admin/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update k8s manifests

Browse Source
This commit is contained in:
ansible 2026-03-10 13:09:03 +08:00
parent 5d97f34957
commit 03df49793f
5 changed files with 58 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
k8s/flux/gotk-sync.yaml
View File

@ -6,7 +6,7 @@ metadata:
namespace: flux-system namespace: flux-system
spec: spec:
interval: 5m interval: 5m
url: https://gitea.n0ball.tw/admin/infra.git url: http://192.168.51.203/admin/infra.git
ref: ref:
branch: main branch: main
secretRef: secretRef:
@ -31,6 +31,25 @@ spec:
--- ---
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata:
name: infrastructure-config
namespace: flux-system
spec:
interval: 5m
path: ./k8s/infrastructure-config
prune: true
dependsOn:
- name: infrastructure
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata: metadata:
name: pg-init name: pg-init
namespace: flux-system namespace: flux-system
@ -59,6 +78,7 @@ spec:
prune: true prune: true
dependsOn: dependsOn:
- name: infrastructure - name: infrastructure
- name: infrastructure-config
- name: pg-init - name: pg-init
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository

19
k8s/infrastructure-config/cert-manager/clusterissuer.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: n0ball-tw-issuer
spec:
acme:
server: https://acme-v2.api.letsencrypt.org/directory
email: admin@n0ball.tw
privateKeySecretRef:
name: letsencrypt-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token
key: api-token
selector:
dnsZones:
- "n0ball.tw"

13
k8s/infrastructure-config/cert-manager/wildcard-cert.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: n0ball-tw-wildcard
namespace: kube-system
spec:
secretName: n0ball-tw-tls
issuerRef:
name: n0ball-tw-issuer
kind: ClusterIssuer
dnsNames:
- "*.n0ball.tw"
- "n0ball.tw"

5
k8s/infrastructure-config/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cert-manager/clusterissuer.yaml
- cert-manager/wildcard-cert.yaml

2
k8s/infrastructure/kustomization.yaml
View File

@ -4,8 +4,6 @@ resources:
- helmrepositories.yaml - helmrepositories.yaml
- longhorn/helmrelease.yaml - longhorn/helmrelease.yaml
- cert-manager/helmrelease.yaml - cert-manager/helmrelease.yaml
- cert-manager/clusterissuer.yaml
- cert-manager/wildcard-cert.yaml
- observability - observability
- openldap/helmrelease.yaml - openldap/helmrelease.yaml
- keycloak/helmrelease.yaml - keycloak/helmrelease.yaml