From d91a4238cced357b3b5bddfdd03aa4fe212f9637 Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Mon, 10 Oct 2022 17:36:40 -0500 Subject: [PATCH] initial commit --- argocd/Chart.yaml | 11 + argocd/templates/InternalProxy.yaml | 23 + argocd/templates/bitwarden.yaml | 23 + argocd/templates/cert-manager.yaml | 20 + argocd/templates/durpot.yaml | 23 + argocd/templates/gitlab-runner.yaml | 21 + argocd/templates/ingress-nginx.yaml | 20 + argocd/templates/keycloak.yaml | 21 + argocd/templates/kong.yaml | 23 + argocd/templates/kube-prometheus-stack.yaml | 21 + argocd/templates/littlelink.yaml | 22 + argocd/templates/longhorn-system.yaml | 22 + argocd/templates/nextcloud.yaml | 21 + argocd/templates/oauth2-proxy.yaml | 21 + argocd/templates/sealed-secrets.yaml | 22 + argocd/templates/uptimekuma.yaml | 23 + argocd/templates/whoogle.yaml | 23 + argocd/values.yaml | 182 +++ bitwarden/Chart.yaml | 7 + bitwarden/templates/deployment.yaml | 45 + bitwarden/templates/ingress.yaml | 23 + bitwarden/templates/service.yaml | 12 + bitwarden/templates/volume.yaml | 11 + cert-manager/Chart.yaml | 11 + .../templates/letsencrypt-prroduction.yaml | 16 + .../templates/letsencrypt-staging.yaml | 16 + cert-manager/templates/sealedsecret.yaml | 16 + cert-manager/values.yaml | 11 + durpot/Chart.yaml | 7 + durpot/templates/deployment.yaml | 24 + durpot/templates/sealedsecret.yaml | 17 + gitlab-runner/Chart.yaml | 11 + .../templates/gitlab-secret-sealed.yaml | 17 + gitlab-runner/values.yaml | 60 + ingress-nginx/Chart.yaml | 11 + ingress-nginx/values.yaml | 109 ++ internalproxy/Chart.yaml | 7 + .../templates/duplicati-ingress.yaml | 56 + internalproxy/templates/kasm-ingress.yaml | 84 ++ internalproxy/templates/minio-ingress.yaml | 53 + internalproxy/templates/overlord-ingress.yaml | 54 + internalproxy/templates/pfsense-ingress.yaml | 54 + internalproxy/templates/plex-ingress.yaml | 53 + internalproxy/templates/unraid-ingress.yaml | 54 + keycloak/Chart.yaml | 11 + keycloak/templates/keyclock.yaml | 17 + keycloak/values.yaml | 114 ++ kong/Chart.yaml | 7 + kong/templates/configmap.yaml | 27 + kong/templates/deployment.yaml | 58 + kong/templates/ingress.yaml | 24 + kong/templates/namespace.yaml | 4 + kong/templates/service.yaml | 16 + kube-prometheus-stack/Chart.yaml | 12 + .../templates/grafana-secrets-sealed.yaml | 17 + kube-prometheus-stack/values.yaml | 208 +++ littlelink/Chart.yaml | 0 littlelink/templates/deployment.yaml | 97 ++ littlelink/templates/ingress.yaml | 23 + littlelink/templates/service.yaml | 12 + longhorn-system/Chart.yaml | 7 + longhorn-system/templates/deployment.yaml | 1264 +++++++++++++++++ longhorn-system/templates/ingress.yaml | 29 + .../templates/longhorn-minio-sealed.yaml | 18 + longhorn-system/values.yaml | 0 nextcloud/Chart.yaml | 12 + .../nextcloud-collabora-sealedsecret.yaml | 17 + nextcloud/templates/nextcloud-secret.yaml | 17 + nextcloud/templates/sealedsecret.yaml | 18 + nextcloud/values.yaml | 142 ++ oauth2-proxy/Chart.yaml | 14 + oauth2-proxy/templates/oauth-credentials.yaml | 17 + oauth2-proxy/values.yaml | 64 + sealed-secrets/Chart.yaml | 7 + sealed-secrets/templates/deployment.yaml | 252 ++++ sealed-secrets/values.yaml | 0 uptimekuma/Chart.yaml | 7 + uptimekuma/templates/deployment.yaml | 42 + uptimekuma/templates/ingress.yaml | 40 + uptimekuma/templates/service.yaml | 13 + uptimekuma/templates/volume.yaml | 11 + whoogle/Chart.yaml | 23 + whoogle/templates/deployment.yaml | 47 + whoogle/templates/ingress.yaml | 24 + whoogle/templates/service.yaml | 20 + whoogle/templates/serviceaccount.yaml | 10 + 86 files changed, 4143 insertions(+) create mode 100644 argocd/Chart.yaml create mode 100644 argocd/templates/InternalProxy.yaml create mode 100644 argocd/templates/bitwarden.yaml create mode 100644 argocd/templates/cert-manager.yaml create mode 100644 argocd/templates/durpot.yaml create mode 100644 argocd/templates/gitlab-runner.yaml create mode 100644 argocd/templates/ingress-nginx.yaml create mode 100644 argocd/templates/keycloak.yaml create mode 100644 argocd/templates/kong.yaml create mode 100644 argocd/templates/kube-prometheus-stack.yaml create mode 100644 argocd/templates/littlelink.yaml create mode 100644 argocd/templates/longhorn-system.yaml create mode 100644 argocd/templates/nextcloud.yaml create mode 100644 argocd/templates/oauth2-proxy.yaml create mode 100644 argocd/templates/sealed-secrets.yaml create mode 100644 argocd/templates/uptimekuma.yaml create mode 100644 argocd/templates/whoogle.yaml create mode 100644 argocd/values.yaml create mode 100644 bitwarden/Chart.yaml create mode 100644 bitwarden/templates/deployment.yaml create mode 100644 bitwarden/templates/ingress.yaml create mode 100644 bitwarden/templates/service.yaml create mode 100644 bitwarden/templates/volume.yaml create mode 100644 cert-manager/Chart.yaml create mode 100644 cert-manager/templates/letsencrypt-prroduction.yaml create mode 100644 cert-manager/templates/letsencrypt-staging.yaml create mode 100644 cert-manager/templates/sealedsecret.yaml create mode 100644 cert-manager/values.yaml create mode 100644 durpot/Chart.yaml create mode 100644 durpot/templates/deployment.yaml create mode 100644 durpot/templates/sealedsecret.yaml create mode 100644 gitlab-runner/Chart.yaml create mode 100644 gitlab-runner/templates/gitlab-secret-sealed.yaml create mode 100644 gitlab-runner/values.yaml create mode 100644 ingress-nginx/Chart.yaml create mode 100644 ingress-nginx/values.yaml create mode 100644 internalproxy/Chart.yaml create mode 100644 internalproxy/templates/duplicati-ingress.yaml create mode 100644 internalproxy/templates/kasm-ingress.yaml create mode 100644 internalproxy/templates/minio-ingress.yaml create mode 100644 internalproxy/templates/overlord-ingress.yaml create mode 100644 internalproxy/templates/pfsense-ingress.yaml create mode 100644 internalproxy/templates/plex-ingress.yaml create mode 100644 internalproxy/templates/unraid-ingress.yaml create mode 100644 keycloak/Chart.yaml create mode 100644 keycloak/templates/keyclock.yaml create mode 100644 keycloak/values.yaml create mode 100644 kong/Chart.yaml create mode 100644 kong/templates/configmap.yaml create mode 100644 kong/templates/deployment.yaml create mode 100644 kong/templates/ingress.yaml create mode 100644 kong/templates/namespace.yaml create mode 100644 kong/templates/service.yaml create mode 100644 kube-prometheus-stack/Chart.yaml create mode 100644 kube-prometheus-stack/templates/grafana-secrets-sealed.yaml create mode 100644 kube-prometheus-stack/values.yaml create mode 100644 littlelink/Chart.yaml create mode 100644 littlelink/templates/deployment.yaml create mode 100644 littlelink/templates/ingress.yaml create mode 100644 littlelink/templates/service.yaml create mode 100644 longhorn-system/Chart.yaml create mode 100644 longhorn-system/templates/deployment.yaml create mode 100644 longhorn-system/templates/ingress.yaml create mode 100644 longhorn-system/templates/longhorn-minio-sealed.yaml create mode 100644 longhorn-system/values.yaml create mode 100644 nextcloud/Chart.yaml create mode 100644 nextcloud/templates/nextcloud-collabora-sealedsecret.yaml create mode 100644 nextcloud/templates/nextcloud-secret.yaml create mode 100644 nextcloud/templates/sealedsecret.yaml create mode 100644 nextcloud/values.yaml create mode 100644 oauth2-proxy/Chart.yaml create mode 100644 oauth2-proxy/templates/oauth-credentials.yaml create mode 100644 oauth2-proxy/values.yaml create mode 100644 sealed-secrets/Chart.yaml create mode 100644 sealed-secrets/templates/deployment.yaml create mode 100644 sealed-secrets/values.yaml create mode 100644 uptimekuma/Chart.yaml create mode 100644 uptimekuma/templates/deployment.yaml create mode 100644 uptimekuma/templates/ingress.yaml create mode 100644 uptimekuma/templates/service.yaml create mode 100644 uptimekuma/templates/volume.yaml create mode 100644 whoogle/Chart.yaml create mode 100644 whoogle/templates/deployment.yaml create mode 100644 whoogle/templates/ingress.yaml create mode 100644 whoogle/templates/service.yaml create mode 100644 whoogle/templates/serviceaccount.yaml diff --git a/argocd/Chart.yaml b/argocd/Chart.yaml new file mode 100644 index 0000000..35c7646 --- /dev/null +++ b/argocd/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: argocd +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: argo-cd + repository: https://argoproj.github.io/argo-helm + version: 5.5.18 diff --git a/argocd/templates/InternalProxy.yaml b/argocd/templates/InternalProxy.yaml new file mode 100644 index 0000000..8d1d7d9 --- /dev/null +++ b/argocd/templates/InternalProxy.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: internalproxy + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: internalproxy + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: internalproxy + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/bitwarden.yaml b/argocd/templates/bitwarden.yaml new file mode 100644 index 0000000..bdee2e2 --- /dev/null +++ b/argocd/templates/bitwarden.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bitwarden + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: bitwarden + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: bitwarden + syncPolicy: + automated: + prune: true + selfHeal: false + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/cert-manager.yaml b/argocd/templates/cert-manager.yaml new file mode 100644 index 0000000..526127e --- /dev/null +++ b/argocd/templates/cert-manager.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: cert-manager + destination: + namespace: cert-manager + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/templates/durpot.yaml b/argocd/templates/durpot.yaml new file mode 100644 index 0000000..bdeed57 --- /dev/null +++ b/argocd/templates/durpot.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: durpot + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: durpot + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: durpot + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/gitlab-runner.yaml b/argocd/templates/gitlab-runner.yaml new file mode 100644 index 0000000..bae63eb --- /dev/null +++ b/argocd/templates/gitlab-runner.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: gitlab-runner + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: gitlab-runner + destination: + namespace: gitlab-runner + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/ingress-nginx.yaml b/argocd/templates/ingress-nginx.yaml new file mode 100644 index 0000000..6799079 --- /dev/null +++ b/argocd/templates/ingress-nginx.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: ingress-nginx + destination: + namespace: ingress-nginx + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/templates/keycloak.yaml b/argocd/templates/keycloak.yaml new file mode 100644 index 0000000..62aef90 --- /dev/null +++ b/argocd/templates/keycloak.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: keycloak + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: keycloak + destination: + namespace: keycloak + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/kong.yaml b/argocd/templates/kong.yaml new file mode 100644 index 0000000..a4adf72 --- /dev/null +++ b/argocd/templates/kong.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kong + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: kong + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: kong + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/kube-prometheus-stack.yaml b/argocd/templates/kube-prometheus-stack.yaml new file mode 100644 index 0000000..dcd780b --- /dev/null +++ b/argocd/templates/kube-prometheus-stack.yaml @@ -0,0 +1,21 @@ +#apiVersion: argoproj.io/v1alpha1 +#kind: Application +#metadata: +# name: kube-prometheus-stack +# namespace: argocd +#spec: +# project: default +# source: +# repoURL: https://github.com/DeveloperDurp/homelab.git +# targetRevision: main +# path: kube-prometheus-stack +# destination: +# namespace: kube-prometheus-stack +# name: in-cluster +# syncPolicy: +# automated: +# prune: true +# selfHeal: true +# syncOptions: +# - CreateNamespace=true +# diff --git a/argocd/templates/littlelink.yaml b/argocd/templates/littlelink.yaml new file mode 100644 index 0000000..d4a6f71 --- /dev/null +++ b/argocd/templates/littlelink.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: littlelink + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: littlelink + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: littlelink + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/templates/longhorn-system.yaml b/argocd/templates/longhorn-system.yaml new file mode 100644 index 0000000..5c6ba45 --- /dev/null +++ b/argocd/templates/longhorn-system.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: longhorn-system + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: longhorn-system + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: longhorn-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/templates/nextcloud.yaml b/argocd/templates/nextcloud.yaml new file mode 100644 index 0000000..a9ef699 --- /dev/null +++ b/argocd/templates/nextcloud.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nextcloud + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: nextcloud + destination: + namespace: nextcloud + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/oauth2-proxy.yaml b/argocd/templates/oauth2-proxy.yaml new file mode 100644 index 0000000..ba6e819 --- /dev/null +++ b/argocd/templates/oauth2-proxy.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: oauth2-proxy + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: oauth2-proxy + destination: + namespace: oauth2-proxy + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/sealed-secrets.yaml b/argocd/templates/sealed-secrets.yaml new file mode 100644 index 0000000..5b3fff0 --- /dev/null +++ b/argocd/templates/sealed-secrets.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: sealed-secrets + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: sealed-secrets + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: sealed-secrets + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/templates/uptimekuma.yaml b/argocd/templates/uptimekuma.yaml new file mode 100644 index 0000000..0db0e37 --- /dev/null +++ b/argocd/templates/uptimekuma.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: uptimekuma + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: uptimekuma + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: uptimekuma + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/templates/whoogle.yaml b/argocd/templates/whoogle.yaml new file mode 100644 index 0000000..691d06c --- /dev/null +++ b/argocd/templates/whoogle.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: whoogle + namespace: argocd +spec: + project: default + source: + repoURL: https://github.com/DeveloperDurp/homelab.git + targetRevision: main + path: whoogle + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: whoogle + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/argocd/values.yaml b/argocd/values.yaml new file mode 100644 index 0000000..70cee3c --- /dev/null +++ b/argocd/values.yaml @@ -0,0 +1,182 @@ +argocd: + + image: + registry: docker.io + repository: bitnami/argo-cd + pullPolicy: Always + + controller: + replicaCount: 3 + + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + resources: + limits: {} + requests: {} + + service: + type: ClusterIP + port: 8082 + + + server: + + replicaCount: 3 + + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + resources: + limits: {} + requests: {} + + url: "argocd.internal.durp.info" + + ## Argo CD server config. This object will be directly rendered + ## @param server.config [object] Argo CD server configuration that will end on the argocd-cm Config Map + ## Ref: https://argoproj.github.io/argo-cd/operator-manual/user-management/ + ## E.g: + ## repositories: + ## - url: git@github.com:group/repo.git + ## sshPrivateKeySecret: + ## name: secret-name + ## key: sshPrivateKey + ## - type: helm + ## url: https://charts.helm.sh/stable + ## name: stable + ## - type: helm + ## url: https://argoproj.github.io/argo-helm + ## name: argo + ## oidc.config: + ## name: AzureAD + ## issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 + ## clientID: CLIENT_ID + ## clientSecret: $oidc.azuread.clientSecret + ## requestedIDTokenClaims: + ## groups: + ## essential: true + ## requestedScopes: + ## - openid + ## - profile + ## - email + ## dex.config: + ## connectors: + ## # GitHub example + ## - type: github + ## id: github + ## name: GitHub + ## config: + ## clientID: aabbccddeeff00112233 + ## clientSecret: $dex.github.clientSecret + ## orgs: + ## - name: your-github-org + config: + url: "{{ .Values.server.url }}" + application.instanceLabelKey: argocd.argoproj.io/instance + + ingress: + enabled: true + pathType: ImplementationSpecific + hostname: argocd.internal.durp.info + path: / + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + + tls: + - secretName: argocd-tls + hosts: + - argocd.internal.durp.info + + repoServer: + replicaCount: 3 + + resources: + limits: {} + requests: {} + + + dex: + image: + registry: docker.io + repository: bitnami/dex + pullPolicy: Always + + enabled: true + + replicaCount: 3 + + resources: + limits: {} + requests: {} + + config: + + redis: + image: + registry: docker.io + repository: bitnami/redis + pullPolicy: Always + + enabled: true + nameOverride: "" + service: + port: 6379 + + auth: + enabled: true + existingSecret: "" + existingSecretPasswordKey: 'redis-password' + + architecture: standalone + + redisWait: + enabled: true + extraArgs: '' + securityContext: {} + diff --git a/bitwarden/Chart.yaml b/bitwarden/Chart.yaml new file mode 100644 index 0000000..cfdd821 --- /dev/null +++ b/bitwarden/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: bitwarden +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" diff --git a/bitwarden/templates/deployment.yaml b/bitwarden/templates/deployment.yaml new file mode 100644 index 0000000..28360f0 --- /dev/null +++ b/bitwarden/templates/deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: bitwarden + name: bitwarden + labels: + app: bitwarden +spec: + selector: + matchLabels: + app: bitwarden + replicas: 1 + template: + metadata: + labels: + app: bitwarden + spec: + containers: + - name: bitwarden + image: bitwardenrs/server:latest + imagePullPolicy: Always + volumeMounts: + - name: bitwarden-longhorn-pvc + mountPath: /data + subPath: bitwaren-data + ports: + - name: http + containerPort: 80 + env: + - name: SIGNUPS_ALLOWED + value: "TRUE" + - name: INVITATIONS_ALLOWED + value: "TRUE" + - name: WEBSOCKET_ENABLED + value: "TRUE" + - name: ROCKET_ENV + value: "staging" + - name: ROCKET_PORT + value: "80" + - name: ROCKET_WORKERS + value: "10" + volumes: + - name: bitwarden-longhorn-pvc + persistentVolumeClaim: + claimName: bitwarden-longhorn-pvc \ No newline at end of file diff --git a/bitwarden/templates/ingress.yaml b/bitwarden/templates/ingress.yaml new file mode 100644 index 0000000..399f14e --- /dev/null +++ b/bitwarden/templates/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bitwarden-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production +spec: + rules: + - host: bitwarden.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: bitwarden + port: + number: 80 + tls: + - hosts: + - bitwarden.durp.info + secretName: bitwarden-tls diff --git a/bitwarden/templates/service.yaml b/bitwarden/templates/service.yaml new file mode 100644 index 0000000..df30857 --- /dev/null +++ b/bitwarden/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: bitwarden +spec: + ports: + - name: http + port: 80 + targetPort: 80 + protocol: TCP + selector: + app: bitwarden \ No newline at end of file diff --git a/bitwarden/templates/volume.yaml b/bitwarden/templates/volume.yaml new file mode 100644 index 0000000..041f4af --- /dev/null +++ b/bitwarden/templates/volume.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bitwarden-longhorn-pvc +spec: + storageClassName: longhorn + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi diff --git a/cert-manager/Chart.yaml b/cert-manager/Chart.yaml new file mode 100644 index 0000000..1e53f50 --- /dev/null +++ b/cert-manager/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: cert-manager +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: 1.9.1 diff --git a/cert-manager/templates/letsencrypt-prroduction.yaml b/cert-manager/templates/letsencrypt-prroduction.yaml new file mode 100644 index 0000000..2e5b443 --- /dev/null +++ b/cert-manager/templates/letsencrypt-prroduction.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-issuer-account-key + solvers: + - dns01: + cloudflare: + email: developerdurp@durp.info + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token \ No newline at end of file diff --git a/cert-manager/templates/letsencrypt-staging.yaml b/cert-manager/templates/letsencrypt-staging.yaml new file mode 100644 index 0000000..15ec106 --- /dev/null +++ b/cert-manager/templates/letsencrypt-staging.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-issuer-account-key + solvers: + - dns01: + cloudflare: + email: developerdurp@durp.info + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token \ No newline at end of file diff --git a/cert-manager/templates/sealedsecret.yaml b/cert-manager/templates/sealedsecret.yaml new file mode 100644 index 0000000..d00e1a1 --- /dev/null +++ b/cert-manager/templates/sealedsecret.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: cloudflare-api-token-secret + namespace: cert-manager +spec: + encryptedData: + api-token: AgByFA+3NxZ6EPc0kt99+9+aFFRoYN0L82HPYilEtkxBKWdIc70k6SAmOAGUQnrBbCulWSq+qLaGSOk7l/ul2IzJLLitpluJbb2Ck2qiZyAoGCaO0V+rdZxzrOpKnDrEk8/puvz1jbfRbiDvPzz1/x/U3hG6InXzj63wU+WYsu3xCEcVrPSlEUILK0DeAVJipdn/5Auw5ckgVMZ6j+Fjcp94INWUw/Z7wiiebXOgeh5BxvFiYw9Pk7CMMRqdIkDT30ynCgn9v2Gl280P/J6QCByljGkr7b6gOXgYw/KIxSsl2mzv9Ar2+ZWvka9nqykdL8dE3Ju3MtFTPCNv+REdEZH+EubxXeE+WS+hYhMVoPPIt/47yh6Pu1xU7Ms8aLXlUMBxIzonBTcyRvktH2Mc86CWPXYYdfi7885iq/uRt4hJN3akAh4zazfBwJ/FCVzrJb+zMfozwR4tPiGwb2HxfggAy0UW0SYxUNGbwmr7J+9g5QOFyNrtPqsslH5piGHtERtegpB4MngdNFLln3oidt+ef0//Y3E+V4c2vY+t0OirgRgJ59UVhEFDLUgvaHNjJ2PGlmyQa98hSzYfpmm/4sAsTAIM/W/oRwtsA2arOjg79An397upqbepBVqYe0wqHML50eE1C3mX9bwtdq4+W3A1GmpadYl9n2HrtLF/rTPenFVLqzodN7VLBRNU8f49Xc7s9hEHnlMegrh/drYC2ckn3w/V2s1Yya8RUQiGnqztdOAJqCwL1o/f + template: + data: null + metadata: + creationTimestamp: null + name: cloudflare-api-token-secret + namespace: cert-manager + diff --git a/cert-manager/values.yaml b/cert-manager/values.yaml new file mode 100644 index 0000000..2b27050 --- /dev/null +++ b/cert-manager/values.yaml @@ -0,0 +1,11 @@ +cert-manager: + installCRDs: true + replicaCount: 3 + extraArgs: + - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 + - --dns01-recursive-nameservers-only + podDnsPolicy: None + podDnsConfig: + nameservers: + - "1.1.1.1" + - "1.0.0.1" diff --git a/durpot/Chart.yaml b/durpot/Chart.yaml new file mode 100644 index 0000000..9829032 --- /dev/null +++ b/durpot/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: durpot +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "0.1.0" diff --git a/durpot/templates/deployment.yaml b/durpot/templates/deployment.yaml new file mode 100644 index 0000000..9ac5b77 --- /dev/null +++ b/durpot/templates/deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: durpot + name: durpot + labels: + app: durpot +spec: + selector: + matchLabels: + app: durpot + replicas: 1 + template: + metadata: + labels: + app: durpot + spec: + containers: + - name: durpot + image: ghcr.io/developerdurp/durpot:latest + imagePullPolicy: Always + envFrom: + - secretRef: + name: durpot-secret \ No newline at end of file diff --git a/durpot/templates/sealedsecret.yaml b/durpot/templates/sealedsecret.yaml new file mode 100644 index 0000000..ab288a2 --- /dev/null +++ b/durpot/templates/sealedsecret.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: durpot-secret + namespace: durpot +spec: + encryptedData: + CHANNEL_ID: AgBCMRT0w3n3ehhILFRoRdqPwOy9+ebZpM+ZhMwqiazrTCvE3vFXrWd1uZ0hmf051PSFwkJ79QXlnYyffx8Mp/VGGwe8Zk8+61NCymxpnYXEYCLFtQu0BqGAK/da7JWBOOaqZ6F80A1QHnszW9K6hh4BsdseGUPNrc6l4C51pblsg+cwGUbUSRflPdmDHBa/3sjDYOCg/gJ5Ec27+Y7UA+0AZ1mZVR3BtN9HtNF++ui3Uqr+jQ+HUisjeZ2ercj8AZcRtpCD8jA6oCNNbJiODZTZUx19AlZ/NME1lVaqNbnFXG8RJD7tFN1Zf+QUdP+5ZeY6PxNy2oRgI5vQvH0xc1lSGGhDRhKlBVZNLtvJGYVYBpQXi3jwZAFvpjBTMXARv2VpnvQwzPaXZVn0vgisPLQ9WUr1+Fe8w3F6TxMPjZ7m6lpXDel7TCMngvu984YRj1O3KZy3jP3vXcMOT6rCtsMqTIibAAVWegQFth1vsBUN2iyt20RBSRlL71CuyOcOCYtQAD9f6LDSbB5yMyL80s0Q1dEQV+B2pHDfzvroHosKzp40da6OrKf5NczhzSit6ZKTaPgZntil6yiIb38lqv14A53L3PFFcTP/rKtsMCKCma0X6MvXqsEkAQ6lh5AmrNqqTFIwuv1tXAMBE1jyusRzj1lLu76GAkQ5WovpRB87/JGJk2VwfFRddFrH+313KqXHfcXgUm/RCKOqPyZE8iW5/GI= + DISCORD_TOKEN: AgBSmUFVINgcE7yMfZWy++nF3tTWPpiCJj+Dqlq4XD+CrV6nxtcFYFYfm0EWEmPVWCLiKbd8Dy6dKMqKmFmA71qcDavYZFuB1AlZEiXix4Cuu+givoLeImUcmHGSxvOTWUlK2HSqEaDbp7ndxVWymasVfgctvHqRfeF1HCHKn1un7GFK6/MKRt3w8VNjQr7m/lybyE9k63/g4/vkQVjO4wA3cLK8e+vcb3v3w7X27fucwG0ESW/O6GdMw/zNKVmy65zb+uR+t5CCmDtOaGhak0pw1s9SqFtBFlaahQvX9Y6LIn/wFj220+XgtOe6dbio26lHXl4S8d/TPJ1JEfQ6/7k0jvBcvlItlNhd9J5GoQS9F+uzJib4Vh0wro7hzGoeIYKMNh0jUe5tnOQLLFiEmvhedhXx+W2O7ZrR/zGuFgCkCDsv1+/F4ts7TBW2Q6fPdojnJr0sHw+K3s1wuWcQPvH+N/FjSIiJUY6gFVizIy+2KpsHHogfUfq/iiooN8TceF2ZtEMjVN9G2+VZu9SzC57EPqXmzZ79GO4cJtQBuDNL5UGfqZ2mgesx8Hs/DJrLqHoZ9ZcTORhhTYQO6s44fuMJ5Kb2xOkmb5HmpxLM1tgmZmRs9OTVPE3WtT48Sk6CBN4OXY8rlUK2BH6A3Ah/IfCDG0hNoysbrY3jvnrOjsdBN9L+3IMa/nNrFD2kUm2ac/pGHKNEI6cEDWWQzcb+KHSMFfTSTsURuazdsqyffYYj+Ki+D19DHWvuwLZYcWEWxKgZAckVSB+dTYBIhg== + template: + data: null + metadata: + creationTimestamp: null + name: durpot-secret + namespace: durpot + diff --git a/gitlab-runner/Chart.yaml b/gitlab-runner/Chart.yaml new file mode 100644 index 0000000..c04efe7 --- /dev/null +++ b/gitlab-runner/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: gitlab-runner +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: gitlab-runner + repository: https://charts.gitlab.io/ + version: 0.43.0 diff --git a/gitlab-runner/templates/gitlab-secret-sealed.yaml b/gitlab-runner/templates/gitlab-secret-sealed.yaml new file mode 100644 index 0000000..b96208e --- /dev/null +++ b/gitlab-runner/templates/gitlab-secret-sealed.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: gitlab-secret + namespace: gitlab-runner +spec: + encryptedData: + runner-registration-token: AgAdk9x5mBbfTpHn9ZPvSH7mQomld7sVebv222t1E6VQqZzhfKosvSB8DPFEkinYRMS5TjC0C1Gd5UMZbdqEaYlljqnq6FcGkfrqV1uQcAAEoWgNuZZlMHz3av2dRcRIFOMxKkpNevVY/Gg11ETv1voZ6EaI394C1jmUGBan02RRKja74F0IiRkHdn80gZAYdWS1SEsJ5k2v9H5WoEprkq93aK2zKII3lCTMpd//D2TIasPPQSy2Ybgx5Vrdx47Cpu8IlnZmoFwbnkbEzV4+eLmlVbDKOhOMJiYn1JMvbBl/th1y98M/SJfFZC8vuBeJ2W+6Dr+RTqfucC/d6IYHrDXXD9Gh4yhNG97uvVVab3R9KCXQO1WXeMYqCF3o5k9jrrFsBKJ1oMw3+6TCy8hkMDAyPcDdS42x1k+NpbtfLA2LZ4CVrK+L484Y2tZESElHjtQsnxGwHp1E/U43UGRN0giOK52OYu5tziNjIMlfg1bc8sBCHEUw4Ln5VHQ/AHeXv+3TrWaNc7Wr01TqEOuTXwrYlC4gLd291uofudjgNUKS+/+Mzbi17c+GRovQpXteot7YlTaWaO1YmmoePVJxH12VDSl2RN8R4lDn0qhvnQWCpCeZzxcFeCn3dMC4lQVUh4P8SwnCJDfEl10cXIdvscmv/ga8KXBfXxXRC0dLRWlzn9u+SQFru0aJpZXYJ7lJfuyi/BpuDCxDGoCy2w1i2fs37eG8PDp0MXEgiC9wFA== + runner-token: AgBr5ZkTMkbzGNQW5hFVs13qD7HuXd1W3AxDqxAo3H2g8PcBRp3rQ+XRRzqC8PYiIkobry2SGbm7/YX/Y9OqWvA2ZCMnIhwdrZr1feSWzty1o5Euo4I3g4tSVjcpB+WwvLy8+YyD0hy8q7oU4qTCNkieVJ5TYLIZcgIK2JCNER3YdRMfwDdHSC++bP9thmClqXFflFL1CKGIBCFYrJUBvFH5fWhku7t5XD39zltKC/tTKgFPDHdlDfsWGynl3vQHaMyU8OkAB2EJsKjzghKGG4jxr23TxSrSpXVpo8+CT/iyvUmo6vs3h8/5aB0pYZgy2MBlLxgSmP5oHtVZ0jnqhpiqyHsfqiHbJTZsSxu8kvPB7+66Wh8VYHEsecKTAUKVw+ZKY+eP5CVk6YwXJpPfBmw6T5wJVGatE5/GGJ0/esiz0vlay5jLuWmM9SUpjZ1yHoeV9jczA5vtYOwyzNzk2feYCRcV+g7HO4kk3vmqgTH9E1D1ScQcQ8ciPLi+9dSDFYhicWRkx+dN7eEZMyb6Kbr/ed2k9PfRTkEaPqBE1gjBS0t9JqYFZkTRWREZVkSI5CTr2jiZn2gO3GO5P2HhQ9PtSbdc5oTOr1UHINko2TltGA1LsG5XW9LZaYrBYRxQGcPn7/SGlOGM46ZA2RS3l38OQrPD0+2WoAL4HRW4nsM2EHHOT/Oyb/YO0GLePCTJu1E= + template: + data: null + metadata: + creationTimestamp: null + name: gitlab-secret + namespace: gitlab-runner + diff --git a/gitlab-runner/values.yaml b/gitlab-runner/values.yaml new file mode 100644 index 0000000..431297e --- /dev/null +++ b/gitlab-runner/values.yaml @@ -0,0 +1,60 @@ +gitlab-runner: + + imagePullPolicy: Always + gitlabUrl: https://gitlab.com/ + unregisterRunner: true + terminationGracePeriodSeconds: 3600 + concurrent: 10 + checkInterval: 30 + + rbac: + create: true + rules: [] + clusterWideAccess: false + podSecurityPolicy: + enabled: false + resourceNames: + - gitlab-runner + + runners: + config: | + [[runners]] + [runners.kubernetes] + namespace = "{{.Release.Namespace}}" + image = "ubuntu:22.04" + privileged = true + + executor: kubernetes + name: "k3s" + runUntagged: true + privileged: true + secret: gitlab-secret + builds: + cpuLimit: 200m + cpuLimitOverwriteMaxAllowed: 400m + memoryLimit: 256Mi + memoryLimitOverwriteMaxAllowed: 512Mi + cpuRequests: 100m + cpuRequestsOverwriteMaxAllowed: 200m + memoryRequests: 128Mi + memoryRequestsOverwriteMaxAllowed: 256Mi + + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: true + privileged: false + capabilities: + drop: ["ALL"] + + podSecurityContext: + runAsUser: 100 + fsGroup: 65533 + + resources: + limits: + memory: 256Mi + cpu: 200m + requests: + memory: 128Mi + cpu: 100m \ No newline at end of file diff --git a/ingress-nginx/Chart.yaml b/ingress-nginx/Chart.yaml new file mode 100644 index 0000000..d900d9c --- /dev/null +++ b/ingress-nginx/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: nginx +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: ingress-nginx + repository: https://kubernetes.github.io/ingress-nginx + version: 4.2.5 diff --git a/ingress-nginx/values.yaml b/ingress-nginx/values.yaml new file mode 100644 index 0000000..7df6786 --- /dev/null +++ b/ingress-nginx/values.yaml @@ -0,0 +1,109 @@ +ingress-nginx: + + controller: + name: controller + image: + chroot: false + registry: registry.k8s.io + image: ingress-nginx/controller + pullPolicy: Always + runAsUser: 101 + allowPrivilegeEscalation: true + + containerName: controller + containerPort: + http: 80 + https: 443 + + livenessProbe: + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: "/healthz" + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + healthCheckPath: "/healthz" + healthCheckHost: "" + podAnnotations: {} + + replicaCount: 3 + + minAvailable: 3 + + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 200m + memory: 256Mi + + service: + enabled: true + appProtocol: true + annotations: {} + labels: {} + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + enableHttp: true + enableHttps: true + + ports: + http: 80 + https: 443 + + targetPorts: + http: http + https: https + + type: LoadBalancer + + external: + enabled: true + externalTrafficPolicy: "Local" + + patch: + enabled: true + image: + registry: registry.k8s.io + image: ingress-nginx/kube-webhook-certgen + pullPolicy: Always + runAsUser: 2000 + fsGroup: 2000 + + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + + priorityClassName: "" + + revisionHistoryLimit: 1 + + rbac: + create: true + scope: false + + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + annotations: {} diff --git a/internalproxy/Chart.yaml b/internalproxy/Chart.yaml new file mode 100644 index 0000000..71c9b0d --- /dev/null +++ b/internalproxy/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: internalproxy +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "0.1.0" diff --git a/internalproxy/templates/duplicati-ingress.yaml b/internalproxy/templates/duplicati-ingress.yaml new file mode 100644 index 0000000..d044321 --- /dev/null +++ b/internalproxy/templates/duplicati-ingress.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Service +metadata: + name: duplicati +spec: + ports: + - name: app + port: 8200 + protocol: TCP + targetPort: 8200 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: duplicati +subsets: +- addresses: + - ip: 192.168.20.253 + ports: + - name: app + port: 8200 + protocol: TCP + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: duplicati-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" + nginx.ingress.kubernetes.io/auth-response-headers: Authorization + nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth + nginx.ingress.kubernetes.io/auth-signin: https://oauth.durp.info/oauth2/start?rd=https://$host$request_uri$is_args$args +spec: + rules: + - host: duplicati.internal.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: duplicati + port: + number: 8200 + tls: + - hosts: + - duplicati.internal.durp.info + secretName: duplicati-tls diff --git a/internalproxy/templates/kasm-ingress.yaml b/internalproxy/templates/kasm-ingress.yaml new file mode 100644 index 0000000..caf1f35 --- /dev/null +++ b/internalproxy/templates/kasm-ingress.yaml @@ -0,0 +1,84 @@ +apiVersion: v1 +kind: Service +metadata: + name: kasm +spec: + ports: + - name: app + port: 443 + protocol: TCP + targetPort: 8443 + clusterIP: None + type: ClusterIP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: kasm +subsets: +- addresses: + - ip: 192.168.20.110 + ports: + - name: app + port: 8443 + protocol: TCP +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kasm-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + #nginx.ingress.kubernetes.io/proxy-body-size: 10M + #nginx.ingress.kubernetes.io/proxy-read-timeout: "1800s" + #nginx.ingress.kubernetes.io/proxy-send-timeout: "1800s" + #nginx.ingress.kubernetes.io/proxy_connect_timeout: "1800s" + nginx.ingress.kubernetes.io/server-snippets: | + location / { + # The following configurations must be configured when proxying to Kasm Workspaces + + # WebSocket Support + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Host and X headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Connectivity Options + proxy_http_version 1.1; + proxy_read_timeout 1800s; + proxy_send_timeout 1800s; + proxy_connect_timeout 1800s; + proxy_buffering off; + + # Allow large requests to support file uploads to sessions + client_max_body_size 10M; + + # Proxy to Kasm Workspaces running locally on 8443 using ssl + proxy_pass https://192.168.20.110:8443 ; + } + + +spec: + rules: + - host: kasm.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kasm + port: + number: 443 + tls: + - hosts: + - kasm.durp.info + secretName: kasm-tls + diff --git a/internalproxy/templates/minio-ingress.yaml b/internalproxy/templates/minio-ingress.yaml new file mode 100644 index 0000000..916e500 --- /dev/null +++ b/internalproxy/templates/minio-ingress.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio +spec: + ports: + - name: app + port: 9769 + protocol: TCP + targetPort: 9769 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: minio +subsets: +- addresses: + - ip: 192.168.20.253 + ports: + - name: app + port: 9769 + protocol: TCP + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minio-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" +spec: + rules: + - host: minio.internal.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: minio + port: + number: 9769 + tls: + - hosts: + - minio.internal.durp.info + secretName: minio-tls diff --git a/internalproxy/templates/overlord-ingress.yaml b/internalproxy/templates/overlord-ingress.yaml new file mode 100644 index 0000000..c502ec6 --- /dev/null +++ b/internalproxy/templates/overlord-ingress.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Service +metadata: + name: overlord +spec: + ports: + - name: app + port: 8006 + protocol: TCP + targetPort: 8006 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: overlord +subsets: +- addresses: + - ip: 192.168.20.254 + ports: + - name: app + port: 8006 + protocol: TCP + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: overlord-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +spec: + rules: + - host: overlord.internal.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: overlord + port: + number: 8006 + tls: + - hosts: + - overlord.internal.durp.info + secretName: overlord-tls diff --git a/internalproxy/templates/pfsense-ingress.yaml b/internalproxy/templates/pfsense-ingress.yaml new file mode 100644 index 0000000..12f3b46 --- /dev/null +++ b/internalproxy/templates/pfsense-ingress.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Service +metadata: + name: pfsense +spec: + ports: + - name: app + port: 443 + protocol: TCP + targetPort: 443 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: pfsense +subsets: +- addresses: + - ip: 192.168.20.1 + ports: + - name: app + port: 443 + protocol: TCP + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: pfsense-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +spec: + rules: + - host: pfsense.internal.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pfsense + port: + number: 443 + tls: + - hosts: + - pfsense.internal.durp.info + secretName: pfsense-tls diff --git a/internalproxy/templates/plex-ingress.yaml b/internalproxy/templates/plex-ingress.yaml new file mode 100644 index 0000000..90b23b8 --- /dev/null +++ b/internalproxy/templates/plex-ingress.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: plex +spec: + ports: + - name: app + port: 32400 + protocol: TCP + targetPort: 32400 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: plex +subsets: +- addresses: + - ip: 192.168.20.253 + ports: + - name: app + port: 32400 + protocol: TCP + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: plex-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +spec: + rules: + - host: plex.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: plex + port: + number: 32400 + tls: + - hosts: + - plex.durp.info + secretName: plex-tls diff --git a/internalproxy/templates/unraid-ingress.yaml b/internalproxy/templates/unraid-ingress.yaml new file mode 100644 index 0000000..a56b2e8 --- /dev/null +++ b/internalproxy/templates/unraid-ingress.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Service +metadata: + name: unraid +spec: + ports: + - name: app + port: 443 + protocol: TCP + targetPort: 443 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: unraid +subsets: +- addresses: + - ip: 192.168.20.253 + ports: + - name: app + port: 443 + protocol: TCP + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: unraid-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +spec: + rules: + - host: unraid.internal.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: unraid + port: + number: 443 + tls: + - hosts: + - unraid.internal.durp.info + secretName: unraid-tls diff --git a/keycloak/Chart.yaml b/keycloak/Chart.yaml new file mode 100644 index 0000000..504fdd9 --- /dev/null +++ b/keycloak/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: keycloak +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: keycloak + repository: https://charts.bitnami.com/bitnami + version: 10.1.4 diff --git a/keycloak/templates/keyclock.yaml b/keycloak/templates/keyclock.yaml new file mode 100644 index 0000000..009625f --- /dev/null +++ b/keycloak/templates/keyclock.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keycloak-credentials + namespace: keycloak +spec: + encryptedData: + admin-password: AgAahQvC7WJ0AQuDEC1trSxEi2C8AeJwhz1nzH+44V6rt3lxiCjWzDJcIFsnXhQJDk+Cpn9vuyZarIgwUhegpJlkdILURnWa6Zc6XvbDCCBoQ2aqQWvMbG56DZdzK352G+taPny8/wAdXFAsDx3vSG0wfrmIU7Fo1IJKdvdKI204L+zJ8Msvkodoj9gt8Iq1ZkIGYk2jaN5eGuRr2g9qkCMPdInR/Vj9nrlUmS1w9MJv5Jr3djSkTaENucTpaqtl0dtJv7Br7mWZ6QTWKsuVa/UwaIm//wcw+RQh3QHqrau7KOeZdEy3xVJf8w5XkSQam/qcFL5MP1WYzLiuaGvQlsQlaI5ud9bFW/rFerGaOvWxs4elrFQjkxwqegyFPg41s8tTwA0/D46bhetRm+TzhXa/nAgsj9CI53SQhNFRsmNH3gQghsL2C8PS67b+Rk4kJ3XxPFegMRLZqNe55u5dN5eTsNyq0yDLaqf3extTogwtLMB4G68TwFxCVuMecoeRvFitl3WJyDtPGr2fWGhoOr3QzZn8hlw3e5+Kx3w1KATMd1WGonp2w+IIOe8nLMXQDHGAJaCG5u8BNjHhdIRS+0mDHp40jNSdaFlM9OrEpsnfUU25+H3cEn5f2Bd9OYzWWFrOr60CBvG3qIBnMytHOKtXC8vqrhSdtSScgqIqbcYGHFzts/fujc3IUvjeoGyrTGwB3o6DUTxD3+uMNsI= + password: AgBruTBtb5AXviMuqM4eimlN6SwwJaXf3XBKX/2K7oYG8XTMJNq7135imrPULdvgR7rA5RLKXPiE5bZV/kkJhANbJuf/H4g6R0c0eBVEzoM+dlLHN5ktFrwAGaNsAim/UH5CmPATap8QtVfdBmQwBO1fdmCbtXqYJq0yhHSs7XeE+M8b408Sn2tr95i0/8wLqii4/as0B3Ecqrx8g66P0pPcMEsp3CuJTppchIQu35Ty6rKTHrwhcs2OZpfUu0oevAaVQwPulNYQ4tG6y+z2CT1bsJ3W7OS4HnhRtONiG8URlcrFgkBfwYQbofl781DskcjWxIlpOmyFl3m5riWrNHmznhalptScr7Eg+vxPHCeK5XjMD5Rg5z6YYPpfXwmq1rReCv9IWMaMV+0LdaTiU0JTKT6mfJxuZEtwBmU6N4Z00EIGghYFZ/xZ2Ld9jqfOl53QCapv2lqWN26+ZAr8FB7I0qQ7qWp2iMbaoKNZ2YMopjDQm8PEH328GXOuE+pPZM5V6rEw53urJn3pOf1ZUAEzoKo1zOqzU54Scg1xARHQI17RdyiR8+jbzmztV38orpf4jT/srxdPKUZKTI099kt+qB3YAkPrxgESq//fcIme1q2Ox1H3vVQydFRWXrDCXDX8WA1tdwKHBZwBhQJ5DKAXRRSLLXxGqmPG36WZ7du+KfPTIYpq+Mh2Hut750ALZ5XnMnioxc3OTLGzjiY= + postgres-password: AgARK2JKzY8lXbAxBxZYkpjoKPY9wMFgVrVtaZpS5gs0p9M+pRdEhSPVfQxJ/MzrkadBWxaCd3ShracqQLy+WvnCXc3hI65TKKgTp6uwkGppWnKg2AA3JICwMDOdax/U2qbsKXjdbC0XEsRlJBCBaIZ3Tr5cbCx7eZYgg5RsBXGP3rz6joeV30CU6qH2Q466WsdHl7PECyroTwc9uQ1eTB96b5Tw+VS/uJjQv4EP0Yte9ljfxbpQofuf2DmiJCAcDsulJLhebwGVDjAX+sF01NBEJT3Oau3P9MwHDwuoOXZguK/RRE+vrkU/EfnsTaOJhGxgKGGV5DmM5HRkV74ezxbyh44UgkKkhw6SvjX8W8V08eZmBvJXGpsldsIM8QlV9nO+xJWMK9G62HCjL0TZb/QwbaQWXq/7u4Rl0QWtJA7FNdlJwkJhzQXhgMUYXjcC1R22iuq5qYLs/93Q2MMKpOcsyyMo2p/P2mTJSncPPZQjuwSr2WXnGAbMLfYSQ3aiCGJfbB0rRQeMVDv5rvtWlRb6jggycZcfVH2Zxe1ggjRoWT+mUMyIuC4L8MPe6JcZJljbN57499QRZfZM+EfqVT2lkvGokQNyHPF5cpbezbZAFkQCIBwF6C3laPAkwb2Kgk44yf+umznl6hNm8B8JLmkYmLQVZOlyZ++tscPrmD4CQxKJmlawZ8DVODfz8rVrwsd9CLfBd/Fn6iSnJo0= + template: + data: null + metadata: + creationTimestamp: null + name: keycloak-credentials + namespace: keycloak \ No newline at end of file diff --git a/keycloak/values.yaml b/keycloak/values.yaml new file mode 100644 index 0000000..fb2cda8 --- /dev/null +++ b/keycloak/values.yaml @@ -0,0 +1,114 @@ +keycloak: + + global: + storageClass: longhorn + + image: + registry: docker.io + repository: bitnami/keycloak + digest: "" + pullPolicy: Always + pullSecrets: [] + debug: false + auth: + adminUser: user + existingSecret: "keycloak-credentials" + existingSecretPerPassword: {} + + replicaCount: 1 + + containerPorts: + http: 8080 + https: 8443 + + podSecurityContext: + enabled: true + fsGroup: 1001 + + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + + resources: + limits: {} + requests: {} + + livenessProbe: + enabled: true + initialDelaySeconds: 300 + periodSeconds: 1 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + startupProbe: + enabled: false + + updateStrategy: + type: RollingUpdate + rollingUpdate: {} + + service: + type: ClusterIP + http: + enabled: true + ports: + http: 80 + https: 443 + + ingress: + enabled: true + ingressClassName: "" + pathType: ImplementationSpecific + hostname: keycloak.durp.info + servicePort: http + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx + tls: + - secretName: keycloak-tls + hosts: + - keycloak.durp.info + selfSigned: false + secrets: [] + extraRules: [] + + + serviceAccount: + create: true + name: "" + automountServiceAccountToken: true + annotations: {} + + postgresql: + enabled: true + auth: + username: bn_keycloak + database: bitnami_keycloak + existingSecret: "keycloak-credentials" + architecture: standalone + + externalDatabase: + host: "" + port: 5432 + user: bn_keycloak + database: bitnami_keycloak + password: "password122" + existingSecret: "" + existingSecretPasswordKey: "" + + cache: + enabled: false + + logging: + output: default + diff --git a/kong/Chart.yaml b/kong/Chart.yaml new file mode 100644 index 0000000..24cedf1 --- /dev/null +++ b/kong/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: kong +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "0.1.0" diff --git a/kong/templates/configmap.yaml b/kong/templates/configmap.yaml new file mode 100644 index 0000000..2bfcb81 --- /dev/null +++ b/kong/templates/configmap.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +data: + config.yaml: "_format_version: \"2.1\"\n\nservices:\n - name: random-cats\n url: + https://aws.random.cat/meow\n routes:\n - name: random-cats-route\n paths:\n + \ - /random-cats\n\n - name: urban-dictionary\n url: https://api.urbandictionary.com\n + \ routes:\n - name: urban-dictionary\n paths:\n - /urban-dictionary\n\n + \ - name: cat-facts\n url: https://catfact.ninja/\n routes:\n - name: + cat-facts\n paths:\n - /cat-facts\n\n - name: random-meme\n url: + https://meme-api.herokuapp.com/gimme\n routes:\n - name: random-meme-route\n + \ paths:\n - /random-meme \n\n - name: yomama\n url: https://api.yomomma.info/\n + \ routes:\n - name: yomama-route\n paths:\n - /yomama \n\n + \ - name: dadjoke\n url: https://icanhazdadjoke.com/\n routes:\n - + name: dadjoke\n paths:\n - /dadjoke \n\n - name: random-dogs\n + \ url: https://dog.ceo/api/breeds/image/random\n routes:\n - name: random-dogs\n + \ paths:\n - /random-dogs \n\n - name: geekjoke\n url: https://geek-jokes.sameerkumar.website/api?format=json\n + \ routes:\n - name: geekjoke\n paths:\n - /geekjoke \n + \ \n - name: ronswanson\n url: https://ron-swanson-quotes.herokuapp.com/v2/quotes\n + \ routes:\n - name: ronswanson\n paths:\n - /ronswanson + \ \n\n - name: foaas\n url: http://foaas.com/\n routes:\n - name: + foaas\n paths:\n - /foaas \n\n - name: dnmss\n url: http://192.168.1.120:30985\n + \ routes:\n - name: dotnet-microservices-services\n paths:\n - + /dnmss \n\n\n\n \n" +kind: ConfigMap +metadata: + creationTimestamp: "2022-04-15T02:44:07Z" + name: kongconfig + namespace: kong diff --git a/kong/templates/deployment.yaml b/kong/templates/deployment.yaml new file mode 100644 index 0000000..e99a565 --- /dev/null +++ b/kong/templates/deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: kong + name: kong + labels: + app: kong +spec: + selector: + matchLabels: + app: kong + #replicas: 1 + template: + metadata: + labels: + app: kong + spec: + containers: + - name: kong + image: kong + imagePullPolicy: Always + resources: + limits: + cpu: 1000m + requests: + cpu: 100m + env: + - name: KONG_DATABASE + value: 'off' + - name: KONG_NGINX_WORKER_PROCESSES + value: "1" + - name: KONG_LOG_LEVEL + value: notice + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: '127.0.0.1:8001' + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000,0.0.0.0:8443 ssl + - name: KONG_DECLARATIVE_CONFIG + value: /kong/config.yaml + volumeMounts: + - name: kongconfig + mountPath: /kong + ports: + - name: data-http + containerPort: 8000 + ports: + - name: data-https + containerPort: 8443 + volumes: + - name: kongconfig + configMap: + name: kongconfig diff --git a/kong/templates/ingress.yaml b/kong/templates/ingress.yaml new file mode 100644 index 0000000..b3c95d8 --- /dev/null +++ b/kong/templates/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kong-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + external-dns.alpha.kubernetes.io/hostname: kong.durp.info +spec: + rules: + - host: kong.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kong + port: + number: 80 + tls: + - hosts: + - kong.durp.info + secretName: kong-durp-tls diff --git a/kong/templates/namespace.yaml b/kong/templates/namespace.yaml new file mode 100644 index 0000000..787562b --- /dev/null +++ b/kong/templates/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kong \ No newline at end of file diff --git a/kong/templates/service.yaml b/kong/templates/service.yaml new file mode 100644 index 0000000..3effc6f --- /dev/null +++ b/kong/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: kong +spec: + ports: + - name: kong-proxy-http + port: 80 + targetPort: 8000 + protocol: TCP + - name: kong-proxy-https + port: 443 + targetPort: 8443 + protocol: TCP + selector: + app: kong \ No newline at end of file diff --git a/kube-prometheus-stack/Chart.yaml b/kube-prometheus-stack/Chart.yaml new file mode 100644 index 0000000..367d094 --- /dev/null +++ b/kube-prometheus-stack/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: kube-prometheus-stack +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" + +dependencies: +- name: kube-prometheus-stack + repository: https://prometheus-community.github.io/helm-charts + version: 40.1.2 diff --git a/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml b/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml new file mode 100644 index 0000000..833b05f --- /dev/null +++ b/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: grafana-admin-credentials + namespace: kube-prometheus-stack +spec: + encryptedData: + admin-password: AgBJ8Qa8+CHmx8Su56BA/ikKb2nPFyyYkc2LBffuHKwHgeSNI6LfriTIS+UJgaq7fn2q0p/c4RO7jVtNC1q9hCgqNiyqHcHAtr1+j5ByviK1/v8FVjnT4vsdFuadOv9HdFI87sUx18r0n07u9BzH0G1MB6Tuc6M/OQjPGf2GOxW+muLiqO16BzsFu4eQyv3SlYSTH8EtlBhLVIZgF6n0J0da0KLJYwzhMulkMmq89oIg17TtNQTFU1zNgO+s2j2SxbCvS5NhlosMWQe1SdD+WCClsW7hwlqzKNZtYga6wIQjDYtGCGpLlr8X355se2kKzr4toyAnMnigx85dxMBGj9WizgBa28zuTWCR5RuNqFN9S1jvqL4PtXrgeUcic1WxRICYUD4IJ/uxvBTEdoXMlPnTo3qCgFMWVET+haCq27VdqFsa+zdcEBOHfXJffoX/fulit0C4tvyyGaTjRET43VRedICfadSHAOcmLDEe4QGd7Q2EYG4cY9AYPZeA42jCXVN4vOql2Dr2KoJgNmeKdHxiLegUhTeLZQ34YkOZaYvdM7dHesrjV8Eh0cZ72dqXm+uZbfeGlhFcA0lvY96F9R6BlLnuwzyb5HAvAgALymjP4UbDcx6Ux5EAvdZl+vMA6JW9WzwhNMK84WHuKRpFeqIpHL7EJWagcvSCcynRu81B3oWkn3KypAPXJ4jCHg2t5QJ9HurA+piKjJCGfAU= + admin-user: AgBq9gHXDVp2f949tDjHC9pBG1YC/YcQcY23HHIKxf7UZRvlwoQwI1Qfc+J1hM8At2UURd8/rsKlp/itaFFpMqxfbNQAtZMzzAUHwpoyhDlOxTUmsX4XSFEZgWbH8tAxy3LeKEnOedx+12hqrPzUgLTMns4GVyEySqQyA6rTAfiohRyqt4MzTdUUs16+L2L3+clDDi5/srt0kfLF9yHSUrMwfGS7KyDBkYk7ppj7TEHHoedxaPI7917L+a15qq4RMLMiBd5cLwGOnncFFT5UiTphc7l9IDa9W6jbTpEt2YS0y/h7RHRU3XDZKaUma1mIloYjHqk96Fr1+2AoDEwlj4gnPX04oeYohnakETMM9yX7wwlBweijMOXdMmT375/k9SkwPFNLmwfXIRAyaBpHIYEsAx1LPFyE2HkUpnawTY3aQ3AYkqDsd/CYWLxbhBymYciPVbjshdUYiluwVn8Prqv8CCC5tjFznKHqZztz65etyhWpkqZDiHkgEmeJySeamvh+LtlkQa0vAxZxO86N3+UDiDCHIhVbjP4kvIxPx3R5jpBkjbwdSdDsHHgyqQons2zCXcXxuq+ie7+iUrXQmbNplK9m8h0SSomYr1Zr0C1FGn1f64iHoVCk+3v9Be5sHDDTUTEiBSa4W01ZDw9oaIfDdPW8KhEm27e/L9DIIEt+jlRSciLGWSvIRU78ZLX4Gl5WkpRgH15u5VL9j+ML + template: + data: null + metadata: + creationTimestamp: null + name: grafana-admin-credentials + namespace: kube-prometheus-stack + diff --git a/kube-prometheus-stack/values.yaml b/kube-prometheus-stack/values.yaml new file mode 100644 index 0000000..2c01b50 --- /dev/null +++ b/kube-prometheus-stack/values.yaml @@ -0,0 +1,208 @@ +kube-prometheus-stack: + fullnameOverride: prometheus + + defaultRules: + create: true + rules: + alertmanager: true + etcd: true + configReloaders: true + general: true + k8s: true + kubeApiserverAvailability: true + kubeApiserverBurnrate: true + kubeApiserverHistogram: true + kubeApiserverSlos: true + kubelet: true + kubeProxy: true + kubePrometheusGeneral: true + kubePrometheusNodeRecording: true + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeScheduler: true + kubeStateMetrics: true + network: true + node: true + nodeExporterAlerting: true + nodeExporterRecording: true + prometheus: true + prometheusOperator: true + + alertmanager: + fullnameOverride: alertmanager + enabled: true + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/auth-response-headers: Authorization + nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth + nginx.ingress.kubernetes.io/auth-signin: https://oauth.durp.info/oauth2/start?rd=https://$host$request_uri$is_args$args + hosts: + - alertmanager.durp.info + paths: + - / + tls: + - secretName: alertmanager-tls + hosts: + - alertmanager.durp.info + grafana: + enabled: true + fullnameOverride: grafana + forceDeployDatasources: false + forceDeployDashboards: false + defaultDashboardsEnabled: true + defaultDashboardsTimezone: utc + serviceMonitor: + enabled: true + admin: + existingSecret: grafana-admin-credentials + userKey: admin-user + passwordKey: admin-password + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx + hosts: + - grafana.durp.info + paths: + - / + tls: + - secretName: grafana-tls + hosts: + - grafana.durp.info + + kubeApiServer: + enabled: true + + kubelet: + enabled: true + serviceMonitor: + metricRelabelings: + - action: replace + sourceLabels: + - node + targetLabel: instance + + kubeControllerManager: + enabled: true + endpoints: # ips of servers + - 192.168.20.121 + - 192.168.20.122 + - 192.168.20.123 + + coreDns: + enabled: false + + kubeDns: + enabled: false + + kubeEtcd: + enabled: true + endpoints: # ips of servers + - 192.168.20.121 + - 192.168.20.122 + - 192.168.20.123 + service: + enabled: true + port: 2381 + targetPort: 2381 + + kubeScheduler: + enabled: true + endpoints: # ips of servers + - 192.168.20.121 + - 192.168.20.122 + - 192.168.20.123 + + kubeProxy: + enabled: true + endpoints: # ips of servers + - 192.168.20.121 + - 192.168.20.122 + - 192.168.20.123 + + kubeStateMetrics: + enabled: true + + kube-state-metrics: + fullnameOverride: kube-state-metrics + selfMonitor: + enabled: true + prometheus: + monitor: + enabled: true + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: kubernetes_node + + nodeExporter: + enabled: true + serviceMonitor: + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: kubernetes_node + + prometheus-node-exporter: + fullnameOverride: node-exporter + podLabels: + jobLabel: node-exporter + extraArgs: + - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + service: + portName: http-metrics + prometheus: + monitor: + enabled: true + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: + - __meta_kubernetes_pod_node_name + targetLabel: kubernetes_node + resources: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 2048Mi + + prometheusOperator: + enabled: true + prometheusConfigReloader: + resources: + requests: + cpu: 200m + memory: 50Mi + limits: + memory: 100Mi + + prometheus: + enabled: true + prometheusSpec: + replicas: 1 + replicaExternalLabelName: "replica" + ruleSelectorNilUsesHelmValues: false + serviceMonitorSelectorNilUsesHelmValues: false + podMonitorSelectorNilUsesHelmValues: false + probeSelectorNilUsesHelmValues: false + retention: 6h + enableAdminAPI: true + walCompression: true + + thanosRuler: + enabled: false diff --git a/littlelink/Chart.yaml b/littlelink/Chart.yaml new file mode 100644 index 0000000..e69de29 diff --git a/littlelink/templates/deployment.yaml b/littlelink/templates/deployment.yaml new file mode 100644 index 0000000..def4353 --- /dev/null +++ b/littlelink/templates/deployment.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: littlelink + name: littlelink + labels: + app: littlelink +spec: + selector: + matchLabels: + app: littlelink + replicas: 1 + template: + metadata: + labels: + app: littlelink + spec: + containers: + - name: littlelink + image: ghcr.io/techno-tim/littlelink-server:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthcheck + port: 3000 + readinessProbe: + httpGet: + path: /healthcheck + port: 3000 + env: + - name: META_TITLE + value: DeveloperDurp + - name: META_DESCRIPTION + value: The Durpy Developer + - name: META_AUTHOR + value: DeveloperDurp + - name: LANG + value: en + - name: META_INDEX_STATUS + value: all + - name: OG_TITLE + value: DeveloperDurp + - name: OG_DESCRIPTION + value: DeveloperDurp + - name: OG_URL + value: https://gitlab.com/developerdurp + - name: OG_IMAGE + value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png + - name : OG_IMAGE_WIDTH + value: "400" + - name : OG_IMAGE_HEIGHT + value: "400" + - name : THEME + value: Dark + - name : FAVICON_URL + value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png + - name : AVATAR_URL + value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png + - name : AVATAR_2X_URL + value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png + - name : AVATAR_ALT + value: DeveloperDurp Profile Pic + - name : NAME + value: DeveloperDurp + - name : BIO + value: Sup Nerd, + - name : BUTTON_ORDER + value: GITHUB,GITLAB,REDDIT,WEBSITE,EMAIL + - name : GITHUB + value: https://github.com/DeveloperDurp + - name : GITLAB + value: https://gitlab.com/developerdurp + - name : REDDIT + value: https://www.reddit.com/user/DeveloperDurp + - name : EMAIL + value: DeveloperDurp@durp.info + - name : EMAIL_TEXT + value: DeveloperDurp@durp.info + - name : FOOTER + value: DeveloperDurp © 2022 + - name: CUSTOM_BUTTON_TEXT + value: Website + - name: CUSTOM_BUTTON_URL + value: https://developerdurp.durp.info/ + - name: CUSTOM_BUTTON_COLOR + value: '#000000' + - name: CUSTOM_BUTTON_TEXT_COLOR + value: '#ffffff' + - name: CUSTOM_BUTTON_ALT_TEXT + value: Tech documentation site for my videos and more + - name: CUSTOM_BUTTON_NAME + value: WEBSITE + - name: CUSTOM_BUTTON_ICON + value: fas file-alt + ports: + - name: http + containerPort: 3000 diff --git a/littlelink/templates/ingress.yaml b/littlelink/templates/ingress.yaml new file mode 100644 index 0000000..a5ab101 --- /dev/null +++ b/littlelink/templates/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: littlelink-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production +spec: + rules: + - host: links.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: littlelink + port: + number: 80 + tls: + - hosts: + - links.durp.info + secretName: links-durp-tls diff --git a/littlelink/templates/service.yaml b/littlelink/templates/service.yaml new file mode 100644 index 0000000..445d527 --- /dev/null +++ b/littlelink/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: littlelink +spec: + ports: + - name: http + port: 80 + targetPort: 3000 + protocol: TCP + selector: + app: littlelink \ No newline at end of file diff --git a/longhorn-system/Chart.yaml b/longhorn-system/Chart.yaml new file mode 100644 index 0000000..0d76656 --- /dev/null +++ b/longhorn-system/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: longhorn-system +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" diff --git a/longhorn-system/templates/deployment.yaml b/longhorn-system/templates/deployment.yaml new file mode 100644 index 0000000..76e4fe2 --- /dev/null +++ b/longhorn-system/templates/deployment.yaml @@ -0,0 +1,1264 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: longhorn-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: longhorn-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the engine + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the engine is on + jsonPath: .spec.nodeID + - name: InstanceManager + type: string + description: The instance manager of the engine + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the engine + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the replica + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the replica is on + jsonPath: .spec.nodeID + - name: Disk + type: string + description: The disk that the replica is on + jsonPath: .spec.diskID + - name: InstanceManager + type: string + description: The instance manager of the replica + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the replica + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Value + type: string + description: The value of the setting + jsonPath: .value + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the volume + jsonPath: .status.state + - name: Robustness + type: string + description: The robustness of the volume + jsonPath: .status.robustness + - name: Scheduled + type: string + description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + - name: Size + type: string + description: The size of the volume + jsonPath: .spec.size + - name: Node + type: string + description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: State of the engine image + jsonPath: .status.state + - name: Image + type: string + description: The Longhorn engine image + jsonPath: .spec.image + - name: RefCount + type: integer + description: Number of volumes are using the engine image + jsonPath: .status.refCount + - name: BuildDate + type: date + description: The build date of the engine image + jsonPath: .status.buildDate + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + - name: AllowScheduling + type: boolean + description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + - name: Schedulable + type: string + description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the instance manager + jsonPath: .status.currentState + - name: Type + type: string + description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + - name: Node + type: string + description: The node that the instance manager is running on + jsonPath: .spec.nodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: ShareManager + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the share manager + jsonPath: .status.state + - name: Node + type: string + description: The node that the share manager is owned by + jsonPath: .status.ownerID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: BackingImage + name: backingimages.longhorn.io +spec: + group: longhorn.io + names: + kind: BackingImage + listKind: BackingImageList + plural: backingimages + shortNames: + - lhbi + singular: backingimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Image + type: string + description: The backing image name + jsonPath: .spec.image + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: BackingImageManager + name: backingimagemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: BackingImageManager + listKind: BackingImageManagerList + plural: backingimagemanagers + shortNames: + - lhbim + singular: backingimagemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the manager + jsonPath: .status.currentState + - name: Image + type: string + description: The image the manager pod will use + jsonPath: .spec.image + - name: Node + type: string + description: The node the manager is on + jsonPath: .spec.nodeID + - name: DiskUUID + type: string + description: The disk the manager is responsible for + jsonPath: .spec.diskUUID + - name: DiskPath + type: string + description: The disk path the manager is using + jsonPath: .spec.diskPath + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: BackingImageDataSource + name: backingimagedatasources.longhorn.io +spec: + group: longhorn.io + names: + kind: BackingImageDataSource + listKind: BackingImageDataSourceList + plural: backingimagedatasources + shortNames: + - lhbids + singular: backingimagedatasource + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the pod used to provisione the backing image file from source + jsonPath: .status.currentState + - name: SourceType + type: string + description: The data source type + jsonPath: .spec.sourceType + - name: Node + type: string + description: The node the backing image file will be prepared on + jsonPath: .spec.nodeID + - name: DiskUUID + type: string + description: The disk the backing image file will be prepared on + jsonPath: .spec.diskUUID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: BackupTarget + name: backuptargets.longhorn.io +spec: + group: longhorn.io + names: + kind: BackupTarget + listKind: BackupTargetList + plural: backuptargets + shortNames: + - lhbt + singular: backuptarget + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + description: The backup target URL + jsonPath: .spec.backupTargetURL + - name: Credential + type: string + description: The backup target credential secret + jsonPath: .spec.credentialSecret + - name: Interval + type: string + description: The backup target poll interval + jsonPath: .spec.pollInterval + - name: Available + type: boolean + description: Indicate whether the backup target is available or not + jsonPath: .status.available + - name: LastSyncedAt + type: string + description: The backup target last synced time + jsonPath: .status.lastSyncedAt +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: BackupVolume + name: backupvolumes.longhorn.io +spec: + group: longhorn.io + names: + kind: BackupVolume + listKind: BackupVolumeList + plural: backupvolumes + shortNames: + - lhbv + singular: backupvolume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: CreatedAt + type: string + description: The backup volume creation time + jsonPath: .status.createdAt + - name: LastBackupName + type: string + description: The backup volume last backup name + jsonPath: .status.lastBackupName + - name: LastBackupAt + type: string + description: The backup volume last backup time + jsonPath: .status.lastBackupAt + - name: LastSyncedAt + type: string + description: The backup volume last synced time + jsonPath: .status.lastSyncedAt +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: Backup + name: backups.longhorn.io +spec: + group: longhorn.io + names: + kind: Backup + listKind: BackupList + plural: backups + shortNames: + - lhb + singular: backup + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: SnapshotName + type: string + description: The snapshot name + jsonPath: .status.snapshotName + - name: SnapshotSize + type: string + description: The snapshot size + jsonPath: .status.size + - name: SnapshotCreatedAt + type: string + description: The snapshot creation time + jsonPath: .status.snapshotCreatedAt + - name: State + type: string + description: The backup state + jsonPath: .status.state + - name: LastSyncedAt + type: string + description: The backup last synced time + jsonPath: .status.lastSyncedAt +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + longhorn-manager: RecurringJob + name: recurringjobs.longhorn.io +spec: + group: longhorn.io + names: + kind: RecurringJob + listKind: RecurringJobList + plural: recurringjobs + shortNames: + - lhrj + singular: recurringjob + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + metadata: + type: object + properties: + name: + type: string + spec: + type: object + properties: + groups: + type: array + items: + type: string + task: + type: string + pattern: "^snapshot|backup$" + cron: + type: string + retain: + type: integer + concurrency: + type: integer + labels: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Groups + type: string + description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume. + jsonPath: .spec.groups + - name: Task + type: string + description: Should be one of "backup" or "snapshot". + jsonPath: .spec.task + - name: Cron + type: string + description: The cron expression represents recurring job scheduling. + jsonPath: .spec.cron + - name: Retain + type: integer + description: The number of snapshots/backups to keep for the volume. + jsonPath: .spec.retain + - name: Concurrency + type: integer + description: The concurrent job to run by each cron job. + jsonPath: .spec.concurrency + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Labels + type: string + description: Specify the labels + jsonPath: .spec.labels +--- +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: longhorn-system +data: + default-setting.yaml: |- + backup-target: S3://longhorn@us-east-1/ + backup-target-credential-secret: longhorn-backup-token-secret + allow-recurring-job-while-volume-detached: + create-default-disk-labeled-nodes: + default-data-path: + replica-soft-anti-affinity: + replica-auto-balance: + storage-over-provisioning-percentage: + storage-minimal-available-percentage: + upgrade-checker: + default-replica-count: + default-data-locality: + default-longhorn-static-storage-class: + backupstore-poll-interval: + taint-toleration: + system-managed-components-node-selector: + priority-class: + auto-salvage: + auto-delete-pod-when-volume-detached-unexpectedly: + disable-scheduling-on-cordoned-node: + replica-zone-soft-anti-affinity: + node-down-pod-deletion-policy: + allow-node-drain-with-last-healthy-replica: + mkfs-ext4-parameters: + disable-replica-rebuild: + replica-replenishment-wait-interval: + concurrent-replica-rebuild-per-node-limit: + disable-revision-counter: + system-managed-pods-image-pull-policy: + allow-volume-creation-with-degraded-availability: + auto-cleanup-system-generated-snapshot: + concurrent-automatic-engine-upgrade-per-node-limit: + backing-image-cleanup-wait-interval: + backing-image-recovery-wait-interval: + guaranteed-engine-manager-cpu: + guaranteed-replica-manager-cpu: +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + namespace: longhorn-system +rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + namespace: longhorn-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: + - kind: ServiceAccount + name: longhorn-service-account + namespace: longhorn-system + - kind: ServiceAccount + name: default + namespace: longhorn-system +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: longhorn-system +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: Retain + volumeBindingMode: Immediate + parameters: + fsType: "ext4" + numberOfReplicas: "1" + staleReplicaTimeout: "2880" + fromBackup: "" + recurringJobs: '[ + { + "name":"backup", + "task":"backup", + "cron":"0 */6 * * *", + "retain":24 + } + ]' + + # backingImage: "bi-test" + # backingImageDataSourceType: "download" + # backingImageDataSourceParameters: '{"url": "https://backing-image-example.s3-region.amazonaws.com/test-backing-image"}' + # backingImageChecksum: "SHA512 checksum of the backing image" + # diskSelector: "ssd,fast" + # nodeSelector: "storage,fast" + # recurringJobSelector: '[{"name":"snap-group", "isGroup":true}, + # {"name":"backup", "isGroup":false}]' +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: longhorn-manager + name: longhorn-manager + namespace: longhorn-system +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: + app: longhorn-manager + spec: + containers: + - name: longhorn-manager + image: longhornio/longhorn-manager:v1.2.4 + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - longhornio/longhorn-engine:v1.2.4 + - --instance-manager-image + - longhornio/longhorn-instance-manager:v1_20220303 + - --share-manager-image + - longhornio/longhorn-share-manager:v1_20211020 + - --backing-image-manager-image + - longhornio/backing-image-manager:v2_20210820 + - --manager-image + - longhornio/longhorn-manager:v1.2.4 + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # Should be: mount path of the volume longhorn-default-setting + the key of the configmap data in 04-default-setting.yaml + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting +# imagePullSecrets: +# - name: "" +# priorityClassName: +# tolerations: +# - key: "key" +# operator: "Equal" +# value: "value" +# effect: "NoSchedule" +# nodeSelector: +# label-key1: "label-value1" +# label-key2: "label-value2" + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: longhorn-manager + name: longhorn-backend + namespace: longhorn-system +spec: + type: ClusterIP + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager +--- +apiVersion: v1 +kind: Service +metadata: + name: longhorn-engine-manager + namespace: longhorn-system +spec: + clusterIP: None + selector: + longhorn.io/component: instance-manager + longhorn.io/instance-manager-type: engine +--- +apiVersion: v1 +kind: Service +metadata: + name: longhorn-replica-manager + namespace: longhorn-system +spec: + clusterIP: None + selector: + longhorn.io/component: instance-manager + longhorn.io/instance-manager-type: replica +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: longhorn-ui + name: longhorn-ui + namespace: longhorn-system +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: longhornio/longhorn-ui:v1.2.4 + imagePullPolicy: IfNotPresent + volumeMounts: + - name : nginx-cache + mountPath: /var/cache/nginx/ + - name : nginx-config + mountPath: /var/config/nginx/ + - name: var-run + mountPath: /var/run/ + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + volumes: + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-config + - emptyDir: {} + name: var-run +# imagePullSecrets: +# - name: "" +# priorityClassName: +# tolerations: +# - key: "key" +# operator: "Equal" +# value: "value" +# effect: "NoSchedule" +# nodeSelector: +# label-key1: "label-value1" +# label-key2: "label-value2" +--- +kind: Service +apiVersion: v1 +metadata: + labels: + app: longhorn-ui + name: longhorn-frontend + namespace: longhorn-system +spec: + type: ClusterIP + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + nodePort: null +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: longhorn-system +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: longhornio/longhorn-manager:v1.2.4 + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: longhornio/longhorn-manager:v1.2.4 + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - longhornio/longhorn-manager:v1.2.4 + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + # Manually set root directory for csi + #- name: KUBELET_ROOT_DIR + # value: /var/lib/rancher/k3s/agent/kubelet + # For AirGap Installation + # Replace PREFIX with your private registry + #- name: CSI_ATTACHER_IMAGE + # value: PREFIX/csi-attacher:v3.2.1 + #- name: CSI_PROVISIONER_IMAGE + # value: PREFIX/csi-provisioner:v2.1.2 + #- name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + # value: PREFIX/csi-node-driver-registrar:v2.3.0 + #- name: CSI_RESIZER_IMAGE + # value: PREFIX/csi-resizer:v1.2.0 + #- name: CSI_SNAPSHOTTER_IMAGE + # value: PREFIX/csi-snapshotter:v3.0.3 + # Manually specify number of CSI attacher replicas + #- name: CSI_ATTACHER_REPLICA_COUNT + # value: "3" + # Manually specify number of CSI provisioner replicas + #- name: CSI_PROVISIONER_REPLICA_COUNT + # value: "3" + #- name: CSI_RESIZER_REPLICA_COUNT + # value: "3" + #- name: CSI_SNAPSHOTTER_REPLICA_COUNT + # value: "3" +# imagePullSecrets: +# - name: "" +# priorityClassName: +# tolerations: +# - key: "key" +# operator: "Equal" +# value: "value" +# effect: "NoSchedule" +# nodeSelector: +# label-key1: "label-value1" +# label-key2: "label-value2" + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 +--- diff --git a/longhorn-system/templates/ingress.yaml b/longhorn-system/templates/ingress.yaml new file mode 100644 index 0000000..754c85f --- /dev/null +++ b/longhorn-system/templates/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-ingress + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + #nginx.ingress.kubernetes.io/auth-response-headers: Authorization + #nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth + #nginx.ingress.kubernetes.io/auth-signin: https://oauth.durp.info/oauth2/start?rd=https://$host$request_uri$is_args$args + #nginx.ingress.kubernetes.io/auth-signin: "https://oauth.durp.info/oauth2/start?rd=https://longhorn.internal.durp.info" + nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" +spec: + rules: + - host: longhorn.internal.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: longhorn-frontend + port: + number: 80 + tls: + - hosts: + - longhorn.internal.durp.info + secretName: longhorn-tls + diff --git a/longhorn-system/templates/longhorn-minio-sealed.yaml b/longhorn-system/templates/longhorn-minio-sealed.yaml new file mode 100644 index 0000000..b5b9b2c --- /dev/null +++ b/longhorn-system/templates/longhorn-minio-sealed.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: longhorn-backup-token-secret + namespace: longhorn-system +spec: + encryptedData: + AWS_ACCESS_KEY_ID: AgBymd0rPV936HYhBzhVoS9+yyJUUnmvFR3Z8a69J5gYILnwwLYpTLNwrNt442S0/gqmsH6ndU2l3SoCxXGdv/yf4WUIA2v++IclJFhSGmvzxqv+UKM6KzLJ6ECaibVcBOhJxYbmwG+qkNjhTKn9CK2IJx5xN4p0WQL/aU8DZYnb3YB/bZscQlZVzJ+27QCeU0SDOIV3b7X56hz+075bo1awHnKc1uvnxe9uz+Lr5UipJhrSM/IHFfFhtl5SyPRyF6Tz0LGRrxd9uKPy1MAoEnYXO9MvoUJi1DEGtbZnp8QH1WCpu+Hl+gyKnkqJh+mmkdxcCqo36fTHbSA7acQ/rtzYYnJbLXg5vy3GxfN1MByVE5yg9CLiAu7CPl4hMwlR5WM/obEHiMEKl5ukzjTI4MN4eF/NZNwC/8kmGnoyNL2EQJHPFj1VpQk7CuKKNO/YDD2DGh0Hw1ysTiAXUV1u5sM6k5MzdmG16zddbK5jdZw09SfoprwMWxFDQrPFDRF1H0rbGurLf/1BxaRn34Klz+mAKDARtxZ5PyLn2WDbuoF79Odwt3dqHbXqXTGJvqb7A2wUe+2eDpcR0bv8ruwq8E4MfJLoDahgEH4NXYwvF/6OS0oUEpfQaHzA4C63y9Vs2w9kUopFwNRa/vRUlxXv8ZIHsIUVnWkQycrukE9fzO+5Dlp/uYT7yhltJjRgBWx8qzsXz9v3ebEnut1Smiv3LyaF + AWS_ENDPOINTS: AgCVb6ge099ScIfgWttv+Pj/s9UP5JNWQRValqTCYOVgenbIcNZC9YkYSItg2QQQpZaGcbp4URxHJJd6fLarZNjXrdWaqIRMzWiyhLmGWsMfyhmYNhzsq8vzZEjYX/9GhsJyZRP3fz8lm6YojBSUJ60hOc5jRCbqtS5EJjUkkH7zwRdt1iKueNkjc9EnkhS/bs/x4BcwNiAPYCfUoyOWFtyZXQnGUFZgGqcFbkam3K/NrbahnckHdGCZAdDH5h4DTv/EZzU9tsHFl4oxlzYNQzm3xjMe2JrftJBAAv3Nfqlo4PXA9q+FURhGhSTwSfRWDEWlLDRnEVWTGGeNT2SBQCdrcV3MzhC49mbD0X/jGMJlbtl5ol5N7bN5Ft3X5zVpATHT2d+3SkByt1nL/aTa2VKoGwUUnkaEs2BkPVD3ErzWlHiDkVROgRAdhCx8LNGJP57Li7lmvc1JeH0map4RpfW72CRiGTnCicIS9663VZErHbNKNhun3YbS+GykLFURUu6l47c5RX1qiF3TOYbFA+SocBUUoe6OzgIKSiU35F0wHH0S2CwOx9qfl2JAKyAdRcsDCEdh/0ZWmCU5Oloml9Igooirt41tbEMV/IqvHO8EGNX+Xgt7IcLJ56yzoAs8Ng1oTFERu4FjjNnpQr4ph2s/TZsutls9VgagJs/U0TcCyib+olWCCweW5YAH0VLOkYF6CCJO67+kI6Rw0yuF1yisgrYVCNbHx1wRFg== + AWS_SECRET_ACCESS_KEY: AgA4GmNtldp7PK35ra7HwavACWRZ03jr/3GLAiEB/Ff5Cmc0A3cjj+Mb4/+xUf11DS07AWlCs3aIcnyQ7DRtdQChIUK1ZYnDRPMBz/uH6BbIrWlqlDz5wRg5GZ5pUrK9hHxa9cj3MBaJIjl5WnPuFszFwz2y5LkeghiVIsy4zgFbvKyyE4HNR2lZFmzihH384JlYhm60zXu8+nTvIlRx/8AHxLvnXCld94odbSzd91+Vj5FN6I+05BiGqlAM4jzU9eUBKMckOKig22JXQIPIeMjYUh59J59OPK3UxC/+SFUWcr4hZBskM9KLF9OCb145C73yZBNFBkE4VgoKb+YcvgzdS6NrzzId+E22lubwEBHN8SYpWFihtZmjUzg/Dx0/w5IDkXROUK0zuxuj67OuzLFkgBR0F7+yqZXsf5ysYhW1z3ibeppfhzTTwiwN2JdWLc+fAt0UsHWv9GH7+ryGQ/Yq+w/3o6wWcBWCe5CU7bEu4rDQ8hdrwftTvBYrQziU4PaAk9AOMg0tMoGPWv06Kzf7wTPhVTAxdBuOMJNmkWDzs0RIMEf0V+MyVqZ36TlSg45RriX+Zv7TUnkrHiuhBFtkFj2muCP9SeaoPxFn4YGT2J4p3LNYY/2YGhaofQYFbmyb2IFSGViLe5jf0M4vM2i08CvKT1hH8cX6agEYK/TOU1DXkLPz6F2ir2W10v6AF2Eml94ZIFEB8jn5FKVHItnvYqEu+wB9wk0pCcQV4VDjQg== + template: + data: null + metadata: + creationTimestamp: null + name: longhorn-backup-token-secret + namespace: longhorn-system + diff --git a/longhorn-system/values.yaml b/longhorn-system/values.yaml new file mode 100644 index 0000000..e69de29 diff --git a/nextcloud/Chart.yaml b/nextcloud/Chart.yaml new file mode 100644 index 0000000..1fdd992 --- /dev/null +++ b/nextcloud/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: nextcloud +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" + +dependencies: +- name: nextcloud + repository: https://nextcloud.github.io/helm/ + version: 2.14.4 diff --git a/nextcloud/templates/nextcloud-collabora-sealedsecret.yaml b/nextcloud/templates/nextcloud-collabora-sealedsecret.yaml new file mode 100644 index 0000000..3a5453a --- /dev/null +++ b/nextcloud/templates/nextcloud-collabora-sealedsecret.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: nextcloud-collabora-secret + namespace: nextcloud +spec: + encryptedData: + password: AgBHS1Yl8mvZfZglullA/fi0ocDeWviz1XwGmxA+wn/b/9HZJLK/pv3UWg6nn0N6iofM7h3ycuny4lN6G8m+AYzUzV3pPwGLIHT4JL8idFBQ9iS4pTClLWo/Zsqsa2hsZ0vCS4g5Iq1oLixrSXl/s4CGTLyKmeCyAiQDCPLRCV30hlyud3K4zVmMCP+5DMjYx99CWDyscotM/EhmSA7s2w14gMdFQSppOO792rBf/fEe/DDDIYtF4KNSvEfo2lZ9CJwYTOmXRMsx1bRT8K6sVzTBgHNKRuzYq3a3yrH+CMLJVBvlidGBTUBx9nJpvLdR+Uff3xdE5IPqxFZ4E2DvMOJ2u4leHOfrZFoDbRmM8c++RlE9Ri292lzQ9d4vIF9X7VbnnPNH2TEkqCNF2wC1HrbAEGwwNwsgamsFo2gmgRh2b8XWdIl5L59kkUuQpvTbCDsB7yvjnfz3gI6WUTw83MulMIaI+2jZLqKgHI5xGGO3J6MdP78r7XE+Ozm5Szz8/1Gl5RjWKV/1T9DKOwyVGoUt7ik8S/fgtaLjFayW67JOMq/p22trosSP+vIQb+eC4KGjwE4NHUPpCw0QiqbDJmOe9RPnfvLptiSOsj+ZRApuGx8w4pNzENb0jzr3oJDnKLOkAObQBUXd1xP/0wN4+PBERVUMKik79ETcodhz7I32npoBLcble5+n/bFUUj6MYVRBCAJbvMgKDWGUuRw= + username: AgA05h6kIDyC+1a+KGuYN2o2Bmt0GZDa2xZkzfxkDg42pZodsFm0rOC1lTLa8wLCpiY1k2+/jF/FSdhQH+jHJYcz1xmNLczjRHbZu0n2g7ydVEiHmIN2hM9M9O6y2J2jx6Huoi+316cophdnvis5gq86rDPG9Kpv6bI5dPFDkftVH8olmR/NrPFaRazJ806rv+holemy5XtZ2rFFWlXfpZKDWXBWjopP6pyQpVykSxAqFHBijVBTJ59TLx1FsZ9v4aYXzYtAhuIr1fMrsx8MmoG22rVTIiPvswa+GP+nvGGtUzjIkYhKWhKARMQWXwLT59iQ6FBivNzFqd3EOjVFkrjASwXsT6jnJSGt2oRMSErKyHBbT9gd4y8BPlKDEucBXRtZ0VYBDHqCfKdbHZw6wy3hmSkpUQxEzU2Ei/L5xfhlL0nm2t5ayfJCmrmpMe7j1uI9q8dveOka/An7pNxbzb73sPWKWD+OkDewCT+x+ZP7ADMU7KzG/CmbFjX3NR9Cqx6xRVGAB9TKO6SVuxas67m3nRnp9jDGx5L2fcDZIgU+be00DyOVNzow0LX65GpowJwbecr5EqoiltFHYl1qTX/ZuqOabNApEuxdNQgIYLo8wK8FtJlAH4gO/nTIu4LPtKFECU25eOWGHF0Nfq0E/hEe4/e2AwvXcNp77NXtNntSWITerMV89CCYLthGmq+QYSZW7rxJJg== + template: + data: null + metadata: + creationTimestamp: null + name: nextcloud-collabora-secret + namespace: nextcloud + diff --git a/nextcloud/templates/nextcloud-secret.yaml b/nextcloud/templates/nextcloud-secret.yaml new file mode 100644 index 0000000..a34c1f3 --- /dev/null +++ b/nextcloud/templates/nextcloud-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: nextcloud-secret + namespace: nextcloud +spec: + encryptedData: + password: AgBOUNFK0b3zuVDrnEYheTVavvADPFT4AAdFgffm2u0rG0lKi2n3EGkMYah23DWcQjFEBVWc4G3PReDxZv2+yrdp+GNSGwhzB8rGFYaqiuUu0Uvs7oB1juJpl5+CfiFgRHp/dqvQDE9R6AqXl75r07kPB+naraE0eLKeTY5wX2hc4bJBkZ9/qraxeBwiOMm+FP3MiF6nDWDJXwMEk5H7RrwAnUnwy/VZEab5CmDlLOqNvNoAI0+Ne+LiIZ9s4uSuvqKV5hsPbu9sbSC5WSJBxLm3BgfFqZE5yPojOo3f9YGNm598G9dszEC+9rQvyug3oZqL3tspg4f88r1l8NZ4MYGMv5S+lWcrP3L0XuLR+NBd7GDKgD5F3RpJ3na0yB0mRAp4lvYbGbiTfYQ0j4OzRmNj3OMF4N1Qoy1MCb2cRG/tyAvTTB7WWfLcFLFcbyrJMPaXlEQk6FGQMkJKdF9p2s9QVmRvh+fl8+cLJC4n1xldWz39NMK6VTaNNwtfUGesmqpqZNtVL+6dk2yGIn5lIiPkhEhzp+ATObKHfqqVjX2jKeZIjJ2tSGA5OeBC55QdsC5AUb2xSPo/hG+dYETXuBm661cEvYqaSKVOI2ySRNUC+1qvp73UMt7Zefo8R8wX8pHN8CVqjNSIpCGogu3qsz2tNDXXfKA08ZKMTr4AVDycFUPMJiXuu55dPu1CFqFEtiHRQ+9Wqr1rdP0jmew= + username: AgBpgrxTAt1QacTvCHENfCpNu9lPTsKgBCjuwprk2Mw5vnN0s8CjwLSqDf8sWCbr36H1c1OMGgeM8YT40HuabusaPgc0voSKKo3cdfB7+r/SsBvhwWlZwUXECxgpbRb4YbAl4tJy7tPw70F3ii4eZgdS8ZyLNAM/yIlnb8yTJjQ6ck+hQgvTjRP0k/jEL9GqMA8SbEj7ezPWH8zPzlt0z8i4THxbhQuy1yppiNjj1ddquvLZ7nCofk2Av56C8MYEPnsAZtxH8zoZJwcmeamm4oF+cSPJrm+kEFputdDCW++mToMgK31XApnQ8tac/DYEGTl4a1zewJvodPq+m7XqWKHomqU4DSXyJk68bPhWNUiJQxWmhzFdo83y1HYOEZPyZkSKDw2ZeCZvPHbfi0iWhLoU/hyZ+VNfiiobbYHieVv99kHNhnGY8r3X3YMxr1BencIxqZZIBC/Y8A7tgmJonYm61EW3hyu2LLhNbv1dwLHCYmo4OZVqhHV/jH9895YzAnAeZ0hjl3yn+OnRzz10MZ7omwjPGqSSFZi/8obEl7LfnztdbZMf7S1MktR1nI/DxtO8yKwLFaUw6eqm9d+H1WDpETAuM5wcpHic+S2SaygFb8gfPLhX6IyN7YbUOCztKzX0KpmeCuO7WJDxnBDpvXOxFO6/8hmw3bNVpy7Cn87OQ7pSJSLAFWkCvTtOzuuia8cWzyPDEeiA9G4doyKH + template: + data: null + metadata: + creationTimestamp: null + name: nextcloud-secret + namespace: nextcloud + diff --git a/nextcloud/templates/sealedsecret.yaml b/nextcloud/templates/sealedsecret.yaml new file mode 100644 index 0000000..250397a --- /dev/null +++ b/nextcloud/templates/sealedsecret.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: nextcloud-db-secret + namespace: nextcloud +spec: + encryptedData: + MYSQL_PASSWORD: AgAVuNAp+rTG09UM80k/f1OpWk9dclyrMjOKoln3K8vCM6RXPhtBQyv+s78SpbgNnpNPcZk/l8nVop6BOh4n6rzftkuRDeDg6OgcVIxEFVe7U59XSNkF7p/IMTDQGTiZBVv5ChpaxLsEbTOIN09pOLs7ID/n8D9LliKeCLf0spO1XJt4RRsBHsKO2SyPaF1RU78fwHYWKsEsSVMWKcCkRRMFAYGBcXTtqDxpGmaPpaTRzg0kvvnMzPdDFwWB0Pn5MAO69tKj2vg8LAF1uqmFBusb6hLsFt5pkHexFViWcD2nz4NW68R0rMFiZ54ISJMLB2xsSNXV0bmBiAr+JI20Xs/XK6UzwEmUSt+Y6qYojTD+AuasgCMgDWwT5eCwYz6/cQc5FR286sF7K8eQqdtQKA6UltA2LDHjizlo0Mxkfw7MGGO7RuBMt6ryGAf+I9b8VZtRLEhfGI/KlGLS68KRKf5Cq23LrHcgQ1XrEk8LbA/oApcFbTJO/wt8kGn8PSX0xE083z8j/czXIlKHElK67xtu4G3dRP+04l41tMmKiotTKzrwI9zk1GeZq5GoPPXv4IwmQW00HKNLv+J4K7eJuoIUHumCkFuSmLU4cW7wokhP/gkk9Cg4uL53OcjGxV65Srv7o+NfSvhKG/kFFRQAW8xiL40mN+Uewv0QdaFMt6Ga1YCsNK+oHMAn8xR8IjWUDkE4BbGqura21GVUTtY= + MYSQL_ROOT_PASSWORD: AgBPkyMut8MyzO9yUuiAU033GYoSIfk3Rzsyh8akqLjy17eTOFMlG89Upaj9Vxiy8MzDd40UCSKMyd4/TissTuoeKj0stX7zHK8H6kE7dOQQ3tGuVj09hjdIaoupSyZjJvGNm5982+DK0W3nGYgB3uxi5+TnAQd6U+srJju8O52kx6QJPTYMOEhFp2ZfU3gMSSW6Nn4YE3X76yqPTg79C/tJJjimBZgLMak5daIAHnf/aT458RjHKUSwPMbG5lCkTaiJZ/QiKKgxY3sZ7PIfiEnG7B8RY6MB10PtqwAodOcU9l3pJe4zobgM5VJIZCi9Yr9vreAr0s3UqUzO5Lmht6due60G61HHfUyuUZqwOiR4G3pnpYrDP+baAVV5L+0NrhET1Md4mxM5UeWXfBBT8BCRG4dyutdjtsfQH3c0/m6rpQODTd+T5i929F2YsfNyzGIbDLqBlix0JKFT9Dj7GEQ5V5QNwiwbGrcok0rrQK+Pu+aOyEhkUs0Yz/A1jzikFLe0+VjIzNdXETXDlHmzkumgLyPQ39qRFeKAteHGentvZe5ACtemvggI97oEKsqoGgSmRv6bcPwoJmQiAoeDqiEKz4HYzVbZ9yAs9RVSV2o7ggMHL0zDlghm0L1oMkAoYJ8bUh+B1IE5+El/UZjr2Jmvf+bGZeoN3zVtqUsbOjvzWFcEWPGNUtSwvicrqVBTBSbGWup4jjZNJgHkxvs= + MYSQL_USER: AgAm+YFzVuzcBbGR/ZoK1J647a5XKMWA/LyrNy6l6C0tMRQaaOduwPmJb25E4KDiOJsoZZ8xBFbyVMEx/0l4bqnwYOJ8Qlq5teRT4Cb036Ptu50aa4EcCE3Zr5yMRNsQy9feod0aMQQEdx3PRjOZxpfVQRGiL6p5DIE9oNmbebB1rQbHx1d1B+PFE1PKYhDT/WSBrQhWW/DyXqc35vWf1+IKbokauFO0ffgpKu4rgO7bgSGbReY77P4tAld4jwKMU6JHbMVUWGg72oCmYuujT0cj13IU7xcT80C83+YIBz8J0u7PsX/zdtZ75cnMHP6ID61rYNAaQJtX5CJ7I9iS0ps8nBo7qeeLojErAjkusFxrmAUtFa+cOgCKlrbA/iVWz92sucRuRInqteHG7U6tqCTsWyNB0HO30OmQrj1OnNAxX0K8riYz7KRuB0+N2DRsKytHrzVozvLPRQgGdK55C5lkAqIkyPvPzf+wJc+C84rnlnQ+jFLbJM3h13EYTH62mEUB6qvdHHWcJfpvKr45rwkzKLY6QbZ1CToZTemGDZmRJIR9V+Md+K3V0hLmNJjmtNDnXHgIHxUtdzQ30teyZd/TyT/cLPhUs7hEmMXmJxbOb0SF5xP7IC2k0UP8y8y7NxdbBc3hqF5ClaxySyVEUoIeHxv6v/1h/BLpwnbx5ZU8S/RebneR76DAvQeo4sbU/9fqoJSMz2aF0Ck= + template: + data: null + metadata: + creationTimestamp: null + name: nextcloud-db-secret + namespace: nextcloud + diff --git a/nextcloud/values.yaml b/nextcloud/values.yaml new file mode 100644 index 0000000..c660e41 --- /dev/null +++ b/nextcloud/values.yaml @@ -0,0 +1,142 @@ +nextcloud: + + image: + repository: nextcloud + flavor: apache + pullPolicy: Always + + replicaCount: 1 + + ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 4G + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/server-snippet: |- + server_tokens off; + proxy_hide_header X-Powered-By; + rewrite ^/.well-known/webfinger /public.php?service=webfinger last; + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:autotest|occ|issue|indie|db_|console) { + deny all; + } + tls: + - secretName: nextcloud-tls + hosts: + - nextcloud.durp.info + labels: {} + path: / + pathType: Prefix + + + nextcloud: + host: nextcloud.durp.info + existingSecret: + enabled: true + secretName: nextcloud-secret + usernameKey: username + passwordKey: password + + phpConfigs: {} + + # For example, to use S3 as primary storage + # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3 + # + # configs: + # s3.config.php: |- + # array( + # 'class' => '\\OC\\Files\\ObjectStore\\S3', + # 'arguments' => array( + # 'bucket' => 'my-bucket', + # 'autocreate' => true, + # 'key' => 'xxx', + # 'secret' => 'xxx', + # 'region' => 'us-east-1', + # 'use_ssl' => true + # ) + # ) + # ); + + internalDatabase: + enabled: true + name: nextcloud + + externalDatabase: + enabled: false + type: mysql + host: + user: nextcloud + password: + database: nextcloud + existingSecret: + enabled: false + # secretName: nameofsecret + # usernameKey: username + # passwordKey: password + + redis: + enabled: false + auth: + enabled: true + password: 'changeme' + + service: + type: ClusterIP + port: 8080 + loadBalancerIP: nil + nodePort: nil + + persistence: + enabled: true + annotations: {} + storageClass: "longhorn" + accessMode: ReadWriteOnce + size: 50Gi + + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 diff --git a/oauth2-proxy/Chart.yaml b/oauth2-proxy/Chart.yaml new file mode 100644 index 0000000..5080460 --- /dev/null +++ b/oauth2-proxy/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: oauth2-proxy +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: oauth2-proxy + repository: https://oauth2-proxy.github.io/manifests + version: 6.2.1 + + + diff --git a/oauth2-proxy/templates/oauth-credentials.yaml b/oauth2-proxy/templates/oauth-credentials.yaml new file mode 100644 index 0000000..dbc2a7f --- /dev/null +++ b/oauth2-proxy/templates/oauth-credentials.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: oauth-credentials + namespace: oauth2-proxy +spec: + encryptedData: + client-id: AgAaSZY4qz9DPg4c0qbdoLbvGkT9PU8I/qd7AVXf/povNcNICvQYih+gWX9xjZlHc6V50dNjzSOtEKHNOCvX08EYd89uOeUNGvaig12JkqQNJUUZcozCCz1MeKm4P0NRWExn9GVnc/pnweMS7RDX0dwzax0m3HgyX+3XRVxK5uT8+et8mbXZhTvAmOuzcEb0UQZMgFZtM6APDuKYqVmS4VabnesxRfrbS0eUut+K1s9oSd9ZFQBGgEMHdBxFVsws7mxJ+u4WaDrSJTtS4PMtDqZ9g6gWTs+4ttns/v4rlO4wcyuRUb2UjRAACCGN8DPDtze7htTcDVSqwODREXOPtcfJtEOLGWTx+jbJHmWFEBbEWtkfPjrQcAvvGdwS/QSAz7JFMwsO19uCLEzZYXWAejfvXgiqAaQEIn0uF42L6pZ+gIhRXN/fQYlCsA1x+MAKjoZvcoNM3nGfjLog7j3Hb0V7jAbmyEwSxAbEaNQAM+3lVzha/SPZMDYrE9JL1SpXO1C+vg0U6OWrxhN6eXiAhhXkrbRIe33gb5YnDJvvXvTo4nl+r0sC+Oar9yWWM05mjy/Mk7bQBhUWnhjnKGIG516tMPl0wZV6DgiXhgRCRG4ufYfH2kwBKrM5fHP5RsL1FcfBwMdJ3I3mAvwHTfBuRweOsbUgXGKORRZ5NtKK8TPEPOgEB4sJEkRy72TPoP7GawUCOhrAxr6r + client-secret: AgCWW9mPWGxp83RVnSwg5nKELRWKQg3gDtVY+40qTn/oRvFxkHwqmPA5lZCVcuumRX4QQNaz41Gi0DlFXMFGN5z+CwTBo854y4MsdiXk5Thu/4khl0SR2+rOlYhyifhWwIcSWt+4US11gT/4kh3dPrS+4RO7RvVBZ8m4k1mgku7qrqVBMfvZAcJGSViX7N6xb/BtkPMj3AqT10WK5m9J47Q6YF6Aw8smc6EfJwzHuJfq6eFO8Mj8/dPW2E74M9ZhFuuL5XVT/7/1TCa/k3fsEvVAcpAnaALPiZrd9dNOnBKRSVQP8XQxQ5IFcNGQQOjXffQnhMonLQJJo+HEAKSwoznQk3yCmCMRgWRkuj5NM/g2UxXLueCEVBI5PcSSq1BpSPFWyv8REVVf20SOYKS46tJ6eWbs8rV0dcvjp+6BzaGVGlFBJGBNqhAjPHF1uuTYDxbJmT+qbKpEJj0yXDGBrWKXjYTbPJ81J6daSlxtC5PGO5DrYz1sT+WjQtC/NOIa8/07Bkf6pBqjBZRI+/tItH+VjQdbOhyAY/B7Mr7N/daf1kFWQkQlYbf7BJrr9VZppNnUh+YdBZutVYPmaoiAYL0FtAZW4bRRtiTGIPFa63XdidPchROiWJAY7xI5RhoFKVKkfqufqT3N68wsOBgXjekfPZeZWkY+Rnk2DixlXoWC+IA9JUoCL4W9ubXT3ZyJdKnjdjcV04hxviP3HI2LVpJpzBJYPvMDIAnbJIxdAIlWGQ== + cookie-secret: AgAdo/PA4h8bOiV/SjHWuSml8piPV1Zub/YOCy19hGrwpSeRujTHBONEWB6mtgATYzbUL463603ifbs9cvCCVNbblB0FrEes45hnZ0XYOZSu4jlwltbkLTxChTkIXlVnxTUTpgUgY6vfzQRlGjPFN/Lsa3Dw3uYJ5xwTfS5Z4hF3AQZ/kokdlOdkqQJVGHWVI48gFHlOvHvJvAe6xzjtKryVH3xOOMXNFtkb0uTmw0+++n1S181UTAkUBT6EUdrqNrf04/YVfp/lPUn2MH/420175I3xB0Ez5S8SYyEHg4JuejbsyaSYkRhz2xZlJz62OGi99wSwx9Ocujp4R3UfIbTWBohIPLqgMlb4i6uiTgnGMQzkx/M9P0R/vMkyzdR5RScFWVI8PUAM5d4HbSae4Q2nToXGu9Yu9tNrvw/UylqdCJmS4P5ICnoRr+Zx1CejCFwZR47oF9sfeBZf4DboG3DMXFQ6j4namcG5syrrRxXCza8XhvRcd9ssl2DLddFznF7deFOFnd6Nueh1Eadw6kHcAOc4YyCIgzDbDGjRh22Ege1L92TWAzSNWoAJrcK/AFPrSSiDK6FZ6RP1LQaya6phEjBSooUmcKIM+SICz3xR+nI1puJQES8V70lnRvvQR442TJ1tw9iwgqYhS6uuKAioiLkNeSXTAN/x2BWEt7SIlsb2dyWdKoutprHE9JYmQcLcgeOWaMzQA4PC7OdnG8XiCEOA+WO20zTVgukcPZI7yA4kdaBU8SxfaeP5+Q== + template: + data: null + metadata: + creationTimestamp: null + name: oauth-credentials + namespace: oauth2-proxy diff --git a/oauth2-proxy/values.yaml b/oauth2-proxy/values.yaml new file mode 100644 index 0000000..9f1098f --- /dev/null +++ b/oauth2-proxy/values.yaml @@ -0,0 +1,64 @@ +oauth2-proxy: + + config: + existingSecret: oauth-credentials + configFile: |- + email_domains = [ "*" ] + upstreams = [ "file:///dev/null" ] + set_xauthrequest=true + pass_host_header=true + pass_user_headers=true + request_logging=true + cookie_secure=true + + image: + repository: "quay.io/oauth2-proxy/oauth2-proxy" + pullPolicy: "Always" + + extraArgs: + provider: keycloak-oidc + redirect-url: https://oauth.durp.info/oauth2/callback/ + oidc-issuer-url: https://keycloak.durp.info/realms/homelab + allowed-role: user + + serviceAccount: + enabled: true + name: + annotations: {} + + ingress: + enabled: true + path: / + pathType: Prefix + hosts: + - oauth.durp.info + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt-production + tls: + - secretName: oauth-tls + hosts: + - oauth.durp.info + + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + + livenessProbe: + enabled: true + initialDelaySeconds: 0 + timeoutSeconds: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 0 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + + replicaCount: 1 \ No newline at end of file diff --git a/sealed-secrets/Chart.yaml b/sealed-secrets/Chart.yaml new file mode 100644 index 0000000..7b21da6 --- /dev/null +++ b/sealed-secrets/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: sealed-secrets +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" diff --git a/sealed-secrets/templates/deployment.yaml b/sealed-secrets/templates/deployment.yaml new file mode 100644 index 0000000..d042058 --- /dev/null +++ b/sealed-secrets/templates/deployment.yaml @@ -0,0 +1,252 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + name: sealed-secrets-service-proxier + name: sealed-secrets-service-proxier + namespace: kube-system +rules: +- apiGroups: + - "" + resourceNames: + - sealed-secrets-controller + resources: + - services + verbs: + - get +- apiGroups: + - "" + resourceNames: + - 'http:sealed-secrets-controller:' + - sealed-secrets-controller + resources: + - services/proxy + verbs: + - create + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: {} + labels: + name: sealed-secrets-key-admin + name: sealed-secrets-key-admin + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: {} + labels: + name: sealed-secrets-controller + name: sealed-secrets-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: secrets-unsealer +subjects: +- kind: ServiceAccount + name: sealed-secrets-controller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: {} + labels: + name: secrets-unsealer + name: secrets-unsealer +rules: +- apiGroups: + - bitnami.com + resources: + - sealedsecrets + verbs: + - get + - list + - watch +- apiGroups: + - bitnami.com + resources: + - sealedsecrets/status + verbs: + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: {} + labels: + name: sealed-secrets-controller + name: sealed-secrets-controller + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: {} + labels: + name: sealed-secrets-controller + name: sealed-secrets-controller + namespace: kube-system +spec: + minReadySeconds: 30 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + name: sealed-secrets-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + name: sealed-secrets-controller + spec: + containers: + - args: [] + command: + - controller + env: [] + image: docker.io/bitnami/sealed-secrets-controller:v0.17.5 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: http + name: sealed-secrets-controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /healthz + port: http + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1001 + stdin: false + tty: false + volumeMounts: + - mountPath: /tmp + name: tmp + imagePullSecrets: [] + initContainers: [] + securityContext: + fsGroup: 65534 + serviceAccountName: sealed-secrets-controller + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: {} + name: tmp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sealedsecrets.bitnami.com +spec: + group: bitnami.com + names: + kind: SealedSecret + listKind: SealedSecretList + plural: sealedsecrets + singular: sealedsecret + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + name: sealed-secrets-controller + name: sealed-secrets-controller + namespace: kube-system +spec: + ports: + - port: 8080 + targetPort: 8080 + selector: + name: sealed-secrets-controller + type: ClusterIP +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + name: sealed-secrets-service-proxier + name: sealed-secrets-service-proxier + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sealed-secrets-service-proxier +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: {} + labels: + name: sealed-secrets-controller + name: sealed-secrets-controller + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sealed-secrets-key-admin +subjects: +- kind: ServiceAccount + name: sealed-secrets-controller + namespace: kube-system diff --git a/sealed-secrets/values.yaml b/sealed-secrets/values.yaml new file mode 100644 index 0000000..e69de29 diff --git a/uptimekuma/Chart.yaml b/uptimekuma/Chart.yaml new file mode 100644 index 0000000..0dcf730 --- /dev/null +++ b/uptimekuma/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: uptimekuma +description: A Helm chart for Kubernetes +type: application + +version: 0.1.0 +appVersion: "1.16.0" diff --git a/uptimekuma/templates/deployment.yaml b/uptimekuma/templates/deployment.yaml new file mode 100644 index 0000000..0b047fb --- /dev/null +++ b/uptimekuma/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: uptime-kuma + name: deployment +spec: + selector: + matchLabels: + component: uptime-kuma + replicas: 1 + strategy: + type: Recreate + + template: + metadata: + labels: + component: uptime-kuma + spec: + containers: + - name: app + image: louislam/uptime-kuma:1 + ports: + - containerPort: 3001 + volumeMounts: + - mountPath: /app/data + name: storage + livenessProbe: + exec: + command: + - node + - extra/healthcheck.js + readinessProbe: + httpGet: + path: / + port: 3001 + scheme: HTTP + + volumes: + - name: storage + persistentVolumeClaim: + claimName: storage \ No newline at end of file diff --git a/uptimekuma/templates/ingress.yaml b/uptimekuma/templates/ingress.yaml new file mode 100644 index 0000000..4cc908a --- /dev/null +++ b/uptimekuma/templates/ingress.yaml @@ -0,0 +1,40 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/server-snippets: | + location / { + proxy_set_header Upgrade $http_upgrade; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_cache_bypass $http_upgrade; + } + name: ingress +spec: + tls: + - hosts: + - kuma.durp.info + secretName: kuma-tls + rules: + - host: kuma.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: service + port: + number: 3001 + diff --git a/uptimekuma/templates/service.yaml b/uptimekuma/templates/service.yaml new file mode 100644 index 0000000..cad08e7 --- /dev/null +++ b/uptimekuma/templates/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: service +spec: + selector: + component: uptime-kuma + type: ClusterIP + ports: + - name: http + port: 3001 + targetPort: 3001 + protocol: TCP \ No newline at end of file diff --git a/uptimekuma/templates/volume.yaml b/uptimekuma/templates/volume.yaml new file mode 100644 index 0000000..2fd7f53 --- /dev/null +++ b/uptimekuma/templates/volume.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: storage +spec: + storageClassName: longhorn + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi diff --git a/whoogle/Chart.yaml b/whoogle/Chart.yaml new file mode 100644 index 0000000..87124c3 --- /dev/null +++ b/whoogle/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: whoogle +description: A self hosted search engine on Kubernetes +type: application +version: 0.1.0 +appVersion: 0.7.2 + +icon: https://github.com/benbusby/whoogle-search/raw/main/app/static/img/favicon/favicon-96x96.png + +sources: + - https://github.com/benbusby/whoogle-search + - https://gitlab.com/benbusby/whoogle-search + - https://gogs.benbusby.com/benbusby/whoogle-search + +keywords: + - whoogle + - degoogle + - search + - google + - search-engine + - privacy + - tor + - python diff --git a/whoogle/templates/deployment.yaml b/whoogle/templates/deployment.yaml new file mode 100644 index 0000000..f5a3027 --- /dev/null +++ b/whoogle/templates/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whoogle + labels: + helm.sh/chart: whoogle-0.1.0 + app.kubernetes.io/name: whoogle + app.kubernetes.io/instance: whoogle + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app.kubernetes.io/name: whoogle + app.kubernetes.io/instance: whoogle + template: + metadata: + labels: + app.kubernetes.io/name: whoogle + app.kubernetes.io/instance: whoogle + spec: + serviceAccountName: whoogle + securityContext: + {} + containers: + - name: whoogle + securityContext: + runAsUser: 0 + image: "benbusby/whoogle-search:0.7.2" + imagePullPolicy: Always + resources: + limits: + cpu: 1000m + requests: + cpu: 100m + ports: + - name: http + containerPort: 5000 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http diff --git a/whoogle/templates/ingress.yaml b/whoogle/templates/ingress.yaml new file mode 100644 index 0000000..e826997 --- /dev/null +++ b/whoogle/templates/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: whoogle + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/proxy-body-size: "0" + cert-manager.io/cluster-issuer: letsencrypt-production +spec: + rules: + - host: whoogle.durp.info + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: whoogle + port: + number: 5000 + tls: + - hosts: + - whoogle.durp.info + secretName: whoogle-tls \ No newline at end of file diff --git a/whoogle/templates/service.yaml b/whoogle/templates/service.yaml new file mode 100644 index 0000000..a67a6f7 --- /dev/null +++ b/whoogle/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: whoogle + labels: + helm.sh/chart: whoogle-0.1.0 + app.kubernetes.io/name: whoogle + app.kubernetes.io/instance: whoogle + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 5000 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: whoogle + app.kubernetes.io/instance: whoogle \ No newline at end of file diff --git a/whoogle/templates/serviceaccount.yaml b/whoogle/templates/serviceaccount.yaml new file mode 100644 index 0000000..422e056 --- /dev/null +++ b/whoogle/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: whoogle + labels: + helm.sh/chart: whoogle-0.1.0 + app.kubernetes.io/name: whoogle + app.kubernetes.io/instance: whoogle + app.kubernetes.io/version: "0.7.2" + app.kubernetes.io/managed-by: Helm \ No newline at end of file