Update Helm release kube-prometheus-stack to v42.3.0 - autoclosed #34

Closed
Renovate wants to merge 0 commits from renovate/kube-prometheus-stack-42.x into main
33 changed files with 425 additions and 515 deletions

1
.gitignore vendored
View File

@ -1,2 +1 @@
**/_hold **/_hold
ignore/

View File

@ -4,13 +4,14 @@
], ],
"kubernetes": { "kubernetes": {
"fileMatch": [ "fileMatch": [
"Deployments/.+\\.yaml$", "Deployments\\*\\.yaml$",
"CI/.+\\.yaml$" "apps\\*\\.yaml$",
"CI\\*\\.yaml$"
] ]
}, },
"argocd": { "argocd": {
"fileMatch": [ "fileMatch": [
"apps/.+\\.yaml$" "\\.yaml$"
] ]
}, },
"packageRules": [ "packageRules": [

View File

@ -17,10 +17,9 @@ spec:
# Update this to the latest available and then enable Renovate on # Update this to the latest available and then enable Renovate on
# the manifest # the manifest
image: renovate/renovate:35.1.2 image: renovate/renovate:32.74.2
args: args:
- Roxedus/Argo - Roxedus/Argo
- Roxedus/Infra
# Environment Variables # Environment Variables
env: env:
- name: LOG_LEVEL - name: LOG_LEVEL
@ -33,7 +32,9 @@ spec:
value: "https://git.roxedus.dev/api/v1" value: "https://git.roxedus.dev/api/v1"
envFrom: envFrom:
- secretRef: - secretRef:
name: renovate-secret name: renovate-pat
- secretRef:
name: renovate-gh
volumeMounts: volumeMounts:
- name: work-volume - name: work-volume
mountPath: /tmp/renovate/ mountPath: /tmp/renovate/

View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 5.25.0 version: 5.16.2
digest: sha256:4dfa4a29330c4987747d06ba01f719a155d00baf6adbbcb7e03c76118643afac digest: sha256:4ed5381766c894e618c3ba8783372a7d2019c23cc98c8abf87ac86a50bbbced2
generated: "2023-03-09T13:00:39.375996286Z" generated: "2022-12-07T08:00:20.159756153Z"

View File

@ -3,5 +3,5 @@ name: argo-cd
version: 1.0.0 version: 1.0.0
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 5.25.0 version: 5.16.2
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm

View File

@ -6,8 +6,8 @@ argo-cd:
policy.csv: | policy.csv: |
g, roxedus, role:admin g, roxedus, role:admin
g, ArgoCD Admins, role:admin g, ArgoCD Admins, role:admin
#service: service:
# type: NodePort type: NodePort
extraArgs: extraArgs:
- --insecure - --insecure
@ -26,13 +26,14 @@ argo-cd:
config: config:
accounts.roxedus: apiKey, login accounts.roxedus: apiKey, login
accounts.admin.enabled: "true" accounts.admin.enabled: "false"
repositories: | repositories: |
- type: helm - type: helm
name: argo-cd name: argo-cd
url: https://argoproj.github.io/argo-helm url: https://argoproj.github.io/argo-helm
configs: configs:
cm: cm:
admin.enabled: false
url: https://argo.roxedus.com url: https://argo.roxedus.com
resource.customizations.health.networking.k8s.io_Ingress: | resource.customizations.health.networking.k8s.io_Ingress: |
@ -40,11 +41,6 @@ argo-cd:
hs.status = "Healthy" hs.status = "Healthy"
return hs return hs
? resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration
: |
jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle'
resource.customizations.health.cert-manager.io_Certificate: | resource.customizations.health.cert-manager.io_Certificate: |
hs = {} hs = {}
if obj.status ~= nil then if obj.status ~= nil then
@ -72,9 +68,9 @@ argo-cd:
connectors: connectors:
- config: - config:
issuer: https://authentik.roxedus.com/application/o/argocd/ issuer: https://authentik.roxedus.com/application/o/argo/
clientID: $argo-cd-sso:clientID clientID: 509095b1ecd5117c95b9a2879d1cbcd5adc0b5d9
clientSecret: $argo-cd-sso:clientSecret clientSecret: $authentik-sso:oidc.auth0.clientSecret
insecureEnableGroups: true insecureEnableGroups: true
scopes: scopes:
- openid - openid

View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd-server
namespace: argo-cd
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`argocd.roxedus.com`)
priority: 10
services:
- name: argo-cd-argocd-server
port: 80

View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: longhorn-system
namespace: longhorn-system
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`longhorn.roxedus.com`)
priority: 10
services:
- name: longhorn-frontend
port: 80

View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
name: traefik-dash
namespace: traefik
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`traefik.roxedus.com`) && ( PathPrefix(`/dashboard`) || PathPrefix(`/api`))
services:
- kind: TraefikService
name: api@internal

View File

@ -0,0 +1,85 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: firefox
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: firefox
template:
metadata:
labels:
app: firefox
spec:
containers:
- image: lscr.io/linuxserver/firefox:101.0.1-r0-ls69
name: firefox
resources:
limits:
cpu: "1200m"
memory: "2000Mi"
requests:
cpu: "300m"
memory: "40Mi"
env:
- name: TZ
value: Europe/Oslo
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: S6_VERBOSITY
value: "5"
ports:
- containerPort: 3000
volumeMounts:
- name: vol
mountPath: /config
- name: dshm
mountPath: /dev/shm
- mountPath: /etc/s6-overlay/s6-rc.d/svc-xrdp-sesman/run
subPath: run
name: config
volumes:
- name: vol
emptyDir:
- name: dshm
emptyDir:
medium: Memory
- name: config
configMap:
name: firefox-edit
---
apiVersion: v1
kind: Service
metadata:
name: firefox-svc
labels:
app: firefox
spec:
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 30104
selector:
app: firefox
---
apiVersion: v1
kind: ConfigMap
metadata:
name: firefox-edit
data:
run: |
#! /usr/bin/execlineb -P
# Redirect stderr to stdout.
fdmove -c 2 1
# Notify service manager when xrdp is up
#s6-notifyoncheck -w 500 -c "nc -z localhost 3350"
/usr/sbin/xrdp-sesman --nodaemon

View File

@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: overseerr
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: overseerr
template:
metadata:
labels:
app: overseerr
spec:
containers:
- image: ghcr.io/sct/overseerr:1.29.1
name: overseerr
resources:
limits:
cpu: "1200m"
memory: "500Mi"
requests:
cpu: "300m"
memory: "40Mi"
env:
- name: TZ
value: Europe/Oslo
ports:
- containerPort: 5055
volumeMounts:
- name: vol
mountPath: /app/config
volumes:
- name: vol
persistentVolumeClaim:
claimName: overseerr-pvc
---
apiVersion: v1
kind: Service
metadata:
name: overseerr-svc
labels:
app: overseerr
spec:
type: NodePort
ports:
- port: 5055
targetPort: 5055
nodePort: 30101
selector:
app: overseerr
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: overseerr-pvc
labels:
app: overseerr
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi

View File

@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: py-kms
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: py-kms
template:
metadata:
labels:
app: py-kms
spec:
containers:
- image: ghcr.io/thespad/py-kms@sha256:48f2a58b03eb84da40d2be79eb49eb4c14978ef2c2d4a4f8d63a0c1f1d9b23c3
name: py-kms
resources:
limits:
cpu: "800m"
memory: "100Mi"
requests:
cpu: "300m"
memory: "40Mi"
ports:
- containerPort: 1688
---
apiVersion: v1
kind: Service
metadata:
name: py-kms
spec:
ports:
- port: 1688
targetPort: 1688
selector:
app: py-kms

View File

@ -1,92 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: organizr
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: organizr
template:
metadata:
labels:
app: organizr
spec:
containers:
- name: organizr
image: docker.roxedus.net/roxedus/org-less
resources:
limits:
memory: "2G"
cpu: "1000m"
env:
- name: TZ
value: Europe/Oslo
- name: PUID
value: "1000"
- name: PGID
value: "1000"
ports:
- containerPort: 80
volumeMounts:
- mountPath: /var/www/data
name: config
volumes:
- name: config
persistentVolumeClaim:
claimName: organizr-pvc
---
apiVersion: v1
kind: Service
metadata:
name: organizr
spec:
type: ClusterIP
selector:
app: organizr
ports:
- port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/acme-challenge-type: dns01
traefik.ingress.kubernetes.io/router.middlewares: authentik-ak-outpost-authentik-embedded-outpost@kubernetescrd
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
name: organizr
namespace: default
spec:
ingressClassName: traefik
rules:
- host: organizr.roxedus.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: organizr
port:
number: 80
tls:
- hosts:
- organizr.roxedus.com
secretName: organizr-roxedus-com-cert
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: organizr-pvc
labels:
app: organizr
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi

View File

@ -56,24 +56,6 @@ spec:
- port: 8080 - port: 8080
targetPort: 8080 targetPort: 8080
--- ---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: searxng
namespace: default
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: searxng
dataFrom:
- extract:
key: searxng
conversionStrategy: Default
decodingStrategy: Auto
---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:

View File

@ -1,21 +0,0 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argo-cd-sso
namespace: argo-cd
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: argo-cd-sso
template:
metadata:
labels:
app.kubernetes.io/part-of: argocd
dataFrom:
- extract:
key: argo-cd-sso
conversionStrategy: Default
decodingStrategy: Auto

View File

@ -1,33 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-authentik
namespace: authentik
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: authentik-secret
data:
- secretKey: AUTHENTIK_SECRET_KEY
remoteRef:
key: authentik/authentik
property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-authentik-psql
namespace: authentik
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: postgres-secret
data:
- secretKey: password
remoteRef:
key: authentik/postgres
property: password

View File

@ -1,16 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: roxedus.com-cloudflare
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cloudflare-issuer-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token
key: CLOUDFLARE_API_KEY

View File

@ -1,16 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-cloudflare
namespace: cert-manager
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: cloudflare-api-token
data:
- secretKey: CLOUDFLARE_API_KEY
remoteRef:
key: cloudflare-api-token-secret
property: CLOUDFLARE_API_KEY

View File

@ -1,21 +0,0 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-oauth
namespace: prometheus
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: grafana-oauth
template:
metadata:
labels:
app.kubernetes.io/part-of: grafana
dataFrom:
- extract:
key: prometheus/grafana-sso
conversionStrategy: Default
decodingStrategy: None

View File

@ -1,15 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: vlan2-pool
namespace: metallb-system
spec:
addresses:
- 10.0.2.40-10.0.2.50
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: vlan2-pool-advertisement
namespace: metallb-system

View File

@ -1,20 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-renovate
namespace: ci
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: renovate-secret
data:
- secretKey: GITHUB_COM_TOKEN
remoteRef:
key: ci/renovate
property: github
- secretKey: RENOVATE_TOKEN
remoteRef:
key: ci/renovate
property: token

View File

@ -1,20 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: secret-store
namespace: external-secrets
spec:
provider:
vault:
server: "http://vault.vault:8200"
path: "kv"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "kube-role"
# conditions:
# - namespaceSelector:
# matchLabels:
# secret.roxedus.com/global-store: "true"

View File

@ -17,6 +17,7 @@ spec:
image: image:
repository: ghcr.io/goauthentik/server repository: ghcr.io/goauthentik/server
tag: 2022.11.3
authentik: authentik:
error_reporting: error_reporting:
@ -40,18 +41,16 @@ spec:
secretName: authentik-roxedus-com-cert secretName: authentik-roxedus-com-cert
envValueFrom: envValueFrom:
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
key: postgresql-password
name: authentik-postgresql
AUTHENTIK_SECRET_KEY: AUTHENTIK_SECRET_KEY:
secretKeyRef: secretKeyRef:
key: AUTHENTIK_SECRET_KEY key: AUTHENTIK_SECRET_KEY
name: authentik-secret name: authentik-secret
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
key: password
name: postgres-secret
prometheus.rules.create: true
postgresql: postgresql:
image: image:
registry: ghcr.io registry: ghcr.io
@ -60,11 +59,11 @@ spec:
enabled: true enabled: true
# auth: # auth:
# existingSecret: authentik-postgresql # existingSecret: authentik-postgresql
persistence: # persistence:
enabled: true # enabled: true
storageClass: longhorn # storageClass: longhorn
accessModes: # accessModes:
- ReadWriteOnce # - ReadWriteOnce
redis: redis:
enabled: true enabled: true
image: image:
@ -73,7 +72,7 @@ spec:
tag: 6.2.7-debian-11-r39 tag: 6.2.7-debian-11-r39
repoURL: https://charts.goauthentik.io repoURL: https://charts.goauthentik.io
targetRevision: 2023.2.4 targetRevision: 2022.11.3
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

View File

@ -16,7 +16,7 @@ spec:
values: | values: |
prometheus: prometheus:
enabled: true enabled: false
extraArgs: extraArgs:
- --enable-certificate-owner-ref=true - --enable-certificate-owner-ref=true
@ -24,11 +24,31 @@ spec:
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
repoURL: https://charts.jetstack.io repoURL: https://charts.jetstack.io
targetRevision: v1.11.0 targetRevision: 1.10.1
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true
selfHeal: true selfHeal: true
syncOptions:
- CreateNamespace=true ---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: roxedus.com-cloudflare
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cloudflare-issuer-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret
key: CLOUDFLARE_API_KEY
# selector:
# dnsNames:
# - 'roxedus.com'
# - '*.roxedus.com'

View File

@ -1,28 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: external-secrets
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: external-secrets
project: default
source:
chart: external-secrets
helm:
values: |
prometheus.enabled: true
repoURL: https://charts.external-secrets.io
targetRevision: 0.7.2
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

View File

@ -15,12 +15,10 @@ spec:
helm: helm:
values: | values: |
loki.isDefault: false
test_pod: {} test_pod: {}
prometheus.enabled: true
repoURL: https://grafana.github.io/helm-charts repoURL: https://grafana.github.io/helm-charts
targetRevision: 2.9.9 targetRevision: 2.8.7
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

View File

@ -1,56 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: longhorn
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: longhorn-system
project: default
source:
chart: longhorn
helm:
values: |
persistence:
defaultClassReplicaCount: 2
longhornManager:
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
longhornDriver:
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
ingress:
enabled: true
ingressClassName: traefik
secureBackends: true
annotations:
cert-manager.io/acme-challenge-type: dns01
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
# traefik.ingress.kubernetes.io/router.middlewares: authentik-ak-outpost-localcluster@kubernetescrd
traefik.ingress.kubernetes.io/router.priority: "1"
host: longhorn.roxedus.com
tls: true
tlsSecret: longhorn-roxedus-com-cert
repoURL: https://charts.longhorn.io
targetRevision: v1.4.0
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

View File

@ -14,7 +14,7 @@ spec:
chart: metallb chart: metallb
repoURL: https://metallb.github.io/metallb repoURL: https://metallb.github.io/metallb
targetRevision: 0.13.9 targetRevision: 0.13.7
syncPolicy: syncPolicy:
automated: automated:
@ -22,3 +22,18 @@ spec:
selfHeal: true selfHeal: true
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 10.0.2.40-10.0.2.50
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: first-pool-advertisement
namespace: metallb-system

View File

@ -1,22 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: metaobjects
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: default
project: default
source:
path: MetaObjects/
repoURL: https://git.roxedus.dev/Roxedus/Argo.git
targetRevision: HEAD
directory:
recurse: true
syncPolicy:
automated:
prune: true
selfHeal: true

View File

@ -17,7 +17,7 @@ spec:
args: args:
- --kubelet-insecure-tls - --kubelet-insecure-tls
repoURL: https://kubernetes-sigs.github.io/metrics-server/ repoURL: https://kubernetes-sigs.github.io/metrics-server/
targetRevision: 3.8.4 targetRevision: 3.8.2
syncPolicy: syncPolicy:
automated: automated:

View File

@ -29,11 +29,9 @@ spec:
kubeStateMetrics.enabled: false kubeStateMetrics.enabled: false
grafana: grafana:
sidecar.datasources.isDefaultDatasource: false # persistence:
enabled: true # enabled: true
persistence: # storageClassName: longhorn
enabled: true
storageClassName: longhorn
env: env:
GF_SERVER_ROOT_URL: https://%(domain)s/ GF_SERVER_ROOT_URL: https://%(domain)s/
GF_AUTH_GENERIC_OAUTH_ENABLED: "true" GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
@ -61,7 +59,7 @@ spec:
secretName: grafana-roxedus-com-cert secretName: grafana-roxedus-com-cert
repoURL: https://prometheus-community.github.io/helm-charts repoURL: https://prometheus-community.github.io/helm-charts
targetRevision: 45.7.1 targetRevision: 42.3.0
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

View File

@ -15,6 +15,12 @@ spec:
helm: helm:
values: | values: |
image:
repository: &traefikImage library/traefik
name: *traefikImage
tag: v2.9.4
pullPolicy: IfNotPresent
experimental: experimental:
http3: http3:
enabled: true enabled: true
@ -23,10 +29,38 @@ spec:
kubernetesGateway: kubernetesGateway:
enabled: false enabled: false
# dnsPolicy: ClusterFirstWithHostNet
# hostNetwork: true
# nodeSelector:
# hasDns: "true"
# securityContext:
# capabilities:
# drop: [ALL]
# add: [NET_BIND_SERVICE]
# readOnlyRootFilesystem: true
# runAsGroup: 0
# runAsNonRoot: false
# runAsUser: 0
globalArguments: []
additionalArguments: additionalArguments:
# - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
- "--api.insecure=true" - "--api.insecure=true"
- "--ping" - "--ping"
- "--ping.entrypoint=traefik" - "--ping.entrypoint=traefik"
envFrom:
- secretRef:
name: traefik-secrets
# persistence:
# enabled: true
# name: data
# accessMode: ReadWriteOnce
# size: 128Mi
# storageClass: "longhorn"
# path: /data
ports: ports:
traefik: traefik:
@ -64,6 +98,21 @@ spec:
enabled: true enabled: true
type: LoadBalancer type: LoadBalancer
# deployment:
# initContainers:
# #The "volume-permissions" init container is required if you run into permission issues.
# #Related issue: https://github.com/traefik/traefik/issues/6825
# - name: volume-permissions
# image: busybox:1.35
# command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
# volumeMounts:
# - name: data
# mountPath: /data
logs:
general:
level: DEBUG
providers: providers:
kubernetesCRD: kubernetesCRD:
allowCrossNamespace: true allowCrossNamespace: true
@ -75,8 +124,19 @@ spec:
enabled: true enabled: true
isDefaultClass: true isDefaultClass: true
# certResolvers:
# cloudflare:
# email: me@roxedus.dev
# #caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# dnsChallenge:
# provider: cloudflare
# resolvers:
# - "1.1.1.1:53"
# - "8.8.8.8:53"
# storage: /data/acme.json
repoURL: https://helm.traefik.io/traefik repoURL: https://helm.traefik.io/traefik
targetRevision: 21.2.0 targetRevision: 20.6.0
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

View File

@ -1,33 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vault
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: vault
project: default
source:
chart: vault
helm:
values: |
server.dataStorage.storageClass: longhorn
ui:
enabled: true
serviceType: NodePort
global.serverTelemetry.prometheusOperator: true
repoURL: https://helm.releases.hashicorp.com
targetRevision: 0.23.0
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true