Roxedus/Argo
1
0
Fork 0
Code Issues 1 Pull Requests 9 Releases Wiki Activity

Update Helm release loki-stack to v2.8.8 - autoclosed #35

Closed
Renovate wants to merge 0 commits from renovate/loki-stack-2.x into main
pull from: renovate/loki-stack-2.x
merge into: Roxedus:main
Conversation 0 Commits - Files Changed 33 +425 -515
33 changed files with 425 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1 @@
**/_hold
ignore/

7
.renovaterc
View File

@ -4,13 +4,14 @@
],
"kubernetes": {
"fileMatch": [
"Deployments/.+\\.yaml$",
"CI/.+\\.yaml$"
"Deployments\\*\\.yaml$",
"apps\\*\\.yaml$",
"CI\\*\\.yaml$"
]
},
"argocd": {
"fileMatch": [
"apps/.+\\.yaml$"
"\\.yaml$"
]
},
"packageRules": [

7
CI/renovate/renovate-job.yaml
View File

@ -17,10 +17,9 @@ spec:
# Update this to the latest available and then enable Renovate on
# the manifest
image: renovate/renovate:35.1.2
image: renovate/renovate:32.74.2
args:
- Roxedus/Argo
- Roxedus/Infra
# Environment Variables
env:
- name: LOG_LEVEL
@ -33,7 +32,9 @@ spec:
value: "https://git.roxedus.dev/api/v1"
envFrom:
- secretRef:
name: renovate-secret
name: renovate-pat
- secretRef:
name: renovate-gh
volumeMounts:
- name: work-volume
mountPath: /tmp/renovate/

6
Charts/argo-cd/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 5.25.0
digest: sha256:4dfa4a29330c4987747d06ba01f719a155d00baf6adbbcb7e03c76118643afac
generated: "2023-03-09T13:00:39.375996286Z"
version: 5.16.2
digest: sha256:4ed5381766c894e618c3ba8783372a7d2019c23cc98c8abf87ac86a50bbbced2
generated: "2022-12-07T08:00:20.159756153Z"

2
Charts/argo-cd/Chart.yaml
View File

@ -3,5 +3,5 @@ name: argo-cd
version: 1.0.0
dependencies:
- name: argo-cd
version: 5.25.0
version: 5.16.2
repository: https://argoproj.github.io/argo-helm

18
Charts/argo-cd/values.yaml
View File

@ -6,8 +6,8 @@ argo-cd:
policy.csv: |
g, roxedus, role:admin
g, ArgoCD Admins, role:admin
#service:
# type: NodePort
service:
type: NodePort
extraArgs:
- --insecure
@ -26,13 +26,14 @@ argo-cd:
config:
accounts.roxedus: apiKey, login
accounts.admin.enabled: "true"
accounts.admin.enabled: "false"
repositories: |
- type: helm
name: argo-cd
url: https://argoproj.github.io/argo-helm
configs:
cm:
admin.enabled: false
url: https://argo.roxedus.com
resource.customizations.health.networking.k8s.io_Ingress: |
@ -40,11 +41,6 @@ argo-cd:
hs.status = "Healthy"
return hs
? resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration
: |
jqPathExpressions:
- '.webhooks[]?.clientConfig.caBundle'
resource.customizations.health.cert-manager.io_Certificate: |
hs = {}
if obj.status ~= nil then
@ -72,9 +68,9 @@ argo-cd:
connectors:
- config:
issuer: https://authentik.roxedus.com/application/o/argocd/
clientID: $argo-cd-sso:clientID
clientSecret: $argo-cd-sso:clientSecret
issuer: https://authentik.roxedus.com/application/o/argo/
clientID: 509095b1ecd5117c95b9a2879d1cbcd5adc0b5d9
clientSecret: $authentik-sso:oidc.auth0.clientSecret
insecureEnableGroups: true
scopes:
- openid

15
Deployments.ol/.ingress/argo-ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd-server
namespace: argo-cd
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`argocd.roxedus.com`)
priority: 10
services:
- name: argo-cd-argocd-server
port: 80

15
Deployments.ol/.ingress/longhorn-ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: longhorn-system
namespace: longhorn-system
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`longhorn.roxedus.com`)
priority: 10
services:
- name: longhorn-frontend
port: 80

15
Deployments.ol/.ingress/traefik-ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
name: traefik-dash
namespace: traefik
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`traefik.roxedus.com`) && ( PathPrefix(`/dashboard`) || PathPrefix(`/api`))
services:
- kind: TraefikService
name: api@internal

85
Deployments.ol/firefox.yaml Normal file
View File

@ -0,0 +1,85 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: firefox
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: firefox
template:
metadata:
labels:
app: firefox
spec:
containers:
- image: lscr.io/linuxserver/firefox:101.0.1-r0-ls69
name: firefox
resources:
limits:
cpu: "1200m"
memory: "2000Mi"
requests:
cpu: "300m"
memory: "40Mi"
env:
- name: TZ
value: Europe/Oslo
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: S6_VERBOSITY
value: "5"
ports:
- containerPort: 3000
volumeMounts:
- name: vol
mountPath: /config
- name: dshm
mountPath: /dev/shm
- mountPath: /etc/s6-overlay/s6-rc.d/svc-xrdp-sesman/run
subPath: run
name: config
volumes:
- name: vol
emptyDir:
- name: dshm
emptyDir:
medium: Memory
- name: config
configMap:
name: firefox-edit
---
apiVersion: v1
kind: Service
metadata:
name: firefox-svc
labels:
app: firefox
spec:
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 30104
selector:
app: firefox
---
apiVersion: v1
kind: ConfigMap
metadata:
name: firefox-edit
data:
run: |
#! /usr/bin/execlineb -P
# Redirect stderr to stdout.
fdmove -c 2 1
# Notify service manager when xrdp is up
#s6-notifyoncheck -w 500 -c "nc -z localhost 3350"
/usr/sbin/xrdp-sesman --nodaemon

66
Deployments.ol/overseerr.yaml Normal file
View File

@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: overseerr
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: overseerr
template:
metadata:
labels:
app: overseerr
spec:
containers:
- image: ghcr.io/sct/overseerr:1.29.1
name: overseerr
resources:
limits:
cpu: "1200m"
memory: "500Mi"
requests:
cpu: "300m"
memory: "40Mi"
env:
- name: TZ
value: Europe/Oslo
ports:
- containerPort: 5055
volumeMounts:
- name: vol
mountPath: /app/config
volumes:
- name: vol
persistentVolumeClaim:
claimName: overseerr-pvc
---
apiVersion: v1
kind: Service
metadata:
name: overseerr-svc
labels:
app: overseerr
spec:
type: NodePort
ports:
- port: 5055
targetPort: 5055
nodePort: 30101
selector:
app: overseerr
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: overseerr-pvc
labels:
app: overseerr
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi

38
Deployments.ol/py-kms.yaml Normal file
View File

@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: py-kms
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: py-kms
template:
metadata:
labels:
app: py-kms
spec:
containers:
- image: ghcr.io/thespad/py-kms@sha256:48f2a58b03eb84da40d2be79eb49eb4c14978ef2c2d4a4f8d63a0c1f1d9b23c3
name: py-kms
resources:
limits:
cpu: "800m"
memory: "100Mi"
requests:
cpu: "300m"
memory: "40Mi"
ports:
- containerPort: 1688
---
apiVersion: v1
kind: Service
metadata:
name: py-kms
spec:
ports:
- port: 1688
targetPort: 1688
selector:
app: py-kms

92
Deployments/organizr.yaml
View File

@ -1,92 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: organizr
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: organizr
template:
metadata:
labels:
app: organizr
spec:
containers:
- name: organizr
image: docker.roxedus.net/roxedus/org-less
resources:
limits:
memory: "2G"
cpu: "1000m"
env:
- name: TZ
value: Europe/Oslo
- name: PUID
value: "1000"
- name: PGID
value: "1000"
ports:
- containerPort: 80
volumeMounts:
- mountPath: /var/www/data
name: config
volumes:
- name: config
persistentVolumeClaim:
claimName: organizr-pvc
---
apiVersion: v1
kind: Service
metadata:
name: organizr
spec:
type: ClusterIP
selector:
app: organizr
ports:
- port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/acme-challenge-type: dns01
traefik.ingress.kubernetes.io/router.middlewares: authentik-ak-outpost-authentik-embedded-outpost@kubernetescrd
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
name: organizr
namespace: default
spec:
ingressClassName: traefik
rules:
- host: organizr.roxedus.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: organizr
port:
number: 80
tls:
- hosts:
- organizr.roxedus.com
secretName: organizr-roxedus-com-cert
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: organizr-pvc
labels:
app: organizr
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi

18
Deployments/searxng.yaml
View File

@ -56,24 +56,6 @@ spec:
- port: 8080
targetPort: 8080
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: searxng
namespace: default
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: searxng
dataFrom:
- extract:
key: searxng
conversionStrategy: Default
decodingStrategy: Auto
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:

21
MetaObjects/argo-cd-sso-secret.yml
View File

@ -1,21 +0,0 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argo-cd-sso
namespace: argo-cd
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: argo-cd-sso
template:
metadata:
labels:
app.kubernetes.io/part-of: argocd
dataFrom:
- extract:
key: argo-cd-sso
conversionStrategy: Default
decodingStrategy: Auto

33
MetaObjects/authentik-keys.yml
View File

@ -1,33 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-authentik
namespace: authentik
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: authentik-secret
data:
- secretKey: AUTHENTIK_SECRET_KEY
remoteRef:
key: authentik/authentik
property: secret_key
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-authentik-psql
namespace: authentik
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: postgres-secret
data:
- secretKey: password
remoteRef:
key: authentik/postgres
property: password

16
MetaObjects/cert-manager-issuer.yml
View File

@ -1,16 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: roxedus.com-cloudflare
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cloudflare-issuer-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token
key: CLOUDFLARE_API_KEY

16
MetaObjects/cloudflare-keys.yml
View File

@ -1,16 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-cloudflare
namespace: cert-manager
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: cloudflare-api-token
data:
- secretKey: CLOUDFLARE_API_KEY
remoteRef:
key: cloudflare-api-token-secret
property: CLOUDFLARE_API_KEY

21
MetaObjects/grafana-sso-secret.yml
View File

@ -1,21 +0,0 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-oauth
namespace: prometheus
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: grafana-oauth
template:
metadata:
labels:
app.kubernetes.io/part-of: grafana
dataFrom:
- extract:
key: prometheus/grafana-sso
conversionStrategy: Default
decodingStrategy: None

15
MetaObjects/metallb-pool.yml
View File

@ -1,15 +0,0 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: vlan2-pool
namespace: metallb-system
spec:
addresses:
- 10.0.2.40-10.0.2.50
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: vlan2-pool-advertisement
namespace: metallb-system

20
MetaObjects/renovate-keys.yml
View File

@ -1,20 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ext-renovate
namespace: ci
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: renovate-secret
data:
- secretKey: GITHUB_COM_TOKEN
remoteRef:
key: ci/renovate
property: github
- secretKey: RENOVATE_TOKEN
remoteRef:
key: ci/renovate
property: token

20
MetaObjects/secret-store.yml
View File

@ -1,20 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: secret-store
namespace: external-secrets
spec:
provider:
vault:
server: "http://vault.vault:8200"
path: "kv"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "kube-role"
# conditions:
# - namespaceSelector:
# matchLabels:
# secret.roxedus.com/global-store: "true"

25
apps/templates/authentik.yaml
View File

@ -17,6 +17,7 @@ spec:
image:
repository: ghcr.io/goauthentik/server
tag: 2022.11.3
authentik:
error_reporting:
@ -40,18 +41,16 @@ spec:
secretName: authentik-roxedus-com-cert
envValueFrom:
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
key: postgresql-password
name: authentik-postgresql
AUTHENTIK_SECRET_KEY:
secretKeyRef:
key: AUTHENTIK_SECRET_KEY
name: authentik-secret
AUTHENTIK_POSTGRESQL__PASSWORD:
secretKeyRef:
key: password
name: postgres-secret
prometheus.rules.create: true
postgresql:
image:
registry: ghcr.io
@ -60,11 +59,11 @@ spec:
enabled: true
# auth:
# existingSecret: authentik-postgresql
persistence:
enabled: true
storageClass: longhorn
accessModes:
- ReadWriteOnce
# persistence:
# enabled: true
# storageClass: longhorn
# accessModes:
# - ReadWriteOnce
redis:
enabled: true
image:
@ -73,7 +72,7 @@ spec:
tag: 6.2.7-debian-11-r39
repoURL: https://charts.goauthentik.io
targetRevision: 2023.2.4
targetRevision: 2022.11.3
syncPolicy:
automated:
prune: true

28
apps/templates/cert-manager.yaml
View File

@ -16,7 +16,7 @@ spec:
values: |
prometheus:
enabled: true
enabled: false
extraArgs:
- --enable-certificate-owner-ref=true
@ -24,11 +24,31 @@ spec:
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
repoURL: https://charts.jetstack.io
targetRevision: v1.11.0
targetRevision: 1.10.1
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: roxedus.com-cloudflare
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cloudflare-issuer-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret
key: CLOUDFLARE_API_KEY
# selector:
# dnsNames:
# - 'roxedus.com'
# - '*.roxedus.com'

28
apps/templates/external-secrets.yaml
View File

@ -1,28 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: external-secrets
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: external-secrets
project: default
source:
chart: external-secrets
helm:
values: |
prometheus.enabled: true
repoURL: https://charts.external-secrets.io
targetRevision: 0.7.2
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

4
apps/templates/loki.yaml
View File

@ -15,12 +15,10 @@ spec:
helm:
values: |
loki.isDefault: false
test_pod: {}
prometheus.enabled: true
repoURL: https://grafana.github.io/helm-charts
targetRevision: 2.9.9
targetRevision: 2.8.8
syncPolicy:
automated:
prune: true

56
apps/templates/longhorn.yaml
View File

@ -1,56 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: longhorn
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: longhorn-system
project: default
source:
chart: longhorn
helm:
values: |
persistence:
defaultClassReplicaCount: 2
longhornManager:
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
longhornDriver:
tolerations:
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
ingress:
enabled: true
ingressClassName: traefik
secureBackends: true
annotations:
cert-manager.io/acme-challenge-type: dns01
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
# traefik.ingress.kubernetes.io/router.middlewares: authentik-ak-outpost-localcluster@kubernetescrd
traefik.ingress.kubernetes.io/router.priority: "1"
host: longhorn.roxedus.com
tls: true
tlsSecret: longhorn-roxedus-com-cert
repoURL: https://charts.longhorn.io
targetRevision: v1.4.0
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

17
apps/templates/metallb.yaml
View File

@ -14,7 +14,7 @@ spec:
chart: metallb
repoURL: https://metallb.github.io/metallb
targetRevision: 0.13.9
targetRevision: 0.13.7
syncPolicy:
automated:
@ -22,3 +22,18 @@ spec:
selfHeal: true
syncOptions:
- CreateNamespace=true
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 10.0.2.40-10.0.2.50
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: first-pool-advertisement
namespace: metallb-system

22
apps/templates/metaobjects.yaml
View File

@ -1,22 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: metaobjects
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: default
project: default
source:
path: MetaObjects/
repoURL: https://git.roxedus.dev/Roxedus/Argo.git
targetRevision: HEAD
directory:
recurse: true
syncPolicy:
automated:
prune: true
selfHeal: true

2
apps/templates/metrics-server.yaml
View File

@ -17,7 +17,7 @@ spec:
args:
- --kubelet-insecure-tls
repoURL: https://kubernetes-sigs.github.io/metrics-server/
targetRevision: 3.8.4
targetRevision: 3.8.2
syncPolicy:
automated:

10
apps/templates/prometheus.yaml
View File

@ -29,11 +29,9 @@ spec:
kubeStateMetrics.enabled: false
grafana:
sidecar.datasources.isDefaultDatasource: false
enabled: true
persistence:
enabled: true
storageClassName: longhorn
# persistence:
# enabled: true
# storageClassName: longhorn
env:
GF_SERVER_ROOT_URL: https://%(domain)s/
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
@ -61,7 +59,7 @@ spec:
secretName: grafana-roxedus-com-cert
repoURL: https://prometheus-community.github.io/helm-charts
targetRevision: 45.7.1
targetRevision: 42.2.1
syncPolicy:
automated:
prune: true

62
apps/templates/traefik.yaml
View File

@ -15,6 +15,12 @@ spec:
helm:
values: |
image:
repository: &traefikImage library/traefik
name: *traefikImage
tag: v2.9.4
pullPolicy: IfNotPresent
experimental:
http3:
enabled: true
@ -23,10 +29,38 @@ spec:
kubernetesGateway:
enabled: false
# dnsPolicy: ClusterFirstWithHostNet
# hostNetwork: true
# nodeSelector:
# hasDns: "true"
# securityContext:
# capabilities:
# drop: [ALL]
# add: [NET_BIND_SERVICE]
# readOnlyRootFilesystem: true
# runAsGroup: 0
# runAsNonRoot: false
# runAsUser: 0
globalArguments: []
additionalArguments:
# - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
- "--api.insecure=true"
- "--ping"
- "--ping.entrypoint=traefik"
envFrom:
- secretRef:
name: traefik-secrets
# persistence:
# enabled: true
# name: data
# accessMode: ReadWriteOnce
# size: 128Mi
# storageClass: "longhorn"
# path: /data
ports:
traefik:
@ -64,6 +98,21 @@ spec:
enabled: true
type: LoadBalancer
# deployment:
# initContainers:
# #The "volume-permissions" init container is required if you run into permission issues.
# #Related issue: https://github.com/traefik/traefik/issues/6825
# - name: volume-permissions
# image: busybox:1.35
# command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
# volumeMounts:
# - name: data
# mountPath: /data
logs:
general:
level: DEBUG
providers:
kubernetesCRD:
allowCrossNamespace: true
@ -75,8 +124,19 @@ spec:
enabled: true
isDefaultClass: true
# certResolvers:
# cloudflare:
# email: me@roxedus.dev
# #caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# dnsChallenge:
# provider: cloudflare
# resolvers:
# - "1.1.1.1:53"
# - "8.8.8.8:53"
# storage: /data/acme.json
repoURL: https://helm.traefik.io/traefik
targetRevision: 21.2.0
targetRevision: 20.6.0
syncPolicy:
automated:
prune: true

33
apps/templates/vault.yaml
View File

@ -1,33 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vault
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: vault
project: default
source:
chart: vault
helm:
values: |
server.dataStorage.storageClass: longhorn
ui:
enabled: true
serviceType: NodePort
global.serverTelemetry.prometheusOperator: true
repoURL: https://helm.releases.hashicorp.com
targetRevision: 0.23.0
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true