enable encryption in concourse

2023-07-23 14:11:39 -05:00 · 2023-07-23 14:11:39 -05:00 · 21066aa4df
commit 21066aa4df
parent 2b5b0cd94b
3 changed files with 138 additions and 0 deletions
--- a/concourse/values.yaml
+++ b/concourse/values.yaml
@ -0,0 +1,28 @@
+concourse:
+  web:
+    externalUrl: https://cc.strudelline.net
+    encryption:
+      enabled: true
+    auth:
+      mainTeam:
+        oidc:
+          user: james
+      oidc:
+        enabled: true
+        issuer: https://auth.werts.us/realms/werts
+        displayName: werts.us
+        scope: 'openid profile email'
+        userNameKey: preferred_username
+secrets:
+  oidcClientId: concourse
+  oidcClientSecret: 9Z51yzgML8XUZl2Q0KIGwD5o72ZtvNhaIOxXmICqGEmZQhIVYEn8lJxl0cU0IpnBshfTk76yU7zMZGlH6junqq
+web:
+  ingress:
+    enabled: true
+    hosts:
+    - cc.strudelline.net
+    ingressClassName: haproxy
+    tls:
+    - hosts:
+      - cc.strudelline.net
+      secretName: wildcard-tls
--- a/external-services/home.yaml
+++ b/external-services/home.yaml
@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: homeassistant
+  namespace: external-services
+spec:
+  externalName: homeassistant.cascade.strudelline.net
+  type: ExternalName
+  ports:
+  - name: http
+    protocol: TCP
+    port: 8123
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: noctowl
+  namespace: external-services
+spec:
+  ingressClassName: istio
+  rules:
+  - host: home.strudelline.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: homeassistant
+            port:
+              number: 8123
+  tls:
+  - hosts:
+    - home.strudelline.net
+    secretName: wildcard-tls
--- a/opsdroid/deploy.yaml
+++ b/opsdroid/deploy.yaml
@ -0,0 +1,75 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: opsdroid
+  annotations:
+    wildcard-tls.kn8v.com/copy: "true"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "opsdroid"
+  namespace: "opsdroid"
+data:
+  configuration.yaml: |
+    connectors:
+      websocket: {}
+  
+    skills:
+      hello: {}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "opsdroid"
+  namespace: "opsdroid"
+  annotations: 
+    "reloader.stakater.com/auto": "true"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "opsdroid"
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: "opsdroid"
+    spec:
+      containers:
+        - image: ghcr.io/opsdroid/opsdroid:latest
+          name: opsdroid
+          volumeMounts:
+            - mountPath: /home/opsdroid/.config/opsdroid/configuration.yaml
+              name: config
+              subPath: configuration.yaml
+      restartPolicy: Always
+      volumes:
+        - name: config
+          configMap:
+            name: "opsdroid"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: opsdroid
+  name: opsdroid-http
+  namespace: opsdroid
+  annotations:
+    metallb.universe.tf/allow-shared-ip: 172.16.17.23
+    metallb.universe.tf/loadBalancerIPs: 172.16.17.23
+spec:
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - port: 80
+    name: ssh
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: opsdroid
+  type: LoadBalancer
+