Compare commits
	
		
			676 Commits
		
	
	
		
			4d5fee52d7
			...
			renovate/r
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| f8c635807e | |||
| 5d317815a6 | |||
| 3060651f33 | |||
| 1267aee558 | |||
| c4deb4530c | |||
| 8071aaf13c | |||
| b3507ddbb4 | |||
| bfcddd7a76 | |||
| b3aa166e16 | |||
| 2bc0b9f4df | |||
| b6b5027601 | |||
| c22d5d3428 | |||
| 6c34c4ca9e | |||
| d32d64d78e | |||
| cf3a9b9aba | |||
| 643ba071e0 | |||
| 42c7163710 | |||
| ca76486945 | |||
| a8142056c6 | |||
| 8f8bd1d7f1 | |||
| 28ce27280d | |||
| 8442208f02 | |||
| 6d9ebaf533 | |||
| b83ddcce89 | |||
| 6a5360a803 | |||
| d6ad2f1c79 | |||
| 68a06195e9 | |||
| b8e08002dd | |||
| 3fa3703b27 | |||
| 84fbd628db | |||
| 32158e4cef | |||
| 7c52a9dc34 | |||
| 8d2ab9205a | |||
| e2fafc6a7e | |||
| 375343d100 | |||
| 0eb69ef4f5 | |||
| de9197d740 | |||
| abbc4fc453 | |||
| 77d24ae009 | |||
| 193406e7df | |||
| c15da69d83 | |||
| 23a6d889f1 | |||
| 57ac458504 | |||
| e53a02014a | |||
| eefb79771f | |||
| a3f8762679 | |||
| 6e064edb7c | |||
| 0243dc08e7 | |||
| a6ce82e001 | |||
| 68d172423c | |||
| 390986ffaa | |||
| 44b8088899 | |||
| 6de863bba5 | |||
| 4ea8bf9acd | |||
| c3053250a3 | |||
| 91a3cc22b0 | |||
| d97cdc1bdc | |||
| 435cee3116 | |||
| 5950568286 | |||
| 2d6faab122 | |||
| 2eca62bf5d | |||
| aa3c98d453 | |||
| b334e52544 | |||
| 78af20ec62 | |||
| cfb3de7e76 | |||
| 627b997241 | |||
| aa1163aab9 | |||
| 3c5c5e9016 | |||
| 42328cb5f0 | |||
| f4aac5f5e6 | |||
| 87286c91d0 | |||
| 9aa1b0f522 | |||
| 2cf08255cc | |||
| 5e8e1ff294 | |||
| 556ba744f9 | |||
| 9565bee15f | |||
| 487aea3af4 | |||
| c6380f0350 | |||
| 6ce44f3132 | |||
| 63510aa4bb | |||
| f25ef5e5bb | |||
| 5ac34d3890 | |||
| 8a7ad6fa2d | |||
| 3914740922 | |||
| 56f61deeb3 | |||
| 4c406eed40 | |||
| 1ee1ba0659 | |||
| ae06bd0ab6 | |||
| 56100ba077 | |||
| bb057547a8 | |||
| 00c78fddd5 | |||
| d7be1186c7 | |||
| d4a3d5f4a7 | |||
| e59f5f6e65 | |||
| a8c0df9ee4 | |||
| 33f9840d59 | |||
| 1546086d4f | |||
| 2457da2a2a | |||
| b3ec9a50ea | |||
| ef70214fd5 | |||
| 2b635174c3 | |||
| cc6aaa1ada | |||
| 7c14d00db2 | |||
| 39b0214072 | |||
| 5d6de0a908 | |||
| 8984be1a62 | |||
| f6676c48cc | |||
| e53e6a0c9a | |||
| b395df357f | |||
| 852ae844df | |||
| 5c6bd05521 | |||
| 9a25a5263d | |||
| d600d44640 | |||
| d953074087 | |||
| 74e86f87c8 | |||
| feb0de1c9d | |||
| 83a641b34e | |||
| 5e86b0ffda | |||
| b143308932 | |||
| 810eb8ed6d | |||
| a9524e45df | |||
| 2ea10159d8 | |||
| 33085f1a54 | |||
| a7884d764b | |||
| 6903747c00 | |||
| 2217f7f101 | |||
| 40443c4be1 | |||
| 89aebf5895 | |||
| 10741683b2 | |||
| ba4ee220c1 | |||
| f55acd82a4 | |||
| 314681c10f | |||
| 9fc81a0452 | |||
| 13063eb3f8 | |||
| 96e98d7dde | |||
| 463e37635e | |||
| bc2a922951 | |||
| 05eb14776c | |||
| 9ee1014824 | |||
| ad6ec78c6a | |||
| 2947579d33 | |||
| 02f8a39dc5 | |||
| 2190a241b6 | |||
| 7093f0f211 | |||
| ac8acd2165 | |||
| b1e6442059 | |||
| 9ad5da2fe5 | |||
| 03f8bcfd35 | |||
| e426a6228b | |||
| f57d351e49 | |||
| dc69e26a94 | |||
| 0d7878cce8 | |||
| 7f85fe082d | |||
| 130d26e0ed | |||
| 39e0aa7525 | |||
| 4978dbcd80 | |||
| 6b4ffa50d2 | |||
| 0217bf4735 | |||
| b690be812c | |||
| 6ddef721ba | |||
| c17dfa5da9 | |||
| f588f2a44b | |||
| b8705dfdc9 | |||
| dcc50b0d69 | |||
| f7c15e56d5 | |||
| 1402eca48b | |||
| ebd4fbec1e | |||
| 382b517a6d | |||
| bfb8c513e3 | |||
| 38b3fe7fd7 | |||
| c107d27b29 | |||
| ea974fb72c | |||
| bf2d7d07e1 | |||
| e551a03ee1 | |||
| 9ab127c188 | |||
| 741e6076ca | |||
| c052f58667 | |||
| 2ff6f0c76d | |||
| 52dfa38d0c | |||
| 230f923c48 | |||
| a41173dc72 | |||
| a43ebd1b6c | |||
| 3aa82fa296 | |||
| 2fe02d459d | |||
| c9f96350cc | |||
| 2dfe00fd40 | |||
| 1b450acfe2 | |||
| df895b6bed | |||
| 238251b657 | |||
| 74e9162d72 | |||
| d8e7a2ce28 | |||
| 1b32d110c7 | |||
| 40bb305ff9 | |||
| 884621fd47 | |||
| fdd6416b8c | |||
| e3e0be048a | |||
| 507446aac2 | |||
| 869e8436df | |||
| 3f78cd2d2e | |||
| a2e8a14dac | |||
| 1c76f00adc | |||
| 1cd38b1ff2 | |||
| 774cae1887 | |||
| 642b90d7b5 | |||
| ae8056ff98 | |||
| 67548d0f79 | |||
| adc9441f35 | |||
| 3e765e4b0c | |||
| 1086b5334d | |||
| a4041fb853 | |||
| 9830b9d947 | |||
| 4261efc3ff | |||
| 9aae8abd53 | |||
| bb387b8bc4 | |||
| 3aadc6846b | |||
| fd5061a748 | |||
| 23e2cf7d08 | |||
| e9a5ad781c | |||
| 4894baaee3 | |||
| 7052631867 | |||
| 3fd3ae4a0d | |||
| 17fd27b383 | |||
| 85749ee068 | |||
| eb09dc0341 | |||
| e2546b9af3 | |||
| c94323fe1e | |||
| 64e9bdab0e | |||
| c57c405fc2 | |||
| cfd0236b43 | |||
| 6c63c7d3dd | |||
| 47aeb1fcc2 | |||
| abc90c925e | |||
| bc215f8efe | |||
| 00d1bf12ea | |||
| aca0ccaf31 | |||
| 3c76bd90e7 | |||
| 463e3b41f8 | |||
| e30d58c3a9 | |||
| b2e51da87a | |||
| 932a2acf31 | |||
| 412c381ffe | |||
| aff0b56fa1 | |||
| dd0e5712cd | |||
| d85e60b6e8 | |||
| ca12ae98db | |||
| d17c666e1c | |||
| c325e7f1ed | |||
| bcd6edbabb | |||
| d38f4d27ff | |||
| 98a28d7708 | |||
| 05af720e37 | |||
| 3214e5e5cb | |||
| b3187e9888 | |||
| cc9acb272e | |||
| cb56295334 | |||
| 0a7bad5eca | |||
| 7cc637784d | |||
| ea4ce92a75 | |||
| bfd5c1060d | |||
| f92d04f2e5 | |||
| d65a7b2425 | |||
| 1b3c6754c0 | |||
| 858ab70918 | |||
| ce4d7689c9 | |||
| 4f5c4f4cbe | |||
| 7d3b5903e6 | |||
| 9a87f7fd08 | |||
| b4257f8e5e | |||
| 12870a676b | |||
| afd5dd2852 | |||
| aaea56c02a | |||
| a0354f73e8 | |||
| 8260992f26 | |||
| b35963d0e2 | |||
| f38e67a27f | |||
| a78314870b | |||
| bdd63dd931 | |||
| cfb7df2284 | |||
| 99d6735566 | |||
| 1279c8021a | |||
| 2063a41276 | |||
| 46492eb102 | |||
| 4f439b2945 | |||
| 41307f592d | |||
| 840e82d2b6 | |||
| cf237c5511 | |||
| 88034e2ace | |||
| f91b4ed999 | |||
| 7a7721dcb0 | |||
| d88a3cc3a3 | |||
| 265266aeaf | |||
| 9db266845b | |||
| 071bdc5430 | |||
| 5361b55235 | |||
| eaf3ad07fb | |||
| 92860e6722 | |||
| d77f8c336a | |||
| 2a3eb40a7b | |||
| 4feceaa825 | |||
| 1158fefb62 | |||
| be39341776 | |||
| ebd19ac221 | |||
| a2418505e1 | |||
| e8c9322a1d | |||
| e9c5def271 | |||
| 859b3b0bfa | |||
| e4178332e0 | |||
| b2b292cc72 | |||
| a78cd55bed | |||
| 2c237322d9 | |||
| 1cf7308b3a | |||
| ad7d0d3da5 | |||
| 409331495b | |||
| 25233e5a94 | |||
| ea74e0ea8a | |||
| fc4ecd125e | |||
| 9c77295110 | |||
| bc8b0b33c8 | |||
| b2f3411f3e | |||
| c1054c5f56 | |||
| 08b7b65060 | |||
| be4eface3b | |||
| 0f9a96f92d | |||
| b9fb30c69a | |||
| aa244425a5 | |||
| 7dc1627e7c | |||
| 96017eb7bd | |||
| 5ecc742ed3 | |||
| f384617395 | |||
| 3a8e8743d3 | |||
| 5d6a0a72aa | |||
| 3b44d94de6 | |||
| 32158cd644 | |||
| de161c7fa7 | |||
| d2104909e0 | |||
| 9741310c8f | |||
| 41437d29a4 | |||
| 19d224e464 | |||
| 8703948897 | |||
| ae72f8eed2 | |||
| 34c8d19f5e | |||
| f5c04721a3 | |||
| a211ca5dab | |||
| 63cf839be5 | |||
| 08462c22aa | |||
| 2ad1b24606 | |||
| c5d53e005a | |||
| 983252387f | |||
| 2e7589074e | |||
| 10a0afc40d | |||
| 5cec671f7c | |||
| 3004031168 | |||
| cb138bef7c | |||
| 94ea1b0af0 | |||
| 45453891f4 | |||
| 3f06cb6d34 | |||
| 816eb8fe47 | |||
| 58fea21b12 | |||
| d081adfaa7 | |||
| 8ce7ad44a2 | |||
| 716cb13554 | |||
| fd514010de | |||
| 3e6283f3cf | |||
| 042c1893a0 | |||
| e2e7824b87 | |||
| 05befb22ce | |||
| f875d70d47 | |||
| 54ce0b2493 | |||
| 19927b7f74 | |||
| d09fdd7d9f | |||
| 8129308233 | |||
| 5867767855 | |||
| a8e9d833b2 | |||
| 485babde8f | |||
| 8353e4265b | |||
| 98d8e6d401 | |||
| 9e45679ad4 | |||
| b007129227 | |||
| 67c1eed94c | |||
| a69d9ff889 | |||
| 2f913e28e2 | |||
| 1acc9a37dd | |||
| f6470cd7e0 | |||
| d132bc1425 | |||
| bbf95dcacf | |||
| 824b6180b9 | |||
| 6b749fcfee | |||
| dd4a1b3a9b | |||
| 93655254b4 | |||
| cfd735a321 | |||
| 7f8129a018 | |||
| da8817129a | |||
| b178ac76b5 | |||
| dd153a5f5b | |||
| 19d6b591a4 | |||
| bc2ed5e722 | |||
| bed6cd8290 | |||
| a7488600fe | |||
| 8e7a436539 | |||
| 5e4743cad6 | |||
| 775fcf79d5 | |||
| 12c92f479b | |||
| 739ab2f72d | |||
| c8f60a14f7 | |||
| afaa397ae7 | |||
| 1886c5a607 | |||
| 67543bf069 | |||
| 4cced131e4 | |||
| 060c3fc7ab | |||
| 65693be5f9 | |||
| 0731f530fc | |||
| 5fdba25a68 | |||
| 3c7d2b6222 | |||
| 38b1cfcc6d | |||
| 5b1cb64952 | |||
| 4b44300c64 | |||
| f6a1d168e6 | |||
| 145834f1f2 | |||
| 60df7fc978 | |||
| 1645a58983 | |||
| 6c797b065d | |||
| 62b1f07a25 | |||
| 7ba4790ad6 | |||
| 7b802d609d | |||
| 175fc1d793 | |||
| 021af5f21a | |||
| d99fd4e14f | |||
| e91e7f2ff0 | |||
| 073f0762b6 | |||
| c9def8c898 | |||
| 9c555e71cb | |||
| e6d8a83893 | |||
| 1fe7ed11b5 | |||
| eeddd81477 | |||
| c878a4141b | |||
| 49f0751204 | |||
| 199626171e | |||
| e489a8bf46 | |||
| 53c8b7473a | |||
| dcebd98cf1 | |||
| 44df066c3f | |||
| 5a8802a5df | |||
| 45c4c40560 | |||
| da732bea82 | |||
| f5a614a908 | |||
| 63c576f618 | |||
| cb460655d4 | |||
| 4eb5ed6e52 | |||
| 80f44fd1be | |||
| 3449bc4ced | |||
| ed914c6c67 | |||
| 46f0491624 | |||
| e26f7c6bcb | |||
| f10eb64976 | |||
| 0a0f485efe | |||
| 36b88cf203 | |||
| 868d943d98 | |||
| 487f196f19 | |||
| ddeaa3ff6b | |||
| 98a328c9f9 | |||
| 986bbc8cf3 | |||
| f99805a17d | |||
| f4276e84c0 | |||
| d76359865c | |||
| 1afc3389dd | |||
| a9f315285c | |||
| 4960a154bc | |||
| 796cd47feb | |||
| d2573ea366 | |||
| 74abd9bc4c | |||
| be2f909c02 | |||
| 0e7ca10f4f | |||
| 9e4bce69a1 | |||
| a1bd2c8015 | |||
| 08c5908e19 | |||
| 88f58f532c | |||
| 90cbce39ae | |||
| b82ab5afde | |||
| c46a9408aa | |||
| 8947985b9d | |||
| 0d1cbde25a | |||
| 1e23ca1950 | |||
| 436144d0b8 | |||
| eca92c1c12 | |||
| 30606b250a | |||
| 64902c85a5 | |||
| 4bbf882ded | |||
| afc5bf89e7 | |||
| aca20a5330 | |||
| 78fe61e5aa | |||
| cf87b1aaf9 | |||
| 1544ec48b4 | |||
| 532b25db2d | |||
| c339a55ded | |||
| 58f25cfff5 | |||
| a7658b8b51 | |||
| 603e63f417 | |||
| f3de3ca716 | |||
| 3f0210ee20 | |||
| 0a324503e7 | |||
| 7677e529ce | |||
| bdc526e95f | |||
| c3f3892308 | |||
| cb3f95cb3a | |||
| 17d1067ed7 | |||
| 6be3ed860c | |||
| 001d394054 | |||
| 96af1f81b2 | |||
| ffed1d4568 | |||
| 448dffeb9f | |||
| c2b03e5ecb | |||
| f96e1141e3 | |||
| e218c7f6d7 | |||
| cb5aee8b81 | |||
| 668d577577 | |||
| 8f1735c0c6 | |||
| dfded700da | |||
| f2ac4a2689 | |||
| 720e8e4ab9 | |||
| 4b9aa183a5 | |||
| 8a4abbfe9a | |||
| 6533bd638a | |||
| 45f684e938 | |||
| 98fc622b8a | |||
| 28c2d885fe | |||
| 4378dbb2b4 | |||
| 426c264795 | |||
| 22c7ef9096 | |||
| 9d3ed10203 | |||
| 76cb270f66 | |||
| 0ef71ad036 | |||
| 7a87d8e170 | |||
| a1a6d099b5 | |||
| b485ff23e3 | |||
| fb2332dbb1 | |||
| 010b062164 | |||
| c1c87c364b | |||
| 512c3a0ed6 | |||
| cb90821a1a | |||
| 832bebf2b1 | |||
| c8269e6e02 | |||
| 4520d7aa84 | |||
| b7773cdac4 | |||
| 085649aefe | |||
| 7896a2bba0 | |||
| 7bea33cce3 | |||
| 977844d42b | |||
| 8b31c62888 | |||
| 04796de0a4 | |||
| e57a35d1e0 | |||
| bc2846c8a9 | |||
| a834d134f1 | |||
| 7b460e7a60 | |||
| 21630315f8 | |||
| 5ec8620d73 | |||
| 9f96c2218c | |||
| 3fb3f90a34 | |||
| 2b1b8d4737 | |||
| b623e6998e | |||
| 6c5b3d7780 | |||
| 6a09d7b485 | |||
| afed1748d1 | |||
| 7410373f95 | |||
| 706b36cbfb | |||
| 66dd42aea2 | |||
| 69994d9583 | |||
| 2877de22f8 | |||
| d3f877c05e | |||
| a682eaf0f2 | |||
| 80ddd8d242 | |||
| be42463829 | |||
| a62d17d749 | |||
| ec008c4d78 | |||
| fa35a3f097 | |||
| 79487a64c6 | |||
| 653513d038 | |||
| 7b74ffb29b | |||
| 328ab501f2 | |||
| a45a77689f | |||
| 75b03367ee | |||
| 322fc13487 | |||
| ba14dd468c | |||
| 2aeb87d51a | |||
| 22528590a1 | |||
| f1d7ca5d8e | |||
| dbfb103a9d | |||
| 5d575d85ab | |||
| b8454a994d | |||
| 35f0464d70 | |||
| d0821ac14b | |||
| ca45361327 | |||
| d5598b238b | |||
| 397e939d43 | |||
| fe02c5dfc1 | |||
| bc9a2de2c2 | |||
| b35719db57 | |||
| de1a002ded | |||
| a0e2c4b9fb | |||
| 487e0b2dc7 | |||
| ab77992610 | |||
| 587378d70d | |||
| 7a9ed2117f | |||
| f72cd2f2c9 | |||
| 14a547b29b | |||
| a66d7899aa | |||
| fd90cbd625 | |||
| 9e870647e2 | |||
| a556fc70fc | |||
| fad75368d2 | |||
| 68784401e3 | |||
| 972cc92010 | |||
| 342756091b | |||
| 78ad15eb42 | |||
| 77ea699aea | |||
| 3bd0a612d9 | |||
| 6636f2dc68 | |||
| 888c08993f | |||
| 44e5d225ec | |||
| c4bea33196 | |||
| f998fbf064 | |||
| bb927b37fa | |||
| 437daf558f | |||
| 8f2e23e567 | |||
| 23f2788cb2 | |||
| 088d7b723a | |||
| 64224ecaef | |||
| 855d0f912a | |||
| 3283532827 | |||
| 12d95014f3 | |||
| 3a3fe19e45 | |||
| 44ac929426 | |||
| c773da7a80 | |||
| 2c4742c223 | |||
| 3284df8454 | |||
| f139ae99f6 | |||
| c0daa2015e | |||
| e18b93fc10 | |||
| dc864c2526 | |||
| 8a56be8984 | |||
| 19f30bbd5f | |||
| 58fdf25648 | |||
| 90edafb551 | |||
| aba66b0a40 | |||
| 3db58629ef | |||
| a2f15c2bac | |||
| f9683e1077 | |||
| 4ef3ad59e2 | |||
| 43dcf03369 | |||
| dc21668757 | |||
| e3140c1ce7 | |||
| afb4bf7b30 | |||
| 43791c090f | |||
| 49973c99bd | |||
| 56f49cd019 | |||
| d7b0a7c085 | |||
| af19281361 | |||
| 3de1b7260d | |||
| 29f8f9e030 | |||
| fca1f1f229 | |||
| a9ac475735 | |||
| 6dc2df95ae | |||
| 733a1f1709 | |||
| 1e9d1ead71 | |||
| b2c4cfaf73 | |||
| b8597d2374 | |||
| aa022adccd | |||
| 0724ed7cb3 | |||
| d82ac5e79f | |||
| 1fca815018 | |||
| ae5ec8dadc | |||
| d00e26ca38 | |||
| e76c867d31 | |||
| 52a2c85777 | |||
| cb5f6a52f4 | |||
| e0dd3eaa21 | |||
| 9cd13d0f9a | 
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: base64 | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/base64 | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -22,8 +22,5 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
| --- | ||||
|   | ||||
| @@ -1,17 +1,17 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: proxy-civo | ||||
|   name: bsky-screenshot | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: proxy-civo | ||||
|     name: civo | ||||
|     namespace: bsky-screenshot | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/proxy-civo | ||||
|     path: manifests/bsky-screenshot | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cel-tester | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/cel-tester | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|   | ||||
| @@ -1,27 +1,3 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cert-manager-civo | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cert-manager | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/certmanager-civo | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
|  | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: civo-versions | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/civo-versions | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -1,17 +1,17 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-tank | ||||
|   name: cors-proxy | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: tank | ||||
|     namespace: cors-proxy | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/tank | ||||
|     path: manifests/cors-proxy | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cv | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/cv | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -22,8 +22,5 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
| --- | ||||
|   | ||||
| @@ -22,8 +22,5 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
| --- | ||||
|   | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: feed-fetcher | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/feed-fetcher | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
							
								
								
									
										35
									
								
								manifests/_apps/goldilocks.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								manifests/_apps/goldilocks.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
|  | ||||
| # apiVersion: argoproj.io/v1alpha1 | ||||
| # kind: Application | ||||
| # metadata: | ||||
| #   name: cluster-fun-goldilocks | ||||
| #   namespace: argocd | ||||
| #   finalizers: | ||||
| #   - resources-finalizer.argocd.argoproj.io | ||||
| # spec: | ||||
| #   project: cluster.fun | ||||
| #   destination: | ||||
| #     namespace: goldilocks | ||||
| #     name: cluster-fun (v2) | ||||
| #   source: | ||||
| #     repoURL: 'https://charts.fairwinds.com/stable' | ||||
| #     targetRevision: 10.1.0 | ||||
| #     chart: goldilocks | ||||
| #     helm: | ||||
| #       version: v3 | ||||
| #       values: |- | ||||
| #         vpa: | ||||
| #           enabled: true | ||||
| #         controller: | ||||
| #           flags: | ||||
| #             on-by-default: true | ||||
| #         dashboard: | ||||
| #           flags: | ||||
| #             on-by-default: true | ||||
| #           replicaCount: 1 | ||||
| #   syncPolicy: | ||||
| #     automated: {} | ||||
| #     syncOptions: | ||||
| #       - CreateNamespace=true | ||||
|  | ||||
| # --- | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: goplayground | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/goplayground | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|   | ||||
| @@ -1,23 +1,23 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-matrix | ||||
|   name: cluster-fun-grist | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: chat | ||||
|     namespace: grist | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/matrix_chart | ||||
|     path: manifests/grist | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: link | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/link | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|   | ||||
| @@ -22,8 +22,5 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
| --- | ||||
|   | ||||
| @@ -1,29 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-mastodon-digest | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: mastodon-digest | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/mastodon-digest | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
| @@ -1,28 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: mastodon-to-airtable | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/mastodon-to-airtable | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| @@ -22,8 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
|   | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: opengraph | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/opengraph | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -1,7 +1,7 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: traefik-civo | ||||
|   name: cluster-fun-priority-classes | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| @@ -9,9 +9,9 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: kube-system | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/traefik | ||||
|     path: manifests/priority-classes | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
| @@ -22,3 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: qr | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/qr | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -22,8 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
|   | ||||
| @@ -1,17 +1,17 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: monitoring-civo | ||||
|   name: social-to-rolodex | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: monitoring | ||||
|     name: civo | ||||
|     namespace: social-to-rolodex | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/monitoring-civo | ||||
|     path: manifests/social-to-rolodex | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
| @@ -22,3 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| 
 | ||||
| @@ -1,29 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-starling | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: starling | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/starling | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: svg-to-dxf | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/svg-to-dxf | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: talks | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/talks | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: text-to-dxf | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/text-to-dxf | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -9,7 +9,7 @@ spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: til | ||||
|     name: civo | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/til | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
| @@ -22,7 +22,4 @@ spec: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
|  | ||||
|   | ||||
| @@ -1,28 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: tweetsvg | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: tweetsvg | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/tweetsvg | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| @@ -1,29 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-twitter-profile-pic | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: twitter-profile-pic | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/twitter-profile-pic | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
| @@ -1,28 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: twitter-to-airtable | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: twitter-to-airtable | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/twitter-to-airtable | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| @@ -1,17 +1,17 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-wallabag | ||||
|   name: yay-or-nay | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: wallabag | ||||
|     namespace: yay-or-nay | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/wallabag | ||||
|     path: manifests/yay-or-nay | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
| @@ -23,10 +23,13 @@ spec: | ||||
|     - sonarr.cluster.fun | ||||
|     - lidarr.cluster.fun | ||||
|     - prowlarr.cluster.fun | ||||
|     - mylarr.cluster.fun | ||||
|     - transmission.cluster.fun | ||||
|     - tekton.cluster.fun | ||||
|     - changedetection.cluster.fun | ||||
|     - grafana.cluster.fun | ||||
|     - podgrab.cluster.fun | ||||
|     - stablediffusion.cluster.fun | ||||
|     secretName: auth-proxy-ingress | ||||
|   rules: | ||||
|   - host: downloads.cluster.fun | ||||
| @@ -199,3 +202,33 @@ spec: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: podgrab.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: mylarr.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: stablediffusion.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   | ||||
| @@ -6,11 +6,18 @@ metadata: | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" | ||||
|     nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: 25m | ||||
|     nginx.ingress.kubernetes.io/client-body-buffer-size: 25m | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - hello-world.cluster.fun | ||||
|     - ombi.cluster.fun | ||||
|     - bsky-feeds.cluster.fun | ||||
|     - ai.cluster.fun | ||||
|     secretName: non-auth-proxy-ingress | ||||
|   rules: | ||||
|   - host: hello-world.cluster.fun | ||||
| @@ -23,3 +30,33 @@ spec: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: non-auth | ||||
|   - host: ombi.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: non-auth | ||||
|   - host: bsky-feeds.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: non-auth | ||||
|   - host: ai.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: non-auth | ||||
|   | ||||
| @@ -38,6 +38,7 @@ spec: | ||||
|       labels: | ||||
|         app: internal-proxy | ||||
|     spec: | ||||
|       priorityClassName: critical | ||||
|       serviceAccountName: default | ||||
|       dnsPolicy: ClusterFirst | ||||
|       dnsConfig: | ||||
| @@ -49,7 +50,7 @@ spec: | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: PROXY_DESTINATION | ||||
|           value: talos.averagemarcus.github.beta.tailscale.net | ||||
|           value: talos.tail4dfb.ts.net | ||||
|         - name: PORT | ||||
|           value: "8080" | ||||
|         - name: TS_AUTH_KEY | ||||
| @@ -67,7 +68,7 @@ spec: | ||||
|           mountPath: /config/ | ||||
|  | ||||
|       - name: oauth-proxy | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 | ||||
|         args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
| @@ -101,9 +102,9 @@ spec: | ||||
|           protocol: TCP | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|             memory: 80Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|             memory: 80Mi | ||||
|       volumes: | ||||
|       - name: host-mappings | ||||
|         configMap: | ||||
|   | ||||
| @@ -29,6 +29,7 @@ spec: | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       priorityClassName: low | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/base64:latest | ||||
| @@ -49,11 +50,10 @@ metadata: | ||||
|   namespace: base64 | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - base64.cluster.fun | ||||
|   | ||||
							
								
								
									
										69
									
								
								manifests/bsky-screenshot/bsky-screenshot.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								manifests/bsky-screenshot/bsky-screenshot.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: bsky-screenshot | ||||
|   namespace: bsky-screenshot | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: bsky-screenshot | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: bsky-screenshot | ||||
|   namespace: bsky-screenshot | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: bsky-screenshot | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: bsky-screenshot | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/bsky-screenshot:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 105Mi | ||||
|           requests: | ||||
|             memory: 105Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: bsky-screenshot | ||||
|   namespace: bsky-screenshot | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - bsky-screenshot.cluster.fun | ||||
|     secretName: bsky-screenshot-ingress | ||||
|   rules: | ||||
|   - host: bsky-screenshot.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: bsky-screenshot | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| @@ -47,11 +47,10 @@ metadata: | ||||
|   namespace: cel-tester | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - cel-tester.cluster.fun | ||||
|   | ||||
| @@ -1,23 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: cert-manager | ||||
|   labels: | ||||
|     certmanager.k8s.io/disable-validation: "true" | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: cert-manager.io/v1 | ||||
| kind: ClusterIssuer | ||||
| metadata: | ||||
|   name: letsencrypt | ||||
| spec: | ||||
|   acme: | ||||
|     server: https://acme-v02.api.letsencrypt.org/directory | ||||
|     email: letsencrypt@marcusnoble.co.uk | ||||
|     privateKeySecretRef: | ||||
|       name: letsencrypt | ||||
|     solvers: | ||||
|     - http01: | ||||
|         ingress: | ||||
|           class: traefik | ||||
| @@ -38,6 +38,7 @@ spec: | ||||
|       labels: | ||||
|         app: civo-versions | ||||
|     spec: | ||||
|       priorityClassName: low | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/civo-versions:latest | ||||
| @@ -66,11 +67,10 @@ metadata: | ||||
|   namespace: civo-versions | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - civo-versions.cluster.fun | ||||
|   | ||||
							
								
								
									
										81
									
								
								manifests/cors-proxy/cors-proxy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										81
									
								
								manifests/cors-proxy/cors-proxy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,81 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: cors-proxy | ||||
|   namespace: cors-proxy | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 8000 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: cors-proxy | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: cors-proxy | ||||
|   namespace: cors-proxy | ||||
| spec: | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: cors-proxy | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: cors-proxy | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/cors-proxy:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           name: web | ||||
|         env: | ||||
|         - name: ALLOWLIST | ||||
|           value: cdn.bsky.app | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 184M | ||||
|           limits: | ||||
|             memory: 184M | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: cors-proxy | ||||
|   namespace: cors-proxy | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - cors-proxy.cluster.fun | ||||
|     - cors-proxy.marcusnoble.co.uk | ||||
|     secretName: cors-proxy-ingress | ||||
|   rules: | ||||
|   - host: cors-proxy.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: cors-proxy | ||||
|             port: | ||||
|               number: 80 | ||||
|   - host: cors-proxy.marcusnoble.co.uk | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: cors-proxy | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -62,11 +62,10 @@ metadata: | ||||
|   namespace: cv | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - cv.marcusnoble.co.uk | ||||
|   | ||||
| @@ -81,7 +81,7 @@ spec: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: dashboard-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|   | ||||
| @@ -34,6 +34,11 @@ spec: | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 80M | ||||
|           limits: | ||||
|             memory: 80M | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| @@ -42,11 +47,10 @@ metadata: | ||||
|   namespace: feed-fetcher | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - feed-fetcher.cluster.fun | ||||
|   | ||||
| @@ -40,9 +40,10 @@ spec: | ||||
|       labels: | ||||
|         app: git | ||||
|     spec: | ||||
|       priorityClassName: critical | ||||
|       containers: | ||||
|       - name: git | ||||
|         image: gitea/gitea:1.22.1 | ||||
|         image: gitea/gitea:1.24.6 | ||||
|         env: | ||||
|         - name: APP_NAME | ||||
|           value: "Git" | ||||
| @@ -76,7 +77,7 @@ spec: | ||||
|           name: web | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 400Mi | ||||
|             memory: 800Mi | ||||
|         volumeMounts: | ||||
|         - mountPath: /data | ||||
|           name: git-data | ||||
|   | ||||
| @@ -29,7 +29,7 @@ spec: | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: x1unix/go-playground:2.0.1 | ||||
|         image: x1unix/go-playground:2.5.7 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
| @@ -47,11 +47,10 @@ metadata: | ||||
|   namespace: goplayground | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - go.cluster.fun | ||||
|   | ||||
							
								
								
									
										177
									
								
								manifests/grist/grist.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										177
									
								
								manifests/grist/grist.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,177 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: grist | ||||
|   namespace: grist | ||||
|   labels: | ||||
|     app.kubernetes.io/name: grist | ||||
|   annotations: | ||||
|     kube-1password: bpagsbvdrwomghyeowdgauytqq | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: grist | ||||
|   namespace: grist | ||||
|   labels: | ||||
|     app.kubernetes.io/name: grist | ||||
| --- | ||||
| kind: PersistentVolumeClaim | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: grist-data | ||||
|   namespace: grist | ||||
|   labels: | ||||
|     app.kubernetes.io/name: grist | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: "1Gi" | ||||
|   storageClassName: "sbs-default-retain" | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: grist | ||||
|   namespace: grist | ||||
|   labels: | ||||
|     app.kubernetes.io/name: grist | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|     - port: 80 | ||||
|       targetPort: 8484 | ||||
|       protocol: TCP | ||||
|       name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: grist | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: grist | ||||
|   namespace: grist | ||||
|   labels: | ||||
|     app.kubernetes.io/name: grist | ||||
|   annotations: | ||||
|     secret.reloader.stakater.com/reload: "grist" | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: grist | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: grist | ||||
|     spec: | ||||
|       serviceAccountName: grist | ||||
|       priorityClassName: critical | ||||
|       containers: | ||||
|         - name: grist | ||||
|           image: gristlabs/grist-oss:1.7.4 | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 8484 | ||||
|               protocol: TCP | ||||
|           livenessProbe: | ||||
|             tcpSocket: | ||||
|               port: http | ||||
|           readinessProbe: | ||||
|             tcpSocket: | ||||
|               port: http | ||||
|           env: | ||||
|             - name: APP_HOME_URL | ||||
|               value: https://grist.cluster.fun | ||||
|             - name:  APP_DOC_URL | ||||
|               value: https://grist.cluster.fun | ||||
|             - name: APP_HOME_INTERNAL_URL | ||||
|               value: http://grist.grist.svc | ||||
|             - name:  APP_DOC_INTERNAL_URL | ||||
|               value: http://grist.grist.svc | ||||
|             - name: GRIST_SINGLE_ORG | ||||
|               value: default | ||||
|             - name: GRIST_TELEMETRY_LEVEL | ||||
|               value: "off" | ||||
|             - name: GRIST_ANON_PLAYGROUND | ||||
|               value: "false" | ||||
|             - name: GRIST_FORCE_LOGIN | ||||
|               value: "true" | ||||
|             - name: GRIST_SANDBOX_FLAVOR | ||||
|               value: gvisor | ||||
|           resources: | ||||
|             requests: | ||||
|               memory: 300M | ||||
|             limits: | ||||
|               memory: 300M | ||||
|           securityContext: | ||||
|             capabilities: | ||||
|               add: | ||||
|               - SYS_PTRACE | ||||
|           envFrom: | ||||
|           - secretRef: | ||||
|               name: grist | ||||
|           volumeMounts: | ||||
|             - name: data | ||||
|               mountPath: /persist | ||||
|       volumes: | ||||
|         - name: data | ||||
|           persistentVolumeClaim: | ||||
|             claimName: grist-data | ||||
| --- | ||||
| apiVersion: autoscaling/v2 | ||||
| kind: HorizontalPodAutoscaler | ||||
| metadata: | ||||
|   name: grist | ||||
|   namespace: grist | ||||
|   labels: | ||||
|     app.kubernetes.io/name: grist | ||||
| spec: | ||||
|   scaleTargetRef: | ||||
|     apiVersion: apps/v1 | ||||
|     kind: Deployment | ||||
|     name: grist | ||||
|   minReplicas: 1 | ||||
|   maxReplicas: 3 | ||||
|   metrics: | ||||
|     - type: Resource | ||||
|       resource: | ||||
|         name: cpu | ||||
|         target: | ||||
|           type: Utilization | ||||
|           averageUtilization: 80 | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: grist | ||||
|   namespace: grist | ||||
|   labels: | ||||
|     app.kubernetes.io/name: grist | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - grist.cluster.fun | ||||
|     secretName: grist-ingress | ||||
|   rules: | ||||
|     - host: "grist.cluster.fun" | ||||
|       http: | ||||
|         paths: | ||||
|           - path: / | ||||
|             pathType: ImplementationSpecific | ||||
|             backend: | ||||
|               service: | ||||
|                 name: grist | ||||
|                 port: | ||||
|                   number: 80 | ||||
| @@ -24,6 +24,17 @@ data: | ||||
|     rejekts23: https://noti.st/averagemarcus/Bi7qLP/webhooks-whats-the-worst-that-could-happen | ||||
|     rejekts24: https://speaking.marcusnoble.co.uk/pg46DB/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes | ||||
|     lopug24: https://speaking.marcusnoble.co.uk/I6dyx4/webhooks-whats-the-worst-that-could-happen | ||||
|     kcduk24: https://speaking.marcusnoble.co.uk/0qcuN9/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes | ||||
|     rejektsna24: https://speaking.marcusnoble.co.uk/dALiFY/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes | ||||
|     kcddk24: https://speaking.marcusnoble.co.uk/FU4W7x/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes | ||||
|     cndoslo: https://speaking.marcusnoble.co.uk/j5M53P/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes | ||||
|     rejekts25: https://speaking.marcusnoble.co.uk/AXARFf/pod-deep-dive-everything-you-didnt-know-you-needed-to-know | ||||
|     kcdbudapest: https://speaking.marcusnoble.co.uk/43QLpx/the-future-of-kubernetes-admission-logic | ||||
|     kcdczechslovak: https://speaking.marcusnoble.co.uk/Np2xUv/pod-deep-dive-the-interesting-bits | ||||
|     cnsmunich: https://speaking.marcusnoble.co.uk/HqYcp2/pod-deep-dive-the-interesting-bits | ||||
|     cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0 | ||||
|     containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic | ||||
|     containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| @@ -58,6 +69,7 @@ spec: | ||||
|       labels: | ||||
|         app: link | ||||
|     spec: | ||||
|       priorityClassName: critical | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/link:latest | ||||
| @@ -80,11 +92,10 @@ metadata: | ||||
|   namespace: link | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - go-get.link | ||||
|   | ||||
| @@ -1,229 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .dockerconfigjson | ||||
| type: kubernetes.io/dockerconfigjson | ||||
| data: | ||||
|   .dockerconfigjson: e30= | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-digest-auth | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     kube-1password: bfklz3yi3dn4e7xtsbttcvhata | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: config | ||||
|   namespace: mastodon-digest | ||||
|   labels: | ||||
|     app: mastodon-digest | ||||
| data: | ||||
|   config.json: | | ||||
|     [ | ||||
|       { | ||||
|         "timeline": "home", | ||||
|         "hours": 12, | ||||
|         "scorer": "ExtendedSimpleWeighted", | ||||
|         "threshold": "lax", | ||||
|         "output": "/usr/share/nginx/html/home/" | ||||
|       }, | ||||
|       { | ||||
|         "timeline": "federated", | ||||
|         "hours": 12, | ||||
|         "scorer": "ExtendedSimpleWeighted", | ||||
|         "threshold": "lax", | ||||
|         "output": "/usr/share/nginx/html/federated/" | ||||
|       } | ||||
|     ] | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: index | ||||
|   namespace: mastodon-digest | ||||
|   labels: | ||||
|     app: mastodon-digest | ||||
| data: | ||||
|   index.html: | | ||||
|     <!DOCTYPE html> | ||||
|     <html lang="en"> | ||||
|     <head> | ||||
|         <meta chartset="utf-8" /> | ||||
|         <meta name="viewport" content="width=device-width, initial-scale=1" /> | ||||
|         <title>Mastodon Digest</title> | ||||
|         <style> | ||||
|         body { background-color: #292c36; font-family: "Arial", sans-serif; } | ||||
|         div#container { margin: auto; max-width: 640px; padding: 10px; text-align: center; margin: 0 auto; } | ||||
|         .links { align: center; } | ||||
|         h1 { color: white; } | ||||
|         a.button { background: #595aff; color: #fff; line-height: 1.2; min-height: 38px; min-width: 88px; padding: 0 30px; border: 0; border-radius: 6px;; display: inline-flex; justify-content: center; align-items: center; } | ||||
|     </style> | ||||
|     </head> | ||||
|     <body> | ||||
|         <div id="container"> | ||||
|             <h1>Mastodon Digest</h1> | ||||
|             <section class="links"> | ||||
|                 <a href="home/" class="button">Home</a> | ||||
|                 <a href="federated/" class="button">Federated</a> | ||||
|             </section> | ||||
|         </div> | ||||
|     </body> | ||||
|     </html> | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: auth | ||||
|     name: web | ||||
|   selector: | ||||
|     app: mastodon-digest | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: mastodon-digest | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: mastodon-digest | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://localhost:80 | ||||
|         - --http-address=$(HOST_IP):8000 | ||||
|         - --redirect-url=https://mastodon-digest.cluster.fun/oauth2/callback | ||||
|         - --email-domain=marcusnoble.co.uk | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: mastodon-digest-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: mastodon-digest-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           protocol: TCP | ||||
|           name: auth | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|  | ||||
|       - name: web | ||||
|         image: nginx:stable | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         volumeMounts: | ||||
|         - name: html | ||||
|           mountPath: /usr/share/nginx/html | ||||
|         - name: index | ||||
|           mountPath: /usr/share/nginx/html/index.html | ||||
|           subPath: index.html | ||||
|  | ||||
|       - name: digest | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/mastodon-digest:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: CONFIG_FILE | ||||
|           value: /config.json | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: mastodon-digest | ||||
|         volumeMounts: | ||||
|         - name: config | ||||
|           mountPath: /config.json | ||||
|           subPath: config.json | ||||
|         - name: html | ||||
|           mountPath: /usr/share/nginx/html | ||||
|       volumes: | ||||
|       - name: html | ||||
|         emptyDir: {} | ||||
|       - name: config | ||||
|         configMap: | ||||
|           name: config | ||||
|       - name: index | ||||
|         configMap: | ||||
|           name: index | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - mastodon-digest.cluster.fun | ||||
|     secretName: mastodon-digest-ingress | ||||
|   rules: | ||||
|   - host: mastodon-digest.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: mastodon-digest | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,151 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .dockerconfigjson | ||||
| type: kubernetes.io/dockerconfigjson | ||||
| data: | ||||
|   .dockerconfigjson: e30= | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-to-airtable-auth | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     kube-1password: kizmkmbndgu3ryrox3csev4mim | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: auth | ||||
|     name: web | ||||
|   selector: | ||||
|     app: mastodon-to-airtable | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: mastodon-to-airtable | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: mastodon-to-airtable | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://localhost:8080 | ||||
|         - --http-address=$(HOST_IP):8000 | ||||
|         - --redirect-url=https://mastodon-to-airtable.cluster.fun/oauth2/callback | ||||
|         - --email-domain=marcusnoble.co.uk | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: mastodon-to-airtable-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: mastodon-to-airtable-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           protocol: TCP | ||||
|           name: auth | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/mastodon-to-airtable:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: PORT | ||||
|           value: "8080" | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: "mastodon-to-airtable" | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|  | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - mastodon-to-airtable.cluster.fun | ||||
|     secretName: mastodon-to-airtable-ingress | ||||
|   rules: | ||||
|   - host: mastodon-to-airtable.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: mastodon-to-airtable | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,545 +0,0 @@ | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: matrix | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - matrix.cluster.fun | ||||
|     secretName: matrix-ingress | ||||
|   rules: | ||||
|   - host: matrix.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: /.well-known/matrix | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: well-known | ||||
|             port: | ||||
|               number: 80 | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: matrix-synapse | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: riot | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - chat.cluster.fun | ||||
|     secretName: riot-ingress | ||||
|   rules: | ||||
|   - host: chat.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: matrix-riot | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "well-known" | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: well-known | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: well-known | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: nginx | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         volumeMounts: | ||||
|         - name: well-known | ||||
|           mountPath: /usr/share/nginx/html/.well-known/matrix | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 15Mi | ||||
|           requests: | ||||
|             memory: 15Mi | ||||
|       volumes: | ||||
|       - name: well-known | ||||
|         configMap: | ||||
|           name: well-known | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 80 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: well-known | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
| data: | ||||
|   server: |- | ||||
|     { | ||||
|       "m.server": "matrix.cluster.fun:443" | ||||
|     } | ||||
|  | ||||
|  | ||||
| --- | ||||
|  | ||||
|  | ||||
| # Source: matrix/templates/riot/configmap.yaml | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: matrix-riot-config | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| data: | ||||
|   config.json: | | ||||
|     { | ||||
|       "default_server_config": { | ||||
|         "m.homeserver": { | ||||
|           "base_url": "https://matrix.cluster.fun" | ||||
|         } | ||||
|       }, | ||||
|       "brand": "Element", | ||||
|       "branding": {}, | ||||
|       "integrations_ui_url": "https://scalar.vector.im/", | ||||
|       "integrations_rest_url": "https://scalar.vector.im/api", | ||||
|       "integrations_widgets_urls": [ | ||||
|         "https://scalar.vector.im/_matrix/integrations/v1", | ||||
|         "https://scalar.vector.im/api", | ||||
|         "https://scalar-staging.vector.im/_matrix/integrations/v1", | ||||
|         "https://scalar-staging.vector.im/api", | ||||
|         "https://scalar-staging.riot.im/scalar/api" | ||||
|       ], | ||||
|       "showLabsSettings": true, | ||||
|       "features": { | ||||
|         "feature_pinning": true, | ||||
|         "feature_custom_status": "labs", | ||||
|         "feature_state_counters": "labs", | ||||
|         "feature_many_integration_managers": "labs", | ||||
|         "feature_mjolnir": "labs", | ||||
|         "feature_dm_verification": "labs", | ||||
|         "feature_bridge_state": "labs", | ||||
|         "feature_presence_in_room_list": true, | ||||
|         "feature_custom_themes": "labs", | ||||
|         "feature_new_spinner": "labs", | ||||
|         "feature_jump_to_date": "labs", | ||||
|         "feature_location_share_pin_drop": "labs", | ||||
|         "feature_location_share_live": "labs", | ||||
|         "feature_thread": true, | ||||
|         "feature_video_rooms": true, | ||||
|         "feature_favourite_messages": "labs" | ||||
|       }, | ||||
|       "roomDirectory": { | ||||
|         "servers": [] | ||||
|       }, | ||||
|       "permalinkPrefix": "https://chat.cluster.fun", | ||||
|       "enable_presence_by_hs_url": { | ||||
|         "https://matrix.org": false, | ||||
|         "https://matrix-client.matrix.org": false | ||||
|       }, | ||||
|       "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=2IerXP2a5g1e7hxxBbzs" | ||||
|     } | ||||
|   nginx.conf: | | ||||
|     worker_processes  auto; | ||||
|  | ||||
|     error_log  /var/log/nginx/error.log warn; | ||||
|     pid        /var/run/pid/nginx.pid; | ||||
|  | ||||
|     events { | ||||
|       worker_connections  1024; | ||||
|     } | ||||
|  | ||||
|     http { | ||||
|       include       /etc/nginx/mime.types; | ||||
|       default_type  application/octet-stream; | ||||
|  | ||||
|       log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' | ||||
|       '$status $body_bytes_sent "$http_referer" ' | ||||
|       '"$http_user_agent" "$http_x_forwarded_for"'; | ||||
|  | ||||
|       access_log  /var/log/nginx/access.log  main; | ||||
|  | ||||
|       sendfile        on; | ||||
|  | ||||
|       keepalive_timeout  65; | ||||
|  | ||||
|       include /etc/nginx/conf.d/*.conf; | ||||
|     } | ||||
|   default.conf: | | ||||
|     server { | ||||
|       listen       8080; | ||||
|       server_name  localhost; | ||||
|  | ||||
|       location / { | ||||
|           root   /usr/share/nginx/html; | ||||
|           index  index.html index.htm; | ||||
|       } | ||||
|  | ||||
|       # redirect server error pages to the static page /50x.html | ||||
|       # | ||||
|       error_page   500 502 503 504  /50x.html; | ||||
|       location = /50x.html { | ||||
|           root   /usr/share/nginx/html; | ||||
|       } | ||||
|     } | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: matrix-synapse-config | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     kube-1password: wbj4oozwyx6m2zz5m42pgcmymy | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: homeserver.yaml | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: matrix-synapse-config | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| data: | ||||
|   matrix.cluster.fun.log.config: | | ||||
|     version: 1 | ||||
|  | ||||
|     formatters: | ||||
|       precise: | ||||
|         format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' | ||||
|  | ||||
|     filters: | ||||
|       context: | ||||
|         (): synapse.util.logcontext.LoggingContextFilter | ||||
|         request: "" | ||||
|  | ||||
|     handlers: | ||||
|       console: | ||||
|         class: logging.StreamHandler | ||||
|         formatter: precise | ||||
|         filters: [context] | ||||
|  | ||||
|     loggers: | ||||
|       synapse: | ||||
|         level: WARNING | ||||
|       synapse.storage.SQL: | ||||
|         # beware: increasing this to DEBUG will make synapse log sensitive | ||||
|         # information such as access tokens. | ||||
|         level: WARNING | ||||
|  | ||||
|     root: | ||||
|       level: WARNING | ||||
|       handlers: [console] | ||||
| --- | ||||
| # Source: matrix/templates/riot/service.yaml | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: matrix-riot | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|     - port: 80 | ||||
|       targetPort: http | ||||
|       protocol: TCP | ||||
|       name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: matrix-riot | ||||
| --- | ||||
| # Source: matrix/templates/synapse/service.yaml | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: matrix-synapse | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
|   annotations: | ||||
|     prometheus.io/scrape: "true" | ||||
|     prometheus.io/path: "/_synapse/metrics" | ||||
|     prometheus.io/port: "9000" | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|     - port: 80 | ||||
|       targetPort: http | ||||
|       protocol: TCP | ||||
|       name: http | ||||
|     - port: 9000 | ||||
|       targetPort: metrics | ||||
|       protocol: TCP | ||||
|       name: metrics | ||||
|   selector: | ||||
|     app.kubernetes.io/name: matrix-synapse | ||||
| --- | ||||
| # Source: matrix/templates/riot/deployment.yaml | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: matrix-riot | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| spec: | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: matrix-riot | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: matrix-riot | ||||
|     spec: | ||||
|       securityContext: | ||||
|         runAsUser: 1000 | ||||
|         runAsGroup: 1000 | ||||
|         fsGroup: 1000 | ||||
|       containers: | ||||
|         - name: "riot" | ||||
|           image: "vectorim/element-web:v1.11.72" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 8080 | ||||
|               protocol: TCP | ||||
|           volumeMounts: | ||||
|             - mountPath: /app/config.json | ||||
|               name: riot-config | ||||
|               subPath: config.json | ||||
|               readOnly: true | ||||
|             - mountPath: /etc/nginx/nginx.conf | ||||
|               name: riot-config | ||||
|               subPath: nginx.conf | ||||
|               readOnly: true | ||||
|             - mountPath: /etc/nginx/conf.d/default.conf | ||||
|               name: riot-config | ||||
|               subPath: default.conf | ||||
|               readOnly: true | ||||
|             - mountPath: /var/cache/nginx | ||||
|               name: ephemeral | ||||
|               subPath: cache | ||||
|             - mountPath: /var/run/pid | ||||
|               name: ephemeral | ||||
|               subPath: pid | ||||
|           readinessProbe: | ||||
|             httpGet: | ||||
|               path: / | ||||
|               port: http | ||||
|           startupProbe: | ||||
|             httpGet: | ||||
|               path: / | ||||
|               port: http | ||||
|           livenessProbe: | ||||
|             httpGet: | ||||
|               path: / | ||||
|               port: http | ||||
|           securityContext: | ||||
|             capabilities: | ||||
|               drop: | ||||
|                 - ALL | ||||
|             readOnlyRootFilesystem: true | ||||
|             allowPrivilegeEscalation: false | ||||
|       volumes: | ||||
|         - name: riot-config | ||||
|           configMap: | ||||
|             name: matrix-riot-config | ||||
|         - name: ephemeral | ||||
|           emptyDir: {} | ||||
| --- | ||||
| # Source: matrix/templates/synapse/deployment.yaml | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: matrix-synapse | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: matrix-synapse | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: matrix-synapse | ||||
|     spec: | ||||
|       securityContext: | ||||
|         runAsUser: 1000 | ||||
|         runAsGroup: 1000 | ||||
|         fsGroup: 1000 | ||||
|       initContainers: | ||||
|         - name: generate-signing-key | ||||
|           image: "ghcr.io/element-hq/synapse:v1.112.0" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           env: | ||||
|             - name: SYNAPSE_SERVER_NAME | ||||
|               value: matrix.cluster.fun | ||||
|             - name: SYNAPSE_REPORT_STATS | ||||
|               value: "no" | ||||
|           command: ["python"] | ||||
|           args: | ||||
|             - "-m" | ||||
|             - "synapse.app.homeserver" | ||||
|             - "--config-path" | ||||
|             - "/data/homeserver.yaml" | ||||
|             - "--keys-directory" | ||||
|             - "/data/keys" | ||||
|             - "--generate-keys" | ||||
|           volumeMounts: | ||||
|             - name: synapse-config-homeserver | ||||
|               mountPath: /data/homeserver.yaml | ||||
|               subPath: homeserver.yaml | ||||
|             - name: synapse-config-logging | ||||
|               mountPath: /data/matrix.cluster.fun.log.config | ||||
|               subPath: matrix.cluster.fun.log.config | ||||
|             - name: signing-key | ||||
|               mountPath: /data/keys | ||||
|       containers: | ||||
|         - name: "synapse" | ||||
|           image: "ghcr.io/element-hq/synapse:v1.112.0" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 8008 | ||||
|               protocol: TCP | ||||
|             - name: metrics | ||||
|               containerPort: 9000 | ||||
|               protocol: TCP | ||||
|           volumeMounts: | ||||
|             - name: synapse-config-homeserver | ||||
|               mountPath: /data/homeserver.yaml | ||||
|               subPath: homeserver.yaml | ||||
|             - name: mautrix-whatsapp-registration | ||||
|               mountPath: /data/mautrix-whatsapp-registration.yaml | ||||
|               subPath: registration.yaml | ||||
|             # - name: mautrix-signal-registration | ||||
|             #   mountPath: /data/mautrix-signal-registration.yaml | ||||
|             #   subPath: registration.yaml | ||||
|             # - name: mautrix-telegram-registration | ||||
|             #   mountPath: /data/mautrix-telegram-registration.yaml | ||||
|             #   subPath: registration.yaml | ||||
|             - name: synapse-config-logging | ||||
|               mountPath: /data/matrix.cluster.fun.log.config | ||||
|               subPath: matrix.cluster.fun.log.config | ||||
|             - name: signing-key | ||||
|               mountPath: /data/keys | ||||
|             - name: user-media | ||||
|               mountPath: /data/media_store | ||||
|             - name: uploads | ||||
|               mountPath: /data/uploads | ||||
|             - name: tmp | ||||
|               mountPath: /tmp | ||||
|           readinessProbe: | ||||
|             httpGet: | ||||
|               path: /_matrix/static/ | ||||
|               port: http | ||||
|             periodSeconds: 10 | ||||
|             timeoutSeconds: 5 | ||||
|           startupProbe: | ||||
|             httpGet: | ||||
|               path: /_matrix/static/ | ||||
|               port: http | ||||
|             failureThreshold: 6 | ||||
|             periodSeconds: 5 | ||||
|             timeoutSeconds: 5 | ||||
|           livenessProbe: | ||||
|             httpGet: | ||||
|               path: /_matrix/static/ | ||||
|               port: http | ||||
|             periodSeconds: 10 | ||||
|             timeoutSeconds: 5 | ||||
|           securityContext: | ||||
|             capabilities: | ||||
|               drop: | ||||
|                 - ALL | ||||
|             readOnlyRootFilesystem: true | ||||
|             allowPrivilegeEscalation: false | ||||
|       volumes: | ||||
|         - name: synapse-config-logging | ||||
|           configMap: | ||||
|             name: matrix-synapse-config | ||||
|         - name: synapse-config-homeserver | ||||
|           secret: | ||||
|             secretName: matrix-synapse-config | ||||
|         - name: mautrix-whatsapp-registration | ||||
|           secret: | ||||
|             secretName: mautrix-whatsapp-registration | ||||
|         # - name: mautrix-signal-registration | ||||
|         #   secret: | ||||
|         #     secretName: mautrix-signal-registration | ||||
|         # - name: mautrix-telegram-registration | ||||
|         #   secret: | ||||
|         #     secretName: mautrix-telegram-registration | ||||
|         - name: signing-key | ||||
|           persistentVolumeClaim: | ||||
|             claimName: chat-matrix-signing-key | ||||
|         - name: user-media | ||||
|           persistentVolumeClaim: | ||||
|             claimName: chat-matrix-user-media | ||||
|         - name: uploads | ||||
|           emptyDir: {} | ||||
|         - name: tmp | ||||
|           emptyDir: {} | ||||
| --- | ||||
| @@ -1,32 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   name: chat-matrix-user-media | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 12Gi | ||||
|   storageClassName: sbs-default-retain | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   name: chat-matrix-signing-key | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 1Gi | ||||
|   storageClassName: sbs-default-retain | ||||
| --- | ||||
| @@ -1,153 +0,0 @@ | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-signal-registration | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: z6tylu2br724gttcpfyi5egaui | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: registration.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-signal" | ||||
| #     component: registration | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-signal-config | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: 5vfaorcudozlq4clkzgmzzszqe | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: config.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-signal" | ||||
| #     component: config | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Service | ||||
| # metadata: | ||||
| #   name: mautrix-signal | ||||
| #   namespace: chat | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-signal | ||||
| #   annotations: | ||||
| #     prometheus.io/scrape: "true" | ||||
| #     prometheus.io/path: "/metrics" | ||||
| #     prometheus.io/port: "9000" | ||||
| # spec: | ||||
| #   type: ClusterIP | ||||
| #   ports: | ||||
| #   - port: 29328 | ||||
| #     targetPort: http | ||||
| #     protocol: TCP | ||||
| #     name: http | ||||
| #   selector: | ||||
| #     app.kubernetes.io/name: mautrix-signal | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: apps/v1 | ||||
| # kind: Deployment | ||||
| # metadata: | ||||
| #   name: mautrix-signal | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-signal | ||||
| # spec: | ||||
| #   revisionHistoryLimit: 3 | ||||
| #   replicas: 1 | ||||
| #   strategy: | ||||
| #     type: Recreate | ||||
| #   selector: | ||||
| #     matchLabels: | ||||
| #       app.kubernetes.io/name: mautrix-signal | ||||
| #   template: | ||||
| #     metadata: | ||||
| #       labels: | ||||
| #         app.kubernetes.io/name: mautrix-signal | ||||
| #     spec: | ||||
| #       serviceAccountName: default | ||||
| #       automountServiceAccountToken: true | ||||
| #       dnsPolicy: ClusterFirst | ||||
| #       enableServiceLinks: true | ||||
| #       initContainers: | ||||
| #       - name: config-copy | ||||
| #         image: bash:latest | ||||
| #         imagePullPolicy: IfNotPresent | ||||
| #         args: | ||||
| #           - -c | ||||
| #           - | | ||||
| #             cp /secrets/* /data/ | ||||
| #         volumeMounts: | ||||
| #           - name: mautrix-signal-config | ||||
| #             mountPath: /secrets/config.yaml | ||||
| #             subPath: config.yaml | ||||
| #           - name: mautrix-signal-registration | ||||
| #             mountPath: /secrets/registration.yaml | ||||
| #             subPath: registration.yaml | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #       containers: | ||||
| #         - name: signald | ||||
| #           image: docker.io/signald/signald:stable | ||||
| #           imagePullPolicy: Always | ||||
| #           volumeMounts: | ||||
| #           - name: signald | ||||
| #             mountPath: /signald | ||||
| #         - name: mautrix-signal | ||||
| #           image: "dock.mau.dev/mautrix/signal:v0.4.3" | ||||
| #           imagePullPolicy: IfNotPresent | ||||
| #           env: | ||||
| #             - name: "TZ" | ||||
| #               value: "UTC" | ||||
| #           ports: | ||||
| #             - name: http | ||||
| #               containerPort: 29328 | ||||
| #               protocol: TCP | ||||
| #             - name: metrics | ||||
| #               containerPort: 9000 | ||||
| #               protocol: TCP | ||||
| #           volumeMounts: | ||||
| #           - name: signald | ||||
| #             mountPath: /signald | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #           livenessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           readinessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           startupProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 30 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 5 | ||||
| #       volumes: | ||||
| #         - name: data | ||||
| #           emptyDir: {} | ||||
| #         - name: signald | ||||
| #           emptyDir: {} | ||||
| #         - name: mautrix-signal-config | ||||
| #           secret: | ||||
| #             secretName: mautrix-signal-config | ||||
| #         - name: mautrix-signal-registration | ||||
| #           secret: | ||||
| #             secretName: mautrix-signal-registration | ||||
| # --- | ||||
| @@ -1,143 +0,0 @@ | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-telegram-registration | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: dancy7ogc4gjlxhfntqejgudwi | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: registration.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-telegram" | ||||
| #     component: registration | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-telegram-config | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: nilzdpfum35hhwijnwvasbzmcq | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: config.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-telegram" | ||||
| #     component: config | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Service | ||||
| # metadata: | ||||
| #   name: mautrix-telegram | ||||
| #   namespace: chat | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-telegram | ||||
| #   annotations: | ||||
| #     prometheus.io/scrape: "true" | ||||
| #     prometheus.io/path: "/metrics" | ||||
| #     prometheus.io/port: "9000" | ||||
| # spec: | ||||
| #   type: ClusterIP | ||||
| #   ports: | ||||
| #   - port: 29318 | ||||
| #     targetPort: http | ||||
| #     protocol: TCP | ||||
| #     name: http | ||||
| #   selector: | ||||
| #     app.kubernetes.io/name: mautrix-telegram | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: apps/v1 | ||||
| # kind: Deployment | ||||
| # metadata: | ||||
| #   name: mautrix-telegram | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-telegram | ||||
| # spec: | ||||
| #   revisionHistoryLimit: 3 | ||||
| #   replicas: 1 | ||||
| #   strategy: | ||||
| #     type: Recreate | ||||
| #   selector: | ||||
| #     matchLabels: | ||||
| #       app.kubernetes.io/name: mautrix-telegram | ||||
| #   template: | ||||
| #     metadata: | ||||
| #       labels: | ||||
| #         app.kubernetes.io/name: mautrix-telegram | ||||
| #     spec: | ||||
| #       serviceAccountName: default | ||||
| #       automountServiceAccountToken: true | ||||
| #       dnsPolicy: ClusterFirst | ||||
| #       enableServiceLinks: true | ||||
| #       initContainers: | ||||
| #       - name: config-copy | ||||
| #         image: bash:latest | ||||
| #         imagePullPolicy: IfNotPresent | ||||
| #         args: | ||||
| #           - -c | ||||
| #           - | | ||||
| #             cp /secrets/* /data/ | ||||
| #         volumeMounts: | ||||
| #           - name: mautrix-telegram-config | ||||
| #             mountPath: /secrets/config.yaml | ||||
| #             subPath: config.yaml | ||||
| #           - name: mautrix-telegram-registration | ||||
| #             mountPath: /secrets/registration.yaml | ||||
| #             subPath: registration.yaml | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #       containers: | ||||
| #         - name: mautrix-telegram | ||||
| #           image: "dock.mau.dev/mautrix/telegram:v0.12.1" | ||||
| #           imagePullPolicy: IfNotPresent | ||||
| #           env: | ||||
| #             - name: "TZ" | ||||
| #               value: "UTC" | ||||
| #           ports: | ||||
| #             - name: http | ||||
| #               containerPort: 29318 | ||||
| #               protocol: TCP | ||||
| #             - name: metrics | ||||
| #               containerPort: 9000 | ||||
| #               protocol: TCP | ||||
| #           volumeMounts: | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #           livenessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           readinessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           startupProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 30 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 5 | ||||
| #       volumes: | ||||
| #         - name: data | ||||
| #           emptyDir: {} | ||||
| #         - name: mautrix-telegram-config | ||||
| #           secret: | ||||
| #             secretName: mautrix-telegram-config | ||||
| #         - name: mautrix-telegram-registration | ||||
| #           secret: | ||||
| #             secretName: mautrix-telegram-registration | ||||
| # --- | ||||
| @@ -1,143 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mautrix-whatsapp-registration | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     kube-1password: x6lzkpyov4dem5jtk2kimyrnvy | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: registration.yaml | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "mautrix-whatsapp" | ||||
|     component: registration | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mautrix-whatsapp-config | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     kube-1password: ji3e2el66bu56bml3kq3ghyojq | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: config.yaml | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "mautrix-whatsapp" | ||||
|     component: config | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: mautrix-whatsapp | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: mautrix-whatsapp | ||||
|   annotations: | ||||
|     prometheus.io/scrape: "true" | ||||
|     prometheus.io/path: "/metrics" | ||||
|     prometheus.io/port: "9000" | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 29318 | ||||
|     targetPort: http | ||||
|     protocol: TCP | ||||
|     name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: mautrix-whatsapp | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: mautrix-whatsapp | ||||
|   labels: | ||||
|     app.kubernetes.io/name: mautrix-whatsapp | ||||
| spec: | ||||
|   revisionHistoryLimit: 3 | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: mautrix-whatsapp | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: mautrix-whatsapp | ||||
|     spec: | ||||
|       serviceAccountName: default | ||||
|       automountServiceAccountToken: true | ||||
|       dnsPolicy: ClusterFirst | ||||
|       enableServiceLinks: true | ||||
|       initContainers: | ||||
|       - name: config-copy | ||||
|         image: bash:latest | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         args: | ||||
|           - -c | ||||
|           - | | ||||
|             cp /secrets/* /data/ | ||||
|         volumeMounts: | ||||
|           - name: mautrix-whatsapp-config | ||||
|             mountPath: /secrets/config.yaml | ||||
|             subPath: config.yaml | ||||
|           - name: mautrix-whatsapp-registration | ||||
|             mountPath: /secrets/registration.yaml | ||||
|             subPath: registration.yaml | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|       containers: | ||||
|         - name: mautrix-whatsapp | ||||
|           image: "dock.mau.dev/mautrix/whatsapp:v0.10.9" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           env: | ||||
|             - name: "TZ" | ||||
|               value: "UTC" | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 29318 | ||||
|               protocol: TCP | ||||
|             - name: metrics | ||||
|               containerPort: 9000 | ||||
|               protocol: TCP | ||||
|           volumeMounts: | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|           livenessProbe: | ||||
|             tcpSocket: | ||||
|               port: 29318 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 10 | ||||
|           readinessProbe: | ||||
|             tcpSocket: | ||||
|               port: 29318 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 10 | ||||
|           startupProbe: | ||||
|             tcpSocket: | ||||
|               port: 29318 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 30 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 5 | ||||
|       volumes: | ||||
|         - name: data | ||||
|           emptyDir: {} | ||||
|         - name: mautrix-whatsapp-config | ||||
|           secret: | ||||
|             secretName: mautrix-whatsapp-config | ||||
|         - name: mautrix-whatsapp-registration | ||||
|           secret: | ||||
|             secretName: mautrix-whatsapp-registration | ||||
| --- | ||||
| @@ -28,9 +28,10 @@ spec: | ||||
|       labels: | ||||
|         app: mealie | ||||
|     spec: | ||||
|       priorityClassName: critical | ||||
|       containers: | ||||
|       - name: frontend | ||||
|         image: ghcr.io/mealie-recipes/mealie:v1.10.2 | ||||
|         image: ghcr.io/mealie-recipes/mealie:v3.3.2 | ||||
|         imagePullPolicy: Always | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
| @@ -41,7 +42,7 @@ spec: | ||||
|         - name: PGID | ||||
|           value: "1000" | ||||
|         - name: TOKEN_TIME | ||||
|           value: "168" | ||||
|           value: "720" | ||||
|         - name: DB_ENGINE | ||||
|           value: postgres | ||||
|         - name: POSTGRES_DB | ||||
| @@ -68,12 +69,18 @@ spec: | ||||
|         volumeMounts: | ||||
|           - mountPath: /app/data | ||||
|             name: data | ||||
|         resources: | ||||
|           requests: | ||||
|             cpu: 200m | ||||
|             memory: 550M | ||||
|           limits: | ||||
|             cpu: 1000m | ||||
|             memory: 550M | ||||
|       volumes: | ||||
|       - name: data | ||||
|         persistentVolumeClaim: | ||||
|           claimName: mealie | ||||
|  | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| @@ -91,7 +98,6 @@ spec: | ||||
|     app: mealie | ||||
| --- | ||||
|  | ||||
|  | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   | ||||
| @@ -1,255 +0,0 @@ | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   name: kube-state-metrics | ||||
| rules: | ||||
|   - apiGroups: ["certificates.k8s.io"] | ||||
|     resources: | ||||
|     - certificatesigningrequests | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - configmaps | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["batch"] | ||||
|     resources: | ||||
|     - cronjobs | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - daemonsets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - deployments | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - endpoints | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["autoscaling"] | ||||
|     resources: | ||||
|     - horizontalpodautoscalers | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "networking.k8s.io"] | ||||
|     resources: | ||||
|     - ingresses | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["batch"] | ||||
|     resources: | ||||
|     - jobs | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - limitranges | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["admissionregistration.k8s.io"] | ||||
|     resources: | ||||
|       - mutatingwebhookconfigurations | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - namespaces | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["networking.k8s.io"] | ||||
|     resources: | ||||
|     - networkpolicies | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - nodes | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - persistentvolumeclaims | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - persistentvolumes | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["policy"] | ||||
|     resources: | ||||
|       - poddisruptionbudgets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - pods | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - replicasets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - replicationcontrollers | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - resourcequotas | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - secrets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - services | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["apps"] | ||||
|     resources: | ||||
|     - statefulsets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["storage.k8s.io"] | ||||
|     resources: | ||||
|       - storageclasses | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["admissionregistration.k8s.io"] | ||||
|     resources: | ||||
|       - validatingwebhookconfigurations | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["storage.k8s.io"] | ||||
|     resources: | ||||
|       - volumeattachments | ||||
|     verbs: ["list", "watch"] | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   name: kube-state-metrics | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: kube-state-metrics | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   annotations: | ||||
|     prometheus.io/scrape: 'true' | ||||
| spec: | ||||
|   type: "ClusterIP" | ||||
|   ports: | ||||
|   - name: "http" | ||||
|     protocol: TCP | ||||
|     port: 8080 | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: kube-state-metrics | ||||
|   replicas: 1 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: kube-state-metrics | ||||
|     spec: | ||||
|       serviceAccountName: kube-state-metrics | ||||
|       securityContext: | ||||
|         fsGroup: 65534 | ||||
|         runAsGroup: 65534 | ||||
|         runAsUser: 65534 | ||||
|       containers: | ||||
|       - name: kube-state-metrics | ||||
|         args: | ||||
|         #- --resources=certificatesigningrequests | ||||
|         - --resources=configmaps | ||||
|         - --resources=cronjobs | ||||
|         - --resources=daemonsets | ||||
|         - --resources=deployments | ||||
|         #- --resources=endpoints | ||||
|         #- --resources=horizontalpodautoscalers | ||||
|         - --resources=ingresses | ||||
|         - --resources=jobs | ||||
|         #- --resources=limitranges | ||||
|         - --resources=mutatingwebhookconfigurations | ||||
|         - --resources=namespaces | ||||
|         #- --resources=networkpolicies | ||||
|         - --resources=nodes | ||||
|         - --resources=persistentvolumeclaims | ||||
|         - --resources=persistentvolumes | ||||
|         - --resources=poddisruptionbudgets | ||||
|         - --resources=pods | ||||
|         - --resources=replicasets | ||||
|         #- --resources=replicationcontrollers | ||||
|         #- --resources=resourcequotas | ||||
|         - --resources=secrets | ||||
|         - --resources=services | ||||
|         - --resources=statefulsets | ||||
|         - --resources=storageclasses | ||||
|         - --resources=validatingwebhookconfigurations | ||||
|         #- --resources=volumeattachments | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0" | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|         livenessProbe: | ||||
|           httpGet: | ||||
|             path: /healthz | ||||
|             port: 8080 | ||||
|           initialDelaySeconds: 5 | ||||
|           timeoutSeconds: 5 | ||||
|         readinessProbe: | ||||
|           httpGet: | ||||
|             path: / | ||||
|             port: 8080 | ||||
|           initialDelaySeconds: 5 | ||||
|           timeoutSeconds: 5 | ||||
| --- | ||||
| @@ -1,64 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: prometheus-server | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
|   name: prometheus-server | ||||
| rules: | ||||
|   - apiGroups: | ||||
|       - "" | ||||
|     resources: | ||||
|       - nodes | ||||
|       - nodes/proxy | ||||
|       - nodes/metrics | ||||
|       - services | ||||
|       - endpoints | ||||
|       - pods | ||||
|       - ingresses | ||||
|       - configmaps | ||||
|     verbs: | ||||
|       - get | ||||
|       - list | ||||
|       - watch | ||||
|   - apiGroups: | ||||
|       - "extensions" | ||||
|       - "networking.k8s.io" | ||||
|     resources: | ||||
|       - ingresses/status | ||||
|       - ingresses | ||||
|     verbs: | ||||
|       - get | ||||
|       - list | ||||
|       - watch | ||||
|   - nonResourceURLs: | ||||
|       - "/metrics" | ||||
|     verbs: | ||||
|       - get | ||||
| --- | ||||
|  | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
|   name: prometheus-server | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: prometheus-server | ||||
|     namespace: monitoring | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: prometheus-server | ||||
| --- | ||||
| @@ -1,292 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| data: | ||||
|   promtail.yaml: | | ||||
|     client: | ||||
|       backoff_config: | ||||
|         max_period: 5m | ||||
|         max_retries: 10 | ||||
|         min_period: 500ms | ||||
|       batchsize: 1048576 | ||||
|       batchwait: 1s | ||||
|       external_labels: {} | ||||
|       timeout: 10s | ||||
|     positions: | ||||
|       filename: /run/promtail/positions.yaml | ||||
|     server: | ||||
|       http_listen_port: 3101 | ||||
|     clients: | ||||
|     - url: http://loki-distributed.proxy-civo.svc:80/loki/api/v1/push | ||||
|       external_labels: | ||||
|         kubernetes_cluster: civo | ||||
|     target_config: | ||||
|       sync_period: 10s | ||||
|     scrape_configs: | ||||
|     - job_name: kubernetes-pods | ||||
|       pipeline_stages: | ||||
|         - docker: {} | ||||
|         - cri: {} | ||||
|         - match: | ||||
|             selector: '{app="weave-net"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{filename=~".*konnectivity.*"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*/healthz.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*/api/health.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*kube-probe/.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="internal-proxy"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="non-auth-proxy"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="vpa"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="promtail"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="csi-node"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="victoria-metrics"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="git-sync"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="ingress-nginx"}' | ||||
|             stages: | ||||
|             - json: | ||||
|                 expressions: | ||||
|                   request_host: host | ||||
|                   request_path: path | ||||
|                   request_method: method | ||||
|                   response_status: status | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/healthz" | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/health" | ||||
|             - labels: | ||||
|                 request_host: | ||||
|                 request_method: | ||||
|                 response_status: | ||||
|         - match: | ||||
|             selector: '{app="traefik"}' | ||||
|             stages: | ||||
|             - json: | ||||
|                 expressions: | ||||
|                   request_host: RequestHost | ||||
|                   request_path: RequestPath | ||||
|                   request_method: RequestMethod | ||||
|                   response_status: OriginStatus | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/healthz" | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/health" | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/ping" | ||||
|             - labels: | ||||
|                 request_host: | ||||
|                 request_method: | ||||
|                 response_status: | ||||
|       kubernetes_sd_configs: | ||||
|         - role: pod | ||||
|       relabel_configs: | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_controller_name | ||||
|           regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})? | ||||
|           action: replace | ||||
|           target_label: __tmp_controller_name | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_label_app_kubernetes_io_name | ||||
|             - __meta_kubernetes_pod_label_app | ||||
|             - __tmp_controller_name | ||||
|             - __meta_kubernetes_pod_name | ||||
|           regex: ^;*([^;]+)(;.*)?$ | ||||
|           action: replace | ||||
|           target_label: app | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_label_app_kubernetes_io_component | ||||
|             - __meta_kubernetes_pod_label_component | ||||
|           regex: ^;*([^;]+)(;.*)?$ | ||||
|           action: replace | ||||
|           target_label: component | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_node_name | ||||
|           target_label: node_name | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_namespace | ||||
|           target_label: namespace | ||||
|         - action: replace | ||||
|           replacement: $1 | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - namespace | ||||
|             - app | ||||
|           target_label: job | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_name | ||||
|           target_label: pod | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: container | ||||
|         - action: replace | ||||
|           replacement: /var/log/pods/*$1/*.log | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_uid | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: __path__ | ||||
|         - action: replace | ||||
|           replacement: /var/log/pods/*$1/*.log | ||||
|           regex: true/(.*) | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash | ||||
|             - __meta_kubernetes_pod_annotation_kubernetes_io_config_hash | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: __path__ | ||||
|         - action: labelmap | ||||
|           regex: __meta_kubernetes_pod_label_(.+) | ||||
|  | ||||
| --- | ||||
| kind: ClusterRole | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: promtail-clusterrole | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| rules: | ||||
| - apiGroups: [""] # "" indicates the core API group | ||||
|   resources: | ||||
|   - nodes | ||||
|   - nodes/proxy | ||||
|   - services | ||||
|   - endpoints | ||||
|   - pods | ||||
|   verbs: ["get", "watch", "list"] | ||||
| --- | ||||
| kind: ClusterRoleBinding | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: promtail-clusterrolebinding | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: promtail | ||||
|     namespace: monitoring | ||||
| roleRef: | ||||
|   kind: ClusterRole | ||||
|   name: promtail-clusterrole | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: DaemonSet | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "promtail" | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: promtail | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: promtail | ||||
|       annotations: | ||||
|         prometheus.io/port: http-metrics | ||||
|         prometheus.io/scrape: "true" | ||||
|     spec: | ||||
|       serviceAccountName: promtail | ||||
|       containers: | ||||
|         - name: promtail | ||||
|           image: "grafana/promtail:2.9.9" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           args: | ||||
|             - "-config.file=/etc/promtail/promtail.yaml" | ||||
|           volumeMounts: | ||||
|             - name: config | ||||
|               mountPath: /etc/promtail | ||||
|             - name: run | ||||
|               mountPath: /run/promtail | ||||
|             - mountPath: /var/lib/docker/containers | ||||
|               name: docker | ||||
|               readOnly: true | ||||
|             - mountPath: /var/log/pods | ||||
|               name: pods | ||||
|               readOnly: true | ||||
|           env: | ||||
|             - name: HOSTNAME | ||||
|               valueFrom: | ||||
|                 fieldRef: | ||||
|                   fieldPath: spec.nodeName | ||||
|           ports: | ||||
|             - containerPort: 3101 | ||||
|               name: http-metrics | ||||
|           securityContext: | ||||
|             readOnlyRootFilesystem: true | ||||
|             runAsGroup: 0 | ||||
|             runAsUser: 0 | ||||
|           readinessProbe: | ||||
|             failureThreshold: 5 | ||||
|             httpGet: | ||||
|               path: /ready | ||||
|               port: http-metrics | ||||
|             initialDelaySeconds: 10 | ||||
|             periodSeconds: 10 | ||||
|             successThreshold: 1 | ||||
|             timeoutSeconds: 1 | ||||
|       tolerations: | ||||
|         - effect: NoSchedule | ||||
|           key: node-role.kubernetes.io/master | ||||
|           operator: Exists | ||||
|       volumes: | ||||
|         - name: config | ||||
|           configMap: | ||||
|             name: promtail | ||||
|         - name: run | ||||
|           hostPath: | ||||
|             path: /run/promtail | ||||
|         - hostPath: | ||||
|             path: /var/lib/docker/containers | ||||
|           name: docker | ||||
|         - hostPath: | ||||
|             path: /var/log/pods | ||||
|           name: pods | ||||
| --- | ||||
| @@ -1,163 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: vmagent | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: victoria-metrics | ||||
|     app.kubernetes.io/component: agent | ||||
| data: | ||||
|   prometheus.yml: | | ||||
|     global: | ||||
|       scrape_interval: 1m | ||||
|       external_labels: | ||||
|         source: civo | ||||
|         agent: vmagent | ||||
|     scrape_configs: | ||||
|     - job_name: 'vmagent' | ||||
|       static_configs: | ||||
|         - targets: ['localhost:8429'] | ||||
|     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||||
|       job_name: kubernetes-nodes | ||||
|       kubernetes_sd_configs: | ||||
|       - role: node | ||||
|       relabel_configs: | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_node_label_(.+) | ||||
|       - replacement: kubernetes.default.svc:443 | ||||
|         target_label: __address__ | ||||
|       - regex: (.+) | ||||
|         replacement: /api/v1/nodes/$1/proxy/metrics | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_node_name | ||||
|         target_label: __metrics_path__ | ||||
|       scheme: https | ||||
|       tls_config: | ||||
|         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||||
|         insecure_skip_verify: true | ||||
|     - job_name: kubernetes-service-endpoints | ||||
|       kubernetes_sd_configs: | ||||
|       - role: endpoints | ||||
|       relabel_configs: | ||||
|       - action: keep | ||||
|         regex: true | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_scrape | ||||
|       - action: replace | ||||
|         regex: (https?) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_scheme | ||||
|         target_label: __scheme__ | ||||
|       - action: replace | ||||
|         regex: (.+) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_path | ||||
|         target_label: __metrics_path__ | ||||
|       - action: replace | ||||
|         regex: ([^:]+)(?::\d+)?;(\d+) | ||||
|         replacement: $1:$2 | ||||
|         source_labels: | ||||
|         - __address__ | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_port | ||||
|         target_label: __address__ | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_service_label_(.+) | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_namespace | ||||
|         target_label: kubernetes_namespace | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_name | ||||
|         target_label: kubernetes_name | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_endpoint_port_name | ||||
|         target_label: kubernetes_endpoint_port_name | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_node_name | ||||
|         target_label: kubernetes_node | ||||
|     - job_name: kubernetes-pods | ||||
|       kubernetes_sd_configs: | ||||
|       - role: pod | ||||
|       relabel_configs: | ||||
|       - action: keep | ||||
|         regex: true | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_scrape | ||||
|       - action: replace | ||||
|         regex: (.+) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_path | ||||
|         target_label: __metrics_path__ | ||||
|       - action: replace | ||||
|         regex: ([^:]+)(?::\d+)?;(\d+) | ||||
|         replacement: $1:$2 | ||||
|         source_labels: | ||||
|         - __address__ | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_port | ||||
|         target_label: __address__ | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_pod_label_(.+) | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_namespace | ||||
|         target_label: kubernetes_namespace | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_name | ||||
|         target_label: kubernetes_pod_name | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_container_port_name | ||||
|         target_label: kubernetes_port_name | ||||
|       - action: drop | ||||
|         regex: Pending|Succeeded|Failed | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_phase | ||||
|  | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: vmagent | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: victoria-metrics | ||||
|     app.kubernetes.io/component: agent | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "vmagent" | ||||
| spec: | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: victoria-metrics | ||||
|       app.kubernetes.io/component: agent | ||||
|   replicas: 1 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: victoria-metrics | ||||
|         app.kubernetes.io/component: agent | ||||
|     spec: | ||||
|       serviceAccountName: prometheus-server | ||||
|       containers: | ||||
|         - name: vmagent | ||||
|           image: "victoriametrics/vmagent:v1.102.1" | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           args: | ||||
|             - -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/ | ||||
|             - -remoteWrite.showURL | ||||
|             - -promscrape.config=/config/prometheus.yml | ||||
|           volumeMounts: | ||||
|             - name: config-volume | ||||
|               mountPath: /config | ||||
|       volumes: | ||||
|         - name: config-volume | ||||
|           configMap: | ||||
|             name: vmagent | ||||
| --- | ||||
							
								
								
									
										87
									
								
								manifests/monitoring/cadvisor.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										87
									
								
								manifests/monitoring/cadvisor.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,87 @@ | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   labels: | ||||
|     app: cadvisor | ||||
|     app.kubernetes.io/name: cadvisor | ||||
|   name: cadvisor | ||||
|   namespace: monitoring | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: DaemonSet | ||||
| metadata: | ||||
|   annotations: | ||||
|     seccomp.security.alpha.kubernetes.io/pod: docker/default | ||||
|   labels: | ||||
|     app: cadvisor | ||||
|     app.kubernetes.io/name: cadvisor | ||||
|   name: cadvisor | ||||
|   namespace: monitoring | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: cadvisor | ||||
|       app.kubernetes.io/name: cadvisor | ||||
|       name: cadvisor | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: cadvisor | ||||
|         app.kubernetes.io/name: cadvisor | ||||
|         name: cadvisor | ||||
|       annotations: | ||||
|         scheduler.alpha.kubernetes.io/critical-pod: '' | ||||
|     spec: | ||||
|       priorityClassName: system-node-critical | ||||
|       tolerations: | ||||
|         - key: "CriticalAddonsOnly" | ||||
|           operator: "Exists" | ||||
|       automountServiceAccountToken: false | ||||
|       containers: | ||||
|       - image: ghcr.io/google/cadvisor:v0.53.0 | ||||
|         name: cadvisor | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: http | ||||
|           protocol: TCP | ||||
|         resources: | ||||
|           limits: | ||||
|             cpu: 800m | ||||
|             memory: 2000Mi | ||||
|           requests: | ||||
|             cpu: 400m | ||||
|             memory: 400Mi | ||||
|         volumeMounts: | ||||
|         - mountPath: /rootfs | ||||
|           name: rootfs | ||||
|           readOnly: true | ||||
|         - mountPath: /var/run | ||||
|           name: var-run | ||||
|           readOnly: true | ||||
|         - mountPath: /sys | ||||
|           name: sys | ||||
|           readOnly: true | ||||
|         - mountPath: /var/lib/docker | ||||
|           name: docker | ||||
|           readOnly: true | ||||
|         - mountPath: /dev/disk | ||||
|           name: disk | ||||
|           readOnly: true | ||||
|       serviceAccountName: cadvisor | ||||
|       terminationGracePeriodSeconds: 30 | ||||
|       volumes: | ||||
|       - hostPath: | ||||
|           path: / | ||||
|         name: rootfs | ||||
|       - hostPath: | ||||
|           path: /var/run | ||||
|         name: var-run | ||||
|       - hostPath: | ||||
|           path: /sys | ||||
|         name: sys | ||||
|       - hostPath: | ||||
|           path: /var/lib/docker | ||||
|         name: docker | ||||
|       - hostPath: | ||||
|           path: /dev/disk | ||||
|         name: disk | ||||
							
								
								
									
										142
									
								
								manifests/monitoring/ephemeral-storage-exporter.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										142
									
								
								manifests/monitoring/ephemeral-storage-exporter.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,142 @@ | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
|   name: k8s-ephemeral-storage-metrics | ||||
|   namespace: monitoring | ||||
| --- | ||||
| kind: ClusterRole | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: k8s-ephemeral-storage-metrics | ||||
|   labels: | ||||
|     app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
| rules: | ||||
|   - apiGroups: [""] | ||||
|     resources: ["nodes","nodes/proxy", "nodes/stats", "pods"] | ||||
|     verbs: ["get","list", "watch"] | ||||
| --- | ||||
| kind: ClusterRoleBinding | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: k8s-ephemeral-storage-metrics | ||||
|   labels: | ||||
|     app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: k8s-ephemeral-storage-metrics | ||||
|     namespace: monitoring | ||||
| roleRef: | ||||
|   kind: ClusterRole | ||||
|   name: k8s-ephemeral-storage-metrics | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: k8s-ephemeral-storage-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
|   annotations: | ||||
|     prometheus.io/scrape: "true" | ||||
|     prometheus.io/port: "9100" | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   selector: | ||||
|     app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
|   ports: | ||||
|     - name: metrics | ||||
|       port: 9100 | ||||
|       protocol: TCP | ||||
|       targetPort: metrics | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: k8s-ephemeral-storage-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   revisionHistoryLimit: 3 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: k8s-ephemeral-storage-metrics | ||||
|     spec: | ||||
|       serviceAccountName: k8s-ephemeral-storage-metrics | ||||
|       securityContext: | ||||
|         runAsNonRoot: true | ||||
|         seccompProfile: | ||||
|           type: RuntimeDefault | ||||
|       containers: | ||||
|         - name: metrics | ||||
|           image: ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics:1.18.2 | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           ports: | ||||
|             - name: metrics | ||||
|               containerPort: 9100 | ||||
|               protocol: TCP | ||||
|           livenessProbe: | ||||
|             failureThreshold: 10 | ||||
|             httpGet: | ||||
|               path: /metrics | ||||
|               port: 9100 | ||||
|               scheme: HTTP | ||||
|             initialDelaySeconds: 10 | ||||
|             periodSeconds: 10 | ||||
|             successThreshold: 1 | ||||
|             timeoutSeconds: 30 | ||||
|           readinessProbe: | ||||
|             failureThreshold: 10 | ||||
|             httpGet: | ||||
|               path: /metrics | ||||
|               port: 9100 | ||||
|               scheme: HTTP | ||||
|             periodSeconds: 10 | ||||
|             successThreshold: 1 | ||||
|             timeoutSeconds: 1 | ||||
|           securityContext: | ||||
|             allowPrivilegeEscalation: false | ||||
|             capabilities: | ||||
|               drop: | ||||
|               - ALL | ||||
|             privileged: false | ||||
|             readOnlyRootFilesystem: false | ||||
|             runAsNonRoot: true | ||||
|           env: | ||||
|             - name: DEPLOY_TYPE | ||||
|               value: "Deployment" | ||||
|             - name: SCRAPE_INTERVAL | ||||
|               value: "15" | ||||
|             - name: MAX_NODE_CONCURRENCY | ||||
|               value: "10" | ||||
|             - name: CLIENT_GO_QPS | ||||
|               value: "5" | ||||
|             - name: CLIENT_GO_BURST | ||||
|               value: "10" | ||||
|             - name: LOG_LEVEL | ||||
|               value: "info" | ||||
|             - name: EPHEMERAL_STORAGE_POD_USAGE | ||||
|               value: "true" | ||||
|             - name: EPHEMERAL_STORAGE_NODE_AVAILABLE | ||||
|               value: "true" | ||||
|             - name: EPHEMERAL_STORAGE_NODE_CAPACITY | ||||
|               value: "true" | ||||
|             - name: EPHEMERAL_STORAGE_NODE_PERCENTAGE | ||||
|               value: "true" | ||||
|             - name: EPHEMERAL_STORAGE_CONTAINER_LIMIT_PERCENTAGE | ||||
|               value: "true" | ||||
|             - name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_USAGE | ||||
|               value: "true" | ||||
|             - name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_LIMITS_PERCENTAGE | ||||
|               value: "true" | ||||
|             - name: EPHEMERAL_STORAGE_INODES | ||||
|               value: "true" | ||||
| @@ -201,6 +201,7 @@ spec: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: kube-state-metrics | ||||
|     spec: | ||||
|       priorityClassName: system-cluster-critical | ||||
|       serviceAccountName: kube-state-metrics | ||||
|       securityContext: | ||||
|         fsGroup: 65534 | ||||
| @@ -237,7 +238,7 @@ spec: | ||||
|         - --resources=validatingwebhookconfigurations | ||||
|         #- --resources=volumeattachments | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0" | ||||
|         image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0" | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|         livenessProbe: | ||||
|   | ||||
| @@ -51,10 +51,11 @@ spec: | ||||
|         app.kubernetes.io/name: prometheus | ||||
|         app.kubernetes.io/component: node-exporter | ||||
|     spec: | ||||
|       priorityClassName: system-node-critical | ||||
|       serviceAccountName: prometheus-node-exporter | ||||
|       containers: | ||||
|         - name: prometheus-node-exporter | ||||
|           image: "prom/node-exporter:v1.8.2" | ||||
|           image: "prom/node-exporter:v1.9.1" | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           args: | ||||
|             - --path.procfs=/host/proc | ||||
|   | ||||
| @@ -212,10 +212,11 @@ spec: | ||||
|         prometheus.io/port: http-metrics | ||||
|         prometheus.io/scrape: "true" | ||||
|     spec: | ||||
|       priorityClassName: system-node-critical | ||||
|       serviceAccountName: promtail | ||||
|       containers: | ||||
|         - name: promtail | ||||
|           image: "grafana/promtail:2.9.9" | ||||
|           image: "grafana/promtail:2.9.15" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           args: | ||||
|             - "-config.file=/etc/promtail/promtail.yaml" | ||||
|   | ||||
| @@ -17,6 +17,11 @@ data: | ||||
|     - job_name: 'vmagent' | ||||
|       static_configs: | ||||
|         - targets: ['localhost:8429'] | ||||
|       relabel_configs: | ||||
|       - action: drop | ||||
|         source_labels: [__name__] | ||||
|         regex: "flag" | ||||
|  | ||||
|     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||||
|       job_name: kubernetes-nodes | ||||
|       kubernetes_sd_configs: | ||||
| @@ -36,6 +41,38 @@ data: | ||||
|         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||||
|         insecure_skip_verify: true | ||||
|  | ||||
|     - job_name: cadvisor | ||||
|       bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||||
|       scheme: https | ||||
|       tls_config: | ||||
|         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||||
|         insecure_skip_verify: true | ||||
|       kubernetes_sd_configs: | ||||
|       - role: node | ||||
|       relabel_configs: | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_node_label_(.+) | ||||
|       - replacement: kubernetes.default.svc:443 | ||||
|         target_label: __address__ | ||||
|       - source_labels: [__meta_kubernetes_node_name] | ||||
|         regex: (.+) | ||||
|         target_label: __metrics_path__ | ||||
|         replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor | ||||
|       # Drop high cardinality labels | ||||
|       - action: labeldrop | ||||
|         regex: id | ||||
|       # Drop unneeded labels | ||||
|       - action: labeldrop | ||||
|         regex: beta_kubernetes_io_os | ||||
|       - action: labeldrop | ||||
|         regex: beta_kubernetes_io_arch | ||||
|       - action: labeldrop | ||||
|         regex: kubernetes_io_arch | ||||
|       - action: labeldrop | ||||
|         regex: kubernetes_io_os | ||||
|       - action: labeldrop | ||||
|         regex: topology_jiva_openebs_io_nodeName | ||||
|  | ||||
|     - job_name: kubernetes-service-endpoints | ||||
|       kubernetes_sd_configs: | ||||
|       - role: endpoints | ||||
| @@ -78,6 +115,21 @@ data: | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_node_name | ||||
|         target_label: kubernetes_node | ||||
|       # We don't care about the flag metrics from VM | ||||
|       - action: drop | ||||
|         source_labels: [__name__] | ||||
|         regex: "flag" | ||||
|       # Drop unneeded labels | ||||
|       - action: labeldrop | ||||
|         regex: beta_kubernetes_io_os | ||||
|       - action: labeldrop | ||||
|         regex: beta_kubernetes_io_arch | ||||
|       - action: labeldrop | ||||
|         regex: kubernetes_io_arch | ||||
|       - action: labeldrop | ||||
|         regex: kubernetes_io_os | ||||
|       - action: labeldrop | ||||
|         regex: topology_jiva_openebs_io_nodeName | ||||
|  | ||||
|     - job_name: kubernetes-pods | ||||
|       kubernetes_sd_configs: | ||||
| @@ -116,6 +168,17 @@ data: | ||||
|         regex: Pending|Succeeded|Failed | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_phase | ||||
|       # Drop unneeded labels | ||||
|       - action: labeldrop | ||||
|         regex: beta_kubernetes_io_os | ||||
|       - action: labeldrop | ||||
|         regex: beta_kubernetes_io_arch | ||||
|       - action: labeldrop | ||||
|         regex: kubernetes_io_arch | ||||
|       - action: labeldrop | ||||
|         regex: kubernetes_io_os | ||||
|       - action: labeldrop | ||||
|         regex: topology_jiva_openebs_io_nodeName | ||||
|  | ||||
|     - job_name: 'node-exporter' | ||||
|       kubernetes_sd_configs: | ||||
| @@ -150,10 +213,11 @@ spec: | ||||
|         app.kubernetes.io/name: victoria-metrics | ||||
|         app.kubernetes.io/component: agent | ||||
|     spec: | ||||
|       priorityClassName: system-cluster-critical | ||||
|       serviceAccountName: prometheus-server | ||||
|       containers: | ||||
|         - name: vmagent | ||||
|           image: "victoriametrics/vmagent:v1.102.1" | ||||
|           image: "victoriametrics/vmagent:v1.128.0" | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           args: | ||||
|             - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/ | ||||
|   | ||||
| @@ -201,9 +201,10 @@ spec: | ||||
|         app.kubernetes.io/component: app | ||||
|         nextcloud-nextcloud-redis-client: "true" | ||||
|     spec: | ||||
|       priorityClassName: critical | ||||
|       containers: | ||||
|       - name: nextcloud | ||||
|         image: "nextcloud:29.0.4-apache" | ||||
|         image: "nextcloud:32.0.0-apache" | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         env: | ||||
|         - name: SQLITE_DATABASE | ||||
| @@ -282,7 +283,11 @@ spec: | ||||
|           periodSeconds: 10 | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 450Mi | ||||
|             cpu: 1038m | ||||
|             memory: 765M | ||||
|           limits: | ||||
|             cpu: 1200m | ||||
|             memory: 765M | ||||
|         volumeMounts: | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/ | ||||
| @@ -374,7 +379,7 @@ spec: | ||||
|           restartPolicy: Never | ||||
|           containers: | ||||
|             - name: nextcloud | ||||
|               image: "nextcloud:29.0.4-apache" | ||||
|               image: "nextcloud:32.0.0-apache" | ||||
|               imagePullPolicy: IfNotPresent | ||||
|               command: [ "curl" ] | ||||
|               args: | ||||
|   | ||||
| @@ -15,7 +15,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| @@ -27,7 +26,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| @@ -39,7 +37,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| rules: | ||||
| @@ -144,7 +141,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| rules: | ||||
| @@ -163,7 +159,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
| rules: | ||||
| - apiGroups: | ||||
| @@ -245,7 +240,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
| rules: | ||||
| - apiGroups: | ||||
| @@ -264,7 +258,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| roleRef: | ||||
| @@ -284,7 +277,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| roleRef: | ||||
| @@ -303,7 +295,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
| @@ -322,7 +313,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
| @@ -335,12 +325,34 @@ subjects: | ||||
| --- | ||||
| apiVersion: v1 | ||||
| data: | ||||
|   annotations-risk-level: Critical | ||||
|   allow-snippet-annotations: "true" | ||||
|   use-proxy-protocol: "true" | ||||
|   log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }' | ||||
|   log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "remote_addr_masked": "$remote_addr_masked", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }' | ||||
|   plugins: "redirect_location" | ||||
|   location-snippet: | | ||||
|     set $redirect_location ''; | ||||
|   server-snippet: | | ||||
|     set_by_lua_block $remote_addr_masked { | ||||
|       local bit = require("bit") | ||||
|  | ||||
|       local hval = 2166136261 | ||||
|       local rem_addr = ngx.var.remote_addr | ||||
|  | ||||
|       for w in rem_addr:gmatch(".") do | ||||
|         hval = bit.bxor(hval,string.byte(w)) | ||||
|         hval = hval + bit.lshift(hval,1) + bit.lshift(hval,4) + bit.lshift(hval,7) + bit.lshift(hval,8) + bit.lshift(hval,24) | ||||
|       end | ||||
|       if hval < 0 then | ||||
|         hval = bit.bnot(hval) | ||||
|       end | ||||
|       local octet1 = bit.band(bit.rshift(hval,24), 255) | ||||
|       local octet2 = bit.band(bit.rshift(hval,16), 255) | ||||
|       local octet3 = bit.band(bit.rshift(hval,8), 255) | ||||
|       local octet4 = bit.band(hval, 255) | ||||
|       local op = octet1 .. "." .. octet2 .. "." .. octet3 .. "." .. octet4 | ||||
|       return op | ||||
|     } | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   labels: | ||||
| @@ -348,7 +360,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| @@ -384,7 +395,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
| @@ -417,7 +427,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller-admission | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
| @@ -440,7 +449,6 @@ metadata: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
| @@ -484,7 +492,7 @@ spec: | ||||
|               fieldPath: metadata.namespace | ||||
|         - name: LD_PRELOAD | ||||
|           value: /usr/local/lib/libmimalloc.so | ||||
|         image: registry.k8s.io/ingress-nginx/controller:v1.11.1@sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a | ||||
|         image: registry.k8s.io/ingress-nginx/controller:v1.13.3@sha256:1b044f6dcac3afbb59e05d98463f1dec6f3d3fb99940bc12ca5d80270358e3bd | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         lifecycle: | ||||
|           preStop: | ||||
| @@ -525,7 +533,7 @@ spec: | ||||
|         resources: | ||||
|           requests: | ||||
|             cpu: 100m | ||||
|             memory: 90Mi | ||||
|             memory: 150Mi | ||||
|         securityContext: | ||||
|           allowPrivilegeEscalation: true | ||||
|           capabilities: | ||||
| @@ -694,3 +702,20 @@ webhooks: | ||||
|     resources: | ||||
|     - ingresses | ||||
|   sideEffects: None | ||||
| --- | ||||
| apiVersion: policy/v1 | ||||
| kind: PodDisruptionBudget | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|   name: ingress-nginx | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/component: controller | ||||
|       app.kubernetes.io/instance: ingress-nginx | ||||
|       app.kubernetes.io/name: ingress-nginx | ||||
|   minAvailable: 1 | ||||
|   | ||||
| @@ -57,7 +57,7 @@ spec: | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|       - name: update-native-modules | ||||
|         image: nodered/node-red:4.0.2-18 | ||||
|         image: nodered/node-red:4.1.1-18 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         command: | ||||
|           - bash | ||||
| @@ -65,16 +65,24 @@ spec: | ||||
|           - | | ||||
|             cd /data | ||||
|             npm rebuild | ||||
|             npm install tldts | ||||
|             npm install @atproto/api | ||||
|             npm install node-fetch | ||||
|         volumeMounts: | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: nodered/node-red:4.0.2-18 | ||||
|         image: nodered/node-red:4.1.1-18 | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 1880 | ||||
|           name: web | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 200M | ||||
|           limits: | ||||
|             memory: 200M | ||||
|         volumeMounts: | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|   | ||||
| @@ -47,11 +47,10 @@ metadata: | ||||
|   namespace: opengraph | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - opengraph.cluster.fun | ||||
|   | ||||
| @@ -43,9 +43,10 @@ spec: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: outline | ||||
|     spec: | ||||
|       priorityClassName: critical | ||||
|       containers: | ||||
|       - name: outline | ||||
|         image: outlinewiki/outline:0.78.0 | ||||
|         image: outlinewiki/outline:0.87.4 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         env: | ||||
|         - name: ALLOWED_DOMAINS | ||||
| @@ -69,6 +70,12 @@ spec: | ||||
|           failureThreshold: 30 | ||||
|           timeoutSeconds: 1 | ||||
|           periodSeconds: 5 | ||||
|         resources: | ||||
|           requests: | ||||
|             cpu: 8m | ||||
|             memory: 1389M | ||||
|           limits: | ||||
|             memory: 1489M | ||||
|         volumeMounts: | ||||
|           - mountPath: /opt/outline/.env | ||||
|             subPath: .env | ||||
|   | ||||
							
								
								
									
										7
									
								
								manifests/priority-classes/critical.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								manifests/priority-classes/critical.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| apiVersion: scheduling.k8s.io/v1 | ||||
| kind: PriorityClass | ||||
| metadata: | ||||
|   name: critical | ||||
| value: 1000 | ||||
| globalDefault: false | ||||
| preemptionPolicy: PreemptLowerPriority | ||||
							
								
								
									
										7
									
								
								manifests/priority-classes/low.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								manifests/priority-classes/low.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| apiVersion: scheduling.k8s.io/v1 | ||||
| kind: PriorityClass | ||||
| metadata: | ||||
|   name: low | ||||
| value: 10 | ||||
| globalDefault: false | ||||
| preemptionPolicy: Never | ||||
							
								
								
									
										7
									
								
								manifests/priority-classes/normal.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								manifests/priority-classes/normal.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| apiVersion: scheduling.k8s.io/v1 | ||||
| kind: PriorityClass | ||||
| metadata: | ||||
|   name: normal | ||||
| value: 100 | ||||
| globalDefault: true | ||||
| preemptionPolicy: PreemptLowerPriority | ||||
| @@ -1,149 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: tailscale-auth | ||||
|   namespace: proxy-civo | ||||
|   annotations: | ||||
|     kube-1password: 2cqycmsgv5r7vcyvjpblcl2l4y | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: host-mappings | ||||
|   namespace: proxy-civo | ||||
|   labels: | ||||
|     app: proxy | ||||
| data: | ||||
|   mapping.json: | | ||||
|     { | ||||
|       "vmcluster.proxy-civo.svc": "vmcluster.cluster.local", | ||||
|       "loki.proxy-civo.svc": "loki-write.cluster.local", | ||||
|       "loki.proxy-civo.svc:80": "loki-write.cluster.local", | ||||
|       "loki-distributed.proxy-civo.svc": "loki-loki.cluster.local", | ||||
|       "loki-distributed.proxy-civo.svc:80": "loki-loki.cluster.local" | ||||
|     } | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: internal-proxy | ||||
|   namespace: proxy-civo | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "host-mappings" | ||||
|     secret.reloader.stakater.com/reload: "tailscale-auth" | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: internal-proxy | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: internal-proxy | ||||
|     spec: | ||||
|       serviceAccountName: default | ||||
|       dnsPolicy: ClusterFirst | ||||
|       dnsConfig: | ||||
|         nameservers: | ||||
|           - 100.100.100.100 | ||||
|       containers: | ||||
|       - name: proxy | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/proxy:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: PROXY_DESTINATION | ||||
|           value: talos.averagemarcus.github.beta.tailscale.net | ||||
|         - name: PORT | ||||
|           value: "8080" | ||||
|         - name: TS_AUTH_KEY | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: tailscale-auth | ||||
|               key: password | ||||
|         - name: TS_HOSTNAME | ||||
|           value: proxy-civo-internal-proxy | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           protocol: TCP | ||||
|         volumeMounts: | ||||
|         - name: host-mappings | ||||
|           mountPath: /config/ | ||||
|       volumes: | ||||
|       - name: host-mappings | ||||
|         configMap: | ||||
|           name: host-mappings | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: loki | ||||
|   namespace: proxy-civo | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: loki-distributed | ||||
|   namespace: proxy-civo | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: prometheus | ||||
|   namespace: proxy-civo | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: vmcluster | ||||
|   namespace: proxy-civo | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| @@ -47,11 +47,10 @@ metadata: | ||||
|   namespace: qr | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - qr.cluster.fun | ||||
|   | ||||
| @@ -327,9 +327,10 @@ spec: | ||||
|               weight: 1 | ||||
|         nodeAffinity: | ||||
|       terminationGracePeriodSeconds: 30 | ||||
|       priorityClassName: critical | ||||
|       containers: | ||||
|         - name: redis | ||||
|           image: docker.io/bitnami/redis:7.2.4-debian-11-r11 | ||||
|           image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11 | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           securityContext: | ||||
|             runAsUser: 1001 | ||||
| @@ -471,7 +472,7 @@ spec: | ||||
|       terminationGracePeriodSeconds: 30 | ||||
|       containers: | ||||
|         - name: redis | ||||
|           image: docker.io/bitnami/redis:7.2.4-debian-11-r11 | ||||
|           image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11 | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           securityContext: | ||||
|             runAsUser: 1001 | ||||
|   | ||||
| @@ -25,6 +25,8 @@ data: | ||||
|   POLLING_FREQUENCY: "15" | ||||
|   BASE_URL: "https://miniflux.cluster.fun/" | ||||
|   METRICS_COLLECTOR: "1" | ||||
|   CLEANUP_ARCHIVE_READ_DAYS: "365" | ||||
|   CLEANUP_ARCHIVE_UNREAD_DAYS: "365" | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| @@ -66,7 +68,7 @@ spec: | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: ghcr.io/miniflux/miniflux:2.1.4 | ||||
|         image: ghcr.io/miniflux/miniflux:2.2.13 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         envFrom: | ||||
|         - configMapRef: | ||||
|   | ||||
| @@ -2,7 +2,7 @@ apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: twitter-to-airtable | ||||
|   namespace: social-to-rolodex | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
| @@ -14,8 +14,8 @@ data: | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: twitter-to-airtable-auth | ||||
|   namespace: twitter-to-airtable | ||||
|   name: social-to-rolodex-auth | ||||
|   namespace: social-to-rolodex | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| @@ -24,10 +24,10 @@ type: Opaque | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: twitter-to-airtable | ||||
|   namespace: twitter-to-airtable | ||||
|   name: social-to-rolodex | ||||
|   namespace: social-to-rolodex | ||||
|   annotations: | ||||
|     kube-1password: 2fjbfe2titvezdh2ktsyhugatq | ||||
|     kube-1password: oa3ycnui3ji4lc665bifaao63q | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| @@ -35,8 +35,8 @@ type: Opaque | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: twitter-to-airtable | ||||
|   namespace: twitter-to-airtable | ||||
|   name: social-to-rolodex | ||||
|   namespace: social-to-rolodex | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
| @@ -44,22 +44,22 @@ spec: | ||||
|     targetPort: auth | ||||
|     name: web | ||||
|   selector: | ||||
|     app: twitter-to-airtable | ||||
|     app: social-to-rolodex | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: twitter-to-airtable | ||||
|   namespace: twitter-to-airtable | ||||
|   name: social-to-rolodex | ||||
|   namespace: social-to-rolodex | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: twitter-to-airtable | ||||
|       app: social-to-rolodex | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: twitter-to-airtable | ||||
|         app: social-to-rolodex | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
| @@ -70,7 +70,7 @@ spec: | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://localhost:8080 | ||||
|         - --http-address=$(HOST_IP):8000 | ||||
|         - --redirect-url=https://twitter-to-airtable.cluster.fun/oauth2/callback | ||||
|         - --redirect-url=https://social-to-rolodex.cluster.fun/oauth2/callback | ||||
|         - --email-domain=marcusnoble.co.uk | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
| @@ -86,13 +86,13 @@ spec: | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: twitter-to-airtable-auth | ||||
|               name: social-to-rolodex-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: twitter-to-airtable-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|               name: social-to-rolodex-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
| @@ -104,14 +104,14 @@ spec: | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/twitter-to-airtable:latest | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-rolodex:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: PORT | ||||
|           value: "8080" | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: "twitter-to-airtable" | ||||
|             name: "social-to-rolodex" | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
| @@ -125,27 +125,26 @@ spec: | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: twitter-to-airtable | ||||
|   namespace: twitter-to-airtable | ||||
|   name: social-to-rolodex | ||||
|   namespace: social-to-rolodex | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - twitter-to-airtable.cluster.fun | ||||
|     secretName: twitter-to-airtable-ingress | ||||
|     - social-to-rolodex.cluster.fun | ||||
|     secretName: social-to-rolodex-ingress | ||||
|   rules: | ||||
|   - host: twitter-to-airtable.cluster.fun | ||||
|   - host: social-to-rolodex.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: twitter-to-airtable | ||||
|             name: social-to-rolodex | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,106 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: starling | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .dockerconfigjson | ||||
| type: kubernetes.io/dockerconfigjson | ||||
| data: | ||||
|   .dockerconfigjson: e30= | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: starling | ||||
|   namespace: starling | ||||
|   annotations: | ||||
|     kube-1password: ufxpki65ffgprn2upksirweeie | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: starling | ||||
|   namespace: starling | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: starling | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: starling | ||||
|   namespace: starling | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: starling | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: starling | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/starling:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: PORT | ||||
|           value: "3000" | ||||
|         - name: SHARED_SECRET | ||||
|           valueFrom:   | ||||
|             secretKeyRef: | ||||
|               name: starling | ||||
|               key: SHARED_SECRET | ||||
|         - name: ACCESS_TOKEN | ||||
|           valueFrom:   | ||||
|             secretKeyRef: | ||||
|               name: starling | ||||
|               key: ACCESS_TOKEN | ||||
|         ports: | ||||
|         - containerPort: 3000 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: starling | ||||
|   namespace: starling | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - starling.marcusnoble.co.uk | ||||
|     secretName: starling-ingress | ||||
|   rules: | ||||
|   - host: starling.marcusnoble.co.uk | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: starling | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -27,6 +27,7 @@ spec: | ||||
|       labels: | ||||
|         app: svg-to-dxf | ||||
|     spec: | ||||
|       priorityClassName: low | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/svg-to-dxf:latest | ||||
| @@ -45,14 +46,11 @@ metadata: | ||||
|   namespace: svg-to-dxf | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     traefik.ingress.kubernetes.io/buffering: | | ||||
|       maxrequestbodybytes: 31457280 | ||||
|       memrequestbodybytes: 62914560 | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - svg-to-dxf.cluster.fun | ||||
|   | ||||
| @@ -1,45 +1,3 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: talks | ||||
|   namespace: talks | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: talks | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: talks | ||||
|   namespace: talks | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: talks | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: talks | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/talks:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 20Mi | ||||
|           requests: | ||||
|             memory: 20Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
| @@ -47,24 +5,13 @@ metadata: | ||||
|   namespace: talks | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/permanent-redirect: https://speaking.marcusnoble.co.uk | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - talks.marcusnoble.co.uk | ||||
|     secretName: talks-ingress | ||||
|   rules: | ||||
|   - host: talks.marcusnoble.co.uk | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: talks | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
|   | ||||
| @@ -1,57 +0,0 @@ | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: tank | ||||
|   namespace: tank | ||||
|   annotations: | ||||
|     kube-1password: g6xle67quzowvvekf6zukjbbm4 | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: tank | ||||
|   namespace: tank | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|   selector: | ||||
|     app: tank | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: tank | ||||
|   namespace: tank | ||||
|   labels: | ||||
|     app: tank | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: tank | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: tank | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/tank:latest | ||||
|         imagePullPolicy: Always | ||||
|         envFrom: | ||||
|           - secretRef: | ||||
|               name: tank | ||||
|         ports: | ||||
|         - containerPort: 3000 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 10Mi | ||||
|           requests: | ||||
|             memory: 10Mi | ||||
| @@ -27,6 +27,7 @@ spec: | ||||
|       labels: | ||||
|         app: text-to-dxf | ||||
|     spec: | ||||
|       priorityClassName: low | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/text-to-dxf:latest | ||||
| @@ -45,11 +46,10 @@ metadata: | ||||
|   namespace: text-to-dxf | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - text-to-dxf.cluster.fun | ||||
|   | ||||
| @@ -1,45 +1,3 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: til | ||||
|   namespace: til | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: til | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: til | ||||
|   namespace: til | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: til | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: til | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/til:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 20Mi | ||||
|           requests: | ||||
|             memory: 20Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
| @@ -47,24 +5,25 @@ metadata: | ||||
|   namespace: til | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     nginx.ingress.kubernetes.io/server-snippet: | | ||||
|       rewrite ^/dont-reuse-keys/?$ https://marcusnoble.co.uk/2020-10-03-t-i-l-don-t-reuse-api-keys/ permanent; | ||||
|       rewrite ^/favicons/?$ https://marcusnoble.co.uk/2020-11-10-t-i-l-how-to-get-the-favicon-of-any-site/ permanent; | ||||
|       rewrite ^/getopts/?$ https://marcusnoble.co.uk/2021-08-04-t-i-l-cli-flag-handling-in-bash-using-getopts/ permanent; | ||||
|       rewrite ^/go-named-return-values/?$ https://marcusnoble.co.uk/2020-10-05-t-i-l-named-returns-in-go-functions/ permanent; | ||||
|       rewrite ^/golang-append/?$ https://marcusnoble.co.uk/2020-10-30-t-i-l-golang-s-append-mutates-the-provided-array/ permanent; | ||||
|       rewrite ^/golang-split-by-space/?$ https://marcusnoble.co.uk/2020-09-18-t-i-l-split-on-spaces-in-go/ permanent; | ||||
|       rewrite ^/kubectl-replace/?$ https://marcusnoble.co.uk/2020-09-25-t-i-l-kubectl-replace/ permanent; | ||||
|       rewrite ^/kubernetes-label-length/?$ https://marcusnoble.co.uk/2021-04-20-t-i-l-kubernetes-label-length/ permanent; | ||||
|       rewrite ^/tekton-multi-arch-builds/?$ https://marcusnoble.co.uk/2020-09-13-t-i-l-tekton-multi-arch-image-builds/ permanent; | ||||
|       rewrite ^/yaml-key-spaces/?$ https://marcusnoble.co.uk/2021-05-11-t-i-l-yaml-keys-allow-for-spaces-in-them/ permanent; | ||||
|       rewrite ^/yaml-multiline/?$ https://marcusnoble.co.uk/2020-09-17-t-i-l-yaml-multiline-values/ permanent; | ||||
|       rewrite ^/?$ https://marcusnoble.co.uk/ permanent; | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - til.marcusnoble.co.uk | ||||
|     secretName: til-ingress | ||||
|   rules: | ||||
|   - host: til.marcusnoble.co.uk | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: til | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
|   | ||||
| @@ -45,7 +45,7 @@ spec: | ||||
|         - --entrypoints.websecure.http.tls=true | ||||
|         - --entrypoints.web.http.redirections.entrypoint.to=websecure | ||||
|         - --entrypoints.web.http.redirections.entrypoint.scheme=https | ||||
|         image: rancher/mirrored-library-traefik:2.10.7 | ||||
|         image: rancher/mirrored-library-traefik:3.5.3 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         livenessProbe: | ||||
|           failureThreshold: 3 | ||||
|   | ||||
| @@ -1,92 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: tweetsvg | ||||
|   namespace: tweetsvg | ||||
|   annotations: | ||||
|     kube-1password: dmjtjxrcpqtmeddq5x7zikj37i | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .env | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: tweetsvg | ||||
|   namespace: tweetsvg | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 8080 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: tweetsvg | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: tweetsvg | ||||
|   namespace: tweetsvg | ||||
| spec: | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: tweetsvg | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: tweetsvg | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/tweetsvg:latest | ||||
|         imagePullPolicy: Always | ||||
|         # env: | ||||
|         # - name: DOTENV_DIR | ||||
|         #   value: /config/ | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 100Mi | ||||
|           requests: | ||||
|             memory: 100Mi | ||||
|         volumeMounts: | ||||
|           - name: dotenv | ||||
|             mountPath: /app/.env | ||||
|             subPath: .env | ||||
|       volumes: | ||||
|       - name: dotenv | ||||
|         secret: | ||||
|           secretName: tweetsvg | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: tweetsvg | ||||
|   namespace: tweetsvg | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - tweet.cluster.fun | ||||
|     secretName: tweetsvg-ingress | ||||
|   rules: | ||||
|   - host: tweet.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tweetsvg | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| @@ -1,86 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: twitter-profile-pic | ||||
|   namespace: twitter-profile-pic | ||||
|   annotations: | ||||
|     kube-1password: d2rt56v47q2wij47qgj27umrky | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .env | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: twitter-profile-pic | ||||
|   namespace: twitter-profile-pic | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 9090 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: twitter-profile-pic | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: twitter-profile-pic | ||||
|   namespace: twitter-profile-pic | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: twitter-profile-pic | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: twitter-profile-pic | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/twitter-profile-pic:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 9090 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 100Mi | ||||
|           requests: | ||||
|             memory: 100Mi | ||||
|         volumeMounts: | ||||
|           - name: dotenv | ||||
|             mountPath: /app/.env | ||||
|             subPath: .env | ||||
|       volumes: | ||||
|       - name: dotenv | ||||
|         secret: | ||||
|           secretName: twitter-profile-pic | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: twitter-profile-pic-cluster-fun | ||||
|   namespace: twitter-profile-pic | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - twitter-profile-pic.cluster.fun | ||||
|     secretName: twitter-profile-pic-cluster-fun-ingress | ||||
|   rules: | ||||
|   - host: twitter-profile-pic.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: twitter-profile-pic | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,204 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: wallabag | ||||
|   namespace: wallabag | ||||
|   annotations: | ||||
|     kube-1password: 4yogl6yx6t4trrkq7o35tiyj6i | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: wallabag | ||||
|   namespace: wallabag | ||||
|   labels: | ||||
|     app.kubernetes.io/name: wallabag | ||||
|   annotations: | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: http | ||||
|     protocol: TCP | ||||
|     name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: wallabag | ||||
| --- | ||||
| apiVersion: batch/v1 | ||||
| kind: Job | ||||
| metadata: | ||||
|   name: wallabag | ||||
|   namespace: wallabag | ||||
|   labels: | ||||
|     app.kubernetes.io/name: wallabag-init | ||||
| spec: | ||||
|   suspend: true | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: wallabag-init | ||||
|     spec: | ||||
|       restartPolicy: OnFailure | ||||
|       containers: | ||||
|       - name: db-init | ||||
|         image: "wallabag/wallabag:latest" | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: wallabag | ||||
|         env: | ||||
|           - name: "SYMFONY__ENV__DATABASE_CHARSET" | ||||
|             value: "utf8" | ||||
|           - name: "SYMFONY__ENV__DATABASE_DRIVER" | ||||
|             value: "pdo_pgsql" | ||||
|           - name: "SYMFONY__ENV__DATABASE_NAME" | ||||
|             value: "wallabag" | ||||
|           - name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX" | ||||
|             value: "wallabag_" | ||||
|           - name: "SYMFONY__ENV__DOMAIN_NAME" | ||||
|             value: "https://wallabag.cluster.fun" | ||||
|           - name: "SYMFONY__ENV__FOSUSER_REGISTRATION" | ||||
|             value: "false" | ||||
|           - name: "SYMFONY__ENV__LOCALE" | ||||
|             value: "en" | ||||
|           - name: "TZ" | ||||
|             value: "UTC" | ||||
|         command: | ||||
|         - /var/www/wallabag/bin/console | ||||
|         - wallabag:install | ||||
|         - --env=prod | ||||
|         - --no-interaction | ||||
|  | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: wallabag | ||||
|   namespace: wallabag | ||||
|   labels: | ||||
|     app.kubernetes.io/name: wallabag | ||||
| spec: | ||||
|   revisionHistoryLimit: 3 | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: wallabag | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: wallabag | ||||
|     spec: | ||||
|       initContainers: | ||||
|         - name: db-migrate | ||||
|           image: "wallabag/wallabag:2.6.9" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           command: | ||||
|           - /var/www/wallabag/bin/console | ||||
|           - doctrine:migrations:migrate | ||||
|           - --env=prod | ||||
|           - --no-interaction | ||||
|           envFrom: | ||||
|           - secretRef: | ||||
|               name: wallabag | ||||
|           env: | ||||
|             - name: "SYMFONY__ENV__DATABASE_CHARSET" | ||||
|               value: "utf8" | ||||
|             - name: "SYMFONY__ENV__DATABASE_DRIVER" | ||||
|               value: "pdo_pgsql" | ||||
|             - name: "SYMFONY__ENV__DATABASE_NAME" | ||||
|               value: "wallabag" | ||||
|             - name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX" | ||||
|               value: "wallabag_" | ||||
|             - name: "SYMFONY__ENV__DOMAIN_NAME" | ||||
|               value: "https://wallabag.cluster.fun" | ||||
|             - name: "SYMFONY__ENV__FOSUSER_REGISTRATION" | ||||
|               value: "false" | ||||
|             - name: "SYMFONY__ENV__LOCALE" | ||||
|               value: "en" | ||||
|             - name: "TZ" | ||||
|               value: "UTC" | ||||
|             - name: "POPULATE_DATABASE" | ||||
|               value: "false" | ||||
|       containers: | ||||
|         - name: wallabag | ||||
|           image: "wallabag/wallabag:2.6.9" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           envFrom: | ||||
|           - secretRef: | ||||
|               name: wallabag | ||||
|           env: | ||||
|             - name: "SYMFONY__ENV__DATABASE_CHARSET" | ||||
|               value: "utf8" | ||||
|             - name: "SYMFONY__ENV__DATABASE_DRIVER" | ||||
|               value: "pdo_pgsql" | ||||
|             - name: "SYMFONY__ENV__DATABASE_NAME" | ||||
|               value: "wallabag" | ||||
|             - name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX" | ||||
|               value: "wallabag_" | ||||
|             - name: "SYMFONY__ENV__DOMAIN_NAME" | ||||
|               value: "https://wallabag.cluster.fun" | ||||
|             - name: "SYMFONY__ENV__FOSUSER_REGISTRATION" | ||||
|               value: "false" | ||||
|             - name: "SYMFONY__ENV__LOCALE" | ||||
|               value: "en" | ||||
|             - name: "TZ" | ||||
|               value: "UTC" | ||||
|             - name: "POPULATE_DATABASE" | ||||
|               value: "false" | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 80 | ||||
|               protocol: TCP | ||||
|           livenessProbe: | ||||
|             tcpSocket: | ||||
|               port: 80 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 10 | ||||
|           readinessProbe: | ||||
|             tcpSocket: | ||||
|               port: 80 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 10 | ||||
|           startupProbe: | ||||
|             tcpSocket: | ||||
|               port: 80 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 30 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 5 | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: wallabag | ||||
|   namespace: wallabag | ||||
|   labels: | ||||
|     app.kubernetes.io/name: wallabag | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   tls: | ||||
|     - hosts: | ||||
|         - "wallabag.cluster.fun" | ||||
|       secretName: "wallabag-ingress" | ||||
|   rules: | ||||
|     - host: "wallabag.cluster.fun" | ||||
|       http: | ||||
|         paths: | ||||
|           - path: "/" | ||||
|             pathType: ImplementationSpecific | ||||
|             backend: | ||||
|               service: | ||||
|                 name: wallabag | ||||
|                 port: | ||||
|                   number: 80 | ||||
							
								
								
									
										95
									
								
								manifests/yay-or-nay/yay-or-nay.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										95
									
								
								manifests/yay-or-nay/yay-or-nay.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,95 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: yay-or-nay | ||||
|   namespace: yay-or-nay | ||||
|   annotations: | ||||
|     kube-1password: vtnx2swze7r6qepxnlepufvcbi | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: yay-or-nay | ||||
|   labels: | ||||
|     app: yay-or-nay | ||||
|     app.kubernetes.io/name: yay-or-nay | ||||
|   annotations: | ||||
|     reloader.stakater.com/search: "true" | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: yay-or-nay | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: yay-or-nay | ||||
|         app.kubernetes.io/name: yay-or-nay | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: yay-or-nay | ||||
|         image: ghcr.io/mocdaniel/yay-or-nay:1.1.1 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 3000 | ||||
|           name: web | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: yay-or-nay | ||||
|         livenessProbe: | ||||
|           httpGet: | ||||
|             path: / | ||||
|             port: web | ||||
|           initialDelaySeconds: 10 | ||||
|         readinessProbe: | ||||
|           httpGet: | ||||
|             path: / | ||||
|             port: web | ||||
|           initialDelaySeconds: 10 | ||||
|  | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: yay-or-nay | ||||
|   labels: | ||||
|     app.kubernetes.io/name: yay-or-nay | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: yay-or-nay | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: yay-or-nay | ||||
|   namespace: yay-or-nay | ||||
|   labels: | ||||
|     app.kubernetes.io/name: yay-or-nay | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|     - hosts: | ||||
|         - "yay-or-nay.cluster.fun" | ||||
|       secretName: "yay-or-nay-ingress" | ||||
|   rules: | ||||
|     - host: "yay-or-nay.cluster.fun" | ||||
|       http: | ||||
|         paths: | ||||
|           - path: "/" | ||||
|             pathType: ImplementationSpecific | ||||
|             backend: | ||||
|               service: | ||||
|                 name: yay-or-nay | ||||
|                 port: | ||||
|                   name: web | ||||
		Reference in New Issue
	
	Block a user