From f65b92fe696fe6f577bfc3ce63a4630001765736 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Tue, 26 Mar 2024 09:04:30 +0100 Subject: [PATCH] chore: add and apply yamllint --- .pre-commit-config.yaml | 47 ++-- .yamllint.yaml | 12 + Makefile | 3 + ansible/gitea/gitea-playbook.yml | 5 +- ansible/gitea/roles/gitea/tasks/main.yml | 22 +- ansible/gitea/roles/gitea/vars/main.yml | 2 +- ansible/k3s/playbooks/base.yml | 9 +- ansible/k3s/playbooks/k3s.yml | 17 +- ansible/k3s/roles/base/tasks/main.yml | 30 +-- ansible/k3s/roles/base/tasks/mounts.yml | 24 +- ansible/k3s/roles/base/tasks/packages.yml | 23 +- ansible/k3s/roles/k3s/tasks/agent.yml | 18 +- .../k3s/roles/k3s/tasks/copy-kubeconfig.yml | 26 +-- ansible/k3s/roles/k3s/tasks/download.yml | 5 +- ansible/k3s/roles/k3s/tasks/main.yml | 1 + ansible/k3s/roles/k3s/tasks/master.yml | 18 +- ansible/k3s/roles/k3s/vars/main.yml | 2 +- ansible/nextcloud/role-promtail.yml | 45 ++-- ansible/requirements.yml | 1 + k8s/argo-apps/argo-workflows.yaml | 7 +- k8s/argo-apps/argo.yaml | 27 +-- k8s/argo-apps/authentik.yaml | 51 ++--- k8s/argo-apps/dcsi.yaml | 51 ++--- k8s/argo-apps/factorio.yaml | 79 +++---- k8s/argo-apps/fireflyiii.yaml | 27 --- k8s/argo-apps/kured.yaml | 45 ++-- k8s/argo-apps/loki.yaml | 211 +++++++++--------- k8s/argo-apps/miniflux.yaml | 29 +-- k8s/argo-apps/sealed-secrets.yaml | 37 +-- .../argo-workflows/admin-service-account.yaml | 32 +-- .../argo-workflows/sealedsecrets.yaml | 22 +- k8s/services/argo/appgen.yaml | 29 +-- k8s/services/argo/argocd-cmd-params-cm.yaml | 13 +- k8s/services/argo/ingress-route.yaml | 43 ++-- k8s/services/argo/project-fuku.yaml | 40 ++-- k8s/services/argo/project-management.yaml | 54 ++--- k8s/services/argo/project-roboces.yaml | 16 +- k8s/services/argo/repos.yaml | 20 +- k8s/services/authentik/pvc.yaml | 17 +- k8s/services/authentik/sealedsecrets.yaml | 31 +-- k8s/services/authentik/serverstransport.yaml | 6 +- k8s/services/dcsi/sealedsecrets.yaml | 23 +- k8s/services/factorio/sealedsecrets.yaml | 27 +-- k8s/services/loki/sealedsecrets.yaml | 42 ++-- .../loki/traefik-auth-middleware.yaml | 9 +- k8s/services/miniflux/deployment.yaml | 23 +- k8s/services/miniflux/ingress.yaml | 32 +-- .../miniflux/poddisruptionbudget.yaml | 13 +- k8s/services/miniflux/sealedsecrets.yaml | 28 +-- k8s/services/miniflux/service.yaml | 29 +-- 50 files changed, 722 insertions(+), 701 deletions(-) create mode 100644 .yamllint.yaml delete mode 100644 k8s/argo-apps/fireflyiii.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a2ee59e..cad2fc6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,22 +1,29 @@ +--- repos: - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.2.0 - hooks: - - id: trailing-whitespace - - id: end-of-file-fixer - - id: check-added-large-files - - id: check-executables-have-shebangs - - id: check-json - - id: pretty-format-json - - id: check-merge-conflict - - id: check-symlinks - - id: check-yaml - args: - - --allow-multiple-documents - - id: detect-private-key - - id: trailing-whitespace + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.2.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-added-large-files + - id: check-executables-have-shebangs + - id: check-json + - id: pretty-format-json + - id: check-merge-conflict + - id: check-symlinks + - id: check-yaml + args: + - --allow-multiple-documents + - id: detect-private-key + - id: trailing-whitespace - - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.86.0 - hooks: - - id: terraform_fmt + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.86.0 + hooks: + - id: terraform_fmt + + - repo: https://github.com/adrienverge/yamllint.git + rev: v1.35.1 + hooks: + - id: yamllint + args: [--format, parsable, --strict] diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..a8e1307 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,12 @@ +--- + +yaml-files: + - '*.yaml' + - '*.yml' + - '.yamllint' + + +extends: default +rules: + line-length: + max: 120 diff --git a/Makefile b/Makefile index 3192733..40e2258 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,10 @@ lint--tflint: lint--scripts: shellcheck scripts/**.sh + + lint: make lint--pre-commit make lint--kubeconform make lint--tflint + make lint--scripts diff --git a/ansible/gitea/gitea-playbook.yml b/ansible/gitea/gitea-playbook.yml index 5506624..152be62 100644 --- a/ansible/gitea/gitea-playbook.yml +++ b/ansible/gitea/gitea-playbook.yml @@ -1,6 +1,7 @@ +--- - name: Install gitea hosts: - - giteas + - giteas roles: - - role: roles/gitea + - role: roles/gitea diff --git a/ansible/gitea/roles/gitea/tasks/main.yml b/ansible/gitea/roles/gitea/tasks/main.yml index f0d86ef..bf6905d 100644 --- a/ansible/gitea/roles/gitea/tasks/main.yml +++ b/ansible/gitea/roles/gitea/tasks/main.yml @@ -1,23 +1,23 @@ --- - name: Download gitea {{ gitea_version }} get_url: - url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64" - dest: "/usr/local/bin/gitea" + url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64 + dest: /usr/local/bin/gitea - name: Copy gitea config file app.ini template: - src: app.ini.j2 - dest: /etc/gitea/app.ini - mode: 0600 + src: app.ini.j2 + dest: /etc/gitea/app.ini + mode: 0600 - name: Copy gitea systemd unitfile gitea.service copy: - src: gitea.service - dest: /etc/systemd/system/gitea.service - mode: 0600 + src: gitea.service + dest: /etc/systemd/system/gitea.service + mode: 0600 - name: Restart gitea systemd service ansible.builtin.systemd_service: - state: restarted - daemon_reload: true - name: gitea + state: restarted + daemon_reload: true + name: gitea diff --git a/ansible/gitea/roles/gitea/vars/main.yml b/ansible/gitea/roles/gitea/vars/main.yml index 8702e21..b79970f 100644 --- a/ansible/gitea/roles/gitea/vars/main.yml +++ b/ansible/gitea/roles/gitea/vars/main.yml @@ -15,4 +15,4 @@ gitea_mailer_from: "{{ lookup('env', 'GITEA_MAILER_FROM', default='git@fukurokuj gitea_mailer_user: "{{ lookup('env', 'GITEA_MAILER_USER') }}" gitea_mailer_password: "{{ lookup('env', 'GITEA_MAILER_PASSWORD') }}" gitea_no_reply_address: "{{ lookup('env', 'GITEA_NO_REPLY_ADDRESS', default='git@fukurokuju.dev') }}" -gitea_themes: gitea,arc-green,gitea-modern,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender +gitea_themes: gitea,arc-green,gitea-modern,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender # yamllint disable rule:line-length diff --git a/ansible/k3s/playbooks/base.yml b/ansible/k3s/playbooks/base.yml index 04bd046..6b91454 100644 --- a/ansible/k3s/playbooks/base.yml +++ b/ansible/k3s/playbooks/base.yml @@ -1,8 +1,9 @@ +--- - name: Apply base configuration hosts: - - k3s_agents - - k3s_masters + - k3s_agents + - k3s_masters roles: - - role: ../roles/base - become: yes + - role: ../roles/base + become: true diff --git a/ansible/k3s/playbooks/k3s.yml b/ansible/k3s/playbooks/k3s.yml index 1657a22..9c2c792 100644 --- a/ansible/k3s/playbooks/k3s.yml +++ b/ansible/k3s/playbooks/k3s.yml @@ -1,12 +1,13 @@ +--- - name: Install k3s nodes hosts: - - k3s_masters - - k3s_agents + - k3s_masters + - k3s_agents roles: - - role: ../roles/k3s - become: yes - vars: - first_master_hostname: "{{ groups['k3s_masters'][0] }}" - is_first_master: "{{ inventory_hostname in groups['k3s_masters'][0] }}" - short_hostname: "{{ inventory_hostname.split('.')[0] }}" + - role: ../roles/k3s + become: true + vars: + first_master_hostname: "{{ groups['k3s_masters'][0] }}" + is_first_master: "{{ inventory_hostname in groups['k3s_masters'][0] }}" + short_hostname: "{{ inventory_hostname.split('.')[0] }}" diff --git a/ansible/k3s/roles/base/tasks/main.yml b/ansible/k3s/roles/base/tasks/main.yml index b7dd06b..0df901b 100644 --- a/ansible/k3s/roles/base/tasks/main.yml +++ b/ansible/k3s/roles/base/tasks/main.yml @@ -1,36 +1,36 @@ --- - name: Set same timezone on every Server community.general.timezone: - name: "{{ system_timezone }}" + name: '{{ system_timezone }}' when: (system_timezone is defined) and (system_timezone != "Europe/Madrid") - name: Enable IPv4 forwarding ansible.posix.sysctl: - name: net.ipv4.ip_forward - value: "1" - state: present - reload: yes + name: net.ipv4.ip_forward + value: '1' + state: present + reload: true - name: Enable IPv6 forwarding ansible.posix.sysctl: - name: net.ipv6.conf.all.forwarding - value: "1" - state: present - reload: yes + name: net.ipv6.conf.all.forwarding + value: '1' + state: present + reload: true - name: Enable IPv6 router advertisements ansible.posix.sysctl: - name: net.ipv6.conf.all.accept_ra - value: "2" - state: present - reload: yes + name: net.ipv6.conf.all.accept_ra + value: '2' + state: present + reload: true - import_tasks: packages.yml name: Install base packages tags: - - packages + - packages - import_tasks: mounts.yml name: Mount NFS shares tags: - - nfs + - nfs diff --git a/ansible/k3s/roles/base/tasks/mounts.yml b/ansible/k3s/roles/base/tasks/mounts.yml index 0e4c4d9..a3a3d20 100644 --- a/ansible/k3s/roles/base/tasks/mounts.yml +++ b/ansible/k3s/roles/base/tasks/mounts.yml @@ -1,19 +1,19 @@ --- - name: Create mountpoint directory file: - path: /nfs/nas1 - state: directory - owner: 10000 - group: 10000 + path: /nfs/nas1 + state: directory + owner: 10000 + group: 10000 - name: Mount nas1 share mount: - fstype: nfs - src: zeruel.fuku:/mnt/pool1/nas1 - path: /nfs/nas1 - state: mounted - fstab: /etc/fstab - opts: _netdev,nofail,tcp,bg,retrans=2,timeo=150,rsize=32768,wsize=32768,noresvport - backup: true - become: yes + fstype: nfs + src: zeruel.fuku:/mnt/pool1/nas1 + path: /nfs/nas1 + state: mounted + fstab: /etc/fstab + opts: _netdev,nofail,tcp,bg,retrans=2,timeo=150,rsize=32768,wsize=32768,noresvport + backup: true + become: true become_user: root diff --git a/ansible/k3s/roles/base/tasks/packages.yml b/ansible/k3s/roles/base/tasks/packages.yml index a632312..890dd2e 100644 --- a/ansible/k3s/roles/base/tasks/packages.yml +++ b/ansible/k3s/roles/base/tasks/packages.yml @@ -1,17 +1,18 @@ +--- - name: Install base packages apt: - name: "{{ item }}" - state: present - update_cache: yes + name: '{{ item }}' + state: present + update_cache: true loop: - - qemu-guest-agent - - git - - tmux - - vim - - curl - - nfs-common + - qemu-guest-agent + - git + - tmux + - vim + - curl + - nfs-common - name: Update all packages apt: - upgrade: dist - update_cache: yes + upgrade: dist + update_cache: true diff --git a/ansible/k3s/roles/k3s/tasks/agent.yml b/ansible/k3s/roles/k3s/tasks/agent.yml index 286d46b..97cabc3 100644 --- a/ansible/k3s/roles/k3s/tasks/agent.yml +++ b/ansible/k3s/roles/k3s/tasks/agent.yml @@ -1,17 +1,17 @@ --- - name: Create rancher folder file: - state: directory - path: /etc/rancher/k3s - owner: root - group: root - mode: 755 + state: directory + path: /etc/rancher/k3s + owner: root + group: root + mode: 755 - name: Copy k3s config file template: - src: agent.config.yaml.j2 - dest: /etc/rancher/k3s/config.yaml - mode: 600 + src: agent.config.yaml.j2 + dest: /etc/rancher/k3s/config.yaml + mode: 600 - name: Install k3s agent - shell: "bash /tmp/k3s.install.sh agent" + shell: bash /tmp/k3s.install.sh agent diff --git a/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml b/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml index 563f661..bd08d3a 100644 --- a/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml +++ b/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml @@ -1,19 +1,19 @@ --- - name: Create .kube directory - become: yes + become: true file: - path: /home/ci/.kube - state: directory - mode: '0755' - owner: ci - group: ci + path: /home/ci/.kube + state: directory + mode: '0755' + owner: ci + group: ci - name: Copy kubeconfig copy: - remote_src: true - src: /etc/rancher/k3s/k3s.yaml - dest: /home/ci/.kube/config - mode: 0644 - owner: ci - group: ci - become: yes + remote_src: true + src: /etc/rancher/k3s/k3s.yaml + dest: /home/ci/.kube/config + mode: 0644 + owner: ci + group: ci + become: true diff --git a/ansible/k3s/roles/k3s/tasks/download.yml b/ansible/k3s/roles/k3s/tasks/download.yml index 031d555..7540e45 100644 --- a/ansible/k3s/roles/k3s/tasks/download.yml +++ b/ansible/k3s/roles/k3s/tasks/download.yml @@ -1,6 +1,5 @@ --- - - name: Download k3s script get_url: - url: https://get.k3s.io - dest: /tmp/k3s.install.sh + url: https://get.k3s.io + dest: /tmp/k3s.install.sh diff --git a/ansible/k3s/roles/k3s/tasks/main.yml b/ansible/k3s/roles/k3s/tasks/main.yml index 307b44d..b1a419d 100644 --- a/ansible/k3s/roles/k3s/tasks/main.yml +++ b/ansible/k3s/roles/k3s/tasks/main.yml @@ -1,3 +1,4 @@ +--- - import_tasks: download.yml name: Download install script diff --git a/ansible/k3s/roles/k3s/tasks/master.yml b/ansible/k3s/roles/k3s/tasks/master.yml index 1123b60..283ac59 100644 --- a/ansible/k3s/roles/k3s/tasks/master.yml +++ b/ansible/k3s/roles/k3s/tasks/master.yml @@ -1,19 +1,19 @@ --- - name: Create rancher folder file: - state: directory - path: /etc/rancher/k3s - owner: root - group: root - mode: 755 + state: directory + path: /etc/rancher/k3s + owner: root + group: root + mode: 755 - name: Copy k3s config file template: - src: master.config.yaml.j2 - dest: /etc/rancher/k3s/config.yaml - mode: 600 + src: master.config.yaml.j2 + dest: /etc/rancher/k3s/config.yaml + mode: 600 vars: - etcd_snapshot_dir: "/nfs/nas1/backups/{{ short_hostname }}" + etcd_snapshot_dir: /nfs/nas1/backups/{{ short_hostname }} - name: Install k3s master command: bash /tmp/k3s.install.sh diff --git a/ansible/k3s/roles/k3s/vars/main.yml b/ansible/k3s/roles/k3s/vars/main.yml index cbf5790..243c79c 100644 --- a/ansible/k3s/roles/k3s/vars/main.yml +++ b/ansible/k3s/roles/k3s/vars/main.yml @@ -1,4 +1,4 @@ --- -k3s_version: "v1.27.4+k3s1" +k3s_version: v1.27.4+k3s1 tls_san: "{{ lookup('env', 'ANSIBLE_TLS_SAN') | mandatory }}" cluster_token: "{{ lookup('env', 'ANSIBLE_CLUSTER_TOKEN') | mandatory }}" diff --git a/ansible/nextcloud/role-promtail.yml b/ansible/nextcloud/role-promtail.yml index 68dfb3c..0ed120f 100644 --- a/ansible/nextcloud/role-promtail.yml +++ b/ansible/nextcloud/role-promtail.yml @@ -1,26 +1,27 @@ +--- - name: Install promtail hosts: - - nextclouds + - nextclouds roles: - - role: patrickjahns.promtail - vars: - promtail_version: 2.9.4 - promtail_config_clients: - - url: https://loki.fuku/loki/api/v1/push - basic_auth: - username: cloud - password: "{{ lookup('env', 'NEXTCLOUD_PROMTAIL_PASSWORD') | mandatory }}" - tls_config: - insecure_skip_verify: true - promtail_config_scrape_configs: - - job_name: system - static_configs: - - targets: - - localhost - labels: - nextcloud: cloud.fukurokuju.dev - __path__: /mnt/share/data/cloud/data/{nextcloud,audit}.log - promtail_config_limits_config: - readline_rate_enabled: true - readline_rate_drop: true + - role: patrickjahns.promtail + vars: + promtail_version: 2.9.4 + promtail_config_clients: + - url: https://loki.fuku/loki/api/v1/push + basic_auth: + username: cloud + password: "{{ lookup('env', 'NEXTCLOUD_PROMTAIL_PASSWORD') | mandatory }}" + tls_config: + insecure_skip_verify: true + promtail_config_scrape_configs: + - job_name: system + static_configs: + - targets: + - localhost + labels: + nextcloud: cloud.fukurokuju.dev + __path__: /mnt/share/data/cloud/data/{nextcloud,audit}.log + promtail_config_limits_config: + readline_rate_enabled: true + readline_rate_drop: true diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 1254a53..7082758 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -1,2 +1,3 @@ +--- - name: patrickjahns.promtail version: 1.26.0 diff --git a/k8s/argo-apps/argo-workflows.yaml b/k8s/argo-apps/argo-workflows.yaml index 3682b0a..0c95a38 100644 --- a/k8s/argo-apps/argo-workflows.yaml +++ b/k8s/argo-apps/argo-workflows.yaml @@ -1,3 +1,4 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -6,11 +7,11 @@ metadata: spec: destination: name: '' - namespace: 'argo-workflows' - server: "https://kubernetes.default.svc" + namespace: argo-workflows + server: https://kubernetes.default.svc project: management syncPolicy: - automated: { } + automated: {} sources: - chart: argo-workflows repoURL: https://argoproj.github.io/argo-helm diff --git a/k8s/argo-apps/argo.yaml b/k8s/argo-apps/argo.yaml index c2288d8..bece7ee 100644 --- a/k8s/argo-apps/argo.yaml +++ b/k8s/argo-apps/argo.yaml @@ -1,17 +1,18 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: argo - namespace: argocd + name: argo + namespace: argocd spec: - destination: - name: '' - namespace: 'argocd' - server: 'https://kubernetes.default.svc' - sources: - - repoURL: https://git.roboces.dev/catalin/fukuops.git - path: k8s/services/argo - targetRevision: main - project: management - syncPolicy: - automated: { } + destination: + name: '' + namespace: argocd + server: https://kubernetes.default.svc + sources: + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/argo + targetRevision: main + project: management + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/authentik.yaml b/k8s/argo-apps/authentik.yaml index 4765103..0c279fe 100644 --- a/k8s/argo-apps/authentik.yaml +++ b/k8s/argo-apps/authentik.yaml @@ -1,3 +1,4 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -6,8 +7,8 @@ metadata: spec: destination: name: '' - namespace: 'apps-fuku' - server: "https://kubernetes.default.svc" + namespace: apps-fuku + server: https://kubernetes.default.svc sources: - chart: authentik repoURL: https://charts.goauthentik.io/ @@ -15,27 +16,27 @@ spec: helm: valuesObject: authentik: - secret_key: file:///authentik-creds/secret_key - email: - host: mail.fukurokuju.dev - port: 465 - password: file:///authentik-creds/email_password - username: auth@fukurokuju.dev - use_ssl: true - timeout: 30 - from: auth@fukurokuju.dev - postgresql: - host: 192.168.1.3 - port: 55432 - name: auth - user: file:///authentik-creds/pg_username - password: file:///authentik-creds/pg_password - redis: - host: 192.168.1.3 - port: 30036 - password: file:///authentik-creds/redis_password - error_reporting: - enabled: true + secret_key: file:///authentik-creds/secret_key + email: + host: mail.fukurokuju.dev + port: 465 + password: file:///authentik-creds/email_password + username: auth@fukurokuju.dev + use_ssl: true + timeout: 30 + from: auth@fukurokuju.dev + postgresql: + host: 192.168.1.3 + port: 55432 + name: auth + user: file:///authentik-creds/pg_username + password: file:///authentik-creds/pg_password + redis: + host: 192.168.1.3 + port: 30036 + password: file:///authentik-creds/redis_password + error_reporting: + enabled: true global: volumeMounts: - name: authentik-creds @@ -63,7 +64,7 @@ spec: servicePortHttps: 9443 annotations: traefik.ingress.kubernetes.io/service.serversscheme: https - traefik.ingress.kubernetes.io/service.serverstransport: apps-fuku-skipverify-authentik@kubernetescrd + traefik.ingress.kubernetes.io/service.serverstransport: apps-fuku-skipverify-authentik@kubernetescrd # yamllint disable rule:line-length metrics: enabled: true service: @@ -91,4 +92,4 @@ spec: targetRevision: main project: fuku syncPolicy: - automated: { } + automated: {} diff --git a/k8s/argo-apps/dcsi.yaml b/k8s/argo-apps/dcsi.yaml index d677028..55c2edd 100644 --- a/k8s/argo-apps/dcsi.yaml +++ b/k8s/argo-apps/dcsi.yaml @@ -1,29 +1,30 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: democratic-csi - namespace: argocd + name: democratic-csi + namespace: argocd spec: - destination: - name: '' - namespace: 'democratic-csi' - server: 'https://kubernetes.default.svc' - sources: - - chart: democratic-csi - repoURL: https://democratic-csi.github.io/charts/ - targetRevision: 0.14.* - helm: - releaseName: zfs-nfs - valuesObject: - csiDriver: - name: "org.dcsi.nfs" - driver: - existingConfigSecret: secrets-dcsi - config: - driver: freenas-api-nfs - - repoURL: https://git.roboces.dev/catalin/fukuops.git - path: k8s/services/dcsi - targetRevision: main - project: management - syncPolicy: - automated: { } + destination: + name: '' + namespace: democratic-csi + server: https://kubernetes.default.svc + sources: + - chart: democratic-csi + repoURL: https://democratic-csi.github.io/charts/ + targetRevision: 0.14.* + helm: + releaseName: zfs-nfs + valuesObject: + csiDriver: + name: org.dcsi.nfs + driver: + existingConfigSecret: secrets-dcsi + config: + driver: freenas-api-nfs + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/dcsi + targetRevision: main + project: management + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/factorio.yaml b/k8s/argo-apps/factorio.yaml index 359e1d2..e9517ef 100644 --- a/k8s/argo-apps/factorio.yaml +++ b/k8s/argo-apps/factorio.yaml @@ -1,44 +1,45 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: factorio - namespace: argocd + name: factorio + namespace: argocd spec: - destination: - name: '' - namespace: 'apps-fuku' - server: 'https://kubernetes.default.svc' - sources: - - chart: factorio-server-charts - repoURL: https://sqljames.github.io/factorio-server-charts/ - targetRevision: 1.2.* - helm: - valuesObject: - rcon: - passwordSecret: secrets-factorio - nodeSelector: - kubernetes.io/hostname: agent1 - image: - tag: 1.1.101 - factorioServer: - save_name: fukurokuju - admin_list: - - Phireh - account: - accountSecret: secrets-factorio - server_settings: - name: factorio-fukurokuju - visibility: - public: false - require_user_verification: false - persistence: - storageClassName: truenas-nfs-csi - serverPassword: - passwordSecret: secrets-factorio + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + sources: + - chart: factorio-server-charts + repoURL: https://sqljames.github.io/factorio-server-charts/ + targetRevision: 1.2.* + helm: + valuesObject: + rcon: + passwordSecret: secrets-factorio + nodeSelector: + kubernetes.io/hostname: agent1 + image: + tag: 1.1.101 + factorioServer: + save_name: fukurokuju + admin_list: + - Phireh + account: + accountSecret: secrets-factorio + server_settings: + name: factorio-fukurokuju + visibility: + public: false + require_user_verification: false + persistence: + storageClassName: truenas-nfs-csi + serverPassword: + passwordSecret: secrets-factorio - - repoURL: https://git.roboces.dev/catalin/fukuops.git - path: k8s/services/factorio - targetRevision: main - project: fuku - syncPolicy: - automated: {} + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/factorio + targetRevision: main + project: fuku + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/fireflyiii.yaml b/k8s/argo-apps/fireflyiii.yaml deleted file mode 100644 index 2250689..0000000 --- a/k8s/argo-apps/fireflyiii.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: firefly - namespace: argocd -spec: - destination: - name: '' - namespace: 'apps-roboces' - server: "https://kubernetes.default.svc" - project: roboces - sources: - - chart: firefly-iii-stack - repoURL: https://firefly-iii.github.io/kubernetes - targetRevision: 0.7.2 - helm: - valuesObject: - firefly-db: - enabled: false - config: - existingSecret: firefly - env: - TZ: Europe/Madrid - APP_URL: https://moneis.roboces.dev - service: - type: LoadBalancer - port: 8889 diff --git a/k8s/argo-apps/kured.yaml b/k8s/argo-apps/kured.yaml index bfdf6ba..f0702c1 100644 --- a/k8s/argo-apps/kured.yaml +++ b/k8s/argo-apps/kured.yaml @@ -1,26 +1,27 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: kured - namespace: argocd + name: kured + namespace: argocd spec: - destination: - name: '' - namespace: 'apps-fuku' - server: "https://kubernetes.default.svc" - project: fuku - source: - chart: kured - repoURL: https://kubereboot.github.io/charts - targetRevision: 5.3.* - helm: - valuesObject: - configuration.rebootDays: - - mon - - wed - - fri - configuration.startTime: 4am - configuration.endTime: 9am - configuration.timeZone: Europe/Madrid - syncPolicy: - automated: { } + destination: + name: '' + namespace: apps-fuku + server: https://kubernetes.default.svc + project: fuku + source: + chart: kured + repoURL: https://kubereboot.github.io/charts + targetRevision: 5.3.* + helm: + valuesObject: + configuration.rebootDays: + - mon + - wed + - fri + configuration.startTime: 4am + configuration.endTime: 9am + configuration.timeZone: Europe/Madrid + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/loki.yaml b/k8s/argo-apps/loki.yaml index d5fb8ba..0b6ee3f 100644 --- a/k8s/argo-apps/loki.yaml +++ b/k8s/argo-apps/loki.yaml @@ -1,116 +1,117 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: loki - namespace: argocd + name: loki + namespace: argocd spec: - destination: - name: '' - namespace: 'monitoring' - server: "https://kubernetes.default.svc" - project: management - syncPolicy: - automated: { } - syncOptions: - - ServerSideApply=true - sources: - - chart: loki-stack - repoURL: https://grafana.github.io/helm-charts - targetRevision: 2.10.* - helm: - valuesObject: - grafana: - enabled: true - persistence: - type: pvc - enabled: true - size: 10Gi - accessModes: - - ReadWriteMany - ingress: - enabled: true - hosts: - - grafana.fuku - ingressClassName: traefik - grafana.ini: - smtp: - enabled: true - host: mail.fukurokuju.dev:465 - from_address: status@fukurokuju.dev - smtp: - existingSecret: secret-grafana-smtp - resources: - limits: - cpu: 512m - memory: 512Mi - requests: - cpu: 256m - memory: 256Mi - loki: - storage: - type: filesystem - ingress: - enabled: true - ingressClassName: traefik - annotations: - traefik.ingress.kubernetes.io/router.middlewares: monitoring-loki-auth-middleware@kubernetescrd - hosts: - - host: loki.fuku - paths: - - / - prometheus: - enabled: true - isDefault: true - server: - persistentVolume: - accessModes: - - ReadWriteMany - enabled: true - extraScrapeConfigs: | - - job_name: 'argocd-metrics' - static_configs: - - targets: ["argocd-metrics.argocd:8082"] + destination: + name: '' + namespace: monitoring + server: https://kubernetes.default.svc + project: management + syncPolicy: + automated: {} + syncOptions: + - ServerSideApply=true + sources: + - chart: loki-stack + repoURL: https://grafana.github.io/helm-charts + targetRevision: 2.10.* + helm: + valuesObject: + grafana: + enabled: true + persistence: + type: pvc + enabled: true + size: 10Gi + accessModes: + - ReadWriteMany + ingress: + enabled: true + hosts: + - grafana.fuku + ingressClassName: traefik + grafana.ini: + smtp: + enabled: true + host: mail.fukurokuju.dev:465 + from_address: status@fukurokuju.dev + smtp: + existingSecret: secret-grafana-smtp + resources: + limits: + cpu: 512m + memory: 512Mi + requests: + cpu: 256m + memory: 256Mi + loki: + storage: + type: filesystem + ingress: + enabled: true + ingressClassName: traefik + annotations: + traefik.ingress.kubernetes.io/router.middlewares: monitoring-loki-auth-middleware@kubernetescrd # yamllint disable rule:line-length + hosts: + - host: loki.fuku + paths: + - / + prometheus: + enabled: true + isDefault: true + server: + persistentVolume: + accessModes: + - ReadWriteMany + enabled: true + extraScrapeConfigs: | + - job_name: 'argocd-metrics' + static_configs: + - targets: ["argocd-metrics.argocd:8082"] - - job_name: 'argocd-server-metrics' - static_configs: - - targets: ["argocd-server-metrics.argocd:8083"] + - job_name: 'argocd-server-metrics' + static_configs: + - targets: ["argocd-server-metrics.argocd:8083"] - - job_name: 'argocd-repo-server-metrics' - static_configs: - - targets: ["argocd-server.argocd:8084"] + - job_name: 'argocd-repo-server-metrics' + static_configs: + - targets: ["argocd-server.argocd:8084"] - - job_name: 'argocd-applicationset-controller-metrics' - static_configs: - - targets: ["argocd-applicationset-controller-metrics.argocd:8080"] + - job_name: 'argocd-applicationset-controller-metrics' + static_configs: + - targets: ["argocd-applicationset-controller-metrics.argocd:8080"] - - job_name: 'argocd-dex-server' - static_configs: - - targets: ["argocd-dex-server.argocd:5558"] + - job_name: 'argocd-dex-server' + static_configs: + - targets: ["argocd-dex-server.argocd:5558"] - - job_name: 'argocd-notifications-controller-metrics' - static_configs: - - targets: ["argocd-notifications-controller-metrics.argocd:9001"] + - job_name: 'argocd-notifications-controller-metrics' + static_configs: + - targets: ["argocd-notifications-controller-metrics.argocd:9001"] - - job_name: 'miniflux' - static_configs: - - targets: ["miniflux-service.apps-roboces:8888"] + - job_name: 'miniflux' + static_configs: + - targets: ["miniflux-service.apps-roboces:8888"] - - job_name: 'authentik' - static_configs: - - targets: ["authentik-server-metrics.apps-fuku:9300"] - alertmanager: - persistence: - enabled: true - accessModes: - - ReadWriteMany - singleBinary: - replicas: 1 - persistence: - enabled: true - storageClass: default - size: 25Gi - accessModes: - - ReadWriteMany - - repoURL: https://git.roboces.dev/catalin/fukuops.git - path: k8s/services/loki - targetRevision: main + - job_name: 'authentik' + static_configs: + - targets: ["authentik-server-metrics.apps-fuku:9300"] + alertmanager: + persistence: + enabled: true + accessModes: + - ReadWriteMany + singleBinary: + replicas: 1 + persistence: + enabled: true + storageClass: default + size: 25Gi + accessModes: + - ReadWriteMany + - repoURL: https://git.roboces.dev/catalin/fukuops.git + path: k8s/services/loki + targetRevision: main diff --git a/k8s/argo-apps/miniflux.yaml b/k8s/argo-apps/miniflux.yaml index 4d15a73..f274685 100644 --- a/k8s/argo-apps/miniflux.yaml +++ b/k8s/argo-apps/miniflux.yaml @@ -1,18 +1,19 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: miniflux - namespace: argocd + name: miniflux + namespace: argocd spec: - destination: - name: '' - namespace: 'apps-roboces' - server: 'https://kubernetes.default.svc' - source: - path: k8s/services/miniflux - repoURL: 'https://git.roboces.dev/catalin/fukuops.git' - targetRevision: main - sources: [] - project: roboces - syncPolicy: - automated: {} + destination: + name: '' + namespace: apps-roboces + server: https://kubernetes.default.svc + source: + path: k8s/services/miniflux + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main + sources: [] + project: roboces + syncPolicy: + automated: {} diff --git a/k8s/argo-apps/sealed-secrets.yaml b/k8s/argo-apps/sealed-secrets.yaml index 2529dc7..8adbf0b 100644 --- a/k8s/argo-apps/sealed-secrets.yaml +++ b/k8s/argo-apps/sealed-secrets.yaml @@ -1,22 +1,23 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: sealed-secrets - namespace: argocd + name: sealed-secrets + namespace: argocd spec: - destination: - name: '' - namespace: 'kube-system' - server: "https://kubernetes.default.svc" - source: - chart: sealed-secrets - repoURL: https://bitnami-labs.github.io/sealed-secrets - targetRevision: 2.14.* - helm: - releaseName: sealed-secrets - valuesObject: - fullnameOverride: sealed-secrets-controller - project: management - sources: [] - syncPolicy: - automated: { } + destination: + name: '' + namespace: kube-system + server: https://kubernetes.default.svc + source: + chart: sealed-secrets + repoURL: https://bitnami-labs.github.io/sealed-secrets + targetRevision: 2.14.* + helm: + releaseName: sealed-secrets + valuesObject: + fullnameOverride: sealed-secrets-controller + project: management + sources: [] + syncPolicy: + automated: {} diff --git a/k8s/services/argo-workflows/admin-service-account.yaml b/k8s/services/argo-workflows/admin-service-account.yaml index c415017..9ce4e39 100644 --- a/k8s/services/argo-workflows/admin-service-account.yaml +++ b/k8s/services/argo-workflows/admin-service-account.yaml @@ -2,30 +2,30 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: admin-user - namespace: argo-workflows - annotations: - workflows.argoproj.io/rbac-rule: "true" - workflows.argoproj.io/rbac-rule-precedence: "1" + name: admin-user + namespace: argo-workflows + annotations: + workflows.argoproj.io/rbac-rule: 'true' + workflows.argoproj.io/rbac-rule-precedence: '1' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: admin-user -subjects: - - kind: ServiceAccount name: admin-user - namespace: argo-workflows +subjects: + - kind: ServiceAccount + name: admin-user + namespace: argo-workflows roleRef: - name: argo-workflows-admin - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io + name: argo-workflows-admin + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Secret metadata: - name: admin-user.service-account-token - namespace: argo-workflows - annotations: - kubernetes.io/service-account.name: admin-user + name: admin-user.service-account-token + namespace: argo-workflows + annotations: + kubernetes.io/service-account.name: admin-user type: kubernetes.io/service-account-token diff --git a/k8s/services/argo-workflows/sealedsecrets.yaml b/k8s/services/argo-workflows/sealedsecrets.yaml index f6337eb..d6f50aa 100644 --- a/k8s/services/argo-workflows/sealedsecrets.yaml +++ b/k8s/services/argo-workflows/sealedsecrets.yaml @@ -2,15 +2,15 @@ apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null - name: secrets-argo-server-sso - namespace: argo-workflows + creationTimestamp: + name: secrets-argo-server-sso + namespace: argo-workflows spec: - encryptedData: - client-id: AgBLae+Tym75VhhsY4IK4VXlFKaP9ono6wF71N70X6krXVkURqBg3ncm9HvV6iO8ouPB3LWTRmQsNf0W2MbFD+wMPKGQcuUg3gSFOheDXF5rlUn5VuChDgBcbzemBHArlddVOsTFmuqUixhcMKbXenUHjNqW88N8j0GCxajnTpyPsW4nRHdBLzhqmliJWJCAbhtzGXV+0DM3UbW329ktYoDVFMMwM2RMZS39Uk65zoOqLsWR1eU9vI7PNrQpbcK1GJ3ZyqWfwcD5g6Az+/TiOx2PVkUtfeCqry1KNHCzANytpApcOTYUngg0XBW4vi/Gu84aNpAPXP3SBWOSah+4REgOBl/DlojUTIMIz/UJCvZViWbK6szg9+/RJtW2WKZQ2Pob3rfAtuZ0JKOrjG9koklthLWzjthzZVXk7JBy79GU84Gj7cQv52WwHbMPvIaPrzl5wJlMUZLnCQ8jSNvXpAmQdBf4wres6KMUlPGPw1aF75LNvlrju66dv1f7lRC6Uao7L39jvCXx95dznI2fcybZyE/W+aVznnpUNk/dfHKc4IB12g5DCtq8AfiTlZD72Fq+eMOn3xSlJ+pB6FQXRFLrdnc8f25pw7pqbf3zi/p+ylVdpMiLLTaL0M06RJbTVk5BT28HjGVMslBaR+4pJKLFNL2XwRW1VHteAhPtrvfe/zw5/pXSmK78pZ4UqsW9bb7+dUlQ/OSASwe3xZrs0ogB7yidvUjtQlpS/Ocumcq1mm5X/gRvShz1yqcvaDZ01/sR8ZXQtOAAJEvMLLDS2rugzYFp - client-secret: AgA8/QhgkPt3QRwa5zDQhlyhnYJurwGd/Uigo5WNIyUAh1vqqfmGlRAyJ9YQRJKPaJmTTU1nsaulOtS8Lafe4pAhXTsGaGsP7r+pntRii1KV79avl6e94zrH8LdhkrWxzaKLh6sW7Lj+Q3Cxj/Anh5jRSyIKGB0lpbR2RDE9XuBGx6r+jKS+8WXCn3Bxh2/ZEOBttAIWT59KxdwhZLeh/N5P809V1h8O7pxBdvvuyvK/nkBxJPWzO85zZnAiszLwraoOoiMZbfo4Z+Uzxf1dlGUxj2ZEoq3gWN9cuWRNoLxMJ1sq26zez99fyPbDD19+y0k6o+dNSQRLfFkhbgLgqCDUvWs3QzoV52oBe3zJ/of37hD03bLl1CUuJQcO8a8hoOsBqe7as+tmJTefKx67jjoUbtGPwoNYwakU2gH74rAlQE7NN/d1LuzjZSnivv27X2pTD169Ts4q/CjBUVVbSrLn/o5icEXu+d1SSFNhiFXI7/lcM/vi7CBVKuxmIsiJ0ka+mpnF6FTgsbcRvNKkFz0qZPGpx0Q7eg7tvvW7wh8aBk8k3Rh+Xp9ZXKGwRUlpBfDCVf2LB0tN5N2ieHgcy41Hxy+v7Ce5+qjTel/NkA2y67M7B5X/ji6+N+1a9wwKwTdQOze60Q/EfK8MPF8X3lpfarGhieWbGQAnHmQW0tVWBIjAnOSYbgrfoeyg2XPYg1vW7YetTfPGdF7QDhmnAEmPeBYbubMDwmXpofrpM1vz87degAL9L6kqyWF+XQph/pVAU5c1cHD30t383j0HTK5uG/dwHbWzt9k9hyz94Un0mXRohz/zAT2NIv1dwM9yv9VC3v89mkcapjlUlxBApPYcow6WWOvvcadyTrEXlVjskQ== - template: - metadata: - creationTimestamp: null - name: secrets-argo-server-sso - namespace: argo-workflows + encryptedData: + client-id: AgBLae+Tym75VhhsY4IK4VXlFKaP9ono6wF71N70X6krXVkURqBg3ncm9HvV6iO8ouPB3LWTRmQsNf0W2MbFD+wMPKGQcuUg3gSFOheDXF5rlUn5VuChDgBcbzemBHArlddVOsTFmuqUixhcMKbXenUHjNqW88N8j0GCxajnTpyPsW4nRHdBLzhqmliJWJCAbhtzGXV+0DM3UbW329ktYoDVFMMwM2RMZS39Uk65zoOqLsWR1eU9vI7PNrQpbcK1GJ3ZyqWfwcD5g6Az+/TiOx2PVkUtfeCqry1KNHCzANytpApcOTYUngg0XBW4vi/Gu84aNpAPXP3SBWOSah+4REgOBl/DlojUTIMIz/UJCvZViWbK6szg9+/RJtW2WKZQ2Pob3rfAtuZ0JKOrjG9koklthLWzjthzZVXk7JBy79GU84Gj7cQv52WwHbMPvIaPrzl5wJlMUZLnCQ8jSNvXpAmQdBf4wres6KMUlPGPw1aF75LNvlrju66dv1f7lRC6Uao7L39jvCXx95dznI2fcybZyE/W+aVznnpUNk/dfHKc4IB12g5DCtq8AfiTlZD72Fq+eMOn3xSlJ+pB6FQXRFLrdnc8f25pw7pqbf3zi/p+ylVdpMiLLTaL0M06RJbTVk5BT28HjGVMslBaR+4pJKLFNL2XwRW1VHteAhPtrvfe/zw5/pXSmK78pZ4UqsW9bb7+dUlQ/OSASwe3xZrs0ogB7yidvUjtQlpS/Ocumcq1mm5X/gRvShz1yqcvaDZ01/sR8ZXQtOAAJEvMLLDS2rugzYFp # yamllint disable rule:line-length + client-secret: AgA8/QhgkPt3QRwa5zDQhlyhnYJurwGd/Uigo5WNIyUAh1vqqfmGlRAyJ9YQRJKPaJmTTU1nsaulOtS8Lafe4pAhXTsGaGsP7r+pntRii1KV79avl6e94zrH8LdhkrWxzaKLh6sW7Lj+Q3Cxj/Anh5jRSyIKGB0lpbR2RDE9XuBGx6r+jKS+8WXCn3Bxh2/ZEOBttAIWT59KxdwhZLeh/N5P809V1h8O7pxBdvvuyvK/nkBxJPWzO85zZnAiszLwraoOoiMZbfo4Z+Uzxf1dlGUxj2ZEoq3gWN9cuWRNoLxMJ1sq26zez99fyPbDD19+y0k6o+dNSQRLfFkhbgLgqCDUvWs3QzoV52oBe3zJ/of37hD03bLl1CUuJQcO8a8hoOsBqe7as+tmJTefKx67jjoUbtGPwoNYwakU2gH74rAlQE7NN/d1LuzjZSnivv27X2pTD169Ts4q/CjBUVVbSrLn/o5icEXu+d1SSFNhiFXI7/lcM/vi7CBVKuxmIsiJ0ka+mpnF6FTgsbcRvNKkFz0qZPGpx0Q7eg7tvvW7wh8aBk8k3Rh+Xp9ZXKGwRUlpBfDCVf2LB0tN5N2ieHgcy41Hxy+v7Ce5+qjTel/NkA2y67M7B5X/ji6+N+1a9wwKwTdQOze60Q/EfK8MPF8X3lpfarGhieWbGQAnHmQW0tVWBIjAnOSYbgrfoeyg2XPYg1vW7YetTfPGdF7QDhmnAEmPeBYbubMDwmXpofrpM1vz87degAL9L6kqyWF+XQph/pVAU5c1cHD30t383j0HTK5uG/dwHbWzt9k9hyz94Un0mXRohz/zAT2NIv1dwM9yv9VC3v89mkcapjlUlxBApPYcow6WWOvvcadyTrEXlVjskQ== # yamllint disable rule:line-length + template: + metadata: + creationTimestamp: + name: secrets-argo-server-sso + namespace: argo-workflows diff --git a/k8s/services/argo/appgen.yaml b/k8s/services/argo/appgen.yaml index 418e932..51c9691 100644 --- a/k8s/services/argo/appgen.yaml +++ b/k8s/services/argo/appgen.yaml @@ -1,18 +1,19 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: fukuops-appgen - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io + name: fukuops-appgen + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io spec: - destination: - namespace: default - name: in-cluster - project: default - source: - path: k8s/argo-apps - repoURL: https://git.roboces.dev/catalin/fukuops.git - targetRevision: main - syncPolicy: - automated: { } + destination: + namespace: default + name: in-cluster + project: default + source: + path: k8s/argo-apps + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main + syncPolicy: + automated: {} diff --git a/k8s/services/argo/argocd-cmd-params-cm.yaml b/k8s/services/argo/argocd-cmd-params-cm.yaml index 9016764..06568fb 100644 --- a/k8s/services/argo/argocd-cmd-params-cm.yaml +++ b/k8s/services/argo/argocd-cmd-params-cm.yaml @@ -1,10 +1,11 @@ +--- apiVersion: v1 kind: ConfigMap metadata: - name: argocd-cmd-params-cm - namespace: argocd - labels: - app.kubernetes.io/name: argocd-cmd-params-cm - app.kubernetes.io/part-of: argocd + name: argocd-cmd-params-cm + namespace: argocd + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd data: - server.insecure: "true" + server.insecure: 'true' diff --git a/k8s/services/argo/ingress-route.yaml b/k8s/services/argo/ingress-route.yaml index 7e0975b..960ae25 100644 --- a/k8s/services/argo/ingress-route.yaml +++ b/k8s/services/argo/ingress-route.yaml @@ -1,25 +1,26 @@ +--- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: - name: argocd-server - namespace: argocd + name: argocd-server + namespace: argocd spec: - entryPoints: - - websecure - - web - routes: - - kind: Rule - match: Host(`argo.fuku`) - priority: 10 - services: - - name: argocd-server - port: 80 - - kind: Rule - match: Host(`argo.fuku`) && Headers(`Content-Type`, `application/grpc`) - priority: 11 - services: - - name: argocd-server - port: 80 - scheme: h2c - tls: - certResolver: default + entryPoints: + - websecure + - web + routes: + - kind: Rule + match: Host(`argo.fuku`) + priority: 10 + services: + - name: argocd-server + port: 80 + - kind: Rule + match: Host(`argo.fuku`) && Headers(`Content-Type`, `application/grpc`) + priority: 11 + services: + - name: argocd-server + port: 80 + scheme: h2c + tls: + certResolver: default diff --git a/k8s/services/argo/project-fuku.yaml b/k8s/services/argo/project-fuku.yaml index 78f802e..c5dc5e1 100644 --- a/k8s/services/argo/project-fuku.yaml +++ b/k8s/services/argo/project-fuku.yaml @@ -2,24 +2,24 @@ apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: - namespace: argocd - name: fuku + namespace: argocd + name: fuku spec: - destinations: - - namespace: apps-fuku - server: https://kubernetes.default.svc - - namespace: postgres - server: https://kubernetes.default.svc - clusterResourceWhitelist: - - group: rbac.authorization.k8s.io - kind: ClusterRole - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - sourceRepos: - - https://git.roboces.dev/catalin/fukuops.git - - https://charts.goauthentik.io/ - - https://kubereboot.github.io/charts - - https://sqljames.github.io/factorio-server-charts/ - - https://portainer.github.io/k8s/ - - https://charts.bitnami.com/bitnami - - https://charts.crystalnet.org + destinations: + - namespace: apps-fuku + server: https://kubernetes.default.svc + - namespace: postgres + server: https://kubernetes.default.svc + clusterResourceWhitelist: + - group: rbac.authorization.k8s.io + kind: ClusterRole + - group: rbac.authorization.k8s.io + kind: ClusterRoleBinding + sourceRepos: + - https://git.roboces.dev/catalin/fukuops.git + - https://charts.goauthentik.io/ + - https://kubereboot.github.io/charts + - https://sqljames.github.io/factorio-server-charts/ + - https://portainer.github.io/k8s/ + - https://charts.bitnami.com/bitnami + - https://charts.crystalnet.org diff --git a/k8s/services/argo/project-management.yaml b/k8s/services/argo/project-management.yaml index 18195f4..7bf1d47 100644 --- a/k8s/services/argo/project-management.yaml +++ b/k8s/services/argo/project-management.yaml @@ -2,31 +2,31 @@ apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: - namespace: argocd - name: management + namespace: argocd + name: management spec: - destinations: - - namespace: argocd - server: https://kubernetes.default.svc - - namespace: democratic-csi - server: https://kubernetes.default.svc - - namespace: kube-system - server: https://kubernetes.default.svc - - namespace: monitoring - server: https://kubernetes.default.svc - - namespace: system-upgrade - server: https://kubernetes.default.svc - - namespace: argo-workflows - server: https://kubernetes.default.svc - clusterResourceWhitelist: - - group: "*" - kind: "*" - sourceRepos: - - https://git.roboces.dev/catalin/fukuops.git - - https://democratic-csi.github.io/charts/ - - https://bitnami-labs.github.io/sealed-secrets - - https://grafana.github.io/helm-charts - - https://kubernetes-sigs.github.io/descheduler/ - - https://github.com/rancher/system-upgrade-controller.git - - https://charts.bitnami.com/bitnami - - https://argoproj.github.io/argo-helm + destinations: + - namespace: argocd + server: https://kubernetes.default.svc + - namespace: democratic-csi + server: https://kubernetes.default.svc + - namespace: kube-system + server: https://kubernetes.default.svc + - namespace: monitoring + server: https://kubernetes.default.svc + - namespace: system-upgrade + server: https://kubernetes.default.svc + - namespace: argo-workflows + server: https://kubernetes.default.svc + clusterResourceWhitelist: + - group: '*' + kind: '*' + sourceRepos: + - https://git.roboces.dev/catalin/fukuops.git + - https://democratic-csi.github.io/charts/ + - https://bitnami-labs.github.io/sealed-secrets + - https://grafana.github.io/helm-charts + - https://kubernetes-sigs.github.io/descheduler/ + - https://github.com/rancher/system-upgrade-controller.git + - https://charts.bitnami.com/bitnami + - https://argoproj.github.io/argo-helm diff --git a/k8s/services/argo/project-roboces.yaml b/k8s/services/argo/project-roboces.yaml index 9417522..8b0b096 100644 --- a/k8s/services/argo/project-roboces.yaml +++ b/k8s/services/argo/project-roboces.yaml @@ -2,12 +2,12 @@ apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: - namespace: argocd - name: roboces + namespace: argocd + name: roboces spec: - destinations: - - namespace: apps-roboces - server: https://kubernetes.default.svc - sourceRepos: - - https://git.roboces.dev/catalin/fukuops.git - - https://firefly-iii.github.io/kubernetes + destinations: + - namespace: apps-roboces + server: https://kubernetes.default.svc + sourceRepos: + - https://git.roboces.dev/catalin/fukuops.git + - https://firefly-iii.github.io/kubernetes diff --git a/k8s/services/argo/repos.yaml b/k8s/services/argo/repos.yaml index 8dd8132..096649b 100644 --- a/k8s/services/argo/repos.yaml +++ b/k8s/services/argo/repos.yaml @@ -2,19 +2,19 @@ apiVersion: v1 kind: Secret metadata: - name: fuku-services - namespace: argocd - labels: - argocd.argoproj.io/secret-type: repository + name: fuku-services + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository stringData: - url: https://gitlab.com/fukurokuju/k3s/services.git + url: https://gitlab.com/fukurokuju/k3s/services.git --- apiVersion: v1 kind: Secret metadata: - name: fukuops-repo - namespace: argocd - labels: - argocd.argoproj.io/secret-type: repository + name: fukuops-repo + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository stringData: - url: https://git.roboces.dev/catalin/fukuops.git + url: https://git.roboces.dev/catalin/fukuops.git diff --git a/k8s/services/authentik/pvc.yaml b/k8s/services/authentik/pvc.yaml index b3c1ca1..9b51c22 100644 --- a/k8s/services/authentik/pvc.yaml +++ b/k8s/services/authentik/pvc.yaml @@ -1,12 +1,13 @@ +--- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: pvc-authentik-media - namespace: apps-fuku + name: pvc-authentik-media + namespace: apps-fuku spec: - accessModes: - - ReadWriteMany - storageClassName: "truenas-nfs-csi" - resources: - requests: - storage: 3Gi + accessModes: + - ReadWriteMany + storageClassName: truenas-nfs-csi + resources: + requests: + storage: 3Gi diff --git a/k8s/services/authentik/sealedsecrets.yaml b/k8s/services/authentik/sealedsecrets.yaml index 36744bb..0c43932 100644 --- a/k8s/services/authentik/sealedsecrets.yaml +++ b/k8s/services/authentik/sealedsecrets.yaml @@ -1,19 +1,20 @@ +--- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null - name: secrets-authentik - namespace: apps-fuku + creationTimestamp: + name: secrets-authentik + namespace: apps-fuku spec: - encryptedData: - email_password: AgCzRWtmiBIj6ZD1muwvJROasd+8ls98/5CWdUcQLN18vgW//QNGJUn2kMweQ/p93NpmCay4mvfvCjZrQeB/9gw2VcrXxLoDO6X3AExtFQUw0zr6nqCfKeYKkhu7OqZJZIsu5pBTYxf1zcRFI/Fp7v/dNLUkNFhaOU33zck3dBbHaxWylnyaTdpGC8NQdN/yGRXc+PXi9GLI+XhhMQzTw443B62eSisTc0MA0vMeqHc/whapwjyQtVKOmA/U2IWrtIrze+xn5Wyfzi6w/XLQt67Kcq4m885jf4su5ymXIPswVEp5I1Aq0WK5hoYhQ+S1ipY31cng3Vsg6TOwizw1BDt7uY1DmshVIm0wk/7g8AVlDyr1aNvnWw+flqR68SLR7xSHv2UxAat1bgs3iUmaKHkWnhK5vuoj0hd+iKmeRGCV1v1DRaRKhOGrCbmSACXm01Iq/yNhBtxiFaz4QqnFpt5MmMQrtRYz18Y44LfOMX0jjJT3+RGH+L9f71V3fTK2uBkuWvF/ExzKJUoJ2XKpnR8xLuqCyBYmt1nPLue+/8lT6JRzWWbyT69PpYvvJ2tU21TQVROs1e+OiYrhEvvIkTx1tgomLInJRn3EZ2U0ycfqWRO49kycPhLKojJ2mL8Uu0K1Q6cxcViK3tv7CAidJ+FqcwfMPR0ivc0obu1u1m8QvPgMXayG2tQs6cEDEQtTu0ugKIpcUftuhNStDWFWi7xYnwvTvfN55l7jf9O4 - pg_password: AgAr5ZLncvqsmJY518N4lcLWWSOJt4AIlkPlR0B4tFCZvPL8OPET1mulJD7QWAudr6m0XsX/8DO/UM4bpiWZCU+2oizBJf/4Vj5zFzuaZLLcCzZtHxXLugPkyBqTh1NmKDnM0H/vqS3migkPCVKxMVr1PnLLyRJ2fa2v/6R/dXnpl5I5beGnxRIXS0vcBWf4WvbH/iXfNv91cVJBausN8kyKqNWmeBDL4Px3NwB4/wpxRMeW/IYB3kC5DHYNMs7zeJGiJpAwYAiK/Cmuz0MUAR/Zq+UWf6A+QYgLcKrNQ1jUiSTp9vqOpTpvZv+2aaNV3pcZBTM+UagDZFvHQRWUi5QpNMwZ0RC6KQoRK9ccn4gvR0Cvd7/osQAXLFJuC7P90xg9vPRpXL63PDoifBsNZjzsWiw+8YFLgHfks7riN89KfzzVwB6ygtlz7zipR24BM9W8x82sF8Ho4Ig0wrKCjd7oZYBrEtzOe9kpRgdQSq7fLP3xv7Wb29yi5MiEQ3sSYvDZr33X8u+ZQ3+EAsd4iwasntwRDoDo0E2Fn6V9TPYKdOnDzBsMzTNlPEMMldjW7IB6edTutQi0rCKOOq9/uQMz4uFz7pW5Y79ohF+WyA25Cbxbg93Dja/qd/CMn9UJ2XH4cLYoiBvfxG87lUV85dR7qymBbPrZZjnPhhhINEixxRq/uau5b7ceWp7Cy+Wg/rhvQzvaAI+YtHpYqQu0gjib1dkqqhrz+ptpW4q4hbLI/ek= - pg_username: AgB6a2UHhGQCYyYBgOWoZGWKCqaGMoOO8KGPRkB2LQeHFi9rok2EfaxGm5kfPuf9ItRaAYhyVqo1EV/5foUH2rSwUZpLkC+FiU1U7dNr4rLW4pMmqGJsJxx/JbclrEPP2gYlL2EI1Pq6nksPfxkxTd9wO2qaQAmurnvnsPV5VcBHvbI+6WNJNiK2hsJtuSd1kbA/r2jjeR0eo6PUBm17bgk2/lync4PqwWSjolwoYhZ3cpBFzxJ0sx8cH5DWMZSV8kefexfqmIf/t82gU2g3BQ96FRfZY9QWmB0WFUI+M4i1UcLq0uIPFz+wFeg+eTUdalqh57LA/mtZ8elMAHnjfpLIJm0PCLySl2i+f4QbWwDfvrpXa8bLOcaCFUXqp2xKtJvu/1amzJF9EmEYDcw2NhO484xHlZua18hSyxnTGjUapo5Z3EfKX01CU1JAxNtXKEflkN5OlUPs4ucAAdRVwsa+4Uh6Tp/bBPzr6mUEOkiZWO4V7lolQQzwO+wL+dx6Tl7K5nU8RjzAOvfLimHI1ZTJiurwTUC5LkgKt0mskWOKAEeXon+wKECkhJHO56YXwolFEyxNMuvSxR4+eosqAhx6u8Pr+vTZfnjbSx+80Fw1JBdljCh0F54RrNSSSkJSPeXmPS3Hge7yEbfDsQvbgcCGJRdP7U3OEDvOowFDJdIgs9iBEsrPjaVziYRgp+bllldUZn+w - redis_password: AgBAr7eZ59BPbu1lNhp63q5MdyyRb+XYkdelg2yoHjHxCJHwK+2H5/C2MCA1JMOp2QHD6Cg0vgdNMPkFktlpFRZCayZGURKVg00ZLW86qeFHamJNUfej7AvBO9mbGuI1x16Rtavt9OhD9pguQr47IIiWyitIVuFwqgKEsPwlqzl4DA2c/VpKi/SI5bJPi60LL2x3GcNLhxeQrbjd7gKgwiMSEQI1SvoQ1oFSpNktlAtXtd8Kd98CGMRYBxqzIfFxZa7ZE1a2dlwD8hB8G7g7slsO42V2TQu4HzCot0jbfaW84lM5pg+DVMNMDv4kumdGYMZpWngGGJM68YwMOT/+TW/gx3Prt4S76RqQNaVMzhQ0+ZRTy2q96esvyLttg916IUfxVfmXNNWK02hUlzJai7QWAfu/oJRN9irTpG+s/c4WmENNgS8rS901bfEqFFi3gIly/KhFzqRL5/upj7vsdcqiutk9B75LFtkh4yAdGUcBMwIgfV71fxrgFBy6tneU4iZPPi72bKyzx1Cf/tsrcTSnpKiQlK+mpuYixjn0f5UrXPYnziZJCvdHd2SpNWjAWh7jPUR+6wdWxxYZ2oQ1JlPKwgWY6s1rIwxzn/XFb49D9SDTNqwUXpy85g4ENPptAy2jiu0kVaTqe474TjAOW2iyOqkM7lNu+94zJ9fCfWTIdupD/BkWEaiZEy0HaaBCLhL11sBBOpsZztQ1685H7KxXXPAMfQ== - secret_key: AgB1Z4HtyF3JSFHYS1sT0rixvwQQYebZwMWwxYr8Dk0P6rkk9i+2mgVCJ4Rf+eT3o6mPkKGiPlrVsXyPJFHt0/RUblsuH2IelOBZa6SSA7+OpdWBIhP4nmv1ZdyEFQT7Iw5NcjOAlU7Ig+0tHyt+qcBfnOAKH6xjbZIYQeQkkp3T7JC3I4zyidtIzxRx1VGftnYruMI42vrpCBKcSydlcwImdxvlSgdMKI7VE2dgLC6t4dYOVX4R4A8fPO49acq0lx/DqehQrZrW/EaxBK0RnTRcM5S9PFMQUR19Y8swAtJ+Aa0x6Ot6+R6MAQrzCWBhY0NHKPlEDHNBLQ01MOBaKzXiMIjLODjZ5VZOMPl2WfhrCx+MF9GN/zz2WjlutZ7cJpKMVsH+ZjVfeDceNTJ37hpC9CJJ6AstYdYtyOle35Uk1e9V+bw1iwjFHXUv6srDgbqt1tF1cWZQ8+qj4enZjSKojCP3fjcNXwLeQBoGlZU3XHwq+VjZVS1zmcQNQ7f0HWmX59yOicJTXHuJ6PxMpjsvt/0P6X4gXcXwx3GdEJS7GjjmLdt+bdn2yDxVYtt2i5ebdypVR4T++P/gdU/n+MOOzF+RkuRL60snhoh6b+phflZXpdARMVSwZJDrFnxRPih9sj3MoRvPV5eFmuflc2tMIneJqUKSN2xkpSccSTMjJMMrYif7u5k5oaxP3ouL8ZTUnatHUH8BEBnxtXUW4DEz0z9jYLq1QROf0OikoHMff8sId3SqgEbNvYv0BGG6ER05Ig== - template: - metadata: - creationTimestamp: null - name: secrets-authentik - namespace: apps-fuku - type: Opaque + encryptedData: + email_password: AgCzRWtmiBIj6ZD1muwvJROasd+8ls98/5CWdUcQLN18vgW//QNGJUn2kMweQ/p93NpmCay4mvfvCjZrQeB/9gw2VcrXxLoDO6X3AExtFQUw0zr6nqCfKeYKkhu7OqZJZIsu5pBTYxf1zcRFI/Fp7v/dNLUkNFhaOU33zck3dBbHaxWylnyaTdpGC8NQdN/yGRXc+PXi9GLI+XhhMQzTw443B62eSisTc0MA0vMeqHc/whapwjyQtVKOmA/U2IWrtIrze+xn5Wyfzi6w/XLQt67Kcq4m885jf4su5ymXIPswVEp5I1Aq0WK5hoYhQ+S1ipY31cng3Vsg6TOwizw1BDt7uY1DmshVIm0wk/7g8AVlDyr1aNvnWw+flqR68SLR7xSHv2UxAat1bgs3iUmaKHkWnhK5vuoj0hd+iKmeRGCV1v1DRaRKhOGrCbmSACXm01Iq/yNhBtxiFaz4QqnFpt5MmMQrtRYz18Y44LfOMX0jjJT3+RGH+L9f71V3fTK2uBkuWvF/ExzKJUoJ2XKpnR8xLuqCyBYmt1nPLue+/8lT6JRzWWbyT69PpYvvJ2tU21TQVROs1e+OiYrhEvvIkTx1tgomLInJRn3EZ2U0ycfqWRO49kycPhLKojJ2mL8Uu0K1Q6cxcViK3tv7CAidJ+FqcwfMPR0ivc0obu1u1m8QvPgMXayG2tQs6cEDEQtTu0ugKIpcUftuhNStDWFWi7xYnwvTvfN55l7jf9O4 # yamllint disable rule:line-length + pg_password: AgAr5ZLncvqsmJY518N4lcLWWSOJt4AIlkPlR0B4tFCZvPL8OPET1mulJD7QWAudr6m0XsX/8DO/UM4bpiWZCU+2oizBJf/4Vj5zFzuaZLLcCzZtHxXLugPkyBqTh1NmKDnM0H/vqS3migkPCVKxMVr1PnLLyRJ2fa2v/6R/dXnpl5I5beGnxRIXS0vcBWf4WvbH/iXfNv91cVJBausN8kyKqNWmeBDL4Px3NwB4/wpxRMeW/IYB3kC5DHYNMs7zeJGiJpAwYAiK/Cmuz0MUAR/Zq+UWf6A+QYgLcKrNQ1jUiSTp9vqOpTpvZv+2aaNV3pcZBTM+UagDZFvHQRWUi5QpNMwZ0RC6KQoRK9ccn4gvR0Cvd7/osQAXLFJuC7P90xg9vPRpXL63PDoifBsNZjzsWiw+8YFLgHfks7riN89KfzzVwB6ygtlz7zipR24BM9W8x82sF8Ho4Ig0wrKCjd7oZYBrEtzOe9kpRgdQSq7fLP3xv7Wb29yi5MiEQ3sSYvDZr33X8u+ZQ3+EAsd4iwasntwRDoDo0E2Fn6V9TPYKdOnDzBsMzTNlPEMMldjW7IB6edTutQi0rCKOOq9/uQMz4uFz7pW5Y79ohF+WyA25Cbxbg93Dja/qd/CMn9UJ2XH4cLYoiBvfxG87lUV85dR7qymBbPrZZjnPhhhINEixxRq/uau5b7ceWp7Cy+Wg/rhvQzvaAI+YtHpYqQu0gjib1dkqqhrz+ptpW4q4hbLI/ek= # yamllint disable rule:line-length + pg_username: AgB6a2UHhGQCYyYBgOWoZGWKCqaGMoOO8KGPRkB2LQeHFi9rok2EfaxGm5kfPuf9ItRaAYhyVqo1EV/5foUH2rSwUZpLkC+FiU1U7dNr4rLW4pMmqGJsJxx/JbclrEPP2gYlL2EI1Pq6nksPfxkxTd9wO2qaQAmurnvnsPV5VcBHvbI+6WNJNiK2hsJtuSd1kbA/r2jjeR0eo6PUBm17bgk2/lync4PqwWSjolwoYhZ3cpBFzxJ0sx8cH5DWMZSV8kefexfqmIf/t82gU2g3BQ96FRfZY9QWmB0WFUI+M4i1UcLq0uIPFz+wFeg+eTUdalqh57LA/mtZ8elMAHnjfpLIJm0PCLySl2i+f4QbWwDfvrpXa8bLOcaCFUXqp2xKtJvu/1amzJF9EmEYDcw2NhO484xHlZua18hSyxnTGjUapo5Z3EfKX01CU1JAxNtXKEflkN5OlUPs4ucAAdRVwsa+4Uh6Tp/bBPzr6mUEOkiZWO4V7lolQQzwO+wL+dx6Tl7K5nU8RjzAOvfLimHI1ZTJiurwTUC5LkgKt0mskWOKAEeXon+wKECkhJHO56YXwolFEyxNMuvSxR4+eosqAhx6u8Pr+vTZfnjbSx+80Fw1JBdljCh0F54RrNSSSkJSPeXmPS3Hge7yEbfDsQvbgcCGJRdP7U3OEDvOowFDJdIgs9iBEsrPjaVziYRgp+bllldUZn+w # yamllint disable rule:line-length + redis_password: AgBAr7eZ59BPbu1lNhp63q5MdyyRb+XYkdelg2yoHjHxCJHwK+2H5/C2MCA1JMOp2QHD6Cg0vgdNMPkFktlpFRZCayZGURKVg00ZLW86qeFHamJNUfej7AvBO9mbGuI1x16Rtavt9OhD9pguQr47IIiWyitIVuFwqgKEsPwlqzl4DA2c/VpKi/SI5bJPi60LL2x3GcNLhxeQrbjd7gKgwiMSEQI1SvoQ1oFSpNktlAtXtd8Kd98CGMRYBxqzIfFxZa7ZE1a2dlwD8hB8G7g7slsO42V2TQu4HzCot0jbfaW84lM5pg+DVMNMDv4kumdGYMZpWngGGJM68YwMOT/+TW/gx3Prt4S76RqQNaVMzhQ0+ZRTy2q96esvyLttg916IUfxVfmXNNWK02hUlzJai7QWAfu/oJRN9irTpG+s/c4WmENNgS8rS901bfEqFFi3gIly/KhFzqRL5/upj7vsdcqiutk9B75LFtkh4yAdGUcBMwIgfV71fxrgFBy6tneU4iZPPi72bKyzx1Cf/tsrcTSnpKiQlK+mpuYixjn0f5UrXPYnziZJCvdHd2SpNWjAWh7jPUR+6wdWxxYZ2oQ1JlPKwgWY6s1rIwxzn/XFb49D9SDTNqwUXpy85g4ENPptAy2jiu0kVaTqe474TjAOW2iyOqkM7lNu+94zJ9fCfWTIdupD/BkWEaiZEy0HaaBCLhL11sBBOpsZztQ1685H7KxXXPAMfQ== # yamllint disable rule:line-length + secret_key: AgB1Z4HtyF3JSFHYS1sT0rixvwQQYebZwMWwxYr8Dk0P6rkk9i+2mgVCJ4Rf+eT3o6mPkKGiPlrVsXyPJFHt0/RUblsuH2IelOBZa6SSA7+OpdWBIhP4nmv1ZdyEFQT7Iw5NcjOAlU7Ig+0tHyt+qcBfnOAKH6xjbZIYQeQkkp3T7JC3I4zyidtIzxRx1VGftnYruMI42vrpCBKcSydlcwImdxvlSgdMKI7VE2dgLC6t4dYOVX4R4A8fPO49acq0lx/DqehQrZrW/EaxBK0RnTRcM5S9PFMQUR19Y8swAtJ+Aa0x6Ot6+R6MAQrzCWBhY0NHKPlEDHNBLQ01MOBaKzXiMIjLODjZ5VZOMPl2WfhrCx+MF9GN/zz2WjlutZ7cJpKMVsH+ZjVfeDceNTJ37hpC9CJJ6AstYdYtyOle35Uk1e9V+bw1iwjFHXUv6srDgbqt1tF1cWZQ8+qj4enZjSKojCP3fjcNXwLeQBoGlZU3XHwq+VjZVS1zmcQNQ7f0HWmX59yOicJTXHuJ6PxMpjsvt/0P6X4gXcXwx3GdEJS7GjjmLdt+bdn2yDxVYtt2i5ebdypVR4T++P/gdU/n+MOOzF+RkuRL60snhoh6b+phflZXpdARMVSwZJDrFnxRPih9sj3MoRvPV5eFmuflc2tMIneJqUKSN2xkpSccSTMjJMMrYif7u5k5oaxP3ouL8ZTUnatHUH8BEBnxtXUW4DEz0z9jYLq1QROf0OikoHMff8sId3SqgEbNvYv0BGG6ER05Ig== # yamllint disable rule:line-length + template: + metadata: + creationTimestamp: + name: secrets-authentik + namespace: apps-fuku + type: Opaque diff --git a/k8s/services/authentik/serverstransport.yaml b/k8s/services/authentik/serverstransport.yaml index fb948fe..5f3dd1f 100644 --- a/k8s/services/authentik/serverstransport.yaml +++ b/k8s/services/authentik/serverstransport.yaml @@ -2,7 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport metadata: - name: skipverify-authentik - namespace: apps-fuku + name: skipverify-authentik + namespace: apps-fuku spec: - insecureSkipVerify: true + insecureSkipVerify: true diff --git a/k8s/services/dcsi/sealedsecrets.yaml b/k8s/services/dcsi/sealedsecrets.yaml index ec5e989..1dff033 100644 --- a/k8s/services/dcsi/sealedsecrets.yaml +++ b/k8s/services/dcsi/sealedsecrets.yaml @@ -1,15 +1,16 @@ +--- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null - name: secrets-dcsi - namespace: democratic-csi + creationTimestamp: + name: secrets-dcsi + namespace: democratic-csi spec: - encryptedData: - driver-config-file.yaml: AgAV/PBRKpvUMziktxxW5aPv1ITToe3i2FVqWLL0IbWl94Px8gH9AJCMNVfrW8L45Z2VBFKIscmmmbRK5OvqwEjEzhodeWoc/tEeMq7XawZ4ccS6L+GxoaxYtQiYjO0J/g59+tGzgq4hXQoYfZBZ9ADrzhaHjv/yQt+DeFYYisNksPskYTYWgjZPhR9g6axGU4R+ldYbAv2YXG/Is18lC38Kk45Xtkw7GTEnGjFkVLlXd2zYNNDfYan6T5trMjRV4nHBeJsoefyNV5mUTRr9dMKEiDvRzxfkdRNkyIbGPAIuvzZ7vlrby5DCBII8KbF6txpoAjJpl0YOPOdVzv/jQETIry48wepkQY/+ZWXXRgRMVk9uE0ks+wgUQMnqrTeTBfwSnoWr9z3fPKzmmetuYoWrbt2SY1eF9NpSD/1XgrhahT9Da9F5Yy4s1CamEmm6JU3fYbd6fb4hrZooP04kjtfrKA4aN0czMFm1d+PA1ukwKKCO8gsw5a6NX3yEB8g3uI5XHjsp2skeL6Qn2ow0f6nyK20lMe/GNJusjAs06zL4CMu5Ap/XRmpCek69e5WqZvrmtQqRJ7DsMgahKyPYDpoPlvoylD8cEdoTmQnThI+m2psl7ZEW+DUSFE1hAJbMVXHwCmi57Cr1UqQ6i2WKlXw9Pch2Y08QguxDeUR8No7I88PbzluU2Jx3+otJS+DbjOIUuu5t0ZFAkoqh/B3EMASxMkawK8ugW8sOPtrnACtRlHuqTyzBEeoO6tWBdPO4di8Mie8sZxPR5immCRmFRYJl1XCcG+rDPgnUyOrA0iAAmPbdjkoJuUCsMJ9s9fSQD5BlyDij40LgcWiqvHAgtirkUrWnuVNL9fIO/WIdsSZ80zcq4LWmdfDXJF0v+AYzABbLnBlXJv0yfxo0Zy5sGA8FDF4sGdTVjVbWq88aPhuKgKKVTqGoPTn6YdQ0pO8XY+r4WvGi71uc+/M/lnuEk5xrUt6G3n/xaUqi8ctj7XR5qObAHUYv42sOJAAh7yIloLR0A2FuMTwOu2pg6ScPTCikpNK3VDjesSUePdmdKL3DSabtDKZG4mvY3VhXH2iDyRZ07c8iObwb+/a0Q89rXBHa/ZQnOSR3nQI5tv7SUJqJt4M2NadlRtv0I6HxO2cOpw5D2O9Yak0q9brwoE1HvSAvMqwNdFNOXimbwIuf3Y7BVo4gXVWzR3TbWLn5nA4TXnf3+yuW8eI/8wy7foU+C6USEm4jb3hhWdWtnfJw//WdVM8A2JYr1vBDejfULlfCnXNMVBqhhYA/Mcjxcl+FtD3ho5HAgA5BWQoKlsi4d0JOLeKALxEHWJ5RX9Z4+CBJMOlxehggfa17ap+HOfIVO+tYhY0ZZoiW5oMpM0mwBcwr/CZZ9fm7qpCgojs8Tkrl00QXoGNiGgn3/ksPuAwNE1EU0EWe7+0VX9zJ5m3JsIAgCCwkorNwdZH2AK9FcpGWJZOTec2f7MW1Td5kkhQwTQQ0iFxJnGTt4qJv+lqH6LH5yR/v0GnIt4Y+Bs5pcsSU+uv7t4+k4ZDo+aN0imcQXTucxeRXpYlSspVCIOnxtb4e - template: - metadata: - creationTimestamp: null - name: secrets-dcsi - namespace: democratic-csi - type: Opaque + encryptedData: + driver-config-file.yaml: AgAV/PBRKpvUMziktxxW5aPv1ITToe3i2FVqWLL0IbWl94Px8gH9AJCMNVfrW8L45Z2VBFKIscmmmbRK5OvqwEjEzhodeWoc/tEeMq7XawZ4ccS6L+GxoaxYtQiYjO0J/g59+tGzgq4hXQoYfZBZ9ADrzhaHjv/yQt+DeFYYisNksPskYTYWgjZPhR9g6axGU4R+ldYbAv2YXG/Is18lC38Kk45Xtkw7GTEnGjFkVLlXd2zYNNDfYan6T5trMjRV4nHBeJsoefyNV5mUTRr9dMKEiDvRzxfkdRNkyIbGPAIuvzZ7vlrby5DCBII8KbF6txpoAjJpl0YOPOdVzv/jQETIry48wepkQY/+ZWXXRgRMVk9uE0ks+wgUQMnqrTeTBfwSnoWr9z3fPKzmmetuYoWrbt2SY1eF9NpSD/1XgrhahT9Da9F5Yy4s1CamEmm6JU3fYbd6fb4hrZooP04kjtfrKA4aN0czMFm1d+PA1ukwKKCO8gsw5a6NX3yEB8g3uI5XHjsp2skeL6Qn2ow0f6nyK20lMe/GNJusjAs06zL4CMu5Ap/XRmpCek69e5WqZvrmtQqRJ7DsMgahKyPYDpoPlvoylD8cEdoTmQnThI+m2psl7ZEW+DUSFE1hAJbMVXHwCmi57Cr1UqQ6i2WKlXw9Pch2Y08QguxDeUR8No7I88PbzluU2Jx3+otJS+DbjOIUuu5t0ZFAkoqh/B3EMASxMkawK8ugW8sOPtrnACtRlHuqTyzBEeoO6tWBdPO4di8Mie8sZxPR5immCRmFRYJl1XCcG+rDPgnUyOrA0iAAmPbdjkoJuUCsMJ9s9fSQD5BlyDij40LgcWiqvHAgtirkUrWnuVNL9fIO/WIdsSZ80zcq4LWmdfDXJF0v+AYzABbLnBlXJv0yfxo0Zy5sGA8FDF4sGdTVjVbWq88aPhuKgKKVTqGoPTn6YdQ0pO8XY+r4WvGi71uc+/M/lnuEk5xrUt6G3n/xaUqi8ctj7XR5qObAHUYv42sOJAAh7yIloLR0A2FuMTwOu2pg6ScPTCikpNK3VDjesSUePdmdKL3DSabtDKZG4mvY3VhXH2iDyRZ07c8iObwb+/a0Q89rXBHa/ZQnOSR3nQI5tv7SUJqJt4M2NadlRtv0I6HxO2cOpw5D2O9Yak0q9brwoE1HvSAvMqwNdFNOXimbwIuf3Y7BVo4gXVWzR3TbWLn5nA4TXnf3+yuW8eI/8wy7foU+C6USEm4jb3hhWdWtnfJw//WdVM8A2JYr1vBDejfULlfCnXNMVBqhhYA/Mcjxcl+FtD3ho5HAgA5BWQoKlsi4d0JOLeKALxEHWJ5RX9Z4+CBJMOlxehggfa17ap+HOfIVO+tYhY0ZZoiW5oMpM0mwBcwr/CZZ9fm7qpCgojs8Tkrl00QXoGNiGgn3/ksPuAwNE1EU0EWe7+0VX9zJ5m3JsIAgCCwkorNwdZH2AK9FcpGWJZOTec2f7MW1Td5kkhQwTQQ0iFxJnGTt4qJv+lqH6LH5yR/v0GnIt4Y+Bs5pcsSU+uv7t4+k4ZDo+aN0imcQXTucxeRXpYlSspVCIOnxtb4e # yamllint disable rule:line-length + template: + metadata: + creationTimestamp: + name: secrets-dcsi + namespace: democratic-csi + type: Opaque diff --git a/k8s/services/factorio/sealedsecrets.yaml b/k8s/services/factorio/sealedsecrets.yaml index 35d603f..5b36966 100644 --- a/k8s/services/factorio/sealedsecrets.yaml +++ b/k8s/services/factorio/sealedsecrets.yaml @@ -1,17 +1,18 @@ +--- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null - name: secrets-factorio - namespace: apps-fuku + creationTimestamp: + name: secrets-factorio + namespace: apps-fuku spec: - encryptedData: - game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g - password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S - token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY= - template: - metadata: - creationTimestamp: null - name: secrets-factorio - namespace: apps-fuku - type: Opaque + encryptedData: + game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g # yamllint disable rule:line-length + password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S # yamllint disable rule:line-length + token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY= # yamllint disable rule:line-length + template: # yamllint disable rule:line-length + metadata: + creationTimestamp: + name: secrets-factorio + namespace: apps-fuku + type: Opaque diff --git a/k8s/services/loki/sealedsecrets.yaml b/k8s/services/loki/sealedsecrets.yaml index 68a5f51..3501c0a 100644 --- a/k8s/services/loki/sealedsecrets.yaml +++ b/k8s/services/loki/sealedsecrets.yaml @@ -2,30 +2,30 @@ apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null - name: secret-grafana-smtp - namespace: monitoring + creationTimestamp: + name: secret-grafana-smtp + namespace: monitoring spec: - encryptedData: - password: AgCZjcF3chb/mg0OuCorxMv9AXmjpIuiRx4Zj7fLg9yKGXyYWUjrKIkuZVy0NyQu4IU8IGxdf7q11xxUc+mc4FWIAar8Lmt//6aAcLCPpbKh903W8g6TeUrJQCqBFqCRhLzjHeCG4WyrgAwjM8xelHl7pQRcG4yad8stnLIhN2rR5Z4Znprvw4xUktpcfc/8DvIN9YnDwFA/+DQpSb1BVpn9c6yODK8aCyktgjkXZsqb5ENfOknPu5GHlWOb8UTrRDPPycXpN/Ld17iySGlg18kbD7dCtpHgJOF3MULmebgQrP1fKfyHtnkQMhUDmmAJxOXXhphoIf3zXDiOSL61Z7bGsdaUjGn6l5IdNPRC2/WnRAnQY4/3iO6uwfQcdyscf33JoSZbEsvuzW7dGZRu60HmujkxACgaGSxU6NXjPlkrptZjcW8C/c6SDP0WYKlRj+vrkjPMudyVKthC6A8Gezl/JnH0uwofqz87SNEkLCpurD9LeJ1h5o30/DOvTm4lXGYU8YvmTgfT0bbvSdjv+i0VKN5QxVnwjymiJqyNdxoR+vOGRSa1xFZusS/lajd6LfMVF4L4XKgyIajzESF5xLy6KO1v29M5F0X/EdPfLjNCRMRgQcTFz7rn82pIrmdt/We9OxioyiNZsJ7k4AKwzlrWPUbbhEI/cP0w8tLm+gRXT1UCz3+nG9NM2f7um3vlotvU/1/QT3oCoKLYWxwDr251wgGNchQzTOYGE5bzvA== - user: AgCZBx77cHwdvxd1wHIR7ztq1PJtbpuH9B90KbiwHmTa2MB66+tBkAPNltCucmLikI9v5k9CtOV7V5tcmhcNGHEyU0Y8rfpcXUsojw2ljNH5nS/lqvxPq80R7rJJA4rbvJFDR/TE8dHhft5OiClb5HGzy99oLfzpXGRq0D90sraedCJea3O9nlZLbgaryQG8mfPONic1P5i4RHYOyB2F2dzdX8vuQNCzMS3n9bnfFDPiGwrYJHkkilXy62xfzEoWj1LTpcvs2tzQf5m8PeTaV+X5c5AKEpvTlHrZTonPsS3LZQ1qghuvgbROhMQspdqlVOajscnZxqbh14B8EiLChGuMsKK2MJoxZbIu+g2PwyGM7Ss4fVKIJJ8IkQCozUC036GssSk6tfNiTYDJkXJPr8e7ylj9dhbAV9nuFh0VW01f6TAbK68ll3QfqCHn60muNc1/fUQ3tQtCFfNHwAmV2GOLkrQXM9fvqyxXXu5CC5ddfNhjvbwtJfvssLdF7MiOWEz9+bXIf2bJhCnnjhzKnqq+hCAbjRTQ5ivFACYSOIoQE0KiN1GFPpYUrzcSLvces5o2oi+23v/iX5hW2Wuxuw2Tf6SxLemBtKUILkKrETkUcB52OIfYOk7Q/0Gpsy+0MIrVPb/eX7IAfhsrCyl8MgL1Db6bPr3YcnLXcKKxJD0sq2WlecOSO3J1bWzRIIIHYrSESoqS5IbQWW8vphCDSRDY/gza6sQ= - template: - metadata: - creationTimestamp: null - name: secret-grafana-smtp - namespace: monitoring + encryptedData: + password: AgCZjcF3chb/mg0OuCorxMv9AXmjpIuiRx4Zj7fLg9yKGXyYWUjrKIkuZVy0NyQu4IU8IGxdf7q11xxUc+mc4FWIAar8Lmt//6aAcLCPpbKh903W8g6TeUrJQCqBFqCRhLzjHeCG4WyrgAwjM8xelHl7pQRcG4yad8stnLIhN2rR5Z4Znprvw4xUktpcfc/8DvIN9YnDwFA/+DQpSb1BVpn9c6yODK8aCyktgjkXZsqb5ENfOknPu5GHlWOb8UTrRDPPycXpN/Ld17iySGlg18kbD7dCtpHgJOF3MULmebgQrP1fKfyHtnkQMhUDmmAJxOXXhphoIf3zXDiOSL61Z7bGsdaUjGn6l5IdNPRC2/WnRAnQY4/3iO6uwfQcdyscf33JoSZbEsvuzW7dGZRu60HmujkxACgaGSxU6NXjPlkrptZjcW8C/c6SDP0WYKlRj+vrkjPMudyVKthC6A8Gezl/JnH0uwofqz87SNEkLCpurD9LeJ1h5o30/DOvTm4lXGYU8YvmTgfT0bbvSdjv+i0VKN5QxVnwjymiJqyNdxoR+vOGRSa1xFZusS/lajd6LfMVF4L4XKgyIajzESF5xLy6KO1v29M5F0X/EdPfLjNCRMRgQcTFz7rn82pIrmdt/We9OxioyiNZsJ7k4AKwzlrWPUbbhEI/cP0w8tLm+gRXT1UCz3+nG9NM2f7um3vlotvU/1/QT3oCoKLYWxwDr251wgGNchQzTOYGE5bzvA== # yamllint disable rule:line-length + user: AgCZBx77cHwdvxd1wHIR7ztq1PJtbpuH9B90KbiwHmTa2MB66+tBkAPNltCucmLikI9v5k9CtOV7V5tcmhcNGHEyU0Y8rfpcXUsojw2ljNH5nS/lqvxPq80R7rJJA4rbvJFDR/TE8dHhft5OiClb5HGzy99oLfzpXGRq0D90sraedCJea3O9nlZLbgaryQG8mfPONic1P5i4RHYOyB2F2dzdX8vuQNCzMS3n9bnfFDPiGwrYJHkkilXy62xfzEoWj1LTpcvs2tzQf5m8PeTaV+X5c5AKEpvTlHrZTonPsS3LZQ1qghuvgbROhMQspdqlVOajscnZxqbh14B8EiLChGuMsKK2MJoxZbIu+g2PwyGM7Ss4fVKIJJ8IkQCozUC036GssSk6tfNiTYDJkXJPr8e7ylj9dhbAV9nuFh0VW01f6TAbK68ll3QfqCHn60muNc1/fUQ3tQtCFfNHwAmV2GOLkrQXM9fvqyxXXu5CC5ddfNhjvbwtJfvssLdF7MiOWEz9+bXIf2bJhCnnjhzKnqq+hCAbjRTQ5ivFACYSOIoQE0KiN1GFPpYUrzcSLvces5o2oi+23v/iX5hW2Wuxuw2Tf6SxLemBtKUILkKrETkUcB52OIfYOk7Q/0Gpsy+0MIrVPb/eX7IAfhsrCyl8MgL1Db6bPr3YcnLXcKKxJD0sq2WlecOSO3J1bWzRIIIHYrSESoqS5IbQWW8vphCDSRDY/gza6sQ= # yamllint disable rule:line-length + template: + metadata: + creationTimestamp: + name: secret-grafana-smtp + namespace: monitoring --- apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null - name: loki-auth-secret - namespace: monitoring + creationTimestamp: + name: loki-auth-secret + namespace: monitoring spec: - encryptedData: - users: AgAoXKtSO3tVMNtgsMfVaaD9gWPDU5S5CvaELp84OqrjV5P4PHsv4En3/uAaXcB3jgZGYJIA3ST8xYQr6E5YCEY6JsgJMh+8Qd14xG9ig0zPuSI00O2H7S6mFfHNm5s78slM38Bj1eR7DvnHAnFy5G4WxUAFEaScAT+Eh3x9RpsjYvDLrSPFKzrDYeF1bmuKBOhh79AgOD/5sz2G7z0B+jBEjjj4KDE4gOWqt03I1xwFxeh7LZhHOtqqNGSKu8hKh2KF2ZmxAFcxdAKhLUfkE8GLDtmH/drtHiDijgRLuL8UekkgPFkMkN1ywPxHOKwoGgUerD123xYN4jOxx5Gl3HBobCpQz82HNFfiUIqlaFxOwg1tz1QpKG1puENtMCfTlQmyYOSSNJg9/DuooKSjWfIT1YunzSBWHMgOrcZtCvtNwecveBTlQszw41ypK5CfvunGoLdQe783uoFezjDWQ5Foxo0OCl54dQLme4MvgJGb9NZs0rfAoz06n4OZmt7sEgEJLj13NA6rDLLOWzoXoXUT9fdB14BfNxj4DqzeRRZgGN7xLzyqO+6DMsmQnV8NhUJKJV+7zxySZbdgIqXlK5cQbnMqtyi8E7ZLE65zg5yCjyL/fx7dNooBDdNS04Bg/H1XT2RPNdvtCgNVtBUP32O23mtdCX9li+HgxoDJqmUFKE95Hi3O/utadbnqXDpw7xihH8cLw3J7Lole9PJJ64caWsT29dr56rPo0LaXRTGHB7Cz9LfqC1ZTr2W1VNU= - template: - metadata: - creationTimestamp: null - name: loki-auth-secret - namespace: monitoring + encryptedData: + users: AgAoXKtSO3tVMNtgsMfVaaD9gWPDU5S5CvaELp84OqrjV5P4PHsv4En3/uAaXcB3jgZGYJIA3ST8xYQr6E5YCEY6JsgJMh+8Qd14xG9ig0zPuSI00O2H7S6mFfHNm5s78slM38Bj1eR7DvnHAnFy5G4WxUAFEaScAT+Eh3x9RpsjYvDLrSPFKzrDYeF1bmuKBOhh79AgOD/5sz2G7z0B+jBEjjj4KDE4gOWqt03I1xwFxeh7LZhHOtqqNGSKu8hKh2KF2ZmxAFcxdAKhLUfkE8GLDtmH/drtHiDijgRLuL8UekkgPFkMkN1ywPxHOKwoGgUerD123xYN4jOxx5Gl3HBobCpQz82HNFfiUIqlaFxOwg1tz1QpKG1puENtMCfTlQmyYOSSNJg9/DuooKSjWfIT1YunzSBWHMgOrcZtCvtNwecveBTlQszw41ypK5CfvunGoLdQe783uoFezjDWQ5Foxo0OCl54dQLme4MvgJGb9NZs0rfAoz06n4OZmt7sEgEJLj13NA6rDLLOWzoXoXUT9fdB14BfNxj4DqzeRRZgGN7xLzyqO+6DMsmQnV8NhUJKJV+7zxySZbdgIqXlK5cQbnMqtyi8E7ZLE65zg5yCjyL/fx7dNooBDdNS04Bg/H1XT2RPNdvtCgNVtBUP32O23mtdCX9li+HgxoDJqmUFKE95Hi3O/utadbnqXDpw7xihH8cLw3J7Lole9PJJ64caWsT29dr56rPo0LaXRTGHB7Cz9LfqC1ZTr2W1VNU= # yamllint disable rule:line-length + template: + metadata: + creationTimestamp: + name: loki-auth-secret + namespace: monitoring diff --git a/k8s/services/loki/traefik-auth-middleware.yaml b/k8s/services/loki/traefik-auth-middleware.yaml index 20e80fa..3c96ad6 100644 --- a/k8s/services/loki/traefik-auth-middleware.yaml +++ b/k8s/services/loki/traefik-auth-middleware.yaml @@ -1,8 +1,9 @@ +--- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: loki-auth-middleware - namespace: monitoring + name: loki-auth-middleware + namespace: monitoring spec: - basicAuth: - secret: loki-auth-secret + basicAuth: + secret: loki-auth-secret diff --git a/k8s/services/miniflux/deployment.yaml b/k8s/services/miniflux/deployment.yaml index 3b16fe2..27b989e 100644 --- a/k8s/services/miniflux/deployment.yaml +++ b/k8s/services/miniflux/deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -68,27 +69,27 @@ spec: name: miniflux env: - name: RUN_MIGRATIONS - value: "1" + value: '1' - name: CREATE_ADMIN - value: "1" + value: '1' - name: OAUTH2_PROVIDER - value: "oidc" + value: oidc - name: OAUTH2_REDIRECT_URL - value: "https://feeds.roboces.dev/oauth2/oidc/callback" + value: https://feeds.roboces.dev/oauth2/oidc/callback - name: OAUTH2_OIDC_DISCOVERY_ENDPOINT - value: "https://auth.fukurokuju.dev/application/o/miniflux/" + value: https://auth.fukurokuju.dev/application/o/miniflux/ - name: OAUTH2_USER_CREATION - value: "1" + value: '1' - name: FETCH_YOUTUBE_WATCH_TIME - value: "1" + value: '1' - name: WORKER_POOL_SIZE - value: "1" + value: '1' - name: POLLING_FREQUENCY - value: "120" + value: '120' - name: BATCH_SIZE - value: "25" + value: '25' - name: METRICS_COLLECTOR - value: "1" + value: '1' - name: METRICS_ALLOWED_NETWORKS value: 10.42.1.0/16 restartPolicy: Always diff --git a/k8s/services/miniflux/ingress.yaml b/k8s/services/miniflux/ingress.yaml index 9684873..c97c2d6 100644 --- a/k8s/services/miniflux/ingress.yaml +++ b/k8s/services/miniflux/ingress.yaml @@ -2,20 +2,20 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: miniflux - namespace: apps-roboces - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / + name: miniflux + namespace: apps-roboces + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / spec: - ingressClassName: traefik - rules: - - host: feeds.roboces.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: miniflux-service - port: - number: 8888 + ingressClassName: traefik + rules: + - host: feeds.roboces.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: miniflux-service + port: + number: 8888 diff --git a/k8s/services/miniflux/poddisruptionbudget.yaml b/k8s/services/miniflux/poddisruptionbudget.yaml index 0792ad1..7724274 100644 --- a/k8s/services/miniflux/poddisruptionbudget.yaml +++ b/k8s/services/miniflux/poddisruptionbudget.yaml @@ -1,10 +1,11 @@ +--- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - name: miniflux-pdb - namespace: apps-roboces + name: miniflux-pdb + namespace: apps-roboces spec: - selector: - matchLabels: - app.kubernetes.io/name: miniflux - maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: miniflux + maxUnavailable: 1 diff --git a/k8s/services/miniflux/sealedsecrets.yaml b/k8s/services/miniflux/sealedsecrets.yaml index 64fedb1..98eb419 100644 --- a/k8s/services/miniflux/sealedsecrets.yaml +++ b/k8s/services/miniflux/sealedsecrets.yaml @@ -2,18 +2,18 @@ apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null - name: miniflux - namespace: apps-roboces + creationTimestamp: + name: miniflux + namespace: apps-roboces spec: - encryptedData: - ADMIN_PASSWORD: AgAEV8w3iDaOhxZJWo1XmUab9No/T5g6ci92Py75+4ijVfgRCTpHsXT7pRBGWrHzfprfvMKUCNn3rxJ7PbUZBRevLtSFXHXP35s1f2uNk++a3M0bddzeNM3a8Co92hAUczO7tSoe2eJXNZUMDedc20sKmjZnELUfitzaV0YVhWnyCBM68d4pLtBbrJud2SMAW1zQGaAenoM/OdNo4jswObLnqp13rF3JLy2HXJ/vFJ/t7z46re3Y8BY0cs1Ct/l+zCvv27lrylRvLeRyI+3XM5Vs7tOQPLchwP5nJZEMN9EBwZ6KuY1IntBsKSvS+RHdDuuZgx4L6Dv0d17MgkDw/dF1vkgpULQZDxWdj6VaS0paS9pFPTzfyuO4ifp6A0Y81NpbqP5X9II8jLnUk6bdha39VMbRy4nuI7kmMFWIXaFggkTC+UiMS3V1GOhefx8BEUwjDdiXaVGPxsjeMse91AfunJEWo/6HsvrgS5pZ8xO02hb8745UyLCJa3OMSAUBrfKYG7yhJ6OuDVKhw7q7TpavLXMkPdLsWgso3reEtkG5wc4LRKtfVwA32UjJadhv1D96q4bGZ+T8xfnmuECJiCINrlsS6bd79D9fyhhzAf/usuEl7f4B8q1hVxQRw5E/WvxSMXl31A2ugggwenkS6MKv5ZkQHC2VzfPdtIcAfabsDdthCbwlHPBMmU7coQ00TBDW90LL8eKpkiWp9YlQ1w== - ADMIN_USERNAME: AgCh0p8Mff/oP++z2Y0cCe7yKeL9+vyklylTLyRKxjluCAcpuIyzqwpCdmWmN1LvCd8hn68UbeKXRSGt8WC0W/AzQ2PzPNpQ0kQCUhFB4N2Mv/UOxT7meXSO+byYYyCR5AyJ3xL5DqVrHXlzbugxkNLcROI5YUwSnKgX4vWrBO4Emklp7YVYDIut3spueE9HiZ8aN/5iV+Cxsw4b3D229rHWqi8NWzWie7xeAU/IScm8B/tbyLYC/EstRKhcThMDiyd8pm5jM/5ubJgAm1P5n0Q1XGYrAtiOnRTDqzGGPGJ7skMDGlYii0z0U3Nb1US7/4Sen0uHXyHIgn8JptQTxAqACE8eFMw0A9Nm+8Ms1ZsxmhnCMQx3bljk0hB9IXBrTQ5rO35+fRVahsTS3aIW1WK1b+2EbHEk5djWheWEml8X6pC41dNH887dc0xB/1pRNlw5mD9z/SRjQRB+rAYPrCzW/GDI43xnGxrgWN6bEiPH+CorqVj8ahIRUffDcI7ZCve6EuXcyeTMGeo5rTg9s7my2KWQCzoXUAJFaNBTbzxhXtr3Rx+l1YtR4zRXcPJQxReu1hMcPhJhJY2rP3M8nUgUZoJY1SbK9tRNWJqurcV4nhyd/w5t67cv+M1uxOTtllsJv5Wg4OMiZAZrKzAgtxJIrM2G/lXTatk02YmFiAYbCEsm/r0IQ8pov4hsJI5ebZyoCWOOgA== - DATABASE_URL: AgCbCyCwXzkW/6gd4XWo+/xyentimc1ERwBXyutbdwW6zT5Z9HqljwGC9u2I3wScAmE1X9IiBvQU2n6+ESqAHtlXpnIJBWEs9muppSR3BhIEhaLtfHCpX7DqxWYPKg0gdWtKK7wbizjRWffHmg1cO/xavjefseAMpvgWS6zaQu5GTXPC0jXgSpiD7kNrge5Fk5wHcJqilj8oTKgHqbAZfhkTMDzqhbxJ49VsI+ItfdGG/dPRXuDvJ9YAeD1/2vHjUBSffcSdAFf/Zgn/XI/YLOyw/zVrPRtm3Plyti0/9yPvHbh9K30uvAlf2H4+mwZkpiDKxrId1/VU1suHu3N7pB8CrmlgXsowJr95juzoF8lTvGSrg7kE4mQaIhE3hAQ5B3OiWnoaN9uHa0Htb4GhjTrsdWVwMxHfsRFVdSwWtITzm3miMuWbQfQ1SGZEI3TU0lexc8UYzbQBHCY5GgU92GTmEQAl84jLMeo+wyVYBIDdTL0sHmFZfv/omiW0lzScZChaKEkJGxRBsju3XG5f7MqLrohWg5uBm+riApEu46a4DGZUV3nNJZPdwnZbProvPTjb0VvAz7jfAFiznxVouS2+CKEH7/FMxkBKDnwagxfd7KAr0gE/RxmuFSq+G9nNoaBTWoEc2V3ViNUCrSlRW8yf19Ow0vP+MfHLWkZ09QjDRLKdxBZpOrda/mxrxFSeqYmK+XA6/uZAigdX3O0Rr8RHYNPLjDCfce37gquD04269Fk2goLS4xEzhiODpADMWFRxPFzw5KDLICXZL3BTEiHNhdYiEOEm53uz7aIG - OAUTH2_CLIENT_ID: AgDOU++RfwYBBQ5zgbO0jbw3TkAzpUGRQmnk4f4pvqdgK+uiHOrjAEmgFUU4PRQ8Q/A0lZcYMP1XY0VRNGnIuqUqLv+xDBQY8+hwRD6lPI/eyw3mLSbWVzHyDm7szv4C1kxmls2hK4Y+T8sIjmquiekDgt9tGVeOO+jo6uVyU8TE80zKoxSUrk++WrviMVXkErtb7VVzJpRDVgU0xns0Ou/xg2t9P5BqzsrubvIrfVhDA7enNSXhsn6ZtjsNweZePGI9CXwTDNlMgqXi67H1Mrz6MwoMXXSRZSv8oRXDn/w8dD7D3DpJ/ZpUQN9WJBShTsqqIk2p8HJJvYUunbPyVaHZ6yCsUI/Lt8Y3kbfJPMjqjIRX9xMu28DstEUqvcCKxdBDghosVyf1v216VO+LMWiwuvF/n6UcCk9arTtejoxdkPz9txyS1Yyv7rqYd6wNEkXgBKmcqflQUQbblglfFgSJc//tQQ7+24LK86RsnO/aElsWu7hOi6TosZao+i3kJ18MYYd+jewJ31gTtlQs4jp3CIgFi1N7RVrp8zOerfe4GO8PdMWJ+CERyyfFtAAD5TSmY0n7F+663RP+GXacHTbhDv7QCqX9LGltq4Z1IcMXbSwqRiW+C1ShQkaaNnWarZQuNmFuihgUE0vCYIm8WiEIJe320X7sdUlQtQ6d/vFFSupgcZqwJLqb5xOagHNRlYcDEg2A9y2TnAIgFzSg4+6UdgMzYxrTgUnuUOz6eLJdbxRuQRsbS3a8 - OAUTH2_CLIENT_SECRET: AgDJ8ClfSTL0vIoD19KLN7sJsslEnZivGvnzNo2fuTmKGYz1Z5e0YZfLwK40reJM+d9ECCrzCeGqQQe/0mxzmzdaciH6p0bLd0/7pLLfnuvy/ObGCrPtIXRojKPu0aGGvJwMs2f5wm24qE5jW2IT08vnNF25NFSYyDxUcefg3zpsfu/Ff3MZtjn9oaDsCxPLTfzGz3NXbHIqVi1b3Er5B/wFLqib28AIwoXwTHepdmJ0+8YcbP1GKuwADNdHre1LDgEMFcgF0AuhlMUEVEKJtrKczdF59HOg2lwPQaHcZEVy1F1hgqBCbQSkI4pVfZ99pmpHRnn9PytNd+3tktdpu9So3TlR+GM8BON/2utlYdDagPBlctdJ+7mwG+PsptG/RSWw6cUqHvTIJp7wcMWT/vqyPsHeXoZy4x9TpLad6EQQHU969+fZN/Sz6d/vpjaqbbkqLACJ/e1PVBHBot/D3y/sCDovebSnJ8+SMsvhrc1kjOZhs5oFcipHxwObSyyJ8sah+Rbz+MgbWNBZ6uuPPEay5T/V12lrT4WfGoMnc1fWe9WDSMXt/GiFCvFhHBJfhcVjaKQ4OZT+TSo4E+guU7B1YvbY6+A7zwke2bdBoSluV10DTo87pp2tCY+x4AKsP1WVIubXa/ck91WsDM44WPYsaZ/F+FkD8P/gFk3eJmGQQx5qOmgzSNldwWtuj74H3TprXId+J22a/La4Qrz0JE/S6Arkfh88UiMCmF0ATb2zwuEYam4FKyKa3iiNMvo/WzEZwIlsCSE3tB2KvnC4Gf6rYO2Ef72fu7jNov8w1Ctu4rgcAk3IrUw3awoT7V3KANOnPMUu+Xp+tVNIXxJv1aAvY+HgR8XQ/h0uFMi556kkgQ== - template: - metadata: - creationTimestamp: null - name: miniflux - namespace: apps-roboces + encryptedData: + ADMIN_PASSWORD: AgAEV8w3iDaOhxZJWo1XmUab9No/T5g6ci92Py75+4ijVfgRCTpHsXT7pRBGWrHzfprfvMKUCNn3rxJ7PbUZBRevLtSFXHXP35s1f2uNk++a3M0bddzeNM3a8Co92hAUczO7tSoe2eJXNZUMDedc20sKmjZnELUfitzaV0YVhWnyCBM68d4pLtBbrJud2SMAW1zQGaAenoM/OdNo4jswObLnqp13rF3JLy2HXJ/vFJ/t7z46re3Y8BY0cs1Ct/l+zCvv27lrylRvLeRyI+3XM5Vs7tOQPLchwP5nJZEMN9EBwZ6KuY1IntBsKSvS+RHdDuuZgx4L6Dv0d17MgkDw/dF1vkgpULQZDxWdj6VaS0paS9pFPTzfyuO4ifp6A0Y81NpbqP5X9II8jLnUk6bdha39VMbRy4nuI7kmMFWIXaFggkTC+UiMS3V1GOhefx8BEUwjDdiXaVGPxsjeMse91AfunJEWo/6HsvrgS5pZ8xO02hb8745UyLCJa3OMSAUBrfKYG7yhJ6OuDVKhw7q7TpavLXMkPdLsWgso3reEtkG5wc4LRKtfVwA32UjJadhv1D96q4bGZ+T8xfnmuECJiCINrlsS6bd79D9fyhhzAf/usuEl7f4B8q1hVxQRw5E/WvxSMXl31A2ugggwenkS6MKv5ZkQHC2VzfPdtIcAfabsDdthCbwlHPBMmU7coQ00TBDW90LL8eKpkiWp9YlQ1w== # yamllint disable rule:line-length + ADMIN_USERNAME: AgCh0p8Mff/oP++z2Y0cCe7yKeL9+vyklylTLyRKxjluCAcpuIyzqwpCdmWmN1LvCd8hn68UbeKXRSGt8WC0W/AzQ2PzPNpQ0kQCUhFB4N2Mv/UOxT7meXSO+byYYyCR5AyJ3xL5DqVrHXlzbugxkNLcROI5YUwSnKgX4vWrBO4Emklp7YVYDIut3spueE9HiZ8aN/5iV+Cxsw4b3D229rHWqi8NWzWie7xeAU/IScm8B/tbyLYC/EstRKhcThMDiyd8pm5jM/5ubJgAm1P5n0Q1XGYrAtiOnRTDqzGGPGJ7skMDGlYii0z0U3Nb1US7/4Sen0uHXyHIgn8JptQTxAqACE8eFMw0A9Nm+8Ms1ZsxmhnCMQx3bljk0hB9IXBrTQ5rO35+fRVahsTS3aIW1WK1b+2EbHEk5djWheWEml8X6pC41dNH887dc0xB/1pRNlw5mD9z/SRjQRB+rAYPrCzW/GDI43xnGxrgWN6bEiPH+CorqVj8ahIRUffDcI7ZCve6EuXcyeTMGeo5rTg9s7my2KWQCzoXUAJFaNBTbzxhXtr3Rx+l1YtR4zRXcPJQxReu1hMcPhJhJY2rP3M8nUgUZoJY1SbK9tRNWJqurcV4nhyd/w5t67cv+M1uxOTtllsJv5Wg4OMiZAZrKzAgtxJIrM2G/lXTatk02YmFiAYbCEsm/r0IQ8pov4hsJI5ebZyoCWOOgA== # yamllint disable rule:line-length + DATABASE_URL: AgCbCyCwXzkW/6gd4XWo+/xyentimc1ERwBXyutbdwW6zT5Z9HqljwGC9u2I3wScAmE1X9IiBvQU2n6+ESqAHtlXpnIJBWEs9muppSR3BhIEhaLtfHCpX7DqxWYPKg0gdWtKK7wbizjRWffHmg1cO/xavjefseAMpvgWS6zaQu5GTXPC0jXgSpiD7kNrge5Fk5wHcJqilj8oTKgHqbAZfhkTMDzqhbxJ49VsI+ItfdGG/dPRXuDvJ9YAeD1/2vHjUBSffcSdAFf/Zgn/XI/YLOyw/zVrPRtm3Plyti0/9yPvHbh9K30uvAlf2H4+mwZkpiDKxrId1/VU1suHu3N7pB8CrmlgXsowJr95juzoF8lTvGSrg7kE4mQaIhE3hAQ5B3OiWnoaN9uHa0Htb4GhjTrsdWVwMxHfsRFVdSwWtITzm3miMuWbQfQ1SGZEI3TU0lexc8UYzbQBHCY5GgU92GTmEQAl84jLMeo+wyVYBIDdTL0sHmFZfv/omiW0lzScZChaKEkJGxRBsju3XG5f7MqLrohWg5uBm+riApEu46a4DGZUV3nNJZPdwnZbProvPTjb0VvAz7jfAFiznxVouS2+CKEH7/FMxkBKDnwagxfd7KAr0gE/RxmuFSq+G9nNoaBTWoEc2V3ViNUCrSlRW8yf19Ow0vP+MfHLWkZ09QjDRLKdxBZpOrda/mxrxFSeqYmK+XA6/uZAigdX3O0Rr8RHYNPLjDCfce37gquD04269Fk2goLS4xEzhiODpADMWFRxPFzw5KDLICXZL3BTEiHNhdYiEOEm53uz7aIG # yamllint disable rule:line-length + OAUTH2_CLIENT_ID: AgDOU++RfwYBBQ5zgbO0jbw3TkAzpUGRQmnk4f4pvqdgK+uiHOrjAEmgFUU4PRQ8Q/A0lZcYMP1XY0VRNGnIuqUqLv+xDBQY8+hwRD6lPI/eyw3mLSbWVzHyDm7szv4C1kxmls2hK4Y+T8sIjmquiekDgt9tGVeOO+jo6uVyU8TE80zKoxSUrk++WrviMVXkErtb7VVzJpRDVgU0xns0Ou/xg2t9P5BqzsrubvIrfVhDA7enNSXhsn6ZtjsNweZePGI9CXwTDNlMgqXi67H1Mrz6MwoMXXSRZSv8oRXDn/w8dD7D3DpJ/ZpUQN9WJBShTsqqIk2p8HJJvYUunbPyVaHZ6yCsUI/Lt8Y3kbfJPMjqjIRX9xMu28DstEUqvcCKxdBDghosVyf1v216VO+LMWiwuvF/n6UcCk9arTtejoxdkPz9txyS1Yyv7rqYd6wNEkXgBKmcqflQUQbblglfFgSJc//tQQ7+24LK86RsnO/aElsWu7hOi6TosZao+i3kJ18MYYd+jewJ31gTtlQs4jp3CIgFi1N7RVrp8zOerfe4GO8PdMWJ+CERyyfFtAAD5TSmY0n7F+663RP+GXacHTbhDv7QCqX9LGltq4Z1IcMXbSwqRiW+C1ShQkaaNnWarZQuNmFuihgUE0vCYIm8WiEIJe320X7sdUlQtQ6d/vFFSupgcZqwJLqb5xOagHNRlYcDEg2A9y2TnAIgFzSg4+6UdgMzYxrTgUnuUOz6eLJdbxRuQRsbS3a8 # yamllint disable rule:line-length + OAUTH2_CLIENT_SECRET: AgDJ8ClfSTL0vIoD19KLN7sJsslEnZivGvnzNo2fuTmKGYz1Z5e0YZfLwK40reJM+d9ECCrzCeGqQQe/0mxzmzdaciH6p0bLd0/7pLLfnuvy/ObGCrPtIXRojKPu0aGGvJwMs2f5wm24qE5jW2IT08vnNF25NFSYyDxUcefg3zpsfu/Ff3MZtjn9oaDsCxPLTfzGz3NXbHIqVi1b3Er5B/wFLqib28AIwoXwTHepdmJ0+8YcbP1GKuwADNdHre1LDgEMFcgF0AuhlMUEVEKJtrKczdF59HOg2lwPQaHcZEVy1F1hgqBCbQSkI4pVfZ99pmpHRnn9PytNd+3tktdpu9So3TlR+GM8BON/2utlYdDagPBlctdJ+7mwG+PsptG/RSWw6cUqHvTIJp7wcMWT/vqyPsHeXoZy4x9TpLad6EQQHU969+fZN/Sz6d/vpjaqbbkqLACJ/e1PVBHBot/D3y/sCDovebSnJ8+SMsvhrc1kjOZhs5oFcipHxwObSyyJ8sah+Rbz+MgbWNBZ6uuPPEay5T/V12lrT4WfGoMnc1fWe9WDSMXt/GiFCvFhHBJfhcVjaKQ4OZT+TSo4E+guU7B1YvbY6+A7zwke2bdBoSluV10DTo87pp2tCY+x4AKsP1WVIubXa/ck91WsDM44WPYsaZ/F+FkD8P/gFk3eJmGQQx5qOmgzSNldwWtuj74H3TprXId+J22a/La4Qrz0JE/S6Arkfh88UiMCmF0ATb2zwuEYam4FKyKa3iiNMvo/WzEZwIlsCSE3tB2KvnC4Gf6rYO2Ef72fu7jNov8w1Ctu4rgcAk3IrUw3awoT7V3KANOnPMUu+Xp+tVNIXxJv1aAvY+HgR8XQ/h0uFMi556kkgQ== # yamllint disable rule:line-length + template: + metadata: + creationTimestamp: + name: miniflux + namespace: apps-roboces diff --git a/k8s/services/miniflux/service.yaml b/k8s/services/miniflux/service.yaml index a5ffd8e..a3bc2d6 100644 --- a/k8s/services/miniflux/service.yaml +++ b/k8s/services/miniflux/service.yaml @@ -1,18 +1,19 @@ +--- apiVersion: v1 kind: Service metadata: - name: miniflux-service - namespace: apps-roboces - labels: - app.kubernetes.io/name: miniflux - app.kubernetes.io/managed-by: argo - app.kubernetes.io/version: 2.1.1 + name: miniflux-service + namespace: apps-roboces + labels: + app.kubernetes.io/name: miniflux + app.kubernetes.io/managed-by: argo + app.kubernetes.io/version: 2.1.1 spec: - selector: - app.kubernetes.io/name: miniflux - type: LoadBalancer - ports: - - name: miniflux-service - protocol: TCP - port: 8888 - targetPort: 8080 + selector: + app.kubernetes.io/name: miniflux + type: LoadBalancer + ports: + - name: miniflux-service + protocol: TCP + port: 8888 + targetPort: 8080