From e4bb4902a443dd3e289919e2e40f9002e9cc0b54 Mon Sep 17 00:00:00 2001 From: richard Date: Sun, 15 Feb 2026 16:47:30 -0500 Subject: [PATCH] bunkerweb base working with global mariadb and redis --- ansible-5/roles/prod.k3s/defaults/main.yml | 11 +++--- .../prod.k3s/files/bunkerweb/secret.yaml | 37 +++++++++++++++++++ .../prod.k3s/files/bunkerweb/values.yaml | 37 +++++++++++++++---- .../prod.k3s/tasks/deployments/bunkerweb.yaml | 25 +++++++++---- 4 files changed, 89 insertions(+), 21 deletions(-) create mode 100644 ansible-5/roles/prod.k3s/files/bunkerweb/secret.yaml diff --git a/ansible-5/roles/prod.k3s/defaults/main.yml b/ansible-5/roles/prod.k3s/defaults/main.yml index 74cea63..4e73d86 100644 --- a/ansible-5/roles/prod.k3s/defaults/main.yml +++ b/ansible-5/roles/prod.k3s/defaults/main.yml @@ -90,7 +90,7 @@ apps: hello_world: enabled: true namespace: default - state: present + state: absent funkwhale: enabled: true @@ -124,11 +124,12 @@ apps: state: absent ktistec: - enabled: false + enabled: true namespace: ktistec - state: absent + state: present bunkerweb: enabled: true - namespace: default - state: absent + namespace: bunkerweb + state: present + diff --git a/ansible-5/roles/prod.k3s/files/bunkerweb/secret.yaml b/ansible-5/roles/prod.k3s/files/bunkerweb/secret.yaml new file mode 100644 index 0000000..9244c60 --- /dev/null +++ b/ansible-5/roles/prod.k3s/files/bunkerweb/secret.yaml @@ -0,0 +1,37 @@ +# BunkerWeb Settings Secret +# This Secret contains sensitive configuration settings for BunkerWeb. +# Modify the values as needed for your deployment +# Make sure to reference this secret in your Helm values under settings.existingSecret +apiVersion: v1 +kind: Secret +metadata: + name: bunkerweb-settings-secret + namespace: bunkerweb +type: Opaque +stringData: + # Database URI for BunkerWeb (SQLAlchemy/PyMySQL format) +# database-uri: "mysql+pymysql://bunkerweb:ajusb&Agsagas2q1@mariadb-bunkerweb.bunkerweb.svc.cluster.local:3306/db?ssl_verify_cert=False" + database-uri: "mysql+pymysql://root:q4890qhhfgq9pfg3q4uyg33@mariadb.mariadb.svc.cluster.local:3306/bunkerweb?ssl_verify_cert=False" + # Redis username (if authentication enabled) + redis-username: "" + # Redis password (required for Redis and Scheduler) + redis-password: "" + # UI Admin credentials + admin-username: "bunker-admin" + admin-password: "rf4g0c#kMKPu9T7p" + # Flask secret key for UI sessions (generate a random string) + flask-secret: "flask-secret-of-the-titans" + # TOTP secrets for 2FA (generate a random string) + totp-secrets: "totp-secrets-of-the-gods" + # BunkerWeb database user + mariadb-user: "root" + # BunkerWeb database password + mariadb-password: "q4890qhhfgq9pfg3q4uyg33" + # BunkerWeb Pro license key +# pro-license-key: "bw-pro-license-key-goes-here" + # API token for accessing BunkerWeb API +# api-token: "my-super-secure-api-bearer-token" + # api username + api-username: "admin" + # api password + api-password: "aiocniow#54ADAeqboisAbas!" diff --git a/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml b/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml index 687846d..3703b11 100644 --- a/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml +++ b/ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml @@ -4,6 +4,7 @@ # Global settings settings: + existingSecret: bunkerweb-settings-secret misc: # Replace with your DNS resolver # to get it: kubectl exec in a random pod then cat /etc/resolv.conf @@ -12,12 +13,21 @@ settings: # dnsResolvers: "kube-dns.kube-system.svc.cluster.local" dnsResolvers: "kube-dns.kube-system.svc.cluster.local" + redis: + redisHost: redis-master.redis.svc.cluster.local + kubernetes: # We only consider Ingress resources with ingressClass bunkerweb to avoid conflicts with existing ingress controller ingressClass: "bunkerweb" # Optional: you can choose namespace(s) where BunkerWeb will listen for Ingress/ConfigMap changes # Default (blank value) is all namespaces - namespaces: "default stashapp" + namespaces: "default bunkerweb stashapp" + + api: + useUserPass: + # If enable, it will use settings.existingSecret + fromExistingSecret: false + # ----- WEB UI CONFIGURATION ----- ui: @@ -33,7 +43,7 @@ settings: # Domain name for UI access # Example: "bunkerweb-ui.example.com" - serverName: "bunkerweb-ui.xai-corp.net" + serverName: "bunkerweb-ux.xai-corp.net" # Path for UI access (usually "/") serverPath: "/" @@ -46,7 +56,7 @@ settings: # Secret name containing TLS certificate # Leave empty to disable HTTPS - tlsSecretName: xai-corp-production-tls-bunkerweb-ui + tlsSecretName: xai-corp-production-tls-bunkerweb-ux # Override the bunkerweb-external service type to ClusterIP # Since we don't need to expose it to the outside world @@ -56,11 +66,13 @@ service: # BunkerWeb settings bunkerweb: - tag: 1.6.6 + enabled: true + tag: 1.6.8 + replicas: 0 # Scheduler settings scheduler: - tag: 1.6.6 + tag: 1.6.8 livenessProbe: periodSeconds: 15 timeoutSeconds: 2 @@ -79,19 +91,28 @@ scheduler: # Controller settings controller: - tag: 1.6.6 + enabled: true + tag: 1.6.8 # UI settings ui: - tag: 1.6.6 + tag: 1.6.8 livenessProbe: periodSeconds: 15 timeoutSeconds: 2 failureThreshold: 5 api: enabled: true - tag: 1.6.6 + tag: 1.6.8 livenessProbe: periodSeconds: 15 timeoutSeconds: 2 failureThreshold: 5 + +redis: + enabled: false + +mariadb: + enabled: false +# config: +# database: bunkerweb diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml index cc0ba3a..13e3665 100644 --- a/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml +++ b/ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml @@ -2,14 +2,23 @@ # https://docs.bunkerweb.io/1.6.6/integrations/#kubernetes -#- name: Create a namespace for bunkerweb -# k8s: -# kubeconfig: "/etc/rancher/k3s/k3s.yaml" -# name: "{{apps.bunkerweb.namespace}}" -# api_version: v1 -# kind: Namespace -# state: "{{apps.bunkerweb.state}}" -# become: true +- name: Create a namespace for bunkerweb + k8s: + kubeconfig: "/etc/rancher/k3s/k3s.yaml" + name: "{{apps.bunkerweb.namespace}}" + api_version: v1 + kind: Namespace + state: "{{apps.bunkerweb.state}}" + become: true + +- name: create secrets + kubernetes.core.k8s: + kubeconfig: "/etc/rancher/k3s/k3s.yaml" + state: "{{apps.bunkerweb.state}}" + definition: "{{ lookup('file', item) | from_yaml }}" + loop: + - bunkerweb/secret.yaml + become: true - name: Install bunkerweb instance block: