mirror of
https://github.com/nold360/hive-apps
synced 2024-12-22 04:21:22 +00:00
bootstrap-fix
This commit is contained in:
parent
c849edf0d3
commit
bf896db5c6
8 changed files with 16 additions and 214 deletions
|
|
@ -19,6 +19,8 @@ kind: GitRepository
|
|||
metadata:
|
||||
name: heqet-userdata
|
||||
namespace: flux-system
|
||||
finalizers:
|
||||
- finalizers.fluxcd.io
|
||||
spec:
|
||||
interval: 5m
|
||||
# CHANGE ME:
|
||||
|
|
@ -46,6 +48,8 @@ kind: GitRepository
|
|||
metadata:
|
||||
name: heqet
|
||||
namespace: flux-system
|
||||
finalizers:
|
||||
- finalizers.fluxcd.io
|
||||
spec:
|
||||
interval: 5m
|
||||
url: https://github.com/lib42/heqet
|
||||
|
|
@ -73,6 +77,10 @@ kind: HelmRelease
|
|||
metadata:
|
||||
name: apps-of-heqet
|
||||
namespace: flux-system
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: helm
|
||||
meta.helm.sh/release-namespace: flux-system
|
||||
meta.helm.sh/release-name: apps-of-heqet
|
||||
spec:
|
||||
releaseName: apps-of-heqet
|
||||
chart:
|
||||
|
|
@ -88,7 +96,9 @@ spec:
|
|||
install:
|
||||
crds: CreateReplace
|
||||
remediation:
|
||||
retries: 3
|
||||
retries: 42
|
||||
# For CRD Installs
|
||||
disableOpenAPIValidation: true
|
||||
upgrade:
|
||||
crds: CreateReplace
|
||||
# We can overwrite some defaults here:
|
||||
|
|
|
|||
|
|
@ -7,56 +7,11 @@ apps:
|
|||
repoURL: https://charts.jetstack.io
|
||||
chart: cert-manager
|
||||
targetRevision: v1.7.1
|
||||
dependsOn: vault
|
||||
parameters:
|
||||
- name: installCRDs
|
||||
value: 'true'
|
||||
secrets:
|
||||
- name: cert-manager-vault-approle
|
||||
keys:
|
||||
- secretId
|
||||
|
||||
- name: fast-storage
|
||||
namespace: fast-storage
|
||||
repoURL: https://github.com/rancher/local-path-provisioner
|
||||
path: deploy/chart
|
||||
syncWave: '0'
|
||||
parameters:
|
||||
- name: storageClass.name
|
||||
value: fast
|
||||
- name: nodePathMap[0].node
|
||||
value: DEFAULT_PATH_FOR_NON_LISTED_NODES
|
||||
- name: nodePathMap[0].paths[0]
|
||||
value: /var/lib/rancher/k3s/storage
|
||||
|
||||
- name: ssd-storage
|
||||
namespace: ssd-storage
|
||||
repoURL: https://github.com/rancher/local-path-provisioner
|
||||
path: deploy/chart
|
||||
syncWave: '0'
|
||||
parameters:
|
||||
- name: storageClass.name
|
||||
value: ssd
|
||||
- name: nodePathMap[0].node
|
||||
value: DEFAULT_PATH_FOR_NON_LISTED_NODES
|
||||
- name: nodePathMap[0].paths[0]
|
||||
value: /data/kubernetes/ssd
|
||||
|
||||
- name: metallb
|
||||
repoURL: https://charts.bitnami.com/bitnami
|
||||
chart: metallb
|
||||
namespace: metallb
|
||||
targetRevision: 2.5.16
|
||||
syncWave: '0'
|
||||
|
||||
- name: ingress-internal
|
||||
namespace: ingress-internal
|
||||
repoURL: https://helm.traefik.io/traefik
|
||||
chart: traefik
|
||||
targetRevision: 10.15.0
|
||||
syncWave: '0'
|
||||
|
||||
- name: cilium
|
||||
existingNamespace: kube-system
|
||||
repoURL: https://helm.cilium.io
|
||||
chart: cilium
|
||||
targetRevision: 1.11.2
|
||||
# secrets:
|
||||
# - name: cert-manager-vault-approle
|
||||
# keys:
|
||||
# - secretId
|
||||
|
|
|
|||
|
|
@ -1,14 +0,0 @@
|
|||
config:
|
||||
description: Vault Secret Managemet
|
||||
apps:
|
||||
- name: vault
|
||||
repoURL: https://helm.releases.hashicorp.com
|
||||
chart: vault
|
||||
targetRevision: 0.19.0
|
||||
syncWave: '-3'
|
||||
- name: vault-secrets-operator
|
||||
namespace: vault-secrets-operator
|
||||
repoURL: https://ricoberger.github.io/helm-charts
|
||||
chart: vault-secrets-operator
|
||||
targetRevision: 1.16.5
|
||||
syncWave: '-2'
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
vault:
|
||||
address: "http://vault.vault.svc.cluster.local:8200"
|
||||
authMethod: kubernetes
|
||||
kubernetesRole: heqet-app
|
||||
namespaces: ""
|
||||
|
||||
crd:
|
||||
create: false
|
||||
|
||||
rbac:
|
||||
create: true
|
||||
createrole: true
|
||||
namespaced: false
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: vault-secrets-operator
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
global:
|
||||
enabled: true
|
||||
tlsDisable: true
|
||||
psp:
|
||||
enable: true
|
||||
|
||||
injector:
|
||||
enabled: false
|
||||
|
||||
server:
|
||||
enabled: true
|
||||
image:
|
||||
repository: "hashicorp/vault"
|
||||
tag: "1.9.4"
|
||||
auditStorage:
|
||||
accessMode: ReadWriteOnce
|
||||
annotations: {}
|
||||
enabled: false
|
||||
mountPath: /vault/audit
|
||||
size: 10Gi
|
||||
storageClass: null
|
||||
authDelegator:
|
||||
enabled: true
|
||||
dataStorage:
|
||||
accessMode: ReadWriteOnce
|
||||
annotations: {}
|
||||
enabled: true
|
||||
mountPath: /vault/data
|
||||
size: 10Gi
|
||||
storageClass: local-path
|
||||
dev:
|
||||
enabled: false
|
||||
ha:
|
||||
enabled: false
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: vault-issuer
|
||||
traefik.ingress.kubernetes.io/router.tls: 'true'
|
||||
enabled: true
|
||||
extraPaths: []
|
||||
hosts:
|
||||
- host: vault.dc
|
||||
paths: []
|
||||
labels: {}
|
||||
tls:
|
||||
- hosts:
|
||||
- vault.dc
|
||||
secretName: vault-tls
|
||||
|
||||
networkPolicy:
|
||||
egress: []
|
||||
enabled: true
|
||||
|
||||
standalone:
|
||||
enabled: true
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
listener "tcp" {
|
||||
tls_disable = 1
|
||||
address = "[::]:8200"
|
||||
cluster_address = "[::]:8201"
|
||||
}
|
||||
storage "file" {
|
||||
path = "/vault/data"
|
||||
}
|
||||
|
||||
ui:
|
||||
enabled: true
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
acme:
|
||||
# You must replace this email address with your own.
|
||||
# Let's Encrypt will use this to contact you about expiring
|
||||
# certificates, and issues related to your account.
|
||||
email: nold@gnu.one
|
||||
#server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
# Secret resource that will be used to store the account's private key.
|
||||
name: issuer-account-key
|
||||
# Add a single challenge solver, HTTP01 using nginx
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: ingress-external-traefik
|
||||
ingressTemplate:
|
||||
metadata:
|
||||
labels:
|
||||
environment: external
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/frontend-entry-points: "web"
|
||||
kubernetes.io/ingress.class: ingress-external
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: vault-issuer
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
vault:
|
||||
path: pki_int/sign/dc
|
||||
server: http://vault.vault.svc.cluster.local:8200
|
||||
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaekNDQWsrZ0F3SUJBZ0lVVU5CTWNDZkRmbS9MeS9RUGdhWVUxdFdSc1Nrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd016RVVNQklHQTFVRUNoTUxibTlzWkhSeWIyNXBZM014RFRBTEJnTlZCQXNUQkdocGRtVXhEREFLQmdOVgpCQU1UQTJzemN6QWVGdzB5TVRBME1qa3hPVEUwTVRWYUZ3MHlNVEExTXpFeE9URTBORFJhTURNeEZEQVNCZ05WCkJBb1RDMjV2YkdSMGNtOXVhV056TVEwd0N3WURWUVFMRXdSb2FYWmxNUXd3Q2dZRFZRUURFd05yTTNNd2dnRWkKTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDOTJDb2Z6cHdvNWZjNDNPNTJvaGhqdHAwZgplRXE0ZkRTQ24rQjZwYUVmcGtsZXZvM2J1akw3ZnhTcmt2VlhuRDgyc3FCSythWjRCM0pJNVBMSHpoeTBwcVFSCm9rSDdiSUxuYVBGSlljZGYzWnF4VDVvT1QvWC9IeUlDQkNBbFdoN2ZNZThJYitFbm5oUGpFdlVTWHJzWTk4T3IKQVhpVGN4TlF0OVl5WnIzQS93cnloM2lIZmYyR3NuTGVEekRhV0tyMm93N3pCckZvZXFJRkdzWXY4b1YzcFZIZQpPdTloWWQ1V2F2ZjVRSjBQcTAwUndKTHRuc2V0RUdQenlEUlJTRnhKbmZSK2JwY1VSZDFrWkl5ZFpTRENNVFc5CnhtSTJQOUxvT2cwMThWb0MrM3l5V01PVEh1dmRraWh2SDBQM3RhcnpFcnd0cm0vOUlkT3J4NVhPVUVKUEFnTUIKQUFHamN6QnhNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRVwpCQlMzOWxNTVFySDNoczBTQzk4bVFJODhEbmF6VXpBZkJnTlZIU01FR0RBV2dCUzM5bE1NUXJIM2hzMFNDOThtClFJODhEbmF6VXpBT0JnTlZIUkVFQnpBRmdnTnJNM013RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUV1VG04SzQKRndoaUFOc2dsSXhjTk10aHJYQ0p4aUhyMHJVRWFOclQ5czlSYUxRSEZlSkhhZUxiL2NJUXZncjdQbW93aURMYQpvRlVZUk1EamZKNzUwK1Jmc21oa2pmdzdJL1JMWktsVXdMY1l4dlN4MjViWFNZVkdOTW5UUi9wTmN6cWNXSk5NCmpWZEZFbDRlRjMzQmtCWCtzN1pTWGxVVUhhdFloTEszQ1EzRk5tSWRjRFliNFovVWY1bXk1eUs2cG5HT3hQbnkKTnkyY0xsYndzWVYrelA5UGR4Y3JqUTlpem1rYmMxMUVxS3ZmYnhmUmc4aGlMZkovSnFaM0hxMW91SUk0V3dvMQo3WWxxVEZsS2FXRnpKNVhOSmVPYWZyNnZpREszQ3NQMjJYTXhMekRQQmdrbEd5Qnp0cFdKbVd1ZEVVanNKVDJiCnJsKzlOdEw5TmgzQklrcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
|
||||
auth:
|
||||
kubernetes:
|
||||
role: vault-issuer
|
||||
mountPath: /v1/auth/kubernetes
|
||||
secretRef:
|
||||
name: vault-issuer-token
|
||||
key: token
|
||||
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: vault-issuer
|
||||
namespace: cert-manager
|
||||
secrets:
|
||||
- name: vault-issuer-token
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: vault-issuer-token
|
||||
namespace: cert-manager
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: vault-issuer
|
||||
type: kubernetes.io/service-account-token
|
||||
Loading…
Reference in a new issue