DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2024-08-04 09:33:10 -05:00
parent b1272fc052
commit e0eaa1a96c
72 changed files with 0 additions and 3695 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
argocd/templates/authentik.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: authentik
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: authentik
destination:
namespace: authentik
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

23
argocd/templates/bitwarden.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: bitwarden
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: bitwarden
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: bitwarden
syncPolicy:
automated:
prune: true
selfHeal: false
syncOptions:
- CreateNamespace=true

20
argocd/templates/crossplane.yml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: crossplane
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: crossplane
destination:
namespace: crossplane
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/durpapi.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: durpapi
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: durpapi
destination:
namespace: durpapi
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/durpot.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: durpot
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: durpot
destination:
namespace: durpot
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/heimdall.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: heimdall
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: heimdall
destination:
namespace: heimdall
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/krakend.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: krakend
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: krakend
destination:
namespace: krakend
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

22
argocd/templates/littlelink.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: littlelink
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: littlelink
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: littlelink
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

23
argocd/templates/nfs-client.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nfs-client
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: nfs-client
directory:
recurse: true
destination:
namespace: nfs-client
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

20
argocd/templates/open-webui.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: open-webui
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: open-webui
destination:
namespace: open-webui
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

17
argocd/templates/secrets.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: vault-argocd
labels:
app.kubernetes.io/part-of: argocd
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: client-secret
data:
- secretKey: clientSecret
remoteRef:
key: secrets/argocd/authentik
property: clientsecret

25
argocd/templates/vault.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vault
namespace: argocd
spec:
project: default
source:
repoURL: https://gitlab.com/developerdurp/homelab.git
targetRevision: main
path: vault
destination:
namespace: vault
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
jqPathExpressions:
- .webhooks[]?.clientConfig.caBundle

12
authentik/Chart.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v2
name: authentik
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: authentik
repository: https://charts.goauthentik.io
version: 2024.4.1

24
authentik/templates/authentik-pv.yaml
View File

@@ -1,24 +0,0 @@
#apiVersion: v1
#kind: PersistentVolume
#metadata:
# annotations:
# pv.kubernetes.io/provisioned-by: durp.info/nfs
# finalizers:
# - kubernetes.io/pv-protection
# name: authentik-pv
#spec:
# accessModes:
# - ReadWriteMany
# capacity:
# storage: 10Gi
# claimRef:
# apiVersion: v1
# kind: PersistentVolumeClaim
# name: authentik-pvc
# namespace: authentik
# nfs:
# path: /mnt/user/k3s/authentik
# server: 192.168.20.253
# persistentVolumeReclaimPolicy: Retain
# storageClassName: nfs-storage
# volumeMode: Filesystem

18
authentik/templates/authentik-pvc.yaml
View File

@@ -1,18 +0,0 @@
#apiVersion: v1
#kind: PersistentVolumeClaim
#metadata:
# labels:
# app.kubernetes.io/component: app
# app.kubernetes.io/instance: authentik
# app.kubernetes.io/managed-by: Helm
# app.kubernetes.io/name: authentik
# helm.sh/chart: authentik-2.14.4
# name: authentik-pvc
# namespace: authentik
#spec:
# accessModes:
# - ReadWriteMany
# resources:
# requests:
# storage: 10Gi
# storageClassName: nfs-storage

42
authentik/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: authentik-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`authentik.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: authentik-server
port: 80
tls:
secretName: authentik-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: authentik-tls
spec:
secretName: authentik-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "authentik.durp.info"
dnsNames:
- "authentik.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: authentik-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
spec:
type: ExternalName
externalName: durp.info

28
authentik/templates/secrets.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: authentik-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: db-pass
data:
- secretKey: dbpass
remoteRef:
key: secrets/authentik/database
property: dbpass
- secretKey: secretkey
remoteRef:
key: secrets/authentik/database
property: secretkey
- secretKey: postgresql-postgres-password
remoteRef:
key: secrets/authentik/database
property: dbpass
- secretKey: postgresql-password
remoteRef:
key: secrets/authentik/database
property: dbpass

51
authentik/values.yaml
View File

@@ -1,51 +0,0 @@
authentik:
global:
env:
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: db-pass
key: dbpass
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: db-pass
key: secretkey
revisionHistoryLimit: 1
image:
repository: registry.internal.durp.info/goauthentik/server
pullPolicy: Always
authentik:
outposts:
container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
postgresql:
host: '{{ .Release.Name }}-postgresql-hl'
name: "authentik"
user: "authentik"
port: 5432
server:
name: server
replicas: 3
postgresql:
enabled: true
image:
registry: registry.internal.durp.info
repository: bitnami/postgresql
pullPolicy: Always
postgresqlUsername: "authentik"
postgresqlDatabase: "authentik"
existingSecret: db-pass
persistence:
enabled: true
storageClass: longhorn
accessModes:
- ReadWriteMany
redis:
enabled: true
image:
registry: registry.internal.durp.info
repository: bitnami/redis
pullPolicy: Always
architecture: standalone
auth:
enabled: false

7
bitwarden/Chart.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v2
name: bitwarden
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

25
bitwarden/templates/bitwarden-pv.yaml
View File

@@ -1,25 +0,0 @@
#apiVersion: v1
#kind: PersistentVolume
#metadata:
# annotations:
# pv.kubernetes.io/provisioned-by: durp.info/nfs
# finalizers:
# - kubernetes.io/pv-protection
# name: bitwarden-pv
#spec:
# accessModes:
# - ReadWriteMany
# capacity:
# storage: 10Gi
# claimRef:
# apiVersion: v1
# kind: PersistentVolumeClaim
# name: bitwarden-pvc
# namespace: bitwarden
# nfs:
# path: /mnt/user/k3s/bitwarden
# server: 192.168.20.253
# persistentVolumeReclaimPolicy: Retain
# storageClassName: nfs-storage
# volumeMode: Filesystem
#

11
bitwarden/templates/bitwarden-pvc.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bitwarden-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi

50
bitwarden/templates/deployment.yaml
View File

@@ -1,50 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: bitwarden
name: bitwarden
labels:
app: bitwarden
spec:
selector:
matchLabels:
app: bitwarden
replicas: 1
template:
metadata:
labels:
app: bitwarden
spec:
containers:
- name: bitwarden
image: registry.internal.durp.info/vaultwarden/server:1.30.3
imagePullPolicy: Always
volumeMounts:
- name: bitwarden-pvc
mountPath: /data
subPath: bitwaren-data
ports:
- name: http
containerPort: 80
env:
- name: SIGNUPS_ALLOWED
value: "FALSE"
- name: INVITATIONS_ALLOWED
value: "FALSE"
- name: WEBSOCKET_ENABLED
value: "TRUE"
- name: ROCKET_ENV
value: "staging"
- name: ROCKET_PORT
value: "80"
- name: ROCKET_WORKERS
value: "10"
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: bitwarden-secret
key: ADMIN_TOKEN
volumes:
- name: bitwarden-pvc
persistentVolumeClaim:
claimName: bitwarden-pvc

42
bitwarden/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: bitwarden-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: bitwarden
port: 80
tls:
secretName: bitwarden-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bitwarden-tls
spec:
secretName: bitwarden-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "bitwarden.durp.info"
dnsNames:
- "bitwarden.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: bitwarden-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
spec:
type: ExternalName
externalName: durp.info

16
bitwarden/templates/secrets.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: bitwarden-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: bitwarden-secret
data:
- secretKey: ADMIN_TOKEN
remoteRef:
key: secrets/bitwarden/admin
property: ADMIN_TOKEN

12
bitwarden/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bitwarden
spec:
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
selector:
app: bitwarden

12
crossplane/Chart.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v2
name: crossplane
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: crossplane
repository: https://charts.crossplane.io/stable
version: 1.12.0

55
crossplane/templates/gitlab.yml
View File

@@ -1,55 +0,0 @@
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: provider-gitlab
spec:
package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitlab-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: gitlab-secret
data:
- secretKey: accesstoken
remoteRef:
key: secrets/gitlab/token
property: accesstoken
---
#apiVersion: gitlab.crossplane.io/v1beta1
#kind: ProviderConfig
#metadata:
# name: gitlab-provider
#spec:
# baseURL: https://gitlab.com/
# credentials:
# source: Secret
# secretRef:
# namespace: crossplane
# name: gitlab-secret
# key: accesstoken
#
#---
#
#apiVersion: projects.gitlab.crossplane.io/v1alpha1
#kind: Project
#metadata:
# name: example-project
#spec:
# deletionPolicy: Orphan
# forProvider:
# name: "Example Project"
# description: "example project description"
# providerConfigRef:
# name: gitlab-provider
# policy:
# resolution: Optional
# resolve: Always

1506
dashboards/nginx-dashboard.yaml
View File

File diff suppressed because it is too large Load Diff

11
durpapi/Chart.yaml
View File

@@ -1,11 +0,0 @@
type: application
appVersion: 0.1.0
description: A Helm chart for Kubernetes
name: durpapi
dependencies:
- condition: postgresql.enabled
version: 12.5.*
repository: https://charts.bitnami.com/bitnami
name: postgresql
apiVersion: v2
version: test

38
durpapi/templates/deployment.yaml
View File

@@ -1,38 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Chart.Name }}
labels:
app: {{ .Chart.Name }}
spec:
revisionHistoryLimit: 1
selector:
matchLabels:
app: {{ .Chart.Name }}
replicas: {{ .Values.deployment.hpa.minReplicas }}
template:
metadata:
labels:
app: {{ .Chart.Name }}
spec:
containers:
- name: api
image: "{{ .Values.deployment.image }}:{{ default .Chart.Version .Values.deployment.tag }}"
imagePullPolicy: {{ .Values.deployment.imagePullPolicy }}
readinessProbe:
{{- toYaml .Values.deployment.probe.readiness | nindent 12 }}
livenessProbe:
{{- toYaml .Values.deployment.probe.liveness | nindent 12 }}
startupProbe:
{{- toYaml .Values.deployment.probe.startup | nindent 12 }}
ports:
- name: http
containerPort: {{ .Values.service.targetport }}
env:
- name: host
value: {{ .Values.swagger.host }}
- name: version
value: {{ default .Chart.Version .Values.deployment.tag }}
envFrom:
- secretRef:
name: {{ .Values.deployment.secretfile }}

24
durpapi/templates/hpa.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: "{{ .Chart.Name }}-hpa"
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ .Chart.Name }}
minReplicas: {{ .Values.deployment.hpa.minReplicas }}
maxReplicas: {{ .Values.deployment.hpa.maxReplicas }}
metrics:
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 40

44
durpapi/templates/ingress.yaml
View File

@@ -1,44 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: "{{ .Chart.Name }}-ingress"
spec:
entryPoints:
- websecure
routes:
- match: Host("api.durp.info") && PathPrefix(`/api`)
kind: Rule
middlewares:
- name: jwt
services:
- name: "durpapi-service"
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: "{{ .Chart.Name }}-swagger"
spec:
entryPoints:
- websecure
routes:
- match: Host("api.durp.info") && PathPrefix(`/swagger`)
kind: Rule
services:
- name: "durpapi-service"
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: jwt
spec:
plugin:
jwt:
Required: true
Keys:
- https://authentik.durp.info/application/o/api/jwks

39
durpapi/templates/secrets.yaml
View File

@@ -1,39 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: durpapi-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: durpapi-secret
data:
- secretKey: db_host
remoteRef:
key: secrets/durpapi/postgres
property: db_host
- secretKey: db_port
remoteRef:
key: secrets/durpapi/postgres
property: db_port
- secretKey: db_pass
remoteRef:
key: secrets/durpapi/postgres
property: db_pass
- secretKey: db_user
remoteRef:
key: secrets/durpapi/postgres
property: db_user
- secretKey: db_sslmode
remoteRef:
key: secrets/durpapi/postgres
property: db_sslmode
- secretKey: db_name
remoteRef:
key: secrets/durpapi/postgres
property: db_name
- secretKey: llamaurl
remoteRef:
key: secrets/durpapi/llamaurl
property: llamaurl

12
durpapi/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: "{{ .Chart.Name }}-service"
spec:
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetport }}
protocol: TCP
selector:
app: {{ .Chart.Name }}

39
durpapi/values.yaml
View File

@@ -1,39 +0,0 @@
ingress:
enabled: false
deployment:
image: registry.internal.durp.info/developerdurp/durpapi
secretfile: durpapi-secret
imagePullPolicy: Always
hpa:
minReplicas: 3
maxReplicas: 10
probe:
readiness:
httpGet:
path: /api/health/gethealth
port: 8080
liveness:
httpGet:
path: /api/health/gethealth
port: 8080
startup:
httpGet:
path: /api/health/gethealth
port: 8080
service:
type: ClusterIP
port: 80
targetport: 8080
swagger:
host: api.durp.info
postgresql:
enabled: true
auth:
existingSecret: durpapi-secret
secretKeys:
adminPasswordKey: db_pass
userPasswordKey: db_pass
replicationPasswordKey: db_pass
database: postgres
username: postgres

11
durpot/Chart.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v2
name: durpapi
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: durpot
repository: https://gitlab.com/api/v4/projects/45025485/packages/helm/stable
version: 0.1.0-dev0038

43
durpot/templates/secrets.yaml
View File

@@ -1,43 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: durpot-secert
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: durpot-secret
data:
- secretKey: OPENAI_API_KEY
remoteRef:
key: secrets/durpot/openai
property: OPENAI_API_KEY
- secretKey: BOTPREFIX
remoteRef:
key: secrets/durpot/discord
property: BOTPREFIX
- secretKey: ChannelID
remoteRef:
key: secrets/durpot/discord
property: ChannelID
- secretKey: TOKEN
remoteRef:
key: secrets/durpot/discord
property: TOKEN
- secretKey: ClientID
remoteRef:
key: secrets/durpot/auth
property: ClientID
- secretKey: Password
remoteRef:
key: secrets/durpot/auth
property: Password
- secretKey: TokenURL
remoteRef:
key: secrets/durpot/auth
property: TokenURL
- secretKey: Username
remoteRef:
key: secrets/durpot/auth
property: Username

12
external-dns/Chart.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v2
name: external-dns
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: external-dns
repository: https://charts.bitnami.com/bitnami
version: 6.20.3

23
external-dns/templates/secrets.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: external-dns-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: external-dns
data:
- secretKey: cloudflare_api_email
remoteRef:
key: secrets/external-dns/cloudflare
property: cloudflare_api_email
- secretKey: cloudflare_api_key
remoteRef:
key: secrets/external-dns/cloudflare
property: cloudflare_api_key
- secretKey: cloudflare_api_token
remoteRef:
key: secrets/external-dns/cloudflare
property: cloudflare_api_token

16
external-dns/values.yaml
View File

@@ -1,16 +0,0 @@
external-dns:
global:
imageRegistry: "registry.internal.durp.info"
image:
pullPolicy: Always
sources:
- service
provider: cloudflare
cloudflare:
secretName : "external-dns"
proxied: false
policy: sync

12
external-secrets/Chart.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v2
name: external-secrets
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 0.8.1

463
external-secrets/values.yaml
View File

@@ -1,463 +0,0 @@
external-secrets:
replicaCount: 3
# -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
revisionHistoryLimit: 10
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: Always
# -- The image tag to use. The default is the chart appVersion.
# There are different image flavours available, like distroless and ubi.
# Please see GitHub release notes for image tags for these flavors.
# By default the distroless image is used.
tag: ""
# -- If set, install and upgrade CRDs through helm chart.
installCRDs: true
crds:
# -- If true, create CRDs for Cluster External Secret.
createClusterExternalSecret: true
# -- If true, create CRDs for Cluster Secret Store.
createClusterSecretStore: true
# -- If true, create CRDs for Push Secret.
createPushSecret: true
annotations: {}
conversion:
enabled: true
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# -- If true, external-secrets will perform leader election between instances to ensure no more
# than one instance of external-secrets operates at a time.
leaderElect: true
# -- If set external secrets will filter matching
# Secret Stores with the appropriate controller values.
controllerClass: ""
# -- If true external secrets will use recommended kubernetes
# annotations as prometheus metric labels.
extendedMetricLabels: false
# -- If set external secrets are only reconciled in the
# provided namespace
scopedNamespace: ""
# -- Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace
# and implicitly disable cluster stores and cluster external secrets
scopedRBAC: false
# -- if true, the operator will process cluster external secret. Else, it will ignore them.
processClusterExternalSecret: true
# -- if true, the operator will process cluster store. Else, it will ignore them.
processClusterStore: true
# -- Specifies whether an external secret operator deployment be created.
createOperator: true
# -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at
# a time.
concurrent: 1
serviceAccount:
# -- Specifies whether a service account should be created.
create: true
# -- Automounts the service account token in all containers of the pod
automount: true
# -- Annotations to add to the service account.
annotations: {}
# -- Extra Labels to add to the service account.
extraLabels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
rbac:
# -- Specifies whether role and rolebinding resources should be created.
create: true
## -- Extra environment variables to add to container.
extraEnv: []
## -- Map of extra arguments to pass to container.
extraArgs: {}
## -- Extra volumes to pass to pod.
extraVolumes: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
## -- Extra containers to add to the pod.
extraContainers: []
# -- Annotations to add to Deployment
deploymentAnnotations: {}
# -- Annotations to add to Pod
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
prometheus:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
enabled: false
service:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
port: 8080
serviceMonitor:
# -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
enabled: false
# -- namespace where you want to install ServiceMonitors
namespace: ""
# -- Additional labels
additionalLabels: {}
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
# -- Let prometheus add an exported_ prefix to conflicting labels
honorLabels: false
# -- Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
metricRelabelings: []
# - action: replace
# regex: (.*)
# replacement: $1
# sourceLabels:
# - exported_namespace
# targetLabel: namespace
# -- Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
metrics:
service:
# -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
enabled: false
# -- Metrics service port to scrape
port: 8080
# -- Additional service annotations
annotations: {}
nodeSelector: {}
tolerations: []
topologySpreadConstraints: []
affinity: {}
# -- Pod priority class name.
priorityClassName: ""
# -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 1
# -- Run the controller on the host network
hostNetwork: false
webhook:
# -- Specifies whether a webhook deployment be created.
create: true
# -- Specifices the time to check if the cert is valid
certCheckInterval: "5m"
# -- Specifices the lookaheadInterval for certificate validity
lookaheadInterval: ""
replicaCount: 1
# -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
revisionHistoryLimit: 10
certDir: /tmp/certs
# -- Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore
failurePolicy: Fail
# -- Specifies if webhook pod should use hostNetwork or not.
hostNetwork: false
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent
# -- The image tag to use. The default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# -- The port the webhook will listen to
port: 10250
rbac:
# -- Specifies whether role and rolebinding resources should be created.
create: true
serviceAccount:
# -- Specifies whether a service account should be created.
create: true
# -- Automounts the service account token in all containers of the pod
automount: true
# -- Annotations to add to the service account.
annotations: {}
# -- Extra Labels to add to the service account.
extraLabels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
nodeSelector: {}
tolerations: []
topologySpreadConstraints: []
affinity: {}
# -- Pod priority class name.
priorityClassName: ""
# -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 1
prometheus:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
enabled: false
service:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
port: 8080
serviceMonitor:
# -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
enabled: false
# -- Additional labels
additionalLabels: {}
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
metrics:
service:
# -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
enabled: false
# -- Metrics service port to scrape
port: 8080
# -- Additional service annotations
annotations: {}
readinessProbe:
# -- Address for readiness probe
address: ""
# -- ReadinessProbe port for kubelet
port: 8081
## -- Extra environment variables to add to container.
extraEnv: []
## -- Map of extra arguments to pass to container.
extraArgs: {}
## -- Extra volumes to pass to pod.
extraVolumes: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
# -- Annotations to add to Secret
secretAnnotations: {}
# -- Annotations to add to Deployment
deploymentAnnotations: {}
# -- Annotations to add to Pod
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
certController:
# -- Specifies whether a certificate controller deployment be created.
create: true
requeueInterval: "5m"
replicaCount: 1
# -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
revisionHistoryLimit: 10
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: Always
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
rbac:
# -- Specifies whether role and rolebinding resources should be created.
create: true
serviceAccount:
# -- Specifies whether a service account should be created.
create: true
# -- Automounts the service account token in all containers of the pod
automount: true
# -- Annotations to add to the service account.
annotations: {}
# -- Extra Labels to add to the service account.
extraLabels: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template.
name: ""
nodeSelector: {}
tolerations: []
topologySpreadConstraints: []
affinity: {}
# -- Run the certController on the host network
hostNetwork: false
# -- Pod priority class name.
priorityClassName: ""
# -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: false
minAvailable: 1
# maxUnavailable: 1
prometheus:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
enabled: false
service:
# -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
port: 8080
serviceMonitor:
# -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
enabled: false
# -- Additional labels
additionalLabels: {}
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
metrics:
service:
# -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
enabled: false
# -- Metrics service port to scrape
port: 8080
# -- Additional service annotations
annotations: {}
## -- Extra environment variables to add to container.
extraEnv: []
## -- Map of extra arguments to pass to container.
extraArgs: {}
## -- Extra volumes to pass to pod.
extraVolumes: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
# -- Annotations to add to Deployment
deploymentAnnotations: {}
# -- Annotations to add to Pod
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
# -- Specifies `dnsOptions` to deployment
dnsConfig: {}

11
heimdall/Chart.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v2
name: heimdall
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: heimdall
repository: https://djjudas21.github.io/charts/
version: 8.5.2

52
heimdall/templates/ingress.yaml
View File

@@ -1,52 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
name: heimdall-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`heimdall.durp.info`) && PathPrefix(`/`)
middlewares:
- name: authentik-proxy-provider
namespace: traefik
kind: Rule
services:
- name: heimdall
port: 80
- match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
kind: Rule
services:
- name: ak-outpost-authentik-embedded-outpost
namespace: authentik
port: 9000
tls:
secretName: heimdall-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: heimdall-tls
spec:
secretName: heimdall-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "heimdall.durp.info"
dnsNames:
- "heimdall.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: heimdall-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
spec:
type: ExternalName
externalName: durp.info

28
heimdall/values.yaml
View File

@@ -1,28 +0,0 @@
heimdall:
image:
registry:
repository: registry.internal.durp.info/linuxserver/heimdall
pullPolicy: Always
env:
TZ: UTC
PUID: "1000"
PGID: "1000"
service:
main:
annotations:
external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
external-dns.alpha.kubernetes.io/target: home.durp.info
ports:
http:
port: 80
ingress:
main:
enabled: false
persistence:
config:
enabled: true

7
krakend/Chart.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v2
name: krakend
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

39
krakend/templates/deployments.yaml
View File

@@ -1,39 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: krakend
name: krakend
labels:
app: krakend
spec:
selector:
matchLabels:
app: krakend
replicas: 1
template:
metadata:
labels:
app: krakend
spec:
volumes:
- name: krakend-secret
secret:
secretName: krakend-secret
containers:
- name: krakend
image: registry.internal.durp.info/devopsfaith/krakend:2.4.3
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /__health
port: 8080
readinessProbe:
httpGet:
path: /__health
port: 8080
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: krakend-secret
mountPath: /etc/krakend

56
krakend/templates/ingress.yaml
View File

@@ -1,56 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: api-tls
spec:
secretName: api-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "api.durp.info"
dnsNames:
- "api.durp.info"
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: krakend-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`api.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: krakend-service
port: 8080
scheme: http
tls:
secretName: api-tls
---
kind: Service
apiVersion: v1
metadata:
name: api-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: api.durp.info
spec:
type: ExternalName
externalName: durp.info
---
kind: Service
apiVersion: v1
metadata:
name: api-developer-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: developer.durp.info
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
spec:
type: ExternalName
externalName: developerdurp.github.io

15
krakend/templates/secrets.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: krakend-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: krakend-secret
data:
- secretKey: krakend.json
remoteRef:
key: secrets/krakend/config
property: config

12
krakend/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: krakend-service
spec:
ports:
- name: http
port: 8080
targetPort: 8080
protocol: TCP
selector:
app: krakend

0
littlelink/Chart.yaml
View File

99
littlelink/templates/deployment.yaml
View File

@@ -1,99 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: littlelink
name: littlelink
labels:
app: littlelink
spec:
selector:
matchLabels:
app: littlelink
replicas: 1
template:
metadata:
labels:
app: littlelink
spec:
containers:
- name: littlelink
image: registry.internal.durp.info/techno-tim/littlelink-server:latest
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthcheck
port: 3000
readinessProbe:
httpGet:
path: /healthcheck
port: 3000
env:
- name: META_TITLE
value: DeveloperDurp
- name: META_DESCRIPTION
value: The Durpy Developer
- name: META_AUTHOR
value: DeveloperDurp
- name: LANG
value: en
- name: META_INDEX_STATUS
value: all
- name: OG_TITLE
value: DeveloperDurp
- name: OG_DESCRIPTION
value: DeveloperDurp
- name: OG_URL
value: https://gitlab.com/developerdurp
- name: OG_IMAGE
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : OG_IMAGE_WIDTH
value: "400"
- name : OG_IMAGE_HEIGHT
value: "400"
- name : THEME
value: Dark
- name : FAVICON_URL
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : AVATAR_URL
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : AVATAR_2X_URL
value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
- name : AVATAR_ALT
value: DeveloperDurp Profile Pic
- name : NAME
value: DeveloperDurp
- name : BIO
value: Sup Nerd,
- name : BUTTON_ORDER
value: GITHUB,GITLAB,YOUTUBE,TWITTER,COFFEE,EMAIL
- name : TWITTER
value: https://twitter.com/developerdurp
- name : GITHUB
value: https://github.com/DeveloperDurp
- name : GITLAB
value: https://gitlab.com/developerdurp
- name: YOUTUBE
value: https://www.youtube.com/channel/UC1rGa6s6kER_gLpIQsxeMVQ
- name : EMAIL
value: DeveloperDurp@durp.info
- name : EMAIL_TEXT
value: DeveloperDurp@durp.info
- name : FOOTER
value: DeveloperDurp © 2022
- name: CUSTOM_BUTTON_TEXT
value: BuyMeACoffee
- name: CUSTOM_BUTTON_URL
value: https://www.buymeacoffee.com/DeveloperDurp
- name: CUSTOM_BUTTON_COLOR
value: '#ffdd00'
- name: CUSTOM_BUTTON_TEXT_COLOR
value: '#000000'
- name: CUSTOM_BUTTON_ALT_TEXT
value: Support
- name: CUSTOM_BUTTON_NAME
value: COFFEE
- name: CUSTOM_BUTTON_ICON
value: fa-solid fa-cup-togo
ports:
- name: http
containerPort: 3000

42
littlelink/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: littlelink-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`links.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: littlelink
port: 80
tls:
secretName: littlelink-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: littlelink-tls
spec:
secretName: littlelink-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "links.durp.info"
dnsNames:
- "links.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: links-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: links.durp.info
spec:
type: ExternalName
externalName: durp.info

12
littlelink/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: littlelink
spec:
ports:
- name: http
port: 80
targetPort: 3000
protocol: TCP
selector:
app: littlelink

8
nfs-client/Chart.yml
View File

@@ -1,8 +0,0 @@
apiVersion: v2
name: nfs-client
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

12
nfs-client/templates/cluster-role-binding.yml
View File

@@ -1,12 +0,0 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: nfs-client
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io

20
nfs-client/templates/cluster-role.yml
View File

@@ -1,20 +0,0 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]

42
nfs-client/templates/provisioner.yml
View File

@@ -1,42 +0,0 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: nfs-client-provisioner
namespace: nfs-client
spec:
selector:
matchLabels:
app: nfs-client-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: nfs-client-provisioner
spec:
serviceAccountName: nfs-client-provisioner
containers:
- name: nfs-client-provisioner
image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
memory: 1Gi
volumeMounts:
- name: nfs-client-ssd
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: durp.info/nfs
- name: NFS_SERVER
value: 192.168.20.253
- name: NFS_PATH
value: /mnt/user/k3s
volumes:
- name: nfs-client-ssd
nfs:
server: 192.168.20.253
path: /mnt/user/k3s

13
nfs-client/templates/role-binding.yml
View File

@@ -1,13 +0,0 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: nfs-client
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: nfs-client
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io

9
nfs-client/templates/role.yml
View File

@@ -1,9 +0,0 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: nfs-client
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]

5
nfs-client/templates/service-account.yml
View File

@@ -1,5 +0,0 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: nfs-client-provisioner
namespace: nfs-client

10
nfs-client/templates/storage-class.yml
View File

@@ -1,10 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-storage
annotations:
storageclass.kubernetes.io/is-default-class: "false"
provisioner: durp.info/nfs
parameters:
archiveOnDelete: "false"
reclaimPolicy: Retain

7
open-webui/Chart.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v2
name: open-webui
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"

37
open-webui/templates/deployment.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: open-webui
name: open-webui
labels:
app: open-webui
spec:
selector:
matchLabels:
app: open-webui
replicas: 1
template:
metadata:
labels:
app: open-webui
spec:
containers:
- name: open-webui
image: registry.internal.durp.info/open-webui/open-webui:main
imagePullPolicy: Always
volumeMounts:
- name: open-webui-pvc
mountPath: /app/backend/data
ports:
- name: http
containerPort: 8080
env:
- name: OLLAMA_BASE_URL
valueFrom:
secretKeyRef:
name: open-webui-secret
key: OLLAMA_BASE_URL
volumes:
- name: open-webui-pvc
persistentVolumeClaim:
claimName: open-webui-pvc

42
open-webui/templates/ingress.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: open-webui-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`open-webui.durp.info`) && PathPrefix(`/`)
kind: Rule
services:
- name: open-webui
port: 8080
tls:
secretName: open-webui-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: open-webui-tls
spec:
secretName: open-webui-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "open-webui.durp.info"
dnsNames:
- "open-webui.durp.info"
---
kind: Service
apiVersion: v1
metadata:
name: open-webui-external-dns
annotations:
external-dns.alpha.kubernetes.io/hostname: open-webui.durp.info
spec:
type: ExternalName
externalName: durp.info

11
open-webui/templates/pvc.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: open-webui-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi

16
open-webui/templates/secrets.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: open-webui-secret
spec:
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: open-webui-secret
data:
- secretKey: OLLAMA_BASE_URL
remoteRef:
key: secrets/open-webui
property: OLLAMA_BASE_URL

12
open-webui/templates/service.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: open-webui
spec:
ports:
- name: http
port: 8080
targetPort: 8080
protocol: TCP
selector:
app: open-webui

12
vault/Chart.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v2
name: vault
description: A Helm chart for Kubernetes
type: application
version: 0.0.1
appVersion: 0.0.1
dependencies:
- name: vault
repository: https://helm.releases.hashicorp.com
version: 0.27.0

37
vault/templates/ingress.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: vault-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
entryPoints:
- websecure
routes:
- match: Host(`vault.internal.durp.info`)
middlewares:
- name: whitelist
namespace: traefik
kind: Rule
services:
- name: vault
port: 8200
scheme: http
tls:
secretName: vault-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: vault-tls
spec:
secretName: vault-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "vault.internal.durp.info"
dnsNames:
- "vault.internal.durp.info"

14
vault/templates/secret-store.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: vault
spec:
provider:
vault:
server: "http://vault.vault.svc.cluster.local:8200"
path: "secrets"
version: "v2"
auth:
kubernetes:
mountPath: "kubernetes"
role: "external-secrets"

66
vault/values.yaml
View File

@@ -1,66 +0,0 @@
vault:
global:
image:
repository: "registry.internal.durp.info/hashicorp/vault-k8s"
tag: "1.3.1"
pullPolicy: Always
agentImage:
repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2"
injector:
enabled: "-"
replicas: 3
leaderElector:
enabled: true
metrics:
enabled: true
image:
repository: "registry.internal.durp.info/hashicorp/vault-k8s"
tag: "1.3.1"
pullPolicy: Always
agentImage:
repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2"
server:
enabled: "-"
image:
repository: "registry.internal.durp.info/hashicorp/vault"
tag: "1.15.2"
pullPolicy: Always
ha:
enabled: false
replicas: 3
resources: {}
# resources:
# requests:
# memory: 256Mi
# cpu: 250m
# limits:
# memory: 256Mi
# cpu: 250m
dataStorage:
enabled: true
size: 10Gi
storageClass: longhorn
accessMode: ReadWriteOnce
auditStorage:
enabled: false
size: 10Gi
mountPath: "/vault/audit"
storageClass: longhorn
accessMode: ReadWriteOnce
ui:
enabled: false
externalPort: 8200
targetPort: 8200