Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
3f520434da |
@@ -17,7 +17,6 @@ ArgoCD homelab project
|
||||
| **cert-manager** | [](https://ag.hexor.cy/applications/argocd/cert-manager) |
|
||||
| **external-secrets** | [](https://ag.hexor.cy/applications/argocd/external-secrets) |
|
||||
| **gpu** | [](https://ag.hexor.cy/applications/argocd/gpu) |
|
||||
| **kanidm** | [](https://ag.hexor.cy/applications/argocd/kanidm) |
|
||||
| **kube-system-custom** | [](https://ag.hexor.cy/applications/argocd/kube-system-custom) |
|
||||
| **kubernetes-dashboard** | [](https://ag.hexor.cy/applications/argocd/kubernetes-dashboard) |
|
||||
| **longhorn** | [](https://ag.hexor.cy/applications/argocd/longhorn) |
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: kanidm
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: core
|
||||
destination:
|
||||
namespace: kanidm
|
||||
server: https://kubernetes.default.svc
|
||||
source:
|
||||
repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
|
||||
targetRevision: HEAD
|
||||
path: k8s/core/kanidm
|
||||
syncPolicy:
|
||||
automated:
|
||||
selfHeal: true
|
||||
prune: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ServerSideApply=true
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: kanidm-tls
|
||||
spec:
|
||||
secretName: kanidm-tls
|
||||
issuerRef:
|
||||
name: letsencrypt
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- auth.hexor.cy
|
||||
@@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: kanidm-config
|
||||
data:
|
||||
server.toml: |
|
||||
bindaddress = "[::]:443"
|
||||
db_path = "/data/kanidm.db"
|
||||
tls_chain = "/certs/tls.crt"
|
||||
tls_key = "/certs/tls.key"
|
||||
domain = "auth.hexor.cy"
|
||||
origin = "https://auth.hexor.cy"
|
||||
log_level = "info"
|
||||
|
||||
[online_backup]
|
||||
path = "/data/backups/"
|
||||
schedule = "00 22 * * *"
|
||||
versions = 7
|
||||
@@ -1,20 +0,0 @@
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: kanidm
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`auth.hexor.cy`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: kanidm
|
||||
port: 443
|
||||
scheme: https
|
||||
serversTransport: kanidm-transport
|
||||
tls:
|
||||
secretName: kanidm-ingress-tls
|
||||
@@ -1,11 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- app.yaml
|
||||
- configmap.yaml
|
||||
- certificate.yaml
|
||||
- statefulset.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
- servers-transport.yaml
|
||||
@@ -1,7 +0,0 @@
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: kanidm-transport
|
||||
spec:
|
||||
insecureSkipVerify: true
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kanidm
|
||||
labels:
|
||||
app: kanidm
|
||||
spec:
|
||||
ports:
|
||||
- name: https
|
||||
port: 443
|
||||
targetPort: 443
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: kanidm
|
||||
@@ -1,86 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: kanidm
|
||||
labels:
|
||||
app: kanidm
|
||||
spec:
|
||||
serviceName: kanidm
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kanidm
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kanidm
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: kanidm
|
||||
image: kanidm/server:1.9.3
|
||||
ports:
|
||||
- containerPort: 443
|
||||
name: https
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: kanidm-data
|
||||
mountPath: /data
|
||||
- name: kanidm-config
|
||||
mountPath: /data/server.toml
|
||||
subPath: server.toml
|
||||
readOnly: true
|
||||
- name: kanidm-tls
|
||||
mountPath: /certs
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /status
|
||||
port: 443
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /status
|
||||
port: 443
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 30
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
volumes:
|
||||
- name: kanidm-config
|
||||
configMap:
|
||||
name: kanidm-config
|
||||
- name: kanidm-tls
|
||||
secret:
|
||||
secretName: kanidm-tls
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: kanidm-data
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
Reference in New Issue
Block a user