khuedoan.com / cloudlab
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

refactor: separate directories for local and production

Khue Doan 74562e26 5d374f25

+999
apps/actualbudget.yaml apps/production/actualbudget.yaml
apps/blog.yaml apps/production/blog.yaml
apps/example-service.yaml apps/production/example-service.yaml
apps/homelab-docs.yaml apps/production/homelab-docs.yaml
+66
apps/local/actualbudget.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: actualbudget 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: actualbudget 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + defaultPodOptions: 27 + labels: 28 + "istio.io/dataplane-mode": "ambient" 29 + controllers: 30 + main: 31 + containers: 32 + main: 33 + image: 34 + repository: docker.io/actualbudget/actual-server 35 + tag: 25.6.1-alpine 36 + service: 37 + main: 38 + controller: main 39 + ports: 40 + http: 41 + port: 5006 42 + protocol: HTTP 43 + ingress: 44 + main: 45 + enabled: true 46 + className: nginx 47 + annotations: 48 + cert-manager.io/cluster-issuer: letsencrypt-prod 49 + hosts: 50 + - host: budget.127-0-0-1.nip.io 51 + paths: 52 + - path: / 53 + pathType: Prefix 54 + service: 55 + identifier: main 56 + port: http 57 + tls: 58 + - hosts: 59 + - budget.127-0-0-1.nip.io 60 + secretName: actualbudget-tls-certificate 61 + persistence: 62 + data: 63 + accessMode: ReadWriteOnce 64 + size: 1Gi 65 + globalMounts: 66 + - path: /data
+62
apps/local/blog.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: blog 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: blog 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + defaultPodOptions: 27 + labels: 28 + "istio.io/dataplane-mode": "ambient" 29 + controllers: 30 + main: 31 + replicas: 2 32 + strategy: RollingUpdate 33 + containers: 34 + main: 35 + image: 36 + repository: docker.io/khuedoan/blog 37 + tag: 6fbd90b77a81e0bcb330fddaa230feff744a7010 38 + service: 39 + main: 40 + controller: main 41 + ports: 42 + http: 43 + port: 3000 44 + protocol: HTTP 45 + ingress: 46 + main: 47 + enabled: true 48 + className: nginx 49 + annotations: 50 + cert-manager.io/cluster-issuer: letsencrypt-prod 51 + hosts: 52 + - host: www.127-0-0-1.nip.io 53 + paths: 54 + - path: / 55 + pathType: Prefix 56 + service: 57 + identifier: main 58 + port: 3000 59 + tls: 60 + - hosts: 61 + - www.127-0-0-1.nip.io 62 + secretName: blog-tls-certificate
+62
apps/local/example-service.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: example-service 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: example-service 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + defaultPodOptions: 27 + labels: 28 + istio.io/dataplane-mode: ambient 29 + controllers: 30 + main: 31 + replicas: 2 32 + strategy: RollingUpdate 33 + containers: 34 + main: 35 + image: 36 + repository: zot.zot.svc.cluster.local/example-service 37 + tag: 828c31f942e8913ab2af53a2841c180586c5b7e1 38 + service: 39 + main: 40 + controller: main 41 + ports: 42 + http: 43 + port: 8080 44 + protocol: HTTP 45 + ingress: 46 + main: 47 + enabled: true 48 + className: nginx 49 + annotations: 50 + cert-manager.io/cluster-issuer: letsencrypt-prod 51 + hosts: 52 + - host: example.127-0-0-1.nip.io 53 + paths: 54 + - path: / 55 + pathType: Prefix 56 + service: 57 + identifier: main 58 + port: 8080 59 + tls: 60 + - hosts: 61 + - example.127-0-0-1.nip.io 62 + secretName: example-tls-certificate
+98
apps/local/homelab-docs.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: homelab-docs 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: homelab-docs 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + defaultPodOptions: 27 + labels: 28 + "istio.io/dataplane-mode": "ambient" 29 + controllers: 30 + main: 31 + containers: 32 + nginx: 33 + image: 34 + repository: nginx 35 + tag: latest 36 + probes: 37 + readiness: 38 + enabled: true 39 + custom: true 40 + spec: 41 + httpGet: 42 + path: / 43 + port: 80 44 + initialDelaySeconds: 3 45 + periodSeconds: 3 46 + build: 47 + image: 48 + repository: nixos/nix 49 + tag: latest 50 + workingDir: /usr/local/src 51 + command: 52 + - /bin/sh 53 + - -c 54 + args: 55 + - | 56 + nix-shell -p git --command 'git clone https://github.com/khuedoan/homelab .' 57 + 58 + while true; do 59 + nix-shell -p python311Packages.mkdocs-material --command 'mkdocs build' 60 + cp -RT ./site /usr/share/nginx/html 61 + sleep 120 62 + nix-shell -p git --command 'git fetch origin' 63 + nix-shell -p git --command 'git reset --hard origin/master' 64 + done 65 + service: 66 + main: 67 + controller: main 68 + ports: 69 + http: 70 + port: 80 71 + protocol: HTTP 72 + ingress: 73 + main: 74 + enabled: true 75 + className: nginx 76 + annotations: 77 + cert-manager.io/cluster-issuer: letsencrypt-prod 78 + hosts: 79 + - host: homelab.127-0-0-1.nip.io 80 + paths: 81 + - path: / 82 + pathType: ImplementationSpecific 83 + service: 84 + identifier: main 85 + port: http 86 + tls: 87 + - hosts: 88 + - homelab.127-0-0-1.nip.io 89 + secretName: homelab-docs-tls-certificate 90 + persistence: 91 + source: 92 + type: emptyDir 93 + globalMounts: 94 + - path: /usr/local/src 95 + static: 96 + type: emptyDir 97 + globalMounts: 98 + - path: /usr/share/nginx/html
+115
apps/local/micropaas.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: micropaas 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: micropaas 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + defaultPodOptions: 27 + labels: 28 + "istio.io/dataplane-mode": "ambient" 29 + controllers: 30 + main: 31 + containers: 32 + main: 33 + image: 34 + repository: docker.io/khuedoan/micropaas 35 + tag: cd54ce6f0b2aeea079ece1ae01ac8291927708c1 36 + env: 37 + DOCKER_HOST: tcp://127.0.0.1:2375 38 + SOFT_SERVE_INITIAL_ADMIN_KEYS: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG 39 + REGISTRY_HOST: docker.io/khuedoan 40 + GITOPS_REPO: cloudlab 41 + GIT_USER_NAME: Khue's Bot 42 + GIT_USER_EMAIL: mail@khuedoan.com 43 + ARGOCD_WEBHOOK_ENDPOINT: http://argocd-server.argocd.svc.cluster.local/api/webhook 44 + docker: 45 + image: 46 + repository: docker.io/library/docker 47 + tag: 27-dind 48 + command: 49 + - dockerd 50 + - --host=tcp://127.0.0.1:2375 51 + securityContext: 52 + privileged: true 53 + nginx: 54 + image: 55 + repository: docker.io/library/nginx 56 + tag: latest 57 + service: 58 + main: 59 + controller: main 60 + ports: 61 + ssh: 62 + port: 2222 63 + protocol: TCP 64 + http: 65 + port: 8080 66 + protocol: TCP 67 + web: 68 + port: 80 69 + protocol: HTTP 70 + ingress: 71 + main: 72 + enabled: true 73 + className: nginx 74 + annotations: 75 + cert-manager.io/cluster-issuer: letsencrypt-prod 76 + hosts: 77 + - host: micropaas.127-0-0-1.nip.io 78 + paths: 79 + - path: / 80 + pathType: Prefix 81 + service: 82 + identifier: main 83 + port: 80 84 + tls: 85 + - hosts: 86 + - micropaas.127-0-0-1.nip.io 87 + secretName: micropaas-tls-certificate 88 + persistence: 89 + data: 90 + accessMode: ReadWriteOnce 91 + size: 10Gi 92 + advancedMounts: 93 + main: 94 + main: 95 + - path: /var/lib/micropaas/repos 96 + subPath: repos 97 + - path: /var/lib/micropaas/db 98 + subPath: db 99 + - path: /var/lib/micropaas/ssh 100 + subPath: ssh 101 + - path: /var/lib/micropaas/web 102 + subPath: web 103 + - path: /root/.docker 104 + subPath: docker-config 105 + nginx: 106 + - path: /usr/share/nginx/html 107 + subPath: web 108 + cache: 109 + accessMode: ReadWriteOnce 110 + size: 100Gi 111 + advancedMounts: 112 + main: 113 + main: 114 + - path: /var/cache/micropaas 115 + subPath: micropaas
+69
apps/local/notes.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: notes 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: notes 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + defaultPodOptions: 27 + labels: 28 + istio.io/dataplane-mode: ambient 29 + controllers: 30 + main: 31 + type: statefulset 32 + containers: 33 + main: 34 + image: 35 + repository: ghcr.io/silverbulletmd/silverbullet 36 + tag: v2 37 + envFrom: 38 + - secret: silverbullet 39 + service: 40 + main: 41 + controller: main 42 + ports: 43 + http: 44 + port: 3000 45 + protocol: HTTP 46 + ingress: 47 + main: 48 + enabled: true 49 + className: nginx 50 + annotations: 51 + cert-manager.io/cluster-issuer: letsencrypt-prod 52 + hosts: 53 + - host: notes.127-0-0-1.nip.io 54 + paths: 55 + - path: / 56 + pathType: Prefix 57 + service: 58 + identifier: main 59 + port: 3000 60 + tls: 61 + - hosts: 62 + - notes.127-0-0-1.nip.io 63 + secretName: notes-tls-certificate 64 + persistence: 65 + data: 66 + accessMode: ReadWriteOnce 67 + size: 1Gi 68 + globalMounts: 69 + - path: /space
apps/micropaas.yaml apps/production/micropaas.yaml
apps/notes.yaml apps/production/notes.yaml
infra/staging/metal/vn-south-1/terragrunt.stack.hcl

This is a binary file and will not be displayed.

platform/app-engine.yaml platform/local/app-engine.yaml
platform/dex.yaml platform/production/dex.yaml
platform/grafana.yaml platform/production/grafana.yaml
platform/kiali.yaml platform/production/kiali.yaml
+78
platform/local/dex.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: dex 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: dex 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://charts.dexidp.io 22 + chart: dex 23 + targetRevision: 0.23.0 24 + helm: 25 + valuesObject: 26 + config: 27 + issuer: https://dex.127-0-0-1.nip.io 28 + storage: 29 + type: kubernetes 30 + config: 31 + inCluster: true 32 + oauth2: 33 + passwordConnector: local 34 + skipApprovalScreen: true 35 + enablePasswordDB: true 36 + staticPasswords: 37 + - username: admin 38 + email: admin@127-0-0-1.nip.io 39 + userID: "b34bd9d2-70ed-4ee1-8d22-6e4fc84f8d17" 40 + hashFromEnv: ADMIN_PASSWORD_HASH 41 + staticClients: 42 + - id: argocd 43 + name: ArgoCD 44 + redirectURIs: 45 + - 'https://argocd.127-0-0-1.nip.io/auth/callback' 46 + secretEnv: ARGOCD_CLIENT_SECRET 47 + - id: grafana 48 + name: Grafana 49 + redirectURIs: 50 + - 'https://grafana.127-0-0-1.nip.io/login/generic_oauth' 51 + secretEnv: GRAFANA_CLIENT_SECRET 52 + - id: kiali 53 + name: Kiali 54 + redirectURIs: 55 + - 'https://kiali.127-0-0-1.nip.io' 56 + secretEnv: KIALI_CLIENT_SECRET 57 + - id: temporal 58 + name: Temporal 59 + redirectURIs: 60 + - 'https://temporal.127-0-0-1.nip.io/auth/sso/callback' 61 + secretEnv: TEMPORAL_CLIENT_SECRET 62 + envFrom: 63 + - secretRef: 64 + name: dex-secrets 65 + ingress: 66 + enabled: true 67 + className: nginx 68 + annotations: 69 + cert-manager.io/cluster-issuer: letsencrypt-prod 70 + hosts: 71 + - host: dex.127-0-0-1.nip.io 72 + paths: 73 + - path: / 74 + pathType: ImplementationSpecific 75 + tls: 76 + - secretName: dex-tls-certificate 77 + hosts: 78 + - dex.127-0-0-1.nip.io
+55
platform/local/grafana.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: grafana 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: monitoring 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://grafana.github.io/helm-charts 22 + chart: grafana 23 + targetRevision: 8.15.0 24 + helm: 25 + valuesObject: 26 + ingress: 27 + enabled: true 28 + ingressClassName: nginx 29 + annotations: 30 + cert-manager.io/cluster-issuer: letsencrypt-prod 31 + hosts: 32 + - grafana.127-0-0-1.nip.io 33 + tls: 34 + - secretName: grafana-general-tls 35 + hosts: 36 + - grafana.127-0-0-1.nip.io 37 + sidecar: 38 + dashboards: 39 + enabled: true 40 + datasources: 41 + enabled: true 42 + envFromSecret: grafana-secrets 43 + grafana.ini: 44 + server: 45 + root_url: https://grafana.127-0-0-1.nip.io 46 + auth.generic_oauth: 47 + enabled: true 48 + allow_sign_up: true 49 + name: SSO 50 + client_id: grafana 51 + client_secret: $__env{SSO_CLIENT_SECRET} 52 + scopes: openid profile email groups 53 + auth_url: https://dex.127-0-0-1.nip.io/auth 54 + token_url: https://dex.127-0-0-1.nip.io/token 55 + api_url: https://dex.127-0-0-1.nip.io/userinfo
+64
platform/local/kiali.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: kiali 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: istio-system 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://kiali.org/helm-charts 22 + chart: kiali-server 23 + targetRevision: 2.7.1 24 + helm: 25 + valuesObject: 26 + auth: 27 + strategy: openid 28 + openid: 29 + client_id: kiali 30 + issuer_uri: https://dex.127-0-0-1.nip.io 31 + disable_rbac: true 32 + external_services: 33 + prometheus: 34 + url: http://prometheus-kube-prometheus-prometheus.monitoring:9090 35 + grafana: 36 + enabled: false 37 + deployment: 38 + view_only_mode: true 39 + ingress: 40 + enabled: true 41 + override_yaml: 42 + metadata: 43 + annotations: 44 + cert-manager.io/cluster-issuer: letsencrypt-prod 45 + spec: 46 + ingressClassName: nginx 47 + rules: 48 + - host: kiali.127-0-0-1.nip.io 49 + http: 50 + paths: 51 + - backend: 52 + service: 53 + name: kiali 54 + port: 55 + name: http 56 + path: / 57 + pathType: Prefix 58 + tls: 59 + - hosts: 60 + - kiali.127-0-0-1.nip.io 61 + secretName: kiali-tls-certificate 62 + server: 63 + web_fqdn: kiali.127-0-0-1.nip.io 64 + web_root: /
+145
platform/local/radicle.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: radicle 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: radicle 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + controllers: 27 + server: 28 + type: statefulset 29 + initContainers: 30 + setup: 31 + image: 32 + repository: docker.io/khuedoan/radicle-server 33 + tag: latest 34 + env: 35 + RAD_HOME: /var/lib/radicle 36 + RAD_PASSPHRASE: "" 37 + command: 38 + - sh 39 + - -c 40 + - | 41 + rad auth --alias=radicle.127-0-0-1.nip.io 42 + rad seed rad:zGtLfDcgmBqBUya1qTpzRzpBpoHx 43 + rad seed rad:z38YiLVx2e4JC5Xo2qMNDGoMPHE7U 44 + rad seed rad:z3pkjF1uaT1cZBrB8tBcCDtXGnrLQ 45 + rad seed rad:zdhXFweZXNiVmb6YPV9SFeA5xeZC 46 + rad seed rad:z3KcHMAjkkxzys1QyXYgFa4Rfik4D 47 + rad seed rad:z3Leck2yN7a8R2NpYtikkmAB8vA22 48 + rad seed rad:zLcEuZQwY8hRDUiaSNz8eNRgEpkc 49 + containers: 50 + node: 51 + image: 52 + repository: docker.io/khuedoan/radicle-server 53 + tag: latest 54 + env: 55 + RAD_HOME: /var/lib/radicle 56 + command: 57 + - radicle-node 58 + api: 59 + image: 60 + repository: docker.io/khuedoan/radicle-server 61 + tag: latest 62 + env: 63 + RAD_HOME: /var/lib/radicle 64 + command: 65 + - radicle-httpd 66 + - --alias 67 + - blog 68 + - rad:zGtLfDcgmBqBUya1qTpzRzpBpoHx 69 + - --alias 70 + - dotfiles 71 + - rad:z38YiLVx2e4JC5Xo2qMNDGoMPHE7U 72 + - --alias 73 + - homelab 74 + - rad:z3pkjF1uaT1cZBrB8tBcCDtXGnrLQ 75 + - --alias 76 + - micropaas 77 + - rad:zdhXFweZXNiVmb6YPV9SFeA5xeZC 78 + - --alias 79 + - nixos-setup 80 + - rad:z3KcHMAjkkxzys1QyXYgFa4Rfik4D 81 + - --alias 82 + - webhook-transformer 83 + - rad:z3Leck2yN7a8R2NpYtikkmAB8vA22 84 + - --alias 85 + - cloudlab 86 + - rad:zLcEuZQwY8hRDUiaSNz8eNRgEpkc 87 + explorer: 88 + containers: 89 + main: 90 + image: 91 + repository: docker.io/khuedoan/radicle-explorer 92 + tag: latest 93 + service: 94 + server: 95 + controller: server 96 + ports: 97 + radicle: 98 + port: 8776 99 + protocol: TCP 100 + http: 101 + port: 8080 102 + protocol: HTTP 103 + explorer: 104 + controller: explorer 105 + ports: 106 + http: 107 + port: 80 108 + protocol: HTTP 109 + ingress: 110 + main: 111 + enabled: true 112 + annotations: 113 + cert-manager.io/cluster-issuer: letsencrypt-prod 114 + hosts: 115 + - host: radicle.127-0-0-1.nip.io 116 + paths: 117 + - path: / 118 + pathType: Prefix 119 + service: 120 + identifier: server 121 + port: 8080 122 + - host: code.khuedoan.com 123 + paths: 124 + - path: / 125 + pathType: Prefix 126 + service: 127 + identifier: explorer 128 + port: 80 129 + tls: 130 + - hosts: 131 + - radicle.127-0-0-1.nip.io 132 + - code.khuedoan.com 133 + secretName: radicle-tls-certificate 134 + persistence: 135 + data: 136 + accessMode: ReadWriteOnce 137 + size: 10Gi 138 + advancedMounts: 139 + server: 140 + auth: 141 + - path: /var/lib/radicle 142 + node: 143 + - path: /var/lib/radicle 144 + api: 145 + - path: /var/lib/radicle
+72
platform/local/temporal.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: temporal 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: temporal 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://go.temporal.io/helm-charts 22 + chart: temporal 23 + targetRevision: 0.58.0 24 + helm: 25 + valuesObject: 26 + additionalLabels: 27 + istio.io/dataplane-mode: ambient 28 + server: 29 + replicaCount: 1 30 + config: 31 + namespaces: 32 + create: true 33 + namespace: 34 + - name: default 35 + retention: 3d 36 + cassandra: 37 + config: 38 + cluster_size: 1 39 + elasticsearch: 40 + replicas: 1 41 + prometheus: 42 + enabled: false 43 + grafana: 44 + enabled: false 45 + web: 46 + additionalEnv: 47 + - name: TEMPORAL_DISABLE_WRITE_ACTIONS 48 + value: "true" 49 + - name: TEMPORAL_AUTH_ENABLED 50 + value: "true" 51 + - name: TEMPORAL_AUTH_PROVIDER_URL 52 + value: "https://dex.c127-0-0-1.nip.io" 53 + - name: TEMPORAL_AUTH_ISSUER_URL 54 + value: "https://dex.127-0-0-1.nip.io" 55 + - name: TEMPORAL_AUTH_CLIENT_ID 56 + value: "temporal" 57 + - name: TEMPORAL_AUTH_CALLBACK_URL 58 + value: "https://temporal.127-0-0-1.nip.io/auth/sso/callback" 59 + - name: TEMPORAL_AUTH_SCOPES 60 + value: "openid,profile,email" 61 + additionalEnvSecretName: temporal-web 62 + ingress: 63 + enabled: true 64 + className: nginx 65 + annotations: 66 + cert-manager.io/cluster-issuer: letsencrypt-prod 67 + hosts: 68 + - temporal.127-0-0-1.nip.io 69 + tls: 70 + - secretName: temporal-tls-certificate 71 + hosts: 72 + - temporal.127-0-0-1.nip.io
+60
platform/production/app-engine.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: app-engine 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: app-engine 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + defaultPodOptions: 27 + restartPolicy: Always 28 + labels: 29 + istio.io/dataplane-mode: ambient 30 + hostNetwork: true 31 + controllers: 32 + worker: 33 + strategy: RollingUpdate 34 + containers: 35 + app: 36 + image: 37 + # TODO bootstrap and build itself 38 + # repository: zot.zot.svc.cluster.local/khuedoan/app-engine 39 + repository: docker.io/khuedoan/app-engine 40 + tag: 4118f90 41 + pullPolicy: Always 42 + env: 43 + TEMPORAL_URL: http://temporal-frontend.temporal:7233 44 + REGISTRY: zot.zot.svc.cluster.local 45 + docker: 46 + image: 47 + repository: docker.io/library/docker 48 + tag: 27-dind 49 + command: 50 + - dockerd 51 + - --host=unix:///var/run/docker.sock 52 + - --insecure-registry=zot.zot.svc.cluster.local 53 + securityContext: 54 + privileged: true 55 + persistence: 56 + socket: 57 + type: emptyDir 58 + globalMounts: 59 + - path: /var/run 60 + subPath: docker.sock
+53
platform/production/wireguard.yaml
··· 1 + apiVersion: argoproj.io/v1alpha1 2 + kind: Application 3 + metadata: 4 + finalizers: 5 + - resources-finalizer.argocd.argoproj.io 6 + name: wireguard 7 + spec: 8 + destination: 9 + name: in-cluster 10 + namespace: wireguard 11 + project: default 12 + syncPolicy: 13 + automated: 14 + prune: true 15 + selfHeal: true 16 + syncOptions: 17 + - CreateNamespace=true 18 + - ApplyOutOfSyncOnly=true 19 + - ServerSideApply=true 20 + source: 21 + repoURL: https://bjw-s-labs.github.io/helm-charts 22 + chart: app-template 23 + targetRevision: 3.7.3 24 + helm: 25 + valuesObject: 26 + controllers: 27 + wireguard: 28 + containers: 29 + app: 30 + image: 31 + repository: lscr.io/linuxserver/wireguard 32 + tag: latest 33 + env: 34 + LOG_CONFS: false 35 + USE_COREDNS: true 36 + securityContext: 37 + capabilities: 38 + add: 39 + - NET_ADMIN 40 + service: 41 + wireguard: 42 + controller: wireguard 43 + type: LoadBalancer 44 + ports: 45 + http: 46 + port: 51820 47 + protocol: UDP 48 + persistence: 49 + config: 50 + type: secret 51 + name: "wireguard-secret" 52 + globalMounts: 53 + - path: /config/wg_confs
platform/radicle.yaml platform/production/radicle.yaml
platform/temporal.yaml platform/production/temporal.yaml
platform/wireguard.yaml platform/local/wireguard.yaml