diff --git a/kubernetes/common/apps/database/ks.yaml b/kubernetes/common/apps/database/ks.yaml index f41a8c1..59a3c02 100644 --- a/kubernetes/common/apps/database/ks.yaml +++ b/kubernetes/common/apps/database/ks.yaml @@ -27,3 +27,33 @@ spec: name: cluster-settings - kind: Secret name: cluster-secrets +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: redis + namespace: flux-system +spec: + targetNamespace: database + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/database/redis + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: openebs-sc + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets diff --git a/kubernetes/common/apps/database/redis/helm-release.yaml b/kubernetes/common/apps/database/redis/helm-release.yaml new file mode 100644 index 0000000..1a8ff91 --- /dev/null +++ b/kubernetes/common/apps/database/redis/helm-release.yaml @@ -0,0 +1,47 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: redis + namespace: database +spec: + interval: 5m + chart: + spec: + chart: redis + version: 20.1.0 + sourceRef: + kind: HelmRepository + name: bitnami-charts + namespace: flux-system + values: + auth: + existingSecret: "redis-secrets" + existingSecretPasswordKey: "password" + + master: + podSecurityContext: + enabled: true + fsGroup: 700 + + containerSecurityContext: + enabled: true + runAsUser: 700 + + persistence: + enabled: true + storageClass: openebs-single + size: 16Gi + + replica: + podSecurityContext: + enabled: true + fsGroup: 700 + + containerSecurityContext: + enabled: true + runAsUser: 700 + + persistence: + enabled: true + storageClass: openebs-single + size: 16Gi \ No newline at end of file diff --git a/kubernetes/common/apps/database/redis/kustomization.yaml b/kubernetes/common/apps/database/redis/kustomization.yaml new file mode 100644 index 0000000..4d3c85c --- /dev/null +++ b/kubernetes/common/apps/database/redis/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./redis.sops.yaml +- ./helm-release.yaml \ No newline at end of file diff --git a/kubernetes/common/apps/database/redis/redis.sops.yaml b/kubernetes/common/apps/database/redis/redis.sops.yaml new file mode 100644 index 0000000..5523488 --- /dev/null +++ b/kubernetes/common/apps/database/redis/redis.sops.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: Secret +metadata: + name: redis-secrets + namespace: database +stringData: + password: ENC[AES256_GCM,data:jjXsxyMKvPsAAr3wMhZWV/E/Qmmz/OYQvu6f8pRXasY=,iv:8K9IzAywC9CHiZ+ASoxhSqN14amL6APbzjpBtxPS50s=,tag:GbgcAhhDp+ob83Neyr/Lzw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-04-07T02:27:25Z" + mac: ENC[AES256_GCM,data:7/C0bTMeOXSWeP2ftsCrWRLk84U0RmmNBQgo8oWKKo82ELZq13UNjGyQovdnkSJQohmrf3NeYAqD1BEdkLnV1i8Fc0+UeVw0RIqApVXT0QuL1N9raw71TCZFpdIlB/QVqpnSByGquHtHeDVCU1XeVucq9SXbRQC+KXHIKKYRRWk=,iv:gG2zWKGmhCbz3iqfYUIpTvgx1Pkr3jnCPsopS1sWLWU=,tag:AAg40kPevQR+TsIpvarKRQ==,type:str] + pgp: + - created_at: "2023-06-19T18:35:20Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzKleRwoSoixAQ/+MPwsw23CEJ7+tNW+wswxHW/HKssn9/9M+GXTVTNiSLhU + hec797R9IuuUOVtW6Q6mRmCnnIxeU0NCTDJ75Fk5S+S7vvY1SEkR6YJ7dOSX6hpg + BohlEJYKMTYgLLUmxNzz+Kvih5HHY4EWhKPF1fRh45q2eosQBNO3bb8NGe4JddV0 + kdyBTEOfWMG+gYb+Rygv2NNJy51FiWUeimv1zVbTKgFd+kMJVtDZIgFY+YdC7tpk + 5SW1HW1ZzCbnAqy0M+NUQ1DH0diAbqUwrgCz/crzd51GXl75YMKt0AQ90Cfj9qJO + EcB6HRBmSxLla+AGh/s5aGPLEInlhn6IDgj0BLmFFa9VKHw/F9Oq2SUvb7CKgLPr + mkxkeV9JG6rIdnEZ7LijGb+tZEYsbGTjX13AGEMpLY6B+kxJyktK9rW/WdW34i6V + 7Oov+FbXNzOOIHi839xhy1zrr+fUuP1Ow6cpJEsBk2+0eEVyYyDMw7BmTfSCOBOs + ErBrbuz3xtHBzFnc5qKAZGCkCpQjWbgOBa9OtgCOpnzBo5vLsgqnB4pJEQTSjgqm + CPiHH6Jgnjcufx+YWGSX4mATOFBCyNaGZQoezvuGpmGDH6XtulmWAVt7lc030AUL + t1Cvf8LlNznzplApm8l5QjnjOFbZy00dfakm3plxHihpai+AJx0ia5Z6vNgofG3U + aAEJAhBk7yj9x2Dmj6kY+gZCaMvOx/RDPHCHJxgy8nrEGL0s8T5tKFeOrqCvPVPc + Ba1z1+zM5U8g8H3ejDcxbgD6M4Pn3h0vK4KV19xFj9MT3yEup5g6JllVMCjR+4b4 + 6Ws3PAOg+gfn + =KUC9 + -----END PGP MESSAGE----- + fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 + - created_at: "2023-06-19T18:35:20Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAy5t8IMoPu4VAQ/9Hz/dua2fj9igN4oKMbynFYw9RjNxvR4FTbflze7ta3B/ + XwyqNmGqG/Nf14zmCW5vX0J4HQIH/6oqtaOwefDoT1BKS89wZQ//ULiCvP2+ySKI + MFi6dgX5c+Jz2Qu6+AcGLEMUvrBjOcH36Ev6wOsGvtf9neQgWkbWDAr9aPJUSQuD + YmoWgGQfjvpq5yKLMs7fHGzCGzgJ9/eIy6w2Hf2YbaeZ1yQUVbOWLeM/UkFBoKEz + o+5S8bdmfiJxBpNPrqW7nxkRhyuEIBlrqmbqUMzLqgWzE47hPZT6lL8neuLPNB0/ + HojCdKdhloTWu2BuIzmlYarJOVKAVZLvwCec+ExZGRtCj+WoZ74Zv7VTJMK3SrDp + sHhcvLNsX0FxgOdzudtVK3zGGuLFJl+PO14FAXqRKbGyrqAG5turyN1UUtPvXnxZ + 8rZjqNdIpYXzz+4/1qbdNdDw+DrW/kSd/bjYhSje5J0eKo1e2O6oSyE6fY54yzBk + qk5vv8kgmPGugZOB+Fgxt3wINcd066oRlf66tSDFDrzaqBTem8PpIOM551Xxelry + NX7s6QAzTZTnaN9jCevo0HjqHYJ7s5RfNCBbK/lDyV161TOEl7mEhJEBiAkK5OZQ + JVrtj14BojBn7CeqTEWf+AF8isPsGjkKeK/AB80z5znhz9kryyjjzcAv+w1CUrzU + aAEJAhCzS5DclvrUB4EWfZGQdgW6uvdqATJGEUjylF0s6/OaaGCo3twB/nxdbYbK + l4fRjOZalxm0hDYHNMpfwgntBq6aL4gA77AQCAKEkcuCBGDRPNUf85zUdU9pVbUk + 9ihOPpcMmJKt + =wNI4 + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/main/apps/default/exim/env-secret.sops.yaml b/kubernetes/common/apps/exim/app/env-secret.sops.yaml similarity index 100% rename from kubernetes/main/apps/default/exim/env-secret.sops.yaml rename to kubernetes/common/apps/exim/app/env-secret.sops.yaml diff --git a/kubernetes/main/apps/default/exim/helm-release.yaml b/kubernetes/common/apps/exim/app/helm-release.yaml similarity index 100% rename from kubernetes/main/apps/default/exim/helm-release.yaml rename to kubernetes/common/apps/exim/app/helm-release.yaml diff --git a/kubernetes/main/apps/default/exim/kustomization.yaml b/kubernetes/common/apps/exim/app/kustomization.yaml similarity index 100% rename from kubernetes/main/apps/default/exim/kustomization.yaml rename to kubernetes/common/apps/exim/app/kustomization.yaml diff --git a/kubernetes/common/apps/exim/ks.yaml b/kubernetes/common/apps/exim/ks.yaml new file mode 100644 index 0000000..0f3b15b --- /dev/null +++ b/kubernetes/common/apps/exim/ks.yaml @@ -0,0 +1,26 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: exim + namespace: flux-system +spec: + targetNamespace: default + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/exim/app + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets diff --git a/kubernetes/main/apps/default/kustomization.yaml b/kubernetes/main/apps/default/kustomization.yaml index ae0ac4d..1d4e667 100644 --- a/kubernetes/main/apps/default/kustomization.yaml +++ b/kubernetes/main/apps/default/kustomization.yaml @@ -6,7 +6,7 @@ resources: - ./trilium - ./mealie - ./huginn -- ./exim +- ../../../common/apps/exim/ks.yaml - ./well-known-site - ./dendrite - ./ganymede diff --git a/kubernetes/thin/apps/database/ks.yaml b/kubernetes/thin/apps/database/ks.yaml new file mode 100644 index 0000000..59a3c02 --- /dev/null +++ b/kubernetes/thin/apps/database/ks.yaml @@ -0,0 +1,59 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: postgresql + namespace: flux-system +spec: + targetNamespace: database + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/database/postgresql + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: openebs-sc + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: redis + namespace: flux-system +spec: + targetNamespace: database + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/database/redis + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: openebs-sc + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets diff --git a/kubernetes/thin/apps/database/postgresql/helm-release.yaml b/kubernetes/thin/apps/database/postgresql/helm-release.yaml new file mode 100644 index 0000000..df00d37 --- /dev/null +++ b/kubernetes/thin/apps/database/postgresql/helm-release.yaml @@ -0,0 +1,42 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: postgresql + namespace: database +spec: + interval: 5m + chart: + spec: + chart: postgresql + version: 14.3.x + sourceRef: + kind: HelmRepository + name: bitnami-charts + namespace: flux-system + values: + auth: + existingSecret: "pgsql-secrets" + secretKeys: + adminPasswordKey: "adminPassword" + replicationPasswordKey: "replicationPassword" + + serviceMonitor: + enabled: true + labels: + release: kube-prometheus-stack + + volumePermissions: + enabled: true + + primary: + persistence: + existingClaim: "postgresql-pvc" + + containerSecurityContext: + enabled: true + runAsUser: 655 + + readReplicas: + containerSecurityContext: + enabled: true + runAsUser: 655 \ No newline at end of file diff --git a/kubernetes/thin/apps/database/postgresql/kustomization.yaml b/kubernetes/thin/apps/database/postgresql/kustomization.yaml new file mode 100644 index 0000000..b52eb49 --- /dev/null +++ b/kubernetes/thin/apps/database/postgresql/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./pgsql-pv.yaml +- ./pgsql.sops.yaml +- ./helm-release.yaml +#- ./pgadmin4 \ No newline at end of file diff --git a/kubernetes/thin/apps/database/postgresql/pgadmin4/helm-release.yaml b/kubernetes/thin/apps/database/postgresql/pgadmin4/helm-release.yaml new file mode 100644 index 0000000..6e347ba --- /dev/null +++ b/kubernetes/thin/apps/database/postgresql/pgadmin4/helm-release.yaml @@ -0,0 +1,47 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: pgadmin4 + namespace: database +spec: + interval: 5m + chart: + spec: + chart: pgadmin4 + version: "1.28.0" + sourceRef: + kind: HelmRepository + name: runix-charts + namespace: flux-system + values: + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + hosts: + - host: &host pgadm.${SECRET_NEW_DOMAIN} + paths: + - path: "/" + pathType: Prefix + tls: + - hosts: + - *host + +# securityContext: +# runAsUser: 10000 +# runAsGroup: 10000 +# fsGroup: 10000 +# +# containerSecurityContext: +# enabled: true +# allowPrivilegeEscalation: false + +# envVarsFromConfigMaps: +# - pgadmin4-secret + + persistentVolume: + enabled: false + + volumePermissions: + enabled: true \ No newline at end of file diff --git a/kubernetes/thin/apps/database/postgresql/pgadmin4/helm-repository.yaml b/kubernetes/thin/apps/database/postgresql/pgadmin4/helm-repository.yaml new file mode 100644 index 0000000..8348d74 --- /dev/null +++ b/kubernetes/thin/apps/database/postgresql/pgadmin4/helm-repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: runix-charts + namespace: flux-system +spec: + interval: 1m + url: https://helm.runix.net diff --git a/kubernetes/thin/apps/database/postgresql/pgadmin4/kustomization.yaml b/kubernetes/thin/apps/database/postgresql/pgadmin4/kustomization.yaml new file mode 100644 index 0000000..a83bec5 --- /dev/null +++ b/kubernetes/thin/apps/database/postgresql/pgadmin4/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./pgadmin4.sops.yaml +- ./helm-repository.yaml +- ./helm-release.yaml \ No newline at end of file diff --git a/kubernetes/thin/apps/database/postgresql/pgsql-pv.yaml b/kubernetes/thin/apps/database/postgresql/pgsql-pv.yaml new file mode 100644 index 0000000..fa77932 --- /dev/null +++ b/kubernetes/thin/apps/database/postgresql/pgsql-pv.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-pvc + namespace: database +spec: + storageClassName: openebs-dual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/kubernetes/thin/apps/database/postgresql/pgsql.sops.yaml b/kubernetes/thin/apps/database/postgresql/pgsql.sops.yaml new file mode 100644 index 0000000..47a2072 --- /dev/null +++ b/kubernetes/thin/apps/database/postgresql/pgsql.sops.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: Secret +metadata: + name: pgsql-secrets + namespace: database +stringData: + adminPassword: ENC[AES256_GCM,data:TPHfSeNOPjeBuDUCahKk1MQQ3ryPcHiaTRKtmlHyVrc=,iv:I8moW3RzTB8avCCbFK11NEMru0XeNkncYOxO3yfP5Qw=,tag:8CkbADFhviVFcuXkxKAoAA==,type:str] + userPassword: ENC[AES256_GCM,data:vV5snzyNIsUhelMIlvlPLJbfgdDBO1VzcJYrQspplns=,iv:85ycMhbNxtUW5Tii4lbwKpUX3TzGi3HSv0ZDvmd7jjc=,tag:d0KN8cybXyWTzA7Wky/IbA==,type:str] + replicationPassword: ENC[AES256_GCM,data:6K/fqD4hnOS48JjJdxKsVqe+DL5RaaGtEXtvrkTSaAU=,iv:OwcsrciG4I12Ysw69uSBEF9uebI8Rw3Y90R+UQ+6jZY=,tag:kmwCl/nYo+lIMBDWxhUdfg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-09-20T21:13:35Z" + mac: ENC[AES256_GCM,data:DbvO6SPPqQq/eYU5MPR3ZGhqvkbdXU682w+QzzUN3iyN0sr2Wn13X8hKpZzLxLvIvDERNubEMAHE8gCxE/7UL1fjQwwg8DuV+ho//osYDKsHz+8zjC3nBsViU0NPlxoxmgW1tnD2YvjB4412st5cgVak5ue1zjPCNqsE6tZt+J4=,iv:vxm/nFaXXhOgsUzg69EhNRfCbuyzEXlbGXnyCj4rTNY=,tag:U455Vir/gOPIzdtq+S7s+A==,type:str] + pgp: + - created_at: "2024-09-20T21:13:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAyqlIeyoxYovAQ//Z1qW9rA53nk8rhdlHQm/YtUrCbjbUh+40JZE1mxl8vhJ + PcPVG3Lsiqxfdvzk5BR15WsnuIHZ4bYsKqWTZTX3h5zzN5t1j1I9nvzIcRLp8ytY + LIZDxc4+J4fJSvcAZ6bw1nhtLZ2Kv5NDSjUlZmayITqYBVifRf95uv7vM4EbSJnD + RaJGkNtbXMoSfLSSG7Rnh3M1QKtFnKkRX440xT8UVGOGmIYABAhTxQv6jF/4mM2T + MZH5i1WOkJS3CfmjRIMiJ0tMfe477ykPW4Diu3dSXzh3ZpdvRmCWipVOReAceMQn + 3xzeNCcG6rVjDKeQbKULuNXJ//DEDa/tHHoFbcujeUOF149t2N2ZoNraFthBTT6O + DpZyOPxfjh9PIEOoIM7BASI93R8IC0xUd7qPzbxVKozBqx6YnX3SQVdjvfC/FNlZ + P5wiELiiYmSSOJxFWCXFE83VOBaqRaTFobeDtgY02KdDgHxnXGD5iC1QCyepmt26 + vL+VGVYb0811TEqLsGwpD0qpwXKzuOCgSDdFAUbFlJSMaKopwN5nvh4J78CSEhSL + YRPHpfFy4L00AoVizx1RQmBq2+SczFe7g8nsbLWudl2THGC1L5v9tIkHNC3WlUYE + 6BVg+tO+/7iRUcKL9e8oIKyTcgFa1UVIjiW94zy9eeTGQntgA0z1sBCSxLOdjeGF + AgwDXjg0p2IN1X8BD/9Bt1qIV/pnz4NjYXee2a6+72bmI4LLh0Tue96zhlOGNrqs + nFqia0cIY6tqab0c+jWqsmpbpfrG5iviRjVkcIHdAbP38e3beX7vlHRhx2x8hNXt + JPqmApGlfk3Y1RMEIpFIZ7ErkpMekLa60ezibMOQPVl6elT9vvp//+T0qWUlPd3h + Va87mSZoW5TXMPPynJctZgbnCAkKzQ5u5QvKL8+uIcAvdCocK53z1BeDADqciWgk + dumk5+o9ctvz0ie+diDBPZPdsaWENpWli3wc1yrejCbDfRSXb26ufpKkI2KAOB+N + KyZilAstdP649/ATOS/WkZHswQOOS44hi6z/Qp7nxiIyKHPvoCCGM23lgjV2bkAl + Mj5FiPtRLjxY6/l8ksu7UQM3P5ON2hz7yctgXRkFxbb8aRuzKYeTAwOG/Fd0s5FZ + HyHzyYytLzA0fR0aopf6XfzWhm0yURd8YebuD9LXcDV5JaF6VQDbKA4xOSodDESs + NB3F3vOQ909CXQL3Vr3GnJJOOUbIL38ox//Xh6zvUV3NVDULR9yCXKXbASevMpQy + If9ZQGxlx1CtnlQslv6KR5FiF5kVlkMBMezzEMDkUJiFIFzHb/d7MrPzT0mLQksl + g1EZnvf0C4aL7go6yNTYbGsvg4KCs3TnescQfW50gtizsrTSIgua1KFoUnQoitRm + AQkCEODmGmTlB+anRvgFhtSfeCll70VVNUFatvzWZRmJz1i+nkQPrjM1DPjEl7Hr + WTUWk/bgpirVE1fBAOlHeSgRraL3Pk4L++nKrOooW3GL369Ld9K3FEpBBJinszOi + J+a7ARqW + =NHeY + -----END PGP MESSAGE----- + fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD + - created_at: "2024-09-20T21:13:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAy5t8IMoPu4VAQ/+IISpOpFI9l3dBhiTkFXIOWzF3eQt3ppI5kElJXPSGKev + wfOpXF4cb7fLEI/rAQOOaxvn33Qfnn7ttytzYKhFPtOlOy9/14T0/duMAkHssTQr + Hyr4Qtsa6sZOBV0Ls7znY4EUOuoq4QDUCunZ/8wlVbyZOAQG2KZZfN7FbYr9d2Nv + FzsF6tUNr7zkeEfpwdDdKcRS997EEGYzkp2/D17B+aO0FzIJruy3gJxfLg1j8Z/M + p67lXEdKSbPwPURDpSP8jQdA1R6ktY5SEd8nZ763pJOeReGbBg3VsI5R3NFR5liQ + UI1AmSxCC4nH+3YQKDohicYwatUfGAIaquNV9VaVlHWWkS2cBFwkEcHZuVnRdqDE + Wt/T5UkDKiA4yBcSWhd2P+l3gFKq/0gSHxLd0CgQELYXzHJKAXP2/+hGg9LJyAYl + oE4XWT2Lm2C++yI7vZqnabexUS43hMRHKJ4AmxAmLDmQRj9n5i8Ck3YMGp3Eb9WA + WOqH74Cyl8mPNB7MovMLpEdJUxqJUTVFsTJumWrDu8vXDv+rrLDUmb3OVcOiMB6v + kpyB+PcWLr05t7BpPoh6jFVCRRKZeNk2Vmf69T0c5I7f2P3RR+Uhaz3eHzDs6G/V + yiqhlDgg78/veII9IyipxTLucaYxdcJcGq5Xh45ZEGOV1AZAvXbFhehknQzyIBTU + ZgEJAhDpDhSFoYuHtG4XRhBsilQ4zffNIA/sSEQF8Y4KRFGZAIJEcTnsfq3Es9SF + pxdVmhEezl8ewESwKX47HqlDdSnA7EAaYrZaV1hEFMe8vn7gHzn4l/inc/R1ck+K + LHS6se8PMQ== + =QEN1 + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.9.0 diff --git a/kubernetes/thin/apps/database/redis/helm-release.yaml b/kubernetes/thin/apps/database/redis/helm-release.yaml new file mode 100644 index 0000000..1a8ff91 --- /dev/null +++ b/kubernetes/thin/apps/database/redis/helm-release.yaml @@ -0,0 +1,47 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: redis + namespace: database +spec: + interval: 5m + chart: + spec: + chart: redis + version: 20.1.0 + sourceRef: + kind: HelmRepository + name: bitnami-charts + namespace: flux-system + values: + auth: + existingSecret: "redis-secrets" + existingSecretPasswordKey: "password" + + master: + podSecurityContext: + enabled: true + fsGroup: 700 + + containerSecurityContext: + enabled: true + runAsUser: 700 + + persistence: + enabled: true + storageClass: openebs-single + size: 16Gi + + replica: + podSecurityContext: + enabled: true + fsGroup: 700 + + containerSecurityContext: + enabled: true + runAsUser: 700 + + persistence: + enabled: true + storageClass: openebs-single + size: 16Gi \ No newline at end of file diff --git a/kubernetes/thin/apps/database/redis/kustomization.yaml b/kubernetes/thin/apps/database/redis/kustomization.yaml new file mode 100644 index 0000000..4d3c85c --- /dev/null +++ b/kubernetes/thin/apps/database/redis/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./redis.sops.yaml +- ./helm-release.yaml \ No newline at end of file diff --git a/kubernetes/thin/apps/database/redis/redis.sops.yaml b/kubernetes/thin/apps/database/redis/redis.sops.yaml new file mode 100644 index 0000000..5523488 --- /dev/null +++ b/kubernetes/thin/apps/database/redis/redis.sops.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: Secret +metadata: + name: redis-secrets + namespace: database +stringData: + password: ENC[AES256_GCM,data:jjXsxyMKvPsAAr3wMhZWV/E/Qmmz/OYQvu6f8pRXasY=,iv:8K9IzAywC9CHiZ+ASoxhSqN14amL6APbzjpBtxPS50s=,tag:GbgcAhhDp+ob83Neyr/Lzw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-04-07T02:27:25Z" + mac: ENC[AES256_GCM,data:7/C0bTMeOXSWeP2ftsCrWRLk84U0RmmNBQgo8oWKKo82ELZq13UNjGyQovdnkSJQohmrf3NeYAqD1BEdkLnV1i8Fc0+UeVw0RIqApVXT0QuL1N9raw71TCZFpdIlB/QVqpnSByGquHtHeDVCU1XeVucq9SXbRQC+KXHIKKYRRWk=,iv:gG2zWKGmhCbz3iqfYUIpTvgx1Pkr3jnCPsopS1sWLWU=,tag:AAg40kPevQR+TsIpvarKRQ==,type:str] + pgp: + - created_at: "2023-06-19T18:35:20Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzKleRwoSoixAQ/+MPwsw23CEJ7+tNW+wswxHW/HKssn9/9M+GXTVTNiSLhU + hec797R9IuuUOVtW6Q6mRmCnnIxeU0NCTDJ75Fk5S+S7vvY1SEkR6YJ7dOSX6hpg + BohlEJYKMTYgLLUmxNzz+Kvih5HHY4EWhKPF1fRh45q2eosQBNO3bb8NGe4JddV0 + kdyBTEOfWMG+gYb+Rygv2NNJy51FiWUeimv1zVbTKgFd+kMJVtDZIgFY+YdC7tpk + 5SW1HW1ZzCbnAqy0M+NUQ1DH0diAbqUwrgCz/crzd51GXl75YMKt0AQ90Cfj9qJO + EcB6HRBmSxLla+AGh/s5aGPLEInlhn6IDgj0BLmFFa9VKHw/F9Oq2SUvb7CKgLPr + mkxkeV9JG6rIdnEZ7LijGb+tZEYsbGTjX13AGEMpLY6B+kxJyktK9rW/WdW34i6V + 7Oov+FbXNzOOIHi839xhy1zrr+fUuP1Ow6cpJEsBk2+0eEVyYyDMw7BmTfSCOBOs + ErBrbuz3xtHBzFnc5qKAZGCkCpQjWbgOBa9OtgCOpnzBo5vLsgqnB4pJEQTSjgqm + CPiHH6Jgnjcufx+YWGSX4mATOFBCyNaGZQoezvuGpmGDH6XtulmWAVt7lc030AUL + t1Cvf8LlNznzplApm8l5QjnjOFbZy00dfakm3plxHihpai+AJx0ia5Z6vNgofG3U + aAEJAhBk7yj9x2Dmj6kY+gZCaMvOx/RDPHCHJxgy8nrEGL0s8T5tKFeOrqCvPVPc + Ba1z1+zM5U8g8H3ejDcxbgD6M4Pn3h0vK4KV19xFj9MT3yEup5g6JllVMCjR+4b4 + 6Ws3PAOg+gfn + =KUC9 + -----END PGP MESSAGE----- + fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 + - created_at: "2023-06-19T18:35:20Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAy5t8IMoPu4VAQ/9Hz/dua2fj9igN4oKMbynFYw9RjNxvR4FTbflze7ta3B/ + XwyqNmGqG/Nf14zmCW5vX0J4HQIH/6oqtaOwefDoT1BKS89wZQ//ULiCvP2+ySKI + MFi6dgX5c+Jz2Qu6+AcGLEMUvrBjOcH36Ev6wOsGvtf9neQgWkbWDAr9aPJUSQuD + YmoWgGQfjvpq5yKLMs7fHGzCGzgJ9/eIy6w2Hf2YbaeZ1yQUVbOWLeM/UkFBoKEz + o+5S8bdmfiJxBpNPrqW7nxkRhyuEIBlrqmbqUMzLqgWzE47hPZT6lL8neuLPNB0/ + HojCdKdhloTWu2BuIzmlYarJOVKAVZLvwCec+ExZGRtCj+WoZ74Zv7VTJMK3SrDp + sHhcvLNsX0FxgOdzudtVK3zGGuLFJl+PO14FAXqRKbGyrqAG5turyN1UUtPvXnxZ + 8rZjqNdIpYXzz+4/1qbdNdDw+DrW/kSd/bjYhSje5J0eKo1e2O6oSyE6fY54yzBk + qk5vv8kgmPGugZOB+Fgxt3wINcd066oRlf66tSDFDrzaqBTem8PpIOM551Xxelry + NX7s6QAzTZTnaN9jCevo0HjqHYJ7s5RfNCBbK/lDyV161TOEl7mEhJEBiAkK5OZQ + JVrtj14BojBn7CeqTEWf+AF8isPsGjkKeK/AB80z5znhz9kryyjjzcAv+w1CUrzU + aAEJAhCzS5DclvrUB4EWfZGQdgW6uvdqATJGEUjylF0s6/OaaGCo3twB/nxdbYbK + l4fRjOZalxm0hDYHNMpfwgntBq6aL4gA77AQCAKEkcuCBGDRPNUf85zUdU9pVbUk + 9ihOPpcMmJKt + =wNI4 + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kubernetes/thin/apps/kustomization.yaml b/kubernetes/thin/apps/kustomization.yaml index 3d69448..658e4f4 100644 --- a/kubernetes/thin/apps/kustomization.yaml +++ b/kubernetes/thin/apps/kustomization.yaml @@ -16,6 +16,7 @@ resources: - ./kubevirt/ks.yaml - ./kubevirt-cdi/ks.yaml -- ../../common/apps/database/ks.yaml +- ./database/ks.yaml +- ../../common/apps/exim/ks.yml - ./monitoring - ./default \ No newline at end of file