⚰️ archive semaphore + attic

2025-09-17 18:24:14 +02:00 · 2023-10-15 10:56:48 +02:00
parent b85117d1dd
commit ccb0f0b4e4
15 changed files with 0 additions and 2 deletions
--- a/kubernetes/archive/semaphore/app/externalsecret.yaml
+++ b/kubernetes/archive/semaphore/app/externalsecret.yaml
@@ -0,0 +1,37 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: semaphore
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: semaphore-secret
+    creationPolicy: Owner
+    template:
+      data:
+        # Ansible Semaphore
+        SEMAPHORE_DB_USER: &dbUser "{{ .POSTGRES_USER }}"
+        SEMAPHORE_DB_PASS: &dbPass "{{ .POSTGRES_PASS }}"
+        SEMAPHORE_DB_HOST: &dbHost postgres-rw.default.svc.cluster.local
+        SEMAPHORE_DB_PORT: "5432"
+        SEMAPHORE_DB: &dbName semaphore
+        SEMAPHORE_ADMIN: "{{ .username }}"
+        SEMAPHORE_ADMIN_PASSWORD: "{{ .password }}"
+        SEMAPHORE_ADMIN_NAME: "{{ .SEMAPHORE_ADMIN_NAME }}"
+        SEMAPHORE_ACCESS_KEY_ENCRYPTION: "{{ .SEMAPHORE_ACCESS_KEY_ENCRYPTION }}"
+        # Postgres Init
+        INIT_POSTGRES_DBNAME: *dbName
+        INIT_POSTGRES_HOST: *dbHost
+        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
+        INIT_POSTGRES_USER: *dbUser
+        INIT_POSTGRES_PASS: *dbPass
+  dataFrom:
+    - extract:
+        key: cloudnative-pg
+    - extract:
+        key: semaphore
--- a/kubernetes/archive/semaphore/app/gatus.yaml
+++ b/kubernetes/archive/semaphore/app/gatus.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: semaphore-gatus-ep
+  namespace: default
+  labels:
+    gatus.io/enabled: "true"
+data:
+  config.yaml: |
+    endpoints:
+      - name: semaphore
+        group: internal
+        url: https://semaphore.${SECRET_CLUSTER_DOMAIN}/auth/login
+        interval: 1m
+        client:
+          insecure: true
+        conditions:
+          - "[STATUS] == 200"
+        alerts:
+          - type: pushover
+
--- a/kubernetes/archive/semaphore/app/helmrelease.yaml
+++ b/kubernetes/archive/semaphore/app/helmrelease.yaml
@@ -0,0 +1,73 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: semaphore
+  namespace: default
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    initContainers:
+      01-init-db:
+        image: ghcr.io/auricom/postgres-init:15.4
+        imagePullPolicy: IfNotPresent
+        envFrom: &envFrom
+          - secretRef:
+              name: semaphore-secret
+    controller:
+      annotations:
+        reloader.stakater.com/auto: "true"
+    image:
+      repository: ghcr.io/onedr0p/semaphore
+      tag: v2.9.4
+    env:
+      SEMAPHORE_DB_DIALECT: postgres
+      SEMAPHORE_LDAP_ACTIVATED: "no"
+      SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
+      SEMAPHORE_ADMIN_EMAIL: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
+    envFrom: *envFrom
+    service:
+      main:
+        ports:
+          http:
+            port: 3000
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: nginx
+        annotations:
+          hajimari.io/icon: mdi:ansible
+        hosts:
+          - host: &host "{{ .Release.Name }}.kube.${SECRET_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    resources:
+      requests:
+        cpu: 10m
+        memory: 50Mi
+      limits:
+        memory: 1000Mi
--- a/kubernetes/archive/semaphore/app/kustomization.yaml
+++ b/kubernetes/archive/semaphore/app/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./externalsecret.yaml
+  - ./gatus.yaml
+  - ./helmrelease.yaml
--- a/kubernetes/archive/semaphore/ks.yaml
+++ b/kubernetes/archive/semaphore/ks.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cluster-apps-semaphore
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  dependsOn:
+    - name: cluster-apps-external-secrets-stores
+    - name: cluster-apps-cloudnative-pg-app
+  path: ./kubernetes/apps/default/semaphore/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: semaphore
+      namespace: default
+  interval: 30m
+  retryInterval: 1m
+  timeout: 3m