amkartashov/gf-k8s
1
0
Fork 0
mirror of https://github.com/amkartashov/gf-k8s.git synced 2026-01-11 09:59:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove oauth2-proxy, sealed-secrets, minecraft

Browse source
This commit is contained in:
Andrey Kartashov 2022-02-18 19:02:45 +07:00
parent 3b6c0f428c
commit 5d5a5801ea
14 changed files with 0 additions and 360 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apps/minecraft/Chart.yaml
View file

@ -1,3 +0,0 @@
name: minecraft
version: 1.0

4
apps/minecraft/requirements.yaml
View file

@ -1,4 +0,0 @@
dependencies:
- name: minecraft
version: 2.0.7
repository: 'https://itzg.github.io/minecraft-server-charts/'

11
apps/minecraft/templates/volume.yaml
View file

@ -1,11 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: minecraft
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/minecraft

12
apps/minecraft/templates/volumeclaim.yaml
View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minecraft
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
volumeName: minecraft

14
apps/minecraft/values.yaml
View file

@ -1,14 +0,0 @@
minecraft:
minecraftServer:
eula: "TRUE"
pvp: true
onlineMode: false
serviceType: NodePort
rcon:
enabled: true
password: "CHANGE_IN_ARGOCD"
serviceType: NodePort
persistence:
dataDir:
enabled: true
existingClaim: minecraft

2
apps/system/oauth2-proxy/.gitignore vendored
View file

@ -1,2 +0,0 @@
requirements.lock
charts/

1
apps/system/oauth2-proxy/Chart.yaml
View file

@ -1 +0,0 @@
name: oauth2-proxy

4
apps/system/oauth2-proxy/requirements.yaml
View file

@ -1,4 +0,0 @@
dependencies:
- name: oauth2-proxy
version: '3.2.3'
repository: '@stable'

27
apps/system/oauth2-proxy/values.yaml
View file

@ -1,27 +0,0 @@
oauth2-proxy:
config:
existingSecret: oauth2-proxy
configFile: |-
email_domains = []
upstreams = [ "file:///dev/null" ]
extraArgs:
provider: github
cookie-domain: .gorilych.ru
whitelist-domain: .gorilych.ru
set-xauthrequest: true
authenticatedEmailsFile:
enabled: true
restricted_access: |-
gorilych@gmail.com
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
hosts:
- oauth2.gorilych.ru
tls:
- hosts:
- oauth2.gorilych.ru
secretName: oauth2-gorilych-ru-tls

222
apps/system/sealed-secrets/controller.yaml
View file

@ -1,222 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
minReadySeconds: 30
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: sealed-secrets-controller
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
spec:
containers:
- args: []
command:
- controller
env: []
image: quay.io/bitnami/sealed-secrets-controller:v0.9.2
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: http
name: sealed-secrets-controller
ports:
- containerPort: 8080
name: http
readinessProbe:
httpGet:
path: /healthz
port: http
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
stdin: false
tty: false
volumeMounts:
- mountPath: /tmp
name: tmp
imagePullSecrets: []
initContainers: []
serviceAccountName: sealed-secrets-controller
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: tmp
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: sealedsecrets.bitnami.com
spec:
group: bitnami.com
names:
kind: SealedSecret
listKind: SealedSecretList
plural: sealedsecrets
singular: sealedsecret
scope: Namespaced
version: v1alpha1
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
ports:
- port: 8080
targetPort: 8080
selector:
name: sealed-secrets-controller
type: ClusterIP
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-service-proxier
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
rules:
- apiGroups:
- ""
resourceNames:
- 'http:sealed-secrets-controller:'
- sealed-secrets-controller
resources:
- services/proxy
verbs:
- create
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-key-admin
name: sealed-secrets-key-admin
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-key-admin
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secrets-unsealer
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
annotations: {}
labels:
name: secrets-unsealer
name: secrets-unsealer
rules:
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

11
apps/system/sealed-secrets/kustomization.yaml
View file

@ -1,11 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: sealedsecrets
commonLabels:
app.kubernetes.io/name: sealedsecrets
app.kubernetes.io/version: 0.9.2
app.kubernetes.io/managed-by: argocd
resources:
- namespace.yaml
# from https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.9.2/controller.yaml
- controller.yaml

4
apps/system/sealed-secrets/namespace.yaml
View file

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: sealedsecrets

19
main/apps/minecraft.yaml
View file

@ -1,19 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: minecraft
namespace: argocd
spec:
destination:
namespace: minecraft
server: https://kubernetes.default.svc
project: default
source:
path: apps/minecraft
repoURL: git@github.com:amkartashov/gf-k8s
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true

26
main/apps/oauth2-proxy.yaml
View file

@ -1,26 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: oauth2-proxy
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: oauth2-proxy
server: https://kubernetes.default.svc
project: default
source:
path: apps/system/oauth2-proxy
repoURL: git@github.com:amkartashov/gf-k8s
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true
ignoreDifferences:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
jsonPointers:
- /status