From 088e10a73d8fef11e0a53c71167dcb4443af581f Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 27 Feb 2022 12:13:57 +0100 Subject: [PATCH] first commit --- .gitignore | 3 + external-secrets/Chart.yaml | 7 + .../templates/clustersecretstore.yaml | 15 ++ external-secrets/templates/serviceAccount.yml | 4 + external-secrets/values.yaml | 1 + k3s-monitoring | 1 + vault/Chart.yml | 7 + vault/values.yml | 8 + wiki.js/Chart.yaml | 7 + wiki.js/values.yml | 166 ++++++++++++++++++ 10 files changed, 219 insertions(+) create mode 100644 .gitignore create mode 100644 external-secrets/Chart.yaml create mode 100644 external-secrets/templates/clustersecretstore.yaml create mode 100644 external-secrets/templates/serviceAccount.yml create mode 100644 external-secrets/values.yaml create mode 160000 k3s-monitoring create mode 100644 vault/Chart.yml create mode 100644 vault/values.yml create mode 100644 wiki.js/Chart.yaml create mode 100644 wiki.js/values.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8b8c0d9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.tar.gz +*.tgz +*.lock diff --git a/external-secrets/Chart.yaml b/external-secrets/Chart.yaml new file mode 100644 index 0000000..096180a --- /dev/null +++ b/external-secrets/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: external-secrets +version: 0.0.0 +dependencies: + - name: external-secrets + version: 0.4.4 + repository: https://charts.external-secrets.io diff --git a/external-secrets/templates/clustersecretstore.yaml b/external-secrets/templates/clustersecretstore.yaml new file mode 100644 index 0000000..45484bd --- /dev/null +++ b/external-secrets/templates/clustersecretstore.yaml @@ -0,0 +1,15 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ClusterSecretStore +metadata: + name: vault + namespace: external-secrets +spec: + provider: + vault: + server: http://vault.vault.svc.cluster.local:8200 + path: secret + version: "v2" + auth: + kubernetes: + mountPath: "kubernetes" + role: "vault-kubernetes" diff --git a/external-secrets/templates/serviceAccount.yml b/external-secrets/templates/serviceAccount.yml new file mode 100644 index 0000000..6fe4343 --- /dev/null +++ b/external-secrets/templates/serviceAccount.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vault-app diff --git a/external-secrets/values.yaml b/external-secrets/values.yaml new file mode 100644 index 0000000..1b4551c --- /dev/null +++ b/external-secrets/values.yaml @@ -0,0 +1 @@ +installCRDs: true diff --git a/k3s-monitoring b/k3s-monitoring new file mode 160000 index 0000000..c673ec8 --- /dev/null +++ b/k3s-monitoring @@ -0,0 +1 @@ +Subproject commit c673ec8cb1898bd717837455a728282c8055641c diff --git a/vault/Chart.yml b/vault/Chart.yml new file mode 100644 index 0000000..49f57f5 --- /dev/null +++ b/vault/Chart.yml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: vault +version: 0.0.0 +dependencies: + - name: vault + version: 0.19.0 + repository: https://helm.releases.hashicorp.com diff --git a/vault/values.yml b/vault/values.yml new file mode 100644 index 0000000..e545639 --- /dev/null +++ b/vault/values.yml @@ -0,0 +1,8 @@ +vault: + injector: + enabled: false + server: + ingress: + enabled: true + hosts: + - host: &host vaultk3s.ducamps.win diff --git a/wiki.js/Chart.yaml b/wiki.js/Chart.yaml new file mode 100644 index 0000000..908cd38 --- /dev/null +++ b/wiki.js/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: infotech +version: 0.0.0 +dependencies: + - name: wiki + version: 2.2.13 + repository: https://charts.js.wiki diff --git a/wiki.js/values.yml b/wiki.js/values.yml new file mode 100644 index 0000000..9d5ed21 --- /dev/null +++ b/wiki.js/values.yml @@ -0,0 +1,166 @@ +# Default values for wiki. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: requarks/wiki + imagePullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +livenessProbe: + httpGet: + path: /healthz + port: http + +readinessProbe: + httpGet: + path: /healthz + port: http + +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + # Annotations applied for services such as externalDNS or + # service type LoadBalancer + # type: LoadBalancer + # httpsPort: 443 + # annotations: {} + +ingress: + enabled: true + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: infotech.kube.local + paths: + - path: "/" + pathType: Prefix + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +volumeMounts: [] + +volumes: [] + +# This will allow us to install locales even without internet access using a initContainer & wikjs "sideloading" +sideload: + enabled: false + # Git-Repo containing all locales.json-files you need: + repoURL: https://github.com/Requarks/wiki-localization + + ## This can be helpfull if you have internet access over a http proxy: + env: [] + # - name: HTTPS_PROXY + # value: http://my.proxy.com:3128 + +## Configuration values for the postgresql dependency. +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + ## Use the PostgreSQL chart dependency. + ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri. + ## + enabled: true + ## ssl enforce SSL communication with PostgresSQL + ## Default to false + ## + # ssl: false + ## ca Certificate of Authority + ## Default to empty, point to location of CA + ## + # ca: "path to ca" + ## postgresqlHost override postgres database host + ## Default to postgres + ## + # postgresqlHost: postgres + ## postgresqlPort port for postgres + ## Default to 5432 + ## + # postgresqlPort: 5432 + ## PostgreSQL fullname Override + ## Default to wiki-postgresql unless fullname override is set for Chart + ## + fullnameOverride: "" + ## PostgreSQL User to create. + ## + postgresqlUser: postgres + ## PostgreSQL Database to create. + ## + postgresqlDatabase: wiki + ## Persistent Volume Storage configuration. + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes + ## + + replication: + ## Enable PostgreSQL replication (primary/secondary) + ## + enabled: false + persistence: + ## Enable PostgreSQL persistence using Persistent Volume Claims. + ## + enabled: true + ## concourse data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Access Mode. + ## + accessMode: ReadWriteOce + ## Persistent Volume Storage Size. + ## + size: 8Gi