mass update and migrate to networking.k8s.io/v1 api

This commit is contained in:
ace 2022-07-31 06:28:07 +03:00
parent 6db00394ad
commit 3d09476cce
No known key found for this signature in database
GPG Key ID: 2E47CC17BA7F8CF0
16 changed files with 139 additions and 60 deletions

46
contrib/networking-api-fix.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
while getopts n:r:c: flag
do
case "${flag}" in
n) namespace=${OPTARG};;
r) release=${OPTARG};;
esac
done
if [ -z ${release+x} ] || [ -z ${namespace+x} ]; then echo "namespace and release must be defined"; exit 0; fi
echo "Get release object"
releaseObject=$(kubectl get secret -l owner=helm,status=deployed,name=$release --namespace $namespace | awk '{print $1}' | grep -v NAME)
echo "Export secret to $release.release.yaml"
kubectl get secret $releaseObject -n $namespace -o yaml > $release.release.yaml
echo "Create backup"
cp $release.release.yaml $release.release.bak
echo "Decode"
cat $release.release.yaml | grep -oP '(?<=release: ).*' | base64 -d | base64 -d | gzip -d > $release.release.data.decoded
echo "Replace api"
sed -i -e 's/extensions\/v1beta1/networking.k8s.io\/v1/' $release.release.data.decoded
sed -i -e 's/networking.k8s.io\/v1beta1/networking.k8s.io\/v1/' $release.release.data.decoded
echo "Encode"
cat $release.release.data.decoded | gzip | base64 | base64 > $release.release.data.encoded
echo "Remove newlines"
tr -d "\n" < $release.release.data.encoded > $release.release.data.encoded.final
releaseData=$(cat $release.release.data.encoded.final)
echo "Replace data.release"
sed 's/^\(\s*release\s*:\s*\).*/\1'$releaseData'/' $release.release.yaml > $release.final.release.yaml
echo "Applying to kubernetes"
kubectl apply -f $release.final.release.yaml -n $namespace
rm $release.release.yaml
rm $release.release.data.decoded
rm $release.release.data.encoded
rm $release.release.data.encoded.final
rm $release.final.release.yaml

View File

@ -27,10 +27,10 @@ postgres_operator_version: 1.8.2
openldap_version: 1.2.7 openldap_version: 1.2.7
# Adguard Home # Adguard Home
adguard_version: 2.2.13 adguard_version: 2.3.0
# Bitwarden (aka Vaultwarden) # Bitwarden (aka Vaultwarden)
bitwarden_version: 2.0.13 bitwarden_version: 2.0.15
# Drone # Drone
drone_version: 0.4.0 drone_version: 0.4.0
@ -42,10 +42,10 @@ gitea_dns_version: 6.7.1
gitea_version: 5.0.8 gitea_version: 5.0.8
# Docker and Helm chart registries # Docker and Helm chart registries
harbor_version: 1.7.5 harbor_version: 1.9.3
# Mastodon # Mastodon
mastodon_version: 0.2.7 mastodon_version: 0.3.0
# Nextcloud # Nextcloud
nextcloud_version: 2.14.2 nextcloud_version: 2.14.2
@ -53,17 +53,18 @@ nextcloud_version: 2.14.2
# Email # Email
dovecot_version: 0.1.3 dovecot_version: 0.1.3
postfix_version: 0.1.2 postfix_version: 0.1.2
roundcube_version: 0.2.7 roundcube_version: 0.2.9
rspamd_version: 0.2.0 rspamd_version: 0.2.0
# Pypi server # Pypi server
pypiserver_version: 2.3.0 pypiserver_version: 2.4.0
# WikiJS # WikiJS
wikijs_version: 2.2.22 wikijs_version: 2.3.0
# PeerTube # PeerTube
peertube_version: 0.1.11 peertube_version: 0.1.13
# Playmaker android APK repository # Playmaker android APK repository
playmaker_version: 0.1.1 playmaker_version: 0.1.3

View File

@ -3,3 +3,5 @@
connection: local connection: local
roles: roles:
- roundcube - roundcube
tags:
- roundcude

View File

@ -171,18 +171,19 @@ adguard_default_values:
timezone: "UTC" timezone: "UTC"
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if adguard_publish else internal_ingress_class }}"
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if adguard_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
path: /
hosts: hosts:
- "{{ adguard_short_name }}.{{ domain }}" - host: "{{ adguard_short_name }}.{{ domain }}"
paths:
- path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ adguard_short_name }}.{{ domain }}-tls" - secretName: "{{ adguard_short_name }}.{{ domain }}-tls"
hosts: hosts:
- "{{ adguard_short_name }}adguard.{{ domain }}" - "{{ adguard_short_name }}.{{ domain }}"
service: service:
type: ClusterIP type: ClusterIP
# externalTrafficPolicy: Local # externalTrafficPolicy: Local

View File

@ -79,13 +79,15 @@ bitwarden_default_values:
type: deployment type: deployment
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}"
annotations: annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
hosts: hosts:
- host: "{{ bitwarden_short_name }}.{{ domain }}" - host: "{{ bitwarden_short_name }}.{{ domain }}"
paths: ["/"] paths:
- path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ bitwarden_short_name }}.{{ domain }}-tls" - secretName: "{{ bitwarden_short_name }}.{{ domain }}-tls"
hosts: hosts:

View File

@ -8,8 +8,8 @@ drone_default_values:
port: 80 port: 80
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if drone_publish else internal_ingress_class }}"
annotations: annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if drone_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts: hosts:
- host: "{{ drone_short_name }}.{{ domain }}" - host: "{{ drone_short_name }}.{{ domain }}"

View File

@ -12,12 +12,12 @@ gitea_default_values:
clusterIP: clusterIP:
ingress: ingress:
enabled: true enabled: true
className: "{{ gitea_ingress_class }}"
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
hosts: hosts:
- host: "{{ gitea_short_name }}.{{ domain }}" - host: "{{ gitea_short_name }}.{{ domain }}"

View File

@ -10,11 +10,11 @@ harbor_default_values:
secretName: "{{ harbor_short_name }}.{{ domain }}-tls" secretName: "{{ harbor_short_name }}.{{ domain }}-tls"
notarySecretName: "notary.{{ harbor_short_name }}.{{ domain }}-tls" notarySecretName: "notary.{{ harbor_short_name }}.{{ domain }}-tls"
ingress: ingress:
className: "{{ external_ingress_class if harbor_publish else internal_ingress_class }}"
hosts: hosts:
core: "{{ harbor_short_name }}.{{ domain }}" core: "{{ harbor_short_name }}.{{ domain }}"
notary: "notary.{{ harbor_short_name }}.{{ domain }}" notary: "notary.{{ harbor_short_name }}.{{ domain }}"
annotations: annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if harbor_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
@ -123,12 +123,11 @@ harbor_default_values:
notarySignerDatabase: "harbor_notary_signer" notarySignerDatabase: "harbor_notary_signer"
harbor_readonly_ingress_definition: | harbor_readonly_ingress_definition: |
apiVersion: extensions/v1beta1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
@ -136,22 +135,30 @@ harbor_readonly_ingress_definition: |
name: harbor-public-ingress name: harbor-public-ingress
namespace: "{{ harbor_namespace | default(namespace) }}" namespace: "{{ harbor_namespace | default(namespace) }}"
spec: spec:
ingressClassName: "{{ external_ingress_class }}"
rules: rules:
- host: "{{ harbor_readonly_ingress }}" - host: "{{ harbor_readonly_ingress }}"
http: http:
paths: paths:
- backend: - backend:
serviceName: harbor-core service:
servicePort: 80 name: harbor-core
port:
number: 80
path: /v2 path: /v2
pathType: ImplementationSpecific pathType: ImplementationSpecific
- backend: - backend:
serviceName: harbor-core service:
servicePort: 80 name: harbor-core
port:
number: 80
path: /chartrepo path: /chartrepo
pathType: ImplementationSpecific
- backend: - backend:
serviceName: harbor-core service:
servicePort: 80 name: harbor-core
port:
number: 80
path: /api path: /api
pathType: ImplementationSpecific pathType: ImplementationSpecific
tls: tls:

View File

@ -7,17 +7,18 @@ mastodon_admin_email: "mastodon@{{ mail_domain | default(domain) }}"
mastodon_default_values: mastodon_default_values:
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
kubernetes.io/ingress.class: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
hosts: hosts:
- host: "{{ mastodon_short_name }}.{{ domain }}" - host: "{{ mastodon_short_name }}.{{ domain }}"
paths: paths:
- path: '/' - path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ mastodon_short_name }}.{{ domain }}-tls" - secretName: "{{ mastodon_short_name }}.{{ domain }}-tls"
hosts: hosts:

View File

@ -5,9 +5,9 @@ nextcloud_short_name: "nextcloud"
nextcloud_default_values: nextcloud_default_values:
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}"
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"

View File

@ -97,16 +97,18 @@ peertube_default_values:
value: "{{ peertube_admin_password }}" value: "{{ peertube_admin_password }}"
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if peertube_publish else internal_ingress_class }}"
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if peertube_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts: hosts:
- host: "{{ peertube_short_name }}.{{ domain }}" - host: "{{ peertube_short_name }}.{{ domain }}"
paths: ["/"] paths:
- path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ peertube_short_name }}.{{ domain }}-tls" - secretName: "{{ peertube_short_name }}.{{ domain }}-tls"
hosts: hosts:

View File

@ -55,17 +55,20 @@ playmaker_default_values:
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if playmaker_publish else internal_ingress_class }}"
annotations: annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if playmaker_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
hosts: hosts:
- host: "{{ playmaker_short_name }}.{{ domain }}" - host: "{{ playmaker_short_name }}.{{ domain }}"
paths: ["/"] paths:
- path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ playmaker_short_name }}.{{ domain }}-tls" - secretName: "{{ playmaker_short_name }}.{{ domain }}-tls"
hosts: hosts:
- "{{ playmaker_short_name }}.{{ domain }}" - "{{ playmaker_short_name }}.{{ domain }}"
persistence: persistence:
enabled: true enabled: true
storageClass: "{{ playmaker_storage | default('nfs-hdd') }}" storageClass: "{{ playmaker_storage | default('nfs-hdd') }}"

View File

@ -19,9 +19,9 @@ postgres_operator_ui_default_values:
# configure UI ingress. If needed: "enabled: true" # configure UI ingress. If needed: "enabled: true"
ingress: ingress:
enabled: true enabled: true
ingressClassName: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}"
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}"
hosts: hosts:
- host: "{{ postgres_operator_ui_short_name }}.{{ domain }}" - host: "{{ postgres_operator_ui_short_name }}.{{ domain }}"
paths: [""] paths: [""]

View File

@ -15,16 +15,18 @@ pypiserver_default_values:
pypiserver_admin: "{{ pypiserver_admin_htpasswd_hash }}" pypiserver_admin: "{{ pypiserver_admin_htpasswd_hash }}"
ingress: ingress:
enabled: true enabled: true
labels: {} className: "{{ external_ingress_class if pypiserver_publish else internal_ingress_class }}"
annotations: annotations:
kubernetes.io/ingress.class: "{{ external_ingress_class if pypiserver_publish else internal_ingress_class }}"
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
path: "/"
hosts: hosts:
- "{{ pypiserver_short_name }}.{{ domain }}" - host: "{{ pypiserver_short_name }}.{{ domain }}"
paths:
- path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls" - secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls"
hosts: hosts:

View File

@ -30,16 +30,18 @@ roundcube_default_values:
value: "archive,zipdownload,managesieve" value: "archive,zipdownload,managesieve"
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if roundcube_publish else internal_ingress_class }}"
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if roundcube_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
path: /
hosts: hosts:
- "{{ roundcube_short_name }}.{{ domain }}" - host: "{{ roundcube_short_name }}.{{ domain }}"
paths:
- path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ roundcube_short_name }}.{{ domain }}-tls" - secretName: "{{ roundcube_short_name }}.{{ domain }}-tls"
hosts: hosts:

View File

@ -6,12 +6,18 @@ wikijs_default_values:
fullnameOverride: "wikijs" fullnameOverride: "wikijs"
ingress: ingress:
enabled: true enabled: true
className: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}"
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}" kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
hosts: hosts:
- host: "{{ wikijs_short_name }}.{{ domain }}" - host: "{{ wikijs_short_name }}.{{ domain }}"
paths: ["/"] paths:
- path: /
pathType: ImplementationSpecific
tls: tls:
- secretName: "{{ wikijs_short_name }}.{{ domain }}-tls" - secretName: "{{ wikijs_short_name }}.{{ domain }}-tls"
hosts: hosts:
@ -25,28 +31,32 @@ wikijs_default_values:
postgresqlDatabase: "{{ wikijs_db_name | default('wikijs') }}" postgresqlDatabase: "{{ wikijs_db_name | default('wikijs') }}"
wikijs_readonly_ingress_definition: | wikijs_readonly_ingress_definition: |
apiVersion: extensions/v1beta1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
name: wikijs-public name: wikijs-public
namespace: "{{ wikijs_namespace | default(namespace) }}" namespace: "{{ wikijs_namespace | default(namespace) }}"
spec: spec:
ingressClassName: "{{ external_ingress_class }}"
rules: rules:
- host: "{{ wikijs_readonly_ingress }}" - host: "{{ wikijs_readonly_ingress }}"
http: http:
paths: paths:
- backend: - backend:
serviceName: wikijs service:
servicePort: 80 name: wikijs
port:
number: 80
path: / path: /
pathType: ImplementationSpecific
tls: tls:
- hosts: - hosts:
- "{{ wikijs_readonly_ingress }}" - "{{ wikijs_readonly_ingress }}"
secretName: "{{ wikijs_readonly_ingress }}-tls" secretName: "{{ wikijs_readonly_ingress }}-tls"