big update for kubernetes and helm templates

2024-11-21 15:53:16 +01:00 · 2024-11-08 12:34:10 +01:00 · 2024-11-08 12:34:10 +01:00 · e3bf953cf7
commit e3bf953cf7
parent 3d55786e36
27 changed files with 225 additions and 179 deletions
--- a/kubernetes/certmanager/values.yaml
+++ b/kubernetes/certmanager/values.yaml
@ -10,8 +10,10 @@ cainjector:
  image:
    repository: quay.io/jetstack/cert-manager-cainjector
    tag: v1.16.0
 crds: 
  enabled: true
 extraArgs:
  - --dns01-recursive-nameservers-only
  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
--- a/helm/longhorn/values.yaml
+++ b/helm/longhorn/values.yaml
@ -0,0 +1,53 @@
 ---
 image:
  longhorn:
    engine:
      repository: "longhornio/longhorn-engine"
      tag: "v1.7.2"
    manager:
      repository: "longhornio/longhorn-manager"
      tag: "v1.7.2"
    ui:
      repository: "longhornio/longhorn-ui"
      tag: "v1.7.2"
    instanceManager:
      repository: "longhornio/longhorn-instance-manager"
      tag: "v1.7.2"
    shareManager:
      repository: "longhornio/longhorn-share-manager"
      tag: "v1.7.2"
    backingImageManager:
      repository: "longhornio/backing-image-manager"
      tag: "v1.7.2"
    supportBundleKit:
      repository: "longhornio/support-bundle-kit"
      tag: "v0.0.45"
  csi:
    attacher:
      repository: "longhornio/csi-attacher"
      tag: "v4.7.0"
    provisioner:
      repository: "longhornio/csi-provisioner"
      tag: "v5.1.0"
    nodeDriverRegistrar:
      repository: "longhornio/csi-node-driver-registrar"
      tag: "v2.12.0"
    resizer:
      repository: "longhornio/csi-resizer"
      tag: "v1.12.0"
    snapshotter:
      repository: "longhornio/csi-snapshotter"
      tag: "v8.1.0"
    livenessProbe:
      repository: "longhornio/livenessprobe"
      tag: "v2.14.0"
 # --> (Optional) Reduce the number of replicas of Longhorn UI
 # longhornUI:
 #   replicas: 1
 # <--
 # --> (Optional) Change the default settings, like Backup Target here...
 # defaultSettings:
 #   backupTarget: "your-backup-target"  # <-- Replace with your backup target
 # <--
--- a/helm/portainer/values.yaml
+++ b/helm/portainer/values.yaml
@ -0,0 +1,27 @@
 ---
 image:
  repository: portainer/portainer-ce
  tag: 2.22.0
  pullPolicy: IfNotPresent
 service:
  type: ClusterIP
 # --> (Optional) When you want to automatically create an Ingress
 # ingress:
 #   enabled: true
 #   hosts:
 #     - host: "your-fqdn"  # <-- Replace with your FQDN
 #       paths:
 #         - path: /
 #           port: "9000"
 #   tls:
 #     - secretName: portainer-certificate-secret
 #       hosts:
 #         - "your-fqdn"  # <-- Replace with your FQDN
 # <--
 # --> (Optional) When using an existing PVC
 # persistence:
 #   existingClaim: "portainer"
 # <--
--- a/helm/traefik/values.yaml
+++ b/helm/traefik/values.yaml
@ -0,0 +1,19 @@
 image:
  repository: traefik
  version: v3.1.4
  pullPolicy: IfNotPresent
 # --> (Optional) Change log settings here...
 # logs:
 #   general:
 #     level: ERROR
 #   access:
 #     enabled: false
 # <--
 # --> (Optional) Redirect HTTP to HTTPs by default
 # ports:
 #   web:
 #     redirectTo: 
 #       port: websecure
 # <--
--- a/kubernetes/certmanager/examples/certificate.yaml.example
+++ b/kubernetes/certmanager/examples/certificate.yaml.example
--- a/kubernetes/certmanager/examples/issuer-secret.yaml.example
+++ b/kubernetes/certmanager/examples/issuer-secret.yaml.example
--- a/kubernetes/certmanager/examples/clusterissuer.yaml.example
+++ b/kubernetes/certmanager/examples/clusterissuer.yaml.example
@ -2,16 +2,16 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: clusterissuer  # <-- Replace with your clsuterissuer name
+  name: cloudflare-clusterissuer
 spec:
  acme:
    email: your-email@address  # <-- Replace with your email address
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
-      name: example-clusterissuer-account-key  # <-- Replace with your secret name
+      name: cloudflare-clusterissuer-account-key
    solvers:
      - dns01:
          cloudflare:
            apiTokenSecretRef:
-              name: cloudflare-api-token-secret  # <-- Replace with your secret name
+              name: cloudflare-api-token-secret
              key: api-token        
--- a/kubernetes/certmanager/examples/issuer.yaml.example
+++ b/kubernetes/certmanager/examples/issuer.yaml.example
@ -1,18 +0,0 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: issuer  # <-- Replace with your issuer name
  namespace: your-namespace  # <-- Replace with your namespace
 spec:
  acme:
    email: your-email@address  # <-- Replace with your email address
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: example-issuer-account-key  # <-- Replace with your secret name
    solvers:
      - dns01:
          cloudflare:
            apiTokenSecretRef:
              name: cloudflare-api-token-secret  # <-- Replace with your secret name
              key: api-token        
--- a/kubernetes/examples/example-configmap.yaml
+++ b/kubernetes/examples/example-configmap.yaml
--- a/kubernetes/examples/example-deployment.yaml
+++ b/kubernetes/examples/example-deployment.yaml
@ -1,22 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: example-deployment
  namespace: your-namespace
  labels:
    app: example-app
 spec:
  replicas: 3  # how many pods?
  selector:
    matchLabels:
      app: example-app
  template:
    metadata:
      labels:
        app: example-app
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
--- a/kubernetes/examples/example-ingress.yaml
+++ b/kubernetes/examples/example-ingress.yaml
--- a/kubernetes/examples/example-namespace.yaml
+++ b/kubernetes/examples/example-namespace.yaml
--- a/kubernetes/examples/example-peristentvolume.yaml
+++ b/kubernetes/examples/example-peristentvolume.yaml
--- a/kubernetes/examples/example-persistentvolumeclaim.yaml
+++ b/kubernetes/examples/example-persistentvolumeclaim.yaml
--- a/kubernetes/examples/example-secret.yaml
+++ b/kubernetes/examples/example-secret.yaml
--- a/kubernetes/examples/example-service.yaml
+++ b/kubernetes/examples/example-service.yaml
@ -1,12 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: example-service
  namespace: your-namespace
 spec:
  selector:
    app.kubernetes.io/name: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
--- a/kubernetes/longhorn/certificate.yaml
+++ b/kubernetes/longhorn/certificate.yaml
@ -0,0 +1,13 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: longhorn-certificate
  namespace: longhorn-system
 spec:
  secretName: longhorn-certificate-secret
  dnsNames:
    - your-fqdn  # <-- Replace with your FQDN
  issuerRef:
    name: cloudflare-clusterissuer
    kind: ClusterIssuer
--- a/kubernetes/longhorn/ingressroute.yaml
+++ b/kubernetes/longhorn/ingressroute.yaml
@ -0,0 +1,17 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: longhorn-ingressroute
  namespace: longhorn-system
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
      kind: Rule
      services:
        - name: longhorn-frontend
          port: 80
  tls:
      secretName: longhorn-certificate-secret
--- a/kubernetes/portainer/certificate.yaml
+++ b/kubernetes/portainer/certificate.yaml
@ -0,0 +1,13 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: portainer-ingressroute-certificate
  namespace: portainer
 spec:
  secretName: portainer-certificate-secret
  issuerRef:
    name: cloudflare-clusterissuer
    kind: ClusterIssuer
  dnsNames:
    - your-fqdn  # <-- Replace with your FQDN
--- a/kubernetes/portainer/ingressroute.yaml
+++ b/kubernetes/portainer/ingressroute.yaml
@ -0,0 +1,17 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: portainer-ingressroute
  namespace: portainer
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
      kind: Rule
      services:
        - name: portainer
          port: 9000
  tls:
    secretName: portainer-certificate-secret
--- a/kubernetes/portainer/values.yml
+++ b/kubernetes/portainer/values.yml
@ -1,29 +0,0 @@
 # Portainer Helm Chart Values Template
 # ---
 image:
  repository: portainer/portainer-ce
  tag: 2.22.0
  pullPolicy: IfNotPresent
 replicas: 1  # Number of replicas
 # (Choice) LoadBalancer or ClusterIP with optional Ingress
 service:
  type: LoadBalancer
  # -- or --
  # type: ClusterIP
 # (Optional) Add Ingress, when using ClusterIP
 ingress:
  enabled: true
  hosts:
    - host: "portainer-test-1.kube-prod-2.home.clcreative.de"
      paths: 
        - path: "/"
          port: "9000"
 # -- end
 persistence:
  enabled: true
  # (Optional) Use an existing PVC
  # existingClaim: portainer
--- a/kubernetes/traefik/examples/example-ingressroute.yaml
+++ b/kubernetes/traefik/examples/example-ingressroute.yaml
@ -1,20 +0,0 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: ingressroute
  # (Optional) Namespace
  # namespace: your-namespace
  # ---
 spec:
  entryPoints:
  - web
  - websecure
  routes:
  - match: Host(`your-hostname`)
    kind: Rule
    services:
    - name: your-service
      port: 80
  # (Optional) TLS
  # tls:
  #   secretName: your-tls-secret
--- a/kubernetes/traefik/examples/example-ingressroutetcp.yml
+++ b/kubernetes/traefik/examples/example-ingressroutetcp.yml
@ -1,21 +0,0 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: ingressroutetcp
  # (Optional) Namespace
  # namespace: your-namespace
  # ---
 spec:
  entryPoints:
  - web
  - websecure
  routes:
  - match: HostSNI(`your-hostname-sni`)
    priority: 10
    services:
    - name: your-service
      port: 80
  # (Optional) TLS Passthrough
  # tls:
  #   passthrough: true
  # ---
--- a/kubernetes/traefik/ingressroute.yaml.example
+++ b/kubernetes/traefik/ingressroute.yaml.example
@ -0,0 +1,19 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: your-ingressroute # <-- Replace with your IngressRoute name
  namespace: your-namespace  # <-- Replace with your namespace
 spec:
  entryPoints:
  - web
  - websecure
  routes:
  - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
    kind: Rule
    services:
    - name: your-service  # <-- Replace with your service name
      port: 80
  # --> (Optional) Add certificate secret
  # tls:
  #   secretName: your-certificate-secret
  # <--
--- a/kubernetes/traefik/ingressroutetcp.yaml.example
+++ b/kubernetes/traefik/ingressroutetcp.yaml.example
@ -0,0 +1,19 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name
  namespace: your-namespace  # <-- Replace with your namespace
 spec:
  entryPoints:
  - web
  - websecure
  routes:
  - match: HostSNI(`your-sni`)  # <-- Replace with your SNI
    priority: 10  # <-- (Optional) change rule priority
    services:
    - name: your-service  # <-- Replace with your service name
      port: 80
  # --> (Optional) Enable TLS Passthrough
  # tls:
  #   passthrough: true
  # <--
--- a/kubernetes/traefik/values.yml
+++ b/kubernetes/traefik/values.yml
@ -1,54 +0,0 @@
 # Traefik Helm Chart Values Template
 # ---
 image:
  repository: traefik
  version: v3.1.4
  pullPolicy: IfNotPresent
 # (Optional) Log settings
 # logs:
 #   general:
 #     level: ERROR
 #   access:
 #     enabled: false
 # (Optional) Change number of replicas
 # deployment:
 #   replicas: 1
 # (Optional) Enable Prometheus Metrics, requires metrics port to be exposed!
 # metrics:
 #   prometheus:
 #     entryPoint: metrics
 # Configure EntryPoints
 ports:
  web:
    # StandardHTTP
    port: 8000
    exposed: true
    exposedPort: 80
    # (Optional) Redirect HTTP to HTTPs by default
    # redirectTo: 
    #   port: websecure
  websecure:
    # Standard HTTPS
    port: 8443
    exposed: true
    exposedPort: 443
    tls:
      enabled: true
    # (Optional) Enable HTTP3
    # http3:
    #   enabled: false
    # (Optional) When enabled Prometheus Metrics will be exposed on this port
    # metrics:
        # Prometheus Metrics
    #   port: 9100
    #   exposed: false
    #   exposedPort: 9100
 # Create a default IngressClass
 ingressClass:
  enabled: true
  isDefaultClass: true
--- a/renovate.json
+++ b/renovate.json
@ -110,6 +110,29 @@
      "allowedVersions": "!/^v?2\\.19\\.10$/"
    }
  ],
  "customManagers": [
    {
      "customType": "regex",
      "description": "Update Longhorn images in Helm",
      "fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"],
      "matchStrings": [
        "engine:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "manager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "ui:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "instanceManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "shareManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "backingImageManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "supportBundleKit:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "attacher:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "provisioner:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "nodeDriverRegistrar:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "resizer:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "snapshotter:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
        "livenessProbe:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?"
      ],
      "datasourceTemplate": "docker"
    }
  ],
  "separateMinorPatch": true,
  "stopUpdatingLabel": "renovate/stop_updating"
 }