Merge branch 'main' of https://gitea.innovation-hub-niedersachsen.de/innohub/k3s

2025-09-05 09:33:48 +02:00
parent 07254862ed 2d08b6e439
commit a482956d61
6 changed files with 35 additions and 164 deletions
--- a/argocd/apps/cert-manager/include/appian-operator-webhooks-certificate.yaml
+++ b/argocd/apps/cert-manager/include/appian-operator-webhooks-certificate.yaml
@@ -1,14 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: innovation-hub-niedersachsen.lowcode
-  namespace: kube-system
-spec:
-  secretName: lowcode.innovation-hub-niedersachsen.de-tls
-  commonName: 'lowcode.innovation-hub-niedersachsen.de'
-  dnsNames:
-    - 'lowcode.innovation-hub-niedersachsen.de'
-  issuerRef:
-    name: lets-encrypt
-    kind: ClusterIssuer
-    group: cert-manager.io
--- a/argocd/apps/open-webui/openwebui.yaml
+++ b/argocd/apps/open-webui/openwebui.yaml
@@ -8,7 +8,7 @@ spec:
  project: default
  source:
    repoURL: 'https://helm.openwebui.com/'
-    targetRevision: 6.*.*
+    targetRevision: 8.*.*
    helm:
      parameters:
        - name: serviceAccount.enable
@@ -17,12 +17,14 @@ spec:
          value: 200Gi
        - name: existingClaim
          value: "open-webui"
-        - name: ollama.persistentVolume.enabled
-          value: 'true'
-        - name: ollama.persistence.existingClaim
-          value: "open-webui-llm-storage"
-        - name: ollama.persistenceVolume.size
-          value: 200Gi
+        - name: ollama.enabled
+          value: 'false'  
+      #  - name: ollama.persistentVolume.enabled
+      #    value: 'true'
+      #  - name: ollama.persistence.existingClaim
+      #    value: "open-webui-llm-storage"
+      #  - name: ollama.persistenceVolume.size
+      #    value: 200Gi
        - name: ingress.class
          value: 'traefik'
        - name: ingress.enabled
--- a/argocd/apps/openproject/openproject.yaml
+++ b/argocd/apps/openproject/openproject.yaml
@@ -1,73 +0,0 @@
-#apiVersion: argoproj.io/v1alpha1
-#kind: Application
-#metadata:
-#  name: openproject
-#  finalizers:
-#  - resources-finalizer.argocd.argoproj.io
-#spec:
-#  project: default
-#  source:
-#    repoURL: 'https://charts.openproject.org'
-#    targetRevision: 9.*.*
-#    helm:
-#      parameters:
-#        - name: 'ingress.enabled'
-#          value: 'true'
-#        - name: 'ingressClassName'
-#          value: 'traefik'
-##        - name: config.publicUri
-##          value: 'openproject.innovation-hub-niedersachsen.de'
-#        - name: ingress.host
-#          value: 'openproject.innovation-hub-niedersachsen.de'
-##        - name: 'openproject.name'
-##          value: 'openproject.innovation-hub-niedersachsen.de'
-#        - name: 'ingress.tls.enabled'
-#          value: 'true'
-#        - name: 'ingress.tls.secretName'
-#          value: openproject-tls
-##        - name: 'tls.secretName'
-##          value: openproject-tls  
-#        - name: ingress.annotations.kubernetes\.io\/ingress\.class
-#          value: traefik
-#        - name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
-#          value: 'true'
-#          forceString: true
-#        - name: ingress.annotations.cert-manager\.io\/cluster-issuer
-#          value: lets-encrypt-staging
-#        - name: 'cron.enabled'
-#          value: 'false'
-#        - name: 'persistence.enabled'
-#          value: 'false'
-#        - name: 's3.enabled'
-#          value: 'true'
-#        - name: 's3.region' 
-#          value: 'eu-central-1'
-#        - name: 's3.pathStyle'
-#          value: 'false'
-#        - name: 's3.directUploads'
-#          value: 'true'  
-#        - name: 's3.bucketName'
-#          value: 'openproject'
-#        - name: 's3.endpoint'
-#          value: 'https://api-s3.innovation-hub-niedersachsen.de'
-##        - name: 's3.host'
-##          value: 'api-s3.innovation-hub-niedersachsen.de'
-#        - name: 's3.enableSignatureV4Streaming'
-#          value: 'false'
-#        - name: 's3.auth.accessKeyId'
-#          value: 'wjpKrmaqXra99rX3D61H'
-#        - name: 's3.auth.secretAccessKey'
-#          value: 'fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u'
-#    chart: openproject
-#  destination:
-#    server: 'https://kubernetes.default.svc'
-#    namespace: openproject
-#  syncPolicy:
-#    managedNamespaceMetadata:
-#      labels: 
-#        pod-security.kubernetes.io/enforce: "privileged"
-#    automated:
-#      selfHeal: true
-#      prune: true
-#    syncOptions:
-#      - CreateNamespace=true
--- a/argocd/apps/seaweedfs/seaweedfs-s3-secrets.yaml
+++ b/argocd/apps/seaweedfs/seaweedfs-s3-secrets.yaml
@@ -6,7 +6,7 @@ metadata:
  namespace: seaweedfs
  labels:
    app.kubernetes.io/name: seaweedfs
-    app.kubernetes.io/component: s3
+    app.kubernetes.io/component: seaweedfs-s3
 stringData:
  # this key must be an inline json config file
  seaweedfs_s3_config: '{"identities":[{"name":"admin","credentials":[{"accessKey":"wjpKrmaqXra99rX3D61H","secretKey":"fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u"}],"actions":["Admin","Read","Write"]}]}'
--- a/argocd/apps/seaweedfs/seaweedfs-jwt-secret.yaml
+++ b/argocd/apps/seaweedfs/seaweedfs-jwt-secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: seaweedfs-jwt
+  namespace: seaweedfs
+stringData:
+  jwt.json: |
+    {
+      "secret": "inno-super-secret-key"
+    }
--- a/argocd/apps/seaweedfs/seaweedfs.yaml
+++ b/argocd/apps/seaweedfs/seaweedfs.yaml
@@ -11,82 +11,26 @@ spec:
    chart: seaweedfs
    targetRevision: 4.*.*
    helm:
-      valueFiles:
-        - values.yaml
      values: |
-        # Global Konfiguration
-        global:
-          imagePullPolicy: IfNotPresent
-          enableSecurity: true
-          monitoring:
-            enabled: true
-
        master:
          enabled: true
          replicas: 1
-          data:
-            type: "persistentVolumeClaim"
-            size: "25Gi"
-            storageClass: ""
-          logs:
-            type: "persistentVolumeClaim"
-            size: "5Gi"
-            storageClass: ""
-
-          ingress:
-            enabled: true
-            className: "traefik"
-            host: "seaweed.innovation-hub-niedersachsen.de"
-            annotations:
-              kubernetes.io/ingress.class: "traefik"
-              traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
-              traefik.ingress.kubernetes.io/router.tls: "true"
-              cert-manager.io/cluster-issuer: "lets-encrypt"
-            hosts:
-                - host: "seaweed.innovation-hub-niedersachsen.de"
-            tls:
-              - secretName: "seaweed.innovation-hub-niedersachsen.de-tls"
-                hosts:
-                  - "seaweed.innovation-hub-niedersachsen.de"

        volume:
          enabled: true
          replicas: 1
-          dataDirs:
-            - name: data
-              type: "persistentVolumeClaim"
-              storageClass: ""
-              size: "100Gi"
-          idx:
-            type: "persistentVolumeClaim"
-            size: "10Gi"
-            storageClass: ""

        filer:
          enabled: true
-          data:
-            type: "persistentVolumeClaim"
-            size: "25Gi"
-            storageClass: ""
-          logs:
-            type: "persistentVolumeClaim"
-            size: "5Gi"
-            storageClass: ""
+          replicas: 1

        s3:
          enabled: true
          replicas: 1
-          bindAddress: 0.0.0.0
          port: 8333
-          # add additional https port
          httpsPort: 8433
-          metricsPort: 9327
-          loggingOverrideLevel: null
-          # allow empty folders
-          allowEmptyFolder: true
-          enableAuth: "true"
+          enableAuth: true
          existingConfigSecret: "admin-s3-secret"
-
          ingress:
            enabled: true
            className: "traefik"
@@ -97,22 +41,24 @@ spec:
              traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
              traefik.ingress.kubernetes.io/router.tls: "true"
              cert-manager.io/cluster-issuer: "lets-encrypt"
+              # traefik.ingress.kubernetes.io/headers.customRequestHeaders: |
+              #  X-Forwarded-Proto = https
+              #traefik.ingress.kubernetes.io/headers.customResponseHeaders: |
+              #  Access-Control-Allow-Origin: "*"
+              #  Access-Control-Allow-Methods: "GET, OPTIONS, PUT, POST, DELETE"
+              #  Access-Control-Allow-Headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
+              #  Access-Control-Expose-Headers: "Content-Length,Content-Range"
+              #  Referrer-Policy: no-referrer-when-downgrade
            hosts:
              - host: "sws3.innovation-hub-niedersachsen.de"
+                paths:
+                  - path: /
+                    pathType: Prefix
            tls:
              - secretName: "sws3.innovation-hub-niedersachsen.de-tls"
                hosts:
                  - "sws3.innovation-hub-niedersachsen.de"
                  
-        # Resource management
-        resources:
-          limits:
-            cpu: "2"
-            memory: "2Gi"
-          requests:
-            cpu: "500m"
-            memory: "1Gi"
-
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: seaweedfs