Refactor Gitea,Guacamole,Vaultwarden
This commit is contained in:
parent
998c6e888e
commit
6780322b44
@ -1,129 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: bitwarden
|
||||
spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
name: ui
|
||||
port: 8080
|
||||
- protocol: TCP
|
||||
name: websocket
|
||||
port: 3012
|
||||
selector:
|
||||
app: bitwarden
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bitwarden
|
||||
labels:
|
||||
app: bitwarden
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bitwarden
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bitwarden
|
||||
spec:
|
||||
serviceAccountName: bitwarden
|
||||
containers:
|
||||
- name: bitwarden
|
||||
image: bv11-cr01.bessems.eu/proxy/vaultwarden/server
|
||||
env:
|
||||
- name: ENABLE_DB_WAL
|
||||
value: "false"
|
||||
- name: ROCKET_PORT
|
||||
value: "8080"
|
||||
- name: SIGNUPS_ALLOWED
|
||||
value: "false"
|
||||
- name: WEBSOCKET_ENABLED
|
||||
value: "true"
|
||||
- name: WEBSOCKET_PORT
|
||||
value: "3012"
|
||||
- name: LOG_LEVEL
|
||||
value: "debug"
|
||||
- name: EXTENDED_LOGGING
|
||||
value: "true"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: bitwarden-secret
|
||||
ports:
|
||||
- name: ui
|
||||
containerPort: 8080
|
||||
- name: websocket
|
||||
containerPort: 3012
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: flexvolsmb-bitwarden-data
|
||||
volumes:
|
||||
- name: flexvolsmb-bitwarden-data
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-bitwarden-data
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: bitwarden
|
||||
labels:
|
||||
app: bitwarden
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: bitwarden
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`vault.spamasaurus.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: bitwarden
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
- match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: bitwarden
|
||||
port: 3012
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-bitwarden-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-bitwarden-data
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: smb-secret
|
||||
options:
|
||||
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
|
||||
server: 192.168.11.225
|
||||
share: /K3s.Volumes/bitwarden/data
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-bitwarden-data
|
||||
namespace: default
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-bitwarden-data
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,27 +0,0 @@
|
||||
{
|
||||
"kind": "SealedSecret",
|
||||
"apiVersion": "bitnami.com/v1alpha1",
|
||||
"metadata": {
|
||||
"name": "bitwarden-secret",
|
||||
"namespace": "default",
|
||||
"creationTimestamp": null
|
||||
},
|
||||
"spec": {
|
||||
"template": {
|
||||
"metadata": {
|
||||
"name": "bitwarden-secret",
|
||||
"namespace": "default",
|
||||
"creationTimestamp": null,
|
||||
"labels": {
|
||||
"app": "bitwarden"
|
||||
}
|
||||
},
|
||||
"data": null
|
||||
},
|
||||
"encryptedData": {
|
||||
"ADMIN_TOKEN": "AgBOegUE4Q0kKaTcDUrOlexTGqCECq5lV74ScLu4Qc+AsBPjsJDd/L/OADtg3rY7KOt+kaqNH+wop5PY540h8aB1CDSqRLtdqO2GmJT98muPJpOwPC6ynbW2Z1w9p6ptY1U41MqlPh0yiKyoIMwdrRBM0U+I23O8OkhNQNNA+Y98/SCEuCXIHgPZ+wwN6v8GgEh3ISrATdqcahPSr63BNHEw+alAevYJNd+b2K+zW2EjeS6+5cBe5zqtv16CEAt3o62j6kYD2ylox6UOoBXDRHkf3mINX/mBu/WUB9KHa/WvpX1toJ4orb6wWaZFNohw3/grMFnCov5Hmk2WkEUkhy6sjblyz7eUhmL8zXfJjqB4b0ekn/QkKJL5qp0lSHVKgHXPo+pu1l+Kh9RlqkLXwvbbH1HTYUEzvIN6+fwNkFz2g+IEqDhOGAhQHbBg13Q0+Qk/r9qdsrUQCDQLRxTH/qC7EKygFkvd23Tl4a/x7h++mgMCkDkceghtQXmJCxk/AjrjUAKaEGEFJDpPkW6EroJeZfgN2SUcfWymKULQw9TLhpts6EN0eOBK/pwV4pMeA7DD8XdJ7YkPRM4lzhNuHDgxwvPOt+i3RtVbKjpYoodsmZtFUm81Bi5VH+o3xxvlVKTKT4uGgUft1XbrtimR760eTMtabiSkQp9GIC/BhhuBCNZH9L5km+2d6TVHjumg7Pdz4EHQaDp1IHPNAnU1qaQzCPK9906645Jg0EUr8w7sR4wsoEtewKrTDEe0xhTCOIU=",
|
||||
"YUBICO_CLIENT_ID": "AgCjzixOtJ3R6p25k+beRevZyRVB6gNVOzNd2nmIdHRqFkgWujZfFOPkwwV7RR2QgtdOAO0x48fF7oCHmbBz5gUIp62okLjZBNoeP5ekT1MyGxtda1Ce7DmceCn9I73sqSVRnave+7h0UjQHZ7da7Qw03GGrjNp9hNk6jPb5Y8KhHemfghqotUys5EflX4XOTsvz1pZOdzCySYvfSnitAWkRwHcBTsufryq6bbu743M0hQ0TVLOvTXFTV6v9HkzmVqBw8NQJlQiAItVzoN9c1wg81419SFYs5QqQZdqu7RjIY0SdsjLwjJCTJM3KoRHtTQNacbXFDT8TR2iFi6qf4E2/GISNbEZg8I3epgMvTtej/kNUMuCT1t93FvxwILOH5qWM4qG+ZogNrti4iIGw1GmTx/4YJapgRPSbSRH+h2HjXKfoiCGHVLOSHs9AOjJCsKj91fBoo+54qP+33muGHy/WFrWDBKI448EPWTUbTK6Mzt8aWcownVapXhCxhv1A/siuRr++bYiuueC1jnW5LK4xSNkGRK0fNB0yjBZJoyvlOfJbMLamk7aqGeygPQ/8MUIQ9tWLGti8VMuFjeuliUsxH+7BlHu74jNQCdQpXegH2eOj9kr1JlIzAVho1h+u/33jtFkwnoF1oX8npT2IfrZSOnkeX0klTjFbkpNBEUN7OehItO5Cxz2WDJ9DQs76E4sc1YsfLA==",
|
||||
"YUBICO_SECRET_KEY": "AgDGnO3bkS2HuzBWvdyirs61iW2uV3qvdiEiEyOFrOvKBlxpJrjSgMUCAOjDeux4l/2QlovNLRxGoj6ti34ZhA4PAWjVWVdKNac3WB0pW3S1kVdLSQSc/rwi6ICHiz4wSuR+oYA4Uz/paewH7Y7KfsN7KF2aKCGADm3mMaw7ptYkMdUqNgJvsAFizjFATd8wV3KmAJAZlIgtULY83/2MC0Qn7wS9ySymks3cae+LtirUcWDMGFvJ/7KlyQyeMHdT+EOalM5uovoW/VI9sDanGHXnbn/ikDWmmmCOs6QkYh0aOb/OghJ5zj6kRG/rdfGN0UqZrgFzYAJ7ozwnqkABFdCs+J531HRg38CEvgXOUXEIJ2e2rsYzVccJUDD8hFCHpaShxAghccSEAptkXzI0mgtWe9sYnPfC5gQ/dlo/vIWbsEMOAIDl6poe+Dc7ZvwqQGIemLTm51lc99ocM9Ej/RChvTGS3iXeJAfD+43kfcAZl67nLEsh2GtE56EipA/uGwkFDvQZ7zPWaic/WzcsE5aEdkWUHSgGxLHsHAMb/zQySEIUyGj0ohMyvFE3cSdwRguzFFyqAbsgpQ4Pz28uSgCNNx7xe7wlO2QwHTpVL3cRiM1dnZIuTISFIF61RUoQbCOxnmbxyzMsk4+1Cv+DH9pgBtSDD4lGhb/2XM6o9/WWWRNrTsHnXJgtinq4jclJQ8RIVihiLWPEPbCvYEjJuMxtd+5jUMp6NKH5CHUq"
|
||||
}
|
||||
}
|
||||
}
|
@ -17,7 +17,8 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: gitea
|
||||
image: bv11-cr01.bessems.eu/proxy/gitea/gitea:1.19
|
||||
# image: bv11-cr01.bessems.eu/proxy/gitea/gitea:1.19
|
||||
image: gitea/gitea:1.19
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: DB_TYPE
|
||||
|
@ -12,6 +12,6 @@ spec:
|
||||
services:
|
||||
- name: gitea
|
||||
port: 3000
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# middlewares:
|
||||
# - name: security-headers@file
|
||||
# - name: compression@file
|
||||
|
@ -11,10 +11,10 @@ spec:
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: smb-secret
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
|
||||
server: 192.168.11.225
|
||||
opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/gitea/data
|
||||
---
|
||||
apiVersion: v1
|
||||
@ -30,8 +30,8 @@ spec:
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: smb-secret
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: domain=bessems.eu,file_mode=0600,dir_mode=0600,iocharset=utf8
|
||||
server: 192.168.11.225
|
||||
opts: file_mode=0600,dir_mode=0600,iocharset=utf8
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/gitea/ssh
|
||||
|
@ -1,18 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-secret
|
||||
namespace: gitea
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgA2RNwf1Lv5KZQ3QrzNpwN0Bi1reMjEdeE6W+H86DGmHebic3yayuucntVBn3JFzBAd0yzFuAjpWSiJRhUiXDSz3Z+QvBiokXTYD14BQ2zTI11H0K3q3lbz9GWhZ7947rViRNIqjKDppZ2DHm+HbLpf5TnYVAqT2JBRoZYku0kDQ/xEDlLxOQ4l+ZCmJY1LGfxMrwo/pWcng1UdbiEF/zkeyAe+18fgrfDkG/kbeFKpX0TpO0fDvWxYt/QoQa2Ei5YNLCHHrZQz+y3MTrPpLdPkVK1ooBFxVNfVjdWbhHHlCbEAoPMcG1+TxOE4o9s8h0AgHUYTr992Cw0k4md3iHuRg7PeObweaa57LDASMLDfTymW8UFmDvpsurV/sB9CrBtmGE5vJzZ06NOU7UKqjWCjpWZ5uL1JUM54IgqJIqgWbmboM0NpLrinDLg/qvVKnndLzhgRGudFdqPzde/UqXebFd8BdFCnmXus/xPESOvl8gw7ucpVUHwJb8kFBTesMkYClDrGPHxLAqDQ3EkCEINxIGBZz6ycMirKYvsXPyB45/y/gGcbetgerWJ2j6nyjP3GtMpVuvw28oZW+lLRscSEoXd0fAgaKM83dJqfI025CKSYnY4ckpSiOvHr5xUs8o70PHCB8zHbeY1nhdzuc3qyCMP47tQOzqorz4YVqx8S3UwpbSU6wxXfXeJ2gZG6BwPgf/CRCdfjRcfGTHsico/o
|
||||
username: AgBHQNeci3xoZ4ePihMM/EXK06kaUbrstRWqFJM67AnZuw66f8mAZWDYqpF8QynmaxwhyoTsS5vagFBh8KlfpNEVhl30w73+vb8j/xeq/32+d9ae++6q2CcbLAvn9Ezv6Y0PV3REbrlY5eGCMrc9AOIXZfNucZNcfZEbM547IEpxYTfmZLO7pwG0/c18IP6v/Lz2IdP80jkFK6yt0c7/x68v00UMDJ73RkpP0oKToQgAfmJrdXQTUfyA187Jr37umvnJW5gy5VPWaMzJ2B+sonkEGTCWWTji+P3dfBrHYa/kCYJwJqLoAuBbbkG3/NpbrdCnc35oOdmQOWVPj8fJdMDHE57F2dgWq3bnp23X05TDRaeSFSu24XDN2FWA/60jIE0ElX+e9oGgGainWEvOV9ekY6UZFhk1RzurvcUUGa9cilTiMtlnkLVWlLCEuI9tbwDVx2/bvAWuvmuwtyJhsl2cbu6ZHKMa+WF3K+Obrw4gWDHW+bmskw50fCZoQ0FK0b7Kdb+3qi5kBWaL006mXqJGHLnlNi2UA6F8SUPMcYYa34mv+IskBNrC/evxeaJ/3mC/sw3mBMwIOOzHWX/gMQRaghXZMks9X5ICpWodNPkizREy7Gc2yGnsHBX/FDhLmcCP2qzZ/352lQc0a5PKz2ZSYslULqjtbLUMqR/Td3ed017R7JSkbGNZeFYNO7was979jDRRuZA=
|
||||
template:
|
||||
data: null
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-secret
|
||||
namespace: gitea
|
||||
type: mount/smb
|
||||
|
16
services/Gitea/sealedsecret-flexvolsmb-credentials.yaml
Normal file
16
services/Gitea/sealedsecret-flexvolsmb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: gitea
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgBXexS/ciX+5APi07J2Y/UtRfRlI+EIls9TAabPnVaRWjeAUVzTlJ9duv491QalcLEZaDzu4jWCXhcYJqLVax+FFJJxaewPYfingS/Foaw03p6tE70CF3Dddeu0oNK2jwldDHL5/NHvH1o5QF7WgMu9gdrYPnUEwJ5vAInf7FOn+K35ewomAN5BBV23a3faohRGMYNms/JdNip456GSiVqKXbUL04eSvqKHhxgwqdLHD7mijV2a2GGmC9QQ886NKh+EDTsqg6skTQ7oEMejAQQOt6LyTr8OP2Phy6kkD++MTkSH5y6z9UJE4214WVE1Evhse94q9leS5pi/DD1s9xFXVXOGBScYOqrzm6dFjVaRrL4688ALcOykN92iIQJtPbBU9zV2mI1WwKet000AyJU5sr7yzl+d7dFOULPdkF5Wtuf0oAK6z6JLCmVZSPvrimKzsPNpuT1ziDaay/XBONU9KyjQG1Jf28THiXJni0/K8vEfjB/pp7010vBI+cW/c/zhi9dfzT1z0fVkA4tl4yjelRCEtFwj5b5qKPNrLjmcU5FPeIK+mv6iRW15Rn/cxK60vn61bHHI6NW+ozRuYJbknPd7AO5utjTntzAOZErLdqzXOmTWh8mJMqjoeeEwq9lROYRBjUWRGiTG8sOh4Z3NUcGH4oL7T2m8g9gUBEz99A3/lXurWBdYvssDCyxS9UXDPEUaI+yeLCepbVgcJeQd
|
||||
username: AgBZQjEVHei5IOl9qZgBfA88DeP6aOridfWHKEY2e8JzqDb6xS0YXYHgc0LZwZ/HuhQljnhSfu+L/YbAfbaK0LJPSuq2pqfDMjbufBHZ9vmDHa/vVn5oWdAIaRViwohvjvQRtxMfQ53Q/zuKGQla0O7yB0J570F7/dnC52MvszwGs6Yfrp7M9OztC2P5zj7LoM7R8IkxJSihOA6K4Cmfs4yWzYFMwihoHg9LKS9QlpfjGlmpkfSfIOczJo3PMZjd+m4bhpa5phiUqGUYzqWdeIixTaLXmUP/x9psbsd/wDpYlZnKEXmVQnW4tQ/QSbNGFIYg28QamYvg1Qmd78zJ40D2n6VSg9krk8rDg/5TVd0Mqj0dPgRRauJpMm62o41SE6U3LdXvrQnfqtquHLig7wKCMt6+E/brKsULcFtK8X90PRqESUlywZHXBAzpk9+ALD5RwrrClyO+DqKLoYO+2TtFnVwJOPTDRQzUa5uXHOGHDTsDuZyL5IODPz+nodtQ9ty+qpruszLc45nAc1hEiNSKaqH824AKgRr790gvg0AqIvttAoxt9cE/d73F1MHyFd1uoBliL15JmxnNkn7gO3DPWvj9M1GTOFkrYFKNrH1WB+ines9zW0FHsbK+eRXC6YizTvuMg1YPNZfVE9gnKGw8RX92LWZft+dWLtgHmaMF0A3LYxF2Dnj6HyOhx8s2T2HcaC6D+TQ=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: gitea
|
||||
type: mount/smb
|
@ -18,8 +18,8 @@ spec:
|
||||
hostname: guacamole
|
||||
containers:
|
||||
- name: guacamole
|
||||
# image: bv11-cr01.bessems.eu/proxy/guacamole/guacamole:1.4.0
|
||||
image: bv11-cr01.bessems.eu/proxy/guacamole/guacamole:1.5.3
|
||||
# image: bv11-cr01.bessems.eu/proxy/guacamole/guacamole:1.5.3
|
||||
image: guacamole/guacamole:1.5.3
|
||||
env:
|
||||
- name: GUACD_HOSTNAME
|
||||
value: 'guacamole.guacamole.svc.cluster.local'
|
||||
@ -33,15 +33,12 @@ spec:
|
||||
volumeMounts:
|
||||
- name: flexvolsmb-guacamole-home
|
||||
mountPath: /etc/guacamole
|
||||
# - name: flexvolsmb-guacamole-opt
|
||||
# mountPath: /opt/guacamole/mysql/mysql-connector-java-5.1.46.jar
|
||||
# subPath: mysql-connector-java-5.1.46.jar
|
||||
ports:
|
||||
- name: ui
|
||||
containerPort: 8080
|
||||
- name: guacd
|
||||
# image: bv11-cr01.bessems.eu/proxy/guacamole/guacd:1.4.0
|
||||
image: bv11-cr01.bessems.eu/proxy/guacamole/guacd:1.5.3
|
||||
# image: bv11-cr01.bessems.eu/proxy/guacamole/guacd:1.5.3
|
||||
image: guacamole/guacd:1.5.3
|
||||
env:
|
||||
- name: GUACD_LOG_LEVEL
|
||||
value: 'debug'
|
||||
@ -49,7 +46,8 @@ spec:
|
||||
- name: proxy
|
||||
containerPort: 4822
|
||||
- name: mysql
|
||||
image: bv11-cr01.bessems.eu/proxy/library/mysql:latest
|
||||
# image: bv11-cr01.bessems.eu/proxy/library/mysql:latest
|
||||
image: mysql:latest
|
||||
securityContext:
|
||||
runAsUser: 999
|
||||
runAsGroup: 999
|
||||
@ -72,6 +70,3 @@ spec:
|
||||
- name: flexvolsmb-guacamole-home
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-guacamole-home
|
||||
# - name: flexvolsmb-guacamole-opt
|
||||
# persistentVolumeClaim:
|
||||
# claimName: flexvolsmb-guacamole-opt
|
||||
|
@ -14,5 +14,5 @@ spec:
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: prepend-path-guacamole
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: security-headers@file
|
||||
# - name: compression@file
|
||||
|
@ -11,10 +11,10 @@ spec:
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: smb-secret
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8,nobrl
|
||||
server: 192.168.11.225
|
||||
opts: file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/guacamole/db
|
||||
---
|
||||
apiVersion: v1
|
||||
@ -30,8 +30,8 @@ spec:
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: smb-secret
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: domain=bessems.eu,file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8
|
||||
server: 192.168.11.225
|
||||
opts: file_mode=0755,dir_mode=0755,uid=999,gid=999,iocharset=utf8
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/guacamole/home
|
||||
|
@ -1,18 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-secret
|
||||
namespace: guacamole
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAltnI39VLMEunbwj29kqFyMTpMopC0XinqS6eK+ni7iE1GF3B8PQMkyHGhckmOQVLjlg5E7hT70wdwUFzzkkOFl6Ytvt9Vjp7d2Lkr7VbMKHAuxcfCp7uEk81AWvf0oK6Vk4Cle5PL//cJwSiuKdVa/wkKqjtsNLvsS2ufPHBSgUxylLgaJrFZPHgSScmdeLQk2Wd+uRkO2oo5t9QTNhvaRsgzOwzYzB27tT+8/I8g99Cod+mG2PaVVSQJ+6Vw0qQzXvU3EsnK3tQyKWYCMM4mLpqOyVE9S1sdAAmwrHNafZBApHyDm1fELH/cJ/Ps4pyXWn+VxzRPE8UfAcbORLSSF8hb+gpWsJ61OAssmCr/2zGEtKQ76QW2stJ2aMgdqn1sr+FPLEnRFQd3A0kILPqv04J70d/t5dLcyble7npMSHSvd0uL0kmNto/3AbPJpptHkW3MSeP+VcN3+zYFXHWroHHpSKvcYunPE/S5T/qOKN+BFkzoJXiwZh3OX0k6/0Enh3GuQQ9zTmAlx0yWdqM8ZJetPVajmbZO+IilZYiBXL+gYKHMqZfrhwUyW9gWx4VqhDmlI/jBCqqpBaErT+G1X23bFMbhdtn/SufRjbpz1hN6zKYkkW5gshZOwC64A3zcA2hsGY+fk3X7EW92A8VwfT1k57tEuvJIDB4ejcg9Sj3K1wvIH+goABybuiI/y+n0gKqyfseUjEYWJq5cJEHs
|
||||
username: AgCiRQ0ql/PDGzdQCPTMM0GqhRD0KCTSQh0JGw2QTEEM2JeKiL0f2c9G/HEkPx+NJHv3E2wIJ+4Tt2OdpuB1jqgnShkc45KGbwZ0BwNoX8XjzEbPyjAEZyBPRiXYqEH2wwIqgce35pcsB6OIXdMV3p1h/j66kpV5rEQkYoj6BPi3UxTNvzgjExOZxeEwLQjVgSytwreex7gRE9B4ZZid8iBeZAzummGkdhpMePfPtrmrC2FYmejdaKEQEMgY3QIH/QHJUHqJ9V8SS8YUZ5/7mhiePnJUv/1spL9Cnp1qbdtKPB1nU3fu5bdqFN+UAMKFFNL/p1eueRDXZxgCobRtd17caRXtbGEc93sKINbd6iCQ6in0zcMTSWjy7ZGQNC0KcouEyR5n1VyJ4dYn82uhDlh9HUU/21WFkvr29CUJFfe/keHjSyaZOqdzFHj9FPLzewdDT0Dg3GPPROPcdd30CKtTKWzKbyJP0/CrIC17YtQSeFDwHLTIiggB5hZ4LaycSyrDdH/5rtYkOCk6O/kfzwHDHpNacWULfbPjqsAC2U9Ex1UOpawX1LX8gqPfHlM8ZBAixYopKTZpvwchUZubWkIchoOy4z/+8ynjXNblkfShs0/yvuV7sIFJCMfn39CP8ngdeJJKbBOGQ+LbqLoDnMA5LqV7vuhAZci27tlSeV7tZmjrAmdjCoFU/IzizqAZL5pGxJS/l3s=
|
||||
template:
|
||||
data: null
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-secret
|
||||
namespace: guacamole
|
||||
type: mount/smb
|
||||
|
16
services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml
Normal file
16
services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: guacamole
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgA5Rj3gn3X5ITztEpXBzECP5GUHAQVY/KnDQYxJFXocY55x4i6ggTjRllXAstQhh6vkGNV0TGuuATV34/6qvt3UzTZoajicQ5cJ1nU2SiYMQWuZh7BoTDv6osua19jsS39gnJUGDvrVWNZ6sKPXK+B/2cBkqh6JKQWHYzJUy4iqJ6ZCKLOaEVSVibX+U5UAhKJ2KPH5jIxV/asO/PtjtC6saYWOPXyMCgjFwcVOs843/sagVJB46bkK8Ud8842vE8UrZtESxNY5d/TYZkWqQs/4OR14ceBtVr3AhmTy371LDzI8zkFxATfUSjBJ8nlmTy+SMjD5B8tgU3j/qKw0fmVRIcgYybd6H7WtdeQm+eKRx9fuHnYAqEGIkIm+zZ0tGYVRXsZ4dFIe3SZ7/Q1vylOSnPV1g3o4ofSQj/kMME4Rtczis6qJNsYZEbB55alKtQJZx+i86bYyqRlZvzamYzZUqfrMECkOlsqKOvQ0ZSRZxqBFR4hwxoRNs9THe02qMjpjKiqjAZrfn2GpuavKoEdUqwhcQOGdYBN7LNPcRdTxulE9d5jTwmZ+9hBdWLxP/tMcO72XlVQm9w59UXtA/FogN5d5e5B5Wu7qfodcmCToQ9O9BUCCeHl94U98IjzutSAOMbbaRp3XRbSEawpVyxIF4N7LVxm40VhlvZDScASkxyHENwIPAdP1ZWUGt0MTLOXFQ7rEwhdJrj2yszsnE9FP
|
||||
username: AgBzKCegpgyL2EkamKd2VejVzroRz0fcVFnZ/9RuvYYSq2IyhJj4mbE0CUyGAX1mB48HsacloVMVTvFwDCoPRmsjR1qddiCWUaye9/wYsUYrYhEv+o+3IWFHIdzPN8ArF8B9DwcvAtamAx8BOf7Zx3UTbRYyrM8/2114VRVmtEcBpR7BUp+Djt4O2rJFPeDgHIkg3ljcg3hWdi3QO2NM8nvszn8rQCXBAKDJ1oQqFkUoXO+L6RBPmONVEjX5WN+noalf4C1ZSJNrLg0cCI4/2rpvt9LOkFlchI4h3c4xIj9mqkzj+d9FN0M55yfrAS6PbHXmd1GdoLqAbl8F0SV3kmm9SnCvxPQZOZTTkEs4zVrRYSgSt1s7I5t9Ng+/5kIXi6qN7YGtfvSbRGzFUO+39qRhtdpPvF3dpfFnGRFPdylrP5x067JKVywC/9gaHcVvlHHAwbFKnYh2lnDrmzwL3VqpVyxfxY7ksruUWrFGWhZKEfbw1m2d0oVO3fozgx+IxwGlnw1Lo1q2DFFY5zt47kRKC91cJBTGHZT8LUsyS8+WJpXRsrDQvp96gNgPs1+hQOJWl9g/HAyv2kbVnkRDPekOSzLwfDW4PAqwZ2NehUSP0G7jDZgLXTOFa5U+tZ0HBF0ENy5Ln2O7qlRqcX4tWXFUlffX7G/MRNof6HqYtU2ydo0iJSyvBbqe4hx2PHXOK3fYd/I8HAU=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: guacamole
|
||||
type: mount/smb
|
4
services/Vaultwarden/_namespace-vaultwarden.yml
Normal file
4
services/Vaultwarden/_namespace-vaultwarden.yml
Normal file
@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: vaultwarden
|
52
services/Vaultwarden/deployment-vaultwarden.yaml
Normal file
52
services/Vaultwarden/deployment-vaultwarden.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
labels:
|
||||
app: vaultwarden
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vaultwarden
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: vaultwarden
|
||||
spec:
|
||||
serviceAccountName: vaultwarden
|
||||
containers:
|
||||
- name: vaultwarden
|
||||
# image: bv11-cr01.bessems.eu/proxy/vaultwarden/server
|
||||
image: vaultwarden/server
|
||||
env:
|
||||
- name: ENABLE_DB_WAL
|
||||
value: "false"
|
||||
- name: ROCKET_PORT
|
||||
value: "8080"
|
||||
- name: SIGNUPS_ALLOWED
|
||||
value: "false"
|
||||
- name: WEBSOCKET_ENABLED
|
||||
value: "true"
|
||||
- name: WEBSOCKET_PORT
|
||||
value: "3012"
|
||||
- name: LOG_LEVEL
|
||||
value: "debug"
|
||||
- name: EXTENDED_LOGGING
|
||||
value: "true"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: vaultwarden
|
||||
ports:
|
||||
- name: ui
|
||||
containerPort: 8080
|
||||
- name: websocket
|
||||
containerPort: 3012
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: flexvolsmb-vaultwarden-data
|
||||
volumes:
|
||||
- name: flexvolsmb-vaultwarden-data
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-vaultwarden-data
|
25
services/Vaultwarden/ingressroute-vaultwarden.yaml
Normal file
25
services/Vaultwarden/ingressroute-vaultwarden.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`vault.spamasaurus.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: vaultwarden
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
- match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: vaultwarden
|
||||
port: 3012
|
||||
# middlewares:
|
||||
# - name: security-headers@file
|
||||
# - name: compression@file
|
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-vaultwarden-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-vaultwarden-data
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/vaultwarden/data
|
@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-vaultwarden-data
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-vaultwarden-data
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAFSxyvsZICWKYR0ZY7tNH17VP2XPrOIA//MldFVwm4f7npDiclcO/buJE8k/S4iWx5VA9mPXwboZOzUJOakL/6G5rhQ0VxpkaQXDHOqv5412NA0j9lc+ZvB3WD32AvujNUOXgPj4PenmUKe1SX4LT8p3QXbC/3Cpl9YmgsB7c7T3TNg9NGtztbPibwHPUn/wc9wcGbyZQVN7JUd0U9eayifucGxdzjVQtNx9khHerCHDdEJ9AzM4YDPAUwLrkML3KaKO4Kr7XhNRDYV1eGNWBTFbM1O/kISJmt2TBXDe+cQjcygznmybcs8lhX3nHSjJ27SzheBtnD26SwcZ5UqihExK6m1qvl62ePwtztUlHFJeCSTfwWZHigVFwi7TIw6xaXvdDX6Th4/KN403hh0EkxHvlvcHOLsI3eu8predUf3ZyqpZex6fB+c9CBrCRMQzoMXeSBntC+59NxfH7tDLthAS+nHMrBEJDvpckPFd/SZe2xA6nBZngaA0NZewWwBgMVhyjp9/zvHyLwfItb0IgVIN7sfK58BKDT40JdbdwwpvB1xdZ8IktAoUpMc+pSI+ZrVtQwrPYR6g09QzMV6qqTfz/V34zkScaK/E5vLr4hhUv2gjJeqWKc+xg7vrLg3z6K2Ssys21o+UyzOlm3tPl+LPTMFor1B8QrPLX/hFQX2kzG7wblWt1PHA7PoYLby/VEXRiOeDv3Aq30+TyF8RaH
|
||||
username: AgAErKLnO4ikMdR2PSkFdBIFY3deVh1dcpe6+bbOoXCSfqThLnXlszT5xyfgicwYH21MkTjaGovX63CPNva7SgN430nJHZ6v0TbSRwABVFvyXQJxFGTKe+9Bv6+FF76de/qZyhdgXFkX9Wseh1YdEhKmzopUYLtFjArYOGkGE8antUDs448OALwT73ZoRUFnUVfDxdAinKwdzcGQFr6zbK7LeflhX6buCC/+arJxoG3lDDjiuz00bliZf6+Fa5N0JohaUrWp2vOU25IHnVD7GawLWP6Eihb7GbM4BK9/h4oLcyUr9mD5DP/NsNeDe023mbrsog0vcyAG+y1oxYmknB5JKhTbdkwOEubmoQFLvF8qqARsZSg22twWTHayGZrK9Egj1N+kkQyiHLFJCCAu5YDzBLfBRgH1GIQNVFiFi1BDHS/3X+LJpSW5RhHhN7StfDUL81ej9heFbpvwVo8FwcT1Z0sSJ6OIEgIKmg0XVy7NCFdsiUkIwA1dndbHBFtlmrmUaTxnxKS7H73RI1v9OO7FLtX3RYgiKflR+rmggn2M1vaIS+FrgAdowQyDToxlRV2uMpiPJAlaURb/0GnNjN/7UaLtyM42DSBbKs7TO+vQ0UI6WjsZoEGPhJb8pN9LdUpUS0g6QRSCxHTDykEy4b2bmVqlf44bbTDBl0HzbmQXPkHKympQb6otIUy5m61Iy0XNjrCDyJw=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: vaultwarden
|
||||
type: mount/smb
|
19
services/Vaultwarden/sealedsecret-vaultwarden.yaml
Normal file
19
services/Vaultwarden/sealedsecret-vaultwarden.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
encryptedData:
|
||||
ADMIN_TOKEN: AgCTXDX4Dan6UyXd8CK4VB5LG6ReeDOD8Pz/9DYMzaDsTOEw5CUXZ09TkNxB89f6yKHcrjpOA0YOSFs3pF532bw643pY5PrK3rVjRNNxTc9OlvHa/+iv/piiKCzowiq2Bv7tCVJ3UUPlaB3DgLTZxRfobqyryi8CE8ybMSGXkGA7X9hqYKbu2izFOLcQPFbUEqBkqQoh4Di94D6CO+aTuBo3irOypmOa3RG/ELk6DVYsRZG1FLBitI554pRfcxCnO2loQsSSKX5npC1PwpPJCjSgKS1UTC5zqMSLAyXG6RNtnP1zVDM55+Xc/TZ1i0luT5ED6KltigU4ugEuBN7wx/TICzWB9HI9eCaZ33KERMiOx1sn5W4PE3/3qOaLjUJDEW1wbW3j9whm1xMm1Mt5UqwVONUEwoEAg1TMkDGP/1+C230hZ8JNa31f2XfjTgmroApbK9mPEwa020EoqFzBNCznsEv0x3FYkcRhMZ5Cbefc4ZHNZzMpBcEEtoXtGBgRVHaHsi1ftq402w9LNqbBE87JLV55aSy6cyseZL56gqSlu7tRdCr0EDndHn7hE+yT1EwYudmfW1B4AaHSw+FcI5l6IeR1UNkNSKg5h0d+p2kEdXdO1w5mpa7XXiu8bob5xJPiz0siD/WjhjZbMXzdWs8D7y7gJlaCIx8NW7+wirEZEtef8Hd0Cd/GiZ8mU/ODAVENPir/mwlT/5a04TaFzKCrXgIrwSzagMw632C9olWUHfDZKsJMBkCDeR7LDwfIIos=
|
||||
YUBICO_CLIENT_ID: AgCTwkK6e5gMpl9yquaCDadFTlBa8LqWGOaadEqG8801+z66LiUptoPKxl7+j22Zg44w4kdcv/HAIEzjkVvOs+iC5PhGLO389GcpPaNvwuqxcKqraU2CSNbANByB+vFyy1zO1NgmE68PMC2/siZIF/NP58j6Ca6JJTzy9Pm+m2/YhqdlnBdlGopzpbIf9PSpNaZUQSowpySBtlWOVcVNxRgOCbkLxYnb3Ykq3+gYFcbSi3HWVAz3Kb4LbypqOV0Kt8kkf6Jy5kjQAIowuooVyUZI4ZKWpgGwvseJBfEqjhoNkaR6UduL6gnwfNcA8e09q+HsbnLOsLOVAFxrPRxcOOKy4UNi1q66K4bXIR+kN4auvKIzJIW4oJUzKqNpHZ5RPFaLrfEOQEL/H37hd4KpqRPHP3fPw/DKlXWLYlYpzR4tSab9csw9o/lkfN5sQQXPIIUuYdAURLlLI/kX2rnbkHx8HhjveeIW9qQx0bkcJN5lOUwyhCt4pXmNXUyVP1ydqRZ2SBtAbfxIZGdTEnFGEAk6H5cw6i7RCFfgfWp9MUbIWmmjwK4RQe3dVs000+6gTUVfYBOa755GMdR0ODxRcghfT8+e/NpXHbn1Dhuc5kcc1oRbGGOdu/F22b5j6tCdrbdLbUUsxugpzxidohVBRhrDfTETB1HkZM9LrlN5EXElfsEKhRTr0XP9O+rtkaraedOOj935Zg==
|
||||
YUBICO_SECRET_KEY: AgAsQmn/4Z9C/Edo6UEnTSdJ2X55vf+aPt7vzattekf48Xc9fXZ9uN7B/3rA1Dg9HhuBWVQc8SaN3sJqRP0c4tzl5zYUZqgf9ZXZ53ZkXRI2yqcud8bCyHsbvJKXerOHpkkTjLyZjuj6f5I5rBQr12PYejcqGir+wdV7fgzJ//ArTLXlevWsrpA5amzYjqk59rCsw6BxIkFev1vux7Xes1/ODB8Hr40bhq5h0eeIwmK/d8xI0LSn79qP6S1SnWWyMAJ49Lnp90kBPBDzSftjT47KHaZBuVq5gol7Fk0Pb1pI0XipSy5S+hKkAMDcRuUVMY42y64J5Zvc938NU0zwv7ITyl8J+FIeMknLqy30p5a6j0F6/O0a+zTw+uXZzg2a68YnSCgclAp4mCF1C+Q8rnTVGNETwefsbXQtLUvyqJJ0l893u+TcE0Wr5WJsOimfRU2r2KSg6H89/pulm6wNkerbl7xireJCMP+syxw7qntRueLtmUkZ7E9tJnKWCLjr6jxasm51RLZO3DUAPyMs2CB5G1iLCHvkwpU9MW+tf43DOQ+IX1MC893OQugeXW+tAKtqcF5oaIXVt56383CnalKUdCyddy67YQ7hpuA1L14varLRf3VhSpNtGdzZshhmbFx2Msd4gtwW+3xB9ODbKtiI3pHBA8NnlFJ8mTo6SI31VfBc7N/IGlu+yqOLy371culfG5QvXleQv4bD2namOSM8+84SlfewxQTxFWVV
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: vaultwarden
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
type: Opaque
|
15
services/Vaultwarden/service-vaultwarden.yaml
Normal file
15
services/Vaultwarden/service-vaultwarden.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
name: ui
|
||||
port: 8080
|
||||
- protocol: TCP
|
||||
name: websocket
|
||||
port: 3012
|
||||
selector:
|
||||
app: vaultwarden
|
7
services/Vaultwarden/serviceaccount-vaultwarden.yaml
Normal file
7
services/Vaultwarden/serviceaccount-vaultwarden.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: vaultwarden
|
||||
labels:
|
||||
app: vaultwarden
|
Loading…
Reference in New Issue
Block a user