Compare commits
77 Commits
Author | SHA1 | Date | |
---|---|---|---|
de2d0ea4dc | |||
7f41356352 | |||
4a4e932e9f | |||
a2ac0d1cde | |||
f6ff76d394 | |||
cd1bbc6279 | |||
5795ffb0d3 | |||
7ace9c2816 | |||
acce65bb53 | |||
5742ae2824 | |||
a77c96dbff | |||
47f2983bab | |||
d7b56c94d0 | |||
955d2c0425 | |||
29e366f1c8 | |||
3c573e0558 | |||
bafc474a64 | |||
495c7952ed | |||
d5b3dbd033 | |||
e8e28ee2e5 | |||
e90843a290 | |||
6d0b1a6633 | |||
4b8043eb81 | |||
54896eefce | |||
7e5de8fa4d | |||
b5e617c3c0 | |||
825ef1bf6e | |||
d4388fca85 | |||
83ac558082 | |||
68e519a70f | |||
fc8367a072 | |||
eb3389c7e7 | |||
151e770ab3 | |||
0ff50480a8 | |||
46340f5316 | |||
e3da5424cd | |||
965eb1a6f1 | |||
dc1463044e | |||
d033e5ec18 | |||
cbbe7e34a5 | |||
75363d20c5 | |||
ddde928e18 | |||
d172a9768b | |||
0c9e154c3c | |||
212708c0c9 | |||
907d4ae12c | |||
a5a08bd4d4 | |||
7345be46a0 | |||
83b6e5beb3 | |||
6ec52c6c26 | |||
1019cbde91 | |||
21ad33fb0c | |||
673af96617 | |||
0f68729ec3 | |||
02e5b307b2 | |||
06932ef604 | |||
d99aab2379 | |||
4a7d7c6ad9 | |||
97b5eda914 | |||
fa28404c34 | |||
81d5cf1d7d | |||
6d06d62bbe | |||
192e5521c4 | |||
393ef02472 | |||
b374d1bc2e | |||
0932bb49f1 | |||
23a5ef9942 | |||
402f5a8081 | |||
9c9e143876 | |||
76798a9629 | |||
5bae118324 | |||
2c2703316a | |||
dcc8e49eb9 | |||
bf179af733 | |||
c269c5a665 | |||
f76673daae | |||
f023e4bc6c |
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,3 +1,5 @@
|
|||
\#*#
|
||||
*~
|
||||
charts/
|
||||
.*
|
||||
!.gitignore
|
||||
|
|
13
README.md
13
README.md
|
@ -68,5 +68,18 @@ pre-bootstrap files:
|
|||
- `install.sh`
|
||||
- `uninstall.sh`
|
||||
|
||||
## Adopting a helm chart
|
||||
|
||||
To adopt an existing helm chart, there is an adopt-helm.sh script. It is not perfectly
|
||||
reliable, however, so ensure the output makes sense.
|
||||
|
||||
1. Setup your helm release how you need it to work
|
||||
2. `cd argo1`
|
||||
2. `bash adopt-helm.sh release-name`
|
||||
3. Follow configuration instructions
|
||||
4. Validate templates/release-name.yaml
|
||||
- Especially, check that the repoURL is correct.
|
||||
5. Commit templates/release-name.yaml and values.yaml
|
||||
|
||||
|
||||
[argo-crds]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/
|
||||
|
|
121
argo1/adopt-helm.sh
Normal file
121
argo1/adopt-helm.sh
Normal file
|
@ -0,0 +1,121 @@
|
|||
#!/bin/bash
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
SOURCE_RELEASE="$1"
|
||||
|
||||
eval "$(
|
||||
helm list -A -o json | jq -r --arg release $SOURCE_RELEASE '
|
||||
.[]
|
||||
| select(.name == $release)
|
||||
| (
|
||||
@sh "CHART=\( .chart | split("-") | .[0:-1] | join("-") )",
|
||||
@sh "VERSION=\( .chart | split("-") | .[-1] )",
|
||||
@sh "RELEASE=\( .name )",
|
||||
@sh "NAMESPACE=\( .namespace )"
|
||||
)
|
||||
'
|
||||
)"
|
||||
|
||||
TEMPLATE="${PWD}/templates/${RELEASE}.yaml"
|
||||
if [ -e "$TEMPLATE" ];then
|
||||
1>&2 echo "$TEMPLATE: already exists. aborting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
REPO="$(
|
||||
helm repo list -o json \
|
||||
| jq -r '.[].url' \
|
||||
| xargs -P 8 -L 1 bash -c '
|
||||
if helm show readme --repo "$1" $0 > /dev/null 2>&1;then
|
||||
echo $1
|
||||
fi
|
||||
' "$CHART" \
|
||||
| sort | uniq
|
||||
)"
|
||||
|
||||
REPOS_MATCHING="$(echo "$REPO" | grep . | wc -l | tr -d ' \t\n\r\v')"
|
||||
|
||||
if [ x"$REPOS_MATCHING" != x"1" ];then
|
||||
1>&2 echo "found $REPOS_MATCHING repos with $CHART. aborting."
|
||||
1>&2 echo "$REPO"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x"$CHART" = x"$VERSION" ];then 1>&2 echo "could not parse chart version from name"; exit 1; fi
|
||||
|
||||
VALUES="$(helm get values -n "$NAMESPACE" "$RELEASE" -o yaml)"
|
||||
|
||||
echo -n '# {{ if (index .Values "'"$RELEASE"'").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-'"$RELEASE"'"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: "'"$CHART"'"
|
||||
repoURL: "'"$REPO"'"
|
||||
targetRevision: "'"$VERSION"'"
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "'"$RELEASE"'").values | nindent 8 }}
|
||||
# the next line preserves the release name.
|
||||
# this is optional but recommended for singleton services.
|
||||
releaseName: "'"$RELEASE"'"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: "'"$NAMESPACE"'"
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
||||
' > "$TEMPLATE"
|
||||
|
||||
if [ x"$VALUES" = x"null" ];then
|
||||
SAMPLE_VALUES="## (sample configs from $CHART -- choose one) ##
|
||||
|
||||
### (minimal config) ###
|
||||
$CHART: {enabled: true}
|
||||
|
||||
### (skeleton config) ###
|
||||
$CHART:
|
||||
enabled: true
|
||||
values: |
|
||||
# values.yaml contents here
|
||||
"
|
||||
else
|
||||
SAMPLE_VALUES="
|
||||
## (sample config from $CHART) ##
|
||||
|
||||
$RELEASE:
|
||||
enabled: true
|
||||
values: |
|
||||
$(echo "$VALUES" | sed -e 's/^/ /')
|
||||
"
|
||||
fi
|
||||
|
||||
which pbcopy > /dev/null 2>&1 && (echo "$SAMPLE_VALUES" | pbcopy)
|
||||
|
||||
printf '#####
|
||||
A new template has been added at %s.
|
||||
|
||||
Please finish configuring this template by adding the following to values.yaml and customizing:
|
||||
|
||||
%s
|
||||
|
||||
(this has also been copied to your clipboard on macos
|
||||
' "$TEMPLATE" "$SAMPLE_VALUES"
|
37
argo1/templates/cert-manager.yaml
Normal file
37
argo1/templates/cert-manager.yaml
Normal file
|
@ -0,0 +1,37 @@
|
|||
# {{ if (index .Values "cert-manager").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-cert-manager"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: "cert-manager"
|
||||
repoURL: "https://charts.jetstack.io"
|
||||
targetRevision: "v1.11.0"
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "cert-manager").values | nindent 8 }}
|
||||
# the next line preserves the release name.
|
||||
# this is optional but recommended for singleton services.
|
||||
releaseName: "cert-manager"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: "cert-manager"
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
33
argo1/templates/cluster-resources.yaml
Normal file
33
argo1/templates/cluster-resources.yaml
Normal file
|
@ -0,0 +1,33 @@
|
|||
# {{ if (index .Values "cluster-resources").enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-cluster-resources
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
path: {{ (index .Values "cluster-resources").path | default "." | quote }}
|
||||
repoURL: {{ (index .Values "cluster-resources").repoURL | quote }}
|
||||
targetRevision: {{ (index .Values "cluster-resources").targetRevision | default "main" | quote}}
|
||||
directory:
|
||||
recurse: {{ (index .Values "cluster-resources").directoryRecurse | default "true" }}
|
||||
include: {{ (index .Values "cluster-resources").directoryInclude | default "*.yaml" | quote }}
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: argocd
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
35
argo1/templates/external-secrets.yaml
Normal file
35
argo1/templates/external-secrets.yaml
Normal file
|
@ -0,0 +1,35 @@
|
|||
# {{ if (index .Values "external-secrets").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-external-secrets"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: external-secrets
|
||||
repoURL: https://charts.external-secrets.io
|
||||
targetRevision: v0.8.1
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "external-secrets").values | default "{}" | nindent 8 }}
|
||||
releaseName: external-secrets
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: external-secrets
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
41
argo1/templates/istio-base.yaml
Normal file
41
argo1/templates/istio-base.yaml
Normal file
|
@ -0,0 +1,41 @@
|
|||
# {{ if (index .Values "istio-base").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-istio-base"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: base
|
||||
repoURL: https://istio-release.storage.googleapis.com/charts
|
||||
targetRevision: 1.18.1
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "istio-base").values | default "{}" | nindent 8 }}
|
||||
releaseName: istio-base
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: istio-system
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
ignoreDifferences:
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: ValidatingWebhookConfiguration
|
||||
jqPathExpressions:
|
||||
- .webhooks[].failurePolicy
|
||||
|
||||
# {{- end }}
|
35
argo1/templates/istio-ingress.yaml
Normal file
35
argo1/templates/istio-ingress.yaml
Normal file
|
@ -0,0 +1,35 @@
|
|||
# {{ if (index .Values "istio-ingress").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-istio-ingress"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: gateway
|
||||
repoURL: https://istio-release.storage.googleapis.com/charts
|
||||
targetRevision: 1.18.1
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "istio-ingress").values | default "{}" | nindent 8 }}
|
||||
releaseName: istio-ingressgateway
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: istio-system
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
|
@ -1,25 +1,25 @@
|
|||
# {{ if (index .Values "haproxy-ingress").enabled }}
|
||||
# {{ if (index .Values "istiod").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-haproxy-ingress"
|
||||
name: "{{ .Release.Name }}-istiod"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: haproxy-ingress
|
||||
repoURL: https://haproxy-ingress.github.io/charts
|
||||
targetRevision: 0.14.2
|
||||
chart: istiod
|
||||
repoURL: https://istio-release.storage.googleapis.com/charts
|
||||
targetRevision: 1.18.1
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "haproxy-ingress").values | nindent 8 }}
|
||||
releaseName: haproxy-ingress
|
||||
{{ (index .Values "istiod").values | default "{}" | nindent 8 }}
|
||||
releaseName: istiod
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: haproxy-ingress
|
||||
namespace: istio-system
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
31
argo1/templates/metallb.yaml
Normal file
31
argo1/templates/metallb.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
# {{ if (index .Values "metallb").enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-metallb
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
|
||||
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
|
||||
path: {{ (index .Values "metallb").path | default "metallb" | quote }}
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: {{ (index .Values "metallb").namespace | default "metallb-system" | quote }}
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
37
argo1/templates/nfs.yaml
Normal file
37
argo1/templates/nfs.yaml
Normal file
|
@ -0,0 +1,37 @@
|
|||
# {{ if (index .Values "nfs").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-nfs"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: "nfs-subdir-external-provisioner"
|
||||
repoURL: "https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner"
|
||||
targetRevision: "4.0.18"
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "nfs").values | nindent 8 }}
|
||||
# the next line preserves the release name.
|
||||
# this is optional but recommended for singleton services.
|
||||
releaseName: "nfs"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: "kube-system"
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
37
argo1/templates/openebs.yaml
Normal file
37
argo1/templates/openebs.yaml
Normal file
|
@ -0,0 +1,37 @@
|
|||
# {{ if (index .Values "openebs").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-openebs"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: "openebs"
|
||||
repoURL: "https://openebs.github.io/charts"
|
||||
targetRevision: "3.5.0"
|
||||
helm:
|
||||
values: |-
|
||||
{{ (index .Values "openebs").values | nindent 8 }}
|
||||
# the next line preserves the release name.
|
||||
# this is optional but recommended for singleton services.
|
||||
releaseName: "openebs"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: "openebs"
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
31
argo1/templates/pgo.yaml
Normal file
31
argo1/templates/pgo.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
# {{ if (index .Values "pgo").enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-pgo
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
|
||||
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
|
||||
path: {{ (index .Values "pgo").path | default "pgo" | quote }}
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: {{ (index .Values "pgo").namespace | default "postgres-operator" | quote }}
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
31
argo1/templates/stakater-reloader.yaml
Normal file
31
argo1/templates/stakater-reloader.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
# {{ if (index .Values "stakater-reloader").enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-stakater-reloader
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://github.com/stakater/Reloader.git
|
||||
targetRevision: v1.0.32
|
||||
path: deployments/kubernetes
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: {{ (index .Values "stakater-reloader").namespace | default "stakater-reloader" | quote }}
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
31
argo1/templates/template-operator.yaml
Normal file
31
argo1/templates/template-operator.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
# {{ if (index .Values "template-operator").enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-template-operator
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: "{{ .Values.bootstrap.source.repoURL }}"
|
||||
targetRevision: "{{ .Values.bootstrap.source.targetRevision }}"
|
||||
path: {{ (index .Values "template-operator").path | default "template-operator" | quote }}
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: {{ (index .Values "template-operator").namespace | default "template-operator" | quote }}
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
33
argo1/templates/trust-manager.yaml
Normal file
33
argo1/templates/trust-manager.yaml
Normal file
|
@ -0,0 +1,33 @@
|
|||
# {{ if (index .Values "trust-manager").enabled }}
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-trust-manager"
|
||||
namespace: argocd
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
chart: "trust-manager"
|
||||
repoURL: "https://charts.jetstack.io"
|
||||
targetRevision: "v0.4.0"
|
||||
helm:
|
||||
releaseName: "trust-manager"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: "cert-manager"
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
# {{- end }}
|
|
@ -1,14 +1,17 @@
|
|||
bootstrap:
|
||||
source:
|
||||
repoURL: "https://set.to.your.fork/of/this"
|
||||
targetRevision: "main"
|
||||
repoURL: "http://gitea.gitea.svc.cluster.local:3000/infra/argo1"
|
||||
targetRevision: "prod"
|
||||
|
||||
secrets: {enabled: true}
|
||||
sealed-secrets: {enabled: true}
|
||||
haproxy-ingress:
|
||||
enabled: false
|
||||
cert-manager:
|
||||
enabled: true
|
||||
values: |
|
||||
# values.yaml contents here
|
||||
extraArgs:
|
||||
- --dns01-recursive-nameservers-only
|
||||
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
||||
ingressShim.defaultIssuerKind: ClusterIssuer
|
||||
ingressShim.defaultIssuerName: zerossl
|
||||
installCRDs: "true"
|
||||
|
||||
argo-cd:
|
||||
crds:
|
||||
|
@ -17,10 +20,139 @@ argo-cd:
|
|||
configs:
|
||||
params:
|
||||
"server.insecure": "true"
|
||||
"reposerver.enable.git.submodule": "false"
|
||||
|
||||
controller:
|
||||
replicas: 1
|
||||
|
||||
server:
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts: &hhosts
|
||||
- argocd.strudelline.net
|
||||
tls:
|
||||
- hosts: *hhosts
|
||||
secretName: wildcard-tls
|
||||
ingressGrpc:
|
||||
enabled: true
|
||||
hosts: &ghosts
|
||||
- grpc-argocd.strudelline.net
|
||||
tls:
|
||||
- hosts: *ghosts
|
||||
secretName: wildcard-tls
|
||||
|
||||
cluster-resources:
|
||||
enabled: true
|
||||
repoURL: 'http://gitea.gitea.svc.cluster.local:3000/infra/kube-cascade'
|
||||
|
||||
vault-agent-injector:
|
||||
enabled: true
|
||||
values: |
|
||||
global:
|
||||
# disable global vault because we're only using this as an agent injector
|
||||
enabled: false
|
||||
externalVaultAddr: https://vault.strudelline.net
|
||||
injector:
|
||||
affinity: ""
|
||||
agentImage:
|
||||
repository: jamesandariese/vault-with-ca
|
||||
enabled: true
|
||||
failurePolicy: Fail
|
||||
|
||||
nfs:
|
||||
enabled: true
|
||||
values: |
|
||||
nfs:
|
||||
path: /volume1/k8s-volumes
|
||||
server: 172.16.18.1
|
||||
storageClass:
|
||||
name: nfs
|
||||
|
||||
openebs:
|
||||
enabled: true
|
||||
values: |
|
||||
jiva:
|
||||
enabled: false
|
||||
legacy:
|
||||
enabled: false
|
||||
localprovisioner:
|
||||
enabled: false
|
||||
localpv-provisioner:
|
||||
enabled: true
|
||||
lvm-localpv:
|
||||
enabled: true
|
||||
cstore:
|
||||
enabled: true
|
||||
ndm:
|
||||
enabled: false
|
||||
|
||||
external-secrets:
|
||||
enabled: true
|
||||
values: |
|
||||
extraContainers:
|
||||
- name: bitwarden-external-secrets-adapter
|
||||
image: jamesandariese/bitwarden-external-secrets-adapter:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
- name: bitwarden-cli
|
||||
image: jamesandariese/bitwarden-docker:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: BW_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: bitwarden-user
|
||||
key: BW_HOST
|
||||
- name: BW_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: bitwarden-user
|
||||
key: BW_USERNAME
|
||||
- name: BW_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: bitwarden-user
|
||||
key: BW_PASSWORD
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8087
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
exec:
|
||||
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/sync", "--post-data=''"]
|
||||
initialDelaySeconds: 20
|
||||
failureThreshold: 3
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 120
|
||||
readinessProbe:
|
||||
exec:
|
||||
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"]
|
||||
initialDelaySeconds: 20
|
||||
failureThreshold: 3
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 10
|
||||
startupProbe:
|
||||
exec:
|
||||
command: ["wget", "-q", "-O", "-", "http://127.0.0.1:8087/status"]
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 30
|
||||
timeoutSeconds: 1
|
||||
periodSeconds: 5
|
||||
|
||||
istio-base:
|
||||
enabled: true
|
||||
# values:
|
||||
# defaultRevision: default
|
||||
|
||||
istio-ingress:
|
||||
enabled: true
|
||||
values: |
|
||||
meshConfig:
|
||||
gatewayTopology:
|
||||
numTrustedProxies: 2
|
||||
istiod: {enabled: true}
|
||||
metallb: {enabled: true}
|
||||
pgo: {enabled: true}
|
||||
secrets: {enabled: true}
|
||||
sealed-secrets: {enabled: true}
|
||||
stakater-reloader: {enabled: true}
|
||||
template-operator: {enabled: true}
|
||||
trust-manager: {enabled: true}
|
||||
|
|
3
copy-admin-password.sh
Executable file
3
copy-admin-password.sh
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
kubectl get secret -n argocd argocd-initial-admin-secret -o json | jq -r '.data.password | @base64d' | pbcopy
|
1881
metallb/metallb-native.yaml
Normal file
1881
metallb/metallb-native.yaml
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
3
pgo/install/crd/kustomization.yaml
Normal file
3
pgo/install/crd/kustomization.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
resources:
|
||||
- bases/postgres-operator.crunchydata.com_postgresclusters.yaml
|
||||
- bases/postgres-operator.crunchydata.com_pgupgrades.yaml
|
25
pgo/install/default/kustomization.yaml
Normal file
25
pgo/install/default/kustomization.yaml
Normal file
|
@ -0,0 +1,25 @@
|
|||
namespace: postgres-operator
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: pgo
|
||||
# The version below should match the version on the PostgresCluster CRD
|
||||
app.kubernetes.io/version: 5.3.0
|
||||
|
||||
bases:
|
||||
- ../crd
|
||||
- ../rbac/cluster
|
||||
- ../manager
|
||||
|
||||
images:
|
||||
- name: postgres-operator
|
||||
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
|
||||
newTag: ubi8-5.3.0-0
|
||||
- name: postgres-operator-upgrade
|
||||
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator-upgrade
|
||||
newTag: ubi8-5.3.0-0
|
||||
|
||||
patchesJson6902:
|
||||
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
|
||||
path: selectors.yaml
|
||||
- target: { group: apps, version: v1, kind: Deployment, name: pgo-upgrade }
|
||||
path: selectors.yaml
|
8
pgo/install/default/selectors.yaml
Normal file
8
pgo/install/default/selectors.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
# We add the app version as a "commonLabel" and change it with each release.
|
||||
# Remove it from selectors until we use "labels" of Kustomize v4.1.
|
||||
# See: https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/commonlabels/
|
||||
# See: https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.0
|
||||
- op: remove
|
||||
path: /spec/selector/matchLabels/app.kubernetes.io~1name
|
||||
- op: remove
|
||||
path: /spec/selector/matchLabels/app.kubernetes.io~1version
|
3
pgo/install/manager/kustomization.yaml
Normal file
3
pgo/install/manager/kustomization.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
resources:
|
||||
- manager.yaml
|
||||
- manager-upgrade.yaml
|
36
pgo/install/manager/manager-upgrade.yaml
Normal file
36
pgo/install/manager/manager-upgrade.yaml
Normal file
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: pgo-upgrade
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy: { type: Recreate }
|
||||
selector:
|
||||
matchLabels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||
spec:
|
||||
containers:
|
||||
- name: operator
|
||||
image: postgres-operator-upgrade
|
||||
env:
|
||||
- name: PGO_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: CRUNCHY_DEBUG
|
||||
value: "true"
|
||||
- name: RELATED_IMAGE_PGUPGRADE
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-upgrade:ubi8-5.3.0-0"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities: { drop: [ALL] }
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
serviceAccountName: postgres-operator-upgrade
|
60
pgo/install/manager/manager.yaml
Normal file
60
pgo/install/manager/manager.yaml
Normal file
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: pgo
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy: { type: Recreate }
|
||||
selector:
|
||||
matchLabels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
spec:
|
||||
containers:
|
||||
- name: operator
|
||||
image: postgres-operator
|
||||
env:
|
||||
- name: PGO_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: CRUNCHY_DEBUG
|
||||
value: "true"
|
||||
- name: RELATED_IMAGE_POSTGRES_13
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-13.9-2"
|
||||
- name: RELATED_IMAGE_POSTGRES_13_GIS_3.0
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-13.9-3.0-2"
|
||||
- name: RELATED_IMAGE_POSTGRES_13_GIS_3.1
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-13.9-3.1-2"
|
||||
- name: RELATED_IMAGE_POSTGRES_14
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.6-2"
|
||||
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.1
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.1-2"
|
||||
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.2
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.2-2"
|
||||
- name: RELATED_IMAGE_POSTGRES_14_GIS_3.3
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-14.6-3.3-2"
|
||||
- name: RELATED_IMAGE_POSTGRES_15
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.1-0"
|
||||
- name: RELATED_IMAGE_POSTGRES_15_GIS_3.3
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-gis:ubi8-15.1-3.3-0"
|
||||
- name: RELATED_IMAGE_PGADMIN
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgadmin4:ubi8-4.30-8"
|
||||
- name: RELATED_IMAGE_PGBACKREST
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.41-2"
|
||||
- name: RELATED_IMAGE_PGBOUNCER
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-pgbouncer:ubi8-1.17-5"
|
||||
- name: RELATED_IMAGE_PGEXPORTER
|
||||
value: "registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.3.0-0"
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities: { drop: [ALL] }
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
serviceAccountName: pgo
|
2
pgo/install/namespace/kustomization.yaml
Normal file
2
pgo/install/namespace/kustomization.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- namespace.yaml
|
4
pgo/install/namespace/namespace.yaml
Normal file
4
pgo/install/namespace/namespace.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: postgres-operator
|
7
pgo/install/rbac/cluster/kustomization.yaml
Normal file
7
pgo/install/rbac/cluster/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
resources:
|
||||
- service_account.yaml
|
||||
- role.yaml
|
||||
- role_binding.yaml
|
||||
- service_account-upgrade.yaml
|
||||
- role-upgrade.yaml
|
||||
- role_binding-upgrade.yaml
|
71
pgo/install/rbac/cluster/role-upgrade.yaml
Normal file
71
pgo/install/rbac/cluster/role-upgrade.yaml
Normal file
|
@ -0,0 +1,71 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: postgres-operator-upgrade
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgupgrades
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgupgrades/finalizers
|
||||
verbs:
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgupgrades/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/status
|
||||
verbs:
|
||||
- patch
|
135
pgo/install/rbac/cluster/role.yaml
Normal file
135
pgo/install/rbac/cluster/role.yaml
Normal file
|
@ -0,0 +1,135 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: postgres-operator
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- configmaps
|
||||
- persistentvolumeclaims
|
||||
- secrets
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- deletecollection
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- endpoints/restricted
|
||||
- pods/exec
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
- statefulsets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- cronjobs
|
||||
- jobs
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- policy
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/status
|
||||
verbs:
|
||||
- patch
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- rolebindings
|
||||
- roles
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
14
pgo/install/rbac/cluster/role_binding-upgrade.yaml
Normal file
14
pgo/install/rbac/cluster/role_binding-upgrade.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: postgres-operator-upgrade
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: postgres-operator-upgrade
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: postgres-operator-upgrade
|
14
pgo/install/rbac/cluster/role_binding.yaml
Normal file
14
pgo/install/rbac/cluster/role_binding.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: postgres-operator
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: postgres-operator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pgo
|
7
pgo/install/rbac/cluster/service_account-upgrade.yaml
Normal file
7
pgo/install/rbac/cluster/service_account-upgrade.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: postgres-operator-upgrade
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
7
pgo/install/rbac/cluster/service_account.yaml
Normal file
7
pgo/install/rbac/cluster/service_account.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: pgo
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
7
pgo/install/rbac/namespace/kustomization.yaml
Normal file
7
pgo/install/rbac/namespace/kustomization.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
resources:
|
||||
- service_account.yaml
|
||||
- role.yaml
|
||||
- role_binding.yaml
|
||||
- service_account-upgrade.yaml
|
||||
- role-upgrade.yaml
|
||||
- role_binding-upgrade.yaml
|
71
pgo/install/rbac/namespace/role-upgrade.yaml
Normal file
71
pgo/install/rbac/namespace/role-upgrade.yaml
Normal file
|
@ -0,0 +1,71 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: postgres-operator-upgrade
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgupgrades
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgupgrades/finalizers
|
||||
verbs:
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- pgupgrades/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/status
|
||||
verbs:
|
||||
- patch
|
135
pgo/install/rbac/namespace/role.yaml
Normal file
135
pgo/install/rbac/namespace/role.yaml
Normal file
|
@ -0,0 +1,135 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: postgres-operator
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- configmaps
|
||||
- persistentvolumeclaims
|
||||
- secrets
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- deletecollection
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- endpoints/restricted
|
||||
- pods/exec
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
- statefulsets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- cronjobs
|
||||
- jobs
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- policy
|
||||
resources:
|
||||
- poddisruptionbudgets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- postgres-operator.crunchydata.com
|
||||
resources:
|
||||
- postgresclusters/status
|
||||
verbs:
|
||||
- patch
|
||||
- apiGroups:
|
||||
- rbac.authorization.k8s.io
|
||||
resources:
|
||||
- rolebindings
|
||||
- roles
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- watch
|
14
pgo/install/rbac/namespace/role_binding-upgrade.yaml
Normal file
14
pgo/install/rbac/namespace/role_binding-upgrade.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: postgres-operator-upgrade
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: postgres-operator-upgrade
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: postgres-operator-upgrade
|
14
pgo/install/rbac/namespace/role_binding.yaml
Normal file
14
pgo/install/rbac/namespace/role_binding.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: postgres-operator
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: postgres-operator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pgo
|
7
pgo/install/rbac/namespace/service_account-upgrade.yaml
Normal file
7
pgo/install/rbac/namespace/service_account-upgrade.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: postgres-operator-upgrade
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator-upgrade
|
7
pgo/install/rbac/namespace/service_account.yaml
Normal file
7
pgo/install/rbac/namespace/service_account.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: pgo
|
||||
labels:
|
||||
postgres-operator.crunchydata.com/control-plane: postgres-operator
|
29
pgo/install/singlenamespace/kustomization.yaml
Normal file
29
pgo/install/singlenamespace/kustomization.yaml
Normal file
|
@ -0,0 +1,29 @@
|
|||
namespace: postgres-operator
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/name: pgo
|
||||
# The version below should match the version on the PostgresCluster CRD
|
||||
app.kubernetes.io/version: 5.3.0
|
||||
|
||||
bases:
|
||||
- ../crd
|
||||
- ../rbac/namespace
|
||||
- ../manager
|
||||
|
||||
images:
|
||||
- name: postgres-operator
|
||||
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
|
||||
newTag: ubi8-5.3.0-0
|
||||
- name: postgres-operator-upgrade
|
||||
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator-upgrade
|
||||
newTag: ubi8-5.3.0-0
|
||||
|
||||
patchesJson6902:
|
||||
- target: { group: apps, version: v1, kind: Deployment, name: pgo }
|
||||
path: selectors.yaml
|
||||
- target: { group: apps, version: v1, kind: Deployment, name: pgo-upgrade }
|
||||
path: selectors.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- manager-target.yaml
|
||||
- manager-target-upgrade.yaml
|
13
pgo/install/singlenamespace/manager-target-upgrade.yaml
Normal file
13
pgo/install/singlenamespace/manager-target-upgrade.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: pgo-upgrade
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: operator
|
||||
env:
|
||||
- name: PGO_TARGET_NAMESPACE
|
||||
valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } }
|
13
pgo/install/singlenamespace/manager-target.yaml
Normal file
13
pgo/install/singlenamespace/manager-target.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: pgo
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: operator
|
||||
env:
|
||||
- name: PGO_TARGET_NAMESPACE
|
||||
valueFrom: { fieldRef: { apiVersion: v1, fieldPath: metadata.namespace } }
|
8
pgo/install/singlenamespace/selectors.yaml
Normal file
8
pgo/install/singlenamespace/selectors.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
# We add the app version as a "commonLabel" and change it with each release.
|
||||
# Remove it from selectors until we use "labels" of Kustomize v4.1.
|
||||
# See: https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/commonlabels/
|
||||
# See: https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.0
|
||||
- op: remove
|
||||
path: /spec/selector/matchLabels/app.kubernetes.io~1name
|
||||
- op: remove
|
||||
path: /spec/selector/matchLabels/app.kubernetes.io~1version
|
4
pgo/kustomization.yaml
Normal file
4
pgo/kustomization.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
namespace: postgres-operator
|
||||
|
||||
bases:
|
||||
- install/default
|
43
secrets/bitwarden-user-sealed.yaml
Normal file
43
secrets/bitwarden-user-sealed.yaml
Normal file
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
kind: SealedSecret
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
metadata:
|
||||
name: bitwarden-user
|
||||
namespace: external-secrets
|
||||
creationTimestamp: null
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: bitwarden-user
|
||||
namespace: external-secrets
|
||||
creationTimestamp: null
|
||||
type: Opaque
|
||||
encryptedData:
|
||||
BW_HOST: AgA5YbPiLEiJL44P5Dcjph4h/QbOQog1xb5TuJ9YDl1k8WY5GhX8uR4lB6ceyg3nl49S5KF88JAMUl1x3uXFSMhAZ+mdc1HJr6Czvr/A0KLeeX82jh1S2j0sGIjleXQxtJfUjQs4nWOXmjKWbju0aMzgJy3iLBcutFPEKKaPcmjm9SsC6ruz0KsEMa0CfH+lbGX6YmZQeDn+EdVt3dw+/vugFILsdOauVrvwJ862xnB7zNgpSCa4VWYO1xl4UsElAlRcTA9TowVfQcPyjwjzp+tBzHjBQFXfzhkfO1bJGjPrVVZydzVbMfBXrILP1BpHdlrxqEgfsJLV464lJix/4C17rA1Z4X4tBa5+ZT4aWPKX8OXhi/bXW7sA7yzyIZEFAEmfvaDbe8/2MfK9T4FbaEJ7rMCGz35CHsuX12PJdwHX2q8lGM5IdQsITvQoKD/mWGCK4iG6oWZ8q4zUU+wdZLqoWexyfKNMPncS7+5xnEsDB94B97j+VZtaS7M+Rxv8xYlFsguQzDUfYuFLo3imCgaNIZ2Ci24u775V9kKQmCVdMpCf5LtXwp1u56LSYy93lEGFanDe8dZ7iMZScwnQypW/Ytl9g3jVE5BGhlyFPscdv+5LzhVIhpbjT7jWg7lrJowDX39Y0OQpyaqrfRnYHqCg+WM2vVE0AVYzL3erpuKgAiofiQRMBLNal1CDiR+aF9bHrZTnbzklB12h3Ee/mm9aSjSbvdeuxsK/NFFFlUE=
|
||||
BW_PASSWORD: AgCldsd1izPvL+5+hnlm4j7cnX571s13BoN2OePyt0yubk9IkjaoqRDlcMMISWkcEMjqztgZwm2Yez5KdZ6I2uJcew7fREy4D3RcwhCWZT9sgsSXZQTZ5Nu+mmQePHoZFgXnmNL8JDNi/lSCxLXUgm/sa+6AEB/Wwy5vG6gi3X8ZsmbmNe2hDIYrq+oGgU3cmUqhPv3UJTsHgKEYUgfByXAj39rjocRCpF9Sk7R9WciUmMHPcfX7hnX9cHp1DaYDhCJY8N5/MfvV+PocoOJpIDpyA+HJqnvxspBkxWFHlkk4HdtydW6iEUiGlI/KxT6wTHZE9baWOJC+n0SpkPqiNebie62+Vq+0t4VflhWrqQQT7GHL1QLmC3EZn6eiaaz4Y+KBuDHy8pu8nEUwBX2P4jpAOB9NNIgZ3HKBz0xmTSZ6n9kUn0rYPBrFDEZWdhYngW/aVxDA5dI66MDVBcIajTErUBf966QUbizyBTGstzchdsEnJaxJFICjrq5Xj9psFZIztwz0ejCQnk5d48U6SY5bGUgxs4mcJXerLETvUqdtBVd7iJ2oCsUc2FiLJQk2FFn1rpspt0joMVpLZ1QlsFVagnPPpTljyseOJgQEE+4Qfok5e0s/JoTjaDmzmLg+di8plubMUODwnV2xgfjlvVBN9EsDOC+QR6vl2VLL3GZ6/bU3XbsJ66A6sN7WddOtzMpbQ4L5lP7sfvmANtZcdUNRPy3keNFI4qE2qVzi3fs=
|
||||
BW_USERNAME: AgAp39BMRsv9KFmeZDvMugQpkK3Jla3p6rGC2oYRC/BK4ROnXaRviQ3++6RsXjsatMHhBT3ZvUSSe/VzwjVmlFar05Rz3/Y0SZ5c0CVD28/R++xDKxNlp3RmB2RlCwvfl89aJ3UfTd3uJYmOoOh8OfgXnF6n9ObBvY98ZWvZiTcK6fcmoyyjoTttP6rMTQjN3be+Aq5OwenwkfpuWYGELW5tPBOKqM31b7unX8ZdJFyjCfhWSvnRSujaSM6J9yKJDJy5wNA1twmaSpnmUlG0zznGS3X4m2pf0frAybqPF5zZSIuGwQZKKiSpWpTM36i78xzczP4w9HR+znoLuSIr1QLltkpdU9CiP+4G8iLNv8AfQ9kk4M1FfwZV4EVXP78UZ1GHPJijAvN+mUuTkIiRAxcATagUPahfpRunNNjerwiectf8Mnub4IKKpRawP+F2w3A0dmNwBMTY+POPCpRZfT3Cx4gIlsHUhwAFy5pmtPlm4xYAF9dzWBvrgOALuhFdRvLfLBgVDx0dMHT7wXCBqXZqK3/vFkWGdZ90aI9sBXfLlL1ed4GDYNzUVa4QjnjWAZlxVvcbvT6bXrN9DtRzUZY15RdNH5LLIWpm0xUKhUrbCh7fefzJ66zSVRPJDNcmXTb1h9Ex4J11qlPwjonex1w4EZIf6eOdA6qVhwb8WG9nRTPwJgq3dl+0FLubFwPUbnmzJwicUfRGDEQKqORayrI//dwun2A=
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: bitwarden-login
|
||||
spec:
|
||||
provider:
|
||||
webhook:
|
||||
url: "http://127.0.0.1:8087/object/item/{{ .remoteRef.key }}"
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
result:
|
||||
jsonPath: "$.data.login.{{ .remoteRef.property }}"
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: bitwarden-fields
|
||||
spec:
|
||||
provider:
|
||||
webhook:
|
||||
url: "http://127.0.0.1:8087/object/item/{{ .remoteRef.key }}"
|
||||
result:
|
||||
jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value"
|
||||
|
29
secrets/git-creds.yaml
Normal file
29
secrets/git-creds.yaml
Normal file
|
@ -0,0 +1,29 @@
|
|||
{
|
||||
"kind": "SealedSecret",
|
||||
"apiVersion": "bitnami.com/v1alpha1",
|
||||
"metadata": {
|
||||
"name": "local-git-token",
|
||||
"namespace": "argocd",
|
||||
"creationTimestamp": null
|
||||
},
|
||||
"spec": {
|
||||
"template": {
|
||||
"metadata": {
|
||||
"name": "local-git-token",
|
||||
"namespace": "argocd",
|
||||
"creationTimestamp": null,
|
||||
"labels": {
|
||||
"argocd.argoproj.io/secret-type": "repo-creds"
|
||||
}
|
||||
},
|
||||
"type": "Opaque"
|
||||
},
|
||||
"encryptedData": {
|
||||
"password": "AgAZClR6k01hwzedgGaf3qfKKIjFMqYoUVU4NfB7/xzXmyIjLcYoN89kMedYxTP2ESS3vHopkkP/XbRYBudyzgX5mU4T1Mke3LhO2b2/1pMBhSFKfJ76BWpiTcVwq9z3fxKFdptBw4DoqxwzFurMla2rw+Qbx6Unk+Oj6ob+JXu3u7Ym19D3jK79LO6jN7RDs8thJ0Z1sZpMxdwYM+SYR89tfkqIJmhX0nXQVcjB/FWAp3hKf4seIU/dfq/pqg3bnvalkp8JV7UeMqXwlGAJkTJh9ebJuaaI5ekaqJF2vZqTsqQ91RH7ByebDpVy/085uo+OJ9ltjHivBWPn+cqqvOnh8QAkENpyc89tHolqJVSPrCUfaOFBoNAEiMvuXV7govkbIDr9lFbGSweue+oYh2GjtDRJnJuUFtAVxadxuu1VBmiUYR0mnkDaOSEEw3fA0ErSrkCrSZxikk88TdcUzoicn7GXJugew8pBneX1OQgLVTsZq5Pwvx0LA69VF1y9zsHzqUEKUrtrCIyJBCEvsPtgKgGne+vRrWXJVAFMarZRIobgpeNlPGUQRuOf0CVsxDAA2pa+z1gKEQC040eIuZBJw6T/JkEqoFOP+/Y2/7E6LzcS5UseSI4h+dDH6X1ydKnnRA4VuUw23fPe+Ypw9NDYmWk+Vjpcra3PdgTZ2NU9bMzGNm2d6HMQ7zDbC6DN7DUUbQmtYvbSCj/o9kHbeNTvrC78RatR6G/DFhP4UKCGObuP5/V+pH53",
|
||||
"project": "AgCIjPYmZ3V2JeeA2Yalhxmkp6bPhs1ruvJHuNmMYROTdajDSxM8hk/HH/ue+C6GZvVnBMAbcxB4Hs5w2L4+bsR5evrKnpt0wPjo6wT5rpijltyhiZ/uPlnMHytDKfTTHPSTbIyFaaqHPAVWo9FEiqfPNFB1u0w5eT5Wpr3ZesCV6Ijikm1H8PAHz98J0Ujnbxco3WTKIDb/Ab3wYBWocpAU50bXrej2lqVItgtN/tr85Xol7GMdwm2knAy4ajxR0ule0llo2LO7CcEeU2pb5kXwvltQajPP52jG5DGk6Mtd+LT8OvEPM/2KNToQ/YO1x6qCz8hPPjl5vU0cigHMKoK6DHaG3ea2H8lC3oOacDKyJkmsjVhUgiu4DPGDLpLEq92qCFwnAZ5XVJ+g6LW5D2J0zdETNwcoGiYL0jHBlqIwLOX7E5SkS0/gTVltsBtWoNy9wrrC9SXs9GoqvlFMsZh3/tiEuHTa0nzWKCf8ANuDPO/q2QzT2N5yGx5EqWeS9G0etwFlsomcA1GojVvtlAvCnnHcca69jfaaCU5VVC2AlRWYxwXynTmutgOiZ578Ml9DErHpg9QO4ULOUojdBcbyuMZK0ie45nHBgS5jzE3yE82ZKbyrZmu9Ah6NA1I82kAfuG+SHgylrI6YaSwWK3pk+QCMK7wU5vwmu5ttveU9OStB5thrZQpuWPlPtWyW2ed9Ou0yOuxT",
|
||||
"type": "AgBmsYlD5sj9g/elOiV6lyjtcECgB1Bp7Ls7JWIp7tXKo3cOuoubLRGwaHp7dic5d4sig6q0JiooCGL5WP1TALp1Th401yiQN3i4KJLoRD4HlwvrIx+fH/daK4Rzu2HlFNdBTg15SPczqAxZxwgwaUpfYvQOAysClRRI5dLs2aGSpxvE88qh/BIRuZ6aBOzvF4lxjRtCj1iUijscPTYJiLz/zQsojvnCBkXPctpe7C39rddYtkcWFCSoOpMx9KsHqKzQXDJiUMx/8mYFfIXA4WTCa+wnJCD4bOTOJQu2mwxFQH5xf9cTAN0WOOSdundd2zr0qLrOpN2niIxM2wfofCDzRBB9+0Jr/VqH+9CsklqzqIV21QjSyXe6X2oVjq9UIoILfB6hb6VE01R31YXiy+Qwh/icC014K7G3UpOz1rnBCmKbHC+bm3PCXttTSeV7J27qpAJDwAibtuCmccLUrZZeLsk54n64LTTHESV6k8vBWaoyeKNG9AwSMculTdfo3F5NT5lWtdaQWLzIeUM33n9LVtYX7MiAZJnitxv29uwMb4wz8EjLp5aesLKCm04/682MPLGDDo/kL/7D5mwGJP6cz1uqWWfLkqodZ/HcKPEdn1NkU8CE/xqbbrGU8Cs9wFah4RVQ7D+wUbpeOmI+N1rBQ6XWh1u5piyYxW6s52FDVlaVmpRuRW+XXm6YwV9DXj9PUDo=",
|
||||
"url": "AgDg2TfHr2da7XELt6EAqeA9z9Q58wIohGDdIWJbk+RPBHALQ+AGvMvlSb0LgIA1HHDOL4uj7KC6bSS4bZs3UaT+914MZrnNGfpmh9zV1m5ZjAhvQuYkI417jlKt/zXEBGo+OIV/sVjr+yK0yDHtlFj82/EXlALJ0d4a74fMi6P0fOvoC4oYCW82UpUH87d568/RmwwPtHynGXxHA3LW9M05eFiej6vYbY1HWJDODr9crHMj35LSwqLvzYxxzoNQZEVqapTAe6L22wDOMLYCabctvu5hOE5/pJvPYZj7t/LSdK7HNN678SK9ukbI52QDyz0AyZM7OlEprYVG9CGo1rLDWrofYEgXi86nC2mK8sRJES1Cb5iY2l933UwZ2y59+TQEWgioy4cKPhKv+DkNWOo95eXvdUvbojPMGY+7FsC+NbGIsVR+RpAB88ePMxaBl2YPzGp9BU7/MxNdITDIuFtEOczQR09VNAH6hI4hdmTSfyHb5dJRkSnnJYjK+J+lmMpDtlETUeQv78wMH37UEbu/9cesJRoWbunA7i1ySO/OrdVnCCnW6x+pm780Kt+woKuYx09G35xBMH1OYbhieE4ltoj9rLEWDbo5LnI3qlhFje9jPRwP9IS/HvoyjzGuUNLRVonx5W9z0/SL2NJEeYS1GYk/ttyyeB1gdUDNtAG5LFwrRkyMi3cfJ7KfsYfGs3WtzizBMN/6/iwRG/CVolFr9zn4wKVBqV1KKLoP",
|
||||
"username": "AgBTUXyEIPPPMOKu/6dbFKMmiQzKs8afxYm//3aIgUGpVX6PAFYYNtydra2JvVmsH5ZctMn+IYVLgeMp/2Q6HMF34/7+O95mTjeLYjx3qsG7GOUVBCgAFeJ/5g6bEaX/wW30afIXhsOM/L1OXjU+82KhgjCODxBBQP7jRKvppVEp+m7q68FjnKf4GSYDyKxf7aIb2m3ox/kFa9oR9cDeJ8/vll7iTRqo4uOOXEgFXw+IZG2v1A7iRkqiLgf4jWVdVvOQ/AgbHeQ9OL3SU4UukhDJcXo9nnp+UVwy9mdY6QNTZ+pr7mEGh8agfsMSthSq/4miLKkHlm5wPJaZTi+hpKdfxrE2jNeZ/ALQD2qPv9tRPE+WfK1sO26QWsLlF4AdJaWFLuZPDb1XNKPnfSbMMegidO58mkHuWM77IIjkC5n6R42xE2LoqgTS0EGmMIZ81vhfxmcGAYNCZa+2R+ErrG5yxX+XnLRbrmcBQOKHQNiC9pfYa7jjNjlBp7grph2yVJcSOOvHq3Kxktjxz8u988R8q/iA9PVXjFVQhS7zglzvplus+vyyO34X2iCcexVDdu0R6cR1WSI7zk2rR9/P+T1M+t2hNBE7rGe9hZBJIiPx5gO/7bxjvCREINKdIX6kW0nh4NSfdX46iC5TTFEArFaL2g5qkQmWLjl9QLk71KQkVRPUFwkPlw0sq5Pt3vbTZO28nx9iWQ=="
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: local-git-token
|
||||
namespace: argocd
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAlNckjIJjOhBKYA54pngBa50DagQ6BtT0I9vvjyhbwBV62efdfnIrRcPSUzrXzSnCMrJPFCYyGZQwHCe7+MurVLPX+i94bBDFjZlGwP7kokaMQjTi4122nWbM0y9AGrYQUtDV3KodRdUkhRP8aAuhqtbzOjqSKB96xHc9EzUKupwrhs7iymbY50d5b7FVxvCBWL0ZzctIwlZU7o2OQ46ImmrAo/0Hn1ueI2wsuhSjg4a4xsh1GipVsRWTCuLO5Ot0eDOgEqQEhTQji5+uwOy4iCuYnj+UHlNodClGsn9MsRv4dIZhCt8kapKKTv4PdQNKSq9JjefgPjyXJs7Za5xTOj07KSsOHdrOQOBNzbf2piaKiGt3p1e8/NhdhB4ODpxbW973y/2ErR4xcf+hpCKQ8CqffNIYEvcRs+NcZAq0afaHQymWTjzqRgYjtceDp8gNIUbQxD5WRlbvaxRwgDWfe4aSrp/cRw7JbwkcOEQGfjGNJr15PmYO7jT8yb8ZJNavUG9KK4tCio8j2nCC7OZECewWr1vj/FLquYvD6AYeKMHKgfL2eRdxcqTwbXIoWXAP6JeWF1oN97xN0TANPljf+Pyt89D73BHMDVuQ1Ei2528y7JZy6xir7C3PoDRBBbSX0imMmHFCngSwtbGYMKdRfbxJ7rG+aamYGo6LUfqArrpnXDGPe4ti/FIp/fUKjYs7azT1f+Ntwfg==
|
||||
project: AgCaMGRFcW9LaVW8M5dLLwpEGEAnbwXgHZzBWkgkc804rL9lKNuu6L40l0QmZizziEf14u3MdVh5VecHo9julJgMQNaArWIwOLRGR3vcETcYdYHjMmQwUT+TO7GwY7xJZCAxEKMoQrM74ha+wgT2uWMn0uEOFTkobTQfnWLoTlXZcspIWFcTNhdgZeJKAqZMKIt7yE1CF0AjMy+7XWDAGHOByyWllpZSHp2wh78fuaK0tLGzY50+NmwE44cft6lATSh5a/Ko1UL+1uCDeMRvrs2cR5+1Zh9MNWbXHKCggyM81vojf831p58dfJ3yPzXJTWLADZ/k2o3liWvY43W5mp/C4my9wUYR9JRXFsByvbvtu+7vvdhFV2YLEPErKvJAVv66R/r+6u3YQTAAtz8iAHaxLtEn9Tj91b+iBeCqZnnChqfRF4Ts2XZvSmwH6O1V8k6Lv1s9ULYN7lDesvO0W4vbkO01P72vaPgjWYgDLkxeWrnEx5jQM9jPs29U9NaCiiWxnHxReGN87WklCA0Gsb5eyXmbXoh50qICx26Cf2TUqbrVGyMPT0pEJdavXpX7mgQDohP9iAy9ALGFicUmZ8gDH9DeadtqkHT8UgGWWoAGroTMulRCWK1v+plVfRJkfrtw3AXmWTegkNFYX8lYjyAHJokMOEpF4OjL1By2XngfwAnd2eAiSWtU1cPL1Jjv2NCYDR5ZlHXu
|
||||
type: AgBWOyU8137TFCt3kJC2WJV3gXlBQEirknbHVmS3IDcxwmyhuIxZh5NeLbDfc7Ip9OEtGQFViBD523gUzr3qJRZBE0IAWplF98+NwRopT3jVjxRCt8H6yF8+/3EiagUBe/9WM/eb5+S428KMDT7eDn9PiB6pEjoduxD5w/l+QDBUQQOoejc98bzxjC8ml8EpkaMS4H4yiO7JAlW2QYFRyF1fFaopoEdwyIEkPJ5Br/TXDOtdJeCEIhUhNKE+wQmNZc7MBJKWiqGyb54HzdsAndmF2PQs1FZ+sUCn0xJtu1pP8WTpcKGm4VpHPASlDNQgpuNFBvkYRGe+MErAmqyrAs0E5VU3R0qoIkmbhuvXY+gOploJ2YljG5gqLUx8DtECoSmkrF92oQZx61Yf4duvE/mEciWcDRThzUXwrG8A+qj8B/JxomoEQB4xu/l3WgNBOPMonF77b2dpTckBfH9VH70QKygbMTGAj7zl/sZDavPMZq37SCqNTmRhcDBs1qt3wtv8sUy6F4RUmr6XZsOtePxGg+WYijeHpXXeQSu7oASiZgUcNnjIPFPLc64IXoUv3s4a/QiSGRCgz8uUqws6QSu+TggY4P7f8VBOrJATv4jbOc++XGgWe0o/+b9oQACn5qPrdCkR4hiGd5wZ1BQXVINK5FMXCJq3l4kIjxDdKC6TjfG4vhi2VLld5eAz6f9cNphrocM=
|
||||
url: AgAk92yrw8BJX0rVsCkZOEz3PhkLMoNhKBOXEAGqlcH+AESKIKUH152fMcfFKNj3DBrOEaNGXM+HiM1DLCd+e4A46ytx/aqSF4uEno2853wLlHjlLQlqfSWdkMYwosSV11Y9MuMGhGTMyCB/u10QUIycUjBs/gZEHDrJV/ObJYtw1pIlMadeKG5nomYYoOiMArdKZ1EXqv010imTItAhrW+Xn4h7/GftCEm2vWPbCdTbFBNIirif2DIAge7kTM3NeLzeLdAqf+tM7+A2Ekw7lU6+bnuVGGNWzEbQI/e4soSGYATQqVdhRPD/UFRJJrmp6IFZ2ymgqKr7t7EbTJ8UKr+GiMP2Gy/9ihBe3cDiQuVEfj791yHMSfChkIQ4vDYzJjMueYJE5pAz04y6QMbqgDxfVaQlx1B2XTP2ma3W+9bMB8vrDCuqK5iWtfM1jSmLVnM10KCsxcQAraE6C8jOArpkUqMPzsCmIfAudEe8FUxv56EeOP0MVT7sHLDKjklxqfgFCzzeqpGAZOP+k8zLT89vXlqbgeUWl3VmXMRqheDmhS6v8YiwJhkusvEdMeC8GOukvXM5limKC/+SZDIUNLlf0wct8/ymi0nkkmcGsfI2Jl7M5ZyOrjjXfvMLeNhc/vE+atXeKIXy8NLoDM0UwjyvMiO2mOpx3ZUwu2M5ff2i9n3rpxevYTh+fpOLWz2CXpLkMzvIm8wIgOow/4mWWYuY1Oqg
|
||||
username: AgCIo+y2uwCJVEfnLl8wwTKLyw10rMfpJExCHcXq7dBlYWit2tG/uBQr6SM0jqlRINoe0jSNcaVUuzdRZWjvRwW7fwRonz2rjFih9wdmCXYhSc5K4qF5FeB8mO7tmOW+CzILUviZfqnqTyYLzd66BV2etCusuGHPBGomOYsaELYLMzQmpKPLt7an4PP8dUAM09aCeKe0KkTwQcgCkNRKBPRysg1mXnulCpGgWdUDGsj5QCM3byp2+l45g+/RDvELZgnkRjzVNNnXK9AI4Xy3vekDMoNEuFX3A+YWoBwI6LRSRWFOy5hi6w596PrvCq/O4FEomIsFqk9jkBY7dEVXsUX6JKVpIxkwtlKSChO3rt558YGipamt1csNKstM7frgtkzfXoNB7jQiKzHULeimtZnUOSjI8TaboeBKKKLHfrlbIWrJBHD1xJ3kuYCM/O7dpHM5aGBOwPSbjc72ur9Lso/uDs/ZvibsYkuaIBnP+Y8rj+t2d6cFe8//W4zcC90L+0Gnxn1/rLyuAp+B92bb13yq7sY50la2zu7zmvsL41/V4NYErgAUMciT2bSZMvSNh6wtx2IhCyJJSByDbsUMth7ixzfbuK8bgIeoyS3L3V17pB90YI9ttGNLmZ5zJLXzIhejD817EpnrIXHBQqjl0fNpxRgwJw2rmAH8fkKxSbsdT+hX3BORI/LUmFMuXuWhsarwbjTXmVHUV5qvbX0=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repo-creds
|
||||
name: local-git-token
|
||||
namespace: argocd
|
||||
type: Opaque
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
apiVersion: v1
|
||||
stringData:
|
||||
password: password
|
||||
project: default
|
||||
type: git
|
||||
url: https://github.com/
|
||||
username: bobtedsmithy
|
||||
kind: Secret
|
||||
metadata:
|
||||
labels:
|
||||
argocd.argoproj.io/secret-type: repo-creds
|
||||
name: local-git-token
|
||||
namespace: argocd
|
||||
type: Opaque
|
8
template-operator/kustomization.yaml
Normal file
8
template-operator/kustomization.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
bases:
|
||||
- "https://github.com/flanksource/template-operator/releases/download/v0.7.1/operator.yml"
|
||||
- proxy-protocol-shim.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- template-operator-memory.yaml
|
26
template-operator/proxy-protocol-shim.yaml
Normal file
26
template-operator/proxy-protocol-shim.yaml
Normal file
|
@ -0,0 +1,26 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: proxy-protocol-shim
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: in-cluster
|
||||
namespace: default
|
||||
project: default
|
||||
source:
|
||||
path: .
|
||||
repoURL: https://github.com/strudelline-net/k8s-proxy-protocol-shim
|
||||
targetRevision: main
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
retry:
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
limit: 10
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
17
template-operator/template-operator-memory.yaml
Normal file
17
template-operator/template-operator-memory.yaml
Normal file
|
@ -0,0 +1,17 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: template-operator-controller-manager
|
||||
namespace: template-operator
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: manager
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 500Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 120Mi
|
26
template-operator/vnc-mqtt-bridge.yaml
Normal file
26
template-operator/vnc-mqtt-bridge.yaml
Normal file
|
@ -0,0 +1,26 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: proxy-protocol-shim
|
||||
namespace: argocd
|
||||
spec:
|
||||
destination:
|
||||
name: in-cluster
|
||||
namespace: default
|
||||
project: default
|
||||
source:
|
||||
path: .
|
||||
repoURL: https://github.com/jamesandariese/k8s-vnc-mqtt-bridge-operator
|
||||
targetRevision: main
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
retry:
|
||||
backoff:
|
||||
duration: 5s
|
||||
factor: 2
|
||||
maxDuration: 3m0s
|
||||
limit: 10
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
Loading…
Reference in New Issue
Block a user