This commit is contained in:
@@ -0,0 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- oauth-secret.yaml
|
||||
- postgres-volume.yaml
|
||||
- postgres-cluster.yaml
|
||||
- release.yaml
|
||||
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: kaneo
|
||||
@@ -0,0 +1,43 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kaneo-secret
|
||||
namespace: kaneo
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: kaneo
|
||||
namespace: kaneo
|
||||
spec:
|
||||
method: kubernetes
|
||||
mount: kubernetes
|
||||
kubernetes:
|
||||
role: kaneo
|
||||
serviceAccount: kaneo-secret
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: kaneo-authentik
|
||||
namespace: kaneo
|
||||
spec:
|
||||
type: kv-v2
|
||||
|
||||
mount: secret
|
||||
path: authentik/kaneo
|
||||
|
||||
destination:
|
||||
create: true
|
||||
name: kaneo-authentik
|
||||
type: Opaque
|
||||
transformation:
|
||||
excludeRaw: true
|
||||
templates:
|
||||
client_id:
|
||||
text: '{{ get .Secrets "client_id" }}'
|
||||
client_secret:
|
||||
text: '{{ get .Secrets "client_secret" }}'
|
||||
|
||||
vaultAuthRef: kaneo
|
||||
@@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: kaneo-db
|
||||
namespace: kaneo
|
||||
spec:
|
||||
instances: 1
|
||||
|
||||
storage:
|
||||
pvcTemplate:
|
||||
storageClassName: ssd-lvmpv
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
volumeName: kaneo-db-1
|
||||
@@ -0,0 +1,33 @@
|
||||
apiVersion: local.openebs.io/v1alpha1
|
||||
kind: LVMVolume
|
||||
metadata:
|
||||
labels:
|
||||
kubernetes.io/nodename: anapistula-delrosalae
|
||||
name: kaneo-db-1
|
||||
namespace: openebs
|
||||
spec:
|
||||
capacity: 10Gi
|
||||
ownerNodeID: anapistula-delrosalae
|
||||
shared: "yes"
|
||||
thinProvision: "no"
|
||||
vgPattern: ^openebs-ssd$
|
||||
volGroup: openebs-ssd
|
||||
---
|
||||
kind: PersistentVolume
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kaneo-db-1
|
||||
spec:
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: ssd-lvmpv
|
||||
volumeMode: Filesystem
|
||||
csi:
|
||||
driver: local.csi.openebs.io
|
||||
fsType: btrfs
|
||||
volumeHandle: kaneo-db-1
|
||||
---
|
||||
# PVCs are dynamically created by the Postgres operator
|
||||
@@ -0,0 +1,78 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: kaneo
|
||||
namespace: kaneo
|
||||
spec:
|
||||
interval: 24h
|
||||
url: https://github.com/usekaneo/kaneo.git
|
||||
ref:
|
||||
tag: v2.7.1
|
||||
ignore: |
|
||||
# exclude all
|
||||
/*
|
||||
# include charts directory
|
||||
!/charts/
|
||||
---
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: kaneo
|
||||
namespace: kaneo
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: ./charts/kaneo
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: kaneo
|
||||
values:
|
||||
ingress:
|
||||
enabled: true
|
||||
className: nginx-ingress
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /$1
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
hosts:
|
||||
- host: kaneo.lumpiasty.xyz
|
||||
paths:
|
||||
- path: /?(.*)
|
||||
pathType: ImplementationSpecific
|
||||
service: web
|
||||
port: 80
|
||||
- path: /api/?(.*)
|
||||
pathType: ImplementationSpecific
|
||||
service: api
|
||||
port: 1337
|
||||
tls:
|
||||
- secretName: kaneo-ingress
|
||||
hosts:
|
||||
- kaneo.lumpiasty.xyz
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
kaneo:
|
||||
env:
|
||||
database:
|
||||
external:
|
||||
enabled: true
|
||||
existingSecret:
|
||||
enabled: true
|
||||
name: kaneo-db-app
|
||||
passwordKey: uri
|
||||
extraEnv:
|
||||
- name: CUSTOM_OAUTH_DISCOVERY_URL
|
||||
value: https://authentik.lumpiasty.xyz/application/o/kaneo/.well-known/openid-configuration
|
||||
- name: CUSTOM_OAUTH_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kaneo-authentik
|
||||
key: client_id
|
||||
- name: CUSTOM_OAUTH_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kaneo-authentik
|
||||
key: client_secret
|
||||
@@ -13,3 +13,4 @@ resources:
|
||||
- openwebui
|
||||
- woodpecker
|
||||
- meridian
|
||||
- kaneo
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
bound_service_account_names:
|
||||
- kaneo-secret
|
||||
bound_service_account_namespaces:
|
||||
- kaneo
|
||||
token_policies:
|
||||
- kaneo
|
||||
@@ -0,0 +1,3 @@
|
||||
path "secret/data/authentik/kaneo" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
Reference in New Issue
Block a user