Compare commits
77 Commits
Author | SHA1 | Date | |
---|---|---|---|
de2d0ea4dc | |||
7f41356352 | |||
4a4e932e9f | |||
a2ac0d1cde | |||
f6ff76d394 | |||
cd1bbc6279 | |||
5795ffb0d3 | |||
7ace9c2816 | |||
acce65bb53 | |||
5742ae2824 | |||
a77c96dbff | |||
47f2983bab | |||
d7b56c94d0 | |||
955d2c0425 | |||
29e366f1c8 | |||
3c573e0558 | |||
bafc474a64 | |||
495c7952ed | |||
d5b3dbd033 | |||
e8e28ee2e5 | |||
e90843a290 | |||
6d0b1a6633 | |||
4b8043eb81 | |||
54896eefce | |||
7e5de8fa4d | |||
b5e617c3c0 | |||
825ef1bf6e | |||
d4388fca85 | |||
83ac558082 | |||
68e519a70f | |||
fc8367a072 | |||
eb3389c7e7 | |||
151e770ab3 | |||
0ff50480a8 | |||
46340f5316 | |||
e3da5424cd | |||
965eb1a6f1 | |||
dc1463044e | |||
d033e5ec18 | |||
cbbe7e34a5 | |||
75363d20c5 | |||
ddde928e18 | |||
d172a9768b | |||
0c9e154c3c | |||
212708c0c9 | |||
907d4ae12c | |||
a5a08bd4d4 | |||
7345be46a0 | |||
83b6e5beb3 | |||
6ec52c6c26 | |||
1019cbde91 | |||
21ad33fb0c | |||
673af96617 | |||
0f68729ec3 | |||
02e5b307b2 | |||
06932ef604 | |||
d99aab2379 | |||
4a7d7c6ad9 | |||
97b5eda914 | |||
fa28404c34 | |||
81d5cf1d7d | |||
6d06d62bbe | |||
192e5521c4 | |||
393ef02472 | |||
b374d1bc2e | |||
0932bb49f1 | |||
23a5ef9942 | |||
402f5a8081 | |||
9c9e143876 | |||
76798a9629 | |||
5bae118324 | |||
2c2703316a | |||
dcc8e49eb9 | |||
bf179af733 | |||
c269c5a665 | |||
f76673daae | |||
f023e4bc6c |
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,3 +1,5 @@
|
||||||
\#*#
|
\#*#
|
||||||
*~
|
*~
|
||||||
charts/
|
charts/
|
||||||
|
.*
|
||||||
|
!.gitignore
|
||||||
|
|
13
README.md
13
README.md
|
@ -68,5 +68,18 @@ pre-bootstrap files:
|
||||||
- `install.sh`
|
- `install.sh`
|
||||||
- `uninstall.sh`
|
- `uninstall.sh`
|
||||||
|
|
||||||
|
## Adopting a helm chart
|
||||||
|
|
||||||
|
To adopt an existing helm chart, there is an adopt-helm.sh script. It is not perfectly
|
||||||
|
reliable, however, so ensure the output makes sense.
|
||||||
|
|
||||||
|
1. Setup your helm release how you need it to work
|
||||||
|
2. `cd argo1`
|
||||||
|
2. `bash adopt-helm.sh release-name`
|
||||||
|
3. Follow configuration instructions
|
||||||
|
4. Validate templates/release-name.yaml
|
||||||
|
- Especially, check that the repoURL is correct.
|
||||||
|
5. Commit templates/release-name.yaml and values.yaml
|
||||||
|
|
||||||
|
|
||||||
[argo-crds]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/
|
[argo-crds]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/
|
||||||
|
|
121
argo1/adopt-helm.sh
Normal file
121
argo1/adopt-helm.sh
Normal file
|
@ -0,0 +1,121 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
SOURCE_RELEASE="$1"
|
||||||
|
|
||||||
|
eval "$(
|
||||||
|
helm list -A -o json | jq -r --arg release $SOURCE_RELEASE '
|
||||||
|
.[]
|
||||||
|
| select(.name == $release)
|
||||||
|
| (
|
||||||
|
@sh "CHART=\( .chart | split("-") | .[0:-1] | join("-") )",
|
||||||
|
@sh "VERSION=\( .chart | split("-") | .[-1] )",
|
||||||
|
@sh "RELEASE=\( .name )",
|
||||||
|
@sh "NAMESPACE=\( .namespace )"
|
||||||
|
)
|
||||||
|
'
|
||||||
|
)"
|
||||||
|
|
||||||
|
TEMPLATE="${PWD}/templates/${RELEASE}.yaml"
|
||||||
|
if [ -e "$TEMPLATE" ];then
|
||||||
|
1>&2 echo "$TEMPLATE: already exists. aborting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
REPO="$(
|
||||||
|
helm repo list -o json \
|
||||||
|
| jq -r '.[].url' \
|
||||||
|
| xargs -P 8 -L 1 bash -c '
|
||||||
|
if helm show readme --repo "$1" $0 > /dev/null 2>&1;then
|
||||||
|
echo $1
|
||||||
|
fi
|
||||||
|
' "$CHART" \
|
||||||
|
| sort | uniq
|
||||||
|
)"
|
||||||
|
|
||||||
|
REPOS_MATCHING="$(echo "$REPO" | grep . | wc -l | tr -d ' \t\n\r\v')"
|
||||||
|
|
||||||
|
if [ x"$REPOS_MATCHING" != x"1" ];then
|
||||||
|
1>&2 echo "found $REPOS_MATCHING repos with $CHART. aborting."
|
||||||
|
1>&2 echo "$REPO"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ x"$CHART" = x"$VERSION" ];then 1>&2 echo "could not parse chart version from name"; exit 1; fi
|
||||||
|
|
||||||
|
VALUES="$(helm get values -n "$NAMESPACE" "$RELEASE" -o yaml)"
|
||||||
|
|
||||||
|
echo -n '# {{ if (index .Values "'"$RELEASE"'").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-'"$RELEASE"'"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: "'"$CHART"'"
|
||||||
|
repoURL: "'"$REPO"'"
|
||||||
|
targetRevision: "'"$VERSION"'"
|
||||||
|
helm:
|
||||||
|
values: |-
|
||||||
|
{{ (index .Values "'"$RELEASE"'").values | nindent 8 }}
|
||||||
|
# the next line preserves the release name.
|
||||||
|
# this is optional but recommended for singleton services.
|
||||||
|
releaseName: "'"$RELEASE"'"
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: "'"$NAMESPACE"'"
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
||||||
|
' > "$TEMPLATE"
|
||||||
|
|
||||||
|
if [ x"$VALUES" = x"null" ];then
|
||||||
|
SAMPLE_VALUES="## (sample configs from $CHART -- choose one) ##
|
||||||
|
|
||||||
|
### (minimal config) ###
|
||||||
|
$CHART: {enabled: true}
|
||||||
|
|
||||||
|
### (skeleton config) ###
|
||||||
|
$CHART:
|
||||||
|
enabled: true
|
||||||
|
values: |
|
||||||
|
# values.yaml contents here
|
||||||
|
"
|
||||||
|
else
|
||||||
|
SAMPLE_VALUES="
|
||||||
|
## (sample config from $CHART) ##
|
||||||
|
|
||||||
|
$RELEASE:
|
||||||
|
enabled: true
|
||||||
|
values: |
|
||||||
|
$(echo "$VALUES" | sed -e 's/^/ /')
|
||||||
|
"
|
||||||
|
fi
|
||||||
|
|
||||||
|
which pbcopy > /dev/null 2>&1 && (echo "$SAMPLE_VALUES" | pbcopy)
|
||||||
|
|
||||||
|
printf '#####
|
||||||
|
A new template has been added at %s.
|
||||||
|
|
||||||
|
Please finish configuring this template by adding the following to values.yaml and customizing:
|
||||||
|
|
||||||
|
%s
|
||||||
|
|
||||||
|
(this has also been copied to your clipboard on macos
|
||||||
|
' "$TEMPLATE" "$SAMPLE_VALUES"
|
37
argo1/templates/cert-manager.yaml
Normal file
37
argo1/templates/cert-manager.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# {{ if (index .Values "cert-manager").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-cert-manager"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: "cert-manager"
|
||||||
|
repoURL: "https://charts.jetstack.io"
|
||||||
|
targetRevision: "v1.11.0"
|
||||||
|
helm:
|
||||||
|
values: |-
|
||||||
|
{{ (index .Values "cert-manager").values | nindent 8 }}
|
||||||
|
# the next line preserves the release name.
|
||||||
|
# this is optional but recommended for singleton services.
|
||||||
|
releaseName: "cert-manager"
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: "cert-manager"
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
33
argo1/templates/cluster-resources.yaml
Normal file
33
argo1/templates/cluster-resources.yaml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# {{ if (index .Values "cluster-resources").enabled }}
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-cluster-resources
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
path: {{ (index .Values "cluster-resources").path | default "." | quote }}
|
||||||
|
repoURL: {{ (index .Values "cluster-resources").repoURL | quote }}
|
||||||
|
targetRevision: {{ (index .Values "cluster-resources").targetRevision | default "main" | quote}}
|
||||||
|
directory:
|
||||||
|
recurse: {{ (index .Values "cluster-resources").directoryRecurse | default "true" }}
|
||||||
|
include: {{ (index .Values "cluster-resources").directoryInclude | default "*.yaml" | quote }}
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: argocd
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
35
argo1/templates/external-secrets.yaml
Normal file
35
argo1/templates/external-secrets.yaml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
# {{ if (index .Values "external-secrets").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-external-secrets"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: external-secrets
|
||||||
|
repoURL: https://charts.external-secrets.io
|
||||||
|
targetRevision: v0.8.1
|
||||||
|
helm:
|
||||||
|
values: |-
|
||||||
|
{{ (index .Values "external-secrets").values | default "{}" | nindent 8 }}
|
||||||
|
releaseName: external-secrets
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: external-secrets
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
41
argo1/templates/istio-base.yaml
Normal file
41
argo1/templates/istio-base.yaml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
# {{ if (index .Values "istio-base").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-istio-base"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: base
|
||||||
|
repoURL: https://istio-release.storage.googleapis.com/charts
|
||||||
|
targetRevision: 1.18.1
|
||||||
|
helm:
|
||||||
|
values: |-
|
||||||
|
{{ (index .Values "istio-base").values | default "{}" | nindent 8 }}
|
||||||
|
releaseName: istio-base
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: istio-system
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
ignoreDifferences:
|
||||||
|
- group: admissionregistration.k8s.io
|
||||||
|
kind: ValidatingWebhookConfiguration
|
||||||
|
jqPathExpressions:
|
||||||
|
- .webhooks[].failurePolicy
|
||||||
|
|
||||||
|
# {{- end }}
|
35
argo1/templates/istio-ingress.yaml
Normal file
35
argo1/templates/istio-ingress.yaml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
# {{ if (index .Values "istio-ingress").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-istio-ingress"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: gateway
|
||||||
|
repoURL: https://istio-release.storage.googleapis.com/charts
|
||||||
|
targetRevision: 1.18.1
|
||||||
|
helm:
|
||||||
|
values: |-
|
||||||
|
{{ (index .Values "istio-ingress").values | default "{}" | nindent 8 }}
|
||||||
|
releaseName: istio-ingressgateway
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: istio-system
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
|
@ -1,25 +1,25 @@
|
||||||
# {{ if (index .Values "haproxy-ingress").enabled }}
|
# {{ if (index .Values "istiod").enabled }}
|
||||||
---
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: "{{ .Release.Name }}-haproxy-ingress"
|
name: "{{ .Release.Name }}-istiod"
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
finalizers:
|
finalizers:
|
||||||
- resources-finalizer.argocd.argoproj.io
|
- resources-finalizer.argocd.argoproj.io
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
source:
|
||||||
chart: haproxy-ingress
|
chart: istiod
|
||||||
repoURL: https://haproxy-ingress.github.io/charts
|
repoURL: https://istio-release.storage.googleapis.com/charts
|
||||||
targetRevision: 0.14.2
|
targetRevision: 1.18.1
|
||||||
helm:
|
helm:
|
||||||
values: |-
|
values: |-
|
||||||
{{ (index .Values "haproxy-ingress").values | nindent 8 }}
|
{{ (index .Values "istiod").values | default "{}" | nindent 8 }}
|
||||||
releaseName: haproxy-ingress
|
releaseName: istiod
|
||||||
destination:
|
destination:
|
||||||
server: "https://kubernetes.default.svc"
|
server: "https://kubernetes.default.svc"
|
||||||
namespace: haproxy-ingress
|
namespace: istio-system
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
automated:
|
automated:
|
||||||
prune: true
|
prune: true
|
31
argo1/templates/metallb.yaml
Normal file
31
argo1/templates/metallb.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# {{ if (index .Values "metallb").enabled }}
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-metallb
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
|
||||||
|
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
|
||||||
|
path: {{ (index .Values "metallb").path | default "metallb" | quote }}
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: {{ (index .Values "metallb").namespace | default "metallb-system" | quote }}
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
- ServerSideApply=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
37
argo1/templates/nfs.yaml
Normal file
37
argo1/templates/nfs.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# {{ if (index .Values "nfs").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-nfs"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: "nfs-subdir-external-provisioner"
|
||||||
|
repoURL: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
|
||||||
|
targetRevision: "4.0.18"
|
||||||
|
helm:
|
||||||
|
values: |-
|
||||||
|
{{ (index .Values "nfs").values | nindent 8 }}
|
||||||
|
# the next line preserves the release name.
|
||||||
|
# this is optional but recommended for singleton services.
|
||||||
|
releaseName: "nfs"
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: "kube-system"
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
37
argo1/templates/openebs.yaml
Normal file
37
argo1/templates/openebs.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# {{ if (index .Values "openebs").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-openebs"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: "openebs"
|
||||||
|
repoURL: "https://openebs.github.io/charts"
|
||||||
|
targetRevision: "3.5.0"
|
||||||
|
helm:
|
||||||
|
values: |-
|
||||||
|
{{ (index .Values "openebs").values | nindent 8 }}
|
||||||
|
# the next line preserves the release name.
|
||||||
|
# this is optional but recommended for singleton services.
|
||||||
|
releaseName: "openebs"
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: "openebs"
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
31
argo1/templates/pgo.yaml
Normal file
31
argo1/templates/pgo.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# {{ if (index .Values "pgo").enabled }}
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-pgo
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
|
||||||
|
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
|
||||||
|
path: {{ (index .Values "pgo").path | default "pgo" | quote }}
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: {{ (index .Values "pgo").namespace | default "postgres-operator" | quote }}
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
- ServerSideApply=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
31
argo1/templates/stakater-reloader.yaml
Normal file
31
argo1/templates/stakater-reloader.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# {{ if (index .Values "stakater-reloader").enabled }}
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-stakater-reloader
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: https://github.com/stakater/Reloader.git
|
||||||
|
targetRevision: v1.0.32
|
||||||
|
path: deployments/kubernetes
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: {{ (index .Values "stakater-reloader").namespace | default "stakater-reloader" | quote }}
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
- ServerSideApply=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
31
argo1/templates/template-operator.yaml
Normal file
31
argo1/templates/template-operator.yaml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# {{ if (index .Values "template-operator").enabled }}
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-template-operator
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
|
||||||
|
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
|
||||||
|
path: {{ (index .Values "template-operator").path | default "template-operator" | quote }}
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: {{ (index .Values "template-operator").namespace | default "template-operator" | quote }}
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
- ServerSideApply=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
33
argo1/templates/trust-manager.yaml
Normal file
33
argo1/templates/trust-manager.yaml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# {{ if (index .Values "trust-manager").enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: "{{ .Release.Name }}-trust-manager"
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
chart: "trust-manager"
|
||||||
|
repoURL: "https://charts.jetstack.io"
|
||||||
|
targetRevision: "v0.4.0"
|
||||||
|
helm:
|
||||||
|
releaseName: "trust-manager"
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: "cert-manager"
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
# {{- end }}
|
|
@ -1,14 +1,17 @@
|
||||||
bootstrap:
|
bootstrap:
|
||||||
source:
|
source:
|
||||||
repoURL: "https://set.to.your.fork/of/this"
|
repoURL: "http://gitea.gitea.svc.cluster.local:3000/infra/argo1"
|
||||||
targetRevision: "main"
|
targetRevision: "prod"
|
||||||
|
|
||||||
secrets: {enabled: true}
|
cert-manager:
|
||||||
sealed-secrets: {enabled: true}
|
enabled: true
|
||||||
haproxy-ingress:
|
|
||||||
enabled: false
|
|
||||||
values: |
|
values: |
|
||||||
# values.yaml contents here
|
extraArgs:
|
||||||
|
- --dns01-recursive-nameservers-only
|
||||||
|
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
||||||
|
ingressShim.defaultIssuerKind: ClusterIssuer
|
||||||
|
ingressShim.defaultIssuerName: zerossl
|
||||||
|
installCRDs: "true"
|
||||||
|
|
||||||
argo-cd:
|
argo-cd:
|
||||||
crds:
|
crds:
|
||||||
|
@ -17,10 +20,139 @@ argo-cd:
|
||||||
configs:
|
configs:
|
||||||
params:
|
params:
|
||||||
"server.insecure": "true"
|
"server.insecure": "true"
|
||||||
|
"reposerver.enable.git.submodule": "false"
|
||||||
|
|
||||||
|
controller:
|
||||||
|
replicas: 1
|
||||||
|
|
||||||
|
server:
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
hosts: &hhosts
|
||||||
|
- argocd.strudelline.net
|
||||||
|
tls:
|
||||||
|
- hosts: *hhosts
|
||||||
|
secretName: wildcard-tls
|
||||||
|
ingressGrpc:
|
||||||
|
enabled: true
|
||||||
|
hosts: &ghosts
|
||||||
|
- grpc-argocd.strudelline.net
|
||||||
|
tls:
|
||||||
|
- hosts: *ghosts
|
||||||
|
secretName: wildcard-tls
|
||||||
|
|
||||||
|
cluster-resources:
|
||||||
|
enabled: true
|
||||||
|
repoURL: 'http://gitea.gitea.svc.cluster.local:3000/infra/kube-cascade'
|
||||||
|
|
||||||
vault-agent-injector:
|
vault-agent-injector:
|
||||||
enabled: true
|
enabled: true
|
||||||
values: |
|
values: |
|
||||||
global:
|
global:
|
||||||
# disable global vault because we're only using this as an agent injector
|
|
||||||
enabled: false
|
enabled: false
|
||||||
|
externalVaultAddr: https://vault.strudelline.net
|
||||||
|
injector:
|
||||||
|
affinity: ""
|
||||||
|
agentImage:
|
||||||
|
repository: jamesandariese/vault-with-ca
|
||||||
|
enabled: true
|
||||||
|
failurePolicy: Fail
|
||||||
|
|
||||||
|
nfs:
|
||||||
|
enabled: true
|
||||||
|
values: |
|
||||||
|
nfs:
|
||||||
|
path: /volume1/k8s-volumes
|
||||||
|
server: 172.16.18.1
|
||||||
|
storageClass:
|
||||||
|
name: nfs
|
||||||
|
|
||||||
|
openebs:
|
||||||
|
enabled: true
|
||||||
|
values: |
|
||||||
|
jiva:
|
||||||
|
enabled: false
|
||||||
|
legacy:
|
||||||
|
enabled: false
|
||||||
|
localprovisioner:
|
||||||
|
enabled: false
|
||||||
|
localpv-provisioner:
|
||||||
|
enabled: true
|
||||||
|
lvm-localpv:
|
||||||
|
enabled: true
|
||||||
|
cstore:
|
||||||
|
enabled: true
|
||||||
|
ndm:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
external-secrets:
|
||||||
|
enabled: true
|
||||||
|
values: |
|
||||||
|
extraContainers:
|
||||||
|
- name: bitwarden-external-secrets-adapter
|
||||||
|
image: jamesandariese/bitwarden-external-secrets-adapter:latest
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
- name: bitwarden-cli
|
||||||
|
image: jamesandariese/bitwarden-docker:latest
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
env:
|
||||||
|
- name: BW_HOST
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: bitwarden-user
|
||||||
|
key: BW_HOST
|
||||||
|
- name: BW_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: bitwarden-user
|
||||||
|
key: BW_USERNAME
|
||||||
|
- name: BW_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: bitwarden-user
|
||||||
|
key: BW_PASSWORD
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 8087
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
exec:
|
||||||
|
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/sync", "--post-data=''"]
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
failureThreshold: 3
|
||||||
|
timeoutSeconds: 1
|
||||||
|
periodSeconds: 120
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"]
|
||||||
|
initialDelaySeconds: 20
|
||||||
|
failureThreshold: 3
|
||||||
|
timeoutSeconds: 1
|
||||||
|
periodSeconds: 10
|
||||||
|
startupProbe:
|
||||||
|
exec:
|
||||||
|
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"]
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
failureThreshold: 30
|
||||||
|
timeoutSeconds: 1
|
||||||
|
periodSeconds: 5
|
||||||
|
|
||||||
|
istio-base:
|
||||||
|
enabled: true
|
||||||
|
# values:
|
||||||
|
# defaultRevision: default
|
||||||
|
|
||||||
|
istio-ingress:
|
||||||
|
enabled: true
|
||||||
|
values: |
|
||||||
|
meshConfig:
|
||||||
|
gatewayTopology:
|
||||||
|
numTrustedProxies: 2
|
||||||
|
istiod: {enabled: true}
|
||||||
|
metallb: {enabled: true}
|
||||||
|
pgo: {enabled: true}
|
||||||
|
secrets: {enabled: true}
|
||||||
|
sealed-secrets: {enabled: true}
|
||||||
|
stakater-reloader: {enabled: true}
|
||||||
|
template-operator: {enabled: true}
|
||||||
|
trust-manager: {enabled: true}
|
||||||
|
|
3
copy-admin-password.sh
Executable file
3
copy-admin-password.sh
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
kubectl get secret -n argocd argocd-initial-admin-secret -o json | jq -r '.data.password | @base64d' | pbcopy
|
1881
metallb/metallb-native.yaml
Normal file
1881
metallb/metallb-native.yaml
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
3
pgo/install/crd/kustomization.yaml
Normal file
3
pgo/install/crd/kustomization.yaml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
resources:
|
||||||
|
- bases/postgres-operator.crunchydata.com_postgresclusters.yaml
|
||||||
|
- bases/postgres-operator.crunchydata.com_pgupgrades.yaml
|
25
pgo/install/default/kustomization.yaml
Normal file
25
pgo/install/default/kustomization.yaml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
namespace: postgres-operator
|
||||||
|
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/name: pgo
|
||||||
|
# The version below should match the version on the PostgresCluster CRD
|
||||||
|
app.kubernetes.io/version: 5.3.0
|
||||||
|
|
||||||
|
bases:
|
||||||
|
- ../crd
|
||||||
|
- ../rbac/cluster
|
||||||
|
- ../manager
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: postgres-operator
|
||||||
|
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
|
||||||
|
newTag: ubi8-5.3.0-0
|
||||||
|
- name: postgres-operator-upgrade
|
||||||
|
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator-upgrade
|
||||||
|
newTag: ubi8-5.3.0-0
|
||||||
|
|
||||||
|
patchesJson6902:
|
||||||
|
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
|
||||||
|
path: selectors.yaml
|
||||||
|
- target: { group: apps, version: v1, kind: Deployment, name: pgo-upgrade }
|
||||||
|
path: selectors.yaml
|
8
pgo/install/default/selectors.yaml
Normal file
8
pgo/install/default/selectors.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# We add the app version as a "commonLabel" and change it with each release.
|
||||||
|
# Remove it from selectors until we use "labels" of Kustomize v4.1.
|
||||||
|
# See: https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/commonlabels/
|
||||||
|
# See: https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.0
|
||||||
|
- op: remove
|
||||||
|
path: /spec/selector/matchLabels/app.kubernetes.io~1name
|
||||||
|
- op: remove
|
||||||
|
path: /spec/selector/matchLabels/app.kubernetes.io~1version
|
3
pgo/install/manager/kustomization.yaml
Normal file
3
pgo/install/manager/kustomization.yaml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
resources:
|
||||||
|
- manager.yaml
|
||||||
|
- manager-upgrade.yaml
|
36
pgo/install/manager/manager-upgrade.yaml
Normal file
36
pgo/install/manager/manager-upgrade.yaml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: pgo-upgrade
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
strategy: { type: Recreate }
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: operator
|
||||||
|
image: postgres-operator-upgrade
|
||||||
|
env:
|
||||||
|
- name: PGO_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
- name: CRUNCHY_DEBUG
|
||||||
|
value: "true"
|
||||||
|
- name: RELATED_IMAGE_PGUPGRADE
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi8-5.3.0-0"
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities: { drop: [ALL] }
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
serviceAccountName: postgres-operator-upgrade
|
60
pgo/install/manager/manager.yaml
Normal file
60
pgo/install/manager/manager.yaml
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: pgo
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
strategy: { type: Recreate }
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: operator
|
||||||
|
image: postgres-operator
|
||||||
|
env:
|
||||||
|
- name: PGO_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
- name: CRUNCHY_DEBUG
|
||||||
|
value: "true"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_13
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.9-2"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_13_GIS_3.0
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-13.9-3.0-2"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_13_GIS_3.1
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-13.9-3.1-2"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.6-2"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.1
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.1-2"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.2
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.2-2"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.3
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.3-2"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_15
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.1-0"
|
||||||
|
- name: RELATED_IMAGE_POSTGRES_15_GIS_3.3
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-15.1-3.3-0"
|
||||||
|
- name: RELATED_IMAGE_PGADMIN
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-8"
|
||||||
|
- name: RELATED_IMAGE_PGBACKREST
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.41-2"
|
||||||
|
- name: RELATED_IMAGE_PGBOUNCER
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.17-5"
|
||||||
|
- name: RELATED_IMAGE_PGEXPORTER
|
||||||
|
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.3.0-0"
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities: { drop: [ALL] }
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
serviceAccountName: pgo
|
2
pgo/install/namespace/kustomization.yaml
Normal file
2
pgo/install/namespace/kustomization.yaml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
4
pgo/install/namespace/namespace.yaml
Normal file
4
pgo/install/namespace/namespace.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator
|
7
pgo/install/rbac/cluster/kustomization.yaml
Normal file
7
pgo/install/rbac/cluster/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
resources:
|
||||||
|
- service_account.yaml
|
||||||
|
- role.yaml
|
||||||
|
- role_binding.yaml
|
||||||
|
- service_account-upgrade.yaml
|
||||||
|
- role-upgrade.yaml
|
||||||
|
- role_binding-upgrade.yaml
|
71
pgo/install/rbac/cluster/role-upgrade.yaml
Normal file
71
pgo/install/rbac/cluster/role-upgrade.yaml
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resources:
|
||||||
|
- statefulsets
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- batch
|
||||||
|
resources:
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades/finalizers
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades/status
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
135
pgo/install/rbac/cluster/role.yaml
Normal file
135
pgo/install/rbac/cluster/role.yaml
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
- persistentvolumeclaims
|
||||||
|
- secrets
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- deletecollection
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- endpoints/restricted
|
||||||
|
- pods/exec
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- serviceaccounts
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resources:
|
||||||
|
- deployments
|
||||||
|
- statefulsets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- batch
|
||||||
|
resources:
|
||||||
|
- cronjobs
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- poddisruptionbudgets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/finalizers
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- rbac.authorization.k8s.io
|
||||||
|
resources:
|
||||||
|
- rolebindings
|
||||||
|
- roles
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
14
pgo/install/rbac/cluster/role_binding-upgrade.yaml
Normal file
14
pgo/install/rbac/cluster/role_binding-upgrade.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: postgres-operator-upgrade
|
14
pgo/install/rbac/cluster/role_binding.yaml
Normal file
14
pgo/install/rbac/cluster/role_binding.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: postgres-operator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: pgo
|
7
pgo/install/rbac/cluster/service_account-upgrade.yaml
Normal file
7
pgo/install/rbac/cluster/service_account-upgrade.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
7
pgo/install/rbac/cluster/service_account.yaml
Normal file
7
pgo/install/rbac/cluster/service_account.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: pgo
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
7
pgo/install/rbac/namespace/kustomization.yaml
Normal file
7
pgo/install/rbac/namespace/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
resources:
|
||||||
|
- service_account.yaml
|
||||||
|
- role.yaml
|
||||||
|
- role_binding.yaml
|
||||||
|
- service_account-upgrade.yaml
|
||||||
|
- role-upgrade.yaml
|
||||||
|
- role_binding-upgrade.yaml
|
71
pgo/install/rbac/namespace/role-upgrade.yaml
Normal file
71
pgo/install/rbac/namespace/role-upgrade.yaml
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resources:
|
||||||
|
- statefulsets
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- batch
|
||||||
|
resources:
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades/finalizers
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- pgupgrades/status
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
135
pgo/install/rbac/namespace/role.yaml
Normal file
135
pgo/install/rbac/namespace/role.yaml
Normal file
|
@ -0,0 +1,135 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
- persistentvolumeclaims
|
||||||
|
- secrets
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- endpoints
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- deletecollection
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- endpoints/restricted
|
||||||
|
- pods/exec
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- ''
|
||||||
|
resources:
|
||||||
|
- serviceaccounts
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resources:
|
||||||
|
- deployments
|
||||||
|
- statefulsets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- batch
|
||||||
|
resources:
|
||||||
|
- cronjobs
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- poddisruptionbudgets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/finalizers
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- postgres-operator.crunchydata.com
|
||||||
|
resources:
|
||||||
|
- postgresclusters/status
|
||||||
|
verbs:
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- rbac.authorization.k8s.io
|
||||||
|
resources:
|
||||||
|
- rolebindings
|
||||||
|
- roles
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- patch
|
||||||
|
- watch
|
14
pgo/install/rbac/namespace/role_binding-upgrade.yaml
Normal file
14
pgo/install/rbac/namespace/role_binding-upgrade.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: postgres-operator-upgrade
|
14
pgo/install/rbac/namespace/role_binding.yaml
Normal file
14
pgo/install/rbac/namespace/role_binding.yaml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: postgres-operator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: pgo
|
7
pgo/install/rbac/namespace/service_account-upgrade.yaml
Normal file
7
pgo/install/rbac/namespace/service_account-upgrade.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: postgres-operator-upgrade
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
7
pgo/install/rbac/namespace/service_account.yaml
Normal file
7
pgo/install/rbac/namespace/service_account.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: pgo
|
||||||
|
labels:
|
||||||
|
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
29
pgo/install/singlenamespace/kustomization.yaml
Normal file
29
pgo/install/singlenamespace/kustomization.yaml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
namespace: postgres-operator
|
||||||
|
|
||||||
|
commonLabels:
|
||||||
|
app.kubernetes.io/name: pgo
|
||||||
|
# The version below should match the version on the PostgresCluster CRD
|
||||||
|
app.kubernetes.io/version: 5.3.0
|
||||||
|
|
||||||
|
bases:
|
||||||
|
- ../crd
|
||||||
|
- ../rbac/namespace
|
||||||
|
- ../manager
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: postgres-operator
|
||||||
|
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
|
||||||
|
newTag: ubi8-5.3.0-0
|
||||||
|
- name: postgres-operator-upgrade
|
||||||
|
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator-upgrade
|
||||||
|
newTag: ubi8-5.3.0-0
|
||||||
|
|
||||||
|
patchesJson6902:
|
||||||
|
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
|
||||||
|
path: selectors.yaml
|
||||||
|
- target: { group: apps, version: v1, kind: Deployment, name: pgo-upgrade }
|
||||||
|
path: selectors.yaml
|
||||||
|
|
||||||
|
patchesStrategicMerge:
|
||||||
|
- manager-target.yaml
|
||||||
|
- manager-target-upgrade.yaml
|
13
pgo/install/singlenamespace/manager-target-upgrade.yaml
Normal file
13
pgo/install/singlenamespace/manager-target-upgrade.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: pgo-upgrade
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: operator
|
||||||
|
env:
|
||||||
|
- name: PGO_TARGET_NAMESPACE
|
||||||
|
valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } }
|
13
pgo/install/singlenamespace/manager-target.yaml
Normal file
13
pgo/install/singlenamespace/manager-target.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: pgo
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: operator
|
||||||
|
env:
|
||||||
|
- name: PGO_TARGET_NAMESPACE
|
||||||
|
valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } }
|
8
pgo/install/singlenamespace/selectors.yaml
Normal file
8
pgo/install/singlenamespace/selectors.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# We add the app version as a "commonLabel" and change it with each release.
|
||||||
|
# Remove it from selectors until we use "labels" of Kustomize v4.1.
|
||||||
|
# See: https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/commonlabels/
|
||||||
|
# See: https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.0
|
||||||
|
- op: remove
|
||||||
|
path: /spec/selector/matchLabels/app.kubernetes.io~1name
|
||||||
|
- op: remove
|
||||||
|
path: /spec/selector/matchLabels/app.kubernetes.io~1version
|
4
pgo/kustomization.yaml
Normal file
4
pgo/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
namespace: postgres-operator
|
||||||
|
|
||||||
|
bases:
|
||||||
|
- install/default
|
43
secrets/bitwarden-user-sealed.yaml
Normal file
43
secrets/bitwarden-user-sealed.yaml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
kind: SealedSecret
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
metadata:
|
||||||
|
name: bitwarden-user
|
||||||
|
namespace: external-secrets
|
||||||
|
creationTimestamp: null
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: bitwarden-user
|
||||||
|
namespace: external-secrets
|
||||||
|
creationTimestamp: null
|
||||||
|
type: Opaque
|
||||||
|
encryptedData:
|
||||||
|
BW_HOST: AgA5YbPiLEiJL44P5Dcjph4h/QbOQog1xb5TuJ9YDl1k8WY5GhX8uR4lB6ceyg3nl49S5KF88JAMUl1x3uXFSMhAZ+mdc1HJr6Czvr/A0KLeeX82jh1S2j0sGIjleXQxtJfUjQs4nWOXmjKWbju0aMzgJy3iLBcutFPEKKaPcmjm9SsC6ruz0KsEMa0CfH+lbGX6YmZQeDn+EdVt3dw+/vugFILsdOauVrvwJ862xnB7zNgpSCa4VWYO1xl4UsElAlRcTA9TowVfQcPyjwjzp+tBzHjBQFXfzhkfO1bJGjPrVVZydzVbMfBXrILP1BpHdlrxqEgfsJLV464lJix/4C17rA1Z4X4tBa5+ZT4aWPKX8OXhi/bXW7sA7yzyIZEFAEmfvaDbe8/2MfK9T4FbaEJ7rMCGz35CHsuX12PJdwHX2q8lGM5IdQsITvQoKD/mWGCK4iG6oWZ8q4zUU+wdZLqoWexyfKNMPncS7+5xnEsDB94B97j+VZtaS7M+Rxv8xYlFsguQzDUfYuFLo3imCgaNIZ2Ci24u775V9kKQmCVdMpCf5LtXwp1u56LSYy93lEGFanDe8dZ7iMZScwnQypW/Ytl9g3jVE5BGhlyFPscdv+5LzhVIhpbjT7jWg7lrJowDX39Y0OQpyaqrfRnYHqCg+WM2vVE0AVYzL3erpuKgAiofiQRMBLNal1CDiR+aF9bHrZTnbzklB12h3Ee/mm9aSjSbvdeuxsK/NFFFlUE=
|
||||||
|
BW_PASSWORD: AgCldsd1izPvL+5+hnlm4j7cnX571s13BoN2OePyt0yubk9IkjaoqRDlcMMISWkcEMjqztgZwm2Yez5KdZ6I2uJcew7fREy4D3RcwhCWZT9sgsSXZQTZ5Nu+mmQePHoZFgXnmNL8JDNi/lSCxLXUgm/sa+6AEB/Wwy5vG6gi3X8ZsmbmNe2hDIYrq+oGgU3cmUqhPv3UJTsHgKEYUgfByXAj39rjocRCpF9Sk7R9WciUmMHPcfX7hnX9cHp1DaYDhCJY8N5/MfvV+PocoOJpIDpyA+HJqnvxspBkxWFHlkk4HdtydW6iEUiGlI/KxT6wTHZE9baWOJC+n0SpkPqiNebie62+Vq+0t4VflhWrqQQT7GHL1QLmC3EZn6eiaaz4Y+KBuDHy8pu8nEUwBX2P4jpAOB9NNIgZ3HKBz0xmTSZ6n9kUn0rYPBrFDEZWdhYngW/aVxDA5dI66MDVBcIajTErUBf966QUbizyBTGstzchdsEnJaxJFICjrq5Xj9psFZIztwz0ejCQnk5d48U6SY5bGUgxs4mcJXerLETvUqdtBVd7iJ2oCsUc2FiLJQk2FFn1rpspt0joMVpLZ1QlsFVagnPPpTljyseOJgQEE+4Qfok5e0s/JoTjaDmzmLg+di8plubMUODwnV2xgfjlvVBN9EsDOC+QR6vl2VLL3GZ6/bU3XbsJ66A6sN7WddOtzMpbQ4L5lP7sfvmANtZcdUNRPy3keNFI4qE2qVzi3fs=
|
||||||
|
BW_USERNAME: AgAp39BMRsv9KFmeZDvMugQpkK3Jla3p6rGC2oYRC/BK4ROnXaRviQ3++6RsXjsatMHhBT3ZvUSSe/VzwjVmlFar05Rz3/Y0SZ5c0CVD28/R++xDKxNlp3RmB2RlCwvfl89aJ3UfTd3uJYmOoOh8OfgXnF6n9ObBvY98ZWvZiTcK6fcmoyyjoTttP6rMTQjN3be+Aq5OwenwkfpuWYGELW5tPBOKqM31b7unX8ZdJFyjCfhWSvnRSujaSM6J9yKJDJy5wNA1twmaSpnmUlG0zznGS3X4m2pf0frAybqPF5zZSIuGwQZKKiSpWpTM36i78xzczP4w9HR+znoLuSIr1QLltkpdU9CiP+4G8iLNv8AfQ9kk4M1FfwZV4EVXP78UZ1GHPJijAvN+mUuTkIiRAxcATagUPahfpRunNNjerwiectf8Mnub4IKKpRawP+F2w3A0dmNwBMTY+POPCpRZfT3Cx4gIlsHUhwAFy5pmtPlm4xYAF9dzWBvrgOALuhFdRvLfLBgVDx0dMHT7wXCBqXZqK3/vFkWGdZ90aI9sBXfLlL1ed4GDYNzUVa4QjnjWAZlxVvcbvT6bXrN9DtRzUZY15RdNH5LLIWpm0xUKhUrbCh7fefzJ66zSVRPJDNcmXTb1h9Ex4J11qlPwjonex1w4EZIf6eOdA6qVhwb8WG9nRTPwJgq3dl+0FLubFwPUbnmzJwicUfRGDEQKqORayrI//dwun2A=
|
||||||
|
---
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
metadata:
|
||||||
|
name: bitwarden-login
|
||||||
|
spec:
|
||||||
|
provider:
|
||||||
|
webhook:
|
||||||
|
url: "http://127.0.0.1:8087/object/item/{{ .remoteRef.key }}"
|
||||||
|
headers:
|
||||||
|
Content-Type: application/json
|
||||||
|
result:
|
||||||
|
jsonPath: "$.data.login.{{ .remoteRef.property }}"
|
||||||
|
---
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
metadata:
|
||||||
|
name: bitwarden-fields
|
||||||
|
spec:
|
||||||
|
provider:
|
||||||
|
webhook:
|
||||||
|
url: "http://127.0.0.1:8087/object/item/{{ .remoteRef.key }}"
|
||||||
|
result:
|
||||||
|
jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value"
|
||||||
|
|
29
secrets/git-creds.yaml
Normal file
29
secrets/git-creds.yaml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
{
|
||||||
|
"kind": "SealedSecret",
|
||||||
|
"apiVersion": "bitnami.com/v1alpha1",
|
||||||
|
"metadata": {
|
||||||
|
"name": "local-git-token",
|
||||||
|
"namespace": "argocd",
|
||||||
|
"creationTimestamp": null
|
||||||
|
},
|
||||||
|
"spec": {
|
||||||
|
"template": {
|
||||||
|
"metadata": {
|
||||||
|
"name": "local-git-token",
|
||||||
|
"namespace": "argocd",
|
||||||
|
"creationTimestamp": null,
|
||||||
|
"labels": {
|
||||||
|
"argocd.argoproj.io/secret-type": "repo-creds"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "Opaque"
|
||||||
|
},
|
||||||
|
"encryptedData": {
|
||||||
|
"password": "AgAZClR6k01hwzedgGaf3qfKKIjFMqYoUVU4NfB7/xzXmyIjLcYoN89kMedYxTP2ESS3vHopkkP/XbRYBudyzgX5mU4T1Mke3LhO2b2/1pMBhSFKfJ76BWpiTcVwq9z3fxKFdptBw4DoqxwzFurMla2rw+Qbx6Unk+Oj6ob+JXu3u7Ym19D3jK79LO6jN7RDs8thJ0Z1sZpMxdwYM+SYR89tfkqIJmhX0nXQVcjB/FWAp3hKf4seIU/dfq/pqg3bnvalkp8JV7UeMqXwlGAJkTJh9ebJuaaI5ekaqJF2vZqTsqQ91RH7ByebDpVy/085uo+OJ9ltjHivBWPn+cqqvOnh8QAkENpyc89tHolqJVSPrCUfaOFBoNAEiMvuXV7govkbIDr9lFbGSweue+oYh2GjtDRJnJuUFtAVxadxuu1VBmiUYR0mnkDaOSEEw3fA0ErSrkCrSZxikk88TdcUzoicn7GXJugew8pBneX1OQgLVTsZq5Pwvx0LA69VF1y9zsHzqUEKUrtrCIyJBCEvsPtgKgGne+vRrWXJVAFMarZRIobgpeNlPGUQRuOf0CVsxDAA2pa+z1gKEQC040eIuZBJw6T/JkEqoFOP+/Y2/7E6LzcS5UseSI4h+dDH6X1ydKnnRA4VuUw23fPe+Ypw9NDYmWk+Vjpcra3PdgTZ2NU9bMzGNm2d6HMQ7zDbC6DN7DUUbQmtYvbSCj/o9kHbeNTvrC78RatR6G/DFhP4UKCGObuP5/V+pH53",
|
||||||
|
"project": "AgCIjPYmZ3V2JeeA2Yalhxmkp6bPhs1ruvJHuNmMYROTdajDSxM8hk/HH/ue+C6GZvVnBMAbcxB4Hs5w2L4+bsR5evrKnpt0wPjo6wT5rpijltyhiZ/uPlnMHytDKfTTHPSTbIyFaaqHPAVWo9FEiqfPNFB1u0w5eT5Wpr3ZesCV6Ijikm1H8PAHz98J0Ujnbxco3WTKIDb/Ab3wYBWocpAU50bXrej2lqVItgtN/tr85Xol7GMdwm2knAy4ajxR0ule0llo2LO7CcEeU2pb5kXwvltQajPP52jG5DGk6Mtd+LT8OvEPM/2KNToQ/YO1x6qCz8hPPjl5vU0cigHMKoK6DHaG3ea2H8lC3oOacDKyJkmsjVhUgiu4DPGDLpLEq92qCFwnAZ5XVJ+g6LW5D2J0zdETNwcoGiYL0jHBlqIwLOX7E5SkS0/gTVltsBtWoNy9wrrC9SXs9GoqvlFMsZh3/tiEuHTa0nzWKCf8ANuDPO/q2QzT2N5yGx5EqWeS9G0etwFlsomcA1GojVvtlAvCnnHcca69jfaaCU5VVC2AlRWYxwXynTmutgOiZ578Ml9DErHpg9QO4ULOUojdBcbyuMZK0ie45nHBgS5jzE3yE82ZKbyrZmu9Ah6NA1I82kAfuG+SHgylrI6YaSwWK3pk+QCMK7wU5vwmu5ttveU9OStB5thrZQpuWPlPtWyW2ed9Ou0yOuxT",
|
||||||
|
"type": "AgBmsYlD5sj9g/elOiV6lyjtcECgB1Bp7Ls7JWIp7tXKo3cOuoubLRGwaHp7dic5d4sig6q0JiooCGL5WP1TALp1Th401yiQN3i4KJLoRD4HlwvrIx+fH/daK4Rzu2HlFNdBTg15SPczqAxZxwgwaUpfYvQOAysClRRI5dLs2aGSpxvE88qh/BIRuZ6aBOzvF4lxjRtCj1iUijscPTYJiLz/zQsojvnCBkXPctpe7C39rddYtkcWFCSoOpMx9KsHqKzQXDJiUMx/8mYFfIXA4WTCa+wnJCD4bOTOJQu2mwxFQH5xf9cTAN0WOOSdundd2zr0qLrOpN2niIxM2wfofCDzRBB9+0Jr/VqH+9CsklqzqIV21QjSyXe6X2oVjq9UIoILfB6hb6VE01R31YXiy+Qwh/icC014K7G3UpOz1rnBCmKbHC+bm3PCXttTSeV7J27qpAJDwAibtuCmccLUrZZeLsk54n64LTTHESV6k8vBWaoyeKNG9AwSMculTdfo3F5NT5lWtdaQWLzIeUM33n9LVtYX7MiAZJnitxv29uwMb4wz8EjLp5aesLKCm04/682MPLGDDo/kL/7D5mwGJP6cz1uqWWfLkqodZ/HcKPEdn1NkU8CE/xqbbrGU8Cs9wFah4RVQ7D+wUbpeOmI+N1rBQ6XWh1u5piyYxW6s52FDVlaVmpRuRW+XXm6YwV9DXj9PUDo=",
|
||||||
|
"url": "AgDg2TfHr2da7XELt6EAqeA9z9Q58wIohGDdIWJbk+RPBHALQ+AGvMvlSb0LgIA1HHDOL4uj7KC6bSS4bZs3UaT+914MZrnNGfpmh9zV1m5ZjAhvQuYkI417jlKt/zXEBGo+OIV/sVjr+yK0yDHtlFj82/EXlALJ0d4a74fMi6P0fOvoC4oYCW82UpUH87d568/RmwwPtHynGXxHA3LW9M05eFiej6vYbY1HWJDODr9crHMj35LSwqLvzYxxzoNQZEVqapTAe6L22wDOMLYCabctvu5hOE5/pJvPYZj7t/LSdK7HNN678SK9ukbI52QDyz0AyZM7OlEprYVG9CGo1rLDWrofYEgXi86nC2mK8sRJES1Cb5iY2l933UwZ2y59+TQEWgioy4cKPhKv+DkNWOo95eXvdUvbojPMGY+7FsC+NbGIsVR+RpAB88ePMxaBl2YPzGp9BU7/MxNdITDIuFtEOczQR09VNAH6hI4hdmTSfyHb5dJRkSnnJYjK+J+lmMpDtlETUeQv78wMH37UEbu/9cesJRoWbunA7i1ySO/OrdVnCCnW6x+pm780Kt+woKuYx09G35xBMH1OYbhieE4ltoj9rLEWDbo5LnI3qlhFje9jPRwP9IS/HvoyjzGuUNLRVonx5W9z0/SL2NJEeYS1GYk/ttyyeB1gdUDNtAG5LFwrRkyMi3cfJ7KfsYfGs3WtzizBMN/6/iwRG/CVolFr9zn4wKVBqV1KKLoP",
|
||||||
|
"username": "AgBTUXyEIPPPMOKu/6dbFKMmiQzKs8afxYm//3aIgUGpVX6PAFYYNtydra2JvVmsH5ZctMn+IYVLgeMp/2Q6HMF34/7+O95mTjeLYjx3qsG7GOUVBCgAFeJ/5g6bEaX/wW30afIXhsOM/L1OXjU+82KhgjCODxBBQP7jRKvppVEp+m7q68FjnKf4GSYDyKxf7aIb2m3ox/kFa9oR9cDeJ8/vll7iTRqo4uOOXEgFXw+IZG2v1A7iRkqiLgf4jWVdVvOQ/AgbHeQ9OL3SU4UukhDJcXo9nnp+UVwy9mdY6QNTZ+pr7mEGh8agfsMSthSq/4miLKkHlm5wPJaZTi+hpKdfxrE2jNeZ/ALQD2qPv9tRPE+WfK1sO26QWsLlF4AdJaWFLuZPDb1XNKPnfSbMMegidO58mkHuWM77IIjkC5n6R42xE2LoqgTS0EGmMIZ81vhfxmcGAYNCZa+2R+ErrG5yxX+XnLRbrmcBQOKHQNiC9pfYa7jjNjlBp7grph2yVJcSOOvHq3Kxktjxz8u988R8q/iA9PVXjFVQhS7zglzvplus+vyyO34X2iCcexVDdu0R6cR1WSI7zk2rR9/P+T1M+t2hNBE7rGe9hZBJIiPx5gO/7bxjvCREINKdIX6kW0nh4NSfdX46iC5TTFEArFaL2g5qkQmWLjl9QLk71KQkVRPUFwkPlw0sq5Pt3vbTZO28nx9iWQ=="
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,22 +0,0 @@
|
||||||
apiVersion: bitnami.com/v1alpha1
|
|
||||||
kind: SealedSecret
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
name: local-git-token
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
encryptedData:
|
|
||||||
password: AgAlNckjIJjOhBKYA54pngBa50DagQ6BtT0I9vvjyhbwBV62efdfnIrRcPSUzrXzSnCMrJPFCYyGZQwHCe7+MurVLPX+i94bBDFjZlGwP7kokaMQjTi4122nWbM0y9AGrYQUtDV3KodRdUkhRP8aAuhqtbzOjqSKB96xHc9EzUKupwrhs7iymbY50d5b7FVxvCBWL0ZzctIwlZU7o2OQ46ImmrAo/0Hn1ueI2wsuhSjg4a4xsh1GipVsRWTCuLO5Ot0eDOgEqQEhTQji5+uwOy4iCuYnj+UHlNodClGsn9MsRv4dIZhCt8kapKKTv4PdQNKSq9JjefgPjyXJs7Za5xTOj07KSsOHdrOQOBNzbf2piaKiGt3p1e8/NhdhB4ODpxbW973y/2ErR4xcf+hpCKQ8CqffNIYEvcRs+NcZAq0afaHQymWTjzqRgYjtceDp8gNIUbQxD5WRlbvaxRwgDWfe4aSrp/cRw7JbwkcOEQGfjGNJr15PmYO7jT8yb8ZJNavUG9KK4tCio8j2nCC7OZECewWr1vj/FLquYvD6AYeKMHKgfL2eRdxcqTwbXIoWXAP6JeWF1oN97xN0TANPljf+Pyt89D73BHMDVuQ1Ei2528y7JZy6xir7C3PoDRBBbSX0imMmHFCngSwtbGYMKdRfbxJ7rG+aamYGo6LUfqArrpnXDGPe4ti/FIp/fUKjYs7azT1f+Ntwfg==
|
|
||||||
project: AgCaMGRFcW9LaVW8M5dLLwpEGEAnbwXgHZzBWkgkc804rL9lKNuu6L40l0QmZizziEf14u3MdVh5VecHo9julJgMQNaArWIwOLRGR3vcETcYdYHjMmQwUT+TO7GwY7xJZCAxEKMoQrM74ha+wgT2uWMn0uEOFTkobTQfnWLoTlXZcspIWFcTNhdgZeJKAqZMKIt7yE1CF0AjMy+7XWDAGHOByyWllpZSHp2wh78fuaK0tLGzY50+NmwE44cft6lATSh5a/Ko1UL+1uCDeMRvrs2cR5+1Zh9MNWbXHKCggyM81vojf831p58dfJ3yPzXJTWLADZ/k2o3liWvY43W5mp/C4my9wUYR9JRXFsByvbvtu+7vvdhFV2YLEPErKvJAVv66R/r+6u3YQTAAtz8iAHaxLtEn9Tj91b+iBeCqZnnChqfRF4Ts2XZvSmwH6O1V8k6Lv1s9ULYN7lDesvO0W4vbkO01P72vaPgjWYgDLkxeWrnEx5jQM9jPs29U9NaCiiWxnHxReGN87WklCA0Gsb5eyXmbXoh50qICx26Cf2TUqbrVGyMPT0pEJdavXpX7mgQDohP9iAy9ALGFicUmZ8gDH9DeadtqkHT8UgGWWoAGroTMulRCWK1v+plVfRJkfrtw3AXmWTegkNFYX8lYjyAHJokMOEpF4OjL1By2XngfwAnd2eAiSWtU1cPL1Jjv2NCYDR5ZlHXu
|
|
||||||
type: AgBWOyU8137TFCt3kJC2WJV3gXlBQEirknbHVmS3IDcxwmyhuIxZh5NeLbDfc7Ip9OEtGQFViBD523gUzr3qJRZBE0IAWplF98+NwRopT3jVjxRCt8H6yF8+/3EiagUBe/9WM/eb5+S428KMDT7eDn9PiB6pEjoduxD5w/l+QDBUQQOoejc98bzxjC8ml8EpkaMS4H4yiO7JAlW2QYFRyF1fFaopoEdwyIEkPJ5Br/TXDOtdJeCEIhUhNKE+wQmNZc7MBJKWiqGyb54HzdsAndmF2PQs1FZ+sUCn0xJtu1pP8WTpcKGm4VpHPASlDNQgpuNFBvkYRGe+MErAmqyrAs0E5VU3R0qoIkmbhuvXY+gOploJ2YljG5gqLUx8DtECoSmkrF92oQZx61Yf4duvE/mEciWcDRThzUXwrG8A+qj8B/JxomoEQB4xu/l3WgNBOPMonF77b2dpTckBfH9VH70QKygbMTGAj7zl/sZDavPMZq37SCqNTmRhcDBs1qt3wtv8sUy6F4RUmr6XZsOtePxGg+WYijeHpXXeQSu7oASiZgUcNnjIPFPLc64IXoUv3s4a/QiSGRCgz8uUqws6QSu+TggY4P7f8VBOrJATv4jbOc++XGgWe0o/+b9oQACn5qPrdCkR4hiGd5wZ1BQXVINK5FMXCJq3l4kIjxDdKC6TjfG4vhi2VLld5eAz6f9cNphrocM=
|
|
||||||
url: AgAk92yrw8BJX0rVsCkZOEz3PhkLMoNhKBOXEAGqlcH+AESKIKUH152fMcfFKNj3DBrOEaNGXM+HiM1DLCd+e4A46ytx/aqSF4uEno2853wLlHjlLQlqfSWdkMYwosSV11Y9MuMGhGTMyCB/u10QUIycUjBs/gZEHDrJV/ObJYtw1pIlMadeKG5nomYYoOiMArdKZ1EXqv010imTItAhrW+Xn4h7/GftCEm2vWPbCdTbFBNIirif2DIAge7kTM3NeLzeLdAqf+tM7+A2Ekw7lU6+bnuVGGNWzEbQI/e4soSGYATQqVdhRPD/UFRJJrmp6IFZ2ymgqKr7t7EbTJ8UKr+GiMP2Gy/9ihBe3cDiQuVEfj791yHMSfChkIQ4vDYzJjMueYJE5pAz04y6QMbqgDxfVaQlx1B2XTP2ma3W+9bMB8vrDCuqK5iWtfM1jSmLVnM10KCsxcQAraE6C8jOArpkUqMPzsCmIfAudEe8FUxv56EeOP0MVT7sHLDKjklxqfgFCzzeqpGAZOP+k8zLT89vXlqbgeUWl3VmXMRqheDmhS6v8YiwJhkusvEdMeC8GOukvXM5limKC/+SZDIUNLlf0wct8/ymi0nkkmcGsfI2Jl7M5ZyOrjjXfvMLeNhc/vE+atXeKIXy8NLoDM0UwjyvMiO2mOpx3ZUwu2M5ff2i9n3rpxevYTh+fpOLWz2CXpLkMzvIm8wIgOow/4mWWYuY1Oqg
|
|
||||||
username: AgCIo+y2uwCJVEfnLl8wwTKLyw10rMfpJExCHcXq7dBlYWit2tG/uBQr6SM0jqlRINoe0jSNcaVUuzdRZWjvRwW7fwRonz2rjFih9wdmCXYhSc5K4qF5FeB8mO7tmOW+CzILUviZfqnqTyYLzd66BV2etCusuGHPBGomOYsaELYLMzQmpKPLt7an4PP8dUAM09aCeKe0KkTwQcgCkNRKBPRysg1mXnulCpGgWdUDGsj5QCM3byp2+l45g+/RDvELZgnkRjzVNNnXK9AI4Xy3vekDMoNEuFX3A+YWoBwI6LRSRWFOy5hi6w596PrvCq/O4FEomIsFqk9jkBY7dEVXsUX6JKVpIxkwtlKSChO3rt558YGipamt1csNKstM7frgtkzfXoNB7jQiKzHULeimtZnUOSjI8TaboeBKKKLHfrlbIWrJBHD1xJ3kuYCM/O7dpHM5aGBOwPSbjc72ur9Lso/uDs/ZvibsYkuaIBnP+Y8rj+t2d6cFe8//W4zcC90L+0Gnxn1/rLyuAp+B92bb13yq7sY50la2zu7zmvsL41/V4NYErgAUMciT2bSZMvSNh6wtx2IhCyJJSByDbsUMth7ixzfbuK8bgIeoyS3L3V17pB90YI9ttGNLmZ5zJLXzIhejD817EpnrIXHBQqjl0fNpxRgwJw2rmAH8fkKxSbsdT+hX3BORI/LUmFMuXuWhsarwbjTXmVHUV5qvbX0=
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
creationTimestamp: null
|
|
||||||
labels:
|
|
||||||
argocd.argoproj.io/secret-type: repo-creds
|
|
||||||
name: local-git-token
|
|
||||||
namespace: argocd
|
|
||||||
type: Opaque
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
stringData:
|
|
||||||
password: password
|
|
||||||
project: default
|
|
||||||
type: git
|
|
||||||
url: https://github.com/
|
|
||||||
username: bobtedsmithy
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
argocd.argoproj.io/secret-type: repo-creds
|
|
||||||
name: local-git-token
|
|
||||||
namespace: argocd
|
|
||||||
type: Opaque
|
|
8
template-operator/kustomization.yaml
Normal file
8
template-operator/kustomization.yaml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
bases:
|
||||||
|
- "https://github.com/flanksource/template-operator/releases/download/v0.7.1/operator.yml"
|
||||||
|
- proxy-protocol-shim.yaml
|
||||||
|
|
||||||
|
patchesStrategicMerge:
|
||||||
|
- template-operator-memory.yaml
|
26
template-operator/proxy-protocol-shim.yaml
Normal file
26
template-operator/proxy-protocol-shim.yaml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: proxy-protocol-shim
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
name: in-cluster
|
||||||
|
namespace: default
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
path: .
|
||||||
|
repoURL: https://github.com/strudelline-net/k8s-proxy-protocol-shim
|
||||||
|
targetRevision: main
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
retry:
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
limit: 10
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
17
template-operator/template-operator-memory.yaml
Normal file
17
template-operator/template-operator-memory.yaml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: template-operator-controller-manager
|
||||||
|
namespace: template-operator
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: manager
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 500Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 120Mi
|
26
template-operator/vnc-mqtt-bridge.yaml
Normal file
26
template-operator/vnc-mqtt-bridge.yaml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: proxy-protocol-shim
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
name: in-cluster
|
||||||
|
namespace: default
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
path: .
|
||||||
|
repoURL: https://github.com/jamesandariese/k8s-vnc-mqtt-bridge-operator
|
||||||
|
targetRevision: main
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
retry:
|
||||||
|
backoff:
|
||||||
|
duration: 5s
|
||||||
|
factor: 2
|
||||||
|
maxDuration: 3m0s
|
||||||
|
limit: 10
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
Loading…
Reference in New Issue
Block a user