diff --git a/charts/busynix/values-prod.yaml b/charts/busynix/values-prod.yaml index e6a541f6..9838c985 100644 --- a/charts/busynix/values-prod.yaml +++ b/charts/busynix/values-prod.yaml @@ -4,7 +4,7 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal hosts: - host: busynix.srv.oceanbox.io paths: diff --git a/charts/busynix/values-staging.yaml b/charts/busynix/values-staging.yaml index 53a90f47..3762199e 100644 --- a/charts/busynix/values-staging.yaml +++ b/charts/busynix/values-staging.yaml @@ -7,7 +7,7 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal hosts: - host: busynix.beta.oceanbox.io paths: diff --git a/charts/geoserver/base/_manifest.yaml b/charts/geoserver/base/_manifest.yaml deleted file mode 100644 index b4c10cd6..00000000 --- a/charts/geoserver/base/_manifest.yaml +++ /dev/null @@ -1,210 +0,0 @@ ---- -# Source: geoserver/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: geoserver - labels: - helm.sh/chart: geoserver-1.1.0 - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - app.kubernetes.io/version: "2.23.1" - app.kubernetes.io/managed-by: Helm ---- -# Source: geoserver/templates/secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: geoserver - labels: - helm.sh/chart: geoserver-1.1.0 - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - app.kubernetes.io/version: "2.23.1" - app.kubernetes.io/managed-by: Helm -data: - geoserver_admin_password: "Z2Vvc2VydmVy" ---- -# Source: geoserver/templates/persistence.yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: geoserver - labels: - helm.sh/chart: geoserver-1.1.0 - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - app.kubernetes.io/version: "2.23.1" - app.kubernetes.io/managed-by: Helm -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: "10Gi" ---- -# Source: geoserver/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: geoserver - labels: - helm.sh/chart: geoserver-1.1.0 - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - app.kubernetes.io/version: "2.23.1" - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - ports: - - port: 8080 - targetPort: geoserver - protocol: TCP - name: geoserver - selector: - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging ---- -# Source: geoserver/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: geoserver - labels: - helm.sh/chart: geoserver-1.1.0 - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - app.kubernetes.io/version: "2.23.1" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - strategy: - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - spec: - serviceAccountName: geoserver - securityContext: - fsGroup: 2000 - containers: - - name: geoserver - securityContext: - allowPrivilegeEscalation: true - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: false - runAsUser: 0 - seccompProfile: - type: RuntimeDefault - image: "docker.osgeo.org/geoserver:2.23.1" - imagePullPolicy: IfNotPresent - env: - - name: INSTALL_EXTENSIONS - value: "false" - - name: STABLE_EXTENSIONS - value: "" - - name: CORS_ENABLED - value: "true" - - name: GEOSERVER_CSRF_WHITELIST - value: "geoserver.beta.oceanbox.io" - - name: SKIP_DEMO_DATA - value: "true" - - name: EXTRA_JAVA_OPTS - value: "-Xms512m -Xmx2g" - - name: GEOSERVER_ADMIN_USER - value: admin - - name: GEOSERVER_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: geoserver - key: geoserver_admin_password - ports: - - name: geoserver - containerPort: 8080 - protocol: TCP - volumeMounts: - - name: geoserver - mountPath: /opt/geoserver_data - startupProbe: - httpGet: - path: /geoserver/web - port: geoserver - failureThreshold: 10 - periodSeconds: 30 - livenessProbe: - httpGet: - path: /geoserver/web - port: geoserver - readinessProbe: - httpGet: - path: /geoserver/web - port: geoserver - resources: - {} - volumes: - - name: geoserver - persistentVolumeClaim: - claimName: geoserver ---- -# Source: geoserver/templates/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: geoserver - labels: - helm.sh/chart: geoserver-1.1.0 - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - app.kubernetes.io/version: "2.23.1" - app.kubernetes.io/managed-by: Helm - annotations: - cert-manager.io/cluster-issuer: letsencrypt-staging - nginx.ingress.kubernetes.io/backend-protocol: HTTP - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 -spec: - tls: - - hosts: - - "geoserver.beta.oceanbox.io" - secretName: staging-geoserver-tls - rules: - - host: "geoserver.beta.oceanbox.io" - http: - paths: - - path: /geoserver/ - pathType: ImplementationSpecific - backend: - service: - name: geoserver - port: - number: 8080 ---- -# Source: geoserver/templates/tests/test-connection.yaml -apiVersion: v1 -kind: Pod -metadata: - name: "geoserver-test-connection" - labels: - helm.sh/chart: geoserver-1.1.0 - app.kubernetes.io/name: geoserver - app.kubernetes.io/instance: staging - app.kubernetes.io/version: "2.23.1" - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['geoserver:8080'] - restartPolicy: Never diff --git a/charts/geoserver/prod/ingress-web.yaml b/charts/geoserver/prod/ingress-web.yaml index 45f2f575..ab14ddf7 100644 --- a/charts/geoserver/prod/ingress-web.yaml +++ b/charts/geoserver/prod/ingress-web.yaml @@ -5,7 +5,7 @@ metadata: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/backend-protocol: HTTP nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal labels: app.kubernetes.io/instance: geoserver app.kubernetes.io/name: geoserver diff --git a/charts/geoserver/staging/ingress-web.yaml b/charts/geoserver/staging/ingress-web.yaml index 9e5c6966..ce2a7420 100644 --- a/charts/geoserver/staging/ingress-web.yaml +++ b/charts/geoserver/staging/ingress-web.yaml @@ -5,7 +5,7 @@ metadata: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/backend-protocol: HTTP nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal labels: app.kubernetes.io/instance: geoserver app.kubernetes.io/name: geoserver diff --git a/charts/geoserver/values-staging.yaml b/charts/geoserver/values-staging.yaml index d5a19ce5..9677ae0f 100644 --- a/charts/geoserver/values-staging.yaml +++ b/charts/geoserver/values-staging.yaml @@ -83,7 +83,7 @@ ingress: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/backend-protocol: HTTP nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal hosts: - host: geoserver.beta.oceanbox.io tls: diff --git a/charts/hipster/values-prod.yaml b/charts/hipster/values-prod.yaml index 887ee80c..3bfbef79 100644 --- a/charts/hipster/values-prod.yaml +++ b/charts/hipster/values-prod.yaml @@ -3,4 +3,4 @@ fullnameOverride: hipster ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal diff --git a/charts/hipster/values-staging.yaml b/charts/hipster/values-staging.yaml index ec326090..e204cf1f 100644 --- a/charts/hipster/values-staging.yaml +++ b/charts/hipster/values-staging.yaml @@ -6,4 +6,4 @@ image: ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal diff --git a/charts/osm-tile-server/values-prod.yaml b/charts/osm-tile-server/values-prod.yaml index ddc921a3..f0b45fa8 100644 --- a/charts/osm-tile-server/values-prod.yaml +++ b/charts/osm-tile-server/values-prod.yaml @@ -4,7 +4,7 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal hosts: - host: osm.srv.oceanbox.io paths: diff --git a/charts/osm-tile-server/values-staging.yaml b/charts/osm-tile-server/values-staging.yaml index 1c3cc2d0..4a0e1e0a 100644 --- a/charts/osm-tile-server/values-staging.yaml +++ b/charts/osm-tile-server/values-staging.yaml @@ -7,7 +7,7 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal hosts: - host: osm.beta.oceanbox.io paths: diff --git a/charts/rabbitmq/values-prod.yaml b/charts/rabbitmq/values-prod.yaml index 6cab2bc2..4ec95a3c 100644 --- a/charts/rabbitmq/values-prod.yaml +++ b/charts/rabbitmq/values-prod.yaml @@ -9,7 +9,7 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-production nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal enabled: true extraHosts: [] extraPaths: [] diff --git a/charts/rabbitmq/values-staging.yaml b/charts/rabbitmq/values-staging.yaml index 5d962f65..307e395c 100644 --- a/charts/rabbitmq/values-staging.yaml +++ b/charts/rabbitmq/values-staging.yaml @@ -9,7 +9,7 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + atlantis.oceanbox.io/expose: internal enabled: true extraHosts: [] extraPaths: [] diff --git a/charts/seq/values.yaml b/charts/seq/values.yaml index 36ec0e93..7d9f2152 100644 --- a/charts/seq/values.yaml +++ b/charts/seq/values.yaml @@ -63,8 +63,8 @@ service: ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 kubernetes.io/ingress.class: nginx + atlantis.oceanbox.io/expose: internal tls: - secretName: seq-tls hosts: diff --git a/charts/wordpress/values.yaml b/charts/wordpress/values.yaml index 50966308..1a78d9c2 100644 --- a/charts/wordpress/values.yaml +++ b/charts/wordpress/values.yaml @@ -54,7 +54,6 @@ ingress: nginx.ingress.kubernetes.io/backend-protocol: HTTP nginx.ingress.kubernetes.io/proxy-body-size: 1024m nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 tls: false selfSigned: false extraHosts: