Compare commits
1 Commits
main
...
goaccess_l
Author | SHA1 | Date |
---|---|---|
Mathis | b06b351d41 |
9
Makefile
9
Makefile
|
@ -1,9 +0,0 @@
|
||||||
FOLDERS := infra/traefik infra/storage infra/monitoring infra/authelia apps/namesny-com apps/mlflow apps/gitea apps/code-server apps/dev-container
|
|
||||||
|
|
||||||
all: $(FOLDERS)
|
|
||||||
|
|
||||||
$(FOLDERS):
|
|
||||||
@echo "Deploying $@..."
|
|
||||||
cd $(CURDIR)/$@ && kustomize build --enable-helm --enable-alpha-plugins --enable-exec . | kubectl apply -f -
|
|
||||||
|
|
||||||
.PHONY: deploy $(FOLDERS)
|
|
|
@ -17,7 +17,7 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: init-chmod-data
|
- name: init-chmod-data
|
||||||
image: busybox:1.36@sha256:34b191d63fbc93e25e275bfccf1b5365664e5ac28f06d974e8d50090fbb49f41
|
image: busybox:1.36
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
|
@ -30,7 +30,7 @@ spec:
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /home/coder
|
mountPath: /home/coder
|
||||||
containers:
|
containers:
|
||||||
- image: codercom/code-server:4.89.1-ubuntu@sha256:d7faf97bc59933b398d5df5c5aec786637a9e40ae8c842bb8d23ca20e0946739
|
- image: codercom/code-server:4.20.0
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: code-server
|
name: code-server
|
||||||
args:
|
args:
|
||||||
|
|
|
@ -1,32 +0,0 @@
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: dev-container
|
|
||||||
namespace: dev
|
|
||||||
labels:
|
|
||||||
app: dev-container
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: dev-container
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: dev-container
|
|
||||||
spec:
|
|
||||||
securityContext:
|
|
||||||
fsGroup: 1000
|
|
||||||
containers:
|
|
||||||
- name: dev-container
|
|
||||||
image: git.namesny.com/mathis/dev-container:2024-04-25@sha256:54e0a338fec52e4f124bb8b9030892bbb85b61717f237107377a2ad1d1db567c
|
|
||||||
imagePullPolicy: Always
|
|
||||||
ports:
|
|
||||||
- containerPort: 7681
|
|
||||||
volumeMounts:
|
|
||||||
- name: projects
|
|
||||||
mountPath: /home/dev/projects
|
|
||||||
volumes:
|
|
||||||
- name: projects
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: dev-projects
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: traefik.io/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: dev-cnt-ingress
|
|
||||||
namespace: dev
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`dev.namesny.com`)
|
|
||||||
kind: Rule
|
|
||||||
middlewares:
|
|
||||||
- name: "auth-authelia@kubernetescrd"
|
|
||||||
services:
|
|
||||||
- name: dev-cnt-svc
|
|
||||||
port: 7681
|
|
|
@ -1,11 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: dev
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- pvc.yaml
|
|
||||||
- deployment.yaml
|
|
||||||
- service.yaml
|
|
||||||
- ingress.yaml
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: dev
|
|
|
@ -1,12 +0,0 @@
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: dev-projects
|
|
||||||
namespace: dev
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 10Gi
|
|
||||||
storageClassName: retain-local-path
|
|
|
@ -1,13 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: dev-cnt-svc
|
|
||||||
namespace: dev
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app: dev-container
|
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 7681
|
|
||||||
targetPort: 7681
|
|
|
@ -5,10 +5,7 @@ postgresql-ha:
|
||||||
postgresql:
|
postgresql:
|
||||||
enabled: true
|
enabled: true
|
||||||
image:
|
image:
|
||||||
registry: docker.io
|
tag: 15.3.0-debian-11-r24
|
||||||
repository: bitnami/postgresql
|
|
||||||
tag: 15.3.0-debian-11-r24
|
|
||||||
digest: sha256:fff6086d557d962422c6d751b6723877642170bbcc25d6f23e5c2c2f079987d5
|
|
||||||
primary:
|
primary:
|
||||||
persistence:
|
persistence:
|
||||||
storageClass: retain-local-path
|
storageClass: retain-local-path
|
||||||
|
@ -36,7 +33,7 @@ gitea:
|
||||||
cache:
|
cache:
|
||||||
ADAPTER: memory
|
ADAPTER: memory
|
||||||
queue:
|
queue:
|
||||||
TYPE: channel
|
TYPE: level
|
||||||
server:
|
server:
|
||||||
BUILTIN_SSH_SERVER_USER: git
|
BUILTIN_SSH_SERVER_USER: git
|
||||||
ROOT_URL: https://git.namesny.com
|
ROOT_URL: https://git.namesny.com
|
||||||
|
|
|
@ -7,7 +7,6 @@ resources:
|
||||||
- gitea-ingress.yaml
|
- gitea-ingress.yaml
|
||||||
- runner-pvc.yaml
|
- runner-pvc.yaml
|
||||||
- runner-deployment.yaml
|
- runner-deployment.yaml
|
||||||
- ./restic
|
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
- secret-generator.yaml
|
- secret-generator.yaml
|
||||||
|
@ -15,8 +14,15 @@ generators:
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: gitea
|
- name: gitea
|
||||||
releaseName: gitea
|
releaseName: gitea
|
||||||
version: 10.2.0
|
version: 10.0.2
|
||||||
repo: https://dl.gitea.io/charts/
|
repo: https://dl.gitea.io/charts/
|
||||||
namespace: gitea
|
namespace: gitea
|
||||||
valuesMerge: merge
|
valuesMerge: merge
|
||||||
valuesFile: gitea-values.yaml
|
valuesFile: gitea-values.yaml
|
||||||
|
- name: renovate
|
||||||
|
releaseName: renovate
|
||||||
|
version: 37.115.0
|
||||||
|
repo: https://docs.renovatebot.com/helm-charts
|
||||||
|
namespace: gitea
|
||||||
|
valuesFile: renovate-bot-values.yaml
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: renovate-bot-secret
|
||||||
|
namespace: gitea
|
||||||
|
stringData:
|
||||||
|
RENOVATE_AUTODISCOVER: ENC[AES256_GCM,data:20/nNkA=,iv:o6OgPwx03/U7kHbO4WBh1HVLAdr8HBsWWGRlrIx3ZvE=,tag:7BpQuJpwI20Jqlf0zrVqBA==,type:str]
|
||||||
|
RENOVATE_ENDPOINT: ENC[AES256_GCM,data:PfAFF87I1COu9aGUf8uxPbzaUeyYvFpHmlK5DuP6,iv:JUgHIzaTSjCGpGucftT9AzFB7Gclwau8y9o2cbEJ2XU=,tag:52QvbgdaJRVTB5ARW0gn2Q==,type:str]
|
||||||
|
RENOVATE_GIT_AUTHOR: ENC[AES256_GCM,data:5tCkXdiheQkI293yf7Fh0Tb1kvWtDXHTIikP21IJQgFUyw==,iv:L1x3FDp6m/oJRq4Gcp3lusUF8Fufx+wWUVUQeYerDGk=,tag:h2XSao9P/wDHTpPRhEzVuQ==,type:str]
|
||||||
|
RENOVATE_PLATFORM: ENC[AES256_GCM,data:5bRuvgQ=,iv:m2RtjwWANMCNjXaEmzZc8QZKff5oxy+cVazmM0Qs6bE=,tag:Zp+2HLlEJgSZB0U2xRS2uw==,type:str]
|
||||||
|
RENOVATE_TOKEN: ENC[AES256_GCM,data:lPV9X8pZsSHzb7xFLuQ0Ixg5EaBgsuEmCFvXSkmxImUnImAKWINjBw==,iv:/hkxQNNqLcH/pbYs/Mn4P9FW1/DOIOKAUEjZNutoZok=,tag:Pd/NCxYZRJVaUiWT9FaMcA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0NWRIZnROK3dkY0xMa1ha
|
||||||
|
cXBINWpXU000YXQ5QW0zMjllRnlzOEJoRlVZClhCUWhqK0M4bTVqNjBFR05LU1NP
|
||||||
|
ejJaaHJSc003Q0V6UlpzWFdCTnd5RVEKLS0tIDllcVhFUE51Z1VsOGVJZ216TVdE
|
||||||
|
eVhjc2VlOVROOC9oakF3K29nODdEM0EKZkIo+FdHZAyQ9ogoK9994B0q5lkWWXOw
|
||||||
|
EgXamhJ800zjy9zFeO6bxPMsgPze1iNshhlV7HjT8uh+qs5laCqatg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-11-28T21:31:06Z"
|
||||||
|
mac: ENC[AES256_GCM,data:O/Vw1S40Dz0g6Fo9K87iCIFh3TSNW4/f+mWNnbjPpjehj1+JbOovpchjizI1c+OZ++/rqlow8Ib/yesMDdPd16ErkyHgINMBtLuqfUYJ1WSwg52Rp5zfZP7eSXHTeqcGuuASIfzEcclZ/5QIPeiSOJG5iSAl/MDeNte6/YwEqQo=,iv:lieOLB5tOP4XagOr+cRWQZQC00EHz9UUcx7e2uwUjpU=,tag:JJ4YgTKMCZtujAJfi+TcxA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,12 @@
|
||||||
|
renovate:
|
||||||
|
config : |
|
||||||
|
{
|
||||||
|
"repositories": ["Cluster/k3s-configs", "Cluster/mlflow"]
|
||||||
|
}
|
||||||
|
persistence:
|
||||||
|
cache:
|
||||||
|
enabled: true
|
||||||
|
storageClass: retain-local-path
|
||||||
|
existingSecret: renovate-bot-secret
|
||||||
|
apiVersionOverrides:
|
||||||
|
cronjob: 'batch/v1'
|
|
@ -1,22 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
# Set up colors
|
|
||||||
GREEN='\033[0;32m'
|
|
||||||
NC='\033[0m'
|
|
||||||
|
|
||||||
echo -e "\n${GREEN}`date` - Starting backup...${NC}\n"
|
|
||||||
|
|
||||||
restic unlock
|
|
||||||
|
|
||||||
# Gitea
|
|
||||||
echo -e "\n${GREEN}`date` - Backing up Gitea...${NC}\n"
|
|
||||||
gitea=$(kubectl get deploy -n gitea -l app=gitea -o name --no-headers=true)
|
|
||||||
kubectl scale -n gitea --replicas=0 $gitea
|
|
||||||
restic backup /gitea
|
|
||||||
restic backup /backup/postgres_backup.dump
|
|
||||||
kubectl scale -n gitea --replicas=1 $gitea
|
|
||||||
|
|
||||||
# Forget and prune
|
|
||||||
echo -e "\n${GREEN}`date` - Running forget and prune...${NC}\n"
|
|
||||||
restic forget --prune --keep-daily 7 --keep-weekly 2
|
|
||||||
echo -e "\n${GREEN}`date` - Backup finished.${NC}\n"
|
|
|
@ -1,58 +0,0 @@
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: CronJob
|
|
||||||
metadata:
|
|
||||||
name: restic-backup-cronjob
|
|
||||||
namespace: gitea
|
|
||||||
spec:
|
|
||||||
schedule: "0 3 * * *" # Cron expression for running daily at 2 AM
|
|
||||||
jobTemplate:
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
|
|
||||||
serviceAccountName: restic-sa
|
|
||||||
hostname: restic-cronjob
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- name: gitea-data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: gitea-shared-storage
|
|
||||||
- name: restic-backup-vol
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: restic-backup-vol
|
|
||||||
- name: backup-script-vol
|
|
||||||
configMap:
|
|
||||||
name: restic-backup-script
|
|
||||||
|
|
||||||
initContainers:
|
|
||||||
- name: postgres-dump-init
|
|
||||||
image: bitnami/postgresql:16.3.0-debian-12-r17@sha256:5f5da81926e99bde90bd188bb43bf8de4bbcc1da45087e375631693e82d8b1c7
|
|
||||||
command: ["/bin/sh", "-c"]
|
|
||||||
args: ["pg_dump -h gitea-postgresql -p 5432 -U gitea gitea -Fc > /backup/postgres_backup.dump"]
|
|
||||||
env:
|
|
||||||
- name: PGPASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: gitea-postgresql
|
|
||||||
key: password
|
|
||||||
volumeMounts:
|
|
||||||
- name: restic-backup-vol
|
|
||||||
mountPath: /backup
|
|
||||||
|
|
||||||
containers:
|
|
||||||
- name: restic-container
|
|
||||||
image: git.namesny.com/cluster/restic:latest@sha256:8efb9776d9b3250012d17bbfff865420e5ffa0688010d006448c4ff358b0ee32
|
|
||||||
imagePullPolicy: Always
|
|
||||||
command: ["/bin/sh", "/app/backup.sh"]
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: restic-secret
|
|
||||||
volumeMounts:
|
|
||||||
- name: restic-backup-vol
|
|
||||||
mountPath: /backup
|
|
||||||
- name: gitea-data
|
|
||||||
mountPath: /gitea
|
|
||||||
- name: backup-script-vol
|
|
||||||
mountPath: /app
|
|
||||||
|
|
||||||
restartPolicy: OnFailure
|
|
|
@ -1,28 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Pod
|
|
||||||
metadata:
|
|
||||||
name: restic-debug-pod
|
|
||||||
namespace: gitea
|
|
||||||
spec:
|
|
||||||
serviceAccountName: restic-sa
|
|
||||||
volumes:
|
|
||||||
- name: restic-backup-vol
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: restic-backup-vol
|
|
||||||
- name: gitea-data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: gitea-shared-storage
|
|
||||||
containers:
|
|
||||||
- name: restic-debug
|
|
||||||
image: git.namesny.com/cluster/restic:latest@sha256:8efb9776d9b3250012d17bbfff865420e5ffa0688010d006448c4ff358b0ee32
|
|
||||||
command: ["/bin/sh", "-c"]
|
|
||||||
args: ["sleep infinity"]
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: restic-secret
|
|
||||||
volumeMounts:
|
|
||||||
- name: restic-backup-vol
|
|
||||||
mountPath: /backup
|
|
||||||
- name: gitea-data
|
|
||||||
mountPath: /gitea
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: gitea
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- service-account.yaml
|
|
||||||
- role.yaml
|
|
||||||
- role-binding.yaml
|
|
||||||
- pvc.yaml
|
|
||||||
- debug-pod.yaml
|
|
||||||
- cronjob.yaml
|
|
||||||
|
|
||||||
generators:
|
|
||||||
- secret-generator.yaml
|
|
||||||
|
|
||||||
configMapGenerator:
|
|
||||||
- name: restic-backup-script
|
|
||||||
namespace: gitea
|
|
||||||
files:
|
|
||||||
- ./backup.sh
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: restic-backup-vol
|
|
||||||
namespace: gitea
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 5Gi
|
|
||||||
storageClassName: retain-local-path
|
|
|
@ -1,13 +0,0 @@
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: restic-role-binding
|
|
||||||
namespace: gitea
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: restic-sa
|
|
||||||
namespace: gitea
|
|
||||||
roleRef:
|
|
||||||
kind: Role
|
|
||||||
name: restic-role
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
|
@ -1,9 +0,0 @@
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
name: restic-role
|
|
||||||
namespace: gitea
|
|
||||||
rules:
|
|
||||||
- apiGroups: ["apps"]
|
|
||||||
resources: ["deployments", "deployments/scale"]
|
|
||||||
verbs: ["get", "list", "update", "patch"]
|
|
|
@ -1,11 +0,0 @@
|
||||||
apiVersion: viaduct.ai/v1
|
|
||||||
kind: ksops
|
|
||||||
metadata:
|
|
||||||
name: restic-secret-generator
|
|
||||||
annotations:
|
|
||||||
config.kubernetes.io/function: |
|
|
||||||
exec:
|
|
||||||
path: ksops
|
|
||||||
files:
|
|
||||||
- ./secret.enc.yaml
|
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: restic-secret
|
|
||||||
namespace: gitea
|
|
||||||
stringData:
|
|
||||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:IjDw3i+8BIvA816obn5BpQBTkzo=,iv:A/CrhyIm5kljCwvneQziux36O6+SWG5Z9mOlV+mRIXQ=,tag:XVh4X8Xf587nmbDCtgazAg==,type:str]
|
|
||||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:WdfHxdXnPOLvIOecN+WFONAEDr2Sc/r6bKQ/H9KS1BT2C9cj,iv:GCY6MaSEhu9WEsVA23hWN30Ix7x6dz/umNRsQ0jsb8I=,tag:8Qa0dvU3bq+J2S6trBDFDw==,type:str]
|
|
||||||
RESTIC_REPOSITORY: ENC[AES256_GCM,data:FZCqro3fpgQ7NJc+4ORVC2yWdqMNCLd4AjCwdolXgu5uJXq0IQ==,iv:nWttNrSvFpcj1HMOFwZNfJqVUy0esR7fVXlvidp3MlY=,tag:T0HzAZ/w83IFrvap8Gx3gg==,type:str]
|
|
||||||
RESTIC_PASSWORD: ENC[AES256_GCM,data:PjSE4FejVPW8e8e/PDtoSCsuskI=,iv:MTUMYim3obMHaYBEoEJBMEj9GMbaqdbdVV09o3ep/fw=,tag:pQ6vakVWHUdk4F/PwqpgAw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RTlocERzUmtUdnhsNHJk
|
|
||||||
SkNXZFpVdmM5Y1hnQlQzcUg1OUxNYkRiaEFZCi82MW9TbkI2VCtjMDVKYTlWTVBs
|
|
||||||
QVZMekVoT1JSQWRZV3F3SHgxOGR3a2sKLS0tIGJCd21aY05jS0xva2RmclBlQWdl
|
|
||||||
UVZSNm9pRUM3YmFFSWl3NGNUdnZOOGsKIuepNrrdgoNoOMZQ77cIrtwPTL8acahG
|
|
||||||
paE+K2EKa8pqXnAVkxORTkUYRlorKRLjiyalxrDZYsMAbCSrrtfx/A==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-01-30T17:21:08Z"
|
|
||||||
mac: ENC[AES256_GCM,data:mR4vi8WLLiuUY5i7NgIYHfAZcBsQ3u2Cg9TtXcFtwtDAuyy9Xzx07yeR1HC0D+YhiAu+mYAJPmk6jHZsCE2OX26sLTyvEULqDQc71sCgM8dsyl50hoZ2BsbY7o6g8D9Yks+2szuKmlxZ0nN5aHxcf+67+gotzjlBfcmLx+E1TfA=,iv:+9Kv7ZwGoMU0QBTvCgq232nHo+tjoeHTJBdOuOiqpPk=,tag:9VrOFmUFbdiPKSWnt+8z7w==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,5 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: restic-sa
|
|
||||||
namespace: gitea
|
|
|
@ -24,13 +24,9 @@ spec:
|
||||||
claimName: act-runner-vol
|
claimName: act-runner-vol
|
||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 1001
|
fsGroup: 1001
|
||||||
initContainers:
|
|
||||||
- name: wait-for-gitea
|
|
||||||
image: busybox:1.36@sha256:34b191d63fbc93e25e275bfccf1b5365664e5ac28f06d974e8d50090fbb49f41
|
|
||||||
command: ['sh', '-c', "until wget https://git.namesny.com 2>/dev/null; do echo waiting for gitea; sleep 2; done"]
|
|
||||||
containers:
|
containers:
|
||||||
- name: runner
|
- name: runner
|
||||||
image: gitea/act_runner:latest-dind-rootless@sha256:2f4c10a8354062ff3f8faa1df17006e650dcf21853a34713dfc2ed961f6ca50f
|
image: gitea/act_runner:nightly-dind-rootless
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
env:
|
env:
|
||||||
- name: DOCKER_HOST
|
- name: DOCKER_HOST
|
||||||
|
|
|
@ -8,5 +8,5 @@ metadata:
|
||||||
path: ksops
|
path: ksops
|
||||||
files:
|
files:
|
||||||
- ./gitea-admin-secret.enc.yaml
|
- ./gitea-admin-secret.enc.yaml
|
||||||
|
- ./renovate-bot-secret.enc.yaml
|
||||||
- ./runner-secret.enc.yaml
|
- ./runner-secret.enc.yaml
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ generators:
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
releaseName: postgresql
|
releaseName: postgresql
|
||||||
version: 15.5.28
|
version: 13.2.24
|
||||||
repo: oci://registry-1.docker.io/bitnamicharts
|
repo: oci://registry-1.docker.io/bitnamicharts
|
||||||
namespace: mlflow
|
namespace: mlflow
|
||||||
valuesInline:
|
valuesInline:
|
||||||
|
|
|
@ -15,7 +15,7 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: minio
|
- name: minio
|
||||||
image: minio/minio:latest@sha256:0bd79595dbcf155782860716abf4cf79d5ee32a9508b60fa1a88793bbe55b245
|
image: quay.io/minio/minio:RELEASE.2023-12-09T18-17-51Z
|
||||||
command:
|
command:
|
||||||
- /bin/bash
|
- /bin/bash
|
||||||
- -c
|
- -c
|
||||||
|
|
|
@ -17,7 +17,7 @@ spec:
|
||||||
- name: gitea-regcred
|
- name: gitea-regcred
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: init-s3-bucket
|
- name: init-s3-bucket
|
||||||
image: minio/mc:latest@sha256:10fea08805ab76fe9b8ff0d3755db7af3f5a2468a60a48826bd21ec7c8b5000e
|
image: minio/mc
|
||||||
command: ["/bin/sh", "-c"]
|
command: ["/bin/sh", "-c"]
|
||||||
args:
|
args:
|
||||||
- until mc alias set mlflow-minio http://minio-svc.mlflow.svc.cluster.local:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; do sleep 5; done;
|
- until mc alias set mlflow-minio http://minio-svc.mlflow.svc.cluster.local:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; do sleep 5; done;
|
||||||
|
@ -30,18 +30,9 @@ spec:
|
||||||
name: minio-admin-secret
|
name: minio-admin-secret
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: minio-user-secret
|
name: minio-user-secret
|
||||||
- name: init-db-upgrade
|
|
||||||
image: git.namesny.com/cluster/mlflow:latest@sha256:9d935268bc318d6cadbfe8d480744ce898cdfb906be5ba7125ab87c555894798
|
|
||||||
envFrom:
|
|
||||||
- secretRef:
|
|
||||||
name: mlflow-secret
|
|
||||||
command: ["/bin/sh", "-c"]
|
|
||||||
args:
|
|
||||||
- mlflow db upgrade $MLFLOW_BACKEND_STORE_URI;
|
|
||||||
exit 0;
|
|
||||||
containers:
|
containers:
|
||||||
- name: mlflow
|
- name: mlflow
|
||||||
image: git.namesny.com/cluster/mlflow:latest@sha256:9d935268bc318d6cadbfe8d480744ce898cdfb906be5ba7125ab87c555894798
|
image: git.namesny.com/cluster/mlflow:2.9.1
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
args:
|
args:
|
||||||
- --host=0.0.0.0
|
- --host=0.0.0.0
|
||||||
|
|
|
@ -19,6 +19,17 @@ spec:
|
||||||
- name: gitea-regcred
|
- name: gitea-regcred
|
||||||
containers:
|
containers:
|
||||||
- name: namesny-com
|
- name: namesny-com
|
||||||
image: git.namesny.com/mathis/namesny-com:2024-04-22@sha256:df51fff0dcc4e252b13f3c61debf2b3e2335e4c8e2d7441174457d9e7709a6ea
|
image: git.namesny.com/mathis/namesny-com:2023-12-28
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
|
volumeMounts:
|
||||||
|
- name: access-logs
|
||||||
|
mountPath: /var/log/nginx/access.log
|
||||||
|
- name: goaccess
|
||||||
|
image: allinurl/goaccess
|
||||||
|
ports:
|
||||||
|
- containerPort: 7890
|
||||||
|
volumeMounts:
|
||||||
|
- name: access-logs
|
||||||
|
mountPath: /var/log/nginx/access.log
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: namesny-com-svc
|
||||||
|
namespace: namesny-com
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: namesny-com
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 7890
|
||||||
|
targetPort: 7890
|
|
@ -6,6 +6,7 @@ namespace: auth
|
||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
|
- basic-auth-middleware.yaml
|
||||||
- forward-auth-middleware.yaml
|
- forward-auth-middleware.yaml
|
||||||
|
|
||||||
generators:
|
generators:
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: k9s
|
|
||||||
namespace: k9s
|
|
||||||
labels:
|
|
||||||
app: k9s
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: k9s
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: k9s
|
|
||||||
spec:
|
|
||||||
serviceAccountName: k9s-sa
|
|
||||||
containers:
|
|
||||||
- name: k9s
|
|
||||||
image: ghcr.io/lordmathis/k9s-web:latest@sha256:6db8f8812fa09a93433682bb64a32c16ddf8286091f2886699dd4b84f875d150
|
|
||||||
ports:
|
|
||||||
- containerPort: 7681
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: traefik.io/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: k9s-ingress
|
|
||||||
namespace: k9s
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
- match: Host(`k9s.namesny.com`)
|
|
||||||
kind: Rule
|
|
||||||
middlewares:
|
|
||||||
- name: "auth-authelia@kubernetescrd"
|
|
||||||
services:
|
|
||||||
- name: k9s-svc
|
|
||||||
port: 7681
|
|
|
@ -1,11 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
namespace: k9s
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
- rbac.yaml
|
|
||||||
- deployment.yaml
|
|
||||||
- service.yaml
|
|
||||||
- ingress.yaml
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: k9s
|
|
|
@ -1,35 +0,0 @@
|
||||||
---
|
|
||||||
kind: ClusterRole
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: k9s-reader
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["*"]
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["apps"]
|
|
||||||
resources: ["*"]
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["batch"]
|
|
||||||
resources: ["*"]
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: k9s
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: k9s-sa
|
|
||||||
namespace: k9s
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: k9s-reader
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: k9s-sa
|
|
||||||
namespace: k9s
|
|
|
@ -1,13 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: k9s-svc
|
|
||||||
namespace: k9s
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app: k9s
|
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 7681
|
|
||||||
targetPort: 7681
|
|
|
@ -1,18 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
generatorOptions:
|
|
||||||
disableNameSuffixHash: true
|
|
||||||
namespace: monitoring
|
|
||||||
resources:
|
|
||||||
- namespace.yaml
|
|
||||||
|
|
||||||
generators:
|
|
||||||
- ./secret-generator.yaml
|
|
||||||
|
|
||||||
helmCharts:
|
|
||||||
- name: k8s-monitoring
|
|
||||||
releaseName: grafana-k8s-monitoring
|
|
||||||
version: 1.0.13
|
|
||||||
repo: https://grafana.github.io/helm-charts
|
|
||||||
namespace: monitoring
|
|
||||||
valuesFile: values.yaml
|
|
|
@ -1,29 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: loki-secret
|
|
||||||
namespace: monitoring
|
|
||||||
stringData:
|
|
||||||
host: ENC[AES256_GCM,data:rVMcsxS2yzOC+SeqPlVOVLlg/FviDoT79Z00NTi9nKHu,iv:vKZvn0b9lLMWsBbAvBIfAf/fkQ1KSIkXMJi4hTr+tHY=,tag:PIAZm1O/QbH6Ad3yMRmEvQ==,type:str]
|
|
||||||
username: ENC[AES256_GCM,data:HViufT0S,iv:g4LldPUsiALA6KUXn6xg1dxO1PaEx7PqKbpaTFbtcoQ=,tag:Asad1eWQKJOFCulm3xJBYg==,type:str]
|
|
||||||
password: ENC[AES256_GCM,data:KzafvYQ9hLeZcwTAJpE9z0ZDpGQL0lVMk7tSRKp6yQFZBl+u0V4u4leBtUDPm80605dP0BidHKL9MQ5c+2iayxjoBoBDDH6YDLjytN+2TnTU8fabY1wRYiAInOPxitcdoPLVzcw1/1DH9qiPJu7pdMWoz/JdM2PbHILW4G0uY/T9HERAwA28FX0R5sfQnfRPfaxSoea4HAMB2IG3lXn5wvwwsc2JZ+1KkInZ3XYg/vv0KwLD,iv:aWrgu6B2O9Is7tYqnSgTlz1fhYQEB5TIS4xl9PKoFwc=,tag:KLYaUsF6fDxHzXJdjnwHwQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcGE2VTZPcmpPQVNLbW5s
|
|
||||||
U3ZNaVZnMkRhOCtpYk1KdUpSalArRXI3VTFrClJORVVDRXBCM01lQVlnbjQ1RVhT
|
|
||||||
aFJEdk5oOHBVK1VJWTFwRXI5YXZmeUUKLS0tIEcwWmp5aHRDMHVrNFg0bnhVV2FI
|
|
||||||
UGpPaU54QjM4Y0pIQ0I3elVXakl0Uk0KXqd8LjaLjwzcgzi0WBAHBJLjNaP8yqKB
|
|
||||||
zQsrvGJvSIo3TdEVaRGvM9F/4nsLmQC6mYfENwtlyV4IWn0w8psMyw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-27T14:02:57Z"
|
|
||||||
mac: ENC[AES256_GCM,data:kkWKaG6+dobfZjr7xlKyJs5FOOSP8UXRci2wOhVKoa9BnWONdeKHIP8L4+xFvxXGs69EAUK0242ZM+cpPge8XtTFCbq9z+23OcFZej0nlO9yQxEOwTEE/zmOqnh8s3j3hmOUlyQPzgnLubbwiMEdhtHky/YdffziM8K1b+u4EPc=,iv:JpD6gj9vRp8Iap1+wH6zaewDUAubRJlUaicupoeVQkc=,tag:S+IG9K+wgkazgLi7tUIbSw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,4 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: monitoring
|
|
|
@ -1,29 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: prometheus-secret
|
|
||||||
namespace: monitoring
|
|
||||||
stringData:
|
|
||||||
host: ENC[AES256_GCM,data:2GDOS1737kJ2xTjloQolicFSyalglzI3qlUl2mZo1rIvYLwrHipetqjEkYHQSiA096jvtsU=,iv:bUfdSzfnEqXwv4eozpepwabPiSH792aW0GOtTChORKw=,tag:j8pPRVIvqLkjUBcMUV4poQ==,type:str]
|
|
||||||
username: ENC[AES256_GCM,data:0ZQu0t4iJw==,iv:stS/U68x0ZglXPAa3eICmzlEtCEd1nnO2B+hwPzOvHE=,tag:vWVe2D8cpL4BKn9odjP+ZQ==,type:str]
|
|
||||||
password: ENC[AES256_GCM,data:VuugS5hwdaFE81ig8INkvLzO0M/81cvSenMuEUeOgcDL9b1H58YT65WFu/ouO1cCd3hF6SWChcLmfw2Z9wCTqhDnUiQ/JnLOriBqDeQFBK9qY5rPnHX/efvXRcNfwNUoQqlPAjUfubyjduPmHxtYHw62Ov0KSo3sG9ExWdNWEVkTUgXp662Al6E24njxMTSFssy4zY75Cwz0a9Uw9ILPnLnRwe1XIPdXL9PhAzUEVuRWycqC,iv:BO9HdE+Ql1TQ1j+0MF0NdiW5DVTbShLEduEFbMMIR8U=,tag:GA/u1MBBJaaWFF93N0i37A==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdFhzSDEwdjZDVTRxN3Yx
|
|
||||||
OExHd3BYekx4TllPVi96c2JHamdQTlpaUHdrCi90dXBjaFBTSTA4c0JsbWt2WTBm
|
|
||||||
anB5NXkxeS9IbU9TT3dseGRjME1PeEUKLS0tIGhLUi9GQUNvczhId2k5RExNQ2lk
|
|
||||||
S3ZLUVNvd1BKWjZhRXVrR2NJV3FrMDAKxvoeNeR+mYBCEd4JtU+L52M0Lhj1W07H
|
|
||||||
UbD0+Bi8KTJWGWPVPm4prPA2jqk7zKhZ7BeSkZtwp1QQ+tVJF52fAA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-27T14:03:01Z"
|
|
||||||
mac: ENC[AES256_GCM,data:i02frS7UI//prqlbCnFF9D+mpcUnshgZ7YCeJwk5/SCZh9QJEDDAgANpz5V8rnp4v3NQlQt1mT6JWvi/N6MgfeePvwvNT85Hewo1iH2wPbyB4IMA2n4qJ8oK5lAYy/7WR/Cvi9LD/4FedTQ0xvNsj/GECwbI8YMmvUz3EUo3W3Y=,iv:ywp0ojCYd1rahm8Ltk821bLcofynCjv5mEv6QR9RDTs=,tag:UxKEpd09IB1H8GlZbXqhPw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
|
||||||
version: 3.8.1
|
|
|
@ -1,11 +0,0 @@
|
||||||
apiVersion: viaduct.ai/v1
|
|
||||||
kind: ksops
|
|
||||||
metadata:
|
|
||||||
name: monitoring-secret-generator
|
|
||||||
annotations:
|
|
||||||
config.kubernetes.io/function: |
|
|
||||||
exec:
|
|
||||||
path: ksops
|
|
||||||
files:
|
|
||||||
- ./loki-secret.enc.yaml
|
|
||||||
- ./prometheus-secret.enc.yaml
|
|
|
@ -1,44 +0,0 @@
|
||||||
cluster:
|
|
||||||
name: auberon
|
|
||||||
externalServices:
|
|
||||||
prometheus:
|
|
||||||
secret:
|
|
||||||
create: false
|
|
||||||
name: prometheus-secret
|
|
||||||
namespace: monitoring
|
|
||||||
loki:
|
|
||||||
secret:
|
|
||||||
create: false
|
|
||||||
name: loki-secret
|
|
||||||
namespace: monitoring
|
|
||||||
metrics:
|
|
||||||
enabled: true
|
|
||||||
cost:
|
|
||||||
enabled: false
|
|
||||||
node-exporter:
|
|
||||||
enabled: true
|
|
||||||
logs:
|
|
||||||
enabled: true
|
|
||||||
pod_logs:
|
|
||||||
enabled: true
|
|
||||||
cluster_events:
|
|
||||||
enabled: true
|
|
||||||
traces:
|
|
||||||
enabled: false
|
|
||||||
receivers:
|
|
||||||
grpc:
|
|
||||||
enabled: false
|
|
||||||
http:
|
|
||||||
enabled: false
|
|
||||||
zipkin:
|
|
||||||
enabled: false
|
|
||||||
opencost:
|
|
||||||
enabled: false
|
|
||||||
kube-state-metrics:
|
|
||||||
enabled: true
|
|
||||||
prometheus-node-exporter:
|
|
||||||
enabled: true
|
|
||||||
prometheus-operator-crds:
|
|
||||||
enabled: true
|
|
||||||
alloy: {}
|
|
||||||
alloy-logs: {}
|
|
|
@ -38,5 +38,5 @@ data:
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
containers:
|
containers:
|
||||||
- name: helper-pod
|
- name: helper-pod
|
||||||
image: busybox:1.36@sha256:34b191d63fbc93e25e275bfccf1b5365664e5ac28f06d974e8d50090fbb49f41
|
image: busybox
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ generators:
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: traefik
|
- name: traefik
|
||||||
releaseName: traefik
|
releaseName: traefik
|
||||||
version: 28.2.0
|
version: 26.0.0
|
||||||
repo: https://helm.traefik.io/traefik
|
repo: https://helm.traefik.io/traefik
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
includeCRDs: true
|
includeCRDs: true
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
|
|
||||||
deployment:
|
deployment:
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: volume-permissions
|
- name: volume-permissions
|
||||||
image: busybox:1.36@sha256:34b191d63fbc93e25e275bfccf1b5365664e5ac28f06d974e8d50090fbb49f41
|
image: busybox:latest
|
||||||
command: ["sh", "-c", "touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json; chown -R 65532:65532 /var/log/traefik"]
|
command: ["sh", "-c", "rm /data/acme.json; touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json; chown -R 65532:65532 /var/log/traefik"]
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: false
|
runAsNonRoot: false
|
||||||
runAsGroup: 0
|
runAsGroup: 0
|
||||||
|
|
|
@ -1,21 +1,10 @@
|
||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": [
|
"extends": [
|
||||||
"config:best-practices"
|
"config:base"
|
||||||
],
|
],
|
||||||
"platformAutomerge": false,
|
"separateMinorPatch": true,
|
||||||
"ignoreTests": true,
|
|
||||||
"separateMinorPatch": false,
|
|
||||||
"patch": {
|
"patch": {
|
||||||
"automerge": true
|
"enabled": false
|
||||||
},
|
|
||||||
"pin": {
|
|
||||||
"automerge": true
|
|
||||||
},
|
|
||||||
"digest": {
|
|
||||||
"automerge": true
|
|
||||||
},
|
|
||||||
"kubernetes": {
|
|
||||||
"fileMatch": ["\\.yaml$"]
|
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue