bunkerweb base working with global mariadb and redis

ansible-5/roles/prod.k3s/defaults/main.yml

@@ -90,7 +90,7 @@ apps:
   hello_world:
     enabled: true
     namespace: default
-    state: present
+    state: absent
 
   funkwhale:
     enabled: true
@@ -124,11 +124,12 @@ apps:
     state: absent
 
   ktistec:
-    enabled: false
+    enabled: true
     namespace: ktistec
-    state: absent
+    state: present
 
   bunkerweb:
     enabled: true
-    namespace: default
-    state: absent
+    namespace: bunkerweb
+    state: present
+

ansible-5/roles/prod.k3s/files/bunkerweb/secret.yaml

@@ -0,0 +1,37 @@
+# BunkerWeb Settings Secret
+# This Secret contains sensitive configuration settings for BunkerWeb.
+# Modify the values as needed for your deployment
+# Make sure to reference this secret in your Helm values under settings.existingSecret
+apiVersion: v1
+kind: Secret
+metadata:
+  name: bunkerweb-settings-secret
+  namespace: bunkerweb
+type: Opaque
+stringData:
+  # Database URI for BunkerWeb (SQLAlchemy/PyMySQL format)
+#  database-uri: "mysql+pymysql://bunkerweb:ajusb&Agsagas2q1@mariadb-bunkerweb.bunkerweb.svc.cluster.local:3306/db?ssl_verify_cert=False"
+  database-uri: "mysql+pymysql://root:q4890qhhfgq9pfg3q4uyg33@mariadb.mariadb.svc.cluster.local:3306/bunkerweb?ssl_verify_cert=False"
+  # Redis username (if authentication enabled)
+  redis-username: ""
+  # Redis password (required for Redis and Scheduler)
+  redis-password: ""
+  # UI Admin credentials
+  admin-username: "bunker-admin"
+  admin-password: "rf4g0c#kMKPu9T7p"
+  # Flask secret key for UI sessions (generate a random string)
+  flask-secret: "flask-secret-of-the-titans"
+  # TOTP secrets for 2FA (generate a random string)
+  totp-secrets: "totp-secrets-of-the-gods"
+  # BunkerWeb database user
+  mariadb-user: "root"
+  # BunkerWeb database password
+  mariadb-password: "q4890qhhfgq9pfg3q4uyg33"
+  # BunkerWeb Pro license key
+#  pro-license-key: "bw-pro-license-key-goes-here"
+  # API token for accessing BunkerWeb API
+#  api-token: "my-super-secure-api-bearer-token"
+  # api username
+  api-username: "admin"
+  # api password
+  api-password: "aiocniow#54ADAeqboisAbas!"

ansible-5/roles/prod.k3s/files/bunkerweb/values.yaml

@@ -4,6 +4,7 @@
 
 # Global settings
 settings:
+  existingSecret: bunkerweb-settings-secret
   misc:
     # Replace with your DNS resolver
     # to get it: kubectl exec in a random pod then cat /etc/resolv.conf
@@ -12,12 +13,21 @@ settings:
 #    dnsResolvers: "kube-dns.kube-system.svc.cluster.local"
     dnsResolvers: "kube-dns.kube-system.svc.cluster.local"
 
+  redis:
+    redisHost: redis-master.redis.svc.cluster.local
+
   kubernetes:
     # We only consider Ingress resources with ingressClass bunkerweb to avoid conflicts with existing ingress controller
     ingressClass: "bunkerweb"
     # Optional: you can choose namespace(s) where BunkerWeb will listen for Ingress/ConfigMap changes
     # Default (blank value) is all namespaces
-    namespaces: "default stashapp"
+    namespaces: "default bunkerweb stashapp"
+
+  api:
+    useUserPass:
+      # If enable, it will use settings.existingSecret
+      fromExistingSecret: false
+
 
   # ----- WEB UI CONFIGURATION -----
   ui:
@@ -33,7 +43,7 @@ settings:
 
       # Domain name for UI access
       # Example: "bunkerweb-ui.example.com"
-      serverName: "bunkerweb-ui.xai-corp.net"
+      serverName: "bunkerweb-ux.xai-corp.net"
 
       # Path for UI access (usually "/")
       serverPath: "/"
@@ -46,7 +56,7 @@ settings:
 
       # Secret name containing TLS certificate
       # Leave empty to disable HTTPS
-      tlsSecretName: xai-corp-production-tls-bunkerweb-ui
+      tlsSecretName: xai-corp-production-tls-bunkerweb-ux
 
 # Override the bunkerweb-external service type to ClusterIP
 # Since we don't need to expose it to the outside world
@@ -56,11 +66,13 @@ service:
 
 # BunkerWeb settings
 bunkerweb:
-  tag: 1.6.6
+  enabled: true
+  tag: 1.6.8
+  replicas: 0
 
 # Scheduler settings
 scheduler:
-  tag: 1.6.6
+  tag: 1.6.8
   livenessProbe:
     periodSeconds: 15
     timeoutSeconds: 2
@@ -79,19 +91,28 @@ scheduler:
 
 # Controller settings
 controller:
-  tag: 1.6.6
+  enabled: true
+  tag: 1.6.8
 
 # UI settings
 ui:
-  tag: 1.6.6
+  tag: 1.6.8
   livenessProbe:
     periodSeconds: 15
     timeoutSeconds: 2
     failureThreshold: 5
 api:
   enabled: true
-  tag: 1.6.6
+  tag: 1.6.8
   livenessProbe:
     periodSeconds: 15
     timeoutSeconds: 2
     failureThreshold: 5
+
+redis:
+  enabled: false
+
+mariadb:
+  enabled: false
+#  config:
+#    database: bunkerweb

ansible-5/roles/prod.k3s/tasks/deployments/bunkerweb.yaml

@@ -2,14 +2,23 @@
 # https://docs.bunkerweb.io/1.6.6/integrations/#kubernetes
 
 
-#- name: Create a namespace for bunkerweb
-#  k8s:
-#    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
-#    name: "{{apps.bunkerweb.namespace}}"
-#    api_version: v1
-#    kind: Namespace
-#    state: "{{apps.bunkerweb.state}}"
-#  become: true
+- name: Create a namespace for bunkerweb
+  k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    name: "{{apps.bunkerweb.namespace}}"
+    api_version: v1
+    kind: Namespace
+    state: "{{apps.bunkerweb.state}}"
+  become: true
+
+- name: create secrets
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: "{{apps.bunkerweb.state}}"
+    definition: "{{ lookup('file', item) | from_yaml }}"
+  loop:
+    - bunkerweb/secret.yaml
+  become: true
 
 - name: Install bunkerweb instance
   block: