✨ new talos cluster

2025-09-17 18:24:14 +02:00 · 2022-11-19 04:47:32 +01:00
parent 42346bd99b
commit 4ac38f95e9
548 changed files with 1642 additions and 2331 deletions
--- a/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml
+++ b/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/helm-release.yaml
@@ -0,0 +1,23 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: drone-kubernetes-secrets
+  namespace: default
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: drone-kubernetes-secrets
+      version: 0.1.4
+      sourceRef:
+        kind: HelmRepository
+        name: drone
+        namespace: flux-system
+  values:
+    env:
+      KUBERNETES_NAMESPACE: default
+  valuesFrom:
+    - targetPath: env.SECRET_KEY
+      kind: Secret
+      name: drone
+      valuesKey: DRONE_SECRET_PLUGIN_TOKEN
--- a/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/development/drone/drone-kubernetes-secrets/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
--- a/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helm-release.yaml
+++ b/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/helm-release.yaml
@@ -0,0 +1,35 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: drone-runner-kube
+  namespace: default
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: drone-runner-kube
+      version: 0.1.10
+      sourceRef:
+        kind: HelmRepository
+        name: drone
+        namespace: flux-system
+  dependsOn:
+    - name: drone-kubernetes-secrets
+      namespace: default
+  values:
+    image:
+      repository: drone/drone-runner-kube
+      tag: 1.0.0-beta.5
+    env:
+      DRONE_NAMESPACE_DEFAULT: default
+      DRONE_RPC_HOST: drone.default.svc:8080
+      DRONE_SECRET_PLUGIN_ENDPOINT: http://drone-kubernetes-secrets.default.svc:3000
+  valuesFrom:
+    - targetPath: env.DRONE_RPC_SECRET
+      kind: Secret
+      name: drone
+      valuesKey: DRONE_RPC_SECRET
+    - targetPath: env.DRONE_SECRET_PLUGIN_TOKEN
+      kind: Secret
+      name: drone
+      valuesKey: DRONE_SECRET_PLUGIN_TOKEN
--- a/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/development/drone/drone-runner-kube/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml
--- a/kubernetes/cluster-0/apps/development/drone/helm-release.yaml
+++ b/kubernetes/cluster-0/apps/development/drone/helm-release.yaml
@@ -0,0 +1,65 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: drone
+  namespace: default
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: drone
+      version: 0.6.4
+      sourceRef:
+        kind: HelmRepository
+        name: drone
+        namespace: flux-system
+  dependsOn:
+    - name: drone-runner-kube
+      namespace: default
+    - name: gitea
+      namespace: default
+    - name: postgres-cluster
+      namespace: default
+  values:
+    image:
+      repository: drone/drone
+      tag: 2.15.0
+    persistentVolume:
+      enabled: false
+    env:
+      DRONE_DATABASE_DRIVER: postgres
+      DRONE_GIT_ALWAYS_AUTH: true
+      DRONE_GITEA_SERVER: https://gitea.${SECRET_CLUSTER_DOMAIN}
+      DRONE_SERVER_HOST: &host drone.${SECRET_CLUSTER_DOMAIN}
+      DRONE_SERVER_PROTO: https
+      DRONE_SERVER_PROXY_HOST: drone.default.svc
+      DRONE_SERVER_PROXY_PROTO: http
+      DRONE_USER_CREATE: username:context,admin:true
+    ingress:
+      enabled: true
+      className: nginx
+      hosts:
+        - host: *host
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - hosts:
+            - *host
+  valuesFrom:
+    - targetPath: env.DRONE_DATABASE_DATASOURCE
+      kind: Secret
+      name: drone
+      valuesKey: DRONE_DATABASE_DATASOURCE
+    - targetPath: env.DRONE_GITEA_CLIENT_ID
+      kind: Secret
+      name: drone
+      valuesKey: DRONE_GITEA_CLIENT_ID
+    - targetPath: env.DRONE_GITEA_CLIENT_SECRET
+      kind: Secret
+      name: drone
+      valuesKey: DRONE_GITEA_CLIENT_SECRET
+    - targetPath: env.DRONE_RPC_SECRET
+      kind: Secret
+      name: drone
+      valuesKey: DRONE_RPC_SECRET
--- a/kubernetes/cluster-0/apps/development/drone/kustomization.yaml
+++ b/kubernetes/cluster-0/apps/development/drone/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - drone-kubernetes-secrets
+  - drone-runner-kube
+  - helm-release.yaml
+  - secret.sops.yaml
--- a/kubernetes/cluster-0/apps/development/drone/secret.sops.yaml
+++ b/kubernetes/cluster-0/apps/development/drone/secret.sops.yaml
@@ -0,0 +1,33 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: drone
+    namespace: default
+type: Opaque
+stringData:
+    DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:+9NZ76uh+GIJCyXz/4KT9TUhnHRkZ7OCHPEJ9w3zwgxqFhbtf6qRoTbPszumvFkn71xgmBhkul8ZWx6A5/gIhbwfTi3+829VLzBivXdFv0nC9/KYPcEGmsXVMFQ=,iv:NhUdL1/fVhfpsIQYgYGxqhO1zt/4QvgooNb9VVbXrWM=,tag:yWWvV7IwwtlcMYefty3ytw==,type:str]
+    DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:tcXCVpdKB16QrXd35BhWtafVKgs/BlxWkxK9iQ+sm/wTUren,iv:/zEGKJzuaurIAOWXAhtsRnxkIwmzqrAZkW7rfAaTEVQ=,tag:XnHiNYyHUjsLgnTl62wQPQ==,type:str]
+    DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:wEIM5nc+cmc18ujFztAQQKO0YFXVtH90G+C4yCQOZlUf1xu9R1t2M0iLB7aP+y1lfxo3cgfiT+k=,iv:Nish+j12JfctzLGLXJ6Gle4sJLTDSlPnVMQ9L1BRRTs=,tag:uXWDbzpE13p5X/BnsKvQPQ==,type:str]
+    DRONE_RPC_SECRET: ENC[AES256_GCM,data:O+YljkHzgFe4HSgSRkosuTTFpaOPSyAjeVpC39BKSIU=,iv:H8SO0S8TL060mnKCOBPWexUNdYwUmyVPdetuoto6uck=,tag:XU8JCsippp0Gadptpuwuog==,type:str]
+    DRONE_SECRET_PLUGIN_TOKEN: ENC[AES256_GCM,data:rRP1/jdkyHkwTmB8j5svo0xg6YFw64f9EVcoMzyzHbk=,iv:LYMgl50+edTnk0Im7uzLZW0THemraadOpOLkyvL/5Og=,tag:nIkuWVAK1NvawHksQar0tQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVWZVaFFvMVJRRWR1eUU3
+            QzI5cjNscE83czk0TG9Ra1JvVmExa0hWbWt3Ck1YY1htcXhDamwxY1pVcE0wS2U3
+            WWNQbTJFK1dFdEhkMk8vbG9pQlJzN1kKLS0tIDBUTUZhMUF2VVJhbFNpQ1FTNWZC
+            ZUZsSDdUYXFVb3JROEFnaC8yRU1zZ0UK1klzjeo3oaS6n1Apy0nY746ax2Uxxddg
+            Mn61QDtkPf8FLNBC3tFTe3pWzhWseD/89WaW3f3GScJxy34SFUZxLQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-11-17T00:42:15Z"
+    mac: ENC[AES256_GCM,data:D401bweTZOPX4wlHObquqTGTVmO7beunzjzGlJMYmxsMVA0lxYqs6tzrjbb/0yy/Dhee6CUCalstX977HltaEOg3TlPdo60wsQe2K4Zl9rikbj7fIM+Qfw433HY4QZ+Rp7oEr5rUXVrGo3zUtaFDBTm5T4x9prDZWL6awGNwGDo=,iv:waybTiK127sh167CfzUwkHnbkzWw28UWYxR4w4QhSK0=,tag:PRV/ruen25JVNnBu7so0tw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3