Remove redundant certs;Fix sealed secret keys;Workaround IPv6;Housekeeping
This commit is contained in:
parent
360cce7f13
commit
f8ea8b112d
@ -40,7 +40,7 @@ curl -sfL https://get.k3s.io | K3S_URL=https://<fqdn or ip>:6443 K3S_TOKEN=<valu
|
|||||||
### 0) Configure automatic updates
|
### 0) Configure automatic updates
|
||||||
Install Rancher's [System Upgrade Controller](https://rancher.com/docs/k3s/latest/en/upgrades/automated/):
|
Install Rancher's [System Upgrade Controller](https://rancher.com/docs/k3s/latest/en/upgrades/automated/):
|
||||||
```shell
|
```shell
|
||||||
kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.6.2/system-upgrade-controller.yaml
|
kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
|
||||||
```
|
```
|
||||||
Apply a [server (master node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Server.yml) and [agent (worker node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Agent.yml) plan:
|
Apply a [server (master node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Server.yml) and [agent (worker node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Agent.yml) plan:
|
||||||
```shell
|
```shell
|
||||||
|
@ -32,11 +32,6 @@ data:
|
|||||||
- main: '*.bessems.eu'
|
- main: '*.bessems.eu'
|
||||||
sans:
|
sans:
|
||||||
- 'bessems.eu'
|
- 'bessems.eu'
|
||||||
- main: 'bv11-vc01.intra.bessems.eu'
|
|
||||||
sans:
|
|
||||||
- 'bv11-gw01.intra.bessems.eu'
|
|
||||||
- 'bv11-vpn.intra.bessems.eu'
|
|
||||||
- 'bv11-esx.intra.bessems.eu'
|
|
||||||
- main: '*.gabaldon.eu'
|
- main: '*.gabaldon.eu'
|
||||||
sans:
|
sans:
|
||||||
- 'gabaldon.eu'
|
- 'gabaldon.eu'
|
||||||
|
@ -30,6 +30,11 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: adminer
|
- name: adminer
|
||||||
image: bv11-cr01.bessems.eu/proxy/library/adminer
|
image: bv11-cr01.bessems.eu/proxy/library/adminer
|
||||||
|
args:
|
||||||
|
- '-S'
|
||||||
|
- '0.0.0.0:8080'
|
||||||
|
- '-t'
|
||||||
|
- '/var/www/html'
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: adminer-secret
|
name: adminer-secret
|
||||||
|
@ -19,9 +19,9 @@
|
|||||||
"data": null
|
"data": null
|
||||||
},
|
},
|
||||||
"encryptedData": {
|
"encryptedData": {
|
||||||
"admintoken": "AgBOegUE4Q0kKaTcDUrOlexTGqCECq5lV74ScLu4Qc+AsBPjsJDd/L/OADtg3rY7KOt+kaqNH+wop5PY540h8aB1CDSqRLtdqO2GmJT98muPJpOwPC6ynbW2Z1w9p6ptY1U41MqlPh0yiKyoIMwdrRBM0U+I23O8OkhNQNNA+Y98/SCEuCXIHgPZ+wwN6v8GgEh3ISrATdqcahPSr63BNHEw+alAevYJNd+b2K+zW2EjeS6+5cBe5zqtv16CEAt3o62j6kYD2ylox6UOoBXDRHkf3mINX/mBu/WUB9KHa/WvpX1toJ4orb6wWaZFNohw3/grMFnCov5Hmk2WkEUkhy6sjblyz7eUhmL8zXfJjqB4b0ekn/QkKJL5qp0lSHVKgHXPo+pu1l+Kh9RlqkLXwvbbH1HTYUEzvIN6+fwNkFz2g+IEqDhOGAhQHbBg13Q0+Qk/r9qdsrUQCDQLRxTH/qC7EKygFkvd23Tl4a/x7h++mgMCkDkceghtQXmJCxk/AjrjUAKaEGEFJDpPkW6EroJeZfgN2SUcfWymKULQw9TLhpts6EN0eOBK/pwV4pMeA7DD8XdJ7YkPRM4lzhNuHDgxwvPOt+i3RtVbKjpYoodsmZtFUm81Bi5VH+o3xxvlVKTKT4uGgUft1XbrtimR760eTMtabiSkQp9GIC/BhhuBCNZH9L5km+2d6TVHjumg7Pdz4EHQaDp1IHPNAnU1qaQzCPK9906645Jg0EUr8w7sR4wsoEtewKrTDEe0xhTCOIU=",
|
"ADMIN_TOKEN": "AgBOegUE4Q0kKaTcDUrOlexTGqCECq5lV74ScLu4Qc+AsBPjsJDd/L/OADtg3rY7KOt+kaqNH+wop5PY540h8aB1CDSqRLtdqO2GmJT98muPJpOwPC6ynbW2Z1w9p6ptY1U41MqlPh0yiKyoIMwdrRBM0U+I23O8OkhNQNNA+Y98/SCEuCXIHgPZ+wwN6v8GgEh3ISrATdqcahPSr63BNHEw+alAevYJNd+b2K+zW2EjeS6+5cBe5zqtv16CEAt3o62j6kYD2ylox6UOoBXDRHkf3mINX/mBu/WUB9KHa/WvpX1toJ4orb6wWaZFNohw3/grMFnCov5Hmk2WkEUkhy6sjblyz7eUhmL8zXfJjqB4b0ekn/QkKJL5qp0lSHVKgHXPo+pu1l+Kh9RlqkLXwvbbH1HTYUEzvIN6+fwNkFz2g+IEqDhOGAhQHbBg13Q0+Qk/r9qdsrUQCDQLRxTH/qC7EKygFkvd23Tl4a/x7h++mgMCkDkceghtQXmJCxk/AjrjUAKaEGEFJDpPkW6EroJeZfgN2SUcfWymKULQw9TLhpts6EN0eOBK/pwV4pMeA7DD8XdJ7YkPRM4lzhNuHDgxwvPOt+i3RtVbKjpYoodsmZtFUm81Bi5VH+o3xxvlVKTKT4uGgUft1XbrtimR760eTMtabiSkQp9GIC/BhhuBCNZH9L5km+2d6TVHjumg7Pdz4EHQaDp1IHPNAnU1qaQzCPK9906645Jg0EUr8w7sR4wsoEtewKrTDEe0xhTCOIU=",
|
||||||
"yubicoclientid": "AgCjzixOtJ3R6p25k+beRevZyRVB6gNVOzNd2nmIdHRqFkgWujZfFOPkwwV7RR2QgtdOAO0x48fF7oCHmbBz5gUIp62okLjZBNoeP5ekT1MyGxtda1Ce7DmceCn9I73sqSVRnave+7h0UjQHZ7da7Qw03GGrjNp9hNk6jPb5Y8KhHemfghqotUys5EflX4XOTsvz1pZOdzCySYvfSnitAWkRwHcBTsufryq6bbu743M0hQ0TVLOvTXFTV6v9HkzmVqBw8NQJlQiAItVzoN9c1wg81419SFYs5QqQZdqu7RjIY0SdsjLwjJCTJM3KoRHtTQNacbXFDT8TR2iFi6qf4E2/GISNbEZg8I3epgMvTtej/kNUMuCT1t93FvxwILOH5qWM4qG+ZogNrti4iIGw1GmTx/4YJapgRPSbSRH+h2HjXKfoiCGHVLOSHs9AOjJCsKj91fBoo+54qP+33muGHy/WFrWDBKI448EPWTUbTK6Mzt8aWcownVapXhCxhv1A/siuRr++bYiuueC1jnW5LK4xSNkGRK0fNB0yjBZJoyvlOfJbMLamk7aqGeygPQ/8MUIQ9tWLGti8VMuFjeuliUsxH+7BlHu74jNQCdQpXegH2eOj9kr1JlIzAVho1h+u/33jtFkwnoF1oX8npT2IfrZSOnkeX0klTjFbkpNBEUN7OehItO5Cxz2WDJ9DQs76E4sc1YsfLA==",
|
"YUBICO_CLIENT_ID": "AgCjzixOtJ3R6p25k+beRevZyRVB6gNVOzNd2nmIdHRqFkgWujZfFOPkwwV7RR2QgtdOAO0x48fF7oCHmbBz5gUIp62okLjZBNoeP5ekT1MyGxtda1Ce7DmceCn9I73sqSVRnave+7h0UjQHZ7da7Qw03GGrjNp9hNk6jPb5Y8KhHemfghqotUys5EflX4XOTsvz1pZOdzCySYvfSnitAWkRwHcBTsufryq6bbu743M0hQ0TVLOvTXFTV6v9HkzmVqBw8NQJlQiAItVzoN9c1wg81419SFYs5QqQZdqu7RjIY0SdsjLwjJCTJM3KoRHtTQNacbXFDT8TR2iFi6qf4E2/GISNbEZg8I3epgMvTtej/kNUMuCT1t93FvxwILOH5qWM4qG+ZogNrti4iIGw1GmTx/4YJapgRPSbSRH+h2HjXKfoiCGHVLOSHs9AOjJCsKj91fBoo+54qP+33muGHy/WFrWDBKI448EPWTUbTK6Mzt8aWcownVapXhCxhv1A/siuRr++bYiuueC1jnW5LK4xSNkGRK0fNB0yjBZJoyvlOfJbMLamk7aqGeygPQ/8MUIQ9tWLGti8VMuFjeuliUsxH+7BlHu74jNQCdQpXegH2eOj9kr1JlIzAVho1h+u/33jtFkwnoF1oX8npT2IfrZSOnkeX0klTjFbkpNBEUN7OehItO5Cxz2WDJ9DQs76E4sc1YsfLA==",
|
||||||
"yubicosecretkey": "AgDGnO3bkS2HuzBWvdyirs61iW2uV3qvdiEiEyOFrOvKBlxpJrjSgMUCAOjDeux4l/2QlovNLRxGoj6ti34ZhA4PAWjVWVdKNac3WB0pW3S1kVdLSQSc/rwi6ICHiz4wSuR+oYA4Uz/paewH7Y7KfsN7KF2aKCGADm3mMaw7ptYkMdUqNgJvsAFizjFATd8wV3KmAJAZlIgtULY83/2MC0Qn7wS9ySymks3cae+LtirUcWDMGFvJ/7KlyQyeMHdT+EOalM5uovoW/VI9sDanGHXnbn/ikDWmmmCOs6QkYh0aOb/OghJ5zj6kRG/rdfGN0UqZrgFzYAJ7ozwnqkABFdCs+J531HRg38CEvgXOUXEIJ2e2rsYzVccJUDD8hFCHpaShxAghccSEAptkXzI0mgtWe9sYnPfC5gQ/dlo/vIWbsEMOAIDl6poe+Dc7ZvwqQGIemLTm51lc99ocM9Ej/RChvTGS3iXeJAfD+43kfcAZl67nLEsh2GtE56EipA/uGwkFDvQZ7zPWaic/WzcsE5aEdkWUHSgGxLHsHAMb/zQySEIUyGj0ohMyvFE3cSdwRguzFFyqAbsgpQ4Pz28uSgCNNx7xe7wlO2QwHTpVL3cRiM1dnZIuTISFIF61RUoQbCOxnmbxyzMsk4+1Cv+DH9pgBtSDD4lGhb/2XM6o9/WWWRNrTsHnXJgtinq4jclJQ8RIVihiLWPEPbCvYEjJuMxtd+5jUMp6NKH5CHUq"
|
"YUBICO_SECRET_KEY": "AgDGnO3bkS2HuzBWvdyirs61iW2uV3qvdiEiEyOFrOvKBlxpJrjSgMUCAOjDeux4l/2QlovNLRxGoj6ti34ZhA4PAWjVWVdKNac3WB0pW3S1kVdLSQSc/rwi6ICHiz4wSuR+oYA4Uz/paewH7Y7KfsN7KF2aKCGADm3mMaw7ptYkMdUqNgJvsAFizjFATd8wV3KmAJAZlIgtULY83/2MC0Qn7wS9ySymks3cae+LtirUcWDMGFvJ/7KlyQyeMHdT+EOalM5uovoW/VI9sDanGHXnbn/ikDWmmmCOs6QkYh0aOb/OghJ5zj6kRG/rdfGN0UqZrgFzYAJ7ozwnqkABFdCs+J531HRg38CEvgXOUXEIJ2e2rsYzVccJUDD8hFCHpaShxAghccSEAptkXzI0mgtWe9sYnPfC5gQ/dlo/vIWbsEMOAIDl6poe+Dc7ZvwqQGIemLTm51lc99ocM9Ej/RChvTGS3iXeJAfD+43kfcAZl67nLEsh2GtE56EipA/uGwkFDvQZ7zPWaic/WzcsE5aEdkWUHSgGxLHsHAMb/zQySEIUyGj0ohMyvFE3cSdwRguzFFyqAbsgpQ4Pz28uSgCNNx7xe7wlO2QwHTpVL3cRiM1dnZIuTISFIF61RUoQbCOxnmbxyzMsk4+1Cv+DH9pgBtSDD4lGhb/2XM6o9/WWWRNrTsHnXJgtinq4jclJQ8RIVihiLWPEPbCvYEjJuMxtd+5jUMp6NKH5CHUq"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -31,6 +31,10 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: sabnzbd
|
- name: sabnzbd
|
||||||
image: bv11-cr01.bessems.eu/proxy/linuxserver/sabnzbd
|
image: bv11-cr01.bessems.eu/proxy/linuxserver/sabnzbd
|
||||||
|
command: ["/bin/sh"]
|
||||||
|
args:
|
||||||
|
- -c
|
||||||
|
- "sed -e '/-server/c\ --config-file /config --server \":8080\"' -i /etc/services.d/sabnzbd/run;/init"
|
||||||
ports:
|
ports:
|
||||||
- name: web
|
- name: web
|
||||||
containerPort: 8080
|
containerPort: 8080
|
||||||
|
@ -28,7 +28,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: postgres
|
- name: postgres
|
||||||
image: bv11-cr01.bessems.eu/proxy/library/postgres:13-alpine
|
image: bv11-cr01.bessems.eu/proxy/library/postgres:14-alpine
|
||||||
env:
|
env:
|
||||||
- name: POSTGRES_USER
|
- name: POSTGRES_USER
|
||||||
value: terraform
|
value: terraform
|
||||||
|
@ -14,7 +14,7 @@ spec:
|
|||||||
args:
|
args:
|
||||||
- prepare
|
- prepare
|
||||||
- server-plan
|
- server-plan
|
||||||
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade:v1.19.3-k3s2
|
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade
|
||||||
serviceAccountName: system-upgrade
|
serviceAccountName: system-upgrade
|
||||||
upgrade:
|
upgrade:
|
||||||
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade
|
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade
|
||||||
|
Loading…
Reference in New Issue
Block a user