extern/christianlempa-boilerplates
1
0
Fork 0
mirror of https://github.com/ChristianLempa/boilerplates.git synced 2024-11-21 15:53:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

big update for kubernetes and helm templates

Browse Source
This commit is contained in:
Christian Lempa 2024-11-08 12:34:10 +01:00
parent 3d55786e36
commit e3bf953cf7
27 changed files with 225 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/certmanager/values.yaml → helm/cert-manager/values.yaml
View File

@ -10,8 +10,10 @@ cainjector:
image:
repository: quay.io/jetstack/cert-manager-cainjector
tag: v1.16.0
crds:
enabled: true
extraArgs:
- --dns01-recursive-nameservers-only
- --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53

53
helm/longhorn/values.yaml Normal file
View File

@ -0,0 +1,53 @@
---
image:
longhorn:
engine:
repository: "longhornio/longhorn-engine"
tag: "v1.7.2"
manager:
repository: "longhornio/longhorn-manager"
tag: "v1.7.2"
ui:
repository: "longhornio/longhorn-ui"
tag: "v1.7.2"
instanceManager:
repository: "longhornio/longhorn-instance-manager"
tag: "v1.7.2"
shareManager:
repository: "longhornio/longhorn-share-manager"
tag: "v1.7.2"
backingImageManager:
repository: "longhornio/backing-image-manager"
tag: "v1.7.2"
supportBundleKit:
repository: "longhornio/support-bundle-kit"
tag: "v0.0.45"
csi:
attacher:
repository: "longhornio/csi-attacher"
tag: "v4.7.0"
provisioner:
repository: "longhornio/csi-provisioner"
tag: "v5.1.0"
nodeDriverRegistrar:
repository: "longhornio/csi-node-driver-registrar"
tag: "v2.12.0"
resizer:
repository: "longhornio/csi-resizer"
tag: "v1.12.0"
snapshotter:
repository: "longhornio/csi-snapshotter"
tag: "v8.1.0"
livenessProbe:
repository: "longhornio/livenessprobe"
tag: "v2.14.0"
# --> (Optional) Reduce the number of replicas of Longhorn UI
# longhornUI:
# replicas: 1
# <--
# --> (Optional) Change the default settings, like Backup Target here...
# defaultSettings:
# backupTarget: "your-backup-target" # <-- Replace with your backup target
# <--

27
helm/portainer/values.yaml Normal file
View File

@ -0,0 +1,27 @@
---
image:
repository: portainer/portainer-ce
tag: 2.22.0
pullPolicy: IfNotPresent
service:
type: ClusterIP
# --> (Optional) When you want to automatically create an Ingress
# ingress:
# enabled: true
# hosts:
# - host: "your-fqdn" # <-- Replace with your FQDN
# paths:
# - path: /
# port: "9000"
# tls:
# - secretName: portainer-certificate-secret
# hosts:
# - "your-fqdn" # <-- Replace with your FQDN
# <--
# --> (Optional) When using an existing PVC
# persistence:
# existingClaim: "portainer"
# <--

19
helm/traefik/values.yaml Normal file
View File

@ -0,0 +1,19 @@
image:
repository: traefik
version: v3.1.4
pullPolicy: IfNotPresent
# --> (Optional) Change log settings here...
# logs:
# general:
# level: ERROR
# access:
# enabled: false
# <--
# --> (Optional) Redirect HTTP to HTTPs by default
# ports:
# web:
# redirectTo:
# port: websecure
# <--

0
kubernetes/certmanager/examples/certificate.yaml.example → kubernetes/cert-manager/certificate.yaml.example
View File

0
kubernetes/certmanager/examples/issuer-secret.yaml.example → kubernetes/cert-manager/clusterissuer-secret.yaml
View File

6
kubernetes/certmanager/examples/clusterissuer.yaml.example → kubernetes/cert-manager/clusterissuer.yaml
View File

@ -2,16 +2,16 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: clusterissuer # <-- Replace with your clsuterissuer name
name: cloudflare-clusterissuer
spec:
acme:
email: your-email@address # <-- Replace with your email address
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: example-clusterissuer-account-key # <-- Replace with your secret name
name: cloudflare-clusterissuer-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret # <-- Replace with your secret name
name: cloudflare-api-token-secret
key: api-token

18
kubernetes/certmanager/examples/issuer.yaml.example
View File

@ -1,18 +0,0 @@
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: issuer # <-- Replace with your issuer name
namespace: your-namespace # <-- Replace with your namespace
spec:
acme:
email: your-email@address # <-- Replace with your email address
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: example-issuer-account-key # <-- Replace with your secret name
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret # <-- Replace with your secret name
key: api-token

0
kubernetes/examples/example-configmap.yaml
View File

22
kubernetes/examples/example-deployment.yaml
View File

@ -1,22 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-deployment
namespace: your-namespace
labels:
app: example-app
spec:
replicas: 3 # how many pods?
selector:
matchLabels:
app: example-app
template:
metadata:
labels:
app: example-app
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80

0
kubernetes/examples/example-ingress.yaml
View File

0
kubernetes/examples/example-namespace.yaml
View File

0
kubernetes/examples/example-peristentvolume.yaml
View File

0
kubernetes/examples/example-persistentvolumeclaim.yaml
View File

0
kubernetes/examples/example-secret.yaml
View File

12
kubernetes/examples/example-service.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: example-service
namespace: your-namespace
spec:
selector:
app.kubernetes.io/name: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376

13
kubernetes/longhorn/certificate.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: longhorn-certificate
namespace: longhorn-system
spec:
secretName: longhorn-certificate-secret
dnsNames:
- your-fqdn # <-- Replace with your FQDN
issuerRef:
name: cloudflare-clusterissuer
kind: ClusterIssuer

17
kubernetes/longhorn/ingressroute.yaml Normal file
View File

@ -0,0 +1,17 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: longhorn-ingressroute
namespace: longhorn-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`your-fqdn`) # <-- Replace with your FQDN
kind: Rule
services:
- name: longhorn-frontend
port: 80
tls:
secretName: longhorn-certificate-secret

13
kubernetes/portainer/certificate.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: portainer-ingressroute-certificate
namespace: portainer
spec:
secretName: portainer-certificate-secret
issuerRef:
name: cloudflare-clusterissuer
kind: ClusterIssuer
dnsNames:
- your-fqdn # <-- Replace with your FQDN

17
kubernetes/portainer/ingressroute.yaml Normal file
View File

@ -0,0 +1,17 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: portainer-ingressroute
namespace: portainer
spec:
entryPoints:
- websecure
routes:
- match: Host(`your-fqdn`) # <-- Replace with your FQDN
kind: Rule
services:
- name: portainer
port: 9000
tls:
secretName: portainer-certificate-secret

29
kubernetes/portainer/values.yml
View File

@ -1,29 +0,0 @@
# Portainer Helm Chart Values Template
# ---
image:
repository: portainer/portainer-ce
tag: 2.22.0
pullPolicy: IfNotPresent
replicas: 1 # Number of replicas
# (Choice) LoadBalancer or ClusterIP with optional Ingress
service:
type: LoadBalancer
# -- or --
# type: ClusterIP
# (Optional) Add Ingress, when using ClusterIP
ingress:
enabled: true
hosts:
- host: "portainer-test-1.kube-prod-2.home.clcreative.de"
paths:
- path: "/"
port: "9000"
# -- end
persistence:
enabled: true
# (Optional) Use an existing PVC
# existingClaim: portainer

20
kubernetes/traefik/examples/example-ingressroute.yaml
View File

@ -1,20 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute
# (Optional) Namespace
# namespace: your-namespace
# ---
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`your-hostname`)
kind: Rule
services:
- name: your-service
port: 80
# (Optional) TLS
# tls:
# secretName: your-tls-secret

21
kubernetes/traefik/examples/example-ingressroutetcp.yml
View File

@ -1,21 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcp
# (Optional) Namespace
# namespace: your-namespace
# ---
spec:
entryPoints:
- web
- websecure
routes:
- match: HostSNI(`your-hostname-sni`)
priority: 10
services:
- name: your-service
port: 80
# (Optional) TLS Passthrough
# tls:
# passthrough: true
# ---

19
kubernetes/traefik/ingressroute.yaml.example Normal file
View File

@ -0,0 +1,19 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: your-ingressroute # <-- Replace with your IngressRoute name
namespace: your-namespace # <-- Replace with your namespace
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`your-fqdn`) # <-- Replace with your FQDN
kind: Rule
services:
- name: your-service # <-- Replace with your service name
port: 80
# --> (Optional) Add certificate secret
# tls:
# secretName: your-certificate-secret
# <--

19
kubernetes/traefik/ingressroutetcp.yaml.example Normal file
View File

@ -0,0 +1,19 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name
namespace: your-namespace # <-- Replace with your namespace
spec:
entryPoints:
- web
- websecure
routes:
- match: HostSNI(`your-sni`) # <-- Replace with your SNI
priority: 10 # <-- (Optional) change rule priority
services:
- name: your-service # <-- Replace with your service name
port: 80
# --> (Optional) Enable TLS Passthrough
# tls:
# passthrough: true
# <--

54
kubernetes/traefik/values.yml
View File

@ -1,54 +0,0 @@
# Traefik Helm Chart Values Template
# ---
image:
repository: traefik
version: v3.1.4
pullPolicy: IfNotPresent
# (Optional) Log settings
# logs:
# general:
# level: ERROR
# access:
# enabled: false
# (Optional) Change number of replicas
# deployment:
# replicas: 1
# (Optional) Enable Prometheus Metrics, requires metrics port to be exposed!
# metrics:
# prometheus:
# entryPoint: metrics
# Configure EntryPoints
ports:
web:
# StandardHTTP
port: 8000
exposed: true
exposedPort: 80
# (Optional) Redirect HTTP to HTTPs by default
# redirectTo:
# port: websecure
websecure:
# Standard HTTPS
port: 8443
exposed: true
exposedPort: 443
tls:
enabled: true
# (Optional) Enable HTTP3
# http3:
# enabled: false
# (Optional) When enabled Prometheus Metrics will be exposed on this port
# metrics:
# Prometheus Metrics
# port: 9100
# exposed: false
# exposedPort: 9100
# Create a default IngressClass
ingressClass:
enabled: true
isDefaultClass: true

23
renovate.json
View File

@ -110,6 +110,29 @@
"allowedVersions": "!/^v?2\\.19\\.10$/"
}
],
"customManagers": [
{
"customType": "regex",
"description": "Update Longhorn images in Helm",
"fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"],
"matchStrings": [
"engine:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"manager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"ui:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"instanceManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"shareManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"backingImageManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"supportBundleKit:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"attacher:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"provisioner:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"nodeDriverRegistrar:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"resizer:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"snapshotter:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
"livenessProbe:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?"
],
"datasourceTemplate": "docker"
}
],
"separateMinorPatch": true,
"stopUpdatingLabel": "renovate/stop_updating"
}