freezer/mareshq-cthulhunetes-gitops-v2
Archived
1
0
Fork 0
Code Activity

Compare commits

base: freezer:23250c339ec2b96f25e75972f7a7e12bb1be852f
Branches Tags
freezer:main
freezer:archived/kargo
..
compare: freezer:27249f7ede0a62feb2b24a2a57786471b4255b7d
Branches Tags
freezer:main
freezer:archived/kargo

No commits in common. "23250c339ec2b96f25e75972f7a7e12bb1be852f" and "27249f7ede0a62feb2b24a2a57786471b4255b7d" have entirely different histories.
23250c339e ... 27249f7ede

4 changed files with 2 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

22
CHANGELOG.md
View file

@ -1,26 +1,6 @@
# Changelog # Changelog
## [0.2.0] - 2024-11-23 ## [0.2.0] - 2024-11-20
### Added
- Enable gzip compression on Ingress-NGINX
- Enable brotli compression on Ingress-NGINX
- Set brotli level to `6`
## [0.1.3] - 2024-11-23
### Changed
- Bump ingress-nginx Helm chart to version `4.11.3`
## [0.1.2] - 2024-11-21
### Changed
- Disable Cilium Envoy (`l7Proxy=false`)
## [0.1.1] - 2024-11-20
### Changed ### Changed

87
apps/hq/harbor.yaml
View file

@ -1,87 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: mareshq-registry
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "50"
spec:
project: hq
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
server: "https://kubernetes.default.svc"
namespace: hq-registry
source:
chart: harbor
repoURL: https://helm.goharbor.io
targetRevision: 1.16.0
helm:
releaseName: harbor
valuesObject:
externalURL: https://oci.marespkg.com
expose:
type: ingress
tls:
enabled: true
certSource: secret
secret:
secretName: oci-marespkg-com-ingress-tls
ingress:
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-dns-production
external-dns.alpha.kubernetes.io/hostname: oci.marespkg.com
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
hosts:
core: oci.marespkg.com
database:
type: external
external:
host: postgres-rw.postgres.svc
port: 5432
username: harbor
password: "YFC0tae.bpz2ncf!rye"
# existingSecret: harbor-user-credentials
coreDatabase: harbor
persistence:
enabled: false
imageChartStorage:
type: s3
s3:
region: us-east-1 # see: https://developers.cloudflare.com/r2/api/s3/api/#bucket-region
bucket: marespkg-registry-storage
regionendpoint: https://f24333bb3c47d6db753e57e2a0c90082.r2.cloudflarestorage.com
accesskey: "e9d400c4f63375cc94f6f125724f3aa6"
secretkey: "5e1da29e9ab131c1c312add4bda82a4bdb75c4afe0f69c40dd384c5f0a6f8120"
metrics:
enabled: false
nginx:
nodeSelector:
kubernetes.io/arch: amd64
portal:
nodeSelector:
kubernetes.io/arch: amd64
core:
nodeSelector:
kubernetes.io/arch: amd64
jobservice:
nodeSelector:
kubernetes.io/arch: amd64
registry:
nodeSelector:
kubernetes.io/arch: amd64
trivy:
nodeSelector:
kubernetes.io/arch: amd64
extraEnvVars:
- name: SCANNER_TRIVY_DB_REPOSITORY
value: "oci.marespkg.com/library/trivy-db:2"
redis:
internal:
nodeSelector:
kubernetes.io/arch: amd64

3
apps/system/cilium.yaml
View file

@ -31,6 +31,3 @@ spec:
kubeProxyReplacement: true kubeProxyReplacement: true
k8sServiceHost: "172.16.1.1" # internal IP (Hetzner Cloud Network) k8sServiceHost: "172.16.1.1" # internal IP (Hetzner Cloud Network)
k8sServicePort: "6443" k8sServicePort: "6443"
# Disable Envoy proxy
l7Proxy: false

6
apps/system/ingress-nginx.yaml
View file

@ -19,7 +19,7 @@ spec:
source: source:
chart: ingress-nginx chart: ingress-nginx
repoURL: https://kubernetes.github.io/ingress-nginx repoURL: https://kubernetes.github.io/ingress-nginx
targetRevision: 4.11.3 targetRevision: 4.11.2
helm: helm:
releaseName: ingress-nginx releaseName: ingress-nginx
valuesObject: valuesObject:
@ -46,7 +46,3 @@ spec:
use-proxy-protocol: "true" use-proxy-protocol: "true"
use-forwarded-headers: "true" use-forwarded-headers: "true"
enable-real-ip: "true" enable-real-ip: "true"
use-gzip: "true"
enable-brotli: "true"
brotli-level: "6"
use-http2: "true"