Merge branch 'master' of https://git.cluster.fun/AverageMarcus/cluster.fun

Makefile

@@ -47,7 +47,19 @@ ci:
 
 .PHONY: release # Release the latest version of the application
 release:
-	@cd terraform && terraform apply -auto-approve
+	@cd terraform && terraform apply -auto-approve && \
+		kubectx admin@clusterfun-scaleway && \
+		cd ../tekton && \
+		kubectl apply -f ./1-Install/ && \
+		kubectl apply -f ./2-Setup/ && \
+		kubectl apply -f ./bindings/ && \
+		kubectl apply -f ./conditions/ && \
+		kubectl apply -f ./eventlisteners/ && \
+		kubectl apply -f ./pipelines/ && \
+		kubectl apply -f ./tasks/ && \
+		kubectl apply -f ./triggertemplates/ && \
+		cd ../manifests && \
+		kubectl apply -f ./
 
 .PHONY: help # Show this list of commands
 help:

manifests/11-year-anniversary/11-year-anniversary.yaml

@@ -0,0 +1,80 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: docker-config
+  namespace: anniversary
+  annotations:
+    kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .dockerconfigjson
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30=
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: anniversary
+  namespace: anniversary
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: anniversary
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: anniversary
+  namespace: anniversary
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: anniversary
+  template:
+    metadata:
+      labels:
+        app: anniversary
+    spec:
+      imagePullSecrets:
+        - name: docker-config
+      containers:
+      - name: web
+        image: docker.cluster.fun/private/11-year-anniversary:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: web
+        resources:
+          limits:
+            memory: 5Mi
+          requests:
+            memory: 5Mi
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: anniversary
+  namespace: anniversary
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - 11-year-anniversary.marcusnoble.co.uk
+    secretName: anniversary-ingress
+  rules:
+  - host: 11-year-anniversary.marcusnoble.co.uk
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: anniversary
+          servicePort: 80

manifests/_apps/11-year-anniversary.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: anniversary
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: anniversary
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/11-year-anniversary
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/argocd.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/argocd
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/auth-proxy.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: auth-proxy
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/auth-proxy
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/base64.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: base64
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: base64
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/base64
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/blackhole.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: blackhole
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: kube-system
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/blackhole
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/blog.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: blog
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: blog
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/blog
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/certmanager_chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: cert-manager
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/certmanager_chart
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/code-server.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: code-server
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/code-server
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/cors-proxy.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cors-proxy
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: cors-proxy
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/cors-proxy
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/cv.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cv
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: cv
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/cv
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/dashboard.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dashboard
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: dashboard
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/dashboard
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/downloads.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: downloads
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/downloads
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/feed-fetcher.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: feed-fetcher
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: feed-fetcher
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/feed-fetcher
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/git-sync.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: git-sync
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: git-sync
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/git-sync
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/gitea.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitea
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: gitea
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/gitea
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/goplayground.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: goplayground
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: goplayground
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/goplayground
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/harbor_chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: harbor
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: harbor
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/harbor_chart
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/inlets.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: inlets
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/inlets
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/jackett.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jackett
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/jackett
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/kube-janitor.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-janitor
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: kube-janitor
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/kube-janitor
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/matrix_chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: matrix
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: chat
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/matrix_chart
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated: {}
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/monitoring.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: monitoring
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: monitoring
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/monitoring
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/nextcloud_chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nextcloud
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: nextcloud
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/nextcloud_chart
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated: {}
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/nodered.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nodered
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: node-red
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/nodered
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/opengraph-image-gen.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: opengraph
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: opengraph
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/opengraph
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/paradoxfox.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: paradoxfox
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: paradoxfox
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/paradoxfox
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/photos.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: photos
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: photos
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/photos
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/printer.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: printer
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/printer
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/qr.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: qr
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: qr
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/qr
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/radarr.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: radarr
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/radarr
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/reloader.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: reloader
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  destination:
+    namespace: kube-system
+    server: 'https://kubernetes.default.svc'
+  source:
+    repoURL: 'https://stakater.github.io/stakater-charts'
+    targetRevision: v0.0.89
+    chart: reloader
+  syncPolicy:
+    automated: {}
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/rss.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: rss
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: rss
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/rss
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/sonarr.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sonarr
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/sonarr
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/svg-to-dxf.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: svg-to-dxf
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: svg-to-dxf
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/svg-to-dxf
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/talks.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: talks
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: talks
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/talks
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/til.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: til
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: til
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/til
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/traefik-lb.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: traefik-lb
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: kube-system
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/traefik-lb
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/transmission.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: transmission
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: inlets
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/transmission
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/tweetsvg.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tweetsvg
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: tweetsvg
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/tweetsvg
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/twitter-profile-pic.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: twitter-profile-pic
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: twitter-profile-pic
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/twitter-profile-pic
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/_apps/website-to-remarkable.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: website-to-remarkable
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: cluster.fun
+  destination:
+    namespace: website-to-remarkable
+    name: cluster-fun (scaleway)
+  source:
+    path: manifests/website-to-remarkable
+    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
+    targetRevision: HEAD
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  ignoreDifferences:
+  - kind: Secret
+    jsonPointers:
+    - /data

manifests/argocd/argocd.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: argo
+  namespace: inlets
+  labels:
+    app: argo
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - argo.cluster.fun
+    secretName: argo-ingress
+  rules:
+  - host: argo.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/auth-proxy/auth-proxy.yaml

@@ -0,0 +1,83 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: auth-proxy
+  namespace: inlets
+  annotations:
+    kube-1password: mr6spkkx7n3memkbute6ojaarm
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: auth-proxy
+  namespace: inlets
+  labels:
+    app: auth-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: auth-proxy
+  template:
+    metadata:
+      labels:
+        app: auth-proxy
+    spec:
+      containers:
+      - args:
+        - --cookie-secure=false
+        - --provider=oidc
+        - --provider-display-name=Auth0
+        - --upstream=http://inlets.inlets.svc.cluster.local
+        - --http-address=$(HOST_IP):8080
+        - --email-domain=*
+        - --pass-basic-auth=false
+        - --pass-access-token=false
+        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
+        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
+        - --cookie-expire=336h0m0s
+        env:
+        - name: HOST_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: username
+              name: auth-proxy
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: auth-proxy
+        image: quay.io/oauth2-proxy/oauth2-proxy:v6.1.1
+        name: oauth-proxy
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: auth-proxy
+  namespace: inlets
+  labels:
+    app: auth-proxy
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: auth-proxy
+  type: ClusterIP

manifests/base64/base64.yaml

@@ -1,13 +1,8 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: buzzers
----
-apiVersion: v1
 kind: Service
 metadata:
-  name: buzzers
-  namespace: buzzers
+  name: base64
+  namespace: base64
 spec:
   type: ClusterIP
   ports:
@@ -15,41 +10,43 @@ spec:
     targetPort: web
     name: web
   selector:
-    app: buzzers
+    app: base64
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: buzzers
-  namespace: buzzers
+  name: base64
+  namespace: base64
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: buzzers
+      app: base64
   template:
     metadata:
       labels:
-        app: buzzers
+        app: base64
     spec:
+      imagePullSecrets:
+        - name: docker-config
       containers:
       - name: web
-        image: docker.cluster.fun/averagemarcus/buzzers:latest
+        image: docker.cluster.fun/averagemarcus/base64:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 80
           name: web
         resources:
           limits:
-            memory: 283Mi
+            memory: 5Mi
           requests:
-            memory: 283Mi
+            memory: 5Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: buzzers
-  namespace: buzzers
+  name: base64
+  namespace: base64
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -58,13 +55,13 @@ metadata:
 spec:
   tls:
   - hosts:
-    - buzzers.cluster.fun
-    secretName: buzzers-ingress
+    - base64.cluster.fun
+    secretName: base64-ingress
   rules:
-  - host: buzzers.cluster.fun
+  - host: base64.cluster.fun
     http:
       paths:
       - path: /
         backend:
-          serviceName: buzzers
+          serviceName: base64
           servicePort: 80

manifests/blackhole/blackhole.yaml

@@ -37,7 +37,6 @@ spec:
         resources:
           limits:
             memory: 10Mi
-
           requests:
             memory: 10Mi
 

manifests/blog/blog.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: blog
----
-apiVersion: v1
 kind: Service
 metadata:
   name: blog
@@ -44,6 +39,16 @@ spec:
             memory: 200Mi
           requests:
             memory: 200Mi
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: web
+          initialDelaySeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: web
+          initialDelaySeconds: 10
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/code-server/code-server.yaml

@@ -0,0 +1,23 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: code
+  namespace: inlets
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - code.cluster.fun
+    secretName: code-ingress
+  rules:
+  - host: code.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/cors-proxy/cors-proxy.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: cors-proxy
----
-apiVersion: v1
 kind: Service
 metadata:
   name: cors-proxy

manifests/cv/cv.yaml

@@ -1,13 +1,8 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: dashboard
----
-apiVersion: v1
 kind: Secret
 metadata:
   name: docker-config
-  namespace: dashboard
+  namespace: cv
   annotations:
     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
     kube-1password/vault: Kubernetes
@@ -19,8 +14,8 @@ data:
 apiVersion: v1
 kind: Service
 metadata:
-  name: dashboard
-  namespace: dashboard
+  name: cv
+  namespace: cv
 spec:
   type: ClusterIP
   ports:
@@ -28,43 +23,43 @@ spec:
     targetPort: web
     name: web
   selector:
-    app: dashboard
+    app: cv
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: dashboard
-  namespace: dashboard
+  name: cv
+  namespace: cv
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: dashboard
+      app: cv
   template:
     metadata:
       labels:
-        app: dashboard
+        app: cv
     spec:
       imagePullSecrets:
         - name: docker-config
       containers:
       - name: web
-        image: docker.cluster.fun/private/dashboard:latest
+        image: docker.cluster.fun/private/cv:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 80
           name: web
         resources:
           limits:
-            memory: 50Mi
+            memory: 10Mi
           requests:
-            memory: 50Mi
+            memory: 10Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: dashboard
-  namespace: dashboard
+  name: cv
+  namespace: cv
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -73,13 +68,13 @@ metadata:
 spec:
   tls:
   - hosts:
-    - dash.cluster.fun
-    secretName: dashboard-ingress
+    - cv.marcusnoble.co.uk
+    secretName: cv-ingress
   rules:
-  - host: dash.cluster.fun
+  - host: cv.marcusnoble.co.uk
     http:
       paths:
       - path: /
         backend:
-          serviceName: dashboard
+          serviceName: cv
           servicePort: 80

manifests/dashboard/dashboard.yaml

@@ -1,44 +1,66 @@
 apiVersion: v1
-kind: Namespace
+kind: Secret
 metadata:
-  name: cctv
+  name: docker-config
+  namespace: dashboard
+  annotations:
+    kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .dockerconfigjson
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30=
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: cctv-auth
-  namespace: cctv
+  name: dashboard-auth
+  namespace: dashboard
   annotations:
     kube-1password: mr6spkkx7n3memkbute6ojaarm
     kube-1password/vault: Kubernetes
 type: Opaque
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dashboard
+  namespace: dashboard
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: auth
+    name: web
+  selector:
+    app: dashboard
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: cctv-auth
-  namespace: cctv
-  labels:
-    app: cctv-auth
+  name: dashboard
+  namespace: dashboard
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: cctv-auth
+      app: dashboard
   template:
     metadata:
       labels:
-        app: cctv-auth
+        app: dashboard
     spec:
+      imagePullSecrets:
+        - name: docker-config
       containers:
       - args:
         - --cookie-secure=false
         - --provider=oidc
         - --provider-display-name=Auth0
-        - --upstream=http://inlets.inlets.svc.cluster.local
-        - --http-address=$(HOST_IP):8080
-        - --redirect-url=https://cctv.cluster.fun/oauth2/callback
-        - --email-domain=*
+        - --upstream=http://localhost:80
+        - --http-address=$(HOST_IP):8000
+        - --redirect-url=https://dash.cluster.fun/oauth2/callback
+        - --email-domain=marcusnoble.co.uk
         - --pass-basic-auth=false
         - --pass-access-token=false
         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
@@ -53,47 +75,40 @@ spec:
           valueFrom:
             secretKeyRef:
               key: username
-              name: cctv-auth
+              name: dashboard-auth
         - name: OAUTH2_PROXY_CLIENT_SECRET
           valueFrom:
             secretKeyRef:
               key: password
-              name: cctv-auth
+              name: dashboard-auth
         image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
         name: oauth-proxy
         ports:
-        - containerPort: 8080
+        - containerPort: 8000
           protocol: TCP
+          name: auth
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+      - name: web
+        image: docker.cluster.fun/private/dashboard:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: web
         resources:
           limits:
             memory: 50Mi
           requests:
             memory: 50Mi
 ---
-apiVersion: v1
-kind: Service
-metadata:
-  name: cctv-auth
-  namespace: cctv
-  labels:
-    app: cctv-auth
-spec:
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: 8080
-  selector:
-    app: cctv-auth
-  type: ClusterIP
----
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: cctv-auth
-  namespace: cctv
-  labels:
-    app: cctv-auth
+  name: dashboard
+  namespace: dashboard
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -102,13 +117,13 @@ metadata:
 spec:
   tls:
   - hosts:
-    - cctv.cluster.fun
-    secretName: cctv-ingress
+    - dash.cluster.fun
+    secretName: dashboard-ingress
   rules:
-  - host: cctv.cluster.fun
+  - host: dash.cluster.fun
     http:
       paths:
       - path: /
         backend:
-          serviceName: cctv-auth
+          serviceName: dashboard
           servicePort: 80

manifests/downloads/downloads.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: downloads-auth
+  namespace: inlets
+  labels:
+    app: downloads-auth
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - downloads.cluster.fun
+    secretName: downloads-ingress
+  rules:
+  - host: downloads.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/feed-fetcher/feed-fetcher.yaml

@@ -0,0 +1,64 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: feed-fetcher
+  namespace: feed-fetcher
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: feed-fetcher
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: feed-fetcher
+  namespace: feed-fetcher
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: feed-fetcher
+  template:
+    metadata:
+      labels:
+        app: feed-fetcher
+    spec:
+      containers:
+      - name: web
+        image: docker.cluster.fun/averagemarcus/feed-fetcher:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: web
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: feed-fetcher
+  namespace: feed-fetcher
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - feed-fetcher.cluster.fun
+    secretName: feed-fetcher-ingress
+  rules:
+  - host: feed-fetcher.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: feed-fetcher
+            port:
+              number: 80
+

manifests/git-sync/git-sync.yaml

@@ -0,0 +1,89 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-sync-github
+  namespace: git-sync
+  annotations:
+    kube-1password: cfo2ufhgem57clbscxetxgevue
+    kube-1password/vault: Kubernetes
+    kube-1password/password-key: token
+type: Opaque
+data:
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-sync-gitea
+  namespace: git-sync
+  annotations:
+    kube-1password: b7kpdlcvt7y63bozu3i4j4lojm
+    kube-1password/vault: Kubernetes
+    kube-1password/password-key: token
+type: Opaque
+data:
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-sync-gitlab
+  namespace: git-sync
+  annotations:
+    kube-1password: t47v3xdgadiifgoi4wmqibrlty
+    kube-1password/vault: Kubernetes
+    kube-1password/password-key: token
+type: Opaque
+data:
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-sync-bitbucket
+  namespace: git-sync
+  annotations:
+    kube-1password: adrki45krr2tq34sug7dhdk5iy
+    kube-1password/vault: Kubernetes
+    kube-1password/password-key: token
+type: Opaque
+data:
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: git-sync
+  namespace: git-sync
+spec:
+  schedule: "0 */1 * * *"
+  concurrencyPolicy: Forbid
+  failedJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      backoffLimit: 1
+      template:
+        spec:
+          containers:
+          - name: sync
+            image: docker.cluster.fun/averagemarcus/git-sync:latest
+            imagePullPolicy: Always
+            env:
+            - name: GITHUB_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: git-sync-github
+                  key: token
+            - name: GITEA_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: git-sync-gitea
+                  key: token
+            - name: GITLAB_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: git-sync-gitlab
+                  key: token
+            - name: BITBUCKET_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: git-sync-bitbucket
+                  key: token
+          restartPolicy: Never

manifests/gitea/gitea.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: gitea
----
-apiVersion: v1
 kind: Secret
 metadata:
   name: gitea-secret-key
@@ -47,7 +42,7 @@ spec:
     spec:
       containers:
       - name: git
-        image: gitea/gitea:1.11
+        image: gitea/gitea:1.12.3
         env:
         - name: APP_NAME
           value: "Git"

manifests/goplayground/goplayground.yaml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: goplayground
+  namespace: goplayground
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: goplayground
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: goplayground
+  namespace: goplayground
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: goplayground
+  template:
+    metadata:
+      labels:
+        app: goplayground
+    spec:
+      containers:
+      - name: web
+        image: x1unix/go-playground:1.6.2
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 8000
+          name: web
+        resources:
+          limits:
+            memory: 20Mi
+          requests:
+            memory: 20Mi
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: goplayground
+  namespace: goplayground
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - go.cluster.fun
+    secretName: goplayground-ingress
+  rules:
+  - host: go.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: goplayground
+          servicePort: 80
+

manifests/harbor_chart.yaml

@@ -1,57 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: harbor
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: harbor-values
-  namespace: harbor
-  annotations:
-    kube-1password: igey7vjjiqmj25v64eck7cyj34
-    kube-1password/vault: Kubernetes
-    kube-1password/secret-text-key: values.yaml
-type: Opaque
----
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: harbor
-  namespace: harbor
-spec:
-  chart:
-    repository: https://helm.goharbor.io
-    name: harbor
-    version: 1.3.2
-  maxHistory: 4
-  skipCRDs: false
-  valuesFrom:
-  - secretKeyRef:
-      name: harbor-values
-      namespace: harbor
-      key: values.yaml
-      optional: false
-  values:
-    portal:
-      resources:
-        requests:
-          memory: 64Mi
-    core:
-      resources:
-        requests:
-          memory: 64Mi
-    jobservice:
-      resources:
-        requests:
-          memory: 64Mi
-    registry:
-      registry:
-        resources:
-          requests:
-            memory: 64Mi
-      controller:
-        resources:
-          requests:
-            memory: 64Mi
-

manifests/harbor_chart/harbor_chart.yaml

@@ -0,0 +1,109 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harbor
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-values
+  namespace: harbor
+  annotations:
+    kube-1password: igey7vjjiqmj25v64eck7cyj34
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: values.yaml
+type: Opaque
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: harbor
+  namespace: harbor
+spec:
+  chart:
+    repository: https://helm.goharbor.io
+    name: harbor
+    version: 1.5.3
+  maxHistory: 4
+  skipCRDs: false
+  valuesFrom:
+  - secretKeyRef:
+      name: harbor-values
+      namespace: harbor
+      key: values.yaml
+      optional: false
+  values:
+    updateStrategy:
+      type: Recreate
+    expose:
+      tls:
+        certSource: secret
+        secret:
+          secretName: harbor-harbor-ingress
+    portal:
+      replicas: 2
+      resources:
+        requests:
+          memory: 64Mi
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: component
+                operator: In
+                values:
+                - portal
+              - key: app
+                operator: In
+                values:
+                - harbor
+            topologyKey: kubernetes.io/hostname
+    core:
+      replicas: 2
+      resources:
+        requests:
+          memory: 64Mi
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: component
+                operator: In
+                values:
+                - core
+              - key: app
+                operator: In
+                values:
+                - harbor
+            topologyKey: kubernetes.io/hostname
+    jobservice:
+      replicas: 1
+      resources:
+        requests:
+          memory: 64Mi
+    registry:
+      replicas: 2
+      registry:
+        resources:
+          requests:
+            memory: 64Mi
+      controller:
+        resources:
+          requests:
+            memory: 64Mi
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: component
+                operator: In
+                values:
+                - registry
+              - key: app
+                operator: In
+                values:
+                - harbor
+            topologyKey: kubernetes.io/hostname

manifests/inlets.yaml

@@ -1,103 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: inlets
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: inlets
-  namespace: inlets
-  annotations:
-    kube-1password: podju6t2s2osc3vbkimyce25ti
-    kube-1password/vault: Kubernetes
-    kube-1password/password-key: token
-type: Opaque
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: inlets
-  namespace: inlets
-  labels:
-    app: inlets
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      protocol: TCP
-      targetPort: 8000
-  selector:
-    app: inlets
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: inlets
-  namespace: inlets
-  labels:
-    app: inlets
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: inlets
-  template:
-    metadata:
-      labels:
-        app: inlets
-    spec:
-      containers:
-      - name: inlets
-        image: inlets/inlets:2.7.0
-        imagePullPolicy: Always
-        command: ["inlets"]
-        args:
-        - "server"
-        - "--token-from=/var/inlets/token"
-        volumeMounts:
-          - name: inlets-token-volume
-            mountPath: /var/inlets/
-      volumes:
-        - name: inlets-token-volume
-          secret:
-            secretName: inlets
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: inlets
-  namespace: inlets
-spec:
-  rules:
-  - host: inlets.cluster.fun
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: inlets
-          servicePort: 80
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: pyload
-  namespace: inlets
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-spec:
-  tls:
-  - hosts:
-    - pyload.cluster.fun
-    secretName: pyload-ingress
-  rules:
-  - host: pyload.cluster.fun
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: inlets
-          servicePort: 80

manifests/inlets/inlets.yaml

@@ -0,0 +1,214 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: inlets
+  namespace: inlets
+  annotations:
+    kube-1password: podju6t2s2osc3vbkimyce25ti
+    kube-1password/vault: Kubernetes
+    kube-1password/password-key: token
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: inlets
+  namespace: inlets
+  labels:
+    app: inlets
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 8000
+  selector:
+    app: inlets
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: inlets
+  namespace: inlets
+  labels:
+    app: inlets
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: inlets
+  template:
+    metadata:
+      labels:
+        app: inlets
+    spec:
+      containers:
+      - name: inlets
+        image: ghcr.io/inlets/inlets:3.0.1
+        imagePullPolicy: Always
+        command: ["inlets"]
+        args:
+        - "server"
+        - "--token-from=/var/inlets/token"
+        volumeMounts:
+          - name: inlets-token-volume
+            mountPath: /var/inlets/
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+      volumes:
+        - name: inlets-token-volume
+          secret:
+            secretName: inlets
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: inlets
+  namespace: inlets
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+spec:
+  tls:
+  - hosts:
+    - inlets.cluster.fun
+    secretName: inlets-ingress
+  rules:
+  - host: inlets.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: inlets
+          servicePort: 80
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: home-assistant
+  namespace: inlets
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - home.cluster.fun
+    secretName: home-assistant-ingress
+  rules:
+  - host: home.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: inlets
+          servicePort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: downloads-rpc
+  namespace: inlets
+  labels:
+    app: inlets
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 8000
+  selector:
+    app: inlets
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: vpn-check
+  namespace: inlets
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - vpn-check.cluster.fun
+    secretName: vpn-check-ingress
+  rules:
+  - host: vpn-check.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: inlets
+          servicePort: 80
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: adguard
+  namespace: inlets
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - adguard.cluster.fun
+    secretName: adguard-ingress
+  rules:
+  - host: adguard.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: inlets
+          servicePort: 80
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: podify
+  namespace: inlets
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - podify.cluster.fun
+    secretName: podify-ingress
+  rules:
+  - host: podify.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: inlets
+          servicePort: 80
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: loki
+  namespace: inlets
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 8000
+  selector:
+    app: inlets

manifests/jackett/jackett.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: jackett-auth
+  namespace: inlets
+  labels:
+    app: jackett-auth
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - jackett.cluster.fun
+    secretName: jackett-ingress
+  rules:
+  - host: jackett.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/kube-janitor/kube-janitor.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: kube-janitor
----
-apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: kube-janitor
@@ -69,6 +64,8 @@ metadata:
     version: v20.4.1
   name: kube-janitor
   namespace: kube-janitor
+  annotations:
+    reloader.stakater.com/auto: "true"
 spec:
   replicas: 1
   selector:
@@ -88,7 +85,7 @@ spec:
           - --interval=15
           - --rules-file=/config/rules.yaml
           - --include-namespaces=tekton-pipelines
-          - --include-resources=pods
+          - --include-resources=pods,pipelineruns,taskruns
         resources:
           limits:
             memory: 100Mi

manifests/linx-server.yaml

@@ -1,114 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: linx-server
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: linx-server
-  namespace: linx-server
-data:
-  linx-server.conf: |-
-    sitename = share
-    maxsize = 524288000
-    maxexpiry = 0
-    selifpath = f
-    nologs = false
-    force-random-filename = false
-    s3-endpoint = https://s3.fr-par.scw.cloud
-    s3-region = fr-par
-    s3-bucket = cluster.fun-linx
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: linx-server-s3
-  namespace: linx-server
-  annotations:
-    kube-1password: d5dgclm3qrxd4fntivv26ec3ee
-    kube-1password/vault: Kubernetes
-type: Opaque
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: linx-server
-  namespace: linx-server
-spec:
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: web
-    name: web
-  selector:
-    app: linx-server
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: linx-server
-  namespace: linx-server
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: linx-server
-  template:
-    metadata:
-      labels:
-        app: linx-server
-    spec:
-      containers:
-      - name: web
-        image: andreimarcu/linx-server:version-2.3.5
-        imagePullPolicy: Always
-        args:
-          - -config
-          - /config/linx-server.conf
-        ports:
-        - containerPort: 8080
-          name: web
-        env:
-          - name: AWS_ACCESS_KEY_ID
-            valueFrom:
-              secretKeyRef:
-                name: linx-server-s3
-                key: username
-          - name: AWS_SECRET_ACCESS_KEY
-            valueFrom:
-              secretKeyRef:
-                name: linx-server-s3
-                key: password
-        volumeMounts:
-          - name: config
-            mountPath: /config
-      volumes:
-        - name: config
-          configMap:
-            name: linx-server
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: linx-server
-  namespace: linx-server
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-spec:
-  tls:
-  - hosts:
-    - share.cluster.fun
-    secretName: linx-server-ingress
-  rules:
-  - host: share.cluster.fun
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: linx-server
-          servicePort: 80

manifests/loki_chart.yaml

@@ -1,175 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: logging
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: grafana-credentials
-  namespace: logging
-  annotations:
-    kube-1password: wpynfxkdipeeacyfxkvtdsuj54
-    kube-1password/vault: Kubernetes
-type: Opaque
----
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: loki
-  namespace: logging
-spec:
-  chart:
-    repository: https://grafana.github.io/loki/charts
-    name: loki-stack
-    version: 0.36.2
-  maxHistory: 4
-  skipCRDs: false
-  values:
-    fluent-bit:
-      enabled: "true"
-    promtail:
-      enabled: "true"
-    loki:
-      persistence:
-        enabled: "true"
-        size: 10Gi
-
----
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: grafana
-  namespace: logging
-spec:
-  chart:
-    repository: https://kubernetes-charts.storage.googleapis.com
-    name: grafana
-    version: 5.0.22
-  maxHistory: 4
-  skipCRDs: false
-  values:
-    image:
-      tag: 7.0.0
-    admin:
-      existingSecret: "grafana-credentials"
-      userKey: username
-      passwordKey: password
-    persistence:
-      enabled: "false"
-    datasources:
-      datasources.yaml:
-        apiVersion: 1
-        datasources:
-        - name: Loki
-          type: loki
-          url: http://logging-loki.logging:3100
-          access: proxy
-          jsonData:
-            maxLines: 1000
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: grafana-auth
-  namespace: logging
-  annotations:
-    kube-1password: mr6spkkx7n3memkbute6ojaarm
-    kube-1password/vault: Kubernetes
-type: Opaque
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: grafana-auth
-  namespace: logging
-  labels:
-    app: grafana-auth
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: grafana-auth
-  template:
-    metadata:
-      labels:
-        app: grafana-auth
-    spec:
-      containers:
-      - args:
-        - --cookie-secure=false
-        - --provider=oidc
-        - --provider-display-name=Auth0
-        - --upstream=http://logging-grafana.logging.svc.cluster.local
-        - --http-address=$(HOST_IP):8080
-        - --redirect-url=https://grafana.cluster.fun/oauth2/callback
-        - --email-domain=marcusnoble.co.uk
-        - --pass-basic-auth=false
-        - --pass-access-token=false
-        - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
-        - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
-        env:
-        - name: HOST_IP
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: status.podIP
-        - name: OAUTH2_PROXY_CLIENT_ID
-          valueFrom:
-            secretKeyRef:
-              key: username
-              name: grafana-auth
-        - name: OAUTH2_PROXY_CLIENT_SECRET
-          valueFrom:
-            secretKeyRef:
-              key: password
-              name: grafana-auth
-        image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
-        name: oauth-proxy
-        ports:
-        - containerPort: 8080
-          protocol: TCP
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: grafana-auth
-  namespace: logging
-  labels:
-    app: grafana-auth
-spec:
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: 8080
-  selector:
-    app: grafana-auth
-  type: ClusterIP
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: grafana-auth
-  namespace: logging
-  labels:
-    app: grafana-auth
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-spec:
-  tls:
-  - hosts:
-    - grafana.cluster.fun
-    secretName: grafana-ingress
-  rules:
-  - host: grafana.cluster.fun
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: grafana-auth
-          servicePort: 80

manifests/matrix_chart/matrix_chart.yaml

@@ -1,10 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: chat
-
----
-
 apiVersion: helm.fluxcd.io/v1
 kind: HelmRelease
 metadata:
@@ -21,13 +14,13 @@ spec:
       serverName: "matrix.cluster.fun"
       telemetry: false
       hostname: "matrix.cluster.fun"
-      presence: true
+      presence: "true"
       blockNonAdminInvites: false
-      search: true
+      enableSearch: "true"
       adminEmail: "matrix@marcusnoble.co.uk"
       uploads:
-        maxSize: 100M
-        maxPixels: 32M
+        maxSize: 500M
+        maxPixels: 64M
       federation:
         enabled: false
         allowPublicRooms: false
@@ -47,7 +40,7 @@ spec:
       urlPreviews:
         enabled: true
         rules:
-          maxSize: 4M
+          maxSize: 10M
           ip:
             blacklist:
               - '127.0.0.0/8'
@@ -74,7 +67,7 @@ spec:
     synapse:
       image:
         repository: "matrixdotorg/synapse"
-        tag: v1.12.4
+        tag: v1.33.2
         pullPolicy: IfNotPresent
       service:
         type: ClusterIP
@@ -105,18 +98,19 @@ spec:
         - feature_bridge_state
         - feature_presence_in_room_list
         - feature_custom_themes
+        - feature_new_spinner
       # Servers to show in the Explore menu (the current server is always shown)
       roomDirectoryServers: []
       # Prefix before permalinks generated when users share links to rooms, users, or messages. If running an unfederated Synapse, set the below to the URL of your Riot instance.
       permalinkPrefix: "https://chat.cluster.fun"
       image:
         repository: "vectorim/riot-web"
-        tag: v1.6.0
+        tag: v1.7.27
         pullPolicy: IfNotPresent
       service:
         type: ClusterIP
         port: 80
-      replicaCount: 1
+      replicaCount: 2
       resources: {}
 
     # Settings for Coturn TURN relay, used for routing voice calls
@@ -204,6 +198,8 @@ kind: Deployment
 metadata:
   name: well-known
   namespace: chat
+  annotations:
+    reloader.stakater.com/auto: "true"
 spec:
   replicas: 1
   selector:
@@ -224,6 +220,11 @@ spec:
         volumeMounts:
         - name: well-known
           mountPath: /usr/share/nginx/html/.well-known/matrix
+        resources:
+          limits:
+            memory: 5Mi
+          requests:
+            memory: 5Mi
       volumes:
       - name: well-known
         configMap:

manifests/monitoring/inges.yaml

@@ -0,0 +1,89 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: grafana
+  namespace: inlets
+  labels:
+    app: grafana
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - grafana.cluster.fun
+    secretName: grafana-ingress
+  rules:
+  - host: grafana.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: prometheus
+  namespace: inlets
+  labels:
+    app: prometheus
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - prometheus.cluster.fun
+    secretName: prometheus-ingress
+  rules:
+  - host: prometheus.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prometheus-credentials
+  namespace: monitoring
+  annotations:
+    kube-1password: m7c2n5gqybiyxj6ylydju2nljm
+    kube-1password/vault: Kubernetes
+type: Opaque
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: prometheus-cloud
+  namespace: monitoring
+  labels:
+    app: prometheus-cloud
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    ingress.kubernetes.io/auth-type: basic
+    ingress.kubernetes.io/auth-secret: prometheus-credentials
+spec:
+  tls:
+  - hosts:
+    - prometheus-cloud.cluster.fun
+    secretName: prometheus-cloud-ingress
+  rules:
+  - host: prometheus-cloud.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: prometheus-server
+          servicePort: 80

manifests/monitoring/kube-state-metrics.yaml

@@ -0,0 +1,255 @@
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-state-metrics
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+  name: kube-state-metrics
+rules:
+  - apiGroups: ["certificates.k8s.io"]
+    resources:
+    - certificatesigningrequests
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - configmaps
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["batch"]
+    resources:
+    - cronjobs
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["extensions", "apps"]
+    resources:
+    - daemonsets
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["extensions", "apps"]
+    resources:
+    - deployments
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - endpoints
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["autoscaling"]
+    resources:
+    - horizontalpodautoscalers
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources:
+    - ingresses
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["batch"]
+    resources:
+    - jobs
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - limitranges
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["admissionregistration.k8s.io"]
+    resources:
+      - mutatingwebhookconfigurations
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - namespaces
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["networking.k8s.io"]
+    resources:
+    - networkpolicies
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - nodes
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - persistentvolumeclaims
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - persistentvolumes
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["policy"]
+    resources:
+      - poddisruptionbudgets
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - pods
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["extensions", "apps"]
+    resources:
+    - replicasets
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - replicationcontrollers
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - resourcequotas
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - secrets
+    verbs: ["list", "watch"]
+
+  - apiGroups: [""]
+    resources:
+    - services
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["apps"]
+    resources:
+    - statefulsets
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["storage.k8s.io"]
+    resources:
+      - storageclasses
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["admissionregistration.k8s.io"]
+    resources:
+      - validatingwebhookconfigurations
+    verbs: ["list", "watch"]
+
+  - apiGroups: ["storage.k8s.io"]
+    resources:
+      - volumeattachments
+    verbs: ["list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+  name: kube-state-metrics
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-state-metrics
+subjects:
+- kind: ServiceAccount
+  name: kube-state-metrics
+  namespace: monitoring
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-state-metrics
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+  annotations:
+    prometheus.io/scrape: 'true'
+spec:
+  type: "ClusterIP"
+  ports:
+  - name: "http"
+    protocol: TCP
+    port: 8080
+    targetPort: 8080
+  selector:
+    app.kubernetes.io/name: kube-state-metrics
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kube-state-metrics
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-state-metrics
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: kube-state-metrics
+    spec:
+      serviceAccountName: kube-state-metrics
+      securityContext:
+        fsGroup: 65534
+        runAsGroup: 65534
+        runAsUser: 65534
+      containers:
+      - name: kube-state-metrics
+        args:
+        - --resources=certificatesigningrequests
+        - --resources=configmaps
+        - --resources=cronjobs
+        - --resources=daemonsets
+        - --resources=deployments
+        - --resources=endpoints
+        - --resources=horizontalpodautoscalers
+        - --resources=ingresses
+        - --resources=jobs
+        - --resources=limitranges
+        - --resources=mutatingwebhookconfigurations
+        - --resources=namespaces
+        - --resources=networkpolicies
+        - --resources=nodes
+        - --resources=persistentvolumeclaims
+        - --resources=persistentvolumes
+        - --resources=poddisruptionbudgets
+        - --resources=pods
+        - --resources=replicasets
+        - --resources=replicationcontrollers
+        - --resources=resourcequotas
+        - --resources=secrets
+        - --resources=services
+        - --resources=statefulsets
+        - --resources=storageclasses
+        - --resources=validatingwebhookconfigurations
+        - --resources=volumeattachments
+        imagePullPolicy: IfNotPresent
+        image: "k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.1.0"
+        ports:
+        - containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8080
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+---

manifests/monitoring/node-exporter.yaml

@@ -0,0 +1,87 @@
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus-node-exporter
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: node-exporter
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/scrape: "true"
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: node-exporter
+  name: prometheus-node-exporter
+  namespace: monitoring
+spec:
+  clusterIP: None
+  ports:
+    - name: metrics
+      port: 9100
+      protocol: TCP
+      targetPort: 9100
+  selector:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: node-exporter
+  type: "ClusterIP"
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: node-exporter
+  name: prometheus-node-exporter
+  namespace: monitoring
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: prometheus
+      app.kubernetes.io/component: node-exporter
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: prometheus
+        app.kubernetes.io/component: node-exporter
+    spec:
+      serviceAccountName: prometheus-node-exporter
+      containers:
+        - name: prometheus-node-exporter
+          image: "prom/node-exporter:v1.1.2"
+          imagePullPolicy: "IfNotPresent"
+          args:
+            - --path.procfs=/host/proc
+            - --path.sysfs=/host/sys
+            - --no-collector.wifi
+            - --no-collector.hwmon
+            - --no-collector.netclass
+            - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
+            - --web.listen-address=:9100
+          ports:
+            - name: metrics
+              containerPort: 9100
+              hostPort: 9100
+          volumeMounts:
+            - name: proc
+              mountPath: /host/proc
+              readOnly:  true
+            - name: sys
+              mountPath: /host/sys
+              readOnly: true
+      hostNetwork: true
+      hostPID: true
+      volumes:
+        - name: proc
+          hostPath:
+            path: /proc
+        - name: sys
+          hostPath:
+            path: /sys
+---

manifests/monitoring/prometheus-server.yaml

@@ -0,0 +1,489 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus-server
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prometheus-server
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+data:
+  alerting_rules.yml: |
+    {}
+  alerts: |
+    {}
+  prometheus.yml: |
+    global:
+      evaluation_interval: 1m
+      scrape_interval: 1m
+      scrape_timeout: 10s
+    rule_files:
+    - /etc/config/recording_rules.yml
+    - /etc/config/alerting_rules.yml
+    - /etc/config/rules
+    - /etc/config/alerts
+    scrape_configs:
+    - job_name: prometheus
+      static_configs:
+      - targets:
+        - localhost:9090
+    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      job_name: kubernetes-apiservers
+      kubernetes_sd_configs:
+      - role: endpoints
+      relabel_configs:
+      - action: keep
+        regex: default;kubernetes;https
+        source_labels:
+        - __meta_kubernetes_namespace
+        - __meta_kubernetes_service_name
+        - __meta_kubernetes_endpoint_port_name
+      scheme: https
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        insecure_skip_verify: true
+    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      job_name: kubernetes-nodes
+      kubernetes_sd_configs:
+      - role: node
+      relabel_configs:
+      - action: labelmap
+        regex: __meta_kubernetes_node_label_(.+)
+      - replacement: kubernetes.default.svc:443
+        target_label: __address__
+      - regex: (.+)
+        replacement: /api/v1/nodes/$1/proxy/metrics
+        source_labels:
+        - __meta_kubernetes_node_name
+        target_label: __metrics_path__
+      scheme: https
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        insecure_skip_verify: true
+    - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      job_name: kubernetes-nodes-cadvisor
+      kubernetes_sd_configs:
+      - role: node
+      relabel_configs:
+      - action: labelmap
+        regex: __meta_kubernetes_node_label_(.+)
+      - replacement: kubernetes.default.svc:443
+        target_label: __address__
+      - regex: (.+)
+        replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
+        source_labels:
+        - __meta_kubernetes_node_name
+        target_label: __metrics_path__
+      scheme: https
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        insecure_skip_verify: true
+    - job_name: kubernetes-service-endpoints
+      kubernetes_sd_configs:
+      - role: endpoints
+      relabel_configs:
+      - action: keep
+        regex: true
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_scrape
+      - action: replace
+        regex: (https?)
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_scheme
+        target_label: __scheme__
+      - action: replace
+        regex: (.+)
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_path
+        target_label: __metrics_path__
+      - action: replace
+        regex: ([^:]+)(?::\d+)?;(\d+)
+        replacement: $1:$2
+        source_labels:
+        - __address__
+        - __meta_kubernetes_service_annotation_prometheus_io_port
+        target_label: __address__
+      - action: labelmap
+        regex: __meta_kubernetes_service_label_(.+)
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: kubernetes_namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_service_name
+        target_label: kubernetes_name
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_node_name
+        target_label: kubernetes_node
+    - job_name: kubernetes-service-endpoints-slow
+      kubernetes_sd_configs:
+      - role: endpoints
+      relabel_configs:
+      - action: keep
+        regex: true
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
+      - action: replace
+        regex: (https?)
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_scheme
+        target_label: __scheme__
+      - action: replace
+        regex: (.+)
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_path
+        target_label: __metrics_path__
+      - action: replace
+        regex: ([^:]+)(?::\d+)?;(\d+)
+        replacement: $1:$2
+        source_labels:
+        - __address__
+        - __meta_kubernetes_service_annotation_prometheus_io_port
+        target_label: __address__
+      - action: labelmap
+        regex: __meta_kubernetes_service_label_(.+)
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: kubernetes_namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_service_name
+        target_label: kubernetes_name
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_node_name
+        target_label: kubernetes_node
+      scrape_interval: 5m
+      scrape_timeout: 30s
+    - honor_labels: true
+      job_name: prometheus-pushgateway
+      kubernetes_sd_configs:
+      - role: service
+      relabel_configs:
+      - action: keep
+        regex: pushgateway
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_probe
+    - job_name: kubernetes-services
+      kubernetes_sd_configs:
+      - role: service
+      metrics_path: /probe
+      params:
+        module:
+        - http_2xx
+      relabel_configs:
+      - action: keep
+        regex: true
+        source_labels:
+        - __meta_kubernetes_service_annotation_prometheus_io_probe
+      - source_labels:
+        - __address__
+        target_label: __param_target
+      - replacement: blackbox
+        target_label: __address__
+      - source_labels:
+        - __param_target
+        target_label: instance
+      - action: labelmap
+        regex: __meta_kubernetes_service_label_(.+)
+      - source_labels:
+        - __meta_kubernetes_namespace
+        target_label: kubernetes_namespace
+      - source_labels:
+        - __meta_kubernetes_service_name
+        target_label: kubernetes_name
+    - job_name: kubernetes-pods
+      kubernetes_sd_configs:
+      - role: pod
+      relabel_configs:
+      - action: keep
+        regex: true
+        source_labels:
+        - __meta_kubernetes_pod_annotation_prometheus_io_scrape
+      - action: replace
+        regex: (.+)
+        source_labels:
+        - __meta_kubernetes_pod_annotation_prometheus_io_path
+        target_label: __metrics_path__
+      - action: replace
+        regex: ([^:]+)(?::\d+)?;(\d+)
+        replacement: $1:$2
+        source_labels:
+        - __address__
+        - __meta_kubernetes_pod_annotation_prometheus_io_port
+        target_label: __address__
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: kubernetes_namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: kubernetes_pod_name
+      - action: drop
+        regex: Pending|Succeeded|Failed
+        source_labels:
+        - __meta_kubernetes_pod_phase
+    - job_name: kubernetes-pods-slow
+      kubernetes_sd_configs:
+      - role: pod
+      relabel_configs:
+      - action: keep
+        regex: true
+        source_labels:
+        - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
+      - action: replace
+        regex: (.+)
+        source_labels:
+        - __meta_kubernetes_pod_annotation_prometheus_io_path
+        target_label: __metrics_path__
+      - action: replace
+        regex: ([^:]+)(?::\d+)?;(\d+)
+        replacement: $1:$2
+        source_labels:
+        - __address__
+        - __meta_kubernetes_pod_annotation_prometheus_io_port
+        target_label: __address__
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: kubernetes_namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: kubernetes_pod_name
+      - action: drop
+        regex: Pending|Succeeded|Failed
+        source_labels:
+        - __meta_kubernetes_pod_phase
+      scrape_interval: 5m
+      scrape_timeout: 30s
+    - job_name: 'prometheus-blackbox-exporter-ping'
+      metrics_path: /probe
+      params:
+        module: [icmp_ping]
+      static_configs:
+        - targets: []
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: __param_target
+        - source_labels: [__param_target]
+          target_label: instance
+        - target_label: __address__
+          replacement: blackbox-exporter:9115
+    - job_name: 'prometheus-blackbox-exporter-http'
+      metrics_path: /probe
+      params:
+        module: [http_2xx]
+      static_configs:
+        - targets: []
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: __param_target
+        - source_labels: [__param_target]
+          target_label: instance
+        - target_label: __address__
+          replacement: blackbox-exporter:9115
+    - job_name: 'node-exporter'
+      kubernetes_sd_configs:
+        - role: endpoints
+      relabel_configs:
+      - source_labels: [__meta_kubernetes_endpoints_name]
+        regex: 'node-exporter'
+        action: keep
+  recording_rules.yml: |
+    {}
+  rules: |
+    {}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prometheus-server
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: "8Gi"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+  name: prometheus-server
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/proxy
+      - nodes/metrics
+      - services
+      - endpoints
+      - pods
+      - ingresses
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - "extensions"
+      - "networking.k8s.io"
+    resources:
+      - ingresses/status
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - nonResourceURLs:
+      - "/metrics"
+    verbs:
+      - get
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+  name: prometheus-server
+subjects:
+  - kind: ServiceAccount
+    name: prometheus-server
+    namespace: monitoring
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus-server
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+  name: prometheus-server
+  namespace: monitoring
+spec:
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 9090
+  selector:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+  sessionAffinity: None
+  type: "ClusterIP"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: prometheus
+    app.kubernetes.io/component: server
+  name: prometheus-server
+  namespace: monitoring
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: prometheus
+      app.kubernetes.io/component: server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: prometheus
+        app.kubernetes.io/component: server
+    spec:
+      serviceAccountName: prometheus-server
+      containers:
+        - name: prometheus-server-configmap-reload
+          image: "jimmidyson/configmap-reload:v0.5.0"
+          imagePullPolicy: "IfNotPresent"
+          args:
+            - --volume-dir=/etc/config
+            - --webhook-url=http://127.0.0.1:9090/-/reload
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/config
+              readOnly: true
+
+        - name: prometheus-server
+          image: "prom/prometheus:v2.27.1"
+          imagePullPolicy: "IfNotPresent"
+          args:
+            - --storage.tsdb.retention.time=15d
+            - --config.file=/etc/config/prometheus.yml
+            - --storage.tsdb.path=/data
+            - --web.console.libraries=/etc/prometheus/console_libraries
+            - --web.console.templates=/etc/prometheus/consoles
+            - --web.enable-lifecycle
+          ports:
+            - containerPort: 9090
+          readinessProbe:
+            httpGet:
+              path: /-/ready
+              port: 9090
+            initialDelaySeconds: 30
+            periodSeconds: 5
+            timeoutSeconds: 30
+            failureThreshold: 3
+            successThreshold: 1
+          livenessProbe:
+            httpGet:
+              path: /-/healthy
+              port: 9090
+            initialDelaySeconds: 30
+            periodSeconds: 15
+            timeoutSeconds: 30
+            failureThreshold: 3
+            successThreshold: 1
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/config
+            - name: storage-volume
+              mountPath: /data
+              subPath: ""
+      securityContext:
+        fsGroup: 65534
+        runAsGroup: 65534
+        runAsNonRoot: true
+        runAsUser: 65534
+      terminationGracePeriodSeconds: 300
+      volumes:
+        - name: config-volume
+          configMap:
+            name: prometheus-server
+        - name: storage-volume
+          persistentVolumeClaim:
+            claimName: prometheus-server
+---

manifests/monitoring/promtail.yaml

@@ -0,0 +1,472 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: promtail
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: promtail
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: promtail
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: promtail
+spec:
+  allowPrivilegeEscalation: false
+  fsGroup:
+    rule: RunAsAny
+  hostIPC: false
+  hostNetwork: false
+  hostPID: false
+  privileged: false
+  readOnlyRootFilesystem: true
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - secret
+  - configMap
+  - hostPath
+  - projected
+  - downwardAPI
+  - emptyDir
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: promtail
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: promtail
+data:
+  promtail.yaml: |
+    client:
+      backoff_config:
+        max_period: 5m
+        max_retries: 10
+        min_period: 500ms
+      batchsize: 1048576
+      batchwait: 1s
+      external_labels: {}
+      timeout: 10s
+    positions:
+      filename: /run/promtail/positions.yaml
+    server:
+      http_listen_port: 3101
+    target_config:
+      sync_period: 10s
+    scrape_configs:
+    - job_name: kubernetes-filtering
+      kubernetes_sd_configs:
+      - role: pod
+      pipeline_stages:
+      - drop:
+          source: "k8s_app"
+          expression: "(konnectivity-agent|weave|kube-dns)"
+      - drop:
+          expression: ".*kube-probe.*"
+      - json:
+          expressions:
+            RequestPath: RequestPath
+      - labels:
+          RequestPath:
+      - drop:
+          source: "RequestPath"
+          expression: "/healthz"
+
+    - job_name: kubernetes-pods-name
+      pipeline_stages:
+        - docker: {}
+      kubernetes_sd_configs:
+      - role: pod
+      relabel_configs:
+      - source_labels:
+        - __meta_kubernetes_pod_label_name
+        target_label: __service__
+      - source_labels:
+        - __meta_kubernetes_pod_node_name
+        target_label: __host__
+      - action: drop
+        regex: ''
+        source_labels:
+        - __service__
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
+        replacement: $1
+        separator: /
+        source_labels:
+        - __meta_kubernetes_namespace
+        - __service__
+        target_label: job
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: pod
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_container_name
+        target_label: container
+      - replacement: /var/log/pods/*$1/*.log
+        separator: /
+        source_labels:
+        - __meta_kubernetes_pod_uid
+        - __meta_kubernetes_pod_container_name
+        target_label: __path__
+
+    - job_name: kubernetes-pods-app
+      pipeline_stages:
+        - docker: {}
+      kubernetes_sd_configs:
+      - role: pod
+      relabel_configs:
+      - action: drop
+        regex: .+
+        source_labels:
+        - __meta_kubernetes_pod_label_name
+      - source_labels:
+        - __meta_kubernetes_pod_label_app
+        target_label: __service__
+      - source_labels:
+        - __meta_kubernetes_pod_node_name
+        target_label: __host__
+      - action: drop
+        regex: ''
+        source_labels:
+        - __service__
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
+        replacement: $1
+        separator: /
+        source_labels:
+        - __meta_kubernetes_namespace
+        - __service__
+        target_label: job
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: pod
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_container_name
+        target_label: container
+      - replacement: /var/log/pods/*$1/*.log
+        separator: /
+        source_labels:
+        - __meta_kubernetes_pod_uid
+        - __meta_kubernetes_pod_container_name
+        target_label: __path__
+
+    - job_name: kubernetes-pods-direct-controllers
+      pipeline_stages:
+        - docker: {}
+      kubernetes_sd_configs:
+      - role: pod
+      relabel_configs:
+      - action: drop
+        regex: .+
+        separator: ''
+        source_labels:
+        - __meta_kubernetes_pod_label_name
+        - __meta_kubernetes_pod_label_app
+      - action: drop
+        regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'
+        source_labels:
+        - __meta_kubernetes_pod_controller_name
+      - source_labels:
+        - __meta_kubernetes_pod_controller_name
+        target_label: __service__
+      - source_labels:
+        - __meta_kubernetes_pod_node_name
+        target_label: __host__
+      - action: drop
+        regex: ''
+        source_labels:
+        - __service__
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
+        replacement: $1
+        separator: /
+        source_labels:
+        - __meta_kubernetes_namespace
+        - __service__
+        target_label: job
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: pod
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_container_name
+        target_label: container
+      - replacement: /var/log/pods/*$1/*.log
+        separator: /
+        source_labels:
+        - __meta_kubernetes_pod_uid
+        - __meta_kubernetes_pod_container_name
+        target_label: __path__
+
+    - job_name: kubernetes-pods-indirect-controller
+      pipeline_stages:
+        - docker: {}
+      kubernetes_sd_configs:
+      - role: pod
+      relabel_configs:
+      - action: drop
+        regex: .+
+        separator: ''
+        source_labels:
+        - __meta_kubernetes_pod_label_name
+        - __meta_kubernetes_pod_label_app
+      - action: keep
+        regex: '[0-9a-z-.]+-[0-9a-f]{8,10}'
+        source_labels:
+        - __meta_kubernetes_pod_controller_name
+      - action: replace
+        regex: '([0-9a-z-.]+)-[0-9a-f]{8,10}'
+        source_labels:
+        - __meta_kubernetes_pod_controller_name
+        target_label: __service__
+      - source_labels:
+        - __meta_kubernetes_pod_node_name
+        target_label: __host__
+      - action: drop
+        regex: ''
+        source_labels:
+        - __service__
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
+        replacement: $1
+        separator: /
+        source_labels:
+        - __meta_kubernetes_namespace
+        - __service__
+        target_label: job
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: pod
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_container_name
+        target_label: container
+      - replacement: /var/log/pods/*$1/*.log
+        separator: /
+        source_labels:
+        - __meta_kubernetes_pod_uid
+        - __meta_kubernetes_pod_container_name
+        target_label: __path__
+
+    - job_name: kubernetes-pods-static
+      pipeline_stages:
+        - docker: {}
+      kubernetes_sd_configs:
+      - role: pod
+      relabel_configs:
+      - action: drop
+        regex: ''
+        source_labels:
+        - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_label_component
+        target_label: __service__
+      - source_labels:
+        - __meta_kubernetes_pod_node_name
+        target_label: __host__
+      - action: drop
+        regex: ''
+        source_labels:
+        - __service__
+      - action: labelmap
+        regex: __meta_kubernetes_pod_label_(.+)
+      - action: replace
+        replacement: $1
+        separator: /
+        source_labels:
+        - __meta_kubernetes_namespace
+        - __service__
+        target_label: job
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_namespace
+        target_label: namespace
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_name
+        target_label: pod
+      - action: replace
+        source_labels:
+        - __meta_kubernetes_pod_container_name
+        target_label: container
+      - replacement: /var/log/pods/*$1/*.log
+        separator: /
+        source_labels:
+        - __meta_kubernetes_pod_annotation_kubernetes_io_config_mirror
+        - __meta_kubernetes_pod_container_name
+        target_label: __path__
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: promtail-clusterrole
+  labels:
+    app.kubernetes.io/name: promtail
+rules:
+- apiGroups: [""] # "" indicates the core API group
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "watch", "list"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: promtail-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: promtail
+subjects:
+  - kind: ServiceAccount
+    name: promtail
+    namespace: monitoring
+roleRef:
+  kind: ClusterRole
+  name: promtail-clusterrole
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: promtail
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: promtail
+rules:
+- apiGroups:      ['extensions']
+  resources:      ['podsecuritypolicies']
+  verbs:          ['use']
+  resourceNames:  [promtail]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: promtail
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: promtail
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: promtail
+subjects:
+- kind: ServiceAccount
+  name: promtail
+---
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: promtail
+  namespace: monitoring
+  labels:
+    app.kubernetes.io/name: promtail
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: promtail
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: promtail
+      annotations:
+        prometheus.io/port: http-metrics
+        prometheus.io/scrape: "true"
+    spec:
+      serviceAccountName: promtail
+      containers:
+        - name: promtail
+          image: "grafana/promtail:2.2.1"
+          imagePullPolicy: IfNotPresent
+          args:
+            - "-config.file=/etc/promtail/promtail.yaml"
+            - "-client.url=http://loki.inlets.svc:80/loki/api/v1/push"
+            - "-client.external-labels=kubernetes_cluster=scaleway"
+          volumeMounts:
+            - name: config
+              mountPath: /etc/promtail
+            - name: run
+              mountPath: /run/promtail
+            - mountPath: /var/lib/docker/containers
+              name: docker
+              readOnly: true
+            - mountPath: /var/log/pods
+              name: pods
+              readOnly: true
+          env:
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          ports:
+            - containerPort: 3101
+              name: http-metrics
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsGroup: 0
+            runAsUser: 0
+          readinessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /ready
+              port: http-metrics
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+      tolerations:
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Exists
+      volumes:
+        - name: config
+          configMap:
+            name: promtail
+        - name: run
+          hostPath:
+            path: /run/promtail
+        - hostPath:
+            path: /var/lib/docker/containers
+          name: docker
+        - hostPath:
+            path: /var/log/pods
+          name: pods
+---

manifests/nextcloud_chart/nextcloud_chart.yaml

@@ -1,10 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: nextcloud
-
----
-apiVersion: v1
 kind: Secret
 metadata:
   name: nextcloud-values
@@ -23,9 +17,9 @@ metadata:
   namespace: nextcloud
 spec:
   chart:
-    repository: https://kubernetes-charts.storage.googleapis.com
+    repository: https://nextcloud.github.io/helm/
     name: nextcloud
-    version: 1.10.0
+    version: 2.6.3
   maxHistory: 5
   valuesFrom:
   - secretKeyRef:
@@ -35,7 +29,9 @@ spec:
       optional: false
   values:
     image:
-      tag: 18-apache
+      tag: 21.0.1-apache
+      pullPolicy: IfNotPresent
+    replicaCount: 1
     ingress:
       enabled: true
       annotations:
@@ -53,6 +49,8 @@ spec:
       enabled: true
       storageClass: scw-bssd-retain
       size: 5Gi
+    redis:
+      enabled: true
     cronjob:
       enabled: true
     resources:

manifests/nodered/nodered.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: node-red
----
-apiVersion: v1
 kind: Secret
 metadata:
   name: node-red
@@ -73,7 +68,7 @@ spec:
             mountPath: /data
       containers:
       - name: web
-        image: nodered/node-red:latest-12
+        image: nodered/node-red:1.1.3-12
         imagePullPolicy: Always
         ports:
         - containerPort: 1880

manifests/opengraph/opengraph.yaml

@@ -0,0 +1,69 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: opengraph
+  namespace: opengraph
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: opengraph
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: opengraph
+  namespace: opengraph
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: opengraph
+  template:
+    metadata:
+      labels:
+        app: opengraph
+    spec:
+      containers:
+      - name: web
+        image: docker.cluster.fun/averagemarcus/opengraph-image-gen:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 3000
+          name: web
+        resources:
+          limits:
+            memory: 100Mi
+          requests:
+            memory: 100Mi
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: opengraph
+  namespace: opengraph
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - opengraph.cluster.fun
+    secretName: opengraph-ingress
+  rules:
+  - host: opengraph.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: opengraph
+            port:
+              number: 80
+

manifests/paradoxfox/paradoxfox.yaml

@@ -0,0 +1,123 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: docker-config
+  namespace: paradoxfox
+  annotations:
+    kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .dockerconfigjson
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30=
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: etsy-token
+  namespace: paradoxfox
+  annotations:
+    kube-1password: akkchysgrvhawconx63plt3xgy
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: password
+stringData:
+  password: ""
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: paradoxfox
+  namespace: paradoxfox
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: 443
+    name: web
+  selector:
+    app: paradoxfox
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: paradoxfox
+  namespace: paradoxfox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: paradoxfox
+  template:
+    metadata:
+      labels:
+        app: paradoxfox
+    spec:
+      imagePullSecrets:
+        - name: docker-config
+      containers:
+      - name: web
+        image: docker.cluster.fun/private/paradoxfox:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 443
+          name: web
+        env:
+          - name: ETSY_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: etsy-token
+                key: password
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            memory: 200Mi
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: paradoxfox
+  namespace: paradoxfox
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - paradoxfox.space
+    secretName: paradoxfox-ingress
+  rules:
+  - host: paradoxfox.space
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: paradoxfox
+          servicePort: 80
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: paradoxfox-www
+  namespace: paradoxfox
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - www.paradoxfox.space
+    secretName: paradoxfox-www-ingress
+  rules:
+  - host: www.paradoxfox.space
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: paradoxfox
+          servicePort: 80

manifests/photos/photos.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: photos
+  namespace: inlets
+  labels:
+    app: photos
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - photos.cluster.fun
+    secretName: photos-ingress
+  rules:
+  - host: photos.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/printer/printer.yaml

@@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: printer-auth
+  namespace: inlets
+  labels:
+    app: printer-auth
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - printer.cluster.fun
+    secretName: printer-ingress
+  rules:
+  - host: printer.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80
+

manifests/qr/qr.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: qr
----
-apiVersion: v1
 kind: Service
 metadata:
   name: qr
@@ -41,9 +36,9 @@ spec:
           name: web
         resources:
           limits:
-            memory: 100Mi
+            memory: 20Mi
           requests:
-            memory: 100Mi
+            memory: 20Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

manifests/radarr/radarr.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: radarr
+  namespace: inlets
+  labels:
+    app: radarr
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - radarr.cluster.fun
+    secretName: radarr-ingress
+  rules:
+  - host: radarr.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/rss.yaml

@@ -1,105 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: rss
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: rss
-  namespace: rss
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: rss
-  namespace: rss
-spec:
-  type: ClusterIP
-  ports:
-  - port: 80
-    targetPort: 8080
-    name: web
-  selector:
-    app: rss
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: rss
-  namespace: rss
-  labels:
-    app: rss
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rss
-  template:
-    metadata:
-      labels:
-        app: rss
-    spec:
-      securityContext:
-        fsGroup: 1000
-      dnsConfig:
-        options:
-          - name: ndots
-            value: "2"
-      containers:
-      - name: web
-        image: mdswanson/stringer
-        env:
-        - name: SECRET_TOKEN
-          value: inward-popcorn-decamp-epsilon
-        - name: PORT
-          value: "8080"
-        - name: DATABASE_URL
-          value: sqlite3:/data/stringer.db
-        ports:
-        - containerPort: 8080
-          name: web
-        resources:
-          limits:
-            memory: 308Mi
-          requests:
-            memory: 308Mi
-        volumeMounts:
-          - mountPath: /data
-            name: storage
-      volumes:
-      - name: storage
-        persistentVolumeClaim:
-          claimName: rss
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: rss
-  namespace: rss
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-spec:
-  tls:
-  - hosts:
-    - rss.cluster.fun
-    secretName: rss-ingress
-  rules:
-  - host: rss.cluster.fun
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: rss
-          servicePort: 80
-
----

manifests/rss/rss.yaml

@@ -1,44 +1,71 @@
+kind: PersistentVolumeClaim
 apiVersion: v1
-kind: Namespace
 metadata:
-  name: downloads
+  name: rss-db
+  namespace: rss
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: downloads-auth
-  namespace: downloads
+  name: rss-auth
+  namespace: rss
   annotations:
     kube-1password: mr6spkkx7n3memkbute6ojaarm
     kube-1password/vault: Kubernetes
 type: Opaque
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rss-new
+  namespace: rss
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: 8000
+    name: web
+  selector:
+    app: rss
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: downloads-auth
-  namespace: downloads
+  name: rss
+  namespace: rss
   labels:
-    app: downloads-auth
+    app: rss
 spec:
   replicas: 1
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
-      app: downloads-auth
+      app: rss
   template:
     metadata:
       labels:
-        app: downloads-auth
+        app: rss
     spec:
+      dnsConfig:
+        options:
+          - name: ndots
+            value: "2"
       containers:
       - args:
         - --cookie-secure=false
         - --provider=oidc
         - --provider-display-name=Auth0
-        - --upstream=http://inlets.inlets.svc.cluster.local
-        - --http-address=$(HOST_IP):8080
-        - --redirect-url=https://downloads.cluster.fun/oauth2/callback
-        - --email-domain=*
+        - --upstream=http://localhost:8080
+        - --http-address=$(HOST_IP):8000
+        - --redirect-url=https://rss.cluster.fun/oauth2/callback
+        - --email-domain=marcusnoble.co.uk
         - --pass-basic-auth=false
         - --pass-access-token=false
         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
@@ -53,47 +80,55 @@ spec:
           valueFrom:
             secretKeyRef:
               key: username
-              name: downloads-auth
+              name: rss-auth
         - name: OAUTH2_PROXY_CLIENT_SECRET
           valueFrom:
             secretKeyRef:
               key: password
-              name: downloads-auth
+              name: rss-auth
         image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
         name: oauth-proxy
         ports:
-        - containerPort: 8080
+        - containerPort: 8000
           protocol: TCP
         resources:
           limits:
-            memory: 250Mi
+            memory: 50Mi
           requests:
-            memory: 250Mi
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: downloads-auth
-  namespace: downloads
-  labels:
-    app: downloads-auth
-spec:
-  ports:
-  - name: http
-    port: 80
-    protocol: TCP
-    targetPort: 8080
-  selector:
-    app: downloads-auth
-  type: ClusterIP
+            memory: 50Mi
+      - name: web
+        image: docker.cluster.fun/averagemarcus/gopherss:latest
+        env:
+        - name: PORT
+          value: "8080"
+        - name: DB_PATH
+          value: /data/feeds.db
+        ports:
+        - containerPort: 8080
+          name: web
+        resources:
+          limits:
+            memory: 308Mi
+          requests:
+            memory: 308Mi
+        volumeMounts:
+          - mountPath: /data
+            name: storage
+        resources:
+          limits:
+            memory: 100Mi
+          requests:
+            memory: 100Mi
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: rss-db
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: downloads-auth
-  namespace: downloads
-  labels:
-    app: downloads-auth
+  name: rss
+  namespace: rss
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
     traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -102,14 +137,15 @@ metadata:
 spec:
   tls:
   - hosts:
-    - downloads.cluster.fun
-    secretName: downloads-ingress
+    - rss.cluster.fun
+    secretName: rss-ingress
   rules:
-  - host: downloads.cluster.fun
+  - host: rss.cluster.fun
     http:
       paths:
       - path: /
         backend:
-          serviceName: downloads-auth
+          serviceName: rss-new
           servicePort: 80
 
+---

manifests/sonarr/sonarr.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: sonarr
+  namespace: inlets
+  labels:
+    app: sonarr
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - sonarr.cluster.fun
+    secretName: sonarr-ingress
+  rules:
+  - host: sonarr.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/svg-to-dxf/svg-to-dxf.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: svg-to-dxf
+  namespace: svg-to-dxf
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: svg-to-dxf
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: svg-to-dxf
+  namespace: svg-to-dxf
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: svg-to-dxf
+  template:
+    metadata:
+      labels:
+        app: svg-to-dxf
+    spec:
+      containers:
+      - name: web
+        image: docker.cluster.fun/averagemarcus/svg-to-dxf:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+          name: web
+        resources:
+          requests:
+            memory: 100Mi
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: svg-to-dxf
+  namespace: svg-to-dxf
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - svg-to-dxf.cluster.fun
+    secretName: svg-to-dxf-ingress
+  rules:
+  - host: svg-to-dxf.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: svg-to-dxf
+          servicePort: 80

manifests/talks/talks.yaml

@@ -0,0 +1,69 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: talks
+  namespace: talks
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: talks
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: talks
+  namespace: talks
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: talks
+  template:
+    metadata:
+      labels:
+        app: talks
+    spec:
+      containers:
+      - name: web
+        image: docker.cluster.fun/averagemarcus/talks:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: web
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: talks
+  namespace: talks
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - talks.marcusnoble.co.uk
+    secretName: talks-ingress
+  rules:
+  - host: talks.marcusnoble.co.uk
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: talks
+            port:
+              number: 80
+

manifests/til/til.yaml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: til
+  namespace: til
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: web
+    name: web
+  selector:
+    app: til
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: til
+  namespace: til
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: til
+  template:
+    metadata:
+      labels:
+        app: til
+    spec:
+      containers:
+      - name: web
+        image: docker.cluster.fun/averagemarcus/til:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          name: web
+        resources:
+          limits:
+            memory: 20Mi
+          requests:
+            memory: 20Mi
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: til
+  namespace: til
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - til.marcusnoble.co.uk
+    secretName: til-ingress
+  rules:
+  - host: til.marcusnoble.co.uk
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: til
+          servicePort: 80
+

manifests/traefik-lb/traefik-lb.yaml

@@ -46,7 +46,7 @@ spec:
         - --defaultentrypoints=http,https
         - --entrypoints=Name:https Address::443 TLS
         - --entrypoints=Name:http Address::80
-        - --accesslog
+        - --accesslog=true
         - --accesslog.format=json
         image: docker.io/traefik:1.7
         imagePullPolicy: IfNotPresent

manifests/transmission/transmission.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: transmission
+  namespace: inlets
+  labels:
+    app: transmission
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - transmission.cluster.fun
+    secretName: transmission-ingress
+  rules:
+  - host: transmission.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: auth-proxy
+          servicePort: 80

manifests/tweetsvg/tweetsvg.yaml

@@ -0,0 +1,91 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tweetsvg
+  namespace: tweetsvg
+  annotations:
+    kube-1password: dmjtjxrcpqtmeddq5x7zikj37i
+    kube-1password/vault: Kubernetes
+    kube-1password/secret-text-key: .env
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tweetsvg
+  namespace: tweetsvg
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80
+    targetPort: 8080
+    name: web
+  selector:
+    app: tweetsvg
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tweetsvg
+  namespace: tweetsvg
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: tweetsvg
+  template:
+    metadata:
+      labels:
+        app: tweetsvg
+    spec:
+      containers:
+      - name: web
+        image: docker.cluster.fun/averagemarcus/tweetsvg:latest
+        imagePullPolicy: Always
+        # env:
+        # - name: DOTENV_DIR
+        #   value: /config/
+        ports:
+        - containerPort: 8080
+          name: web
+        resources:
+          limits:
+            memory: 100Mi
+          requests:
+            memory: 100Mi
+        volumeMounts:
+          - name: dotenv
+            mountPath: /app/.env
+            subPath: .env
+      volumes:
+      - name: dotenv
+        secret:
+          secretName: tweetsvg
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tweetsvg
+  namespace: tweetsvg
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - tweet.cluster.fun
+    secretName: tweetsvg-ingress
+  rules:
+  - host: tweet.cluster.fun
+    http:
+      paths:
+      - path: /
+        pathType: ImplementationSpecific
+        backend:
+          service:
+            name: tweetsvg
+            port:
+              number: 80
+

manifests/twitter-profile-pic/twitter-profile-pic.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: twitter-profile-pic
----
-apiVersion: v1
 kind: Secret
 metadata:
   name: twitter-profile-pic
@@ -111,3 +106,28 @@ spec:
         backend:
           serviceName: twitter-profile-pic
           servicePort: 80
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: twitter-profile-pic-cluster-fun
+  namespace: twitter-profile-pic
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  tls:
+  - hosts:
+    - twitter-profile-pic.cluster.fun
+    secretName: twitter-profile-pic-cluster-fun-ingress
+  rules:
+  - host: twitter-profile-pic.cluster.fun
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: twitter-profile-pic
+          servicePort: 80

manifests/website-to-remarkable/website-to-remarkable.yaml

@@ -1,9 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: website-to-remarkable
----
-apiVersion: v1
 kind: Secret
 metadata:
   name: website-to-remarkable-auth
@@ -97,9 +92,9 @@ spec:
           protocol: TCP
         resources:
           limits:
-            memory: 125Mi
+            memory: 50Mi
           requests:
-            memory: 125Mi
+            memory: 50Mi
       - name: web
         image: docker.cluster.fun/averagemarcus/website-to-remarkable:latest
         imagePullPolicy: Always
@@ -112,6 +107,11 @@ spec:
         ports:
         - containerPort: 8000
           name: web
+        resources:
+          limits:
+            memory: 50Mi
+          requests:
+            memory: 50Mi
 ---
 apiVersion: extensions/v1beta1
 kind: Ingress

tekton/tasks/docker-build-and-publish.yaml

@@ -8,17 +8,13 @@ spec:
   - name: DOCKERFILE
     type: string
     description: The path to the dockerfile to build
-    default: /Dockerfile
+    default: Dockerfile
   - name: CONTEXT
     type: string
     description: The build context used by Docker.
-    default: ./
+    default: .
   - name: IMAGE
     type: string
-    description: Name (reference) of the image to build.
-  - name: EXTRA_ARGS
-    type: string
-    default: ""
   resources:
     inputs:
     - name: src
@@ -29,24 +25,35 @@ spec:
   steps:
   - name: build-and-push
     workingDir: /workspace/src
-    image: gcr.io/kaniko-project/executor:latest
+    image: moby/buildkit:latest
     env:
     - name: DOCKER_CONFIG
-      value: /kaniko/.docker
+      value: /root/.docker
     command:
-    - /kaniko/executor
-    - $(params.EXTRA_ARGS)
-    - --dockerfile=/workspace/src/$(params.DOCKERFILE)
-    - --context=/workspace/src/$(params.CONTEXT)
-    - --destination=$(params.IMAGE)
-    - --oci-layout-path=/workspace/src/image-digest
-    - --digest-file=/tekton/results/IMAGE_DIGEST
-    - --cache=true
+      - sh
+      - -c
+      - |
+        PLATFORMS=$(grep 'PLATFORMS ?= ' Makefile | sed -E 's/^PLATFORMS \?= (.+)$/\1/')
+        if [ -z $PLATFORMS ]; then
+          PLATFORMS=linux/amd64
+        fi
+
+        buildctl-daemonless.sh --debug \
+          build \
+          --progress=plain \
+          --frontend=dockerfile.v0 \
+          --opt filename=$(params.DOCKERFILE) \
+          --opt platform=${PLATFORMS} \
+          --local context=$(params.CONTEXT) \
+          --local dockerfile=. \
+          --output type=image,name=$(params.IMAGE),push=true \
+          --export-cache type=inline \
+          --import-cache type=registry,ref=$(params.IMAGE)
     securityContext:
-      runAsUser: 0
+      privileged: true
     volumeMounts:
       - name: docker-config
-        mountPath: /kaniko/.docker/config.json
+        mountPath: /root/.docker/config.json
         subPath: config.json
   volumes:
     - name: docker-config

terraform/bucket.tf

@@ -7,11 +7,20 @@ output "bucket_id" {
   value = scaleway_object_bucket.kubernetes.id
 }
 
-resource "scaleway_object_bucket" "linx" {
-  name = "cluster.fun-linx"
+resource "scaleway_object_bucket" "outline" {
+  name = "cluster.fun-outline"
   acl  = "private"
 }
 
-output "linx-bucket_id" {
-  value = scaleway_object_bucket.linx.id
+output "outline-bucket_id" {
+  value = scaleway_object_bucket.outline.id
+}
+
+resource "scaleway_object_bucket" "notea" {
+  name = "cluster.fun-notea"
+  acl  = "private"
+}
+
+output "notea-bucket_id" {
+  value = scaleway_object_bucket.notea.id
 }

terraform/kubernetes-charts.tf

@@ -1,30 +1,9 @@
-provider "helm" {
-  kubernetes {
-    load_config_file = false
-    host             = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
-    token            = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
-    cluster_ca_certificate = base64decode(
-      scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
-    )
-  }
-}
-
-data "helm_repository" "stable" {
-  name = "stable"
-  url  = "https://kubernetes-charts.storage.googleapis.com"
-}
-
-data "helm_repository" "fluxcd" {
-  name = "fluxcd"
-  url  = "https://charts.fluxcd.io"
-}
-
 resource "helm_release" "helm-operator" {
   name       = "helm-operator"
-  repository = data.helm_repository.fluxcd.metadata[0].name
+  repository = "https://charts.fluxcd.io"
   chart      = "helm-operator"
 
-  max_history = 4
+  max_history = 3
 
   set {
     name  = "helm.versions"

terraform/kubernetes-cluster.tf

@@ -1,7 +1,7 @@
 resource "scaleway_k8s_cluster_beta" "k8s-cluster" {
   name             = "cluster-fun"
   description      = ""
-  version          = "1.18.3"
+  version          = "1.21.1"
   cni              = "weave"
   enable_dashboard = false
   ingress          = "traefik"

terraform/kubernetes-manifests.tf

@@ -1,31 +0,0 @@
-provider "kubectl" {
-  load_config_file = false
-  host             = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
-  token            = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
-  cluster_ca_certificate = base64decode(
-    scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
-  )
-}
-
-resource "kubectl_manifest" "manifests" {
-  for_each  = fileset(path.module, "../manifests/*")
-  yaml_body = file(each.key)
-}
-
-
-resource "kubectl_manifest" "tekton-install" {
-  for_each  = fileset(path.module, "../tekton/1-Install/*")
-  yaml_body = file(each.key)
-}
-
-resource "kubectl_manifest" "tekton-setup" {
-  for_each  = fileset(path.module, "../tekton/2-Setup/*")
-  yaml_body = file(each.key)
-}
-
-
-resource "kubectl_manifest" "tekton" {
-  for_each  = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*")
-  yaml_body = file(each.key)
-}
-

terraform/provider.tf

@@ -3,3 +3,14 @@ provider "scaleway" {
   region          = "fr-par"
   organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc"
 }
+
+provider "helm" {
+  kubernetes {
+    load_config_file = false
+    host             = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
+    token            = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
+    cluster_ca_certificate = base64decode(
+      scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
+    )
+  }
+}

terraform/versions.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = "1.3.2"
+    }
+    scaleway = {
+      source  = "scaleway/scaleway"
+      version = "1.17.2"
+    }
+  }
+  required_version = ">= 0.13"
+}