Removed everything
This commit is contained in:
parent
32ca369e16
commit
87a9790081
@ -1,52 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: darklight
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: darklight-client-deployment
|
||||
namespace: darklight
|
||||
labels:
|
||||
app: darklight-client
|
||||
spec:
|
||||
replicas: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app: darklight-client
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: darklight-client
|
||||
spec:
|
||||
containers:
|
||||
- name: darklight-client
|
||||
image: kasperhermansen/darklight-client
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 3000
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 3000
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: darklight-client
|
||||
namespace: darklight
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
name: http
|
||||
targetPort: 3000
|
||||
selector:
|
||||
app: darklight-client
|
@ -1,26 +0,0 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: darklight
|
||||
namespace: darklight
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`darklight.kjuulh.app`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: darklight-client
|
||||
kind: Service
|
||||
namespace: darklight
|
||||
port: 80
|
||||
- match: Host(`darklight-api.kjuulh.app`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: darklight-server
|
||||
kind: Service
|
||||
namespace: darklight
|
||||
port: 80
|
||||
tls:
|
||||
secretName: clank-cert
|
@ -1,6 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- client.yaml
|
||||
- server.yaml
|
||||
- ingress.yaml
|
@ -1,47 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: darklight-server-deployment
|
||||
namespace: darklight
|
||||
labels:
|
||||
app: darklight-server
|
||||
spec:
|
||||
replicas: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app: darklight-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: darklight-server
|
||||
spec:
|
||||
containers:
|
||||
- name: darklight-server
|
||||
image: kasperhermansen/darklight-server:latest
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /download/healthz
|
||||
port: 8000
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /download/healthz
|
||||
port: 8000
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: darklight-server
|
||||
namespace: darklight
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
name: http
|
||||
targetPort: 8000
|
||||
selector:
|
||||
app: darklight-server
|
@ -1,52 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: wishlist
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: wishlist-deployment
|
||||
namespace: wishlist
|
||||
labels:
|
||||
app: wishlist
|
||||
spec:
|
||||
replicas: 3
|
||||
selector:
|
||||
matchLabels:
|
||||
app: wishlist
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: wishlist
|
||||
spec:
|
||||
containers:
|
||||
- name: wishlist
|
||||
image: kasperhermansen/wishlist-2022
|
||||
ports:
|
||||
- containerPort: 80
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 80
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 80
|
||||
initialDelaySeconds: 5
|
||||
timeoutSeconds: 5
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: wishlist
|
||||
namespace: wishlist
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
name: http
|
||||
targetPort: 80
|
||||
selector:
|
||||
app: wishlist
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: podinfo
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
retryInterval: 30s
|
||||
path: ./kustomize
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: podinfo
|
||||
targetNamespace: default
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: podinfo
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 5min
|
||||
ref:
|
||||
branch: master
|
||||
url: https://github.com/stefanprodan/podinfo
|
||||
|
@ -1,13 +0,0 @@
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: platform
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
path: ./clank/platform
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
namespace: flux-system
|
@ -1,16 +0,0 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: darklight
|
||||
namespace: prod
|
||||
spec:
|
||||
interval: 10m0s
|
||||
retryInterval: 30s
|
||||
path: ./clank/apps/prod/darklight
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
namespace: flux-system
|
||||
targetNamespace: darklight
|
@ -1,16 +0,0 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: wishlist
|
||||
namespace: prod
|
||||
spec:
|
||||
interval: 10m0s
|
||||
retryInterval: 30s
|
||||
path: ./clank/apps/prod/wishlist
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
namespace: flux-system
|
||||
targetNamespace: wishlist
|
File diff suppressed because it is too large
Load Diff
@ -1,21 +0,0 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: clank
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
commonName: kjuulh.app
|
||||
secretName: clank-cert
|
||||
dnsNames:
|
||||
- kjuulh.app
|
||||
- "*.kjuulh.app"
|
||||
issuerRef:
|
||||
name: letsencrypt-issuer
|
||||
kind: ClusterIssuer
|
||||
secretTemplate:
|
||||
annotations:
|
||||
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
|
||||
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "platform,kube-system,wishlist,darklight" # Control destination namespaces
|
||||
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces
|
||||
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "platform,wishlist,darklight" # Control auto-reflection namespaces
|
@ -1,16 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api-token-secret
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
encryptedData:
|
||||
api-token: AgB8kf7TaAZpwTCn4aYNY5+aCpFyTPwVGLhQL8S6Muoss8/jz+9RIH7WPIxeyTlfjtTw8dzjro3SYfkZ9FHNiL8AS3/YDU9ZHoD1JTrlLB8j6lvPvuMbc0iXimNDWtU5KCwGwjC6gw6TNhnAns1EwMsCH93W2e9XUOYHz4NLxcaue284p0t9JgmtXLi220WCqoG7fs2hQo9dhYitcpmjnOEQRBA75t8paxc3jSA3BqKKeTm0KtYSgOENtahs/u3GQRmLu3y7L9epAyJOUCw1q23jgGZugAmDXY7b2gPXxAF0LMLrjI9l3UAl6FT0fUTrhQZxNZfurIFfV+yVFAkO2nGDlFWkN9xlxV8QzGPeTZEISI3/3aV5+MbJKV2bamOckh2q5Tj5xVAHB5pBc0CJzLpy8okmLnheNZXFRp/jlbH+D9p/sZErFt7TmvZfJS/GYCF/PRjzNwZlFWgiQ3ITTbGcEymXvfRS2NntsU1RCohUw4byAzYw/pxdGx7GA+irFTJyVQ2KwYdkR/P69PotHD0LGyHNWuLcrC1/kbq0lQtSvKHKUNbQM4jSVUweLgSYHlyxKft5F42eunR8BOG1EmUpdR2Y7U86HylwR5CxMJcpkO7a9EfoHDwMMegt1cgbPr37uXN+BKZ3uNUJ9AorZbvnrmFn7gAju+b3URTvaOldlCEaBA0fA8zfbF9lMFz1Lv6zzqOCGhXbOz/1wDUbGKjd2dS0pqIMmp7HOVEyP7TeW2LPJFdkj1F4
|
||||
template:
|
||||
data: null
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api-token-secret
|
||||
namespace: cert-manager
|
||||
|
@ -1,25 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-issuer
|
||||
spec:
|
||||
acme:
|
||||
# You must replace this email address with your own.
|
||||
# Let's Encrypt will use this to contact you about expiring
|
||||
# certificates, and issues related to your account.
|
||||
email: contact@kjuulh.io
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
# Secret resource that will be used to store the account's private key.
|
||||
name: letsencrypt-issuer-secret
|
||||
# Add a single challenge solver, HTTP01 using nginx
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-api-token-secret
|
||||
key: api-token
|
||||
selector:
|
||||
dnsNames:
|
||||
- 'kjuulh.app'
|
||||
- '*.kjuulh.app'
|
@ -1,19 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Encrypt secret with 'sealed-secrets'"
|
||||
|
||||
kubectl -n default create secret generic cloudflare-api-token-secret \
|
||||
--from-literal=api-token="$1" \
|
||||
--namespace="cert-manager" \
|
||||
--dry-run=client \
|
||||
-o yaml > cloudflare-secret.yaml
|
||||
|
||||
echo "secret: $1"
|
||||
|
||||
kubeseal --format=yaml \
|
||||
< cloudflare-secret.yaml > cloudflare-secret.sealed.yaml
|
||||
|
||||
echo "Updated/created secret"
|
||||
|
||||
rm cloudflare-secret.yaml
|
||||
|
@ -1,8 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- cert-manager.yaml
|
||||
- certificate.yaml
|
||||
- cloudflare-secret.sealed.yaml
|
||||
- cluster-issuer.yaml
|
||||
|
@ -1,9 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- sources
|
||||
- reflector
|
||||
- traefik
|
||||
- cert-manager
|
||||
- sealed-secrets
|
||||
- postgres
|
@ -1,12 +0,0 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: postgres
|
||||
namespace: postgres
|
||||
spec:
|
||||
interval: 5m
|
||||
ref:
|
||||
branch: main
|
||||
url: https://github.com/CrunchyData/postgres-operator-examples
|
||||
|
@ -1,6 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- git.yaml
|
||||
- release.yaml
|
@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: postgres
|
@ -1,19 +0,0 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: postgres
|
||||
namespace: postgres
|
||||
spec:
|
||||
releaseName: postgres
|
||||
chart:
|
||||
spec:
|
||||
chart: postgres
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: ./helm/install
|
||||
namespace: postgres
|
||||
version: "0.3.0"
|
||||
interval: 1h0m0s
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
@ -1,6 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: reflector
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- release.yaml
|
@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: reflector
|
@ -1,18 +0,0 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: reflector
|
||||
spec:
|
||||
releaseName: reflector
|
||||
chart:
|
||||
spec:
|
||||
chart: reflector
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: emberstack
|
||||
namespace: flux-system
|
||||
version: "6.1.47"
|
||||
interval: 1h0m0s
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
@ -1,252 +0,0 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-service-proxier
|
||||
name: sealed-secrets-service-proxier
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resourceNames:
|
||||
- sealed-secrets-controller
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resourceNames:
|
||||
- 'http:sealed-secrets-controller:'
|
||||
- sealed-secrets-controller
|
||||
resources:
|
||||
- services/proxy
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-key-admin
|
||||
name: sealed-secrets-key-admin
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-controller
|
||||
name: sealed-secrets-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: secrets-unsealer
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sealed-secrets-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: secrets-unsealer
|
||||
name: secrets-unsealer
|
||||
rules:
|
||||
- apiGroups:
|
||||
- bitnami.com
|
||||
resources:
|
||||
- sealedsecrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- bitnami.com
|
||||
resources:
|
||||
- sealedsecrets/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-controller
|
||||
name: sealed-secrets-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-controller
|
||||
name: sealed-secrets-controller
|
||||
namespace: kube-system
|
||||
spec:
|
||||
minReadySeconds: 30
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
name: sealed-secrets-controller
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 25%
|
||||
maxUnavailable: 25%
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-controller
|
||||
spec:
|
||||
containers:
|
||||
- args: []
|
||||
command:
|
||||
- controller
|
||||
env: []
|
||||
image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
name: sealed-secrets-controller
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
stdin: false
|
||||
tty: false
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
imagePullSecrets: []
|
||||
initContainers: []
|
||||
securityContext:
|
||||
fsGroup: 65534
|
||||
serviceAccountName: sealed-secrets-controller
|
||||
terminationGracePeriodSeconds: 30
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: tmp
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: sealedsecrets.bitnami.com
|
||||
spec:
|
||||
group: bitnami.com
|
||||
names:
|
||||
kind: SealedSecret
|
||||
listKind: SealedSecretList
|
||||
plural: sealedsecrets
|
||||
singular: sealedsecret
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
status:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-controller
|
||||
name: sealed-secrets-controller
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
selector:
|
||||
name: sealed-secrets-controller
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-service-proxier
|
||||
name: sealed-secrets-service-proxier
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: sealed-secrets-service-proxier
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: Group
|
||||
name: system:authenticated
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
name: sealed-secrets-controller
|
||||
name: sealed-secrets-controller
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: sealed-secrets-key-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sealed-secrets-controller
|
||||
namespace: kube-system
|
@ -1,5 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- controller.yaml
|
||||
|
@ -1,7 +0,0 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: emberstack
|
||||
spec:
|
||||
interval: 30m
|
||||
url: https://emberstack.github.io/helm-charts
|
@ -1,6 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: flux-system
|
||||
resources:
|
||||
- emberstack.yaml
|
||||
- traefik.yaml
|
@ -1,7 +0,0 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: traefik
|
||||
spec:
|
||||
interval: 30m
|
||||
url: https://helm.traefik.io/traefik
|
@ -1,38 +0,0 @@
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: traefik-dashboard
|
||||
namespace: kube-system
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`traefik.kjuulh.app`) # Hostname to match
|
||||
kind: Rule
|
||||
services: # Service to redirect requests to
|
||||
- name: api@internal # Special service created by Traefik pod
|
||||
kind: TraefikService
|
||||
tls:
|
||||
secretName: clank-cert
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: wishlist
|
||||
namespace: wishlist
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`wishlist.kjuulh.app`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: wishlist
|
||||
kind: Service
|
||||
namespace: wishlist
|
||||
port: 80
|
||||
tls:
|
||||
secretName: clank-cert
|
@ -1,6 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
# - release.yaml
|
||||
- traefik.values.yaml
|
||||
- ingress.yaml
|
@ -1,19 +0,0 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: traefik
|
||||
namespace: kube-system
|
||||
spec:
|
||||
releaseName: traefik
|
||||
chart:
|
||||
spec:
|
||||
chart: traefik
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: traefik
|
||||
namespace: flux-system
|
||||
version: "10.19.5"
|
||||
interval: 1h0m0s
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
@ -1,62 +0,0 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChartConfig
|
||||
metadata:
|
||||
name: traefik
|
||||
namespace: kube-system
|
||||
spec:
|
||||
failurePolicy: abort
|
||||
valuesContent: |-
|
||||
logs:
|
||||
general:
|
||||
level: INFO
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
allowCrossNamespace: true
|
||||
allowExternalNameServices: true
|
||||
# ingressClass: traefik-internal
|
||||
# labelSelector: environment=production,method=traefik
|
||||
namespaces:
|
||||
- "default"
|
||||
- "kube-system"
|
||||
- "wishlist"
|
||||
- "darklight"
|
||||
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
allowExternalNameServices: true
|
||||
allowEmptyServices: true
|
||||
# ingressClass: traefik-internal
|
||||
# labelSelector: environment=production,method=traefik
|
||||
namespaces:
|
||||
- "default"
|
||||
- "kube-system"
|
||||
- "wishlist"
|
||||
- "darklight"
|
||||
|
||||
# IP used for Kubernetes Ingress endpoints
|
||||
publishedService:
|
||||
enabled: true
|
||||
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||
# By default this Traefik service
|
||||
# pathOverride: ""
|
||||
service:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
"load-balancer.hetzner.cloud/name": "clank"
|
||||
# make hetzners load-balancer connect to our nodes via our private k3s
|
||||
"load-balancer.hetzner.cloud/use-private-ip": "true"
|
||||
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
|
||||
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
|
||||
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
|
||||
"load-balancer.hetzner.cloud/ipv6-disabled": "true"
|
||||
"load-balancer.hetzner.cloud/location": "fsn1"
|
||||
"load-balancer.hetzner.cloud/type": "lb11"
|
||||
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
|
||||
additionalArguments:
|
||||
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--providers.kubernetescrd.allowCrossNamespace=true"
|
@ -1,28 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEzTCCArWgAwIBAgIRAKEa+ZM214zPc+OIpLSmfxIwDQYJKoZIhvcNAQELBQAw
|
||||
ADAeFw0yMjA1MDgyMDI4MjZaFw0zMjA1MDUyMDI4MjZaMAAwggIiMA0GCSqGSIb3
|
||||
DQEBAQUAA4ICDwAwggIKAoICAQC5S/jTgBcc3GbSCl1S7Do3SnX7HUrlgvIWYTLi
|
||||
6D2+l3Bvpkb70kGi8pXN3N+Ijv3dQEu847G1jsiTKjcT8CAEGh6PSK6VmTUHQNzE
|
||||
TXYusmde66Ob4806DQtG/nEP9tt3N+ZrgCLB2lrD6P7OHO4Eiw+f5eWvKqF1zH8M
|
||||
MS98/Gwrf2rjVfkfy+wreFFOcJd9hX1+rR12JVd6FWC/5jesmTdmw6nZEiTc7sFf
|
||||
qN3GEQQFG15dwlmFk8WueZxYcMhcXxQGzMBa292LvpWs15+vAum0/n+o9dOu4FaJ
|
||||
3V9Qj2A4e35dd39Rm1rCAfpFNu7euYUM88K5/sbH+8Iswk2mm/MnFO2+G+U24uij
|
||||
PIsoLz5G0vHNpbSzjqTP/oBMwyfgcu8m2im+X5XBFIP5kFM5fJhPbTIxNLah1OxJ
|
||||
dLnc5ymSxIVOSh6lyO3vkwxeBI7jowzQWpisXHav8H5eFeTWvg3kOJuhZgV+kQOd
|
||||
WUohsKB8BJh1psrk/Yo4TvMAnj/gfXRRvXBbOeydHU+PlAVJKWfpFx3yOnC5/XuP
|
||||
SGCY52NfCP+Hy0L+uQJ6y6xVVwG4xJkPCsMlP7zpcwtmsgd/cBHP3gvoK6Hly8DZ
|
||||
z06bs2BdeVkARUghd8y6o4paXZxde74OLMQYgILR1MYA6w0NyLFp6fmbFlYMnnfp
|
||||
lwsmIQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAAEwDwYDVR0TAQH/BAUwAwEB/zAd
|
||||
BgNVHQ4EFgQUPXJCXyBH0esFFwXjkJ3k/ID9Yg0wDQYJKoZIhvcNAQELBQADggIB
|
||||
AE6s5RCqmFTH/c3I18mFBVQd5pSi/Tp1JJIslBIa11cyp9HUf45iUti93k6ngcAU
|
||||
yRsp/qgOVHgBrRCNls6ftg4KvKrDbpvsjQ/j5ppsdQhXKXXfUBowuY7OdapC5td1
|
||||
QErT6c2R4zhuSQog5D/YqnEK/z2CuVd3Fr2HM6vHF8HXrmAe4FNuUi8JQSJzbVzw
|
||||
QuZW8LbWuFrf/F6x9vNBdmNaLKEsz/hiVDGmygdpgBjzaVIYMCP9DauupxgXxtL6
|
||||
ojg8gWCJvFwbegci6MPXWLSs9pPXH8sso6z9nQcMSlKcHaG4EP5cTiGOc1Mc3G8F
|
||||
a+TcldQovT49AjEtRkI3e607Pjj1Q+ygMevJ2/IOXGPUHfRPAaix19v58yievcHl
|
||||
g9lY6rTjT4anzUnkOFsTqU+RMLH+4UaPqsmws0y+m8TCK/Z2iLdhL9Kby0r4AwhB
|
||||
wjGv8kH/mkL2MZWSramBvPnn/hJ5fEky5M83J/Lg/BfXyncIODu7G/I2f4AJJqXw
|
||||
9e8wpa9eJ6vRstVnPqBbZSxz0YS8z5oIhElOmVP7Swbhm40lCaSgocc76fER6rTx
|
||||
HIYZP2zOtSdnP9GuR4IXlMbEaGA9y/B4LBNPWtYH+atRhxCQuI5CQFcZ5hZptQ7P
|
||||
7gY+thU0IL50aLgWTu0GhlZ+gGXG5poyBp3zYgm6tQvT
|
||||
-----END CERTIFICATE-----
|
Loading…
Reference in New Issue
Block a user