shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

🔧 stakater on controller for rolling updates

Browse Source
This commit is contained in:
auricom
2022-12-01 23:36:36 +01:00
parent 61b0eaa4b5
commit 936415b27a
12 changed files with 35 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
kubernetes/cluster-0/apps/authentication/authelia/helm-release.yaml
View File

@@ -32,12 +32,14 @@ spec:
controller: controller:
replicas: 2 replicas: 2
strategy: RollingUpdate strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image: image:
repository: ghcr.io/authelia/authelia repository: ghcr.io/authelia/authelia
tag: 4.37.2 tag: 4.37.2
envFrom: envFrom:
- secretRef: - secretRef:
name: *app name: authelia-secret
enableServiceLinks: false enableServiceLinks: false
service: service:
main: main:
@@ -84,13 +86,10 @@ spec:
config: config:
enabled: true enabled: true
type: configMap type: configMap
name: *app name: authelia-configmap
subPath: configuration.yml subPath: configuration.yml
mountPath: /config/configuration.yml mountPath: /config/configuration.yml
readOnly: false readOnly: false
podAnnotations:
configmap.reloader.stakater.com/reload: *app
secret.reloader.stakater.com/reload: *app
topologySpreadConstraints: topologySpreadConstraints:
- maxSkew: 1 - maxSkew: 1
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname

2
kubernetes/cluster-0/apps/authentication/authelia/kustomization.yaml
View File

@@ -9,7 +9,7 @@ patchesStrategicMerge:
- patches/env.yaml - patches/env.yaml
- patches/postgres.yaml - patches/postgres.yaml
configMapGenerator: configMapGenerator:
- name: authelia - name: authelia-configmap
files: files:
- config/configuration.yml - config/configuration.yml
generatorOptions: generatorOptions:

4
kubernetes/cluster-0/apps/authentication/authelia/patches/postgres.yaml
View File

@@ -22,10 +22,10 @@ spec:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: authelia name: authelia-secret
key: AUTHELIA_STORAGE_POSTGRES_USERNAME key: AUTHELIA_STORAGE_POSTGRES_USERNAME
- name: POSTGRES_PASS - name: POSTGRES_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: authelia name: authelia-secret
key: AUTHELIA_STORAGE_POSTGRES_PASSWORD key: AUTHELIA_STORAGE_POSTGRES_PASSWORD

6
kubernetes/cluster-0/apps/authentication/authelia/secret.sops.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: authelia name: authelia-secret
namespace: default namespace: default
type: Opaque type: Opaque
stringData: stringData:
@@ -29,8 +29,8 @@ sops:
Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq
DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg== DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-13T21:14:03Z" lastmodified: "2022-12-01T22:11:20Z"
mac: ENC[AES256_GCM,data:ujW5w84/5GmwWvH8RdAoMdEXDNQptKhK0Whbd3Byg0o02NDA3SkQsMJsaSNG9Sp5CZnYxSBHdL1AT/1pldFsrxU7TcIpU1mh9zs4nf9B8x/9CEH/3fKSOZuHRKF56LHkqXLFbcC1o+GQHfg1zWlNFWBQ4ToPnqFlLneKFcHT/Sc=,iv:15KsYWcwbuCnsNOvjh7iMuv9gOsLnbvldUlUOl1l2eI=,tag:spHas6eWDLhcaK4cFStnww==,type:str] mac: ENC[AES256_GCM,data:XESKuMlJEXGzkbW1CnAoXxRONq3BqQT/Y9fi7Los+ILtHjo1lEHmj3yCSDhn7uVDQJALLu9pz/Ra36/gine7VUqJwooDV2OeWs7VvBmGTxLOxeH/24AipiAPnRYjXWQY0Zfh0/h0H88jJSB3D+bCMW+WpEWfdmHWMQ/Y54pQ3mQ=,iv:q0ALv44alplmtt2NKbRyVzy/yxoIQ9FUN1zLjEMViCU=,tag:Zq9r4Eo2UsGYTIscEdAMVQ==,type:str]
pgp: [] pgp: []
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.7.3 version: 3.7.3

6
kubernetes/cluster-0/apps/authentication/glauth/helm-release.yaml
View File

@@ -25,6 +25,8 @@ spec:
controller: controller:
replicas: 1 replicas: 1
strategy: RollingUpdate strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image: image:
repository: docker.io/glauth/glauth repository: docker.io/glauth/glauth
tag: v2.1.0 tag: v2.1.0
@@ -46,7 +48,7 @@ spec:
config: config:
enabled: true enabled: true
type: secret type: secret
name: *app name: glauth-secret
items: items:
- key: server.toml - key: server.toml
path: server.toml path: server.toml
@@ -54,8 +56,6 @@ spec:
path: groups.toml path: groups.toml
- key: users.toml - key: users.toml
path: users.toml path: users.toml
podAnnotations:
secret.reloader.stakater.com/reload: *app
resources: resources:
requests: requests:
cpu: 15m cpu: 15m

2
kubernetes/cluster-0/apps/authentication/glauth/kustomization.yaml
View File

@@ -5,7 +5,7 @@ namespace: default
resources: resources:
- helm-release.yaml - helm-release.yaml
secretGenerator: secretGenerator:
- name: glauth - name: glauth-secret
files: files:
- server.toml=config/server.sops.toml - server.toml=config/server.sops.toml
- groups.toml=config/groups.sops.toml - groups.toml=config/groups.sops.toml

13
kubernetes/cluster-0/apps/documentation/outline/helm-release.yaml
View File

@@ -30,13 +30,20 @@ spec:
controller: controller:
replicas: 1 replicas: 1
strategy: RollingUpdate strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image: image:
repository: docker.io/outlinewiki/outline repository: docker.io/outlinewiki/outline
tag: 0.66.3 tag: 0.66.3
envFrom: envFrom:
- secretRef: - secretRef:
name: *app name: outline-secret
command: ["/bin/sh", "-c", "yarn db:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled"] command:
[
"/bin/sh",
"-c",
"yarn db:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled",
]
service: service:
main: main:
ports: ports:
@@ -54,8 +61,6 @@ spec:
tls: tls:
- hosts: - hosts:
- *host - *host
podAnnotations:
secret.reloader.stakater.com/reload: *app
topologySpreadConstraints: topologySpreadConstraints:
- maxSkew: 1 - maxSkew: 1
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname

2
kubernetes/cluster-0/apps/documentation/outline/patches/postgres.yaml
View File

@@ -21,4 +21,4 @@ spec:
key: password key: password
envFrom: envFrom:
- secretRef: - secretRef:
name: *app name: outline-secret

6
kubernetes/cluster-0/apps/documentation/outline/secret.sops.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: outline name: outline-secret
namespace: default namespace: default
type: Opaque type: Opaque
stringData: stringData:
@@ -28,8 +28,8 @@ sops:
eGsyL3NhNS8xdUp0VlNQbWRYbHFLYW8KeMc82BlegMJMtAF/WGMbXhpf2MVvUP5q eGsyL3NhNS8xdUp0VlNQbWRYbHFLYW8KeMc82BlegMJMtAF/WGMbXhpf2MVvUP5q
ehHCSwpe3a8WwXEBNu1u5IPcnMO4Fo5HhjLbMx6H1Ynd6KdyDXUKEg== ehHCSwpe3a8WwXEBNu1u5IPcnMO4Fo5HhjLbMx6H1Ynd6KdyDXUKEg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-11-21T21:57:24Z" lastmodified: "2022-12-01T22:25:43Z"
mac: ENC[AES256_GCM,data:lUzi0Nwt37OKpExOjG+CqQp4QauxmNvDeYnl58AmKht4KXkBHCDBVlndGHjefnEdRzpI8cZzXFGT9kti8opu5mVYDKHd2iNrhSJlll9PoX9WCVuel33N+PLDI0QhxJwnNIAGcy5etc/B9pYRFySPW1EhCe373y7NWGwqz8nlFdQ=,iv:DAcEuKfG9G8kEOl+uqGor6VKRnaoHEjzJK1ukiZe02E=,tag:Q1EGxq/XCu6KLJd4Sg1YEw==,type:str] mac: ENC[AES256_GCM,data:/zmgGjJRYcDt4iXpLyDN2MA0FWxuQmmZNRggw0UX+IPgUrvGKmLpLsC3+0zhHUAwjANgWtQ5pJWHMuz1R39lOOBEcUBM4Re/ZTnyClDZIkxVC0WUrmTsj4spz719v9iwORYmTQujPW6bO9a/1KFNL5KjKqz/7Qx8Iu9MsCNfIfE=,iv:iUD51jsCdT4uBnWiAS20DITCdN1lov0Ibz3EacXNQOs=,tag:46LubofEdvYErTrgsgUGxg==,type:str]
pgp: [] pgp: []
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.7.3 version: 3.7.3

9
kubernetes/cluster-0/apps/networking/smtp-relay/helm-release.yaml
View File

@@ -25,6 +25,8 @@ spec:
controller: controller:
replicas: 1 replicas: 1
strategy: RollingUpdate strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image: image:
repository: ghcr.io/foxcpp/maddy repository: ghcr.io/foxcpp/maddy
tag: 0.6.2 tag: 0.6.2
@@ -36,7 +38,7 @@ spec:
SMTP_PORT: "465" SMTP_PORT: "465"
envFrom: envFrom:
- secretRef: - secretRef:
name: *app name: smtp-relay-secret
service: service:
main: main:
type: LoadBalancer type: LoadBalancer
@@ -61,7 +63,7 @@ spec:
config: config:
enabled: true enabled: true
type: configMap type: configMap
name: *app name: smtp-relay-configmap
subPath: maddy.conf subPath: maddy.conf
mountPath: /data/maddy.conf mountPath: /data/maddy.conf
readOnly: true readOnly: true
@@ -71,9 +73,6 @@ spec:
medium: Memory medium: Memory
sizeLimit: 1Gi sizeLimit: 1Gi
mountPath: /dev/shm mountPath: /dev/shm
podAnnotations:
configmap.reloader.stakater.com/reload: *app
secret.reloader.stakater.com/reload: *app
topologySpreadConstraints: topologySpreadConstraints:
- maxSkew: 1 - maxSkew: 1
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname

2
kubernetes/cluster-0/apps/networking/smtp-relay/kustomization.yaml
View File

@@ -6,7 +6,7 @@ resources:
- secret.sops.yaml - secret.sops.yaml
namespace: default namespace: default
configMapGenerator: configMapGenerator:
- name: smtp-relay - name: smtp-relay-configmap
files: files:
- maddy.conf - maddy.conf
generatorOptions: generatorOptions:

6
kubernetes/cluster-0/apps/networking/smtp-relay/secret.sops.yaml
View File

@@ -3,7 +3,7 @@ kind: Secret
apiVersion: v1 apiVersion: v1
type: Opaque type: Opaque
metadata: metadata:
name: smtp-relay name: smtp-relay-secret
namespace: default namespace: default
stringData: stringData:
SMTP_PASSWORD: ENC[AES256_GCM,data:Yf/FCPWceNJadwSaTvNXug==,iv:eErTrc6gWkClzoMmLgkz6xgaUA/W7cZoxhgGeCuHPyk=,tag:HYWJN3imrt/Umv4NREuQpg==,type:str] SMTP_PASSWORD: ENC[AES256_GCM,data:Yf/FCPWceNJadwSaTvNXug==,iv:eErTrc6gWkClzoMmLgkz6xgaUA/W7cZoxhgGeCuHPyk=,tag:HYWJN3imrt/Umv4NREuQpg==,type:str]
@@ -22,8 +22,8 @@ sops:
U003SkswTXRYaUdWYzVRL2oxb2RGdEEKQojCy0af9JFKnKSYQhT2C1sXIBjfKjEz U003SkswTXRYaUdWYzVRL2oxb2RGdEEKQojCy0af9JFKnKSYQhT2C1sXIBjfKjEz
b7/1MAC99t37PRSsyh+ALf6DctqxysHKpG6Ku/RAchPqd2MwtIjWlQ== b7/1MAC99t37PRSsyh+ALf6DctqxysHKpG6Ku/RAchPqd2MwtIjWlQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-13T20:15:28Z" lastmodified: "2022-12-01T22:33:34Z"
mac: ENC[AES256_GCM,data:PwHnx7chnuV4lmmdZO+areDkucOHdR03xkk9DPiB3GT4NKGvO0lBBRr/KkrENRRoL8EwsYD2UH/o6SPdes76F0vFJYzP3Q33kBY4dRpIzTcbzKFwpvmQszzmDbFFZoUe25Fq0kDcMN2IC20MwvNHFQDJFwQJ4JkWLwRuP6rAIjQ=,iv:thrY5JxFdidqumX+APUxthqdcKrmozQ6zLnmGTzMrFk=,tag:KBXseUVIAMvIDTN2krEY5Q==,type:str] mac: ENC[AES256_GCM,data:guldqBejtXp67NO2A/B0kPCLlJmpE7OAp04IRnv8iaMyvo/TxBkgvC8PQ/oQesxf2KNlJ671ewlIU9IdDres8qAC6ytV+iWVZGusOQfXKZKO5EWygckXokvs7jIfxWI7TdztLCMXlzaVDyH4fnrg2x4luxc3PNrctDfzu/vEP3s=,iv:Z9XHDirjaOs5UU5hWakGWDAvzvadIbJvBp4QbXCiw24=,tag:9WLfHq0SIQRvJqUmNWrSXA==,type:str]
pgp: [] pgp: []
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.7.3 version: 3.7.3