279cd0d19f
Extract domain, ingress class, TLS issuer, storage classes, S3 endpoints, backup toggles, and forgejo node selector into env-data values. Each prototype's app-data declares its subdomain alongside namespace; templates compute host as <subdomain>.<cluster.domain>. Schema is shape-only with safe defaults; production env-data sets values explicitly. Backup CronJobs and external-secret prechecks gate on backups.enabled and ocis.s3.external. Adds mkcert ClusterIssuer + precheck Job for local-dev TLS, gated on cluster.tls.issuer == "mkcert". forgejo argocd-deploy-key Job: REPO_URL/FORGEJO_URL moved to container env vars to keep the script ytt-templatable; runtime behavior unchanged. Production render verified byte-identical (excluding the deploy-key Job env-var refactor and chart-volatile UUID ConfigMaps).
54 lines
1,018 B
YAML
54 lines
1,018 B
YAML
#@ load("@ytt:overlay", "overlay")
|
|
|
|
#@data/values
|
|
---
|
|
environment:
|
|
id: production
|
|
applications:
|
|
- proto: argocd
|
|
- proto: traefik
|
|
- proto: cert-manager
|
|
- proto: kubernetes-secret-generator
|
|
- proto: forgejo
|
|
- proto: victoria-metrics-single
|
|
- proto: grafana
|
|
- proto: kube-state-metrics
|
|
- proto: node-exporter
|
|
- proto: hcloud-csi
|
|
- proto: cloudnative-pg
|
|
- proto: metrics-server
|
|
- proto: ocis
|
|
|
|
cluster:
|
|
domain: tr1ceracop.de
|
|
ingress:
|
|
className: traefik
|
|
tls:
|
|
issuer: letsencrypt
|
|
storageClass:
|
|
block: hcloud-volumes
|
|
local: local-path
|
|
|
|
backups:
|
|
enabled: true
|
|
s3:
|
|
endpoint: https://fsn1.your-objectstorage.com
|
|
region: fsn1
|
|
storagebox:
|
|
enabled: true
|
|
|
|
ocis:
|
|
s3:
|
|
external: true
|
|
endpoint: https://nbg1.your-objectstorage.com
|
|
region: nbg1
|
|
bucket: ocis-tr1ceracop
|
|
|
|
forgejo:
|
|
sshPort: 222
|
|
#@overlay/replace
|
|
nodeSelector:
|
|
kubernetes.io/hostname: ubuntu-4gb-nbg1-3
|
|
backup:
|
|
s3Bucket: k8s-and-chill-backups
|