mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
fix: traefik
This commit is contained in:
auricom
@@ -20,8 +20,21 @@ spec:
|
|||||||
image:
|
image:
|
||||||
repository: ghcr.io/linuxserver/bookstack
|
repository: ghcr.io/linuxserver/bookstack
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
# Overrides the image tag whose default is the chart appVersion.
|
|
||||||
tag: "version-v21.05.4"
|
tag: "version-v21.05.4"
|
||||||
|
|
||||||
|
env:
|
||||||
|
APP_URL: https://bookstack.${SECRET_CLUSTER_DOMAIN}/
|
||||||
|
DB_HOST: bookstack-mariadb
|
||||||
|
DB_DATABASE: bookstack
|
||||||
|
DB_USERNAME: bookstack
|
||||||
|
DB_PASSWORD: ${SECRET_BOOKSTACK_DB_PASSWORD}
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
mountPath: /config
|
||||||
|
existingClaim: bookstack-config
|
||||||
|
|
||||||
mariadb:
|
mariadb:
|
||||||
enabled: true
|
enabled: true
|
||||||
image:
|
image:
|
||||||
@@ -36,34 +49,25 @@ spec:
|
|||||||
persistence:
|
persistence:
|
||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: bookstack-db
|
existingClaim: bookstack-db
|
||||||
env:
|
|
||||||
APP_URL: https://bookstack.${SECRET_CLUSTER_DOMAIN}/
|
|
||||||
DB_HOST: bookstack-mariadb
|
|
||||||
DB_DATABASE: bookstack
|
|
||||||
DB_USERNAME: bookstack
|
|
||||||
DB_PASSWORD: ${SECRET_BOOKSTACK_DB_PASSWORD}
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: http
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Bookstack"
|
|
||||||
forecastle.stakater.com/icon: "https://yunohost.org/user/images/logo-bookstack.png?height=80?height=80"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: bookstack.${SECRET_CLUSTER_DOMAIN}
|
- host: bookstack.${SECRET_CLUSTER_DOMAIN}
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
persistence:
|
tls:
|
||||||
config:
|
- hosts:
|
||||||
enabled: true
|
- "bookstack.${SECRET_CLUSTER_DOMAIN}"
|
||||||
mountPath: /config
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
existingClaim: bookstack-config
|
|
||||||
|
|||||||
@@ -1,44 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: forecastle
|
|
||||||
namespace: data
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
# renovate: registryUrl=https://stakater.github.io/stakater-charts
|
|
||||||
chart: forecastle
|
|
||||||
version: v1.0.65
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: stakater-charts
|
|
||||||
namespace: flux-system
|
|
||||||
interval: 5m
|
|
||||||
values:
|
|
||||||
forecastle:
|
|
||||||
config:
|
|
||||||
title: "Healthchecks"
|
|
||||||
namespaceSelector:
|
|
||||||
matchNames:
|
|
||||||
- data
|
|
||||||
- development
|
|
||||||
- home
|
|
||||||
- media
|
|
||||||
- networking
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
|
||||||
hosts:
|
|
||||||
- host: home.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- /
|
|
||||||
- host: services.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- /
|
|
||||||
@@ -17,32 +17,34 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
image:
|
image:
|
||||||
repository: freshrss/freshrss
|
repository: freshrss/freshrss
|
||||||
tag: 1.18.1
|
tag: 1.18.1
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: Europe/Paris
|
TZ: Europe/Paris
|
||||||
CRON_MIN: "18,48"
|
CRON_MIN: "18,48"
|
||||||
DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/"
|
DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/"
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
mountPath: /var/www/FreshRSS/data
|
||||||
|
existingClaim: freshrss-config
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: http
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "FreshRSS"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/FreshRSS/FreshRSS/edge/docs/img/FreshRSS-logo.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: freshrss.${SECRET_CLUSTER_DOMAIN}
|
- host: freshrss.${SECRET_CLUSTER_DOMAIN}
|
||||||
paths:
|
paths:
|
||||||
@@ -51,11 +53,8 @@ spec:
|
|||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "freshrss.${SECRET_CLUSTER_DOMAIN}"
|
- "freshrss.${SECRET_CLUSTER_DOMAIN}"
|
||||||
persistence:
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
config:
|
|
||||||
enabled: true
|
|
||||||
mountPath: /var/www/FreshRSS/data
|
|
||||||
existingClaim: freshrss-config
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 50m
|
cpu: 50m
|
||||||
|
|||||||
@@ -21,20 +21,39 @@ spec:
|
|||||||
repository: b4bz/homer
|
repository: b4bz/homer
|
||||||
tag: 21.07.1
|
tag: 21.07.1
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
mountPath: /www/assets
|
||||||
|
existingClaim: homer-config
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts:
|
hosts:
|
||||||
- host: homer.${SECRET_CLUSTER_DOMAIN}
|
- host: "homer.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "homer.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
addons:
|
addons:
|
||||||
codeserver:
|
codeserver:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -51,21 +70,19 @@ spec:
|
|||||||
- "/www/assets/.vscode"
|
- "/www/assets/.vscode"
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts:
|
hosts:
|
||||||
- host: homer-config.${SECRET_CLUSTER_DOMAIN}
|
- host: "homer-config.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "homer-config.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /www/assets
|
mountPath: /www/assets
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
enabled: true
|
|
||||||
mountPath: /www/assets
|
|
||||||
existingClaim: homer-config
|
|
||||||
|
|||||||
@@ -22,17 +22,6 @@ spec:
|
|||||||
tag: 2.2.10
|
tag: 2.2.10
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
controllerType: deployment
|
|
||||||
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: tcp
|
|
||||||
|
|
||||||
env:
|
env:
|
||||||
APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN}
|
APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN}
|
||||||
APP_PORT: 22300
|
APP_PORT: 22300
|
||||||
@@ -43,14 +32,24 @@ spec:
|
|||||||
POSTGRES_USER: joplin
|
POSTGRES_USER: joplin
|
||||||
POSTGRES_PASSWORD: ${SECRET_JOPLIN_DB_PASSWORD}
|
POSTGRES_PASSWORD: ${SECRET_JOPLIN_DB_PASSWORD}
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: tcp
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
hosts:
|
hosts:
|
||||||
- host: joplin.${SECRET_CLUSTER_DOMAIN}
|
- host: "joplin.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "joplin.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -4,7 +4,6 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- bookstack
|
- bookstack
|
||||||
- forecastle
|
|
||||||
- freshrss
|
- freshrss
|
||||||
- homer
|
- homer
|
||||||
- jobs
|
- jobs
|
||||||
|
|||||||
@@ -17,32 +17,40 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
image:
|
image:
|
||||||
repository: dpage/pgadmin4
|
repository: dpage/pgadmin4
|
||||||
tag: 5.5
|
tag: 5.5
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
email: ${SECRET_PGADMIN_EMAIL}
|
email: ${SECRET_PGADMIN_EMAIL}
|
||||||
password: ${SECRET_PGADMIN_PASSWORD}
|
password: ${SECRET_PGADMIN_PASSWORD}
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/client-body-buffer-size: "50m"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "pgAdmin"
|
|
||||||
forecastle.stakater.com/icon: "https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-110x117.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: pgadmin.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
persistentVolume:
|
persistentVolume:
|
||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: pgadmin-config
|
existingClaim: pgadmin-config
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "pgadmin.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "pgadmin.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
kind: Ingress
|
||||||
|
name: pgadmin-pgadmin4
|
||||||
|
patch:
|
||||||
|
- op: add
|
||||||
|
path: /spec/ingressClassName
|
||||||
|
value: traefik
|
||||||
|
|||||||
@@ -17,13 +17,11 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
image:
|
image:
|
||||||
repository: vabene1111/recipes
|
repository: vabene1111/recipes
|
||||||
tag: 0.16.7
|
tag: 0.16.7
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
SECRET_KEY: ${SECRET_RECIPES_SECRET_KEY}
|
SECRET_KEY: ${SECRET_RECIPES_SECRET_KEY}
|
||||||
DEBUG: "0"
|
DEBUG: "0"
|
||||||
@@ -39,33 +37,13 @@ spec:
|
|||||||
FRACTION_PREF_DEFAULT: "0"
|
FRACTION_PREF_DEFAULT: "0"
|
||||||
COMMENT_PREF_DEFAULT: "1"
|
COMMENT_PREF_DEFAULT: "1"
|
||||||
SHOPPING_MIN_AUTOSYNC_INTERVAL: "5"
|
SHOPPING_MIN_AUTOSYNC_INTERVAL: "5"
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
sidecar:
|
sidecar:
|
||||||
image:
|
image:
|
||||||
repository: nginx
|
repository: nginx
|
||||||
tag: 1.21.1
|
tag: 1.21.1
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/client-body-buffer-size: "10m"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-small@kubernetescrd
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Recipes"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/vabene1111/recipes/develop/docs/logo_color.svg"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: recipes.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
persistence:
|
persistence:
|
||||||
media:
|
media:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -74,3 +52,26 @@ spec:
|
|||||||
static:
|
static:
|
||||||
enabled: true
|
enabled: true
|
||||||
type: emptyDir
|
type: emptyDir
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-small@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "recipes.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "recipes.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -207,19 +207,20 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Resilio Sync"
|
|
||||||
forecastle.stakater.com/icon: "https://avatars.githubusercontent.com/u/12284211?s=200&v=4"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/instance: resilio-sync
|
app.kubernetes.io/instance: resilio-sync
|
||||||
app.kubernetes.io/name: resilio-sync
|
app.kubernetes.io/name: resilio-sync
|
||||||
name: resilio-sync
|
name: resilio-sync
|
||||||
namespace: data
|
namespace: data
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "resilio-sync-claude.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
- "resilio-sync-helene.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
rules:
|
rules:
|
||||||
- host: resilio-sync-claude.${SECRET_CLUSTER_DOMAIN}
|
- host: "resilio-sync-claude.${SECRET_CLUSTER_DOMAIN}"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
@@ -229,7 +230,7 @@ spec:
|
|||||||
name: resilio-sync
|
name: resilio-sync
|
||||||
port:
|
port:
|
||||||
number: 8888
|
number: 8888
|
||||||
- host: resilio-sync-helene.${SECRET_CLUSTER_DOMAIN}
|
- host: "resilio-sync-helene.${SECRET_CLUSTER_DOMAIN}"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
|
|||||||
@@ -22,44 +22,9 @@ spec:
|
|||||||
tag: 1.8.0
|
tag: 1.8.0
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
controllerType: deployment
|
|
||||||
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
sharry-config:
|
|
||||||
enabled: "false"
|
|
||||||
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
|
|
||||||
args:
|
args:
|
||||||
- "/opt/sharry.conf"
|
- "/opt/sharry.conf"
|
||||||
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/client-body-buffer-size: "2048m"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: "2048m"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-buffering: "off"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Sharry"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/eikek/sharry/master/artwork/icon.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: sharry.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|
||||||
config: |
|
config: |
|
||||||
sharry.restserver {
|
sharry.restserver {
|
||||||
base-url = "https://sharry.${SECRET_CLUSTER_DOMAIN}"
|
base-url = "https://sharry.${SECRET_CLUSTER_DOMAIN}"
|
||||||
@@ -135,3 +100,30 @@ spec:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
sharry-config:
|
||||||
|
enabled: "false"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "sharry.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "sharry.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ spec:
|
|||||||
repository: vaultwarden/server
|
repository: vaultwarden/server
|
||||||
tag: 1.22.2
|
tag: 1.22.2
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}/"
|
DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}/"
|
||||||
ADMIN_TOKEN: ${SECRET_VAULTWARDEN_ADMIN_TOKEN}
|
ADMIN_TOKEN: ${SECRET_VAULTWARDEN_ADMIN_TOKEN}
|
||||||
@@ -36,23 +37,26 @@ spec:
|
|||||||
SMTP_SSL: "true"
|
SMTP_SSL: "true"
|
||||||
SMTP_USERNAME: ${SECRET_SMTP_USERNAME}
|
SMTP_USERNAME: ${SECRET_SMTP_USERNAME}
|
||||||
SMTP_PASSWORD: ${SECRET_VAULTWARDEN_SMTP_PASSWORD}
|
SMTP_PASSWORD: ${SECRET_VAULTWARDEN_SMTP_PASSWORD}
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: vaultwarden-data
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: tcp
|
prometheus.io/protocol: tcp
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Vaultwarden"
|
|
||||||
forecastle.stakater.com/icon: "https://image.winudf.com/v2/image1/Y29tLng4Yml0LmJpdHdhcmRlbl9pY29uXzE1OTM0NTk3NDNfMDA2/icon.png?fakeurl=1&h=120"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: vaultwarden.${SECRET_CLUSTER_DOMAIN}
|
- host: "vaultwarden.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
@@ -61,11 +65,12 @@ spec:
|
|||||||
- path: /notifications/hub
|
- path: /notifications/hub
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
servicePort: 3012
|
servicePort: 3012
|
||||||
- host: bitwarden.${SECRET_CLUSTER_DOMAIN}
|
- host: "bitwarden.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
persistence:
|
tls:
|
||||||
config:
|
- hosts:
|
||||||
enabled: true
|
- "vaultwarden.${SECRET_CLUSTER_DOMAIN}"
|
||||||
existingClaim: vaultwarden-data
|
- "bitwarden.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -22,10 +22,14 @@ spec:
|
|||||||
tag: 2.4.3-alpine
|
tag: 2.4.3-alpine
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
controllerType: deployment
|
postgresql:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
strategy:
|
persistence:
|
||||||
type: Recreate
|
files:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: vikunja-files
|
||||||
|
mountpath: /app/vikunja/files
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
@@ -35,6 +39,22 @@ spec:
|
|||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: http
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "vikunja.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "vikunja.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
additionalContainers:
|
additionalContainers:
|
||||||
- name: api
|
- name: api
|
||||||
image: vikunja/api:0.17.1
|
image: vikunja/api:0.17.1
|
||||||
@@ -56,28 +76,3 @@ spec:
|
|||||||
mountPath: /app/vikunja/files
|
mountPath: /app/vikunja/files
|
||||||
- name: frontend
|
- name: frontend
|
||||||
image: vikunja/frontend:0.17.0
|
image: vikunja/frontend:0.17.0
|
||||||
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Vikunja"
|
|
||||||
forecastle.stakater.com/icon: "https://vikunja.io/docs/images/vikunja-logo-white.svg"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: vikunja.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
files:
|
|
||||||
enabled: true
|
|
||||||
existingClaim: vikunja-files
|
|
||||||
mountpath: /app/vikunja/files
|
|
||||||
|
|
||||||
postgresql:
|
|
||||||
enabled: false
|
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ spec:
|
|||||||
# Upgrading the wallabag version generally requires a migration.
|
# Upgrading the wallabag version generally requires a migration.
|
||||||
# see https://doc.wallabag.org/en/admin/upgrade.html
|
# see https://doc.wallabag.org/en/admin/upgrade.html
|
||||||
tag: 2.4.2
|
tag: 2.4.2
|
||||||
|
|
||||||
env:
|
env:
|
||||||
SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql
|
SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql
|
||||||
SYMFONY__ENV__DATABASE_HOST: postgresql-kube.data.svc.cluster.local.
|
SYMFONY__ENV__DATABASE_HOST: postgresql-kube.data.svc.cluster.local.
|
||||||
@@ -34,33 +35,7 @@ spec:
|
|||||||
SYMFONY__ENV__FOSUSER_REGISTRATION: "false"
|
SYMFONY__ENV__FOSUSER_REGISTRATION: "false"
|
||||||
SYMFONY__ENV__FOSUSER_CONFIRMATION: "false"
|
SYMFONY__ENV__FOSUSER_CONFIRMATION: "false"
|
||||||
POPULATE_DATABASE: "false"
|
POPULATE_DATABASE: "false"
|
||||||
securityContext:
|
|
||||||
runAsUser: 0
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
ports:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Wallabag"
|
|
||||||
forecastle.stakater.com/icon: "https://cdnx.nextinpact.com/compress/850-412/data-next/images/bd/wide-linked-media/545.jpg"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: wallabag.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
persistence:
|
|
||||||
images:
|
|
||||||
enabled: true
|
|
||||||
existingClaim: wallabag-images
|
|
||||||
redis:
|
redis:
|
||||||
enabled: true
|
enabled: true
|
||||||
clusterDomain: ${CLUSTER_DOMAIN}
|
clusterDomain: ${CLUSTER_DOMAIN}
|
||||||
@@ -69,3 +44,34 @@ spec:
|
|||||||
replicaCount: 0
|
replicaCount: 0
|
||||||
persistence:
|
persistence:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
images:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: wallabag-images
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "wallabag.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "wallabag.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -18,29 +18,44 @@ spec:
|
|||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
storage: s3
|
storage: s3
|
||||||
|
|
||||||
s3:
|
s3:
|
||||||
region: "us-east-1"
|
region: "us-east-1"
|
||||||
regionEndpoint: ${SECRET_MINIO_ENDPOINT}
|
regionEndpoint: ${SECRET_MINIO_ENDPOINT}
|
||||||
bucket: docker-registry
|
bucket: docker-registry
|
||||||
encrypt: false
|
encrypt: false
|
||||||
secure: true
|
secure: true
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
htpasswd: ${SECRET_DOCKER_REGISTRY_HTPASSWD}
|
htpasswd: ${SECRET_DOCKER_REGISTRY_HTPASSWD}
|
||||||
s3:
|
s3:
|
||||||
accessKey: ${SECRET_MINIO_ACCESS_KEY}
|
accessKey: ${SECRET_MINIO_ACCESS_KEY}
|
||||||
secretKey: ${SECRET_MINIO_SECRET_KEY}
|
secretKey: ${SECRET_MINIO_SECRET_KEY}
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
|
|
||||||
hosts:
|
|
||||||
- registry.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
service:
|
service:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: http
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- "registry.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "registry.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
kind: Ingress
|
||||||
|
name: docker-registry
|
||||||
|
patch:
|
||||||
|
- op: add
|
||||||
|
path: /spec/ingressClassName
|
||||||
|
value: traefik
|
||||||
|
|||||||
@@ -17,13 +17,10 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
updateStrategy:
|
|
||||||
type: Recreate
|
|
||||||
image:
|
image:
|
||||||
repository: drone/drone
|
repository: drone/drone
|
||||||
tag: 2.0.4
|
tag: 2.0.4
|
||||||
persistentVolume:
|
|
||||||
enabled: false
|
|
||||||
env:
|
env:
|
||||||
DRONE_DATABASE_DRIVER: postgres
|
DRONE_DATABASE_DRIVER: postgres
|
||||||
DRONE_DATABASE_DATASOURCE: ${SECRET_DRONE_DATABASE_DATASOURCE}
|
DRONE_DATABASE_DATASOURCE: ${SECRET_DRONE_DATABASE_DATASOURCE}
|
||||||
@@ -38,11 +35,31 @@ spec:
|
|||||||
DRONE_LOGS_COLOR: true
|
DRONE_LOGS_COLOR: true
|
||||||
DRONE_SERVER_PROTO: https
|
DRONE_SERVER_PROTO: https
|
||||||
DRONE_SERVER_HOST: drone.${SECRET_CLUSTER_DOMAIN}
|
DRONE_SERVER_HOST: drone.${SECRET_CLUSTER_DOMAIN}
|
||||||
|
|
||||||
|
updateStrategy:
|
||||||
|
type: Recreate
|
||||||
|
|
||||||
|
persistentVolume:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
hosts:
|
hosts:
|
||||||
- host: drone.${SECRET_CLUSTER_DOMAIN}
|
- host: "drone.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths: ["/"]
|
paths: ["/"]
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "wallabag.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
kind: Ingress
|
||||||
|
name: drone
|
||||||
|
patch:
|
||||||
|
- op: add
|
||||||
|
path: /spec/ingressClassName
|
||||||
|
value: traefik
|
||||||
|
|||||||
@@ -20,32 +20,7 @@ spec:
|
|||||||
image:
|
image:
|
||||||
repository: gitea/gitea
|
repository: gitea/gitea
|
||||||
tag: 1.14.6
|
tag: 1.14.6
|
||||||
persistence:
|
|
||||||
enabled: true
|
|
||||||
size: 10Gi
|
|
||||||
existingClaim: "gitea-config"
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
hosts:
|
|
||||||
- host: "gitea.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
service:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: "tcp"
|
|
||||||
http:
|
|
||||||
port: 3000
|
|
||||||
ssh:
|
|
||||||
type: LoadBalancer
|
|
||||||
port: 22
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
externalIPs:
|
|
||||||
- ${CLUSTER_LB_GITEA}
|
|
||||||
gitea:
|
gitea:
|
||||||
admin:
|
admin:
|
||||||
email: ${SECRET_GITEA_ADMIN_EMAIL}
|
email: ${SECRET_GITEA_ADMIN_EMAIL}
|
||||||
@@ -86,9 +61,51 @@ spec:
|
|||||||
cache:
|
cache:
|
||||||
builtIn:
|
builtIn:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
memcached:
|
memcached:
|
||||||
image:
|
image:
|
||||||
repository: bitnami/memcached
|
repository: bitnami/memcached
|
||||||
tag: 1.6.10
|
tag: 1.6.10
|
||||||
service:
|
service:
|
||||||
port: 11211
|
port: 11211
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
size: 10Gi
|
||||||
|
existingClaim: "gitea-config"
|
||||||
|
|
||||||
|
service:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: "tcp"
|
||||||
|
ssh:
|
||||||
|
type: LoadBalancer
|
||||||
|
port: 22
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
externalIPs:
|
||||||
|
- ${CLUSTER_LB_GITEA}
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "gitea.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "gitea.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
kind: Ingress
|
||||||
|
name: gitea
|
||||||
|
patch:
|
||||||
|
- op: add
|
||||||
|
path: /spec/ingressClassName
|
||||||
|
value: traefik
|
||||||
|
|||||||
@@ -19,28 +19,14 @@ spec:
|
|||||||
values:
|
values:
|
||||||
replicaCount: 3
|
replicaCount: 3
|
||||||
recreatePods: true
|
recreatePods: true
|
||||||
service:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: tcp
|
|
||||||
type: LoadBalancer
|
|
||||||
loadBalancerIP: ${CLUSTER_LB_EMQX}
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
ingress:
|
|
||||||
dashboard:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
path: /
|
|
||||||
hosts:
|
|
||||||
- emqx.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
emqxConfig:
|
emqxConfig:
|
||||||
EMQX_ALLOW_ANONYMOUS: "false"
|
EMQX_ALLOW_ANONYMOUS: "false"
|
||||||
EMQX_ADMIN_PASSWORD: "${SECRET_EMQX_ADMIN_PASSWORD}"
|
EMQX_ADMIN_PASSWORD: "${SECRET_EMQX_ADMIN_PASSWORD}"
|
||||||
EMQX_AUTH__MNESIA__PASSWORD_HASH: plain
|
EMQX_AUTH__MNESIA__PASSWORD_HASH: plain
|
||||||
EMQX_AUTH__USER__1__USERNAME: "${SECRET_MQTT_USERNAME}"
|
EMQX_AUTH__USER__1__USERNAME: "${SECRET_MQTT_USERNAME}"
|
||||||
EMQX_AUTH__USER__1__PASSWORD: "${SECRET_MQTT_PASSWORD}"
|
EMQX_AUTH__USER__1__PASSWORD: "${SECRET_MQTT_PASSWORD}"
|
||||||
|
|
||||||
emqxAclConfig: >
|
emqxAclConfig: >
|
||||||
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
|
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
|
||||||
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
|
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
|
||||||
@@ -62,6 +48,28 @@ spec:
|
|||||||
{emqx_mod_rewrite, false}.
|
{emqx_mod_rewrite, false}.
|
||||||
{emqx_mod_subscription, false}.
|
{emqx_mod_subscription, false}.
|
||||||
{emqx_mod_topic_metrics, true}.
|
{emqx_mod_topic_metrics, true}.
|
||||||
|
|
||||||
|
service:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: tcp
|
||||||
|
type: LoadBalancer
|
||||||
|
loadBalancerIP: ${CLUSTER_LB_EMQX}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
dashboard:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
path: /
|
||||||
|
hosts:
|
||||||
|
- emqx.${SECRET_CLUSTER_DOMAIN}
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "emqx.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
affinity:
|
affinity:
|
||||||
podAntiAffinity:
|
podAntiAffinity:
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
@@ -74,6 +82,7 @@ spec:
|
|||||||
values:
|
values:
|
||||||
- emqx
|
- emqx
|
||||||
topologyKey: kubernetes.io/hostname
|
topologyKey: kubernetes.io/hostname
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
@@ -93,3 +102,10 @@ spec:
|
|||||||
path: /spec/externalIPs
|
path: /spec/externalIPs
|
||||||
value:
|
value:
|
||||||
- "${CLUSTER_LB_EMQX}"
|
- "${CLUSTER_LB_EMQX}"
|
||||||
|
- target:
|
||||||
|
kind: Ingress
|
||||||
|
name: emqx-dashboard
|
||||||
|
patch:
|
||||||
|
- op: add
|
||||||
|
path: /spec/ingressClassName
|
||||||
|
value: traefik
|
||||||
|
|||||||
@@ -20,27 +20,10 @@ spec:
|
|||||||
image:
|
image:
|
||||||
repository: blakeblackshear/frigate
|
repository: blakeblackshear/frigate
|
||||||
tag: 0.8.4-amd64
|
tag: 0.8.4-amd64
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
|
||||||
hosts:
|
|
||||||
- host: "frigate.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
data:
|
data:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -56,6 +39,7 @@ spec:
|
|||||||
medium: Memory
|
medium: Memory
|
||||||
sizeLimit: 2Gi
|
sizeLimit: 2Gi
|
||||||
mountPath: /dev/shm
|
mountPath: /dev/shm
|
||||||
|
|
||||||
config: |
|
config: |
|
||||||
mqtt:
|
mqtt:
|
||||||
host: emqx
|
host: emqx
|
||||||
@@ -101,6 +85,30 @@ spec:
|
|||||||
|
|
||||||
podAnnotations:
|
podAnnotations:
|
||||||
configmap.reloader.stakater.com/reload: "frigate-config"
|
configmap.reloader.stakater.com/reload: "frigate-config"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "frigate.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "frigate.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
affinity:
|
affinity:
|
||||||
nodeAffinity:
|
nodeAffinity:
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
@@ -114,6 +122,7 @@ spec:
|
|||||||
operator: In
|
operator: In
|
||||||
values:
|
values:
|
||||||
- "true"
|
- "true"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
gpu.intel.com/i915: 1
|
gpu.intel.com/i915: 1
|
||||||
|
|||||||
@@ -17,10 +17,10 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/home-assistant/home-assistant
|
repository: ghcr.io/home-assistant/home-assistant
|
||||||
tag: 2021.8.4
|
tag: 2021.8.4
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
HASS_SECRET_URL: https://home-assistant.${SECRET_CLUSTER_DOMAIN}
|
HASS_SECRET_URL: https://home-assistant.${SECRET_CLUSTER_DOMAIN}
|
||||||
@@ -30,8 +30,10 @@ spec:
|
|||||||
HASS_SECRET_MQTT_USERNAME: ${SECRET_MQTT_USERNAME}
|
HASS_SECRET_MQTT_USERNAME: ${SECRET_MQTT_USERNAME}
|
||||||
HASS_SECRET_MQTT_PASSWORD: ${SECRET_MQTT_PASSWORD}
|
HASS_SECRET_MQTT_PASSWORD: ${SECRET_MQTT_PASSWORD}
|
||||||
HASS_SECRET_DB_URL: ${SECRET_HASS_DB_URL}
|
HASS_SECRET_DB_URL: ${SECRET_HASS_DB_URL}
|
||||||
|
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
annotations:
|
annotations:
|
||||||
@@ -41,24 +43,32 @@ spec:
|
|||||||
externalIPs:
|
externalIPs:
|
||||||
- ${CLUSTER_LB_HASS}
|
- ${CLUSTER_LB_HASS}
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
hosts:
|
hosts:
|
||||||
- host: hass.${SECRET_CLUSTER_DOMAIN}
|
- host: "hass.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
- host: home-assistant.${SECRET_CLUSTER_DOMAIN}
|
- host: "home-assistant.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "hass.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
- "home-assistant.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
prometheus:
|
prometheus:
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
probes:
|
probes:
|
||||||
liveness:
|
liveness:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -66,10 +76,15 @@ spec:
|
|||||||
enabled: false
|
enabled: false
|
||||||
startup:
|
startup:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: hass-config
|
existingClaim: hass-config
|
||||||
|
|
||||||
addons:
|
addons:
|
||||||
codeserver:
|
codeserver:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -86,20 +101,24 @@ spec:
|
|||||||
- "/config/.vscode"
|
- "/config/.vscode"
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts:
|
hosts:
|
||||||
- host: hass-config.${SECRET_CLUSTER_DOMAIN}
|
- host: "hass-config.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "hass-config.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /config
|
mountPath: /config
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
memory: 1000Mi
|
memory: 1000Mi
|
||||||
postgresql:
|
|
||||||
enabled: false
|
|
||||||
|
|||||||
@@ -20,9 +20,11 @@ spec:
|
|||||||
image:
|
image:
|
||||||
repository: koenkk/zigbee2mqtt
|
repository: koenkk/zigbee2mqtt
|
||||||
tag: 1.21.0
|
tag: 1.21.0
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: Europe/Paris
|
TZ: Europe/Paris
|
||||||
ZIGBEE2MQTT_DATA: /data
|
ZIGBEE2MQTT_DATA: /data
|
||||||
|
|
||||||
config:
|
config:
|
||||||
homeassistant: true
|
homeassistant: true
|
||||||
device_options:
|
device_options:
|
||||||
@@ -61,18 +63,18 @@ spec:
|
|||||||
new_api: true
|
new_api: true
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: "http"
|
prometheus.io/protocol: "http"
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts:
|
hosts:
|
||||||
@@ -80,6 +82,11 @@ spec:
|
|||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -90,6 +97,7 @@ spec:
|
|||||||
type: hostPath
|
type: hostPath
|
||||||
hostPath: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
|
hostPath: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
|
||||||
hostPathType: CharDevice
|
hostPathType: CharDevice
|
||||||
|
|
||||||
affinity:
|
affinity:
|
||||||
nodeAffinity:
|
nodeAffinity:
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
|||||||
@@ -21,17 +21,24 @@ spec:
|
|||||||
image:
|
image:
|
||||||
repository: ghcr.io/zwave-js/zwavejs2mqtt
|
repository: ghcr.io/zwave-js/zwavejs2mqtt
|
||||||
tag: 5.4.5
|
tag: 5.4.5
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts:
|
hosts:
|
||||||
@@ -42,11 +49,8 @@ spec:
|
|||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- zwave.${SECRET_CLUSTER_DOMAIN}
|
- zwave.${SECRET_CLUSTER_DOMAIN}
|
||||||
service:
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -57,6 +61,7 @@ spec:
|
|||||||
type: hostPath
|
type: hostPath
|
||||||
hostPath: /dev/serial/by-id/usb-0658_0200-if00
|
hostPath: /dev/serial/by-id/usb-0658_0200-if00
|
||||||
hostPathType: CharDevice
|
hostPathType: CharDevice
|
||||||
|
|
||||||
affinity:
|
affinity:
|
||||||
nodeAffinity:
|
nodeAffinity:
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
|||||||
@@ -33,18 +33,17 @@ spec:
|
|||||||
create: true
|
create: true
|
||||||
host: "k10.${SECRET_CLUSTER_DOMAIN}"
|
host: "k10.${SECRET_CLUSTER_DOMAIN}"
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
urlPath: k10
|
urlPath: k10
|
||||||
hosts:
|
hosts:
|
||||||
- "k10.${SECRET_CLUSTER_DOMAIN}"
|
- "k10.${SECRET_CLUSTER_DOMAIN}"
|
||||||
# postRenderers:
|
postRenderers:
|
||||||
# - kustomize:
|
- kustomize:
|
||||||
# patchesJson6902:
|
patchesJson6902:
|
||||||
# - target:
|
- target:
|
||||||
# kind: Ingress
|
kind: Ingress
|
||||||
# name: k10-ingress
|
name: k10-ingress
|
||||||
# patch:
|
patch:
|
||||||
# - op: add
|
- op: add
|
||||||
# path: /spec/ingressClassName
|
path: /spec/ingressClassName
|
||||||
# value: traefik
|
value: traefik
|
||||||
|
|||||||
@@ -8,3 +8,4 @@ resources:
|
|||||||
- media
|
- media
|
||||||
- monitoring
|
- monitoring
|
||||||
- networking
|
- networking
|
||||||
|
- secret-reflector
|
||||||
|
|||||||
@@ -17,17 +17,19 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/k8s-at-home/bazarr
|
repository: ghcr.io/k8s-at-home/bazarr
|
||||||
tag: v0.9.6
|
tag: v0.9.6
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 568
|
runAsUser: 568
|
||||||
runAsGroup: 568
|
runAsGroup: 568
|
||||||
fsGroup: 568
|
fsGroup: 568
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -36,28 +38,32 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: nfs-video-media
|
existingClaim: nfs-video-media
|
||||||
mountPath: "/mnt/storage/video"
|
mountPath: "/mnt/storage/video"
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: http
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "bazarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "bazarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 500Mi
|
memory: 500Mi
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
limits:
|
limits:
|
||||||
memory: 1500Mi
|
memory: 1500Mi
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
|
||||||
hosts:
|
|
||||||
- host: bazarr.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|||||||
@@ -17,51 +17,53 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
image:
|
image:
|
||||||
repository: jesec/flood
|
repository: jesec/flood
|
||||||
tag: 4.6.1
|
tag: 4.6.1
|
||||||
pullPolicy: Always
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
FLOOD_OPTION_RUNDIR: /data
|
FLOOD_OPTION_RUNDIR: /data
|
||||||
FLOOD_OPTION_AUTH: "none"
|
FLOOD_OPTION_AUTH: "none"
|
||||||
FLOOD_OPTION_QBURL: "http://qbittorrent:8080"
|
FLOOD_OPTION_QBURL: "http://qbittorrent:8080"
|
||||||
FLOOD_OPTION_QBUSER: admin
|
FLOOD_OPTION_QBUSER: admin
|
||||||
FLOOD_OPTION_QBPASS: ${SECRET_QBITTORRENT_PASSWORD}
|
FLOOD_OPTION_QBPASS: ${SECRET_QBITTORRENT_PASSWORD}
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 1001
|
runAsUser: 1001
|
||||||
runAsGroup: 1001
|
runAsGroup: 1001
|
||||||
fsGroup: 1001
|
fsGroup: 1001
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
data:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: flood-config
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Flood"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/jesec/flood/master/flood.svg"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: flood.${SECRET_CLUSTER_DOMAIN}
|
- host: flood.${SECRET_CLUSTER_DOMAIN}
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
persistence:
|
tls:
|
||||||
data:
|
- hosts:
|
||||||
enabled: true
|
- "flood.${SECRET_CLUSTER_DOMAIN}"
|
||||||
existingClaim: flood-config
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 250Mi
|
memory: 250Mi
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
limits:
|
limits:
|
||||||
memory: 1500Mi
|
memory: 1500Mi
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
|
|||||||
@@ -21,13 +21,7 @@ spec:
|
|||||||
repository: jellyfin/jellyfin
|
repository: jellyfin/jellyfin
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: 10.7.6
|
tag: 10.7.6
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -44,34 +38,41 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: nfs-photo-media
|
existingClaim: nfs-photo-media
|
||||||
mountPath: "/mnt/storage/photo"
|
mountPath: "/mnt/storage/photo"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "jellyfin.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "jellyfin.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 4Gi
|
memory: 4Gi
|
||||||
cpu: 1
|
cpu: 1
|
||||||
limits:
|
limits:
|
||||||
gpu.intel.com/i915: 1
|
gpu.intel.com/i915: 1
|
||||||
ingress:
|
|
||||||
main:
|
affinity:
|
||||||
enabled: true
|
nodeAffinity:
|
||||||
ingressClassName: "nginx"
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
annotations:
|
nodeSelectorTerms:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
- matchExpressions:
|
||||||
forecastle.stakater.com/expose: "true"
|
- key: feature.node.kubernetes.io/custom-intel-gpu
|
||||||
forecastle.stakater.com/appName: "Jellyfin"
|
operator: In
|
||||||
forecastle.stakater.com/icon: "https://features.jellyfin.org/images/logos/a7Lx9nYDzWuDR94Az8Yum7neWMvNMndkm9qr4QVtmjaMrOHDLisS5K7LJctTRzK9-icon-transparent.png?size=200"
|
values:
|
||||||
hosts:
|
- "true"
|
||||||
- host: jellyfin.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
affinity:
|
|
||||||
podAntiAffinity:
|
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- weight: 100
|
|
||||||
podAffinityTerm:
|
|
||||||
labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: feature.node.kubernetes.io/custom-coral-tpu
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- "true"
|
|
||||||
|
|||||||
@@ -17,45 +17,19 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/k8s-at-home/lidarr
|
repository: ghcr.io/k8s-at-home/lidarr
|
||||||
tag: v1.0.0.2248
|
tag: v1.0.0.2248
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 568
|
runAsUser: 568
|
||||||
runAsGroup: 568
|
runAsGroup: 568
|
||||||
fsGroup: 568
|
fsGroup: 568
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Lidarr"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/lidarr/Lidarr/14c3d31c2bf64893e9e7c137a04bfc096e6d36fe/frontend/src/Content/Images/Icons/android-chrome-192x192.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: lidarr.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
api:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
hosts:
|
|
||||||
- host: "lidarr.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /api
|
|
||||||
pathType: Prefix
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -72,22 +46,55 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: qbittorrent-cache
|
existingClaim: qbittorrent-cache
|
||||||
mountPath: "/downloads"
|
mountPath: "/downloads"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "lidarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "lidarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
api:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "lidarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /api
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "lidarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 500Mi
|
memory: 500Mi
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
limits:
|
limits:
|
||||||
memory: 1500Mi
|
memory: 1500Mi
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
prometheus:
|
prometheus:
|
||||||
podMonitor:
|
podMonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
interval: 10m
|
interval: 10m
|
||||||
scrapeTimeout: 2m
|
scrapeTimeout: 2m
|
||||||
|
|
||||||
additionalContainers:
|
additionalContainers:
|
||||||
- name: exportarr
|
- name: exportarr
|
||||||
image: ghcr.io/onedr0p/exportarr:v0.6.1
|
image: ghcr.io/onedr0p/exportarr:v0.6.1
|
||||||
|
|||||||
@@ -22,30 +22,6 @@ spec:
|
|||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: v4.3.4
|
tag: v4.3.4
|
||||||
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Lychee"
|
|
||||||
forecastle.stakater.com/icon: "https://lycheeorg.github.io/docs/img/logo.png"
|
|
||||||
hosts:
|
|
||||||
- host: lychee.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|
||||||
env:
|
env:
|
||||||
PHP_TZ: Europe/Paris
|
PHP_TZ: Europe/Paris
|
||||||
DB_CONNECTION: pgsql
|
DB_CONNECTION: pgsql
|
||||||
@@ -65,3 +41,24 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
mountPath: /uploads
|
mountPath: /uploads
|
||||||
existingClaim: lychee-files
|
existingClaim: lychee-files
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "nginx"
|
||||||
|
# annotations:
|
||||||
|
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "lychee.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "lychee.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -21,34 +21,14 @@ spec:
|
|||||||
repository: deluan/navidrome
|
repository: deluan/navidrome
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: 0.44.1
|
tag: 0.44.1
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Navidrome"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/navidrome/navidrome/master/resources/logo-192x192.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: navidrome.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
env:
|
env:
|
||||||
ND_SCANINTERVAL: 15m
|
ND_SCANINTERVAL: 15m
|
||||||
ND_LOGLEVEL: info
|
ND_LOGLEVEL: info
|
||||||
ND_SESSIONTIMEOUT: 24h
|
ND_SESSIONTIMEOUT: 24h
|
||||||
ND_ENABLETRANSCODINGCONFIG: "true"
|
ND_ENABLETRANSCODINGCONFIG: "true"
|
||||||
ND_MUSICFOLDER: /mnt/storage/music/Artistes
|
ND_MUSICFOLDER: /mnt/storage/music/Artistes
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -58,3 +38,24 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
mountPath: /mnt/storage/music/
|
mountPath: /mnt/storage/music/
|
||||||
existingClaim: nfs-music-media
|
existingClaim: nfs-music-media
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "navidrome.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "navidrome.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -17,47 +17,44 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/k8s-at-home/prowlarr
|
repository: ghcr.io/k8s-at-home/prowlarr
|
||||||
tag: v0.1.0.768
|
tag: v0.1.0.768
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
podSecurityContext:
|
|
||||||
runAsUser: 568
|
|
||||||
runAsGroup: 568
|
|
||||||
fsGroup: 568
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: prowlarr-config
|
existingClaim: prowlarr-config
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Prowlarr"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Prowlarr/Prowlarr/develop/Logo/256.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: prowlarr.${SECRET_CLUSTER_DOMAIN}
|
- host: "prowlarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "prowlarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 100Mi
|
memory: 100Mi
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
limits:
|
limits:
|
||||||
memory: 1000Mi
|
memory: 1000Mi
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
|
|||||||
@@ -17,13 +17,14 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
image:
|
image:
|
||||||
repository: linuxserver/pyload
|
repository: linuxserver/pyload
|
||||||
tag: version-5f5aaf56
|
tag: version-5f5aaf56
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -32,29 +33,31 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: nfs-downloads-media
|
existingClaim: nfs-downloads-media
|
||||||
mountPath: "/mnt/storage/downloads"
|
mountPath: "/mnt/storage/downloads"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "pyload.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "pyload.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 1Gi
|
memory: 1Gi
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
limits:
|
limits:
|
||||||
memory: 5Gi
|
memory: 5Gi
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "pyLoad"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/pyload/pyload/main/media/logo.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: pyload.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|||||||
@@ -17,13 +17,32 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/k8s-at-home/qbittorrent
|
repository: ghcr.io/k8s-at-home/qbittorrent
|
||||||
tag: v4.3.7
|
tag: v4.3.7
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsUser: 568
|
||||||
|
runAsGroup: 568
|
||||||
|
fsGroup: 568
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: qbittorrent-config
|
||||||
|
qbittorrent-cache:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: qbittorrent-cache
|
||||||
|
mountPath: "/downloads"
|
||||||
|
nfs-downloads-media:
|
||||||
|
enabled: true
|
||||||
|
existingClaim: nfs-downloads-media
|
||||||
|
mountPath: "/mnt/storage/downloads"
|
||||||
|
|
||||||
service:
|
service:
|
||||||
bittorrent:
|
bittorrent:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -40,38 +59,23 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
targetPort: 6881
|
targetPort: 6881
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
podSecurityContext:
|
|
||||||
runAsUser: 568
|
ingress:
|
||||||
runAsGroup: 568
|
main:
|
||||||
fsGroup: 568
|
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: qbittorrent-config
|
ingressClassName: "traefik"
|
||||||
qbittorrent-cache:
|
annotations:
|
||||||
enabled: true
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
existingClaim: qbittorrent-cache
|
hosts:
|
||||||
mountPath: "/downloads"
|
- host: "qbittorrent.${SECRET_CLUSTER_DOMAIN}"
|
||||||
nfs-downloads-media:
|
paths:
|
||||||
enabled: true
|
- path: /
|
||||||
existingClaim: nfs-downloads-media
|
pathType: Prefix
|
||||||
mountPath: "/mnt/storage/downloads"
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "qbittorrent.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 4Gi
|
memory: 4Gi
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "qBittorrent"
|
|
||||||
forecastle.stakater.com/icon: "https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/New_qBittorrent_Logo.svg/600px-New_qBittorrent_Logo.svg.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: qbittorrent.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|||||||
@@ -22,40 +22,15 @@ spec:
|
|||||||
repository: ghcr.io/k8s-at-home/radarr
|
repository: ghcr.io/k8s-at-home/radarr
|
||||||
tag: v3.2.2.5080
|
tag: v3.2.2.5080
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 568
|
runAsUser: 568
|
||||||
runAsGroup: 568
|
runAsGroup: 568
|
||||||
fsGroup: 568
|
fsGroup: 568
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Radarr"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Radarr/Radarr/develop/Logo/256.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: radarr.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
api:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
hosts:
|
|
||||||
- host: "radarr.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /api
|
|
||||||
pathType: Prefix
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -68,22 +43,55 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: qbittorrent-cache
|
existingClaim: qbittorrent-cache
|
||||||
mountPath: "/downloads"
|
mountPath: "/downloads"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "radarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "radarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
api:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "radarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /api
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "radarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 500Mi
|
memory: 500Mi
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
limits:
|
limits:
|
||||||
memory: 1500Mi
|
memory: 1500Mi
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
prometheus:
|
prometheus:
|
||||||
podMonitor:
|
podMonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
interval: 10m
|
interval: 10m
|
||||||
scrapeTimeout: 2m
|
scrapeTimeout: 2m
|
||||||
|
|
||||||
additionalContainers:
|
additionalContainers:
|
||||||
- name: exportarr
|
- name: exportarr
|
||||||
image: ghcr.io/onedr0p/exportarr:v0.6.1
|
image: ghcr.io/onedr0p/exportarr:v0.6.1
|
||||||
|
|||||||
@@ -20,41 +20,10 @@ spec:
|
|||||||
image:
|
image:
|
||||||
repository: ghcr.io/k8s-at-home/sabnzbd
|
repository: ghcr.io/k8s-at-home/sabnzbd
|
||||||
tag: v3.3.1
|
tag: v3.3.1
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: "Europe/Paris"
|
TZ: "Europe/Paris"
|
||||||
# disable service monitoring because of ip blacklist
|
|
||||||
# service:
|
|
||||||
# main:
|
|
||||||
# annotations:
|
|
||||||
# prometheus.io/probe: "true"
|
|
||||||
# prometheus.io/protocol: http
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "SABnzbd"
|
|
||||||
forecastle.stakater.com/icon: "https://avatars.githubusercontent.com/u/16778130?v=4"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
api:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
nameSuffix: "api"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
hosts:
|
|
||||||
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /api
|
|
||||||
pathType: Prefix
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -66,6 +35,44 @@ spec:
|
|||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
supplementalGroups:
|
supplementalGroups:
|
||||||
- 100
|
- 100
|
||||||
|
|
||||||
|
# disable service monitoring because of ip blacklist
|
||||||
|
# service:
|
||||||
|
# main:
|
||||||
|
# annotations:
|
||||||
|
# prometheus.io/probe: "true"
|
||||||
|
# prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
api:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
nameSuffix: "api"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /api
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 250Mi
|
memory: 250Mi
|
||||||
|
|||||||
@@ -28,34 +28,7 @@ spec:
|
|||||||
runAsUser: 568
|
runAsUser: 568
|
||||||
runAsGroup: 568
|
runAsGroup: 568
|
||||||
fsGroup: 568
|
fsGroup: 568
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Sonarr"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
|
||||||
- host: sonarr.${SECRET_CLUSTER_DOMAIN}
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
api:
|
|
||||||
enabled: true
|
|
||||||
ingressClassName: "nginx"
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
|
||||||
hosts:
|
|
||||||
- host: "sonarr.${SECRET_CLUSTER_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /api
|
|
||||||
pathType: Prefix
|
|
||||||
persistence:
|
persistence:
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -68,22 +41,55 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
existingClaim: qbittorrent-cache
|
existingClaim: qbittorrent-cache
|
||||||
mountPath: "/downloads"
|
mountPath: "/downloads"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: "sonarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "sonarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
api:
|
||||||
|
enabled: true
|
||||||
|
ingressClassName: "traefik"
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
hosts:
|
||||||
|
- host: "sonarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /api
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "sonarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 500Mi
|
memory: 500Mi
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
limits:
|
limits:
|
||||||
memory: 1500Mi
|
memory: 1500Mi
|
||||||
service:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
prometheus:
|
prometheus:
|
||||||
podMonitor:
|
podMonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
interval: 10m
|
interval: 10m
|
||||||
scrapeTimeout: 2m
|
scrapeTimeout: 2m
|
||||||
|
|
||||||
additionalContainers:
|
additionalContainers:
|
||||||
- name: exportarr
|
- name: exportarr
|
||||||
image: ghcr.io/onedr0p/exportarr:v0.6.1
|
image: ghcr.io/onedr0p/exportarr:v0.6.1
|
||||||
|
|||||||
@@ -22,19 +22,6 @@ spec:
|
|||||||
tag: 2.00.10
|
tag: 2.00.10
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
ports:
|
|
||||||
http:
|
|
||||||
port: 8265
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: http
|
|
||||||
server:
|
|
||||||
enabled: true
|
|
||||||
protocol: TCP
|
|
||||||
port: 8266
|
|
||||||
|
|
||||||
env:
|
env:
|
||||||
TZ: Europe/Paris
|
TZ: Europe/Paris
|
||||||
webUIPort: 8265
|
webUIPort: 8265
|
||||||
@@ -59,21 +46,31 @@ spec:
|
|||||||
mountPath: /media
|
mountPath: /media
|
||||||
existingClaim: nfs-video-media
|
existingClaim: nfs-video-media
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 8265
|
||||||
|
annotations:
|
||||||
|
prometheus.io/probe: "true"
|
||||||
|
prometheus.io/protocol: http
|
||||||
|
server:
|
||||||
|
enabled: true
|
||||||
|
protocol: TCP
|
||||||
|
port: 8266
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Tdarr"
|
|
||||||
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/HaveAGitGat/Tdarr/master/public/images/icon_dark.png"
|
|
||||||
forecastle.stakater.com/network-restricted: "true"
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: tdarr.${SECRET_CLUSTER_DOMAIN}
|
- host: "tdarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "tdarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -36,10 +36,6 @@ spec:
|
|||||||
- name: caddyfile
|
- name: caddyfile
|
||||||
configMap:
|
configMap:
|
||||||
name: travelstories-caddyfile
|
name: travelstories-caddyfile
|
||||||
dnsConfig:
|
|
||||||
options:
|
|
||||||
- name: ndots
|
|
||||||
value: "1"
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@@ -79,22 +75,17 @@ apiVersion: networking.k8s.io/v1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
|
||||||
forecastle.stakater.com/expose: "true"
|
|
||||||
forecastle.stakater.com/appName: "Travelstories"
|
|
||||||
forecastle.stakater.com/icon: "https://image.flaticon.com/icons/png/512/120/120653.png"
|
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/instance: travelstories
|
app.kubernetes.io/instance: travelstories
|
||||||
app.kubernetes.io/name: travelstories
|
app.kubernetes.io/name: travelstories
|
||||||
name: travelstories
|
name: travelstories
|
||||||
namespace: media
|
namespace: media
|
||||||
spec:
|
spec:
|
||||||
|
ingressClassName: "traefik"
|
||||||
rules:
|
rules:
|
||||||
- host: travelstories.${SECRET_CLUSTER_DOMAIN}
|
- host: "travelstories.${SECRET_CLUSTER_DOMAIN}"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
@@ -104,3 +95,7 @@ spec:
|
|||||||
name: travelstories
|
name: travelstories
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "tdarr.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -18,6 +18,7 @@ spec:
|
|||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
allowIcmp: true
|
allowIcmp: true
|
||||||
|
|
||||||
config:
|
config:
|
||||||
modules:
|
modules:
|
||||||
icmp:
|
icmp:
|
||||||
@@ -35,6 +36,7 @@ spec:
|
|||||||
tcp_connect:
|
tcp_connect:
|
||||||
prober: tcp
|
prober: tcp
|
||||||
timeout: 30s
|
timeout: 30s
|
||||||
|
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
defaults:
|
defaults:
|
||||||
@@ -64,6 +66,7 @@ spec:
|
|||||||
- name: k3s-worker3
|
- name: k3s-worker3
|
||||||
url: "${LOCAL_LAN_K3SWORKER3}"
|
url: "${LOCAL_LAN_K3SWORKER3}"
|
||||||
module: icmp
|
module: icmp
|
||||||
|
|
||||||
prometheusRule:
|
prometheusRule:
|
||||||
enabled: true
|
enabled: true
|
||||||
additionalLabels:
|
additionalLabels:
|
||||||
@@ -84,12 +87,10 @@ spec:
|
|||||||
for: 15m
|
for: 15m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts:
|
hosts:
|
||||||
@@ -97,3 +98,18 @@ spec:
|
|||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "blackbox.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
kind: Ingress
|
||||||
|
name: blackbox-exporter-prometheus-blackbox-exporter
|
||||||
|
patch:
|
||||||
|
- op: add
|
||||||
|
path: /spec/ingressClassName
|
||||||
|
value: traefik
|
||||||
|
|||||||
@@ -22,13 +22,6 @@ spec:
|
|||||||
tag: v1.22.0-ls95
|
tag: v1.22.0-ls95
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
controllerType: deployment
|
|
||||||
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
|
|
||||||
resources: {}
|
|
||||||
|
|
||||||
env:
|
env:
|
||||||
SECRET_KEY: ${SECRET_HEALTHECKS_SECRET_KEY}
|
SECRET_KEY: ${SECRET_HEALTHECKS_SECRET_KEY}
|
||||||
REGENERATE_SETTINGS: "True"
|
REGENERATE_SETTINGS: "True"
|
||||||
@@ -48,24 +41,28 @@ spec:
|
|||||||
SITE_NAME: "Homelab HealthChecks"
|
SITE_NAME: "Homelab HealthChecks"
|
||||||
SITE_LOGO_URL: "https://image.flaticon.com/icons/svg/1219/1219758.svg"
|
SITE_LOGO_URL: "https://image.flaticon.com/icons/svg/1219/1219758.svg"
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
annotations:
|
annotations:
|
||||||
prometheus.io/probe: "true"
|
prometheus.io/probe: "true"
|
||||||
prometheus.io/protocol: http
|
prometheus.io/protocol: http
|
||||||
|
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
hosts:
|
hosts:
|
||||||
- host: healthchecks.${SECRET_CLUSTER_DOMAIN}
|
- host: "healthchecks.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "healthchecks.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -32,10 +32,8 @@ spec:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
@@ -196,8 +194,8 @@ spec:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
hosts: ["grafana.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["grafana.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
kubeEtcd:
|
kubeEtcd:
|
||||||
@@ -212,10 +210,8 @@ spec:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
|
|||||||
@@ -29,9 +29,6 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
hostname: "thanos.${SECRET_CLUSTER_DOMAIN}"
|
hostname: "thanos.${SECRET_CLUSTER_DOMAIN}"
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||||
tls: false
|
tls: false
|
||||||
@@ -60,3 +57,14 @@ spec:
|
|||||||
access_key: "${SECRET_MINIO_ACCESS_KEY}"
|
access_key: "${SECRET_MINIO_ACCESS_KEY}"
|
||||||
secret_key: "${SECRET_MINIO_SECRET_KEY}"
|
secret_key: "${SECRET_MINIO_SECRET_KEY}"
|
||||||
insecure: false
|
insecure: false
|
||||||
|
|
||||||
|
postRenderers:
|
||||||
|
- kustomize:
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
kind: Ingress
|
||||||
|
name: thanos-query
|
||||||
|
patch:
|
||||||
|
- op: add
|
||||||
|
path: /spec/ingressClassName
|
||||||
|
value: traefik
|
||||||
|
|||||||
@@ -68,7 +68,6 @@ apiVersion: networking.k8s.io/v1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/instance: uptime-kuma
|
app.kubernetes.io/instance: uptime-kuma
|
||||||
@@ -76,8 +75,9 @@ metadata:
|
|||||||
name: uptime-kuma
|
name: uptime-kuma
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
spec:
|
spec:
|
||||||
|
ingressClassName: "traefik"
|
||||||
rules:
|
rules:
|
||||||
- host: uptime-kuma.${SECRET_CLUSTER_DOMAIN}
|
- host: "uptime-kuma.${SECRET_CLUSTER_DOMAIN}"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
@@ -87,3 +87,7 @@ spec:
|
|||||||
name: uptime-kuma
|
name: uptime-kuma
|
||||||
port:
|
port:
|
||||||
number: 3001
|
number: 3001
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "healthchecks.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -91,7 +91,6 @@ apiVersion: networking.k8s.io/v1
|
|||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/instance: authelia
|
app.kubernetes.io/instance: authelia
|
||||||
@@ -99,6 +98,7 @@ metadata:
|
|||||||
name: authelia
|
name: authelia
|
||||||
namespace: networking
|
namespace: networking
|
||||||
spec:
|
spec:
|
||||||
|
ingressClassName: "traefik"
|
||||||
rules:
|
rules:
|
||||||
- host: login.${SECRET_CLUSTER_DOMAIN}
|
- host: login.${SECRET_CLUSTER_DOMAIN}
|
||||||
http:
|
http:
|
||||||
@@ -110,6 +110,10 @@ spec:
|
|||||||
name: authelia
|
name: authelia
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "login.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
---
|
---
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|||||||
@@ -23,14 +23,17 @@ spec:
|
|||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "traefik"
|
||||||
annotations:
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
hosts:
|
hosts:
|
||||||
- host: id.${SECRET_CLUSTER_DOMAIN}
|
- host: "id.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "id.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
geoip:
|
geoip:
|
||||||
enabled: false
|
enabled: false
|
||||||
authentik:
|
authentik:
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ metadata:
|
|||||||
name: "${SECRET_CLUSTER_DOMAIN/./-}"
|
name: "${SECRET_CLUSTER_DOMAIN/./-}"
|
||||||
namespace: networking
|
namespace: networking
|
||||||
spec:
|
spec:
|
||||||
secretName: "${SECRET_CLUSTER_DOMAIN/./-}-tls"
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: letsencrypt-production
|
name: letsencrypt-production
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
|||||||
@@ -39,7 +39,7 @@ spec:
|
|||||||
namespaceSelector:
|
namespaceSelector:
|
||||||
any: true
|
any: true
|
||||||
extraArgs:
|
extraArgs:
|
||||||
default-ssl-certificate: "networking/${SECRET_CLUSTER_DOMAIN/./-}-tls"
|
default-ssl-certificate: "networking/${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 250Mi
|
memory: 250Mi
|
||||||
|
|||||||
9
cluster/apps/networking/ingress-nginx/ingressclass.yaml
Normal file
9
cluster/apps/networking/ingress-nginx/ingressclass.yaml
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: IngressClass
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
ingressclass.kubernetes.io/is-default-class: "false"
|
||||||
|
name: nginx
|
||||||
|
spec:
|
||||||
|
controller: k8s.io/ingress-nginx
|
||||||
@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- helm-release.yaml
|
- helm-release.yaml
|
||||||
|
- ingressclass.yaml
|
||||||
|
|||||||
@@ -5,13 +5,15 @@ metadata:
|
|||||||
name: traefik-dashboard
|
name: traefik-dashboard
|
||||||
namespace: networking
|
namespace: networking
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "traefik"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: "networking-rfc1918@kubernetescrd"
|
||||||
spec:
|
spec:
|
||||||
|
ingressClassName: "traefik"
|
||||||
tls:
|
tls:
|
||||||
- secretName: "${SECRET_CLUSTER_DOMAIN/./-}-tls"
|
- secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
rules:
|
rules:
|
||||||
- host: traefik.${SECRET_CLUSTER_DOMAIN}
|
- host: "traefik.${SECRET_CLUSTER_DOMAIN}"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
|
|||||||
@@ -17,9 +17,13 @@ spec:
|
|||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
|
image:
|
||||||
|
tag: 2.5.0-rc3
|
||||||
|
|
||||||
deployment:
|
deployment:
|
||||||
enabled: true
|
kind: Deployment
|
||||||
kind: DaemonSet
|
replicas: 3
|
||||||
|
|
||||||
service:
|
service:
|
||||||
enabled: true
|
enabled: true
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
@@ -27,6 +31,7 @@ spec:
|
|||||||
externalIPs:
|
externalIPs:
|
||||||
- "${CLUSTER_LB_TRAEFIK}"
|
- "${CLUSTER_LB_TRAEFIK}"
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
|
|
||||||
logs:
|
logs:
|
||||||
general:
|
general:
|
||||||
format: json
|
format: json
|
||||||
@@ -34,22 +39,23 @@ spec:
|
|||||||
access:
|
access:
|
||||||
enabled: true
|
enabled: true
|
||||||
format: json
|
format: json
|
||||||
|
|
||||||
ingressClass:
|
ingressClass:
|
||||||
enabled: true
|
enabled: false
|
||||||
isDefaultClass: true
|
|
||||||
fallbackApiVersion: v1
|
|
||||||
ingressRoute:
|
ingressRoute:
|
||||||
dashboard:
|
dashboard:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
globalArguments:
|
globalArguments:
|
||||||
- "--api.insecure=true"
|
- "--api.insecure=true"
|
||||||
- "--serverstransport.insecureskipverify=true"
|
- "--serverstransport.insecureskipverify=true"
|
||||||
- "--providers.kubernetesingress.ingressclass=traefik"
|
- "--providers.kubernetesingress.ingressclass=traefik"
|
||||||
- "--metrics.prometheus=true"
|
|
||||||
- "--metrics.prometheus.entryPoint=metrics"
|
|
||||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,192.168.0.0/16,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,192.168.0.0/16,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
|
||||||
|
|
||||||
additionalArguments:
|
additionalArguments:
|
||||||
- "--providers.kubernetesingress.ingressendpoint.ip=${CLUSTER_LB_TRAEFIK}"
|
- "--providers.kubernetesingress.ingressendpoint.ip=${CLUSTER_LB_TRAEFIK}"
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
traefik:
|
traefik:
|
||||||
expose: true
|
expose: true
|
||||||
@@ -63,17 +69,34 @@ spec:
|
|||||||
port: 8082
|
port: 8082
|
||||||
expose: true
|
expose: true
|
||||||
exposedPort: 8082
|
exposedPort: 8082
|
||||||
|
|
||||||
tlsOptions:
|
tlsOptions:
|
||||||
default:
|
default:
|
||||||
minVersion: VersionTLS12
|
minVersion: VersionTLS12
|
||||||
maxVersion: VersionTLS13
|
maxVersion: VersionTLS13
|
||||||
sniStrict: true
|
sniStrict: true
|
||||||
|
|
||||||
pilot:
|
pilot:
|
||||||
enabled: true
|
enabled: true
|
||||||
token: "${SECRET_TRAEFIK_PILOT_TOKEN}"
|
token: "${SECRET_TRAEFIK_PILOT_TOKEN}"
|
||||||
|
|
||||||
experimental:
|
experimental:
|
||||||
plugins:
|
plugins:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
affinity:
|
||||||
|
podAntiAffinity:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- weight: 100
|
||||||
|
podAffinityTerm:
|
||||||
|
labelSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app.kubernetes.io/name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- traefik
|
||||||
|
topologyKey: kubernetes.io/hostname
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 100Mi
|
memory: 100Mi
|
||||||
|
|||||||
9
cluster/apps/networking/traefik/ingressclass.yaml
Normal file
9
cluster/apps/networking/traefik/ingressclass.yaml
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: IngressClass
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
ingressclass.kubernetes.io/is-default-class: "true"
|
||||||
|
name: traefik
|
||||||
|
spec:
|
||||||
|
controller: traefik.io/ingress-controller
|
||||||
@@ -3,7 +3,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- helm-release.yaml
|
- helm-release.yaml
|
||||||
|
- ingressclass.yaml
|
||||||
- service-monitor.yaml
|
- service-monitor.yaml
|
||||||
- tls-store
|
- tls-store
|
||||||
- dashboard
|
- dashboard
|
||||||
- middlewares
|
- middlewares
|
||||||
|
- prometheus-rules.yaml
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ resources:
|
|||||||
- buffering-large.yaml
|
- buffering-large.yaml
|
||||||
- buffering-medium.yaml
|
- buffering-medium.yaml
|
||||||
- buffering-small.yaml
|
- buffering-small.yaml
|
||||||
|
- ratelimit.yaml
|
||||||
- rfc1918.yaml
|
- rfc1918.yaml
|
||||||
- redirect-path.yaml
|
- redirect-path.yaml
|
||||||
- forward-auth.yaml
|
- forward-auth.yaml
|
||||||
|
|||||||
10
cluster/apps/networking/traefik/middlewares/ratelimit.yaml
Normal file
10
cluster/apps/networking/traefik/middlewares/ratelimit.yaml
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: ratelimit
|
||||||
|
namespace: networking
|
||||||
|
spec:
|
||||||
|
rateLimit:
|
||||||
|
average: 10
|
||||||
|
period: "10s"
|
||||||
72
cluster/apps/networking/traefik/prometheus-rules.yaml
Normal file
72
cluster/apps/networking/traefik/prometheus-rules.yaml
Normal file
@@ -0,0 +1,72 @@
|
|||||||
|
---
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PrometheusRule
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: traefik
|
||||||
|
name: traefik.rules
|
||||||
|
namespace: networking
|
||||||
|
spec:
|
||||||
|
groups:
|
||||||
|
- name: traefik.rules
|
||||||
|
rules:
|
||||||
|
- alert: TraefikAbsent
|
||||||
|
annotations:
|
||||||
|
summary: "Traefik has disappeared from Prometheus service discovery."
|
||||||
|
description: "Ingresses will be down until the Traefik reverse proxy is back up."
|
||||||
|
expr: |
|
||||||
|
absent(up{job="traefik"})
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: TraefikConfigError
|
||||||
|
annotations:
|
||||||
|
summary: "Traefik config error."
|
||||||
|
description:
|
||||||
|
"Traefik has failed to load the config file. Check Traefik
|
||||||
|
logs for exact parsing error."
|
||||||
|
expr: |
|
||||||
|
traefik_config_last_reload_failure{job="traefik"} == 1
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: TraefikHighHttp4xxErrorRateService
|
||||||
|
annotations:
|
||||||
|
summary: "Traefik has a high HTTP 4xx error rate."
|
||||||
|
description:
|
||||||
|
"Traefik is reporting {{ $value | humanizePercentage }} of 4xx
|
||||||
|
errors on {{ $labels.exported_service }}"
|
||||||
|
expr: |
|
||||||
|
sum(rate(traefik_service_requests_total{code=~"4.*"}[1m])) by (exported_service)
|
||||||
|
/
|
||||||
|
sum(rate(traefik_service_requests_total[1m])) by (exported_service)
|
||||||
|
> .10
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: TraefikHighHttp5xxErrorRateService
|
||||||
|
annotations:
|
||||||
|
summary: "Traefik has a high HTTP 5xx error rate."
|
||||||
|
description:
|
||||||
|
"Traefik is reporting {{ $value | humanizePercentage }} of 5xx
|
||||||
|
errors on {{ $labels.exported_service }}"
|
||||||
|
expr: |
|
||||||
|
sum(rate(traefik_service_requests_total{code=~"5.*"}[1m])) by (exported_service)
|
||||||
|
/
|
||||||
|
sum(rate(traefik_service_requests_total[1m])) by (exported_service)
|
||||||
|
> .10
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
- alert: TraefikTooManyRequest
|
||||||
|
annotations:
|
||||||
|
summary: "Traefik has too many open connections"
|
||||||
|
description:
|
||||||
|
"Traefik is reporting {{ $value }} of open connections on entrypoint
|
||||||
|
{{ $labels.entrypoint }}"
|
||||||
|
expr: |
|
||||||
|
avg(traefik_entrypoint_open_connections{job="traefik"})
|
||||||
|
> 5
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
@@ -6,4 +6,4 @@ metadata:
|
|||||||
namespace: networking
|
namespace: networking
|
||||||
spec:
|
spec:
|
||||||
defaultCertificate:
|
defaultCertificate:
|
||||||
secretName: "${SECRET_CLUSTER_DOMAIN/./-}-tls"
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
@@ -10,59 +10,51 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
# renovate: registryUrl=https://k8s-at-home.com/charts/
|
# renovate: registryUrl=https://k8s-at-home.com/charts/
|
||||||
chart: unifi
|
chart: unifi
|
||||||
version: 2.0.4
|
version: 3.1.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: k8s-at-home-charts
|
name: k8s-at-home-charts
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
interval: 5m
|
interval: 5m
|
||||||
values:
|
values:
|
||||||
controllerType: deployment
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
image:
|
image:
|
||||||
repository: jacobalberty/unifi
|
repository: jacobalberty/unifi
|
||||||
tag: v6.2.26
|
tag: v6.2.26
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
persistence:
|
|
||||||
enabled: true
|
env:
|
||||||
existingClaim: unifi-config
|
TZ: "Europe/Paris"
|
||||||
timezone: "Europe/Paris"
|
|
||||||
runAsRoot: false
|
service:
|
||||||
|
main:
|
||||||
|
annotations:
|
||||||
|
coredns.io/hostname: unifi
|
||||||
|
traefik.ingress.kubernetes.io/service.serversscheme: https
|
||||||
|
type: LoadBalancer
|
||||||
|
externalIPs:
|
||||||
|
- ${CLUSTER_LB_UNIFI}
|
||||||
|
externalTrafficPolicy: Local
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
main:
|
||||||
annotations:
|
enabled: true
|
||||||
kubernetes.io/ingress.class: "nginx"
|
ingressClassName: "traefik"
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
annotations:
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
hosts:
|
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
|
||||||
- unifi.${SECRET_CLUSTER_DOMAIN}
|
hosts:
|
||||||
guiService:
|
- host: "unifi.${SECRET_CLUSTER_DOMAIN}"
|
||||||
type: LoadBalancer
|
paths:
|
||||||
externalIPs:
|
- path: /
|
||||||
- ${CLUSTER_LB_UNIFI}
|
tls:
|
||||||
externalTrafficPolicy: Local
|
- hosts:
|
||||||
annotations:
|
- "unifi.${SECRET_CLUSTER_DOMAIN}"
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: tcp
|
persistence:
|
||||||
controllerService:
|
data:
|
||||||
type: LoadBalancer
|
enabled: true
|
||||||
externalIPs:
|
existingClaim: unifi-config
|
||||||
- ${CLUSTER_LB_UNIFI}
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
annotations:
|
|
||||||
prometheus.io/probe: "true"
|
|
||||||
prometheus.io/protocol: tcp
|
|
||||||
stunService:
|
|
||||||
type: LoadBalancer
|
|
||||||
externalIPs:
|
|
||||||
- ${CLUSTER_LB_UNIFI}
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
discoveryService:
|
|
||||||
type: LoadBalancer
|
|
||||||
externalIPs:
|
|
||||||
- ${CLUSTER_LB_UNIFI}
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 2Gi
|
memory: 2Gi
|
||||||
|
|||||||
@@ -1,4 +1,6 @@
|
|||||||
|
---
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- helm-release.yaml
|
- rbac.yaml
|
||||||
|
- secret-reflector.yaml
|
||||||
40
cluster/apps/secret-reflector/rbac.yaml
Normal file
40
cluster/apps/secret-reflector/rbac.yaml
Normal file
@@ -0,0 +1,40 @@
|
|||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: secret-reflector
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["configmaps", "secrets"]
|
||||||
|
verbs: ["*"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["namespaces"]
|
||||||
|
verbs: ["watch", "list"]
|
||||||
|
- apiGroups: ["apiextensions.k8s.io"]
|
||||||
|
resources: ["customresourcedefinitions"]
|
||||||
|
verbs: ["watch", "list"]
|
||||||
|
- apiGroups: ["certmanager.k8s.io"]
|
||||||
|
resources: ["certificates", "certificates/finalizers"]
|
||||||
|
verbs: ["watch", "list"]
|
||||||
|
- apiGroups: ["cert-manager.io"]
|
||||||
|
resources: ["certificates", "certificates/finalizers"]
|
||||||
|
verbs: ["watch", "list"]
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: secret-reflector
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: secret-reflector
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: secret-reflector
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: secret-reflector
|
||||||
|
namespace: kube-system
|
||||||
49
cluster/apps/secret-reflector/secret-reflector.yaml
Normal file
49
cluster/apps/secret-reflector/secret-reflector.yaml
Normal file
@@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: CronJob
|
||||||
|
metadata:
|
||||||
|
name: secret-reflector
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
schedule: "0 */12 * * *"
|
||||||
|
jobTemplate:
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
serviceAccountName: secret-reflector
|
||||||
|
containers:
|
||||||
|
- name: secret-reflector
|
||||||
|
image: ghcr.io/k8s-at-home/kubectl:v1.22.0
|
||||||
|
command:
|
||||||
|
- "/bin/sh"
|
||||||
|
- "-ec"
|
||||||
|
- |
|
||||||
|
set -o nounset
|
||||||
|
set -o errexit
|
||||||
|
|
||||||
|
# space delimited secrets to copy
|
||||||
|
secrets="${SECRET_CLUSTER_CERTIFICATE_DEFAULT} regcred"
|
||||||
|
# source namespace to reflect secret from
|
||||||
|
namespace_source="networking"
|
||||||
|
# space delimited namespace where to reflect the secrets to
|
||||||
|
namespace_destination="data development home-automation kasten-io media monitoring rook-ceph"
|
||||||
|
for secret in $secrets; do
|
||||||
|
secret_source_content=$(/app/kubectl get secret $secret -n $namespace_source -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.annotations)')
|
||||||
|
secret_source_checksum=$(printf '%s' "$secret_source_content" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }')
|
||||||
|
for namespace in $namespace_destination; do
|
||||||
|
if /app/kubectl get secret $secret -n $namespace >/dev/null 2>&1; then
|
||||||
|
secret_dest_content=$(/app/kubectl get secret $secret -n $namespace -o json | jq 'del(.metadata.managedFields, .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid, .metadata.annotations)')
|
||||||
|
secret_dest_checksum=$(printf '%s' "$secret_dest_content" | jq 'del(.metadata.namespace)' | md5sum | awk '{ print $1 }')
|
||||||
|
if [ "$secret_source_checksum" != "$secret_dest_checksum" ]; then
|
||||||
|
printf '%s' "$secret_source_content" | \
|
||||||
|
jq -r --arg namespace $namespace '.metadata.namespace = $namespace' | \
|
||||||
|
/app/kubectl replace -n $namespace -f -
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
printf '%s' "$secret_source_content" | \
|
||||||
|
jq -r --arg namespace $namespace '.metadata.namespace = $namespace' | \
|
||||||
|
/app/kubectl apply -n $namespace -f -
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
restartPolicy: OnFailure
|
||||||
@@ -17,7 +17,6 @@ resources:
|
|||||||
- k8s-gateway-charts.yaml
|
- k8s-gateway-charts.yaml
|
||||||
- kasten-charts.yaml
|
- kasten-charts.yaml
|
||||||
- kubernetes-sigs-descheduler-charts.yaml
|
- kubernetes-sigs-descheduler-charts.yaml
|
||||||
- mittwald-charts.yaml
|
|
||||||
- node-feature-discovery.yaml
|
- node-feature-discovery.yaml
|
||||||
- prometheus-community-charts.yaml
|
- prometheus-community-charts.yaml
|
||||||
- rook-ceph-charts.yaml
|
- rook-ceph-charts.yaml
|
||||||
|
|||||||
@@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: mittwald-charts
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 1h
|
|
||||||
url: https://helm.mittwald.de./
|
|
||||||
timeout: 3m
|
|
||||||
@@ -26,6 +26,7 @@ stringData:
|
|||||||
SECRET_BOOKSTACK_DB_ROOT_PASSWORD: ENC[AES256_GCM,data:4/o956Da0ckVLdxUqs1WWA==,iv:G8DddhYyMZKuGJyWnj+eOaNRiJm7oGetiIZlQgtRFEo=,tag:WX9+DDnA2UPm9nPRLYibXw==,type:str]
|
SECRET_BOOKSTACK_DB_ROOT_PASSWORD: ENC[AES256_GCM,data:4/o956Da0ckVLdxUqs1WWA==,iv:G8DddhYyMZKuGJyWnj+eOaNRiJm7oGetiIZlQgtRFEo=,tag:WX9+DDnA2UPm9nPRLYibXw==,type:str]
|
||||||
SECRET_BOTKUBE_DISCORD_BOTID: ENC[AES256_GCM,data:bK1J9v+/Dajd9qrvz3lH49GY,iv:Hq6cY96Te1frwXVf3HC3qgOiaCZW2hHCqjVvvslUGFg=,tag:Dq0cUemHKfcdpx9hLkUekQ==,type:str]
|
SECRET_BOTKUBE_DISCORD_BOTID: ENC[AES256_GCM,data:bK1J9v+/Dajd9qrvz3lH49GY,iv:Hq6cY96Te1frwXVf3HC3qgOiaCZW2hHCqjVvvslUGFg=,tag:Dq0cUemHKfcdpx9hLkUekQ==,type:str]
|
||||||
SECRET_BOTKUBE_DISCORD_TOKEN: ENC[AES256_GCM,data:pDPm3TYITWApPZRMcSH6ijtPQQuHSd/PNT2Wy23tUp7uzluhHS5hvlujTkjk7oRb95kE6Gi2D8yDmNg=,iv:HQyMQiaRsjNIfPUTjLRVL/zchSdXFmevxaeruwGx3tk=,tag:l+po8014SaZd61DxE1T43A==,type:str]
|
SECRET_BOTKUBE_DISCORD_TOKEN: ENC[AES256_GCM,data:pDPm3TYITWApPZRMcSH6ijtPQQuHSd/PNT2Wy23tUp7uzluhHS5hvlujTkjk7oRb95kE6Gi2D8yDmNg=,iv:HQyMQiaRsjNIfPUTjLRVL/zchSdXFmevxaeruwGx3tk=,tag:l+po8014SaZd61DxE1T43A==,type:str]
|
||||||
|
SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:NlCiFO/3sseKI3fVzQ4ajeMOrg==,iv:seSVdR5wkR8sf/PKSy7T3P5oCkbJI4sMNC8XWSJUnh0=,tag:jSjCQVDNPQ7c8Dlg8yozPg==,type:str]
|
||||||
SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:kiuNa+aDxNQwby0BorWtRylnjbWw,iv:0j20Vdux17muKzlO2Q3KzsZg9VrT411VoYxjqQC5xhQ=,tag:w7gCUgQFIlVdUFfHhB7pvQ==,type:str]
|
SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:kiuNa+aDxNQwby0BorWtRylnjbWw,iv:0j20Vdux17muKzlO2Q3KzsZg9VrT411VoYxjqQC5xhQ=,tag:w7gCUgQFIlVdUFfHhB7pvQ==,type:str]
|
||||||
SECRET_CLUSTER_DOMAIN_ROOT: ENC[AES256_GCM,data:ho+ylXKrt7CZiOM=,iv:8873E4Td/82lWVwq/kXkEB8vgxEYha23/nbTkXfle/w=,tag:Yb/VInyUUOPhLUtq+Q+krQ==,type:str]
|
SECRET_CLUSTER_DOMAIN_ROOT: ENC[AES256_GCM,data:ho+ylXKrt7CZiOM=,iv:8873E4Td/82lWVwq/kXkEB8vgxEYha23/nbTkXfle/w=,tag:Yb/VInyUUOPhLUtq+Q+krQ==,type:str]
|
||||||
SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:mVPDuVpAXej8CQ0AO85o,iv:PF739I+LZMZaPpfCMZO62eMUbFqgtMszj2cOuIgfcfI=,tag:zEAjj33h/Ux53ctkCzapyw==,type:str]
|
SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:mVPDuVpAXej8CQ0AO85o,iv:PF739I+LZMZaPpfCMZO62eMUbFqgtMszj2cOuIgfcfI=,tag:zEAjj33h/Ux53ctkCzapyw==,type:str]
|
||||||
@@ -92,8 +93,8 @@ sops:
|
|||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2021-08-06T12:33:06Z"
|
lastmodified: "2021-08-09T07:16:35Z"
|
||||||
mac: ENC[AES256_GCM,data:kvUJdqOsMCa02I9GjZuxGdj/Y4GOEisrx5gMLrU6LeDb0qeUuqm3++8FhB38J4DTpitWxDivc8MBiYXFCgcQis7SRqPDGT+f/0scL0qCklsX0Q1PUOD9uG9M1ZBS+oo78i20rx5YJ6uv8M7SOVg4MwpG0HkNHuU9dPs1rUzQ4lY=,iv:f2wzA3gdagZsw4gTTDeenH8voLq9B4z5j5WbgBpLygQ=,tag:9+PRb5ch0J4qPC4gjgrjKw==,type:str]
|
mac: ENC[AES256_GCM,data:BfNqHhc7m2OPJ2cYPOC0i/bLjAWGEGZiQE+oThTaKgj4+FQtmB/faWTkuMhHRjA5eHred2F0Gr7Dz0fvE4oVMegJTgixUhS2KM98+ndI3//ktC0WrSMUCRvnE4lw2ClFfkabYoz3ESahDbOwvvfYUthyc/+j0GFTYafMkxhflOQ=,iv:sjVKEM7Sh1j5ZrNcXKSuEXKG90qQgC0jlSK0ulte9k0=,tag:xLOAcGAN+lm98c3G8dCSmg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2021-07-17T21:14:34Z"
|
- created_at: "2021-07-17T21:14:34Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|||||||
@@ -3,7 +3,4 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- cluster-secrets.yaml
|
- cluster-secrets.yaml
|
||||||
- drone-pipelines.yaml
|
- drone-pipelines.yaml
|
||||||
- regcred-data.yaml
|
- regcred.yaml
|
||||||
- regcred-development.yaml
|
|
||||||
- regcred-media.yaml
|
|
||||||
- replicated.yaml
|
|
||||||
|
|||||||
@@ -1,59 +0,0 @@
|
|||||||
kind: Secret
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: regcred
|
|
||||||
namespace: data
|
|
||||||
type: kubernetes.io/dockerconfigjson
|
|
||||||
stringData:
|
|
||||||
.dockerconfigjson: ENC[AES256_GCM,data:Ez8e/N1OSqwrSp6tw3r8kslzr6bGQa+rrJweghKYx57klHSctExrzJu30Ans8ga9WGH0uYEKAOMcaEPCI9vZjP+vgewVrCF7eXU/qRhBpsF0iVTzPezZYoWoKTpet/kgXu6e1KYFViY84SYCMbet5ICERfkAScNSU92b1P9zxdi/mZw41kHTPM5vAxlDBtUt71aOO083dinSrYY4VuUk11BmduaZuj4=,iv:z8z5bZ0S/Dh8G3/F52nRNzvDBQ7/3lG3vu5RGLQXPEU=,tag:7gQKHiNRAQ9Fm6Z133NoGw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2021-07-17T21:37:34Z"
|
|
||||||
mac: ENC[AES256_GCM,data:5rck34eEAoRBYUpn38ZT48SK0Cn7KEp5DUJ5s+wBvO9Jp9Rw8bqjFk8iBKUqagQ1T6C5oeRmzpRjY0r4L1PDE2Ar9AEtiVEDsaGEWwupcORqZaja9XD4OVS0LCyVgyFQVGsQyun7a2AbV0tRekteugDCBb/cOaENzZO/1dGvJMA=,iv:x4aROnco8gv0YLWz0uJ8gl9g++RDbS6OHRJHM1GbChA=,tag:Znj3rk7+LErG2E6IE1Wq4A==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2021-07-17T21:25:02Z"
|
|
||||||
enc: |
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMA6nQR2zACjUjAQ//TMhxKW9Fybga4mHBsr7lTNpq+/gXEbOGW892Q4Pbd9hi
|
|
||||||
g/9bzFcfZ7ndWAUIZBhfdvpa6c/Hre8878YdW7JwQq1xI7oLH8hL8Kj5kx/Pwhwy
|
|
||||||
Kx66gUoUwglpNurO5cNfXdJW9jY4Qyy+C98kQH3+ADQMpWcy3ofGlPt0zT284bP5
|
|
||||||
6bP65A1R5UeOxPodJszDxfMSoV9xt39fjsOUZ8ZmpDs9IDdtx1hDMuAqEkysW6f1
|
|
||||||
jChypr/kYDttOOuWYeFLL0yEWOKUp1WLs45TwQPSod6Zdj2+r2N/7379Cx7krcCM
|
|
||||||
af0aS50J7l405Q/9bfKUVRB+xkfFLz/+mzVz606vG/MKqCJyBpPxeOngR96cqFcr
|
|
||||||
DgxJZgXvHsXogKBTaXxoKNsaeyVpE00/pEo4CTJY2sZqce/eBJaj1olyBh4K3YAd
|
|
||||||
H1CFK2ExfoKFwdnX0T8SM/IPpCfRPNPtbgMUiOpLRVkaH1f4dNq84jKKnpHtDVfr
|
|
||||||
cao2uSHN2yBOql7gUOToroTs6blOmmwkHlnToB5RGuFxU2P8QWcYftk1w1Iv7rtC
|
|
||||||
Z8FBLbXDJJPfhJ4XTOi52BGZkdYpys/mtp8l7qTSG0blLzADa8RuOEy15sYZ5mFQ
|
|
||||||
RH7G2XL63QCCXXnLP3RDMf7jKC6BgBljaOIlvv3GY3sqFfiWj15Olxe/E63NlNLS
|
|
||||||
XgEHrdlbPTCx96tQ2qgFyrNal2gFq2PEJ+k11cQs7FxrQsIVbI4w410FrEvcEm/n
|
|
||||||
fG2EFIC0qpT3ryBp/mIprwMRzKPvd5qctsziMsE3aRuU+uCeukvIxSq7YVrzYYA=
|
|
||||||
=8Czp
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 19B850FBA7685A526CF11E5F9BBE834259976EE8
|
|
||||||
- created_at: "2021-07-17T21:25:02Z"
|
|
||||||
enc: |
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMA98IrODHuiZ9ARAAqlACQXKtlWDm7JQ7XpXQA+N+rRM5OnvAvu+eln32V3SJ
|
|
||||||
56hdIbJQOE36mB0w8baYIk7sWcDxiuajyzQgWVRpew308Lu78ml2mr2qvTbEQoZh
|
|
||||||
EKMRH67smnVzSxMqnYlKC9V5jjs3zQySKFlb+RiNiXMBp9K9XIkI7syTnxsN50v8
|
|
||||||
ZfdG0zhG42I2NnqE2SFRHIwYhW6iRUTY7ZFD63uZq7JiPGcy5vp+8xyLTfe935a6
|
|
||||||
/heWrUme81eGJuoPnfx2a7cpccpqnnwGlB+VMjhoeO2A9YysMCjQcW7+WsWwmRTe
|
|
||||||
mFo+gsWX5sFi4l4G8bsxV/Z3zc3Li7+c74XqkAepzbOUZrLhM4Fl6TGUW052e+uh
|
|
||||||
pFcYa9mxkqTYb61/3SUJK2eQd6a4Fj8Krzh2Z1WWymRYQytyy+SOBzeFy3SEXshv
|
|
||||||
Z0MUdL/v+VndGpoFljdZYhZRuUDLfgOlciYpAgxLvnHM71W2LNusbxEI+OZ0GwdU
|
|
||||||
v54wJEUtEaMAYMb/H0yzm/bqgV/t42ip9gUsvKKvkzNZm3jT3LuY2moqkIsFXVNj
|
|
||||||
IFOuPL1xxTUlkBZ+EaHOMRmtJq3NGsYVebkBQEhojdXOyZCGlPEcis5NasWMpIFO
|
|
||||||
tPPYao7d680ZDa5nM4JORKKaMtsNPFnUkGHg00GrkRec29UoJJqLLWS7z5zEWzPS
|
|
||||||
XgGc2zsbBDRp1VdKRjheTY+Vgi8oci6ZsNC9U2SvfIh9YGOKVBUCcRlxVS3Xb7hs
|
|
||||||
09Ukr5k/yny0H6edpJ2ImZcn4KTnFhELqKXbbdUBmQ8e5xPUBX5BeemIwDLXAu0=
|
|
||||||
=4LIz
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 5749D0AE39445C1CCA6006DF8913091C690BDD69
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.7.1
|
|
||||||
@@ -1,59 +0,0 @@
|
|||||||
kind: Secret
|
|
||||||
apiVersion: v1
|
|
||||||
metadata:
|
|
||||||
name: regcred
|
|
||||||
namespace: development
|
|
||||||
type: kubernetes.io/dockerconfigjson
|
|
||||||
stringData:
|
|
||||||
.dockerconfigjson: ENC[AES256_GCM,data:HfEH30Dis81WFXJ2bAbKPVUmHTkqcpPB7bLm1Zn1f0ELUJzD2Z8JGJ7xOBcfJR9CvzUma9gLYlrz1J8moy4B2n/hIGQFySN4zKR3iDjHNFLJo+HcRn2rONzfKX0lTFZ4YXWhw6Rlx3j0MZ7OFBnhI2I5kyfEyYcc1Xqq4c8++GosYCG4lwTrwFjmTeCo9BoTvOphgnkC5NuihDQ/UiHV9/po9zeQO/I=,iv:3XqfPFv3Rc7g8W7Bk1Q0n945mPvQTqkLX4yWh9CfLyc=,tag:l+LpDfWt1K5uRfBbM71DhQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2021-07-19T12:09:05Z"
|
|
||||||
mac: ENC[AES256_GCM,data:WAteda2YTX0sgGtNJX/QI5bNBCBGdv+lSMM2gyoZfzmRS6Uj5Y7pPHf7EScqGcou8ZfEcGdJG/lA9A7hONETAf+2fKdn9g7FM7cVvh493+wLr8drtJMu/mqqP3A72tbhi6PMtmUHAtF2+gNyYak1QAmvEfO/+cAJC4TfxXaBsZ4=,iv:0PUuKI1qewENzW0KTq+Cm9LpdJ60OvhZ1CEqZXvH/tI=,tag:fWLUbqnV5FGqkVucFBciaw==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2021-07-17T21:25:06Z"
|
|
||||||
enc: |
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMA6nQR2zACjUjAQ/9G4rlzO+Mf9NXs5jwGf+yuj0VM3SWl9Rz7kEAFdnEhYNG
|
|
||||||
RWBu/lpg6ipIBAIramz1hV4NQPraoEEO/OwEwj0Bez88ydt3a7CxMFyu2q+pNjvi
|
|
||||||
QIrQuM+3J3dM8l5qVh3/5r81QvSb/g+USgYIGhbd9jABxBzglnb3GYA+KBgWncsp
|
|
||||||
PVaBG5t3+7jd2FbKd+6fzYkMiW1kZmK4/3P2etoDFR4bgoADck0Coy9Y155QAlnk
|
|
||||||
/AYVwS6IIZ8+BUwwT+gOk8V9QJRwcKFFo9TJ2gmnkNb5MbXgX7DEKwGPIegEUyKY
|
|
||||||
Ex9x+yEdfy5dlsJ7TE4C5olk4yOEnXfhxUeiMD6myEJjVM9SjP3A7DK+/f/E6+9Q
|
|
||||||
MAMFxxHaKGLu2wRmUPMWH78VhVLExgq7P9l8YGMEKch32wdwo4b4295mLe+AtXlw
|
|
||||||
z3vWLx1PYU+l0sJ8leVZtd//547NbLxtUGYhI+5ozzxaL8Hwps5fWbcmXLWaz8Dr
|
|
||||||
Lj1zwatetd1Loc0OZFR90giQVl9JREHK9QlARAFnIMnu7eKZlln/TnF7MjdgAuD4
|
|
||||||
2diAocyU+X7PZty+oWbi56LQE90Vr01MBO/wsvUUETZ+6sAEYB805EKpGj+r432H
|
|
||||||
/WPx2Yedn9HAE8ZPIRedYK5gXh8867mA3XCw6sd9ELI67BWiqdveR1jeKreFPJjS
|
|
||||||
XgHx9krMM0IcX2V0rT0nJea8m3M+b6ZpvdBicmfjTCBxrnAgMnbOGuzwoUGNePX2
|
|
||||||
IZtgHNvqEaQfEONDtIJM6gtY6soJJxQ790w+FmTGs7av4o0IHgT4xqZRhDZSF/8=
|
|
||||||
=p08Q
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 19B850FBA7685A526CF11E5F9BBE834259976EE8
|
|
||||||
- created_at: "2021-07-17T21:25:06Z"
|
|
||||||
enc: |
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMA98IrODHuiZ9ARAArzhyppi7wq055mnLiBm3CG1JUIELebfLwyD4Xj46Rjq4
|
|
||||||
cRZAeRKSM/MjUT0G8RuhssaJPoI2uNtZT9z3+qIZDUoCHLt8horo147oMzN7RqVW
|
|
||||||
VjEbO63Tiv253Jles3lax5eCmO0f88frzOqs4IqSluYWL1AlKkA6zGZuEhysasHk
|
|
||||||
RtZh2jWe7/ZBP8gICgTaPv/ptIWF4mJYcK2rD9mM3PeZ1oBVfwVhsxumGISo9hEm
|
|
||||||
oDtfFqTaX+nDRcjofIp/u85Jt3SrD+NCyCyBUzoprs5npPlLcy/cjrQ1HCxrOSxh
|
|
||||||
fzGo90CWg0TqSFx545CiTxT6wJzRVsLspP662/nV1wHXOu3fO1IqAjWsmDk66oBp
|
|
||||||
A4tgE8eDo7NA849VmsUkNfdgFOiFFBW8TolHZUJHbV4BomWK1KXJuRRAqIdg620Y
|
|
||||||
oDjHClWLpJTpkhlN+GhU0AojXWEYnpQhDApqrFnpQECEjOUuu643JSjDOj/kY/IJ
|
|
||||||
0DeveaBy9clylq8G+SMXSKt/LivATquvuMzsDnLzy+SYjnOsjpIL/JNdFH5uWqm7
|
|
||||||
1erIyM9Ix7cIAzk4qm/5M3smy/7p+eOMlqFgRrN+fbt54uSbW+7BamjTCPsXnqk5
|
|
||||||
0zHMdf6BHC1QKgOH24jhPFUATiJeY4fJBPIJF+orbWlBTBrFFp3h6W12HdHUG83S
|
|
||||||
XgHN9EqRP9PC1n+F3Ni4VVVfx5kBr4g5tyrGhpSgYNJqSdIQCdaWySsTVLs2D4Xr
|
|
||||||
69Bdc0tBQv5aCyU4g2PT2CDYjLrPFxImCcyr/JeZd2x44scuHUqjAl/plihSmes=
|
|
||||||
=cyE+
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 5749D0AE39445C1CCA6006DF8913091C690BDD69
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.7.1
|
|
||||||
@@ -2,7 +2,7 @@ kind: Secret
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
metadata:
|
metadata:
|
||||||
name: regcred
|
name: regcred
|
||||||
namespace: media
|
namespace: networking
|
||||||
type: kubernetes.io/dockerconfigjson
|
type: kubernetes.io/dockerconfigjson
|
||||||
stringData:
|
stringData:
|
||||||
.dockerconfigjson: ENC[AES256_GCM,data:HfEH30Dis81WFXJ2bAbKPVUmHTkqcpPB7bLm1Zn1f0ELUJzD2Z8JGJ7xOBcfJR9CvzUma9gLYlrz1J8moy4B2n/hIGQFySN4zKR3iDjHNFLJo+HcRn2rONzfKX0lTFZ4YXWhw6Rlx3j0MZ7OFBnhI2I5kyfEyYcc1Xqq4c8++GosYCG4lwTrwFjmTeCo9BoTvOphgnkC5NuihDQ/UiHV9/po9zeQO/I=,iv:3XqfPFv3Rc7g8W7Bk1Q0n945mPvQTqkLX4yWh9CfLyc=,tag:l+LpDfWt1K5uRfBbM71DhQ==,type:str]
|
.dockerconfigjson: ENC[AES256_GCM,data:HfEH30Dis81WFXJ2bAbKPVUmHTkqcpPB7bLm1Zn1f0ELUJzD2Z8JGJ7xOBcfJR9CvzUma9gLYlrz1J8moy4B2n/hIGQFySN4zKR3iDjHNFLJo+HcRn2rONzfKX0lTFZ4YXWhw6Rlx3j0MZ7OFBnhI2I5kyfEyYcc1Xqq4c8++GosYCG4lwTrwFjmTeCo9BoTvOphgnkC5NuihDQ/UiHV9/po9zeQO/I=,iv:3XqfPFv3Rc7g8W7Bk1Q0n945mPvQTqkLX4yWh9CfLyc=,tag:l+LpDfWt1K5uRfBbM71DhQ==,type:str]
|
||||||
@@ -12,8 +12,8 @@ sops:
|
|||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2021-07-17T23:05:26Z"
|
lastmodified: "2021-08-09T14:19:09Z"
|
||||||
mac: ENC[AES256_GCM,data:ECbE73I+IwPsfekBj6oar9zob0xomHSrTBqav47NeLo/fl6zw3gBIdRu4uCT8rk5i53SPCR7RELdwjfCKAgMBRFmLqoFPIi81dO5O2dG5SnwzjYakYY8Arj0uA6aQkIYOPmkSg543W91iYNK0m7LHDwVYjSD2ibhwO3cs0yluH0=,iv:2RAFdbfihliQoRQfj9D6jZpcOlN649ate3UCI2yTZks=,tag:saEIAzXsMpI0V6slQg3Cng==,type:str]
|
mac: ENC[AES256_GCM,data:dDz9VfodCTZWDvMZGU40zRoxOhd2P/0AjRTs5p/wwFjRVw/QjVwSRQ5hcf/BhbKMIAG2xa1k4UWE3bkymf/g4avtwejAJVz69gUPe+RVqNVsEuG1YXJYVG7lPd+gzOPwH2wo0zr0+LX6+D9IaKPeQ2Sngyxl7ITRRoxVizbJzK0=,iv:CuFQyDTRH8CW0ysqsAWERPkGC3wk9Taclq7oG5XUyMo=,tag:e7f7IrLDMt7mCzXCfT/DwA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2021-07-17T21:25:06Z"
|
- created_at: "2021-07-17T21:25:06Z"
|
||||||
enc: |
|
enc: |
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: cluster-secrets
|
|
||||||
namespace: development
|
|
||||||
annotations:
|
|
||||||
replicator.v1.mittwald.de/replicate-from: flux-system/cluster-secrets
|
|
||||||
data: {}
|
|
||||||
type: Opaque
|
|
||||||
@@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: kubernetes-replicator
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
# renovate: registryUrl=https://helm.mittwald.de/
|
|
||||||
chart: kubernetes-replicator
|
|
||||||
version: 2.6.3
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: mittwald-charts
|
|
||||||
namespace: flux-system
|
|
||||||
interval: 5m
|
|
||||||
values:
|
|
||||||
grantClusterAdminto: true
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- helm-release.yaml
|
|
||||||
@@ -5,7 +5,6 @@ resources:
|
|||||||
- coredns-nodecache
|
- coredns-nodecache
|
||||||
- descheduler
|
- descheduler
|
||||||
- intel-gpu-plugin
|
- intel-gpu-plugin
|
||||||
- kubernetes-replicator
|
|
||||||
- kured
|
- kured
|
||||||
- node-feature-discovery
|
- node-feature-discovery
|
||||||
- reloader
|
- reloader
|
||||||
|
|||||||
@@ -5,12 +5,12 @@ metadata:
|
|||||||
name: rook-ceph-mgr-dashboard
|
name: rook-ceph-mgr-dashboard
|
||||||
namespace: rook-ceph
|
namespace: rook-ceph
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: "nginx"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/instance: rook-ceph-mgr-dashboard
|
app.kubernetes.io/instance: rook-ceph-mgr-dashboard
|
||||||
app.kubernetes.io/name: rook-ceph-mgr-dashboard
|
app.kubernetes.io/name: rook-ceph-mgr-dashboard
|
||||||
spec:
|
spec:
|
||||||
|
ingressClassName: "traefik"
|
||||||
rules:
|
rules:
|
||||||
- host: "rook.${SECRET_CLUSTER_DOMAIN}"
|
- host: "rook.${SECRET_CLUSTER_DOMAIN}"
|
||||||
http:
|
http:
|
||||||
@@ -22,3 +22,7 @@ spec:
|
|||||||
name: rook-ceph-mgr-dashboard
|
name: rook-ceph-mgr-dashboard
|
||||||
port:
|
port:
|
||||||
name: http-dashboard
|
name: http-dashboard
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "rook.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||||
|
|||||||
Reference in New Issue
Block a user