AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity

Compare commits

base: AverageMarcus:increase_cluster_max
Branches Tags
AverageMarcus:master AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:increase_cluster_max
...
compare: AverageMarcus:b59327939e653537904a35a44256d0fc4fe705b0
Branches Tags
AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:master AverageMarcus:increase_cluster_max

112 Commits
increase_c ... b59327939e

Author SHA1 Message Date
Marcus Noble
b59327939e Merge branch 'master' of https://git.cluster.fun/AverageMarcus/cluster.fun 2021-05-11 05:40:04 +01:00
Marcus Noble
d760a69e29 Added opengraph-image-gen 2021-05-11 05:32:41 +01:00
AverageMarcus
071a73118c Add Adguard ingress 2021-05-10 11:32:58 +00:00
AverageMarcus
7dcdabd564 Remove buzzers 2021-05-10 09:00:08 +00:00
Marcus Noble
3cdebb541b Added TLS to inlets ingress 2021-05-09 11:17:29 +01:00
Marcus Noble
bbb9aba394 Updated inlets 2021-05-09 11:05:00 +01:00
Marcus Noble
d5e07e29d8 Removed grocy 2021-05-05 14:17:21 +01:00
Marcus Noble
a9c9813870 Updated grocy 2021-05-05 13:59:00 +01:00
Marcus Noble
ffa751ad7f Added barcode-buddy 2021-05-05 13:35:50 +01:00
Marcus Noble
b739031468 Longer startup delay 2021-05-05 12:27:48 +01:00
Marcus Noble
3bef89a27d Disable startup probe 2021-05-05 12:24:18 +01:00
Marcus Noble
964a653710 Create namespace 2021-05-05 11:54:59 +01:00
Marcus Noble
3a2661106b Replace grocy with argo helm chert 2021-05-05 11:43:06 +01:00
Marcus Noble
eb7a82f74e Added https to grocy 2021-05-05 11:37:53 +01:00
Marcus Noble
b9ffeaf626 Added grocy 2021-05-05 11:32:48 +01:00
Marcus Noble
acdc684e62 Dropped replicas back to 1 2021-05-05 09:50:42 +01:00
Marcus Noble
eddfbf4fb7 Bump inlets replicas 2021-05-05 08:37:09 +01:00
Marcus Noble
f67d067cf5 Updated inlets image 2021-05-05 08:35:05 +01:00
Marcus Noble
39ac57b5cb Removed CCTV 2021-05-03 08:15:32 +01:00
Marcus Noble
caa7a68e6f Fix service 2021-05-01 18:51:32 +01:00
Marcus Noble
04608e0cec Added auth to dashboard 2021-05-01 18:00:31 +01:00
Marcus Noble
2aa1628ebc Added reloader 2021-05-01 17:34:07 +01:00
Marcus Noble
a1c447ff73 Bump version of nextcloud 2021-04-10 15:37:48 +01:00
Marcus Noble
a81423ab42 Add redis to Nextcloud 2021-04-10 09:23:19 +01:00
Marcus Noble
ee1a18f169 Switch back to auth proxy 2021-04-07 10:21:25 +01:00
Marcus Noble
6693266ba5 Remove auth from photos 2021-04-06 18:50:35 +01:00
Marcus Noble
91f2fb943c Enabled automated sync 2021-04-05 10:31:04 +01:00
Marcus Noble
6dea278487 Updated analytics dashboard json 2021-04-05 10:29:53 +01:00
Marcus Noble
785e22050d Migrated remaining apps to Argo 2021-04-05 10:27:21 +01:00
Marcus Noble
99eb03aa5f Added inlet for photos 2021-04-05 08:16:14 +01:00
Marcus Noble
1ecc6bf920 Added ArgoCD proxy 2021-04-04 18:51:59 +01:00
Marcus Noble
0295ca8349 Added autosync 2021-04-03 11:48:29 +01:00
Marcus Noble
41fab7f1d4 Added harbor chart 2021-04-03 11:39:12 +01:00
Marcus Noble
5b3d1a0fee Autoscyn 2021-04-03 11:18:12 +01:00
Marcus Noble
404cdb0349 Comment out sync policy 2021-04-03 11:13:19 +01:00
Marcus Noble
a757e95b3d Fix typo 2021-04-03 11:11:06 +01:00
Marcus Noble
28d06d68d3 Removed namespace 2021-04-03 11:08:05 +01:00
Marcus Noble
7f23b96ebc Added cert chart 2021-04-03 11:07:10 +01:00
Marcus Noble
cfef345f93 Added more apps 2021-04-03 10:59:38 +01:00
Marcus Noble
b360920537 Added more apps 2021-04-03 10:26:31 +01:00
Marcus Noble
4ac30f8242 Added more apps 2021-04-03 10:20:57 +01:00
Marcus Noble
f036a70542 Added more apps 2021-04-03 10:15:05 +01:00
Marcus Noble
d39cb1320b Enable autosync 2021-04-03 10:13:36 +01:00
Marcus Noble
da143dce0f Added auto-proxy 2021-04-03 10:01:48 +01:00
Marcus Noble
1f54d2706a Added auto sync 2021-04-03 10:00:30 +01:00
Marcus Noble
9f91c5ef35 Fix ignore 2021-04-03 09:58:15 +01:00
Marcus Noble
468fd9f6a6 Ignore secret value changes 2021-04-03 09:48:00 +01:00
Marcus Noble
5b69611fed Auto create namespace 2021-04-03 09:26:52 +01:00
Marcus Noble
cc38ef42e0 Update anniversary 2021-04-03 09:23:45 +01:00
Marcus Noble
1665ef1e67 Begin argo refactor 2021-04-03 09:16:09 +01:00
Marcus Noble
bbc369afb4 Removed photoprism 2021-04-01 15:27:28 +01:00
Marcus Noble
422ee13940 Added feed-fetcher 2021-04-01 15:26:40 +01:00
Marcus Noble
a7e0b2a913 Added ingress 2021-04-01 15:26:32 +01:00
Marcus Noble
4ebe0bde06 Merge branch 'master' of https://git.cluster.fun/AverageMarcus/cluster.fun 2021-02-27 15:07:49 +00:00
Marcus Noble
030386cc6a Replaced terraform with kubectl calls 2021-02-27 15:07:41 +00:00
Marcus Noble
d1e34ddba0 Disabled auto-upgrade 2021-02-27 15:07:28 +00:00
Marcus Noble
1161564118 Updated nextcloud chart 2021-02-27 15:06:59 +00:00
Marcus Noble
6acdf29d1a Updated analytics dashboard 2021-02-23 08:35:42 +00:00
Marcus Noble
77d23f395a Added tweetsvg 2021-02-18 20:31:36 +00:00
Marcus Noble
9de410bb6e Terraform upgrade 2021-02-10 10:26:47 +00:00
Marcus Noble
b7c90557df Upgrade to Kubenetes 1.20 2021-02-05 21:42:52 +00:00
Marcus Noble
2cf5ce0ace Removed Linx 2021-02-04 21:14:47 +00:00
Marcus Noble
21c16256c7 Bumped harbor version 2021-02-04 21:14:30 +00:00
Marcus Noble
d6fb80ded4 Update analytics dashboard 2021-02-01 15:08:47 +00:00
Marcus Noble
0c334e0827 Update matrix 2021-01-30 07:28:42 +00:00
Marcus Noble
94b62b4c75 Update loki and grafana 2021-01-29 22:34:40 +00:00
Marcus Noble
06b4f07c21 Added VS Code 2020-12-18 08:55:30 +00:00
Marcus Noble
cef5f2ddc1 Always pull git-sync image 2020-12-09 14:03:19 +00:00
Marcus Noble
825447b712 Added git-sync 2020-12-09 12:47:35 +00:00
Marcus Noble
5c06e4c8d7 Added svg-to-dxf 2020-12-09 12:47:28 +00:00
Marcus Noble
34a00954db Increased photoprism storage 2020-11-29 16:19:58 +00:00
Marcus Noble
54af3af2c1 Added photoprism 2020-11-28 23:39:48 +00:00
Marcus Noble
7405481b72 Remove old pvc 2020-11-28 23:38:50 +00:00
Marcus Noble
fa51de4fb6 Updates 2020-11-07 13:29:37 +00:00
Marcus Noble
d29c9ec82c Added new RSS app 2020-10-19 06:05:48 +01:00
Marcus Noble
5f8800f311 Reverted w-2-r 2020-10-15 14:40:59 +01:00
Marcus Noble
eef0a6c22d Bump inlets version 2020-10-14 11:05:40 +01:00
Marcus Noble
d9d71a5dc7 Removed JQ 2020-10-14 10:02:52 +01:00
Marcus Noble
ff99e577cd Added JQ 2020-10-14 09:40:45 +01:00
Marcus Noble
f26d02ca7f Added base64 project 2020-10-13 17:36:48 +01:00
Marcus Noble
94e18c12ea Use a single auth proxy 2020-10-10 16:46:27 +01:00
Marcus Noble
84a9c19d93 Added anniversary 2020-10-03 13:20:33 +01:00
Marcus Noble
8f85a65cbe Added VPN check app 2020-09-22 22:35:40 +01:00
Marcus Noble
22ae249a1f Added download tunnels 2020-09-20 21:18:17 +01:00
Marcus Noble
50f86cc39f Reduce logging 2020-09-18 22:29:12 +01:00
Marcus Noble
295bb89828 Switch Loki to storing in bucket 2020-09-18 20:12:11 +01:00
Marcus Noble
3ab7377253 Added TIL 2020-09-14 18:49:45 +01:00
Marcus Noble
7d2c192b95 Improved multi-arch builds 2020-09-11 21:24:58 +01:00
Marcus Noble
a7a29c0201 Added multi-arch support 2020-09-11 20:56:46 +01:00
Marcus Noble
c40c5b5a33 Fixed probe 2020-09-09 09:42:50 +01:00
Marcus Noble
588348ac31 Added liveness probe to stringer 2020-09-09 09:11:54 +01:00
Marcus Noble
05e04afeff Added Go playground 2020-09-01 15:30:27 +01:00
Marcus Noble
cf2a889e4d Removed SCP archives 2020-08-25 15:25:01 +01:00
Marcus Noble
b838af199d Added scp-archives 2020-08-24 05:58:09 +01:00
Marcus Noble
9f65bf256a Added bucket for storing SCP archives 2020-08-23 11:16:02 +01:00
Marcus Noble
f5a7bb5abb Bump nextcloud version 2020-08-13 21:03:28 +01:00
Marcus Noble
5567ba142a Bumped versions 2020-08-13 20:47:20 +01:00
Marcus Noble
43aa708e09 Updated gitea 2020-07-15 10:18:10 +01:00
Marcus Noble
52339ccbed Update nodered 2020-07-15 10:16:46 +01:00
Marcus Noble
b08f0892be Bump version of riot 2020-07-10 20:02:58 +01:00
Marcus Noble
b60c244b8b Update 'manifests/matrix_chart.yaml' 2020-07-10 16:19:41 +00:00
Marcus Noble
fd26f7b3de Updated paradoxfox 2020-07-08 11:50:11 +01:00
Marcus Noble
e00db9e633 Added Paradoxfox.space 2020-07-04 19:42:10 +01:00
Marcus Noble
b35b34bb7a Added outline 2020-06-27 17:47:35 +01:00
Marcus Noble
85bd64e87e Remove bookstack 2020-06-27 17:47:17 +01:00
Marcus Noble
a80346f8e7 Added bookstack 2020-06-21 15:11:28 +01:00
Marcus Noble
53d8bd48bf Added bucket for octoprint 2020-06-20 14:54:47 +01:00
Marcus Noble
9c8f29e346 Added printer auth endpoint 2020-06-16 20:38:06 +01:00
Marcus Noble
ad3fab4cfd Removed pyload 2020-06-16 20:34:17 +01:00
Marcus Noble
cf0015d1e2 Added service for rpc 2020-06-16 20:34:09 +01:00
Marcus Noble
6ce5744672 Added missing resource types to kube-janitor 2020-06-10 12:24:40 +01:00
Marcus Noble
3d47bc34da Added home assistant tunnel 2020-06-08 18:35:15 +01:00
92 changed files with 2663 additions and 679 deletions
Expand all files Collapse all files

14
Makefile
View File

@@ -47,7 +47,19 @@ ci:
.PHONY: release # Release the latest version of the application .PHONY: release # Release the latest version of the application
release: release:
@cd terraform && terraform apply -auto-approve @cd terraform && terraform apply -auto-approve && \
kubectx admin@clusterfun-scaleway && \
cd ../tekton && \
kubectl apply -f ./1-Install/ && \
kubectl apply -f ./2-Setup/ && \
kubectl apply -f ./bindings/ && \
kubectl apply -f ./conditions/ && \
kubectl apply -f ./eventlisteners/ && \
kubectl apply -f ./pipelines/ && \
kubectl apply -f ./tasks/ && \
kubectl apply -f ./triggertemplates/ && \
cd ../manifests && \
kubectl apply -f ./
.PHONY: help # Show this list of commands .PHONY: help # Show this list of commands
help: help:

39
manifests/dashboard.yaml → manifests/11-year-anniversary/11-year-anniversary.yaml
View File

@@ -1,13 +1,8 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: dashboard
---
apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: docker-config name: docker-config
namespace: dashboard namespace: anniversary
annotations: annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes kube-1password/vault: Kubernetes
@@ -19,8 +14,8 @@ data:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: dashboard name: anniversary
namespace: dashboard namespace: anniversary
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
@@ -28,43 +23,43 @@ spec:
targetPort: web targetPort: web
name: web name: web
selector: selector:
app: dashboard app: anniversary
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: dashboard name: anniversary
namespace: dashboard namespace: anniversary
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: dashboard app: anniversary
template: template:
metadata: metadata:
labels: labels:
app: dashboard app: anniversary
spec: spec:
imagePullSecrets: imagePullSecrets:
- name: docker-config - name: docker-config
containers: containers:
- name: web - name: web
image: docker.cluster.fun/private/dashboard:latest image: docker.cluster.fun/private/11-year-anniversary:latest
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 80 - containerPort: 80
name: web name: web
resources: resources:
limits: limits:
memory: 50Mi memory: 283Mi
requests: requests:
memory: 50Mi memory: 283Mi
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: dashboard name: anniversary
namespace: dashboard namespace: anniversary
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -73,13 +68,13 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- dash.cluster.fun - 11-year-anniversary.marcusnoble.co.uk
secretName: dashboard-ingress secretName: anniversary-ingress
rules: rules:
- host: dash.cluster.fun - host: 11-year-anniversary.marcusnoble.co.uk
http: http:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: dashboard serviceName: anniversary
servicePort: 80 servicePort: 80

24
manifests/_apps/11-year-anniversary.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: anniversary
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: anniversary
name: cluster-fun (scaleway)
source:
path: manifests/11-year-anniversary
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/argocd.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/argocd
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/auth-proxy.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: auth-proxy
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/auth-proxy
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/base64.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: base64
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: base64
name: cluster-fun (scaleway)
source:
path: manifests/base64
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/blackhole.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: blackhole
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: kube-system
name: cluster-fun (scaleway)
source:
path: manifests/blackhole
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/blog.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: blog
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: blog
name: cluster-fun (scaleway)
source:
path: manifests/blog
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

22
manifests/_apps/certmanager_chart.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: cert-manager
name: cluster-fun (scaleway)
source:
path: manifests/certmanager_chart
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/code-server.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: code-server
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/code-server
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/cors-proxy.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cors-proxy
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: cors-proxy
name: cluster-fun (scaleway)
source:
path: manifests/cors-proxy
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/dashboard.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dashboard
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: dashboard
name: cluster-fun (scaleway)
source:
path: manifests/dashboard
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/downloads.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: downloads
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/downloads
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/feed-fetcher.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: feed-fetcher
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: feed-fetcher
name: cluster-fun (scaleway)
source:
path: manifests/feed-fetcher
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/git-sync.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: git-sync
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: git-sync
name: cluster-fun (scaleway)
source:
path: manifests/git-sync
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/gitea.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: gitea
name: cluster-fun (scaleway)
source:
path: manifests/gitea
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/goplayground.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: goplayground
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: goplayground
name: cluster-fun (scaleway)
source:
path: manifests/goplayground
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

22
manifests/_apps/harbor_chart.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: harbor
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: harbor
name: cluster-fun (scaleway)
source:
path: manifests/harbor_chart
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/inlets.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: inlets
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/inlets
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/jackett.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: jackett
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/jackett
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/kube-janitor.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kube-janitor
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: kube-janitor
name: cluster-fun (scaleway)
source:
path: manifests/kube-janitor
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/loki_chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: logging
name: cluster-fun (scaleway)
source:
path: manifests/loki_chart
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/matrix_chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: matrix
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: chat
name: cluster-fun (scaleway)
source:
path: manifests/matrix_chart
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/nextcloud_chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nextcloud
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: nextcloud
name: cluster-fun (scaleway)
source:
path: manifests/nextcloud_chart
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/nodered.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nodered
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: node-red
name: cluster-fun (scaleway)
source:
path: manifests/nodered
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/opengraph-image-gen.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: opengraph
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: opengraph
name: cluster-fun (scaleway)
source:
path: manifests/opengraph
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/outline.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: outline
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: outline
name: cluster-fun (scaleway)
source:
path: manifests/outline
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/paradoxfox.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: paradoxfox
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: paradoxfox
name: cluster-fun (scaleway)
source:
path: manifests/paradoxfox
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/photos.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: photos
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: photos
name: cluster-fun (scaleway)
source:
path: manifests/photos
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/printer.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: printer
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/printer
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/qr.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: qr
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: qr
name: cluster-fun (scaleway)
source:
path: manifests/qr
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/radarr.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: radarr
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/radarr
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

22
manifests/_apps/reloader.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: reloader
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
destination:
namespace: kube-system
server: 'https://kubernetes.default.svc'
source:
repoURL: 'https://stakater.github.io/stakater-charts'
targetRevision: v0.0.89
chart: reloader
syncPolicy:
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/rss.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: rss
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: rss
name: cluster-fun (scaleway)
source:
path: manifests/rss
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/sonarr.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sonarr
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/sonarr
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/svg-to-dxf.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: svg-to-dxf
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: svg-to-dxf
name: cluster-fun (scaleway)
source:
path: manifests/svg-to-dxf
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/talks.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: talks
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: talks
name: cluster-fun (scaleway)
source:
path: manifests/talks
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/til.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: til
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: til
name: cluster-fun (scaleway)
source:
path: manifests/til
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/traefik-lb.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik-lb
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: kube-system
name: cluster-fun (scaleway)
source:
path: manifests/traefik-lb
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/transmission.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: transmission
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: inlets
name: cluster-fun (scaleway)
source:
path: manifests/transmission
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/tweetsvg.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: tweetsvg
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: tweetsvg
name: cluster-fun (scaleway)
source:
path: manifests/tweetsvg
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/twitter-profile-pic.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: twitter-profile-pic
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: twitter-profile-pic
name: cluster-fun (scaleway)
source:
path: manifests/twitter-profile-pic
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

24
manifests/_apps/website-to-remarkable.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: website-to-remarkable
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: website-to-remarkable
name: cluster-fun (scaleway)
source:
path: manifests/website-to-remarkable
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

25
manifests/argocd/argocd.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argo
namespace: inlets
labels:
app: argo
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- argo.cluster.fun
secretName: argo-ingress
rules:
- host: argo.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

83
manifests/auth-proxy/auth-proxy.yaml Normal file
View File

@@ -0,0 +1,83 @@
apiVersion: v1
kind: Secret
metadata:
name: auth-proxy
namespace: inlets
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-proxy
namespace: inlets
labels:
app: auth-proxy
spec:
replicas: 1
selector:
matchLabels:
app: auth-proxy
template:
metadata:
labels:
app: auth-proxy
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
- --cookie-expire=336h0m0s
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: auth-proxy
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: auth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v6.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: v1
kind: Service
metadata:
name: auth-proxy
namespace: inlets
labels:
app: auth-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: auth-proxy
type: ClusterIP

39
manifests/buzzers.yaml → manifests/base64/base64.yaml
View File

@@ -1,13 +1,8 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: buzzers
---
apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: buzzers name: base64
namespace: buzzers namespace: base64
spec: spec:
type: ClusterIP type: ClusterIP
ports: ports:
@@ -15,41 +10,43 @@ spec:
targetPort: web targetPort: web
name: web name: web
selector: selector:
app: buzzers app: base64
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: buzzers name: base64
namespace: buzzers namespace: base64
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: buzzers app: base64
template: template:
metadata: metadata:
labels: labels:
app: buzzers app: base64
spec: spec:
imagePullSecrets:
- name: docker-config
containers: containers:
- name: web - name: web
image: docker.cluster.fun/averagemarcus/buzzers:latest image: docker.cluster.fun/averagemarcus/base64:latest
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 80 - containerPort: 80
name: web name: web
resources: resources:
limits: limits:
memory: 283Mi memory: 10Mi
requests: requests:
memory: 283Mi memory: 10Mi
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: buzzers name: base64
namespace: buzzers namespace: base64
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -58,13 +55,13 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- buzzers.cluster.fun - base64.cluster.fun
secretName: buzzers-ingress secretName: base64-ingress
rules: rules:
- host: buzzers.cluster.fun - host: base64.cluster.fun
http: http:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: buzzers serviceName: base64
servicePort: 80 servicePort: 80

0
manifests/blackhole.yaml → manifests/blackhole/blackhole.yaml
View File

5
manifests/blog.yaml → manifests/blog/blog.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: blog
---
apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: blog name: blog

0
manifests/certmanager_chart.yaml → manifests/certmanager_chart/certmanager_chart.yaml
View File

23
manifests/code-server/code-server.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: code
namespace: inlets
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- code.cluster.fun
secretName: code-ingress
rules:
- host: code.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

5
manifests/cors-proxy.yaml → manifests/cors-proxy/cors-proxy.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: cors-proxy
---
apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: cors-proxy name: cors-proxy

101
manifests/cctv.yaml → manifests/dashboard/dashboard.yaml
View File

@@ -1,44 +1,66 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Secret
metadata: metadata:
name: cctv name: docker-config
namespace: dashboard
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: cctv-auth name: dashboard-auth
namespace: cctv namespace: dashboard
annotations: annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes kube-1password/vault: Kubernetes
type: Opaque type: Opaque
--- ---
apiVersion: v1
kind: Service
metadata:
name: dashboard
namespace: dashboard
spec:
type: ClusterIP
ports:
- port: 80
targetPort: auth
name: web
selector:
app: dashboard
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: cctv-auth name: dashboard
namespace: cctv namespace: dashboard
labels:
app: cctv-auth
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: cctv-auth app: dashboard
template: template:
metadata: metadata:
labels: labels:
app: cctv-auth app: dashboard
spec: spec:
imagePullSecrets:
- name: docker-config
containers: containers:
- args: - args:
- --cookie-secure=false - --cookie-secure=false
- --provider=oidc - --provider=oidc
- --provider-display-name=Auth0 - --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local - --upstream=http://localhost:80
- --http-address=$(HOST_IP):8080 - --http-address=$(HOST_IP):8000
- --redirect-url=https://cctv.cluster.fun/oauth2/callback - --redirect-url=https://dash.cluster.fun/oauth2/callback
- --email-domain=* - --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false - --pass-basic-auth=false
- --pass-access-token=false - --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
@@ -53,47 +75,42 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: username key: username
name: cctv-auth name: dashboard-auth
- name: OAUTH2_PROXY_CLIENT_SECRET - name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: password key: password
name: cctv-auth name: dashboard-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy name: oauth-proxy
ports: ports:
- containerPort: 8080 - containerPort: 8000
protocol: TCP protocol: TCP
name: auth
resources:
limits:
memory: 125Mi
requests:
memory: 125Mi
- name: web
image: docker.cluster.fun/private/dashboard:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources: resources:
limits: limits:
memory: 50Mi memory: 50Mi
requests: requests:
memory: 50Mi memory: 50Mi
--- ---
apiVersion: v1
kind: Service
metadata:
name: cctv-auth
namespace: cctv
labels:
app: cctv-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: cctv-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: cctv-auth name: dashboard
namespace: cctv namespace: dashboard
labels:
app: cctv-auth
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -102,13 +119,13 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- cctv.cluster.fun - dash.cluster.fun
secretName: cctv-ingress secretName: dashboard-ingress
rules: rules:
- host: cctv.cluster.fun - host: dash.cluster.fun
http: http:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: cctv-auth serviceName: dashboard
servicePort: 80 servicePort: 80

25
manifests/downloads/downloads.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: downloads-auth
namespace: inlets
labels:
app: downloads-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- downloads.cluster.fun
secretName: downloads-ingress
rules:
- host: downloads.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

64
manifests/feed-fetcher/feed-fetcher.yaml Normal file
View File

@@ -0,0 +1,64 @@
apiVersion: v1
kind: Service
metadata:
name: feed-fetcher
namespace: feed-fetcher
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: feed-fetcher
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: feed-fetcher
namespace: feed-fetcher
spec:
replicas: 2
selector:
matchLabels:
app: feed-fetcher
template:
metadata:
labels:
app: feed-fetcher
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/feed-fetcher:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: web
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: feed-fetcher
namespace: feed-fetcher
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- feed-fetcher.cluster.fun
secretName: feed-fetcher-ingress
rules:
- host: feed-fetcher.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: feed-fetcher
port:
number: 80

89
manifests/git-sync/git-sync.yaml Normal file
View File

@@ -0,0 +1,89 @@
apiVersion: v1
kind: Secret
metadata:
name: git-sync-github
namespace: git-sync
annotations:
kube-1password: cfo2ufhgem57clbscxetxgevue
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
name: git-sync-gitea
namespace: git-sync
annotations:
kube-1password: b7kpdlcvt7y63bozu3i4j4lojm
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
name: git-sync-gitlab
namespace: git-sync
annotations:
kube-1password: t47v3xdgadiifgoi4wmqibrlty
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
name: git-sync-bitbucket
namespace: git-sync
annotations:
kube-1password: adrki45krr2tq34sug7dhdk5iy
kube-1password/vault: Kubernetes
kube-1password/password-key: token
type: Opaque
data:
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: git-sync
namespace: git-sync
spec:
schedule: "0 */1 * * *"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
containers:
- name: sync
image: docker.cluster.fun/averagemarcus/git-sync:latest
imagePullPolicy: Always
env:
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-github
key: token
- name: GITEA_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-gitea
key: token
- name: GITLAB_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-gitlab
key: token
- name: BITBUCKET_TOKEN
valueFrom:
secretKeyRef:
name: git-sync-bitbucket
key: token
restartPolicy: Never

7
manifests/gitea.yaml → manifests/gitea/gitea.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: gitea
---
apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: gitea-secret-key name: gitea-secret-key
@@ -47,7 +42,7 @@ spec:
spec: spec:
containers: containers:
- name: git - name: git
image: gitea/gitea:1.11 image: gitea/gitea:1.12.3
env: env:
- name: APP_NAME - name: APP_NAME
value: "Git" value: "Git"

61
manifests/goplayground/goplayground.yaml Normal file
View File

@@ -0,0 +1,61 @@
apiVersion: v1
kind: Service
metadata:
name: goplayground
namespace: goplayground
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: goplayground
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: goplayground
namespace: goplayground
spec:
replicas: 1
selector:
matchLabels:
app: goplayground
template:
metadata:
labels:
app: goplayground
spec:
containers:
- name: web
image: x1unix/go-playground:1.6.2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
name: web
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: goplayground
namespace: goplayground
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- go.cluster.fun
secretName: goplayground-ingress
rules:
- host: go.cluster.fun
http:
paths:
- path: /
backend:
serviceName: goplayground
servicePort: 80

5
manifests/harbor_chart.yaml → manifests/harbor_chart/harbor_chart.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart: chart:
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
name: harbor name: harbor
version: 1.3.2 version: 1.5.3
maxHistory: 4 maxHistory: 4
skipCRDs: false skipCRDs: false
valuesFrom: valuesFrom:
@@ -33,6 +33,8 @@ spec:
key: values.yaml key: values.yaml
optional: false optional: false
values: values:
updateStrategy:
type: Recreate
portal: portal:
resources: resources:
requests: requests:
@@ -54,4 +56,3 @@ spec:
resources: resources:
requests: requests:
memory: 64Mi memory: 64Mi

86
manifests/inlets.yaml → manifests/inlets/inlets.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: inlets
---
apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: inlets name: inlets
@@ -49,7 +44,7 @@ spec:
spec: spec:
containers: containers:
- name: inlets - name: inlets
image: inlets/inlets:2.7.0 image: ghcr.io/inlets/inlets:3.0.1
imagePullPolicy: Always imagePullPolicy: Always
command: ["inlets"] command: ["inlets"]
args: args:
@@ -68,7 +63,14 @@ kind: Ingress
metadata: metadata:
name: inlets name: inlets
namespace: inlets namespace: inlets
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
spec: spec:
tls:
- hosts:
- inlets.cluster.fun
secretName: inlets-ingress
rules: rules:
- host: inlets.cluster.fun - host: inlets.cluster.fun
http: http:
@@ -81,7 +83,7 @@ spec:
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: pyload name: home-assistant
namespace: inlets namespace: inlets
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
@@ -91,10 +93,74 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- pyload.cluster.fun - home.cluster.fun
secretName: pyload-ingress secretName: home-assistant-ingress
rules: rules:
- host: pyload.cluster.fun - host: home.cluster.fun
http:
paths:
- path: /
backend:
serviceName: inlets
servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
name: downloads-rpc
namespace: inlets
labels:
app: inlets
spec:
type: ClusterIP
ports:
- port: 80
protocol: TCP
targetPort: 8000
selector:
app: inlets
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: vpn-check
namespace: inlets
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- vpn-check.cluster.fun
secretName: vpn-check-ingress
rules:
- host: vpn-check.cluster.fun
http:
paths:
- path: /
backend:
serviceName: inlets
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: adguard
namespace: inlets
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- adguard.cluster.fun
secretName: adguard-ingress
rules:
- host: adguard.cluster.fun
http: http:
paths: paths:
- path: / - path: /

25
manifests/jackett/jackett.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jackett-auth
namespace: inlets
labels:
app: jackett-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- jackett.cluster.fun
secretName: jackett-ingress
rules:
- host: jackett.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

9
manifests/kube-janitor.yaml → manifests/kube-janitor/kube-janitor.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: kube-janitor
---
apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: kube-janitor name: kube-janitor
@@ -69,6 +64,8 @@ metadata:
version: v20.4.1 version: v20.4.1
name: kube-janitor name: kube-janitor
namespace: kube-janitor namespace: kube-janitor
annotations:
reloader.stakater.com/auto: "true"
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@@ -88,7 +85,7 @@ spec:
- --interval=15 - --interval=15
- --rules-file=/config/rules.yaml - --rules-file=/config/rules.yaml
- --include-namespaces=tekton-pipelines - --include-namespaces=tekton-pipelines
- --include-resources=pods - --include-resources=pods,pipelineruns,taskruns
resources: resources:
limits: limits:
memory: 100Mi memory: 100Mi

114
manifests/linx-server.yaml
View File

@@ -1,114 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: linx-server
---
apiVersion: v1
kind: ConfigMap
metadata:
name: linx-server
namespace: linx-server
data:
linx-server.conf: |-
sitename = share
maxsize = 524288000
maxexpiry = 0
selifpath = f
nologs = false
force-random-filename = false
s3-endpoint = https://s3.fr-par.scw.cloud
s3-region = fr-par
s3-bucket = cluster.fun-linx
---
apiVersion: v1
kind: Secret
metadata:
name: linx-server-s3
namespace: linx-server
annotations:
kube-1password: d5dgclm3qrxd4fntivv26ec3ee
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: linx-server
namespace: linx-server
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: linx-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: linx-server
namespace: linx-server
spec:
replicas: 2
selector:
matchLabels:
app: linx-server
template:
metadata:
labels:
app: linx-server
spec:
containers:
- name: web
image: andreimarcu/linx-server:version-2.3.5
imagePullPolicy: Always
args:
- -config
- /config/linx-server.conf
ports:
- containerPort: 8080
name: web
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: linx-server-s3
key: username
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: linx-server-s3
key: password
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
configMap:
name: linx-server
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: linx-server
namespace: linx-server
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- share.cluster.fun
secretName: linx-server-ingress
rules:
- host: share.cluster.fun
http:
paths:
- path: /
backend:
serviceName: linx-server
servicePort: 80

175
manifests/loki_chart.yaml
View File

@@ -1,175 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: logging
---
apiVersion: v1
kind: Secret
metadata:
name: grafana-credentials
namespace: logging
annotations:
kube-1password: wpynfxkdipeeacyfxkvtdsuj54
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
name: loki
namespace: logging
spec:
chart:
repository: https://grafana.github.io/loki/charts
name: loki-stack
version: 0.36.2
maxHistory: 4
skipCRDs: false
values:
fluent-bit:
enabled: "true"
promtail:
enabled: "true"
loki:
persistence:
enabled: "true"
size: 10Gi
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
name: grafana
namespace: logging
spec:
chart:
repository: https://kubernetes-charts.storage.googleapis.com
name: grafana
version: 5.0.22
maxHistory: 4
skipCRDs: false
values:
image:
tag: 7.0.0
admin:
existingSecret: "grafana-credentials"
userKey: username
passwordKey: password
persistence:
enabled: "false"
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Loki
type: loki
url: http://logging-loki.logging:3100
access: proxy
jsonData:
maxLines: 1000
---
apiVersion: v1
kind: Secret
metadata:
name: grafana-auth
namespace: logging
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana-auth
namespace: logging
labels:
app: grafana-auth
spec:
replicas: 1
selector:
matchLabels:
app: grafana-auth
template:
metadata:
labels:
app: grafana-auth
spec:
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://logging-grafana.logging.svc.cluster.local
- --http-address=$(HOST_IP):8080
- --redirect-url=https://grafana.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: grafana-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: grafana-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy
ports:
- containerPort: 8080
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: grafana-auth
namespace: logging
labels:
app: grafana-auth
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: grafana-auth
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: grafana-auth
namespace: logging
labels:
app: grafana-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- grafana.cluster.fun
secretName: grafana-ingress
rules:
- host: grafana.cluster.fun
http:
paths:
- path: /
backend:
serviceName: grafana-auth
servicePort: 80

201
manifests/loki_chart/loki_chart.yaml Normal file
View File

File diff suppressed because one or more lines are too long

23
manifests/matrix_chart.yaml → manifests/matrix_chart/matrix_chart.yaml
View File

@@ -1,10 +1,3 @@
apiVersion: v1
kind: Namespace
metadata:
name: chat
---
apiVersion: helm.fluxcd.io/v1 apiVersion: helm.fluxcd.io/v1
kind: HelmRelease kind: HelmRelease
metadata: metadata:
@@ -21,13 +14,13 @@ spec:
serverName: "matrix.cluster.fun" serverName: "matrix.cluster.fun"
telemetry: false telemetry: false
hostname: "matrix.cluster.fun" hostname: "matrix.cluster.fun"
presence: true presence: "true"
blockNonAdminInvites: false blockNonAdminInvites: false
search: true enableSearch: "true"
adminEmail: "matrix@marcusnoble.co.uk" adminEmail: "matrix@marcusnoble.co.uk"
uploads: uploads:
maxSize: 100M maxSize: 500M
maxPixels: 32M maxPixels: 64M
federation: federation:
enabled: false enabled: false
allowPublicRooms: false allowPublicRooms: false
@@ -47,7 +40,7 @@ spec:
urlPreviews: urlPreviews:
enabled: true enabled: true
rules: rules:
maxSize: 4M maxSize: 10M
ip: ip:
blacklist: blacklist:
- '127.0.0.0/8' - '127.0.0.0/8'
@@ -74,7 +67,7 @@ spec:
synapse: synapse:
image: image:
repository: "matrixdotorg/synapse" repository: "matrixdotorg/synapse"
tag: v1.12.4 tag: v1.16.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
service: service:
type: ClusterIP type: ClusterIP
@@ -111,7 +104,7 @@ spec:
permalinkPrefix: "https://chat.cluster.fun" permalinkPrefix: "https://chat.cluster.fun"
image: image:
repository: "vectorim/riot-web" repository: "vectorim/riot-web"
tag: v1.6.0 tag: v1.7.18
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
service: service:
type: ClusterIP type: ClusterIP
@@ -204,6 +197,8 @@ kind: Deployment
metadata: metadata:
name: well-known name: well-known
namespace: chat namespace: chat
annotations:
reloader.stakater.com/auto: "true"
spec: spec:
replicas: 1 replicas: 1
selector: selector:

16
manifests/nextcloud_chart.yaml → manifests/nextcloud_chart/nextcloud_chart.yaml
View File

@@ -1,10 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: nextcloud
---
apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: nextcloud-values name: nextcloud-values
@@ -23,9 +17,9 @@ metadata:
namespace: nextcloud namespace: nextcloud
spec: spec:
chart: chart:
repository: https://kubernetes-charts.storage.googleapis.com repository: https://nextcloud.github.io/helm/
name: nextcloud name: nextcloud
version: 1.10.0 version: 2.5.5
maxHistory: 5 maxHistory: 5
valuesFrom: valuesFrom:
- secretKeyRef: - secretKeyRef:
@@ -35,7 +29,9 @@ spec:
optional: false optional: false
values: values:
image: image:
tag: 18-apache tag: 19.0.10-apache
pullPolicy: Always
replicaCount: 2
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
@@ -53,6 +49,8 @@ spec:
enabled: true enabled: true
storageClass: scw-bssd-retain storageClass: scw-bssd-retain
size: 5Gi size: 5Gi
redis:
enabled: true
cronjob: cronjob:
enabled: true enabled: true
resources: resources:

7
manifests/nodered.yaml → manifests/nodered/nodered.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: node-red
---
apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: node-red name: node-red
@@ -73,7 +68,7 @@ spec:
mountPath: /data mountPath: /data
containers: containers:
- name: web - name: web
image: nodered/node-red:latest-12 image: nodered/node-red:1.1.3-12
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 1880 - containerPort: 1880

91
manifests/opengraph/opengraph.yaml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: v1
kind: Secret
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
kube-1password: dmjtjxrcpqtmeddq5x7zikj37i
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
name: web
selector:
app: tweetsvg
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
replicas: 2
selector:
matchLabels:
app: tweetsvg
template:
metadata:
labels:
app: tweetsvg
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/tweetsvg:latest
imagePullPolicy: Always
# env:
# - name: DOTENV_DIR
# value: /config/
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: tweetsvg
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- tweet.cluster.fun
secretName: tweetsvg-ingress
rules:
- host: tweet.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tweetsvg
port:
number: 80

119
manifests/outline/outline.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: v1
kind: Secret
metadata:
name: outline
namespace: outline
annotations:
kube-1password: maouivotrbgydslnsukbjrwgja
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: outline
namespace: outline
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: outline
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: outline
namespace: outline
spec:
selector:
matchLabels:
app: outline
serviceName: outline
replicas: 1
template:
metadata:
labels:
app: outline
spec:
containers:
- name: postgres
image: postgres:9-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5432
name: db
env:
- name: POSTGRES_USER
value: user
- name: POSTGRES_PASSWORD
value: pass
- name: POSTGRES_DB
value: outline
- name: PGDATA
value: /var/lib/postgresql/data/outline
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
- name: redis
image: redis:6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 6379
name: redis
- name: outline
image: docker.cluster.fun/averagemarcus/outline:latest
imagePullPolicy: Always
command:
- sh
- -c
- |
sleep 10 && yarn sequelize db:migrate && yarn build && yarn start
ports:
- containerPort: 3000
name: web
volumeMounts:
- mountPath: /opt/outline/.env
subPath: .env
name: outline-env
readOnly: true
volumes:
- name: outline-env
secret:
secretName: outline
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: outline
namespace: outline
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- outline.cluster.fun
secretName: outline-ingress
rules:
- host: outline.cluster.fun
http:
paths:
- path: /
backend:
serviceName: outline
servicePort: 80

123
manifests/paradoxfox/paradoxfox.yaml Normal file
View File

@@ -0,0 +1,123 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: paradoxfox
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: etsy-token
namespace: paradoxfox
annotations:
kube-1password: akkchysgrvhawconx63plt3xgy
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: password
stringData:
password: ""
---
apiVersion: v1
kind: Service
metadata:
name: paradoxfox
namespace: paradoxfox
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 443
name: web
selector:
app: paradoxfox
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: paradoxfox
namespace: paradoxfox
spec:
replicas: 1
selector:
matchLabels:
app: paradoxfox
template:
metadata:
labels:
app: paradoxfox
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: docker.cluster.fun/private/paradoxfox:latest
imagePullPolicy: Always
ports:
- containerPort: 443
name: web
env:
- name: ETSY_TOKEN
valueFrom:
secretKeyRef:
name: etsy-token
key: password
resources:
limits:
memory: 200Mi
requests:
memory: 200Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: paradoxfox
namespace: paradoxfox
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- paradoxfox.space
secretName: paradoxfox-ingress
rules:
- host: paradoxfox.space
http:
paths:
- path: /
backend:
serviceName: paradoxfox
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: paradoxfox-www
namespace: paradoxfox
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- www.paradoxfox.space
secretName: paradoxfox-www-ingress
rules:
- host: www.paradoxfox.space
http:
paths:
- path: /
backend:
serviceName: paradoxfox
servicePort: 80

25
manifests/photos/photos.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: photos
namespace: inlets
labels:
app: photos
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- photos.cluster.fun
secretName: photos-ingress
rules:
- host: photos.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

26
manifests/printer/printer.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: printer-auth
namespace: inlets
labels:
app: printer-auth
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- printer.cluster.fun
secretName: printer-ingress
rules:
- host: printer.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

5
manifests/qr.yaml → manifests/qr/qr.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: qr
---
apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: qr name: qr

25
manifests/radarr/radarr.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: radarr
namespace: inlets
labels:
app: radarr
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- radarr.cluster.fun
secretName: radarr-ingress
rules:
- host: radarr.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

105
manifests/rss.yaml
View File

@@ -1,105 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: rss
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: rss
namespace: rss
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: rss
namespace: rss
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
name: web
selector:
app: rss
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rss
namespace: rss
labels:
app: rss
spec:
replicas: 1
selector:
matchLabels:
app: rss
template:
metadata:
labels:
app: rss
spec:
securityContext:
fsGroup: 1000
dnsConfig:
options:
- name: ndots
value: "2"
containers:
- name: web
image: mdswanson/stringer
env:
- name: SECRET_TOKEN
value: inward-popcorn-decamp-epsilon
- name: PORT
value: "8080"
- name: DATABASE_URL
value: sqlite3:/data/stringer.db
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 308Mi
requests:
memory: 308Mi
volumeMounts:
- mountPath: /data
name: storage
volumes:
- name: storage
persistentVolumeClaim:
claimName: rss
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: rss
namespace: rss
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- rss.cluster.fun
secretName: rss-ingress
rules:
- host: rss.cluster.fun
http:
paths:
- path: /
backend:
serviceName: rss
servicePort: 80
---

117
manifests/downloads.yaml → manifests/rss/rss.yaml
View File

@@ -1,44 +1,71 @@
kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata: metadata:
name: downloads name: rss-db
namespace: rss
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: downloads-auth name: rss-auth
namespace: downloads namespace: rss
annotations: annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes kube-1password/vault: Kubernetes
type: Opaque type: Opaque
--- ---
apiVersion: v1
kind: Service
metadata:
name: rss-new
namespace: rss
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8000
name: web
selector:
app: rss
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: downloads-auth name: rss
namespace: downloads namespace: rss
labels: labels:
app: downloads-auth app: rss
spec: spec:
replicas: 1 replicas: 1
strategy:
type: Recreate
selector: selector:
matchLabels: matchLabels:
app: downloads-auth app: rss
template: template:
metadata: metadata:
labels: labels:
app: downloads-auth app: rss
spec: spec:
dnsConfig:
options:
- name: ndots
value: "2"
containers: containers:
- args: - args:
- --cookie-secure=false - --cookie-secure=false
- --provider=oidc - --provider=oidc
- --provider-display-name=Auth0 - --provider-display-name=Auth0
- --upstream=http://inlets.inlets.svc.cluster.local - --upstream=http://localhost:8080
- --http-address=$(HOST_IP):8080 - --http-address=$(HOST_IP):8000
- --redirect-url=https://downloads.cluster.fun/oauth2/callback - --redirect-url=https://rss.cluster.fun/oauth2/callback
- --email-domain=* - --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false - --pass-basic-auth=false
- --pass-access-token=false - --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
@@ -53,47 +80,50 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: username key: username
name: downloads-auth name: rss-auth
- name: OAUTH2_PROXY_CLIENT_SECRET - name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: password key: password
name: downloads-auth name: rss-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
name: oauth-proxy name: oauth-proxy
ports: ports:
- containerPort: 8080 - containerPort: 8000
protocol: TCP protocol: TCP
resources: resources:
limits: limits:
memory: 250Mi memory: 125Mi
requests: requests:
memory: 250Mi memory: 125Mi
--- - name: web
apiVersion: v1 image: docker.cluster.fun/averagemarcus/gopherss:latest
kind: Service env:
metadata: - name: PORT
name: downloads-auth value: "8080"
namespace: downloads - name: DB_PATH
labels: value: /data/feeds.db
app: downloads-auth ports:
spec: - containerPort: 8080
ports: name: web
- name: http resources:
port: 80 limits:
protocol: TCP memory: 308Mi
targetPort: 8080 requests:
selector: memory: 308Mi
app: downloads-auth volumeMounts:
type: ClusterIP - mountPath: /data
name: storage
volumes:
- name: storage
persistentVolumeClaim:
claimName: rss-db
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: downloads-auth name: rss
namespace: downloads namespace: rss
labels:
app: downloads-auth
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https traefik.ingress.kubernetes.io/frontend-entry-points: http,https
@@ -102,14 +132,15 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- downloads.cluster.fun - rss.cluster.fun
secretName: downloads-ingress secretName: rss-ingress
rules: rules:
- host: downloads.cluster.fun - host: rss.cluster.fun
http: http:
paths: paths:
- path: / - path: /
backend: backend:
serviceName: downloads-auth serviceName: rss-new
servicePort: 80 servicePort: 80
---

25
manifests/sonarr/sonarr.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sonarr
namespace: inlets
labels:
app: sonarr
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- sonarr.cluster.fun
secretName: sonarr-ingress
rules:
- host: sonarr.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

63
manifests/svg-to-dxf/svg-to-dxf.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: v1
kind: Service
metadata:
name: svg-to-dxf
namespace: svg-to-dxf
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: svg-to-dxf
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: svg-to-dxf
namespace: svg-to-dxf
spec:
replicas: 1
selector:
matchLabels:
app: svg-to-dxf
template:
metadata:
labels:
app: svg-to-dxf
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/svg-to-dxf:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
name: web
resources:
requests:
memory: 100Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: svg-to-dxf
namespace: svg-to-dxf
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- svg-to-dxf.cluster.fun
secretName: svg-to-dxf-ingress
rules:
- host: svg-to-dxf.cluster.fun
http:
paths:
- path: /
backend:
serviceName: svg-to-dxf
servicePort: 80

69
manifests/talks/talks.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: v1
kind: Service
metadata:
name: talks
namespace: talks
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: talks
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talks
namespace: talks
spec:
replicas: 2
selector:
matchLabels:
app: talks
template:
metadata:
labels:
app: talks
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/talks:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: talks
namespace: talks
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- talks.marcusnoble.co.uk
secretName: talks-ingress
rules:
- host: talks.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: talks
port:
number: 80

66
manifests/til/til.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: v1
kind: Service
metadata:
name: til
namespace: til
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: til
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: til
namespace: til
spec:
replicas: 2
selector:
matchLabels:
app: til
template:
metadata:
labels:
app: til
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/til:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: til
namespace: til
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- til.marcusnoble.co.uk
secretName: til-ingress
rules:
- host: til.marcusnoble.co.uk
http:
paths:
- path: /
backend:
serviceName: til
servicePort: 80

2
manifests/traefik-lb.yaml → manifests/traefik-lb/traefik-lb.yaml
View File

@@ -46,7 +46,7 @@ spec:
- --defaultentrypoints=http,https - --defaultentrypoints=http,https
- --entrypoints=Name:https Address::443 TLS - --entrypoints=Name:https Address::443 TLS
- --entrypoints=Name:http Address::80 - --entrypoints=Name:http Address::80
- --accesslog - --accesslog=true
- --accesslog.format=json - --accesslog.format=json
image: docker.io/traefik:1.7 image: docker.io/traefik:1.7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent

25
manifests/transmission/transmission.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: transmission
namespace: inlets
labels:
app: transmission
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- transmission.cluster.fun
secretName: transmission-ingress
rules:
- host: transmission.cluster.fun
http:
paths:
- path: /
backend:
serviceName: auth-proxy
servicePort: 80

69
manifests/tweetsvg/tweetsvg.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: v1
kind: Service
metadata:
name: opengraph
namespace: opengraph
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: opengraph
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: opengraph
namespace: opengraph
spec:
replicas: 2
selector:
matchLabels:
app: opengraph
template:
metadata:
labels:
app: opengraph
spec:
containers:
- name: web
image: docker.cluster.fun/averagemarcus/opengraph:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: opengraph
namespace: opengraph
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- opengraph.cluster.fun
secretName: opengraph-ingress
rules:
- host: opengraph.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: opengraph
port:
number: 80

30
manifests/twitter-profile-pic.yaml → manifests/twitter-profile-pic/twitter-profile-pic.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: twitter-profile-pic
---
apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: twitter-profile-pic name: twitter-profile-pic
@@ -111,3 +106,28 @@ spec:
backend: backend:
serviceName: twitter-profile-pic serviceName: twitter-profile-pic
servicePort: 80 servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: twitter-profile-pic-cluster-fun
namespace: twitter-profile-pic
annotations:
cert-manager.io/cluster-issuer: letsencrypt
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
spec:
tls:
- hosts:
- twitter-profile-pic.cluster.fun
secretName: twitter-profile-pic-cluster-fun-ingress
rules:
- host: twitter-profile-pic.cluster.fun
http:
paths:
- path: /
backend:
serviceName: twitter-profile-pic
servicePort: 80

5
manifests/website-to-remarkable.yaml → manifests/website-to-remarkable/website-to-remarkable.yaml
View File

@@ -1,9 +1,4 @@
apiVersion: v1 apiVersion: v1
kind: Namespace
metadata:
name: website-to-remarkable
---
apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: website-to-remarkable-auth name: website-to-remarkable-auth

43
tekton/tasks/docker-build-and-publish.yaml
View File

@@ -8,17 +8,13 @@ spec:
- name: DOCKERFILE - name: DOCKERFILE
type: string type: string
description: The path to the dockerfile to build description: The path to the dockerfile to build
default: /Dockerfile default: Dockerfile
- name: CONTEXT - name: CONTEXT
type: string type: string
description: The build context used by Docker. description: The build context used by Docker.
default: ./ default: .
- name: IMAGE - name: IMAGE
type: string type: string
description: Name (reference) of the image to build.
- name: EXTRA_ARGS
type: string
default: ""
resources: resources:
inputs: inputs:
- name: src - name: src
@@ -29,24 +25,35 @@ spec:
steps: steps:
- name: build-and-push - name: build-and-push
workingDir: /workspace/src workingDir: /workspace/src
image: gcr.io/kaniko-project/executor:latest image: moby/buildkit:latest
env: env:
- name: DOCKER_CONFIG - name: DOCKER_CONFIG
value: /kaniko/.docker value: /root/.docker
command: command:
- /kaniko/executor - sh
- $(params.EXTRA_ARGS) - -c
- --dockerfile=/workspace/src/$(params.DOCKERFILE) - |
- --context=/workspace/src/$(params.CONTEXT) PLATFORMS=$(grep 'PLATFORMS ?= ' Makefile | sed -E 's/^PLATFORMS \?= (.+)$/\1/')
- --destination=$(params.IMAGE) if [ -z $PLATFORMS ]; then
- --oci-layout-path=/workspace/src/image-digest PLATFORMS=linux/amd64
- --digest-file=/tekton/results/IMAGE_DIGEST fi
- --cache=true
buildctl-daemonless.sh --debug \
build \
--progress=plain \
--frontend=dockerfile.v0 \
--opt filename=$(params.DOCKERFILE) \
--opt platform=${PLATFORMS} \
--local context=$(params.CONTEXT) \
--local dockerfile=. \
--output type=image,name=$(params.IMAGE),push=true \
--export-cache type=inline \
--import-cache type=registry,ref=$(params.IMAGE)
securityContext: securityContext:
runAsUser: 0 privileged: true
volumeMounts: volumeMounts:
- name: docker-config - name: docker-config
mountPath: /kaniko/.docker/config.json mountPath: /root/.docker/config.json
subPath: config.json subPath: config.json
volumes: volumes:
- name: docker-config - name: docker-config

8
terraform/bucket.tf
View File

@@ -7,11 +7,11 @@ output "bucket_id" {
value = scaleway_object_bucket.kubernetes.id value = scaleway_object_bucket.kubernetes.id
} }
resource "scaleway_object_bucket" "linx" { resource "scaleway_object_bucket" "outline" {
name = "cluster.fun-linx" name = "cluster.fun-outline"
acl = "private" acl = "private"
} }
output "linx-bucket_id" { output "outline-bucket_id" {
value = scaleway_object_bucket.linx.id value = scaleway_object_bucket.outline.id
} }

25
terraform/kubernetes-charts.tf
View File

@@ -1,30 +1,9 @@
provider "helm" {
kubernetes {
load_config_file = false
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
cluster_ca_certificate = base64decode(
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
)
}
}
data "helm_repository" "stable" {
name = "stable"
url = "https://kubernetes-charts.storage.googleapis.com"
}
data "helm_repository" "fluxcd" {
name = "fluxcd"
url = "https://charts.fluxcd.io"
}
resource "helm_release" "helm-operator" { resource "helm_release" "helm-operator" {
name = "helm-operator" name = "helm-operator"
repository = data.helm_repository.fluxcd.metadata[0].name repository = "https://charts.fluxcd.io"
chart = "helm-operator" chart = "helm-operator"
max_history = 4 max_history = 3
set { set {
name = "helm.versions" name = "helm.versions"

2
terraform/kubernetes-cluster.tf
View File

@@ -1,7 +1,7 @@
resource "scaleway_k8s_cluster_beta" "k8s-cluster" { resource "scaleway_k8s_cluster_beta" "k8s-cluster" {
name = "cluster-fun" name = "cluster-fun"
description = "" description = ""
version = "1.18.3" version = "1.20"
cni = "weave" cni = "weave"
enable_dashboard = false enable_dashboard = false
ingress = "traefik" ingress = "traefik"

31
terraform/kubernetes-manifests.tf
View File

@@ -1,31 +0,0 @@
provider "kubectl" {
load_config_file = false
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
cluster_ca_certificate = base64decode(
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
)
}
resource "kubectl_manifest" "manifests" {
for_each = fileset(path.module, "../manifests/*")
yaml_body = file(each.key)
}
resource "kubectl_manifest" "tekton-install" {
for_each = fileset(path.module, "../tekton/1-Install/*")
yaml_body = file(each.key)
}
resource "kubectl_manifest" "tekton-setup" {
for_each = fileset(path.module, "../tekton/2-Setup/*")
yaml_body = file(each.key)
}
resource "kubectl_manifest" "tekton" {
for_each = fileset(path.module, "../tekton/{bindings,conditions,eventlisteners,pipelines,tasks,triggertemplates}/*")
yaml_body = file(each.key)
}

11
terraform/provider.tf
View File

@@ -3,3 +3,14 @@ provider "scaleway" {
region = "fr-par" region = "fr-par"
organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc" organization_id = "5c1e5e2a-a6cd-4eb3-907f-2a83a29668fc"
} }
provider "helm" {
kubernetes {
load_config_file = false
host = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].host
token = scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].token
cluster_ca_certificate = base64decode(
scaleway_k8s_cluster_beta.k8s-cluster.kubeconfig[0].cluster_ca_certificate
)
}
}

13
terraform/versions.tf Normal file
View File

@@ -0,0 +1,13 @@
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "1.3.2"
}
scaleway = {
source = "scaleway/scaleway"
version = "1.17.2"
}
}
required_version = ">= 0.13"
}