diff --git a/envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml b/envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml deleted file mode 100644 index 9a505aa..0000000 --- a/envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml +++ /dev/null @@ -1,16 +0,0 @@ -#@ load("@ytt:overlay", "overlay") - -#@overlay/match by=overlay.all, expects="1+" ---- -#@overlay/match-child-defaults missing_ok=True -spec: - ignoreDifferences: - - group: batch - kind: Job - jsonPointers: - - /spec/selector - - /spec/template/metadata/labels - syncPolicy: - syncOptions: - #@overlay/append - - RespectIgnoreDifferences=true diff --git a/envs/production/_apps/nextcloud/app-data.ytt.yaml b/envs/production/_apps/ocis/app-data.ytt.yaml similarity index 78% rename from envs/production/_apps/nextcloud/app-data.ytt.yaml rename to envs/production/_apps/ocis/app-data.ytt.yaml index 5a9a3a1..34a60a7 100644 --- a/envs/production/_apps/nextcloud/app-data.ytt.yaml +++ b/envs/production/_apps/ocis/app-data.ytt.yaml @@ -2,4 +2,4 @@ --- #@overlay/match-child-defaults missing_ok=True application: - namespace: nextcloud + namespace: ocis diff --git a/envs/production/env-data.ytt.yaml b/envs/production/env-data.ytt.yaml index 13e3b49..3b5aac7 100644 --- a/envs/production/env-data.ytt.yaml +++ b/envs/production/env-data.ytt.yaml @@ -14,4 +14,4 @@ environment: - proto: hcloud-csi - proto: cloudnative-pg - proto: metrics-server - - proto: nextcloud + - proto: ocis diff --git a/prototypes/nextcloud/helm/nextcloud.yaml b/prototypes/nextcloud/helm/nextcloud.yaml deleted file mode 100644 index 541fd75..0000000 --- a/prototypes/nextcloud/helm/nextcloud.yaml +++ /dev/null @@ -1,198 +0,0 @@ ---- -_hostname: &hostname nextcloud.tr1ceracop.de - -replicaCount: 1 - -image: - flavor: fpm-alpine - -nginx: - enabled: false - -nextcloud: - host: *hostname - - existingSecret: - enabled: true - secretName: nextcloud-admin-secret - usernameKey: nextcloud-username - passwordKey: nextcloud-password - - objectStore: - s3: - enabled: true - bucket: nextcloud-tr1ceracop - host: nbg1.your-objectstorage.com - port: "443" - ssl: true - region: nbg1 - usePathStyle: true - existingSecret: nextcloud-s3-credentials - secretKeys: - accessKey: ACCESS_KEY_ID - secretKey: SECRET_ACCESS_KEY - - defaultConfigs: - .htaccess: false - apache-pretty-urls.config.php: false - apcu.config.php: false - apps.config.php: false - autoconfig.php: false - redis.config.php: false - reverse-proxy.config.php: false - s3.config.php: false - smtp.config.php: false - swift.config.php: false - upgrade-disable-web.config.php: false - helm-metrics.config.php: false - - extraEnv: - - name: TRUSTED_PROXIES - value: "10.0.0.0/8" - - name: OVERWRITEPROTOCOL - value: "https" - - name: OVERWRITEHOST - value: *hostname - - name: OVERWRITECLIURL - value: "https://nextcloud.tr1ceracop.de" - - name: NC_default_phone_region - value: "DE" - - phpConfigs: - uploadLimit.ini: | - upload_max_filesize = 16G - post_max_size = 16G - max_input_time = 3600 - max_execution_time = 3600 - opcache.ini: | - opcache.enable=1 - opcache.interned_strings_buffer=32 - opcache.max_accelerated_files=10000 - opcache.memory_consumption=256 - opcache.save_comments=1 - opcache.revalidate_freq=60 - - extraSidecarContainers: - - name: caddy - image: caddy:2-alpine - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - name: nextcloud-main - mountPath: /var/www/ - subPath: root - - name: nextcloud-main - mountPath: /var/www/html - subPath: html - - name: nextcloud-main - mountPath: /var/www/html/data - subPath: data - - name: nextcloud-main - mountPath: /var/www/html/config - subPath: config - - name: nextcloud-main - mountPath: /var/www/html/custom_apps - subPath: custom_apps - - name: nextcloud-main - mountPath: /var/www/tmp - subPath: tmp - - name: nextcloud-main - mountPath: /var/www/html/themes - subPath: themes - - name: caddy-config - mountPath: /etc/caddy - resources: - requests: - cpu: 50m - memory: 32Mi - limits: - memory: 64Mi - livenessProbe: - httpGet: - path: /status.php - port: 80 - httpHeaders: - - name: Host - value: *hostname - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /status.php - port: 80 - httpHeaders: - - name: Host - value: *hostname - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 5 - - extraVolumes: - - name: caddy-config - configMap: - name: nextcloud-caddy-config - - strategy: - type: Recreate - -internalDatabase: - enabled: false - -externalDatabase: - enabled: true - type: postgresql - host: nextcloud-cnpg-rw.nextcloud.svc:5432 - database: nextcloud - existingSecret: - enabled: true - secretName: nextcloud-cnpg-app - usernameKey: username - passwordKey: password - -mariadb: - enabled: false - -postgresql: - enabled: false - -redis: - enabled: false - -externalRedis: - enabled: true - host: nextcloud-valkey.nextcloud.svc - port: "6379" - existingSecret: - enabled: true - secretName: nextcloud-valkey-password - passwordKey: password - -cronjob: - enabled: true - -persistence: - enabled: true - size: 2Gi - storageClass: local-path - annotations: - helm.sh/resource-policy: keep - -ingress: - enabled: true - className: traefik - annotations: - cert-manager.io/cluster-issuer: letsencrypt - tls: - - secretName: nextcloud-tls - hosts: - - *hostname - -resources: - requests: - cpu: 200m - memory: 256Mi - limits: - memory: 512Mi diff --git a/prototypes/nextcloud/vendir/vendir-data.ytt.yaml b/prototypes/nextcloud/vendir/vendir-data.ytt.yaml deleted file mode 100644 index bcee638..0000000 --- a/prototypes/nextcloud/vendir/vendir-data.ytt.yaml +++ /dev/null @@ -1,8 +0,0 @@ -#@data/values-schema ---- -#@overlay/match-child-defaults missing_ok=True -application: - #! renovate: datasource=helm - name: nextcloud - url: https://nextcloud.github.io/helm/ - version: 9.0.4 diff --git a/prototypes/nextcloud/ytt/admin-secret-job.ytt.yaml b/prototypes/nextcloud/ytt/admin-secret-job.ytt.yaml deleted file mode 100644 index 0c346ed..0000000 --- a/prototypes/nextcloud/ytt/admin-secret-job.ytt.yaml +++ /dev/null @@ -1,85 +0,0 @@ -#@ load("@ytt:data", "data") - -#@ ns = data.values.application.namespace - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nextcloud-secret-init - namespace: #@ ns - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: nextcloud-secret-init - namespace: #@ ns -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "create"] - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: nextcloud-secret-init - namespace: #@ ns -subjects: - - kind: ServiceAccount - name: nextcloud-secret-init - namespace: #@ ns -roleRef: - kind: Role - name: nextcloud-secret-init - apiGroup: rbac.authorization.k8s.io - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: nextcloud-secret-init - namespace: #@ ns - annotations: - argocd.argoproj.io/sync-options: Replace=true -spec: - ttlSecondsAfterFinished: 300 - template: - spec: - serviceAccountName: nextcloud-secret-init - restartPolicy: OnFailure - containers: - - name: init - image: alpine/k8s:1.32.3 - command: - - sh - - -c - - | - set -e - - if ! kubectl get secret nextcloud-admin-secret -n ${NAMESPACE} >/dev/null 2>&1; then - PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24) - kubectl create secret generic nextcloud-admin-secret \ - -n ${NAMESPACE} \ - --from-literal=nextcloud-username=admin \ - --from-literal=nextcloud-password="${PASSWORD}" - echo "Created nextcloud-admin-secret" - else - echo "nextcloud-admin-secret already exists, skipping" - fi - - if ! kubectl get secret nextcloud-valkey-password -n ${NAMESPACE} >/dev/null 2>&1; then - VALKEY_PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24) - kubectl create secret generic nextcloud-valkey-password \ - -n ${NAMESPACE} \ - --from-literal=password="${VALKEY_PASSWORD}" - echo "Created nextcloud-valkey-password" - else - echo "nextcloud-valkey-password already exists, skipping" - fi - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace diff --git a/prototypes/nextcloud/ytt/caddy.ytt.yaml b/prototypes/nextcloud/ytt/caddy.ytt.yaml deleted file mode 100644 index 0d99f1b..0000000 --- a/prototypes/nextcloud/ytt/caddy.ytt.yaml +++ /dev/null @@ -1,61 +0,0 @@ -#@ load("@ytt:data", "data") - -#@ ns = data.values.application.namespace - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nextcloud-caddy-config - namespace: #@ ns -data: - Caddyfile: | - :80 { - root * /var/www/html - - header { - Referrer-Policy "no-referrer" - X-Content-Type-Options "nosniff" - X-Frame-Options "SAMEORIGIN" - X-Permitted-Cross-Domain-Policies "none" - X-Robots-Tag "noindex, nofollow" - X-XSS-Protection "1; mode=block" - -X-Powered-By - } - - redir /.well-known/carddav /remote.php/dav/ 301 - redir /.well-known/caldav /remote.php/dav/ 301 - redir /.well-known/* /index.php{uri} 301 - - @blocked path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/* - respond @blocked 404 - - @davclnt { - path / - header User-Agent DavClnt* - } - redir @davclnt /remote.php/webdav/ 302 - - redir /remote /remote.php{uri} 301 - - php_fastcgi 127.0.0.1:9000 { - env HTTPS on - env modHeadersAvailable true - env front_controller_active true - resolve_root_symlink - } - - @static path *.css *.js *.mjs *.svg *.gif *.ico *.jpg *.png *.webp *.wasm *.tflite *.map *.ogg *.flac - header @static Cache-Control "max-age=15778463" - - @fonts path *.otf *.woff *.woff2 - header @fonts Cache-Control "max-age=604800" - - encode gzip - - file_server - - request_body { - max_size 16GB - } - } diff --git a/prototypes/nextcloud/ytt/cnpg-cluster.ytt.yaml b/prototypes/nextcloud/ytt/cnpg-cluster.ytt.yaml deleted file mode 100644 index 56c925c..0000000 --- a/prototypes/nextcloud/ytt/cnpg-cluster.ytt.yaml +++ /dev/null @@ -1,36 +0,0 @@ -#@ load("@ytt:data", "data") - -#@ ns = data.values.application.namespace - ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: nextcloud-cnpg - namespace: #@ ns -spec: - instances: 2 - - bootstrap: - initdb: - database: nextcloud - owner: nextcloud - - storage: - size: 5Gi - storageClass: hcloud-volumes - - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - memory: 512Mi - - postgresql: - parameters: - shared_buffers: "64MB" - effective_cache_size: "128MB" - work_mem: "4MB" - maintenance_work_mem: "32MB" - max_connections: "100" diff --git a/prototypes/nextcloud/ytt/valkey.ytt.yaml b/prototypes/nextcloud/ytt/valkey.ytt.yaml deleted file mode 100644 index ec29459..0000000 --- a/prototypes/nextcloud/ytt/valkey.ytt.yaml +++ /dev/null @@ -1,78 +0,0 @@ -#@ load("@ytt:data", "data") - -#@ ns = data.values.application.namespace - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nextcloud-valkey - namespace: #@ ns - labels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: nextcloud -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: nextcloud - template: - metadata: - labels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: nextcloud - spec: - containers: - - name: valkey - image: valkey/valkey:8-alpine - args: - - valkey-server - - --requirepass - - $(VALKEY_PASSWORD) - env: - - name: VALKEY_PASSWORD - valueFrom: - secretKeyRef: - name: nextcloud-valkey-password - key: password - ports: - - name: valkey - containerPort: 6379 - protocol: TCP - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - memory: 128Mi - livenessProbe: - tcpSocket: - port: valkey - initialDelaySeconds: 10 - periodSeconds: 10 - readinessProbe: - tcpSocket: - port: valkey - initialDelaySeconds: 5 - periodSeconds: 5 - ---- -apiVersion: v1 -kind: Service -metadata: - name: nextcloud-valkey - namespace: #@ ns - labels: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: nextcloud -spec: - type: ClusterIP - ports: - - port: 6379 - targetPort: valkey - protocol: TCP - name: valkey - selector: - app.kubernetes.io/name: valkey - app.kubernetes.io/instance: nextcloud diff --git a/prototypes/nextcloud/app-data.ytt.yaml b/prototypes/ocis/app-data.ytt.yaml similarity index 78% rename from prototypes/nextcloud/app-data.ytt.yaml rename to prototypes/ocis/app-data.ytt.yaml index 5a9a3a1..34a60a7 100644 --- a/prototypes/nextcloud/app-data.ytt.yaml +++ b/prototypes/ocis/app-data.ytt.yaml @@ -2,4 +2,4 @@ --- #@overlay/match-child-defaults missing_ok=True application: - namespace: nextcloud + namespace: ocis diff --git a/prototypes/ocis/helm/ocis.yaml b/prototypes/ocis/helm/ocis.yaml new file mode 100644 index 0000000..b5485e3 --- /dev/null +++ b/prototypes/ocis/helm/ocis.yaml @@ -0,0 +1,83 @@ +--- +externalDomain: drive.tr1ceracop.de + +ingress: + enabled: true + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: letsencrypt + tls: + - secretName: ocis-tls + hosts: + - drive.tr1ceracop.de + +features: + emailNotifications: + enabled: false + +secretRefs: + s3CredentialsSecretRef: ocis-s3-credentials + +services: + storageusers: + storageBackend: + driver: s3ng + driverConfig: + s3ng: + endpoint: https://nbg1.your-objectstorage.com + region: nbg1 + bucket: ocis-tr1ceracop + persistence: + enabled: true + storageClassName: local-path + size: 5Gi + accessModes: + - ReadWriteOnce + + storagesystem: + persistence: + enabled: true + storageClassName: local-path + size: 5Gi + accessModes: + - ReadWriteOnce + + idm: + persistence: + enabled: true + storageClassName: local-path + size: 1Gi + accessModes: + - ReadWriteOnce + + nats: + persistence: + enabled: true + storageClassName: local-path + size: 1Gi + accessModes: + - ReadWriteOnce + + search: + persistence: + enabled: true + storageClassName: local-path + size: 5Gi + accessModes: + - ReadWriteOnce + + web: + persistence: + enabled: true + storageClassName: local-path + size: 1Gi + accessModes: + - ReadWriteOnce + + thumbnails: + persistence: + enabled: true + storageClassName: local-path + size: 2Gi + accessModes: + - ReadWriteOnce diff --git a/prototypes/nextcloud/vendir/base.ytt.yaml b/prototypes/ocis/vendir/base.ytt.yaml similarity index 61% rename from prototypes/nextcloud/vendir/base.ytt.yaml rename to prototypes/ocis/vendir/base.ytt.yaml index 530cdb0..58ecd26 100644 --- a/prototypes/nextcloud/vendir/base.ytt.yaml +++ b/prototypes/ocis/vendir/base.ytt.yaml @@ -8,9 +8,8 @@ directories: - path: #@ "charts/" + app.name contents: - path: . - helmChart: - name: #@ app.name - version: #@ app.version - repository: - url: #@ app.url + git: + url: #@ app.gitUrl + ref: #@ app.gitRef + newRootPath: #@ app.chartPath lazy: true diff --git a/prototypes/ocis/vendir/vendir-data.ytt.yaml b/prototypes/ocis/vendir/vendir-data.ytt.yaml new file mode 100644 index 0000000..3157cac --- /dev/null +++ b/prototypes/ocis/vendir/vendir-data.ytt.yaml @@ -0,0 +1,8 @@ +#@data/values-schema +--- +#@overlay/match-child-defaults missing_ok=True +application: + name: ocis + gitUrl: https://github.com/owncloud/ocis-charts.git + gitRef: main + chartPath: charts/ocis diff --git a/prototypes/nextcloud/ytt/ns.ytt.yaml b/prototypes/ocis/ytt/ns.ytt.yaml similarity index 100% rename from prototypes/nextcloud/ytt/ns.ytt.yaml rename to prototypes/ocis/ytt/ns.ytt.yaml diff --git a/prototypes/ocis/ytt/s3-secret-job.ytt.yaml b/prototypes/ocis/ytt/s3-secret-job.ytt.yaml new file mode 100644 index 0000000..280afc9 --- /dev/null +++ b/prototypes/ocis/ytt/s3-secret-job.ytt.yaml @@ -0,0 +1,77 @@ +#@ load("@ytt:data", "data") + +#@ ns = data.values.application.namespace + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ocis-secret-init + namespace: #@ ns + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ocis-secret-init + namespace: #@ ns +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ocis-secret-init + namespace: #@ ns +subjects: + - kind: ServiceAccount + name: ocis-secret-init + namespace: #@ ns +roleRef: + kind: Role + name: ocis-secret-init + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: ocis-secret-init + namespace: #@ ns + annotations: + argocd.argoproj.io/sync-options: Replace=true +spec: + ttlSecondsAfterFinished: 300 + template: + spec: + serviceAccountName: ocis-secret-init + restartPolicy: OnFailure + containers: + - name: init + image: alpine/k8s:1.32.3 + command: + - sh + - -c + - | + set -e + + SECRET_NAME="ocis-s3-credentials" + + if ! kubectl get secret "${SECRET_NAME}" -n ${NAMESPACE} >/dev/null 2>&1; then + echo "ERROR: Secret ${SECRET_NAME} does not exist in namespace ${NAMESPACE}." + echo "Please create it manually with keys 'accessKey' and 'secretKey':" + echo " kubectl create secret generic ${SECRET_NAME} -n ${NAMESPACE} \\" + echo " --from-literal=accessKey= \\" + echo " --from-literal=secretKey=" + exit 1 + else + echo "Secret ${SECRET_NAME} exists, OK" + fi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace diff --git a/rendered/argocd/production/app-nextcloud.yaml b/rendered/argocd/production/app-ocis.yaml similarity index 65% rename from rendered/argocd/production/app-nextcloud.yaml rename to rendered/argocd/production/app-ocis.yaml index d8ed32b..a66aded 100644 --- a/rendered/argocd/production/app-nextcloud.yaml +++ b/rendered/argocd/production/app-ocis.yaml @@ -5,21 +5,15 @@ metadata: myks.dev/environment: production finalizers: - resources-finalizer.argocd.argoproj.io - name: app-production-nextcloud + name: app-production-ocis namespace: argocd spec: destination: - namespace: nextcloud + namespace: ocis server: https://kubernetes.default.svc - ignoreDifferences: - - group: batch - jsonPointers: - - /spec/selector - - /spec/template/metadata/labels - kind: Job project: env-production source: - path: rendered/envs/production/nextcloud + path: rendered/envs/production/ocis repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git targetRevision: main syncPolicy: @@ -29,4 +23,3 @@ spec: syncOptions: - CreateNamespace=true - ServerSideApply=true - - RespectIgnoreDifferences=true diff --git a/rendered/envs/production/nextcloud/cluster-nextcloud-cnpg.yaml b/rendered/envs/production/nextcloud/cluster-nextcloud-cnpg.yaml deleted file mode 100644 index 922eca0..0000000 --- a/rendered/envs/production/nextcloud/cluster-nextcloud-cnpg.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - name: nextcloud-cnpg - namespace: nextcloud -spec: - bootstrap: - initdb: - database: nextcloud - owner: nextcloud - instances: 2 - postgresql: - parameters: - effective_cache_size: 128MB - maintenance_work_mem: 32MB - max_connections: "100" - shared_buffers: 64MB - work_mem: 4MB - resources: - limits: - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - storage: - size: 5Gi - storageClass: hcloud-volumes diff --git a/rendered/envs/production/nextcloud/configmap-nextcloud-caddy-config.yaml b/rendered/envs/production/nextcloud/configmap-nextcloud-caddy-config.yaml deleted file mode 100644 index 2a0f413..0000000 --- a/rendered/envs/production/nextcloud/configmap-nextcloud-caddy-config.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: v1 -data: - Caddyfile: | - :80 { - root * /var/www/html - - header { - Referrer-Policy "no-referrer" - X-Content-Type-Options "nosniff" - X-Frame-Options "SAMEORIGIN" - X-Permitted-Cross-Domain-Policies "none" - X-Robots-Tag "noindex, nofollow" - X-XSS-Protection "1; mode=block" - -X-Powered-By - } - - redir /.well-known/carddav /remote.php/dav/ 301 - redir /.well-known/caldav /remote.php/dav/ 301 - redir /.well-known/* /index.php{uri} 301 - - @blocked path /build/* /tests/* /config/* /lib/* /3rdparty/* /templates/* /data/* - respond @blocked 404 - - @davclnt { - path / - header User-Agent DavClnt* - } - redir @davclnt /remote.php/webdav/ 302 - - redir /remote /remote.php{uri} 301 - - php_fastcgi 127.0.0.1:9000 { - env HTTPS on - env modHeadersAvailable true - env front_controller_active true - resolve_root_symlink - } - - @static path *.css *.js *.mjs *.svg *.gif *.ico *.jpg *.png *.webp *.wasm *.tflite *.map *.ogg *.flac - header @static Cache-Control "max-age=15778463" - - @fonts path *.otf *.woff *.woff2 - header @fonts Cache-Control "max-age=604800" - - encode gzip - - file_server - - request_body { - max_size 16GB - } - } -kind: ConfigMap -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - name: nextcloud-caddy-config - namespace: nextcloud diff --git a/rendered/envs/production/nextcloud/configmap-nextcloud-phpconfig.yaml b/rendered/envs/production/nextcloud/configmap-nextcloud-phpconfig.yaml deleted file mode 100644 index 927eb4d..0000000 --- a/rendered/envs/production/nextcloud/configmap-nextcloud-phpconfig.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -data: - opcache.ini: |- - opcache.enable=1 - opcache.interned_strings_buffer=32 - opcache.max_accelerated_files=10000 - opcache.memory_consumption=256 - opcache.save_comments=1 - opcache.revalidate_freq=60 - uploadLimit.ini: |- - upload_max_filesize = 16G - post_max_size = 16G - max_input_time = 3600 - max_execution_time = 3600 -kind: ConfigMap -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - labels: - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nextcloud - app.kubernetes.io/version: 33.0.0 - helm.sh/chart: nextcloud-9.0.4 - name: nextcloud-phpconfig - namespace: nextcloud diff --git a/rendered/envs/production/nextcloud/deployment-nextcloud-valkey.yaml b/rendered/envs/production/nextcloud/deployment-nextcloud-valkey.yaml deleted file mode 100644 index c311a8f..0000000 --- a/rendered/envs/production/nextcloud/deployment-nextcloud-valkey.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - labels: - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: valkey - name: nextcloud-valkey - namespace: nextcloud -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: valkey - template: - metadata: - labels: - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: valkey - spec: - containers: - - args: - - valkey-server - - --requirepass - - $(VALKEY_PASSWORD) - env: - - name: VALKEY_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: nextcloud-valkey-password - image: valkey/valkey:8-alpine - livenessProbe: - initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: valkey - name: valkey - ports: - - containerPort: 6379 - name: valkey - protocol: TCP - readinessProbe: - initialDelaySeconds: 5 - periodSeconds: 5 - tcpSocket: - port: valkey - resources: - limits: - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi diff --git a/rendered/envs/production/nextcloud/deployment-nextcloud.yaml b/rendered/envs/production/nextcloud/deployment-nextcloud.yaml deleted file mode 100644 index 4009e7c..0000000 --- a/rendered/envs/production/nextcloud/deployment-nextcloud.yaml +++ /dev/null @@ -1,358 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nextcloud - app.kubernetes.io/version: 33.0.0 - helm.sh/chart: nextcloud-9.0.4 - name: nextcloud - namespace: nextcloud -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: nextcloud - strategy: - type: Recreate - template: - metadata: - annotations: - hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204 - nextcloud-config-hash: 97fd373864ae7c5da0eb066761ee479483364e3957160cacca360fc6a66c03f7 - php-config-hash: b638f66fd8d65de8364dbad6efc59a6524c7b2e2377b5623cf5e921e4d3d2400 - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: nextcloud - spec: - containers: - - env: - - name: POSTGRES_HOST - value: nextcloud-cnpg-rw.nextcloud.svc:5432 - - name: POSTGRES_DB - value: nextcloud - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: username - name: nextcloud-cnpg-app - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: nextcloud-cnpg-app - - name: NEXTCLOUD_ADMIN_USER - valueFrom: - secretKeyRef: - key: nextcloud-username - name: nextcloud-admin-secret - - name: NEXTCLOUD_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - key: nextcloud-password - name: nextcloud-admin-secret - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: nextcloud.tr1ceracop.de - - name: OPENMETRICS_ALLOWED_CLIENTS - value: 127.0.0.1,10.42.0.0/16,10.43.0.0/16 - - name: NEXTCLOUD_DATA_DIR - value: /var/www/html/data - - name: REDIS_HOST - value: nextcloud-valkey.nextcloud.svc - - name: REDIS_HOST_PORT - value: "6379" - - name: REDIS_HOST_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: nextcloud-valkey-password - - name: OBJECTSTORE_S3_SSL - value: "true" - - name: OBJECTSTORE_S3_USEPATH_STYLE - value: "true" - - name: OBJECTSTORE_S3_AUTOCREATE - value: "false" - - name: OBJECTSTORE_S3_REGION - value: nbg1 - - name: OBJECTSTORE_S3_PORT - value: "443" - - name: OBJECTSTORE_S3_STORAGE_CLASS - value: STANDARD - - name: OBJECTSTORE_S3_HOST - value: nbg1.your-objectstorage.com - - name: OBJECTSTORE_S3_BUCKET - value: nextcloud-tr1ceracop - - name: OBJECTSTORE_S3_KEY - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: nextcloud-s3-credentials - - name: OBJECTSTORE_S3_SECRET - valueFrom: - secretKeyRef: - key: SECRET_ACCESS_KEY - name: nextcloud-s3-credentials - - name: OBJECTSTORE_S3_SSE_C_KEY - value: "" - - name: TRUSTED_PROXIES - value: 10.0.0.0/8 - - name: OVERWRITEPROTOCOL - value: https - - name: OVERWRITEHOST - value: nextcloud.tr1ceracop.de - - name: OVERWRITECLIURL - value: https://nextcloud.tr1ceracop.de - - name: NC_default_phone_region - value: DE - image: docker.io/library/nextcloud:33.0.0-fpm-alpine - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - httpHeaders: - - name: Host - value: nextcloud.tr1ceracop.de - path: /status.php - port: 80 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: nextcloud - ports: - - containerPort: 80 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - httpHeaders: - - name: Host - value: nextcloud.tr1ceracop.de - path: /status.php - port: 80 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - memory: 512Mi - requests: - cpu: 200m - memory: 256Mi - volumeMounts: - - mountPath: /var/www/ - name: nextcloud-main - subPath: root - - mountPath: /var/www/html - name: nextcloud-main - subPath: html - - mountPath: /var/www/html/data - name: nextcloud-main - subPath: data - - mountPath: /var/www/html/config - name: nextcloud-main - subPath: config - - mountPath: /var/www/html/custom_apps - name: nextcloud-main - subPath: custom_apps - - mountPath: /var/www/tmp - name: nextcloud-main - subPath: tmp - - mountPath: /var/www/html/themes - name: nextcloud-main - subPath: themes - - mountPath: /usr/local/etc/php/conf.d/opcache.ini - name: nextcloud-phpconfig - subPath: opcache.ini - - mountPath: /usr/local/etc/php/conf.d/uploadLimit.ini - name: nextcloud-phpconfig - subPath: uploadLimit.ini - - command: - - /cron.sh - env: - - name: POSTGRES_HOST - value: nextcloud-cnpg-rw.nextcloud.svc:5432 - - name: POSTGRES_DB - value: nextcloud - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - key: username - name: nextcloud-cnpg-app - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: nextcloud-cnpg-app - - name: NEXTCLOUD_ADMIN_USER - valueFrom: - secretKeyRef: - key: nextcloud-username - name: nextcloud-admin-secret - - name: NEXTCLOUD_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - key: nextcloud-password - name: nextcloud-admin-secret - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: nextcloud.tr1ceracop.de - - name: OPENMETRICS_ALLOWED_CLIENTS - value: 127.0.0.1,10.42.0.0/16,10.43.0.0/16 - - name: NEXTCLOUD_DATA_DIR - value: /var/www/html/data - - name: REDIS_HOST - value: nextcloud-valkey.nextcloud.svc - - name: REDIS_HOST_PORT - value: "6379" - - name: REDIS_HOST_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: nextcloud-valkey-password - - name: OBJECTSTORE_S3_SSL - value: "true" - - name: OBJECTSTORE_S3_USEPATH_STYLE - value: "true" - - name: OBJECTSTORE_S3_AUTOCREATE - value: "false" - - name: OBJECTSTORE_S3_REGION - value: nbg1 - - name: OBJECTSTORE_S3_PORT - value: "443" - - name: OBJECTSTORE_S3_STORAGE_CLASS - value: STANDARD - - name: OBJECTSTORE_S3_HOST - value: nbg1.your-objectstorage.com - - name: OBJECTSTORE_S3_BUCKET - value: nextcloud-tr1ceracop - - name: OBJECTSTORE_S3_KEY - valueFrom: - secretKeyRef: - key: ACCESS_KEY_ID - name: nextcloud-s3-credentials - - name: OBJECTSTORE_S3_SECRET - valueFrom: - secretKeyRef: - key: SECRET_ACCESS_KEY - name: nextcloud-s3-credentials - - name: OBJECTSTORE_S3_SSE_C_KEY - value: "" - - name: TRUSTED_PROXIES - value: 10.0.0.0/8 - - name: OVERWRITEPROTOCOL - value: https - - name: OVERWRITEHOST - value: nextcloud.tr1ceracop.de - - name: OVERWRITECLIURL - value: https://nextcloud.tr1ceracop.de - - name: NC_default_phone_region - value: DE - image: docker.io/library/nextcloud:33.0.0-fpm-alpine - imagePullPolicy: IfNotPresent - name: nextcloud-cron - resources: {} - volumeMounts: - - mountPath: /var/www/ - name: nextcloud-main - subPath: root - - mountPath: /var/www/html - name: nextcloud-main - subPath: html - - mountPath: /var/www/html/data - name: nextcloud-main - subPath: data - - mountPath: /var/www/html/config - name: nextcloud-main - subPath: config - - mountPath: /var/www/html/custom_apps - name: nextcloud-main - subPath: custom_apps - - mountPath: /var/www/tmp - name: nextcloud-main - subPath: tmp - - mountPath: /var/www/html/themes - name: nextcloud-main - subPath: themes - - mountPath: /usr/local/etc/php/conf.d/opcache.ini - name: nextcloud-phpconfig - subPath: opcache.ini - - mountPath: /usr/local/etc/php/conf.d/uploadLimit.ini - name: nextcloud-phpconfig - subPath: uploadLimit.ini - - image: caddy:2-alpine - livenessProbe: - httpGet: - httpHeaders: - - name: Host - value: nextcloud.tr1ceracop.de - path: /status.php - port: 80 - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 5 - name: caddy - ports: - - containerPort: 80 - name: http - protocol: TCP - readinessProbe: - httpGet: - httpHeaders: - - name: Host - value: nextcloud.tr1ceracop.de - path: /status.php - port: 80 - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 5 - resources: - limits: - memory: 64Mi - requests: - cpu: 50m - memory: 32Mi - volumeMounts: - - mountPath: /var/www/ - name: nextcloud-main - subPath: root - - mountPath: /var/www/html - name: nextcloud-main - subPath: html - - mountPath: /var/www/html/data - name: nextcloud-main - subPath: data - - mountPath: /var/www/html/config - name: nextcloud-main - subPath: config - - mountPath: /var/www/html/custom_apps - name: nextcloud-main - subPath: custom_apps - - mountPath: /var/www/tmp - name: nextcloud-main - subPath: tmp - - mountPath: /var/www/html/themes - name: nextcloud-main - subPath: themes - - mountPath: /etc/caddy - name: caddy-config - securityContext: - fsGroup: 33 - volumes: - - name: nextcloud-main - persistentVolumeClaim: - claimName: nextcloud-nextcloud - - configMap: - name: nextcloud-phpconfig - name: nextcloud-phpconfig - - configMap: - name: nextcloud-caddy-config - name: caddy-config diff --git a/rendered/envs/production/nextcloud/job-nextcloud-secret-init.yaml b/rendered/envs/production/nextcloud/job-nextcloud-secret-init.yaml deleted file mode 100644 index f051129..0000000 --- a/rendered/envs/production/nextcloud/job-nextcloud-secret-init.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - argocd.argoproj.io/sync-options: Replace=true - name: nextcloud-secret-init - namespace: nextcloud -spec: - template: - spec: - containers: - - command: - - sh - - -c - - | - set -e - - if ! kubectl get secret nextcloud-admin-secret -n ${NAMESPACE} >/dev/null 2>&1; then - PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24) - kubectl create secret generic nextcloud-admin-secret \ - -n ${NAMESPACE} \ - --from-literal=nextcloud-username=admin \ - --from-literal=nextcloud-password="${PASSWORD}" - echo "Created nextcloud-admin-secret" - else - echo "nextcloud-admin-secret already exists, skipping" - fi - - if ! kubectl get secret nextcloud-valkey-password -n ${NAMESPACE} >/dev/null 2>&1; then - VALKEY_PASSWORD=$(head -c 32 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 24) - kubectl create secret generic nextcloud-valkey-password \ - -n ${NAMESPACE} \ - --from-literal=password="${VALKEY_PASSWORD}" - echo "Created nextcloud-valkey-password" - else - echo "nextcloud-valkey-password already exists, skipping" - fi - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: alpine/k8s:1.32.3 - name: init - restartPolicy: OnFailure - serviceAccountName: nextcloud-secret-init - ttlSecondsAfterFinished: 300 diff --git a/rendered/envs/production/nextcloud/service-nextcloud-valkey.yaml b/rendered/envs/production/nextcloud/service-nextcloud-valkey.yaml deleted file mode 100644 index 3e0a7d3..0000000 --- a/rendered/envs/production/nextcloud/service-nextcloud-valkey.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - labels: - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: valkey - name: nextcloud-valkey - namespace: nextcloud -spec: - ports: - - name: valkey - port: 6379 - protocol: TCP - targetPort: valkey - selector: - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: valkey - type: ClusterIP diff --git a/rendered/envs/production/nextcloud/service-nextcloud.yaml b/rendered/envs/production/nextcloud/service-nextcloud.yaml deleted file mode 100644 index 9038ce7..0000000 --- a/rendered/envs/production/nextcloud/service-nextcloud.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/monitor: enabled - app.kubernetes.io/name: nextcloud - app.kubernetes.io/version: 33.0.0 - helm.sh/chart: nextcloud-9.0.4 - name: nextcloud - namespace: nextcloud -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 80 - selector: - app.kubernetes.io/component: app - app.kubernetes.io/instance: nextcloud - app.kubernetes.io/name: nextcloud - type: ClusterIP diff --git a/rendered/envs/production/ocis/configmap-appregistry-config.yaml b/rendered/envs/production/ocis/configmap-appregistry-config.yaml new file mode 100644 index 0000000..da9b804 --- /dev/null +++ b/rendered/envs/production/ocis/configmap-appregistry-config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + app-registry.yaml: | + --- +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: appregistry-config + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-auth-service.yaml b/rendered/envs/production/ocis/configmap-auth-service.yaml new file mode 100644 index 0000000..e38c65b --- /dev/null +++ b/rendered/envs/production/ocis/configmap-auth-service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + service-account-id: 46ec47ba-00e9-4114-950c-5743e5be4cee +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: auth-service + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-graph.yaml b/rendered/envs/production/ocis/configmap-graph.yaml new file mode 100644 index 0000000..9f92446 --- /dev/null +++ b/rendered/envs/production/ocis/configmap-graph.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + application-id: 1160b6ab-f9d7-464e-96a3-f2a3568ce67f +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: graph + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-proxy-config.yaml b/rendered/envs/production/ocis/configmap-proxy-config.yaml new file mode 100644 index 0000000..89ee85a --- /dev/null +++ b/rendered/envs/production/ocis/configmap-proxy-config.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +data: + csp.yaml: | + --- + directives: + child-src: + - '''self''' + connect-src: + - '''self''' + default-src: + - '''none''' + font-src: + - '''self''' + frame-ancestors: + - '''self''' + frame-src: + - '''self''' + - 'blob:' + img-src: + - '''self''' + - 'data:' + - 'blob:' + manifest-src: + - '''self''' + media-src: + - '''self''' + object-src: + - '''self''' + - 'blob:' + script-src: + - '''self''' + - '''unsafe-inline''' + style-src: + - '''self''' + - '''unsafe-inline''' + proxy.yaml: | + --- + policy_selector: + static: + policy: ocis +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: proxy-config + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-sharing-banned-passwords-frontend.yaml b/rendered/envs/production/ocis/configmap-sharing-banned-passwords-frontend.yaml new file mode 100644 index 0000000..2de9fbf --- /dev/null +++ b/rendered/envs/production/ocis/configmap-sharing-banned-passwords-frontend.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + sharing-banned-passwords.txt: "" +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: sharing-banned-passwords-frontend + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-sharing-banned-passwords-sharing.yaml b/rendered/envs/production/ocis/configmap-sharing-banned-passwords-sharing.yaml new file mode 100644 index 0000000..c42cabe --- /dev/null +++ b/rendered/envs/production/ocis/configmap-sharing-banned-passwords-sharing.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + sharing-banned-passwords.txt: "" +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: sharing-banned-passwords-sharing + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-storage-users.yaml b/rendered/envs/production/ocis/configmap-storage-users.yaml new file mode 100644 index 0000000..128007a --- /dev/null +++ b/rendered/envs/production/ocis/configmap-storage-users.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + storage-uuid: e77de552-42dc-4d0d-ab83-2fdd35294451 +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: storage-users + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-thumbnails-cleanup-script-configmap.yaml b/rendered/envs/production/ocis/configmap-thumbnails-cleanup-script-configmap.yaml new file mode 100644 index 0000000..23f60df --- /dev/null +++ b/rendered/envs/production/ocis/configmap-thumbnails-cleanup-script-configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + thumbnails-cleanup-script.sh: | + #!/bin/sh + + find /var/lib/ocis/thumbnails \ + -atime \ + 30 \ + -exec rm -rf {} \; + true +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + name: thumbnails-cleanup-script-configmap + namespace: ocis diff --git a/rendered/envs/production/ocis/configmap-web-config.yaml b/rendered/envs/production/ocis/configmap-web-config.yaml new file mode 100644 index 0000000..ca836b2 --- /dev/null +++ b/rendered/envs/production/ocis/configmap-web-config.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + web.yaml: | + --- + web: + config: +kind: ConfigMap +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: web-config + namespace: ocis diff --git a/rendered/envs/production/ocis/cronjob-storage-users-clean-expired-uploads.yaml b/rendered/envs/production/ocis/cronjob-storage-users-clean-expired-uploads.yaml new file mode 100644 index 0000000..65f496b --- /dev/null +++ b/rendered/envs/production/ocis/cronjob-storage-users-clean-expired-uploads.yaml @@ -0,0 +1,123 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storage-users-clean-expired-uploads + namespace: ocis +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + parallelism: 1 + template: + metadata: + labels: + app: storage-users-clean-expired-uploads + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - storage-users + - uploads + - sessions + - --clean + - --expired + - --processing=false + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: STORAGE_USERS_LOG_COLOR + value: "false" + - name: STORAGE_USERS_LOG_LEVEL + value: info + - name: STORAGE_USERS_LOG_PRETTY + value: "false" + - name: STORAGE_USERS_DRIVER + value: s3ng + - name: STORAGE_USERS_S3NG_ENDPOINT + value: https://nbg1.your-objectstorage.com + - name: STORAGE_USERS_S3NG_REGION + value: nbg1 + - name: STORAGE_USERS_S3NG_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accessKey + name: ocis-s3-credentials + - name: STORAGE_USERS_S3NG_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretKey + name: ocis-s3-credentials + - name: STORAGE_USERS_S3NG_BUCKET + value: ocis-tr1ceracop + - name: STORAGE_USERS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: OCIS_TRANSFER_SECRET + valueFrom: + secretKeyRef: + key: transfer-secret + name: transfer-secret + - name: STORAGE_USERS_MOUNT_ID + valueFrom: + configMapKeyRef: + key: storage-uuid + name: storage-users + - name: STORAGE_USERS_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + name: storage-users-clean-expired-uploads + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /var/lib/ocis + name: storageusers-data + nodeSelector: {} + restartPolicy: Never + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - name: storageusers-data + persistentVolumeClaim: + claimName: storageusers-data + ttlSecondsAfterFinished: 86400 + schedule: 0 * * * * + startingDeadlineSeconds: 600 + successfulJobsHistoryLimit: 3 + suspend: true diff --git a/rendered/envs/production/ocis/cronjob-storage-users-purge-expired-trash-bin-items.yaml b/rendered/envs/production/ocis/cronjob-storage-users-purge-expired-trash-bin-items.yaml new file mode 100644 index 0000000..909cc44 --- /dev/null +++ b/rendered/envs/production/ocis/cronjob-storage-users-purge-expired-trash-bin-items.yaml @@ -0,0 +1,104 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storage-users-purge-expired-trash-bin-items + namespace: ocis +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + parallelism: 1 + template: + metadata: + labels: + app: storage-users-purge-expired-trash-bin-items + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - storage-users + - trash-bin + - purge-expired + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: STORAGE_USERS_LOG_COLOR + value: "false" + - name: STORAGE_USERS_LOG_LEVEL + value: info + - name: STORAGE_USERS_LOG_PRETTY + value: "false" + - name: STORAGE_USERS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: OCIS_TRANSFER_SECRET + valueFrom: + secretKeyRef: + key: transfer-secret + name: transfer-secret + - name: STORAGE_USERS_MOUNT_ID + valueFrom: + configMapKeyRef: + key: storage-uuid + name: storage-users + - name: STORAGE_USERS_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + name: storage-users-purge-expired-trash-bin-items + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /var/lib/ocis + name: storageusers-data + nodeSelector: {} + restartPolicy: Never + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - name: storageusers-data + persistentVolumeClaim: + claimName: storageusers-data + ttlSecondsAfterFinished: 86400 + schedule: 0 * * * * + startingDeadlineSeconds: 600 + successfulJobsHistoryLimit: 3 + suspend: true diff --git a/rendered/envs/production/ocis/cronjob-storage-users-restart-postprocessing.yaml b/rendered/envs/production/ocis/cronjob-storage-users-restart-postprocessing.yaml new file mode 100644 index 0000000..996bfac --- /dev/null +++ b/rendered/envs/production/ocis/cronjob-storage-users-restart-postprocessing.yaml @@ -0,0 +1,106 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storage-users-restart-postprocessing + namespace: ocis +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + parallelism: 1 + template: + metadata: + labels: + app: storage-users-restart-postprocessing + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - storage-users + - uploads + - sessions + - --restart + - --processing=true + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: STORAGE_USERS_LOG_COLOR + value: "false" + - name: STORAGE_USERS_LOG_LEVEL + value: info + - name: STORAGE_USERS_LOG_PRETTY + value: "false" + - name: STORAGE_USERS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: OCIS_TRANSFER_SECRET + valueFrom: + secretKeyRef: + key: transfer-secret + name: transfer-secret + - name: STORAGE_USERS_MOUNT_ID + valueFrom: + configMapKeyRef: + key: storage-uuid + name: storage-users + - name: STORAGE_USERS_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + name: storage-users-restart-postprocessing + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /var/lib/ocis + name: storageusers-data + nodeSelector: {} + restartPolicy: Never + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - name: storageusers-data + persistentVolumeClaim: + claimName: storageusers-data + ttlSecondsAfterFinished: 86400 + schedule: 0 * * * * + startingDeadlineSeconds: 600 + successfulJobsHistoryLimit: 3 + suspend: true diff --git a/rendered/envs/production/ocis/cronjob-thumbnails-cleanup.yaml b/rendered/envs/production/ocis/cronjob-thumbnails-cleanup.yaml new file mode 100644 index 0000000..8e78875 --- /dev/null +++ b/rendered/envs/production/ocis/cronjob-thumbnails-cleanup.yaml @@ -0,0 +1,66 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + ignore-check.kube-linter.io/latest-tag: using the stable tag on this busybox image is better than having an outdated image + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: thumbnails-cleanup + namespace: ocis +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 3 + jobTemplate: + spec: + parallelism: 1 + template: + metadata: + labels: + app: thumbnails-cleanup + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - command: + - /bin/sh + - /script/thumbnails-cleanup-script.sh + image: busybox:stable + imagePullPolicy: IfNotPresent + name: thumbnails-cleanup + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/lib/ocis + name: thumbnails-data + - mountPath: /script + name: script + nodeSelector: {} + restartPolicy: Never + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - name: thumbnails-data + persistentVolumeClaim: + claimName: thumbnails-data + - configMap: + defaultMode: 320 + name: thumbnails-cleanup-script-configmap + name: script + ttlSecondsAfterFinished: 86400 + schedule: 0 * * * * + startingDeadlineSeconds: 600 + successfulJobsHistoryLimit: 3 + suspend: true diff --git a/rendered/envs/production/ocis/deployment-activitylog.yaml b/rendered/envs/production/ocis/deployment-activitylog.yaml new file mode 100644 index 0000000..199da6e --- /dev/null +++ b/rendered/envs/production/ocis/deployment-activitylog.yaml @@ -0,0 +1,120 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: activitylog + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: activitylog + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: activitylog + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - activitylog + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCIS_PERSISTENT_STORE + value: nats-js-kv + - name: OCIS_PERSISTENT_STORE_NODES + value: nats:9233 + - name: ACTIVITYLOG_LOG_COLOR + value: "false" + - name: ACTIVITYLOG_LOG_LEVEL + value: info + - name: ACTIVITYLOG_LOG_PRETTY + value: "false" + - name: ACTIVITYLOG_TRACING_ENABLED + value: "false" + - name: ACTIVITYLOG_TRACING_TYPE + value: jaeger + - name: ACTIVITYLOG_TRACING_ENDPOINT + value: null + - name: ACTIVITYLOG_TRACING_COLLECTOR + value: null + - name: ACTIVITYLOG_DEBUG_PPROF + value: "false" + - name: ACTIVITYLOG_HTTP_ADDR + value: 0.0.0.0:9195 + - name: ACTIVITYLOG_DEBUG_ADDR + value: 0.0.0.0:9197 + - name: ACTIVITYLOG_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: ACTIVITYLOG_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: ACTIVITYLOG_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: activitylog + ports: + - containerPort: 9195 + name: http + - containerPort: 9197 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca diff --git a/rendered/envs/production/ocis/deployment-appregistry.yaml b/rendered/envs/production/ocis/deployment-appregistry.yaml new file mode 100644 index 0000000..b61f75a --- /dev/null +++ b/rendered/envs/production/ocis/deployment-appregistry.yaml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: appregistry + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: appregistry + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 0dffa4f8f27458fef0dec7d83ed4cc950c3d3793ad1ac0a3a3139ee3a8715bf0 + labels: + app: appregistry + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - app-registry + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: APP_REGISTRY_LOG_COLOR + value: "false" + - name: APP_REGISTRY_LOG_LEVEL + value: info + - name: APP_REGISTRY_LOG_PRETTY + value: "false" + - name: APP_REGISTRY_TRACING_ENABLED + value: "false" + - name: APP_REGISTRY_TRACING_TYPE + value: jaeger + - name: APP_REGISTRY_TRACING_ENDPOINT + value: null + - name: APP_REGISTRY_TRACING_COLLECTOR + value: null + - name: APP_REGISTRY_DEBUG_PPROF + value: "false" + - name: APP_REGISTRY_GRPC_ADDR + value: 0.0.0.0:9242 + - name: APP_REGISTRY_DEBUG_ADDR + value: 0.0.0.0:9243 + - name: APP_REGISTRY_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: appregistry + ports: + - containerPort: 9242 + name: grpc + - containerPort: 9243 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /etc/ocis + name: configs + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - configMap: + name: appregistry-config + name: configs diff --git a/rendered/envs/production/ocis/deployment-audit.yaml b/rendered/envs/production/ocis/deployment-audit.yaml new file mode 100644 index 0000000..fe21188 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-audit.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: audit + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: audit + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: audit + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - audit + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: AUDIT_LOG_COLOR + value: "false" + - name: AUDIT_LOG_LEVEL + value: info + - name: AUDIT_LOG_PRETTY + value: "false" + - name: AUDIT_DEBUG_PPROF + value: "false" + - name: AUDIT_DEBUG_ADDR + value: 0.0.0.0:9229 + - name: AUDIT_LOG_TO_CONSOLE + value: "true" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: audit + ports: + - containerPort: 9229 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca diff --git a/rendered/envs/production/ocis/deployment-authmachine.yaml b/rendered/envs/production/ocis/deployment-authmachine.yaml new file mode 100644 index 0000000..96d6720 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-authmachine.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: authmachine + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: authmachine + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: authmachine + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - auth-machine + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: AUTH_MACHINE_LOG_COLOR + value: "false" + - name: AUTH_MACHINE_LOG_LEVEL + value: info + - name: AUTH_MACHINE_LOG_PRETTY + value: "false" + - name: AUTH_MACHINE_TRACING_ENABLED + value: "false" + - name: AUTH_MACHINE_TRACING_TYPE + value: jaeger + - name: AUTH_MACHINE_TRACING_ENDPOINT + value: null + - name: AUTH_MACHINE_TRACING_COLLECTOR + value: null + - name: AUTH_MACHINE_DEBUG_PPROF + value: "false" + - name: AUTH_MACHINE_GRPC_ADDR + value: 0.0.0.0:9166 + - name: AUTH_MACHINE_DEBUG_ADDR + value: 0.0.0.0:9167 + - name: AUTH_MACHINE_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: AUTH_MACHINE_API_KEY + valueFrom: + secretKeyRef: + key: machine-auth-api-key + name: machine-auth-api-key + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: authmachine + ports: + - containerPort: 9166 + name: grpc + - containerPort: 9167 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume diff --git a/rendered/envs/production/ocis/deployment-authservice.yaml b/rendered/envs/production/ocis/deployment-authservice.yaml new file mode 100644 index 0000000..6697c28 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-authservice.yaml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: authservice + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: authservice + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: authservice + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - auth-service + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: AUTH_SERVICE_LOG_COLOR + value: "false" + - name: AUTH_SERVICE_LOG_LEVEL + value: info + - name: AUTH_SERVICE_LOG_PRETTY + value: "false" + - name: AUTH_SERVICE_TRACING_ENABLED + value: "false" + - name: AUTH_SERVICE_TRACING_TYPE + value: jaeger + - name: AUTH_SERVICE_TRACING_ENDPOINT + value: null + - name: AUTH_SERVICE_TRACING_COLLECTOR + value: null + - name: AUTH_SERVICE_DEBUG_PPROF + value: "false" + - name: AUTH_SERVICE_GRPC_ADDR + value: 0.0.0.0:9616 + - name: AUTH_SERVICE_DEBUG_ADDR + value: 0.0.0.0:9617 + - name: AUTH_SERVICE_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: AUTH_SERVICE_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: AUTH_SERVICE_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: authservice + ports: + - containerPort: 9616 + name: grpc + - containerPort: 9617 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume diff --git a/rendered/envs/production/ocis/deployment-clientlog.yaml b/rendered/envs/production/ocis/deployment-clientlog.yaml new file mode 100644 index 0000000..bcbe37a --- /dev/null +++ b/rendered/envs/production/ocis/deployment-clientlog.yaml @@ -0,0 +1,110 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: clientlog + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: clientlog + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: clientlog + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - clientlog + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: CLIENTLOG_LOG_COLOR + value: "false" + - name: CLIENTLOG_LOG_LEVEL + value: info + - name: CLIENTLOG_LOG_PRETTY + value: "false" + - name: CLIENTLOG_TRACING_ENABLED + value: "false" + - name: CLIENTLOG_TRACING_TYPE + value: jaeger + - name: CLIENTLOG_TRACING_ENDPOINT + value: null + - name: CLIENTLOG_TRACING_COLLECTOR + value: null + - name: CLIENTLOG_DEBUG_PPROF + value: "false" + - name: CLIENTLOG_DEBUG_ADDR + value: 0.0.0.0:9260 + - name: CLIENTLOG_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: CLIENTLOG_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: CLIENTLOG_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: clientlog + ports: + - containerPort: 9260 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca diff --git a/rendered/envs/production/ocis/deployment-eventhistory.yaml b/rendered/envs/production/ocis/deployment-eventhistory.yaml new file mode 100644 index 0000000..ce571f0 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-eventhistory.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: eventhistory + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: eventhistory + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: eventhistory + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - eventhistory + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: OCIS_PERSISTENT_STORE + value: nats-js-kv + - name: OCIS_PERSISTENT_STORE_NODES + value: nats:9233 + - name: EVENTHISTORY_LOG_COLOR + value: "false" + - name: EVENTHISTORY_LOG_LEVEL + value: info + - name: EVENTHISTORY_LOG_PRETTY + value: "false" + - name: EVENTHISTORY_DEBUG_PPROF + value: "false" + - name: EVENTHISTORY_GRPC_ADDR + value: 0.0.0.0:8080 + - name: EVENTHISTORY_DEBUG_ADDR + value: 0.0.0.0:9270 + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: eventhistory + ports: + - containerPort: 8080 + name: grpc + - containerPort: 9270 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca diff --git a/rendered/envs/production/ocis/deployment-frontend.yaml b/rendered/envs/production/ocis/deployment-frontend.yaml new file mode 100644 index 0000000..d82ff6a --- /dev/null +++ b/rendered/envs/production/ocis/deployment-frontend.yaml @@ -0,0 +1,176 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: frontend + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: frontend + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: a0c1b014e95dfcfe5b9f1eb6be20415d3deb0c51a2ee065b08bff8881c0f448d + labels: + app: frontend + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - frontend + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: FRONTEND_LOG_COLOR + value: "false" + - name: FRONTEND_LOG_LEVEL + value: info + - name: FRONTEND_LOG_PRETTY + value: "false" + - name: FRONTEND_TRACING_ENABLED + value: "false" + - name: FRONTEND_TRACING_TYPE + value: jaeger + - name: FRONTEND_TRACING_ENDPOINT + value: null + - name: FRONTEND_TRACING_COLLECTOR + value: null + - name: FRONTEND_DEBUG_PPROF + value: "false" + - name: FRONTEND_HTTP_ADDR + value: 0.0.0.0:9140 + - name: FRONTEND_DEBUG_ADDR + value: 0.0.0.0:9141 + - name: FRONTEND_PUBLIC_URL + value: https://drive.tr1ceracop.de + - name: OCIS_LDAP_SERVER_WRITE_ENABLED + value: "true" + - name: FRONTEND_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: FRONTEND_APP_HANDLER_INSECURE + value: "false" + - name: FRONTEND_ARCHIVER_INSECURE + value: "false" + - name: FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD + value: "false" + - name: FRONTEND_OCS_PUBLIC_SHARE_MUST_HAVE_PASSWORD + value: "false" + - name: FRONTEND_SEARCH_MIN_LENGTH + value: "3" + - name: FRONTEND_ARCHIVER_MAX_SIZE + value: "1073741824" + - name: FRONTEND_ARCHIVER_MAX_NUM_FILES + value: "10000" + - name: FRONTEND_FULL_TEXT_SEARCH_ENABLED + value: "false" + - name: OCIS_SHOW_USER_EMAIL_IN_RESULTS + value: "false" + - name: FRONTEND_OCS_STAT_CACHE_STORE + value: noop + - name: OCIS_EDITION + value: Community + - name: FRONTEND_MACHINE_AUTH_API_KEY + valueFrom: + secretKeyRef: + key: machine-auth-api-key + name: machine-auth-api-key + - name: FRONTEND_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: FRONTEND_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: OCIS_TRANSFER_SECRET + valueFrom: + secretKeyRef: + key: transfer-secret + name: transfer-secret + - name: FRONTEND_AUTO_ACCEPT_SHARES + value: "true" + - name: FRONTEND_MAX_CONCURRENCY + value: "100" + - name: FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS + value: "0" + - name: FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS + value: "0" + - name: FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS + value: "0" + - name: FRONTEND_PASSWORD_POLICY_MIN_DIGITS + value: "0" + - name: FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS + value: "0" + - name: FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST + value: /etc/ocis/sharing-banned-passwords.txt + - name: OCIS_ENABLE_OCM + value: "false" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: frontend + ports: + - containerPort: 9140 + name: http + - containerPort: 9141 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /etc/ocis + name: configs + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - configMap: + name: sharing-banned-passwords-frontend + name: configs diff --git a/rendered/envs/production/ocis/deployment-gateway.yaml b/rendered/envs/production/ocis/deployment-gateway.yaml new file mode 100644 index 0000000..ec7e442 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-gateway.yaml @@ -0,0 +1,119 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: gateway + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: gateway + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: gateway + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - gateway + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: GATEWAY_LOG_COLOR + value: "false" + - name: GATEWAY_LOG_LEVEL + value: info + - name: GATEWAY_LOG_PRETTY + value: "false" + - name: GATEWAY_TRACING_ENABLED + value: "false" + - name: GATEWAY_TRACING_TYPE + value: jaeger + - name: GATEWAY_TRACING_ENDPOINT + value: null + - name: GATEWAY_TRACING_COLLECTOR + value: null + - name: GATEWAY_DEBUG_PPROF + value: "false" + - name: GATEWAY_GRPC_ADDR + value: 0.0.0.0:9142 + - name: GATEWAY_DEBUG_ADDR + value: 0.0.0.0:9143 + - name: GATEWAY_FRONTEND_PUBLIC_URL + value: https://drive.tr1ceracop.de + - name: GATEWAY_STAT_CACHE_STORE + value: noop + - name: GATEWAY_PROVIDER_CACHE_STORE + value: noop + - name: GATEWAY_CREATE_HOME_CACHE_STORE + value: memory + - name: GATEWAY_STORAGE_USERS_MOUNT_ID + valueFrom: + configMapKeyRef: + key: storage-uuid + name: storage-users + - name: GATEWAY_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: OCIS_TRANSFER_SECRET + valueFrom: + secretKeyRef: + key: transfer-secret + name: transfer-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: gateway + ports: + - containerPort: 9142 + name: grpc + - containerPort: 9143 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume diff --git a/rendered/envs/production/ocis/deployment-graph.yaml b/rendered/envs/production/ocis/deployment-graph.yaml new file mode 100644 index 0000000..b6fed78 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-graph.yaml @@ -0,0 +1,152 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: graph + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: graph + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: graph + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - graph + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: OCIS_CACHE_STORE + value: nats-js-kv + - name: OCIS_CACHE_STORE_NODES + value: nats:9233 + - name: OCIS_CACHE_DISABLE_PERSISTENCE + value: "true" + - name: GRAPH_LOG_COLOR + value: "false" + - name: GRAPH_LOG_LEVEL + value: info + - name: GRAPH_LOG_PRETTY + value: "false" + - name: GRAPH_TRACING_ENABLED + value: "false" + - name: GRAPH_TRACING_TYPE + value: jaeger + - name: GRAPH_TRACING_ENDPOINT + value: null + - name: GRAPH_TRACING_COLLECTOR + value: null + - name: GRAPH_DEBUG_PPROF + value: "false" + - name: GRAPH_HTTP_ADDR + value: 0.0.0.0:9120 + - name: GRAPH_DEBUG_ADDR + value: 0.0.0.0:9124 + - name: GRAPH_SPACES_WEBDAV_BASE + value: https://drive.tr1ceracop.de + - name: GRAPH_IDENTITY_SEARCH_MIN_LENGTH + value: "3" + - name: GRAPH_LDAP_URI + value: ldaps://idm:9235 + - name: GRAPH_LDAP_CACERT + value: /etc/ocis/ldap-ca/ldap-ca.crt + - name: GRAPH_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + key: graph-ldap-bind-password + name: ldap-bind-secrets + - name: OCIS_SHOW_USER_EMAIL_IN_RESULTS + value: "false" + - name: GRAPH_APPLICATION_ID + valueFrom: + configMapKeyRef: + key: application-id + name: graph + - name: GRAPH_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: OCIS_DEFAULT_LANGUAGE + value: en + - name: GRAPH_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: GRAPH_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: OCIS_ENABLE_OCM + value: "false" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: graph + ports: + - containerPort: 9120 + name: http + - containerPort: 9124 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + - mountPath: /etc/ocis/ldap-ca + name: ldap-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca + - name: ldap-ca + secret: + secretName: ldap-ca diff --git a/rendered/envs/production/ocis/deployment-groups.yaml b/rendered/envs/production/ocis/deployment-groups.yaml new file mode 100644 index 0000000..dfd3878 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-groups.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: groups + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: groups + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: groups + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - groups + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: GROUPS_LOG_COLOR + value: "false" + - name: GROUPS_LOG_LEVEL + value: info + - name: GROUPS_LOG_PRETTY + value: "false" + - name: GROUPS_TRACING_ENABLED + value: "false" + - name: GROUPS_TRACING_TYPE + value: jaeger + - name: GROUPS_TRACING_ENDPOINT + value: null + - name: GROUPS_TRACING_COLLECTOR + value: null + - name: GROUPS_DEBUG_PPROF + value: "false" + - name: GROUPS_GRPC_ADDR + value: 0.0.0.0:9160 + - name: GROUPS_DEBUG_ADDR + value: 0.0.0.0:9161 + - name: GROUPS_LDAP_URI + value: ldaps://idm:9235 + - name: GROUPS_LDAP_CACERT + value: /etc/ocis/ldap-ca/ldap-ca.crt + - name: GROUPS_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + key: reva-ldap-bind-password + name: ldap-bind-secrets + - name: GROUPS_IDP_URL + value: https://drive.tr1ceracop.de + - name: GROUPS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: groups + ports: + - containerPort: 9160 + name: grpc + - containerPort: 9161 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /etc/ocis/ldap-ca + name: ldap-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - name: ldap-ca + secret: + secretName: ldap-ca diff --git a/rendered/envs/production/ocis/deployment-idm.yaml b/rendered/envs/production/ocis/deployment-idm.yaml new file mode 100644 index 0000000..525ab51 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-idm.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: idm + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: idm + strategy: + type: Recreate + template: + metadata: + labels: + app: idm + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - idm + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: IDM_LOG_COLOR + value: "false" + - name: IDM_LOG_LEVEL + value: info + - name: IDM_LOG_PRETTY + value: "false" + - name: IDM_TRACING_ENABLED + value: "false" + - name: IDM_TRACING_TYPE + value: jaeger + - name: IDM_TRACING_ENDPOINT + value: null + - name: IDM_TRACING_COLLECTOR + value: null + - name: IDM_DEBUG_PPROF + value: "false" + - name: IDM_LDAPS_ADDR + value: 0.0.0.0:9235 + - name: IDM_DEBUG_ADDR + value: 0.0.0.0:9239 + - name: IDM_CREATE_DEMO_USERS + value: "false" + - name: OCIS_OIDC_ISSUER + value: https://drive.tr1ceracop.de + - name: IDM_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: admin-user + - name: IDM_ADMIN_USER_ID + valueFrom: + secretKeyRef: + key: user-id + name: admin-user + - name: IDM_SVC_PASSWORD + valueFrom: + secretKeyRef: + key: graph-ldap-bind-password + name: ldap-bind-secrets + - name: IDM_REVASVC_PASSWORD + valueFrom: + secretKeyRef: + key: reva-ldap-bind-password + name: ldap-bind-secrets + - name: IDM_IDPSVC_PASSWORD + valueFrom: + secretKeyRef: + key: idp-ldap-bind-password + name: ldap-bind-secrets + - name: IDM_LDAPS_CERT + value: /etc/ocis/ldap-cert/ldap.crt + - name: IDM_LDAPS_KEY + value: /etc/ocis/ldap-cert/ldap.key + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: idm + ports: + - containerPort: 9235 + name: ldaps + - containerPort: 9239 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/ldap-cert + name: ldap-cert + readOnly: true + - mountPath: /var/lib/ocis + name: idm-data + initContainers: + - command: + - mkdir + - -p + - /var/lib/ocis/idm + image: busybox:stable + imagePullPolicy: IfNotPresent + name: init-dir + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/lib/ocis + name: idm-data + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - name: ldap-cert + secret: + secretName: ldap-cert + - name: idm-data + persistentVolumeClaim: + claimName: idm-data diff --git a/rendered/envs/production/ocis/deployment-idp.yaml b/rendered/envs/production/ocis/deployment-idp.yaml new file mode 100644 index 0000000..a6f893e --- /dev/null +++ b/rendered/envs/production/ocis/deployment-idp.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + ignore-check.kube-linter.io/env-var-secret: IDP_ENCRYPTION_SECRET_FILE is no secret, it's the file path to the secret + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: idp + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: idp + strategy: + type: Recreate + template: + metadata: + labels: + app: idp + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - idp + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: IDP_LOG_COLOR + value: "false" + - name: IDP_LOG_LEVEL + value: info + - name: IDP_LOG_PRETTY + value: "false" + - name: IDP_TRACING_ENABLED + value: "false" + - name: IDP_TRACING_TYPE + value: jaeger + - name: IDP_TRACING_ENDPOINT + value: null + - name: IDP_TRACING_COLLECTOR + value: null + - name: IDP_DEBUG_PPROF + value: "false" + - name: IDP_HTTP_ADDR + value: 0.0.0.0:9130 + - name: IDP_DEBUG_ADDR + value: 0.0.0.0:9134 + - name: OCIS_URL + value: https://drive.tr1ceracop.de + - name: IDP_LDAP_URI + value: ldaps://idm:9235 + - name: IDP_LDAP_TLS_CACERT + value: /etc/ocis/ldap-ca/ldap-ca.crt + - name: IDP_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + key: idp-ldap-bind-password + name: ldap-bind-secrets + - name: IDP_SIGNING_PRIVATE_KEY_FILES + value: /etc/ocis/idp/private-key.pem + - name: IDP_ENCRYPTION_SECRET_FILE + value: /etc/ocis/idp/encryption.key + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: idp + ports: + - containerPort: 9130 + name: http + - containerPort: 9134 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/lib/ocis + name: ocis-data-tmp + - mountPath: /etc/ocis/ldap-ca + name: ldap-ca + readOnly: true + - mountPath: /etc/ocis/idp + name: idp-secrets + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: ocis-data-tmp + - name: ldap-ca + secret: + secretName: ldap-ca + - name: idp-secrets + secret: + secretName: idp-secrets diff --git a/rendered/envs/production/ocis/deployment-nats.yaml b/rendered/envs/production/ocis/deployment-nats.yaml new file mode 100644 index 0000000..66cced7 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-nats.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: nats + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: nats + strategy: + type: Recreate + template: + metadata: + labels: + app: nats + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - nats + - server + command: + - ocis + env: + - name: NATS_LOG_COLOR + value: "false" + - name: NATS_LOG_LEVEL + value: info + - name: NATS_LOG_PRETTY + value: "false" + - name: NATS_DEBUG_PPROF + value: "false" + - name: NATS_NATS_HOST + value: 0.0.0.0 + - name: NATS_NATS_PORT + value: "9233" + - name: NATS_DEBUG_ADDR + value: 0.0.0.0:9234 + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: nats + ports: + - containerPort: 9233 + name: nats + - containerPort: 9234 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/lib/ocis + name: nats-data + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - name: nats-data + persistentVolumeClaim: + claimName: nats-data diff --git a/rendered/envs/production/ocis/deployment-ocdav.yaml b/rendered/envs/production/ocis/deployment-ocdav.yaml new file mode 100644 index 0000000..e2e82db --- /dev/null +++ b/rendered/envs/production/ocis/deployment-ocdav.yaml @@ -0,0 +1,110 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: ocdav + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: ocdav + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: ocdav + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - ocdav + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCDAV_LOG_COLOR + value: "false" + - name: OCDAV_LOG_LEVEL + value: info + - name: OCDAV_LOG_PRETTY + value: "false" + - name: OCDAV_TRACING_ENABLED + value: "false" + - name: OCDAV_TRACING_TYPE + value: jaeger + - name: OCDAV_TRACING_ENDPOINT + value: null + - name: OCDAV_TRACING_COLLECTOR + value: null + - name: OCDAV_DEBUG_PPROF + value: "false" + - name: OCDAV_HTTP_ADDR + value: 0.0.0.0:8080 + - name: OCDAV_DEBUG_ADDR + value: 0.0.0.0:9163 + - name: OCDAV_PUBLIC_URL + value: https://drive.tr1ceracop.de + - name: OCIS_EDITION + value: Community + - name: OCDAV_INSECURE + value: "false" + - name: OCDAV_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: OCDAV_MACHINE_AUTH_API_KEY + valueFrom: + secretKeyRef: + key: machine-auth-api-key + name: machine-auth-api-key + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: ocdav + ports: + - containerPort: 8080 + name: http + - containerPort: 9163 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: null + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: null diff --git a/rendered/envs/production/ocis/deployment-ocs.yaml b/rendered/envs/production/ocis/deployment-ocs.yaml new file mode 100644 index 0000000..bc53131 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-ocs.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: ocs + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: ocs + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: ocs + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - ocs + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCIS_CACHE_STORE + value: nats-js-kv + - name: OCIS_CACHE_STORE_NODES + value: nats:9233 + - name: OCIS_CACHE_DISABLE_PERSISTENCE + value: "true" + - name: OCS_LOG_COLOR + value: "false" + - name: OCS_LOG_LEVEL + value: info + - name: OCS_LOG_PRETTY + value: "false" + - name: OCS_TRACING_ENABLED + value: "false" + - name: OCS_TRACING_TYPE + value: jaeger + - name: OCS_TRACING_ENDPOINT + value: null + - name: OCS_TRACING_COLLECTOR + value: null + - name: OCS_DEBUG_PPROF + value: "false" + - name: OCS_HTTP_ADDR + value: 0.0.0.0:9110 + - name: OCS_DEBUG_ADDR + value: 0.0.0.0:9114 + - name: OCS_IDM_ADDRESS + value: https://drive.tr1ceracop.de + - name: OCS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: ocs + ports: + - containerPort: 9110 + name: http + - containerPort: 9114 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: null + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: null diff --git a/rendered/envs/production/ocis/deployment-postprocessing.yaml b/rendered/envs/production/ocis/deployment-postprocessing.yaml new file mode 100644 index 0000000..0f2eccf --- /dev/null +++ b/rendered/envs/production/ocis/deployment-postprocessing.yaml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: postprocessing + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: postprocessing + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: postprocessing + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - postprocessing + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: OCIS_PERSISTENT_STORE + value: nats-js-kv + - name: OCIS_PERSISTENT_STORE_NODES + value: nats:9233 + - name: POSTPROCESSING_LOG_COLOR + value: "false" + - name: POSTPROCESSING_LOG_LEVEL + value: info + - name: POSTPROCESSING_LOG_PRETTY + value: "false" + - name: POSTPROCESSING_DEBUG_PPROF + value: "false" + - name: POSTPROCESSING_DEBUG_ADDR + value: 0.0.0.0:9255 + - name: POSTPROCESSING_WORKERS + value: "3" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: postprocessing + ports: + - containerPort: 9255 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca diff --git a/rendered/envs/production/ocis/deployment-proxy.yaml b/rendered/envs/production/ocis/deployment-proxy.yaml new file mode 100644 index 0000000..0dea1e6 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-proxy.yaml @@ -0,0 +1,137 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: proxy + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: proxy + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 941efbdfcec62bd56f340d707523e4dbbdaef0b8501880d4fa52a89ccc0e3233 + labels: + app: proxy + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - proxy + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CACHE_STORE + value: nats-js-kv + - name: OCIS_CACHE_STORE_NODES + value: nats:9233 + - name: OCIS_CACHE_DISABLE_PERSISTENCE + value: "true" + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: PROXY_LOG_COLOR + value: "false" + - name: PROXY_LOG_LEVEL + value: info + - name: PROXY_LOG_PRETTY + value: "false" + - name: PROXY_TRACING_ENABLED + value: "false" + - name: PROXY_TRACING_TYPE + value: jaeger + - name: PROXY_TRACING_ENDPOINT + value: null + - name: PROXY_TRACING_COLLECTOR + value: null + - name: PROXY_DEBUG_PPROF + value: "false" + - name: PROXY_HTTP_ADDR + value: 0.0.0.0:9200 + - name: PROXY_DEBUG_ADDR + value: 0.0.0.0:9205 + - name: PROXY_OIDC_ISSUER + value: https://drive.tr1ceracop.de + - name: PROXY_TLS + value: "false" + - name: PROXY_OIDC_INSECURE + value: "false" + - name: PROXY_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: PROXY_MACHINE_AUTH_API_KEY + valueFrom: + secretKeyRef: + key: machine-auth-api-key + name: machine-auth-api-key + - name: PROXY_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: PROXY_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: PROXY_CSP_CONFIG_FILE_LOCATION + value: /etc/ocis/csp.yaml + - name: PROXY_AUTOPROVISION_ACCOUNTS + value: "false" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: proxy + ports: + - containerPort: 9200 + name: http + - containerPort: 9205 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis + name: configs + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - configMap: + name: proxy-config + name: configs diff --git a/rendered/envs/production/ocis/deployment-search.yaml b/rendered/envs/production/ocis/deployment-search.yaml new file mode 100644 index 0000000..97130e7 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-search.yaml @@ -0,0 +1,122 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: search + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: search + strategy: + type: Recreate + template: + metadata: + labels: + app: search + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - search + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: SEARCH_LOG_COLOR + value: "false" + - name: SEARCH_LOG_LEVEL + value: info + - name: SEARCH_LOG_PRETTY + value: "false" + - name: SEARCH_TRACING_ENABLED + value: "false" + - name: SEARCH_TRACING_TYPE + value: jaeger + - name: SEARCH_TRACING_ENDPOINT + value: null + - name: SEARCH_TRACING_COLLECTOR + value: null + - name: SEARCH_DEBUG_PPROF + value: "false" + - name: SEARCH_GRPC_ADDR + value: 0.0.0.0:9220 + - name: SEARCH_DEBUG_ADDR + value: 0.0.0.0:9224 + - name: SEARCH_EXTRACTOR_TYPE + value: basic + - name: SEARCH_EXTRACTOR_CS3SOURCE_INSECURE + value: "false" + - name: SEARCH_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: SEARCH_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: SEARCH_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: OCIS_ASYNC_UPLOADS + value: "true" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: search + ports: + - containerPort: 9220 + name: grpc + - containerPort: 9224 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + - mountPath: /var/lib/ocis + name: search-data + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca + - name: search-data + persistentVolumeClaim: + claimName: search-data diff --git a/rendered/envs/production/ocis/deployment-settings.yaml b/rendered/envs/production/ocis/deployment-settings.yaml new file mode 100644 index 0000000..257fff9 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-settings.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: settings + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: settings + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + labels: + app: settings + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - settings + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCIS_CACHE_STORE + value: nats-js-kv + - name: OCIS_CACHE_STORE_NODES + value: nats:9233 + - name: OCIS_CACHE_DISABLE_PERSISTENCE + value: "true" + - name: OCIS_DEFAULT_LANGUAGE + value: en + - name: SETTINGS_LOG_COLOR + value: "false" + - name: SETTINGS_LOG_LEVEL + value: info + - name: SETTINGS_LOG_PRETTY + value: "false" + - name: SETTINGS_TRACING_ENABLED + value: "false" + - name: SETTINGS_TRACING_TYPE + value: jaeger + - name: SETTINGS_TRACING_ENDPOINT + value: null + - name: SETTINGS_TRACING_COLLECTOR + value: null + - name: SETTINGS_DEBUG_PPROF + value: "false" + - name: SETTINGS_HTTP_ADDR + value: 0.0.0.0:9190 + - name: SETTINGS_GRPC_ADDR + value: 0.0.0.0:9191 + - name: SETTINGS_DEBUG_ADDR + value: 0.0.0.0:9194 + - name: SETTINGS_ADMIN_USER_ID + valueFrom: + secretKeyRef: + key: user-id + name: admin-user + - name: SETTINGS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: SETTINGS_SERVICE_ACCOUNT_IDS + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: OCIS_SYSTEM_USER_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: storage-system + - name: OCIS_SYSTEM_USER_ID + valueFrom: + secretKeyRef: + key: user-id + name: storage-system + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: settings + ports: + - containerPort: 9190 + name: http + - containerPort: 9191 + name: grpc + - containerPort: 9194 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: null + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: null diff --git a/rendered/envs/production/ocis/deployment-sharing.yaml b/rendered/envs/production/ocis/deployment-sharing.yaml new file mode 100644 index 0000000..389c9e8 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-sharing.yaml @@ -0,0 +1,155 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: sharing + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: sharing + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: sharing + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - sharing + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: SHARING_LOG_COLOR + value: "false" + - name: SHARING_LOG_LEVEL + value: info + - name: SHARING_LOG_PRETTY + value: "false" + - name: SHARING_TRACING_ENABLED + value: "false" + - name: SHARING_TRACING_TYPE + value: jaeger + - name: SHARING_TRACING_ENDPOINT + value: null + - name: SHARING_TRACING_COLLECTOR + value: null + - name: SHARING_DEBUG_PPROF + value: "false" + - name: SHARING_GRPC_ADDR + value: 0.0.0.0:9150 + - name: SHARING_DEBUG_ADDR + value: 0.0.0.0:9151 + - name: SHARING_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD + value: "false" + - name: SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD + value: "false" + - name: SHARING_PASSWORD_POLICY_MIN_CHARACTERS + value: "0" + - name: SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS + value: "0" + - name: SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS + value: "0" + - name: SHARING_PASSWORD_POLICY_MIN_DIGITS + value: "0" + - name: SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS + value: "0" + - name: SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST + value: /etc/ocis/sharing-banned-passwords.txt + - name: SHARING_USER_DRIVER + value: jsoncs3 + - name: SHARING_USER_JSONCS3_SYSTEM_USER_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: storage-system + - name: SHARING_USER_JSONCS3_SYSTEM_USER_ID + valueFrom: + secretKeyRef: + key: user-id + name: storage-system + - name: SHARING_PUBLIC_DRIVER + value: jsoncs3 + - name: SHARING_PUBLIC_JSONCS3_SYSTEM_USER_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: storage-system + - name: SHARING_PUBLIC_JSONCS3_SYSTEM_USER_ID + valueFrom: + secretKeyRef: + key: user-id + name: storage-system + - name: SHARING_USER_JSONCS3_MAX_CONCURRENCY + value: "20" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: sharing + ports: + - containerPort: 9150 + name: grpc + - containerPort: 9151 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + - mountPath: /etc/ocis + name: configs + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - emptyDir: {} + name: messaging-system-ca + - configMap: + name: sharing-banned-passwords-sharing + name: configs diff --git a/rendered/envs/production/ocis/deployment-sse.yaml b/rendered/envs/production/ocis/deployment-sse.yaml new file mode 100644 index 0000000..19c59f4 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-sse.yaml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: sse + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: sse + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: sse + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - sse + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: SSE_LOG_COLOR + value: "false" + - name: SSE_LOG_LEVEL + value: info + - name: SSE_LOG_PRETTY + value: "false" + - name: SSE_TRACING_ENABLED + value: "false" + - name: SSE_TRACING_TYPE + value: jaeger + - name: SSE_TRACING_ENDPOINT + value: null + - name: SSE_TRACING_COLLECTOR + value: null + - name: SSE_DEBUG_PPROF + value: "false" + - name: SSE_DEBUG_ADDR + value: 0.0.0.0:9135 + - name: SSE_HTTP_ADDR + value: 0.0.0.0:9939 + - name: SSE_KEEPALIVE_INTERVAL + value: 30s + - name: SSE_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: sse + ports: + - containerPort: 9939 + name: http + - containerPort: 9135 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca diff --git a/rendered/envs/production/ocis/deployment-storagepubliclink.yaml b/rendered/envs/production/ocis/deployment-storagepubliclink.yaml new file mode 100644 index 0000000..69bab8c --- /dev/null +++ b/rendered/envs/production/ocis/deployment-storagepubliclink.yaml @@ -0,0 +1,105 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storagepubliclink + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: storagepubliclink + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: storagepubliclink + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - storage-publiclink + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_PERSISTENT_STORE + value: nats-js-kv + - name: OCIS_PERSISTENT_STORE_NODES + value: nats:9233 + - name: STORAGE_PUBLICLINK_LOG_COLOR + value: "false" + - name: STORAGE_PUBLICLINK_LOG_LEVEL + value: info + - name: STORAGE_PUBLICLINK_LOG_PRETTY + value: "false" + - name: STORAGE_PUBLICLINK_TRACING_ENABLED + value: "false" + - name: STORAGE_PUBLICLINK_TRACING_TYPE + value: jaeger + - name: STORAGE_PUBLICLINK_TRACING_ENDPOINT + value: null + - name: STORAGE_PUBLICLINK_TRACING_COLLECTOR + value: null + - name: STORAGE_PUBLICLINK_DEBUG_PPROF + value: "false" + - name: STORAGE_PUBLICLINK_GRPC_ADDR + value: 0.0.0.0:9178 + - name: STORAGE_PUBLICLINK_DEBUG_ADDR + value: 0.0.0.0:9179 + - name: STORAGE_PUBLICLINK_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: storagepubliclink + ports: + - containerPort: 9178 + name: grpc + - containerPort: 9179 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume diff --git a/rendered/envs/production/ocis/deployment-storageshares.yaml b/rendered/envs/production/ocis/deployment-storageshares.yaml new file mode 100644 index 0000000..5b9b60b --- /dev/null +++ b/rendered/envs/production/ocis/deployment-storageshares.yaml @@ -0,0 +1,101 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storageshares + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: storageshares + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: storageshares + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - storage-shares + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: STORAGE_SHARES_LOG_COLOR + value: "false" + - name: STORAGE_SHARES_LOG_LEVEL + value: info + - name: STORAGE_SHARES_LOG_PRETTY + value: "false" + - name: STORAGE_SHARES_TRACING_ENABLED + value: "false" + - name: STORAGE_SHARES_TRACING_TYPE + value: jaeger + - name: STORAGE_SHARES_TRACING_ENDPOINT + value: null + - name: STORAGE_SHARES_TRACING_COLLECTOR + value: null + - name: STORAGE_SHARES_DEBUG_PPROF + value: "false" + - name: STORAGE_SHARES_GRPC_ADDR + value: 0.0.0.0:9154 + - name: STORAGE_SHARES_DEBUG_ADDR + value: 0.0.0.0:9156 + - name: STORAGE_SHARES_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: storageshares + ports: + - containerPort: 9154 + name: grpc + - containerPort: 9156 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume diff --git a/rendered/envs/production/ocis/deployment-storagesystem.yaml b/rendered/envs/production/ocis/deployment-storagesystem.yaml new file mode 100644 index 0000000..fad7e5f --- /dev/null +++ b/rendered/envs/production/ocis/deployment-storagesystem.yaml @@ -0,0 +1,130 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storagesystem + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: storagesystem + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: storagesystem + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - storage-system + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CACHE_STORE + value: nats-js-kv + - name: OCIS_CACHE_STORE_NODES + value: nats:9233 + - name: OCIS_CACHE_DISABLE_PERSISTENCE + value: "true" + - name: STORAGE_SYSTEM_LOG_COLOR + value: "false" + - name: STORAGE_SYSTEM_LOG_LEVEL + value: info + - name: STORAGE_SYSTEM_LOG_PRETTY + value: "false" + - name: STORAGE_SYSTEM_TRACING_ENABLED + value: "false" + - name: STORAGE_SYSTEM_TRACING_TYPE + value: jaeger + - name: STORAGE_SYSTEM_TRACING_ENDPOINT + value: null + - name: STORAGE_SYSTEM_TRACING_COLLECTOR + value: null + - name: STORAGE_SYSTEM_DEBUG_PPROF + value: "false" + - name: STORAGE_SYSTEM_GRPC_ADDR + value: 0.0.0.0:9215 + - name: STORAGE_SYSTEM_DEBUG_ADDR + value: 0.0.0.0:9217 + - name: STORAGE_SYSTEM_HTTP_ADDR + value: 0.0.0.0:9216 + - name: STORAGE_SYSTEM_DATA_SERVER_URL + value: http://storagesystem:9216/data + - name: STORAGE_SYSTEM_DRIVER + value: ocis + - name: STORAGE_SYSTEM_JWT_SECRET + valueFrom: + secretKeyRef: + key: storage-system-jwt-secret + name: storage-system-jwt-secret + - name: OCIS_SYSTEM_USER_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: storage-system + - name: OCIS_SYSTEM_USER_ID + valueFrom: + secretKeyRef: + key: user-id + name: storage-system + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: storagesystem + ports: + - containerPort: 9215 + name: grpc + - containerPort: 9216 + name: http + - containerPort: 9217 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /var/lib/ocis + name: storagesystem-data + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - name: storagesystem-data + persistentVolumeClaim: + claimName: storagesystem-data diff --git a/rendered/envs/production/ocis/deployment-storageusers.yaml b/rendered/envs/production/ocis/deployment-storageusers.yaml new file mode 100644 index 0000000..66d97cf --- /dev/null +++ b/rendered/envs/production/ocis/deployment-storageusers.yaml @@ -0,0 +1,195 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storageusers + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: storageusers + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: storageusers + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - storage-users + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: OCIS_CACHE_STORE + value: nats-js-kv + - name: OCIS_CACHE_STORE_NODES + value: nats:9233 + - name: OCIS_CACHE_DISABLE_PERSISTENCE + value: "true" + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: STORAGE_USERS_GATEWAY_GRPC_ADDR + value: gateway:9142 + - name: STORAGE_USERS_LOG_COLOR + value: "false" + - name: STORAGE_USERS_LOG_LEVEL + value: info + - name: STORAGE_USERS_LOG_PRETTY + value: "false" + - name: STORAGE_USERS_TRACING_ENABLED + value: "false" + - name: STORAGE_USERS_TRACING_TYPE + value: jaeger + - name: STORAGE_USERS_TRACING_ENDPOINT + value: null + - name: STORAGE_USERS_TRACING_COLLECTOR + value: null + - name: STORAGE_USERS_DEBUG_PPROF + value: "false" + - name: STORAGE_USERS_GRPC_ADDR + value: 0.0.0.0:9157 + - name: STORAGE_USERS_DEBUG_ADDR + value: 0.0.0.0:9159 + - name: STORAGE_USERS_HTTP_ADDR + value: 0.0.0.0:9158 + - name: STORAGE_USERS_DATA_SERVER_URL + value: http://storageusers:9158/data + - name: STORAGE_USERS_DRIVER + value: s3ng + - name: STORAGE_USERS_S3NG_MAX_CONCURRENCY + value: "100" + - name: STORAGE_USERS_S3NG_ENDPOINT + value: https://nbg1.your-objectstorage.com + - name: STORAGE_USERS_S3NG_REGION + value: nbg1 + - name: STORAGE_USERS_S3NG_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accessKey + name: ocis-s3-credentials + - name: STORAGE_USERS_S3NG_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretKey + name: ocis-s3-credentials + - name: STORAGE_USERS_S3NG_BUCKET + value: ocis-tr1ceracop + - name: STORAGE_USERS_S3NG_PUT_OBJECT_DISABLE_CONTENT_SHA256 + value: "false" + - name: STORAGE_USERS_S3NG_PUT_OBJECT_DISABLE_MULTIPART + value: "false" + - name: STORAGE_USERS_S3NG_PUT_OBJECT_SEND_CONTENT_MD5 + value: "true" + - name: STORAGE_USERS_S3NG_PUT_OBJECT_CONCURRENT_STREAM_PARTS + value: "true" + - name: STORAGE_USERS_S3NG_PUT_OBJECT_NUM_THREADS + value: "4" + - name: STORAGE_USERS_S3NG_PUT_OBJECT_PART_SIZE + value: "0" + - name: STORAGE_USERS_UPLOAD_EXPIRATION + value: "86400" + - name: STORAGE_USERS_PURGE_TRASH_BIN_PERSONAL_DELETE_BEFORE + value: 720h + - name: STORAGE_USERS_PURGE_TRASH_BIN_PROJECT_DELETE_BEFORE + value: 720h + - name: STORAGE_USERS_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: STORAGE_USERS_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: STORAGE_USERS_STAT_CACHE_STORE + value: noop + - name: STORAGE_USERS_MOUNT_ID + valueFrom: + configMapKeyRef: + key: storage-uuid + name: storage-users + - name: STORAGE_USERS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: OCIS_TRANSFER_SECRET + valueFrom: + secretKeyRef: + key: transfer-secret + name: transfer-secret + - name: OCIS_ASYNC_UPLOADS + value: "true" + - name: STORAGE_USERS_EVENTS_NUM_CONSUMERS + value: "10" + - name: STORAGE_USERS_DATA_GATEWAY_URL + value: http://frontend:9140/data/ + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: storageusers + ports: + - containerPort: 9157 + name: grpc + - containerPort: 9158 + name: http + - containerPort: 9159 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + - mountPath: /var/lib/ocis + name: storageusers-data + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - emptyDir: {} + name: messaging-system-ca + - name: storageusers-data + persistentVolumeClaim: + claimName: storageusers-data diff --git a/rendered/envs/production/ocis/deployment-thumbnails.yaml b/rendered/envs/production/ocis/deployment-thumbnails.yaml new file mode 100644 index 0000000..9a26502 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-thumbnails.yaml @@ -0,0 +1,122 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: thumbnails + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: thumbnails + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: thumbnails + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - thumbnails + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: THUMBNAILS_LOG_COLOR + value: "false" + - name: THUMBNAILS_LOG_LEVEL + value: info + - name: THUMBNAILS_LOG_PRETTY + value: "false" + - name: THUMBNAILS_TRACING_ENABLED + value: "false" + - name: THUMBNAILS_TRACING_TYPE + value: jaeger + - name: THUMBNAILS_TRACING_ENDPOINT + value: null + - name: THUMBNAILS_TRACING_COLLECTOR + value: null + - name: THUMBNAILS_DEBUG_PPROF + value: "false" + - name: THUMBNAILS_GRPC_ADDR + value: 0.0.0.0:9185 + - name: THUMBNAILS_HTTP_ADDR + value: 0.0.0.0:9186 + - name: THUMBNAILS_DEBUG_ADDR + value: 0.0.0.0:9189 + - name: THUMBNAILS_DATA_ENDPOINT + value: http://thumbnails:9186/thumbnails/data + - name: THUMBNAILS_MAX_CONCURRENT_REQUESTS + value: "0" + - name: THUMBNAILS_MAX_INPUT_IMAGE_FILE_SIZE + value: 50MB + - name: THUMBNAILS_MAX_INPUT_WIDTH + value: "7680" + - name: THUMBNAILS_MAX_INPUT_HEIGHT + value: "7680" + - name: THUMBNAILS_WEBDAVSOURCE_INSECURE + value: "false" + - name: THUMBNAILS_CS3SOURCE_INSECURE + value: "false" + - name: THUMBNAILS_TRANSFER_TOKEN + valueFrom: + secretKeyRef: + key: thumbnails-transfer-secret + name: thumbnails-transfer-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: thumbnails + ports: + - containerPort: 9185 + name: grpc + - containerPort: 9186 + name: http + - containerPort: 9189 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/lib/ocis + name: thumbnails-data + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - name: thumbnails-data + persistentVolumeClaim: + claimName: thumbnails-data diff --git a/rendered/envs/production/ocis/deployment-userlog.yaml b/rendered/envs/production/ocis/deployment-userlog.yaml new file mode 100644 index 0000000..1fd4f27 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-userlog.yaml @@ -0,0 +1,116 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: userlog + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: userlog + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: userlog + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - userlog + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: OCIS_EVENTS_ENDPOINT + value: nats:9233 + - name: OCIS_PERSISTENT_STORE + value: nats-js-kv + - name: OCIS_PERSISTENT_STORE_NODES + value: nats:9233 + - name: OCIS_DEFAULT_LANGUAGE + value: en + - name: USERLOG_LOG_COLOR + value: "false" + - name: USERLOG_LOG_LEVEL + value: info + - name: USERLOG_LOG_PRETTY + value: "false" + - name: USERLOG_DEBUG_PPROF + value: "false" + - name: USERLOG_HTTP_ADDR + value: 0.0.0.0:8080 + - name: USERLOG_DEBUG_ADDR + value: 0.0.0.0:9210 + - name: USERLOG_SERVICE_ACCOUNT_ID + valueFrom: + configMapKeyRef: + key: service-account-id + name: auth-service + - name: USERLOG_SERVICE_ACCOUNT_SECRET + valueFrom: + secretKeyRef: + key: service-account-secret + name: service-account-secret + - name: USERLOG_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + - name: USERLOG_MAX_CONCURRENCY + value: "1" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: userlog + ports: + - containerPort: 8080 + name: http + - containerPort: 9210 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis/messaging-system-ca + name: messaging-system-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: messaging-system-ca diff --git a/rendered/envs/production/ocis/deployment-users.yaml b/rendered/envs/production/ocis/deployment-users.yaml new file mode 100644 index 0000000..a6fce3a --- /dev/null +++ b/rendered/envs/production/ocis/deployment-users.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: users + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: users + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: users + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - users + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: USERS_LOG_COLOR + value: "false" + - name: USERS_LOG_LEVEL + value: info + - name: USERS_LOG_PRETTY + value: "false" + - name: USERS_TRACING_ENABLED + value: "false" + - name: USERS_TRACING_TYPE + value: jaeger + - name: USERS_TRACING_ENDPOINT + value: null + - name: USERS_TRACING_COLLECTOR + value: null + - name: USERS_DEBUG_PPROF + value: "false" + - name: USERS_GRPC_ADDR + value: 0.0.0.0:9144 + - name: USERS_DEBUG_ADDR + value: 0.0.0.0:9145 + - name: USERS_LDAP_URI + value: ldaps://idm:9235 + - name: USERS_LDAP_CACERT + value: /etc/ocis/ldap-ca/ldap-ca.crt + - name: USERS_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + key: reva-ldap-bind-password + name: ldap-bind-secrets + - name: USERS_IDP_URL + value: https://drive.tr1ceracop.de + - name: USERS_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: users + ports: + - containerPort: 9144 + name: grpc + - containerPort: 9145 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /etc/ocis/ldap-ca + name: ldap-ca + readOnly: true + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - emptyDir: {} + name: tmp-volume + - name: ldap-ca + secret: + secretName: ldap-ca diff --git a/rendered/envs/production/ocis/deployment-web.yaml b/rendered/envs/production/ocis/deployment-web.yaml new file mode 100644 index 0000000..a5e7545 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-web.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: web + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: web + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: cec3e646a6e624081e4fe2c886cae482477f21ba2edc86cee2e89c17d92f2034 + labels: + app: web + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - web + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: WEB_LOG_COLOR + value: "false" + - name: WEB_LOG_LEVEL + value: info + - name: WEB_LOG_PRETTY + value: "false" + - name: WEB_TRACING_ENABLED + value: "false" + - name: WEB_TRACING_TYPE + value: jaeger + - name: WEB_TRACING_ENDPOINT + value: null + - name: WEB_TRACING_COLLECTOR + value: null + - name: WEB_DEBUG_PPROF + value: "false" + - name: WEB_HTTP_ADDR + value: 0.0.0.0:9100 + - name: WEB_DEBUG_ADDR + value: 0.0.0.0:9104 + - name: WEB_OIDC_AUTHORITY + value: https://drive.tr1ceracop.de + - name: WEB_OIDC_CLIENT_ID + value: web + - name: WEB_OIDC_SCOPE + value: openid profile email + - name: WEB_UI_THEME_SERVER + value: https://drive.tr1ceracop.de + - name: WEB_UI_THEME_PATH + value: /themes/owncloud/theme.json + - name: WEB_UI_CONFIG_SERVER + value: https://drive.tr1ceracop.de + - name: WEB_OPTION_CONTEXTHELPERS_READ_MORE + value: "true" + - name: WEB_OPTION_DISABLE_FEEDBACK_LINK + value: "true" + - name: WEB_OPTION_TOKEN_STORAGE_LOCAL + value: "true" + - name: WEB_JWT_SECRET + valueFrom: + secretKeyRef: + key: jwt-secret + name: jwt-secret + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: web + ports: + - containerPort: 9100 + name: http + - containerPort: 9104 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /etc/ocis + name: configs + - mountPath: /var/lib/ocis/web/assets/apps + name: apps + - mountPath: /var/lib/ocis + name: web-data + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: + - configMap: + name: web-config + name: configs + - emptyDir: {} + name: apps + - name: web-data + persistentVolumeClaim: + claimName: web-data diff --git a/rendered/envs/production/ocis/deployment-webdav.yaml b/rendered/envs/production/ocis/deployment-webdav.yaml new file mode 100644 index 0000000..8104fcf --- /dev/null +++ b/rendered/envs/production/ocis/deployment-webdav.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: webdav + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: webdav + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: webdav + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - webdav + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: WEBDAV_LOG_COLOR + value: "false" + - name: WEBDAV_LOG_LEVEL + value: info + - name: WEBDAV_LOG_PRETTY + value: "false" + - name: WEBDAV_TRACING_ENABLED + value: "false" + - name: WEBDAV_TRACING_TYPE + value: jaeger + - name: WEBDAV_TRACING_ENDPOINT + value: null + - name: WEBDAV_TRACING_COLLECTOR + value: null + - name: WEBDAV_DEBUG_PPROF + value: "false" + - name: WEBDAV_HTTP_ADDR + value: 0.0.0.0:9115 + - name: WEBDAV_DEBUG_ADDR + value: 0.0.0.0:9119 + - name: OCIS_PUBLIC_URL + value: https://drive.tr1ceracop.de + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: webdav + ports: + - containerPort: 9115 + name: http + - containerPort: 9119 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: null + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: null diff --git a/rendered/envs/production/ocis/deployment-webfinger.yaml b/rendered/envs/production/ocis/deployment-webfinger.yaml new file mode 100644 index 0000000..6aaf363 --- /dev/null +++ b/rendered/envs/production/ocis/deployment-webfinger.yaml @@ -0,0 +1,100 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: webfinger + namespace: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: webfinger + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app: webfinger + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + spec: + containers: + - args: + - webfinger + - server + command: + - ocis + env: + - name: MICRO_REGISTRY + value: nats-js-kv + - name: MICRO_REGISTRY_ADDRESS + value: nats:9233 + - name: OCIS_CORS_ALLOW_ORIGINS + value: https://drive.tr1ceracop.de + - name: WEBFINGER_LOG_COLOR + value: "false" + - name: WEBFINGER_LOG_LEVEL + value: info + - name: WEBFINGER_LOG_PRETTY + value: "false" + - name: WEBFINGER_TRACING_ENABLED + value: "false" + - name: WEBFINGER_TRACING_TYPE + value: jaeger + - name: WEBFINGER_TRACING_ENDPOINT + value: null + - name: WEBFINGER_TRACING_COLLECTOR + value: null + - name: WEBFINGER_DEBUG_PPROF + value: "false" + - name: WEBFINGER_HTTP_ADDR + value: 0.0.0.0:8080 + - name: WEBFINGER_DEBUG_ADDR + value: 0.0.0.0:8081 + - name: WEBFINGER_OIDC_ISSUER + value: https://drive.tr1ceracop.de + - name: WEBFINGER_OWNCLOUD_SERVER_INSTANCE_URL + value: https://drive.tr1ceracop.de + - name: WEBFINGER_INSECURE + value: "false" + image: owncloud/ocis:7.1.4 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: metrics-debug + initialDelaySeconds: 60 + periodSeconds: 20 + timeoutSeconds: 10 + name: webfinger + ports: + - containerPort: 8080 + name: http + - containerPort: 8081 + name: metrics-debug + resources: {} + securityContext: + readOnlyRootFilesystem: true + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: null + nodeSelector: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + volumes: null diff --git a/rendered/envs/production/nextcloud/ingress-nextcloud.yaml b/rendered/envs/production/ocis/ingress-proxy.yaml similarity index 53% rename from rendered/envs/production/nextcloud/ingress-nextcloud.yaml rename to rendered/envs/production/ocis/ingress-proxy.yaml index 39dc9b7..e8ccd58 100644 --- a/rendered/envs/production/nextcloud/ingress-nextcloud.yaml +++ b/rendered/envs/production/ocis/ingress-proxy.yaml @@ -5,28 +5,27 @@ metadata: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git cert-manager.io/cluster-issuer: letsencrypt labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: nextcloud + app.kubernetes.io/instance: ocis app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nextcloud - app.kubernetes.io/version: 33.0.0 - helm.sh/chart: nextcloud-9.0.4 - name: nextcloud - namespace: nextcloud + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: proxy + namespace: ocis spec: ingressClassName: traefik rules: - - host: nextcloud.tr1ceracop.de + - host: drive.tr1ceracop.de http: paths: - backend: service: - name: nextcloud + name: proxy port: - number: 8080 + number: 9200 path: / pathType: Prefix tls: - hosts: - - nextcloud.tr1ceracop.de - secretName: nextcloud-tls + - drive.tr1ceracop.de + secretName: ocis-tls diff --git a/rendered/envs/production/ocis/job-ocis-secret-init.yaml b/rendered/envs/production/ocis/job-ocis-secret-init.yaml new file mode 100644 index 0000000..3af091c --- /dev/null +++ b/rendered/envs/production/ocis/job-ocis-secret-init.yaml @@ -0,0 +1,40 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + argocd.argoproj.io/sync-options: Replace=true + name: ocis-secret-init + namespace: ocis +spec: + template: + spec: + containers: + - command: + - sh + - -c + - | + set -e + + SECRET_NAME="ocis-s3-credentials" + + if ! kubectl get secret "${SECRET_NAME}" -n ${NAMESPACE} >/dev/null 2>&1; then + echo "ERROR: Secret ${SECRET_NAME} does not exist in namespace ${NAMESPACE}." + echo "Please create it manually with keys 'accessKey' and 'secretKey':" + echo " kubectl create secret generic ${SECRET_NAME} -n ${NAMESPACE} \\" + echo " --from-literal=accessKey= \\" + echo " --from-literal=secretKey=" + exit 1 + else + echo "Secret ${SECRET_NAME} exists, OK" + fi + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: alpine/k8s:1.32.3 + name: init + restartPolicy: OnFailure + serviceAccountName: ocis-secret-init + ttlSecondsAfterFinished: 300 diff --git a/rendered/envs/production/nextcloud/namespace-nextcloud.yaml b/rendered/envs/production/ocis/namespace-ocis.yaml similarity index 83% rename from rendered/envs/production/nextcloud/namespace-nextcloud.yaml rename to rendered/envs/production/ocis/namespace-ocis.yaml index e182df4..50dc8b5 100644 --- a/rendered/envs/production/nextcloud/namespace-nextcloud.yaml +++ b/rendered/envs/production/ocis/namespace-ocis.yaml @@ -5,5 +5,5 @@ metadata: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git labels: pod-security.kubernetes.io/enforce: privileged - name: nextcloud - namespace: nextcloud + name: ocis + namespace: ocis diff --git a/rendered/envs/production/ocis/persistentvolumeclaim-idm-data.yaml b/rendered/envs/production/ocis/persistentvolumeclaim-idm-data.yaml new file mode 100644 index 0000000..15b8f92 --- /dev/null +++ b/rendered/envs/production/ocis/persistentvolumeclaim-idm-data.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + finalizers: + - kubernetes.io/pvc-protection + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: idm-data + namespace: ocis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: local-path diff --git a/rendered/envs/production/ocis/persistentvolumeclaim-nats-data.yaml b/rendered/envs/production/ocis/persistentvolumeclaim-nats-data.yaml new file mode 100644 index 0000000..cb0dca3 --- /dev/null +++ b/rendered/envs/production/ocis/persistentvolumeclaim-nats-data.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + finalizers: + - kubernetes.io/pvc-protection + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: nats-data + namespace: ocis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: local-path diff --git a/rendered/envs/production/ocis/persistentvolumeclaim-search-data.yaml b/rendered/envs/production/ocis/persistentvolumeclaim-search-data.yaml new file mode 100644 index 0000000..332197b --- /dev/null +++ b/rendered/envs/production/ocis/persistentvolumeclaim-search-data.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + finalizers: + - kubernetes.io/pvc-protection + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: search-data + namespace: ocis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: local-path diff --git a/rendered/envs/production/ocis/persistentvolumeclaim-storagesystem-data.yaml b/rendered/envs/production/ocis/persistentvolumeclaim-storagesystem-data.yaml new file mode 100644 index 0000000..22954e1 --- /dev/null +++ b/rendered/envs/production/ocis/persistentvolumeclaim-storagesystem-data.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + finalizers: + - kubernetes.io/pvc-protection + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storagesystem-data + namespace: ocis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: local-path diff --git a/rendered/envs/production/ocis/persistentvolumeclaim-storageusers-data.yaml b/rendered/envs/production/ocis/persistentvolumeclaim-storageusers-data.yaml new file mode 100644 index 0000000..c91a50d --- /dev/null +++ b/rendered/envs/production/ocis/persistentvolumeclaim-storageusers-data.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + finalizers: + - kubernetes.io/pvc-protection + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: storageusers-data + namespace: ocis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: local-path diff --git a/rendered/envs/production/nextcloud/persistentvolumeclaim-nextcloud-nextcloud.yaml b/rendered/envs/production/ocis/persistentvolumeclaim-thumbnails-data.yaml similarity index 53% rename from rendered/envs/production/nextcloud/persistentvolumeclaim-nextcloud-nextcloud.yaml rename to rendered/envs/production/ocis/persistentvolumeclaim-thumbnails-data.yaml index f8edf43..5159299 100644 --- a/rendered/envs/production/nextcloud/persistentvolumeclaim-nextcloud-nextcloud.yaml +++ b/rendered/envs/production/ocis/persistentvolumeclaim-thumbnails-data.yaml @@ -3,16 +3,14 @@ kind: PersistentVolumeClaim metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - helm.sh/resource-policy: keep labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: nextcloud + app.kubernetes.io/instance: ocis app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: nextcloud - app.kubernetes.io/version: 33.0.0 - helm.sh/chart: nextcloud-9.0.4 - name: nextcloud-nextcloud - namespace: nextcloud + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: thumbnails-data + namespace: ocis spec: accessModes: - ReadWriteOnce diff --git a/rendered/envs/production/ocis/persistentvolumeclaim-web-data.yaml b/rendered/envs/production/ocis/persistentvolumeclaim-web-data.yaml new file mode 100644 index 0000000..a3521fa --- /dev/null +++ b/rendered/envs/production/ocis/persistentvolumeclaim-web-data.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + name: web-data + namespace: ocis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: local-path diff --git a/rendered/envs/production/nextcloud/role-nextcloud-secret-init.yaml b/rendered/envs/production/ocis/role-ocis-secret-init.yaml similarity index 83% rename from rendered/envs/production/nextcloud/role-nextcloud-secret-init.yaml rename to rendered/envs/production/ocis/role-ocis-secret-init.yaml index 32421f5..cd5b69b 100644 --- a/rendered/envs/production/nextcloud/role-nextcloud-secret-init.yaml +++ b/rendered/envs/production/ocis/role-ocis-secret-init.yaml @@ -3,8 +3,8 @@ kind: Role metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - name: nextcloud-secret-init - namespace: nextcloud + name: ocis-secret-init + namespace: ocis rules: - apiGroups: - "" diff --git a/rendered/envs/production/nextcloud/rolebinding-nextcloud-secret-init.yaml b/rendered/envs/production/ocis/rolebinding-ocis-secret-init.yaml similarity index 65% rename from rendered/envs/production/nextcloud/rolebinding-nextcloud-secret-init.yaml rename to rendered/envs/production/ocis/rolebinding-ocis-secret-init.yaml index 114f318..93d3e50 100644 --- a/rendered/envs/production/nextcloud/rolebinding-nextcloud-secret-init.yaml +++ b/rendered/envs/production/ocis/rolebinding-ocis-secret-init.yaml @@ -3,13 +3,13 @@ kind: RoleBinding metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - name: nextcloud-secret-init - namespace: nextcloud + name: ocis-secret-init + namespace: ocis roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: nextcloud-secret-init + name: ocis-secret-init subjects: - kind: ServiceAccount - name: nextcloud-secret-init - namespace: nextcloud + name: ocis-secret-init + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-admin-user.yaml b/rendered/envs/production/ocis/secret-admin-user.yaml new file mode 100644 index 0000000..a7df7a2 --- /dev/null +++ b/rendered/envs/production/ocis/secret-admin-user.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + password: YlpRdWlYYVdXZXhJRzI3cE5BMzR6RWVMajFLVzBr + user-id: NzE4ZTlmOTEtNmU3ZS00ZDMwLWE0MjktODcxMmQ4NDU1ODZl +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: admin-user + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-collaboration-wopi-secret.yaml b/rendered/envs/production/ocis/secret-collaboration-wopi-secret.yaml new file mode 100644 index 0000000..0c19b12 --- /dev/null +++ b/rendered/envs/production/ocis/secret-collaboration-wopi-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + wopi-secret: T1FDSW0wNmZ3bWJldFpta0JwU29td2FRU3lkMk4x +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: collaboration-wopi-secret + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-idp-secrets.yaml b/rendered/envs/production/ocis/secret-idp-secrets.yaml new file mode 100644 index 0000000..cc46efb --- /dev/null +++ b/rendered/envs/production/ocis/secret-idp-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + encryption.key: LktHOEQ0U1JpTmEofERhYi9EMjBKbWEzYDRmJkVaJlg= + private-key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdm5BTUxGMW1JUzd3M0pETEhPeCtMUjY5U2hCSUxReXorQXFkN0d1TUNlcytzKzFlCkVORHVQRW85VE5iZVJHdzBtbjVWMU9iY2lPSG1CaFlSMjh6UHl4RFhmZUhuWVFpczl0cFFUQ3hhNmJPTDcwOFIKd2JDdkM3eW53QURQU05kRUFUbFNDR3NBbTZJaHpOZUhOc3ZUVlZCVU03NDhWd3lmT1F2MU1lQnN2MDlDOWxIVAovb2xpU1RQbkhIeEZXUFVZOHJ0QTEvRzM2cnJCaGtLYkhKWnd2S242Vi9jdXNnbDVZMHQzNmdCMEYyMlkrd0ppCjU3ejZEdGQ1SWo0VEtSNWVEN1dGM0ZsamYrWElGQVNPVFRJUEtUcWRQZTQ5TFcvaWxwMVlnZXdQTnBiSWwrTy8KZ3pwQ0o1ZUlzMlhIYmVnRFRVRTZTU1FrenVWUUlCY2luY2dicTA1MzJnVmpkRklVdEptaTg4elg0US9sNkZuZQptZDVGV2diY29KYjg0YXk3VmZ2NjNLMHpqcXlxK2taU0Roay91eW1wM3NxY3ZqU1BkOW01Vk1VYnFSUUw5cUpyCnczUVBhRlNKdlFvMjQyTG5WZE1TakRJVEgwZUtJdExLNkwxQW9KVW8zRFlpb3U4V0ExOUZGS2NHVE5MeHhONzEKRGk5dmQ0Q1BYR2pvRjQyTFFHVFVFY2hDRDRBZzRaZHVqZUVmb0ZTWEhXQmtHM0M4SjJJODFqeDdSTXdNMVFXdAphWjVRMmVTb2xyWHVJTFpnQTc4SWZmc2NYRGZQK0NOQ1l3RTI2dWUxVnFDd2FnMUxEV0UyWFY0ZFdQWUpuQnR6CndwN0p2aGR2MHpBeUprVGhLYVloUlgvVFljTDF0djV3VnZvSnZtTDV6UXBNeTBsWnZscFFtSDlEaHNNQ0F3RUEKQVFLQ0FnQmJJUUVpUmJ0Mmk2RGsyMERtNFdCcnRQYjl0eGJpdjk1ckJxR1ZuYzFRZmNydWpOcmpqeWRCb0lELwpBUjh4Zk5vYlIvTkl3d1NyVi9ZYjJYbklSWlQxNW1SSUw4N3FCeDNGcnFpWUd1MlNRY0huelYyQTQweVFnRUdCCnhxRnFpT0JZK1pZQXd6dHlQajZRYUY2aTRSeUxDYnFSWENwQnVaK0R5KzRVWlFHRTlxZmplVHJKNWZJcmQzUFQKbE1BV2xvck90TDZOMTNTY0Zhdy8xQ1dubzNIbFJpMnU1SERxNzArd0xVLy9vU0hzaUJ5Wm1RVzlRUmdqL0FaUwpWWVFUdkIxa3hRZCtieVFHOHUwd2J4R3RiUlFHTmE5REVIc2tBQk5jNFlTVi8yRTBUU2xHVGN5NlBpbWtDb1oyCjJuQjVibm9PQVBXa1JIQjh0UTBIbmlxSmVGV01hN2UzRW1BZ2UzYzM0Y0VXSVZkKzcxcUNoQlFGVG0ySWlTVE8KU3NKUXZKVHM3QTJ6SnZTRmJDSWpKTUZ3VzZaWGVBR3ZlSHp2d3NEdnNmTjRiS3BFVVpjVkorUTFDWlRKKzRQYwo0RU15ZnJBN2ozcXpld0liRFFuNWlKMFFEd2d0SHNQVURaenNncWIvcUQyWiswNEdDY2xGWXY3cDBiWnZQU2FjCmxXaGdzeUcrZWl5Y1BPaHVSdjV2N3VSYWlJZjVQUUxkNVBONWczdkhGeThRdjlYSXBlSUp1V1F4VXAyVlJCVEMKOEpOK1Ria2FsdXhKYlRnSzRTRzhGV1JnTVBYTlRheWRiOXlhUTZERkR2NkFFTTBUYmtvNUlVZ1R0MWtNdDFNagpOK1JJOXdjWW9aRWVJNUdhRDlwWlNLOUE2eDRDNGhuUUJRYUpjSW55WUxGcUJlYjE0UUtDQVFFQTVNZ2ppRFZpClQxczJFVlJLOFBEV2xZRE5MZEV6Q01lRzJ3d3dkVXoxekpTL05haWhyZXVLd21jNS9kdGpVWmQ0NXh4MHNHRlAKOURNTTJNdjNFT3RHWEVLcWwxRGo1ekxwYmFLTTdGZGdSYk0rUjJaVjU5OVczbytxZC9raTJRazRVVVJ6MFJBeAp6S0o5NGt3WjQwdTZZb0dHUHBtMjNuVTZtNzM4dWFXN29GNXVXL3RXRDN1QnRoM2YwRFQ1MDNPNEhEWFlpbncvCnd1RE1HUmpDTlhVYlJXRzk4cnhwU29IQUpnTjRCbituSTlHaUNmNWwwUUFGMHMxSXlyZWpQOGJwYWlJcUZUTGUKUEtyMEFUM3JTSXk5dGhtOEVxOWUwcEllWDRkR2FVbnA4TW44M3ozYkZUZmJ6U1RKbi9VdHNUNkdIc3Q1YnRlSAptZmplb0gvQ282Z0tjUUtDQVFFQTFSZ1dOU2Y1UjdJK0lHYVAwK1hNUXNzSHpmeFVhQWo2M01DeU9RdDFFRnNsCmZSb21JSkNHTVBub0EyWlhGWHBHa1RPaVF6VUZTMFR0NmlhczZJeU40cExSdUpEY3BWd2kwaDhQZncyV0RaMUgKUnV2M0tOZnNrQlpQT1lpelVlSnQzWkhDUkJHMjVCTFdGbldlWUY1Z1VlWHJ6V2Z1RU1vcWxGVDBsZmgxWWZuVQpVQTFDUkxOTHV3anpRT2lTeCtvY2NHanpkOTFuMnNhSEw4a05tSVo0K0p3d0RKMmloUXAwYWZoTSs2dWtLayt2Cjd0dm52dDZWWXhaUXNkMnlYWlJjbUF4V0tnWVlpeE9JNUVGdU9wVTdwRU5lLzF5V3pndzJaNGRLbTRBWDNKM0UKOGp4bks0em9CdCthYXBVYlJnc2d3WWJCWkpEREF0RkhlUEFhSFVNMmN3S0NBUUF0cjJXaENvQUNOc1dhT2tubwp5VDhnaGFMelZrWXBwNlpmVVpUUHA3bWh5OFpQRWNpUGNXeTVHMkh5Tm9BangrcWx4QUh0UXRGemcwbzZkS2gyCm9YVGdjWk9kT2RMNDFTclY4TkxSVXpWdlZiYkhEVUYwVng0Q3ZZK2QrNHNnNmYxc0JRNVhuak5EbU9Nb2NHZnYKQXExS2hIRHBTVXJDSzRpemx3SERsTHZkNzExOFVybEJ5RGtEdy8xd2wxT1lEUkNqMllEUFRyWncxUEVNeGV2cQpQdU5lUElGdzJuendHdTdpNkdoc2E4dFZsTVFWMk00K0tSSUFvV3U2eDJiN0VsNkVDaVI3TFRoQnh5V0lwZk80Ci9obllKbFZ2S2NQMnFxVVVFSEJZRUNGK0t1ZXJNSy95RWNCN3U2L2ptRk15aExqRnAzNHRTeTdSNldlVGgwKzMKM0pPUkFvSUJBUUNFYitybGNJbWFTS29hQXdRaXd2QlhGczRyOUVZVlBuZURHWFBxeGpja1NqR2JkZFA2YXpncgpXalliWHRDQ3RiTUQ3VjVNZkxoa2xsdHpLa1JPWjRTTEs0cVNOZDRjRzQ0OG56ZEhWSTlNdU5JaXZ1YW1pTVFxCnJPTGlOQmFXcnE1dmhYYUNUYXdvUlppdTdyelcwZkQxRlh1ZTlwZmI4WG5USkpXNlcyZkEwNzlqWFVveFhtbVQKdmJWSlF3SnVvdzYzd2xLR3phRU5ORk95bkRjSjg1RmRtZHkzQ29XR1FBQW9HRHpvTVQzZldoVlMwM05OaWhLNApPWmMvWkRURnVqNXQ5VVRiNjF2M205VjVYeno5eGVBQ2NDaXJkc1QzSEZuM3IvcnJlQW5jZ0dWMTA1cWZVM3lsClFQVThocDBqeENqQWZsclZnSzdpb21UVVFnMUk0SXdIQW9JQkFGd3JGVFRtbk14dCt4RitHUmRVbTMwVXBYMGsKVVlpOENLV0llZ3ErR1ViOW1hU0o4LytEYmJRRDZwdks3Zmw2S0swOXR0WjNabGN0M050dnd1cnR2TWw5eDRtRgo3Q2RFRkp3RWhoSmdyTVdhMUJzc25LYndibGVNRUR2T0xOc2piS1V4UlRNaWFEdHA5RXBKNkV6dmxFZU1YOEZyCno0aXRwTXpoZW5uWlNwWU9FS0JsVVJhSGFERVdZTDdGblhIc1BNakZNaGRHdmJROUFLTUk5N1RtazNvNG9Ld1gKQmluNm1FQStaM3NFd1ljYk1tNHFDbTZ2NUMrVW90WWN0SjFOMGFldXRMWkhDZnlia0RBWkVTaTlITkNua2h5UQp2M3RqY3NVQmVRWk0rUFRMK3dJVGd4TEF6Q0lMT0d6Y1YzZFRXK3d6SzE4aUhaTXNxeHROOWF4ajBvND0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: idp-secrets + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-jwt-secret.yaml b/rendered/envs/production/ocis/secret-jwt-secret.yaml new file mode 100644 index 0000000..042cd44 --- /dev/null +++ b/rendered/envs/production/ocis/secret-jwt-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + jwt-secret: eWU2dHdSTjlYM3R0SkZhT0lFdnFpWHJzclRaMDND +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: jwt-secret + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-ldap-bind-secrets.yaml b/rendered/envs/production/ocis/secret-ldap-bind-secrets.yaml new file mode 100644 index 0000000..a356cbe --- /dev/null +++ b/rendered/envs/production/ocis/secret-ldap-bind-secrets.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + graph-ldap-bind-password: b09yM2dZZDE0VFlEUWlBOEJZWDlGY2FlZFBXUWhG + idp-ldap-bind-password: a3lYWWtER3FlSlhLcXpQb25uYTRySDU3SGh0WHFO + reva-ldap-bind-password: SGoybVlLSFZVaDRKZkhxMkxlcmJJam9pOWVUT0p4 +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: ldap-bind-secrets + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-ldap-ca.yaml b/rendered/envs/production/ocis/secret-ldap-ca.yaml new file mode 100644 index 0000000..679f2d6 --- /dev/null +++ b/rendered/envs/production/ocis/secret-ldap-ca.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + ldap-ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREekNDQWZlZ0F3SUJBZ0lRWTZUaXZOUjZhQ3JmV1l5OWtVTjVCakFOQmdrcWhraUc5dzBCQVFzRkFEQVMKTVJBd0RnWURWUVFERXdkc1pHRndMV05oTUI0WERUSTJNRFF3TkRFNE1UWXhOMW9YRFRJM01EUXdOREU0TVRZeApOMW93RWpFUU1BNEdBMVVFQXhNSGJHUmhjQzFqWVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQUxPNC95N3NyRGFYVUg2ZjJRN2I3UmZKd2Rvb2JuL1dDMGhqaEFLOVpacXdFUjB6ZUtvTWY3NHMKendMc3BhSm1sYjZCV3ZzWDh2Z3BJOXhJcUoxcVdBWVNlRCtKa0xVT3B0UER0R0R5U3RTVWlDb2xuUWZPZGxzQQp4K2FhOGNqU3A4OHQ2RmFOR3ZxNGxIMXljdnRSektRaTJHNkQrOUpFcDdDOVFPOWg4bFJaSkFMODJ1bHR6T3B5ClVWTUR4OWxQR2NmWEFhZklUTUxPQ1o1c0xVWmNMeU9aRlVWbnROS3NBT0Fqc1greWltUnc1NVZSMEczSWcrMFIKMWpaSVZmVFA2OTZqcWFPN3BuU1pNdlBSUkk1OFB0S0x1bU9oT0RxZHhsUEtEWU5LYUZ3TmlwNmJZUGd5Y2x3Tgo5dzlodkdUZ2t3dzZPSFdRenp3akw0Y0tWOCt6RnhjQ0F3RUFBYU5oTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trCk1CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFQQmdOVkhSTUJBZjhFQlRBREFRSC8KTUIwR0ExVWREZ1FXQkJTZlR0cEp2R1V4UjZhbXdxZllkem1EU0U0bnRUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBYkdvZVJaTk9IWDlZWWpWZ3JaZjRDZ0txMlhkb0VkcEVETEdyNGwyZ1c3Z0xHdjd1ZmFpa0ltODhLRHNjClFrbjlLdmhwYU1EdHloajN3NnZNdHQ4T3R2MjRIc2dibFo1SUtFREN1aU50ajVvUXhoWHY5WEMwM3AxUkFwU0oKY3BRbElnNEtWbE5TWUVHcmYwUTI1aVNYL1NjbnJXWHJUK1luR2pOM0xXdEo3UElNb214b3lWMnpjdFdTVVp4NQpsOXpsYnMwRTNZV0RCWFdXRXkrOThPTitWeFlQSTZSQS9HbHIyUnJTY2M2RHdZMWhPMFpoY0Jnd0lwcXEzbmlhCjVBbWdCY3JNcTB5R0NISVR1UUpUc0pzU3RhWGN3ZURYWTNUa2ZucW5FN0p5TCtONVFlc0gwakdIeEZ0aTFTRlUKdWRsNmFYbFFDVVo0T0ZYeE1VSkp3cGNTRlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: ldap-ca + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-ldap-cert.yaml b/rendered/envs/production/ocis/secret-ldap-cert.yaml new file mode 100644 index 0000000..15ad5c0 --- /dev/null +++ b/rendered/envs/production/ocis/secret-ldap-cert.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + ldap.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHakNDQWdLZ0F3SUJBZ0lRVnJvZnVmVWRSR0JBeXVacEQrMTRsREFOQmdrcWhraUc5dzBCQVFzRkFEQVMKTVJBd0RnWURWUVFERXdkc1pHRndMV05oTUI0WERUSTJNRFF3TkRFNE1UWXhOMW9YRFRJM01EUXdOREU0TVRZeApOMW93RGpFTU1Bb0dBMVVFQXhNRGFXUnRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUExOUdMWjBEQW5UMGF5OGpCM0tCS1ZzVDVnVVhGNFpvNGZ5aXZmODJqTlVMQXhWa0I5OWFQMWJiby8wNXMKVjk4Ylk2UjNuMHhqVENxTGRkbXhwdjlwdi9rcVlRb1ZCMnpKZ0NWWVFLK2NvK0dNTGpoUnpBV1FHaG1Lb0RwNwpKb2VBeHVzK0xBbWVyM2ZiWFNpeG4vd3FUaUNrd3QxcHk4cVUyRVc2QnNKRUJJNlovZlZiMWhrQ2oybjJVVE9xCmM4RUdyLzdzTXhoUGdOaE5BQW9NVnFUMCt2Nmk3dWdDRVVtYm0xb3RHTm9NVjZCOVJXbWFBdHZlRlVLSytaYkgKMEVUZHVTRXZYWE40VitsYkMzQlFoWUI4UTFMYjROdlNTaXhudFRRb2R0ZWRiMXdDQlpBeWRkSVNoWkxJZVdMbApOOUxkYWZDTVppQUtuaUxXM251VDRiWlRkUUlEQVFBQm8zQXdiakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEClZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGoKQkJnd0ZvQVVuMDdhU2J4bE1VZW1wc0tuMkhjNWcwaE9KN1V3RGdZRFZSMFJCQWN3QllJRGFXUnRNQTBHQ1NxRwpTSWIzRFFFQkN3VUFBNElCQVFCVHFlaTJXay9VUTl3aEtBbytmcm5NYTBLeURUVFpWTklPMDhHRi9rNWt3MmlXCmZlWGdtakJtTHA2N2NWdEN6MjBsN2REWTBrUHVnNUtTbW5aWHA5VE5tSUVOMDlnOHoyT3Z0eGpHV1hPM2RpUm8KSS83TmNpQWpUbmYyKzIxeXRlazRSUUlucWIzWjZyczg4aVhMeUlKQ2JPdEVyNGRyQTJibjdINk04a29OZ2JLbwpJb014bzlBOEFpdzVrRElzZkNxYXg2NWFJcnNhUy8wbGZ5NTBITHRTU1VaSWs4TFFtM0FtQmVmRnBCVUdHVi9RCnBNSUFlYkVzbmNLKy9lY052dVZDTGNLVFIrWE05Q1JCd3NZQzlBc0tNdGFtTFdlMHp6aDV1SUIzTDg2Y1FOTnQKZ2JkNC9YVENpV2xWVGtDNTZEbjFDWlRzRHUzdHYvaSswMVpqcnlTeQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + ldap.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMTlHTFowREFuVDBheThqQjNLQktWc1Q1Z1VYRjRabzRmeWl2Zjgyak5VTEF4VmtCCjk5YVAxYmJvLzA1c1Y5OGJZNlIzbjB4alRDcUxkZG14cHY5cHYva3FZUW9WQjJ6SmdDVllRSytjbytHTUxqaFIKekFXUUdobUtvRHA3Sm9lQXh1cytMQW1lcjNmYlhTaXhuL3dxVGlDa3d0MXB5OHFVMkVXNkJzSkVCSTZaL2ZWYgoxaGtDajJuMlVUT3FjOEVHci83c014aFBnTmhOQUFvTVZxVDArdjZpN3VnQ0VVbWJtMW90R05vTVY2QjlSV21hCkF0dmVGVUtLK1piSDBFVGR1U0V2WFhONFYrbGJDM0JRaFlCOFExTGI0TnZTU2l4bnRUUW9kdGVkYjF3Q0JaQXkKZGRJU2haTEllV0xsTjlMZGFmQ01aaUFLbmlMVzNudVQ0YlpUZFFJREFRQUJBb0lCQUEvMXB2c0c3VGVBVHVMNQpaelkrVVEzUC8vYWtJS1lERm1EZHN2WlNIUTRFMW4vQmloSWVuV2VPNE1KenRXWER1RlJrYlMzRnZTVkprMWFWClVRa1FjSi93RWVDZVpqKzB0dmhYeXFPOThta01FQXp1SnQ1ZDZ2SWN3V3ViR3Jhd1MxcHFiam5EZGZQYVI1YU4Kb0tIVnJ5czByc2RBcUdDWURDQXJ4OWVJSEkrTXhoa2pvZlVaeW5EdnZ6ZFRwekR4eVRjT0FMTmQ4b3RqZVR4VApLam5QZjRhQm9WVlJmQ25zeDN4dEdONnhQTUJ4K2Z6Ynp0OCtwaDZyOVRHeFZ0VkRUK1E4ajlpV0RCME11WDBGCkZCVE40MDNJN0h6VXpaamxVbDdPYXFtR3dGMDBkY2o1UVNtenA4NTFTdjltamRidWI4b0xhMVJWYVpndUNTaGwKNkF2ZW9HRUNnWUVBOFlabDBJVk4yNVJsdGQzRnZiK2dYcXVHTjdZSDZLTkdMeThnYlVNOHd3RlU1QXRDaHdpNApJUTcrWkVhaDBtZC9ROWNJN1p3RWx3N2cxTWZremJEZHBrS205bExEQXhtRlhoS08xVXlRcnlObjQ1UHUrSDhWCmt3UHd1UUFMWldrZHF5V09ub2xtM21kMlh6b3BKcDN3TG8vNGRhR3d3SFp6c2paamxBNkpmK2NDZ1lFQTVNQysKdGJROWh1NTZKTnpzV3RiUDZlVlRoK0JGN1MwSlN6WkV6bnJ1MS94NXY3U1hTYi9WbTk1WjBIc2tHVG5QaVowNwpTZ2hRUm1mamFMdHpKMVFITC9iMTZIcXpRSmh3MDg0YlVSNUxhVWt4S3VBVm9OM0lPaVhGRnlYQm81TGduekFDClpRZWh6bFV6SjFSeEZGbFh1S0ZDR0UwNlBRTmNsYWMycDcva0ZrTUNnWUVBalBUSzV1OWxpUWtLY3lHRERrS1AKN2JCZEhKWjM5eVdUQ0dhUW5qUG5la2VFcTdLR21SaFZuYldLY2l0bXRjMEJVUzVtWDRYMmg5Si9GSyswc1BiUAo1UUJ4UU1EOFh3cTk4ekVSZXhxOE5mcUwzeDJ2RWdmWkozdmRPWnIxQzdKVlJsVWM3eGx4bDhyNklvbG5Dc3FTCktocUwvdHJtdE94c2lVMkV3QnZiMDNFQ2dZRUFweGtJOW5Cb05XV0V3ZUxEb0lPa013WTY0MWwzbXc0MzZNSUcKdHhIajROQmtHeDZQR09kUjRWOG1HbjJwVytmMzYxMTRqdGJOMVBCVWxRL0F5V3kvSjFGdVJsbERFWitKWTU3KwpJMTVPMWVVS1RuaU1OQXR1Rk5POFNmRmhwdHhHeXVIbURlanFVRys2UXpPU3VydWNzWmpTVURBeHA1b0tDcU92CjhBL2pURU1DZ1lBd1hWOHQ2RWpTaFZINEJZL01BTTdkNk96NlVMWXBHbzlzT05EdDV3bUc0MDdoMVczRkpsNkIKOERoV0NVWEdQRUN2T1ZBMnhXTDJlVFFZWUxWY3BQYk0wNGZnT2pLNjFocVpHY2pxUWcyT0Z3emUrdXAzY2ttYQpTQXdQcE9LWGRETWE5VWFrVUQ3UTk0VVRlbDJZeU0yeTVSdXZWRk5iOURVd25TWVJxZm9BeEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: ldap-cert + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-machine-auth-api-key.yaml b/rendered/envs/production/ocis/secret-machine-auth-api-key.yaml new file mode 100644 index 0000000..9a03cb0 --- /dev/null +++ b/rendered/envs/production/ocis/secret-machine-auth-api-key.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + machine-auth-api-key: aEZZMkdWcVVBWWhjejNFRjRQRUNRVXZLbHpzUUpL +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: machine-auth-api-key + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-service-account-secret.yaml b/rendered/envs/production/ocis/secret-service-account-secret.yaml new file mode 100644 index 0000000..6b5fed7 --- /dev/null +++ b/rendered/envs/production/ocis/secret-service-account-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + service-account-secret: NThMNVYzMnBsUUJ5UlBsZE10aDZuUEJOZnRNTU1W +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: service-account-secret + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-storage-system-jwt-secret.yaml b/rendered/envs/production/ocis/secret-storage-system-jwt-secret.yaml new file mode 100644 index 0000000..64b49b0 --- /dev/null +++ b/rendered/envs/production/ocis/secret-storage-system-jwt-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + storage-system-jwt-secret: TWRKWW0zUFRFS2NwSDI1UFFXN3ZkZGdCdURIUnN6 +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: storage-system-jwt-secret + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-storage-system.yaml b/rendered/envs/production/ocis/secret-storage-system.yaml new file mode 100644 index 0000000..fb0b775 --- /dev/null +++ b/rendered/envs/production/ocis/secret-storage-system.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + api-key: RDhWVTFYblF6cjZHeGF6OHpPZnhHNEYxTHhHQ0ZI + user-id: MDQ1NzJjMGUtZGUxZi00ODZiLWE4YTEtMmYxZjI1NmM1Nzc1 +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: storage-system + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-thumbnails-transfer-secret.yaml b/rendered/envs/production/ocis/secret-thumbnails-transfer-secret.yaml new file mode 100644 index 0000000..939b0a8 --- /dev/null +++ b/rendered/envs/production/ocis/secret-thumbnails-transfer-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + thumbnails-transfer-secret: NGtlWEw4c3BJcm9sZzBiRFpBdWlhbExrMnJKM2N5 +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: thumbnails-transfer-secret + namespace: ocis diff --git a/rendered/envs/production/ocis/secret-transfer-secret.yaml b/rendered/envs/production/ocis/secret-transfer-secret.yaml new file mode 100644 index 0000000..75260fb --- /dev/null +++ b/rendered/envs/production/ocis/secret-transfer-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + transfer-secret: aU0wdXNRM2RIRXNTQXdzeHgxTXNkTnlqamQwV0p3 +kind: Secret +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: null + name: transfer-secret + namespace: ocis diff --git a/rendered/envs/production/ocis/service-activitylog.yaml b/rendered/envs/production/ocis/service-activitylog.yaml new file mode 100644 index 0000000..9be1ffa --- /dev/null +++ b/rendered/envs/production/ocis/service-activitylog.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: activitylog + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: activitylog + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9195 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9197 + protocol: TCP + selector: + app: activitylog diff --git a/rendered/envs/production/ocis/service-appregistry.yaml b/rendered/envs/production/ocis/service-appregistry.yaml new file mode 100644 index 0000000..bc3ea98 --- /dev/null +++ b/rendered/envs/production/ocis/service-appregistry.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: appregistry + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: appregistry + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9242 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9243 + protocol: TCP + selector: + app: appregistry diff --git a/rendered/envs/production/ocis/service-audit.yaml b/rendered/envs/production/ocis/service-audit.yaml new file mode 100644 index 0000000..4ed94d8 --- /dev/null +++ b/rendered/envs/production/ocis/service-audit.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: audit + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: audit + namespace: ocis +spec: + ports: + - appProtocol: http + name: metrics-debug + port: 9229 + protocol: TCP + selector: + app: audit diff --git a/rendered/envs/production/ocis/service-authmachine.yaml b/rendered/envs/production/ocis/service-authmachine.yaml new file mode 100644 index 0000000..ba57b2f --- /dev/null +++ b/rendered/envs/production/ocis/service-authmachine.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: authmachine + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: authmachine + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9166 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9167 + protocol: TCP + selector: + app: authmachine diff --git a/rendered/envs/production/ocis/service-authservice.yaml b/rendered/envs/production/ocis/service-authservice.yaml new file mode 100644 index 0000000..256d6c6 --- /dev/null +++ b/rendered/envs/production/ocis/service-authservice.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: authservice + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: authservice + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9616 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9617 + protocol: TCP + selector: + app: authservice diff --git a/rendered/envs/production/ocis/service-clientlog.yaml b/rendered/envs/production/ocis/service-clientlog.yaml new file mode 100644 index 0000000..5c18234 --- /dev/null +++ b/rendered/envs/production/ocis/service-clientlog.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: clientlog + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: clientlog + namespace: ocis +spec: + ports: + - appProtocol: http + name: metrics-debug + port: 9260 + protocol: TCP + selector: + app: clientlog diff --git a/rendered/envs/production/ocis/service-eventhistory.yaml b/rendered/envs/production/ocis/service-eventhistory.yaml new file mode 100644 index 0000000..4553093 --- /dev/null +++ b/rendered/envs/production/ocis/service-eventhistory.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: eventhistory + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: eventhistory + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 8080 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9270 + protocol: TCP + selector: + app: eventhistory diff --git a/rendered/envs/production/ocis/service-frontend.yaml b/rendered/envs/production/ocis/service-frontend.yaml new file mode 100644 index 0000000..876b170 --- /dev/null +++ b/rendered/envs/production/ocis/service-frontend.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: frontend + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: frontend + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9140 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9141 + protocol: TCP + selector: + app: frontend diff --git a/rendered/envs/production/ocis/service-gateway.yaml b/rendered/envs/production/ocis/service-gateway.yaml new file mode 100644 index 0000000..d664de5 --- /dev/null +++ b/rendered/envs/production/ocis/service-gateway.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: gateway + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: gateway + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9142 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9143 + protocol: TCP + selector: + app: gateway diff --git a/rendered/envs/production/ocis/service-graph.yaml b/rendered/envs/production/ocis/service-graph.yaml new file mode 100644 index 0000000..64e50e0 --- /dev/null +++ b/rendered/envs/production/ocis/service-graph.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: graph + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: graph + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9120 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9124 + protocol: TCP + selector: + app: graph diff --git a/rendered/envs/production/ocis/service-groups.yaml b/rendered/envs/production/ocis/service-groups.yaml new file mode 100644 index 0000000..1d0f2f7 --- /dev/null +++ b/rendered/envs/production/ocis/service-groups.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: groups + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: groups + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9160 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9161 + protocol: TCP + selector: + app: groups diff --git a/rendered/envs/production/ocis/service-idm.yaml b/rendered/envs/production/ocis/service-idm.yaml new file mode 100644 index 0000000..44277f1 --- /dev/null +++ b/rendered/envs/production/ocis/service-idm.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: idm + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: idm + namespace: ocis +spec: + ports: + - appProtocol: tcp + name: ldaps + port: 9235 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9239 + protocol: TCP + selector: + app: idm diff --git a/rendered/envs/production/ocis/service-idp.yaml b/rendered/envs/production/ocis/service-idp.yaml new file mode 100644 index 0000000..d62dfe4 --- /dev/null +++ b/rendered/envs/production/ocis/service-idp.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: idp + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: idp + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9130 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9134 + protocol: TCP + selector: + app: idp diff --git a/rendered/envs/production/ocis/service-nats.yaml b/rendered/envs/production/ocis/service-nats.yaml new file mode 100644 index 0000000..18f69ca --- /dev/null +++ b/rendered/envs/production/ocis/service-nats.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: nats + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: nats + namespace: ocis +spec: + ports: + - appProtocol: tcp + name: nats + port: 9233 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9234 + protocol: TCP + selector: + app: nats diff --git a/rendered/envs/production/ocis/service-ocdav.yaml b/rendered/envs/production/ocis/service-ocdav.yaml new file mode 100644 index 0000000..85e4b98 --- /dev/null +++ b/rendered/envs/production/ocis/service-ocdav.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: ocdav + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: ocdav + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 8080 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9163 + protocol: TCP + selector: + app: ocdav diff --git a/rendered/envs/production/ocis/service-ocs.yaml b/rendered/envs/production/ocis/service-ocs.yaml new file mode 100644 index 0000000..9416bf1 --- /dev/null +++ b/rendered/envs/production/ocis/service-ocs.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: ocs + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: ocs + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9110 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9114 + protocol: TCP + selector: + app: ocs diff --git a/rendered/envs/production/ocis/service-postprocessing.yaml b/rendered/envs/production/ocis/service-postprocessing.yaml new file mode 100644 index 0000000..dee7060 --- /dev/null +++ b/rendered/envs/production/ocis/service-postprocessing.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: postprocessing + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: postprocessing + namespace: ocis +spec: + ports: + - appProtocol: http + name: metrics-debug + port: 9255 + protocol: TCP + selector: + app: postprocessing diff --git a/rendered/envs/production/ocis/service-proxy.yaml b/rendered/envs/production/ocis/service-proxy.yaml new file mode 100644 index 0000000..3bf58d3 --- /dev/null +++ b/rendered/envs/production/ocis/service-proxy.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: proxy + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: proxy + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9200 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9205 + protocol: TCP + selector: + app: proxy diff --git a/rendered/envs/production/ocis/service-search.yaml b/rendered/envs/production/ocis/service-search.yaml new file mode 100644 index 0000000..14a44de --- /dev/null +++ b/rendered/envs/production/ocis/service-search.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: search + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: search + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9220 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9224 + protocol: TCP + selector: + app: search diff --git a/rendered/envs/production/ocis/service-settings.yaml b/rendered/envs/production/ocis/service-settings.yaml new file mode 100644 index 0000000..627cde0 --- /dev/null +++ b/rendered/envs/production/ocis/service-settings.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: settings + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: settings + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9191 + protocol: TCP + - appProtocol: http + name: http + port: 9190 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9194 + protocol: TCP + selector: + app: settings diff --git a/rendered/envs/production/ocis/service-sharing.yaml b/rendered/envs/production/ocis/service-sharing.yaml new file mode 100644 index 0000000..03a4402 --- /dev/null +++ b/rendered/envs/production/ocis/service-sharing.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: sharing + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: sharing + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9150 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9151 + protocol: TCP + selector: + app: sharing diff --git a/rendered/envs/production/ocis/service-sse.yaml b/rendered/envs/production/ocis/service-sse.yaml new file mode 100644 index 0000000..3bf03f6 --- /dev/null +++ b/rendered/envs/production/ocis/service-sse.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: sse + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: sse + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9939 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9135 + protocol: TCP + selector: + app: sse diff --git a/rendered/envs/production/ocis/service-storagepubliclink.yaml b/rendered/envs/production/ocis/service-storagepubliclink.yaml new file mode 100644 index 0000000..a526355 --- /dev/null +++ b/rendered/envs/production/ocis/service-storagepubliclink.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: storagepubliclink + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: storagepubliclink + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9178 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9179 + protocol: TCP + selector: + app: storagepubliclink diff --git a/rendered/envs/production/ocis/service-storageshares.yaml b/rendered/envs/production/ocis/service-storageshares.yaml new file mode 100644 index 0000000..3197ce9 --- /dev/null +++ b/rendered/envs/production/ocis/service-storageshares.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: storageshares + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: storageshares + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9154 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9156 + protocol: TCP + selector: + app: storageshares diff --git a/rendered/envs/production/ocis/service-storagesystem.yaml b/rendered/envs/production/ocis/service-storagesystem.yaml new file mode 100644 index 0000000..3ba201d --- /dev/null +++ b/rendered/envs/production/ocis/service-storagesystem.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: storagesystem + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: storagesystem + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9215 + protocol: TCP + - appProtocol: http + name: http + port: 9216 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9217 + protocol: TCP + selector: + app: storagesystem diff --git a/rendered/envs/production/ocis/service-storageusers.yaml b/rendered/envs/production/ocis/service-storageusers.yaml new file mode 100644 index 0000000..7c07ad6 --- /dev/null +++ b/rendered/envs/production/ocis/service-storageusers.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: storageusers + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: storageusers + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9157 + protocol: TCP + - appProtocol: http + name: http + port: 9158 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9159 + protocol: TCP + selector: + app: storageusers diff --git a/rendered/envs/production/ocis/service-thumbnails.yaml b/rendered/envs/production/ocis/service-thumbnails.yaml new file mode 100644 index 0000000..460a84b --- /dev/null +++ b/rendered/envs/production/ocis/service-thumbnails.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: thumbnails + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: thumbnails + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9185 + protocol: TCP + - appProtocol: http + name: http + port: 9186 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9189 + protocol: TCP + selector: + app: thumbnails diff --git a/rendered/envs/production/ocis/service-userlog.yaml b/rendered/envs/production/ocis/service-userlog.yaml new file mode 100644 index 0000000..425f643 --- /dev/null +++ b/rendered/envs/production/ocis/service-userlog.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: userlog + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: userlog + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 8080 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9210 + protocol: TCP + selector: + app: userlog diff --git a/rendered/envs/production/ocis/service-users.yaml b/rendered/envs/production/ocis/service-users.yaml new file mode 100644 index 0000000..41db71c --- /dev/null +++ b/rendered/envs/production/ocis/service-users.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: users + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: users + namespace: ocis +spec: + ports: + - appProtocol: grpc + name: grpc + port: 9144 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9145 + protocol: TCP + selector: + app: users diff --git a/rendered/envs/production/ocis/service-web.yaml b/rendered/envs/production/ocis/service-web.yaml new file mode 100644 index 0000000..3392754 --- /dev/null +++ b/rendered/envs/production/ocis/service-web.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: web + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: web + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9100 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9104 + protocol: TCP + selector: + app: web diff --git a/rendered/envs/production/ocis/service-webdav.yaml b/rendered/envs/production/ocis/service-webdav.yaml new file mode 100644 index 0000000..b669c14 --- /dev/null +++ b/rendered/envs/production/ocis/service-webdav.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: webdav + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: webdav + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 9115 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 9119 + protocol: TCP + selector: + app: webdav diff --git a/rendered/envs/production/ocis/service-webfinger.yaml b/rendered/envs/production/ocis/service-webfinger.yaml new file mode 100644 index 0000000..75a81f9 --- /dev/null +++ b/rendered/envs/production/ocis/service-webfinger.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git + labels: + app: webfinger + app.kubernetes.io/instance: ocis + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ocis + app.kubernetes.io/version: 7.1.4 + helm.sh/chart: ocis-0.7.0 + ocis-metrics: enabled + name: webfinger + namespace: ocis +spec: + ports: + - appProtocol: http + name: http + port: 8080 + protocol: TCP + - appProtocol: http + name: metrics-debug + port: 8081 + protocol: TCP + selector: + app: webfinger diff --git a/rendered/envs/production/nextcloud/serviceaccount-nextcloud-secret-init.yaml b/rendered/envs/production/ocis/serviceaccount-ocis-secret-init.yaml similarity index 73% rename from rendered/envs/production/nextcloud/serviceaccount-nextcloud-secret-init.yaml rename to rendered/envs/production/ocis/serviceaccount-ocis-secret-init.yaml index f713d4a..f623792 100644 --- a/rendered/envs/production/nextcloud/serviceaccount-nextcloud-secret-init.yaml +++ b/rendered/envs/production/ocis/serviceaccount-ocis-secret-init.yaml @@ -3,5 +3,5 @@ kind: ServiceAccount metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git - name: nextcloud-secret-init - namespace: nextcloud + name: ocis-secret-init + namespace: ocis