AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity

Compare commits

base: AverageMarcus:increase_cluster_max
Branches Tags
AverageMarcus:master AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:increase_cluster_max
...
compare: AverageMarcus:4ebe0bde0602073841a14c7a8224cbed961a842b
Branches Tags
AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:master AverageMarcus:increase_cluster_max

59 Commits
increase_c ... 4ebe0bde06

Author SHA1 Message Date
Marcus Noble
4ebe0bde06 Merge branch 'master' of https://git.cluster.fun/AverageMarcus/cluster.fun 2021-02-27 15:07:49 +00:00
Marcus Noble
030386cc6a Replaced terraform with kubectl calls 2021-02-27 15:07:41 +00:00
Marcus Noble
d1e34ddba0 Disabled auto-upgrade 2021-02-27 15:07:28 +00:00
Marcus Noble
1161564118 Updated nextcloud chart 2021-02-27 15:06:59 +00:00
Marcus Noble
6acdf29d1a Updated analytics dashboard 2021-02-23 08:35:42 +00:00
Marcus Noble
77d23f395a Added tweetsvg 2021-02-18 20:31:36 +00:00
Marcus Noble
9de410bb6e Terraform upgrade 2021-02-10 10:26:47 +00:00
Marcus Noble
b7c90557df Upgrade to Kubenetes 1.20 2021-02-05 21:42:52 +00:00
Marcus Noble
2cf5ce0ace Removed Linx 2021-02-04 21:14:47 +00:00
Marcus Noble
21c16256c7 Bumped harbor version 2021-02-04 21:14:30 +00:00
Marcus Noble
d6fb80ded4 Update analytics dashboard 2021-02-01 15:08:47 +00:00
Marcus Noble
0c334e0827 Update matrix 2021-01-30 07:28:42 +00:00
Marcus Noble
94b62b4c75 Update loki and grafana 2021-01-29 22:34:40 +00:00
Marcus Noble
06b4f07c21 Added VS Code 2020-12-18 08:55:30 +00:00
Marcus Noble
cef5f2ddc1 Always pull git-sync image 2020-12-09 14:03:19 +00:00
Marcus Noble
825447b712 Added git-sync 2020-12-09 12:47:35 +00:00
Marcus Noble
5c06e4c8d7 Added svg-to-dxf 2020-12-09 12:47:28 +00:00
Marcus Noble
34a00954db Increased photoprism storage 2020-11-29 16:19:58 +00:00
Marcus Noble
54af3af2c1 Added photoprism 2020-11-28 23:39:48 +00:00
Marcus Noble
7405481b72 Remove old pvc 2020-11-28 23:38:50 +00:00
Marcus Noble
fa51de4fb6 Updates 2020-11-07 13:29:37 +00:00
Marcus Noble
d29c9ec82c Added new RSS app 2020-10-19 06:05:48 +01:00
Marcus Noble
5f8800f311 Reverted w-2-r 2020-10-15 14:40:59 +01:00
Marcus Noble
eef0a6c22d Bump inlets version 2020-10-14 11:05:40 +01:00
Marcus Noble
d9d71a5dc7 Removed JQ 2020-10-14 10:02:52 +01:00
Marcus Noble
ff99e577cd Added JQ 2020-10-14 09:40:45 +01:00
Marcus Noble
f26d02ca7f Added base64 project 2020-10-13 17:36:48 +01:00
Marcus Noble
94e18c12ea Use a single auth proxy 2020-10-10 16:46:27 +01:00
Marcus Noble
84a9c19d93 Added anniversary 2020-10-03 13:20:33 +01:00
Marcus Noble
8f85a65cbe Added VPN check app 2020-09-22 22:35:40 +01:00
Marcus Noble
22ae249a1f Added download tunnels 2020-09-20 21:18:17 +01:00
Marcus Noble
50f86cc39f Reduce logging 2020-09-18 22:29:12 +01:00
Marcus Noble
295bb89828 Switch Loki to storing in bucket 2020-09-18 20:12:11 +01:00
Marcus Noble
3ab7377253 Added TIL 2020-09-14 18:49:45 +01:00
Marcus Noble
7d2c192b95 Improved multi-arch builds 2020-09-11 21:24:58 +01:00
Marcus Noble
a7a29c0201 Added multi-arch support 2020-09-11 20:56:46 +01:00
Marcus Noble
c40c5b5a33 Fixed probe 2020-09-09 09:42:50 +01:00
Marcus Noble
588348ac31 Added liveness probe to stringer 2020-09-09 09:11:54 +01:00
Marcus Noble
05e04afeff Added Go playground 2020-09-01 15:30:27 +01:00
Marcus Noble
cf2a889e4d Removed SCP archives 2020-08-25 15:25:01 +01:00
Marcus Noble
b838af199d Added scp-archives 2020-08-24 05:58:09 +01:00
Marcus Noble
9f65bf256a Added bucket for storing SCP archives 2020-08-23 11:16:02 +01:00
Marcus Noble
f5a7bb5abb Bump nextcloud version 2020-08-13 21:03:28 +01:00
Marcus Noble
5567ba142a Bumped versions 2020-08-13 20:47:20 +01:00
Marcus Noble
43aa708e09 Updated gitea 2020-07-15 10:18:10 +01:00
Marcus Noble
52339ccbed Update nodered 2020-07-15 10:16:46 +01:00
Marcus Noble
b08f0892be Bump version of riot 2020-07-10 20:02:58 +01:00
Marcus Noble
b60c244b8b Update 'manifests/matrix_chart.yaml' 2020-07-10 16:19:41 +00:00
Marcus Noble
fd26f7b3de Updated paradoxfox 2020-07-08 11:50:11 +01:00
Marcus Noble
e00db9e633 Added Paradoxfox.space 2020-07-04 19:42:10 +01:00
Marcus Noble
b35b34bb7a Added outline 2020-06-27 17:47:35 +01:00
Marcus Noble
85bd64e87e Remove bookstack 2020-06-27 17:47:17 +01:00
Marcus Noble
a80346f8e7 Added bookstack 2020-06-21 15:11:28 +01:00
Marcus Noble
53d8bd48bf Added bucket for octoprint 2020-06-20 14:54:47 +01:00
Marcus Noble
9c8f29e346 Added printer auth endpoint 2020-06-16 20:38:06 +01:00
Marcus Noble
ad3fab4cfd Removed pyload 2020-06-16 20:34:17 +01:00
Marcus Noble
cf0015d1e2 Added service for rpc 2020-06-16 20:34:09 +01:00
Marcus Noble
6ce5744672 Added missing resource types to kube-janitor 2020-06-10 12:24:40 +01:00
Marcus Noble
3d47bc34da Added home assistant tunnel 2020-06-08 18:35:15 +01:00
39 changed files with 1515 additions and 425 deletions
Expand all files Collapse all files

14
Makefile
View File

@@ -47,7 +47,19 @@ ci:
.PHONY: release # Release the latest version of the application .PHONY: release # Release the latest version of the application
release: release:
@cd terraform && terraform apply -auto-approve @cd terraform && terraform apply -auto-approve && \
kubectx admin@clusterfun-scaleway && \
cd ../tekton && \
kubectl apply -f ./1-Install/ && \
kubectl apply -f ./2-Setup/ && \
kubectl apply -f ./bindings/ && \
kubectl apply -f ./conditions/ && \
kubectl apply -f ./eventlisteners/ && \
kubectl apply -f ./pipelines/ && \
kubectl apply -f ./tasks/ && \
kubectl apply -f ./triggertemplates/ && \
cd ../manifests && \
kubectl apply -f ./
.PHONY: help # Show this list of commands .PHONY: help # Show this list of commands
help: help:

85
manifests/11-year-anniversary.yaml Normal file
View File

@@ -0,0 +1,85 @@
apiVersion: v1
kind: Namespace
metadata:
name: anniversary
---
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: anniversary
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Service
metadata:
name: anniversary
namespace: anniversary
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: anniversary
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: anniversary
namespace: anniversary
spec:
replicas: 1
selector:
matchLabels:
app: anniversary
template:
metadata:
labels:
app: anniversary
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: docker.cluster.fun/private/11-year-anniversary:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 283Mi
requests:
memory: 283Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: anniversary
namespace: anniversary
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- 11-year-anniversary.marcusnoble.co.uk
secretName: anniversary-ingress
rules:
- host: 11-year-anniversary.marcusnoble.co.uk
http:
paths:
- path: /
backend:
serviceName: anniversary
servicePort: 80

83
manifests/auth-proxy.yaml Normal file
View File

@@ -0,0 +1,83 @@
apiVersion: v1
kind: Secret
metadata:
name: auth-proxy
namespace: inlets
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-proxy
namespace: inlets
labels:
app: auth-proxy
spec:
replicas: 1
selector:
matchLabels:
app: auth-proxy
template:
metadata:
labels:
app: auth-proxy
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
- --cookie-expire=336h0m0s
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: auth-proxy
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: auth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v6.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: auth-proxy
namespace: inlets
labels:
app: auth-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: auth-proxy
type: ClusterIP

72
manifests/base64.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: v1
kind: Namespace
metadata:
name: base64
---
apiVersion: v1
kind: Service
metadata:
name: base64
namespace: base64
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: base64
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: base64
namespace: base64
spec:
replicas: 1
selector:
matchLabels:
app: base64
template:
metadata:
labels:
app: base64
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: docker.cluster.fun/averagemarcus/base64:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 10Mi
requests:
memory: 10Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: base64
namespace: base64
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- base64.cluster.fun
secretName: base64-ingress
rules:
- host: base64.cluster.fun
http:
paths:
- path: /
backend:
serviceName: base64
servicePort: 80

93
manifests/cctv.yaml
View File

@@ -1,97 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: cctv
---
apiVersion: v1
kind: Secret
metadata:
name: cctv-auth
namespace: cctv
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cctv-auth
namespace: cctv
labels:
app: cctv-auth
spec:
replicas: 1
selector:
matchLabels:
app: cctv-auth
template:
metadata:
labels:
app: cctv-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://cctv.cluster.fun/oauth2/callback
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: cctv-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: cctv-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: cctv-auth
namespace: cctv
labels:
app: cctv-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: cctv-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: cctv-auth name: cctv-auth
namespace: cctv namespace: inlets
labels: labels:
app: cctv-auth app: cctv-auth
annotations: annotations:
@@ -110,5 +21,5 @@ spec:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: cctv-auth serviceName: auth-proxy
servicePort: 80 servicePort: 80

23
manifests/code-server.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: code
namespace: inlets
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- code.cluster.fun
secretName: code-ingress
rules:
- host: code.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

94
manifests/downloads.yaml
View File

@@ -1,97 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: downloads
---
apiVersion: v1
kind: Secret
metadata:
name: downloads-auth
namespace: downloads
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: downloads-auth
namespace: downloads
labels:
app: downloads-auth
spec:
replicas: 1
selector:
matchLabels:
app: downloads-auth
template:
metadata:
labels:
app: downloads-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://downloads.cluster.fun/oauth2/callback
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: downloads-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: downloads-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 250Mi
requests:
memory: 250Mi
---
apiVersion: v1
kind: Service
metadata:
name: downloads-auth
namespace: downloads
labels:
app: downloads-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: downloads-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: downloads-auth name: downloads-auth
namespace: downloads namespace: inlets
labels: labels:
app: downloads-auth app: downloads-auth
annotations: annotations:
@@ -110,6 +21,5 @@ spec:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: downloads-auth serviceName: auth-proxy
servicePort: 80 servicePort: 80

94
manifests/git-sync.yaml Normal file
View File

@@ -0,0 +1,94 @@
apiVersion: v1
kind: Namespace
metadata:
name: git-sync
---
apiVersion: v1
kind: Secret
metadata:
name: git-sync-github
namespace: git-sync
annotations:
kube-1password: cfo2ufhgem57clbscxetxgevue
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
name: git-sync-gitea
namespace: git-sync
annotations:
kube-1password: b7kpdlcvt7y63bozu3i4j4lojm
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
name: git-sync-gitlab
namespace: git-sync
annotations:
kube-1password: t47v3xdgadiifgoi4wmqibrlty
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
name: git-sync-bitbucket
namespace: git-sync
annotations:
kube-1password: adrki45krr2tq34sug7dhdk5iy
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: git-sync
namespace: git-sync
spec:
schedule: "0 */1 * * *"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
containers:
- name: sync
image: docker.cluster.fun/averagemarcus/git-sync:latest
imagePullPolicy: Always
env:
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-github
key: token
- name: GITEA_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-gitea
key: token
- name: GITLAB_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-gitlab
key: token
- name: BITBUCKET_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-bitbucket
key: token
restartPolicy: Never

2
manifests/gitea.yaml
View File

@@ -47,7 +47,7 @@ spec:
spec: spec:
containers: containers:
- name: git - name: git
image: gitea/gitea:1.11 image: gitea/gitea:1.12.3
env: env:
- name: APP_NAME - name: APP_NAME
value: "Git" value: "Git"

66
manifests/goplayground.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: v1
kind: Namespace
metadata:
name: goplayground
---
apiVersion: v1
kind: Service
metadata:
name: goplayground
namespace: goplayground
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: goplayground
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: goplayground
namespace: goplayground
spec:
replicas: 1
selector:
matchLabels:
app: goplayground
template:
metadata:
labels:
app: goplayground
spec:
containers:
- name: web
image: x1unix/go-playground:1.6.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
name: web
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: goplayground
namespace: goplayground
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- go.cluster.fun
secretName: goplayground-ingress
rules:
- host: go.cluster.fun
http:
paths:
- path: /
backend:
serviceName: goplayground
servicePort: 80

5
manifests/harbor_chart.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart: chart:
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
name: harbor name: harbor
version: 1.3.2 version: 1.5.3
maxHistory: 4 maxHistory: 4
skipCRDs: false skipCRDs: false
valuesFrom: valuesFrom:
@@ -33,6 +33,8 @@ spec:
key: values.yaml key: values.yaml
optional: false optional: false
values: values:
updateStrategy:
type: Recreate
portal: portal:
resources: resources:
requests: requests:
@@ -54,4 +56,3 @@ spec:
resources: resources:
requests: requests:
memory: 64Mi memory: 64Mi

50
manifests/inlets.yaml
View File

@@ -49,7 +49,7 @@ spec:
spec: spec:
containers: containers:
- name: inlets - name: inlets
image: inlets/inlets:2.7.0 image: inlets/inlets:2.7.6
imagePullPolicy: Always imagePullPolicy: Always
command: ["inlets"] command: ["inlets"]
args: args:
@@ -81,7 +81,7 @@ spec:
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: pyload name: home-assistant
namespace: inlets namespace: inlets
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
@@ -91,10 +91,50 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- pyload.cluster.fun - home.cluster.fun
secretName: pyload-ingress secretName: home-assistant-ingress
rules: rules:
- host: pyload.cluster.fun - host: home.cluster.fun
http:
paths:
- path: /
backend:
serviceName: inlets
servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
name: downloads-rpc
namespace: inlets
labels:
app: inlets
spec:
type: ClusterIP
ports:
- port: 80
protocol: TCP
targetPort: 8000
selector:
app: inlets
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: vpn-check
namespace: inlets
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- vpn-check.cluster.fun
secretName: vpn-check-ingress
rules:
- host: vpn-check.cluster.fun
http: http:
paths: paths:
- path: / - path: /

25
manifests/jackett.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jackett-auth
namespace: inlets
labels:
app: jackett-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- jackett.cluster.fun
secretName: jackett-ingress
rules:
- host: jackett.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

2
manifests/kube-janitor.yaml
View File

@@ -88,7 +88,7 @@ spec:
- --interval=15 - --interval=15
- --rules-file=/config/rules.yaml - --rules-file=/config/rules.yaml
- --include-namespaces=tekton-pipelines - --include-namespaces=tekton-pipelines
- --include-resources=pods - --include-resources=pods,pipelineruns,taskruns
resources: resources:
limits: limits:
memory: 100Mi memory: 100Mi

114
manifests/linx-server.yaml
View File

@@ -1,114 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: linx-server
---
apiVersion: v1
kind: ConfigMap
metadata:
name: linx-server
namespace: linx-server
data:
linx-server.conf: |-
sitename = share
maxsize = 524288000
maxexpiry = 0
selifpath = f
nologs = false
force-random-filename = false
s3-endpoint = https://s3.fr-par.scw.cloud
s3-region = fr-par
s3-bucket = cluster.fun-linx
---
apiVersion: v1
kind: Secret
metadata:
name: linx-server-s3
namespace: linx-server
annotations:
kube-1password: d5dgclm3qrxd4fntivv26ec3ee
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: linx-server
namespace: linx-server
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: linx-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: linx-server
namespace: linx-server
spec:
replicas: 2
selector:
matchLabels:
app: linx-server
template:
metadata:
labels:
app: linx-server
spec:
containers:
- name: web
image: andreimarcu/linx-server:version-2.3.5
imagePullPolicy: Always
args:
- -config
- /config/linx-server.conf
ports:
- containerPort: 8080
name: web
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: linx-server-s3
key: username
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: linx-server-s3
key: password
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
configMap:
name: linx-server
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: linx-server
namespace: linx-server
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- share.cluster.fun
secretName: linx-server-ingress
rules:
- host: share.cluster.fun
http:
paths:
- path: /
backend:
serviceName: linx-server
servicePort: 80

63
manifests/loki_chart.yaml
View File

File diff suppressed because one or more lines are too long

14
manifests/matrix_chart.yaml
View File

@@ -21,13 +21,13 @@ spec:
serverName: "matrix.cluster.fun" serverName: "matrix.cluster.fun"
telemetry: false telemetry: false
hostname: "matrix.cluster.fun" hostname: "matrix.cluster.fun"
presence: true presence: "true"
blockNonAdminInvites: false blockNonAdminInvites: false
search: true enableSearch: "true"
adminEmail: "matrix@marcusnoble.co.uk" adminEmail: "matrix@marcusnoble.co.uk"
uploads: uploads:
maxSize: 100M maxSize: 500M
maxPixels: 32M maxPixels: 64M
federation: federation:
enabled: false enabled: false
allowPublicRooms: false allowPublicRooms: false
@@ -47,7 +47,7 @@ spec:
urlPreviews: urlPreviews:
enabled: true enabled: true
rules: rules:
maxSize: 4M maxSize: 10M
ip: ip:
blacklist: blacklist:
- '127.0.0.0/8' - '127.0.0.0/8'
@@ -74,7 +74,7 @@ spec:
synapse: synapse:
image: image:
repository: "matrixdotorg/synapse" repository: "matrixdotorg/synapse"
tag: v1.12.4 tag: v1.16.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
service: service:
type: ClusterIP type: ClusterIP
@@ -111,7 +111,7 @@ spec:
permalinkPrefix: "https://chat.cluster.fun" permalinkPrefix: "https://chat.cluster.fun"
image: image:
repository: "vectorim/riot-web" repository: "vectorim/riot-web"
tag: v1.6.0 tag: v1.7.18
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
service: service:
type: ClusterIP type: ClusterIP

7
manifests/nextcloud_chart.yaml
View File

@@ -23,9 +23,9 @@ metadata:
namespace: nextcloud namespace: nextcloud
spec: spec:
chart: chart:
repository: https://kubernetes-charts.storage.googleapis.com repository: https://nextcloud.github.io/helm/
name: nextcloud name: nextcloud
version: 1.10.0 version: 2.5.5
maxHistory: 5 maxHistory: 5
valuesFrom: valuesFrom:
- secretKeyRef: - secretKeyRef:
@@ -35,7 +35,8 @@ spec:
optional: false optional: false
values: values:
image: image:
tag: 18-apache tag: 19.0.8-apache
pullPolicy: Always
ingress: ingress:
enabled: true enabled: true
annotations: annotations:

2
manifests/nodered.yaml
View File

@@ -73,7 +73,7 @@ spec:
mountPath: /data mountPath: /data
containers: containers:
- name: web - name: web
image: nodered/node-red:latest-12 image: nodered/node-red:1.1.3-12
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 1880 - containerPort: 1880

124
manifests/outline.yaml Normal file
View File

@@ -0,0 +1,124 @@
apiVersion: v1
kind: Namespace
metadata:
name: outline
---
apiVersion: v1
kind: Secret
metadata:
name: outline
namespace: outline
annotations:
kube-1password: maouivotrbgydslnsukbjrwgja
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: outline
namespace: outline
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: outline
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: outline
namespace: outline
spec:
selector:
matchLabels:
app: outline
serviceName: outline
replicas: 1
template:
metadata:
labels:
app: outline
spec:
containers:
- name: postgres
image: postgres:9-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5432
name: db
env:
- name: POSTGRES_USER
value: user
- name: POSTGRES_PASSWORD
value: pass
- name: POSTGRES_DB
value: outline
- name: PGDATA
value: /var/lib/postgresql/data/outline
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
- name: redis
image: redis:6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 6379
name: redis
- name: outline
image: docker.cluster.fun/averagemarcus/outline:latest
imagePullPolicy: Always
command:
- sh
- -c
- |
sleep 10 && yarn sequelize db:migrate && yarn build && yarn start
ports:
- containerPort: 3000
name: web
volumeMounts:
- mountPath: /opt/outline/.env
subPath: .env
name: outline-env
readOnly: true
volumes:
- name: outline-env
secret:
secretName: outline
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: outline
namespace: outline
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- outline.cluster.fun
secretName: outline-ingress
rules:
- host: outline.cluster.fun
http:
paths:
- path: /
backend:
serviceName: outline
servicePort: 80

128
manifests/paradoxfox.yaml Normal file
View File

@@ -0,0 +1,128 @@
apiVersion: v1
kind: Namespace
metadata:
name: paradoxfox
---
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: paradoxfox
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: etsy-token
namespace: paradoxfox
annotations:
kube-1password: akkchysgrvhawconx63plt3xgy
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: password
stringData:
password: ""
---
apiVersion: v1
kind: Service
metadata:
name: paradoxfox
namespace: paradoxfox
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 443
name: web
selector:
app: paradoxfox
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: paradoxfox
namespace: paradoxfox
spec:
replicas: 1
selector:
matchLabels:
app: paradoxfox
template:
metadata:
labels:
app: paradoxfox
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: docker.cluster.fun/private/paradoxfox:latest
imagePullPolicy: Always
ports:
- containerPort: 443
name: web
env:
- name: ETSY_TOKEN
valueFrom:
secretKeyRef:
name: etsy-token
key: password
resources:
limits:
memory: 200Mi
requests:
memory: 200Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: paradoxfox
namespace: paradoxfox
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- paradoxfox.space
secretName: paradoxfox-ingress
rules:
- host: paradoxfox.space
http:
paths:
- path: /
backend:
serviceName: paradoxfox
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: paradoxfox-www
namespace: paradoxfox
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- www.paradoxfox.space
secretName: paradoxfox-www-ingress
rules:
- host: www.paradoxfox.space
http:
paths:
- path: /
backend:
serviceName: paradoxfox
servicePort: 80

163
manifests/photoprism_chart.yaml Normal file
View File

@@ -0,0 +1,163 @@
apiVersion: v1
kind: Namespace
metadata:
name: photoprism
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: photoprism-storage
namespace: photoprism
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
name: photoprism
namespace: photoprism
spec:
chart:
repository: https://p80n.github.io/photoprism-helm/
name: photoprism
version: 1.0.0
maxHistory: 5
values:
image:
tag: "20200729"
config:
PHOTOPRISM_DEBUG: false
PHOTOPRISM_PUBLIC: true
PHOTOPRISM_READONLY: true
PHOTOPRISM_SITE_URL: https://photos.cluster.fun
PHOTOPRISM_SITE_TITLE: Photos
PHOTOPRISM_SITE_CAPTION: ""
persistence:
enabled: true
cachePath: /data/cache
originalsPath: /data/originals
storagePath: /data/storage
volumeMounts:
- name: storage
mountPath: /data
volumes:
- name: storage
persistentVolumeClaim:
claimName: photoprism-storage
resources:
requests:
memory: 500Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: photoprism-auth
namespace: photoprism
labels:
app: photoprism-auth
spec:
replicas: 1
selector:
matchLabels:
app: photoprism-auth
template:
metadata:
labels:
app: photoprism-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://photoprism-photoprism.photoprism.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://photos.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: photoprism-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: photoprism-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
---
apiVersion: v1
kind: Secret
metadata:
name: photoprism-auth
namespace: photoprism
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: photoprism-auth
namespace: photoprism
labels:
app: photoprism-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: photoprism-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: photoprism-auth
namespace: photoprism
labels:
app: photoprism-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- photos.cluster.fun
secretName: photoprism-ingress
rules:
- host: photos.cluster.fun
http:
paths:
- path: /
backend:
serviceName: photoprism-auth
servicePort: 80

26
manifests/printer.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: printer-auth
namespace: inlets
labels:
app: printer-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- printer.cluster.fun
secretName: printer-ingress
rules:
- host: printer.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

25
manifests/radarr.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: radarr
namespace: inlets
labels:
app: radarr
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- radarr.cluster.fun
secretName: radarr-ingress
rules:
- host: radarr.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

72
manifests/rss.yaml
View File

@@ -6,7 +6,7 @@ metadata:
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: rss name: rss-db
namespace: rss namespace: rss
spec: spec:
accessModes: accessModes:
@@ -16,15 +16,25 @@ spec:
storage: 1Gi storage: 1Gi
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret
metadata:
name: rss-auth
namespace: rss
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: rss name: rss-new
namespace: rss namespace: rss
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
- port: 80 - port: 80
targetPort: 8080 targetPort: 8000
name: web name: web
selector: selector:
app: rss app: rss
@@ -38,6 +48,8 @@ metadata:
app: rss app: rss
spec: spec:
replicas: 1 replicas: 1
strategy:
type: Recreate
selector: selector:
matchLabels: matchLabels:
app: rss app: rss
@@ -46,22 +58,56 @@ spec:
labels: labels:
app: rss app: rss
spec: spec:
securityContext:
fsGroup: 1000
dnsConfig: dnsConfig:
options: options:
- name: ndots - name: ndots
value: "2" value: "2"
containers: containers:
- name: web - args:
image: mdswanson/stringer - --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://localhost:8080
- --http-address=$(HOST_IP):8000
- --redirect-url=https://rss.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: rss-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: rss-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8000
protocol: TCP
resources:
limits:
memory: 125Mi
requests:
memory: 125Mi
- name: web
image: docker.cluster.fun/averagemarcus/gopherss:latest
env: env:
- name: SECRET_TOKEN
value: inward-popcorn-decamp-epsilon
- name: PORT - name: PORT
value: "8080" value: "8080"
- name: DATABASE_URL - name: DB_PATH
value: sqlite3:/data/stringer.db value: /data/feeds.db
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: web name: web
@@ -76,7 +122,7 @@ spec:
volumes: volumes:
- name: storage - name: storage
persistentVolumeClaim: persistentVolumeClaim:
claimName: rss claimName: rss-db
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
@@ -99,7 +145,7 @@ spec:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: rss serviceName: rss-new
servicePort: 80 servicePort: 80
--- ---

25
manifests/sonarr.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sonarr
namespace: inlets
labels:
app: sonarr
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- sonarr.cluster.fun
secretName: sonarr-ingress
rules:
- host: sonarr.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

68
manifests/svg-to-dxf.yaml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: v1
kind: Namespace
metadata:
name: svg-to-dxf
---
apiVersion: v1
kind: Service
metadata:
name: svg-to-dxf
namespace: svg-to-dxf
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: svg-to-dxf
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: svg-to-dxf
namespace: svg-to-dxf
spec:
replicas: 1
selector:
matchLabels:
app: svg-to-dxf
template:
metadata:
labels:
app: svg-to-dxf
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/svg-to-dxf:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: web
resources:
requests:
memory: 100Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: svg-to-dxf
namespace: svg-to-dxf
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- svg-to-dxf.cluster.fun
secretName: svg-to-dxf-ingress
rules:
- host: svg-to-dxf.cluster.fun
http:
paths:
- path: /
backend:
serviceName: svg-to-dxf
servicePort: 80

74
manifests/talks.yaml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: v1
kind: Namespace
metadata:
name: talks
---
apiVersion: v1
kind: Service
metadata:
name: talks
namespace: talks
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: talks
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talks
namespace: talks
spec:
replicas: 2
selector:
matchLabels:
app: talks
template:
metadata:
labels:
app: talks
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/talks:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: talks
namespace: talks
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- talks.marcusnoble.co.uk
secretName: talks-ingress
rules:
- host: talks.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: talks
port:
number: 80

71
manifests/til.yaml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: v1
kind: Namespace
metadata:
name: til
---
apiVersion: v1
kind: Service
metadata:
name: til
namespace: til
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: til
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: til
namespace: til
spec:
replicas: 2
selector:
matchLabels:
app: til
template:
metadata:
labels:
app: til
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/til:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: til
namespace: til
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- til.marcusnoble.co.uk
secretName: til-ingress
rules:
- host: til.marcusnoble.co.uk
http:
paths:
- path: /
backend:
serviceName: til
servicePort: 80

2
manifests/traefik-lb.yaml
View File

@@ -46,7 +46,7 @@ spec:
- --defaultentrypoints=http,https - --defaultentrypoints=http,https
- --entrypoints=Name:https Address::443 TLS - --entrypoints=Name:https Address::443 TLS
- --entrypoints=Name:http Address::80 - --entrypoints=Name:http Address::80
- --accesslog - --accesslog=true
- --accesslog.format=json - --accesslog.format=json
image: docker.io/traefik:1.7 image: docker.io/traefik:1.7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent

25
manifests/transmission.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: transmission
namespace: inlets
labels:
app: transmission
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- transmission.cluster.fun
secretName: transmission-ingress
rules:
- host: transmission.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

96
manifests/tweetsvg.yaml Normal file
View File

@@ -0,0 +1,96 @@
apiVersion: v1
kind: Namespace
metadata:
name: tweetsvg
---
apiVersion: v1
kind: Secret
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
kube-1password: dmjtjxrcpqtmeddq5x7zikj37i
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
name: web
selector:
app: tweetsvg
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
replicas: 2
selector:
matchLabels:
app: tweetsvg
template:
metadata:
labels:
app: tweetsvg
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/tweetsvg:latest
imagePullPolicy: Always
# env:
# - name: DOTENV_DIR
# value: /config/
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: tweetsvg
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- tweet.cluster.fun
secretName: tweetsvg-ingress
rules:
- host: tweet.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tweetsvg
port:
number: 80

43
tekton/tasks/docker-build-and-publish.yaml
View File

@@ -8,17 +8,13 @@ spec:
- name: DOCKERFILE - name: DOCKERFILE
type: string type: string
description: The path to the dockerfile to build description: The path to the dockerfile to build
default: /Dockerfile default: Dockerfile
- name: CONTEXT - name: CONTEXT
type: string type: string
description: The build context used by Docker. description: The build context used by Docker.
default: ./ default: .
- name: IMAGE - name: IMAGE
type: string type: string
description: Name (reference) of the image to build.
- name: EXTRA_ARGS
type: string
default: ""
resources: resources:
inputs: inputs:
- name: src - name: src
@@ -29,24 +25,35 @@ spec:
steps: steps:
- name: build-and-push - name: build-and-push
workingDir: /workspace/src workingDir: /workspace/src
image: gcr.io/kaniko-project/executor:latest image: moby/buildkit:latest
env: env:
- name: DOCKER_CONFIG - name: DOCKER_CONFIG
value: /kaniko/.docker value: /root/.docker
command: command:
- /kaniko/executor - sh
- $(params.EXTRA_ARGS) - -c
- --dockerfile=/workspace/src/$(params.DOCKERFILE) - |
- --context=/workspace/src/$(params.CONTEXT) PLATFORMS=$(grep 'PLATFORMS ?= ' Makefile | sed -E 's/^PLATFORMS \?= (.+)$/\1/')
- --destination=$(params.IMAGE) if [ -z $PLATFORMS ]; then
- --oci-layout-path=/workspace/src/image-digest PLATFORMS=linux/amd64
- --digest-file=/tekton/results/IMAGE_DIGEST fi
- --cache=true
buildctl-daemonless.sh --debug \
build \
--progress=plain \
--frontend=dockerfile.v0 \
--opt filename=$(params.DOCKERFILE) \
--opt platform=${PLATFORMS} \
--local context=$(params.CONTEXT) \
--local dockerfile=. \
--output type=image,name=$(params.IMAGE),push=true \
--export-cache type=inline \
--import-cache type=registry,ref=$(params.IMAGE)
securityContext: securityContext:
runAsUser: 0 privileged: true
volumeMounts: volumeMounts:
- name: docker-config - name: docker-config
mountPath: /kaniko/.docker/config.json mountPath: /root/.docker/config.json
subPath: config.json subPath: config.json
volumes: volumes:
- name: docker-config - name: docker-config

8
terraform/bucket.tf
View File

@@ -7,11 +7,11 @@ output "bucket_id" {
value = scaleway_object_bucket.kubernetes.id value = scaleway_object_bucket.kubernetes.id
} }
resource "scaleway_object_bucket" "linx" { resource "scaleway_object_bucket" "outline" {
name = "cluster.fun-linx" name = "cluster.fun-outline"
acl = "private" acl = "private"
} }
output "linx-bucket_id" { output "outline-bucket_id" {
value = scaleway_object_bucket.linx.id value = scaleway_object_bucket.outline.id
} }

25
terraform/kubernetes-charts.tf
View File

@@ -1,30 +1,9 @@
provider "helm" {
kubernetes {
load_config_file = false
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
cluster_ca_certificate = base64decode(
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
)
}
}
data "helm_repository" "stable" {
name = "stable"
url = "https://kubernetes-charts.storage.googleapis.com"
}
data "helm_repository" "fluxcd" {
name = "fluxcd"
url = "https://charts.fluxcd.io"
}
resource "helm_release" "helm-operator" { resource "helm_release" "helm-operator" {
name = "helm-operator" name = "helm-operator"
repository = data.helm_repository.fluxcd.metadata[0].name repository = "https://charts.fluxcd.io"
chart = "helm-operator" chart = "helm-operator"
max_history = 4 max_history = 3
set { set {
name = "helm.versions" name = "helm.versions"

2
terraform/kubernetes-cluster.tf
View File

@@ -1,7 +1,7 @@
resource "scaleway_k8s_cluster_beta" "k8s-cluster" { resource "scaleway_k8s_cluster_beta" "k8s-cluster" {
name = "cluster-fun" name = "cluster-fun"
description = "" description = ""
version = "1.18.3" version = "1.20"
cni = "weave" cni = "weave"
enable_dashboard = false enable_dashboard = false
ingress = "traefik" ingress = "traefik"

31
terraform/kubernetes-manifests.tf
View File

@@ -1,31 +0,0 @@
provider "kubectl" {
load_config_file = false
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
cluster_ca_certificate = base64decode(
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
)
}
resource "kubectl_manifest" "manifests" {
for_each = fileset(path.module, "../manifests/*")
yaml_body = file(each.key)
}
resource "kubectl_manifest" "tekton-install" {
for_each = fileset(path.module, "../tekton/1-Install/*")
yaml_body = file(each.key)
}
resource "kubectl_manifest" "tekton-setup" {
for_each = fileset(path.module, "../tekton/2-Setup/*")
yaml_body = file(each.key)
}
resource "kubectl_manifest" "tekton" {
for_each = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*")
yaml_body = file(each.key)
}

11
terraform/provider.tf
View File

@@ -3,3 +3,14 @@ provider "scaleway" {
region = "fr-par" region = "fr-par"
organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc" organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc"
} }
provider "helm" {
kubernetes {
load_config_file = false
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
cluster_ca_certificate = base64decode(
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
)
}
}

13
terraform/versions.tf Normal file
View File

@@ -0,0 +1,13 @@
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "1.3.2"
}
scaleway = {
source = "scaleway/scaleway"
version = "1.17.2"
}
}
required_version = ">= 0.13"
}