manual configs added

2025-07-03 15:19:32 +02:00
parent c110f8e719
commit 502fffe95c
13 changed files with 212 additions and 0 deletions
--- a/argocd/apps/cert-manager/include/.root-cerficate.yaml.swp
+++ b/argocd/apps/cert-manager/include/.root-cerficate.yaml.swp
--- a/argocd/apps/sonarqube/.sonarqube.yaml.swp
+++ b/argocd/apps/sonarqube/.sonarqube.yaml.swp
--- a/argocd/apps/sonarqube/sonarqube.yaml
+++ b/argocd/apps/sonarqube/sonarqube.yaml
@@ -0,0 +1,79 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: sonarqube
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: default
  source:
    repoURL: 'https://SonarSource.github.io/helm-chart-sonarqube'
    path: 'sonarqube'
    targetRevision: 2025.*.*
    chart: sonarqube
    helm:
      parameters:
        - name: master.ingress.enabled
          value: 'true'
        - name: master.ingress.hostname
          value: 'sonarqubennovation-hub-niedersachsen.de'
        - name: master.ingress.tls
          value: 'true'
        - name: master.ingress.annotations.kubernetes\.io\/ingress\.class
          value: traefik
        - name: master.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
          value: 'true'
          forceString: true
        - name: master.ingress.annotations.cert-manager\.io\/cluster-issuer
          value: 'lets-encrypt'
        - name: master.ingress.annotations.ingress\.secrets
          value: 'sonarqubennovation-hub-niedersachsen.de-tls'
        - name: master.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints
          value: websecure
        - name: s3.enabled
          value: 'true'
        - name: s3.logLevel
          value: '4'            
        - name: s3.auth.enabled
          value: 'true'
        - name: s3.auth.adminAccessKeyId
          value: 'wjpKrmaqXra99rX3D61H'
        - name: s3.auth.adminSecretAccessKey
          value: 'fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u'
        - name: s3.ingress.enabled
          value: 'true'
        - name: s3.ingress.hostname
          value: 'sws3.innovation-hub-niedersachsen.de'  
        - name: s3.ingress.tls
          value: 'true'  
        - name: s3.ingress.annotations.kubernetes\.io\/ingress\.class  
          value: traefik
        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
          value: 'true'
          forceString: true
        - name: s3.ingress.annotations.cert-manager\.io\/cluster-issuer
          value: 'lets-encrypt'  
        - name: s3.ingress.annotations.ingress\.secrets
          value: 'sws3.innovation-hub-niedersachsen.de-tls'  
        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints
          value: websecure  
        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.middlewares
          value: 'sonarqube-stripprefix@kubernetescrd'
        - name: mariadb.auth.rootPassword
          value: 'InnoHubSEAWEEDFS_2024!'
        - name: mariadb.auth.username
          value: 'bn_sonarqube'
        - name: mariadb.auth.password
          value: 'bn_sonarqubeUSER'    
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: sonarqube
  syncPolicy:
    managedNamespaceMetadata:
      labels: 
        pod-security.kubernetes.io/enforce: "privileged"
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true
--- a/config/argocd/argocd-cmd-params-cm.yaml
+++ b/config/argocd/argocd-cmd-params-cm.yaml
@@ -0,0 +1,10 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cmd-params-cm
  namespace: argocd
  labels:
    app.kubernetes.io/name: argocd-cmd-params-cm
    app.kubernetes.io/part-of: argocd
 data:
  server.insecure: "true"
--- a/config/argocd/ingress-route.yaml
+++ b/config/argocd/ingress-route.yaml
@@ -0,0 +1,24 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: argocd-server
  namespace: argocd
 spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`argocd.innovation-hub-niedersachsen.de`)
      priority: 10
      services:
        - name: argocd-server
          port: 80
 #    - kind: Rule
 #      match: Host(`argocd.innovation-hub-niedersachsen.de`) && Headers(`Content-Type`, `application/grpc`)
 #      priority: 11
 #      services:
 #        - name: argocd-server
 #          port: 80
 #          scheme: h2c
  tls:
    secretName: argocd-tls
--- a/config/cert-manager/cloudflare-api-token-secret.yaml
+++ b/config/cert-manager/cloudflare-api-token-secret.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: cloudflare-api-token-secret
 type: Opaque
 stringData:
  api-token: 8U6YVJlQe3UCkw6P2Xx0Qvmpy975EwK14FV8IMdp
--- a/config/dashboard/cluster-role.yaml
+++ b/config/dashboard/cluster-role.yaml
@@ -0,0 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: admin-user
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
--- a/config/dashboard/dashboard-traefik.yaml
+++ b/config/dashboard/dashboard-traefik.yaml
@@ -0,0 +1,32 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: ServersTransport
 metadata:
  name: dashboard-transport
  namespace: kubernetes-dashboard
 spec:
  serverName: dashboard-kong-proxy
  insecureSkipVerify: true
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: dashboard
  namespace: kubernetes-dashboard
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`dashboard.innohub.local`)
      kind: Rule
      services:
        - name: dashboard-kong-proxy
          port: 443
          scheme: https
          serversTransport: dashboard-transport
          namespace: kubernetes-dashboard
  tls:
    secretName: dashboard.innohub.local
    domains:
      - main: dashboard.innohub.local
--- a/config/dashboard/service-account.yaml
+++ b/config/dashboard/service-account.yaml
@@ -0,0 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: admin-user
  namespace: kubernetes-dashboard
--- a/config/mattermost/https-redirect.yaml
+++ b/config/mattermost/https-redirect.yaml
@@ -0,0 +1,8 @@
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: http-redirect
 spec:
  redirectScheme:
    scheme: https
    permanent: true
--- a/config/open-webui/disable-token.yaml
+++ b/config/open-webui/disable-token.yaml
@@ -0,0 +1,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  annotations:
    kubernetes.io/automountServiceAccountToken: "false"
  name: open-webui
  namespace: open-webui
--- a/config/traefik/traefik-dashboard.yaml
+++ b/config/traefik/traefik-dashboard.yaml
@@ -0,0 +1,14 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: traefik-dashboard
  namespace: kube-system
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`traefik.innohub.local`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
--- a/config/wordpress/www-redirectScheme.yaml
+++ b/config/wordpress/www-redirectScheme.yaml
@@ -0,0 +1,13 @@
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: redirect-www
  namespace: wordpress
 spec:
  redirectRegex:
    regex: "^https?://innovation-hub-niedersachsen.de/(.*)"
    replacement: "https://www.innovation-hub-niedersachsen.de/$1"
    permanent: true
  redirectRegex:
    regex: "^http?://innovation-hub-niedersachsen.de/(.*)"
    replacement: "https://www.innovation-hub-niedersachsen.de/$1"