Added manifests

2020-05-02 18:41:31 +01:00
parent d97baf1627
commit 971ed8affc
11 changed files with 6271 additions and 6 deletions
--- a/manifests/blackhole.yaml
+++ b/manifests/blackhole.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: black-hole
+  namespace: kube-system
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: 9090
+    name: web
+  selector:
+    app: black-hole
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: black-hole
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: black-hole
+  template:
+    metadata:
+      labels:
+        app: black-hole
+    spec:
+      containers:
+      - name: black-hole
+        image: averagemarcus/black-hole:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 9090
+          name: web
+        resources:
+          limits:
+            memory: 20Mi
+            cpu: 10m
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: black-hole
+  namespace: kube-system
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        backend:
+          serviceName: black-hole
+          servicePort: 80
--- a/manifests/certmanager_1crd.yaml
+++ b/manifests/certmanager_1crd.yaml
--- a/manifests/certmanager_2chart.yaml
+++ b/manifests/certmanager_2chart.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    certmanager.k8s.io/disable-validation: "true"
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  chart:
+    repository: https://charts.jetstack.io
+    name: cert-manager
+    version: v0.14.3
+  maxHistory: 4
+  values:
+    resources:
+      requests:
+        cpu: 10m
+        memory: 32Mi
+      limits:
+        cpu: 20m
+        memory: 64Mi
+
+---
+
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: letsencrypt@marcusnoble.co.uk
+    privateKeySecretRef:
+      name: letsencrypt
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: traefik
--- a/manifests/gitea.yaml
+++ b/manifests/gitea.yaml
@@ -0,0 +1,119 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-secret-key
+  namespace: gitea
+  annotations:
+    kube-1password: 2j4lrhtz5k6eqiwato4pebu3r4
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: git
+  namespace: gitea
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: git
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: git
+  namespace: gitea
+  labels:
+    app: git
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: git
+  serviceName: "git"
+  template:
+    metadata:
+      labels:
+        app: git
+    spec:
+      containers:
+      - name: git
+        image: gitea/gitea:1.11
+        env:
+        - name: APP_NAME
+          value: "Git"
+        - name: RUN_MODE
+          value: prod
+        - name: DISABLE_SSH
+          value: "true"
+        - name: ROOT_URL
+          value: https://git.cluster.fun
+        - name: DISABLE_REGISTRATION
+          value: "true"
+        - name: DEFAULT_PRIVATE
+          value: private
+        - name: ENABLE_PUSH_CREATE_USER
+          value: "true"
+        - name: ENABLE_PUSH_CREATE_ORG
+          value: "true"
+        - name: ISSUE_PAGING_NUM
+          value: "20"
+        - name: DEFAULT_THEME
+          value: arc-green
+        - name: SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: gitea-secret-key
+              key: password
+        ports:
+        - containerPort: 3000
+          name: web
+        resources:
+          requests:
+            memory: 400Mi
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /data
+          name: git-data
+  volumeClaimTemplates:
+  - metadata:
+      name: git-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: scw-bssd-retain
+      resources:
+        requests:
+          storage: 20Gi
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: git
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - git.cluster.fun
+    secretName: git
+  rules:
+  - host: git.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: git
+          servicePort: 80
--- a/manifests/harbor_chart.yaml
+++ b/manifests/harbor_chart.yaml
@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harbor
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-values
+  namespace: harbor
+  annotations:
+    kube-1password: igey7vjjiqmj25v64eck7cyj34
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: values.yaml
+type: Opaque
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: harbor
+  namespace: harbor
+spec:
+  chart:
+    repository: https://helm.goharbor.io
+    name: harbor
+    version: 1.3.2
+  maxHistory: 4
+  skipCRDs: false
+  valuesFrom:
+  - secretKeyRef:
+      name: harbor-values
+      namespace: harbor
+      key: values.yaml
+      optional: false
+  values:
+    portal:
+      resources:
+        requests:
+          memory: 64Mi
+          cpu: 10m
+    core:
+      resources:
+        requests:
+          memory: 64Mi
+          cpu: 10m
+    jobservice:
+      resources:
+        requests:
+          memory: 64Mi
+          cpu: 10m
+    registry:
+      registry:
+        resources:
+          requests:
+            memory: 64Mi
+            cpu: 10m
+      controller:
+        resources:
+          requests:
+            memory: 64Mi
+            cpu: 10m
--- a/manifests/loki_chart.yaml
+++ b/manifests/loki_chart.yaml
@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: logging
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafana-credentials
+  namespace: logging
+  annotations:
+    kube-1password: wpynfxkdipeeacyfxkvtdsuj54
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: loki
+  namespace: logging
+spec:
+  chart:
+    repository: https://grafana.github.io/loki/charts
+    name: loki-stack
+    version: 0.36.2
+  maxHistory: 4
+  skipCRDs: false
+  values:
+    fluent-bit:
+      enabled: "true"
+    promtail:
+      enabled: "true"
+    loki:
+      persistence:
+        enabled: "true"
+        size: 10Gi
+
+# ---
+# apiVersion: helm.fluxcd.io/v1
+# kind: HelmRelease
+# metadata:
+#   name: grafana
+#   namespace: logging
+# spec:
+#   chart:
+#     repository: https://kubernetes-charts.storage.googleapis.com
+#     name: grafana
+#     version: 5.0.22
+#   maxHistory: 4
+#   skipCRDs: false
+#   values:
+#     admin:
+#       existingSecret: "grafana-credentials"
+#       userKey: username
+#       passwordKey: password
+#     persistence:
+#       enabled: "false"
+#     datasources:
+#       datasources.yaml:
+#         apiVersion: 1
+#         datasources:
+#         - name: Loki
+#           type: loki
+#           url: http://logging-loki.logging:3100
+#           access: proxy
+#           jsonData:
+#             maxLines: 1000
--- a/manifests/traefik-lb.yaml
+++ b/manifests/traefik-lb.yaml
@@ -0,0 +1,16 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: traefik-ingress-service
+  namespace: kube-system
+spec:
+  selector:
+    k8s-app: traefik-ingress-lb
+  ports:
+    - protocol: TCP
+      port: 80
+      name: http
+    - protocol: TCP
+      port: 443
+      name: https
+  type: LoadBalancer