diff --git a/apps/harbor/Chart.yaml b/apps/harbor/Chart.yaml new file mode 100644 index 0000000..7ce915f --- /dev/null +++ b/apps/harbor/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: harbor +description: Harbor registry +type: application +version: 1.0.0 +appVersion: "1.10.2" + +dependencies: + - name: harbor + version: 1.19.0 + repository: https://helm.goharbor.io diff --git a/apps/harbor/templates/iscsi-secrets-sealed.yaml b/apps/harbor/templates/iscsi-secrets-sealed.yaml new file mode 100644 index 0000000..97a52f1 --- /dev/null +++ b/apps/harbor/templates/iscsi-secrets-sealed.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: harbor-iscsi-auth + namespace: harbor +spec: + encryptedData: + discovery.sendtargets.auth.password: AgABfPv3gVBdRs8k9LLTBHhm2sk5lzcXxE4aXf3TI8dMMLGD4l2yI++zEZgh+k4f3abht7To1vtqOSzu1GQc08dWf/q0YgZmUJNuLS0z5vdvSn5RcM5NGMnB6y0SvXQVbSzN5cRg+oBLuwSHJPeF7k82BglOmZSxNLUL8fdNJvDj6ntr62oFaaiAD5D2UCy+ezp32yB9dD0C2F1isU4fyGgA8a0UYQvRbgurQUpq1dH5WWtS9mW7iH0oIhHOl4HUIfO6EGrinvnb2Wne+fgKWbfxwoMonNdo3uJK872OZ5qyvlg9fWMTHb+n10RuTB2z0jt8NdAfDVllnxSeNQaAzMu+cCIQejKoegWua0OC+Tx7smDkOUbkETRHrajy3mDDk88fqJ0s5uN0XmIT8F0ee9tzI070whtZkS9Ku5Gp9waj7ZA4TbawQ0AuVxVQTgGvPxL2A5eGXW6EHGb1RqY52mI0FLzcKXowSUj0PzOHgyWtfkxcyI5oDfLUNg7MxRtLLZspMm/wZi016M1JKlCQa3yGeHTNKkqDGc4oqEdkUPQyW0ItrdqtHT5Jb+9WARN9POMMxiYB15MRdkbXGPYJ1DsIDpDOZvBrKrQCr0DvDa664cXjaS9WWkV8ioSQvqoA3XkMZfmk+uSVC+rxIa/EveJgzfaUEW1O09mJvptFHKg1jMzTPF1UANLOeNQ8WNWXocqEfRaK/GPNTXb9fgUGeHmL + discovery.sendtargets.auth.username: AgA3mX964n6Uo1j0ZDcwHoo3aNgSTomDaqLQi3+Io0E4siQUHsYhBriAyG5yIMijR8g48FY/1x2hg9LVBtDq4C5GNIHDeiJx4B4+q2DV6o5EPSX6STfXKvRl1sv7tuJ0K5zQp0u1eaJ0pN7CGJBFPEQV0U2yslhoi+r/olY8MA+R7oyfsKeI34I1apOowovfeoijGluYNnfuWiKV23dTi+cANq/box34l+ssuCHb4P1UJJc0g5SoGCz9hYkq+9JsCN/pWmqvTp6RZICY3EeKl5Qm87ngZKTHdk0B06Xtq8oyMPIKkGbqeDViTHeGVhSp4i8u0QYRA1tiXFc+TQ13IZTcA92+NkNl4ZWoAktAmMUZhuYLh0zUlxOPHZXgNBDuZDprlQM+/wkOd8v6alOXU0aAm+hGycP7OdHf8IbE/3fb+zY2lTf87SO7keNJEaiXwOZpsbFshWBZUjlXvoF0tFoboDvn95XMkta8VTXR6BfBnStf9IhP2s8iI7DuYUwAxWd4FH/4xR8V0IOS9P/UhuswaHVtYqPn3ZI1oGVXat0EsW8uhrsiU1uOScFlKao+mhYGRhQLayaYrea30z5TcD4NdAe1/BVKTi4A4FoHhRgbpeKPuoOgn3HIRDHBfrmsrrF9htvB9DDhZ85K6wPVCKcNt9v92x6hb/uTwd/i2AZyDBAStCRgFuqVX68onI6ym41c9a5LInE= + node.session.auth.password: AgA7wscGesv+gwpCsrjK69M11vA8k/ewivb4p5dhbbqxj8XckNe/tPJLwWjFegv4eN0mlCy/kHwqqVDrAkjot1enOAxqUhmiodPqHmUMLnJYeShrwkQ4WJJM73/9d//gNSlKJZL+ow5XT0N/GWAnhuoFRm571OaVFFVTaxVjQTSzV0OITVynoEJoVJs4gSQP9lM0lZbDras3P1UgFcq9BsphWC8vfCsi5rXEJojoDLck/otXKlRvd3XztKoWV74bfeiH5O4MTZvjj5BBIKpr7A8mp1ILJ9E+3wlsmwY5yGEnPcuDBWyi5YcdQxWmwU782BqeUZt8fZo2ITBN3NvYDsKah8I/ItaAt2Zm6JERMNlm4aXPqbDvYHG4KupOQjkixckbSo3qQB+oKUkOyJJRulj5HNySOk4BnrNA4f9oQXAO4Q5tQZYj33UXgYittDswkEpBHqTf/VpNuQ1Nuu/1oqCdVQXELZ9tFNOGFdE3XiYGMQi4Fz0HsBQ8mZwcIMARWb7Bp454DVT6LZ3E6rv2xJQYQ9SXGnHKEd+vZZvlkie6ZBCRWc0r+n54rq0x1PQ8WCpGV9zuj9UcTdT2C2uAAScEHkjyBg/o9o4TS7XVCE5IKJqLAHpq0MwPOzog+Nsrx8oZSuy3nGlBWOR9Rm9YtzS5+xmDZLHoAaHzNTsTxCVjdZdO9K2jUBea5yQd1TX5Vqha+SOTbz/w8JoANfZW4ZAO + node.session.auth.username: AgBKUrioCJQXNkz5y5rKILyN7JvJ3koVUAgZ5RqekMxrvjO7I7FuCZ2yspPizHCxO+gTQgBg7nlCEZ6x34SCfhqIr+Y01YXRm81EQqYxk4wAyjwxPwK3DpFsU+ADYCAGiB7Lzxdu76cE4cZ3BMpCLKNOcPFjGWuDhUmtOtU2JT0kKKeGwGn8vEEHBca+7nwJYlqhNdYm5cBS6oH3rIc3GzM/fQyAlxS1SNu9KbxEImR2Ew19fXeEsNjGb8s2tF127Q9KG260dCm1f+wWVhwNsgfarXWCmFgmSonUa78A/huWGF/wG9QQvWbUyHSJyzyNSmtcPx1Nhu4W8M7jwSpo8NHAvnXTDwyY1UmYaUIvXisDxtcbZHtpDMbkg8LKXsM3z/N3zT9q1WSbPoKIbj2vinxrHXjzad2xQ2neqIgQrdPSv2dIwoy/alZrrFBjkaVV97HIbu7uVLnVForrzt5rAPmcY/Q1nX27bfNQ8UrshZvHxKmv4vymbVu2GoyOkb5ziVpxmvdKK66A1zUMZGEEMLqfcEhpZAgn1zMaIsiWOS2HZ90D9kg7RlK5djHzpCSYtGwKr8y7Nta87SYpTk5lxcRRu6S94+47z1O+rxGwWLQ3mcShh5tJljqSiJ7Z8a2QVaQzn24uobUpva3YcXRnktlO/VLkPcu2Pgbb1ZWJDEWzlW7IEc8qOBCyOoZUTNzwQNjtM0JShR4= + template: + metadata: + creationTimestamp: null + name: harbor-iscsi-auth + namespace: harbor + type: kubernetes.io/iscsi-chap diff --git a/apps/harbor/templates/network-policies.yaml b/apps/harbor/templates/network-policies.yaml new file mode 100644 index 0000000..4545fc6 --- /dev/null +++ b/apps/harbor/templates/network-policies.yaml @@ -0,0 +1,37 @@ +apiVersion: "cilium.io/v2" +kind: CiliumNetworkPolicy +metadata: + name: harbor-intra-namespace-allow + namespace: harbor +spec: + description: "Allow all internal Harbor microservices to talk to each other cleanly" + endpointSelector: + matchLabels: + app: harbor + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: harbor + egress: + - toEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: harbor +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-ingress + namespace: harbor +spec: + description: "Allow external traffic from the shared Cilium edge proxy into the harbor namespace services" + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - ingress + toPorts: + - ports: + - port: "80" + protocol: TCP + - port: "8080" + protocol: TCP diff --git a/apps/harbor/templates/pvcs.yaml b/apps/harbor/templates/pvcs.yaml new file mode 100644 index 0000000..67cd7c4 --- /dev/null +++ b/apps/harbor/templates/pvcs.yaml @@ -0,0 +1,74 @@ +# Harbor: Registry +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: harbor-registry + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + storageClassName: harbor-iscsi + volumeName: harbor-registry-pv + resources: + requests: + storage: 200Gi +--- +# Harbor: Jobservice +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: harbor-jobservice + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + storageClassName: harbor-iscsi + volumeName: harbor-jobservice-pv + resources: + requests: + storage: 10Gi +--- +# Harbor: Database +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: harbor-database + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + storageClassName: harbor-iscsi + volumeName: harbor-database-pv + resources: + requests: + storage: 10Gi +--- +# Harbor: Redis +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: harbor-redis + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + storageClassName: harbor-iscsi + volumeName: harbor-redis-pv + resources: + requests: + storage: 10Gi +--- +# Harbor: Trivy +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: harbor-trivy + namespace: harbor +spec: + accessModes: + - ReadWriteOnce + storageClassName: harbor-iscsi + volumeName: harbor-trivy-pv + resources: + requests: + storage: 10Gi diff --git a/harbor-config/storage.yaml b/apps/harbor/templates/pvs.yaml similarity index 62% rename from harbor-config/storage.yaml rename to apps/harbor/templates/pvs.yaml index 1125792..ca32ab7 100644 --- a/harbor-config/storage.yaml +++ b/apps/harbor/templates/pvs.yaml @@ -1,3 +1,4 @@ +# Harbor: Registry apiVersion: v1 kind: PersistentVolume metadata: @@ -10,6 +11,10 @@ spec: volumeMode: Filesystem persistentVolumeReclaimPolicy: Retain storageClassName: harbor-iscsi + # --- PRE-BINDING LOCK --- + claimRef: + namespace: harbor + name: harbor-registry iscsi: targetPortal: truenas.local.gwg313.xyz iqn: iqn.2005-10.org.freenas.ctl:harbor-registry @@ -20,23 +25,6 @@ spec: chapAuthSession: true secretRef: name: harbor-iscsi-auth - namespace: harbor ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: harbor-registry - namespace: harbor -spec: - accessModes: - - ReadWriteOnce - storageClassName: harbor-iscsi - volumeName: harbor-registry-pv - resources: - requests: - storage: 200Gi - -# Harbor: Jobservice --- apiVersion: v1 kind: PersistentVolume @@ -50,6 +38,9 @@ spec: volumeMode: Filesystem persistentVolumeReclaimPolicy: Retain storageClassName: harbor-iscsi + claimRef: + namespace: harbor + name: harbor-jobservice iscsi: targetPortal: truenas.local.gwg313.xyz iqn: iqn.2005-10.org.freenas.ctl:harbor-jobservice @@ -60,23 +51,6 @@ spec: chapAuthSession: true secretRef: name: harbor-iscsi-auth - namespace: harbor ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: harbor-jobservice - namespace: harbor -spec: - accessModes: - - ReadWriteOnce - storageClassName: harbor-iscsi - volumeName: harbor-jobservice-pv - resources: - requests: - storage: 10Gi - -# Harbor: Database --- apiVersion: v1 kind: PersistentVolume @@ -90,6 +64,9 @@ spec: volumeMode: Filesystem persistentVolumeReclaimPolicy: Retain storageClassName: harbor-iscsi + claimRef: + namespace: harbor + name: harbor-database iscsi: targetPortal: truenas.local.gwg313.xyz iqn: iqn.2005-10.org.freenas.ctl:harbor-database @@ -100,23 +77,6 @@ spec: chapAuthSession: true secretRef: name: harbor-iscsi-auth - namespace: harbor ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: harbor-database - namespace: harbor -spec: - accessModes: - - ReadWriteOnce - storageClassName: harbor-iscsi - volumeName: harbor-database-pv - resources: - requests: - storage: 10Gi - -# Harbor: Redis --- apiVersion: v1 kind: PersistentVolume @@ -130,6 +90,9 @@ spec: volumeMode: Filesystem persistentVolumeReclaimPolicy: Retain storageClassName: harbor-iscsi + claimRef: + namespace: harbor + name: harbor-redis iscsi: targetPortal: truenas.local.gwg313.xyz iqn: iqn.2005-10.org.freenas.ctl:harbor-redis @@ -140,23 +103,6 @@ spec: chapAuthSession: true secretRef: name: harbor-iscsi-auth - namespace: harbor ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: harbor-redis - namespace: harbor -spec: - accessModes: - - ReadWriteOnce - storageClassName: harbor-iscsi - volumeName: harbor-redis-pv - resources: - requests: - storage: 10Gi - -# Harbor: Trivy --- apiVersion: v1 kind: PersistentVolume @@ -170,6 +116,9 @@ spec: volumeMode: Filesystem persistentVolumeReclaimPolicy: Retain storageClassName: harbor-iscsi + claimRef: + namespace: harbor + name: harbor-trivy iscsi: targetPortal: truenas.local.gwg313.xyz iqn: iqn.2005-10.org.freenas.ctl:harbor-trivy @@ -180,18 +129,3 @@ spec: chapAuthSession: true secretRef: name: harbor-iscsi-auth - namespace: harbor ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: harbor-trivy - namespace: harbor -spec: - accessModes: - - ReadWriteOnce - storageClassName: harbor-iscsi - volumeName: harbor-trivy-pv - resources: - requests: - storage: 10Gi diff --git a/apps/harbor/templates/route.yaml b/apps/harbor/templates/route.yaml new file mode 100644 index 0000000..1928014 --- /dev/null +++ b/apps/harbor/templates/route.yaml @@ -0,0 +1,38 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: harbor + namespace: harbor +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: shared-edge-gateway + namespace: cilium-ingress + hostnames: + - registry.gwg313.xyz + - registry.local.gwg313.xyz + - registry.zerotier.gwg313.xyz + rules: + - matches: + - path: { type: PathPrefix, value: "/api/" } + - path: { type: PathPrefix, value: "/service/" } + - path: { type: PathPrefix, value: "/chartrepo" } + - path: { type: PathPrefix, value: "/c/" } + - path: { type: PathPrefix, value: "/v1/" } + - path: { type: PathPrefix, value: "/v2/" } + backendRefs: + - group: "" + kind: Service + name: harbor-core + port: 80 + weight: 1 + + - matches: + - path: { type: PathPrefix, value: "/" } + backendRefs: + - group: "" + kind: Service + name: harbor-portal + port: 80 + weight: 1 diff --git a/apps/harbor/values.yaml b/apps/harbor/values.yaml new file mode 100644 index 0000000..6ef23a6 --- /dev/null +++ b/apps/harbor/values.yaml @@ -0,0 +1,111 @@ +harbor: + externalURL: https://registry.gwg313.xyz + + nginx: + replicas: 0 + resources: + requests: + cpu: 10m + memory: 16Mi + limits: + cpu: 50m + memory: 32Mi + + portal: + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + + core: + updateStrategy: + type: Recreate + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + + jobservice: + updateStrategy: + type: Recreate + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 256Mi + + registry: + updateStrategy: + type: Recreate + registry: + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 1000m + memory: 1Gi + controller: + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + + trivy: + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 1000m + memory: 1Gi + + database: + internal: + resources: + requests: + cpu: 200m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + + redis: + internal: + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + + persistence: + enabled: true + persistentVolumeClaim: + registry: + existingClaim: harbor-registry + jobservice: + existingClaim: harbor-jobservice + trivy: + existingClaim: harbor-trivy + database: + existingClaim: harbor-database + redis: + existingClaim: harbor-redis + core: + existingClaim: harbor-core + + ingress: + enabled: false diff --git a/apps_bak/harbor.yaml b/apps_bak/harbor.yaml index f077ad3..fd377a6 100644 --- a/apps_bak/harbor.yaml +++ b/apps_bak/harbor.yaml @@ -3,6 +3,8 @@ kind: Application metadata: name: harbor namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "10" spec: project: default destination: @@ -11,7 +13,7 @@ spec: source: repoURL: https://helm.goharbor.io chart: harbor - targetRevision: 1.14.2 + targetRevision: 1.19.0 helm: releaseName: harbor values: | @@ -49,3 +51,5 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + - ServerSideApply=true + - SkipDryRunOnMissingResource=true diff --git a/cert-manager/values.yaml b/cert-manager/values.yaml deleted file mode 100644 index 66e328a..0000000 --- a/cert-manager/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -installCRDs: true -extraArgs: - - --dns01-recursive-nameservers-only - - --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53 diff --git a/cluster-issuer/01-sealedsecret.yaml b/cluster-issuer/01-sealedsecret.yaml deleted file mode 100644 index e9586d9..0000000 --- a/cluster-issuer/01-sealedsecret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: cloudflare-api-token - namespace: cert-manager -spec: - encryptedData: - api-token: AgC7jVHCCMGqv2ZcLxU13J2icxYM6pLCpy9ODRFtEZpjY4MGmja+ScRs00ziY8DeH9Ahhrc21VYTTZAmw1bCesHIys0y19KeXbO5HudWbSt02792kT5sPsjlNdkZyXT0Qmbz3i4OPcH1V1+oXJArTuicoJkAiVg05jGPuIcYM2zDaMvMjk4cq7L8PYc/HAusXlHI/ggozPqmohS4ACBYvsUvgyDEGAvwW0vFRjHb1z3IxyzVtbDdgae8okoQWCHlKRTeFRReB1AX9wml+kNpq2SeElh/5Grdiz4MEr8PsoKUIJg3n+KqjOFgHX7I5gDW7LQv2+W66sYzd3GFF0g6MUs1EjznX35J/e7uYSm3ERtomSIFx3FFx6fFXuN5QkCx79MgKZxP8F/PwBdusc8tDHocgK8V2hvSjxIU2J74rjcMw4ZUqwFvlZa0xAJcUAlkFQrN/b7ldlwQYyzsXhPyRIvIGvGSmBabq+yHE4nyjCVezy28h361O3zB2kCJUXi1k2rbD2+NI1Z+25q6JyRgnUelnfzyiPFJTKlFIiP1He1FC441OPjXILYhuaIenm0w9GQKUt2ndNJng4wRtsCPi6PcGHUIOjiT8ErZTkN4pJmm4/bRYPXumS9J0sTPNr2z564fsZjRpyCD97BJuntnXRnWxQRVbMb55f99Zu2j5jziEDegg6aCsXRLoATHLsBFlK5IiC95cMpkaAbY5FWwCCp4IMLkiPWGlR1dnCbBgF2P4NtxihNW9cPC - template: - metadata: - creationTimestamp: null - name: cloudflare-api-token - namespace: cert-manager - type: Opaque diff --git a/cluster-issuer/02-cluster-issuer.yaml b/cluster-issuer/02-cluster-issuer.yaml deleted file mode 100644 index a168955..0000000 --- a/cluster-issuer/02-cluster-issuer.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-dns -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: gwg313@pm.me - privateKeySecretRef: - name: letsencrypt-dns-key - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cloudflare-api-token - key: api-token diff --git a/harbor-config/certificate-harbor.yaml b/harbor-config/certificate-harbor.yaml deleted file mode 100644 index d541d5c..0000000 --- a/harbor-config/certificate-harbor.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: harbor-cert-nginx - namespace: harbor -spec: - secretName: harbor-cert-nginx - issuerRef: - name: letsencrypt-dns - kind: ClusterIssuer - dnsNames: - - harbor.gwg313.xyz diff --git a/harbor-config/certificate.yaml b/harbor-config/certificate.yaml deleted file mode 100644 index 0fb929a..0000000 --- a/harbor-config/certificate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: harbor-cert - namespace: istio-system -spec: - secretName: harbor-cert - issuerRef: - name: letsencrypt-dns - kind: ClusterIssuer - dnsNames: - - registry.gwg313.xyz diff --git a/harbor-config/gateway.yaml b/harbor-config/gateway.yaml deleted file mode 100644 index a5d3d1e..0000000 --- a/harbor-config/gateway.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: harbor-gateway - namespace: harbor -spec: - selector: - istio: gateway - servers: - - port: - number: 443 - name: https - protocol: HTTPS - hosts: - - registry.gwg313.xyz - tls: - mode: SIMPLE - credentialName: harbor-cert diff --git a/harbor-config/harbor-iscsi-secrets-sealed.yaml b/harbor-config/harbor-iscsi-secrets-sealed.yaml deleted file mode 100644 index e2f19b5..0000000 --- a/harbor-config/harbor-iscsi-secrets-sealed.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: harbor-iscsi-auth - namespace: harbor -spec: - encryptedData: - discovery.sendtargets.auth.password: AgAeJ3ODG8BmuWuPNj9VRVGJdi68V0NMTAdhF2Nhk8soW+l742UnEQNneZLEg2MBM4iHOit5Nsjw/0YRm8Yb8loTZInIDIXCi6LrP1NX58zANuoc/K8lovHL9BxwSeucfs+/Jh9vfM6tvuFExFz+yHeYhlufWSBkZIqF7LkX/yR7H1Yc5r4hXCJ2lDd/0TDssN8CjrIZ/2R/8rhKB7/14KfHifV/bXVwXUMtevXvbeEqeJxPPvRPb2fX6D3rrlbOLBnWBiRr4pLf76QrKG5ZgRiV2iXOKHfP3JBO5SCh5ftK8qIVgmAt7TcnEftzp4R6z6BvD2s5UNtUdzXSuwBuGW6Hc7jR8KszoziLI4LEVfU5YZtlc4U2NYuvrWUfzl7WB4c15saqr3ZK1jFxfzTQE4CPfY3HD4mQR0wQvzpDFrTI57sygXG5mRcpePnxu62i7rmx/RUSMAY6kt00YnrnSTafufdcFBA+RbFcJ7saDiidhC1R9nmanl1R2bOh0aZN6c5GPfGcaAvP4CqSVmns/e3s3Csm3OIMaKB+D3adkcMT3iDrpmaoN0eSCYFFKeIzUApVgEWMOWGoGRfeomAzJbpqwhfLecNkOAH2jgX3OTDYuKxik1oAwNOlH7s9ogTXtALG51x7brH1Hfcp5J36v0g+dZV4k2/z4V1R4GbQ9HvKiIA/zWDjZXUwh1/Jmf/n1J2tgK4DFnOpfA5+Hi27OFtQ - discovery.sendtargets.auth.username: AgAUXQyptx3bktJI+I6jvViwYvq1tETgA4z06HqAF9sCy7FA/tLnhmaDFOJBlsUUZdxKvybpL4gFfibfEGv0hrVb5yPhf2CZGPRnWEjqRBTzKwmtT8eeRnkR4WxNx/bsJhlNr3p1EAAVYJqot4qH6FuFh9zG/rwzAaLT883/p4HCGPf0vgCQmQYOrKT1tNVb7+hvDWLTkA+A45R86SznapYMT+awIHRO/ePngMYzpwmnBw82X+z7QubLSZyqEzyBoF7G1Bst81aiSlCeip/BWgS///EAvqvFTUMMHkRn48Qm4S4qRHepEJD3jpk28PcF4hs06e3NluEmxJ6cr7ejtFMoSu0vkw5FHHZN3U5YoafxvC8hc+5TotkFs4KIUnAsgFwTn68w7qwjmClUtFoughW3Ku5+7DEd1Klw1CBqSO7kURZI/777kyfcoEeXmkXbRzr8lOfvJoaMrHUsR5v9RZrsvWiuhXJjOdfVGw5p8RL137E4MxPwMAdlCW3Ry78AJnSAaIn+3Nuv0+lSpB1LFGGiuDPR5hKfA/dKX+FqFFF1CMn7q/DrLlcBlkjUHLR5sg0IBc4EReZLLa02USNwsisTkiQo+Wm5rwZ0ZvCCHOSmJjbLsbmqzSuAf5ffVcnEk2OWjxzZoMB8+d7HRqXumrA7vKK70sTpSNoMR1UuL0Kfgm8wvKvP3Fqd0dKEb/etLaGvL0RJ4ek= - node.session.auth.password: AgANvpN/nYqlyN7mZyIBE9aXRrOiINOTurXYDSwI9N9rc2SwBKvtUC9kvDE/5MZaU/Itk2SK4vFJEKuLkmomeyk9BFJJ0V3tqEDklgvGG2EMSt8Xlj9We8ujWnrN4GYSb047F3b0mBakczxcRNiJisPkvq/XyYrBVCgPPJqVhJIYKXjSXcthd1Jfd3kJzbippjCykmupRTbz7/Vk6QtKmQXfEcPDuOLPCaF/gFL2/3vVachJh7zON62lKCkuHE7QTeIEPFOCJib/oDSi2TG4ts5u8h+uTXoJCBpJwAGDhHly6cOOAiXR9BAp2nbprRb193Ga5aOGmR+qXmjQdMc3dLiJnWpMmGo0tbl5JD4bUOi/E9VFzOprKdGeYlGssGOTdAtmlrnKvaiSS6YiuCvFMFsHdo8jyC45dE4LNuiOI3MX6mkyLEGOYStiS8e/HzRPg5AGLQsuD33RVKE0+IpPGys4ScU44k+jclpcdS00eXI+ZSEfSUQA8di8rXgZfrJLvuVtRFCTjx3HA8kb4J68nHEdBeXJJEQp9Nx/Tc1ic/Iyi+Br/4Pw+UQHI3YYkUfwWaBuCqxOX5Yedcy3BHqxkdCARNVB9cRBcfFMhJJnS6WVaCgXa0qzZLt7RqutVCa7jtCOmMK3PiU4q09ML4OqyIg/HV+c2OMCJG9nBKL8wtE0Huz1ZNWDgFIWybKA4an1P2cULiMAMNQHGPrvL+o9v9CO - node.session.auth.username: AgA+bt5d5wiAHDmoV5fJExQIUFFy+WmJFFmZY5/WnulzC+/SRxssz/MtikNv8nkFdtvPfTXM57ic2SwPfSXULyQbDY/Kiwi0UejaC+9lN+weCKhks2UgaHYUtv3Inm6xLMHcvfxrwUERrfx7U70vl60WP3CYQ91l0d3fxbbRByw3TZuTZkuYnGmCsfJK0q+hd7GCa8cSxMvUf32MbRrVXecxsBKB4dtsMz0kHiZaH0wchmzWV/mBmAHV5oqkTyk3rAKZHd8D9uqy23fUr8BV6e5hSF67JicCgn94gJq8Z0hrDnu93zZl+mCFnkwPk9uA1jAuQOptHNdXEkZSjUKXFSp5pG5hgxCmwtJNBxUiZDc7IjPETCh/BzD3WLHIzfYAqW7LxDDr9IKlUEf5CUeBw2CULCq9wIaRhXqiJmV36XmMlAGJt+J2SCCKUbhKsJfyHL+PG19gDv2f75bcWc3U6646Pn5b3f0X+eJ9wIyW2Q1cqxo0yZJ+kQ3M7/ABOQfZBYoafi305fE5byecWBgz91ZrXDG/lXGat1rZBVpZ660iIZ9YvCHCC0Vb5LNEPwsfgodUnp1lXoSq8Fm6ggfLhKLL2JrlJhmou3fHsnovNmqTC9wJ026iGrwFNE8nRKvniK8aujK8IHfklodDSFWC4h/IpJf9oLWw8li0a4Ll/s0msFlWq+GABYJZW9CA0br0tp4Or8PwUwM= - template: - metadata: - creationTimestamp: null - name: harbor-iscsi-auth - namespace: harbor - type: kubernetes.io/iscsi-chap diff --git a/harbor-config/virtualservice.yaml b/harbor-config/virtualservice.yaml deleted file mode 100644 index d28983e..0000000 --- a/harbor-config/virtualservice.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: harbor - namespace: harbor -spec: - hosts: - - registry.gwg313.xyz - gateways: - - harbor-gateway - http: - - match: - - uri: - prefix: /api/ - - uri: - prefix: /service/ - - uri: - prefix: /chartrepo - - uri: - prefix: /c/ - - uri: - prefix: /v1/ - - uri: - prefix: /v2/ - route: - - destination: - host: harbor-core - port: - number: 80 - - match: - - uri: - prefix: / - name: portal - route: - - destination: - host: harbor-portal - port: - number: 80 - timeout: 30s diff --git a/infra/network-policies-app.yaml b/infra/network-policies-app.yaml deleted file mode 100644 index cd5b59c..0000000 --- a/infra/network-policies-app.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: default-network-policies - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "-10" -spec: - project: default - source: - repoURL: https://github.com/gwg313/homelab-gitops - targetRevision: main - path: platform/default-network-policies - destination: - server: https://kubernetes.default.svc - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true diff --git a/istio/istio-cni.yaml b/istio/istio-cni.yaml deleted file mode 100644 index 772c789..0000000 --- a/istio/istio-cni.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: istio-cni - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "1" -spec: - project: default - source: - repoURL: https://istio-release.storage.googleapis.com/charts - chart: cni - targetRevision: 1.26.0 - helm: - values: | - cni: - enabled: true - chained: false - logLevel: info - destination: - server: https://kubernetes.default.svc - namespace: istio-system - syncPolicy: - automated: - prune: true - selfHeal: true diff --git a/istio/istio-gateway.yaml b/istio/istio-gateway.yaml deleted file mode 100644 index 20d7d61..0000000 --- a/istio/istio-gateway.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: istio-gateway - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "2" -spec: - project: default - source: - repoURL: https://istio-release.storage.googleapis.com/charts - chart: gateway - targetRevision: 1.26.0 - helm: - values: | - replicaCount: 2 - - autoscaling: - enabled: false - - resources: - requests: - cpu: "500m" - memory: "512Mi" - limits: - cpu: "1000m" - memory: "1Gi" - - podDisruptionBudget: - enabled: true - minAvailable: 1 - - proxy: - logLevel: warning - componentLogLevel: "misc:error,config:debug" - - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 3 - destination: - server: https://kubernetes.default.svc - namespace: istio-system - syncPolicy: - automated: - prune: true - selfHeal: true diff --git a/istio/istio-istiod.yaml b/istio/istio-istiod.yaml deleted file mode 100644 index f1028a0..0000000 --- a/istio/istio-istiod.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: istio-istiod - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "1" -spec: - project: default - source: - repoURL: https://istio-release.storage.googleapis.com/charts - chart: istiod - targetRevision: 1.26.0 - helm: - values: | - cni: - enabled: true - provider: default - - sidecarInjectorWebhook: - disableInitContainers: true - - pilot: - autoscaleEnabled: false - replicaCount: 2 - resources: - requests: - cpu: "500m" - memory: "512Mi" - limits: - cpu: "1000m" - memory: "1Gi" - - podDisruptionBudget: - enabled: true - minAvailable: 1 - destination: - server: https://kubernetes.default.svc - namespace: istio-system - syncPolicy: - automated: - prune: true - selfHeal: true diff --git a/istio/istio-peer-auth.yaml b/istio/istio-peer-auth.yaml deleted file mode 100644 index 5f4446a..0000000 --- a/istio/istio-peer-auth.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - annotations: - name: default - namespace: istio-system -spec: - mtls: - mode: PERMISSIVE diff --git a/kube-prometheus-stack/certificate.yaml b/kube-prometheus-stack/certificate.yaml deleted file mode 100644 index dfec95e..0000000 --- a/kube-prometheus-stack/certificate.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: grafana-cert - namespace: istio-system -spec: - secretName: grafana-cert - issuerRef: - name: letsencrypt-dns - kind: ClusterIssuer - dnsNames: - - grafana.local.gwg313.xyz - - grafana.zerotier.gwg313.xyz diff --git a/kube-prometheus-stack/gateway.yaml b/kube-prometheus-stack/gateway.yaml deleted file mode 100644 index 380f98b..0000000 --- a/kube-prometheus-stack/gateway.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: Gateway -metadata: - name: grafana-gateway - namespace: monitoring -spec: - selector: - istio: gateway - servers: - - port: - number: 443 - name: https - protocol: HTTPS - tls: - mode: SIMPLE - credentialName: grafana-cert - hosts: - - grafana.local.gwg313.xyz - - grafana.zerotier.gwg313.xyz diff --git a/kube-prometheus-stack/namespace.yaml b/kube-prometheus-stack/namespace.yaml deleted file mode 100644 index cf222d7..0000000 --- a/kube-prometheus-stack/namespace.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring - labels: - # istio-injection: enabled - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/warn: privileged - - app.kubernetes.io/name: monitoring diff --git a/kube-prometheus-stack/virtualservice.yaml b/kube-prometheus-stack/virtualservice.yaml deleted file mode 100644 index 993b093..0000000 --- a/kube-prometheus-stack/virtualservice.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: grafana - namespace: monitoring -spec: - hosts: - - grafana.local.gwg313.xyz - - grafana.zerotier.gwg313.xyz - gateways: - - grafana-gateway - http: - - match: - - uri: - prefix: / - route: - - destination: - host: prometheus-grafana - port: - number: 80 diff --git a/istio/istio-base.yaml b/management/platform-apps/harbor.yaml similarity index 54% rename from istio/istio-base.yaml rename to management/platform-apps/harbor.yaml index 3421a1b..7c3e837 100644 --- a/istio/istio-base.yaml +++ b/management/platform-apps/harbor.yaml @@ -1,22 +1,24 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: istio-base + name: harbor namespace: argocd annotations: - argocd.argoproj.io/sync-wave: "0" + argocd.argoproj.io/sync-wave: "10" spec: project: default - source: - repoURL: https://istio-release.storage.googleapis.com/charts - chart: base - targetRevision: 1.26.0 destination: server: https://kubernetes.default.svc - namespace: istio-system + namespace: harbor + source: + repoURL: https://github.com/gwg313/homelab-gitops.git + path: apps/harbor + targetRevision: main syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true + - ServerSideApply=true + - SkipDryRunOnMissingResource=true diff --git a/management/platform-apps/kustomization.yaml b/management/platform-apps/kustomization.yaml index 441cea9..678ac5a 100644 --- a/management/platform-apps/kustomization.yaml +++ b/management/platform-apps/kustomization.yaml @@ -10,6 +10,7 @@ resources: - cert-manager.yaml - monitoring.yaml - nfs-subdir.yaml + - harbor.yaml - forgejo.yaml - audiobookshelf.yaml - yopass.yaml diff --git a/metallb/Chart.yaml b/metallb/Chart.yaml deleted file mode 100644 index 4113c40..0000000 --- a/metallb/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v2 -name: metallb -version: 0.1.0 -dependencies: - - name: metallb - version: 0.13.12 - repository: https://metallb.github.io/metallb diff --git a/metallb/config/ipaddresspool.yaml b/metallb/config/ipaddresspool.yaml deleted file mode 100644 index bad9f9f..0000000 --- a/metallb/config/ipaddresspool.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: default - namespace: metallb-system -spec: - addresses: - - 10.1.10.50-10.1.10.100 diff --git a/metallb/config/kustomization.yaml b/metallb/config/kustomization.yaml deleted file mode 100644 index 39e1e1d..0000000 --- a/metallb/config/kustomization.yaml +++ /dev/null @@ -1,3 +0,0 @@ -resources: - - ipaddresspool.yaml - - l2advertisement.yaml diff --git a/metallb/config/l2advertisement.yaml b/metallb/config/l2advertisement.yaml deleted file mode 100644 index 6e56328..0000000 --- a/metallb/config/l2advertisement.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: metallb.io/v1beta1 -kind: L2Advertisement -metadata: - name: default - namespace: metallb-system diff --git a/metallb/namespace.yaml b/metallb/namespace.yaml deleted file mode 100644 index fe6f1d8..0000000 --- a/metallb/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: metallb-system diff --git a/metallb/values.yaml b/metallb/values.yaml deleted file mode 100644 index 85a0c56..0000000 --- a/metallb/values.yaml +++ /dev/null @@ -1,46 +0,0 @@ -metallb: - controller: - enabled: true - speaker: - enabled: true - hostNetwork: true - podAnnotations: - sidecar.istio.io/inject: "false" - tolerations: - - operator: Exists - securityContext: - allowPrivilegeEscalation: false - privileged: false - capabilities: - drop: ["ALL"] - # keep FRR disabled – GoBGP mode works fine and avoids NET_ADMIN - frr: - enabled: false - configInline: - peers: - - peer-address: 10.1.10.1 # OPNsense LAN IP - peer-asn: 65551 # ASN you set on OPNsense - my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense - hold-time: 90s - source-address: 10.1.10.3 # Talos node IP (optional but fine) - - peer-address: 10.1.10.1 # OPNsense LAN IP - peer-asn: 65551 # ASN you set on OPNsense - my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense - hold-time: 90s - source-address: 10.1.10.4 # Talos node IP (optional but fine) - - peer-address: 10.1.10.1 # OPNsense LAN IP - peer-asn: 65551 # ASN you set on OPNsense - my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense - hold-time: 90s - source-address: 10.1.10.5 # Talos node IP (optional but fine) - - peer-address: 10.1.10.1 # OPNsense LAN IP - peer-asn: 65551 # ASN you set on OPNsense - my-asn: 64512 # <<< MUST MATCH “Remote AS” on OPNsense - hold-time: 90s - source-address: 10.1.10.6 # Talos node IP (optional but fine) - # router-id optional – can omit or make unique per node - address-pools: - - name: default - protocol: bgp - addresses: - - 10.1.10.50-10.1.10.100 diff --git a/sealed-secrets/values.yaml b/sealed-secrets/values.yaml deleted file mode 100644 index 94edb81..0000000 --- a/sealed-secrets/values.yaml +++ /dev/null @@ -1 +0,0 @@ -fullnameOverride: sealed-secrets-controller diff --git a/security/namespace-policies.yaml b/security/namespace-policies.yaml deleted file mode 100644 index 904d270..0000000 --- a/security/namespace-policies.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: secure-default - labels: - pod-security.kubernetes.io/enforce: "restricted" - pod-security.kubernetes.io/enforce-version: "latest" diff --git a/security/network-policies.yaml b/security/network-policies.yaml deleted file mode 100644 index 62a67f1..0000000 --- a/security/network-policies.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-deny-all - namespace: secure-default -spec: - podSelector: {} - policyTypes: - - Ingress - - Egress diff --git a/security/rbac.yaml b/security/rbac.yaml deleted file mode 100644 index 49296ba..0000000 --- a/security/rbac.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: readonly-users -subjects: - - kind: Group - name: readonly - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: view - apiGroup: rbac.authorization.k8s.io diff --git a/woodpecker/iscsi-secret-sealed.yaml b/woodpecker/iscsi-secret-sealed.yaml deleted file mode 100644 index 8042b49..0000000 --- a/woodpecker/iscsi-secret-sealed.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: woodpecker-iscsi-auth - namespace: woodpecker -spec: - encryptedData: - discovery.sendtargets.auth.password: AgAXwKZ0NHUvgJVsV6yb7qFx/HlLXNGkQCRQh4u5PyVG3BJCIyJXBbvmRMDHSTpzJPsaWD4q56ZBhGsduNSJf/oBttS3wNNdEtv0xLcWL1umOntkEv7uus9KT+ig3TmxiYgzCBrdD2t29oFlVosJWFOmBCdh2IcYfnZSBCDQJz2pHlC/6cA7wn+ykPXYKurxBs6MNiUx7cSBLZuWcdvXtouJ/8wZkARZSBdppk2vGzw7pqXzVLN8HyiiM8Uf9Zz6ShTHDuvtFAbiyeuTOVa+P9jmQ+y/2iRZf2DCE7rLDKT04xQZFrHaCGHHQ7ynrGQBLN3d8oVE6iDdacZiow4txEWTbxJ0pbDR7m0T0Nk04Xfc2MLyhCJhR6AGR03aMFd4DJYLnqzFHFoK//qvfFpNwj6hcSPkqzCEliaSeCldLM3aoTw9IPc4lGMgrIHefNzucpYlYMJhxc/OvEmXCi3ZxT7fcE8oYasswjtsDfXzAKsJA2tjzIwJiab+kJyXXyDsmWnF+CkmCMZWspHafICorFSObPsSgAm49+c17gwCprl+VKZf1mEl/g+iFRM5XKqlD50nUvx1my6VHRqaKowxGKxv2m87urhPQYvRCwApzHsoVK3OR01Q2YwjyPneAbZomwY/P+yixlGXDTQx9oxrYvm1Qt95OFvGsI4I/VIgUBkLJqsVDYz616w9ljGViyh/udNezgvXw4Vz1taRSMjR6EeF - discovery.sendtargets.auth.username: AgAYnEFgZ4zi8mmqMLNAQP6e+Y0re23os1wbu5Xj3gDm+3qLyK1JzzAeeHHVyTqU27gr12ofVqKUqOMb/aXNGjA5Jzn9SgWrWg9SbLxFiV6sL1s9LhQUJ0708GXcLwN9bdU8pjiEhO3eh8RYoH1+mP5aHy7s+56xmZsiIzP6Vk8+WI38bMXBy2jIhTZHyFxABVtBb6eBU+JPaGitOgkoi6JCyUmsZbV6GzdJPD/H2wZJBxG4B5rKDdVgpBtaQyPPmKSI/NheqQgOneabS3Dyeq7SgP0bxPq9tTU6jEHsvKOOigu6px4Tt0hx0BZZqOFFsMQAtU3ymofVyNZg7F2Uf6NEuRNgI6GUv7Wykv9H4ZjPffrI1OPmEBC/o84ThaGi4161gXcL/+atvQa/RkVvRou7iRG3oLM4qQWVDStanE7+Jq0cATFdXyFWCfXZ2/8TftadQfC5oKmdkOjvOGtPJgRZMA8lNogScoFZtCprioOjKvEeirjBBmbGUC2Uc8eEUkAIlwernimno6y3Z6prlK5nzK+HKI0EWSFQxYG69vtGgzxvJP4G14FwfJKl3Za84iZoC5OGld18JQ6b4qDphrxHU4K/mE8L99YpzrahdECKATwSzmKU6seJq+TrbYIzkWqPpV/GxSh53kIbPPi+CeK0xpFtuOfQ75lxiaGcbwt1QVaLuQzgKmjDgRMmNXHYAxOFJqnmawI2DLaR - node.session.auth.password: AgAJfFaVcDzIUGbDIRlCiz3ROdtm80nDwLcYKzAwfLDs8Gbcq7o1EldWtArR+zEss40va672lWdIhUO46mT+l2NDLJRvdCCHfZOxmU058ba5G81Hd87kpd4Kz/jyNgwBV8VNjSVE1v6oJKlmj1gnSJwRYclgqTXcmhP20gQKEtONnuDC6SZkFtjQBCP5//Kt9LBQrrXIJHe6DgNlqsqLtXA26RKBRJlt7H+tu6SG5u9HZ0rdz/jpBymESihVUpRBp3v98aG69Vaa9xWIPAivtsvJUURlSGu0raN3ipvq0Fk54eWAbRmqTkC/JJVrRmZwskfSOU+DET8kjU7h7hA/5Z2NTqkjKNXmL8e1nn3ZWAI7hnf1wFcvRrqlVIiiRldr+IsT2wXp9d8jEHr/qwVl0emxoiXHVKjLnvhH+FKpt7GfCQa/1K11RGw7vkfEIWF6lvcECHcGQbf+0kuFWsCBwwQhQem+KqbHo2gmsc73XUVUVkkyBYG5FIzH5MuYBf8nHI/mt+bUSdT+4YU9Qj13pgpURX1bzIgXYMHWgtfWdxdy/pHsPZiOuBOsMkD1qUoDuV0/nc13zS/gsSFhdX0mdyXixQgXe9R+XzzuWmgV/mO+/6AsnkvD4KnTt5cv1Ft+f3FUqoW4NViigZ9URlX4xZ7zI/UJhXiPm4RCjNNZrefDua0bRzESTxnakyKe1XeylPQ+hEZRdPU0lYLrk3b3GZdg - node.session.auth.username: AgBz3hk4xbhTTSigqw2L0Truwe4iFkNCtbWRaJ7Vm9huG69RAyOg63+fg8UFk1rmmECo+OaEadexUS6JIo+g8yA+Mds6KE3kr+3kdDOOMFdXh40VtJGHYlqzeyRYwJ/PU2BHWPZi72WW9/A8bPFfVQMzIEinnRpxtV1otRmdfZSXviE24LPiClkCzbwPGZPDW56wtfuxVJjuQyhAJ7ote8F8yV7N7q7lz6tBTYA58pfKCbs4KQdK39h2afW3gVjevw+4kLeTlzu5Ynj446ZIUR7pID1SHLVEVXXIW7rKZ+cs4EWB34M1jJL/T/EAOYsh1vaTwxhoDR/98awbnZZ/Z6SWoARwBLDjk3Nez4N2FqzFhn1EjYiBYym2Xz7c+kwhyDApOY0D7ESK0W8efg1RrsJgVKhFO4AO/oI6/MYxur6ZdI5/xReJirmhN9HNf7tvZ+wwo3sW37H5v6FhcTCG6/bXsTYj8vZT/JmrH9AmeqDzKfi4NkWhfG7RC+2NQxA3X8OuXdbPFWv0YriL/yk88eUzi+orS5O2PV7o8a4c7BplV6K6XiWlV+1oUsfpF9r8t1x+AQj4G83aGLgYvpmSinpMbmO33bEor+QY+4s1Epa/VEF84grc+It55G+7DjE3o5couWVre96HDXqN9falXt2yvRS1YdYSzh25mY33wnEWMDBMUBR3NnkYU/3GCLz7dpeYwZbBtayzdmli - template: - metadata: - creationTimestamp: null - name: woodpecker-iscsi-auth - namespace: woodpecker - type: Opaque diff --git a/woodpecker/privileges.yaml b/woodpecker/privileges.yaml deleted file mode 100644 index 5f4d0c5..0000000 --- a/woodpecker/privileges.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: woodpecker - labels: - pod-security.kubernetes.io/enforce: privileged diff --git a/woodpecker/route.yaml b/woodpecker/route.yaml deleted file mode 100644 index cc89918..0000000 --- a/woodpecker/route.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: woodpecker - namespace: woodpecker -spec: - parentRefs: - - name: shared-edge-gateway - namespace: cilium-ingress - - hostnames: - - ci.local.gwg313.xyz - - ci.gwg313.xyz - - ci.zerotier.gwg313.xyz - - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: woodpecker-server - port: 80 - ---- -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: ReferenceGrant -metadata: - name: allow-gateway-to-woodpecker - namespace: woodpecker - -spec: - from: - - group: gateway.networking.k8s.io - kind: Gateway - namespace: cilium-ingress - - to: - - group: "" - kind: Service - name: woodpecker-server diff --git a/woodpecker/server-agent-sealed.yaml b/woodpecker/server-agent-sealed.yaml deleted file mode 100644 index 3a3fb35..0000000 --- a/woodpecker/server-agent-sealed.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: woodpecker-agent-secrets - namespace: woodpecker -spec: - encryptedData: - WOODPECKER_AGENT_SECRET: AgBmeIkpWWnoPxHam7X6V5/TTI2pu3DwzuvWySQuWewf1N72hl6Ljw6aFJEU6Mu02keLB2ECPPBg+kJ5Bh/d3rMPllSW/HyuepjyrnaWBgNkAWObjJ7oOmqVR1TlXORj8cLz/vHkhq75Cn0FLQ+/2FlAxX436YEIB92IVObdx6J006UM+HqlRn7TXXuD168pd/3L/DhQdGnyBcDH7u21o1nLl+gZvqe6L6v/Jz6Z5gDi9B8B7zwldQfGY/BKv5fKOJixqisXfteV+BbAzce4KgI5djqKUoaOOy8T7Sm3uGYckxtEkA+mMcX5SUKInsFRnfpTfbMZU+2GofpHKbHFLYiqsZ8HG6/9P8EZ3DBsPrGG/xyccnH/Ylwj+jJfkrlDPo2i42rqB4XwES5sxnUAdF8W9f8QTK/4wlbglUqBJf/g74hNrYIVw+YikGpBYHaRInYLXnsXReaIyhvG0UK9fjotTZJ5ptta/OZ04kvXqoxXGojBPtZc/0n9vI0ynbIlHCOO7dRawaG/Iefg7cCZvpzBCyL5dd1gtCXUYrPoFrn1UFc9kD6YzRtiPO4AnTZjXXuEMiVsyjFBeewiq9b4QchXO5zY/6DhnLv8HDCJwAZD3HiCFJ/O6wOzBTdqCmPXMpVGbJOOy3Vm8W16uyMOkwmYeq78oFQxMhkfnLReh3svdPGKV9Mr9sn+7NmPJmZ50TEuXF6LUGc0AcgDw9MZ8JsURp8wrA== - WOODPECKER_SERVER: AgCrhcONkNTohkwUFIQBi5KO2RLKN18CNNjPkEobv9KxTrTY38aPKltuMC6hxBeR05Wt7ySRe5aaXfLOKHs6mO16qzIaIkyduQxpfJge7BJOKtCzjzhb3sflUqT6XY+wXJp0kN9wVFHEwplzBZc0gd0rUD6Y4wIJcUjIGVcdu0Hx+nujfpvEdxB4b7qIDGDyED7yL4XKAK4XmLD3lDjuVpTGAoVOuISqAdfRLDEJRQnpsQxvYQTJ6CizkSLL+K4R7STcWZtxOw0qQ3Y71eoiaW/G+aT64Tnu1fvCX65T632Ij4yTxz6pdjAltegpvmLh/6zdLTBloIn+jEHcKqaXyTjtTDUIsNkdJYArSB9NdjTQpBZBbSEvxMQx4ebyi1O3brhJVa891fcEAXOWqDM3lgK/FQQCIjKoX1DQ0OWfJO8oa/pJyoV6ZOz7ivv/dOqsHP1WsuEM19Y3oNNnNVgH30rShNxt2Vnz9z1BIOoEe0HZ95lL9AcuIgS2i1pNYvjkn2cm+o0CQa3Va0flFINIlXKmnoISbQKXqOzySn2U1uuunjyoemh2bXgZ/8FcAFbX0AMLkeLeqi51tBU0QWIxXDIVNlCMEufLFnCl3S2Yj0r8Q6zKVq1U2bZqn62IHI9ffUP8Nvs8oNVhIuq/1QGx5MzXIXcI3KVBZw+jKrHWEmOOhxfkTEw/Wk2fZocJ7WjjNlyBrOiYAtnHAl/v0nSELLjZPop4tG76 - template: - metadata: - creationTimestamp: null - name: woodpecker-agent-secrets - namespace: woodpecker - type: Opaque diff --git a/woodpecker/server-secrets-sealed.yaml b/woodpecker/server-secrets-sealed.yaml deleted file mode 100644 index baff49a..0000000 --- a/woodpecker/server-secrets-sealed.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: woodpecker-server-secrets - namespace: woodpecker -spec: - encryptedData: - WOODPECKER_ADMIN: AgCSpZeEAzVMXCbLYckS+g8pn3QktiWERwIDGM5NRZPCGNf6o2zdeqWbnqXWhKVe+if7T9XVxPE8uGfNzpnJI1rSW9LQft9+2RsFq6MPxAE8yNW4kCfn4oQ8J6sI3noHGIR4PD/KqHidiTf+f50VGxAwUD5/as3mbvVgNnDEMNiF1mTD5g3PBBbUNQTPpAAmIrcoz8KwmQZNBqTeKQ+wBwkMpRSR1QcwcYryms8fnWjOxf0dGEEb0OMQk2h7OG16n+e4QOrt6Hs5vDv0APSMqsXBSk5AVEMVbjgoVyZsetG27L6JrTmg6KwQZut0LNLaPTHxGKQoyc0KCAJBLkUhnWu+lwdP0dY6vx4N6A+Eb1kkSJedHzZo4YfnDhQNvNlbSxHRmIlNNylsB7Z4RuwmX/ze06izGxPyZ0NXa2+2ehZZdMCcycFgeP6kzR8fyD0T6tPljWVVfMQ7PEBaCps7rf8g8W3zPzFuMeDkC94bRaIF14ooAwKVH2JIBcWiGFoUaLXu3TG2SUL0yOMmv7ovSX+iJtrtwzXBAvdG1TgmcugEQ7DwOVVNdpRbGx9F3OzYoVjx+ZKQMcbh53nPNIA2WEZ03sObXK7TOrrvidP/+fsncXQbH5GO9Y5/riyseMmK8P6Qc/S9Iqyi/z7FVRVXRKmhjCCsbuI+FcH56iUiSR+ysd968mDGfMCg9VfLlCP4N/37kLyndRg= - WOODPECKER_AGENT_SECRET: AgAk9p+U9ghWmPMkUvFMO/0UtvgRvEa0wFOJuGNIDus77GQP2ybMEN31t92aJEYr02o3mLPLPfF9nuT6L19o+/mjZ1ZTe7oszbrF/tM3cAwXH87iSpkOT7o7qnWOXobXN5WWftTbzABJlmaW0Dgaci7ycgSSlTGdUwNizaSlYwvUovGqaBsHRczCgKAQ8QGHLMraQphQLgqYKaK0KZcgQH7tIxuAg+USFJDf13+SOw5H2t05U4pH4SADOBovxv16GssiXxNJYJ1CCyxu1+BBgpLAStCU43vthJncBocANiTbsnsAXmsDVosUegRQWDRwxAygwSexboww1J5e8TG+ypMTa8T/MVPZn2+O1nI+LgRPh5uaISDeXDSTAHXVH5aodettqD+3kIc5F1FE5I4a8ylmnHkeQKVcrmqhiKBZ+7WcDMA0yS806zQ6xp9iOy2P5UYM9sjtD5ZsDnGgjFq42jF9pVnsx85l31rFSoXJZWOcciTOkigrXwMA5kuB5q76JHZXCWVFwy1ow0E6JdEfRDsWpJ2vR6DOPyYSSajgektNQdfa6YaSP+itm+hatzVIIvpFzbU5ZK2OLr68VNWdPqUfz5FkUG2zI9jGE8qGfWUTQ6LQk96GEzyd+Tpk5ZDkUg6lQAO6Op3J8TGaObYpuST+AMr1Vl7ghBuULFqSH5WkQw4YdsOkDrgt5BYR0vOIjmrNTBJ73ET6Ry0PpxTVhGOjRJZVRg== - WOODPECKER_BACKEND: AgB73OxahHCk4EajfFojKnZvy58C5/u/X2oWCd5RYN/wf7ylXBM1nnVBcziWt+MDQK66ullXLrb/Z6M/G6XvWwrFK4ZGM3N9kRtF+P3R+cq4pNhilr9DgabAdPTbD3fSsPFlX4lb52MILymHWvjsVFXJ/WMYa+yYiSkEU3oOGJID1+McDBiQ0iE6Fxd+gEpBbzCwyry4REsn37KIOFY612nZ9QKmD2t3VwHvwPrAQXMqVrS1kLumbiYvxYVrni69NMYtUFZBCXH2pwQnZVIb+zADVnIa3N3hQNzhzaAs5cvu9kedE2ZMb9zXDe33kzcIWbBh2PcROLMztiPNqclwthX/QDlEbpOv0zyJOHyTmtPMxMoGgaTOkgAfMRpVi49V9w+Mn4MG56KTsHNSJb6iv5ENjI5Mpm3ItGKvER8BrtBjWY5AJnBApmaNp07aKKjXtMZB4jSFhnMSE04zO9NFEHZQVJppYcVgDSY8oaiSqcK69Ywp6XKksHMxpDmGMGmI9QRyvISN4V17UN1pJxHXREGG2SAqsG7AIf8g0SZF6dGcVf7rv6BmaEsELBnHFzC13MuTBvnLXoCLLSb4OYEaye94yyKIqVKDNRXJYeNZeBfBji04eMv4RebPcfHydgsWDfsv1rsBQDVYj1BAOFE26LcOAjBWDfYUVDJyaTTCp+a2FIyEeFKRIzuYy5q+3atMASRbpfhS+LTlzq4m - WOODPECKER_GITEA: AgBxPWElw0PJuGrd7T0Ni6udPbVlp9gdg1YeXJbzoUKXCET8YD+b0uX3MC4YsQDWfKJuLRrk6QksTAhFXpk2bGcf0RqOay7mk3LhaLGkD6iUz7TU1KRcHV/xb4i/mXK9PzR2JnrgVFgdRj+NpMZx6sI/gnl9BP/Jrt70YT7K3Za0HNppOxNnyACk2SlKdBHq35A5fMiFpGSwRP6zScGfaqXqcCNkEGDhTxKsZ9rZ/2+GydEm1Eu0hCQReRdDLNLSLUcHUWLAq/Na8cZl/CPEMViGlEw0/zE18++GBdwNwZbnRPgiDhJwN63Hs4gVXiRLHHaubBzoofio2cADEmMlsFrtYyBLdq+1LS0mReo69mz9uMTKZkZHws/oAwAYF3793h2mWIj7f26QW0ac66QcLqwWDpqxabtSp7BO7Za6j2dRpSOMDnYtOV/0hBwtPOGsVGUjnC/uJCl0DH2Mv6jwbMXlRpmeq8eSu1KJmP6WUBUq4yqCUxixwHk4dhx7EdP25mcPU09XvqxDTWHnhkJi1jcM2pUjt4+H/t1aZfCxqS6mzY+VlaBm3a8F7Um77+JOQQr1XZU6Q1R+vVt7vnvWYKPlq7yZSrwndw4VbyFcz3kqnQ/Oa96sqbFAbZ0rl1mX9QUnarE9iNlX+mOjEpcCeMUyhOPZKvZijgaYl5W/iAjXpq+ElKvxrRVwBpHZdoScLR4p9/gf - WOODPECKER_GITEA_CLIENT: AgC2bdhqgcqFUd6rHWQhe24WZOFtEt4sKoQNkiaPDjGVqwXElvJk2sM7V7XbBBvTlqPvbDRQHDv0fiJAbxofDTdEF6/0+9H2jXByG73q9tj6TY684n3GYdgS+JKv24qwZ+/f/Lo+vpeiVjVhL85sXtznyu84FvOH32kICynmU0jifOFLvBvQAFs5OrY70NPqVx3we0Wea1gx3sKez5t3RK14wjiIN0KNUMOkNDEwCQpb/8C0n06aCtQ2htBCs/tYzzu4dOyhbQjy1aCqQjte6t4NiytL+VDACQluAkLZUwLSLfgxR+QlIlC9ud05mupQ6hBFQzNk8/omieAlqi3yAeRIb4xwHETKBCZq/Kj2sUi9Uu6hlXGhh/gcxBW0Y9UZqtbZfQBSt7rUBKNsxyw7f0Q8rYJzqtgoatq/PBzZFXF/1LqDCsqDratDTfNIi4tw4P7qiVw5r1fq2qHpa1OEay5Zz6f977LeFYktuI+0LMk1t6nYIMXm5yCPPU3n7gEoi128YSoKLAD/TrwDAjnL87I1GTwQ1P6yl0Ujao19Duhr6KcZQhvD456EhLCat/uBVMfqXkVa2AQE/qS07nTnX9dBDQSZaeje45Y2WyIMZpbzEEtBWtHefkoATF339XzkibUWSIgnbsrcTSirTQoPVqSqpI4EA+jSTTdGqLGtGR4bnmJY7QKTiLPMyZMYXmK0DTaMUALbDrbGyehnDWu771I20cF34YSmALCqyOLe/ovlD8kO5qZl - WOODPECKER_GITEA_SECRET: AgArFi05msWmqQWPNrf/OBZzJ+ABoibGDg7J5cmWbhZ1MTHDXDfogc51E0bQdwE1V/KdnS1jTp/PTpgElrbzdwon7QbhJmz+kipeYIDK5xdnM8PocRR/3pOaWHXqe2ibYFKRA2KsxXEVivNY7Q1QTBMreXOlE0zjzgIekNHqRbFRj0uMn4bdoxnddG2Jt1kCE6AO4edYd9E/AJLcHpX1/heEzKBQIfawCeyAjnidN9WXyVxCNPPsHF/NjZhijj/MKjuKzly9EQmXaPu3R6hY5yk0OTzQhn9C7Z4uD2rjmxre18h1niy1+aC4PGZu2+ksb8TvDCONJQU2lzO0cNSj5ate4h+3iKwpoBW9lRfDQmlv2eH+qIoAiVtn7zgdG7itYWaBAp/ASZSzzQ15ABXP0CT5zZ03GUo8v98g8G0DwPH19QkF+QjLxb+Mhbzza0K8UsYT37yB/rrVqXyu+1FeYqmh8pG2diqIN6nJZ87ZigglT94qYl608fHKy+c1QZtfFEn5Gfs/AtztH6wlIF77FlHGn9/Iz/UuFN5Phdu9RQfFHYbBitUiOyoDpzxNCefJnmTLOpvM3+gV3mJp3Fj2PRPnyNrcD4DnJgve/148WpzSIjtnMGcNMrf2pJqfgpKgHszv5fTeP+l4z/rtUt3TbLGee7cn/pDcMTwbYwkwSLrVs+VM2pu+v8VD5ei5P0iDK5gahfIqQynsxrLK22NRexSfusqQiZQrRFISl3iUBMGhIDn4XP9pjkisLSL9L3PGzEoYYull/JP+nb4= - WOODPECKER_GITEA_URL: AgAQTCI9ssMTT02cYcOxdqpgX7hl98jkDMpKMtQKeebowBAAncdmPtG4ma59JW1zHkqGy4sdcGY+mZ0ZnD9VAAaN4CMHSqMIezo2CZ7/vMnnFOY8+/kZNFyOGn3R6i1dDby0AZ2ACx/xF6QxVaJBb+7FPx0JMhekh9zBLgHbtjkCYWP+qOBaruTQWXT+UJFCfuhQaiAHUOZ03JJkg3pF6axuHAmRhf4/a8x1xyn9xBsvBpdWXZ61IRb+DiV35CJ/dEd9p/ygQPOe7pv3e699visCpTTCeIK1ztcYtZku2LAFW4kEGS+8Xab31uAGnEv7YqCntk8YUM7RSfzE+1r01baYF2Wb0kMDMY4AZHi36MPBvatNAx3fZj1AX7vGc+HChXUeuvZYBQ4qDZFglkPJPVHDYeNEe18KAEjXqqN7xVplPBkAaBqf0i+ywpv/x69GW83I5kj/f58fr3uDH6D2Hiq1odvKJJvsKuKf4BnLnCIvWifWqVn5A9SRO2/dc19QHKHLBvD36fPrk0xU6CvjPKFDoIo8u7rGGrDYlfYZEspk9nRWdmyh0Mi4zk/Ec+MXpTUqL8yiEfTC6Lfv/UmX1UFJeYt7eOzq5m3XKMwEQcwecjKGg0GebKPcBRfEEblTG6M7/DxgkWETgBLJkIWiC0EY1waGF/9TX6TCX9Mh1iNWr1ewgepabkGdqtdT6k4k0keGWeuEExWfCrIAIRt6dBkXuEJdhr35 - WOODPECKER_HOST: AgCigyJe53A1p22O/Q44Ss7bxyGbbxZvOpRD3uXQw67ztA5Ii5cIp8StexIb+SwUwKnadKncC9iWbQ9EyhDf8H+CiEOq4q8K7Rj6cTuFJl7+BO9uuyns3cklu8Lhj8ovgft+X2F3ixLY47Lmk3X15HWkY0gkAghoWBsCHELQzEodqBh5lenkn62DjMAp87riMnjp8xRsZxqmq5vELfVgM+cDFh3QDRoo3nKwbXvFg8OSV67kawKyM2FJ4U3cYcru+9Y/65V5qjNTthRqwW1muXPqN8dCkx3EGG2bkAGqInSI1S80fJte5soTd1gDJnLIpm2OTAFQ6uGpKsaOL3WF0Tb//GsGJtTjWuoJiJ2cZo1fg0iMmOagSFdTYgjqo1ALNlUA16oLA2pZhZCCZ0Xk3Fwgs6ISipxAcklsgUyVjDi/W2PiR8KX6uz8m2aKO70KlDrasyevKLTEkqXUcw02JgFmrGBPxIlE2UKP3jLw2x7RaACVuWucbZ8S2TdIP+vfbPfBFh22QcPMTJu86lE/k3ENs1jhrztpsLCdv16cuI96TtcKVj4H0qM097l+HJd3/BMqUvuAbXDsjZIWxJWoeO8VE+La8HAv6AfjXW+zal1z4maQsIEaxSXpn/4a3+DNnIQdhEINsMSXxpu58wZB9rCdA+WTqeBG+zRRJtlPXvawO6pDPMbqcZIGyJd5Hsara0XCGGhujxK4RFFsfruAU2D5xuYS80A= - template: - metadata: - creationTimestamp: null - name: woodpecker-server-secrets - namespace: woodpecker - type: Opaque diff --git a/woodpecker/shared-pvc.yaml b/woodpecker/shared-pvc.yaml deleted file mode 100644 index 3075fdc..0000000 --- a/woodpecker/shared-pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: woodpecker-shared-storage - namespace: woodpecker -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 20Gi - storageClassName: nfs-client diff --git a/woodpecker/storage.yaml b/woodpecker/storage.yaml deleted file mode 100644 index b15c8bd..0000000 --- a/woodpecker/storage.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: woodpecker-agent-pv5 -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - storageClassName: "iscsi-manual" - persistentVolumeReclaimPolicy: Retain - volumeMode: Filesystem - iscsi: - targetPortal: truenas.local.gwg313.xyz - iqn: iqn.2005-10.org.freenas.ctl:woodpecker-agent - lun: 1 - fsType: ext4 - readOnly: false - chapAuthDiscovery: true - chapAuthSession: true - secretRef: - name: woodpecker-iscsi-auth - namespace: woodpecker - claimRef: - name: woodpecker-agent-pvc5 - namespace: woodpecker ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: woodpecker-agent-pvc5 - namespace: woodpecker -spec: - accessModes: - - ReadWriteOnce - storageClassName: "iscsi-manual" - volumeName: woodpecker-agent-pv5 - resources: - requests: - storage: 10Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: woodpecker-server-pv5 -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - storageClassName: "iscsi-manual" - persistentVolumeReclaimPolicy: Retain - volumeMode: Filesystem - iscsi: - targetPortal: truenas.local.gwg313.xyz - iqn: iqn.2005-10.org.freenas.ctl:woodpecker-server - lun: 0 - fsType: ext4 - readOnly: false - chapAuthDiscovery: true - chapAuthSession: true - secretRef: - name: woodpecker-iscsi-auth - namespace: woodpecker - claimRef: - name: woodpecker-server-pvc5 - namespace: woodpecker ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: woodpecker-server-pvc5 - namespace: woodpecker -spec: - accessModes: - - ReadWriteOnce - storageClassName: "iscsi-manual" - volumeName: woodpecker-server-pv5 - resources: - requests: - storage: 10Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: data-woodpecker-server-0 -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - storageClassName: "iscsi-manual" - persistentVolumeReclaimPolicy: Retain - iscsi: - targetPortal: truenas.local.gwg313.xyz - iqn: iqn.2005-10.org.freenas.ctl:woodpecker-data - lun: 2 - fsType: ext4 - readOnly: false - chapAuthDiscovery: true - chapAuthSession: true - secretRef: - name: woodpecker-iscsi-auth - namespace: woodpecker - claimRef: - name: data-woodpecker-server-0 - namespace: woodpecker ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: data-woodpecker-server-0 - namespace: woodpecker -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - storageClassName: "iscsi-manual" - volumeName: data-woodpecker-server-0 - resources: - requests: - storage: 10Gi diff --git a/woodpecker/woodpecker-cache.yaml b/woodpecker/woodpecker-cache.yaml deleted file mode 100644 index 16fd880..0000000 --- a/woodpecker/woodpecker-cache.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: wp-cache-pv1 -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - # storageClassName: manual-nfs - # nfs: - # server: truenas.local.gwg313.xyz - # path: /mnt/tank/k8s/democratic/woodpecker-cache ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: wp-cache-pvc1 - namespace: woodpecker -spec: - accessModes: - - ReadWriteMany - storageClassName: manual-nfs - resources: - requests: - storage: 1Gi