mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
🔧 dns optim
This commit is contained in:
auricom
@@ -4,11 +4,11 @@ session:
|
|||||||
high_availability:
|
high_availability:
|
||||||
sentinel_name: redis-master
|
sentinel_name: redis-master
|
||||||
nodes:
|
nodes:
|
||||||
- host: redis-node-0.redis-headless.default.svc.cluster.local
|
- host: redis-node-0.redis-headless.default.svc.cluster.local.
|
||||||
port: 26379
|
port: 26379
|
||||||
- host: redis-node-1.redis-headless.default.svc.cluster.local
|
- host: redis-node-1.redis-headless.default.svc.cluster.local.
|
||||||
port: 26379
|
port: 26379
|
||||||
- host: redis-node-2.redis-headless.default.svc.cluster.local
|
- host: redis-node-2.redis-headless.default.svc.cluster.local.
|
||||||
port: 26379
|
port: 26379
|
||||||
|
|
||||||
access_control:
|
access_control:
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ spec:
|
|||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER: "(&(memberUid={username})(objectClass=posixGroup))"
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER: "(&(memberUid={username})(objectClass=posixGroup))"
|
||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE: cn
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE: cn
|
||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_MAIL_ATTRIBUTE: mail
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_MAIL_ATTRIBUTE: mail
|
||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL: "ldap://glauth.default.svc.cluster.local:389"
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL: "ldap://glauth.default.svc.cluster.local.:389"
|
||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: cn=search,ou=svcaccts,dc=home,dc=arpa
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: cn=search,ou=svcaccts,dc=home,dc=arpa
|
||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERNAME_ATTRIBUTE: uid
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERNAME_ATTRIBUTE: uid
|
||||||
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER: "(&({username_attribute}={input})(objectClass=posixAccount))"
|
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER: "(&({username_attribute}={input})(objectClass=posixAccount))"
|
||||||
@@ -22,16 +22,16 @@ spec:
|
|||||||
AUTHELIA_DUO_API_DISABLE: "true"
|
AUTHELIA_DUO_API_DISABLE: "true"
|
||||||
AUTHELIA_LOG_LEVEL: trace
|
AUTHELIA_LOG_LEVEL: trace
|
||||||
AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS: "true"
|
AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS: "true"
|
||||||
AUTHELIA_NOTIFIER_SMTP_HOST: smtp-relay.default.svc.cluster.local
|
AUTHELIA_NOTIFIER_SMTP_HOST: smtp-relay.default.svc.cluster.local.
|
||||||
AUTHELIA_NOTIFIER_SMTP_PORT: 2525
|
AUTHELIA_NOTIFIER_SMTP_PORT: 2525
|
||||||
AUTHELIA_NOTIFIER_SMTP_SENDER: "Authelia <authelia@${SECRET_DOMAIN}>"
|
AUTHELIA_NOTIFIER_SMTP_SENDER: "Authelia <authelia@${SECRET_DOMAIN}>"
|
||||||
AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true"
|
AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true"
|
||||||
AUTHELIA_SERVER_PORT: 80
|
AUTHELIA_SERVER_PORT: 80
|
||||||
AUTHELIA_SESSION_DOMAIN: "${SECRET_CLUSTER_DOMAIN}"
|
AUTHELIA_SESSION_DOMAIN: "${SECRET_CLUSTER_DOMAIN}"
|
||||||
AUTHELIA_SESSION_REDIS_DATABASE_INDEX: 14
|
AUTHELIA_SESSION_REDIS_DATABASE_INDEX: 14
|
||||||
AUTHELIA_SESSION_REDIS_HOST: redis.default.svc.cluster.local
|
AUTHELIA_SESSION_REDIS_HOST: redis.default.svc.cluster.local.
|
||||||
AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
|
AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
|
||||||
AUTHELIA_STORAGE_POSTGRES_HOST: postgres-rw.default.svc.cluster.local
|
AUTHELIA_STORAGE_POSTGRES_HOST: postgres-rw.default.svc.cluster.local.
|
||||||
AUTHELIA_TELEMETRY_METRICS_ADDRESS: "tcp://0.0.0.0:8080"
|
AUTHELIA_TELEMETRY_METRICS_ADDRESS: "tcp://0.0.0.0:8080"
|
||||||
AUTHELIA_TELEMETRY_METRICS_ENABLED: "true"
|
AUTHELIA_TELEMETRY_METRICS_ENABLED: "true"
|
||||||
AUTHELIA_THEME: grey
|
AUTHELIA_THEME: grey
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: authelia
|
value: authelia
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -39,7 +39,7 @@ spec:
|
|||||||
RUN_AT_START: true
|
RUN_AT_START: true
|
||||||
database:
|
database:
|
||||||
DB_TYPE: postgres
|
DB_TYPE: postgres
|
||||||
HOST: postgres-rw.default.svc.cluster.local:5432
|
HOST: postgres-rw.default.svc.cluster.local.:5432
|
||||||
NAME: gitea
|
NAME: gitea
|
||||||
SCHEMA: public
|
SCHEMA: public
|
||||||
SSL_MODE: disable
|
SSL_MODE: disable
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ spec:
|
|||||||
OIDC_USERNAME_CLAIM: email
|
OIDC_USERNAME_CLAIM: email
|
||||||
PORT: 80
|
PORT: 80
|
||||||
REDIS_URL: ioredis://eyJkYiI6MTUsInNlbnRpbmVscyI6W3siaG9zdCI6InJlZGlzLW5vZGUtMC5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMS5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMi5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9XSwibmFtZSI6InJlZGlzLW1hc3RlciJ9
|
REDIS_URL: ioredis://eyJkYiI6MTUsInNlbnRpbmVscyI6W3siaG9zdCI6InJlZGlzLW5vZGUtMC5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMS5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMi5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9XSwibmFtZSI6InJlZGlzLW1hc3RlciJ9
|
||||||
SMTP_HOST: smtp-relay.default.svc.cluster.local
|
SMTP_HOST: smtp-relay.default.svc.cluster.local.
|
||||||
SMTP_PORT: 2525
|
SMTP_PORT: 2525
|
||||||
SMTP_FROM_EMAIL: "outline@${SECRET_DOMAIN}"
|
SMTP_FROM_EMAIL: "outline@${SECRET_DOMAIN}"
|
||||||
SMTP_SECURE: "false"
|
SMTP_SECURE: "false"
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: *app
|
value: *app
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ stringData:
|
|||||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:2GGPneKPmFEtq3A9X7fskiv/FnKv5deoyzNx0/euYrTOJKrRiTgj8g==,iv:u1LLrjxP1GwWcM1FJLjB9OpUFTPI0D9IZEX86IHGpmU=,tag:7vq4QeQagU2B9+WShheDKg==,type:str]
|
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:2GGPneKPmFEtq3A9X7fskiv/FnKv5deoyzNx0/euYrTOJKrRiTgj8g==,iv:u1LLrjxP1GwWcM1FJLjB9OpUFTPI0D9IZEX86IHGpmU=,tag:7vq4QeQagU2B9+WShheDKg==,type:str]
|
||||||
SECRET_KEY: ENC[AES256_GCM,data:RUjf4wghv9PnDdSNWeytoDRzH+A7wa8RNYDP+MYIf8KHjOGyVNzZwEuS8ah8wy8tvBWAE9kykOC1KhP+wFofIA==,iv:3z7NZ87ILlyrkx4YMWQ9uFL2W31bTmwZFkJxOHgSVvo=,tag:umplfrhjvCZX9Ucneo7Q+Q==,type:str]
|
SECRET_KEY: ENC[AES256_GCM,data:RUjf4wghv9PnDdSNWeytoDRzH+A7wa8RNYDP+MYIf8KHjOGyVNzZwEuS8ah8wy8tvBWAE9kykOC1KhP+wFofIA==,iv:3z7NZ87ILlyrkx4YMWQ9uFL2W31bTmwZFkJxOHgSVvo=,tag:umplfrhjvCZX9Ucneo7Q+Q==,type:str]
|
||||||
UTILS_SECRET: ENC[AES256_GCM,data:r5DADkQbM5fEBsWs7ddUx2PXnt+ePiQcJZgKMmHYpkddmPFeS5xpJGgbhun7v409aKJLQRm/tUIysBlxHlnSbA==,iv:cP2KQeUmgjoXuY7UnQ57M4tBUeO0hELGe+HrSB5RJ3Q=,tag:HD4lccnbZXjllmOLyEHY3Q==,type:str]
|
UTILS_SECRET: ENC[AES256_GCM,data:r5DADkQbM5fEBsWs7ddUx2PXnt+ePiQcJZgKMmHYpkddmPFeS5xpJGgbhun7v409aKJLQRm/tUIysBlxHlnSbA==,iv:cP2KQeUmgjoXuY7UnQ57M4tBUeO0hELGe+HrSB5RJ3Q=,tag:HD4lccnbZXjllmOLyEHY3Q==,type:str]
|
||||||
DATABASE_URL: ENC[AES256_GCM,data:GQDEa98NXUyrReZlVpVf83n66QTe0eZAfYSQ2C6ukeRlALZTcpuhC0RxVrZJT6/L4GrZsqZ/VIWJlm9fStY+6ulNJPyBcfkDZOuVKXnhsT1oZfNy4JJAJXVq,iv:hvCEii7DnubCuZ7sm5j7e+iPgZQHNooPhjtjBvCFD+s=,tag:ZNla57lzZrud3JdBbO+zmQ==,type:str]
|
DATABASE_URL: ENC[AES256_GCM,data:PmbXB90u/mb/hpEgxxyyegCjaaQNadKcIIZ/QX/WZho0/jq/qsUu9lnX9j1D2TWiY2zsL8pfb0Fgdznki8/2U7bmezScEXlN660yB1F5fdnj5oktK+z8wmg8,iv:mDs74Ynp0xLJlgAh250PYSfGb50PuayHKGP9RyXlK88=,tag:hZYRJxrOToPOg1XNZtX6CQ==,type:str]
|
||||||
POSTGRES_USER: ENC[AES256_GCM,data:4FlwiUkmmQ==,iv:f/mOMCV34bvseHAJ37AaUIZUYcBobtdIAYN/5ONhGbg=,tag:HFvPkQh2i/BtnynAjP0uhg==,type:str]
|
POSTGRES_USER: ENC[AES256_GCM,data:4FlwiUkmmQ==,iv:f/mOMCV34bvseHAJ37AaUIZUYcBobtdIAYN/5ONhGbg=,tag:HFvPkQh2i/BtnynAjP0uhg==,type:str]
|
||||||
POSTGRES_PASS: ENC[AES256_GCM,data:HTbSg+yj1iKqlGmPPwql+GD+psM=,iv:fMHU+AYZ/NfgtCstuQIfnBmKRD2n3hMmFKSqC5akB/c=,tag:v16K+iZZVQZ9gpBIBWgyfQ==,type:str]
|
POSTGRES_PASS: ENC[AES256_GCM,data:HTbSg+yj1iKqlGmPPwql+GD+psM=,iv:fMHU+AYZ/NfgtCstuQIfnBmKRD2n3hMmFKSqC5akB/c=,tag:v16K+iZZVQZ9gpBIBWgyfQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
@@ -28,8 +28,8 @@ sops:
|
|||||||
eGsyL3NhNS8xdUp0VlNQbWRYbHFLYW8KeMc82BlegMJMtAF/WGMbXhpf2MVvUP5q
|
eGsyL3NhNS8xdUp0VlNQbWRYbHFLYW8KeMc82BlegMJMtAF/WGMbXhpf2MVvUP5q
|
||||||
ehHCSwpe3a8WwXEBNu1u5IPcnMO4Fo5HhjLbMx6H1Ynd6KdyDXUKEg==
|
ehHCSwpe3a8WwXEBNu1u5IPcnMO4Fo5HhjLbMx6H1Ynd6KdyDXUKEg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-09-14T17:45:25Z"
|
lastmodified: "2022-09-16T12:43:00Z"
|
||||||
mac: ENC[AES256_GCM,data:gJm7NfuIi4ftbxKpJInh3Le4p0F8BIr2LYbTqWeR3posJAqkEs1By7GtXbu8TWeeIpP2vmqul4iHKNgCp74ghyEkSDSCfRhuumz/mf+2bwqG2JxUtrl+WMtn5hmepAvxj3LUXUskC8YqGwHmd8cqnnSxbx9w8L5I4E8ODBNG0cw=,iv:2gjQZJxhj+xTEuudePJlQjovjBwqcjoNXmE+Mu+033E=,tag:rOz33EGi+sRSjrW2ByoRcw==,type:str]
|
mac: ENC[AES256_GCM,data:6RfDQu9CTAOg1AwfKn05qvBv/K1II3nUpMsei3qQKbcUPztn+hpxjiByz1WoGN2u5WBvRJK+Jeo3Z0L1MkC78YjLydhXvnKpdcQFBFob+q9E3FdkqHgqh/SroyaZHSykDWSEGDwqb9/iYONTXPUxchQYKFH/5YTRU2Qms8hoeqI=,iv:ZnilmIpjCA10gV53FOV23iw0pOwrYoMCTX20nb5sDCc=,tag:VDfFckR0iC/tdv1ra2Qd2A==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
1. Create base64 encoded Redis configuation
|
1. Create base64 encoded Redis configuation
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
echo -n '{"db":15,"sentinels":[{"host":"redis-node-0.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-1.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-2.redis-headless.default.svc.cluster.local","port":26379}],"name":"redis-master"}' \
|
echo -n '{"db":15,"sentinels":[{"host":"redis-node-0.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-1.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-2.redis-headless.default.svc.cluster.local","port":26379}],"name":"redis-master"}' \
|
||||||
| base64 -w 0
|
| base64 -w 0
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ logger:
|
|||||||
frigate.record: debug
|
frigate.record: debug
|
||||||
|
|
||||||
mqtt:
|
mqtt:
|
||||||
host: emqx.default.svc.cluster.local
|
host: emqx.default.svc.cluster.local.
|
||||||
topic_prefix: frigate
|
topic_prefix: frigate
|
||||||
user: "{MQTT_USER}"
|
user: "{MQTT_USER}"
|
||||||
password: "{MQTT_PASSWORD}"
|
password: "{MQTT_PASSWORD}"
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ spec:
|
|||||||
tag: 2022.9.4@sha256:fb5ddff05e523de61708c19209dfbac4e283f4f5d72004abb269cc516474a6b4
|
tag: 2022.9.4@sha256:fb5ddff05e523de61708c19209dfbac4e283f4f5d72004abb269cc516474a6b4
|
||||||
env:
|
env:
|
||||||
TZ: "${TIMEZONE}"
|
TZ: "${TIMEZONE}"
|
||||||
POSTGRES_HOST: postgres-rw.default.svc.cluster.local
|
POSTGRES_HOST: postgres-rw.default.svc.cluster.local.
|
||||||
POSTGRES_DB: home_assistant
|
POSTGRES_DB: home_assistant
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: home_assistant
|
value: home_assistant
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ spec:
|
|||||||
env:
|
env:
|
||||||
LOG_LEVEL: DEBUG
|
LOG_LEVEL: DEBUG
|
||||||
LOG_MQTT_MESSAGE: "True"
|
LOG_MQTT_MESSAGE: "True"
|
||||||
MQTT_ADDRESS: emqx.default.svc.cluster.local
|
MQTT_ADDRESS: emqx.default.svc.cluster.local.
|
||||||
MQTT_TOPIC: "zigbee2mqtt/#"
|
MQTT_TOPIC: "zigbee2mqtt/#"
|
||||||
MQTT_V5_PROTOCOL: "True"
|
MQTT_V5_PROTOCOL: "True"
|
||||||
MQTT_USERNAME: ${SECRET_MQTT_USER}
|
MQTT_USERNAME: ${SECRET_MQTT_USER}
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ spec:
|
|||||||
permit_join: false
|
permit_join: false
|
||||||
mqtt:
|
mqtt:
|
||||||
base_topic: zigbee2mqtt
|
base_topic: zigbee2mqtt
|
||||||
server: "mqtt://emqx.default.svc.cluster.local"
|
server: "mqtt://emqx.default.svc.cluster.local."
|
||||||
user: ${SECRET_MQTT_USER}
|
user: ${SECRET_MQTT_USER}
|
||||||
password: ${SECRET_MQTT_PASSWORD}
|
password: ${SECRET_MQTT_PASSWORD}
|
||||||
serial:
|
serial:
|
||||||
@@ -68,8 +68,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.default.svc.cluster.local/api/verify"
|
auth.home.arpa/enabled: "true"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://auth.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
- host: "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
+(nginx.ingress.kubernetes.io/auth-method): GET
|
+(nginx.ingress.kubernetes.io/auth-method): GET
|
||||||
+(nginx.ingress.kubernetes.io/auth-url): |-
|
+(nginx.ingress.kubernetes.io/auth-url): |-
|
||||||
http://authelia.default.svc.cluster.local/api/verify
|
http://authelia.default.svc.cluster.local./api/verify
|
||||||
+(nginx.ingress.kubernetes.io/auth-signin): |-
|
+(nginx.ingress.kubernetes.io/auth-signin): |-
|
||||||
https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
+(nginx.ingress.kubernetes.io/auth-response-headers): |-
|
+(nginx.ingress.kubernetes.io/auth-response-headers): |-
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ spec:
|
|||||||
extraArgs:
|
extraArgs:
|
||||||
storage: prometheus
|
storage: prometheus
|
||||||
prometheus-address: |-
|
prometheus-address: |-
|
||||||
http://thanos-query.monitoring.svc.cluster.local:9090
|
http://thanos-query.monitoring.svc.cluster.local.:9090
|
||||||
updater:
|
updater:
|
||||||
enabled: false
|
enabled: false
|
||||||
admissionController:
|
admissionController:
|
||||||
|
|||||||
@@ -34,10 +34,10 @@ spec:
|
|||||||
TIMEZONE: ${TIMEZONE}
|
TIMEZONE: ${TIMEZONE}
|
||||||
APP_NAME: Lychee
|
APP_NAME: Lychee
|
||||||
DB_CONNECTION: pgsql
|
DB_CONNECTION: pgsql
|
||||||
DB_HOST: postgres-rw.default.svc.cluster.local
|
DB_HOST: postgres-rw.default.svc.cluster.local.
|
||||||
DB_PORT: 5432
|
DB_PORT: 5432
|
||||||
DB_DATABASE: lychee
|
DB_DATABASE: lychee
|
||||||
REDIS_HOST: redis.default.svc.cluster.local
|
REDIS_HOST: redis.default.svc.cluster.local.
|
||||||
REDIS_PORT: 6379
|
REDIS_PORT: 6379
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: lychee
|
value: lychee
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -94,8 +94,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.default.svc.cluster.local/api/verify"
|
auth.home.arpa/enabled: "true"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://auth.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: "blackbox.${SECRET_CLUSTER_DOMAIN}"
|
- host: "blackbox.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
|
|||||||
@@ -97,12 +97,12 @@ spec:
|
|||||||
- name: Prometheus
|
- name: Prometheus
|
||||||
type: prometheus
|
type: prometheus
|
||||||
access: proxy
|
access: proxy
|
||||||
url: http://thanos-query.monitoring.svc.cluster.local:9090
|
url: http://thanos-query.monitoring.svc.cluster.local.:9090
|
||||||
isDefault: true
|
isDefault: true
|
||||||
# - name: Loki
|
# - name: Loki
|
||||||
# type: loki
|
# type: loki
|
||||||
# access: proxy
|
# access: proxy
|
||||||
# url: http://loki-gateway.monitoring.svc.cluster.local:80
|
# url: http://loki-gateway.monitoring.svc.cluster.local.:80
|
||||||
dashboards:
|
dashboards:
|
||||||
default:
|
default:
|
||||||
home-assistant:
|
home-assistant:
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ spec:
|
|||||||
ALLOWED_HOSTS: "*"
|
ALLOWED_HOSTS: "*"
|
||||||
DEBUG: "False"
|
DEBUG: "False"
|
||||||
DB: postgres
|
DB: postgres
|
||||||
DB_HOST: postgres-rw.default.svc.cluster.local
|
DB_HOST: postgres-rw.default.svc.cluster.local.
|
||||||
DB_PORT: 5432
|
DB_PORT: 5432
|
||||||
DB_NAME: healthchecks
|
DB_NAME: healthchecks
|
||||||
SITE_ROOT: "https://healthchecks.${SECRET_CLUSTER_DOMAIN}"
|
SITE_ROOT: "https://healthchecks.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: healthchecks
|
value: healthchecks
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -118,8 +118,7 @@ spec:
|
|||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.default.svc.cluster.local/api/verify"
|
auth.home.arpa/enabled: "true"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://auth.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
@@ -365,8 +364,7 @@ spec:
|
|||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.default.svc.cluster.local/api/verify"
|
auth.home.arpa/enabled: "true"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://auth.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
|
|||||||
@@ -38,8 +38,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
hostname: &host "thanos-query.${SECRET_CLUSTER_DOMAIN}"
|
hostname: &host "thanos-query.${SECRET_CLUSTER_DOMAIN}"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.default.svc.cluster.local/api/verify"
|
auth.home.arpa/enabled: "true"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://auth.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
tls: true
|
tls: true
|
||||||
extraTls:
|
extraTls:
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: freshrss
|
value: freshrss
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -34,7 +34,7 @@ spec:
|
|||||||
APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN}
|
APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN}
|
||||||
APP_PORT: 80
|
APP_PORT: 80
|
||||||
DB_CLIENT: pg
|
DB_CLIENT: pg
|
||||||
POSTGRES_HOST: postgres-rw.default.svc.cluster.local
|
POSTGRES_HOST: postgres-rw.default.svc.cluster.local.
|
||||||
POSTGRES_PORT: 5432
|
POSTGRES_PORT: 5432
|
||||||
POSTGRES_DATABASE: joplin
|
POSTGRES_DATABASE: joplin
|
||||||
envFrom:
|
envFrom:
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: joplin
|
value: joplin
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ spec:
|
|||||||
WEBSOCKET_ENABLED: "true"
|
WEBSOCKET_ENABLED: "true"
|
||||||
WEBSOCKET_ADDRESS: 0.0.0.0
|
WEBSOCKET_ADDRESS: 0.0.0.0
|
||||||
WEBSOCKET_PORT: 3012
|
WEBSOCKET_PORT: 3012
|
||||||
SMTP_HOST: smtp-relay.default.svc.cluster.local
|
SMTP_HOST: smtp-relay.default.svc.cluster.local.
|
||||||
SMTP_FROM: vaultwarden@${SECRET_DOMAIN}
|
SMTP_FROM: vaultwarden@${SECRET_DOMAIN}
|
||||||
SMTP_FROM_NAME: vaultwarden
|
SMTP_FROM_NAME: vaultwarden
|
||||||
SMTP_PORT: 2525
|
SMTP_PORT: 2525
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: vaultwarden
|
value: vaultwarden
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ metadata:
|
|||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
ADMIN_TOKEN: ENC[AES256_GCM,data:lckmNXsxah0qbl0Lj+U9ow9iL8i2UcELDBVHX/auyfqW+1Lp6QzutQ9A20m04y9RHRU8ifXo4mfaA5Bn6FvuYQ==,iv:qWBB0oeZJ7Bju+nGdrGZm/hjODi7vPVnRb6Qiw0jmFY=,tag:Sg5nfHjFx5jo6GD0GGglwg==,type:str]
|
ADMIN_TOKEN: ENC[AES256_GCM,data:lckmNXsxah0qbl0Lj+U9ow9iL8i2UcELDBVHX/auyfqW+1Lp6QzutQ9A20m04y9RHRU8ifXo4mfaA5Bn6FvuYQ==,iv:qWBB0oeZJ7Bju+nGdrGZm/hjODi7vPVnRb6Qiw0jmFY=,tag:Sg5nfHjFx5jo6GD0GGglwg==,type:str]
|
||||||
DATABASE_URL: ENC[AES256_GCM,data:u4ImZ9qoL26ZuSb+swKYYwA2b9TFLoCK4kikUDn1MjuL3VUEnc9s4+vGoNpUfIEeDVSiss2HS8hwovGZaATmHHZ2ZYbCvHEzkWeZFzRESAALRcySoJvWdc2MBztUlnR17OI=,iv:nQ8308NeVmdRane6aF9RJABhsrNcjpcKLiBwlWfrnoU=,tag:rqiOJyrCAama+0+O0y1EiQ==,type:str]
|
DATABASE_URL: ENC[AES256_GCM,data:mFxeL8sQIuEG0x+c9ZN9cgFzx4xLOEFprQuNL12w6ZuGxMlY2gAJ3W/fktnbSqHveaKqBulKrh8StS/AtFZ9P27EPZqZuIPDJ3JI42zWtB2krW9CmK7SIa+oxfRLCdXug646,iv:vwlwfOcuXjE6kXLcASqq4yXNrA6jblfr5d0j8jlFTSw=,tag:yR2TzKyhpRlc91U3ob5rkg==,type:str]
|
||||||
POSTGRES_USER: ENC[AES256_GCM,data:C8AE1A15q9TnIqk=,iv:4B+9fmpVu6B4HyQ2FF6tiCBYBP8q88ExRfLZuyIbbIA=,tag:tCPk0oYjP2uQfKu6a4HP4g==,type:str]
|
POSTGRES_USER: ENC[AES256_GCM,data:C8AE1A15q9TnIqk=,iv:4B+9fmpVu6B4HyQ2FF6tiCBYBP8q88ExRfLZuyIbbIA=,tag:tCPk0oYjP2uQfKu6a4HP4g==,type:str]
|
||||||
POSTGRES_PASS: ENC[AES256_GCM,data:er6JHXy0vxBperPCq3fWOWYh,iv:aUh/ZwFb4XWirA5V0/9O8dIsQHQlWJIqe8cq5WXAlv4=,tag:M++5dqnSyY5DVKyxaoCkMg==,type:str]
|
POSTGRES_PASS: ENC[AES256_GCM,data:er6JHXy0vxBperPCq3fWOWYh,iv:aUh/ZwFb4XWirA5V0/9O8dIsQHQlWJIqe8cq5WXAlv4=,tag:M++5dqnSyY5DVKyxaoCkMg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
@@ -25,8 +25,8 @@ sops:
|
|||||||
OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
|
OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
|
||||||
LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
|
LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-09-15T21:35:50Z"
|
lastmodified: "2022-09-16T11:38:24Z"
|
||||||
mac: ENC[AES256_GCM,data:tFXnYyC/p3WV9675X1MdeVXZR67Byr5W0U6jIoAepTDvZNasFazUtyJbYoPTE+Jgw4KUeoPUuAi0THkTEu8h+qeXiCBAMw9RZzfYXgMqED0dc93fVpcqf/8FD4X4jG0EToFTkbwcVF3/WeRwVI4iCDZ255Cr+EAowIbGw5PrkuI=,iv:ZDOjJfrUNKIRrpz7/mAQqJ2hgkObLQS2zQVLJx2YSVA=,tag:SXUHk074gTFc/ErTD3j9FA==,type:str]
|
mac: ENC[AES256_GCM,data:UvnBQRkO/GDyUkTVPGkXsDCy3HTpjTtFJdQPU6Y375qy+3kI8SJFQ/YlYL3Z5W5OBnriOfMrfzOK8+QbaPGHK9hg2A6dDXPwjF+8YYesUspOJ+lRCoWsuubYJragW7nKcpeNVcMMWPNFK1vPwCR0pC8rBZDOF8dXoGe9Ozk1yvA=,iv:2P/c5IXti6zV/j9QFynvS+bXwgH6mANh6CzB4vCmE1Q=,tag:GmOovYX2kVjDL9fm17gAHw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|||||||
@@ -8,10 +8,10 @@ spec:
|
|||||||
values:
|
values:
|
||||||
env:
|
env:
|
||||||
SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql
|
SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql
|
||||||
SYMFONY__ENV__DATABASE_HOST: postgres-rw.default.svc.cluster.local
|
SYMFONY__ENV__DATABASE_HOST: postgres-rw.default.svc.cluster.local.
|
||||||
SYMFONY__ENV__DATABASE_PORT: 5432
|
SYMFONY__ENV__DATABASE_PORT: 5432
|
||||||
SYMFONY__ENV__DATABASE_NAME: wallabag
|
SYMFONY__ENV__DATABASE_NAME: wallabag
|
||||||
SYMFONY__ENV__REDIS_HOST: redis.default.svc.cluster.local
|
SYMFONY__ENV__REDIS_HOST: redis.default.svc.cluster.local.
|
||||||
SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_CLUSTER_DOMAIN}
|
SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_CLUSTER_DOMAIN}
|
||||||
SYMFONY__ENV__SERVER_NAME: Wallabag
|
SYMFONY__ENV__SERVER_NAME: Wallabag
|
||||||
SYMFONY__ENV__FOSUSER_REGISTRATION: "false"
|
SYMFONY__ENV__FOSUSER_REGISTRATION: "false"
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ spec:
|
|||||||
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
image: ghcr.io/onedr0p/postgres-initdb:14.5
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
value: postgres-rw.default.svc.cluster.local
|
value: postgres-rw.default.svc.cluster.local.
|
||||||
- name: POSTGRES_DB
|
- name: POSTGRES_DB
|
||||||
value: wallabag
|
value: wallabag
|
||||||
- name: POSTGRES_SUPER_PASS
|
- name: POSTGRES_SUPER_PASS
|
||||||
|
|||||||
Reference in New Issue
Block a user