Roxedus/Argo
1
0
Fork 0
Code Issues 1 Pull Requests 9 Releases Wiki Activity

Update dependency https://github.com/longhorn/longhorn to v1.4.0-rc2 #41

Closed
Renovate wants to merge 0 commits from renovate/https-github.com-longhorn-longhorn-1.x into main
pull from: renovate/https-github.com-longhorn-longhorn-1.x
merge into: Roxedus:main
Conversation 1 Commits - Files Changed 23 +272 -155
23 changed files with 272 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.renovaterc
View File

@ -4,13 +4,14 @@
], ],
"kubernetes": { "kubernetes": {
"fileMatch": [ "fileMatch": [
"Deployments/.+\\.yaml$", "Deployments\\*\\.yaml$",
"CI/.+\\.yaml$" "apps\\*\\.yaml$",
"CI\\*\\.yaml$"
] ]
}, },
"argocd": { "argocd": {
"fileMatch": [ "fileMatch": [
"apps/.+\\.yaml$" "\\.yaml$"
] ]
}, },
"packageRules": [ "packageRules": [

2
CI/renovate/renovate-job.yaml
View File

@ -17,7 +17,7 @@ spec:
# Update this to the latest available and then enable Renovate on # Update this to the latest available and then enable Renovate on
# the manifest # the manifest
image: renovate/renovate:35.1.2 image: renovate/renovate:32.74.2
args: args:
- Roxedus/Argo - Roxedus/Argo
- Roxedus/Infra - Roxedus/Infra

6
Charts/argo-cd/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 5.25.0 version: 5.16.9
digest: sha256:4dfa4a29330c4987747d06ba01f719a155d00baf6adbbcb7e03c76118643afac digest: sha256:dc05a0767c5fda3083b1e60cf14fc552596caa6e3463fb4e227ef86d78a2c94f
generated: "2023-03-09T13:00:39.375996286Z" generated: "2022-12-20T14:00:20.61988911Z"

2
Charts/argo-cd/Chart.yaml
View File

@ -3,5 +3,5 @@ name: argo-cd
version: 1.0.0 version: 1.0.0
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 5.25.0 version: 5.16.9
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm

2
Charts/argo-cd/values.yaml
View File

@ -26,7 +26,7 @@ argo-cd:
config: config:
accounts.roxedus: apiKey, login accounts.roxedus: apiKey, login
accounts.admin.enabled: "true" accounts.admin.enabled: "false"
repositories: | repositories: |
- type: helm - type: helm
name: argo-cd name: argo-cd

15
Deployments.ol/.ingress/argo-ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd-server
namespace: argo-cd
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`argocd.roxedus.com`)
priority: 10
services:
- name: argo-cd-argocd-server
port: 80

15
Deployments.ol/.ingress/longhorn-ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: longhorn-system
namespace: longhorn-system
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`longhorn.roxedus.com`)
priority: 10
services:
- name: longhorn-frontend
port: 80

15
Deployments.ol/.ingress/traefik-ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
name: traefik-dash
namespace: traefik
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`traefik.roxedus.com`) && ( PathPrefix(`/dashboard`) || PathPrefix(`/api`))
services:
- kind: TraefikService
name: api@internal

85
Deployments.ol/firefox.yaml Normal file
View File

@ -0,0 +1,85 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: firefox
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: firefox
template:
metadata:
labels:
app: firefox
spec:
containers:
- image: lscr.io/linuxserver/firefox:101.0.1-r0-ls69
name: firefox
resources:
limits:
cpu: "1200m"
memory: "2000Mi"
requests:
cpu: "300m"
memory: "40Mi"
env:
- name: TZ
value: Europe/Oslo
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: S6_VERBOSITY
value: "5"
ports:
- containerPort: 3000
volumeMounts:
- name: vol
mountPath: /config
- name: dshm
mountPath: /dev/shm
- mountPath: /etc/s6-overlay/s6-rc.d/svc-xrdp-sesman/run
subPath: run
name: config
volumes:
- name: vol
emptyDir:
- name: dshm
emptyDir:
medium: Memory
- name: config
configMap:
name: firefox-edit
---
apiVersion: v1
kind: Service
metadata:
name: firefox-svc
labels:
app: firefox
spec:
type: NodePort
ports:
- port: 3000
targetPort: 3000
nodePort: 30104
selector:
app: firefox
---
apiVersion: v1
kind: ConfigMap
metadata:
name: firefox-edit
data:
run: |
#! /usr/bin/execlineb -P
# Redirect stderr to stdout.
fdmove -c 2 1
# Notify service manager when xrdp is up
#s6-notifyoncheck -w 500 -c "nc -z localhost 3350"
/usr/sbin/xrdp-sesman --nodaemon

66
Deployments.ol/overseerr.yaml Normal file
View File

@ -0,0 +1,66 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: overseerr
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: overseerr
template:
metadata:
labels:
app: overseerr
spec:
containers:
- image: ghcr.io/sct/overseerr:1.29.1
name: overseerr
resources:
limits:
cpu: "1200m"
memory: "500Mi"
requests:
cpu: "300m"
memory: "40Mi"
env:
- name: TZ
value: Europe/Oslo
ports:
- containerPort: 5055
volumeMounts:
- name: vol
mountPath: /app/config
volumes:
- name: vol
persistentVolumeClaim:
claimName: overseerr-pvc
---
apiVersion: v1
kind: Service
metadata:
name: overseerr-svc
labels:
app: overseerr
spec:
type: NodePort
ports:
- port: 5055
targetPort: 5055
nodePort: 30101
selector:
app: overseerr
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: overseerr-pvc
labels:
app: overseerr
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi

38
Deployments.ol/py-kms.yaml Normal file
View File

@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: py-kms
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: py-kms
template:
metadata:
labels:
app: py-kms
spec:
containers:
- image: ghcr.io/thespad/py-kms@sha256:48f2a58b03eb84da40d2be79eb49eb4c14978ef2c2d4a4f8d63a0c1f1d9b23c3
name: py-kms
resources:
limits:
cpu: "800m"
memory: "100Mi"
requests:
cpu: "300m"
memory: "40Mi"
ports:
- containerPort: 1688
---
apiVersion: v1
kind: Service
metadata:
name: py-kms
spec:
ports:
- port: 1688
targetPort: 1688
selector:
app: py-kms

92
Deployments/organizr.yaml
View File

@ -1,92 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: organizr
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: organizr
template:
metadata:
labels:
app: organizr
spec:
containers:
- name: organizr
image: docker.roxedus.net/roxedus/org-less
resources:
limits:
memory: "2G"
cpu: "1000m"
env:
- name: TZ
value: Europe/Oslo
- name: PUID
value: "1000"
- name: PGID
value: "1000"
ports:
- containerPort: 80
volumeMounts:
- mountPath: /var/www/data
name: config
volumes:
- name: config
persistentVolumeClaim:
claimName: organizr-pvc
---
apiVersion: v1
kind: Service
metadata:
name: organizr
spec:
type: ClusterIP
selector:
app: organizr
ports:
- port: 80
targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/acme-challenge-type: dns01
traefik.ingress.kubernetes.io/router.middlewares: authentik-ak-outpost-authentik-embedded-outpost@kubernetescrd
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
name: organizr
namespace: default
spec:
ingressClassName: traefik
rules:
- host: organizr.roxedus.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: organizr
port:
number: 80
tls:
- hosts:
- organizr.roxedus.com
secretName: organizr-roxedus-com-cert
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: organizr-pvc
labels:
app: organizr
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi

21
MetaObjects/grafana-sso-secret.yml
View File

@ -1,21 +0,0 @@
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: grafana-oauth
namespace: prometheus
spec:
secretStoreRef:
name: secret-store
kind: ClusterSecretStore
target:
name: grafana-oauth
template:
metadata:
labels:
app.kubernetes.io/part-of: grafana
dataFrom:
- extract:
key: prometheus/grafana-sso
conversionStrategy: Default
decodingStrategy: None

5
apps/templates/authentik.yaml
View File

@ -17,6 +17,7 @@ spec:
image: image:
repository: ghcr.io/goauthentik/server repository: ghcr.io/goauthentik/server
tag: 2022.11.3
authentik: authentik:
error_reporting: error_reporting:
@ -50,8 +51,6 @@ spec:
key: password key: password
name: postgres-secret name: postgres-secret
prometheus.rules.create: true
postgresql: postgresql:
image: image:
registry: ghcr.io registry: ghcr.io
@ -73,7 +72,7 @@ spec:
tag: 6.2.7-debian-11-r39 tag: 6.2.7-debian-11-r39
repoURL: https://charts.goauthentik.io repoURL: https://charts.goauthentik.io
targetRevision: 2023.2.4 targetRevision: 2022.11.3
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

4
apps/templates/cert-manager.yaml
View File

@ -16,7 +16,7 @@ spec:
values: | values: |
prometheus: prometheus:
enabled: true enabled: false
extraArgs: extraArgs:
- --enable-certificate-owner-ref=true - --enable-certificate-owner-ref=true
@ -24,7 +24,7 @@ spec:
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
repoURL: https://charts.jetstack.io repoURL: https://charts.jetstack.io
targetRevision: v1.11.0 targetRevision: 1.10.1
syncPolicy: syncPolicy:
automated: automated:

8
apps/templates/external-secrets.yaml
View File

@ -12,13 +12,11 @@ spec:
project: default project: default
source: source:
chart: external-secrets chart: external-secrets
helm: #helm:
values: | # values: []
prometheus.enabled: true
repoURL: https://charts.external-secrets.io repoURL: https://charts.external-secrets.io
targetRevision: 0.7.2 targetRevision: 0.7.0
syncPolicy: syncPolicy:
automated: automated:

3
apps/templates/loki.yaml
View File

@ -17,10 +17,9 @@ spec:
loki.isDefault: false loki.isDefault: false
test_pod: {} test_pod: {}
prometheus.enabled: true
repoURL: https://grafana.github.io/helm-charts repoURL: https://grafana.github.io/helm-charts
targetRevision: 2.9.9 targetRevision: 2.8.8
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

8
apps/templates/longhorn.yaml
View File

@ -11,7 +11,7 @@ spec:
namespace: longhorn-system namespace: longhorn-system
project: default project: default
source: source:
chart: longhorn #chart: longhorn
helm: helm:
values: | values: |
@ -45,8 +45,10 @@ spec:
tls: true tls: true
tlsSecret: longhorn-roxedus-com-cert tlsSecret: longhorn-roxedus-com-cert
repoURL: https://charts.longhorn.io #repoURL: https://charts.longhorn.io
targetRevision: v1.4.0 targetRevision: v1.4.0-rc2
repoURL: https://github.com/longhorn/longhorn
path: chart
syncPolicy: syncPolicy:
automated: automated:

2
apps/templates/metallb.yaml
View File

@ -14,7 +14,7 @@ spec:
chart: metallb chart: metallb
repoURL: https://metallb.github.io/metallb repoURL: https://metallb.github.io/metallb
targetRevision: 0.13.9 targetRevision: 0.13.7
syncPolicy: syncPolicy:
automated: automated:

2
apps/templates/metrics-server.yaml
View File

@ -17,7 +17,7 @@ spec:
args: args:
- --kubelet-insecure-tls - --kubelet-insecure-tls
repoURL: https://kubernetes-sigs.github.io/metrics-server/ repoURL: https://kubernetes-sigs.github.io/metrics-server/
targetRevision: 3.8.4 targetRevision: 3.8.3
syncPolicy: syncPolicy:
automated: automated:

25
apps/templates/prometheus.yaml
View File

@ -29,24 +29,23 @@ spec:
kubeStateMetrics.enabled: false kubeStateMetrics.enabled: false
grafana: grafana:
sidecar.datasources.isDefaultDatasource: false
enabled: true enabled: true
persistence: persistence:
enabled: true enabled: true
storageClassName: longhorn storageClassName: longhorn
env: env:
GF_SERVER_ROOT_URL: https://%(domain)s/ GF_SERVER_ROOT_URL: https://%(domain)s/
GF_AUTH_GENERIC_OAUTH_ENABLED: "true" # GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: authentik # GF_AUTH_GENERIC_OAUTH_NAME: authentik
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email # GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/ # GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/ # GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/
GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/ # GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/
GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/ # GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/
GF_AUTH_OAUTH_AUTO_LOGIN: "true" # GF_AUTH_OAUTH_AUTO_LOGIN: "true"
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" # GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
envFromSecrets: # envFromSecrets:
- name: grafana-oauth # - name: grafana-oauth
ingress: ingress:
enabled: true enabled: true
ingressClassName: traefik ingressClassName: traefik
@ -61,7 +60,7 @@ spec:
secretName: grafana-roxedus-com-cert secretName: grafana-roxedus-com-cert
repoURL: https://prometheus-community.github.io/helm-charts repoURL: https://prometheus-community.github.io/helm-charts
targetRevision: 45.7.1 targetRevision: 43.1.1
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

2
apps/templates/traefik.yaml
View File

@ -76,7 +76,7 @@ spec:
isDefaultClass: true isDefaultClass: true
repoURL: https://helm.traefik.io/traefik repoURL: https://helm.traefik.io/traefik
targetRevision: 21.2.0 targetRevision: 20.8.0
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true

2
apps/templates/vault.yaml
View File

@ -20,8 +20,6 @@ spec:
enabled: true enabled: true
serviceType: NodePort serviceType: NodePort
global.serverTelemetry.prometheusOperator: true
repoURL: https://helm.releases.hashicorp.com repoURL: https://helm.releases.hashicorp.com
targetRevision: 0.23.0 targetRevision: 0.23.0