Remove redundant certs;Fix sealed secret keys;Workaround IPv6;Housekeeping

This commit is contained in:
Danny Bessems 2022-03-14 09:56:36 +01:00
parent 360cce7f13
commit f8ea8b112d
7 changed files with 15 additions and 11 deletions

View File

@ -40,7 +40,7 @@ curl -sfL https://get.k3s.io | K3S_URL=https://<fqdn or ip>:6443 K3S_TOKEN=<valu
### 0) Configure automatic updates
Install Rancher's [System Upgrade Controller](https://rancher.com/docs/k3s/latest/en/upgrades/automated/):
```shell
kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.6.2/system-upgrade-controller.yaml
kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
```
Apply a [server (master node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Server.yml) and [agent (worker node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Agent.yml) plan:
```shell

View File

@ -32,11 +32,6 @@ data:
- main: '*.bessems.eu'
sans:
- 'bessems.eu'
- main: 'bv11-vc01.intra.bessems.eu'
sans:
- 'bv11-gw01.intra.bessems.eu'
- 'bv11-vpn.intra.bessems.eu'
- 'bv11-esx.intra.bessems.eu'
- main: '*.gabaldon.eu'
sans:
- 'gabaldon.eu'

View File

@ -30,6 +30,11 @@ spec:
containers:
- name: adminer
image: bv11-cr01.bessems.eu/proxy/library/adminer
args:
- '-S'
- '0.0.0.0:8080'
- '-t'
- '/var/www/html'
envFrom:
- secretRef:
name: adminer-secret

View File

@ -19,9 +19,9 @@
"data": null
},
"encryptedData": {
"admintoken": "AgBOegUE4Q0kKaTcDUrOlexTGqCECq5lV74ScLu4Qc+AsBPjsJDd/L/OADtg3rY7KOt+kaqNH+wop5PY540h8aB1CDSqRLtdqO2GmJT98muPJpOwPC6ynbW2Z1w9p6ptY1U41MqlPh0yiKyoIMwdrRBM0U+I23O8OkhNQNNA+Y98/SCEuCXIHgPZ+wwN6v8GgEh3ISrATdqcahPSr63BNHEw+alAevYJNd+b2K+zW2EjeS6+5cBe5zqtv16CEAt3o62j6kYD2ylox6UOoBXDRHkf3mINX/mBu/WUB9KHa/WvpX1toJ4orb6wWaZFNohw3/grMFnCov5Hmk2WkEUkhy6sjblyz7eUhmL8zXfJjqB4b0ekn/QkKJL5qp0lSHVKgHXPo+pu1l+Kh9RlqkLXwvbbH1HTYUEzvIN6+fwNkFz2g+IEqDhOGAhQHbBg13Q0+Qk/r9qdsrUQCDQLRxTH/qC7EKygFkvd23Tl4a/x7h++mgMCkDkceghtQXmJCxk/AjrjUAKaEGEFJDpPkW6EroJeZfgN2SUcfWymKULQw9TLhpts6EN0eOBK/pwV4pMeA7DD8XdJ7YkPRM4lzhNuHDgxwvPOt+i3RtVbKjpYoodsmZtFUm81Bi5VH+o3xxvlVKTKT4uGgUft1XbrtimR760eTMtabiSkQp9GIC/BhhuBCNZH9L5km+2d6TVHjumg7Pdz4EHQaDp1IHPNAnU1qaQzCPK9906645Jg0EUr8w7sR4wsoEtewKrTDEe0xhTCOIU=",
"yubicoclientid": "AgCjzixOtJ3R6p25k+beRevZyRVB6gNVOzNd2nmIdHRqFkgWujZfFOPkwwV7RR2QgtdOAO0x48fF7oCHmbBz5gUIp62okLjZBNoeP5ekT1MyGxtda1Ce7DmceCn9I73sqSVRnave+7h0UjQHZ7da7Qw03GGrjNp9hNk6jPb5Y8KhHemfghqotUys5EflX4XOTsvz1pZOdzCySYvfSnitAWkRwHcBTsufryq6bbu743M0hQ0TVLOvTXFTV6v9HkzmVqBw8NQJlQiAItVzoN9c1wg81419SFYs5QqQZdqu7RjIY0SdsjLwjJCTJM3KoRHtTQNacbXFDT8TR2iFi6qf4E2/GISNbEZg8I3epgMvTtej/kNUMuCT1t93FvxwILOH5qWM4qG+ZogNrti4iIGw1GmTx/4YJapgRPSbSRH+h2HjXKfoiCGHVLOSHs9AOjJCsKj91fBoo+54qP+33muGHy/WFrWDBKI448EPWTUbTK6Mzt8aWcownVapXhCxhv1A/siuRr++bYiuueC1jnW5LK4xSNkGRK0fNB0yjBZJoyvlOfJbMLamk7aqGeygPQ/8MUIQ9tWLGti8VMuFjeuliUsxH+7BlHu74jNQCdQpXegH2eOj9kr1JlIzAVho1h+u/33jtFkwnoF1oX8npT2IfrZSOnkeX0klTjFbkpNBEUN7OehItO5Cxz2WDJ9DQs76E4sc1YsfLA==",
"yubicosecretkey": "AgDGnO3bkS2HuzBWvdyirs61iW2uV3qvdiEiEyOFrOvKBlxpJrjSgMUCAOjDeux4l/2QlovNLRxGoj6ti34ZhA4PAWjVWVdKNac3WB0pW3S1kVdLSQSc/rwi6ICHiz4wSuR+oYA4Uz/paewH7Y7KfsN7KF2aKCGADm3mMaw7ptYkMdUqNgJvsAFizjFATd8wV3KmAJAZlIgtULY83/2MC0Qn7wS9ySymks3cae+LtirUcWDMGFvJ/7KlyQyeMHdT+EOalM5uovoW/VI9sDanGHXnbn/ikDWmmmCOs6QkYh0aOb/OghJ5zj6kRG/rdfGN0UqZrgFzYAJ7ozwnqkABFdCs+J531HRg38CEvgXOUXEIJ2e2rsYzVccJUDD8hFCHpaShxAghccSEAptkXzI0mgtWe9sYnPfC5gQ/dlo/vIWbsEMOAIDl6poe+Dc7ZvwqQGIemLTm51lc99ocM9Ej/RChvTGS3iXeJAfD+43kfcAZl67nLEsh2GtE56EipA/uGwkFDvQZ7zPWaic/WzcsE5aEdkWUHSgGxLHsHAMb/zQySEIUyGj0ohMyvFE3cSdwRguzFFyqAbsgpQ4Pz28uSgCNNx7xe7wlO2QwHTpVL3cRiM1dnZIuTISFIF61RUoQbCOxnmbxyzMsk4+1Cv+DH9pgBtSDD4lGhb/2XM6o9/WWWRNrTsHnXJgtinq4jclJQ8RIVihiLWPEPbCvYEjJuMxtd+5jUMp6NKH5CHUq"
"ADMIN_TOKEN": "AgBOegUE4Q0kKaTcDUrOlexTGqCECq5lV74ScLu4Qc+AsBPjsJDd/L/OADtg3rY7KOt+kaqNH+wop5PY540h8aB1CDSqRLtdqO2GmJT98muPJpOwPC6ynbW2Z1w9p6ptY1U41MqlPh0yiKyoIMwdrRBM0U+I23O8OkhNQNNA+Y98/SCEuCXIHgPZ+wwN6v8GgEh3ISrATdqcahPSr63BNHEw+alAevYJNd+b2K+zW2EjeS6+5cBe5zqtv16CEAt3o62j6kYD2ylox6UOoBXDRHkf3mINX/mBu/WUB9KHa/WvpX1toJ4orb6wWaZFNohw3/grMFnCov5Hmk2WkEUkhy6sjblyz7eUhmL8zXfJjqB4b0ekn/QkKJL5qp0lSHVKgHXPo+pu1l+Kh9RlqkLXwvbbH1HTYUEzvIN6+fwNkFz2g+IEqDhOGAhQHbBg13Q0+Qk/r9qdsrUQCDQLRxTH/qC7EKygFkvd23Tl4a/x7h++mgMCkDkceghtQXmJCxk/AjrjUAKaEGEFJDpPkW6EroJeZfgN2SUcfWymKULQw9TLhpts6EN0eOBK/pwV4pMeA7DD8XdJ7YkPRM4lzhNuHDgxwvPOt+i3RtVbKjpYoodsmZtFUm81Bi5VH+o3xxvlVKTKT4uGgUft1XbrtimR760eTMtabiSkQp9GIC/BhhuBCNZH9L5km+2d6TVHjumg7Pdz4EHQaDp1IHPNAnU1qaQzCPK9906645Jg0EUr8w7sR4wsoEtewKrTDEe0xhTCOIU=",
"YUBICO_CLIENT_ID": "AgCjzixOtJ3R6p25k+beRevZyRVB6gNVOzNd2nmIdHRqFkgWujZfFOPkwwV7RR2QgtdOAO0x48fF7oCHmbBz5gUIp62okLjZBNoeP5ekT1MyGxtda1Ce7DmceCn9I73sqSVRnave+7h0UjQHZ7da7Qw03GGrjNp9hNk6jPb5Y8KhHemfghqotUys5EflX4XOTsvz1pZOdzCySYvfSnitAWkRwHcBTsufryq6bbu743M0hQ0TVLOvTXFTV6v9HkzmVqBw8NQJlQiAItVzoN9c1wg81419SFYs5QqQZdqu7RjIY0SdsjLwjJCTJM3KoRHtTQNacbXFDT8TR2iFi6qf4E2/GISNbEZg8I3epgMvTtej/kNUMuCT1t93FvxwILOH5qWM4qG+ZogNrti4iIGw1GmTx/4YJapgRPSbSRH+h2HjXKfoiCGHVLOSHs9AOjJCsKj91fBoo+54qP+33muGHy/WFrWDBKI448EPWTUbTK6Mzt8aWcownVapXhCxhv1A/siuRr++bYiuueC1jnW5LK4xSNkGRK0fNB0yjBZJoyvlOfJbMLamk7aqGeygPQ/8MUIQ9tWLGti8VMuFjeuliUsxH+7BlHu74jNQCdQpXegH2eOj9kr1JlIzAVho1h+u/33jtFkwnoF1oX8npT2IfrZSOnkeX0klTjFbkpNBEUN7OehItO5Cxz2WDJ9DQs76E4sc1YsfLA==",
"YUBICO_SECRET_KEY": "AgDGnO3bkS2HuzBWvdyirs61iW2uV3qvdiEiEyOFrOvKBlxpJrjSgMUCAOjDeux4l/2QlovNLRxGoj6ti34ZhA4PAWjVWVdKNac3WB0pW3S1kVdLSQSc/rwi6ICHiz4wSuR+oYA4Uz/paewH7Y7KfsN7KF2aKCGADm3mMaw7ptYkMdUqNgJvsAFizjFATd8wV3KmAJAZlIgtULY83/2MC0Qn7wS9ySymks3cae+LtirUcWDMGFvJ/7KlyQyeMHdT+EOalM5uovoW/VI9sDanGHXnbn/ikDWmmmCOs6QkYh0aOb/OghJ5zj6kRG/rdfGN0UqZrgFzYAJ7ozwnqkABFdCs+J531HRg38CEvgXOUXEIJ2e2rsYzVccJUDD8hFCHpaShxAghccSEAptkXzI0mgtWe9sYnPfC5gQ/dlo/vIWbsEMOAIDl6poe+Dc7ZvwqQGIemLTm51lc99ocM9Ej/RChvTGS3iXeJAfD+43kfcAZl67nLEsh2GtE56EipA/uGwkFDvQZ7zPWaic/WzcsE5aEdkWUHSgGxLHsHAMb/zQySEIUyGj0ohMyvFE3cSdwRguzFFyqAbsgpQ4Pz28uSgCNNx7xe7wlO2QwHTpVL3cRiM1dnZIuTISFIF61RUoQbCOxnmbxyzMsk4+1Cv+DH9pgBtSDD4lGhb/2XM6o9/WWWRNrTsHnXJgtinq4jclJQ8RIVihiLWPEPbCvYEjJuMxtd+5jUMp6NKH5CHUq"
}
}
}

View File

@ -31,6 +31,10 @@ spec:
containers:
- name: sabnzbd
image: bv11-cr01.bessems.eu/proxy/linuxserver/sabnzbd
command: ["/bin/sh"]
args:
- -c
- "sed -e '/-server/c\ --config-file /config --server \":8080\"' -i /etc/services.d/sabnzbd/run;/init"
ports:
- name: web
containerPort: 8080

View File

@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: postgres
image: bv11-cr01.bessems.eu/proxy/library/postgres:13-alpine
image: bv11-cr01.bessems.eu/proxy/library/postgres:14-alpine
env:
- name: POSTGRES_USER
value: terraform

View File

@ -14,7 +14,7 @@ spec:
args:
- prepare
- server-plan
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade:v1.19.3-k3s2
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade
serviceAccountName: system-upgrade
upgrade:
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade