AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity

Compare commits

base: AverageMarcus:a9c829b0fda6199c4371c7f123ca250dbbc08aad
Branches Tags
AverageMarcus:master AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:increase_cluster_max
...
compare: AverageMarcus:renovate/grafana-promtail-3.x
Branches Tags
AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:master AverageMarcus:increase_cluster_max

58 Commits
a9c829b0fd ... renovate/g

Author SHA1 Message Date
Renovate Bot
015a5baeae Update grafana/promtail Docker tag to v3 2025-09-23 03:08:35 +00:00
Marcus Noble
68a06195e9 Bump mealie memory 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-22 06:17:30 +01:00
Marcus Noble
b8e08002dd Added ephemeral-storage-exporter 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-20 10:57:39 +01:00
Marcus Noble
3fa3703b27 Mark monitoring apps as critical 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-20 10:42:09 +01:00
Marcus Noble
84fbd628db Bump mealie memory 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-20 09:51:03 +01:00
Marcus Noble
32158e4cef Clean up some metric labels 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-20 08:56:24 +01:00
Marcus Noble
7c52a9dc34 Added cadvisor 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-20 08:43:59 +01:00
Marcus Noble
8d2ab9205a Merge pull request 'Update ghcr.io/miniflux/miniflux Docker tag to v2.2.13' (#561) from renovate/ghcr.io-miniflux-miniflux-2.x into master 
Reviewed-on: #561
 2025-09-19 07:15:26 +00:00
Renovate Bot
e2fafc6a7e Update ghcr.io/miniflux/miniflux Docker tag to v2.2.13 2025-09-19 03:07:13 +00:00
Marcus Noble
375343d100 Merge pull request 'Update outlinewiki/outline Docker tag to v0.87.4' (#560) from renovate/outlinewiki-outline-0.x into master 
Reviewed-on: #560
 2025-09-18 06:44:06 +00:00
Renovate Bot
0eb69ef4f5 Update outlinewiki/outline Docker tag to v0.87.4 2025-09-18 03:11:54 +00:00
Marcus Noble
de9197d740 Merge pull request 'Update victoriametrics/vmagent Docker tag to v1.126.0' (#559) from renovate/victoriametrics into master 
Reviewed-on: #559
 2025-09-16 06:57:17 +00:00
Marcus Noble
abbc4fc453 Merge pull request 'Update nextcloud Docker tag to v31.0.9' (#558) from renovate/nextcloud-31.x into master 
Reviewed-on: #558
 2025-09-16 06:57:14 +00:00
Marcus Noble
77d24ae009 Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v3.2.1' (#557) from renovate/ghcr.io-mealie-recipes-mealie-3.x into master 
Reviewed-on: #557
 2025-09-16 06:57:10 +00:00
Renovate Bot
193406e7df Update victoriametrics/vmagent Docker tag to v1.126.0 2025-09-16 03:21:54 +00:00
Renovate Bot
c15da69d83 Update nextcloud Docker tag to v31.0.9 2025-09-16 03:21:39 +00:00
Renovate Bot
23a6d889f1 Update ghcr.io/mealie-recipes/mealie Docker tag to v3.2.1 2025-09-16 03:21:36 +00:00
Marcus Noble
57ac458504 Fix svg-to-dxf 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 16:14:01 +01:00
Marcus Noble
e53a02014a Cleaned up old civo cluster resources 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 16:02:19 +01:00
Marcus Noble
eefb79771f Added priority classes 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 15:56:31 +01:00
Marcus Noble
a3f8762679 Increase mealie cpu limit 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 15:42:08 +01:00
Marcus Noble
6e064edb7c Bump mealie cpu 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 15:39:32 +01:00
Marcus Noble
0243dc08e7 Increased memory requests 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 15:38:00 +01:00
Marcus Noble
a6ce82e001 Bump mealie CPU to 80m 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 15:34:30 +01:00
Marcus Noble
68d172423c Increased melie CPU 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 15:31:46 +01:00
Marcus Noble
390986ffaa Increased mioniflux archive days 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-14 08:25:08 +01:00
Marcus Noble
44b8088899 Merge pull request 'Update ghcr.io/mealie-recipes/mealie Docker tag to v3.2.0' (#556) from renovate/ghcr.io-mealie-recipes-mealie-3.x into master 
Reviewed-on: #556
 2025-09-14 07:15:40 +00:00
Renovate Bot
6de863bba5 Update ghcr.io/mealie-recipes/mealie Docker tag to v3.2.0 2025-09-14 03:12:27 +00:00
Marcus Noble
4ea8bf9acd Set nextcloud resources 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-13 20:35:42 +01:00
Marcus Noble
c3053250a3 Set resources for Mealie 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-13 20:18:44 +01:00
Marcus Noble
91a3cc22b0 Add flags to dashboard too 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-13 20:10:13 +01:00
Marcus Noble
d97cdc1bdc Reduce dashboard replica count 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-13 20:08:51 +01:00
Marcus Noble
435cee3116 Enable for all namespaces 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-13 20:06:31 +01:00
Marcus Noble
5950568286 Ensure namespace created 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-13 20:04:10 +01:00
Marcus Noble
2d6faab122 Merge branch 'master' of https://git.cluster.fun/averagemarcus/cluster.fun 2025-09-13 20:02:13 +01:00
Marcus Noble
2eca62bf5d Added Goldilocks 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-13 20:02:05 +01:00
Marcus Noble
aa3c98d453 Merge pull request 'Update gitea/gitea Docker tag to v1.24.6' (#555) from renovate/gitea-gitea-1.x into master 
Reviewed-on: #555
 2025-09-13 17:41:11 +00:00
Renovate Bot
b334e52544 Update gitea/gitea Docker tag to v1.24.6 2025-09-12 03:06:04 +00:00
Marcus Noble
78af20ec62 Move apps to scaleway 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:24:23 +01:00
Marcus Noble
cfb3de7e76 Removed social-toi-grist 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:24:11 +01:00
Marcus Noble
627b997241 Remove annotations 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:23:56 +01:00
Marcus Noble
aa1163aab9 Removed traefik annotations 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:17:35 +01:00
Marcus Noble
3c5c5e9016 Remove annotation 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:15:08 +01:00
Marcus Noble
42328cb5f0 Fix indentation 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:12:04 +01:00
Marcus Noble
f4aac5f5e6 Move talks to scaleaway 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:10:29 +01:00
Marcus Noble
87286c91d0 Enable nginx snippets 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 21:05:33 +01:00
Marcus Noble
9aa1b0f522 Added ingress class name 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:56:52 +01:00
Marcus Noble
2cf08255cc Move til to scaleway 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:54:34 +01:00
Marcus Noble
5e8e1ff294 Remove til deployment 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:51:29 +01:00
Marcus Noble
556ba744f9 Add ingress class 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:38:05 +01:00
Marcus Noble
9565bee15f Add ingress class 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:36:04 +01:00
Marcus Noble
487aea3af4 Remomve wallabag 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:30:48 +01:00
Marcus Noble
c6380f0350 Removed old twitter-related apps 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:29:39 +01:00
Marcus Noble
6ce44f3132 Removed matrix 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:20:36 +01:00
Marcus Noble
63510aa4bb Moved apps to scaleway 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 20:17:09 +01:00
Marcus Noble
f25ef5e5bb Increase mealie token time 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2025-09-04 16:35:55 +01:00
Marcus Noble
5ac34d3890 Merge pull request 'Update victoriametrics/vmagent Docker tag to v1.125.1' (#554) from renovate/victoriametrics into master 
Reviewed-on: #554
 2025-09-04 06:36:28 +00:00
Renovate Bot
8a7ad6fa2d Update victoriametrics/vmagent Docker tag to v1.125.1 2025-09-04 03:32:00 +00:00
73 changed files with 455 additions and 2552 deletions
Expand all files Collapse all files

2
manifests/_apps/base64.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: base64 namespace: base64
name: civo name: cluster-fun (v2)
source: source:
path: manifests/base64 path: manifests/base64
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/bsky-screenshot.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: bsky-screenshot namespace: bsky-screenshot
name: civo name: cluster-fun (v2)
source: source:
path: manifests/bsky-screenshot path: manifests/bsky-screenshot
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/cel-tester.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: cel-tester namespace: cel-tester
name: civo name: cluster-fun (v2)
source: source:
path: manifests/cel-tester path: manifests/cel-tester
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

24
manifests/_apps/certmanager_chart.yaml
View File

@@ -1,27 +1,3 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: cert-manager
name: civo
source:
path: manifests/certmanager-civo
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:

2
manifests/_apps/civo-versions.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: civo-versions namespace: civo-versions
name: civo name: cluster-fun (v2)
source: source:
path: manifests/civo-versions path: manifests/civo-versions
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/cv.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: cv namespace: cv
name: civo name: cluster-fun (v2)
source: source:
path: manifests/cv path: manifests/cv
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/feed-fetcher.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: feed-fetcher namespace: feed-fetcher
name: civo name: cluster-fun (v2)
source: source:
path: manifests/feed-fetcher path: manifests/feed-fetcher
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

35
manifests/_apps/goldilocks.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-goldilocks
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: goldilocks
name: cluster-fun (v2)
source:
repoURL: 'https://charts.fairwinds.com/stable'
targetRevision: 10.1.0
chart: goldilocks
helm:
version: v3
values: |-
vpa:
enabled: true
controller:
flags:
on-by-default: true
dashboard:
flags:
on-by-default: true
replicaCount: 1
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
---

2
manifests/_apps/goplayground.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: goplayground namespace: goplayground
name: civo name: cluster-fun (v2)
source: source:
path: manifests/goplayground path: manifests/goplayground
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/link.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: link namespace: link
name: civo name: cluster-fun (v2)
source: source:
path: manifests/link path: manifests/link
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

24
manifests/_apps/monitoring-civo.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: monitoring-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: monitoring
name: civo
source:
path: manifests/monitoring-civo
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

2
manifests/_apps/opengraph-image-gen.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: opengraph namespace: opengraph
name: civo name: cluster-fun (v2)
source: source:
path: manifests/opengraph path: manifests/opengraph
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

8
manifests/_apps/matrix_chart.yaml → manifests/_apps/priority-classes.yaml
View File

@@ -1,23 +1,23 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: cluster-fun-matrix name: cluster-fun-priority-classes
namespace: argocd namespace: argocd
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
spec: spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: chat namespace: kube-system
name: cluster-fun (v2) name: cluster-fun (v2)
source: source:
path: manifests/matrix_chart path: manifests/priority-classes
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD targetRevision: HEAD
syncPolicy: syncPolicy:
automated: {}
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
automated: {}
ignoreDifferences: ignoreDifferences:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:

24
manifests/_apps/proxy-civo.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: proxy-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: proxy-civo
name: civo
source:
path: manifests/proxy-civo
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

2
manifests/_apps/qr.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: qr namespace: qr
name: civo name: cluster-fun (v2)
source: source:
path: manifests/qr path: manifests/qr
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

23
manifests/_apps/reloader.yaml
View File

@@ -21,26 +21,3 @@ spec:
jsonPointers: jsonPointers:
- /data - /data
--- ---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-reloader-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: kube-system
name: civo
source:
repoURL: 'https://stakater.github.io/stakater-charts'
targetRevision: v0.0.89
chart: reloader
syncPolicy:
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

2
manifests/_apps/social-to-rolodex.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: social-to-rolodex namespace: social-to-rolodex
name: civo name: cluster-fun (v2)
source: source:
path: manifests/social-to-rolodex path: manifests/social-to-rolodex
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/svg-to-dxf.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: svg-to-dxf namespace: svg-to-dxf
name: civo name: cluster-fun (v2)
source: source:
path: manifests/svg-to-dxf path: manifests/svg-to-dxf
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/talks.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: talks namespace: talks
name: civo name: cluster-fun (v2)
source: source:
path: manifests/talks path: manifests/talks
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/text-to-dxf.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: text-to-dxf namespace: text-to-dxf
name: civo name: cluster-fun (v2)
source: source:
path: manifests/text-to-dxf path: manifests/text-to-dxf
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

2
manifests/_apps/til.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: til namespace: til
name: civo name: cluster-fun (v2)
source: source:
path: manifests/til path: manifests/til
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

24
manifests/_apps/traefik.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: kube-system
name: civo
source:
path: manifests/traefik
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

25
manifests/_apps/tweetsvg.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: tweetsvg
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: tweetsvg
name: civo
source:
path: manifests/tweetsvg
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

26
manifests/_apps/twitter-profile-pic.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-twitter-profile-pic
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: twitter-profile-pic
name: cluster-fun (v2)
source:
path: manifests/twitter-profile-pic
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

25
manifests/_apps/wallabag.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-wallabag
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: wallabag
name: cluster-fun (v2)
source:
path: manifests/wallabag
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

5
manifests/auth-proxy/proxy.yaml
View File

@@ -38,6 +38,7 @@ spec:
labels: labels:
app: internal-proxy app: internal-proxy
spec: spec:
priorityClassName: critical
serviceAccountName: default serviceAccountName: default
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
dnsConfig: dnsConfig:
@@ -101,9 +102,9 @@ spec:
protocol: TCP protocol: TCP
resources: resources:
limits: limits:
memory: 50Mi memory: 80Mi
requests: requests:
memory: 50Mi memory: 80Mi
volumes: volumes:
- name: host-mappings - name: host-mappings
configMap: configMap:

6
manifests/base64/base64.yaml
View File

@@ -29,6 +29,7 @@ spec:
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: docker-config - name: docker-config
priorityClassName: low
containers: containers:
- name: web - name: web
image: rg.fr-par.scw.cloud/averagemarcus/base64:latest image: rg.fr-par.scw.cloud/averagemarcus/base64:latest
@@ -49,11 +50,10 @@ metadata:
namespace: base64 namespace: base64
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- base64.cluster.fun - base64.cluster.fun

5
manifests/bsky-screenshot/bsky-screenshot.yaml
View File

@@ -47,11 +47,10 @@ metadata:
namespace: bsky-screenshot namespace: bsky-screenshot
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- bsky-screenshot.cluster.fun - bsky-screenshot.cluster.fun

5
manifests/cel-tester/cel-tester.yaml
View File

@@ -47,11 +47,10 @@ metadata:
namespace: cel-tester namespace: cel-tester
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- cel-tester.cluster.fun - cel-tester.cluster.fun

23
manifests/certmanager-civo/certmanager_chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
certmanager.k8s.io/disable-validation: "true"
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: letsencrypt@marcusnoble.co.uk
privateKeySecretRef:
name: letsencrypt
solvers:
- http01:
ingress:
class: traefik

6
manifests/civo-versions/civo-versions.yaml
View File

@@ -38,6 +38,7 @@ spec:
labels: labels:
app: civo-versions app: civo-versions
spec: spec:
priorityClassName: low
containers: containers:
- name: web - name: web
image: rg.fr-par.scw.cloud/averagemarcus/civo-versions:latest image: rg.fr-par.scw.cloud/averagemarcus/civo-versions:latest
@@ -66,11 +67,10 @@ metadata:
namespace: civo-versions namespace: civo-versions
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- civo-versions.cluster.fun - civo-versions.cluster.fun

5
manifests/cv/cv.yaml
View File

@@ -62,11 +62,10 @@ metadata:
namespace: cv namespace: cv
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- cv.marcusnoble.co.uk - cv.marcusnoble.co.uk

5
manifests/feed-fetcher/feed-fetcher.yaml
View File

@@ -42,11 +42,10 @@ metadata:
namespace: feed-fetcher namespace: feed-fetcher
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- feed-fetcher.cluster.fun - feed-fetcher.cluster.fun

3
manifests/gitea/gitea.yaml
View File

@@ -40,9 +40,10 @@ spec:
labels: labels:
app: git app: git
spec: spec:
priorityClassName: critical
containers: containers:
- name: git - name: git
image: gitea/gitea:1.24.5 image: gitea/gitea:1.24.6
env: env:
- name: APP_NAME - name: APP_NAME
value: "Git" value: "Git"

5
manifests/goplayground/goplayground.yaml
View File

@@ -47,11 +47,10 @@ metadata:
namespace: goplayground namespace: goplayground
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- go.cluster.fun - go.cluster.fun

1
manifests/grist/grist.yaml
View File

@@ -70,6 +70,7 @@ spec:
app.kubernetes.io/name: grist app.kubernetes.io/name: grist
spec: spec:
serviceAccountName: grist serviceAccountName: grist
priorityClassName: critical
containers: containers:
- name: grist - name: grist
image: gristlabs/grist-oss:1.7.3 image: gristlabs/grist-oss:1.7.3

6
manifests/link/link.yaml
View File

@@ -69,6 +69,7 @@ spec:
labels: labels:
app: link app: link
spec: spec:
priorityClassName: critical
containers: containers:
- name: web - name: web
image: rg.fr-par.scw.cloud/averagemarcus/link:latest image: rg.fr-par.scw.cloud/averagemarcus/link:latest
@@ -91,11 +92,10 @@ metadata:
namespace: link namespace: link
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- go-get.link - go-get.link

1
manifests/mastodon-digest/mastodon_digest.yaml
View File

@@ -123,6 +123,7 @@ spec:
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: docker-config - name: docker-config
priorityClassName: low
containers: containers:
- args: - args:
- --cookie-secure=false - --cookie-secure=false

540
manifests/matrix_chart/matrix_chart.yaml
View File

@@ -1,540 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix
namespace: chat
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- matrix.cluster.fun
secretName: matrix-ingress
rules:
- host: matrix.cluster.fun
http:
paths:
- path: /.well-known/matrix
pathType: ImplementationSpecific
backend:
service:
name: well-known
port:
number: 80
- path: /
pathType: ImplementationSpecific
backend:
service:
name: matrix-synapse
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: riot
namespace: chat
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- chat.cluster.fun
secretName: riot-ingress
rules:
- host: chat.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: matrix-riot
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: well-known
namespace: chat
annotations:
configmap.reloader.stakater.com/reload: "well-known"
spec:
replicas: 1
selector:
matchLabels:
app: well-known
template:
metadata:
labels:
app: well-known
spec:
containers:
- name: web
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: web
volumeMounts:
- name: well-known
mountPath: /usr/share/nginx/html/.well-known/matrix
resources:
limits:
memory: 15Mi
requests:
memory: 15Mi
volumes:
- name: well-known
configMap:
name: well-known
---
apiVersion: v1
kind: Service
metadata:
name: well-known
namespace: chat
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
name: web
selector:
app: well-known
---
apiVersion: v1
kind: ConfigMap
metadata:
name: well-known
namespace: chat
data:
server: |-
{
"m.server": "matrix.cluster.fun:443"
}
client: |-
{
"m.homeserver": {
"base_url": "https://matrix.cluster.fun"
},
"org.matrix.msc3575.proxy": {
"url": "https://syncv3.matrix.cluster.fun"
}
}
---
# Source: matrix/templates/riot/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-riot-config
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
data:
config.json: |
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.cluster.fun"
}
},
"brand": "Element",
"branding": {},
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"showLabsSettings": true,
"features": {
"feature_pinning": true,
"feature_custom_status": "labs",
"feature_state_counters": "labs",
"feature_many_integration_managers": "labs",
"feature_mjolnir": "labs",
"feature_dm_verification": "labs",
"feature_bridge_state": "labs",
"feature_presence_in_room_list": true,
"feature_custom_themes": "labs",
"feature_new_spinner": "labs",
"feature_jump_to_date": "labs",
"feature_location_share_pin_drop": "labs",
"feature_location_share_live": "labs",
"feature_thread": true,
"feature_video_rooms": true,
"feature_favourite_messages": "labs"
},
"roomDirectory": {
"servers": []
},
"permalinkPrefix": "https://chat.cluster.fun",
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=2IerXP2a5g1e7hxxBbzs"
}
nginx.conf: |
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/pid/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
default.conf: |
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
---
apiVersion: v1
kind: Secret
metadata:
name: matrix-synapse-config
namespace: chat
annotations:
kube-1password: wbj4oozwyx6m2zz5m42pgcmymy
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: homeserver.yaml
labels:
app.kubernetes.io/name: "matrix"
component: synapse
type: Opaque
---
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-synapse-config
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
data:
matrix.cluster.fun.log.config: |
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: WARNING
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARNING
root:
level: WARNING
handlers: [console]
---
# Source: matrix/templates/riot/service.yaml
apiVersion: v1
kind: Service
metadata:
name: matrix-riot
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: matrix-riot
---
# Source: matrix/templates/synapse/service.yaml
apiVersion: v1
kind: Service
metadata:
name: matrix-synapse
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/_synapse/metrics"
prometheus.io/port: "9000"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
- port: 9000
targetPort: metrics
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: matrix-synapse
---
# Source: matrix/templates/riot/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-riot
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: matrix-riot
template:
metadata:
labels:
app.kubernetes.io/name: matrix-riot
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: "riot"
image: "vectorim/element-web:v1.11.110"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /app/config.json
name: riot-config
subPath: config.json
readOnly: true
- mountPath: /etc/nginx/nginx.conf
name: riot-config
subPath: nginx.conf
readOnly: true
- mountPath: /etc/nginx/conf.d/default.conf
name: riot-config
subPath: default.conf
readOnly: true
- mountPath: /var/cache/nginx
name: ephemeral
subPath: cache
- mountPath: /var/run/pid
name: ephemeral
subPath: pid
- mountPath: /tmp
name: tmp
readinessProbe:
httpGet:
path: /
port: http
startupProbe:
httpGet:
path: /
port: http
livenessProbe:
httpGet:
path: /
port: http
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumes:
- name: riot-config
configMap:
name: matrix-riot-config
- name: ephemeral
emptyDir: {}
- name: tmp
emptyDir: {}
---
# Source: matrix/templates/synapse/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-synapse
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: matrix-synapse
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: matrix-synapse
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
initContainers:
- name: generate-signing-key
image: "ghcr.io/element-hq/synapse:v1.137.0"
imagePullPolicy: IfNotPresent
env:
- name: SYNAPSE_SERVER_NAME
value: matrix.cluster.fun
- name: SYNAPSE_REPORT_STATS
value: "no"
command: ["python"]
args:
- "-m"
- "synapse.app.homeserver"
- "--config-path"
- "/data/homeserver.yaml"
- "--keys-directory"
- "/data/keys"
- "--generate-keys"
volumeMounts:
- name: synapse-config-homeserver
mountPath: /data/homeserver.yaml
subPath: homeserver.yaml
- name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config
- name: signing-key
mountPath: /data/keys
containers:
- name: "synapse"
image: "ghcr.io/element-hq/synapse:v1.137.0"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
- name: metrics
containerPort: 9000
protocol: TCP
volumeMounts:
- name: synapse-config-homeserver
mountPath: /data/homeserver.yaml
subPath: homeserver.yaml
- name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config
- name: signing-key
mountPath: /data/keys
- name: user-media
mountPath: /data/media_store
- name: uploads
mountPath: /data/uploads
- name: tmp
mountPath: /tmp
readinessProbe:
httpGet:
path: /_matrix/static/
port: http
periodSeconds: 10
timeoutSeconds: 5
startupProbe:
httpGet:
path: /_matrix/static/
port: http
failureThreshold: 6
periodSeconds: 5
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /_matrix/static/
port: http
periodSeconds: 10
timeoutSeconds: 5
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumes:
- name: synapse-config-logging
configMap:
name: matrix-synapse-config
- name: synapse-config-homeserver
secret:
secretName: matrix-synapse-config
- name: signing-key
persistentVolumeClaim:
claimName: chat-matrix-signing-key
- name: user-media
persistentVolumeClaim:
claimName: chat-matrix-user-media
- name: uploads
emptyDir: {}
- name: tmp
emptyDir: {}
---

32
manifests/matrix_chart/pvs.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chat-matrix-user-media
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 12Gi
storageClassName: sbs-default-retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chat-matrix-signing-key
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: sbs-default-retain
---

119
manifests/matrix_chart/sliding-sync.yaml
View File

@@ -1,119 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: matrix-sliding-sync
namespace: chat
annotations:
kube-1password: 7kvyfcszfaavj2d7uvl4troagm
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: sliding-sync
template:
metadata:
labels:
app.kubernetes.io/name: sliding-sync
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: "sliding-sync"
image: "ghcr.io/matrix-org/sliding-sync:v0.99.19"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
env:
- name: SYNCV3_SERVER
value: https://matrix.cluster.fun
- name: SYNCV3_BINDADDR
value: ":8008"
- name: SYNCV3_PROM
value: ":9090"
- name: SYNCV3_SECRET
valueFrom:
secretKeyRef:
name: matrix-sliding-sync
key: SYNCV3_SECRET
- name: SYNCV3_DB
valueFrom:
secretKeyRef:
name: matrix-sliding-sync
key: SYNCV3_DB
---
apiVersion: v1
kind: Service
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
name: web
- port: 9090
targetPort: metrics
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: sliding-sync
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- syncv3.matrix.cluster.fun
secretName: sliding-sync-ingress
rules:
- host: syncv3.matrix.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: sliding-sync
port:
number: 80
---

14
manifests/mealie/mealie.yaml
View File

@@ -28,9 +28,10 @@ spec:
labels: labels:
app: mealie app: mealie
spec: spec:
priorityClassName: critical
containers: containers:
- name: frontend - name: frontend
image: ghcr.io/mealie-recipes/mealie:v3.1.2 image: ghcr.io/mealie-recipes/mealie:v3.2.1
imagePullPolicy: Always imagePullPolicy: Always
envFrom: envFrom:
- secretRef: - secretRef:
@@ -41,7 +42,7 @@ spec:
- name: PGID - name: PGID
value: "1000" value: "1000"
- name: TOKEN_TIME - name: TOKEN_TIME
value: "168" value: "720"
- name: DB_ENGINE - name: DB_ENGINE
value: postgres value: postgres
- name: POSTGRES_DB - name: POSTGRES_DB
@@ -68,12 +69,18 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /app/data - mountPath: /app/data
name: data name: data
resources:
requests:
cpu: 200m
memory: 650M
limits:
cpu: 1000m
memory: 650M
volumes: volumes:
- name: data - name: data
persistentVolumeClaim: persistentVolumeClaim:
claimName: mealie claimName: mealie
--- ---
apiVersion: v1 apiVersion: v1
@@ -91,7 +98,6 @@ spec:
app: mealie app: mealie
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:

255
manifests/monitoring-civo/kube-state-metrics.yaml
View File

@@ -1,255 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-state-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: kube-state-metrics
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: kube-state-metrics
name: kube-state-metrics
rules:
- apiGroups: ["certificates.k8s.io"]
resources:
- certificatesigningrequests
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- configmaps
verbs: ["list", "watch"]
- apiGroups: ["batch"]
resources:
- cronjobs
verbs: ["list", "watch"]
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
verbs: ["list", "watch"]
- apiGroups: ["extensions", "apps"]
resources:
- deployments
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- endpoints
verbs: ["list", "watch"]
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs: ["list", "watch"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources:
- ingresses
verbs: ["list", "watch"]
- apiGroups: ["batch"]
resources:
- jobs
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- limitranges
verbs: ["list", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources:
- mutatingwebhookconfigurations
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- namespaces
verbs: ["list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- persistentvolumeclaims
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- persistentvolumes
verbs: ["list", "watch"]
- apiGroups: ["policy"]
resources:
- poddisruptionbudgets
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- pods
verbs: ["list", "watch"]
- apiGroups: ["extensions", "apps"]
resources:
- replicasets
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- replicationcontrollers
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- resourcequotas
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- secrets
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- services
verbs: ["list", "watch"]
- apiGroups: ["apps"]
resources:
- statefulsets
verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources:
- storageclasses
verbs: ["list", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources:
- validatingwebhookconfigurations
verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources:
- volumeattachments
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: kube-state-metrics
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: monitoring
---
apiVersion: v1
kind: Service
metadata:
name: kube-state-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: kube-state-metrics
annotations:
prometheus.io/scrape: 'true'
spec:
type: "ClusterIP"
ports:
- name: "http"
protocol: TCP
port: 8080
targetPort: 8080
selector:
app.kubernetes.io/name: kube-state-metrics
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-state-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: kube-state-metrics
spec:
selector:
matchLabels:
app.kubernetes.io/name: kube-state-metrics
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: kube-state-metrics
spec:
serviceAccountName: kube-state-metrics
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsUser: 65534
containers:
- name: kube-state-metrics
args:
#- --resources=certificatesigningrequests
- --resources=configmaps
- --resources=cronjobs
- --resources=daemonsets
- --resources=deployments
#- --resources=endpoints
#- --resources=horizontalpodautoscalers
- --resources=ingresses
- --resources=jobs
#- --resources=limitranges
- --resources=mutatingwebhookconfigurations
- --resources=namespaces
#- --resources=networkpolicies
- --resources=nodes
- --resources=persistentvolumeclaims
- --resources=persistentvolumes
- --resources=poddisruptionbudgets
- --resources=pods
- --resources=replicasets
#- --resources=replicationcontrollers
#- --resources=resourcequotas
- --resources=secrets
- --resources=services
- --resources=statefulsets
- --resources=storageclasses
- --resources=validatingwebhookconfigurations
#- --resources=volumeattachments
imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
---

64
manifests/monitoring-civo/prometheus-server.yaml
View File

@@ -1,64 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus-server
namespace: monitoring
labels:
app.kubernetes.io/name: prometheus
app.kubernetes.io/component: server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: prometheus
app.kubernetes.io/component: server
name: prometheus-server
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- nodes/metrics
- services
- endpoints
- pods
- ingresses
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- "/metrics"
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: prometheus
app.kubernetes.io/component: server
name: prometheus-server
subjects:
- kind: ServiceAccount
name: prometheus-server
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-server
---

292
manifests/monitoring-civo/promtail.yaml
View File

@@ -1,292 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
---
apiVersion: v1
kind: ConfigMap
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
data:
promtail.yaml: |
client:
backoff_config:
max_period: 5m
max_retries: 10
min_period: 500ms
batchsize: 1048576
batchwait: 1s
external_labels: {}
timeout: 10s
positions:
filename: /run/promtail/positions.yaml
server:
http_listen_port: 3101
clients:
- url: http://loki-distributed.proxy-civo.svc:80/loki/api/v1/push
external_labels:
kubernetes_cluster: civo
target_config:
sync_period: 10s
scrape_configs:
- job_name: kubernetes-pods
pipeline_stages:
- docker: {}
- cri: {}
- match:
selector: '{app="weave-net"}'
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/api/health.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="internal-proxy"}'
action: drop
- match:
selector: '{app="non-auth-proxy"}'
action: drop
- match:
selector: '{app="vpa"}'
action: drop
- match:
selector: '{app="promtail"}'
action: drop
- match:
selector: '{app="csi-node"}'
action: drop
- match:
selector: '{app="victoria-metrics"}'
action: drop
- match:
selector: '{app="git-sync"}'
action: drop
- match:
selector: '{app="ingress-nginx"}'
stages:
- json:
expressions:
request_host: host
request_path: path
request_method: method
response_status: status
- drop:
source: "request_path"
value: "/healthz"
- drop:
source: "request_path"
value: "/health"
- labels:
request_host:
request_method:
response_status:
- match:
selector: '{app="traefik"}'
stages:
- json:
expressions:
request_host: RequestHost
request_path: RequestPath
request_method: RequestMethod
response_status: OriginStatus
- drop:
source: "request_path"
value: "/healthz"
- drop:
source: "request_path"
value: "/health"
- drop:
source: "request_path"
value: "/ping"
- labels:
request_host:
request_method:
response_status:
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels:
- __meta_kubernetes_pod_controller_name
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
action: replace
target_label: __tmp_controller_name
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_name
- __meta_kubernetes_pod_label_app
- __tmp_controller_name
- __meta_kubernetes_pod_name
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: app
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_component
- __meta_kubernetes_pod_label_component
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: component
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: node_name
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
replacement: $1
separator: /
source_labels:
- namespace
- app
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- action: replace
replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- action: replace
replacement: /var/log/pods/*$1/*.log
regex: true/(.*)
separator: /
source_labels:
- __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
- __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
- __meta_kubernetes_pod_container_name
target_label: __path__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrole
labels:
app.kubernetes.io/name: promtail
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrolebinding
labels:
app.kubernetes.io/name: promtail
subjects:
- kind: ServiceAccount
name: promtail
namespace: monitoring
roleRef:
kind: ClusterRole
name: promtail-clusterrole
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
annotations:
configmap.reloader.stakater.com/reload: "promtail"
spec:
selector:
matchLabels:
app.kubernetes.io/name: promtail
template:
metadata:
labels:
app.kubernetes.io/name: promtail
annotations:
prometheus.io/port: http-metrics
prometheus.io/scrape: "true"
spec:
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.9.15"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"
volumeMounts:
- name: config
mountPath: /etc/promtail
- name: run
mountPath: /run/promtail
- mountPath: /var/lib/docker/containers
name: docker
readOnly: true
- mountPath: /var/log/pods
name: pods
readOnly: true
env:
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
ports:
- containerPort: 3101
name: http-metrics
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 0
runAsUser: 0
readinessProbe:
failureThreshold: 5
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
volumes:
- name: config
configMap:
name: promtail
- name: run
hostPath:
path: /run/promtail
- hostPath:
path: /var/lib/docker/containers
name: docker
- hostPath:
path: /var/log/pods
name: pods
---

163
manifests/monitoring-civo/vmagent.yaml
View File

@@ -1,163 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: vmagent
namespace: monitoring
labels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
data:
prometheus.yml: |
global:
scrape_interval: 1m
external_labels:
source: civo
agent: vmagent
scrape_configs:
- job_name: 'vmagent'
static_configs:
- targets: ['localhost:8429']
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
job_name: kubernetes-nodes
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- replacement: kubernetes.default.svc:443
target_label: __address__
- regex: (.+)
replacement: /api/v1/nodes/$1/proxy/metrics
source_labels:
- __meta_kubernetes_node_name
target_label: __metrics_path__
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
- job_name: kubernetes-service-endpoints
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_service_annotation_prometheus_io_scrape
- action: replace
regex: (https?)
source_labels:
- __meta_kubernetes_service_annotation_prometheus_io_scheme
target_label: __scheme__
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_service_annotation_prometheus_io_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_service_annotation_prometheus_io_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- action: replace
source_labels:
- __meta_kubernetes_service_name
target_label: kubernetes_name
- action: replace
source_labels:
- __meta_kubernetes_endpoint_port_name
target_label: kubernetes_endpoint_port_name
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: kubernetes_node
- job_name: kubernetes-pods
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_pod_annotation_prometheus_io_scrape
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_pod_annotation_prometheus_io_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_pod_annotation_prometheus_io_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: kubernetes_pod_name
- action: replace
source_labels:
- __meta_kubernetes_pod_container_port_name
target_label: kubernetes_port_name
- action: drop
regex: Pending|Succeeded|Failed
source_labels:
- __meta_kubernetes_pod_phase
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vmagent
namespace: monitoring
labels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
annotations:
configmap.reloader.stakater.com/reload: "vmagent"
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
spec:
serviceAccountName: prometheus-server
containers:
- name: vmagent
image: "victoriametrics/vmagent:v1.125.0"
imagePullPolicy: "IfNotPresent"
args:
- -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/
- -remoteWrite.showURL
- -promscrape.config=/config/prometheus.yml
volumeMounts:
- name: config-volume
mountPath: /config
volumes:
- name: config-volume
configMap:
name: vmagent
---

87
manifests/monitoring/cadvisor.yaml Normal file
View File

@@ -0,0 +1,87 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
namespace: monitoring
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/pod: docker/default
labels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
namespace: monitoring
spec:
selector:
matchLabels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
template:
metadata:
labels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
priorityClassName: system-node-critical
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
automountServiceAccountToken: false
containers:
- image: ghcr.io/google/cadvisor:v0.53.0
name: cadvisor
ports:
- containerPort: 8080
name: http
protocol: TCP
resources:
limits:
cpu: 800m
memory: 2000Mi
requests:
cpu: 400m
memory: 400Mi
volumeMounts:
- mountPath: /rootfs
name: rootfs
readOnly: true
- mountPath: /var/run
name: var-run
readOnly: true
- mountPath: /sys
name: sys
readOnly: true
- mountPath: /var/lib/docker
name: docker
readOnly: true
- mountPath: /dev/disk
name: disk
readOnly: true
serviceAccountName: cadvisor
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /
name: rootfs
- hostPath:
path: /var/run
name: var-run
- hostPath:
path: /sys
name: sys
- hostPath:
path: /var/lib/docker
name: docker
- hostPath:
path: /dev/disk
name: disk

142
manifests/monitoring/ephemeral-storage-exporter.yaml Normal file
View File

@@ -0,0 +1,142 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
name: k8s-ephemeral-storage-metrics
namespace: monitoring
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: k8s-ephemeral-storage-metrics
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
rules:
- apiGroups: [""]
resources: ["nodes","nodes/proxy", "nodes/stats", "pods"]
verbs: ["get","list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: k8s-ephemeral-storage-metrics
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
subjects:
- kind: ServiceAccount
name: k8s-ephemeral-storage-metrics
namespace: monitoring
roleRef:
kind: ClusterRole
name: k8s-ephemeral-storage-metrics
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
name: k8s-ephemeral-storage-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9100"
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
ports:
- name: metrics
port: 9100
protocol: TCP
targetPort: metrics
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-ephemeral-storage-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
template:
metadata:
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
spec:
serviceAccountName: k8s-ephemeral-storage-metrics
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: metrics
image: ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics:1.18.2
imagePullPolicy: IfNotPresent
ports:
- name: metrics
containerPort: 9100
protocol: TCP
livenessProbe:
failureThreshold: 10
httpGet:
path: /metrics
port: 9100
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 10
httpGet:
path: /metrics
port: 9100
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
env:
- name: DEPLOY_TYPE
value: "Deployment"
- name: SCRAPE_INTERVAL
value: "15"
- name: MAX_NODE_CONCURRENCY
value: "10"
- name: CLIENT_GO_QPS
value: "5"
- name: CLIENT_GO_BURST
value: "10"
- name: LOG_LEVEL
value: "info"
- name: EPHEMERAL_STORAGE_POD_USAGE
value: "true"
- name: EPHEMERAL_STORAGE_NODE_AVAILABLE
value: "true"
- name: EPHEMERAL_STORAGE_NODE_CAPACITY
value: "true"
- name: EPHEMERAL_STORAGE_NODE_PERCENTAGE
value: "true"
- name: EPHEMERAL_STORAGE_CONTAINER_LIMIT_PERCENTAGE
value: "true"
- name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_USAGE
value: "true"
- name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_LIMITS_PERCENTAGE
value: "true"
- name: EPHEMERAL_STORAGE_INODES
value: "true"

1
manifests/monitoring/kube-state-metrics.yaml
View File

@@ -201,6 +201,7 @@ spec:
labels: labels:
app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/name: kube-state-metrics
spec: spec:
priorityClassName: system-cluster-critical
serviceAccountName: kube-state-metrics serviceAccountName: kube-state-metrics
securityContext: securityContext:
fsGroup: 65534 fsGroup: 65534

1
manifests/monitoring/node-exporter.yaml
View File

@@ -51,6 +51,7 @@ spec:
app.kubernetes.io/name: prometheus app.kubernetes.io/name: prometheus
app.kubernetes.io/component: node-exporter app.kubernetes.io/component: node-exporter
spec: spec:
priorityClassName: system-node-critical
serviceAccountName: prometheus-node-exporter serviceAccountName: prometheus-node-exporter
containers: containers:
- name: prometheus-node-exporter - name: prometheus-node-exporter

3
manifests/monitoring/promtail.yaml
View File

@@ -212,10 +212,11 @@ spec:
prometheus.io/port: http-metrics prometheus.io/port: http-metrics
prometheus.io/scrape: "true" prometheus.io/scrape: "true"
spec: spec:
priorityClassName: system-node-critical
serviceAccountName: promtail serviceAccountName: promtail
containers: containers:
- name: promtail - name: promtail
image: "grafana/promtail:2.9.15" image: "grafana/promtail:3.5.5"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- "-config.file=/etc/promtail/promtail.yaml" - "-config.file=/etc/promtail/promtail.yaml"

66
manifests/monitoring/vmagent.yaml
View File

@@ -17,6 +17,11 @@ data:
- job_name: 'vmagent' - job_name: 'vmagent'
static_configs: static_configs:
- targets: ['localhost:8429'] - targets: ['localhost:8429']
relabel_configs:
- action: drop
source_labels: [__name__]
regex: "flag"
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
job_name: kubernetes-nodes job_name: kubernetes-nodes
kubernetes_sd_configs: kubernetes_sd_configs:
@@ -36,6 +41,38 @@ data:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true insecure_skip_verify: true
- job_name: cadvisor
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- replacement: kubernetes.default.svc:443
target_label: __address__
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
# Drop high cardinality labels
- action: labeldrop
regex: id
# Drop unneeded labels
- action: labeldrop
regex: beta_kubernetes_io_os
- action: labeldrop
regex: beta_kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_os
- action: labeldrop
regex: topology_jiva_openebs_io_nodeName
- job_name: kubernetes-service-endpoints - job_name: kubernetes-service-endpoints
kubernetes_sd_configs: kubernetes_sd_configs:
- role: endpoints - role: endpoints
@@ -78,6 +115,21 @@ data:
source_labels: source_labels:
- __meta_kubernetes_pod_node_name - __meta_kubernetes_pod_node_name
target_label: kubernetes_node target_label: kubernetes_node
# We don't care about the flag metrics from VM
- action: drop
source_labels: [__name__]
regex: "flag"
# Drop unneeded labels
- action: labeldrop
regex: beta_kubernetes_io_os
- action: labeldrop
regex: beta_kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_os
- action: labeldrop
regex: topology_jiva_openebs_io_nodeName
- job_name: kubernetes-pods - job_name: kubernetes-pods
kubernetes_sd_configs: kubernetes_sd_configs:
@@ -116,6 +168,17 @@ data:
regex: Pending|Succeeded|Failed regex: Pending|Succeeded|Failed
source_labels: source_labels:
- __meta_kubernetes_pod_phase - __meta_kubernetes_pod_phase
# Drop unneeded labels
- action: labeldrop
regex: beta_kubernetes_io_os
- action: labeldrop
regex: beta_kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_os
- action: labeldrop
regex: topology_jiva_openebs_io_nodeName
- job_name: 'node-exporter' - job_name: 'node-exporter'
kubernetes_sd_configs: kubernetes_sd_configs:
@@ -150,10 +213,11 @@ spec:
app.kubernetes.io/name: victoria-metrics app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent app.kubernetes.io/component: agent
spec: spec:
priorityClassName: system-cluster-critical
serviceAccountName: prometheus-server serviceAccountName: prometheus-server
containers: containers:
- name: vmagent - name: vmagent
image: "victoriametrics/vmagent:v1.125.0" image: "victoriametrics/vmagent:v1.126.0"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
args: args:
- -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/ - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

10
manifests/nextcloud_chart/manifest.yaml
View File

@@ -201,9 +201,10 @@ spec:
app.kubernetes.io/component: app app.kubernetes.io/component: app
nextcloud-nextcloud-redis-client: "true" nextcloud-nextcloud-redis-client: "true"
spec: spec:
priorityClassName: critical
containers: containers:
- name: nextcloud - name: nextcloud
image: "nextcloud:31.0.8-apache" image: "nextcloud:31.0.9-apache"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: SQLITE_DATABASE - name: SQLITE_DATABASE
@@ -282,7 +283,10 @@ spec:
periodSeconds: 10 periodSeconds: 10
resources: resources:
requests: requests:
memory: 450Mi cpu: 1038m
memory: 512M
limits:
cpu: 1200m
volumeMounts: volumeMounts:
- name: nextcloud-data - name: nextcloud-data
mountPath: /var/www/ mountPath: /var/www/
@@ -374,7 +378,7 @@ spec:
restartPolicy: Never restartPolicy: Never
containers: containers:
- name: nextcloud - name: nextcloud
image: "nextcloud:31.0.8-apache" image: "nextcloud:31.0.9-apache"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: [ "curl" ] command: [ "curl" ]
args: args:

3
manifests/nginx-lb/nginx-lb.yaml
View File

@@ -325,6 +325,7 @@ subjects:
--- ---
apiVersion: v1 apiVersion: v1
data: data:
annotations-risk-level: Critical
allow-snippet-annotations: "true" allow-snippet-annotations: "true"
use-proxy-protocol: "true" use-proxy-protocol: "true"
log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "remote_addr_masked": "$remote_addr_masked", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }' log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "remote_addr_masked": "$remote_addr_masked", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }'
@@ -532,7 +533,7 @@ spec:
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
memory: 90Mi memory: 150Mi
securityContext: securityContext:
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
capabilities: capabilities:

5
manifests/opengraph/opengraph.yaml
View File

@@ -47,11 +47,10 @@ metadata:
namespace: opengraph namespace: opengraph
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- opengraph.cluster.fun - opengraph.cluster.fun

5
manifests/outline/outline.yaml
View File

@@ -43,9 +43,10 @@ spec:
labels: labels:
app.kubernetes.io/name: outline app.kubernetes.io/name: outline
spec: spec:
priorityClassName: critical
containers: containers:
- name: outline - name: outline
image: outlinewiki/outline:0.87.3 image: outlinewiki/outline:0.87.4
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: ALLOWED_DOMAINS - name: ALLOWED_DOMAINS
@@ -72,7 +73,7 @@ spec:
resources: resources:
requests: requests:
cpu: 8m cpu: 8m
memory: 800Mi memory: 1024Mi
volumeMounts: volumeMounts:
- mountPath: /opt/outline/.env - mountPath: /opt/outline/.env
subPath: .env subPath: .env

7
manifests/priority-classes/critical.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: critical
value: 1000
globalDefault: false
preemptionPolicy: PreemptLowerPriority

7
manifests/priority-classes/low.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: low
value: 10
globalDefault: false
preemptionPolicy: Never

7
manifests/priority-classes/normal.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: normal
value: 100
globalDefault: true
preemptionPolicy: PreemptLowerPriority

149
manifests/proxy-civo/non-auth-proxy.yaml
View File

@@ -1,149 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: tailscale-auth
namespace: proxy-civo
annotations:
kube-1password: 2cqycmsgv5r7vcyvjpblcl2l4y
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: ConfigMap
metadata:
name: host-mappings
namespace: proxy-civo
labels:
app: proxy
data:
mapping.json: |
{
"vmcluster.proxy-civo.svc": "vmcluster.cluster.local",
"loki.proxy-civo.svc": "loki-write.cluster.local",
"loki.proxy-civo.svc:80": "loki-write.cluster.local",
"loki-distributed.proxy-civo.svc": "loki-loki.cluster.local",
"loki-distributed.proxy-civo.svc:80": "loki-loki.cluster.local"
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal-proxy
namespace: proxy-civo
labels:
app: internal-proxy
annotations:
configmap.reloader.stakater.com/reload: "host-mappings"
secret.reloader.stakater.com/reload: "tailscale-auth"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: internal-proxy
template:
metadata:
labels:
app: internal-proxy
spec:
serviceAccountName: default
dnsPolicy: ClusterFirst
dnsConfig:
nameservers:
- 100.100.100.100
containers:
- name: proxy
image: rg.fr-par.scw.cloud/averagemarcus/proxy:latest
imagePullPolicy: Always
env:
- name: PROXY_DESTINATION
value: talos.tail4dfb.ts.net
- name: PORT
value: "8080"
- name: TS_AUTH_KEY
valueFrom:
secretKeyRef:
name: tailscale-auth
key: password
- name: TS_HOSTNAME
value: proxy-civo-internal-proxy
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: host-mappings
mountPath: /config/
volumes:
- name: host-mappings
configMap:
name: host-mappings
---
apiVersion: v1
kind: Service
metadata:
name: loki
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: loki-distributed
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: vmcluster
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---

5
manifests/qr/qr.yaml
View File

@@ -47,11 +47,10 @@ metadata:
namespace: qr namespace: qr
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- qr.cluster.fun - qr.cluster.fun

1
manifests/redis/redis.yaml
View File

@@ -327,6 +327,7 @@ spec:
weight: 1 weight: 1
nodeAffinity: nodeAffinity:
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
priorityClassName: critical
containers: containers:
- name: redis - name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11 image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11

4
manifests/rss/miniflux.yaml
View File

@@ -25,6 +25,8 @@ data:
POLLING_FREQUENCY: "15" POLLING_FREQUENCY: "15"
BASE_URL: "https://miniflux.cluster.fun/" BASE_URL: "https://miniflux.cluster.fun/"
METRICS_COLLECTOR: "1" METRICS_COLLECTOR: "1"
CLEANUP_ARCHIVE_READ_DAYS: "365"
CLEANUP_ARCHIVE_UNREAD_DAYS: "365"
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@@ -66,7 +68,7 @@ spec:
spec: spec:
containers: containers:
- name: web - name: web
image: ghcr.io/miniflux/miniflux:2.2.12 image: ghcr.io/miniflux/miniflux:2.2.13
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
envFrom: envFrom:
- configMapRef: - configMapRef:

151
manifests/social-to-grist/social-to-grist.yaml
View File

@@ -1,151 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: social-to-grist
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: social-to-grist-auth
namespace: social-to-grist
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: social-to-grist
namespace: social-to-grist
annotations:
kube-1password: oa3ycnui3ji4lc665bifaao63q
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: social-to-grist
namespace: social-to-grist
spec:
type: ClusterIP
ports:
- port: 80
targetPort: auth
name: web
selector:
app: social-to-grist
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: social-to-grist
namespace: social-to-grist
spec:
replicas: 1
selector:
matchLabels:
app: social-to-grist
template:
metadata:
labels:
app: social-to-grist
spec:
imagePullSecrets:
- name: docker-config
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://localhost:8080
- --http-address=$(HOST_IP):8000
- --redirect-url=https://social-to-grist.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: social-to-grist-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: social-to-grist-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
name: oauth-proxy
ports:
- containerPort: 8000
protocol: TCP
name: auth
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-grist:latest
imagePullPolicy: Always
env:
- name: PORT
value: "8080"
envFrom:
- secretRef:
name: "social-to-grist"
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: social-to-grist
namespace: social-to-grist
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- social-to-grist.cluster.fun
secretName: social-to-grist-ingress
rules:
- host: social-to-grist.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: social-to-grist
port:
number: 80

5
manifests/social-to-rolodex/social-to-rolodex.yaml
View File

@@ -129,11 +129,10 @@ metadata:
namespace: social-to-rolodex namespace: social-to-rolodex
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- social-to-rolodex.cluster.fun - social-to-rolodex.cluster.fun

10
manifests/svg-to-dxf/svg-to-dxf.yaml
View File

@@ -27,6 +27,7 @@ spec:
labels: labels:
app: svg-to-dxf app: svg-to-dxf
spec: spec:
priorityClassName: low
containers: containers:
- name: web - name: web
image: rg.fr-par.scw.cloud/averagemarcus/svg-to-dxf:latest image: rg.fr-par.scw.cloud/averagemarcus/svg-to-dxf:latest
@@ -45,14 +46,11 @@ metadata:
namespace: svg-to-dxf namespace: svg-to-dxf
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/buffering: | nginx.ingress.kubernetes.io/proxy-body-size: "0"
maxrequestbodybytes: 31457280
memrequestbodybytes: 62914560
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- svg-to-dxf.cluster.fun - svg-to-dxf.cluster.fun

57
manifests/talks/talks.yaml
View File

@@ -1,45 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: talks
namespace: talks
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: talks
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talks
namespace: talks
spec:
replicas: 1
selector:
matchLabels:
app: talks
template:
metadata:
labels:
app: talks
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/talks:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
@@ -47,24 +5,13 @@ metadata:
namespace: talks namespace: talks
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/permanent-redirect: https://speaking.marcusnoble.co.uk
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- talks.marcusnoble.co.uk - talks.marcusnoble.co.uk
secretName: talks-ingress secretName: talks-ingress
rules: rules:
- host: talks.marcusnoble.co.uk - host: talks.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: talks
port:
number: 80

6
manifests/text-to-dxf/text-to-dxf.yaml
View File

@@ -27,6 +27,7 @@ spec:
labels: labels:
app: text-to-dxf app: text-to-dxf
spec: spec:
priorityClassName: low
containers: containers:
- name: web - name: web
image: rg.fr-par.scw.cloud/averagemarcus/text-to-dxf:latest image: rg.fr-par.scw.cloud/averagemarcus/text-to-dxf:latest
@@ -45,11 +46,10 @@ metadata:
namespace: text-to-dxf namespace: text-to-dxf
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- text-to-dxf.cluster.fun - text-to-dxf.cluster.fun

69
manifests/til/til.yaml
View File

@@ -1,45 +1,3 @@
apiVersion: v1
kind: Service
metadata:
name: til
namespace: til
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: til
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: til
namespace: til
spec:
replicas: 1
selector:
matchLabels:
app: til
template:
metadata:
labels:
app: til
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/til:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
@@ -47,24 +5,25 @@ metadata:
namespace: til namespace: til
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure nginx.ingress.kubernetes.io/server-snippet: |
rewrite ^/dont-reuse-keys/?$ https://marcusnoble.co.uk/2020-10-03-t-i-l-don-t-reuse-api-keys/ permanent;
rewrite ^/favicons/?$ https://marcusnoble.co.uk/2020-11-10-t-i-l-how-to-get-the-favicon-of-any-site/ permanent;
rewrite ^/getopts/?$ https://marcusnoble.co.uk/2021-08-04-t-i-l-cli-flag-handling-in-bash-using-getopts/ permanent;
rewrite ^/go-named-return-values/?$ https://marcusnoble.co.uk/2020-10-05-t-i-l-named-returns-in-go-functions/ permanent;
rewrite ^/golang-append/?$ https://marcusnoble.co.uk/2020-10-30-t-i-l-golang-s-append-mutates-the-provided-array/ permanent;
rewrite ^/golang-split-by-space/?$ https://marcusnoble.co.uk/2020-09-18-t-i-l-split-on-spaces-in-go/ permanent;
rewrite ^/kubectl-replace/?$ https://marcusnoble.co.uk/2020-09-25-t-i-l-kubectl-replace/ permanent;
rewrite ^/kubernetes-label-length/?$ https://marcusnoble.co.uk/2021-04-20-t-i-l-kubernetes-label-length/ permanent;
rewrite ^/tekton-multi-arch-builds/?$ https://marcusnoble.co.uk/2020-09-13-t-i-l-tekton-multi-arch-image-builds/ permanent;
rewrite ^/yaml-key-spaces/?$ https://marcusnoble.co.uk/2021-05-11-t-i-l-yaml-keys-allow-for-spaces-in-them/ permanent;
rewrite ^/yaml-multiline/?$ https://marcusnoble.co.uk/2020-09-17-t-i-l-yaml-multiline-values/ permanent;
rewrite ^/?$ https://marcusnoble.co.uk/ permanent;
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- til.marcusnoble.co.uk - til.marcusnoble.co.uk
secretName: til-ingress secretName: til-ingress
rules: rules:
- host: til.marcusnoble.co.uk - host: til.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: til
port:
number: 80

92
manifests/tweetsvg/tweetsvg.yaml
View File

@@ -1,92 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
kube-1password: dmjtjxrcpqtmeddq5x7zikj37i
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
name: web
selector:
app: tweetsvg
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
replicas: 2
selector:
matchLabels:
app: tweetsvg
template:
metadata:
labels:
app: tweetsvg
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/tweetsvg:latest
imagePullPolicy: Always
# env:
# - name: DOTENV_DIR
# value: /config/
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: tweetsvg
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- tweet.cluster.fun
secretName: tweetsvg-ingress
rules:
- host: tweet.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tweetsvg
port:
number: 80

86
manifests/twitter-profile-pic/twitter-profile-pic.yaml
View File

@@ -1,86 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
annotations:
kube-1password: d2rt56v47q2wij47qgj27umrky
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 9090
name: web
selector:
app: twitter-profile-pic
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
spec:
replicas: 1
selector:
matchLabels:
app: twitter-profile-pic
template:
metadata:
labels:
app: twitter-profile-pic
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/twitter-profile-pic:latest
imagePullPolicy: Always
ports:
- containerPort: 9090
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: twitter-profile-pic
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: twitter-profile-pic-cluster-fun
namespace: twitter-profile-pic
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- twitter-profile-pic.cluster.fun
secretName: twitter-profile-pic-cluster-fun-ingress
rules:
- host: twitter-profile-pic.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: twitter-profile-pic
port:
number: 80

204
manifests/wallabag/wallabag.yaml
View File

@@ -1,204 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: wallabag
namespace: wallabag
annotations:
kube-1password: 4yogl6yx6t4trrkq7o35tiyj6i
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
annotations:
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: wallabag
---
apiVersion: batch/v1
kind: Job
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag-init
spec:
suspend: true
template:
metadata:
labels:
app.kubernetes.io/name: wallabag-init
spec:
restartPolicy: OnFailure
containers:
- name: db-init
image: "wallabag/wallabag:latest"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
command:
- /var/www/wallabag/bin/console
- wallabag:install
- --env=prod
- --no-interaction
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: wallabag
template:
metadata:
labels:
app.kubernetes.io/name: wallabag
spec:
initContainers:
- name: db-migrate
image: "wallabag/wallabag:2.6.13"
imagePullPolicy: IfNotPresent
command:
- /var/www/wallabag/bin/console
- doctrine:migrations:migrate
- --env=prod
- --no-interaction
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
- name: "POPULATE_DATABASE"
value: "false"
containers:
- name: wallabag
image: "wallabag/wallabag:2.6.13"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
- name: "POPULATE_DATABASE"
value: "false"
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
startupProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 30
timeoutSeconds: 1
periodSeconds: 5
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- "wallabag.cluster.fun"
secretName: "wallabag-ingress"
rules:
- host: "wallabag.cluster.fun"
http:
paths:
- path: "/"
pathType: ImplementationSpecific
backend:
service:
name: wallabag
port:
number: 80

1
manifests/yay-or-nay/yay-or-nay.yaml
View File

@@ -77,6 +77,7 @@ metadata:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec: spec:
ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- "yay-or-nay.cluster.fun" - "yay-or-nay.cluster.fun"