mirror of
https://github.com/outbackdingo/Biohazard.git
synced 2026-02-05 08:18:03 +00:00
feat: add soft-serve
This commit is contained in:
JJGadgets
@@ -85,12 +85,19 @@ SECRET_SEARXNG_SECRET_KEY=ENC[AES256_GCM,data:VtboiMo1EFkxVahzVyM5iUckLZO+bcH1qV
|
||||
SECRET_SEARXNG_REDIS_PASSWORD=ENC[AES256_GCM,data:Xxgp+yS+9bYH27fyFAHcIuonX5+uPS6/E2sEhpY40HB3WEp0h/whZMrBD9frM8+X5QYdWjNyeiQ8MaymV1h2YmRXDT+nFzQDfA803uZfy/ZImgXFRUo/t6RY,iv:r1UFYNhW780OxCvjLToL8HcXoOaaU1bqM/vI3dfCkkg=,tag:vnqwGagTKaImF5raF5EP7A==,type:str]
|
||||
SECRET_THELOUNGE_LDAP_SEARCH_USERNAME=ENC[AES256_GCM,data:XeKNbTJ75iZbrlsHpZ2WUS0HcgLuSR88J4KyEL8kG6W1kgQqNZFUHcpk2K2NxQsdFDwKouR/almnFz363xsuJE9LKmuWDItUtmElMIY9ruTXvu6C,iv:vUFmZmOnsGTV/iMZ9koNYtaulwA8P9D7TngGjULnBWg=,tag:0rxMVuA7+1BR3AMpwQ1wlQ==,type:str]
|
||||
SECRET_THELOUNGE_LDAP_SEARCH_PASSWORD=ENC[AES256_GCM,data:r+R9nyvW/Hi/rnLliQEfHo0CKIUWhFJQky3N5E4CiZCON3/9nhu3hD13aYVnNvikd2Nv7+uxZ2RB3XHY,iv:b5Th8HMosoz/VtvHq316zNTuZu9T4FdZ5O9P46p4O4I=,tag:/rlmdtl27LwLpyYEC8aGDg==,type:str]
|
||||
sops_lastmodified=2023-07-30T16:56:37Z
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:07Z
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
SECRET_ADMIN_SSH_PUBKEY_1=ENC[AES256_GCM,data:rQrOCrBq5Pxb+JHz+M13TaAciap84AGL1IaLK0oajfS1bovgWoq+3eRw2WBKK/zyCBzO1Rnt2JdWHN7o6UNFY8BxgQ6f+eAiZWHfLneTKPc+T74yfag0RAWt2kky+xd2RNC9KA+teXUctjEf4THk8/qpzw3zSjRwnvMLDfGIh2Ky,iv:uBYoaZu16pokpAWZGfXn854+3uTcfjKgwZILK1HxtoI=,tag:0xosFd0HKKMuVWjt0qDIpQ==,type:str]
|
||||
SECRET_ADMIN_SSH_PUBKEY_2=ENC[AES256_GCM,data:ChKAm92Z5GPniUDmrFYMBZ7yOBsLGRWQj40wPuCsaPrdKkhjKPYe1c1Wvxl9phDade9rwKhb7+AAttboTtHMa+R+696aXG06E5BQXqRLxr/XDZQJQzRWvRerogIucCrddpJtW+cXF/8sjD1C7ge2ZU3objBHiwW5OMqKRuxVTTinci3Wi5UvK3tzXklV1d158WsTGh8=,iv:qqtgjHdE7rNKoJ5iTPI/TSH2DIf7Qrpb9fr0ReExzsk=,tag:hs87MOtk5ONbXq2vyZPmSA==,type:str]
|
||||
SECRET_ADMIN_SSH_PUBKEY_3=ENC[AES256_GCM,data:WcHtsToeNjP0ZNms9xR0C6VOs0UZhBbVn+5FOGKYl9Wipg8CeT6c90B23jkYQwjCELw8GdSlP0/HXtDa4XgbsfvRMxW4Xc8L2o7/xUdx8oecGKJ1vX8Uo33kFvBytMUGSq7/ugKfW9DcnAGYWUIQO5kn+PjelqM8IUdAHbLaRhmpq/60LbF14gAPEhs9+vPa08EKlA==,iv:7dDhdOFP+jqOsXR+ArTSE4NrcAAsYArVCKOz+U3iFls=,tag:2dvTgG4R92kohj/ftNgBqw==,type:str]
|
||||
SECRET_ADMIN_SSH_PUBKEY_4=ENC[AES256_GCM,data:LbOsXrAJ7bN9hKH2caLAh7n9uKM8dN+dZZwls1dXuyQ4ah+YPSdz+YZIalTcVNMlVTd/e2ulcQY2UiKjUX2YmcZQS5d0c4xQ8Ne4zleIfeFpmdfFarR1edz3+sLPU7aZuB/y5UXesgpTFbkdS9zuwIPxWgkN6GTmG8JBSShZsG9rlNeSFqcEwNl+Cuxw/5reQfxK+TAS,iv:NRcdE2EaZTwom2L/5osU7c1r8C41TYr7OHmr7G71LA8=,tag:h6irZpyK0SjP3bnA4tri8A==,type:str]
|
||||
SECRET_SOFT_SERVE_PG_USER=ENC[AES256_GCM,data:AoWziImY3+61gbzDdSWl6CAfqx4=,iv:t8hovrN43fpG1B2dPTmh6X4mxC8Ss97DV2Ms/FBpXZ4=,tag:kfgRcN3272WK1zULMTalIg==,type:str]
|
||||
SECRET_SOFT_SERVE_PG_PASS=ENC[AES256_GCM,data:GUzxtIwYyDiyUvdVUCrlw+lLJIhanUOGiI3SdLajRURseoZNNRjmp4gZ5YFXS1kLpt9hcigSDDaJbtaySdW0ZyD3gpRtDcHSKRyL6RjmW/lqTYrKmUizefxR,iv:OQ8nQgBgE6LKsB+xd6htB9dGqVmbjuOapT0Js+gQvew=,tag:KcBJBTC+L8/lXGxkj16d+w==,type:str]
|
||||
SECRET_SOFT_SERVE_PG_DBNAME=ENC[AES256_GCM,data:Gl8L9+Vo34EvTAQ3FQ8fYVGZqEs=,iv:ZCC3qVRFSST4/G21kHOuubYQUWYn1fhKNvC/ihSy7zo=,tag:5RtzoHgQf0POt+hLvRAGgQ==,type:str]
|
||||
sops_lastmodified=2023-08-07T02:20:50Z
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_mac=ENC[AES256_GCM,data:rOuHSg8sgMl1Ib+UARekgtBuyJo64hDLZCOvt5UG1LJL9YeOBtU69AsJUUvZeEYqmiC7kYodsQbOqKsxTt+GEyND0Hcz9xJbjX1OAQdPLUBqB0mRmZpRZz3utu7teNMvq1vQ7dlSJK7fc8GXsTQYlKZJl+y1qAA5qU3F76yIRDs=,iv:RusYhjczRrYuXrVkR7RPeFE6XvX9okOjL44thu8cfQs=,tag:xqdOLBLevfzmlHp5pESb1A==,type:str]
|
||||
sops_mac=ENC[AES256_GCM,data:MTmw5/Ev22yxavsi60BKdqAj38m4Zx4QjIIimP/a5vVFYbxAj9mRXWs1L/XoQVSCdNe3EPJ2+t12uMx626ArDcr3XeWnmzdMeOF2JmvUL4DlOavrVwraOVp+uZ9YAK8fWvTa0W9wkkazKNnlFPxqU72IPTJTf3JKo3lZLGIoXQo=,iv:G5Rl+gwmGnbc60RoaiKVwt8uyb8arELf0buBgZdymRo=,tag:s0fuqb7DKWu+61s/jqIc/A==,type:str]
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:07Z
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdANDTQwVjZ/Ad3iqBe0LL2sGCrEvrl6W6VaMjFgJCUkzYw\nwASmi9Y/OqREXtEItA1rKZDTM38LuMfcU4vAeEV0SNWlW5CQquN8UpLwMATrBdXr\n0lwBcvIZFLbbnfqFAdJ1EzbRWvHuh+yn5DBMH+odm3ZLaJqiiV9EaWhfl2rdIOr4\nPJQf6Ev1hueWmc9H45a8nvwH8sOl9MH9hl3TW7o9JOOhGmZ4BBVaSJW6f0UiZw==\n=iSQg\n-----END PGP MESSAGE-----\n
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_version=3.7.3
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxalh5ckhGWGxFTmFqSDQv\ndXlPOUlyYVNkWHA5VGN2TERvaWtWMHlJdFRNCnQ1NlJldEgxb2E0VEdVSDVpbHp5\nZEpTMEQ5dWU0Q2ZWTFBOZFp5Ti95ejQKLS0tIDF0c3VlazRzVWtVQ1JXT3hyTWNN\nWXpUSUNydGY4V04xZ2dTSzlvWmNOTGsKQ3rimeB7zqB4dYMp1pR1AOltXk+GhGsb\ns0jDxr/SiPUaiYoVCY4fqu9geXNRDGlPh3T2Lhs9Siif4Vnc8qTQBw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
|
||||
@@ -128,6 +128,10 @@ APP_DNS_CYBERCHEF=ENC[AES256_GCM,data:Bp68OfLoJeZS1tE=,iv:bTt5owz7wx+Xr+/6NfuRZm
|
||||
APP_UID_CYBERCHEF=ENC[AES256_GCM,data:Q4C7NNI=,iv:o9zaPN5gux5y2iTgkr6yCWgr5N/RXTYEbX6bOACj/Dg=,tag:ksUC7t6XPHpNy7usrG2NQA==,type:str]
|
||||
APP_DNS_LIBREDDIT=ENC[AES256_GCM,data:hA/9NMienSmhMN8=,iv:s2niG6wsb2ERh4kCHU2xtEuvznqWcY+MA28/NGLfc80=,tag:caH/pzlP6oWlqN2faagzSg==,type:str]
|
||||
APP_UID_LIBREDDIT=ENC[AES256_GCM,data:yZwEWLs=,iv:BcPS6Kzf+UMLMIu+LLWSdooVaIVgYKLV1uD/a5dMnbQ=,tag:M4lml+4ce0c2X7Wi/15SKQ==,type:str]
|
||||
APP_DNS_SOFT_SERVE=ENC[AES256_GCM,data:sLfoJfeEI8hZpQ==,iv:IEgTevFxve1iMtjnuGgtm0BOv0JlHnfuHOzqSuqFI7A=,tag:5mhEYykgUX6ErJfsfYzrpA==,type:str]
|
||||
APP_DNS_SOFT_SERVE_HTTPS=ENC[AES256_GCM,data:cqyOSwAqoCGkj6g=,iv:reGfB0BGgn2NeaTjGyZ/PwJZZJv02XLs4+8XcPUPNxQ=,tag:ZIspovR5scJcMesb3mXi0A==,type:str]
|
||||
APP_IP_SOFT_SERVE=ENC[AES256_GCM,data:9k1IB1HRR9WHD6jS,iv:9Ybhz0UckiuFRRIeaqfqCmGqpAeyBfGXLNkDp6Pdq9k=,tag:8l7msewWHZFCVCQEMbCYRQ==,type:str]
|
||||
APP_UID_SOFT_SERVE=ENC[AES256_GCM,data:KdcXyYI=,iv:+qDOkWcxNm4cONEo5Q1u67UwShVbtVADddh7GjxGYHg=,tag:BVEe66cpMMeEIKJkmic96A==,type:str]
|
||||
CONFIG_MINECRAFT_OPS=ENC[AES256_GCM,data:al3glJDrtuqtTM2z4W7n+tPNf6XVfK64Jdb9s5RAE5NUwxyK,iv:kYqlsOabsa2iBZKgqjOpFYJo0DMFuoo3ZWCqb/Xzi5c=,tag:nIqPXvBvxdi8crMj1CYsEw==,type:str]
|
||||
CONFIG_MINECRAFT_ICON=ENC[AES256_GCM,data:nNzsyRclLnPZ+8Td/WJg2u8V/QKf/xowrghmTaKRNb9a5BMOxtzmiyAt6Us8OoY=,iv:b7fHZQdOjc4oCCLtLhopNg6G7IS2u9NUdBLCN6CjSKc=,tag:+cPgP1oK/9+EK2tB9Y45zw==,type:str]
|
||||
CONFIG_MINECRAFT_NAME=ENC[AES256_GCM,data:1qSqJGmGON9BhJKRJA==,iv:Sdwq0LLLdBQlr3m+0Ey2IE9FcRtVKOtXsswLMMp9A5A=,tag:WpaTzqSO3+N+vnJkGI+pCQ==,type:str]
|
||||
@@ -144,12 +148,12 @@ CONFIG_HEADSCALE_IPV4=ENC[AES256_GCM,data:EZ7GMHA6u1wWPS5g6Pg=,iv:W1hcseQ4Q6CisT
|
||||
CONFIG_OVENMEDIAENGINE_NAME=ENC[AES256_GCM,data:58CuH8bcUHWXBZA=,iv:BN7x6aAJPbzIn25sNoycsHRE5pugkubLS2VrM77+g/E=,tag:6JAsRjU0L6wbZtns3rk6KQ==,type:str]
|
||||
CONFIG_THELOUNGE_USERNAME=ENC[AES256_GCM,data:+C2aABtqq8YG,iv:4DYpguAvmaqPedRgrflDlKfX5jJEhyWXKuRS+UVgHLo=,tag:vfJko+R2D8ct7KZC2Vnujw==,type:str]
|
||||
CONFIG_THELOUNGE_JOIN=ENC[AES256_GCM,data:ocuC,iv:9Cn9zp2+iIVrEXYxklEtkpftmJwTGsWnff2xIG9KNec=,tag:3UL9Gn+kHoXu+40CFkP7sg==,type:str]
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_mac=ENC[AES256_GCM,data:sSByN9zcshZtJ5KZkyVXPluq41ZOI4LzRlMSq0JHMUAMc6RBUxKdOzgFIdRqh4C5+MFWVFUczvW/N6NQJqWywT388q3X7jB638/KysPAGrolMRtD4WfGmR5gFmk8AgexwccY+it33anre+mKztctKu6U3ULsw1C536Iybmu0FUg=,iv:fcvLHH6CwE4nerlxiskERB2e8Ff1huXatH9EmHSl+xM=,tag:vlhZAnPtJT7j01nkPyPoIw==,type:str]
|
||||
sops_lastmodified=2023-07-29T01:25:31Z
|
||||
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdAbA35718t0WVKrjQFYUPviCb0lVuh8NpfSdJCHjHcWWww\n8ak4q4VL69tZLSjQHx+VsMmKooknxWz6pw0lGxyDYlZMQ81bodInjaZGFZSz8Uuh\n0l4BhDCNDBBALTrnTliz6/DAHvmavI4UxMHost5alFio9JPkTDNmXZyvcy1/R6aw\n/uhQXLUBRvm0TSOhBZb7d0SLkLfe02Um40w1TibpKXsZz1GOMbPRNBMHHra0QIuQ\n=0jA+\n-----END PGP MESSAGE-----\n
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_version=3.7.3
|
||||
sops_mac=ENC[AES256_GCM,data:p9MOYBQ/YBr7iv28s1NMQ+GOWoD9XgEmvomg4B6tVMRM1SXeFM+hvvbrCXGt+an1XMQ/OT31+ZxSiisSlZqVIama07maTi4FWexQOy55/rBkHJrYOZa1COknuF7T3Tp6hbwIUAoJcCn/bffdUuLlHlrOQjRFLg6CTe/bGR0+w8o=,iv:3bVP0OPqJ9k9sdO9d+L/BrCYfEcYoJYeMw7GZwMVKbc=,tag:srEQsUDDgID6iZ6uis8GhA==,type:str]
|
||||
sops_age__list_0__map_recipient=age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSXFvLzFQaFJ0OVJKUFV5\nTWh2OUltUlpJWFlVVytFYU9VajBHSnQ4SGdjCnRVbEVXdDVyUHJrR05Ba0xvUm1l\nTkt2YmNUZy90ZFA2b3QrODFKZ01EVG8KLS0tIEw2dkd1cnFCbnI5eWxKL2o1aDVB\nN0hveXZ2dWdxQ2k2L0pGR0ROMStVTmsK4dV/hNyDjsYnVUiFQ7kqdmcVHfYyVckz\nh/rwLjcZgsup72WDVP3v6Eul8B3LKFrSb8CDFA54tyQmSdFDCQC+Zg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_pgp__list_0__map_fp=31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
sops_pgp__list_0__map_created_at=2023-06-01T18:01:04Z
|
||||
sops_lastmodified=2023-08-07T02:08:36Z
|
||||
|
||||
@@ -60,3 +60,4 @@ resources:
|
||||
- ../../../deploy/apps/libreddit/
|
||||
- ../../../deploy/apps/livestream/
|
||||
- ../../../deploy/apps/livestream/oven
|
||||
- ../../../deploy/apps/soft-serve/
|
||||
114
kube/deploy/apps/soft-serve/app/hr.yaml
Normal file
114
kube/deploy/apps/soft-serve/app/hr.yaml
Normal file
@@ -0,0 +1,114 @@
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: &app soft-serve
|
||||
namespace: *app
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 1.5.1
|
||||
sourceRef:
|
||||
name: bjw-s
|
||||
kind: HelmRepository
|
||||
namespace: flux-system
|
||||
values:
|
||||
global:
|
||||
fullnameOverride: *app
|
||||
automountServiceAccountToken: false
|
||||
controller:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
image:
|
||||
repository: ghcr.io/charmbracelet/soft-serve
|
||||
tag: v0.5.5
|
||||
podLabels:
|
||||
ingress.home.arpa/nginx: "allow"
|
||||
db.home.arpa/pg: "pg-default"
|
||||
env:
|
||||
TZ: "${CONFIG_TZ}"
|
||||
SOFT_SERVE_NAME: "BioFlurry"
|
||||
SOFT_SERVE_LOG_FORMAT: "json"
|
||||
SOFT_SERVE_SSH_LISTEN_ADDR: ":23231"
|
||||
SOFT_SERVE_SSH_PUBLIC_URL: "ssh://${APP_DNS_SOFT_SERVE}:22"
|
||||
SOFT_SERVE_SSH_KEY_PATH: "/ssh/host-priv"
|
||||
SOFT_SERVE_SSH_CLIENT_KEY_PATH: "/ssh/client-priv"
|
||||
SOFT_SERVE_GIT_LISTEN_ADDR: ":9418"
|
||||
SOFT_SERVE_HTTP_LISTEN_ADDR: ":23232"
|
||||
SOFT_SERVE_HTTP_PUBLIC_URL: "https://${APP_DNS_SOFT_SERVE_HTTPS}"
|
||||
SOFT_SERVE_STATS_LISTEN_ADDR: ":23233"
|
||||
SOFT_SERVE_DB_DRIVER: "postgres"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: soft-serve-secrets
|
||||
service:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
http:
|
||||
port: 23232
|
||||
stats:
|
||||
port: 23233
|
||||
expose:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Cluster
|
||||
annotations:
|
||||
coredns.io/hostname: "${APP_DNS_SOFT_SERVE}"
|
||||
"io.cilium/lb-ipam-ips": "${APP_IP_SOFT_SERVE}"
|
||||
ports:
|
||||
ssh:
|
||||
enabled: true
|
||||
port: 22
|
||||
targetPort: 23231
|
||||
protocol: TCP
|
||||
git:
|
||||
enabled: true
|
||||
port: 9418
|
||||
targetPort: 9418
|
||||
protocol: TCP
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
ingressClassName: nginx
|
||||
hosts:
|
||||
- host: &host "${APP_DNS_SOFT_SERVE_HTTPS}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
podSecurityContext:
|
||||
runAsUser: &uid ${APP_UID_SOFT_SERVE}
|
||||
runAsGroup: *uid
|
||||
fsGroup: *uid
|
||||
fsGroupChangePolicy: Always
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
type: nfs
|
||||
server: "${IP_TRUENAS}"
|
||||
path: "${PATH_NAS_PERSIST_K8S}/soft-serve"
|
||||
mountPath: "/soft-serve"
|
||||
ssh:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: soft-serve-ssh
|
||||
mountPath: /ssh
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
memory: 6000Mi
|
||||
initContainers:
|
||||
01-init-db:
|
||||
image: ghcr.io/onedr0p/postgres-init:14.8@sha256:d8391076d2c6449927a6409c4e72aaa5607c95be51969036f4feeb7c999638ea
|
||||
imagePullPolicy: IfNotPresent
|
||||
envFrom: [secretRef: {name: soft-serve-pg-superuser}]
|
||||
31
kube/deploy/apps/soft-serve/app/netpol.yaml
Normal file
31
kube/deploy/apps/soft-serve/app/netpol.yaml
Normal file
@@ -0,0 +1,31 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: &app soft-serve
|
||||
namespace: *app
|
||||
spec:
|
||||
endpointSelector: {}
|
||||
ingress:
|
||||
# same namespace
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: *app
|
||||
- fromEntities:
|
||||
- "world"
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "22"
|
||||
protocol: TCP
|
||||
- ports:
|
||||
- port: "23231"
|
||||
protocol: TCP
|
||||
- ports:
|
||||
- port: "9418"
|
||||
protocol: TCP
|
||||
egress:
|
||||
# same namespace
|
||||
- toEndpoints:
|
||||
- matchLabels:
|
||||
io.kubernetes.pod.namespace: *app
|
||||
27
kube/deploy/apps/soft-serve/app/secrets.yaml
Normal file
27
kube/deploy/apps/soft-serve/app/secrets.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "soft-serve-secrets"
|
||||
namespace: "soft-serve"
|
||||
type: Opaque
|
||||
stringData:
|
||||
SOFT_SERVE_DB_DATA_SOURCE: "postgres://${SECRET_SOFT_SERVE_PG_USER}:${SECRET_SOFT_SERVE_PG_PASS}@pg-default-rw.pg.svc.cluster.local:5432/${SECRET_SOFT_SERVE_PG_DBNAME}"
|
||||
SOFT_SERVE_INITIAL_ADMIN_KEYS: |
|
||||
${SECRET_ADMIN_SSH_PUBKEY_1}
|
||||
${SECRET_ADMIN_SSH_PUBKEY_2}
|
||||
${SECRET_ADMIN_SSH_PUBKEY_3}
|
||||
${SECRET_ADMIN_SSH_PUBKEY_4}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "soft-serve-pg-superuser"
|
||||
namespace: "soft-serve"
|
||||
type: Opaque
|
||||
stringData:
|
||||
INIT_POSTGRES_HOST: "pg-default-rw.pg.svc.cluster.local"
|
||||
INIT_POSTGRES_DBNAME: "${SECRET_SOFT_SERVE_PG_DBNAME}"
|
||||
INIT_POSTGRES_USER: "${SECRET_SOFT_SERVE_PG_USER}"
|
||||
INIT_POSTGRES_PASS: "${SECRET_SOFT_SERVE_PG_PASS}"
|
||||
INIT_POSTGRES_SUPER_PASS: "${SECRET_PG_DEFAULT_SUPER_PASS}"
|
||||
40
kube/deploy/apps/soft-serve/app/ssh.yaml
Normal file
40
kube/deploy/apps/soft-serve/app/ssh.yaml
Normal file
@@ -0,0 +1,40 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: soft-serve-ssh
|
||||
namespace: soft-serve
|
||||
type: Opaque
|
||||
stringData:
|
||||
host-priv: ENC[AES256_GCM,data:mKJd9FH2Z9GyxSS0mTdiauImrobI+kqZ013ovtSNW46rEI59OAHuVwv/k/82FzTvCg/Aju4tqTfPhP6/Ivf/q0G1WRdAbRKOGdJ0picJ9Z3ETv6QQ1FVSkHCHmvW8BBG2BrHk80RcS3bx6VQa2v2D9KnFOEtdmUn5Afi6v8232B/ShvfX2QnSVuEH2WCiDJpZYp/vPRDC5deJqR1kYrlO0w/dSdo73LD/jU3XMxlOwLTaYnUIt+f8upyOY7e7x4EIKnE3E9DslG5LEdlG9hXDgGi+s6droYhAd70FGDrFTwguu3slMutt6Jr4nS4HfYsnBnkdhFmAqosWOYzMAarPxFbaPPVYJJK+acGn+iABCVXHE3bOx2Tr6MWAaSUvBi5n9SvdnI/CypzCfNiuDfWlrnv00OJLzgZSsmBSApUaA3oYkOYwJ6pelmajYMY3+wbIRWkxPFimU0Z+AcjVrOYkcub35UNPgzkYoB3uU4HmXjlVFWaIngURWQMe6AlPm6uPRZvh+2vz1xjBhC6rQN7pW2gMM0eq7xL8ZE3Riqbl/0s6sXba1XGWVfIKWXpYQsAJAc7xep5o+vburBB,iv:XahBh/d3u7DCc2jWvDufio9yqkxBRd0NOKJCmzYlrOI=,tag:4//267lH80qX/KakAHgZVw==,type:str]
|
||||
client-priv: ENC[AES256_GCM,data:A/zmVmVXajbRkEsM7YHCAwF3bqBGGFhYH5eDF/KdnSyIy7Vd8Aa1txjpymLqNFbIwoHbvRZT4+bHVpD0Cd8jqSaQ6EnHv9jPQokLXxi/L5iyboCfILYGNyAa+guojK8sekJhGl5pSpQdhiwcff7JejbZNJXsuHVysZthnFobx72dh07zJ8rYO2ARBs530VLe5fcCH1RmmWj902B28RT3mMI8ZsesIzx41LucWM+z6n8AskifD15hrobImkLeIVNbaKnDxq04BDznCeu/t9wRKEw7hgMrzh0CREzWaIDv/GlSbpIQjhIdmUr9sgsMEs0gEom2pNy64yfpizEQP6JiOSmQ41wnqF3MR4AwM/B6mHkfbhJVt1B1O3zU2xXe7qN9I/k6SgopCBJtB621Ytzx4cZWZDwjdVfbUUWUChVxvvwV7wNTbGa7M9BaKENrVvvYHqC35Wlb+SlsxpQN+jjApYq85iS7DW0qSLk39JUCG+ZZ7ZTIw7X7x4ABLJ+ZHaQiZRMTH95rTqzqUHFWTMHWA1HeRkwSQklBGJHFO/fFOot5k0PVkuiSJRLvHo5//Pk6qn124uOPlhKNeuA=,iv:kUWc+NoR0GJ5AjqEJsjiEl1upWfwcbvFF+Itel9zdvQ=,tag:dudsRIBvkuVHbm0mqUCRnA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdkhXVUlzZkVoUkhSWjM2
|
||||
b055TWlUSTFlbUZaQzFyWnJnYVNKVlFzVEZ3Cnc2eHQ5N0ZHMGx1eXduSnljcmg3
|
||||
NmIwWjdyY1ljZVErNVJyTUZpTWJaa28KLS0tIDlkL3Q2VDZWeDBqMmphK3dzOWJI
|
||||
dlJ2TWpPSTd6UExmWDdCZlNkNW5IYWcKXJpSqhh7Os21uI81t2t0LXOgrahJ85JK
|
||||
+S3tdCFxmt8dsgNT/X0fjl5klGFp6KAd9VZI1D0MdF99kkZnwqGH/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-07T02:23:25Z"
|
||||
mac: ENC[AES256_GCM,data:IgrrnGr0ixfYYlHRzSIRgBQneMHF+NFHB3rDYntcvvcIFYreNqAnGzEemhJ2efC8FucNifi1WOS4LFZmTN/yWTUoW2GOIcTL/1+AsnVw9NHvXqMOWr5Ltd4SJCHB7zYjhzsMtUW5+8EcqAgqod5S3MrBeTfQOxulqudPDIfsE0k=,iv:Oc9Tb+I1fKNdOOU07eBNKpRZiG4a76y7xydEdeA5aPs=,tag:hwnbxnv7JEHd0u2seYyk0A==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-07T02:19:08Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DAAAAAAAAAAASAQdACBYfXdyXxsT7K4N5TzgLabHY7oYm0lyps1HahU4XzEIw
|
||||
QmMFwMUkpDPJNmM/uYG5zASXrnk5y53boDJdNObUdxH+8tx5fUlCDVfK6Rhx2I+H
|
||||
0l4B2H5UlRyDCONzp4N49SDUv2Gd33ZOpZDDy+B3x9GZ6SYSVZ8RNRLCSFYzP5C8
|
||||
3P4lzFQzAkeLKCCmT7CPHgePcui91cOJ/EMc/gzGWYZBdIXXCyzXESZSW2y4wm/6
|
||||
=S81P
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
12
kube/deploy/apps/soft-serve/ks.yaml
Normal file
12
kube/deploy/apps/soft-serve/ks.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: soft-serve-app
|
||||
namespace: flux-system
|
||||
spec:
|
||||
path: ./kube/deploy/apps/soft-serve/app
|
||||
dependsOn:
|
||||
# - name: 1-core-db-pg-clusters-default
|
||||
- name: 1-core-ingress-nginx-app
|
||||
#- name: 1-core-storage-volsync-app
|
||||
6
kube/deploy/apps/soft-serve/kustomization.yaml
Normal file
6
kube/deploy/apps/soft-serve/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ns.yaml
|
||||
- ks.yaml
|
||||
5
kube/deploy/apps/soft-serve/ns.yaml
Normal file
5
kube/deploy/apps/soft-serve/ns.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: soft-serve
|
||||
Reference in New Issue
Block a user