shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-12-20 14:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

🔥 kubernetes-schemas

Browse Source
This commit is contained in:
auricom
2023-12-25 16:58:04 +01:00
parent 71f8fa7b88
commit 8d777d9156
8 changed files with 0 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
.github/workflows/publish-schemas.yaml vendored
View File

@@ -1,126 +0,0 @@
---
name: "Publish Schemas"
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * 0"
push:
branches: ["main"]
paths: [".github/workflows/publish-schemas.yaml"]
jobs:
publish-manifests:
name: Publish Manifests
runs-on: ["arc-runner-set-home-ops"]
steps:
- name: Setup Flux
uses: fluxcd/flux2/action@a18d4f345021182d6516bf3e8e00210567f46ab5 # v2.1.2
- name: Setup Kube Tools
uses: yokawasa/action-setup-kube-tools@af4ebb1af1efd30c5bd84a2e9773355ad6362a33 # v0.9.3
with:
setup-tools: kubectl
- name: Setup Python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.x
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: Setup crd-extractor
uses: robinraju/release-downloader@efa4cd07bd0195e6cc65e9e30c251b49ce4d3e51 # v1.8
with:
repository: datreeio/CRDs-catalog
latest: true
fileName: crd-extractor.zip
- name: Write kubeconfig
id: kubeconfig
uses: timheuer/base64-to-file@adaa40c0c581f276132199d4cf60afa07ce60eac # v1.2
with:
encodedString: ${{ secrets.KUBECONFIG }}
fileName: kubeconfig
- name: Run crd-extractor
env:
KUBECONFIG: ${{ steps.kubeconfig.outputs.filePath }}
shell: bash
run: |
unzip -j $GITHUB_WORKSPACE/crd-extractor.zip -d $GITHUB_WORKSPACE
bash $GITHUB_WORKSPACE/crd-extractor.sh
- name: Generate tag
id: generate-tag
shell: bash
run: echo "tag=ghcr.io/${{ github.repository_owner }}/manifests/kubernetes-schemas:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}"
- name: Publish manifests
shell: bash
run: |
flux push artifact oci://${{ steps.generate-tag.outputs.tag }} \
--path="/home/runner/.datree/crdSchemas" \
--source="${{ github.repositoryUrl }}" \
--revision="${{ github.ref_name }}@sha1:$(git rev-parse HEAD)"
- name: Tag manifests
shell: bash
run: flux tag artifact oci://${{ steps.generate-tag.outputs.tag }} --tag main
publish-web:
name: Publish Web
runs-on: ubuntu-latest
needs: ["publish-manifests"]
steps:
- name: Setup Flux
uses: fluxcd/flux2/action@a18d4f345021182d6516bf3e8e00210567f46ab5 # v2.1.2
- name: Setup QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: Pull manifests
shell: bash
run: |
mkdir -p /home/runner/crdSchemas
flux pull artifact oci://ghcr.io/${{ github.repository_owner }}/manifests/kubernetes-schemas:$(git rev-parse --short HEAD) --output /home/runner/crdSchemas
- name: Write nginx-unprivileged Dockerfile
shell: bash
run: |
cat <<EOF > /home/runner/crdSchemas/Dockerfile
FROM docker.io/nginxinc/nginx-unprivileged:latest
COPY --chown=nginx:nginx --chmod=755 . /usr/share/nginx/html
USER nginx
EOF
- name: Publish web container
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: /home/runner/crdSchemas
platforms: linux/amd64,linux/arm64
file: /home/runner/crdSchemas/Dockerfile
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/kubernetes-schemas:latest
cache-from: type=gha
cache-to: type=gha,mode=max
labels: |
org.opencontainers.image.source="${{ github.repositoryUrl }}"
org.opencontainers.image.authors="Auricom <auricomp@users.noreply.github.com>"

19
kubernetes/apps/default/kubernetes-schemas/app/README.md
View File

@@ -1,19 +0,0 @@
extract_ca_crt_from_secret
kubectl get secret kubernetes-schemas-sa -o json | jq -r '.data["ca.crt"]' | base64 -d > ca.crt
get_user_token_from_secret
USER_TOKEN=$(kubectl get secret kubernetes-schemas-sa -o json | jq -r '.data["token"]' | base64 -d)
Create token
context=$(kubectl config current-context)
CLUSTER_NAME=$(kubectl config get-contexts "$context" | awk '{print $3}' | tail -n 1)
ENDPOINT=$(kubectl config view -o jsonpath="{.clusters[?(@.name == \"${CLUSTER_NAME}\")].cluster.server}")
kubectl config set-cluster "${CLUSTER_NAME}" --kubeconfig=kubernetes-schemas-config --server="${ENDPOINT}" --certificate-authority="ca.crt" --embed-certs=true
kubectl config set-credentials "kubernetes-schemas-default-${CLUSTER_NAME}" --kubeconfig="kubernetes-schemas-config" --token="${USER_TOKEN}"
kubectl config set-context "kubernetes-schemas-default-${CLUSTER_NAME}" --kubeconfig="kubernetes-schemas-config" --cluster="${CLUSTER_NAME}" --user="kubernetes-schemas-default-${CLUSTER_NAME}" --namespace="default"
kubectl config use-context "kubernetes-schemas-default-${CLUSTER_NAME}" --kubeconfig="kubernetes-schemas-config"
# Test
KUBECONFIG=kubernetes-schemas-config kubectl get pods --all-namespaces
KUBECONFIG=kubernetes-schemas-config kubectl get crds

22
kubernetes/apps/default/kubernetes-schemas/app/gatus.yaml
View File

@@ -1,22 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kubernetes-schemas-gatus-ep
namespace: default
labels:
gatus.io/enabled: "true"
data:
config.yaml: |
endpoints:
- name: kubernetes-schemas
group: external
url: https://kubernetes-schemas.${SECRET_CLUSTER_DOMAIN}
interval: 1m
client:
dns-resolver: tcp://1.1.1.1:53
insecure: true
conditions:
- "[STATUS] == 200"
alerts:
- type: pushover

66
kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml
View File

@@ -1,66 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: &app kubernetes-schemas
namespace: default
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 2.4.0
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
maxHistory: 2
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
controllers:
main:
strategy: RollingUpdate
containers:
main:
image:
repository: ghcr.io/auricom/kubernetes-schemas
tag: latest@sha256:1a4f478a49e627d7d5d91277a04b84923fac0472a6e065609863f97339e1b94e
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
memory: 100Mi
service:
main:
ports:
http:
port: 8080
ingress:
main:
enabled: true
className: nginx
annotations:
external-dns.alpha.kubernetes.io/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/enable: "false"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
service:
name: main
port: http
tls:
- hosts:
- *host

9
kubernetes/apps/default/kubernetes-schemas/app/kustomization.yaml
View File

@@ -1,9 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./helmrelease.yaml
- ./gatus.yaml
- ./rbac.yaml

41
kubernetes/apps/default/kubernetes-schemas/app/rbac.yaml
View File

@@ -1,41 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubernetes-schemas
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubernetes-schemas
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-schemas
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-schemas
subjects:
- kind: ServiceAccount
name: kubernetes-schemas
namespace: default
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: kubernetes-schemas-sa
annotations:
kubernetes.io/service-account.name: "kubernetes-schemas"

17
kubernetes/apps/default/kubernetes-schemas/ks.yaml
View File

@@ -1,17 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cluster-apps-kubernetes-schemas
namespace: flux-system
spec:
path: ./kubernetes/apps/default/kubernetes-schemas/app
prune: true
sourceRef:
kind: GitRepository
name: home-ops-kubernetes
wait: false # no flux ks dependents
interval: 30m
retryInterval: 1m
timeout: 5m

1
kubernetes/apps/default/kustomization.yaml
View File

@@ -28,7 +28,6 @@ resources:
- ./komf/ks.yaml - ./komf/ks.yaml
- ./komga/ks.yaml - ./komga/ks.yaml
- ./kresus/ks.yaml - ./kresus/ks.yaml
- ./kubernetes-schemas/ks.yaml
- ./libmedium/ks.yaml - ./libmedium/ks.yaml
- ./lidarr/ks.yaml - ./lidarr/ks.yaml
- ./linkding/ks.yaml - ./linkding/ks.yaml