admin/k8s-manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin/k8s-manifests:80c6f9a7c4081181bb59d26f8700d3f8bb393e0a
Branches Tags
admin/k8s-manifests:main
...
compare: admin/k8s-manifests:main
Branches Tags
admin/k8s-manifests:main

10 Commits
80c6f9a7c4 ... main

Author SHA1 Message Date
admin 8fbc138a1a Обновить helm/prometheus/values.yaml 2026-06-18 14:00:10 +00:00
admin cca384b5bf Обновить helm/prometheus/values.yaml 2026-06-18 13:58:04 +00:00
admin 281f2c8479 fix: ignore vault webhook caBundle drift 2026-06-18 13:52:59 +00:00
admin a8d628a655 fix: remove USER-SUPPLIED VALUES header from helm values 2026-06-18 13:50:02 +00:00
admin 70d2ce04c6 feat: add all service app manifests 2026-06-18 13:48:04 +00:00
admin 0db41c8500 feat: add all services helm values and app manifests 2026-06-18 13:42:06 +00:00
admin c6fe907c20 fix: ignore ingressClassName drift in gitea 2026-06-18 13:25:27 +00:00
admin d3d7030b3f fix: remove ingressClassName, use annotation only 2026-06-18 13:24:02 +00:00
admin b208316733 fix: add ingress class annotation for gitea 2026-06-18 13:21:11 +00:00
admin 7c266f0261 fix: use internal gitea service URL 2026-06-18 12:55:37 +00:00
23 changed files with 331 additions and 16 deletions
Expand all files Collapse all files
apps/authelia.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: authelia
namespace: argocd
spec:
project: default
sources:
- repoURL: https://charts.authelia.com
chart: authelia
targetRevision: "0.11.6"
helm:
valueFiles:
- $values/helm/authelia/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: authelia
syncPolicy:
automated:
prune: true
selfHeal: true
apps/cert-manager.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
spec:
project: default
sources:
- repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: "v1.14.4"
helm:
valueFiles:
- $values/helm/cert-manager/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
automated:
prune: true
selfHeal: true
apps/gitea.yaml
+7 -2
View File
@@ -12,7 +12,7 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/helm/gitea/values.yaml - $values/helm/gitea/values.yaml
- repoURL: https://gitea.uzbutterfly.com/admin/k8s-manifests - repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
destination: destination:
@@ -21,4 +21,9 @@ spec:
syncPolicy: syncPolicy:
automated: automated:
prune: true prune: true
selfHeal: true selfHeal: false
ignoreDifferences:
- group: networking.k8s.io
kind: Ingress
jsonPointers:
- /spec/ingressClassName
apps/grafana.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana
namespace: argocd
spec:
project: default
sources:
- repoURL: https://grafana.github.io/helm-charts
chart: grafana
targetRevision: "10.5.15"
helm:
valueFiles:
- $values/helm/grafana/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
apps/ingress-nginx.yaml
+1 -1
View File
@@ -12,7 +12,7 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/helm/ingress-nginx/values.yaml - $values/helm/ingress-nginx/values.yaml
- repoURL: https://gitea.uzbutterfly.com/admin/k8s-manifests - repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
destination: destination:
apps/ingress-private.yaml
+1 -1
View File
@@ -12,7 +12,7 @@ spec:
helm: helm:
valueFiles: valueFiles:
- $values/helm/ingress-private/values.yaml - $values/helm/ingress-private/values.yaml
- repoURL: https://gitea.uzbutterfly.com/admin/k8s-manifests - repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
destination: destination:
apps/loki.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
spec:
project: default
sources:
- repoURL: https://grafana.github.io/helm-charts
chart: loki
targetRevision: "7.0.0"
helm:
valueFiles:
- $values/helm/loki/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
apps/minio.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: minio
namespace: argocd
spec:
project: default
sources:
- repoURL: https://charts.min.io
chart: minio
targetRevision: "5.4.0"
helm:
valueFiles:
- $values/helm/minio/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: minio
syncPolicy:
automated:
prune: true
selfHeal: true
apps/prometheus.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus
namespace: argocd
spec:
project: default
sources:
- repoURL: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetRevision: "86.2.0"
helm:
valueFiles:
- $values/helm/prometheus/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
apps/promtail.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: promtail
namespace: argocd
spec:
project: default
sources:
- repoURL: https://grafana.github.io/helm-charts
chart: promtail
targetRevision: "6.17.1"
helm:
valueFiles:
- $values/helm/promtail/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
syncPolicy:
automated:
prune: true
selfHeal: true
apps/vault.yaml
+29
View File
@@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vault
namespace: argocd
spec:
project: default
sources:
- repoURL: https://helm.releases.hashicorp.com
chart: vault
targetRevision: "0.32.0"
helm:
valueFiles:
- $values/helm/vault/values.yaml
- repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k8s-manifests
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: vault
syncPolicy:
automated:
prune: true
selfHeal: true
ignoreDifferences:
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
jsonPointers:
- /webhooks/0/clientConfig/caBundle
helm/authelia/values.yaml
+59
View File
@@ -0,0 +1,59 @@
configMap:
access_control:
default_policy: deny
rules:
- domain: vpn.uzbutterfly.com
policy: two_factor
authentication_backend:
file:
enabled: true
path: /secrets/authelia-users/users.yml
identity_validation:
reset_password:
secret:
value: f86cac59ff096d5dba433b5242eef1c409421165fe3ad7414827f71382ad0e84
notifier:
disable_startup_check: true
filesystem:
enabled: true
filename: /tmp/notification.txt
session:
cookies:
- default_redirection_url: https://vpn.uzbutterfly.com
domain: uzbutterfly.com
subdomain: auth
encryption_key:
value: 03e75899a8f009bb3c1877c63a864f37f7e38fed0fabd599eb871d259ac86148
redis:
enabled: true
host: authelia-redis-master
port: 6379
storage:
encryption_key:
value: 0b1bbffd77ba566e6441dcb848d6b25a165443d339d356482f86b6dcedc39c79
postgres:
address: tcp://authelia-postgres-postgresql:5432
database: authelia
enabled: true
password:
value: authelia_pg_pass
username: authelia
theme: dark
totp:
disable: false
issuer: uzbutterfly.com
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
className: nginx
enabled: true
tls:
enabled: true
secret: authelia-tls
secret:
additionalSecrets:
authelia-users:
items:
- key: users.yml
path: users.yml
helm/cert-manager/values.yaml
+1
View File
@@ -0,0 +1 @@
null
helm/gitea/values.yaml
+3 -10
View File
@@ -1,10 +1,9 @@
persistence: persistence:
storageClass: local-path storageClass: local-path
ingress: ingress:
enabled: true enabled: true
ingressClassName: nginx
annotations: annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/cluster-issuer: letsencrypt-prod
hosts: hosts:
- host: gitea.uzbutterfly.com - host: gitea.uzbutterfly.com
@@ -15,11 +14,10 @@ ingress:
- secretName: gitea-tls - secretName: gitea-tls
hosts: hosts:
- gitea.uzbutterfly.com - gitea.uzbutterfly.com
gitea: gitea:
admin: admin:
username: admin username: admin
password: _!Str0ngP@ssw0rd password: '_!Str0ngP@ssw0rd'
email: admin@uzbutterfly.com email: admin@uzbutterfly.com
config: config:
database: database:
@@ -27,7 +25,7 @@ gitea:
HOST: postgres-rw.database.svc.cluster.local:5432 HOST: postgres-rw.database.svc.cluster.local:5432
NAME: gitea NAME: gitea
USER: gitea USER: gitea
PASSWD: _!Str0ngP@ssw0rd PASSWD: '_!Str0ngP@ssw0rd'
cache: cache:
ADAPTER: redis ADAPTER: redis
HOST: redis://gitea-redis-master.gitea.svc.cluster.local:6379/0 HOST: redis://gitea-redis-master.gitea.svc.cluster.local:6379/0
@@ -37,18 +35,13 @@ gitea:
queue: queue:
TYPE: redis TYPE: redis
CONN_STR: redis://gitea-redis-master.gitea.svc.cluster.local:6379/2 CONN_STR: redis://gitea-redis-master.gitea.svc.cluster.local:6379/2
postgresql: postgresql:
enabled: false enabled: false
postgresql-ha: postgresql-ha:
enabled: false enabled: false
redis-cluster: redis-cluster:
enabled: false enabled: false
redis: redis:
enabled: false enabled: false
valkey-cluster: valkey-cluster:
enabled: false enabled: false
helm/grafana/values.yaml
+4
View File
@@ -0,0 +1,4 @@
adminPassword: CHANGEME
persistence:
enabled: true
size: 5Gi
helm/ingress-nginx/values.yaml
-1
View File
@@ -1,4 +1,3 @@
USER-SUPPLIED VALUES:
controller: controller:
config: config:
ssl-reject-handshake: true ssl-reject-handshake: true
helm/ingress-private/values.yaml
-1
View File
@@ -1,4 +1,3 @@
USER-SUPPLIED VALUES:
controller: controller:
electionID: ingress-private-leader electionID: ingress-private-leader
ingressClass: nginx-private ingressClass: nginx-private
helm/loki/values.yaml
+21
View File
@@ -0,0 +1,21 @@
backend:
replicas: 0
deploymentMode: SingleBinary
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: filesystem
useTestSchema: true
read:
replicas: 0
resources:
limits:
memory: 256Mi
requests:
memory: 128Mi
singleBinary:
replicas: 1
write:
replicas: 0
helm/minio/values.yaml
+13
View File
@@ -0,0 +1,13 @@
mode: standalone
persistence:
enabled: true
size: 20Gi
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 512Mi
rootPassword: _!Str0ngP@ssw0rd
rootUser: admin
helm/prometheus/values.yaml
+13
View File
@@ -0,0 +1,13 @@
grafana:
enabled: false
ingress:
enabled: true
ingressClassName: nginx-private
prometheus:
prometheusSpec:
resources:
limits:
memory: 512Mi
requests:
memory: 256Mi
retention: 7d
helm/promtail/values.yaml
+3
View File
@@ -0,0 +1,3 @@
config:
clients:
- url: http://loki-gateway.monitoring.svc.cluster.local/loki/api/v1/push
helm/rancher/values.yaml
+2
View File
@@ -0,0 +1,2 @@
bootstrapPassword: CHANGEME
hostname: rancher.uzbutterfly.com
helm/vault/values.yaml
+6
View File
@@ -0,0 +1,6 @@
server:
dev:
devRootToken: root
enabled: true
ui:
enabled: true