4e48df73d3
Removes the full Nextcloud stack (PostgreSQL/CNPG, Valkey, Caddy) and deploys oCIS at drive.tr1ceracop.de. oCIS is self-contained — no external database or cache needed. Key design decisions: - S3ng storage backend on Hetzner Object Storage (ocis-tr1ceracop) - Chart fetched via vendir git source (not published to a Helm repo) - All secrets generated in-cluster via PreSync init Job (never in git) - Memory requests on all pods to prevent node overcommit - Persistence on local-path for metadata (idm, nats, search, storage) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
18 lines
455 B
YAML
18 lines
455 B
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
annotations:
|
|
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
|
|
argocd.argoproj.io/hook: PreSync
|
|
argocd.argoproj.io/sync-wave: "-2"
|
|
name: ocis-secret-init
|
|
namespace: ocis
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: ocis-secret-init
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: ocis-secret-init
|
|
namespace: ocis
|