martyn/infra4scaleway
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ingress, ssl, auth, nc (no persist)

Browse source 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
This commit is contained in:
Martyn 2025-06-29 07:54:14 +00:00
commit ef51fa9649
7 changed files with 251 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
apps/cert-manager.yaml Normal file
View file

@ -0,0 +1,33 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nextcloud
namespace: argocd
spec:
destination:
namespace: nextcloud
server: https://kubernetes.default.svc
project: default
source:
chart: nextcloud
helm:
parameters:
- name: nextcloud.host
value: nc.martyn.berlin
- name: ingress.enabled
value: "true"
values: |-
ingress:
tls:
- hosts:
- nc.martyn.berlin
secretName: nc-tls
annotations:
cert-manager.io/cluster-issuer: letsencrypt
className: nginx
repoURL: https://nextcloud.github.io/helm/
targetRevision: 6.6.10
syncPolicy:
automated:
prune: true
selfHeal: true

32
apps/cluster-ingress.yaml Normal file
View file

@ -0,0 +1,32 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-ingress
namespace: argocd
operation:
initiatedBy:
automated: true
retry:
limit: 5
sync:
prune: true
revision: 4.12.3
spec:
destination:
namespace: cluster-ingress
server: https://kubernetes.default.svc
project: default
source:
chart: ingress-nginx
helm:
parameters:
- name: controller.hostNetwork
value: "true"
- name: controller.service.type
value: "ClusterIP"
repoURL: https://kubernetes.github.io/ingress-nginx
targetRevision: 4.12.3
syncPolicy:
automated:
prune: true
selfHeal: true

72
apps/dex.yaml Normal file
View file

@ -0,0 +1,72 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dex
namespace: argocd
spec:
destination:
namespace: auth
server: https://kubernetes.default.svc
project: default
source:
chart: dex
helm:
values: |
# Configures the ingress for Dex
ingress:
enabled: true
className: nginx
hosts:
- host: "auth.martyn.berlin"
paths:
- path: /dex
pathType: Prefix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
tls:
- hosts:
- "auth.martyn.berlin"
secretName: dex-cert
# Configures the Dex instance
config:
issuer: https://auth.martyn.berlin/dex
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:8080
oauth2:
responseTypes: ["code", "token", "id_token"]
# Configures the Client configuration
staticClients:
- id: f7f67ba843f06f244857b01d96cbe7bc
secret: 2774dc53beb0570e5ea7bc342d2a8f4e47d2d16986ad542d4ce776505043238f
name: "Oauth2 Proxy Static Client"
redirectURIs:
- https://auth.martyn.berlin/oauth2/callback
- id: 8e01cf63a42c451a2254ea8c2f1dd7d2
secret: 451d158110098dc7029d5588cc5c452a9295d30cdc12132d431d4e0850cd6ade
name: "NextClouD"
redirectURIs:
- https://nc.martyn.berlin/apps/user_oidc/code
staticPasswords:
- email: "martyn@ranyard.info"
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
hash: "$2y$10$RYKealLEcxXNnXdtLXw.eOTJPSgegzQd0SRYxSE/y7Iivt1ECeVgy"
username: "martyn"
userID: "fdcb225b-0a6f-4bec-b7c9-3d87dbf64ab8"
enablePasswordDB: true
# Allow password grants with local users
oauth2:
passwordConnector: local
repoURL: https://charts.dexidp.io
targetRevision: 0.23.0
syncPolicy:
automated:
prune: true
selfHeal: true

21
apps/letsencrypt.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
spec:
destination:
namespace: cert-manager
server: https://kubernetes.default.svc
project: default
source:
chart: cert-manager
repoURL: https://charts.jetstack.io
targetRevision: v1.17.1
helm:
parameters:
- name: installCRDs
value: "true"
syncPolicy:
automated:
selfHeal: true

33
apps/nextcloud.yaml Normal file
View file

@ -0,0 +1,33 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nextcloud
namespace: argocd
spec:
destination:
namespace: nextcloud
server: https://kubernetes.default.svc
project: default
source:
chart: nextcloud
helm:
parameters:
- name: nextcloud.host
value: nc.martyn.berlin
- name: ingress.enabled
value: "true"
values: |-
ingress:
tls:
- hosts:
- nc.martyn.berlin
secretName: nc-tls
annotations:
cert-manager.io/cluster-issuer: letsencrypt
className: nginx
repoURL: https://nextcloud.github.io/helm/
targetRevision: 6.6.10
syncPolicy:
automated:
prune: true
selfHeal: true

45
apps/oauth2proxy.yaml Normal file
View file

@ -0,0 +1,45 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: oauth2proxy
namespace: argocd
spec:
destination:
namespace: auth
server: https://kubernetes.default.svc
project: default
source:
chart: oauth2-proxy
helm:
parameters:
- name: config.clientID
value: f7f67ba843f06f244857b01d96cbe7bc
- name: config.clientSecret
value: 2774dc53beb0570e5ea7bc342d2a8f4e47d2d16986ad542d4ce776505043238f
- name: config.cookieSecret
value: iRNHJrMvm3Lv3UUe3j0ZBWTic3y5XuZQ-mdLVAdmNV4=
values: |-
ingress:
enabled: true
className: nginx
path: /oauth2
pathType: Prefix
hosts:
- auth.martyn.berlin
tls:
- hosts:
- auth.martyn.berlin
secretName: dex-cert
extraArgs:
- --provider=oidc
- --oidc-issuer-url=https://auth.martyn.berlin/dex
- "--scope=openid profile email"
- "--email-domain=*"
- "--upstream=static://200"
- "--http-address=0.0.0.0:4180"
repoURL: https://oauth2-proxy.github.io/manifests
targetRevision: 7.12.18
syncPolicy:
automated:
prune: true
selfHeal: true

15
manifests/clusterissuer.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: m@rtyn.berlin
preferredChain: ""
privateKeySecretRef:
name: cluster-issuer-account-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
class: nginx