Merge pull request #502 from ChristianLempa/456-enhance-kubernetes-templates

Big update to Kubernetes and Helm templates

helm/cert-manager/values.yaml

@@ -0,0 +1,19 @@
+---
+image:
+  repository: quay.io/jetstack/cert-manager-controller
+  tag: v1.16.0
+webhook:
+  image:
+    repository: quay.io/jetstack/cert-manager-webhook
+    tag: v1.16.0
+cainjector:
+  image:
+    repository: quay.io/jetstack/cert-manager-cainjector
+    tag: v1.16.0
+
+crds: 
+  enabled: true
+
+extraArgs:
+  - --dns01-recursive-nameservers-only
+  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53

helm/longhorn/values.yaml

@@ -0,0 +1,53 @@
+---
+image:
+  longhorn:
+    engine:
+      repository: "longhornio/longhorn-engine"
+      tag: "v1.7.2"
+    manager:
+      repository: "longhornio/longhorn-manager"
+      tag: "v1.7.2"
+    ui:
+      repository: "longhornio/longhorn-ui"
+      tag: "v1.7.2"
+    instanceManager:
+      repository: "longhornio/longhorn-instance-manager"
+      tag: "v1.7.2"
+    shareManager:
+      repository: "longhornio/longhorn-share-manager"
+      tag: "v1.7.2"
+    backingImageManager:
+      repository: "longhornio/backing-image-manager"
+      tag: "v1.7.2"
+    supportBundleKit:
+      repository: "longhornio/support-bundle-kit"
+      tag: "v0.0.45"
+  csi:
+    attacher:
+      repository: "longhornio/csi-attacher"
+      tag: "v4.7.0"
+    provisioner:
+      repository: "longhornio/csi-provisioner"
+      tag: "v5.1.0"
+    nodeDriverRegistrar:
+      repository: "longhornio/csi-node-driver-registrar"
+      tag: "v2.12.0"
+    resizer:
+      repository: "longhornio/csi-resizer"
+      tag: "v1.12.0"
+    snapshotter:
+      repository: "longhornio/csi-snapshotter"
+      tag: "v8.1.0"
+    livenessProbe:
+      repository: "longhornio/livenessprobe"
+      tag: "v2.14.0"
+
+# --> (Optional) Reduce the number of replicas of Longhorn UI
+# longhornUI:
+#   replicas: 1
+# <--
+
+# --> (Optional) Change the default settings, like Backup Target here...
+# defaultSettings:
+#   backupTarget: "your-backup-target"  # <-- Replace with your backup target
+# <--

helm/portainer/values.yaml

@@ -0,0 +1,27 @@
+---
+image:
+  repository: portainer/portainer-ce
+  tag: 2.22.0
+  pullPolicy: IfNotPresent
+
+service:
+  type: ClusterIP
+
+# --> (Optional) When you want to automatically create an Ingress
+# ingress:
+#   enabled: true
+#   hosts:
+#     - host: "your-fqdn"  # <-- Replace with your FQDN
+#       paths:
+#         - path: /
+#           port: "9000"
+#   tls:
+#     - secretName: portainer-certificate-secret
+#       hosts:
+#         - "your-fqdn"  # <-- Replace with your FQDN
+# <--
+
+# --> (Optional) When using an existing PVC
+# persistence:
+#   existingClaim: "portainer"
+# <--

helm/traefik/values.yaml

@@ -0,0 +1,19 @@
+image:
+  repository: traefik
+  version: v3.1.4
+  pullPolicy: IfNotPresent
+
+# --> (Optional) Change log settings here...
+# logs:
+#   general:
+#     level: ERROR
+#   access:
+#     enabled: false
+# <--
+
+# --> (Optional) Redirect HTTP to HTTPs by default
+# ports:
+#   web:
+#     redirectTo: 
+#       port: websecure
+# <--

kubernetes/cert-manager/certificate.yaml.example

@@ -0,0 +1,13 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: your-certificate  # <-- Replace with your certificate name
+  namespace: your-namespace  # <-- Replace with your namespace
+spec:
+  secretName: your-secret  # <-- Replace with your secret name
+  issuerRef:
+    name: clusterissuer  # <-- Replace with your issuer name
+    kind: ClusterIssuer
+  dnsNames:
+    - your-hostname  # <-- Replace with your hostname

kubernetes/cert-manager/clusterissuer-secret.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token-secret
+  namespace: cert-manager
+type: Opaque
+data:
+  api-token: your-api-token  # <-- Replace with your Cloudflare API token

kubernetes/cert-manager/clusterissuer.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-clusterissuer
+spec:
+  acme:
+    email: your-email@address  # <-- Replace with your email address
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-clusterissuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token-secret
+              key: api-token        

kubernetes/certmanager/README.md

@@ -1,32 +0,0 @@
-# Kubernetes Cert-Manager Installation Guide
-
-Here is the installation guide for Cert-Manager and the complete configuration.
-
-## Deployment
-
-### 1. Add the Helm Repository & Update
-
-```bash
-helm repo add jetstack https://charts.jetstack.io
-helm repo update
-```
-
-### 2. Install Cert-Manager with Helm & CRDs
-
-```bash
-helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
-```
-
-## Configuration
-
-Add your Issuer or ClusterIssuer Objects, Credentails and Certificates.
-
-_For more info visit:_ [Official Cert-Manager Documentation](https://cert-manager.io/docs/)
-
-## Best-Practices & Post-Installation
-
-## Troubleshooting
-
-You can troubleshoot issues and inspect log entries for the Certificate Objects with the `kubectl describe` command.
-
-_For more info visit:_ [Official Cert-Manager Troubleshooting Guide](https://cert-manager.io/docs/faq/troubleshooting/)

kubernetes/certmanager/default-values.yml

@@ -1,516 +0,0 @@
-# Default values for cert-manager.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global:
-  ## Reference to one or more secrets to be used when pulling images
-  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-  ##
-  imagePullSecrets: []
-  # - name: "image-pull-secret"
-
-  # Optional priority class to be used for the cert-manager pods
-  priorityClassName: ""
-  rbac:
-    create: true
-
-  podSecurityPolicy:
-    enabled: false
-    useAppArmor: true
-
-  # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
-  logLevel: 2
-
-  leaderElection:
-    # Override the namespace used to store the ConfigMap for leader election
-    namespace: "kube-system"
-
-    # The duration that non-leader candidates will wait after observing a
-    # leadership renewal until attempting to acquire leadership of a led but
-    # unrenewed leader slot. This is effectively the maximum duration that a
-    # leader can be stopped before it is replaced by another candidate.
-    # leaseDuration: 60s
-
-    # The interval between attempts by the acting master to renew a leadership
-    # slot before it stops leading. This must be less than or equal to the
-    # lease duration.
-    # renewDeadline: 40s
-
-    # The duration the clients should wait between attempting acquisition and
-    # renewal of a leadership.
-    # retryPeriod: 15s
-
-installCRDs: false
-
-replicaCount: 1
-
-strategy: {}
-  # type: RollingUpdate
-  # rollingUpdate:
-  #   maxSurge: 0
-  #   maxUnavailable: 1
-
-# Comma separated list of feature gates that should be enabled on the
-# controller pod.
-featureGates: ""
-
-image:
-  repository: quay.io/jetstack/cert-manager-controller
-  # You can manage a registry with
-  # registry: quay.io
-  # repository: jetstack/cert-manager-controller
-
-  # Override the image tag to deploy by setting this variable.
-  # If no value is set, the chart's appVersion will be used.
-  # tag: canary
-
-  # Setting a digest will override any tag
-  # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
-  pullPolicy: IfNotPresent
-
-# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer
-# resources. By default, the same namespace as cert-manager is deployed within is
-# used. This namespace will not be automatically created by the Helm chart.
-clusterResourceNamespace: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  # name: ""
-  # Optional additional annotations to add to the controller's ServiceAccount
-  # annotations: {}
-  # Automount API credentials for a Service Account.
-  automountServiceAccountToken: true
-
-# Additional command line flags to pass to cert-manager controller binary.
-# To see all available flags run docker run quay.io/jetstack/cert-manager-controller:<version> --help
-extraArgs: []
-  # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
-  # - --enable-certificate-owner-ref=true
-  # Use this flag to enabled or disable arbitrary controllers, for example, disable the CertificiateRequests approver
-  # - --controllers=*,-certificaterequests-approver
-
-extraEnv: []
-# - name: SOME_VAR
-#   value: 'some value'
-
-resources: {}
-  # requests:
-  #   cpu: 10m
-  #   memory: 32Mi
-
-# Pod Security Context
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-securityContext:
-  runAsNonRoot: true
-# legacy securityContext parameter format: if enabled is set to true, only fsGroup and runAsUser are supported
-# securityContext:
-#   enabled: false
-#   fsGroup: 1001
-#   runAsUser: 1001
-# to support additional securityContext parameters, omit the `enabled` parameter and simply specify the parameters
-# you want to set, e.g.
-# securityContext:
-#   fsGroup: 1000
-#   runAsUser: 1000
-#   runAsNonRoot: true
-
-# Container Security Context to be set on the controller component container
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-containerSecurityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-
-
-volumes: []
-
-volumeMounts: []
-
-# Optional additional annotations to add to the controller Deployment
-# deploymentAnnotations: {}
-
-# Optional additional annotations to add to the controller Pods
-# podAnnotations: {}
-
-podLabels: {}
-
-# Optional annotations to add to the controller Service
-# serviceAnnotations: {}
-
-# Optional additional labels to add to the controller Service
-# serviceLabels: {}
-
-# Optional DNS settings, useful if you have a public and private DNS zone for
-# the same domain on Route 53. What follows is an example of ensuring
-# cert-manager can access an ingress or DNS TXT records at all times.
-# NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for
-# the cluster to work.
-# podDnsPolicy: "None"
-# podDnsConfig:
-#   nameservers:
-#     - "1.1.1.1"
-#     - "8.8.8.8"
-
-nodeSelector: {}
-
-ingressShim: {}
-  # defaultIssuerName: ""
-  # defaultIssuerKind: ""
-  # defaultIssuerGroup: ""
-
-prometheus:
-  enabled: true
-  servicemonitor:
-    enabled: false
-    prometheusInstance: default
-    targetPort: 9402
-    path: /metrics
-    interval: 60s
-    scrapeTimeout: 30s
-    labels: {}
-    honorLabels: false
-
-# Use these variables to configure the HTTP_PROXY environment variables
-# http_proxy: "http://proxy:8080"
-# https_proxy: "https://proxy:8080"
-# no_proxy: 127.0.0.1,localhost
-
-# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
-# for example:
-#   affinity:
-#     nodeAffinity:
-#      requiredDuringSchedulingIgnoredDuringExecution:
-#        nodeSelectorTerms:
-#        - matchExpressions:
-#          - key: foo.bar.com/role
-#            operator: In
-#            values:
-#            - master
-affinity: {}
-
-# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
-# for example:
-#   tolerations:
-#   - key: foo.bar.com/role
-#     operator: Equal
-#     value: master
-#     effect: NoSchedule
-tolerations: []
-
-webhook:
-  replicaCount: 1
-  timeoutSeconds: 10
-
-  # Used to configure options for the webhook pod.
-  # This allows setting options that'd usually be provided via flags.
-  # An APIVersion and Kind must be specified in your values.yaml file.
-  # Flags will override options that are set here.
-  config:
-    # apiVersion: webhook.config.cert-manager.io/v1alpha1
-    # kind: WebhookConfiguration
-
-    # The port that the webhook should listen on for requests.
-    # In GKE private clusters, by default kubernetes apiservers are allowed to
-    # talk to the cluster nodes only on 443 and 10250. so configuring
-    # securePort: 10250, will work out of the box without needing to add firewall
-    # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000.
-    # This should be uncommented and set as a default by the chart once we graduate
-    # the apiVersion of WebhookConfiguration past v1alpha1.
-    # securePort: 10250
-
-  strategy: {}
-    # type: RollingUpdate
-    # rollingUpdate:
-    #   maxSurge: 0
-    #   maxUnavailable: 1
-
-  # Pod Security Context to be set on the webhook component Pod
-  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-  securityContext:
-    runAsNonRoot: true
-
-  # Container Security Context to be set on the webhook component container
-  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-  containerSecurityContext: {}
-    # capabilities:
-    #   drop:
-    #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-
-  # Optional additional annotations to add to the webhook Deployment
-  # deploymentAnnotations: {}
-
-  # Optional additional annotations to add to the webhook Pods
-  # podAnnotations: {}
-
-  # Optional additional annotations to add to the webhook Service
-  # serviceAnnotations: {}
-
-  # Optional additional annotations to add to the webhook MutatingWebhookConfiguration
-  # mutatingWebhookConfigurationAnnotations: {}
-
-  # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
-  # validatingWebhookConfigurationAnnotations: {}
-
-  # Additional command line flags to pass to cert-manager webhook binary.
-  # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook:<version> --help
-  extraArgs: []
-  # Path to a file containing a WebhookConfiguration object used to configure the webhook
-  # - --config=<path-to-config-file>
-
-  resources: {}
-    # requests:
-    #   cpu: 10m
-    #   memory: 32Mi
-
-  ## Liveness and readiness probe values
-  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
-  ##
-  livenessProbe:
-    failureThreshold: 3
-    initialDelaySeconds: 60
-    periodSeconds: 10
-    successThreshold: 1
-    timeoutSeconds: 1
-  readinessProbe:
-    failureThreshold: 3
-    initialDelaySeconds: 5
-    periodSeconds: 5
-    successThreshold: 1
-    timeoutSeconds: 1
-
-  nodeSelector: {}
-
-  affinity: {}
-
-  tolerations: []
-
-  # Optional additional labels to add to the Webhook Pods
-  podLabels: {}
-
-  # Optional additional labels to add to the Webhook Service
-  serviceLabels: {}
-
-  image:
-    repository: quay.io/jetstack/cert-manager-webhook
-    # You can manage a registry with
-    # registry: quay.io
-    # repository: jetstack/cert-manager-webhook
-
-    # Override the image tag to deploy by setting this variable.
-    # If no value is set, the chart's appVersion will be used.
-    # tag: canary
-
-    # Setting a digest will override any tag
-    # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
-
-    pullPolicy: IfNotPresent
-
-  serviceAccount:
-    # Specifies whether a service account should be created
-    create: true
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    # name: ""
-    # Optional additional annotations to add to the controller's ServiceAccount
-    # annotations: {}
-    # Automount API credentials for a Service Account.
-    automountServiceAccountToken: true
-
-  # The port that the webhook should listen on for requests.
-  # In GKE private clusters, by default kubernetes apiservers are allowed to
-  # talk to the cluster nodes only on 443 and 10250. so configuring
-  # securePort: 10250, will work out of the box without needing to add firewall
-  # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
-  securePort: 10250
-
-  # Specifies if the webhook should be started in hostNetwork mode.
-  #
-  # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom
-  # CNI (such as calico), because control-plane managed by AWS cannot communicate
-  # with pods' IP CIDR and admission webhooks are not working
-  #
-  # Since the default port for the webhook conflicts with kubelet on the host
-  # network, `webhook.securePort` should be changed to an available port if
-  # running in hostNetwork mode.
-  hostNetwork: false
-
-  # Specifies how the service should be handled. Useful if you want to expose the
-  # webhook to outside of the cluster. In some cases, the control plane cannot
-  # reach internal services.
-  serviceType: ClusterIP
-  # loadBalancerIP:
-
-  # Overrides the mutating webhook and validating webhook so they reach the webhook
-  # service using the `url` field instead of a service.
-  url: {}
-    # host:
-
-cainjector:
-  enabled: true
-  replicaCount: 1
-
-  strategy: {}
-    # type: RollingUpdate
-    # rollingUpdate:
-    #   maxSurge: 0
-    #   maxUnavailable: 1
-
-  # Pod Security Context to be set on the cainjector component Pod
-  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-  securityContext:
-    runAsNonRoot: true
-
-  # Container Security Context to be set on the cainjector component container
-  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-  containerSecurityContext: {}
-    # capabilities:
-    #   drop:
-    #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-
-
-  # Optional additional annotations to add to the cainjector Deployment
-  # deploymentAnnotations: {}
-
-  # Optional additional annotations to add to the cainjector Pods
-  # podAnnotations: {}
-
-  # Additional command line flags to pass to cert-manager cainjector binary.
-  # To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector:<version> --help
-  extraArgs: []
-  # Enable profiling for cainjector
-  # - --enable-profiling=true
-
-  resources: {}
-    # requests:
-    #   cpu: 10m
-    #   memory: 32Mi
-
-  nodeSelector: {}
-
-  affinity: {}
-
-  tolerations: []
-
-  # Optional additional labels to add to the CA Injector Pods
-  podLabels: {}
-
-  image:
-    repository: quay.io/jetstack/cert-manager-cainjector
-    # You can manage a registry with
-    # registry: quay.io
-    # repository: jetstack/cert-manager-cainjector
-
-    # Override the image tag to deploy by setting this variable.
-    # If no value is set, the chart's appVersion will be used.
-    # tag: canary
-
-    # Setting a digest will override any tag
-    # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
-
-    pullPolicy: IfNotPresent
-
-  serviceAccount:
-    # Specifies whether a service account should be created
-    create: true
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    # name: ""
-    # Optional additional annotations to add to the controller's ServiceAccount
-    # annotations: {}
-    # Automount API credentials for a Service Account.
-    automountServiceAccountToken: true
-
-# This startupapicheck is a Helm post-install hook that waits for the webhook
-# endpoints to become available.
-# The check is implemented using a Kubernetes Job- if you are injecting mesh
-# sidecar proxies into cert-manager pods, you probably want to ensure that they
-# are not injected into this Job's pod. Otherwise the installation may time out
-# due to the Job never being completed because the sidecar proxy does not exit.
-# See https://github.com/jetstack/cert-manager/pull/4414 for context.
-startupapicheck:
-  enabled: true
-
-  # Pod Security Context to be set on the startupapicheck component Pod
-  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-  securityContext:
-    runAsNonRoot: true
-
-  # Timeout for 'kubectl check api' command
-  timeout: 1m
-
-  # Job backoffLimit
-  backoffLimit: 4
-
-  # Optional additional annotations to add to the startupapicheck Job
-  jobAnnotations:
-    helm.sh/hook: post-install
-    helm.sh/hook-weight: "1"
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
-  # Optional additional annotations to add to the startupapicheck Pods
-  # podAnnotations: {}
-
-  # Additional command line flags to pass to startupapicheck binary.
-  # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl:<version> --help
-  extraArgs: []
-
-  resources: {}
-    # requests:
-    #   cpu: 10m
-    #   memory: 32Mi
-
-  nodeSelector: {}
-
-  affinity: {}
-
-  tolerations: []
-
-  # Optional additional labels to add to the startupapicheck Pods
-  podLabels: {}
-
-  image:
-    repository: quay.io/jetstack/cert-manager-ctl
-    # You can manage a registry with
-    # registry: quay.io
-    # repository: jetstack/cert-manager-ctl
-
-    # Override the image tag to deploy by setting this variable.
-    # If no value is set, the chart's appVersion will be used.
-    # tag: canary
-
-    # Setting a digest will override any tag
-    # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
-
-    pullPolicy: IfNotPresent
-
-  rbac:
-    # annotations for the startup API Check job RBAC and PSP resources
-    annotations:
-      helm.sh/hook: post-install
-      helm.sh/hook-weight: "-5"
-      helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
-  serviceAccount:
-    # Specifies whether a service account should be created
-    create: true
-
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    # name: ""
-
-    # Optional additional annotations to add to the Job's ServiceAccount
-    annotations:
-      helm.sh/hook: post-install
-      helm.sh/hook-weight: "-5"
-      helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-
-    # Automount API credentials for a Service Account.
-    automountServiceAccountToken: true

kubernetes/certmanager/templates/certificate.yaml

@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: your-certificate
-  namespace: your-namespace
-spec:
-  secretName: your-secret
-  issuerRef:
-    name: ssl-issuer
-    kind: ClusterIssuer
-  dnsNames:
-    - your-hostname

kubernetes/certmanager/templates/clusterissuer-acme.yml

@@ -1,48 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: acme-issuer
-spec:
-  acme:
-    # Configure your email here...
-    # ---
-    # email: your-email@address
-
-    # Configure your server here...
-    # ---
-    # Letsencrypt Production
-    # server: https://acme-v02.api.letsencrypt.org/directory
-    # - or -
-    # Letsencrypt Staging
-    # server: https://acme-staging-v02.api.letsencrypt.org/directory
-
-    privateKeySecretRef:
-      name: example-issuer-account-key
-    solvers:
-    # Configure DNS or HTTP Challenge here...
-    # ---
-    # DNS Challenge:
-    # - dns01:
-        # Configure your DNS Provider here...
-        # ---
-        # cloudflare:
-        #   email: your-email@address
-        # API Key:
-        #   apiKeySecretRef:
-        #     name: cloudflare-api-key-secret
-        #     key: api-key
-        # - or -
-        # API Token:
-        #   apiTokenSecretRef:
-        #     name: cloudflare-api-token-secret
-        #     key: api-token        
-      # (Optional) Add DNS selectors
-      # ---
-      # selector:
-      #   dnsZones:
-      #   - 'your-domain'
-
-    # HTTP Challenge:
-    # - http01:
-    #    ingress:
-    #      class: traefik

kubernetes/certmanager/templates/clusterissuer-selfsigned.yml

@@ -1,6 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: selfsigned-issuer
-spec:
-  selfSigned: {}

kubernetes/certmanager/templates/issuer-acme.yml

@@ -1,51 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: acme-issuer
-  # (Optional) Metadata
-  # ---
-  # namespace: your-namespace
-spec:
-  acme:
-    # Configure your email here...
-    # ---
-    # email: your-email@address
-
-    # Configure your server here...
-    # ---
-    # Letsencrypt Production
-    # server: https://acme-v02.api.letsencrypt.org/directory
-    # - or -
-    # Letsencrypt Staging
-    # server: https://acme-staging-v02.api.letsencrypt.org/directory
-
-    privateKeySecretRef:
-      name: example-issuer-account-key
-    solvers:
-    # Configure DNS or HTTP Challenge here...
-    # ---
-    # DNS Challenge:
-    # - dns01:
-        # Configure your DNS Provider here...
-        # ---
-        # cloudflare:
-        #   email: your-email@address
-        # API Key:
-        #   apiKeySecretRef:
-        #     name: cloudflare-api-key-secret
-        #     key: api-key
-        # - or -
-        # API Token:
-        #   apiTokenSecretRef:
-        #     name: cloudflare-api-token-secret
-        #     key: api-token        
-      # (Optional) Add DNS selectors
-      # ---
-      # selector:
-      #   dnsZones:
-      #   - 'your-domain'
-
-    # HTTP Challenge:
-    # - http01:
-    #    ingress:
-    #      class: traefik

kubernetes/certmanager/templates/issuer-selfsigned.yml

@@ -1,9 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: selfsigned-issuer
-  # (Optional) Metadata
-  # ---
-  # namespace: your-namespace
-spec:
-  selfSigned: {}

kubernetes/certmanager/templates/secret-cloudflare.yml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: cloudflare-api-key-secret
-  namespace: cert-manager
-type: Opaque
-stringData:
-  # Configure your API Key or Credentials here...
-  # ---
-  # API Key:
-  # api-key: your-api-key
-  # - or -
-  # Token:
-  # api-token: your-api-token

kubernetes/longhorn/certificate.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: longhorn-certificate
+  namespace: longhorn-system
+spec:
+  secretName: longhorn-certificate-secret
+  dnsNames:
+    - your-fqdn  # <-- Replace with your FQDN
+  issuerRef:
+    name: cloudflare-clusterissuer
+    kind: ClusterIssuer

kubernetes/longhorn/ingressroute.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: longhorn-ingressroute
+  namespace: longhorn-system
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
+      kind: Rule
+      services:
+        - name: longhorn-frontend
+          port: 80
+  tls:
+      secretName: longhorn-certificate-secret

kubernetes/nginx-http/nginx-http-cm.yml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-http-cm
-data:
-  # key: value
-  # file: |
-  #   content
-  # ---
-  nginx.conf: |
-    user nginx;
-    worker_processes 1;
-    events {
-      worker_connections  10240;
-    }
-    http {
-      server {
-        listen       80;
-        server_name  _;
-        location / {
-          root   /usr/share/nginx/html;
-          index  index.html index.htm;
-        }
-        location /test {
-          return 401;
-        }
-      }
-    }

kubernetes/nginx-http/nginx-http-deploy.yml

@@ -1,32 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx-http
-spec:
-  replicas: 1
-  selector:
-    matchLabels: 
-      app: nginx-http
-  template:
-    metadata:
-      labels:
-        app: nginx-http
-    spec:
-      containers:
-      - name: nginx-http
-        image: nginx:1.27.2
-        ports:
-        - name: web
-          containerPort: 80
-        volumeMounts:
-        - name: nginx-http-cm
-          mountPath: /etc/nginx
-        - name: nginx-http-vol
-          mountPath: /usr/share/nginx/html
-      volumes:
-      - name: nginx-http-cm
-        configMap:
-          name: nginx-http-cm
-      - name: nginx-http-vol
-        hostPath:
-          path: /var/nginxserver

kubernetes/nginx-http/nginx-http-svc.yml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-http-svc
-  labels:
-    app: nginx-http
-spec:
-  type: LoadBalancer
-  ports:
-  - port: 30080
-    targetPort: 80
-    protocol: TCP
-    name: http
-  selector:
-    app: nginx-http

kubernetes/portainer/README.md

@@ -1,3 +0,0 @@
-# Kubernetes Portainer
-
-You can add an additional description here.

kubernetes/portainer/certificate.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: portainer-ingressroute-certificate
+  namespace: portainer
+spec:
+  secretName: portainer-certificate-secret
+  issuerRef:
+    name: cloudflare-clusterissuer
+    kind: ClusterIssuer
+  dnsNames:
+    - your-fqdn  # <-- Replace with your FQDN

kubernetes/portainer/ingressroute.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: portainer-ingressroute
+  namespace: portainer
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
+      kind: Rule
+      services:
+        - name: portainer
+          port: 9000
+  tls:
+    secretName: portainer-certificate-secret

kubernetes/portainer/templates/portainer-ingress.yml

@@ -1,17 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nginx
-  namespace: wp-clcreative
-spec:
-  rules:
-  - host: portainer.your-domain.com
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: portainer
-            port:
-              number: 9000

kubernetes/portainer/values.yml

@@ -1 +0,0 @@
-

kubernetes/templates/certificate.yaml

@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: your-certificate
-  namespace: your-namespace
-spec:
-  secretName: your-secret
-  issuerRef:
-    name: ssl-issuer
-    kind: ClusterIssuer
-  dnsNames:
-    - your-hostname

kubernetes/templates/cm-and-secrets/mysql-deploy.yml

@@ -1,33 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mysql
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mysql
-  template:
-    metadata:
-      labels:
-        app: mysql
-    spec:
-      containers:
-      - image: mysql:5.7
-        name: mysql
-        env:
-        - name: MYSQL_ROOT_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mysql-secret
-              key: root-pass
-        ports:
-        - name: mysql
-          containerPort: 3306
-#         volumeMounts:
-#         - name: mysql-vol
-#           mountPath: /var/lib/mysql
-#       volumes:
-#       - name: mysql-vol
-#         hostPath:
-#           path: /var/mysql-data

kubernetes/templates/cm-and-secrets/mysql-secret.yml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: mysql-secret
-type: Opaque
-stringData:
-  root-pass: test123

kubernetes/templates/cm-and-secrets/nginx-http-cm.yml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-http-cm
-data:
-  # key: value
-  # file: |
-  #   content
-  # ---
-  nginx.conf: |
-    user nginx;
-    worker_processes 1;
-    events {
-      worker_connections  10240;
-    }
-    http {
-      server {
-        listen       80;
-        server_name  _;
-        location / {
-          root   /usr/share/nginx/html;
-          index  index.html index.htm;
-        }
-        location /test {
-          return 401;
-        }
-      }
-    }

kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml

@@ -1,32 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx-http
-spec:
-  replicas: 1
-  selector:
-    matchLabels: 
-      app: nginx-http
-  template:
-    metadata:
-      labels:
-        app: nginx-http
-    spec:
-      containers:
-      - name: nginx-http
-        image: nginx
-        ports:
-        - name: web
-          containerPort: 80
-        volumeMounts:
-        - name: nginx-http-cm
-          mountPath: /etc/nginx
-        - name: nginx-http-vol
-          mountPath: /usr/share/nginx/html
-      volumes:
-      - name: nginx-http-cm
-        configMap:
-          name: nginx-http-cm
-      - name: nginx-http-vol
-        hostPath:
-          path: /var/nginxserver

kubernetes/templates/cm-and-secrets/nginx-http-svc.yml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-http-svc
-  labels:
-    app: nginx-http
-spec:
-  type: LoadBalancer
-  ports:
-  - port: 30080
-    targetPort: 80
-    protocol: TCP
-    name: http
-  selector:
-    app: nginx-http

kubernetes/templates/cm-and-secrets/nginx-https-cm.yml

@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-https-cm
-data:
-  nginx.conf: |
-    user nginx;
-    worker_processes 1;
-    events {
-      worker_connections  10240;
-    }
-    http {
-      server {
-        listen       80;
-        listen       443 ssl;
-
-        server_name  _;
-
-        ssl_certificate     /etc/nginx/ssl/server-cert.pem;
-        ssl_certificate_key /etc/nginx/ssl/server-key.pem;
-
-        location / {
-            root   /usr/share/nginx/html;
-            index  index.html index.htm;
-        }
-      }
-    }

kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml

@@ -1,68 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx-https
-spec:
-  replicas: 1
-  selector:
-    matchLabels: 
-      app: nginx-https
-  template:
-    metadata:
-      labels:
-        app: nginx-https
-    spec:
-      containers:
-      - name: nginx-https
-        image: nginx
-        ports:
-        - name: web
-          containerPort: 80
-        - name: secureweb
-          containerPort: 443
-        volumeMounts:
-        - name: nginx-https-cm
-          mountPath: /etc/nginx
-        - name: nginx-https-secret
-          mountPath: /etc/nginx/ssl
-          readOnly: true
-        - name: nginx-https-vol
-          mountPath: /usr/share/nginx/html
-      volumes:
-      - name: nginx-https-cm
-        configMap:
-          name: nginx-https-cm
-      - name: nginx-https-secret
-        secret:
-          secretName: nginx-https-secret
-      - name: nginx-https-vol
-        hostPath:
-          path: /var/nginxserver
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-https-cm
-data:
-  nginx.conf: |
-    user nginx;
-    worker_processes 1;
-    events {
-      worker_connections  10240;
-    }
-    http {
-      server {
-        listen       80;
-        listen       443 ssl;
-
-        server_name  _;
-
-        ssl_certificate     /etc/nginx/ssl/server-cert.pem;
-        ssl_certificate_key /etc/nginx/ssl/server-key.pem;
-
-        location / {
-            root   /usr/share/nginx/html;
-            index  index.html index.htm;
-        }
-      }
-    }

kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: nginx-https-secret
-type: Opaque
-stringData:
-  server-cert.pem: |
-    -----BEGIN CERTIFICATE-----
-    ...
-    -----END CERTIFICATE-----
-  server-key.pem: |
-    

kubernetes/templates/cm-and-secrets/nginx-https-svc.yml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-https-svc
-  labels:
-    app: nginx-https
-spec:
-  type: LoadBalancer
-  ports:
-  - port: 31080
-    targetPort: 80
-    protocol: TCP
-    name: http
-  - port: 31443
-    targetPort: 443
-    protocol: TCP
-    name: https
-  selector:
-    app: nginx-https

kubernetes/templates/deployment.yaml

@@ -1,41 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: appname # Name of the deployment
-  namespace: namespace # Name of the namespace
-  labels:
-    app: appname # Name of your application
-spec:
-  selector:
-    matchLabels:
-      app: appname # Name of your application
-  replicas: 1 # Number of replicas
-  template:
-    metadata:
-      labels:
-        app: appname # Name of your application
-    spec:
-      containers:
-      # Containers are the individual pieces of your application that you want
-      # to run.
-      - name: helloworld # Name of the container
-        image: helloworld:latest # The image you want to run
-        # resources:
-        #   limits:
-        #     memory: 512Mi
-        #     cpu: "1"
-        #   requests:
-        #     memory: 256Mi
-        #     cpu: "0.2"
-        ports:
-        # Ports are the ports that your application uses.
-        - containerPort: 8080 # The port that your application uses
-        volumeMounts:
-        # VolumeMounts are the volumes that your application uses.
-        - mountPath: /var/www/html # The path that your application uses
-          name: vol0 # Name of the volume
-      volumes:
-      # Volumes are the persistent storage that your application uses.
-      - name: vol0 # Name of the volume
-        persistentVolumeClaim:
-          claimName: pvc0 # Name of the persistent volume claim

kubernetes/templates/ingress.yaml

@@ -1,18 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: ingress # Name of the ingress object
-  namespace: namespace # Name of the namespace
-spec:
-  rules:
-  - host: "your-hostname.com"  # Your hostname
-    http:
-      paths:
-      # Path-based routing settings:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: your-service-name  # The name of the service
-            port:
-              number: 80  # Service Portnumber

kubernetes/templates/namespace.yml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: your-namespace

kubernetes/templates/persistentvolumeclaim.yaml

@@ -1,29 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc0
-  namespace: namespace
-  labels:
-    app: namespace
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi
-  # ---
-  # Digital Ocean
-  # storageClassName: do-block-storage
-  # ---
-  # AWS
-  # storageClassName: aws-ebs
-  # ---
-  # Azure
-  # storageClassName: azure-disk
-  # ---
-  # GCE PD
-  # storageClassName: gce-pd
-  # ---
-  # CIVO
-  # storageClassName: civo-volume
-  # ---

kubernetes/templates/pv-and-pvc/civo-pvc.yml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: civo
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: civo-volume
-  resources:
-    requests:
-      storage: 1Gi

kubernetes/templates/pv-and-pvc/civo-web.yml

@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: civo-web
-spec:
-  replicas: 1
-  selector:
-    matchLabels: 
-      app: civo-web
-  template:
-    metadata:
-      labels:
-        app: civo-web
-    spec:
-      containers:
-      - name: civo-web
-        image: nginx
-        ports:
-          - name: web
-            containerPort: 80
-        volumeMounts:
-          - name: civo
-            mountPath: /usr/share/nginx/html
-      volumes:
-      - name: civo
-        persistentVolumeClaim:
-          claimName: civo

kubernetes/templates/pv-and-pvc/local-web.yml

@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: local-web
-spec:
-  replicas: 1
-  selector:
-    matchLabels: 
-      app: local-web
-  template:
-    metadata:
-      labels:
-        app: local-web
-    spec:
-      containers:
-      - name: local-web
-        image: nginx
-        ports:
-          - name: web
-            containerPort: 80
-        volumeMounts:
-          - name: local
-            mountPath: /usr/share/nginx/html
-      volumes:
-      - name: local
-        hostPath:
-          path: /var/nginxserver

kubernetes/templates/pv-and-pvc/nfs-pv.yml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: nfs
-spec:
-  capacity:
-    storage: 500Mi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: nfs
-  nfs:
-    server: 192.168.1.7
-    path: "/srv/nfs"

kubernetes/templates/pv-and-pvc/nfs-pvc.yml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nfs
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: nfs
-  resources:
-    requests:
-      storage: 100Mi

kubernetes/templates/pv-and-pvc/nfs-web.yml

@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nfs-web
-spec:
-  replicas: 1
-  selector:
-    matchLabels: 
-      app: nfs-web
-  template:
-    metadata:
-      labels:
-        app: nfs-web
-    spec:
-      containers:
-      - name: nfs-web
-        image: nginx
-        ports:
-          - name: web
-            containerPort: 80
-        volumeMounts:
-          - name: nfs
-            mountPath: /usr/share/nginx/html
-      volumes:
-      - name: nfs
-        persistentVolumeClaim:
-          claimName: nfs

kubernetes/templates/service.yaml

@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name:  servicename
-  namespace: namespace
-spec:
-  selector:
-    app:  appname
-  # ---
-  # type:  ClusterIP
-  # ClusterIP means this service can be accessed by any pod in the cluster
-  # ports:
-  # - name:  http
-  #   port:  8080
-  #   targetPort: 80
-  #   protocol: TCP  # optional protocol
-  # ---
-  # type:  NodePort
-  # NodePort means this service is only accessible by pods in the same namespace
-  # ports:
-  # - name:  http
-  #   port:  80
-  #   nodePort: 30001
-  #   protocol: TCP  # optional protocol
-  # ---
-  # type:  LoadBalancer
-  # LoadBalancer means this service is load-balanced across all nodes in the cluster
-  # ports:
-  # - name:  http
-  #   port:  80
-  #   targetPort: 30001
-  #   protocol: TCP  # optional protocol

kubernetes/traefik/README.md

@@ -1,5 +0,0 @@
-# Kubernetes Traefik Helm Deployment
-
-This Deployment uses the official Helm Chart from [traefik](https://github.com/traefik/traefik-helm-chart) repository.
-
-These are templates to modify the deployment.

kubernetes/traefik/ingressroute.yaml.example

@@ -0,0 +1,19 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: your-ingressroute # <-- Replace with your IngressRoute name
+  namespace: your-namespace  # <-- Replace with your namespace
+spec:
+  entryPoints:
+  - web
+  - websecure
+  routes:
+  - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
+    kind: Rule
+    services:
+    - name: your-service  # <-- Replace with your service name
+      port: 80
+  # --> (Optional) Add certificate secret
+  # tls:
+  #   secretName: your-certificate-secret
+  # <--

kubernetes/traefik/ingressroutetcp.yaml.example

@@ -0,0 +1,19 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name
+  namespace: your-namespace  # <-- Replace with your namespace
+spec:
+  entryPoints:
+  - web
+  - websecure
+  routes:
+  - match: HostSNI(`your-sni`)  # <-- Replace with your SNI
+    priority: 10  # <-- (Optional) change rule priority
+    services:
+    - name: your-service  # <-- Replace with your service name
+      port: 80
+  # --> (Optional) Enable TLS Passthrough
+  # tls:
+  #   passthrough: true
+  # <--

kubernetes/traefik/templates/ingress.yml

@@ -1,35 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: wp-clcreative
-  namespace: wp-clcreative
-  annotations:
-    # (Optional): Annotations for the Ingress Controller
-    # -- ingress class is needed when traefik is not the default
-    # kubernetes.io/ingress.class: traefik
-    # ---
-    # -- entrypoint and tls configurations
-    # traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
-    # traefik.ingress.kubernetes.io/router.tls: "true"
-    # ---
-    # -- optional middlewares
-    # traefik.ingress.kubernetes.io/router.middlewares:your-middleware@kubernetescrd
-    # ---
-spec:
-  rules:
-  - host: "your-hostname"
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: your-service-name 
-            port:
-              number: 80
-  # (Optional) TLS settings
-  # tls:
-  # - hosts:
-  #   - your-hostname.com  # Your hostname
-  #   secretName: your-secret  # Your TLS Secret
-  # ---

kubernetes/traefik/templates/ingressroutetcp.yml

@@ -1,21 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRouteTCP
-metadata:
-  name: ingressroutetcp
-  # (Optional) Namespace
-  # namespace: your-namespace
-  # ---
-spec:
-  entryPoints:
-  - web
-  - websecure
-  routes:
-  - match: HostSNI(`your-hostname-sni`)
-    priority: 10
-    services:
-    - name: your-service
-      port: 80
-  # (Optional) TLS Passthrough
-  # tls:
-  #   passthrough: true
-  # ---

kubernetes/traefik/values.yml

@@ -1,97 +0,0 @@
-additionalArguments:
-# Configure your CertificateResolver here...
-# 
-# HTTP Challenge
-# ---
-# Generic Example:
-#   - --certificatesresolvers.generic.acme.email=your-email@example.com
-#   - --certificatesresolvers.generic.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
-#   - --certificatesresolvers.generic.acme.httpChallenge.entryPoint=web
-#   - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
-#
-# Prod / Staging Example:
-#   - --certificatesresolvers.staging.acme.email=your-email@example.com
-#   - --certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
-#   - --certificatesresolvers.staging.acme.httpChallenge.entryPoint=web
-#   - --certificatesresolvers.staging.acme.storage=/ssl-certs/acme-staging.json
-#   - --certificatesresolvers.production.acme.email=your-email@example.com
-#   - --certificatesresolvers.production.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
-#   - --certificatesresolvers.production.acme.httpChallenge.entryPoint=web
-#   - --certificatesresolvers.production.acme.storage=/ssl-certs/acme-production.json
-#
-# DNS Challenge
-# ---
-# Cloudflare Example:
-#  - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
-#  - --certificatesresolvers.cloudflare.acme.email=your-email@example.com
-#  - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
-#  - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json
-#
-# Generic (replace with your DNS provider):
-#  - --certificatesresolvers.generic.acme.dnschallenge.provider=generic
-#  - --certificatesresolvers.generic.acme.email=your-email@example.com
-#  - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
-
-logs:
-# Configure log settings here...
-  general:
-    level: ERROR
-
-ports:
-# Configure your entrypoints here...
-  web:
-    # (optional) Permanent Redirect to HTTPS
-    # redirectTo:
-    #   port: websecure
-  websecure:
-    tls:
-      enabled: true
-      # (optional) Set a Default CertResolver
-      # certResolver: cloudflare
-  
-
-env:
-# Set your environment variables here...
-# 
-# DNS Challenge Credentials
-# ---
-# Cloudflare Example:
-#   - name: CF_API_EMAIL
-#     valueFrom:
-#       secretKeyRef:
-#         key: email
-#         name: cloudflare-credentials
-#   - name: CF_API_KEY
-#     valueFrom:
-#       secretKeyRef:
-#         key: apiKey
-#         name: cloudflare-credentials
-
-# Disable Dashboard
-ingressRoute:
-  dashboard:
-    enabled: false
-
-# Persistent Storage
-persistence:
-  enabled: true
-  name: ssl-certs
-  size: 1Gi
-  path: /ssl-certs
-
-deployment:
-  initContainers:
-    # The "volume-permissions" init container is required if you run into permission issues.
-    # Related issue: https://github.com/containous/traefik/issues/6972
-    - name: volume-permissions
-      image: busybox:1.37.0
-      command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
-      volumeMounts:
-        - name: ssl-certs
-          mountPath: /ssl-certs
-
-# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
-ingressClass:
-  enabled: true
-  isDefaultClass: true
-

renovate.json

@@ -110,6 +110,29 @@
       "allowedVersions": "!/^v?2\\.19\\.10$/"
     }
   ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "description": "Update Longhorn images in Helm",
+      "fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"],
+      "matchStrings": [
+        "engine:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "manager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "ui:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "instanceManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "shareManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "backingImageManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "supportBundleKit:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "attacher:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "provisioner:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "nodeDriverRegistrar:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "resizer:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "snapshotter:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
+        "livenessProbe:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?"
+      ],
+      "datasourceTemplate": "docker"
+    }
+  ],
   "separateMinorPatch": true,
   "stopUpdatingLabel": "renovate/stop_updating"
 }