feat(config): refactor YAML files and add new object store configuration
这个提交包含在:
rohow
@@ -0,0 +1,121 @@
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: infra-net
|
||||
spec:
|
||||
patches:
|
||||
- target:
|
||||
kind: HelmRelease
|
||||
name: ingress-nginx
|
||||
patch: |
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
spec:
|
||||
values:
|
||||
controller:
|
||||
nodeSelector:
|
||||
svccontroller.k3s.cattle.io/enablelb: "true"
|
||||
tolerations:
|
||||
- key: "node-role.kubernetes.io/control-plane"
|
||||
operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
dnsPolicy: "None"
|
||||
dnsConfig:
|
||||
nameservers:
|
||||
- "169.254.20.10"
|
||||
- "10.43.0.10"
|
||||
maxmindLicenseKey: "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"
|
||||
defaultBackend:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: topology.kubernetes.io/region
|
||||
operator: In
|
||||
values:
|
||||
- "cn-sh"
|
||||
- "cn-hk"
|
||||
- target:
|
||||
kind: HelmRelease
|
||||
name: crowdsec
|
||||
patch: |
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: crowdsec
|
||||
spec:
|
||||
values:
|
||||
lapi:
|
||||
env:
|
||||
- name: DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cnpg17-cluster-hk-app
|
||||
key: password
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: topology.kubernetes.io/region
|
||||
operator: In
|
||||
values:
|
||||
- cn-hk
|
||||
config:
|
||||
config.yaml.local: |
|
||||
db_config:
|
||||
type: postgresql
|
||||
host: cnpg17-cluster-hk-rw.infra-data
|
||||
port: 5432
|
||||
db_name: crowdsec
|
||||
user: app
|
||||
password: ${DB_PASSWORD}
|
||||
sslmode: require
|
||||
api:
|
||||
server:
|
||||
auto_registration:
|
||||
enabled: true
|
||||
token: "${REGISTRATION_TOKEN}"
|
||||
allowed_ranges:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.0.0/16"
|
||||
- "172.16.0.0/12"
|
||||
- "10.0.0.0/8"
|
||||
agent:
|
||||
affinity:
|
||||
podAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: loki
|
||||
topologyKey: kubernetes.io/hostname
|
||||
namespaceSelector: {}
|
||||
appsec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: topology.kubernetes.io/region
|
||||
operator: In
|
||||
values:
|
||||
- cn-hk
|
||||
- target:
|
||||
kind: HelmRelease
|
||||
name: tailscale-derp-hk
|
||||
patch: |
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: tailscale-derp-hk
|
||||
spec:
|
||||
values:
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: tchk
|
||||
在新议题中引用
屏蔽一个用户