2022-05-02 15:26:33 +00:00
|
|
|
namePrefix: prod-
|
|
|
|
resources:
|
|
|
|
- ../base
|
2022-05-05 15:44:44 +00:00
|
|
|
- svc-db.yaml
|
|
|
|
- svc-netflux.yaml
|
2022-05-16 20:23:53 +00:00
|
|
|
- cm-ingress-nginx-tcp-services.yaml
|
2022-11-12 18:34:17 +00:00
|
|
|
- clusterissuer.yaml
|
|
|
|
- clusterissuer-staging.yaml
|
2022-05-06 19:16:20 +00:00
|
|
|
configMapGenerator:
|
|
|
|
- name: prometheus-server
|
|
|
|
behavior: merge
|
|
|
|
files:
|
|
|
|
- prometheus.yml=prometheus.yaml
|
2022-05-09 03:34:36 +00:00
|
|
|
- name: grafana
|
|
|
|
behavior: merge
|
|
|
|
files:
|
2022-06-02 20:02:29 +00:00
|
|
|
- grafana.ini=secrets/grafana-config.ini
|
2022-05-09 03:34:36 +00:00
|
|
|
- datasources.yaml=grafana-datasources.yaml
|
2022-05-11 09:18:49 +00:00
|
|
|
- name: invidious-config
|
|
|
|
files:
|
|
|
|
- config.yml=invidious-config.yaml
|
2022-06-05 15:44:52 +00:00
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: invidious
|
2022-05-11 18:21:35 +00:00
|
|
|
- name: element-config
|
|
|
|
files:
|
|
|
|
- config.json=element-config.json
|
2022-06-05 15:44:52 +00:00
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: element
|
2022-05-18 16:11:15 +00:00
|
|
|
- name: drone-config
|
|
|
|
literals:
|
|
|
|
- gitea-server=https://git.netflux.io
|
|
|
|
- server-host=drone.netflux.io
|
|
|
|
- server-proto=https
|
|
|
|
- rpc-host=drone.netflux.io
|
|
|
|
- rpc-proto=https
|
|
|
|
- logs-debug=false
|
2022-06-05 15:44:52 +00:00
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: drone
|
2022-06-19 02:46:48 +00:00
|
|
|
- name: radicale-config
|
|
|
|
files:
|
|
|
|
- config.toml=secrets/radicale-config.toml
|
|
|
|
- users=secrets/radicale-users
|
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: radicale
|
2022-05-05 15:42:23 +00:00
|
|
|
secretGenerator:
|
|
|
|
- name: prometheus-credentials
|
|
|
|
files:
|
2022-05-06 19:16:20 +00:00
|
|
|
- secrets/exporter-password
|
2022-05-09 03:34:36 +00:00
|
|
|
- name: grafana-credentials
|
|
|
|
files:
|
|
|
|
- admin-user=secrets/grafana-admin-user
|
|
|
|
- admin-password=secrets/grafana-admin-password
|
2022-05-11 09:18:49 +00:00
|
|
|
- name: invidious-credentials
|
|
|
|
literals:
|
|
|
|
# Individual keys required by init-invidious-db:
|
|
|
|
- database-host=prod-db
|
|
|
|
- database-port=5432
|
|
|
|
- database-name=invidious
|
|
|
|
- database-user=kemal
|
|
|
|
files:
|
|
|
|
- database-url=secrets/invidious-database-url
|
|
|
|
- database-password=secrets/invidious-database-password
|
2023-07-03 21:06:27 +00:00
|
|
|
- hmac-key=secrets/invidious-hmac-key.txt
|
2022-06-05 15:44:52 +00:00
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: invidious
|
2022-05-16 20:23:53 +00:00
|
|
|
- name: gitea-config
|
|
|
|
files:
|
|
|
|
- admin-username=secrets/gitea-admin-username
|
|
|
|
- admin-password=secrets/gitea-admin-password
|
|
|
|
- admin-email=secrets/gitea-admin-email
|
|
|
|
- config.ini=secrets/gitea-config.ini
|
2022-06-05 15:44:52 +00:00
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: gitea
|
2022-05-18 16:11:15 +00:00
|
|
|
- name: drone-credentials
|
|
|
|
files:
|
|
|
|
- database-url=secrets/drone-database-url
|
|
|
|
- gitea-client-id=secrets/drone-gitea-client-id
|
|
|
|
- gitea-client-secret=secrets/drone-gitea-client-secret
|
|
|
|
- rpc-secret=secrets/drone-rpc-secret
|
2022-06-05 15:44:52 +00:00
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: drone
|
2022-06-04 01:07:12 +00:00
|
|
|
- name: synapse-config
|
|
|
|
files:
|
|
|
|
- homeserver.yaml=secrets/synapse-homeserver.yaml
|
|
|
|
- signing.key=secrets/synapse-signing.key
|
|
|
|
- log.config=secrets/synapse-log.config
|
2022-06-05 08:34:49 +00:00
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: synapse
|
2022-07-13 20:33:45 +00:00
|
|
|
- name: solar-toolkit-gateway
|
|
|
|
files:
|
|
|
|
- database-url=secrets/solar-toolkit-gateway-database-url
|
|
|
|
options:
|
|
|
|
labels:
|
|
|
|
app: solar-toolkit-gateway
|
2022-05-05 15:42:23 +00:00
|
|
|
|
2022-05-05 20:52:39 +00:00
|
|
|
patches:
|
2022-05-09 03:34:36 +00:00
|
|
|
# Patch the ingress-nginx deployment to allow it to use a service with a
|
|
|
|
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
|
|
|
|
- target:
|
|
|
|
kind: Deployment
|
|
|
|
name: ingress-nginx-controller
|
|
|
|
path: deploy-ingress-nginx.yaml
|
|
|
|
|
2022-05-11 01:10:44 +00:00
|
|
|
# Patch the ingress-nginx-admission-create job to reference its webhook with a
|
|
|
|
# namePrefix.
|
|
|
|
- target:
|
|
|
|
kind: Job
|
|
|
|
name: ingress-nginx-admission-create
|
|
|
|
path: job-ingress-nginx-admission-create.yaml
|
|
|
|
|
|
|
|
# Patch the ingress-nginx-admission-patch job to reference its webhook with a
|
|
|
|
# namePrefix.
|
|
|
|
- target:
|
|
|
|
kind: Job
|
|
|
|
name: ingress-nginx-admission-patch
|
|
|
|
path: job-ingress-nginx-admission-patch.yaml
|
|
|
|
|
2022-05-11 01:10:48 +00:00
|
|
|
# Patch the ingress resource with stage-specific hostnames:
|
|
|
|
- target:
|
|
|
|
kind: Ingress
|
|
|
|
name: ingress
|
|
|
|
path: ingress.yaml
|
|
|
|
|
2022-05-06 19:16:20 +00:00
|
|
|
# Patch prometheus-server pod to mount the secrets volume.
|
|
|
|
- target:
|
|
|
|
kind: Deployment
|
|
|
|
name: prometheus-server
|
|
|
|
patch: |-
|
|
|
|
- op: add
|
|
|
|
path: /spec/template/spec/volumes/-
|
|
|
|
value:
|
|
|
|
secret:
|
|
|
|
secretName: prod-prometheus-credentials
|
|
|
|
name: secrets-volume
|
|
|
|
- op: add
|
|
|
|
path: /spec/template/spec/containers/1/volumeMounts/-
|
|
|
|
value:
|
|
|
|
mountPath: /etc/secrets
|
|
|
|
name: secrets-volume
|
|
|
|
readOnly: true
|
|
|
|
|
2022-05-09 03:34:36 +00:00
|
|
|
# Patch Grafana deployment to inject PostgreSQL credentials:
|
2022-05-02 17:36:36 +00:00
|
|
|
- target:
|
|
|
|
kind: Deployment
|
2022-05-09 03:34:36 +00:00
|
|
|
name: grafana
|
|
|
|
path: deploy-grafana.yaml
|