Removed everything
This commit is contained in:
parent
32ca369e16
commit
87a9790081
@ -1,52 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: darklight
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: darklight-client-deployment
|
|
||||||
namespace: darklight
|
|
||||||
labels:
|
|
||||||
app: darklight-client
|
|
||||||
spec:
|
|
||||||
replicas: 3
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: darklight-client
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: darklight-client
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: darklight-client
|
|
||||||
image: kasperhermansen/darklight-client
|
|
||||||
ports:
|
|
||||||
- containerPort: 3000
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: 3000
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
timeoutSeconds: 5
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: 3000
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
timeoutSeconds: 5
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: darklight-client
|
|
||||||
namespace: darklight
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- port: 80
|
|
||||||
name: http
|
|
||||||
targetPort: 3000
|
|
||||||
selector:
|
|
||||||
app: darklight-client
|
|
@ -1,26 +0,0 @@
|
|||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: darklight
|
|
||||||
namespace: darklight
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- web
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`darklight.kjuulh.app`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: darklight-client
|
|
||||||
kind: Service
|
|
||||||
namespace: darklight
|
|
||||||
port: 80
|
|
||||||
- match: Host(`darklight-api.kjuulh.app`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: darklight-server
|
|
||||||
kind: Service
|
|
||||||
namespace: darklight
|
|
||||||
port: 80
|
|
||||||
tls:
|
|
||||||
secretName: clank-cert
|
|
@ -1,6 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- client.yaml
|
|
||||||
- server.yaml
|
|
||||||
- ingress.yaml
|
|
@ -1,47 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: darklight-server-deployment
|
|
||||||
namespace: darklight
|
|
||||||
labels:
|
|
||||||
app: darklight-server
|
|
||||||
spec:
|
|
||||||
replicas: 3
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: darklight-server
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: darklight-server
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: darklight-server
|
|
||||||
image: kasperhermansen/darklight-server:latest
|
|
||||||
ports:
|
|
||||||
- containerPort: 8000
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /download/healthz
|
|
||||||
port: 8000
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
timeoutSeconds: 5
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /download/healthz
|
|
||||||
port: 8000
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
timeoutSeconds: 5
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: darklight-server
|
|
||||||
namespace: darklight
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- port: 80
|
|
||||||
name: http
|
|
||||||
targetPort: 8000
|
|
||||||
selector:
|
|
||||||
app: darklight-server
|
|
@ -1,52 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: wishlist
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: wishlist-deployment
|
|
||||||
namespace: wishlist
|
|
||||||
labels:
|
|
||||||
app: wishlist
|
|
||||||
spec:
|
|
||||||
replicas: 3
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: wishlist
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: wishlist
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: wishlist
|
|
||||||
image: kasperhermansen/wishlist-2022
|
|
||||||
ports:
|
|
||||||
- containerPort: 80
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: 80
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
timeoutSeconds: 5
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /
|
|
||||||
port: 80
|
|
||||||
initialDelaySeconds: 5
|
|
||||||
timeoutSeconds: 5
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: wishlist
|
|
||||||
namespace: wishlist
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- port: 80
|
|
||||||
name: http
|
|
||||||
targetPort: 80
|
|
||||||
selector:
|
|
||||||
app: wishlist
|
|
@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: podinfo
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 10m0s
|
|
||||||
retryInterval: 30s
|
|
||||||
path: ./kustomize
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: podinfo
|
|
||||||
targetNamespace: default
|
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: GitRepository
|
|
||||||
metadata:
|
|
||||||
name: podinfo
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 5min
|
|
||||||
ref:
|
|
||||||
branch: master
|
|
||||||
url: https://github.com/stefanprodan/podinfo
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: platform
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 10m0s
|
|
||||||
path: ./clank/platform
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: flux-system
|
|
||||||
namespace: flux-system
|
|
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: darklight
|
|
||||||
namespace: prod
|
|
||||||
spec:
|
|
||||||
interval: 10m0s
|
|
||||||
retryInterval: 30s
|
|
||||||
path: ./clank/apps/prod/darklight
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: flux-system
|
|
||||||
namespace: flux-system
|
|
||||||
targetNamespace: darklight
|
|
@ -1,16 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: wishlist
|
|
||||||
namespace: prod
|
|
||||||
spec:
|
|
||||||
interval: 10m0s
|
|
||||||
retryInterval: 30s
|
|
||||||
path: ./clank/apps/prod/wishlist
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: flux-system
|
|
||||||
namespace: flux-system
|
|
||||||
targetNamespace: wishlist
|
|
File diff suppressed because it is too large
Load Diff
@ -1,21 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: clank
|
|
||||||
namespace: cert-manager
|
|
||||||
spec:
|
|
||||||
commonName: kjuulh.app
|
|
||||||
secretName: clank-cert
|
|
||||||
dnsNames:
|
|
||||||
- kjuulh.app
|
|
||||||
- "*.kjuulh.app"
|
|
||||||
issuerRef:
|
|
||||||
name: letsencrypt-issuer
|
|
||||||
kind: ClusterIssuer
|
|
||||||
secretTemplate:
|
|
||||||
annotations:
|
|
||||||
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
|
|
||||||
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "platform,kube-system,wishlist,darklight" # Control destination namespaces
|
|
||||||
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces
|
|
||||||
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "platform,wishlist,darklight" # Control auto-reflection namespaces
|
|
@ -1,16 +0,0 @@
|
|||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: cloudflare-api-token-secret
|
|
||||||
namespace: cert-manager
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
api-token: AgB8kf7TaAZpwTCn4aYNY5+aCpFyTPwVGLhQL8S6Muoss8/jz+9RIH7WPIxeyTlfjtTw8dzjro3SYfkZ9FHNiL8AS3/YDU9ZHoD1JTrlLB8j6lvPvuMbc0iXimNDWtU5KCwGwjC6gw6TNhnAns1EwMsCH93W2e9XUOYHz4NLxcaue284p0t9JgmtXLi220WCqoG7fs2hQo9dhYitcpmjnOEQRBA75t8paxc3jSA3BqKKeTm0KtYSgOENtahs/u3GQRmLu3y7L9epAyJOUCw1q23jgGZugAmDXY7b2gPXxAF0LMLrjI9l3UAl6FT0fUTrhQZxNZfurIFfV+yVFAkO2nGDlFWkN9xlxV8QzGPeTZEISI3/3aV5+MbJKV2bamOckh2q5Tj5xVAHB5pBc0CJzLpy8okmLnheNZXFRp/jlbH+D9p/sZErFt7TmvZfJS/GYCF/PRjzNwZlFWgiQ3ITTbGcEymXvfRS2NntsU1RCohUw4byAzYw/pxdGx7GA+irFTJyVQ2KwYdkR/P69PotHD0LGyHNWuLcrC1/kbq0lQtSvKHKUNbQM4jSVUweLgSYHlyxKft5F42eunR8BOG1EmUpdR2Y7U86HylwR5CxMJcpkO7a9EfoHDwMMegt1cgbPr37uXN+BKZ3uNUJ9AorZbvnrmFn7gAju+b3URTvaOldlCEaBA0fA8zfbF9lMFz1Lv6zzqOCGhXbOz/1wDUbGKjd2dS0pqIMmp7HOVEyP7TeW2LPJFdkj1F4
|
|
||||||
template:
|
|
||||||
data: null
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: cloudflare-api-token-secret
|
|
||||||
namespace: cert-manager
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: ClusterIssuer
|
|
||||||
metadata:
|
|
||||||
name: letsencrypt-issuer
|
|
||||||
spec:
|
|
||||||
acme:
|
|
||||||
# You must replace this email address with your own.
|
|
||||||
# Let's Encrypt will use this to contact you about expiring
|
|
||||||
# certificates, and issues related to your account.
|
|
||||||
email: contact@kjuulh.io
|
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
|
||||||
privateKeySecretRef:
|
|
||||||
# Secret resource that will be used to store the account's private key.
|
|
||||||
name: letsencrypt-issuer-secret
|
|
||||||
# Add a single challenge solver, HTTP01 using nginx
|
|
||||||
solvers:
|
|
||||||
- dns01:
|
|
||||||
cloudflare:
|
|
||||||
apiTokenSecretRef:
|
|
||||||
name: cloudflare-api-token-secret
|
|
||||||
key: api-token
|
|
||||||
selector:
|
|
||||||
dnsNames:
|
|
||||||
- 'kjuulh.app'
|
|
||||||
- '*.kjuulh.app'
|
|
@ -1,19 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo "Encrypt secret with 'sealed-secrets'"
|
|
||||||
|
|
||||||
kubectl -n default create secret generic cloudflare-api-token-secret \
|
|
||||||
--from-literal=api-token="$1" \
|
|
||||||
--namespace="cert-manager" \
|
|
||||||
--dry-run=client \
|
|
||||||
-o yaml > cloudflare-secret.yaml
|
|
||||||
|
|
||||||
echo "secret: $1"
|
|
||||||
|
|
||||||
kubeseal --format=yaml \
|
|
||||||
< cloudflare-secret.yaml > cloudflare-secret.sealed.yaml
|
|
||||||
|
|
||||||
echo "Updated/created secret"
|
|
||||||
|
|
||||||
rm cloudflare-secret.yaml
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- cert-manager.yaml
|
|
||||||
- certificate.yaml
|
|
||||||
- cloudflare-secret.sealed.yaml
|
|
||||||
- cluster-issuer.yaml
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- sources
|
|
||||||
- reflector
|
|
||||||
- traefik
|
|
||||||
- cert-manager
|
|
||||||
- sealed-secrets
|
|
||||||
- postgres
|
|
@ -1,12 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: GitRepository
|
|
||||||
metadata:
|
|
||||||
name: postgres
|
|
||||||
namespace: postgres
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
ref:
|
|
||||||
branch: main
|
|
||||||
url: https://github.com/CrunchyData/postgres-operator-examples
|
|
||||||
|
|
@ -1,6 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- git.yaml
|
|
||||||
- release.yaml
|
|
@ -1,4 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: postgres
|
|
@ -1,19 +0,0 @@
|
|||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: postgres
|
|
||||||
namespace: postgres
|
|
||||||
spec:
|
|
||||||
releaseName: postgres
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: postgres
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: ./helm/install
|
|
||||||
namespace: postgres
|
|
||||||
version: "0.3.0"
|
|
||||||
interval: 1h0m0s
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
@ -1,6 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: reflector
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- release.yaml
|
|
@ -1,4 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: reflector
|
|
@ -1,18 +0,0 @@
|
|||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: reflector
|
|
||||||
spec:
|
|
||||||
releaseName: reflector
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: reflector
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: emberstack
|
|
||||||
namespace: flux-system
|
|
||||||
version: "6.1.47"
|
|
||||||
interval: 1h0m0s
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
@ -1,252 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
namespace: kube-system
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resourceNames:
|
|
||||||
- sealed-secrets-controller
|
|
||||||
resources:
|
|
||||||
- services
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resourceNames:
|
|
||||||
- 'http:sealed-secrets-controller:'
|
|
||||||
- sealed-secrets-controller
|
|
||||||
resources:
|
|
||||||
- services/proxy
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- get
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-key-admin
|
|
||||||
name: sealed-secrets-key-admin
|
|
||||||
namespace: kube-system
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- list
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: secrets-unsealer
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: kube-system
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: secrets-unsealer
|
|
||||||
name: secrets-unsealer
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- bitnami.com
|
|
||||||
resources:
|
|
||||||
- sealedsecrets
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- apiGroups:
|
|
||||||
- bitnami.com
|
|
||||||
resources:
|
|
||||||
- sealedsecrets/status
|
|
||||||
verbs:
|
|
||||||
- update
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- create
|
|
||||||
- update
|
|
||||||
- delete
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- events
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- patch
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: kube-system
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
minReadySeconds: 30
|
|
||||||
replicas: 1
|
|
||||||
revisionHistoryLimit: 10
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
strategy:
|
|
||||||
rollingUpdate:
|
|
||||||
maxSurge: 25%
|
|
||||||
maxUnavailable: 25%
|
|
||||||
type: RollingUpdate
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- args: []
|
|
||||||
command:
|
|
||||||
- controller
|
|
||||||
env: []
|
|
||||||
image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
|
|
||||||
imagePullPolicy: Always
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: http
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
name: http
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: http
|
|
||||||
securityContext:
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 1001
|
|
||||||
stdin: false
|
|
||||||
tty: false
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /tmp
|
|
||||||
name: tmp
|
|
||||||
imagePullSecrets: []
|
|
||||||
initContainers: []
|
|
||||||
securityContext:
|
|
||||||
fsGroup: 65534
|
|
||||||
serviceAccountName: sealed-secrets-controller
|
|
||||||
terminationGracePeriodSeconds: 30
|
|
||||||
volumes:
|
|
||||||
- emptyDir: {}
|
|
||||||
name: tmp
|
|
||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
name: sealedsecrets.bitnami.com
|
|
||||||
spec:
|
|
||||||
group: bitnami.com
|
|
||||||
names:
|
|
||||||
kind: SealedSecret
|
|
||||||
listKind: SealedSecretList
|
|
||||||
plural: sealedsecrets
|
|
||||||
singular: sealedsecret
|
|
||||||
scope: Namespaced
|
|
||||||
versions:
|
|
||||||
- name: v1alpha1
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
properties:
|
|
||||||
spec:
|
|
||||||
type: object
|
|
||||||
x-kubernetes-preserve-unknown-fields: true
|
|
||||||
status:
|
|
||||||
x-kubernetes-preserve-unknown-fields: true
|
|
||||||
type: object
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
subresources:
|
|
||||||
status: {}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- port: 8080
|
|
||||||
targetPort: 8080
|
|
||||||
selector:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
type: ClusterIP
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
namespace: kube-system
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: Role
|
|
||||||
name: sealed-secrets-service-proxier
|
|
||||||
subjects:
|
|
||||||
- apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: Group
|
|
||||||
name: system:authenticated
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
annotations: {}
|
|
||||||
labels:
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: kube-system
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: Role
|
|
||||||
name: sealed-secrets-key-admin
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: sealed-secrets-controller
|
|
||||||
namespace: kube-system
|
|
@ -1,5 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- controller.yaml
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: emberstack
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
url: https://emberstack.github.io/helm-charts
|
|
@ -1,6 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: flux-system
|
|
||||||
resources:
|
|
||||||
- emberstack.yaml
|
|
||||||
- traefik.yaml
|
|
@ -1,7 +0,0 @@
|
|||||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: traefik
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
url: https://helm.traefik.io/traefik
|
|
@ -1,38 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: traefik-dashboard
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- web
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`traefik.kjuulh.app`) # Hostname to match
|
|
||||||
kind: Rule
|
|
||||||
services: # Service to redirect requests to
|
|
||||||
- name: api@internal # Special service created by Traefik pod
|
|
||||||
kind: TraefikService
|
|
||||||
tls:
|
|
||||||
secretName: clank-cert
|
|
||||||
---
|
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: wishlist
|
|
||||||
namespace: wishlist
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- web
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`wishlist.kjuulh.app`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: wishlist
|
|
||||||
kind: Service
|
|
||||||
namespace: wishlist
|
|
||||||
port: 80
|
|
||||||
tls:
|
|
||||||
secretName: clank-cert
|
|
@ -1,6 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
# - release.yaml
|
|
||||||
- traefik.values.yaml
|
|
||||||
- ingress.yaml
|
|
@ -1,19 +0,0 @@
|
|||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: traefik
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
releaseName: traefik
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: traefik
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: traefik
|
|
||||||
namespace: flux-system
|
|
||||||
version: "10.19.5"
|
|
||||||
interval: 1h0m0s
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
@ -1,62 +0,0 @@
|
|||||||
apiVersion: helm.cattle.io/v1
|
|
||||||
kind: HelmChartConfig
|
|
||||||
metadata:
|
|
||||||
name: traefik
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
failurePolicy: abort
|
|
||||||
valuesContent: |-
|
|
||||||
logs:
|
|
||||||
general:
|
|
||||||
level: INFO
|
|
||||||
providers:
|
|
||||||
kubernetesCRD:
|
|
||||||
enabled: true
|
|
||||||
allowCrossNamespace: true
|
|
||||||
allowExternalNameServices: true
|
|
||||||
# ingressClass: traefik-internal
|
|
||||||
# labelSelector: environment=production,method=traefik
|
|
||||||
namespaces:
|
|
||||||
- "default"
|
|
||||||
- "kube-system"
|
|
||||||
- "wishlist"
|
|
||||||
- "darklight"
|
|
||||||
|
|
||||||
kubernetesIngress:
|
|
||||||
enabled: true
|
|
||||||
allowExternalNameServices: true
|
|
||||||
allowEmptyServices: true
|
|
||||||
# ingressClass: traefik-internal
|
|
||||||
# labelSelector: environment=production,method=traefik
|
|
||||||
namespaces:
|
|
||||||
- "default"
|
|
||||||
- "kube-system"
|
|
||||||
- "wishlist"
|
|
||||||
- "darklight"
|
|
||||||
|
|
||||||
# IP used for Kubernetes Ingress endpoints
|
|
||||||
publishedService:
|
|
||||||
enabled: true
|
|
||||||
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
|
||||||
# By default this Traefik service
|
|
||||||
# pathOverride: ""
|
|
||||||
service:
|
|
||||||
enabled: true
|
|
||||||
type: LoadBalancer
|
|
||||||
annotations:
|
|
||||||
"load-balancer.hetzner.cloud/name": "clank"
|
|
||||||
# make hetzners load-balancer connect to our nodes via our private k3s
|
|
||||||
"load-balancer.hetzner.cloud/use-private-ip": "true"
|
|
||||||
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
|
|
||||||
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
|
|
||||||
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
|
|
||||||
"load-balancer.hetzner.cloud/ipv6-disabled": "true"
|
|
||||||
"load-balancer.hetzner.cloud/location": "fsn1"
|
|
||||||
"load-balancer.hetzner.cloud/type": "lb11"
|
|
||||||
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
|
|
||||||
additionalArguments:
|
|
||||||
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
|
||||||
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
|
||||||
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
|
||||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
|
||||||
- "--providers.kubernetescrd.allowCrossNamespace=true"
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEzTCCArWgAwIBAgIRAKEa+ZM214zPc+OIpLSmfxIwDQYJKoZIhvcNAQELBQAw
|
|
||||||
ADAeFw0yMjA1MDgyMDI4MjZaFw0zMjA1MDUyMDI4MjZaMAAwggIiMA0GCSqGSIb3
|
|
||||||
DQEBAQUAA4ICDwAwggIKAoICAQC5S/jTgBcc3GbSCl1S7Do3SnX7HUrlgvIWYTLi
|
|
||||||
6D2+l3Bvpkb70kGi8pXN3N+Ijv3dQEu847G1jsiTKjcT8CAEGh6PSK6VmTUHQNzE
|
|
||||||
TXYusmde66Ob4806DQtG/nEP9tt3N+ZrgCLB2lrD6P7OHO4Eiw+f5eWvKqF1zH8M
|
|
||||||
MS98/Gwrf2rjVfkfy+wreFFOcJd9hX1+rR12JVd6FWC/5jesmTdmw6nZEiTc7sFf
|
|
||||||
qN3GEQQFG15dwlmFk8WueZxYcMhcXxQGzMBa292LvpWs15+vAum0/n+o9dOu4FaJ
|
|
||||||
3V9Qj2A4e35dd39Rm1rCAfpFNu7euYUM88K5/sbH+8Iswk2mm/MnFO2+G+U24uij
|
|
||||||
PIsoLz5G0vHNpbSzjqTP/oBMwyfgcu8m2im+X5XBFIP5kFM5fJhPbTIxNLah1OxJ
|
|
||||||
dLnc5ymSxIVOSh6lyO3vkwxeBI7jowzQWpisXHav8H5eFeTWvg3kOJuhZgV+kQOd
|
|
||||||
WUohsKB8BJh1psrk/Yo4TvMAnj/gfXRRvXBbOeydHU+PlAVJKWfpFx3yOnC5/XuP
|
|
||||||
SGCY52NfCP+Hy0L+uQJ6y6xVVwG4xJkPCsMlP7zpcwtmsgd/cBHP3gvoK6Hly8DZ
|
|
||||||
z06bs2BdeVkARUghd8y6o4paXZxde74OLMQYgILR1MYA6w0NyLFp6fmbFlYMnnfp
|
|
||||||
lwsmIQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAAEwDwYDVR0TAQH/BAUwAwEB/zAd
|
|
||||||
BgNVHQ4EFgQUPXJCXyBH0esFFwXjkJ3k/ID9Yg0wDQYJKoZIhvcNAQELBQADggIB
|
|
||||||
AE6s5RCqmFTH/c3I18mFBVQd5pSi/Tp1JJIslBIa11cyp9HUf45iUti93k6ngcAU
|
|
||||||
yRsp/qgOVHgBrRCNls6ftg4KvKrDbpvsjQ/j5ppsdQhXKXXfUBowuY7OdapC5td1
|
|
||||||
QErT6c2R4zhuSQog5D/YqnEK/z2CuVd3Fr2HM6vHF8HXrmAe4FNuUi8JQSJzbVzw
|
|
||||||
QuZW8LbWuFrf/F6x9vNBdmNaLKEsz/hiVDGmygdpgBjzaVIYMCP9DauupxgXxtL6
|
|
||||||
ojg8gWCJvFwbegci6MPXWLSs9pPXH8sso6z9nQcMSlKcHaG4EP5cTiGOc1Mc3G8F
|
|
||||||
a+TcldQovT49AjEtRkI3e607Pjj1Q+ygMevJ2/IOXGPUHfRPAaix19v58yievcHl
|
|
||||||
g9lY6rTjT4anzUnkOFsTqU+RMLH+4UaPqsmws0y+m8TCK/Z2iLdhL9Kby0r4AwhB
|
|
||||||
wjGv8kH/mkL2MZWSramBvPnn/hJ5fEky5M83J/Lg/BfXyncIODu7G/I2f4AJJqXw
|
|
||||||
9e8wpa9eJ6vRstVnPqBbZSxz0YS8z5oIhElOmVP7Swbhm40lCaSgocc76fER6rTx
|
|
||||||
HIYZP2zOtSdnP9GuR4IXlMbEaGA9y/B4LBNPWtYH+atRhxCQuI5CQFcZ5hZptQ7P
|
|
||||||
7gY+thU0IL50aLgWTu0GhlZ+gGXG5poyBp3zYgm6tQvT
|
|
||||||
-----END CERTIFICATE-----
|
|
Loading…
Reference in New Issue
Block a user