innohub/k3s
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: innohub:83f1e5d98f8d5fd4ff7fd5baf2cbaa6c25d778d0
Branches Tags
innohub:main
..
compare: innohub:main
Branches Tags
innohub:main

69 Commits
83f1e5d98f ... main

Author SHA1 Message Date
Daniel
9d2e2cde20 Testing for RR stuff... 2026-01-16 10:01:33 +01:00
titver968
3bed7c95eb mrknow traefik config 2026-01-15 14:40:49 +01:00
titver968
3379af24f6 mrknow certificate in cert-manager 2026-01-15 14:35:15 +01:00
titver968
19c9a3a5ae wekan and keycloak 2026-01-08 15:49:13 +01:00
titver968
b0d56f2102 wekan and keycloak 2026-01-08 15:44:42 +01:00
titver968
8ea94c3b3d wekan and keycloak 2026-01-08 15:38:53 +01:00
titver968
bdb13cb00a wekantest and keycloak redirect more Variables 2026-01-08 15:24:21 +01:00
titver968
520c545ef4 wekantest and keycloak redirect redirect 2026-01-08 14:59:49 +01:00
titver968
cbf3f58285 wekantest and keycloak redirect redirect 2026-01-08 13:09:44 +01:00
titver968
9848eb1c1b wekantest and keycloak redirect redirect 2026-01-08 13:02:51 +01:00
titver968
f71ee10c63 wekantest and keycloak redirect popup 2026-01-08 12:58:40 +01:00
titver968
6448963486 wekantest and keycloak 2026-01-08 11:59:05 +01:00
titver968
2aae7e8b7e wekantest and keycloak 2026-01-08 11:54:23 +01:00
titver968
6eefb0da8b wekantest and keycloak 2026-01-08 09:58:35 +01:00
titver968
4f8ed26d4d open-webui: warnings fixed 2026-01-07 12:07:29 +01:00
titver968
8dc36f24d9 open-webui: WEBUI_SECRET_KEY added 2026-01-07 12:03:27 +01:00
titver968
6e4daf35ad open-webui: logout redirect URL 2026-01-07 11:54:33 +01:00
titver968
92cf4bdb78 open-webui: logout redirect URL 2026-01-07 11:43:48 +01:00
titver968
569895fb91 open-webui: sso: oidc: realm innohub 2026-01-07 10:50:13 +01:00
titver968
20a9c5b3bb open-webui: sso: oidc: debug 2026-01-07 09:06:17 +01:00
titver968
f5aee6d900 open-webui: sso: oidc: debug 2026-01-07 09:00:48 +01:00
titver968
99670aa277 open-webui: sso: oidc: new config 2026-01-07 08:53:17 +01:00
titver968
9da3941cfc open-webui: sso: oidc: 2026-01-07 08:35:41 +01:00
titver968
5daed5ebd4 deleted old open-webui config file 2026-01-06 10:09:21 +01:00
titver968
17ac7ddd68 open-webui existenceVolume deleted 2026-01-06 09:20:24 +01:00
titver968
2a5133da48 open-webui new version 9 2026-01-06 09:10:04 +01:00
titver968
4631aa1a5a open-webui commented 2026-01-06 09:07:19 +01:00
titver968
e1a6a53c57 back to the old Version 2026-01-06 09:05:03 +01:00
titver968
3efc060d0e open-webui mit helm.chart Konfig 2026-01-06 08:17:14 +01:00
titver968
3bdc7ecaa4 keycloak certifivate nur in cert-manager 2026-01-05 07:56:15 +01:00
titver968
9fdc42a6a3 keycloak certificate in argo-cd 2025-12-30 12:42:56 +01:00
titver968
b910243e2f mantisbt/config_inc.php 2025-12-30 12:25:49 +01:00
titver968
5520c55527 wekantest mongodb image deleted 2025-12-30 07:25:24 +01:00
titver968
519959b991 wekan mongodb tag: 7.0.28 2025-12-29 08:44:03 +01:00
titver968
c902ee862c wekantest mongodb tag: 7.0.28 2025-12-29 08:38:50 +01:00
titver968
f9588b0718 mattermost lets-encrypr Produktion 2025-12-19 09:57:51 +01:00
titver968
7a38ce1774 mantisbt mariadb Readiness 2025-12-19 08:45:46 +01:00
titver968
cc4a9a33cf Wekan und Wekantest die Versionen gewechselt. 2025-12-18 07:53:05 +01:00
titver968
49f4afa55e seaweedfs commented 2025-12-16 23:14:34 +01:00
titver968
daabaabcb2 n8n minio, redis und postgresPassword 2025-12-16 15:00:13 +01:00
titver968
5647295120 enableAdmin 0 2025-12-15 16:07:23 +01:00
titver968
f1efb3a801 enableAdmin 1 2025-12-15 15:33:35 +01:00
titver968
a3b042b104 masterSalt eingetragen 2025-12-15 15:19:02 +01:00
titver968
9bd2f3b8bc enable admin 1 2025-12-15 13:48:47 +01:00
titver968
a71e5ac907 masterSalt Passwort setzten 2025-12-15 13:38:03 +01:00
titver968
84ffea9d59 adminPasswort 2025-12-15 13:22:39 +01:00
titver968
e4ad00b4f3 enableAdmin 0 2025-12-15 12:15:37 +01:00
titver968
1ee0686020 mantisbt V4 more config 2025-12-15 11:54:31 +01:00
titver968
0ae03ae994 mantisbt V4 email configuration added 2025-12-15 11:10:11 +01:00
titver968
0aa3744ba6 mantisbt V4 2025-12-15 10:57:52 +01:00
titver968
8e6c6f72e9 mantisbt V3 mariadb debug 2025-12-15 09:52:38 +01:00
titver968
05e73b6832 mantisbt V3 2025-12-15 09:48:21 +01:00
titver968
581da487ed mantisbt V3 2025-12-15 09:46:12 +01:00
titver968
8ace260f87 mariadb Image tag latest 2025-12-12 12:52:36 +01:00
titver968
0b9f88b7c0 mariadb Image 11.4 auth richtig eingerueckt 2025-12-12 12:49:18 +01:00
titver968
209d0015c1 mariadb Image 11.4 2025-12-12 12:43:57 +01:00
titver968
d329c20444 mantisbt v2 2025-12-12 12:30:43 +01:00
titver968
1641b9bea3 new matisbt App 2025-12-12 11:59:19 +01:00
titver968
2b48963d54 new certificate for matisbt,innovation... 2025-12-12 10:24:39 +01:00
titver968
b8f9370db8 nextcloud redis Timeout 20 S und replicas 2025-12-11 14:45:59 +01:00
titver968
6f36a51451 nextcloud redis standalone 2025-12-11 07:32:03 +01:00
titver968
cf48328090 wekantest dbname 2025-12-10 13:52:49 +01:00
titver968
8b42195f1e added wekantest 2025-12-10 13:49:47 +01:00
titver968
9d8166d49c ohne .idea 2025-12-10 13:47:55 +01:00
titver968
4e21b5e06f gitignore fuer .idea 2025-12-10 13:46:11 +01:00
titver968
b04e96530d wekantest deleted 2025-12-10 13:42:58 +01:00
titver968
fc45280db8 keycloak deleted 2025-12-10 13:41:24 +01:00
titver968
aa1923da06 wekantest added 2025-12-10 13:36:38 +01:00
titver968
fc5f26533d sws3-certificate.yaml deleted 2025-12-10 10:34:30 +01:00
20 changed files with 723 additions and 133 deletions
Expand all files Collapse all files

1
argocd/apps/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.idea

14
argocd/apps/cert-manager/include/mantisbt-cerficate.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: innovation-hub-niedersachsen.de-mantisbt
namespace: kube-system
spec:
secretName: mantisbt-tls
commonName: 'mantisbt.innovation-hub-niedersachsen.de'
dnsNames:
- 'mantisbt.innovation-hub-niedersachsen.de'
issuerRef:
name: lets-encrypt
kind: ClusterIssuer
group: cert-manager.io

14
argocd/apps/cert-manager/include/mrknow-cerficate.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: innovation-hub-niedersachsen.de-mrknow
namespace: kube-system
spec:
secretName: mrknow-tls
commonName: 'mrknow.innovation-hub-niedersachsen.de'
dnsNames:
- 'mrknow.innovation-hub-niedersachsen.de'
issuerRef:
name: lets-encrypt
kind: ClusterIssuer
group: cert-manager.io

13
argocd/apps/cert-manager/include/rr-certificate.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: rr-cert
namespace: kube-system
spec:
secretName: rr-tls
issuerRef:
name: lets-encrypt
kind: ClusterIssuer
commonName: rr.innovation-hub-niedersachsen.de
dnsNames:
- rr.innovation-hub-niedersachsen.de

14
argocd/apps/cert-manager/include/sws3-cerficate.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: innovation-hub-niedersachsen.sws3
namespace: kube-system
spec:
secretName: sws3.innovation-hub-niedersachsen.de-tls
commonName: 'sws3.innovation-hub-niedersachsen.de'
dnsNames:
- 'sws3.innovation-hub-niedersachsen.de'
issuerRef:
name: lets-encrypt
kind: ClusterIssuer
group: cert-manager.io

14
argocd/apps/cert-manager/include/wekantest-cerficate.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: innovation-hub-niedersachsen.de-wekantest
namespace: kube-system
spec:
secretName: wekantest-tls
commonName: 'wekantest.innovation-hub-niedersachsen.de'
dnsNames:
- 'wekantest.innovation-hub-niedersachsen.de'
issuerRef:
name: lets-encrypt
kind: ClusterIssuer
group: cert-manager.io

42
argocd/apps/keycloak/values-keycloak.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: keycloak-headers
namespace: kube-system
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
X-Forwarded-Port: "443"
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: keycloak
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`keycloak.innovation-hub-niedersachsen.de`)
kind: Rule
middlewares:
- name: keycloak-headers
services:
- name: keycloak-external
port: 8080
tls:
secretName: keycloak-tls
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-external
namespace: kube-system
spec:
type: ExternalName
externalName: keycloak.innohub.local
ports:
- port: 8080

35
argocd/apps/mantisbt/config_inc.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
$g_hostname = 'mantisbt-mariadb';
$g_db_type = 'mysqli';
$g_database_name = 'mantisbt';
$g_db_username = 'mantisbt';
$g_db_password = 'MantisDBPassword_2024!';
$g_default_timezone = 'Europe/Berlin';
$g_crypto_master_salt = 'shJaiK32W2tABdTZjwRUrZN+90AWLHXaLKiOt1Fwpaw=';
$g_path = 'https://mantisbt.innovation-hub-niedersachsen.de/';
# Email settings
$g_webmaster_email = 'inno-netz@zpd.polizei.niedersachsen.de';
$g_from_email = 'mantisbt@innovation-hub-niedersachsen.de';
$g_return_path_email = 'mantisbt@innovation-hub-niedersachsen.de';
$g_from_name = 'InnoHub MantisBT';
# SMTP Configuration
$g_phpMailer_method = PHPMAILER_METHOD_SMTP;
$g_smtp_host = '192.168.4.125';
$g_smtp_port = 25;
$g_enable_email_notification = ON;
# File upload - match PHP limit
$g_max_file_size = 2000000;
$g_allowed_files = 'png,gif,jpg,jpeg,pdf,doc,docx,xls,xlsx,ppt,pptx,txt,zip,rar,7z';
# Site settings
$g_window_title = 'InnoHub Bug Tracker';
$g_logo_image = 'images/mantis_logo.png';
# Security - disable after installation!
# $g_allow_signup = OFF;

91
argocd/apps/mantisbt/values-mantisbt.yaml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: mantisbt
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: 'https://gitea.innovation-hub-niedersachsen.de/innohub/charts/raw/main/mantisbt'
targetRevision: 0.4.*
chart: mantisbt
helm:
values: |
image:
repository: xlrl/mantisbt
tag: "latest"
ingress:
enabled: true
className: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/cluster-issuer: lets-encrypt
hosts:
- mantisbt.innovation-hub-niedersachsen.de
tls:
- secretName: mantisbt-tls
hosts:
- mantisbt.innovation-hub-niedersachsen.de
mantisbt:
enableAdmin: "0"
timezone: "Europe/Berlin"
masterSalt: "shJaiK32W2tABdTZjwRUrZN+90AWLHXaLKiOt1Fwpaw="
persistence:
enabled: true
storageClass: longhorn
size: 10Gi
resources:
requests:
memory: 256Mi
cpu: 100m
limits:
memory: 512Mi
cpu: 500m
mariadb:
enabled: true
image:
tag: "latest"
auth:
database: mantisbt
username: mantisbt
password: "MantisDBPassword_2024!"
rootPassword: "RootDBPassword_2024!"
primary:
persistence:
enabled: true
storageClass: longhorn
size: 8Gi
livenessProbe:
enabled: true
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
destination:
server: 'https://kubernetes.default.svc'
namespace: mantisbt
syncPolicy:
managedNamespaceMetadata:
labels:
pod-security.kubernetes.io/enforce: "privileged"
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true

2
argocd/apps/mattermost/mattermnost.yaml
View File

@@ -90,7 +90,7 @@ spec:
secretName: mattermost-tls
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: lets-encrypt-staging
cert-manager.io/cluster-issuer: lets-encrypt
destination:
server: 'https://kubernetes.default.svc'

165
argocd/apps/mrknow/traefik-mrknow.yaml Normal file
View File

@@ -0,0 +1,165 @@
# =============================================================================
# Traefik IngressRoute Konfiguration für MR.KNOW / BPM Inspire
# =============================================================================
# Anpassen:
# - Host: mrknow.innovation-hub-niedersachsen.de (oder gewünschte Domain)
# - externalName: IP/Hostname des Portainer/Docker Hosts
# - secretName: TLS-Zertifikat Secret
# =============================================================================
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: mrknow-headers
namespace: kube-system
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
X-Forwarded-Port: "443"
---
# =============================================================================
# IngressRoute für InForm (Frontend / Root-Pfad)
# =============================================================================
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mrknow-inform
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`mrknow.innovation-hub-niedersachsen.de`) && !PathPrefix(`/insign`) && !PathPrefix(`/inspire`) && !PathPrefix(`/pgadmin`)
kind: Rule
middlewares:
- name: mrknow-headers
services:
- name: mrknow-inform-external
port: 8080
tls:
secretName: mrknow-tls
---
# =============================================================================
# IngressRoute für InSign
# =============================================================================
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mrknow-insign
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`mrknow.innovation-hub-niedersachsen.de`) && PathPrefix(`/insign`)
kind: Rule
middlewares:
- name: mrknow-headers
services:
- name: mrknow-insign-external
port: 8081
tls:
secretName: mrknow-tls
---
# =============================================================================
# IngressRoute für InSpire
# =============================================================================
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mrknow-inspire
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`mrknow.innovation-hub-niedersachsen.de`) && PathPrefix(`/inspire`)
kind: Rule
middlewares:
- name: mrknow-headers
services:
- name: mrknow-inspire-external
port: 8082
tls:
secretName: mrknow-tls
# ---
# =============================================================================
# IngressRoute für PgAdmin (optional)
# =============================================================================
# apiVersion: traefik.io/v1alpha1
# kind: IngressRoute
# metadata:
# name: mrknow-pgadmin
# namespace: kube-system
# spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`mrknow.innovation-hub-niedersachsen.de`) && PathPrefix(`/pgadmin`)
# kind: Rule
# middlewares:
# - name: mrknow-headers
# services:
# - name: mrknow-pgadmin-external
# port: 5050
# tls:
# secretName: mrknow-tls
---
# =============================================================================
# External Services - Verbindung zum Portainer/Docker Host
# =============================================================================
# WICHTIG: externalName auf den Hostnamen/IP deines Docker-Hosts anpassen!
# =============================================================================
apiVersion: v1
kind: Service
metadata:
name: mrknow-inform-external
namespace: kube-system
spec:
type: ExternalName
externalName: mrknow.innohub.local
ports:
- port: 8080
---
apiVersion: v1
kind: Service
metadata:
name: mrknow-insign-external
namespace: kube-system
spec:
type: ExternalName
externalName: mrknow.innohub.local
ports:
- port: 8081
---
apiVersion: v1
kind: Service
metadata:
name: mrknow-inspire-external
namespace: kube-system
spec:
type: ExternalName
externalName: mrknow.innohub.local
ports:
- port: 8082
---
apiVersion: v1
kind: Service
metadata:
name: mrknow-pgadmin-external
namespace: kube-system
spec:
type: ExternalName
externalName: mrknow.innohub.local
ports:
- port: 5050

6
argocd/apps/n8n/values-n8n.yaml
View File

@@ -34,7 +34,6 @@ spec:
# PostgreSQL Datenbank
db:
type: "postgresdb"
postgresql:
enabled: true
primary:
@@ -48,11 +47,14 @@ spec:
auth:
username: "n8n"
password: "n8n"
postgresPassword: "35PuQG99qi"
database: "n8n"
# MinIO für Binary Data
minio:
enabled: true
rootUser: "vkYCY4YJsFv11E18az7o"
rootPassword: "gOVBJMs5qxABhReVQwe3M43mfS8RsejUJSKOWr5N"
persistence:
enabled: true
storageClass: "longhorn"
@@ -63,6 +65,8 @@ spec:
# Redis für Queue Mode
redis:
enabled: true
auth:
password: "y8GBnBTleK"
master:
persistence:
enabled: true

7
argocd/apps/nextcloud/nextcloud.yaml
View File

@@ -85,6 +85,7 @@ spec:
enabled: true
auth:
password: redisInnoDBUser
# architecture: standalone
master:
extraEnvVars:
- name: REDIS_MASTER_HOST
@@ -92,15 +93,15 @@ spec:
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
readinessProbe:
timeoutSeconds: 10
replica:
timeoutSeconds: 20
replica:
extraEnvVars:
- name: REDIS_MASTER_HOST
value: "nextcloud-redis-master"
- name: REDIS_MASTER_PORT_NUMBER
value: "6379"
readinessProbe:
timeoutSeconds: 10
timeoutSeconds: 20
postgresql:
enabled: true

57
argocd/apps/open-webui/openwebui.yaml
View File

@@ -1,57 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: open-webui
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: 'https://helm.openwebui.com/'
targetRevision: 8.*.*
helm:
parameters:
- name: serviceAccount.enable
value: 'false'
- name: persistence.size
value: 200Gi
- name: existingClaim
value: "open-webui"
- name: ollama.enabled
value: 'false'
# - name: ollama.persistentVolume.enabled
# value: 'true'
# - name: ollama.persistence.existingClaim
# value: "open-webui-llm-storage"
# - name: ollama.persistenceVolume.size
# value: 200Gi
- name: ingress.class
value: 'traefik'
- name: ingress.enabled
value: 'true'
- name: ingress.host
value: "innollm.innovation-hub-niedersachsen.de"
- name: ingress.tls
value: 'true'
- name: ingress.existingSecret
value: 'innollm-tls'
- name: ingress.annotations.kubernetes\.io\/ingress\.class
value: traefik
- name: ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
value: 'true'
forceString: true
- name: ingress.annotations.cert-manager\.io\/cluster-issuer
value: lets-encrypt
chart: open-webui
destination:
server: 'https://kubernetes.default.svc'
namespace: open-webui
syncPolicy:
managedNamespaceMetadata:
labels:
pod-security.kubernetes.io/enforce: 'privileged'
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true

72
argocd/apps/open-webui/values-openwebui.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: open-webui
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: 'https://helm.openwebui.com/'
targetRevision: 9.*.*
chart: open-webui
helm:
values: |
serviceAccount:
enable: false
persistence:
size: 200Gi
storageClass: longhorn
ollama:
enabled: false
extraEnvVars:
- name: OAUTH_LOGOUT_REDIRECT_URL
value: "https://innollm.innovation-hub-niedersachsen.de/"
- name: ENABLE_OAUTH_LOGOUT
value: "true"
- name: WEBUI_SECRET_KEY
value: "17e027e793724fcbf0400c91374d6960f1beec64b52939c4ee20c1b6faf859ad"
- name: CORS_ALLOW_ORIGIN
value: "https://innollm.innovation-hub-niedersachsen.de"
- name: USER_AGENT
value: "Open-WebUI/InnoHub"
ingress:
enabled: true
class: traefik
host: "innollm.innovation-hub-niedersachsen.de"
tls: true
existingSecret: "innollm-tls"
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: lets-encrypt
sso:
enabled: true
enableSignup: true
mergeAccountsByEmail: false
enableRoleManagement: false
enableGroupManagement: false
oidc:
enabled: true
clientId: "open-webui"
clientSecret: "RFkQ5RDXv6KE4DiQsOq3BJejWFElu90G"
providerUrl: "https://keycloak.innovation-hub-niedersachsen.de/realms/innohub/.well-known/openid-configuration"
providerName: "Keycloak"
destination:
server: 'https://kubernetes.default.svc'
namespace: open-webui
syncPolicy:
managedNamespaceMetadata:
labels:
pod-security.kubernetes.io/enforce: 'privileged'
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true

92
argocd/apps/seaweedfs/admin-s3-secrets.yaml
View File

@@ -1,46 +1,46 @@
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: admin-s3-secret
namespace: seaweedfs
labels:
app.kubernetes.io/name: seaweedfs
app.kubernetes.io/component: seaweedfs-s3
stringData:
seaweedfs_s3_config: |
{
"identities": [
{
"name": "tatort",
"credentials": [
{
"accessKey": "wjpKrmaqXra99rX3D61H",
"secretKey": "fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u"
}
],
"actions": ["Read", "Write", "Admin"]
},
{
"name": "plane",
"credentials": [
{
"accessKey": "a0ccb47cc0994bf51ecd",
"secretKey": "0d54ee2f943f2a56b8cafc3afe9cb1e2f9fecac2"
}
],
"actions": ["Read", "Write", "Admin"]
},
{
"name": "n8n",
"credentials": [
{
"accessKey": "WPpTwIoSMgrPChsS3rdS",
"secretKey": "C59o3EAhsUKBWj1oiPtiYRq3GhLMFeYDeiMxJ4SW"
}
],
"actions": ["Read", "Write", "Admin"]
}
]
}
#apiVersion: v1
#kind: Secret
#type: Opaque
#metadata:
# name: admin-s3-secret
# namespace: seaweedfs
# labels:
# app.kubernetes.io/name: seaweedfs
# app.kubernetes.io/component: seaweedfs-s3
#
#stringData:
# seaweedfs_s3_config: |
# {
# "identities": [
# {
# "name": "tatort",
# "credentials": [
# {
# "accessKey": "wjpKrmaqXra99rX3D61H",
# "secretKey": "fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u"
# }
# ],
# "actions": ["Read", "Write", "Admin"]
# },
# {
# "name": "plane",
# "credentials": [
# {
# "accessKey": "a0ccb47cc0994bf51ecd",
# "secretKey": "0d54ee2f943f2a56b8cafc3afe9cb1e2f9fecac2"
# }
# ],
# "actions": ["Read", "Write", "Admin"]
# },
# {
# "name": "n8n",
# "credentials": [
# {
# "accessKey": "WPpTwIoSMgrPChsS3rdS",
# "secretKey": "C59o3EAhsUKBWj1oiPtiYRq3GhLMFeYDeiMxJ4SW"
# }
# ],
# "actions": ["Read", "Write", "Admin"]
# }
# ]
# }

20
argocd/apps/seaweedfs/seaweedfs-jwt-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
name: seaweedfs-jwt
namespace: seaweedfs
stringData:
jwt.json: |
{
"secret": "inno-super-secret-key"
}
#apiVersion: v1
#kind: Secret
#metadata:
# name: seaweedfs-jwt
# namespace: seaweedfs
#stringData:
# jwt.json: |
# {
# "secret": "inno-super-secret-key"
# }

34
argocd/apps/wekan/values-wekan.yaml
View File

@@ -9,7 +9,7 @@ spec:
source:
repoURL: 'https://wekan.github.io/charts/'
chart: wekan
targetRevision: 8.*.*
targetRevision: 7.97.0
helm:
values: |
replicaCount: 1
@@ -21,6 +21,36 @@ spec:
value: smtp://192.168.4.125:25?ignoreTLS=true&tls={rejectUnauthorized:false}&secure=false
- name: MAIL_FROM
value: Noreplay admin@innovation-hub-niedersachsen.de
- name: OAUTH2_ENABLED
value: "true"
- name: OAUTH2_LOGIN_STYLE
value: "redirect"
- name: OAUTH2_CLIENT_ID
value: "wekan"
- name: OAUTH2_SERVER_URL
value: "https://keycloak.innovation-hub-niedersachsen.de"
- name: OAUTH2_AUTH_ENDPOINT
value: "/realms/innohub/protocol/openid-connect/auth"
- name: OAUTH2_USERINFO_ENDPOINT
value: "/realms/innohub/protocol/openid-connect/userinfo"
- name: OAUTH2_TOKEN_ENDPOINT
value: "/realms/innohub/protocol/openid-connect/token"
- name: OAUTH2_SECRET
value: "vp1kG3WgUdPCUAWvECZbAmBdST6Vgm0I"
- name: OAUTH2_ID_MAP
value: "sub"
- name: OAUTH2_USERNAME_MAP
value: "preferred_username"
- name: OAUTH2_EMAIL_MAP
value: "email"
- name: OAUTH2_FULLNAME_MAP
value: "name"
- name: OAUTH2_ADFS_ENABLED
value: "false"
- name: OAUTH2_B2C_ENABLED
value: "false"
- name: OAUTH2_REQUEST_PERMISSIONS
value: "openid profile email"
end_point: wekan.innovation-hub-niedersachsen.de
root_url: https://wekan.innovation-hub-niedersachsen.de
@@ -62,6 +92,8 @@ spec:
mongodb:
enabled: true
image:
tag: 7.0.28
storage:
className: longhorn
nodeSelector:

110
argocd/apps/wekantest/values-wekantest.yaml Normal file
View File

@@ -0,0 +1,110 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: wekantest
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: 'https://wekan.github.io/charts/'
chart: wekan
targetRevision: 8.*.*
helm:
values: |
replicaCount: 1
dbname: wekan
env:
- name: MONGO_URL
value: mongodb://wekantest-mongodb:27017/wekan
- name: MAIL_URL
value: smtp://192.168.4.125:25?ignoreTLS=true&tls={rejectUnauthorized:false}&secure=false
- name: MAIL_FROM
value: Noreplay admin@innovation-hub-niedersachsen.de
- name: OAUTH2_ENABLED
value: "true"
- name: OAUTH2_LOGIN_STYLE
value: "redirect"
- name: OAUTH2_CLIENT_ID
value: "wekantest"
- name: OAUTH2_SERVER_URL
value: "https://keycloak.innovation-hub-niedersachsen.de"
- name: OAUTH2_AUTH_ENDPOINT
value: "/realms/innohub/protocol/openid-connect/auth"
- name: OAUTH2_USERINFO_ENDPOINT
value: "/realms/innohub/protocol/openid-connect/userinfo"
- name: OAUTH2_TOKEN_ENDPOINT
value: "/realms/innohub/protocol/openid-connect/token"
- name: OAUTH2_SECRET
value: "cOJpL4jiiA6OL8fFqA3lb4KCbxjjl7AQ"
- name: OAUTH2_ID_MAP
value: "sub"
- name: OAUTH2_USERNAME_MAP
value: "preferred_username"
- name: OAUTH2_EMAIL_MAP
value: "email"
- name: OAUTH2_FULLNAME_MAP
value: "name"
- name: OAUTH2_ADFS_ENABLED
value: "false"
- name: OAUTH2_B2C_ENABLED
value: "false"
- name: OAUTH2_REQUEST_PERMISSIONS
value: "openid profile email"
end_point: wekantest.innovation-hub-niedersachsen.de
root_url: https://wekantest.innovation-hub-niedersachsen.de
# Probe-Einstellungen anpassen
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 15
timeoutSeconds: 10
failureThreshold: 5
readinessProbe:
enabled: true
initialDelaySeconds: 20
periodSeconds: 15
timeoutSeconds: 10
failureThreshold: 3
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: lets-encrypt
hosts:
- wekantest.innovation-hub-niedersachsen.de
tls:
- secretName: wekantest-tls
hosts:
- wekantest.innovation-hub-niedersachsen.de
route:
enabled: false
sharedDataFolder:
enabled: true
storageClass: longhorn
mongodb:
enabled: true
storage:
className: longhorn
nodeSelector:
kubernetes.io/hostname: k3s-prod
destination:
server: 'https://kubernetes.default.svc'
namespace: wekantest
syncPolicy:
managedNamespaceMetadata:
labels:
pod-security.kubernetes.io/enforce: "privileged"
automated:
prune: true
syncOptions:
- CreateNamespace=true

53
config/rr/rr-ingressroute.yaml Normal file
View File

@@ -0,0 +1,53 @@
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rr-stripprefix
namespace: kube-system
spec:
stripPrefix:
prefixes:
- /
---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: rr-transport
namespace: kube-system
spec:
insecureSkipVerify: true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: rr-external
namespace: kube-system
annotations:
cert-manager.io/cluster-issuer: "lets-encrypt"
spec:
entryPoints:
- websecure
routes:
- match: Host(`rr.innovation-hub-niedersachsen.de`)
kind: Rule
services:
- name: rr-external-service
port: 5173
scheme: http
serversTransport: rr-transport
middlewares:
- name: rr-stripprefix
tls:
secretName: rr-tls
---
apiVersion: v1
kind: Service
metadata:
name: rr-external-service
namespace: kube-system
spec:
type: ExternalName
externalName: 192-168-4-106.nip.io
ports:
- port: 5173
targetPort: 5173