diff --git a/deploy/grafana/secret.yaml b/deploy/grafana/secret.yaml new file mode 100644 index 0000000..c83e6b1 --- /dev/null +++ b/deploy/grafana/secret.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: grafana-db-secret + namespace: grafana +type: Opaque +data: + username: Z3JhZmFuYQ== + password: dndyMGc5aWpoMGIzaXJka3ZqMG1ndXZoM3I= +--- +apiVersion: v1 +kind: Secret +metadata: + name: grafana-oauth-secret + namespace: grafana +type: Opaque +data: + client-secret: VFVEYU5uY091b1Y1QzFmeUJaeXN3ZzNEU3VYWU9laEQ= diff --git a/deploy/keycloak/secret.yaml b/deploy/keycloak/secret.yaml new file mode 100644 index 0000000..4e4585e --- /dev/null +++ b/deploy/keycloak/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: keycloak-db-secret + namespace: keycloak +type: Opaque +data: + username: a2V5Y2xvYWs= # base64 encoded + password: dTgyNXFDTnhmckJTY0tUb1RkM1c5ektWUHhwVnNpN0w= # base64 encoded diff --git a/deploy/minio-tenant/ingress.yaml b/deploy/minio-tenant/ingress.yaml new file mode 100644 index 0000000..e769c51 --- /dev/null +++ b/deploy/minio-tenant/ingress.yaml @@ -0,0 +1,37 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minio-ingress + namespace: minio-tenant + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" +spec: + rules: + - host: s3.minio.panic.haus + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: myminio + port: + number: 443 + - host: console.minio.panic.haus + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: myminio-console + port: + number: 9443 + tls: + - hosts: + - s3.minio.panic.haus + - console.minio.panic.haus + secretName: minio-tls \ No newline at end of file diff --git a/deploy/minio-tenant/kustomization.yaml b/deploy/minio-tenant/kustomization.yaml new file mode 100644 index 0000000..2824907 --- /dev/null +++ b/deploy/minio-tenant/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: minio-tenant + +resources: + - namespace.yaml + - secret.yaml + - tenant.yaml + - ingress.yaml diff --git a/deploy/minio-tenant/namespace.yaml b/deploy/minio-tenant/namespace.yaml new file mode 100644 index 0000000..fb60d64 --- /dev/null +++ b/deploy/minio-tenant/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio-tenant \ No newline at end of file diff --git a/deploy/minio-tenant/secret.yaml b/deploy/minio-tenant/secret.yaml new file mode 100644 index 0000000..db91481 --- /dev/null +++ b/deploy/minio-tenant/secret.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: storage-configuration + namespace: minio-tenant +stringData: + config.env: |- + export MINIO_ROOT_USER="minio" + export MINIO_ROOT_PASSWORD="minio123" + export MINIO_STORAGE_CLASS_STANDARD="EC:2" + export MINIO_BROWSER="on" +type: Opaque +--- +apiVersion: v1 +data: + CONSOLE_ACCESS_KEY: Y29uc29sZQ== + CONSOLE_SECRET_KEY: Y29uc29sZTEyMw== +kind: Secret +metadata: + name: storage-user + namespace: minio-tenant +type: Opaque \ No newline at end of file diff --git a/deploy/minio-tenant/tenant.yaml b/deploy/minio-tenant/tenant.yaml new file mode 100644 index 0000000..2e3970b --- /dev/null +++ b/deploy/minio-tenant/tenant.yaml @@ -0,0 +1,80 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + annotations: + prometheus.io/path: /minio/v2/metrics/cluster + prometheus.io/port: "9000" + prometheus.io/scrape: "true" + labels: + app: minio + name: myminio + namespace: minio-tenant +spec: + exposeServices: + console: true + minio: true + certConfig: {} + configuration: + name: storage-configuration + env: [] + externalCaCertSecret: [] + externalCertSecret: [] + externalClientCertSecrets: [] + features: + bucketDNS: false + domains: {} + image: quay.io/minio/minio:RELEASE.2025-03-12T18-04-18Z + imagePullSecret: {} + mountPath: /export + podManagementPolicy: Parallel + pools: + - affinity: + nodeAffinity: {} + podAffinity: {} + podAntiAffinity: {} + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + name: pool-0 + nodeSelector: {} + resources: {} + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + servers: 4 + tolerations: [] + topologySpreadConstraints: [] + volumeClaimTemplate: + apiVersion: v1 + kind: persistentvolumeclaims + metadata: {} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: longhorn + status: {} + volumesPerServer: 1 + priorityClassName: "" + requestAutoCert: true + serviceAccountName: "" + serviceMetadata: + consoleServiceAnnotations: {} + consoleServiceLabels: {} + minioServiceAnnotations: {} + minioServiceLabels: {} + subPath: "" + users: + - name: storage-user diff --git a/deploy/n8n/secret.yaml b/deploy/n8n/secret.yaml new file mode 100644 index 0000000..8fe10f5 --- /dev/null +++ b/deploy/n8n/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: n8n-db-secret + namespace: n8n +type: Opaque +data: + username: bjhu # base64 encoded + password: SHFCTkdHcndzN1VFSk5tUDJRa3lIWGF6YkJaN3lTUkY= # base64 encoded