||
|
# subPath: "" # only mount a subpath of the Volume into the pod
|
||||||
|
|
||||||
|
# If hostNetwork is true, runs traefik in the host network namespace
|
||||||
|
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
|
||||||
|
# and replicas>1, a pod anti-affinity is recommended and will be set if the
|
||||||
|
# affinity is left as default.
|
||||||
|
hostNetwork: false
|
||||||
|
|
||||||
|
# Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||||
|
rbac:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
|
||||||
|
# If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
|
||||||
|
namespaced: false
|
||||||
|
|
||||||
|
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
|
||||||
|
podSecurityPolicy:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# The service account the pods will use to interact with the Kubernetes API
|
||||||
|
serviceAccount:
|
||||||
|
# If set, an existing service account is used
|
||||||
|
# If not set, a service account is created automatically using the fullname template
|
||||||
|
name: ""
|
||||||
|
|
||||||
|
# Additional serviceAccount annotations (e.g. for oidc authentication)
|
||||||
|
serviceAccountAnnotations: {}
|
||||||
|
|
||||||
|
resources:
|
||||||
|
{}
|
||||||
|
# requests:
|
||||||
|
# cpu: "100m"
|
||||||
|
# memory: "50Mi"
|
||||||
|
# limits:
|
||||||
|
# cpu: "300m"
|
||||||
|
# memory: "150Mi"
|
||||||
|
affinity: {}
|
||||||
|
# # This example pod anti-affinity forces the scheduler to put traefik pods
|
||||||
|
# # on nodes where no other traefik pods are scheduled.
|
||||||
|
# # It should be used when hostNetwork: true to prevent port conflicts
|
||||||
|
# podAntiAffinity:
|
||||||
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
# - labelSelector:
|
||||||
|
# matchExpressions:
|
||||||
|
# - key: app.kubernetes.io/name
|
||||||
|
# operator: In
|
||||||
|
# values:
|
||||||
|
# - {{ template "traefik.name" . }}
|
||||||
|
# topologyKey: kubernetes.io/hostname
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/arch: amd64
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
# Pods can have priority.
|
||||||
|
# Priority indicates the importance of a Pod relative to other Pods.
|
||||||
|
priorityClassName: ""
|
||||||
|
|
||||||
|
# Set the container security context
|
||||||
|
# To run the container with ports below 1024 this will need to be adjust to run as root
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
drop: [ALL]
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 65532
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65532
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
fsGroup: 65532
|
3
apps/Chart.yaml
Normal file
3
apps/Chart.yaml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: root
|
||||||
|
version: 1.0.0
|
20
apps/templates/argo-cd.yaml
Normal file
20
apps/templates/argo-cd.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: argo-cd
|
||||||
|
namespace: argo-cd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: argo-cd
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
path: Charts/argo-cd
|
||||||
|
repoURL: https://git.roxedus.dev/Roxedus/Argo.git
|
||||||
|
targetRevision: HEAD
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
0
apps/values.yaml
Normal file
0
apps/values.yaml
Normal file
Loading…
Reference in New Issue
Block a user