From 502fffe95cdf7f6013e367e8feb54852b7c1d825 Mon Sep 17 00:00:00 2001 From: titver968 Date: Thu, 3 Jul 2025 15:19:32 +0200 Subject: [PATCH] manual configs added --- .../include/.root-cerficate.yaml.swp | Bin 0 -> 12288 bytes argocd/apps/sonarqube/.sonarqube.yaml.swp | Bin 0 -> 12288 bytes argocd/apps/sonarqube/sonarqube.yaml | 79 ++++++++++++++++++ config/argocd/argocd-cmd-params-cm.yaml | 10 +++ config/argocd/ingress-route.yaml | 24 ++++++ .../cloudflare-api-token-secret.yaml | 7 ++ config/dashboard/cluster-role.yaml | 13 +++ config/dashboard/dashboard-traefik.yaml | 32 +++++++ config/dashboard/service-account.yaml | 5 ++ config/mattermost/https-redirect.yaml | 8 ++ config/open-webui/disable-token.yaml | 7 ++ config/traefik/traefik-dashboard.yaml | 14 ++++ config/wordpress/www-redirectScheme.yaml | 13 +++ 13 files changed, 212 insertions(+) create mode 100644 argocd/apps/cert-manager/include/.root-cerficate.yaml.swp create mode 100644 argocd/apps/sonarqube/.sonarqube.yaml.swp create mode 100644 argocd/apps/sonarqube/sonarqube.yaml create mode 100644 config/argocd/argocd-cmd-params-cm.yaml create mode 100644 config/argocd/ingress-route.yaml create mode 100644 config/cert-manager/cloudflare-api-token-secret.yaml create mode 100644 config/dashboard/cluster-role.yaml create mode 100644 config/dashboard/dashboard-traefik.yaml create mode 100644 config/dashboard/service-account.yaml create mode 100644 config/mattermost/https-redirect.yaml create mode 100644 config/open-webui/disable-token.yaml create mode 100644 config/traefik/traefik-dashboard.yaml create mode 100644 config/wordpress/www-redirectScheme.yaml diff --git a/argocd/apps/cert-manager/include/.root-cerficate.yaml.swp b/argocd/apps/cert-manager/include/.root-cerficate.yaml.swp new file mode 100644 index 0000000000000000000000000000000000000000..7250aca2cfd5640e79933876b0b60a55ad60ddd5 GIT binary patch literal 12288 zcmeI&y>1jS5C`x%sQC~Sv`Z*bc{fKYwgajZp#UW%lFvK2Shs7hZ0|`YBzTEbl!51< zqfVEe2jB&$7+)5|fleSg(BIN%WzX!~`qx?K+1~NNVezP(l8oC#M`!QnZ_lsO?B0Zu zO+#FA=s0SZ^IJw*vO3h}iT4Zj*oG}tM6Wj*R&$$JSJpXyI?SrYeyntud(%|9?_*^+ zB-LrB=NzQSv_r#H@IEQYoLHk1mn+@1TYn7+2tZ&{;0EnKobKhd2RrwRyLXN@)0ja3 z0uX=z1Rwwb2tWV=|FuBsC-g>kcx~L}&G9+;={ZjEfB*y_009U<00Izz00bZa0SG|g z9~96H(F-~Bzsm=I`Tzgh`Tx@`q6>+S5@!;xBnF9>5~akB#1|?4EO9CEK_d4!m%xAk z1Rwwb2tWV=5P$##AOHaf{DnXvV;=m_*Ts*Q!b|HZrxw;Vb@8+vV&ZTR z(Q=B4oe8Tx$+BJNpYut*u2IEqzJI>d$$F>c8oF|p8xB#M)5xxDcvtEg7oSP9nBOtJ z>%7a;`j6g?YyzjN`t|Mg)JBRuo7^maV(hh%UW;MIDz0P?-I%D0-+Y?--ml}N8=Z7b ZBZl0aw^w)MN%!_xHYEG|g|Avp=_|PZxa|M{ literal 0 HcmV?d00001 diff --git a/argocd/apps/sonarqube/.sonarqube.yaml.swp b/argocd/apps/sonarqube/.sonarqube.yaml.swp new file mode 100644 index 0000000000000000000000000000000000000000..8e15a128113ccb9b995cc8e7d8f06f00f0e38ee4 GIT binary patch literal 12288 zcmeI2%WoS+9LJ};3#1^*1qqdHI7F)0wex6bEFqD$sS>4W)3|9;H4u$=$M!Vq-R;b* zT_f?j^ol_0Ux2tEB*dXd4!{jcB@Q4J34ypFA%wVaKuCOdY_FYmw{Cbzg<0v7wLP=H z$9Eq7S(!@l%)*j2sQI;J-dkFDwa(q8cfn4Y0tS-li5quJsgHx z_AD1Uy$E?_o54bjD@F@E2*P??DQr#30u{B;^$IkKWI=`j6&K

%Vf^wBhGkHw{Js zqd=|#v8vjKMph>$#*0axr$_f&dmmfP?QR;30!9I&fKk9GU=%P47zK<1MuGpH0xH@? zUPW4WbyGXlz3;l=-hFFsMggOMQNSo*6fg=H1&jhl0i%FXz$jo8Fbdp(3Q&)bFY)7l z{2m04|Nr-X|9|@kA)kX!zz5)Ma1jWw30A>g@cSM@z5}0ukHGuj4bTFoz~kVj5kjtm z55YU&95@Vqc$kncz!kv30vG|;9wMXxR=~61DR4LV{y{=M2JeE`!CCMO_<1*C1y{hE zU=17s`@mNZz%QtSWiSPPyq}Oy!CT-o`1L+Qz6LLYW8g{f%e{nL1@D1N;6-o}jDp?Z zH|X^ZxCSnROW*?71Sf#j^A4O3CglH{0+zmP>xf`fu@e-heIn|z=ah&UN!nyPa8E`` zceCu?ZCH062C_sty(19^tYoDYVUzjQc}D$#4{5Bz1|sl!PgzzJdbVV4EVybrTR00O z0;ZUBcvxUTH54w4jz)qvxzB3M8|}LDX@&W+Wa+mJ8c?*Qc`Y$TJ*sHpCCO|#^ts#a z_zZftt5n!)u4h?ui`+Hx)V_;TcPmMUfI?X=bbClN{k#5<7uzH zl?5EZnvW~xx!JY3xueI*n-j%}sr^Iji7-^l`H`hb+ENJ~MS@lN#pnC7xx%~Ift+-B zP!mi_hax7WRg{hr6i;t$^cpt?<^nzpHwq$*6%!jygL|IOS`;R3&a=fTdNQ#L!T+*n z7AVni>bE zhFSxGbe(l)O4=|)!~S&a&B`r61OgvnKP?wtg15PILXG`%Y@D=cz%HW!2l({^XuFWasG}qs4wYZ1dSkeCblT z&FyC=w*Qq4=x@y0SYZrCjB4vLc*)>z@@#nyWu*;(Yd;tQxXR6WC8 z`fZN6ddqoq8!mRVgY^R3zPKVPP|0BFbSum{^BbLF%dJzPZmixE&XqH@!kSzrRhfnI z=Ad)HIiM3wGDcmNX4uIzyNZg@=PzL|=p2F9x8zCqK-aWc=i4a}Q+EVPbSv5| i9(W~dHi}Tv>OzCih@XK>I_<=C*JhzPPW`A($H^buDH_xO literal 0 HcmV?d00001 diff --git a/argocd/apps/sonarqube/sonarqube.yaml b/argocd/apps/sonarqube/sonarqube.yaml new file mode 100644 index 0000000..bf59f01 --- /dev/null +++ b/argocd/apps/sonarqube/sonarqube.yaml @@ -0,0 +1,79 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: sonarqube + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: 'https://SonarSource.github.io/helm-chart-sonarqube' + path: 'sonarqube' + targetRevision: 2025.*.* + chart: sonarqube + helm: + parameters: + - name: master.ingress.enabled + value: 'true' + - name: master.ingress.hostname + value: 'sonarqubennovation-hub-niedersachsen.de' + - name: master.ingress.tls + value: 'true' + - name: master.ingress.annotations.kubernetes\.io\/ingress\.class + value: traefik + - name: master.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls + value: 'true' + forceString: true + - name: master.ingress.annotations.cert-manager\.io\/cluster-issuer + value: 'lets-encrypt' + - name: master.ingress.annotations.ingress\.secrets + value: 'sonarqubennovation-hub-niedersachsen.de-tls' + - name: master.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints + value: websecure + - name: s3.enabled + value: 'true' + - name: s3.logLevel + value: '4' + - name: s3.auth.enabled + value: 'true' + - name: s3.auth.adminAccessKeyId + value: 'wjpKrmaqXra99rX3D61H' + - name: s3.auth.adminSecretAccessKey + value: 'fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u' + - name: s3.ingress.enabled + value: 'true' + - name: s3.ingress.hostname + value: 'sws3.innovation-hub-niedersachsen.de' + - name: s3.ingress.tls + value: 'true' + - name: s3.ingress.annotations.kubernetes\.io\/ingress\.class + value: traefik + - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls + value: 'true' + forceString: true + - name: s3.ingress.annotations.cert-manager\.io\/cluster-issuer + value: 'lets-encrypt' + - name: s3.ingress.annotations.ingress\.secrets + value: 'sws3.innovation-hub-niedersachsen.de-tls' + - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints + value: websecure + - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.middlewares + value: 'sonarqube-stripprefix@kubernetescrd' + - name: mariadb.auth.rootPassword + value: 'InnoHubSEAWEEDFS_2024!' + - name: mariadb.auth.username + value: 'bn_sonarqube' + - name: mariadb.auth.password + value: 'bn_sonarqubeUSER' + destination: + server: 'https://kubernetes.default.svc' + namespace: sonarqube + syncPolicy: + managedNamespaceMetadata: + labels: + pod-security.kubernetes.io/enforce: "privileged" + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true diff --git a/config/argocd/argocd-cmd-params-cm.yaml b/config/argocd/argocd-cmd-params-cm.yaml new file mode 100644 index 0000000..9016764 --- /dev/null +++ b/config/argocd/argocd-cmd-params-cm.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm + namespace: argocd + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd +data: + server.insecure: "true" diff --git a/config/argocd/ingress-route.yaml b/config/argocd/ingress-route.yaml new file mode 100644 index 0000000..f605da0 --- /dev/null +++ b/config/argocd/ingress-route.yaml @@ -0,0 +1,24 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: argocd-server + namespace: argocd +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`argocd.innovation-hub-niedersachsen.de`) + priority: 10 + services: + - name: argocd-server + port: 80 +# - kind: Rule +# match: Host(`argocd.innovation-hub-niedersachsen.de`) && Headers(`Content-Type`, `application/grpc`) +# priority: 11 +# services: +# - name: argocd-server +# port: 80 +# scheme: h2c + tls: + secretName: argocd-tls diff --git a/config/cert-manager/cloudflare-api-token-secret.yaml b/config/cert-manager/cloudflare-api-token-secret.yaml new file mode 100644 index 0000000..95a3dd2 --- /dev/null +++ b/config/cert-manager/cloudflare-api-token-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-token-secret +type: Opaque +stringData: + api-token: 8U6YVJlQe3UCkw6P2Xx0Qvmpy975EwK14FV8IMdp diff --git a/config/dashboard/cluster-role.yaml b/config/dashboard/cluster-role.yaml new file mode 100644 index 0000000..7de9b5c --- /dev/null +++ b/config/dashboard/cluster-role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: admin-user + namespace: kubernetes-dashboard + diff --git a/config/dashboard/dashboard-traefik.yaml b/config/dashboard/dashboard-traefik.yaml new file mode 100644 index 0000000..95f2e27 --- /dev/null +++ b/config/dashboard/dashboard-traefik.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: ServersTransport +metadata: + name: dashboard-transport + namespace: kubernetes-dashboard +spec: + serverName: dashboard-kong-proxy + insecureSkipVerify: true + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard + namespace: kubernetes-dashboard +spec: + entryPoints: + - websecure + routes: + - match: Host(`dashboard.innohub.local`) + kind: Rule + services: + - name: dashboard-kong-proxy + port: 443 + scheme: https + serversTransport: dashboard-transport + namespace: kubernetes-dashboard + tls: + secretName: dashboard.innohub.local + domains: + - main: dashboard.innohub.local diff --git a/config/dashboard/service-account.yaml b/config/dashboard/service-account.yaml new file mode 100644 index 0000000..54cabb7 --- /dev/null +++ b/config/dashboard/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kubernetes-dashboard diff --git a/config/mattermost/https-redirect.yaml b/config/mattermost/https-redirect.yaml new file mode 100644 index 0000000..5d6f404 --- /dev/null +++ b/config/mattermost/https-redirect.yaml @@ -0,0 +1,8 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: http-redirect +spec: + redirectScheme: + scheme: https + permanent: true diff --git a/config/open-webui/disable-token.yaml b/config/open-webui/disable-token.yaml new file mode 100644 index 0000000..f70d791 --- /dev/null +++ b/config/open-webui/disable-token.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + kubernetes.io/automountServiceAccountToken: "false" + name: open-webui + namespace: open-webui diff --git a/config/traefik/traefik-dashboard.yaml b/config/traefik/traefik-dashboard.yaml new file mode 100644 index 0000000..bc4819c --- /dev/null +++ b/config/traefik/traefik-dashboard.yaml @@ -0,0 +1,14 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: traefik-dashboard + namespace: kube-system +spec: + entryPoints: + - websecure + routes: + - match: Host(`traefik.innohub.local`) + kind: Rule + services: + - name: api@internal + kind: TraefikService diff --git a/config/wordpress/www-redirectScheme.yaml b/config/wordpress/www-redirectScheme.yaml new file mode 100644 index 0000000..db4fee5 --- /dev/null +++ b/config/wordpress/www-redirectScheme.yaml @@ -0,0 +1,13 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: redirect-www + namespace: wordpress +spec: + redirectRegex: + regex: "^https?://innovation-hub-niedersachsen.de/(.*)" + replacement: "https://www.innovation-hub-niedersachsen.de/$1" + permanent: true + redirectRegex: + regex: "^http?://innovation-hub-niedersachsen.de/(.*)" + replacement: "https://www.innovation-hub-niedersachsen.de/$1"