Lots

.archive/kubernetes-schemas/app/helmrelease.yaml

@@ -0,0 +1,77 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app kubernetes-schemas
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      kubernetes-schemas:
+        containers:
+          app:
+            image:
+              repository: ghcr.io/budimanjojo/kubernetes-schemas-web
+              tag: latest@sha256:6798cb1435f9928d93398b5ea00c6dd5ecc0aae0889278e17db1fa1b14117b5b
+            resources:
+              requests:
+                cpu: 10m
+                memory: 50Mi
+              limits:
+                cpu: 200m
+                memory: 128Mi
+            probes:
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 5
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: 8080
+
+    ingress:
+      app:
+        enabled: true
+        className: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-production"
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/name: Kubernetes Schemas
+          gethomepage.dev/group: Tools
+          gethomepage.dev/icon: mdi-file-document
+        hosts:
+          - host: &host "k8s.${SECRET_INTERNAL_DOMAIN}"
+            paths:
+              - path: /
+                service:
+                  identifier: main
+                  port: http
+        tls:
+          - secretName: "{{ .Release.Name }}-secret"
+            hosts: [*host]

kubernetes/main/apps/dev/kustomization.yaml → .archive/kubernetes-schemas/app/kustomization.yaml

@@ -3,5 +3,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./namespace.yaml
-  #- ./windmill/ks.yaml
+  - ./helmrelease.yaml

.archive/kubernetes-schemas/ks.yaml

@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app kubernetes-schemas
+  namespace: flux-system
+spec:
+  targetNamespace: dev
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: traefik
+  path: ./kubernetes/main/apps/dev/kubernetes-schemas/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app

kubernetes/main/apps/public/mataroa/app/helmrelease.yaml → .archive/mataroa/app/helmrelease.yaml

@@ -33,9 +33,8 @@ spec:
         initContainers:
           init-db:
             image:
-              repository: ghcr.io/onedr0p/postgres-init
+              repository: ghcr.io/liana64/postgres-init
               tag: 16
-            # https://github.com/onedr0p/containers/blob/main/apps/postgres-init/entrypoint.sh
             env:
               INIT_POSTGRES_HOST: &dbHost postgres-1-rw.database.svc.cluster.local
               INIT_POSTGRES_DBNAME: &dbName mataroa
@@ -62,7 +61,7 @@ spec:
               tag: rolling@sha256:702eae37414c0b492b766771a50b9c8490b4a34259699eae3a7bdf284f2abad6
             env:
               DEBUG: 1
-              DATABASE_URL: "postgres://${PGUSER}:${PGPASSWORD}@mataroa:5432/mataroa"
+              DATABASE_URL: "postgres://${PGUSER}:${PGPASSWORD}@postgres-1-rw.database.svc.cluster.local:5432/mataroa"
             envFrom:
               - secretRef:
                   name: *secret

kubernetes/main/apps/dev/windmill/app/helmrelease.yaml → .archive/windmill/app/helmrelease.yaml

@@ -74,6 +74,7 @@ spec:
       enabled: true
       className: traefik
       annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-production"
         gethomepage.dev/enabled: "true"
         gethomepage.dev/name: Windmill
         gethomepage.dev/description: Workflow engine

kubernetes/main/apps/database/dragonfly/app/secret.sops.yaml

@@ -5,7 +5,7 @@ metadata:
   name: dragonfly-secret
 type: Opaque
 stringData:
-  password: ENC[AES256_GCM,data:g2neVjzuv69zVQWlCok6hjuSh5XG/qudxGpgeQ==,iv:7cmGSzTFNau8tPo/EAM3E8mJnq6S/vqA6T87YuOA1MM=,tag:CCiD1h/EKPpM4ti5q5GV9Q==,type:str]
+  password: ENC[AES256_GCM,data:EEMYJWhxZOWnATeymCYkGHSsQ4dYmNuD3dSXUw==,iv:+UsOgHNBrV6SxLjkCVJSF2yI5xV5jcNxGl6KXhpo350=,tag:IAG4kpjquroXgJGmr3B4NQ==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -15,14 +15,14 @@ sops:
     - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
       enc: |
         -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcXlTSGVDa214ZWJiSHpi
-        TXptQ2hvMVdhMGpyMlgwMkkyMExZb01jK1E0Ck0xa0I0Q1U3Ky9pRGZia3pBbnpT
-        RlpLWTNldGdZVExHcnZZTjFYZkxuY1EKLS0tIExOWHRTcVNYZHNzRlBDZzVUeldE
-        R3FWUEFYazVNQUJDQnlXVzVTYkJFOTQK+RRCpx4EgiXUwttpuDa/rNeIMM1ku7Og
-        bOJsEBRxGdd9ALeAbxswnd7PuADgAuq383EnQmZWPsKwtnWnbVUcMQ==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ1ZDL0s0cHNPckRjdElz
+        Q3dQOFN4cXc4R3pKRHhRUHFlK2E5YUE1SVhzCmVRZ0s2bUZnc1hXSkZUV20zZVg1
+        eFBXOTBEKzNaWk0rQVoraGF4S0YzWGcKLS0tIDNaUHFrbEU4LzFoaTRSMStXVjRH
+        OCswdUcxSGFHbjRMKzVDWjA5R294SkUK6/6px/dIwi6NlFjQiSz9vLO+kqQQdTw9
+        lg83rpk7qtjL6pH4N/nSzR/64NkBgvulUSDwP9flO/me4Vp1vMETaQ==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-11-23T01:03:25Z"
-  mac: ENC[AES256_GCM,data:w7CUzV2NoD50UpehusXqXGnVFkPrQMGJ4qufzPs/9WRj4oOoQ0z+jGytap+qo1P3ulJosvu1Y1DpYZKanhVrAVlGvX3sYOmS8iQ4YrHP3BTsG74ep5cQpjQAPas5aZg14X9ww2OGfhQk0u6nQB3VGETtklRptNIrJw2yB/2Qyso=,iv:pjrnV2iX84nvr7n/Nzj/SSZtJZTqOV+TJKFtIsB6fbU=,tag:d+NT+tWfQ+N3CWdWrWbpDQ==,type:str]
+  lastmodified: "2024-12-29T19:28:29Z"
+  mac: ENC[AES256_GCM,data:dnqn2Ig9TNL0WxTyhDh9ZhlYlZa8Dfmi3tRk1krreR9oaKPCrj9vc7apGZuF1Hv8z6y5G0ukH0+cahPkwv3mVaHSELhyYhJE8RwW/1GMvwTzHgMOsny9g2CrrmZ8d4vdfiIz2/0EFJL07Ou865uklggRq+4xW/K49Fhv7SkHofo=,iv:bLoSmgxkNMC6VooX/tX9SFDV7h6tuSkq7Hjx3ApM6kE=,tag:bCpkqdOu7QmWfFJUxhP2tg==,type:str]
   pgp: []
   encrypted_regex: ^(data|stringData)$
-  version: 3.9.1
+  version: 3.9.2

kubernetes/main/apps/database/kustomization.yaml

@@ -8,4 +8,6 @@ resources:
   - ./cloudnative-pg/ks.yaml
   - ./pgadmin/ks.yaml
   - ./minio/ks.yaml
+  - ./rabbitmq/ks.yaml
+  #- ./mysql/ks.yaml
   #- ./mssql/ks.yaml

kubernetes/main/apps/database/mysql/app/helmrelease.yaml

@@ -0,0 +1,61 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app mysql
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    defaultPodOptions:
+      imagePullSecrets:
+        - name: github
+    controllers:
+      mysql:
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          mysql:
+            image:
+              repository: ghcr.io/linuxserver/mariadb
+              tag: 10.11.10
+            env:
+              PUID: "1000"
+              PGID: "1000"
+              MYSQL_ROOT_PASSWORD: password
+    service:
+      mysql:
+        controller: mysql
+        type: LoadBalancer
+        annotations:
+          io.cilium/lb-ipam-ips: "${LB_MYSQL}"
+          external-dns.alpha.kubernetes.io/target: "external.${SECRET_EXTERNAL_DOMAIN}"
+        ports:
+          mysql:
+            port: 3306
+    persistence:
+      data:
+        type: persistentVolumeClaim
+        storageClass: cluster-nvme
+        accessMode: ReadWriteOnce
+        size: 8Gi
+        retain: true
+        globalMounts:
+          - path: /config

kubernetes/main/apps/database/mysql/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+  - ./secret.sops.yaml

kubernetes/main/apps/database/mysql/app/secret.sops.yaml

@@ -0,0 +1,28 @@
+# yamllint disable
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+  name: mysql-secret
+stringData:
+  MYSQL_ROOT_PASSWORD: ENC[AES256_GCM,data:itJLu2+bK6F4039pm+ygnm+4lXySO6oaF6E0PymgVljNxFOSQBX4iYVjc0P0ogxaseATaSPGFww=,iv:UmLA+Y+N9UPksuL70R/MWRsTNsqCuzmBK1UIMQ2s7v4=,tag:C9cukU/Daqkd4cI8rO3fBA==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMb1Q3THBzTnBNSUJDN3ky
+        dEFCeTlJWkFvMWFnV092ZmZ3ZG1PbEg4b1ZjCm9wK0s4ekdJK0VSaU5FQUdJdjdp
+        dmppZytiRThhQUhhU2JiYVVDTSthTjgKLS0tIEJFeHlIdGJFM1pJL042WEsrL1pp
+        SFlGZDcyNDQyR084bC9XYTBGRjMrYkEK0z0CF6EZPd8cniJTtCZNy26wRYXUs13c
+        F2wPUaGydg88EsYNaQYx6unQVj0QgwN5wgLpAh/Y0SnNXFetS2jkNA==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-12-24T05:03:04Z"
+  mac: ENC[AES256_GCM,data:sbyMYCS+X+h2hJEQYV5S47IZ7qk8YxK20aCWEU7WkcSZP7kMvbxjhyptpoMeihU3PFbQjBLveYxWF2hdsUY/p1WZ3rihLSD5QluMhtn5ha0CZIj8B21aLtHohVq5QUI0Os5a4rxWfh3/rI8ayuS/zcbtAouFkV05cPZ8z2vu7W0=,iv:6baoBg2UyvrXjrxHM6klGcxm5ze3j/0mhT46ca8UpUM=,tag:NXek+0VfPz2T9GSztheOtw==,type:str]
+  pgp: []
+  encrypted_regex: ^(data|stringData)$
+  version: 3.9.2

kubernetes/main/apps/database/mysql/ks.yaml

@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mysql
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: traefik
+  path: ./kubernetes/main/apps/database/mysql/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: k8s-gitops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app

kubernetes/main/apps/database/rabbitmq/app/helmrelease.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app rabbitmq
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: *app
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    persistence:
+      storageClass: cluster-nvme
+      size: 6Gi
+    auth:
+      username: *app
+      existingPasswordSecret: rabbitmq-secret
+      existingSecretPasswordKey: "RABBITMQ_PASSWORD"
+    metrics:
+      enabled: true

kubernetes/main/apps/database/rabbitmq/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./secret.sops.yaml
+  - ./helmrelease.yaml

kubernetes/main/apps/database/rabbitmq/app/secret.sops.yaml

@@ -0,0 +1,28 @@
+# yamllint disable
+kind: Secret
+apiVersion: v1
+type: Opaque
+metadata:
+  name: rabbitmq-secret
+stringData:
+  RABBITMQ_PASSWORD: ENC[AES256_GCM,data:sK2UkcCAXG7n/d2fp+skIAmot/EOpDCRYJn+9PNSsY4=,iv:6vmeRQlZ88ckih28P23nGJzVpW2BKLExx1wuKtXPubw=,tag:Hb5IISsrr9Nq3ziv/kV/EQ==,type:str]
+sops:
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSW96N3M2aXpiL3pCOEli
+        Z2VlaW9zZ2RWbDZtUW5BMDhrcTJBT2lEczFjCjJnUGJiNC93Z2dDdEV3UkFCejEr
+        MDlrRlRBU3BZanE5Ymd3QktHbFFjTU0KLS0tIEJpYTl0TS9RbmxJc1NqZDV5bWFr
+        cTFQZlNyRnJ3TW5IeTkydFlkMzNzNk0KEGlybL2SZO2SWkFFCZQLDBK7PtiIVcnY
+        KiTgrJu/5ocSxBSHNx9800el/0X7WF+B26dNVOBn6qciTTa77Nvj4A==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-12-29T20:12:02Z"
+  mac: ENC[AES256_GCM,data:zTmPD99kd/9feW6LRWxSvoUf5wf+2uUtuS2MhRjFq7VUL8aLs9p1/CwpTLhacR8p/0MoZSlO1rYU4suHwtIzFfKC/ZNlVaJhB+kiypcKE5YvkZDMH71iYeS4Zd3M9OwagMIZB7w80HwKxDdIOJ95DSDiKhUKRA/R85ibgKv7LfE=,iv:T4pYNJbM4WggnGu+dboEfP/fG3xdd6ksFbwZXWF6dRM=,tag:Luf8fpBpnTa2Wcxmv/E8Kg==,type:str]
+  pgp: []
+  encrypted_regex: ^(data|stringData)$
+  version: 3.9.2