arcodange-org/tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use internal .lab instead of failing duckdns.org
Some checks failed
Helm Charts / Detect changed charts (push) Successful in 22s
Details
Helm Charts / Library charts tool (push) Has been skipped
Details
Helm Charts / Application charts pgcat (push) Failing after 34s
Details

Browse Source
This commit is contained in:
Gabriel Radureau
2025-12-31 17:54:36 +01:00
parent 2c8de3468a
commit 02322e9a24
22 changed files with 33 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/crowdsec.yaml
View File

@@ -16,10 +16,10 @@ concurrency:
.vault_step: &vault_step .vault_step: &vault_step
name: read vault secret name: read vault secret
uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main
id: vault-secrets id: vault-secrets
with: with:
url: https://vault.arcodange.duckdns.org url: https://vault.arcodange.lab
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
role: gitea_cicd_crowdsec role: gitea_cicd_crowdsec
method: jwt method: jwt

2
.gitea/workflows/helmcharts.yaml
View File

@@ -165,7 +165,7 @@ jobs:
chart_package=${chart}-${chart_version}.tgz chart_package=${chart}-${chart_version}.tgz
# helm package ${chart} # helm package ${chart}
tar -X ${chart}/.helmignore -czf ${chart_package} ${chart} tar -X ${chart}/.helmignore -czf ${chart_package} ${chart}
curl --user ${{ github.actor }}:${{ secrets.PACKAGES_TOKEN }} -X POST --upload-file ./${chart_package} https://gitea.arcodange.duckdns.org/api/packages/${{ github.repository_owner }}/helm/api/charts curl --user ${{ github.actor }}:${{ secrets.PACKAGES_TOKEN }} -X POST --upload-file ./${chart_package} https://gitea.arcodange.lab/api/packages/${{ github.repository_owner }}/helm/api/charts
application-charts: application-charts:
<<: *charts-matrix-job <<: *charts-matrix-job

4
.gitea/workflows/plausible.yaml
View File

@@ -16,10 +16,10 @@ concurrency:
.vault_step: &vault_step .vault_step: &vault_step
name: read vault secret name: read vault secret
uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main
id: vault-secrets id: vault-secrets
with: with:
url: https://vault.arcodange.duckdns.org url: https://vault.arcodange.lab
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
role: gitea_cicd_plausible role: gitea_cicd_plausible
method: jwt method: jwt

4
.gitea/workflows/vault.yaml
View File

@@ -16,10 +16,10 @@ concurrency:
.vault_step: &vault_step .vault_step: &vault_step
name: read vault secret name: read vault secret
uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main
id: vault-secrets id: vault-secrets
with: with:
url: https://vault.arcodange.duckdns.org url: https://vault.arcodange.lab
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
role: gitea_cicd role: gitea_cicd
method: jwt method: jwt

2
chart/templates/apps.yaml
View File

@@ -10,7 +10,7 @@ metadata:
spec: spec:
project: tools project: tools
source: source:
repoURL: https://gitea.arcodange.duckdns.org/arcodange-org/tools repoURL: https://gitea.arcodange.lab/arcodange-org/tools
targetRevision: HEAD targetRevision: HEAD
path: {{ $app_name }} path: {{ $app_name }}
destination: destination:

2
chart/templates/project.yaml
View File

@@ -10,7 +10,7 @@ metadata:
spec: spec:
description: Arcodange tools (monitoring, cache, connection pool, secret management...) description: Arcodange tools (monitoring, cache, connection pool, secret management...)
sourceRepos: sourceRepos:
- 'https://gitea.arcodange.duckdns.org/arcodange-org/tools' - 'https://gitea.arcodange.lab/arcodange-org/tools'
# Only permit applications to deploy to the tools namespace in the same cluster # Only permit applications to deploy to the tools namespace in the same cluster
destinations: destinations:
- namespace: tools - namespace: tools

4
clickhouse/kustomization.yaml
View File

@@ -25,4 +25,6 @@ patches:
name: config-volume name: config-volume
mountPath: /etc/clickhouse-server/users.d/custom-users.xml mountPath: /etc/clickhouse-server/users.d/custom-users.xml
subPath: custom-users.xml subPath: custom-users.xml
readOnly: true readOnly: true
Ne pas avoir de pod sur pi2

2
crowdsec/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm
- name: crowdsec - name: crowdsec
version: 0.20.1 version: 0.20.1
repository: https://crowdsecurity.github.io/helm-charts repository: https://crowdsecurity.github.io/helm-charts

2
crowdsec/iac/providers.tf
View File

@@ -8,7 +8,7 @@ terraform {
} }
provider "vault" { provider "vault" {
address = "https://vault.arcodange.duckdns.org" address = "https://vault.arcodange.lab"
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt" mount = "gitea_jwt"
role = "gitea_cicd_crowdsec" role = "gitea_cicd_crowdsec"

2
grafana/Chart.yaml
View File

@@ -16,7 +16,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm
- name: grafana - name: grafana
version: 10.3.0 version: 10.3.0
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts

6
grafana/values.yaml
View File

@@ -270,11 +270,11 @@ grafana: &grafana_config
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: grafana.arcodange.duckdns.org traefik.ingress.kubernetes.io/router.tls.domains.0.sans: grafana.arcodange.lab
traefik.ingress.kubernetes.io/router.middlewares: localIp@file traefik.ingress.kubernetes.io/router.middlewares: localIp@file
hosts: hosts:
- grafana.arcodange.duckdns.org - grafana.arcodange.lab
resources: resources:
limits: limits:

2
hashicorp-vault/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm
- name: vault - name: vault
version: 0.28.1 version: 0.28.1
repository: https://helm.releases.hashicorp.com repository: https://helm.releases.hashicorp.com

4
hashicorp-vault/README.md
View File

@@ -1,8 +1,8 @@
# Vault # Vault
1. Les [playbooks ansible](https://gitea.arcodange.duckdns.org/arcodange-org/factory/src/branch/main/ansible/arcodange/factory/playbooks) configurent la base de données postgres et le minimum requis pour permetre au dépot "tools" d'appliquer via un workflow gitea action [une configuration vault via tofu](./iac/). 1. Les [playbooks ansible](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/ansible/arcodange/factory/playbooks) configurent la base de données postgres et le minimum requis pour permetre au dépot "tools" d'appliquer via un workflow gitea action [une configuration vault via tofu](./iac/).
2. Configuration des backend d'authentification et des roles pour postgres et kubernetes. Définition de rôles "${app}-ops" pour permettre au dépot d'une application de définir ses propres dépendances dans vault. Rotation de credentials postgres pour les applications. 2. Configuration des backend d'authentification et des roles pour postgres et kubernetes. Définition de rôles "${app}-ops" pour permettre au dépot d'une application de définir ses propres dépendances dans vault. Rotation de credentials postgres pour les applications.
3. [Le dépot de l'application webapp](https://gitea.arcodange.duckdns.org/arcodange-org/webapp) gère l'obtention de ses crédentials pour postgres. 3. [Le dépot de l'application webapp](https://gitea.arcodange.lab/arcodange-org/webapp) gère l'obtention de ses crédentials pour postgres.
```mermaid ```mermaid
flowchart LR flowchart LR

2
hashicorp-vault/iac/providers.tf
View File

@@ -8,7 +8,7 @@ terraform {
} }
provider "vault" { provider "vault" {
address = "https://vault.arcodange.duckdns.org" address = "https://vault.arcodange.lab"
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt" mount = "gitea_jwt"
role = "gitea_cicd" role = "gitea_cicd"

6
hashicorp-vault/values.yaml
View File

@@ -15,11 +15,11 @@ vault: &vault_config
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: vault.arcodange.duckdns.org traefik.ingress.kubernetes.io/router.tls.domains.0.sans: vault.arcodange.lab
traefik.ingress.kubernetes.io/router.middlewares: localIp@file traefik.ingress.kubernetes.io/router.middlewares: localIp@file
hosts: hosts:
- host: vault.arcodange.duckdns.org - host: vault.arcodange.lab
paths: [] paths: []
postStart: [] # https://github.com/hashicorp/vault-helm/blob/main/values.yaml postStart: [] # https://github.com/hashicorp/vault-helm/blob/main/values.yaml

2
pgbouncer/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm
- name: pgbouncer - name: pgbouncer
version: 2.3.1 version: 2.3.1
repository: https://icoretech.github.io/helm repository: https://icoretech.github.io/helm

2
pgcat/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm
- name: pgcat - name: pgcat
version: 0.1.0 version: 0.1.0
repository: https://improwised.github.io/charts/ repository: https://improwised.github.io/charts/

2
plausible/iac/providers.tf
View File

@@ -8,7 +8,7 @@ terraform {
} }
provider "vault" { provider "vault" {
address = "https://vault.arcodange.duckdns.org" address = "https://vault.arcodange.lab"
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt" mount = "gitea_jwt"
role = "gitea_cicd_plausible" role = "gitea_cicd_plausible"

4
plausible/kustomization.yaml
View File

@@ -21,9 +21,9 @@ patches:
value: value:
certResolver: letsencrypt certResolver: letsencrypt
domains: domains:
- main: arcodange.duckdns.org - main: arcodange.lab
sans: sans:
- analytics.arcodange.duckdns.org - analytics.arcodange.lab
resources: resources:
- resources/vaultauth.yaml - resources/vaultauth.yaml

2
plausible/plausibleValues.yaml
View File

@@ -58,7 +58,7 @@ ingressRoute:
# -- List of [entry points](https://doc.traefik.io/traefik/routing/routers/#entrypoints) on which the ingress route will be available. # -- List of [entry points](https://doc.traefik.io/traefik/routing/routers/#entrypoints) on which the ingress route will be available.
entryPoints: [websecure] entryPoints: [websecure]
# -- [Matching rule](https://doc.traefik.io/traefik/routing/routers/#rule) for the underlying router. # -- [Matching rule](https://doc.traefik.io/traefik/routing/routers/#rule) for the underlying router.
rule: Host(`analytics.arcodange.duckdns.org`) rule: Host(`analytics.arcodange.lab`)
# -- List of [middleware objects](https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-middleware) for the ingress route. # -- List of [middleware objects](https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-middleware) for the ingress route.
middlewares: middlewares:
- name: localIp@file - name: localIp@file

2
plausible/resources/configmap.yaml
View File

@@ -9,7 +9,7 @@ data:
DB_PORT: !!str 5432 DB_PORT: !!str 5432
DB_NAME: plausible DB_NAME: plausible
BASE_URL: https://analytics.arcodange.duckdns.org BASE_URL: https://analytics.arcodange.lab
CLICKHOUSE_DATABASE_URL: http://plausible:plausiblearcodange@clickhouse.tools:8123/plausible CLICKHOUSE_DATABASE_URL: http://plausible:plausiblearcodange@clickhouse.tools:8123/plausible

2
redis/Chart.yaml
View File

@@ -16,7 +16,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm
- name: redis - name: redis
version: 2.1.0 version: 2.1.0
repository: https://charts.pascaliske.dev repository: https://charts.pascaliske.dev