arcodange-org/tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: arcodange-org:vibe/batch-pr-tools-v1-vault-dlc
Branches Tags
arcodange-org:main arcodange-org:vibe/batch-pr-tools-v1-vault-dlc
..
compare: arcodange-org:b027cb2c0f1d62d899948991ee9fbf5abf6b4a9f
Branches Tags
arcodange-org:main arcodange-org:vibe/batch-pr-tools-v1-vault-dlc

2 Commits
vibe/batch ... b027cb2c0f

Author SHA1 Message Date
Gabriel Radureau
b027cb2c0f set crowdsec lapi deployment strategy
All checks were successful
Helm Charts / Detect changed charts (push) Successful in 17s
Details
Helm Charts / Library charts tool (push) Has been skipped
Details
Helm Charts / Application charts pgcat (push) Has been skipped
Details
2025-12-10 14:51:44 +01:00
Gabriel Radureau
11de19ef91 try plausible CE for web analytics
All checks were successful
Helm Charts / Detect changed charts (push) Successful in 3m52s
Details
Helm Charts / Library charts tool (push) Has been skipped
Details
Helm Charts / Application charts pgcat (push) Has been skipped
Details
2025-12-10 14:37:36 +01:00
35 changed files with 62 additions and 1434 deletions
Expand all files Collapse all files

11
.gitea/workflows/crowdsec.yaml
View File

@@ -16,11 +16,10 @@ concurrency:
.vault_step: &vault_step .vault_step: &vault_step
name: read vault secret name: read vault secret
uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main
id: vault-secrets id: vault-secrets
with: with:
url: https://vault.arcodange.lab url: https://vault.arcodange.duckdns.org
caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
role: gitea_cicd_crowdsec role: gitea_cicd_crowdsec
method: jwt method: jwt
@@ -50,12 +49,12 @@ jobs:
env: env:
OPENTOFU_VERSION: 1.8.2 OPENTOFU_VERSION: 1.8.2
TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
VAULT_CACERT: "${{ github.workspace }}/homelab.pem"
steps: steps:
- *vault_step - *vault_step
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: prepare vault self signed cert # - uses: dflook/terraform-plan@v1
run: echo -n "${{ secrets.HOMELAB_CA_CERT }}" | base64 -d > $VAULT_CACERT # with:
# path: hashicorp-vault/iac
- name: terraform apply - name: terraform apply
uses: dflook/terraform-apply@v1 uses: dflook/terraform-apply@v1
with: with:

2
.gitea/workflows/helmcharts.yaml
View File

@@ -165,7 +165,7 @@ jobs:
chart_package=${chart}-${chart_version}.tgz chart_package=${chart}-${chart_version}.tgz
# helm package ${chart} # helm package ${chart}
tar -X ${chart}/.helmignore -czf ${chart_package} ${chart} tar -X ${chart}/.helmignore -czf ${chart_package} ${chart}
curl --user ${{ github.actor }}:${{ secrets.PACKAGES_TOKEN }} -X POST --upload-file ./${chart_package} https://gitea.arcodange.lab/api/packages/${{ github.repository_owner }}/helm/api/charts curl --user ${{ github.actor }}:${{ secrets.PACKAGES_TOKEN }} -X POST --upload-file ./${chart_package} https://gitea.arcodange.duckdns.org/api/packages/${{ github.repository_owner }}/helm/api/charts
application-charts: application-charts:
<<: *charts-matrix-job <<: *charts-matrix-job

11
.gitea/workflows/plausible.yaml
View File

@@ -16,11 +16,10 @@ concurrency:
.vault_step: &vault_step .vault_step: &vault_step
name: read vault secret name: read vault secret
uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main
id: vault-secrets id: vault-secrets
with: with:
url: https://vault.arcodange.lab url: https://vault.arcodange.duckdns.org
caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
role: gitea_cicd_plausible role: gitea_cicd_plausible
method: jwt method: jwt
@@ -50,12 +49,12 @@ jobs:
env: env:
OPENTOFU_VERSION: 1.8.2 OPENTOFU_VERSION: 1.8.2
TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
VAULT_CACERT: "${{ github.workspace }}/homelab.pem"
steps: steps:
- *vault_step - *vault_step
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: prepare vault self signed cert # - uses: dflook/terraform-plan@v1
run: echo -n "${{ secrets.HOMELAB_CA_CERT }}" | base64 -d > $VAULT_CACERT # with:
# path: hashicorp-vault/iac
- name: terraform apply - name: terraform apply
uses: dflook/terraform-apply@v1 uses: dflook/terraform-apply@v1
with: with:

11
.gitea/workflows/vault.yaml
View File

@@ -16,11 +16,10 @@ concurrency:
.vault_step: &vault_step .vault_step: &vault_step
name: read vault secret name: read vault secret
uses: https://gitea.arcodange.lab/arcodange-org/vault-action.git@main uses: https://gitea.arcodange.duckdns.org/arcodange-org/vault-action.git@main
id: vault-secrets id: vault-secrets
with: with:
url: https://vault.arcodange.lab url: https://vault.arcodange.duckdns.org
caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
role: gitea_cicd role: gitea_cicd
method: jwt method: jwt
@@ -51,12 +50,12 @@ jobs:
env: env:
OPENTOFU_VERSION: 1.8.2 OPENTOFU_VERSION: 1.8.2
TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }} TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
VAULT_CACERT: "${{ github.workspace }}/homelab.pem"
steps: steps:
- *vault_step - *vault_step
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: prepare vault self signed cert # - uses: dflook/terraform-plan@v1
run: echo -n "${{ secrets.HOMELAB_CA_CERT }}" | base64 -d > $VAULT_CACERT # with:
# path: hashicorp-vault/iac
- name: terraform apply - name: terraform apply
uses: dflook/terraform-apply@v1 uses: dflook/terraform-apply@v1
with: with:

2
chart/templates/apps.yaml
View File

@@ -10,7 +10,7 @@ metadata:
spec: spec:
project: tools project: tools
source: source:
repoURL: https://gitea.arcodange.lab/arcodange-org/tools repoURL: https://gitea.arcodange.duckdns.org/arcodange-org/tools
targetRevision: HEAD targetRevision: HEAD
path: {{ $app_name }} path: {{ $app_name }}
destination: destination:

2
chart/templates/project.yaml
View File

@@ -10,7 +10,7 @@ metadata:
spec: spec:
description: Arcodange tools (monitoring, cache, connection pool, secret management...) description: Arcodange tools (monitoring, cache, connection pool, secret management...)
sourceRepos: sourceRepos:
- 'https://gitea.arcodange.lab/arcodange-org/tools' - 'https://gitea.arcodange.duckdns.org/arcodange-org/tools'
# Only permit applications to deploy to the tools namespace in the same cluster # Only permit applications to deploy to the tools namespace in the same cluster
destinations: destinations:
- namespace: tools - namespace: tools

1
chart/values.yaml
View File

@@ -8,4 +8,3 @@ tools:
clickhouse: {} clickhouse: {}
grafana: {} grafana: {}
plausible: {} plausible: {}
prometheus: {}

2
clickhouse/charts/databases/templates/init-databases-job.yaml
View File

@@ -5,8 +5,6 @@ metadata:
labels: labels:
app.kubernetes.io/name: clickhouse-db-init app.kubernetes.io/name: clickhouse-db-init
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/init-sql-configmap.yaml") . | sha256sum }}
spec: spec:
template: template:
spec: spec:

2
clickhouse/charts/databases/templates/init-sql-configmap.yaml
View File

@@ -21,6 +21,4 @@ data:
ON {{ $db }}.* ON {{ $db }}.*
TO {{ $db }}; TO {{ $db }};
GRANT SELECT ON system.* TO {{ $db }};
{{- end }} {{- end }}

18
clickhouse/clickhouseValues.yaml
View File

@@ -158,15 +158,15 @@ resources: {}
# memory: 128Mi # memory: 128Mi
# -- Pod-level affinity. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling). # -- Pod-level affinity. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling).
affinity: affinity: {}
nodeAffinity: # nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: # requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: # nodeSelectorTerms:
- matchExpressions: # - matchExpressions:
- key: kubernetes.io/hostname # - key: kubernetes.io/hostname
operator: NotIn # operator: In
values: # values:
- pi2 # - my-node-xyz
# -- Pod-level tolerations. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling). # -- Pod-level tolerations. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling).
tolerations: [] tolerations: []

1
clickhouse/kustomization.yaml
View File

@@ -1,6 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: tools
helmGlobals: helmGlobals:
chartHome: charts chartHome: charts

2
crowdsec/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm
- name: crowdsec - name: crowdsec
version: 0.20.1 version: 0.20.1
repository: https://crowdsecurity.github.io/helm-charts repository: https://crowdsecurity.github.io/helm-charts

2
crowdsec/iac/providers.tf
View File

@@ -8,7 +8,7 @@ terraform {
} }
provider "vault" { provider "vault" {
address = "https://vault.arcodange.lab" address = "https://vault.arcodange.duckdns.org"
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt" mount = "gitea_jwt"
role = "gitea_cicd_crowdsec" role = "gitea_cicd_crowdsec"

5
crowdsec/values.yaml
View File

@@ -24,7 +24,10 @@ crowdsec: &crowdsec_config
value: Europe/Paris value: Europe/Paris
lapi: lapi:
strategy: strategy:
type: Recreate type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
env: env:
- name: TZ - name: TZ
value: Europe/Paris value: Europe/Paris

2
grafana/Chart.yaml
View File

@@ -16,7 +16,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm
- name: grafana - name: grafana
version: 10.3.0 version: 10.3.0
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts

45
grafana/values.yaml
View File

@@ -270,11 +270,11 @@ grafana: &grafana_config
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: grafana.arcodange.lab traefik.ingress.kubernetes.io/router.tls.domains.0.sans: grafana.arcodange.duckdns.org
traefik.ingress.kubernetes.io/router.middlewares: localIp@file traefik.ingress.kubernetes.io/router.middlewares: localIp@file
hosts: hosts:
- grafana.arcodange.lab - grafana.arcodange.duckdns.org
resources: resources:
limits: limits:
@@ -553,11 +553,11 @@ grafana: &grafana_config
username: arcodange username: arcodange
secureJsonData: secureJsonData:
password: clickhousearcodange password: clickhousearcodange
- name: Prometheus # - name: Prometheus
type: prometheus # type: prometheus
url: http://prometheus-server.tools.svc.cluster.local # url: http://prometheus-prometheus-server
access: proxy # access: proxy
isDefault: true # isDefault: true
# - name: CloudWatch # - name: CloudWatch
# type: cloudwatch # type: cloudwatch
# access: proxy # access: proxy
@@ -695,15 +695,6 @@ grafana: &grafana_config
disableDeletion: false disableDeletion: false
options: options:
path: /var/lib/grafana/dashboards/clickhouse path: /var/lib/grafana/dashboards/clickhouse
- name: 'grafana-dashboards-kubernetes'
orgId: 1
folder: 'Kubernetes'
type: file
disableDeletion: true
editable: true
options:
path: /var/lib/grafana/dashboards/grafana-dashboards-kubernetes
# - name: 'default' # - name: 'default'
# orgId: 1 # orgId: 1
# folder: '' # folder: ''
@@ -738,26 +729,6 @@ grafana: &grafana_config
curlOptions: "-sLf" curlOptions: "-sLf"
datasource: clickhouse datasource: clickhouse
grafana-dashboards-kubernetes:
k8s-system-api-server:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-api-server.json
token: ''
k8s-system-coredns:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-system-coredns.json
token: ''
k8s-views-global:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-global.json
token: ''
k8s-views-namespaces:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-namespaces.json
token: ''
k8s-views-nodes:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-nodes.json
token: ''
k8s-views-pods:
url: https://raw.githubusercontent.com/dotdc/grafana-dashboards-kubernetes/master/dashboards/k8s-views-pods.json
token: ''
# default: # default:
# some-dashboard: # some-dashboard:
# json: | # json: |

2
hashicorp-vault/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm
- name: vault - name: vault
version: 0.28.1 version: 0.28.1
repository: https://helm.releases.hashicorp.com repository: https://helm.releases.hashicorp.com

4
hashicorp-vault/README.md
View File

@@ -1,8 +1,8 @@
# Vault # Vault
1. Les [playbooks ansible](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/ansible/arcodange/factory/playbooks) configurent la base de données postgres et le minimum requis pour permetre au dépot "tools" d'appliquer via un workflow gitea action [une configuration vault via tofu](./iac/). 1. Les [playbooks ansible](https://gitea.arcodange.duckdns.org/arcodange-org/factory/src/branch/main/ansible/arcodange/factory/playbooks) configurent la base de données postgres et le minimum requis pour permetre au dépot "tools" d'appliquer via un workflow gitea action [une configuration vault via tofu](./iac/).
2. Configuration des backend d'authentification et des roles pour postgres et kubernetes. Définition de rôles "${app}-ops" pour permettre au dépot d'une application de définir ses propres dépendances dans vault. Rotation de credentials postgres pour les applications. 2. Configuration des backend d'authentification et des roles pour postgres et kubernetes. Définition de rôles "${app}-ops" pour permettre au dépot d'une application de définir ses propres dépendances dans vault. Rotation de credentials postgres pour les applications.
3. [Le dépot de l'application webapp](https://gitea.arcodange.lab/arcodange-org/webapp) gère l'obtention de ses crédentials pour postgres. 3. [Le dépot de l'application webapp](https://gitea.arcodange.duckdns.org/arcodange-org/webapp) gère l'obtention de ses crédentials pour postgres.
```mermaid ```mermaid
flowchart LR flowchart LR

2
hashicorp-vault/iac/providers.tf
View File

@@ -8,7 +8,7 @@ terraform {
} }
provider "vault" { provider "vault" {
address = "https://vault.arcodange.lab" address = "https://vault.arcodange.duckdns.org"
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt" mount = "gitea_jwt"
role = "gitea_cicd" role = "gitea_cicd"

1
hashicorp-vault/iac/terraform.tfvars
View File

@@ -1,7 +1,6 @@
applications = [ applications = [
{ name = "webapp" }, { name = "webapp" },
{ name = "erp" }, { name = "erp" },
{ name = "dance-lessons-coach" },
{ {
name = "cms" name = "cms"
ops_policies = ["factory__cf_r2_arcodange_tf"] ops_policies = ["factory__cf_r2_arcodange_tf"]

6
hashicorp-vault/values.yaml
View File

@@ -15,11 +15,11 @@ vault: &vault_config
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: vault.arcodange.lab traefik.ingress.kubernetes.io/router.tls.domains.0.sans: vault.arcodange.duckdns.org
traefik.ingress.kubernetes.io/router.middlewares: localIp@file traefik.ingress.kubernetes.io/router.middlewares: localIp@file
hosts: hosts:
- host: vault.arcodange.lab - host: vault.arcodange.duckdns.org
paths: [] paths: []
postStart: [] # https://github.com/hashicorp/vault-helm/blob/main/values.yaml postStart: [] # https://github.com/hashicorp/vault-helm/blob/main/values.yaml

2
pgbouncer/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm
- name: pgbouncer - name: pgbouncer
version: 2.3.1 version: 2.3.1
repository: https://icoretech.github.io/helm repository: https://icoretech.github.io/helm

1
pgbouncer/values.yaml
View File

@@ -15,7 +15,6 @@ pgbouncer: &pgbouncer_config
auth_query: SELECT uname, phash FROM user_lookup($1) auth_query: SELECT uname, phash FROM user_lookup($1)
ignore_startup_parameters: extra_float_digits # unsupported jdbc extra_float_digits=2 argument ignore_startup_parameters: extra_float_digits # unsupported jdbc extra_float_digits=2 argument
server_reset_query: DEALLOCATE ALL # fix prepared statement already exist (crowdsec) server_reset_query: DEALLOCATE ALL # fix prepared statement already exist (crowdsec)
server_idle_timeout: 7200
pgbouncerExporter: pgbouncerExporter:
enabled: false enabled: false

2
pgcat/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm
- name: pgcat - name: pgcat
version: 0.1.0 version: 0.1.0
repository: https://improwised.github.io/charts/ repository: https://improwised.github.io/charts/

4
plausible/add-initcontainer.yaml
View File

@@ -6,8 +6,8 @@
- op: add - op: add
path: /spec/template/spec/initContainers/0/volumeMounts path: /spec/template/spec/initContainers/0/volumeMounts
value: value:
- name: generated-secrets name: generated-secrets
mountPath: /run/secrets mountPath: /run/secrets
- op: add - op: add
path: /spec/template/spec/initContainers/0 path: /spec/template/spec/initContainers/0
value: value:

2
plausible/iac/providers.tf
View File

@@ -8,7 +8,7 @@ terraform {
} }
provider "vault" { provider "vault" {
address = "https://vault.arcodange.lab" address = "https://vault.arcodange.duckdns.org"
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt" mount = "gitea_jwt"
role = "gitea_cicd_plausible" role = "gitea_cicd_plausible"

23
plausible/kustomization.yaml
View File

@@ -1,15 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: tools
# https://kubectl.docs.kubernetes.io/references/kustomize/builtins/#_helmchartinflationgenerator_
helmCharts: helmCharts:
- name: plausible - name: plausible
repo: https://charts.pascaliske.dev repo: https://charts.pascaliske.dev
version: 2.0.0 version: 2.0.0
releaseName: plausible releaseName: plausible
valuesFile: plausibleValues.yaml valuesFile: plausibleValues.yaml
namespace: tools
patches: patches:
- target: - target:
@@ -21,9 +18,9 @@ patches:
value: value:
certResolver: letsencrypt certResolver: letsencrypt
domains: domains:
- main: arcodange.lab - main: arcodange.duckdns.org
sans: sans:
- analytics.arcodange.lab - analytics.arcodange.duckdns.org
resources: resources:
- resources/vaultauth.yaml - resources/vaultauth.yaml
@@ -31,7 +28,6 @@ resources:
- resources/vaultsecret.yaml - resources/vaultsecret.yaml
- resources/configmap.yaml - resources/configmap.yaml
- resources/geoipsecret.yaml - resources/geoipsecret.yaml
- resources/ingressroute.yaml
patchesJson6902: patchesJson6902:
- target: - target:
@@ -47,16 +43,6 @@ patchesJson6902:
secretKeyRef: secretKeyRef:
name: plausible-geoip name: plausible-geoip
key: LICENSE_KEY key: LICENSE_KEY
- op: replace
path: /spec/template/spec/containers/1/env/4
value:
name: GEOIPUPDATE_EDITION_IDS
value: "GeoLite2-Country GeoLite2-City"
- op: add
path: /spec/template/spec/containers/0/env/2
value:
name: IP_GEOLOCATION_DB
value: /geoip/GeoLite2-City.mmdb
- op: add - op: add
path: /spec/template/spec/volumes/- path: /spec/template/spec/volumes/-
value: value:
@@ -73,11 +59,6 @@ patchesJson6902:
value: value:
- configMapRef: - configMapRef:
name: plausible-config name: plausible-config
- op: replace
path: /spec/template/spec/initContainers/0/args
value:
- >-
sleep 10 && /entrypoint.sh db migrate
- target: - target:
version: v1 version: v1
kind: Deployment kind: Deployment

2
plausible/plausibleValues.yaml
View File

@@ -58,7 +58,7 @@ ingressRoute:
# -- List of [entry points](https://doc.traefik.io/traefik/routing/routers/#entrypoints) on which the ingress route will be available. # -- List of [entry points](https://doc.traefik.io/traefik/routing/routers/#entrypoints) on which the ingress route will be available.
entryPoints: [websecure] entryPoints: [websecure]
# -- [Matching rule](https://doc.traefik.io/traefik/routing/routers/#rule) for the underlying router. # -- [Matching rule](https://doc.traefik.io/traefik/routing/routers/#rule) for the underlying router.
rule: Host(`analytics.arcodange.lab`) rule: 'Host(analytics.arcodange.duckdns.org)'
# -- List of [middleware objects](https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-middleware) for the ingress route. # -- List of [middleware objects](https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-middleware) for the ingress route.
middlewares: middlewares:
- name: localIp@file - name: localIp@file

11
plausible/resources/configmap.yaml
View File

@@ -9,13 +9,6 @@ data:
DB_PORT: !!str 5432 DB_PORT: !!str 5432
DB_NAME: plausible DB_NAME: plausible
BASE_URL: https://analytics.arcodange.lab BASE_URL: https://analytics.arcodange.duckdns.org
CLICKHOUSE_DATABASE_URL: http://plausible:plausiblearcodange@clickhouse.tools:8123/plausible CLICKHOUSE_DATABASE_URL: http://plausible:plausiblearcodange@plausible.tools:8123/plausible
DB_POOL_SIZE: "30"
DB_QUEUE_TARGET: "10000" # 10 secondes
DB_CONNECT_TIMEOUT: "30000" # 30 secondes
DB_RECONNECT_ATTEMPTS: "5"
DB_RECONNECT_DELAY: "5000"

20
plausible/resources/ingressroute.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: plausible-external
labels:
app.kubernetes.io/instance: plausible
app.kubernetes.io/name: plausible
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`analytics.arcodange.fr`) && (PathPrefix(`/api/event`) || PathPrefix(`/js/`))
middlewares:
- name: kube-system-crowdsec@kubernetescrd
services:
- kind: Service
name: plausible-web
namespace: tools
port: 8000

23
prometheus/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: prometheus
description: A Helm chart for Kubernetes
dependencies:
- name: tool
version: 0.1.0
repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm
- name: prometheus
version: 28.13.0
repository: https://prometheus-community.github.io/helm-charts
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
version: 0.1.0
appVersion: "v3.10.0"

3
prometheus/templates/helm-chart-config.yaml
View File

@@ -1,3 +0,0 @@
{{- if eq .Values.tool.kind "HelmChart" -}}
{{- include "tool.helm-chart-config.tpl" . -}}
{{- end -}}

3
prometheus/templates/helm-chart.yaml
View File

@@ -1,3 +0,0 @@
{{- if eq .Values.tool.kind "HelmChart" -}}
{{- include "tool.helm-chart.tpl" . -}}
{{- end -}}

1260
prometheus/values.yaml
View File

File diff suppressed because it is too large Load Diff

2
redis/Chart.yaml
View File

@@ -16,7 +16,7 @@ description: A Helm chart for Kubernetes
dependencies: dependencies:
- name: tool - name: tool
version: 0.1.0 version: 0.1.0
repository: https://gitea.arcodange.lab/api/packages/arcodange-org/helm repository: https://gitea.arcodange.duckdns.org/api/packages/arcodange-org/helm
- name: redis - name: redis
version: 2.1.0 version: 2.1.0
repository: https://charts.pascaliske.dev repository: https://charts.pascaliske.dev