Compare commits
	
		
			1048 Commits
		
	
	
		
			increase_c
			...
			b992f1e5cd
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| b992f1e5cd | |||
| 2c030d052c | |||
| 507ba97dd3 | |||
| d58ff64e0d | |||
| f379e384b5 | |||
| 54d873e8df | |||
| 6f9bd6056c | |||
| 21f400d517 | |||
| 86b78861aa | |||
| 31b827b422 | |||
| 3fd2eb137c | |||
| e59cb4aea8 | |||
| ebfc61d889 | |||
| 19fa16f426 | |||
| ba38793deb | |||
| c2ad0c89fc | |||
| f86b626f25 | |||
| 0c646191f6 | |||
| 05dffbd825 | |||
| 6fb995919e | |||
| d7e7b2d5d0 | |||
| b5d6d801fb | |||
| d1bb4aba68 | |||
| 3dc3a78a1e | |||
| 954c7e22d7 | |||
| 14221c8d08 | |||
| 807054af80 | |||
| ed2b205151 | |||
| 54a40d7a8f | |||
| c21b70cb91 | |||
| ab0e152c4c | |||
| 782128860a | |||
| 850005f41c | |||
| 01a3259bb0 | |||
| 7d8953861d | |||
| 965089aa3c | |||
| e71050714b | |||
| 936943c24a | |||
| 66734265eb | |||
| 61e3be939e | |||
| e65858bcd4 | |||
| 2addee0322 | |||
| bdf95f0bf5 | |||
| 27a86fd831 | |||
| 7acfcd52ce | |||
| a1d692786a | |||
| a1cde6e991 | |||
| ed725001a1 | |||
| 250f36f34c | |||
| 7fc9e3bd46 | |||
| 5fcc85e764 | |||
| 6c8fce49f3 | |||
| 797525f108 | |||
| 49b76f20b0 | |||
| f378cb63c0 | |||
| c9a772af43 | |||
| 7797cac68e | |||
| b224a7bf6e | |||
| ae1e7f99ab | |||
| ca00356f3e | |||
| f8ede83f25 | |||
| 3c8378c27c | |||
| e753d51af3 | |||
| 7665d9df58 | |||
| 0349d2d303 | |||
| 629cb72a88 | |||
| 0e692eaf30 | |||
| 6b9e8d42b7 | |||
| b06982957a | |||
| 8b887f3f86 | |||
| f7405c92a9 | |||
| 866886975b | |||
| 07fa76c9b0 | |||
| ca6d26ae7d | |||
| c9a032c6ec | |||
| e825fe3283 | |||
| c6ffad092b | |||
| 11973aa7ed | |||
| 9cb0cb44b2 | |||
| ab75dbe6d1 | |||
| 3bc89b9671 | |||
| cf1968db69 | |||
| c96e8d5fdb | |||
| fd12332971 | |||
| 10c02f4091 | |||
| 2e076a4a6c | |||
| 93a712cb3d | |||
| 2cb4f99ea0 | |||
| e2ab609918 | |||
| 017e7cbe39 | |||
| cc3722f757 | |||
| 5e03e9c171 | |||
| e89cfb5423 | |||
| 69ebd54e92 | |||
| c5abec2a3f | |||
| fd11f04a1e | |||
| 3a64a3da4d | |||
| 9a3e3a6d54 | |||
| 6f3f18c78b | |||
| ca9a2801db | |||
| d32af71cd4 | |||
| a0c0d77614 | |||
| 2458c2e2eb | |||
| b659a624b7 | |||
| 14002a1f4e | |||
| 5779121e54 | |||
| 8aa63aa094 | |||
| 146ee4011f | |||
| 42c88127d3 | |||
| 05b1b45f00 | |||
| ff63612f5e | |||
| 5eb3bf3284 | |||
| 0480399671 | |||
| ee31dc1f3d | |||
| b3af4279c5 | |||
| 4b4a517871 | |||
| d6e3524eff | |||
| 354c5f74a0 | |||
| 74321a8507 | |||
| 0c7af2f339 | |||
| 29498edbd8 | |||
| 9dbae083e9 | |||
| 45607188c9 | |||
| 9f4319d5c4 | |||
| 5a3880d9eb | |||
| 000bfcc5f3 | |||
| 2076410442 | |||
| babea1d5db | |||
| f371943047 | |||
| 40a0267b0d | |||
| 51e539beda | |||
| 69e7b9778a | |||
| 854d36b8ba | |||
| 1348c006a2 | |||
| 4ade56fd21 | |||
| 6521c924d7 | |||
| f52f5ad0f2 | |||
| 41810d824d | |||
| c33672dfcc | |||
| 68d41e2bd3 | |||
| 259dfb10b7 | |||
| 2040f4da14 | |||
| f562c0e3b9 | |||
| 107135c39c | |||
| 66859a9ec9 | |||
| 0db769dab1 | |||
| 65d8ade8bc | |||
| 7434f6a47d | |||
| 9d59c7f8f5 | |||
| 4457b1963c | |||
| 471a5f8eb7 | |||
| a7648d5474 | |||
| e1a8c5a19a | |||
| c897678826 | |||
| 76c9b91de7 | |||
| 3706172447 | |||
| 38a060d48f | |||
| bb8e740408 | |||
| ee8556594d | |||
| 58526df9aa | |||
| da58f452dc | |||
| d775ec2ad9 | |||
| 356ec53f21 | |||
| 7ff426bead | |||
| 5d0ee92149 | |||
| bdeeba249b | |||
| 8e24fc7631 | |||
| 3041ef4e14 | |||
| 3adb2d4fe0 | |||
| 4df2f5f67d | |||
| a1a99ca7be | |||
| 82bdf1889c | |||
| f96c280679 | |||
| 3171059c82 | |||
| bbd7152f81 | |||
| a9406155a9 | |||
| eb582398cd | |||
| 4add915432 | |||
| 711cf72ba3 | |||
| 7db52ff40e | |||
| 93fdb2fb59 | |||
| 6c545f3add | |||
| b5be26cafb | |||
| 4380a517f0 | |||
| fe3b58432f | |||
| e7a207cf65 | |||
| 65bffc17d2 | |||
| 5d31f867d2 | |||
| 9cd6c92728 | |||
| 5a91aa8bfb | |||
| b00ff7fb8a | |||
| 3413ea6d72 | |||
| 790e45c752 | |||
| dccbff710e | |||
| fbe19b2c7b | |||
| d5f4453859 | |||
| 8295c79897 | |||
| d6bf0075f1 | |||
| dab444bb4e | |||
| b123ba197f | |||
| 216f78d4ae | |||
| 6a96162982 | |||
| 0edc643254 | |||
| e353989764 | |||
| 2cc19c9fb0 | |||
| 7736927d0b | |||
| c31e965aa4 | |||
| f488b44ed6 | |||
| da74962f7f | |||
| 325b6c1475 | |||
| 3cd37f747e | |||
| 5c5ae1d13c | |||
| f3e21d0edb | |||
| e24ce989a5 | |||
| dcd1ea905a | |||
| b774e2d661 | |||
| ee8cb57126 | |||
| e3dd9542df | |||
| df43cdcdf7 | |||
| 026565dcf5 | |||
| 524377b0ee | |||
| a109a3dbb0 | |||
| d60b4722be | |||
| 4516184e57 | |||
| ec48552dd1 | |||
| 31efb5d8e0 | |||
| d248e5f28e | |||
| b0c4beb211 | |||
| 494bd6d91f | |||
| 2648b65df1 | |||
| 8578342aaa | |||
| e5be0e4f4b | |||
| a3b2defb4c | |||
| 9057958444 | |||
| deb829c832 | |||
| 144f5f14d1 | |||
| c9968b3ac7 | |||
| 671e60fb18 | |||
| 34862e4250 | |||
| 50977c6d7f | |||
| 376a11ec2f | |||
| ee0c2b2f53 | |||
| c63c49e5de | |||
| cd8ac71d51 | |||
| 6ed901bf94 | |||
| 2cb765d7e1 | |||
| d35203de49 | |||
| 2735a8a2b1 | |||
| a738134135 | |||
| 55dd830848 | |||
| 2edea7c99f | |||
| 7c46b77d2f | |||
| 3fea0685cb | |||
| 0dfac7ad6f | |||
| a2dbaaa5d0 | |||
| 0809d35c87 | |||
| b9a981b9f1 | |||
| 60e20a3033 | |||
| 4bfe5f6e7c | |||
| 31f4627157 | |||
| 1fbbf253a3 | |||
| e6b1e197b9 | |||
| d1d38e29e6 | |||
| a9410bb024 | |||
| affd78061e | |||
| d44ecda0eb | |||
| af5ece0d51 | |||
| 3319f832e2 | |||
| d53985abb2 | |||
| 40fc4df5a9 | |||
| f84944cbc3 | |||
| 99d87bcab2 | |||
| 139318754c | |||
| fee0773df2 | |||
| 41f2bbc20d | |||
| e98e29cf61 | |||
| 8177432345 | |||
| 152af1446e | |||
| 6f7a91388a | |||
| 8b26ba278e | |||
| aea1284f06 | |||
| a0fa1f9188 | |||
| 9e63b2baa8 | |||
| e09dde470a | |||
| 61196429e5 | |||
| f7e2b540f6 | |||
| a075d33e6e | |||
| de2284eea2 | |||
| 501922b752 | |||
| 4da53c1b3b | |||
| bb52be5104 | |||
| b6241cf063 | |||
| 8a054ae72d | |||
| d59c520f08 | |||
| 285fa8acf1 | |||
| 43364bcccd | |||
| a65aa4ecb8 | |||
| d28fc952ad | |||
| 969e93b84a | |||
| a36ca06efc | |||
| cc7de595d6 | |||
| 2bd795b7ab | |||
| ed62566286 | |||
| cdb91bd2c8 | |||
| d1dfd448dc | |||
| 1e4443228e | |||
| 0833bfd6c2 | |||
| f6e21b3384 | |||
| 8e6d7fb872 | |||
| 757a345305 | |||
| 9cd9af4843 | |||
| e8e49270fd | |||
| f23080fcea | |||
| 09c73669f0 | |||
| beea77e10f | |||
| eb49f8a8e7 | |||
| 3063272114 | |||
| 8e1ccd5226 | |||
| 951c96e10f | |||
| a42f6166a8 | |||
| ea88d428ce | |||
| 047e364896 | |||
| b17ff81e93 | |||
| 8650881d00 | |||
| 6718572645 | |||
| bc933c872f | |||
| 88c85e932e | |||
| 35b0c8dc83 | |||
| 2ed47e80bb | |||
| cfeb0d539a | |||
| 72c157a3c2 | |||
| 3e8eef8bd5 | |||
| b3adebc811 | |||
| 897f5c0134 | |||
| e844020f6d | |||
| 122a1e931e | |||
| 1051422be0 | |||
| 1e4a219e1d | |||
| 472f01eafc | |||
| 356f894e1e | |||
| d584862b48 | |||
| 92e86564d8 | |||
| 82c73f7edf | |||
| 2e0afddacd | |||
| adb78f4c05 | |||
| 134ca701a5 | |||
| 03037cf138 | |||
| 9901c79b19 | |||
| e85c3f7bf8 | |||
| 25d88aba96 | |||
| 6b208d8f37 | |||
| 1378786505 | |||
| 358b1a84f8 | |||
| 5cf2ff7b9c | |||
| 53557db2c7 | |||
| 0ec5e3c03d | |||
| 590bd5d189 | |||
| c15a94a0e5 | |||
| b3696b83e4 | |||
| 73dd4ce53b | |||
| d2a66f01ae | |||
| f7904919b0 | |||
| 84fef23369 | |||
| 8816a16a05 | |||
| 61af5722b9 | |||
| 66525755e1 | |||
| 2f95f861e5 | |||
| 529fa227de | |||
| 1f23859360 | |||
| c75e192acc | |||
| 60699bab2f | |||
| 9825855748 | |||
| 3340682eb6 | |||
| 0f3af49dc7 | |||
| 8d42388c42 | |||
| 7aaaaa4fcc | |||
| 8be3441335 | |||
| a622263981 | |||
| beb3186f4e | |||
| 51bcecc11f | |||
| 2199561756 | |||
| 6394ea6425 | |||
| 0946eeca97 | |||
| d8b65d6922 | |||
| 5c4192a3e7 | |||
| ce1f3caac2 | |||
| 390b43c564 | |||
| 6362db7473 | |||
| 55ae6f1e65 | |||
| bbbfa63a26 | |||
| bca4033897 | |||
| 47920db489 | |||
| 488dd86a36 | |||
| 9607063beb | |||
| 2473ce268c | |||
| 97d9685630 | |||
| e2f06fc4bb | |||
| 9c3c990f68 | |||
| 93c2166c68 | |||
| 6c8d05e7af | |||
| 1ff864d4f2 | |||
| 841fa14c92 | |||
| 14495bae4f | |||
| 9188a96386 | |||
| 5405041ca1 | |||
| 5ac10ca34d | |||
| 9503a11289 | |||
| 98e04eeee4 | |||
| 16e2ca67a4 | |||
| db9d3e4dce | |||
| 7959b7cd8f | |||
| 992d0f4074 | |||
| d3456bf5f4 | |||
| 320bc5c580 | |||
| 42d3fbf52d | |||
| b228f836a0 | |||
| 6106d0153c | |||
| c70aefab29 | |||
| 93a103979b | |||
| 503ae3b474 | |||
| b25c90c33c | |||
| 0889690626 | |||
| 2d7a7bd07f | |||
| dd6a517bdb | |||
| 774880a236 | |||
| 7a4e0ed1fd | |||
| f1f12a80ef | |||
| ad6c462d77 | |||
| 55b1a5c616 | |||
| 4dd60012e9 | |||
| 5c7eb1f5cc | |||
| f4d454f8b3 | |||
| 417535a7c5 | |||
| ccc22df0e5 | |||
| 99ad2f2528 | |||
| 7374305710 | |||
| 9f85eee146 | |||
| 35b4298577 | |||
| 42193d9446 | |||
| d82fa05738 | |||
| 2b91f499bf | |||
| b5217b9014 | |||
| 9ee22ce4b6 | |||
| cdda12487f | |||
| 5a1704649f | |||
| 0c1661eda9 | |||
| b908ff296f | |||
| e5fe78a589 | |||
| 2dac47c855 | |||
| 563b18276e | |||
| 0895a985d4 | |||
| 37ed713705 | |||
| 7c635bed4c | |||
| 9f834fd04a | |||
| 3f045eed41 | |||
| ccb8bafaac | |||
| c02a2eeef9 | |||
| 842aada3b5 | |||
| d125c6883a | |||
| e1766fa88f | |||
| 75f3c49ed7 | |||
| b42e0a4ab8 | |||
| 836f39c4b6 | |||
| 0eb9fbc16c | |||
| a61ba2f590 | |||
| 962c823232 | |||
| 9059026abd | |||
| 7fb48aae74 | |||
| 3f3dfd78d1 | |||
| 1615f833df | |||
| ba01f241d8 | |||
| 66fe678272 | |||
| 25dabe7538 | |||
| c695862948 | |||
| 7b74d330fd | |||
| d9d6d0d268 | |||
| ca743e5705 | |||
| ae61af9749 | |||
| 0c20a69d80 | |||
| df7d27cd70 | |||
| dd76417ad0 | |||
| 083d14a848 | |||
| ab9ba48343 | |||
| 4f1e385019 | |||
| 488afca2c7 | |||
| b4cde10dc3 | |||
| 1a1a75dc3f | |||
| 1410143fcf | |||
| 6af531c830 | |||
| a7d8a87867 | |||
| 0da601a2ac | |||
| 3ca78eef81 | |||
| 359ccc38d5 | |||
| c1e0a62566 | |||
| 8e4c2b46f6 | |||
| b9a30103da | |||
| b974334672 | |||
| 71e50e33c0 | |||
| 4eb8db8e4e | |||
| e199dd8c1f | |||
| 55e244992a | |||
| 9cb3d076e3 | |||
| 596c9930c4 | |||
| 1e4645b038 | |||
| 33204a6811 | |||
| c54c63c542 | |||
| bf1f823493 | |||
| f75e626769 | |||
| 3145fe0349 | |||
| 3c3272a7cc | |||
| e9c79d4c34 | |||
| e91991cf8d | |||
| 441d736cad | |||
| 8b8c58db12 | |||
| c7724ab860 | |||
| a74b5bcb36 | |||
| 93332460c4 | |||
| 03d3a9c738 | |||
| 01b53c5c92 | |||
| 36db51cfee | |||
| 126ce23a6c | |||
| 629281f270 | |||
| 361801e89b | |||
| 2d3cda9ca2 | |||
| ca5c9d09de | |||
| 19d8aaf89c | |||
| ecd22c542b | |||
| f8084f52bc | |||
| 6f7fd5441a | |||
| f385261545 | |||
| a35a4a3fe3 | |||
| 2fb001a55e | |||
| ff7494f6dd | |||
| d4f9186b6c | |||
| 9224fb70d8 | |||
| 36b38058bb | |||
| e8d233f936 | |||
| cb80c9da41 | |||
| 55394810cc | |||
| 0e4d9fa6fc | |||
| 96ec882b39 | |||
| 673c27eed9 | |||
| f8fb4792df | |||
| 2d1b44bd0c | |||
| d2e59b2be1 | |||
| 953def22ac | |||
| 4c66c22ee8 | |||
| 45de30bf47 | |||
| 600ab21084 | |||
| 9e8e37a337 | |||
| add266c1df | |||
| 1fd915619b | |||
| 6c2eade54d | |||
| a7667604c7 | |||
| 88ca71479d | |||
| 9753ac1d2d | |||
| 0e3a5de0a0 | |||
| 9c4f7a0896 | |||
| aca6f0dac2 | |||
| 1f51fd337f | |||
| 68539cdce8 | |||
| de7730c37c | |||
| f15db99568 | |||
| b280134653 | |||
| 0605b4481a | |||
| 3e6124c69a | |||
| f22da7be93 | |||
| 56bf6055c1 | |||
| 50658e81e5 | |||
| 60815590d0 | |||
| e3f2920c1c | |||
| e191e83c86 | |||
| af48088841 | |||
| c9ef32db05 | |||
| 78e1152a8f | |||
| ca4d5ff0d5 | |||
| cf2fa93350 | |||
| c8a59e1052 | |||
| e99541aa53 | |||
| 32a472a7a6 | |||
| f6f106a064 | |||
| 8635996517 | |||
| a950778692 | |||
| d19bd05ec1 | |||
| 7ef157234f | |||
| 1a085ea083 | |||
| 9aaa3fbe1d | |||
| 964b1b9cfb | |||
| d8f0aedf50 | |||
| 46206ea637 | |||
| 4ab1267d95 | |||
| 5e234c8d32 | |||
| 2d5902ac7f | |||
| 2e13637388 | |||
| ccc49c6855 | |||
| b0ca3f980e | |||
| 7c43e6b7ce | |||
| faff262fe8 | |||
| 02a5c7a6bd | |||
| a3c5c64b04 | |||
| 7ec8b7ba70 | |||
| 9737323128 | |||
| aa3dec45d5 | |||
| a820162102 | |||
| 60f93063a5 | |||
| 0492bad785 | |||
| 2d7050d280 | |||
| ee484531d7 | |||
| 64802df507 | |||
| 127cecd562 | |||
| c7fb03ae4b | |||
| d520b683bb | |||
| dbf4b7ba09 | |||
| 68aaa12e5c | |||
| 337577f5a0 | |||
| 665836a4a3 | |||
| 089ec74af7 | |||
| 41125f8ebd | |||
| d9ace27ac8 | |||
| abd13adebb | |||
| e4027ec94f | |||
| 244dea83ec | |||
| 2e4bebc6a6 | |||
| f031b7b221 | |||
| 197a4d5480 | |||
| 2c9387421b | |||
| f020bef2ca | |||
| f9e7e7eaf8 | |||
| b51a92f72e | |||
| 73808d4039 | |||
| c005791531 | |||
| 408e642c75 | |||
| 80a269bf99 | |||
| c875b54549 | |||
| 798339009e | |||
| 035814c916 | |||
| d909109abd | |||
| 8cd0f96418 | |||
| c9715630aa | |||
| 0b548e271e | |||
| 8d276735ed | |||
| c236e72c30 | |||
| 1e67288540 | |||
| 4c145f47c3 | |||
| 15ad48ff3e | |||
| 41cef7eee0 | |||
| 33f722bd06 | |||
| d108f2b00c | |||
| c26ef37c0c | |||
| 72b11fb227 | |||
| 956b149c08 | |||
| c9ff27e9fe | |||
| c0cef495a0 | |||
| ddd157a125 | |||
| 14bc7d1cd7 | |||
| 05e64fda85 | |||
| 6d0483e47c | |||
| f809edbfbd | |||
| ebb3046443 | |||
| 398eea67ca | |||
| 456f4b1356 | |||
| 56d194f61f | |||
| d289898c02 | |||
| 7e9067f221 | |||
| 58daad489d | |||
| c93a73d2cb | |||
| 5df68dd190 | |||
| 52c88621d4 | |||
| 0dd5cb143f | |||
| f5e185a77e | |||
| 9086e69705 | |||
| c4bcef3cd4 | |||
| ca2ae20d17 | |||
| 2133bee35b | |||
| 575feb5841 | |||
| fa23a31d76 | |||
| 304857a4a3 | |||
| caca8733e2 | |||
| 13a05fe75f | |||
| 790c7304ab | |||
| a9c8e36931 | |||
| f942f9e358 | |||
| b1d821922f | |||
| 99d63230cd | |||
| d55b03a6bd | |||
| 3e54c17ad3 | |||
| 8a0952f514 | |||
| 57fedd0d85 | |||
| d2eaea5e1c | |||
| 99d57bda3f | |||
| 90c3faae54 | |||
| d8e2e4673f | |||
| b0a846fa94 | |||
| 5be3454e15 | |||
| 89e8a2768f | |||
| f3cb290d7b | |||
| 8635399bf9 | |||
| 60305ed6bb | |||
| f758757c42 | |||
| 546e1fe69f | |||
| 1e6cdf20ef | |||
| 1eaec16813 | |||
| 7931adc8ac | |||
| c306dbc01c | |||
| 1b60ac4ce9 | |||
| 536e5b4ba4 | |||
| c29aff6d4e | |||
| c288ee81a5 | |||
| c3a8ca03da | |||
| 471df787ca | |||
| df403ca8a6 | |||
| 5403e21421 | |||
| 63fd434a2d | |||
| 6b3db10837 | |||
| 5b9714dbfe | |||
| 0f6ea7c66d | |||
| 0a2ac14e71 | |||
| 1722256eba | |||
| 0d2d2b4a94 | |||
| 5ee727cd54 | |||
| 9692e3c73d | |||
| 0f802f29a0 | |||
| 70e1e2d959 | |||
| 6f74f95997 | |||
| 39542c7912 | |||
| 40f851e0b5 | |||
| 94e59d83e3 | |||
| b260e6a249 | |||
| 549a8cec6e | |||
| 0ddef03ab8 | |||
| 0f4502310e | |||
| 747debfbf7 | |||
| d86545f27e | |||
| e7080e876b | |||
| d772023986 | |||
| 7adc699d4b | |||
| 0e858ec1e0 | |||
| 22d07c1526 | |||
| 8501a7d13d | |||
| cd5895965b | |||
| 14e0c43d90 | |||
| 0616ed2438 | |||
| 95db5c0ab3 | |||
| c245c816c5 | |||
| e2b3d416eb | |||
| 31c6704d84 | |||
| cec2725dee | |||
| 605ee82c1c | |||
| 9f2b6b7493 | |||
| 79d8a831d8 | |||
| c3ae274afd | |||
| 8693c53147 | |||
| b465c1a16c | |||
| 6b5f44574e | |||
| 6af90f1825 | |||
| 92de303130 | |||
| 380713229c | |||
| 3dd4f018ea | |||
| 5c4dabf60f | |||
| f5d8c1f37a | |||
| 8c44e48f27 | |||
| 31d17a812b | |||
| 62c9d3cc22 | |||
| 52c95c516d | |||
| 32ffc7b933 | |||
| c6e4e436d7 | |||
| 977290f0c0 | |||
| 0b2a6579c0 | |||
| 082093319d | |||
| 630055af40 | |||
| cd38ae3b8f | |||
| 9d1b714e94 | |||
| a86dc5d7cd | |||
| 64cd24e0e5 | |||
| ce44688bcd | |||
| 4c552b288b | |||
| a9f9421924 | |||
| 79385ffdef | |||
| 88e347ec04 | |||
| 3f1b780e13 | |||
| d9be926e1c | |||
| 52896a6202 | |||
| 88cec0f08a | |||
| a722f25847 | |||
| 66c3fc0441 | |||
| 3a0ace71a6 | |||
| 2d6756aca9 | |||
| a69b0ab4b4 | |||
| c13a01d287 | |||
| 6d0c3b02af | |||
| b7ffb96beb | |||
| a34ae89b33 | |||
| 0bd512c11c | |||
| da29fe7929 | |||
| f2232d9105 | |||
| 2ab1892b6e | |||
| 593317fd13 | |||
| 4dfd89d78e | |||
| e92853b736 | |||
| 635246317f | |||
| 2ea466ed83 | |||
| 18f748f010 | |||
| 7379a43178 | |||
| 9d1f2528c5 | |||
| 3ae4e1142f | |||
| e18f77caaa | |||
| 5572056c9b | |||
| 987eb5096c | |||
| 211f7b7251 | |||
| 513625074a | |||
| 88f3132326 | |||
| 00b51cd6a8 | |||
| 786f724823 | |||
| 659771d4b9 | |||
| 3baa5597fa | |||
| 04af487324 | |||
| b9ed0a571e | |||
| 53f5a5c062 | |||
| 45d8fc0328 | |||
| 207376a89c | |||
| fd148bdd75 | |||
| c676fad20a | |||
| 769fdff851 | |||
| 8bfcfbe770 | |||
| a49bb8e58e | |||
| b489562c57 | |||
| 513af4f9c5 | |||
| 8ce2c08c34 | |||
| 796f891f17 | |||
| ad33387c26 | |||
| d6ad4bca2e | |||
| 2515940ee4 | |||
| 0dc864eb63 | |||
| f027c5075b | |||
| 089aef13d3 | |||
| c749096aa0 | |||
| fb542ff995 | |||
| a14d7bf5bf | |||
| 02ec582bd9 | |||
| 9277f202e9 | |||
| bdc418e0d8 | |||
| 10d80e3452 | |||
| fa07f27433 | |||
| 97c545d3e8 | |||
| e26dec2f7a | |||
| 22717250e5 | |||
| f4f6745c27 | |||
| f9caf0a0d1 | |||
| c5359f2adc | |||
| 6450a24334 | |||
| 1b8318df3e | |||
| 4a9589aaeb | |||
| f516ee38ae | |||
| 36d87d3c12 | |||
| 86b9327767 | |||
| 0accc05333 | |||
| c540580782 | |||
| 524cd8837b | |||
| 0b7b010a01 | |||
| 38ed896839 | |||
| c761d83549 | |||
| f6a1a5cb2a | |||
| 993e515eb2 | |||
| 0db4e321ea | |||
| 4bc3a9add5 | |||
| 912dac6479 | |||
| 3a946fabe1 | |||
| 444546095f | |||
| b80cde1825 | |||
| 87e9074a0b | |||
| 79fa75c080 | |||
| b2192bb6ce | |||
| f515ffd081 | |||
| e9a9250165 | |||
| 8cabb103f8 | |||
| 025e542a58 | |||
| 91c2018722 | |||
| ee2faf4401 | |||
| aa0d9786e2 | |||
| 722fd18e64 | |||
| 9d7f02dc0d | |||
| da01b67104 | |||
| 9cdc5f2450 | |||
| 2b5e2eeff0 | |||
| 7fa91de04f | |||
| fd5572cec8 | |||
| bfaa7c30e5 | |||
| 83781ae047 | |||
| c7be02c83d | |||
| 7a1df207a7 | |||
| ea53700e02 | |||
| 6ce1fa075a | |||
| 88f91e20b6 | |||
| 4623e16600 | |||
| b858dfcdfc | |||
| 9e7d07297b | |||
| cf8b042c98 | |||
| bc30ffa753 | |||
| 85569644f2 | |||
| d96095535e | |||
| a6823b4871 | |||
| ba4858e88e | |||
| 5df02c1f87 | |||
| 680d50120d | |||
| 8ba1bb72de | |||
| 6a2e61911d | |||
| 9baf2ead15 | |||
| 59477f604a | |||
| 1850295742 | |||
| 4e0680eb57 | |||
| 34fa21e5a9 | |||
| 5ad34267ae | |||
| 9a00be7aff | |||
| a5c92eacef | |||
| 015a0669be | |||
| 8aa2c7e83e | |||
| f6a6bfe2cf | |||
| 1323ff91e6 | |||
| b85da32ab5 | |||
| e95357bf42 | |||
| fc7d09a293 | |||
| f154b89b54 | |||
| 25fb87ef60 | |||
| 45cc1d73a7 | |||
| 8710723ce0 | |||
| d3ccc88c20 | |||
| 7d9b9c1b1f | |||
| 2427fe07ba | |||
| 1f044b5ae3 | |||
| 8b5982af70 | |||
| f389e0b715 | |||
| e8c380dd94 | |||
| 74b19f2746 | |||
| 225b7d8cff | |||
| bff4242b57 | |||
| 4b1d859778 | |||
| b59327939e | |||
| d760a69e29 | |||
| 071a73118c | |||
| 7dcdabd564 | |||
| 3cdebb541b | |||
| bbb9aba394 | |||
| d5e07e29d8 | |||
| a9c9813870 | |||
| ffa751ad7f | |||
| b739031468 | |||
| 3bef89a27d | |||
| 964a653710 | |||
| 3a2661106b | |||
| eb7a82f74e | |||
| b9ffeaf626 | |||
| acdc684e62 | |||
| eddfbf4fb7 | |||
| f67d067cf5 | |||
| 39ac57b5cb | |||
| caa7a68e6f | |||
| 04608e0cec | |||
| 2aa1628ebc | |||
| a1c447ff73 | |||
| a81423ab42 | |||
| ee1a18f169 | |||
| 6693266ba5 | |||
| 91f2fb943c | |||
| 6dea278487 | |||
| 785e22050d | |||
| 99eb03aa5f | |||
| 1ecc6bf920 | |||
| 0295ca8349 | |||
| 41fab7f1d4 | |||
| 5b3d1a0fee | |||
| 404cdb0349 | |||
| a757e95b3d | |||
| 28d06d68d3 | |||
| 7f23b96ebc | |||
| cfef345f93 | |||
| b360920537 | |||
| 4ac30f8242 | |||
| f036a70542 | |||
| d39cb1320b | |||
| da143dce0f | |||
| 1f54d2706a | |||
| 9f91c5ef35 | |||
| 468fd9f6a6 | |||
| 5b69611fed | |||
| cc38ef42e0 | |||
| 1665ef1e67 | |||
| bbc369afb4 | |||
| 422ee13940 | |||
| a7e0b2a913 | |||
| 4ebe0bde06 | |||
| 030386cc6a | |||
| d1e34ddba0 | |||
| 1161564118 | |||
| 6acdf29d1a | |||
| 77d23f395a | |||
| 9de410bb6e | |||
| b7c90557df | |||
| 2cf5ce0ace | |||
| 21c16256c7 | |||
| d6fb80ded4 | |||
| 0c334e0827 | |||
| 94b62b4c75 | |||
| 06b4f07c21 | |||
| cef5f2ddc1 | |||
| 825447b712 | |||
| 5c06e4c8d7 | |||
| 34a00954db | |||
| 54af3af2c1 | |||
| 7405481b72 | |||
| fa51de4fb6 | |||
| d29c9ec82c | |||
| 5f8800f311 | |||
| eef0a6c22d | |||
| d9d71a5dc7 | |||
| ff99e577cd | |||
| f26d02ca7f | |||
| 94e18c12ea | |||
| 84a9c19d93 | |||
| 8f85a65cbe | |||
| 22ae249a1f | |||
| 50f86cc39f | |||
| 295bb89828 | |||
| 3ab7377253 | |||
| 7d2c192b95 | |||
| a7a29c0201 | |||
| c40c5b5a33 | |||
| 588348ac31 | |||
| 05e04afeff | |||
| cf2a889e4d | |||
| b838af199d | |||
| 9f65bf256a | |||
| f5a7bb5abb | |||
| 5567ba142a | |||
| 43aa708e09 | |||
| 52339ccbed | |||
| b08f0892be | |||
| b60c244b8b | |||
| fd26f7b3de | |||
| e00db9e633 | |||
| b35b34bb7a | |||
| 85bd64e87e | |||
| a80346f8e7 | |||
| 53d8bd48bf | |||
| 9c8f29e346 | |||
| ad3fab4cfd | |||
| cf0015d1e2 | |||
| 6ce5744672 | |||
| 3d47bc34da | 
							
								
								
									
										25
									
								
								manifests/_apps/auth-proxy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/auth-proxy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-auth-proxy | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: auth-proxy | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/auth-proxy | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/base64.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/base64.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: base64 | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: base64 | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/base64 | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										25
									
								
								manifests/_apps/blackhole.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/blackhole.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-blackhole | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: kube-system | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/blackhole | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										29
									
								
								manifests/_apps/blog.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/blog.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-blog | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: blog | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/blog | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										24
									
								
								manifests/_apps/cel-tester.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								manifests/_apps/cel-tester.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cel-tester | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cel-tester | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/cel-tester | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
							
								
								
									
										76
									
								
								manifests/_apps/certmanager_chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										76
									
								
								manifests/_apps/certmanager_chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,76 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cert-manager-civo | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cert-manager | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/certmanager-civo | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
|  | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-cert-manager-issuer | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cert-manager | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/certmanager_chart | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-cert-manager-chart | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cert-manager | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     repoURL: 'https://charts.jetstack.io' | ||||
|     targetRevision: 1.11.0 | ||||
|     chart: cert-manager | ||||
|     helm: | ||||
|       version: v3 | ||||
|       values: |- | ||||
|         installCRDs: "true" | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 32Mi | ||||
|           limits: | ||||
|             memory: 64Mi | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|  | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/civo-versions.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/civo-versions.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: civo-versions | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: civo-versions | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/civo-versions | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										28
									
								
								manifests/_apps/cv.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/cv.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cv | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: cv | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/cv | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										29
									
								
								manifests/_apps/dashboard.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/dashboard.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-dashboard | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: dashboard | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/dashboard | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										29
									
								
								manifests/_apps/devstats-viewer.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/devstats-viewer.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-devstats-viewer | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: devstats-viewer | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/devstats-viewer | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/feed-fetcher.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/feed-fetcher.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: feed-fetcher | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: feed-fetcher | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/feed-fetcher | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										25
									
								
								manifests/_apps/git-sync.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/git-sync.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-git-sync | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: git-sync | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/git-sync | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										25
									
								
								manifests/_apps/gitea.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/gitea.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-gitea | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: gitea | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/gitea | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										24
									
								
								manifests/_apps/goplayground.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								manifests/_apps/goplayground.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: goplayground | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: goplayground | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/goplayground | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
							
								
								
									
										20
									
								
								manifests/_apps/link.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								manifests/_apps/link.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: link | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: link | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/link | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
							
								
								
									
										29
									
								
								manifests/_apps/marcusnoble.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/marcusnoble.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-marcusnoble | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: marcusnoble | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/marcusnoble | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										29
									
								
								manifests/_apps/mastodon-digest.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/mastodon-digest.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-mastodon-digest | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: mastodon-digest | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/mastodon-digest | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/mastodon-to-airtable.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/mastodon-to-airtable.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: mastodon-to-airtable | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/mastodon-to-airtable | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										25
									
								
								manifests/_apps/matrix_chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/matrix_chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-matrix | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: chat | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/matrix_chart | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										29
									
								
								manifests/_apps/mealie.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/mealie.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-mealie | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: mealie | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/mealie | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										24
									
								
								manifests/_apps/monitoring-civo.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								manifests/_apps/monitoring-civo.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: monitoring-civo | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: monitoring | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/monitoring-civo | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
							
								
								
									
										25
									
								
								manifests/_apps/monitoring.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/monitoring.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-monitoring | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: monitoring | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/monitoring | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										25
									
								
								manifests/_apps/nextcloud_chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/nextcloud_chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-nextcloud | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: nextcloud | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/nextcloud_chart | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										25
									
								
								manifests/_apps/nginx-lb.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/nginx-lb.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-nginx-lb | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: kube-system | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/nginx-lb | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										25
									
								
								manifests/_apps/nodered.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/nodered.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-nodered | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: node-red | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/nodered | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/opengraph-image-gen.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/opengraph-image-gen.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: opengraph | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: opengraph | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/opengraph | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										25
									
								
								manifests/_apps/outline.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/outline.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-outline | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: outline | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/outline | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										24
									
								
								manifests/_apps/proxy-civo.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								manifests/_apps/proxy-civo.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: proxy-civo | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: proxy-civo | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/proxy-civo | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
							
								
								
									
										28
									
								
								manifests/_apps/qr.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/qr.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: qr | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: qr | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/qr | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										25
									
								
								manifests/_apps/redis.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/redis.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-redis | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: redis | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/redis | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										23
									
								
								manifests/_apps/reloader.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								manifests/_apps/reloader.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-reloader | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: kube-system | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     repoURL: 'https://stakater.github.io/stakater-charts' | ||||
|     targetRevision: v0.0.89 | ||||
|     chart: reloader | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										29
									
								
								manifests/_apps/rss.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/rss.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-rss | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: rss | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/rss | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										29
									
								
								manifests/_apps/starling.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/starling.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-starling | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: starling | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/starling | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/svg-to-dxf.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/svg-to-dxf.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: svg-to-dxf | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: svg-to-dxf | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/svg-to-dxf | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										28
									
								
								manifests/_apps/talks.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/talks.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: talks | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: talks | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/talks | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										29
									
								
								manifests/_apps/tank.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/tank.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-tank | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: tank | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/tank | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/text-to-dxf.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/text-to-dxf.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: text-to-dxf | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: text-to-dxf | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/text-to-dxf | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										28
									
								
								manifests/_apps/til.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/til.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: til | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: til | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/til | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										24
									
								
								manifests/_apps/traefik.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								manifests/_apps/traefik.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: traefik-civo | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: kube-system | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/traefik | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
							
								
								
									
										28
									
								
								manifests/_apps/tweetsvg.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/tweetsvg.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: tweetsvg | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: tweetsvg | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/tweetsvg | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										29
									
								
								manifests/_apps/twitter-profile-pic.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								manifests/_apps/twitter-profile-pic.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-twitter-profile-pic | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: twitter-profile-pic | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/twitter-profile-pic | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
| --- | ||||
							
								
								
									
										28
									
								
								manifests/_apps/twitter-to-airtable.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										28
									
								
								manifests/_apps/twitter-to-airtable.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,28 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: twitter-to-airtable | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: twitter-to-airtable | ||||
|     name: civo | ||||
|   source: | ||||
|     path: manifests/twitter-to-airtable | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     automated: {} | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
|   - group: apps | ||||
|     kind: Deployment | ||||
|     jqPathExpressions: | ||||
|     - .spec.template.spec.containers[]?.image | ||||
							
								
								
									
										25
									
								
								manifests/_apps/wallabag.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/_apps/wallabag.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: cluster-fun-wallabag | ||||
|   namespace: argocd | ||||
|   finalizers: | ||||
|   - resources-finalizer.argocd.argoproj.io | ||||
| spec: | ||||
|   project: cluster.fun | ||||
|   destination: | ||||
|     namespace: wallabag | ||||
|     name: cluster-fun (v2) | ||||
|   source: | ||||
|     path: manifests/wallabag | ||||
|     repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" | ||||
|     targetRevision: HEAD | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|     automated: {} | ||||
|   ignoreDifferences: | ||||
|   - kind: Secret | ||||
|     jsonPointers: | ||||
|     - /data | ||||
| --- | ||||
							
								
								
									
										201
									
								
								manifests/auth-proxy/auth-ingress.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										201
									
								
								manifests/auth-proxy/auth-ingress.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,201 @@ | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: auth-proxy | ||||
|   namespace: auth-proxy | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - downloads.cluster.fun | ||||
|     - argo.cluster.fun | ||||
|     - code.cluster.fun | ||||
|     - jackett.cluster.fun | ||||
|     - printer.cluster.fun | ||||
|     - ender3pro.printer.cluster.fun | ||||
|     - flsunq5.printer.cluster.fun | ||||
|     - elegoomars2.printer.cluster.fun | ||||
|     - radarr.cluster.fun | ||||
|     - readarr.cluster.fun | ||||
|     - sonarr.cluster.fun | ||||
|     - lidarr.cluster.fun | ||||
|     - prowlarr.cluster.fun | ||||
|     - transmission.cluster.fun | ||||
|     - tekton.cluster.fun | ||||
|     - changedetection.cluster.fun | ||||
|     - grafana.cluster.fun | ||||
|     secretName: auth-proxy-ingress | ||||
|   rules: | ||||
|   - host: downloads.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: argo.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: code.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: jackett.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: printer.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: ender3pro.printer.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: flsunq5.printer.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: elegoomars2.printer.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: radarr.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: readarr.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: sonarr.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: lidarr.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: prowlarr.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: transmission.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: tekton.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: changedetection.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
|   - host: grafana.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: auth | ||||
							
								
								
									
										85
									
								
								manifests/auth-proxy/internal-services.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										85
									
								
								manifests/auth-proxy/internal-services.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,85 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: tekton-el | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: loki | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: loki-distributed | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: prometheus | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: vmcluster | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
							
								
								
									
										5
									
								
								manifests/auth-proxy/namespace.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								manifests/auth-proxy/namespace.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: auth-proxy | ||||
| --- | ||||
							
								
								
									
										25
									
								
								manifests/auth-proxy/non-auth-ingress.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								manifests/auth-proxy/non-auth-ingress.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: non-auth-proxy | ||||
|   namespace: auth-proxy | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - hello-world.cluster.fun | ||||
|     secretName: non-auth-proxy-ingress | ||||
|   rules: | ||||
|   - host: hello-world.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: tailscale-proxy | ||||
|             port: | ||||
|               name: non-auth | ||||
							
								
								
									
										132
									
								
								manifests/auth-proxy/proxy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										132
									
								
								manifests/auth-proxy/proxy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,132 @@ | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: host-mappings | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: proxy | ||||
| data: | ||||
|   mapping.json: | | ||||
|     { | ||||
|       "tekton-el.auth-proxy.svc": "tekton-el.cluster.local", | ||||
|       "vmcluster.auth-proxy.svc": "vmcluster.cluster.local", | ||||
|       "loki.auth-proxy.svc": "loki-write.cluster.local", | ||||
|       "loki.auth-proxy.svc:80": "loki-write.cluster.local", | ||||
|       "loki-distributed.auth-proxy.svc": "loki-loki.cluster.local", | ||||
|       "loki-distributed.auth-proxy.svc:80": "loki-loki.cluster.local" | ||||
|     } | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: internal-proxy | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "host-mappings" | ||||
|     secret.reloader.stakater.com/reload: "tailscale-auth" | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: internal-proxy | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: internal-proxy | ||||
|     spec: | ||||
|       serviceAccountName: default | ||||
|       dnsPolicy: ClusterFirst | ||||
|       dnsConfig: | ||||
|         nameservers: | ||||
|           - 100.100.100.100 | ||||
|       containers: | ||||
|       - name: proxy | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/proxy:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: PROXY_DESTINATION | ||||
|           value: talos.averagemarcus.github.beta.tailscale.net | ||||
|         - name: PORT | ||||
|           value: "8080" | ||||
|         - name: TS_AUTH_KEY | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: tailscale-auth | ||||
|               key: password | ||||
|         - name: TS_HOSTNAME | ||||
|           value: auth-proxy-internal-proxy | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           protocol: TCP | ||||
|         volumeMounts: | ||||
|         - name: host-mappings | ||||
|           mountPath: /config/ | ||||
|  | ||||
|       - name: oauth-proxy | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://localhost:8080 | ||||
|         - --http-address=0.0.0.0:8181 | ||||
|         - --email-domain=* | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT | ||||
|         - --cookie-expire=336h0m0s | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: auth-proxy | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: auth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8181 | ||||
|           protocol: TCP | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|       volumes: | ||||
|       - name: host-mappings | ||||
|         configMap: | ||||
|           name: host-mappings | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: tailscale-proxy | ||||
|   namespace: auth-proxy | ||||
|   labels: | ||||
|     app: internal-proxy | ||||
| spec: | ||||
|   ports: | ||||
|   - name: non-auth | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   - name: auth | ||||
|     port: 81 | ||||
|     protocol: TCP | ||||
|     targetPort: 8181 | ||||
|   selector: | ||||
|     app: internal-proxy | ||||
|   type: ClusterIP | ||||
| --- | ||||
							
								
								
									
										20
									
								
								manifests/auth-proxy/secrets.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								manifests/auth-proxy/secrets.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: auth-proxy | ||||
|   namespace: auth-proxy | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: tailscale-auth | ||||
|   namespace: auth-proxy | ||||
|   annotations: | ||||
|     kube-1password: 2cqycmsgv5r7vcyvjpblcl2l4y | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
							
								
								
									
										71
									
								
								manifests/base64/base64.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										71
									
								
								manifests/base64/base64.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,71 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: base64 | ||||
|   namespace: base64 | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: base64 | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: base64 | ||||
|   namespace: base64 | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: base64 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: base64 | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/base64:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 5Mi | ||||
|           requests: | ||||
|             memory: 5Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: base64 | ||||
|   namespace: base64 | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - base64.cluster.fun | ||||
|     secretName: base64-ingress | ||||
|   rules: | ||||
|   - host: base64.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: base64 | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -37,12 +37,11 @@ spec: | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 10Mi | ||||
| 
 | ||||
|           requests: | ||||
|             memory: 10Mi | ||||
| 
 | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: black-hole | ||||
| @@ -52,6 +51,9 @@ spec: | ||||
|   - http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           serviceName: black-hole | ||||
|           servicePort: 80 | ||||
|           service: | ||||
|             name: black-hole | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,9 +1,4 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: blog | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: blog | ||||
| @@ -34,7 +29,7 @@ spec: | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: docker.cluster.fun/averagemarcus/blog:latest | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/blog:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
| @@ -44,18 +39,27 @@ spec: | ||||
|             memory: 200Mi | ||||
|           requests: | ||||
|             memory: 200Mi | ||||
|         livenessProbe: | ||||
|           httpGet: | ||||
|             path: /healthz | ||||
|             port: web | ||||
|           initialDelaySeconds: 10 | ||||
|         readinessProbe: | ||||
|           httpGet: | ||||
|             path: /healthz | ||||
|             port: web | ||||
|           initialDelaySeconds: 10 | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: blog | ||||
|   namespace: blog | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - marcusnoble.co.uk | ||||
| @@ -65,22 +69,24 @@ spec: | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           serviceName: blog | ||||
|           servicePort: 80 | ||||
|           service: | ||||
|             name: blog | ||||
|             port: | ||||
|               number: 80 | ||||
| 
 | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: blog-www | ||||
|   namespace: blog | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - www.marcusnoble.co.uk | ||||
| @@ -90,22 +96,24 @@ spec: | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           serviceName: blog | ||||
|           servicePort: 80 | ||||
|           service: | ||||
|             name: blog | ||||
|             port: | ||||
|               number: 80 | ||||
| 
 | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: blog-blog | ||||
|   namespace: blog | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - blog.marcusnoble.co.uk | ||||
| @@ -115,7 +123,10 @@ spec: | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           serviceName: blog | ||||
|           servicePort: 80 | ||||
|           service: | ||||
|             name: blog | ||||
|             port: | ||||
|               number: 80 | ||||
| 
 | ||||
| @@ -1,70 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: buzzers | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: buzzers | ||||
|   namespace: buzzers | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: buzzers | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: buzzers | ||||
|   namespace: buzzers | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: buzzers | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: buzzers | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: docker.cluster.fun/averagemarcus/buzzers:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 283Mi | ||||
|           requests: | ||||
|             memory: 283Mi | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: buzzers | ||||
|   namespace: buzzers | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - buzzers.cluster.fun | ||||
|     secretName: buzzers-ingress | ||||
|   rules: | ||||
|   - host: buzzers.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: buzzers | ||||
|           servicePort: 80 | ||||
| @@ -1,114 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: cctv | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: cctv-auth | ||||
|   namespace: cctv | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: cctv-auth | ||||
|   namespace: cctv | ||||
|   labels: | ||||
|     app: cctv-auth | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: cctv-auth | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: cctv-auth | ||||
|     spec: | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://inlets.inlets.svc.cluster.local | ||||
|         - --http-address=$(HOST_IP):8080 | ||||
|         - --redirect-url=https://cctv.cluster.fun/oauth2/callback | ||||
|         - --email-domain=* | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: cctv-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: cctv-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           protocol: TCP | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: cctv-auth | ||||
|   namespace: cctv | ||||
|   labels: | ||||
|     app: cctv-auth | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: cctv-auth | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: cctv-auth | ||||
|   namespace: cctv | ||||
|   labels: | ||||
|     app: cctv-auth | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - cctv.cluster.fun | ||||
|     secretName: cctv-ingress | ||||
|   rules: | ||||
|   - host: cctv.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: cctv-auth | ||||
|           servicePort: 80 | ||||
							
								
								
									
										70
									
								
								manifests/cel-tester/cel-tester.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										70
									
								
								manifests/cel-tester/cel-tester.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,70 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: cel-tester | ||||
|   namespace: cel-tester | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: cel-tester | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: cel-tester | ||||
|   namespace: cel-tester | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: cel-tester | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: cel-tester | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/cel-tester:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 20Mi | ||||
|           requests: | ||||
|             memory: 20Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: cel-tester | ||||
|   namespace: cel-tester | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - cel-tester.cluster.fun | ||||
|     secretName: cel-tester-ingress | ||||
|   rules: | ||||
|   - host: cel-tester.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: cel-tester | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
							
								
								
									
										23
									
								
								manifests/certmanager-civo/certmanager_chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								manifests/certmanager-civo/certmanager_chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: cert-manager | ||||
|   labels: | ||||
|     certmanager.k8s.io/disable-validation: "true" | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: cert-manager.io/v1 | ||||
| kind: ClusterIssuer | ||||
| metadata: | ||||
|   name: letsencrypt | ||||
| spec: | ||||
|   acme: | ||||
|     server: https://acme-v02.api.letsencrypt.org/directory | ||||
|     email: letsencrypt@marcusnoble.co.uk | ||||
|     privateKeySecretRef: | ||||
|       name: letsencrypt | ||||
|     solvers: | ||||
|     - http01: | ||||
|         ingress: | ||||
|           class: traefik | ||||
| @@ -1,47 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: cert-manager | ||||
|   labels: | ||||
|     certmanager.k8s.io/disable-validation: "true" | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: helm.fluxcd.io/v1 | ||||
| kind: HelmRelease | ||||
| metadata: | ||||
|   name: cert-manager | ||||
|   namespace: cert-manager | ||||
| spec: | ||||
|   chart: | ||||
|     repository: https://charts.jetstack.io | ||||
|     name: cert-manager | ||||
|     version: v0.15.0 | ||||
|   maxHistory: 5 | ||||
|   values: | ||||
|     installCRDs: "true" | ||||
|     resources: | ||||
|       requests: | ||||
|  | ||||
|         memory: 32Mi | ||||
|       limits: | ||||
|  | ||||
|         memory: 64Mi | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: cert-manager.io/v1alpha2 | ||||
| kind: ClusterIssuer | ||||
| metadata: | ||||
|   name: letsencrypt | ||||
| spec: | ||||
|   acme: | ||||
|     server: https://acme-v02.api.letsencrypt.org/directory | ||||
|     email: letsencrypt@marcusnoble.co.uk | ||||
|     privateKeySecretRef: | ||||
|       name: letsencrypt | ||||
|     solvers: | ||||
|     - selector: {} | ||||
|       http01: | ||||
|         ingress: | ||||
|           class: traefik | ||||
							
								
								
									
										23
									
								
								manifests/certmanager_chart/certmanager_chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								manifests/certmanager_chart/certmanager_chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,23 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: cert-manager | ||||
|   labels: | ||||
|     certmanager.k8s.io/disable-validation: "true" | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: cert-manager.io/v1 | ||||
| kind: ClusterIssuer | ||||
| metadata: | ||||
|   name: letsencrypt | ||||
| spec: | ||||
|   acme: | ||||
|     server: https://acme-v02.api.letsencrypt.org/directory | ||||
|     email: letsencrypt@marcusnoble.co.uk | ||||
|     privateKeySecretRef: | ||||
|       name: letsencrypt | ||||
|     solvers: | ||||
|     - http01: | ||||
|         ingress: | ||||
|           class: nginx | ||||
							
								
								
									
										88
									
								
								manifests/civo-versions/civo-versions.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										88
									
								
								manifests/civo-versions/civo-versions.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,88 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: civo-versions | ||||
|   namespace: civo-versions | ||||
|   annotations: | ||||
|     kube-1password: ybo7axn7wpks4z3u3gjhibnu5i | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: civo-versions | ||||
|   namespace: civo-versions | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: civo-versions | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: civo-versions | ||||
|   namespace: civo-versions | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: civo-versions | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: civo-versions | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/civo-versions:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           name: web | ||||
|         env: | ||||
|         - name: PORT | ||||
|           value: "8000" | ||||
|         - name: API_KEY | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: civo-versions | ||||
|               key: API_KEY | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 30Mi | ||||
|           requests: | ||||
|             memory: 30Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: civo-versions | ||||
|   namespace: civo-versions | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - civo-versions.cluster.fun | ||||
|     secretName: civo-versions-ingress | ||||
|   rules: | ||||
|   - host: civo-versions.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: civo-versions | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,90 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: cors-proxy | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: cors-proxy | ||||
|   namespace: cors-proxy | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 8000 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: cors-proxy | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: cors-proxy | ||||
|   namespace: cors-proxy | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: cors-proxy | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: cors-proxy | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: docker.cluster.fun/averagemarcus/cors-proxy:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           name: web | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: cors-proxy | ||||
|   namespace: cors-proxy | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - cors-proxy.cluster.fun | ||||
|     secretName: cors-proxy-ingress | ||||
|   rules: | ||||
|   - host: cors-proxy.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: cors-proxy | ||||
|           servicePort: 80 | ||||
|  | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: cors-proxy-mn | ||||
|   namespace: cors-proxy | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - cors-proxy.marcusnoble.co.uk | ||||
|     secretName: cors-proxy-mn-ingress | ||||
|   rules: | ||||
|   - host: cors-proxy.marcusnoble.co.uk | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: cors-proxy | ||||
|           servicePort: 80 | ||||
| @@ -1,13 +1,8 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: dashboard | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: dashboard | ||||
|   namespace: cv | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
| @@ -19,8 +14,8 @@ data: | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: dashboard | ||||
|   namespace: dashboard | ||||
|   name: cv | ||||
|   namespace: cv | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
| @@ -28,58 +23,62 @@ spec: | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: dashboard | ||||
|     app: cv | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: dashboard | ||||
|   namespace: dashboard | ||||
|   name: cv | ||||
|   namespace: cv | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: dashboard | ||||
|       app: cv | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: dashboard | ||||
|         app: cv | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: docker.cluster.fun/private/dashboard:latest | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/cv:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|             memory: 10Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|             memory: 10Mi | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: dashboard | ||||
|   namespace: dashboard | ||||
|   name: cv | ||||
|   namespace: cv | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - dash.cluster.fun | ||||
|     secretName: dashboard-ingress | ||||
|     - cv.marcusnoble.co.uk | ||||
|     secretName: cv-ingress | ||||
|   rules: | ||||
|   - host: dash.cluster.fun | ||||
|   - host: cv.marcusnoble.co.uk | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           serviceName: dashboard | ||||
|           servicePort: 80 | ||||
|           service: | ||||
|             name: cv | ||||
|             port: | ||||
|               number: 80 | ||||
							
								
								
									
										131
									
								
								manifests/dashboard/dashboard.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										131
									
								
								manifests/dashboard/dashboard.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,131 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: dashboard | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .dockerconfigjson | ||||
| type: kubernetes.io/dockerconfigjson | ||||
| data: | ||||
|   .dockerconfigjson: e30= | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: dashboard-auth | ||||
|   namespace: dashboard | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: dashboard | ||||
|   namespace: dashboard | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: auth | ||||
|     name: web | ||||
|   selector: | ||||
|     app: dashboard | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: dashboard | ||||
|   namespace: dashboard | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: dashboard | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: dashboard | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://localhost:80 | ||||
|         - --http-address=$(HOST_IP):8000 | ||||
|         - --redirect-url=https://dash.cluster.fun/oauth2/callback | ||||
|         - --email-domain=marcusnoble.co.uk | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: dashboard-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: dashboard-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           protocol: TCP | ||||
|           name: auth | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/dashboard:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: dashboard | ||||
|   namespace: dashboard | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - dash.cluster.fun | ||||
|     secretName: dashboard-ingress | ||||
|   rules: | ||||
|   - host: dash.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: dashboard | ||||
|             port: | ||||
|               number: 80 | ||||
							
								
								
									
										69
									
								
								manifests/devstats-viewer/devstats-viewer.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										69
									
								
								manifests/devstats-viewer/devstats-viewer.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,69 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: devstats-viewer | ||||
|   namespace: devstats-viewer | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: devstats-viewer | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: devstats-viewer | ||||
|   namespace: devstats-viewer | ||||
| spec: | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: devstats-viewer | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: devstats-viewer | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/devstats-viewer:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 10Mi | ||||
|           requests: | ||||
|             memory: 10Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: devstats-viewer | ||||
|   namespace: devstats-viewer | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - devstats.cluster.fun | ||||
|     secretName: devstats-viewer-ingress | ||||
|   rules: | ||||
|   - host: devstats.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: devstats-viewer | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,115 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: downloads | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: downloads-auth | ||||
|   namespace: downloads | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: downloads-auth | ||||
|   namespace: downloads | ||||
|   labels: | ||||
|     app: downloads-auth | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: downloads-auth | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: downloads-auth | ||||
|     spec: | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://inlets.inlets.svc.cluster.local | ||||
|         - --http-address=$(HOST_IP):8080 | ||||
|         - --redirect-url=https://downloads.cluster.fun/oauth2/callback | ||||
|         - --email-domain=* | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: downloads-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: downloads-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           protocol: TCP | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 250Mi | ||||
|           requests: | ||||
|             memory: 250Mi | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: downloads-auth | ||||
|   namespace: downloads | ||||
|   labels: | ||||
|     app: downloads-auth | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: downloads-auth | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: downloads-auth | ||||
|   namespace: downloads | ||||
|   labels: | ||||
|     app: downloads-auth | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - downloads.cluster.fun | ||||
|     secretName: downloads-ingress | ||||
|   rules: | ||||
|   - host: downloads.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: downloads-auth | ||||
|           servicePort: 80 | ||||
|  | ||||
							
								
								
									
										65
									
								
								manifests/feed-fetcher/feed-fetcher.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										65
									
								
								manifests/feed-fetcher/feed-fetcher.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,65 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: feed-fetcher | ||||
|   namespace: feed-fetcher | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: feed-fetcher | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: feed-fetcher | ||||
|   namespace: feed-fetcher | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: feed-fetcher | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: feed-fetcher | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/feed-fetcher:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: feed-fetcher | ||||
|   namespace: feed-fetcher | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - feed-fetcher.cluster.fun | ||||
|     secretName: feed-fetcher-ingress | ||||
|   rules: | ||||
|   - host: feed-fetcher.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: feed-fetcher | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
							
								
								
									
										109
									
								
								manifests/git-sync/git-sync.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										109
									
								
								manifests/git-sync/git-sync.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,109 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: git-sync-github | ||||
|   namespace: git-sync | ||||
|   annotations: | ||||
|     kube-1password: cfo2ufhgem57clbscxetxgevue | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/password-key: token | ||||
| type: Opaque | ||||
| data: | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: git-sync-gitea | ||||
|   namespace: git-sync | ||||
|   annotations: | ||||
|     kube-1password: b7kpdlcvt7y63bozu3i4j4lojm | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/password-key: token | ||||
| type: Opaque | ||||
| data: | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: git-sync-gitlab | ||||
|   namespace: git-sync | ||||
|   annotations: | ||||
|     kube-1password: t47v3xdgadiifgoi4wmqibrlty | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/password-key: token | ||||
| type: Opaque | ||||
| data: | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: git-sync-bitbucket | ||||
|   namespace: git-sync | ||||
|   annotations: | ||||
|     kube-1password: adrki45krr2tq34sug7dhdk5iy | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/password-key: token | ||||
| type: Opaque | ||||
| data: | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: git-sync-codeberg | ||||
|   namespace: git-sync | ||||
|   annotations: | ||||
|     kube-1password: 5ynzgk6qcgshztkjbddwalixfq | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/password-key: token | ||||
| type: Opaque | ||||
| data: | ||||
| --- | ||||
| apiVersion: batch/v1 | ||||
| kind: CronJob | ||||
| metadata: | ||||
|   name: git-sync | ||||
|   namespace: git-sync | ||||
| spec: | ||||
|   schedule: "0 */1 * * *" | ||||
|   concurrencyPolicy: Forbid | ||||
|   failedJobsHistoryLimit: 1 | ||||
|   successfulJobsHistoryLimit: 1 | ||||
|   jobTemplate: | ||||
|     metadata: | ||||
|       labels: | ||||
|         cronjob: git-sync | ||||
|     spec: | ||||
|       backoffLimit: 1 | ||||
|       template: | ||||
|         spec: | ||||
|           containers: | ||||
|           - name: sync | ||||
|             image: rg.fr-par.scw.cloud/averagemarcus/git-sync:latest | ||||
|             imagePullPolicy: Always | ||||
|             env: | ||||
|             - name: GITHUB_TOKEN | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: git-sync-github | ||||
|                   key: token | ||||
|             - name: GITEA_TOKEN | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: git-sync-gitea | ||||
|                   key: token | ||||
|             - name: GITLAB_TOKEN | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: git-sync-gitlab | ||||
|                   key: token | ||||
|             - name: BITBUCKET_TOKEN | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: git-sync-bitbucket | ||||
|                   key: token | ||||
|             - name: CODEBERG_TOKEN | ||||
|               valueFrom: | ||||
|                 secretKeyRef: | ||||
|                   name: git-sync-codeberg | ||||
|                   key: token | ||||
|           restartPolicy: Never | ||||
| @@ -1,9 +1,4 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: gitea | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: gitea-secret-key | ||||
| @@ -47,7 +42,7 @@ spec: | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: git | ||||
|         image: gitea/gitea:1.11 | ||||
|         image: gitea/gitea:1.21.10 | ||||
|         env: | ||||
|         - name: APP_NAME | ||||
|           value: "Git" | ||||
| @@ -69,6 +64,8 @@ spec: | ||||
|           value: "20" | ||||
|         - name: DEFAULT_THEME | ||||
|           value: arc-green | ||||
|         - name: ALLOWED_HOST_LIST | ||||
|           value: "*" | ||||
|         - name: SECRET_KEY | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
| @@ -80,7 +77,6 @@ spec: | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 400Mi | ||||
| 
 | ||||
|         volumeMounts: | ||||
|         - mountPath: /data | ||||
|           name: git-data | ||||
| @@ -94,17 +90,17 @@ spec: | ||||
|         requests: | ||||
|           storage: 20Gi | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: git | ||||
|   namespace: gitea | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - git.cluster.fun | ||||
| @@ -114,6 +110,9 @@ spec: | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           serviceName: git | ||||
|           servicePort: 80 | ||||
|           service: | ||||
|             name: git | ||||
|             port: | ||||
|               number: 80 | ||||
							
								
								
									
										14
									
								
								manifests/gitea/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								manifests/gitea/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   labels: | ||||
|     app: git | ||||
|   name: git-data-git-0 | ||||
|   namespace: gitea | ||||
| spec: | ||||
|   accessModes: | ||||
|   - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 20Gi | ||||
|   storageClassName: sbs-default-retain | ||||
							
								
								
									
										70
									
								
								manifests/goplayground/goplayground.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										70
									
								
								manifests/goplayground/goplayground.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,70 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: goplayground | ||||
|   namespace: goplayground | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: goplayground | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: goplayground | ||||
|   namespace: goplayground | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: goplayground | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: goplayground | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: x1unix/go-playground:1.15.1 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 20Mi | ||||
|           requests: | ||||
|             memory: 20Mi | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: goplayground | ||||
|   namespace: goplayground | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - go.cluster.fun | ||||
|     secretName: goplayground-ingress | ||||
|   rules: | ||||
|   - host: go.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: goplayground | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| @@ -1,57 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: harbor | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: harbor-values | ||||
|   namespace: harbor | ||||
|   annotations: | ||||
|     kube-1password: igey7vjjiqmj25v64eck7cyj34 | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: values.yaml | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: helm.fluxcd.io/v1 | ||||
| kind: HelmRelease | ||||
| metadata: | ||||
|   name: harbor | ||||
|   namespace: harbor | ||||
| spec: | ||||
|   chart: | ||||
|     repository: https://helm.goharbor.io | ||||
|     name: harbor | ||||
|     version: 1.3.2 | ||||
|   maxHistory: 4 | ||||
|   skipCRDs: false | ||||
|   valuesFrom: | ||||
|   - secretKeyRef: | ||||
|       name: harbor-values | ||||
|       namespace: harbor | ||||
|       key: values.yaml | ||||
|       optional: false | ||||
|   values: | ||||
|     portal: | ||||
|       resources: | ||||
|         requests: | ||||
|           memory: 64Mi | ||||
|     core: | ||||
|       resources: | ||||
|         requests: | ||||
|           memory: 64Mi | ||||
|     jobservice: | ||||
|       resources: | ||||
|         requests: | ||||
|           memory: 64Mi | ||||
|     registry: | ||||
|       registry: | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 64Mi | ||||
|       controller: | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 64Mi | ||||
|  | ||||
| @@ -1,103 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: inlets | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: inlets | ||||
|   namespace: inlets | ||||
|   annotations: | ||||
|     kube-1password: podju6t2s2osc3vbkimyce25ti | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/password-key: token | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: inlets | ||||
|   namespace: inlets | ||||
|   labels: | ||||
|     app: inlets | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|     - port: 80 | ||||
|       protocol: TCP | ||||
|       targetPort: 8000 | ||||
|   selector: | ||||
|     app: inlets | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: inlets | ||||
|   namespace: inlets | ||||
|   labels: | ||||
|     app: inlets | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: inlets | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: inlets | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: inlets | ||||
|         image: inlets/inlets:2.7.0 | ||||
|         imagePullPolicy: Always | ||||
|         command: ["inlets"] | ||||
|         args: | ||||
|         - "server" | ||||
|         - "--token-from=/var/inlets/token" | ||||
|         volumeMounts: | ||||
|           - name: inlets-token-volume | ||||
|             mountPath: /var/inlets/ | ||||
|       volumes: | ||||
|         - name: inlets-token-volume | ||||
|           secret: | ||||
|             secretName: inlets | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: inlets | ||||
|   namespace: inlets | ||||
| spec: | ||||
|   rules: | ||||
|   - host: inlets.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: inlets | ||||
|           servicePort: 80 | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: pyload | ||||
|   namespace: inlets | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - pyload.cluster.fun | ||||
|     secretName: pyload-ingress | ||||
|   rules: | ||||
|   - host: pyload.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: inlets | ||||
|           servicePort: 80 | ||||
| @@ -1,107 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: kube-janitor | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: kube-janitor | ||||
|   namespace: kube-janitor | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   name: kube-janitor | ||||
| rules: | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - events | ||||
|   verbs: | ||||
|   - create | ||||
| - apiGroups: | ||||
|   - "*" | ||||
|   resources: | ||||
|   - "*" | ||||
|   verbs: | ||||
|   - get | ||||
|   - watch | ||||
|   - list | ||||
|   - delete | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   name: kube-janitor | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: kube-janitor | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: kube-janitor | ||||
|   namespace: kube-janitor | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: kube-janitor | ||||
|   namespace: kube-janitor | ||||
| data: | ||||
|   rules.yaml: |- | ||||
|     rules: | ||||
|       - id: tekton-tasks | ||||
|         resources: | ||||
|           - pods | ||||
|           - pipelineruns | ||||
|         jmespath: "(metadata.labels.\"tekton.dev/pipeline\")" | ||||
|         ttl: 3h | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   labels: | ||||
|     application: kube-janitor | ||||
|     version: v20.4.1 | ||||
|   name: kube-janitor | ||||
|   namespace: kube-janitor | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       application: kube-janitor | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         application: kube-janitor | ||||
|         version: v20.4.1 | ||||
|     spec: | ||||
|       serviceAccountName: kube-janitor | ||||
|       containers: | ||||
|       - name: janitor | ||||
|         image: hjacobs/kube-janitor:20.4.1 | ||||
|         args: | ||||
|           - --interval=15 | ||||
|           - --rules-file=/config/rules.yaml | ||||
|           - --include-namespaces=tekton-pipelines | ||||
|           - --include-resources=pods | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 100Mi | ||||
|           requests: | ||||
|             memory: 100Mi | ||||
|         securityContext: | ||||
|           readOnlyRootFilesystem: true | ||||
|           runAsNonRoot: true | ||||
|           runAsUser: 1000 | ||||
|         volumeMounts: | ||||
|           - name: config-volume | ||||
|             mountPath: /config | ||||
|       volumes: | ||||
|       - name: config-volume | ||||
|         configMap: | ||||
|           name: kube-janitor | ||||
							
								
								
									
										101
									
								
								manifests/link/link.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										101
									
								
								manifests/link/link.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,101 @@ | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: urls-map | ||||
|   namespace: link | ||||
|   labels: | ||||
|     app: link | ||||
| data: | ||||
|   urls.yaml: | | ||||
|     mn: https://marcusnoble.co.uk | ||||
|     whites: https://twitter.com/whites11/status/1484053621448785920 | ||||
|     devopsnotts22: https://noti.st/averagemarcus/E8Ldoh/managing-kubernetes-without-losing-your-cool | ||||
|     kubernetes-cool: https://noti.st/averagemarcus/E8Ldoh/managing-kubernetes-without-losing-your-cool | ||||
|     klustered: https://gist.githubusercontent.com/AverageMarcus/e58301ecf3455caa1638c3ffe70ed138/raw/klustered.sh | ||||
|     wonders-and-woes: https://noti.st/averagemarcus/sWywEJ/the-wonders-and-woes-of-webhooks | ||||
|     kubehuddle: https://noti.st/averagemarcus/TqCEd4/the-wonders-and-woes-of-webhooks | ||||
|     kcduk: https://noti.st/averagemarcus/fxN4gl/managing-kubernetes-without-losing-your-cool | ||||
|     wonders-and-woes-webinar: https://noti.st/averagemarcus/Hw2IXG/the-wonders-and-woes-of-webhooks | ||||
|     kcdukraine: https://noti.st/averagemarcus/quuysq/managing-kubernetes-without-losing-your-cool | ||||
|     devopsox23: https://noti.st/averagemarcus/quuysq/managing-kubernetes-without-losing-your-cool | ||||
|     dddem23: https://noti.st/averagemarcus/Rt4hFh/managing-kubernetes-without-losing-your-cool | ||||
|     kube-london: https://noti.st/averagemarcus/SFD1bY/the-wonders-and-woes-of-webhooks | ||||
|     kcduk23: https://noti.st/averagemarcus/4YvpTx/webhooks-whats-the-worst-that-could-happen | ||||
|     rejekts23: https://noti.st/averagemarcus/Bi7qLP/webhooks-whats-the-worst-that-could-happen | ||||
|     rejekts24: https://speaking.marcusnoble.co.uk/pg46DB/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: link | ||||
|   namespace: link | ||||
|   labels: | ||||
|     app: link | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: link | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: link | ||||
|   namespace: link | ||||
|   labels: | ||||
|     app: link | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: link | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: link | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/link:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 5050 | ||||
|           name: web | ||||
|         volumeMounts: | ||||
|           - name: config | ||||
|             mountPath: /config | ||||
|       volumes: | ||||
|         - name: config | ||||
|           configMap: | ||||
|             name: urls-map | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: link | ||||
|   namespace: link | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - go-get.link | ||||
|     secretName: link-ingress | ||||
|   rules: | ||||
|   - host: go-get.link | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: link | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,114 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: linx-server | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: linx-server | ||||
|   namespace: linx-server | ||||
| data: | ||||
|   linx-server.conf: |- | ||||
|     sitename = share | ||||
|     maxsize = 524288000 | ||||
|     maxexpiry = 0 | ||||
|     selifpath = f | ||||
|     nologs = false | ||||
|     force-random-filename = false | ||||
|     s3-endpoint = https://s3.fr-par.scw.cloud | ||||
|     s3-region = fr-par | ||||
|     s3-bucket = cluster.fun-linx | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: linx-server-s3 | ||||
|   namespace: linx-server | ||||
|   annotations: | ||||
|     kube-1password: d5dgclm3qrxd4fntivv26ec3ee | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: linx-server | ||||
|   namespace: linx-server | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: linx-server | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: linx-server | ||||
|   namespace: linx-server | ||||
| spec: | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: linx-server | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: linx-server | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: andreimarcu/linx-server:version-2.3.5 | ||||
|         imagePullPolicy: Always | ||||
|         args: | ||||
|           - -config | ||||
|           - /config/linx-server.conf | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
|         env: | ||||
|           - name: AWS_ACCESS_KEY_ID | ||||
|             valueFrom: | ||||
|               secretKeyRef: | ||||
|                 name: linx-server-s3 | ||||
|                 key: username | ||||
|           - name: AWS_SECRET_ACCESS_KEY | ||||
|             valueFrom: | ||||
|               secretKeyRef: | ||||
|                 name: linx-server-s3 | ||||
|                 key: password | ||||
|         volumeMounts: | ||||
|           - name: config | ||||
|             mountPath: /config | ||||
|       volumes: | ||||
|         - name: config | ||||
|           configMap: | ||||
|             name: linx-server | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: linx-server | ||||
|   namespace: linx-server | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - share.cluster.fun | ||||
|     secretName: linx-server-ingress | ||||
|   rules: | ||||
|   - host: share.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: linx-server | ||||
|           servicePort: 80 | ||||
| @@ -1,175 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: logging | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: grafana-credentials | ||||
|   namespace: logging | ||||
|   annotations: | ||||
|     kube-1password: wpynfxkdipeeacyfxkvtdsuj54 | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: helm.fluxcd.io/v1 | ||||
| kind: HelmRelease | ||||
| metadata: | ||||
|   name: loki | ||||
|   namespace: logging | ||||
| spec: | ||||
|   chart: | ||||
|     repository: https://grafana.github.io/loki/charts | ||||
|     name: loki-stack | ||||
|     version: 0.36.2 | ||||
|   maxHistory: 4 | ||||
|   skipCRDs: false | ||||
|   values: | ||||
|     fluent-bit: | ||||
|       enabled: "true" | ||||
|     promtail: | ||||
|       enabled: "true" | ||||
|     loki: | ||||
|       persistence: | ||||
|         enabled: "true" | ||||
|         size: 10Gi | ||||
|  | ||||
| --- | ||||
| apiVersion: helm.fluxcd.io/v1 | ||||
| kind: HelmRelease | ||||
| metadata: | ||||
|   name: grafana | ||||
|   namespace: logging | ||||
| spec: | ||||
|   chart: | ||||
|     repository: https://kubernetes-charts.storage.googleapis.com | ||||
|     name: grafana | ||||
|     version: 5.0.22 | ||||
|   maxHistory: 4 | ||||
|   skipCRDs: false | ||||
|   values: | ||||
|     image: | ||||
|       tag: 7.0.0 | ||||
|     admin: | ||||
|       existingSecret: "grafana-credentials" | ||||
|       userKey: username | ||||
|       passwordKey: password | ||||
|     persistence: | ||||
|       enabled: "false" | ||||
|     datasources: | ||||
|       datasources.yaml: | ||||
|         apiVersion: 1 | ||||
|         datasources: | ||||
|         - name: Loki | ||||
|           type: loki | ||||
|           url: http://logging-loki.logging:3100 | ||||
|           access: proxy | ||||
|           jsonData: | ||||
|             maxLines: 1000 | ||||
|  | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: grafana-auth | ||||
|   namespace: logging | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: grafana-auth | ||||
|   namespace: logging | ||||
|   labels: | ||||
|     app: grafana-auth | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: grafana-auth | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: grafana-auth | ||||
|     spec: | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://logging-grafana.logging.svc.cluster.local | ||||
|         - --http-address=$(HOST_IP):8080 | ||||
|         - --redirect-url=https://grafana.cluster.fun/oauth2/callback | ||||
|         - --email-domain=marcusnoble.co.uk | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: grafana-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: grafana-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           protocol: TCP | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: grafana-auth | ||||
|   namespace: logging | ||||
|   labels: | ||||
|     app: grafana-auth | ||||
| spec: | ||||
|   ports: | ||||
|   - name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app: grafana-auth | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: grafana-auth | ||||
|   namespace: logging | ||||
|   labels: | ||||
|     app: grafana-auth | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - grafana.cluster.fun | ||||
|     secretName: grafana-ingress | ||||
|   rules: | ||||
|   - host: grafana.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: grafana-auth | ||||
|           servicePort: 80 | ||||
							
								
								
									
										90
									
								
								manifests/marcusnoble/marcusnoble.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										90
									
								
								manifests/marcusnoble/marcusnoble.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,90 @@ | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: marcusnoble | ||||
|   namespace: marcusnoble | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 8080 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: marcusnoble | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: marcusnoble | ||||
|   namespace: marcusnoble | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: marcusnoble | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: marcusnoble | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus/marcusnoble:latest | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|         # livenessProbe: | ||||
|         #   httpGet: | ||||
|         #     path: /healthz | ||||
|         #     port: web | ||||
|         #   initialDelaySeconds: 10 | ||||
|         # readinessProbe: | ||||
|         #   httpGet: | ||||
|         #     path: /healthz | ||||
|         #     port: web | ||||
|         #   initialDelaySeconds: 10 | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: marcusnoble | ||||
|   namespace: marcusnoble | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - marcusnoble.com | ||||
|     - www.marcusnoble.com | ||||
|     secretName: marcusnoble-ingress | ||||
|   rules: | ||||
|   - host: marcusnoble.com | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: marcusnoble | ||||
|             port: | ||||
|               number: 80 | ||||
|   - host: www.marcusnoble.com | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: marcusnoble | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| --- | ||||
							
								
								
									
										229
									
								
								manifests/mastodon-digest/mastodon_digest.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										229
									
								
								manifests/mastodon-digest/mastodon_digest.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,229 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .dockerconfigjson | ||||
| type: kubernetes.io/dockerconfigjson | ||||
| data: | ||||
|   .dockerconfigjson: e30= | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-digest-auth | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     kube-1password: bfklz3yi3dn4e7xtsbttcvhata | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: config | ||||
|   namespace: mastodon-digest | ||||
|   labels: | ||||
|     app: mastodon-digest | ||||
| data: | ||||
|   config.json: | | ||||
|     [ | ||||
|       { | ||||
|         "timeline": "home", | ||||
|         "hours": 12, | ||||
|         "scorer": "ExtendedSimpleWeighted", | ||||
|         "threshold": "lax", | ||||
|         "output": "/usr/share/nginx/html/home/" | ||||
|       }, | ||||
|       { | ||||
|         "timeline": "federated", | ||||
|         "hours": 12, | ||||
|         "scorer": "ExtendedSimpleWeighted", | ||||
|         "threshold": "lax", | ||||
|         "output": "/usr/share/nginx/html/federated/" | ||||
|       } | ||||
|     ] | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: index | ||||
|   namespace: mastodon-digest | ||||
|   labels: | ||||
|     app: mastodon-digest | ||||
| data: | ||||
|   index.html: | | ||||
|     <!DOCTYPE html> | ||||
|     <html lang="en"> | ||||
|     <head> | ||||
|         <meta chartset="utf-8" /> | ||||
|         <meta name="viewport" content="width=device-width, initial-scale=1" /> | ||||
|         <title>Mastodon Digest</title> | ||||
|         <style> | ||||
|         body { background-color: #292c36; font-family: "Arial", sans-serif; } | ||||
|         div#container { margin: auto; max-width: 640px; padding: 10px; text-align: center; margin: 0 auto; } | ||||
|         .links { align: center; } | ||||
|         h1 { color: white; } | ||||
|         a.button { background: #595aff; color: #fff; line-height: 1.2; min-height: 38px; min-width: 88px; padding: 0 30px; border: 0; border-radius: 6px;; display: inline-flex; justify-content: center; align-items: center; } | ||||
|     </style> | ||||
|     </head> | ||||
|     <body> | ||||
|         <div id="container"> | ||||
|             <h1>Mastodon Digest</h1> | ||||
|             <section class="links"> | ||||
|                 <a href="home/" class="button">Home</a> | ||||
|                 <a href="federated/" class="button">Federated</a> | ||||
|             </section> | ||||
|         </div> | ||||
|     </body> | ||||
|     </html> | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: auth | ||||
|     name: web | ||||
|   selector: | ||||
|     app: mastodon-digest | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: mastodon-digest | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: mastodon-digest | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://localhost:80 | ||||
|         - --http-address=$(HOST_IP):8000 | ||||
|         - --redirect-url=https://mastodon-digest.cluster.fun/oauth2/callback | ||||
|         - --email-domain=marcusnoble.co.uk | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: mastodon-digest-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: mastodon-digest-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           protocol: TCP | ||||
|           name: auth | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|  | ||||
|       - name: web | ||||
|         image: nginx:stable | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         volumeMounts: | ||||
|         - name: html | ||||
|           mountPath: /usr/share/nginx/html | ||||
|         - name: index | ||||
|           mountPath: /usr/share/nginx/html/index.html | ||||
|           subPath: index.html | ||||
|  | ||||
|       - name: digest | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/mastodon-digest:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: CONFIG_FILE | ||||
|           value: /config.json | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: mastodon-digest | ||||
|         volumeMounts: | ||||
|         - name: config | ||||
|           mountPath: /config.json | ||||
|           subPath: config.json | ||||
|         - name: html | ||||
|           mountPath: /usr/share/nginx/html | ||||
|       volumes: | ||||
|       - name: html | ||||
|         emptyDir: {} | ||||
|       - name: config | ||||
|         configMap: | ||||
|           name: config | ||||
|       - name: index | ||||
|         configMap: | ||||
|           name: index | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: mastodon-digest | ||||
|   namespace: mastodon-digest | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - mastodon-digest.cluster.fun | ||||
|     secretName: mastodon-digest-ingress | ||||
|   rules: | ||||
|   - host: mastodon-digest.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: mastodon-digest | ||||
|             port: | ||||
|               number: 80 | ||||
							
								
								
									
										151
									
								
								manifests/mastodon-to-airtable/twitter-to-airtable.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										151
									
								
								manifests/mastodon-to-airtable/twitter-to-airtable.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,151 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: docker-config | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     kube-1password: i6ngbk5zf4k52xgwdwnfup5bby | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: .dockerconfigjson | ||||
| type: kubernetes.io/dockerconfigjson | ||||
| data: | ||||
|   .dockerconfigjson: e30= | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-to-airtable-auth | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||
|     kube-1password/vault: Kubernetes | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     kube-1password: kizmkmbndgu3ryrox3csev4mim | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: auth | ||||
|     name: web | ||||
|   selector: | ||||
|     app: mastodon-to-airtable | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: mastodon-to-airtable | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: mastodon-to-airtable | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-config | ||||
|       containers: | ||||
|       - args: | ||||
|         - --cookie-secure=false | ||||
|         - --provider=oidc | ||||
|         - --provider-display-name=Auth0 | ||||
|         - --upstream=http://localhost:8080 | ||||
|         - --http-address=$(HOST_IP):8000 | ||||
|         - --redirect-url=https://mastodon-to-airtable.cluster.fun/oauth2/callback | ||||
|         - --email-domain=marcusnoble.co.uk | ||||
|         - --pass-basic-auth=false | ||||
|         - --pass-access-token=false | ||||
|         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||
|         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT | ||||
|         env: | ||||
|         - name: HOST_IP | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               apiVersion: v1 | ||||
|               fieldPath: status.podIP | ||||
|         - name: OAUTH2_PROXY_CLIENT_ID | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: username | ||||
|               name: mastodon-to-airtable-auth | ||||
|         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               key: password | ||||
|               name: mastodon-to-airtable-auth | ||||
|         image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 | ||||
|         name: oauth-proxy | ||||
|         ports: | ||||
|         - containerPort: 8000 | ||||
|           protocol: TCP | ||||
|           name: auth | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|       - name: web | ||||
|         image: rg.fr-par.scw.cloud/averagemarcus-private/mastodon-to-airtable:latest | ||||
|         imagePullPolicy: Always | ||||
|         env: | ||||
|         - name: PORT | ||||
|           value: "8080" | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: "mastodon-to-airtable" | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|           name: web | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 50Mi | ||||
|           requests: | ||||
|             memory: 50Mi | ||||
|  | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: mastodon-to-airtable | ||||
|   namespace: mastodon-to-airtable | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     ingress.kubernetes.io/ssl-redirect: "true" | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - mastodon-to-airtable.cluster.fun | ||||
|     secretName: mastodon-to-airtable-ingress | ||||
|   rules: | ||||
|   - host: mastodon-to-airtable.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: mastodon-to-airtable | ||||
|             port: | ||||
|               number: 80 | ||||
| @@ -1,255 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: chat | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: helm.fluxcd.io/v1 | ||||
| kind: HelmRelease | ||||
| metadata: | ||||
|   name: matrix | ||||
|   namespace: chat | ||||
| spec: | ||||
|   chart: | ||||
|     repository: https://dacruz21.github.io/helm-charts | ||||
|     name: matrix | ||||
|     version: 1.1.2 | ||||
|   maxHistory: 4 | ||||
|   values: | ||||
|     matrix: | ||||
|       serverName: "matrix.cluster.fun" | ||||
|       telemetry: false | ||||
|       hostname: "matrix.cluster.fun" | ||||
|       presence: true | ||||
|       blockNonAdminInvites: false | ||||
|       search: true | ||||
|       adminEmail: "matrix@marcusnoble.co.uk" | ||||
|       uploads: | ||||
|         maxSize: 100M | ||||
|         maxPixels: 32M | ||||
|       federation: | ||||
|         enabled: false | ||||
|         allowPublicRooms: false | ||||
|         blacklist: | ||||
|           - '127.0.0.0/8' | ||||
|           - '10.0.0.0/8' | ||||
|           - '172.16.0.0/12' | ||||
|           - '192.168.0.0/16' | ||||
|           - '100.64.0.0/10' | ||||
|           - '169.254.0.0/16' | ||||
|           - '::1/128' | ||||
|           - 'fe80::/64' | ||||
|           - 'fc00::/7' | ||||
|       registration: | ||||
|         enabled: false | ||||
|         allowGuests: false | ||||
|       urlPreviews: | ||||
|         enabled: true | ||||
|         rules: | ||||
|           maxSize: 4M | ||||
|           ip: | ||||
|             blacklist: | ||||
|               - '127.0.0.0/8' | ||||
|               - '10.0.0.0/8' | ||||
|               - '172.16.0.0/12' | ||||
|               - '192.168.0.0/16' | ||||
|               - '100.64.0.0/10' | ||||
|               - '169.254.0.0/16' | ||||
|               - '::1/128' | ||||
|               - 'fe80::/64' | ||||
|               - 'fc00::/7' | ||||
|  | ||||
|     volumes: | ||||
|       media: | ||||
|         capacity: 4Gi | ||||
|       signingKey: | ||||
|         capacity: 1Gi | ||||
|  | ||||
|     postgresql: | ||||
|       enabled: true | ||||
|       persistence: | ||||
|         size: 4Gi | ||||
|  | ||||
|     synapse: | ||||
|       image: | ||||
|         repository: "matrixdotorg/synapse" | ||||
|         tag: v1.12.4 | ||||
|         pullPolicy: IfNotPresent | ||||
|       service: | ||||
|         type: ClusterIP | ||||
|         port: 80 | ||||
|       replicaCount: 1 | ||||
|       resources: {} | ||||
|  | ||||
|     riot: | ||||
|       enabled: true | ||||
|       integrations: | ||||
|         enabled: true | ||||
|         ui: "https://scalar.vector.im/" | ||||
|         api: "https://scalar.vector.im/api" | ||||
|         widgets: | ||||
|           - "https://scalar.vector.im/_matrix/integrations/v1" | ||||
|           - "https://scalar.vector.im/api" | ||||
|           - "https://scalar-staging.vector.im/_matrix/integrations/v1" | ||||
|           - "https://scalar-staging.vector.im/api" | ||||
|           - "https://scalar-staging.riot.im/scalar/api" | ||||
|       # Experimental features in riot-web, see https://github.com/vector-im/riot-web/blob/develop/docs/labs.md | ||||
|       labs: | ||||
|         - feature_pinning | ||||
|         - feature_custom_status | ||||
|         - feature_state_counters | ||||
|         - feature_many_integration_managers | ||||
|         - feature_mjolnir | ||||
|         - feature_dm_verification | ||||
|         - feature_bridge_state | ||||
|         - feature_presence_in_room_list | ||||
|         - feature_custom_themes | ||||
|       # Servers to show in the Explore menu (the current server is always shown) | ||||
|       roomDirectoryServers: [] | ||||
|       # Prefix before permalinks generated when users share links to rooms, users, or messages. If running an unfederated Synapse, set the below to the URL of your Riot instance. | ||||
|       permalinkPrefix: "https://chat.cluster.fun" | ||||
|       image: | ||||
|         repository: "vectorim/riot-web" | ||||
|         tag: v1.6.0 | ||||
|         pullPolicy: IfNotPresent | ||||
|       service: | ||||
|         type: ClusterIP | ||||
|         port: 80 | ||||
|       replicaCount: 1 | ||||
|       resources: {} | ||||
|  | ||||
|     # Settings for Coturn TURN relay, used for routing voice calls | ||||
|     coturn: | ||||
|       enabled: false | ||||
|  | ||||
|     mail: | ||||
|       enabled: false | ||||
|       relay: | ||||
|         enabled: false | ||||
|  | ||||
|     bridges: | ||||
|       irc: | ||||
|         enabled: false | ||||
|       whatsapp: | ||||
|         enabled: false | ||||
|       discord: | ||||
|         enabled: false | ||||
|  | ||||
|     networkPolicies: | ||||
|       enabled: false | ||||
|  | ||||
|     ingress: | ||||
|       enabled: false | ||||
| --- | ||||
|  | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: matrix | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - matrix.cluster.fun | ||||
|     secretName: matrix-ingress | ||||
|   rules: | ||||
|   - host: matrix.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: /.well-known/matrix | ||||
|         backend: | ||||
|           serviceName: well-known | ||||
|           servicePort: 80 | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: chat-matrix-synapse | ||||
|           servicePort: 80 | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: extensions/v1beta1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: riot | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - chat.cluster.fun | ||||
|     secretName: riot-ingress | ||||
|   rules: | ||||
|   - host: chat.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         backend: | ||||
|           serviceName: chat-matrix-riot | ||||
|           servicePort: 80 | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: well-known | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: well-known | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: nginx | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         volumeMounts: | ||||
|         - name: well-known | ||||
|           mountPath: /usr/share/nginx/html/.well-known/matrix | ||||
|       volumes: | ||||
|       - name: well-known | ||||
|         configMap: | ||||
|           name: well-known | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 80 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: well-known | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
| data: | ||||
|   server: |- | ||||
|     { | ||||
|       "m.server": "matrix.cluster.fun:443" | ||||
|     } | ||||
							
								
								
									
										545
									
								
								manifests/matrix_chart/matrix_chart.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										545
									
								
								manifests/matrix_chart/matrix_chart.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,545 @@ | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: matrix | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - matrix.cluster.fun | ||||
|     secretName: matrix-ingress | ||||
|   rules: | ||||
|   - host: matrix.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: /.well-known/matrix | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: well-known | ||||
|             port: | ||||
|               number: 80 | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: matrix-synapse | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: riot | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - chat.cluster.fun | ||||
|     secretName: riot-ingress | ||||
|   rules: | ||||
|   - host: chat.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: matrix-riot | ||||
|             port: | ||||
|               number: 80 | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "well-known" | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: well-known | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: well-known | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: nginx | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: web | ||||
|         volumeMounts: | ||||
|         - name: well-known | ||||
|           mountPath: /usr/share/nginx/html/.well-known/matrix | ||||
|         resources: | ||||
|           limits: | ||||
|             memory: 15Mi | ||||
|           requests: | ||||
|             memory: 15Mi | ||||
|       volumes: | ||||
|       - name: well-known | ||||
|         configMap: | ||||
|           name: well-known | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: 80 | ||||
|     name: web | ||||
|   selector: | ||||
|     app: well-known | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: well-known | ||||
|   namespace: chat | ||||
| data: | ||||
|   server: |- | ||||
|     { | ||||
|       "m.server": "matrix.cluster.fun:443" | ||||
|     } | ||||
|  | ||||
|  | ||||
| --- | ||||
|  | ||||
|  | ||||
| # Source: matrix/templates/riot/configmap.yaml | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: matrix-riot-config | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| data: | ||||
|   config.json: | | ||||
|     { | ||||
|       "default_server_config": { | ||||
|         "m.homeserver": { | ||||
|           "base_url": "https://matrix.cluster.fun" | ||||
|         } | ||||
|       }, | ||||
|       "brand": "Element", | ||||
|       "branding": {}, | ||||
|       "integrations_ui_url": "https://scalar.vector.im/", | ||||
|       "integrations_rest_url": "https://scalar.vector.im/api", | ||||
|       "integrations_widgets_urls": [ | ||||
|         "https://scalar.vector.im/_matrix/integrations/v1", | ||||
|         "https://scalar.vector.im/api", | ||||
|         "https://scalar-staging.vector.im/_matrix/integrations/v1", | ||||
|         "https://scalar-staging.vector.im/api", | ||||
|         "https://scalar-staging.riot.im/scalar/api" | ||||
|       ], | ||||
|       "showLabsSettings": true, | ||||
|       "features": { | ||||
|         "feature_pinning": true, | ||||
|         "feature_custom_status": "labs", | ||||
|         "feature_state_counters": "labs", | ||||
|         "feature_many_integration_managers": "labs", | ||||
|         "feature_mjolnir": "labs", | ||||
|         "feature_dm_verification": "labs", | ||||
|         "feature_bridge_state": "labs", | ||||
|         "feature_presence_in_room_list": true, | ||||
|         "feature_custom_themes": "labs", | ||||
|         "feature_new_spinner": "labs", | ||||
|         "feature_jump_to_date": "labs", | ||||
|         "feature_location_share_pin_drop": "labs", | ||||
|         "feature_location_share_live": "labs", | ||||
|         "feature_thread": true, | ||||
|         "feature_video_rooms": true, | ||||
|         "feature_favourite_messages": "labs" | ||||
|       }, | ||||
|       "roomDirectory": { | ||||
|         "servers": [] | ||||
|       }, | ||||
|       "permalinkPrefix": "https://chat.cluster.fun", | ||||
|       "enable_presence_by_hs_url": { | ||||
|         "https://matrix.org": false, | ||||
|         "https://matrix-client.matrix.org": false | ||||
|       }, | ||||
|       "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=2IerXP2a5g1e7hxxBbzs" | ||||
|     } | ||||
|   nginx.conf: | | ||||
|     worker_processes  auto; | ||||
|  | ||||
|     error_log  /var/log/nginx/error.log warn; | ||||
|     pid        /var/run/pid/nginx.pid; | ||||
|  | ||||
|     events { | ||||
|       worker_connections  1024; | ||||
|     } | ||||
|  | ||||
|     http { | ||||
|       include       /etc/nginx/mime.types; | ||||
|       default_type  application/octet-stream; | ||||
|  | ||||
|       log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' | ||||
|       '$status $body_bytes_sent "$http_referer" ' | ||||
|       '"$http_user_agent" "$http_x_forwarded_for"'; | ||||
|  | ||||
|       access_log  /var/log/nginx/access.log  main; | ||||
|  | ||||
|       sendfile        on; | ||||
|  | ||||
|       keepalive_timeout  65; | ||||
|  | ||||
|       include /etc/nginx/conf.d/*.conf; | ||||
|     } | ||||
|   default.conf: | | ||||
|     server { | ||||
|       listen       8080; | ||||
|       server_name  localhost; | ||||
|  | ||||
|       location / { | ||||
|           root   /usr/share/nginx/html; | ||||
|           index  index.html index.htm; | ||||
|       } | ||||
|  | ||||
|       # redirect server error pages to the static page /50x.html | ||||
|       # | ||||
|       error_page   500 502 503 504  /50x.html; | ||||
|       location = /50x.html { | ||||
|           root   /usr/share/nginx/html; | ||||
|       } | ||||
|     } | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: matrix-synapse-config | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     kube-1password: wbj4oozwyx6m2zz5m42pgcmymy | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: homeserver.yaml | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| type: Opaque | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: matrix-synapse-config | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| data: | ||||
|   matrix.cluster.fun.log.config: | | ||||
|     version: 1 | ||||
|  | ||||
|     formatters: | ||||
|       precise: | ||||
|         format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' | ||||
|  | ||||
|     filters: | ||||
|       context: | ||||
|         (): synapse.util.logcontext.LoggingContextFilter | ||||
|         request: "" | ||||
|  | ||||
|     handlers: | ||||
|       console: | ||||
|         class: logging.StreamHandler | ||||
|         formatter: precise | ||||
|         filters: [context] | ||||
|  | ||||
|     loggers: | ||||
|       synapse: | ||||
|         level: WARNING | ||||
|       synapse.storage.SQL: | ||||
|         # beware: increasing this to DEBUG will make synapse log sensitive | ||||
|         # information such as access tokens. | ||||
|         level: WARNING | ||||
|  | ||||
|     root: | ||||
|       level: WARNING | ||||
|       handlers: [console] | ||||
| --- | ||||
| # Source: matrix/templates/riot/service.yaml | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: matrix-riot | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|     - port: 80 | ||||
|       targetPort: http | ||||
|       protocol: TCP | ||||
|       name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: matrix-riot | ||||
| --- | ||||
| # Source: matrix/templates/synapse/service.yaml | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: matrix-synapse | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
|   annotations: | ||||
|     prometheus.io/scrape: "true" | ||||
|     prometheus.io/path: "/_synapse/metrics" | ||||
|     prometheus.io/port: "9000" | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|     - port: 80 | ||||
|       targetPort: http | ||||
|       protocol: TCP | ||||
|       name: http | ||||
|     - port: 9000 | ||||
|       targetPort: metrics | ||||
|       protocol: TCP | ||||
|       name: metrics | ||||
|   selector: | ||||
|     app.kubernetes.io/name: matrix-synapse | ||||
| --- | ||||
| # Source: matrix/templates/riot/deployment.yaml | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: matrix-riot | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: element | ||||
| spec: | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: matrix-riot | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: matrix-riot | ||||
|     spec: | ||||
|       securityContext: | ||||
|         runAsUser: 1000 | ||||
|         runAsGroup: 1000 | ||||
|         fsGroup: 1000 | ||||
|       containers: | ||||
|         - name: "riot" | ||||
|           image: "vectorim/element-web:v1.11.64" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 8080 | ||||
|               protocol: TCP | ||||
|           volumeMounts: | ||||
|             - mountPath: /app/config.json | ||||
|               name: riot-config | ||||
|               subPath: config.json | ||||
|               readOnly: true | ||||
|             - mountPath: /etc/nginx/nginx.conf | ||||
|               name: riot-config | ||||
|               subPath: nginx.conf | ||||
|               readOnly: true | ||||
|             - mountPath: /etc/nginx/conf.d/default.conf | ||||
|               name: riot-config | ||||
|               subPath: default.conf | ||||
|               readOnly: true | ||||
|             - mountPath: /var/cache/nginx | ||||
|               name: ephemeral | ||||
|               subPath: cache | ||||
|             - mountPath: /var/run/pid | ||||
|               name: ephemeral | ||||
|               subPath: pid | ||||
|           readinessProbe: | ||||
|             httpGet: | ||||
|               path: / | ||||
|               port: http | ||||
|           startupProbe: | ||||
|             httpGet: | ||||
|               path: / | ||||
|               port: http | ||||
|           livenessProbe: | ||||
|             httpGet: | ||||
|               path: / | ||||
|               port: http | ||||
|           securityContext: | ||||
|             capabilities: | ||||
|               drop: | ||||
|                 - ALL | ||||
|             readOnlyRootFilesystem: true | ||||
|             allowPrivilegeEscalation: false | ||||
|       volumes: | ||||
|         - name: riot-config | ||||
|           configMap: | ||||
|             name: matrix-riot-config | ||||
|         - name: ephemeral | ||||
|           emptyDir: {} | ||||
| --- | ||||
| # Source: matrix/templates/synapse/deployment.yaml | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: matrix-synapse | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: matrix-synapse | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: matrix-synapse | ||||
|     spec: | ||||
|       securityContext: | ||||
|         runAsUser: 1000 | ||||
|         runAsGroup: 1000 | ||||
|         fsGroup: 1000 | ||||
|       initContainers: | ||||
|         - name: generate-signing-key | ||||
|           image: "ghcr.io/element-hq/synapse:v1.105.0" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           env: | ||||
|             - name: SYNAPSE_SERVER_NAME | ||||
|               value: matrix.cluster.fun | ||||
|             - name: SYNAPSE_REPORT_STATS | ||||
|               value: "no" | ||||
|           command: ["python"] | ||||
|           args: | ||||
|             - "-m" | ||||
|             - "synapse.app.homeserver" | ||||
|             - "--config-path" | ||||
|             - "/data/homeserver.yaml" | ||||
|             - "--keys-directory" | ||||
|             - "/data/keys" | ||||
|             - "--generate-keys" | ||||
|           volumeMounts: | ||||
|             - name: synapse-config-homeserver | ||||
|               mountPath: /data/homeserver.yaml | ||||
|               subPath: homeserver.yaml | ||||
|             - name: synapse-config-logging | ||||
|               mountPath: /data/matrix.cluster.fun.log.config | ||||
|               subPath: matrix.cluster.fun.log.config | ||||
|             - name: signing-key | ||||
|               mountPath: /data/keys | ||||
|       containers: | ||||
|         - name: "synapse" | ||||
|           image: "ghcr.io/element-hq/synapse:v1.105.0" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 8008 | ||||
|               protocol: TCP | ||||
|             - name: metrics | ||||
|               containerPort: 9000 | ||||
|               protocol: TCP | ||||
|           volumeMounts: | ||||
|             - name: synapse-config-homeserver | ||||
|               mountPath: /data/homeserver.yaml | ||||
|               subPath: homeserver.yaml | ||||
|             - name: mautrix-whatsapp-registration | ||||
|               mountPath: /data/mautrix-whatsapp-registration.yaml | ||||
|               subPath: registration.yaml | ||||
|             # - name: mautrix-signal-registration | ||||
|             #   mountPath: /data/mautrix-signal-registration.yaml | ||||
|             #   subPath: registration.yaml | ||||
|             # - name: mautrix-telegram-registration | ||||
|             #   mountPath: /data/mautrix-telegram-registration.yaml | ||||
|             #   subPath: registration.yaml | ||||
|             - name: synapse-config-logging | ||||
|               mountPath: /data/matrix.cluster.fun.log.config | ||||
|               subPath: matrix.cluster.fun.log.config | ||||
|             - name: signing-key | ||||
|               mountPath: /data/keys | ||||
|             - name: user-media | ||||
|               mountPath: /data/media_store | ||||
|             - name: uploads | ||||
|               mountPath: /data/uploads | ||||
|             - name: tmp | ||||
|               mountPath: /tmp | ||||
|           readinessProbe: | ||||
|             httpGet: | ||||
|               path: /_matrix/static/ | ||||
|               port: http | ||||
|             periodSeconds: 10 | ||||
|             timeoutSeconds: 5 | ||||
|           startupProbe: | ||||
|             httpGet: | ||||
|               path: /_matrix/static/ | ||||
|               port: http | ||||
|             failureThreshold: 6 | ||||
|             periodSeconds: 5 | ||||
|             timeoutSeconds: 5 | ||||
|           livenessProbe: | ||||
|             httpGet: | ||||
|               path: /_matrix/static/ | ||||
|               port: http | ||||
|             periodSeconds: 10 | ||||
|             timeoutSeconds: 5 | ||||
|           securityContext: | ||||
|             capabilities: | ||||
|               drop: | ||||
|                 - ALL | ||||
|             readOnlyRootFilesystem: true | ||||
|             allowPrivilegeEscalation: false | ||||
|       volumes: | ||||
|         - name: synapse-config-logging | ||||
|           configMap: | ||||
|             name: matrix-synapse-config | ||||
|         - name: synapse-config-homeserver | ||||
|           secret: | ||||
|             secretName: matrix-synapse-config | ||||
|         - name: mautrix-whatsapp-registration | ||||
|           secret: | ||||
|             secretName: mautrix-whatsapp-registration | ||||
|         # - name: mautrix-signal-registration | ||||
|         #   secret: | ||||
|         #     secretName: mautrix-signal-registration | ||||
|         # - name: mautrix-telegram-registration | ||||
|         #   secret: | ||||
|         #     secretName: mautrix-telegram-registration | ||||
|         - name: signing-key | ||||
|           persistentVolumeClaim: | ||||
|             claimName: chat-matrix-signing-key | ||||
|         - name: user-media | ||||
|           persistentVolumeClaim: | ||||
|             claimName: chat-matrix-user-media | ||||
|         - name: uploads | ||||
|           emptyDir: {} | ||||
|         - name: tmp | ||||
|           emptyDir: {} | ||||
| --- | ||||
							
								
								
									
										32
									
								
								manifests/matrix_chart/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								manifests/matrix_chart/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   name: chat-matrix-user-media | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 12Gi | ||||
|   storageClassName: sbs-default-retain | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   name: chat-matrix-signing-key | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "matrix" | ||||
|     component: synapse | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 1Gi | ||||
|   storageClassName: sbs-default-retain | ||||
| --- | ||||
							
								
								
									
										153
									
								
								manifests/matrix_chart/signal_bridge.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										153
									
								
								manifests/matrix_chart/signal_bridge.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,153 @@ | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-signal-registration | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: z6tylu2br724gttcpfyi5egaui | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: registration.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-signal" | ||||
| #     component: registration | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-signal-config | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: 5vfaorcudozlq4clkzgmzzszqe | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: config.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-signal" | ||||
| #     component: config | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Service | ||||
| # metadata: | ||||
| #   name: mautrix-signal | ||||
| #   namespace: chat | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-signal | ||||
| #   annotations: | ||||
| #     prometheus.io/scrape: "true" | ||||
| #     prometheus.io/path: "/metrics" | ||||
| #     prometheus.io/port: "9000" | ||||
| # spec: | ||||
| #   type: ClusterIP | ||||
| #   ports: | ||||
| #   - port: 29328 | ||||
| #     targetPort: http | ||||
| #     protocol: TCP | ||||
| #     name: http | ||||
| #   selector: | ||||
| #     app.kubernetes.io/name: mautrix-signal | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: apps/v1 | ||||
| # kind: Deployment | ||||
| # metadata: | ||||
| #   name: mautrix-signal | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-signal | ||||
| # spec: | ||||
| #   revisionHistoryLimit: 3 | ||||
| #   replicas: 1 | ||||
| #   strategy: | ||||
| #     type: Recreate | ||||
| #   selector: | ||||
| #     matchLabels: | ||||
| #       app.kubernetes.io/name: mautrix-signal | ||||
| #   template: | ||||
| #     metadata: | ||||
| #       labels: | ||||
| #         app.kubernetes.io/name: mautrix-signal | ||||
| #     spec: | ||||
| #       serviceAccountName: default | ||||
| #       automountServiceAccountToken: true | ||||
| #       dnsPolicy: ClusterFirst | ||||
| #       enableServiceLinks: true | ||||
| #       initContainers: | ||||
| #       - name: config-copy | ||||
| #         image: bash:latest | ||||
| #         imagePullPolicy: IfNotPresent | ||||
| #         args: | ||||
| #           - -c | ||||
| #           - | | ||||
| #             cp /secrets/* /data/ | ||||
| #         volumeMounts: | ||||
| #           - name: mautrix-signal-config | ||||
| #             mountPath: /secrets/config.yaml | ||||
| #             subPath: config.yaml | ||||
| #           - name: mautrix-signal-registration | ||||
| #             mountPath: /secrets/registration.yaml | ||||
| #             subPath: registration.yaml | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #       containers: | ||||
| #         - name: signald | ||||
| #           image: docker.io/signald/signald:stable | ||||
| #           imagePullPolicy: Always | ||||
| #           volumeMounts: | ||||
| #           - name: signald | ||||
| #             mountPath: /signald | ||||
| #         - name: mautrix-signal | ||||
| #           image: "dock.mau.dev/mautrix/signal:v0.4.3" | ||||
| #           imagePullPolicy: IfNotPresent | ||||
| #           env: | ||||
| #             - name: "TZ" | ||||
| #               value: "UTC" | ||||
| #           ports: | ||||
| #             - name: http | ||||
| #               containerPort: 29328 | ||||
| #               protocol: TCP | ||||
| #             - name: metrics | ||||
| #               containerPort: 9000 | ||||
| #               protocol: TCP | ||||
| #           volumeMounts: | ||||
| #           - name: signald | ||||
| #             mountPath: /signald | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #           livenessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           readinessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           startupProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 30 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 5 | ||||
| #       volumes: | ||||
| #         - name: data | ||||
| #           emptyDir: {} | ||||
| #         - name: signald | ||||
| #           emptyDir: {} | ||||
| #         - name: mautrix-signal-config | ||||
| #           secret: | ||||
| #             secretName: mautrix-signal-config | ||||
| #         - name: mautrix-signal-registration | ||||
| #           secret: | ||||
| #             secretName: mautrix-signal-registration | ||||
| # --- | ||||
							
								
								
									
										143
									
								
								manifests/matrix_chart/telegram_bridge.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										143
									
								
								manifests/matrix_chart/telegram_bridge.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,143 @@ | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-telegram-registration | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: dancy7ogc4gjlxhfntqejgudwi | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: registration.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-telegram" | ||||
| #     component: registration | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Secret | ||||
| # metadata: | ||||
| #   name: mautrix-telegram-config | ||||
| #   namespace: chat | ||||
| #   annotations: | ||||
| #     kube-1password: nilzdpfum35hhwijnwvasbzmcq | ||||
| #     kube-1password/vault: Kubernetes | ||||
| #     kube-1password/secret-text-key: config.yaml | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: "mautrix-telegram" | ||||
| #     component: config | ||||
| # type: Opaque | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: v1 | ||||
| # kind: Service | ||||
| # metadata: | ||||
| #   name: mautrix-telegram | ||||
| #   namespace: chat | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-telegram | ||||
| #   annotations: | ||||
| #     prometheus.io/scrape: "true" | ||||
| #     prometheus.io/path: "/metrics" | ||||
| #     prometheus.io/port: "9000" | ||||
| # spec: | ||||
| #   type: ClusterIP | ||||
| #   ports: | ||||
| #   - port: 29318 | ||||
| #     targetPort: http | ||||
| #     protocol: TCP | ||||
| #     name: http | ||||
| #   selector: | ||||
| #     app.kubernetes.io/name: mautrix-telegram | ||||
|  | ||||
| # --- | ||||
|  | ||||
| # apiVersion: apps/v1 | ||||
| # kind: Deployment | ||||
| # metadata: | ||||
| #   name: mautrix-telegram | ||||
| #   labels: | ||||
| #     app.kubernetes.io/name: mautrix-telegram | ||||
| # spec: | ||||
| #   revisionHistoryLimit: 3 | ||||
| #   replicas: 1 | ||||
| #   strategy: | ||||
| #     type: Recreate | ||||
| #   selector: | ||||
| #     matchLabels: | ||||
| #       app.kubernetes.io/name: mautrix-telegram | ||||
| #   template: | ||||
| #     metadata: | ||||
| #       labels: | ||||
| #         app.kubernetes.io/name: mautrix-telegram | ||||
| #     spec: | ||||
| #       serviceAccountName: default | ||||
| #       automountServiceAccountToken: true | ||||
| #       dnsPolicy: ClusterFirst | ||||
| #       enableServiceLinks: true | ||||
| #       initContainers: | ||||
| #       - name: config-copy | ||||
| #         image: bash:latest | ||||
| #         imagePullPolicy: IfNotPresent | ||||
| #         args: | ||||
| #           - -c | ||||
| #           - | | ||||
| #             cp /secrets/* /data/ | ||||
| #         volumeMounts: | ||||
| #           - name: mautrix-telegram-config | ||||
| #             mountPath: /secrets/config.yaml | ||||
| #             subPath: config.yaml | ||||
| #           - name: mautrix-telegram-registration | ||||
| #             mountPath: /secrets/registration.yaml | ||||
| #             subPath: registration.yaml | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #       containers: | ||||
| #         - name: mautrix-telegram | ||||
| #           image: "dock.mau.dev/mautrix/telegram:v0.12.1" | ||||
| #           imagePullPolicy: IfNotPresent | ||||
| #           env: | ||||
| #             - name: "TZ" | ||||
| #               value: "UTC" | ||||
| #           ports: | ||||
| #             - name: http | ||||
| #               containerPort: 29318 | ||||
| #               protocol: TCP | ||||
| #             - name: metrics | ||||
| #               containerPort: 9000 | ||||
| #               protocol: TCP | ||||
| #           volumeMounts: | ||||
| #           - name: data | ||||
| #             mountPath: /data | ||||
| #           livenessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           readinessProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 3 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 10 | ||||
| #           startupProbe: | ||||
| #             tcpSocket: | ||||
| #               port: 29318 | ||||
| #             initialDelaySeconds: 0 | ||||
| #             failureThreshold: 30 | ||||
| #             timeoutSeconds: 1 | ||||
| #             periodSeconds: 5 | ||||
| #       volumes: | ||||
| #         - name: data | ||||
| #           emptyDir: {} | ||||
| #         - name: mautrix-telegram-config | ||||
| #           secret: | ||||
| #             secretName: mautrix-telegram-config | ||||
| #         - name: mautrix-telegram-registration | ||||
| #           secret: | ||||
| #             secretName: mautrix-telegram-registration | ||||
| # --- | ||||
							
								
								
									
										143
									
								
								manifests/matrix_chart/whatsapp_bridge.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										143
									
								
								manifests/matrix_chart/whatsapp_bridge.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,143 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mautrix-whatsapp-registration | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     kube-1password: x6lzkpyov4dem5jtk2kimyrnvy | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: registration.yaml | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "mautrix-whatsapp" | ||||
|     component: registration | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mautrix-whatsapp-config | ||||
|   namespace: chat | ||||
|   annotations: | ||||
|     kube-1password: ji3e2el66bu56bml3kq3ghyojq | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: config.yaml | ||||
|   labels: | ||||
|     app.kubernetes.io/name: "mautrix-whatsapp" | ||||
|     component: config | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: mautrix-whatsapp | ||||
|   namespace: chat | ||||
|   labels: | ||||
|     app.kubernetes.io/name: mautrix-whatsapp | ||||
|   annotations: | ||||
|     prometheus.io/scrape: "true" | ||||
|     prometheus.io/path: "/metrics" | ||||
|     prometheus.io/port: "9000" | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 29318 | ||||
|     targetPort: http | ||||
|     protocol: TCP | ||||
|     name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: mautrix-whatsapp | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: mautrix-whatsapp | ||||
|   labels: | ||||
|     app.kubernetes.io/name: mautrix-whatsapp | ||||
| spec: | ||||
|   revisionHistoryLimit: 3 | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: mautrix-whatsapp | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: mautrix-whatsapp | ||||
|     spec: | ||||
|       serviceAccountName: default | ||||
|       automountServiceAccountToken: true | ||||
|       dnsPolicy: ClusterFirst | ||||
|       enableServiceLinks: true | ||||
|       initContainers: | ||||
|       - name: config-copy | ||||
|         image: bash:latest | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         args: | ||||
|           - -c | ||||
|           - | | ||||
|             cp /secrets/* /data/ | ||||
|         volumeMounts: | ||||
|           - name: mautrix-whatsapp-config | ||||
|             mountPath: /secrets/config.yaml | ||||
|             subPath: config.yaml | ||||
|           - name: mautrix-whatsapp-registration | ||||
|             mountPath: /secrets/registration.yaml | ||||
|             subPath: registration.yaml | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|       containers: | ||||
|         - name: mautrix-whatsapp | ||||
|           image: "dock.mau.dev/mautrix/whatsapp:v0.10.7" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           env: | ||||
|             - name: "TZ" | ||||
|               value: "UTC" | ||||
|           ports: | ||||
|             - name: http | ||||
|               containerPort: 29318 | ||||
|               protocol: TCP | ||||
|             - name: metrics | ||||
|               containerPort: 9000 | ||||
|               protocol: TCP | ||||
|           volumeMounts: | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|           livenessProbe: | ||||
|             tcpSocket: | ||||
|               port: 29318 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 10 | ||||
|           readinessProbe: | ||||
|             tcpSocket: | ||||
|               port: 29318 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 3 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 10 | ||||
|           startupProbe: | ||||
|             tcpSocket: | ||||
|               port: 29318 | ||||
|             initialDelaySeconds: 0 | ||||
|             failureThreshold: 30 | ||||
|             timeoutSeconds: 1 | ||||
|             periodSeconds: 5 | ||||
|       volumes: | ||||
|         - name: data | ||||
|           emptyDir: {} | ||||
|         - name: mautrix-whatsapp-config | ||||
|           secret: | ||||
|             secretName: mautrix-whatsapp-config | ||||
|         - name: mautrix-whatsapp-registration | ||||
|           secret: | ||||
|             secretName: mautrix-whatsapp-registration | ||||
| --- | ||||
							
								
								
									
										120
									
								
								manifests/mealie/mealie.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										120
									
								
								manifests/mealie/mealie.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,120 @@ | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: mealie | ||||
|   namespace: mealie | ||||
|   annotations: | ||||
|     kube-1password: 7ibib7oafxbxkvofnd4oxcr3qy | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: mealie | ||||
|   namespace: mealie | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: mealie | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: mealie | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: frontend | ||||
|         image: ghcr.io/mealie-recipes/mealie:v1.4.0 | ||||
|         imagePullPolicy: Always | ||||
|         envFrom: | ||||
|         - secretRef: | ||||
|             name: mealie | ||||
|         env: | ||||
|         - name: PUID | ||||
|           value: "1000" | ||||
|         - name: PGID | ||||
|           value: "1000" | ||||
|         - name: TOKEN_TIME | ||||
|           value: "168" | ||||
|         - name: DB_ENGINE | ||||
|           value: postgres | ||||
|         - name: POSTGRES_DB | ||||
|           value: mealie | ||||
|         - name: RECIPE_PUBLIC | ||||
|           value: "false" | ||||
|         - name: RECIPE_SHOW_NUTRITION | ||||
|           value: "true" | ||||
|         - name: RECIPE_SHOW_ASSETS | ||||
|           value: "true" | ||||
|         - name: RECIPE_LANDSCAPE_VIEW | ||||
|           value: "true" | ||||
|         - name: RECIPE_DISABLE_COMMENTS | ||||
|           value: "false" | ||||
|         - name: RECIPE_DISABLE_AMOUNT | ||||
|           value: "false" | ||||
|         - name: ALLOW_SIGNUP | ||||
|           value: "false" | ||||
|         - name: BASE_URL | ||||
|           value: "https://mealie.cluster.fun" | ||||
|         ports: | ||||
|         - containerPort: 9000 | ||||
|           name: web | ||||
|         volumeMounts: | ||||
|           - mountPath: /app/data | ||||
|             name: data | ||||
|       volumes: | ||||
|       - name: data | ||||
|         persistentVolumeClaim: | ||||
|           claimName: mealie | ||||
|  | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: mealie | ||||
|   namespace: mealie | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 80 | ||||
|     targetPort: web | ||||
|     name: web | ||||
|   selector: | ||||
|     app: mealie | ||||
| --- | ||||
|  | ||||
|  | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: mealie | ||||
|   namespace: mealie | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   ingressClassName: nginx | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - mealie.cluster.fun | ||||
|     secretName: mealie-ingress | ||||
|   rules: | ||||
|   - host: mealie.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           service: | ||||
|             name: mealie | ||||
|             port: | ||||
|               name: web | ||||
							
								
								
									
										13
									
								
								manifests/mealie/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								manifests/mealie/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
| kind: PersistentVolumeClaim | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: mealie | ||||
|   namespace: mealie | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 2Gi | ||||
|   storageClassName: sbs-default-retain | ||||
| --- | ||||
							
								
								
									
										255
									
								
								manifests/monitoring-civo/kube-state-metrics.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										255
									
								
								manifests/monitoring-civo/kube-state-metrics.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,255 @@ | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   name: kube-state-metrics | ||||
| rules: | ||||
|   - apiGroups: ["certificates.k8s.io"] | ||||
|     resources: | ||||
|     - certificatesigningrequests | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - configmaps | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["batch"] | ||||
|     resources: | ||||
|     - cronjobs | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - daemonsets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - deployments | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - endpoints | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["autoscaling"] | ||||
|     resources: | ||||
|     - horizontalpodautoscalers | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "networking.k8s.io"] | ||||
|     resources: | ||||
|     - ingresses | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["batch"] | ||||
|     resources: | ||||
|     - jobs | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - limitranges | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["admissionregistration.k8s.io"] | ||||
|     resources: | ||||
|       - mutatingwebhookconfigurations | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - namespaces | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["networking.k8s.io"] | ||||
|     resources: | ||||
|     - networkpolicies | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - nodes | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - persistentvolumeclaims | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - persistentvolumes | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["policy"] | ||||
|     resources: | ||||
|       - poddisruptionbudgets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - pods | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - replicasets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - replicationcontrollers | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - resourcequotas | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - secrets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - services | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["apps"] | ||||
|     resources: | ||||
|     - statefulsets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["storage.k8s.io"] | ||||
|     resources: | ||||
|       - storageclasses | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["admissionregistration.k8s.io"] | ||||
|     resources: | ||||
|       - validatingwebhookconfigurations | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["storage.k8s.io"] | ||||
|     resources: | ||||
|       - volumeattachments | ||||
|     verbs: ["list", "watch"] | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   name: kube-state-metrics | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: kube-state-metrics | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   annotations: | ||||
|     prometheus.io/scrape: 'true' | ||||
| spec: | ||||
|   type: "ClusterIP" | ||||
|   ports: | ||||
|   - name: "http" | ||||
|     protocol: TCP | ||||
|     port: 8080 | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: kube-state-metrics | ||||
|   replicas: 1 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: kube-state-metrics | ||||
|     spec: | ||||
|       serviceAccountName: kube-state-metrics | ||||
|       securityContext: | ||||
|         fsGroup: 65534 | ||||
|         runAsGroup: 65534 | ||||
|         runAsUser: 65534 | ||||
|       containers: | ||||
|       - name: kube-state-metrics | ||||
|         args: | ||||
|         #- --resources=certificatesigningrequests | ||||
|         - --resources=configmaps | ||||
|         - --resources=cronjobs | ||||
|         - --resources=daemonsets | ||||
|         - --resources=deployments | ||||
|         #- --resources=endpoints | ||||
|         #- --resources=horizontalpodautoscalers | ||||
|         - --resources=ingresses | ||||
|         - --resources=jobs | ||||
|         #- --resources=limitranges | ||||
|         - --resources=mutatingwebhookconfigurations | ||||
|         - --resources=namespaces | ||||
|         #- --resources=networkpolicies | ||||
|         - --resources=nodes | ||||
|         - --resources=persistentvolumeclaims | ||||
|         - --resources=persistentvolumes | ||||
|         - --resources=poddisruptionbudgets | ||||
|         - --resources=pods | ||||
|         - --resources=replicasets | ||||
|         #- --resources=replicationcontrollers | ||||
|         #- --resources=resourcequotas | ||||
|         - --resources=secrets | ||||
|         - --resources=services | ||||
|         - --resources=statefulsets | ||||
|         - --resources=storageclasses | ||||
|         - --resources=validatingwebhookconfigurations | ||||
|         #- --resources=volumeattachments | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0" | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|         livenessProbe: | ||||
|           httpGet: | ||||
|             path: /healthz | ||||
|             port: 8080 | ||||
|           initialDelaySeconds: 5 | ||||
|           timeoutSeconds: 5 | ||||
|         readinessProbe: | ||||
|           httpGet: | ||||
|             path: / | ||||
|             port: 8080 | ||||
|           initialDelaySeconds: 5 | ||||
|           timeoutSeconds: 5 | ||||
| --- | ||||
							
								
								
									
										64
									
								
								manifests/monitoring-civo/prometheus-server.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								manifests/monitoring-civo/prometheus-server.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: prometheus-server | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
|   name: prometheus-server | ||||
| rules: | ||||
|   - apiGroups: | ||||
|       - "" | ||||
|     resources: | ||||
|       - nodes | ||||
|       - nodes/proxy | ||||
|       - nodes/metrics | ||||
|       - services | ||||
|       - endpoints | ||||
|       - pods | ||||
|       - ingresses | ||||
|       - configmaps | ||||
|     verbs: | ||||
|       - get | ||||
|       - list | ||||
|       - watch | ||||
|   - apiGroups: | ||||
|       - "extensions" | ||||
|       - "networking.k8s.io" | ||||
|     resources: | ||||
|       - ingresses/status | ||||
|       - ingresses | ||||
|     verbs: | ||||
|       - get | ||||
|       - list | ||||
|       - watch | ||||
|   - nonResourceURLs: | ||||
|       - "/metrics" | ||||
|     verbs: | ||||
|       - get | ||||
| --- | ||||
|  | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
|   name: prometheus-server | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: prometheus-server | ||||
|     namespace: monitoring | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: prometheus-server | ||||
| --- | ||||
							
								
								
									
										292
									
								
								manifests/monitoring-civo/promtail.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										292
									
								
								manifests/monitoring-civo/promtail.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,292 @@ | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| data: | ||||
|   promtail.yaml: | | ||||
|     client: | ||||
|       backoff_config: | ||||
|         max_period: 5m | ||||
|         max_retries: 10 | ||||
|         min_period: 500ms | ||||
|       batchsize: 1048576 | ||||
|       batchwait: 1s | ||||
|       external_labels: {} | ||||
|       timeout: 10s | ||||
|     positions: | ||||
|       filename: /run/promtail/positions.yaml | ||||
|     server: | ||||
|       http_listen_port: 3101 | ||||
|     clients: | ||||
|     - url: http://loki-distributed.proxy-civo.svc:80/loki/api/v1/push | ||||
|       external_labels: | ||||
|         kubernetes_cluster: civo | ||||
|     target_config: | ||||
|       sync_period: 10s | ||||
|     scrape_configs: | ||||
|     - job_name: kubernetes-pods | ||||
|       pipeline_stages: | ||||
|         - docker: {} | ||||
|         - cri: {} | ||||
|         - match: | ||||
|             selector: '{app="weave-net"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{filename=~".*konnectivity.*"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*/healthz.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*/api/health.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*kube-probe/.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="internal-proxy"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="non-auth-proxy"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="vpa"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="promtail"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="csi-node"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="victoria-metrics"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="git-sync"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="ingress-nginx"}' | ||||
|             stages: | ||||
|             - json: | ||||
|                 expressions: | ||||
|                   request_host: host | ||||
|                   request_path: path | ||||
|                   request_method: method | ||||
|                   response_status: status | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/healthz" | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/health" | ||||
|             - labels: | ||||
|                 request_host: | ||||
|                 request_method: | ||||
|                 response_status: | ||||
|         - match: | ||||
|             selector: '{app="traefik"}' | ||||
|             stages: | ||||
|             - json: | ||||
|                 expressions: | ||||
|                   request_host: RequestHost | ||||
|                   request_path: RequestPath | ||||
|                   request_method: RequestMethod | ||||
|                   response_status: OriginStatus | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/healthz" | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/health" | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/ping" | ||||
|             - labels: | ||||
|                 request_host: | ||||
|                 request_method: | ||||
|                 response_status: | ||||
|       kubernetes_sd_configs: | ||||
|         - role: pod | ||||
|       relabel_configs: | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_controller_name | ||||
|           regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})? | ||||
|           action: replace | ||||
|           target_label: __tmp_controller_name | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_label_app_kubernetes_io_name | ||||
|             - __meta_kubernetes_pod_label_app | ||||
|             - __tmp_controller_name | ||||
|             - __meta_kubernetes_pod_name | ||||
|           regex: ^;*([^;]+)(;.*)?$ | ||||
|           action: replace | ||||
|           target_label: app | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_label_app_kubernetes_io_component | ||||
|             - __meta_kubernetes_pod_label_component | ||||
|           regex: ^;*([^;]+)(;.*)?$ | ||||
|           action: replace | ||||
|           target_label: component | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_node_name | ||||
|           target_label: node_name | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_namespace | ||||
|           target_label: namespace | ||||
|         - action: replace | ||||
|           replacement: $1 | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - namespace | ||||
|             - app | ||||
|           target_label: job | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_name | ||||
|           target_label: pod | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: container | ||||
|         - action: replace | ||||
|           replacement: /var/log/pods/*$1/*.log | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_uid | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: __path__ | ||||
|         - action: replace | ||||
|           replacement: /var/log/pods/*$1/*.log | ||||
|           regex: true/(.*) | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash | ||||
|             - __meta_kubernetes_pod_annotation_kubernetes_io_config_hash | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: __path__ | ||||
|         - action: labelmap | ||||
|           regex: __meta_kubernetes_pod_label_(.+) | ||||
|  | ||||
| --- | ||||
| kind: ClusterRole | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: promtail-clusterrole | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| rules: | ||||
| - apiGroups: [""] # "" indicates the core API group | ||||
|   resources: | ||||
|   - nodes | ||||
|   - nodes/proxy | ||||
|   - services | ||||
|   - endpoints | ||||
|   - pods | ||||
|   verbs: ["get", "watch", "list"] | ||||
| --- | ||||
| kind: ClusterRoleBinding | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: promtail-clusterrolebinding | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: promtail | ||||
|     namespace: monitoring | ||||
| roleRef: | ||||
|   kind: ClusterRole | ||||
|   name: promtail-clusterrole | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: DaemonSet | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "promtail" | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: promtail | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: promtail | ||||
|       annotations: | ||||
|         prometheus.io/port: http-metrics | ||||
|         prometheus.io/scrape: "true" | ||||
|     spec: | ||||
|       serviceAccountName: promtail | ||||
|       containers: | ||||
|         - name: promtail | ||||
|           image: "grafana/promtail:2.9.7" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           args: | ||||
|             - "-config.file=/etc/promtail/promtail.yaml" | ||||
|           volumeMounts: | ||||
|             - name: config | ||||
|               mountPath: /etc/promtail | ||||
|             - name: run | ||||
|               mountPath: /run/promtail | ||||
|             - mountPath: /var/lib/docker/containers | ||||
|               name: docker | ||||
|               readOnly: true | ||||
|             - mountPath: /var/log/pods | ||||
|               name: pods | ||||
|               readOnly: true | ||||
|           env: | ||||
|             - name: HOSTNAME | ||||
|               valueFrom: | ||||
|                 fieldRef: | ||||
|                   fieldPath: spec.nodeName | ||||
|           ports: | ||||
|             - containerPort: 3101 | ||||
|               name: http-metrics | ||||
|           securityContext: | ||||
|             readOnlyRootFilesystem: true | ||||
|             runAsGroup: 0 | ||||
|             runAsUser: 0 | ||||
|           readinessProbe: | ||||
|             failureThreshold: 5 | ||||
|             httpGet: | ||||
|               path: /ready | ||||
|               port: http-metrics | ||||
|             initialDelaySeconds: 10 | ||||
|             periodSeconds: 10 | ||||
|             successThreshold: 1 | ||||
|             timeoutSeconds: 1 | ||||
|       tolerations: | ||||
|         - effect: NoSchedule | ||||
|           key: node-role.kubernetes.io/master | ||||
|           operator: Exists | ||||
|       volumes: | ||||
|         - name: config | ||||
|           configMap: | ||||
|             name: promtail | ||||
|         - name: run | ||||
|           hostPath: | ||||
|             path: /run/promtail | ||||
|         - hostPath: | ||||
|             path: /var/lib/docker/containers | ||||
|           name: docker | ||||
|         - hostPath: | ||||
|             path: /var/log/pods | ||||
|           name: pods | ||||
| --- | ||||
							
								
								
									
										163
									
								
								manifests/monitoring-civo/vmagent.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										163
									
								
								manifests/monitoring-civo/vmagent.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,163 @@ | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: vmagent | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: victoria-metrics | ||||
|     app.kubernetes.io/component: agent | ||||
| data: | ||||
|   prometheus.yml: | | ||||
|     global: | ||||
|       scrape_interval: 1m | ||||
|       external_labels: | ||||
|         source: civo | ||||
|         agent: vmagent | ||||
|     scrape_configs: | ||||
|     - job_name: 'vmagent' | ||||
|       static_configs: | ||||
|         - targets: ['localhost:8429'] | ||||
|     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||||
|       job_name: kubernetes-nodes | ||||
|       kubernetes_sd_configs: | ||||
|       - role: node | ||||
|       relabel_configs: | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_node_label_(.+) | ||||
|       - replacement: kubernetes.default.svc:443 | ||||
|         target_label: __address__ | ||||
|       - regex: (.+) | ||||
|         replacement: /api/v1/nodes/$1/proxy/metrics | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_node_name | ||||
|         target_label: __metrics_path__ | ||||
|       scheme: https | ||||
|       tls_config: | ||||
|         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||||
|         insecure_skip_verify: true | ||||
|     - job_name: kubernetes-service-endpoints | ||||
|       kubernetes_sd_configs: | ||||
|       - role: endpoints | ||||
|       relabel_configs: | ||||
|       - action: keep | ||||
|         regex: true | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_scrape | ||||
|       - action: replace | ||||
|         regex: (https?) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_scheme | ||||
|         target_label: __scheme__ | ||||
|       - action: replace | ||||
|         regex: (.+) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_path | ||||
|         target_label: __metrics_path__ | ||||
|       - action: replace | ||||
|         regex: ([^:]+)(?::\d+)?;(\d+) | ||||
|         replacement: $1:$2 | ||||
|         source_labels: | ||||
|         - __address__ | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_port | ||||
|         target_label: __address__ | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_service_label_(.+) | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_namespace | ||||
|         target_label: kubernetes_namespace | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_name | ||||
|         target_label: kubernetes_name | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_endpoint_port_name | ||||
|         target_label: kubernetes_endpoint_port_name | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_node_name | ||||
|         target_label: kubernetes_node | ||||
|     - job_name: kubernetes-pods | ||||
|       kubernetes_sd_configs: | ||||
|       - role: pod | ||||
|       relabel_configs: | ||||
|       - action: keep | ||||
|         regex: true | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_scrape | ||||
|       - action: replace | ||||
|         regex: (.+) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_path | ||||
|         target_label: __metrics_path__ | ||||
|       - action: replace | ||||
|         regex: ([^:]+)(?::\d+)?;(\d+) | ||||
|         replacement: $1:$2 | ||||
|         source_labels: | ||||
|         - __address__ | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_port | ||||
|         target_label: __address__ | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_pod_label_(.+) | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_namespace | ||||
|         target_label: kubernetes_namespace | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_name | ||||
|         target_label: kubernetes_pod_name | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_container_port_name | ||||
|         target_label: kubernetes_port_name | ||||
|       - action: drop | ||||
|         regex: Pending|Succeeded|Failed | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_phase | ||||
|  | ||||
|  | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: vmagent | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: victoria-metrics | ||||
|     app.kubernetes.io/component: agent | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "vmagent" | ||||
| spec: | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: victoria-metrics | ||||
|       app.kubernetes.io/component: agent | ||||
|   replicas: 1 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: victoria-metrics | ||||
|         app.kubernetes.io/component: agent | ||||
|     spec: | ||||
|       serviceAccountName: prometheus-server | ||||
|       containers: | ||||
|         - name: vmagent | ||||
|           image: "victoriametrics/vmagent:v1.100.1" | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           args: | ||||
|             - -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/ | ||||
|             - -remoteWrite.showURL | ||||
|             - -promscrape.config=/config/prometheus.yml | ||||
|           volumeMounts: | ||||
|             - name: config-volume | ||||
|               mountPath: /config | ||||
|       volumes: | ||||
|         - name: config-volume | ||||
|           configMap: | ||||
|             name: vmagent | ||||
| --- | ||||
							
								
								
									
										255
									
								
								manifests/monitoring/kube-state-metrics.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										255
									
								
								manifests/monitoring/kube-state-metrics.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,255 @@ | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   name: kube-state-metrics | ||||
| rules: | ||||
|   - apiGroups: ["certificates.k8s.io"] | ||||
|     resources: | ||||
|     - certificatesigningrequests | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - configmaps | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["batch"] | ||||
|     resources: | ||||
|     - cronjobs | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - daemonsets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - deployments | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - endpoints | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["autoscaling"] | ||||
|     resources: | ||||
|     - horizontalpodautoscalers | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "networking.k8s.io"] | ||||
|     resources: | ||||
|     - ingresses | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["batch"] | ||||
|     resources: | ||||
|     - jobs | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - limitranges | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["admissionregistration.k8s.io"] | ||||
|     resources: | ||||
|       - mutatingwebhookconfigurations | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - namespaces | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["networking.k8s.io"] | ||||
|     resources: | ||||
|     - networkpolicies | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - nodes | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - persistentvolumeclaims | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - persistentvolumes | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["policy"] | ||||
|     resources: | ||||
|       - poddisruptionbudgets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - pods | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["extensions", "apps"] | ||||
|     resources: | ||||
|     - replicasets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - replicationcontrollers | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - resourcequotas | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - secrets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: [""] | ||||
|     resources: | ||||
|     - services | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["apps"] | ||||
|     resources: | ||||
|     - statefulsets | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["storage.k8s.io"] | ||||
|     resources: | ||||
|       - storageclasses | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["admissionregistration.k8s.io"] | ||||
|     resources: | ||||
|       - validatingwebhookconfigurations | ||||
|     verbs: ["list", "watch"] | ||||
|  | ||||
|   - apiGroups: ["storage.k8s.io"] | ||||
|     resources: | ||||
|       - volumeattachments | ||||
|     verbs: ["list", "watch"] | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   name: kube-state-metrics | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: kube-state-metrics | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
| --- | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
|   annotations: | ||||
|     prometheus.io/scrape: 'true' | ||||
| spec: | ||||
|   type: "ClusterIP" | ||||
|   ports: | ||||
|   - name: "http" | ||||
|     protocol: TCP | ||||
|     port: 8080 | ||||
|     targetPort: 8080 | ||||
|   selector: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: kube-state-metrics | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-state-metrics | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: kube-state-metrics | ||||
|   replicas: 1 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: kube-state-metrics | ||||
|     spec: | ||||
|       serviceAccountName: kube-state-metrics | ||||
|       securityContext: | ||||
|         fsGroup: 65534 | ||||
|         runAsGroup: 65534 | ||||
|         runAsUser: 65534 | ||||
|       containers: | ||||
|       - name: kube-state-metrics | ||||
|         args: | ||||
|         #- --resources=certificatesigningrequests | ||||
|         - --resources=configmaps | ||||
|         - --resources=cronjobs | ||||
|         - --resources=daemonsets | ||||
|         - --resources=deployments | ||||
|         #- --resources=endpoints | ||||
|         #- --resources=horizontalpodautoscalers | ||||
|         - --resources=ingresses | ||||
|         - --resources=jobs | ||||
|         #- --resources=limitranges | ||||
|         - --resources=mutatingwebhookconfigurations | ||||
|         - --resources=namespaces | ||||
|         #- --resources=networkpolicies | ||||
|         - --resources=nodes | ||||
|         - --resources=persistentvolumeclaims | ||||
|         - --resources=persistentvolumes | ||||
|         - --resources=poddisruptionbudgets | ||||
|         - --resources=pods | ||||
|         - --resources=replicasets | ||||
|         #- --resources=replicationcontrollers | ||||
|         #- --resources=resourcequotas | ||||
|         - --resources=secrets | ||||
|         - --resources=services | ||||
|         - --resources=statefulsets | ||||
|         - --resources=storageclasses | ||||
|         - --resources=validatingwebhookconfigurations | ||||
|         #- --resources=volumeattachments | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0" | ||||
|         ports: | ||||
|         - containerPort: 8080 | ||||
|         livenessProbe: | ||||
|           httpGet: | ||||
|             path: /healthz | ||||
|             port: 8080 | ||||
|           initialDelaySeconds: 5 | ||||
|           timeoutSeconds: 5 | ||||
|         readinessProbe: | ||||
|           httpGet: | ||||
|             path: / | ||||
|             port: 8080 | ||||
|           initialDelaySeconds: 5 | ||||
|           timeoutSeconds: 5 | ||||
| --- | ||||
							
								
								
									
										97
									
								
								manifests/monitoring/node-exporter.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										97
									
								
								manifests/monitoring/node-exporter.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,97 @@ | ||||
|  | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: prometheus-node-exporter | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: node-exporter | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   annotations: | ||||
|     prometheus.io/scrape: "true" | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: node-exporter | ||||
|   name: prometheus-node-exporter | ||||
|   namespace: monitoring | ||||
| spec: | ||||
|   clusterIP: None | ||||
|   ports: | ||||
|     - name: metrics | ||||
|       port: 9100 | ||||
|       protocol: TCP | ||||
|       targetPort: 9100 | ||||
|   selector: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: node-exporter | ||||
|   type: "ClusterIP" | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: DaemonSet | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: node-exporter | ||||
|   name: prometheus-node-exporter | ||||
|   namespace: monitoring | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: prometheus | ||||
|       app.kubernetes.io/component: node-exporter | ||||
|   updateStrategy: | ||||
|     type: RollingUpdate | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: prometheus | ||||
|         app.kubernetes.io/component: node-exporter | ||||
|     spec: | ||||
|       serviceAccountName: prometheus-node-exporter | ||||
|       containers: | ||||
|         - name: prometheus-node-exporter | ||||
|           image: "prom/node-exporter:v1.7.0" | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           args: | ||||
|             - --path.procfs=/host/proc | ||||
|             - --path.sysfs=/host/sys | ||||
|             - --no-collector.wifi | ||||
|             - --no-collector.hwmon | ||||
|             - --no-collector.netclass | ||||
|             - --no-collector.arp | ||||
|             - --no-collector.bcache | ||||
|             - --no-collector.bonding | ||||
|             - --no-collector.btrfs | ||||
|             - --no-collector.dmi | ||||
|             - --no-collector.edac | ||||
|             - --no-collector.entropy | ||||
|             - --no-collector.fibrechannel | ||||
|             - --no-collector.infiniband | ||||
|             - --no-collector.tapestats | ||||
|             - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/) | ||||
|             - --web.listen-address=:9100 | ||||
|           ports: | ||||
|             - name: metrics | ||||
|               containerPort: 9100 | ||||
|               hostPort: 9100 | ||||
|           volumeMounts: | ||||
|             - name: proc | ||||
|               mountPath: /host/proc | ||||
|               readOnly:  true | ||||
|             - name: sys | ||||
|               mountPath: /host/sys | ||||
|               readOnly: true | ||||
|       hostNetwork: true | ||||
|       hostPID: true | ||||
|       volumes: | ||||
|         - name: proc | ||||
|           hostPath: | ||||
|             path: /proc | ||||
|         - name: sys | ||||
|           hostPath: | ||||
|             path: /sys | ||||
| --- | ||||
							
								
								
									
										64
									
								
								manifests/monitoring/prometheus-server.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								manifests/monitoring/prometheus-server.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: prometheus-server | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
|   name: prometheus-server | ||||
| rules: | ||||
|   - apiGroups: | ||||
|       - "" | ||||
|     resources: | ||||
|       - nodes | ||||
|       - nodes/proxy | ||||
|       - nodes/metrics | ||||
|       - services | ||||
|       - endpoints | ||||
|       - pods | ||||
|       - ingresses | ||||
|       - configmaps | ||||
|     verbs: | ||||
|       - get | ||||
|       - list | ||||
|       - watch | ||||
|   - apiGroups: | ||||
|       - "extensions" | ||||
|       - "networking.k8s.io" | ||||
|     resources: | ||||
|       - ingresses/status | ||||
|       - ingresses | ||||
|     verbs: | ||||
|       - get | ||||
|       - list | ||||
|       - watch | ||||
|   - nonResourceURLs: | ||||
|       - "/metrics" | ||||
|     verbs: | ||||
|       - get | ||||
| --- | ||||
|  | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: prometheus | ||||
|     app.kubernetes.io/component: server | ||||
|   name: prometheus-server | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: prometheus-server | ||||
|     namespace: monitoring | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: prometheus-server | ||||
| --- | ||||
							
								
								
									
										271
									
								
								manifests/monitoring/promtail.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										271
									
								
								manifests/monitoring/promtail.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,271 @@ | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| data: | ||||
|   promtail.yaml: | | ||||
|     client: | ||||
|       backoff_config: | ||||
|         max_period: 5m | ||||
|         max_retries: 10 | ||||
|         min_period: 500ms | ||||
|       batchsize: 1048576 | ||||
|       batchwait: 1s | ||||
|       external_labels: {} | ||||
|       timeout: 10s | ||||
|     positions: | ||||
|       filename: /run/promtail/positions.yaml | ||||
|     server: | ||||
|       http_listen_port: 3101 | ||||
|     clients: | ||||
|     - url: http://loki-distributed.auth-proxy.svc:80/loki/api/v1/push | ||||
|       external_labels: | ||||
|         kubernetes_cluster: scaleway | ||||
|     target_config: | ||||
|       sync_period: 10s | ||||
|     scrape_configs: | ||||
|     - job_name: kubernetes-pods | ||||
|       pipeline_stages: | ||||
|         - docker: {} | ||||
|         - cri: {} | ||||
|         - match: | ||||
|             selector: '{app="weave-net"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{filename=~".*konnectivity.*"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*/healthz.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*/api/health.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{name=~".*"} |~ ".*kube-probe/.*"' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="internal-proxy"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="non-auth-proxy"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="vpa"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="promtail"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="csi-node"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="victoria-metrics"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="git-sync"}' | ||||
|             action: drop | ||||
|         - match: | ||||
|             selector: '{app="ingress-nginx"}' | ||||
|             stages: | ||||
|             - json: | ||||
|                 expressions: | ||||
|                   request_host: host | ||||
|                   request_path: path | ||||
|                   request_method: method | ||||
|                   response_status: status | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/healthz" | ||||
|             - drop: | ||||
|                 source: "request_path" | ||||
|                 value:  "/health" | ||||
|             - labels: | ||||
|                 request_host: | ||||
|                 request_method: | ||||
|                 response_status: | ||||
|       kubernetes_sd_configs: | ||||
|         - role: pod | ||||
|       relabel_configs: | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_controller_name | ||||
|           regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})? | ||||
|           action: replace | ||||
|           target_label: __tmp_controller_name | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_label_app_kubernetes_io_name | ||||
|             - __meta_kubernetes_pod_label_app | ||||
|             - __tmp_controller_name | ||||
|             - __meta_kubernetes_pod_name | ||||
|           regex: ^;*([^;]+)(;.*)?$ | ||||
|           action: replace | ||||
|           target_label: app | ||||
|         - source_labels: | ||||
|             - __meta_kubernetes_pod_label_app_kubernetes_io_component | ||||
|             - __meta_kubernetes_pod_label_component | ||||
|           regex: ^;*([^;]+)(;.*)?$ | ||||
|           action: replace | ||||
|           target_label: component | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_node_name | ||||
|           target_label: node_name | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_namespace | ||||
|           target_label: namespace | ||||
|         - action: replace | ||||
|           replacement: $1 | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - namespace | ||||
|             - app | ||||
|           target_label: job | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_name | ||||
|           target_label: pod | ||||
|         - action: replace | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: container | ||||
|         - action: replace | ||||
|           replacement: /var/log/pods/*$1/*.log | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_uid | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: __path__ | ||||
|         - action: replace | ||||
|           replacement: /var/log/pods/*$1/*.log | ||||
|           regex: true/(.*) | ||||
|           separator: / | ||||
|           source_labels: | ||||
|             - __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash | ||||
|             - __meta_kubernetes_pod_annotation_kubernetes_io_config_hash | ||||
|             - __meta_kubernetes_pod_container_name | ||||
|           target_label: __path__ | ||||
|         - action: labelmap | ||||
|           regex: __meta_kubernetes_pod_label_(.+) | ||||
|  | ||||
| --- | ||||
| kind: ClusterRole | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: promtail-clusterrole | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| rules: | ||||
| - apiGroups: [""] # "" indicates the core API group | ||||
|   resources: | ||||
|   - nodes | ||||
|   - nodes/proxy | ||||
|   - services | ||||
|   - endpoints | ||||
|   - pods | ||||
|   verbs: ["get", "watch", "list"] | ||||
| --- | ||||
| kind: ClusterRoleBinding | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: promtail-clusterrolebinding | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
| subjects: | ||||
|   - kind: ServiceAccount | ||||
|     name: promtail | ||||
|     namespace: monitoring | ||||
| roleRef: | ||||
|   kind: ClusterRole | ||||
|   name: promtail-clusterrole | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: DaemonSet | ||||
| metadata: | ||||
|   name: promtail | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: promtail | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "promtail" | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: promtail | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: promtail | ||||
|       annotations: | ||||
|         prometheus.io/port: http-metrics | ||||
|         prometheus.io/scrape: "true" | ||||
|     spec: | ||||
|       serviceAccountName: promtail | ||||
|       containers: | ||||
|         - name: promtail | ||||
|           image: "grafana/promtail:2.9.7" | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           args: | ||||
|             - "-config.file=/etc/promtail/promtail.yaml" | ||||
|           volumeMounts: | ||||
|             - name: config | ||||
|               mountPath: /etc/promtail | ||||
|             - name: run | ||||
|               mountPath: /run/promtail | ||||
|             - mountPath: /var/lib/docker/containers | ||||
|               name: docker | ||||
|               readOnly: true | ||||
|             - mountPath: /var/log/pods | ||||
|               name: pods | ||||
|               readOnly: true | ||||
|           env: | ||||
|             - name: HOSTNAME | ||||
|               valueFrom: | ||||
|                 fieldRef: | ||||
|                   fieldPath: spec.nodeName | ||||
|           ports: | ||||
|             - containerPort: 3101 | ||||
|               name: http-metrics | ||||
|           securityContext: | ||||
|             readOnlyRootFilesystem: true | ||||
|             runAsGroup: 0 | ||||
|             runAsUser: 0 | ||||
|           readinessProbe: | ||||
|             failureThreshold: 5 | ||||
|             httpGet: | ||||
|               path: /ready | ||||
|               port: http-metrics | ||||
|             initialDelaySeconds: 10 | ||||
|             periodSeconds: 10 | ||||
|             successThreshold: 1 | ||||
|             timeoutSeconds: 1 | ||||
|       tolerations: | ||||
|         - effect: NoSchedule | ||||
|           key: node-role.kubernetes.io/master | ||||
|           operator: Exists | ||||
|       volumes: | ||||
|         - name: config | ||||
|           configMap: | ||||
|             name: promtail | ||||
|         - name: run | ||||
|           hostPath: | ||||
|             path: /run/promtail | ||||
|         - hostPath: | ||||
|             path: /var/lib/docker/containers | ||||
|           name: docker | ||||
|         - hostPath: | ||||
|             path: /var/log/pods | ||||
|           name: pods | ||||
| --- | ||||
							
								
								
									
										170
									
								
								manifests/monitoring/vmagent.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										170
									
								
								manifests/monitoring/vmagent.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,170 @@ | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: vmagent | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: victoria-metrics | ||||
|     app.kubernetes.io/component: agent | ||||
| data: | ||||
|   prometheus.yml: | | ||||
|     global: | ||||
|       scrape_interval: 1m | ||||
|       external_labels: | ||||
|         source: scaleway | ||||
|         agent: vmagent | ||||
|     scrape_configs: | ||||
|     - job_name: 'vmagent' | ||||
|       static_configs: | ||||
|         - targets: ['localhost:8429'] | ||||
|     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||||
|       job_name: kubernetes-nodes | ||||
|       kubernetes_sd_configs: | ||||
|       - role: node | ||||
|       relabel_configs: | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_node_label_(.+) | ||||
|       - replacement: kubernetes.default.svc:443 | ||||
|         target_label: __address__ | ||||
|       - regex: (.+) | ||||
|         replacement: /api/v1/nodes/$1/proxy/metrics | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_node_name | ||||
|         target_label: __metrics_path__ | ||||
|       scheme: https | ||||
|       tls_config: | ||||
|         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||||
|         insecure_skip_verify: true | ||||
|  | ||||
|     - job_name: kubernetes-service-endpoints | ||||
|       kubernetes_sd_configs: | ||||
|       - role: endpoints | ||||
|       relabel_configs: | ||||
|       - action: drop | ||||
|         source_labels: [__meta_kubernetes_pod_container_init] | ||||
|         regex: true | ||||
|       - action: keep | ||||
|         regex: true | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_scrape | ||||
|       - action: replace | ||||
|         regex: (https?) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_scheme | ||||
|         target_label: __scheme__ | ||||
|       - action: replace | ||||
|         regex: (.+) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_path | ||||
|         target_label: __metrics_path__ | ||||
|       - action: replace | ||||
|         regex: ([^:]+)(?::\d+)?;(\d+) | ||||
|         replacement: $1:$2 | ||||
|         source_labels: | ||||
|         - __address__ | ||||
|         - __meta_kubernetes_service_annotation_prometheus_io_port | ||||
|         target_label: __address__ | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_service_label_(.+) | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_namespace | ||||
|         target_label: kubernetes_namespace | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_service_name | ||||
|         target_label: kubernetes_name | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_node_name | ||||
|         target_label: kubernetes_node | ||||
|  | ||||
|     - job_name: kubernetes-pods | ||||
|       kubernetes_sd_configs: | ||||
|       - role: pod | ||||
|       relabel_configs: | ||||
|       - action: drop | ||||
|         source_labels: [__meta_kubernetes_pod_container_init] | ||||
|         regex: true | ||||
|       - action: keep | ||||
|         regex: true | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_scrape | ||||
|       - action: replace | ||||
|         regex: (.+) | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_path | ||||
|         target_label: __metrics_path__ | ||||
|       - action: replace | ||||
|         regex: ([^:]+)(?::\d+)?;(\d+) | ||||
|         replacement: $1:$2 | ||||
|         source_labels: | ||||
|         - __address__ | ||||
|         - __meta_kubernetes_pod_annotation_prometheus_io_port | ||||
|         target_label: __address__ | ||||
|       - action: labelmap | ||||
|         regex: __meta_kubernetes_pod_label_(.+) | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_namespace | ||||
|         target_label: kubernetes_namespace | ||||
|       - action: replace | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_name | ||||
|         target_label: kubernetes_pod_name | ||||
|       - action: drop | ||||
|         regex: Pending|Succeeded|Failed | ||||
|         source_labels: | ||||
|         - __meta_kubernetes_pod_phase | ||||
|  | ||||
|     - job_name: 'node-exporter' | ||||
|       kubernetes_sd_configs: | ||||
|         - role: endpoints | ||||
|       relabel_configs: | ||||
|       - source_labels: [__meta_kubernetes_endpoints_name] | ||||
|         regex: 'prometheus-node-exporter' | ||||
|         action: keep | ||||
| --- | ||||
|  | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: vmagent | ||||
|   namespace: monitoring | ||||
|   labels: | ||||
|     app.kubernetes.io/name: victoria-metrics | ||||
|     app.kubernetes.io/component: agent | ||||
|   annotations: | ||||
|     configmap.reloader.stakater.com/reload: "vmagent" | ||||
| spec: | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: victoria-metrics | ||||
|       app.kubernetes.io/component: agent | ||||
|   replicas: 1 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: victoria-metrics | ||||
|         app.kubernetes.io/component: agent | ||||
|     spec: | ||||
|       serviceAccountName: prometheus-server | ||||
|       containers: | ||||
|         - name: vmagent | ||||
|           image: "victoriametrics/vmagent:v1.100.1" | ||||
|           imagePullPolicy: "IfNotPresent" | ||||
|           args: | ||||
|             - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/ | ||||
|             - -remoteWrite.showURL | ||||
|             - -promscrape.config=/config/prometheus.yml | ||||
|             - -promscrape.suppressDuplicateScrapeTargetErrors | ||||
|           volumeMounts: | ||||
|             - name: config-volume | ||||
|               mountPath: /config | ||||
|       volumes: | ||||
|         - name: config-volume | ||||
|           configMap: | ||||
|             name: vmagent | ||||
| --- | ||||
| @@ -1,61 +0,0 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: nextcloud | ||||
|  | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: nextcloud-values | ||||
|   namespace: nextcloud | ||||
|   annotations: | ||||
|     kube-1password: v32a4zpuvhmxxrwmtmmv6526ry | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: values.yaml | ||||
| type: Opaque | ||||
| --- | ||||
|  | ||||
| apiVersion: helm.fluxcd.io/v1 | ||||
| kind: HelmRelease | ||||
| metadata: | ||||
|   name: nextcloud | ||||
|   namespace: nextcloud | ||||
| spec: | ||||
|   chart: | ||||
|     repository: https://kubernetes-charts.storage.googleapis.com | ||||
|     name: nextcloud | ||||
|     version: 1.10.0 | ||||
|   maxHistory: 5 | ||||
|   valuesFrom: | ||||
|   - secretKeyRef: | ||||
|       name: nextcloud-values | ||||
|       namespace: nextcloud | ||||
|       key: values.yaml | ||||
|       optional: false | ||||
|   values: | ||||
|     image: | ||||
|       tag: 18-apache | ||||
|     ingress: | ||||
|       enabled: true | ||||
|       annotations: | ||||
|         cert-manager.io/cluster-issuer: letsencrypt | ||||
|         traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|         traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|         traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
|       tls: | ||||
|       - hosts: | ||||
|         - nextcloud.cluster.fun | ||||
|         secretName: nextcloud-ingress | ||||
|     nextcloud: | ||||
|       host: nextcloud.cluster.fun | ||||
|     persistence: | ||||
|       enabled: true | ||||
|       storageClass: scw-bssd-retain | ||||
|       size: 5Gi | ||||
|     cronjob: | ||||
|       enabled: true | ||||
|     resources: | ||||
|       requests: | ||||
|         memory: 500Mi | ||||
|  | ||||
							
								
								
									
										416
									
								
								manifests/nextcloud_chart/manifest.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										416
									
								
								manifests/nextcloud_chart/manifest.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,416 @@ | ||||
| --- | ||||
| # Source: nextcloud/charts/redis/templates/secret.yaml | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud-redis | ||||
|   namespace: nextcloud | ||||
|   labels: | ||||
|     app: redis | ||||
|     release: "nextcloud-nextcloud" | ||||
|   annotations: | ||||
|     kube-1password: u54jxidod7tlnpwva37f5hcu5y | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
| # Source: nextcloud/templates/secrets.yaml | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|   annotations: | ||||
|     kube-1password: iaz4xmtr2czpsjl6xirhryzfia | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-parse: "true" | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: nextcloud-s3 | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|   annotations: | ||||
|     kube-1password: 7zanxzbyzfctc5d2yqfq6e5zcy | ||||
|     kube-1password/vault: Kubernetes | ||||
|     kube-1password/secret-text-key: s3.config.php | ||||
| type: Opaque | ||||
|  | ||||
| --- | ||||
| # Source: nextcloud/templates/config.yaml | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud-config | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
| data: | ||||
|   general.config.php: |- | ||||
|     <?php | ||||
|     $CONFIG = array ( | ||||
|         'overwriteprotocol' => 'https' | ||||
|     ); | ||||
|   .htaccess: |- | ||||
|     # line below if for Apache 2.4 | ||||
|     <ifModule mod_authz_core.c> | ||||
|     Require all denied | ||||
|     </ifModule> | ||||
|     # line below if for Apache 2.2 | ||||
|     <ifModule !mod_authz_core.c> | ||||
|     deny from all | ||||
|     </ifModule> | ||||
|     # section for Apache 2.2 and 2.4 | ||||
|     <ifModule mod_autoindex.c> | ||||
|     IndexIgnore * | ||||
|     </ifModule> | ||||
|   redis.config.php: |- | ||||
|     <?php | ||||
|     if (getenv('REDIS_HOST')) { | ||||
|         $CONFIG = array ( | ||||
|           'memcache.distributed' => '\\OC\\Memcache\\Redis', | ||||
|         'memcache.locking' => '\\OC\\Memcache\\Redis', | ||||
|         'redis' => array( | ||||
|           'host' => getenv('REDIS_HOST'), | ||||
|           'port' => getenv('REDIS_HOST_PORT') ?: 6379, | ||||
|           'password' => getenv('REDIS_HOST_PASSWORD'), | ||||
|           'dbindex'  => getenv('REDIS_DB_INDEX') ?: 0, | ||||
|         ), | ||||
|       ); | ||||
|     } | ||||
|   apache-pretty-urls.config.php: |- | ||||
|     <?php | ||||
|     $CONFIG = array ( | ||||
|         'htaccess.RewriteBase' => '/', | ||||
|     ); | ||||
|   apcu.config.php: |- | ||||
|     <?php | ||||
|     $CONFIG = array ( | ||||
|         'memcache.local' => '\\OC\\Memcache\\APCu', | ||||
|     ); | ||||
|   apps.config.php: |- | ||||
|     <?php | ||||
|     $CONFIG = array ( | ||||
|         "apps_paths" => array ( | ||||
|             0 => array ( | ||||
|                     "path"     => OC::$SERVERROOT."/apps", | ||||
|                   "url"      => "/apps", | ||||
|                   "writable" => false, | ||||
|           ), | ||||
|           1 => array ( | ||||
|                     "path"     => OC::$SERVERROOT."/custom_apps", | ||||
|                   "url"      => "/custom_apps", | ||||
|                   "writable" => true, | ||||
|           ), | ||||
|       ), | ||||
|     ); | ||||
|   autoconfig.php: |- | ||||
|     <?php | ||||
|     $autoconfig_enabled = false; | ||||
|     if (getenv('SQLITE_DATABASE')) { | ||||
|           $AUTOCONFIG["dbtype"] = "sqlite"; | ||||
|         $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE'); | ||||
|         $autoconfig_enabled = true; | ||||
|     } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) { | ||||
|           $AUTOCONFIG["dbtype"] = "mysql"; | ||||
|         $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE'); | ||||
|         $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER'); | ||||
|         $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD'); | ||||
|         $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST'); | ||||
|         $autoconfig_enabled = true; | ||||
|     } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) { | ||||
|           $AUTOCONFIG["dbtype"] = "pgsql"; | ||||
|         $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB'); | ||||
|         $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER'); | ||||
|         $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD'); | ||||
|         $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST'); | ||||
|         $autoconfig_enabled = true; | ||||
|     } | ||||
|     if ($autoconfig_enabled) { | ||||
|           $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data"; | ||||
|     } | ||||
|   smtp.config.php: |- | ||||
|     <?php | ||||
|     if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) { | ||||
|         $CONFIG = array ( | ||||
|           'mail_smtpmode' => 'smtp', | ||||
|         'mail_smtphost' => getenv('SMTP_HOST'), | ||||
|         'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25), | ||||
|         'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '', | ||||
|         'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'), | ||||
|         'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN', | ||||
|         'mail_smtpname' => getenv('SMTP_NAME') ?: '', | ||||
|         'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '', | ||||
|         'mail_from_address' => getenv('MAIL_FROM_ADDRESS'), | ||||
|         'mail_domain' => getenv('MAIL_DOMAIN'), | ||||
|       ); | ||||
|     } | ||||
| --- | ||||
|  | ||||
|  | ||||
| # Source: nextcloud/templates/service.yaml | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|     app.kubernetes.io/component: app | ||||
| spec: | ||||
|   type: ClusterIP | ||||
|   ports: | ||||
|   - port: 8080 | ||||
|     targetPort: http | ||||
|     protocol: TCP | ||||
|     name: http | ||||
|   selector: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/component: app | ||||
| --- | ||||
| # Source: nextcloud/templates/deployment.yaml | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|     app.kubernetes.io/component: app | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/name: nextcloud | ||||
|       app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|       app.kubernetes.io/component: app | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: nextcloud | ||||
|         app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|         app.kubernetes.io/component: app | ||||
|         nextcloud-nextcloud-redis-client: "true" | ||||
|     spec: | ||||
|       containers: | ||||
|       - name: nextcloud | ||||
|         image: "nextcloud:28.0.4-apache" | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         env: | ||||
|         - name: SQLITE_DATABASE | ||||
|           value: "nextcloud" | ||||
|         - name: NEXTCLOUD_ADMIN_USER | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: nextcloud-nextcloud | ||||
|               key: nextcloud-username | ||||
|         - name: NEXTCLOUD_ADMIN_PASSWORD | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: nextcloud-nextcloud | ||||
|               key: nextcloud-password | ||||
|         - name: NEXTCLOUD_TRUSTED_DOMAINS | ||||
|           value: nextcloud.cluster.fun | ||||
|         - name: NEXTCLOUD_DATA_DIR | ||||
|           value: "/var/www/html/data" | ||||
|         - name: REDIS_HOST | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: nextcloud-nextcloud-redis | ||||
|               key: redis-host | ||||
|         - name: REDIS_PORT | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: nextcloud-nextcloud-redis | ||||
|               key: redis-port | ||||
|         - name: REDIS_HOST_PASSWORD | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: nextcloud-nextcloud-redis | ||||
|               key: redis-password | ||||
|         - name: REDIS_DB_INDEX | ||||
|           valueFrom: | ||||
|             secretKeyRef: | ||||
|               name: nextcloud-nextcloud-redis | ||||
|               key: redis-db-index | ||||
|         ports: | ||||
|         - name: http | ||||
|           containerPort: 80 | ||||
|           protocol: TCP | ||||
|         livenessProbe: | ||||
|           httpGet: | ||||
|             path: /status.php | ||||
|             port: http | ||||
|             httpHeaders: | ||||
|             - name: Host | ||||
|               value: "nextcloud.cluster.fun" | ||||
|           initialDelaySeconds: 10 | ||||
|           periodSeconds: 10 | ||||
|           timeoutSeconds: 5 | ||||
|           successThreshold: 1 | ||||
|           failureThreshold: 3 | ||||
|         readinessProbe: | ||||
|           httpGet: | ||||
|             path: /status.php | ||||
|             port: http | ||||
|             httpHeaders: | ||||
|             - name: Host | ||||
|               value: "nextcloud.cluster.fun" | ||||
|           initialDelaySeconds: 10 | ||||
|           periodSeconds: 10 | ||||
|           timeoutSeconds: 5 | ||||
|           successThreshold: 1 | ||||
|           failureThreshold: 3 | ||||
|         # Cover case where upgrade is being performed | ||||
|         startupProbe: | ||||
|           httpGet: | ||||
|             path: /status.php | ||||
|             port: http | ||||
|             httpHeaders: | ||||
|             - name: Host | ||||
|               value: "nextcloud.cluster.fun" | ||||
|           failureThreshold: 30 | ||||
|           periodSeconds: 10 | ||||
|         resources: | ||||
|           requests: | ||||
|             memory: 450Mi | ||||
|         volumeMounts: | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/ | ||||
|           subPath: root | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/html | ||||
|           subPath: html | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/html/data | ||||
|           subPath: data | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/html/config | ||||
|           subPath: config | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/html/custom_apps | ||||
|           subPath: custom_apps | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/tmp | ||||
|           subPath: tmp | ||||
|         - name: nextcloud-data | ||||
|           mountPath: /var/www/html/themes | ||||
|           subPath: themes | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/general.config.php | ||||
|           subPath: general.config.php | ||||
|         - name: nextcloud-s3 | ||||
|           mountPath: /var/www/html/config/s3.config.php | ||||
|           subPath: s3.config.php | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/.htaccess | ||||
|           subPath: .htaccess | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/apache-pretty-urls.config.php | ||||
|           subPath: apache-pretty-urls.config.php | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/apcu.config.php | ||||
|           subPath: apcu.config.php | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/apps.config.php | ||||
|           subPath: apps.config.php | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/autoconfig.php | ||||
|           subPath: autoconfig.php | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/redis.config.php | ||||
|           subPath: redis.config.php | ||||
|         - name: nextcloud-config | ||||
|           mountPath: /var/www/html/config/smtp.config.php | ||||
|           subPath: smtp.config.php | ||||
|       volumes: | ||||
|       - name: nextcloud-data | ||||
|         persistentVolumeClaim: | ||||
|           claimName: nextcloud-nextcloud-nextcloud | ||||
|       - name: nextcloud-config | ||||
|         configMap: | ||||
|           name: nextcloud-nextcloud-config | ||||
|       - name: nextcloud-s3 | ||||
|         secret: | ||||
|           secretName: nextcloud-s3 | ||||
|       # Will mount configuration files as www-data (id: 33) for nextcloud | ||||
|       securityContext: | ||||
|         fsGroup: 33 | ||||
| --- | ||||
| # Source: nextcloud/templates/cronjob.yaml | ||||
| apiVersion: batch/v1 | ||||
| kind: CronJob | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud-cron | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|   annotations: | ||||
|     {} | ||||
| spec: | ||||
|   schedule: "*/5 * * * *" | ||||
|   concurrencyPolicy: Forbid | ||||
|   failedJobsHistoryLimit: 5 | ||||
|   successfulJobsHistoryLimit: 2 | ||||
|   jobTemplate: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/name: nextcloud | ||||
|     spec: | ||||
|       template: | ||||
|         metadata: | ||||
|           labels: | ||||
|             app.kubernetes.io/name: nextcloud | ||||
|         spec: | ||||
|           restartPolicy: Never | ||||
|           containers: | ||||
|             - name: nextcloud | ||||
|               image: "nextcloud:28.0.4-apache" | ||||
|               imagePullPolicy: IfNotPresent | ||||
|               command: [ "curl" ] | ||||
|               args: | ||||
|                 - "--fail" | ||||
|                 - "-L" | ||||
|                 - "https://nextcloud.cluster.fun/cron.php" | ||||
|               resources: | ||||
|                 requests: | ||||
|                   memory: 200Mi | ||||
| --- | ||||
| # Source: nextcloud/templates/ingress.yaml | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|     app.kubernetes.io/component: app | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
|     nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||||
| spec: | ||||
|   rules: | ||||
|   - host: nextcloud.cluster.fun | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: Prefix | ||||
|         backend: | ||||
|           service: | ||||
|             name: nextcloud-nextcloud | ||||
|             port: | ||||
|               number: 8080 | ||||
|   tls: | ||||
|     - hosts: | ||||
|       - nextcloud.cluster.fun | ||||
|       secretName: nextcloud-ingress | ||||
							
								
								
									
										18
									
								
								manifests/nextcloud_chart/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								manifests/nextcloud_chart/pvs.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| kind: PersistentVolumeClaim | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: nextcloud-nextcloud-nextcloud | ||||
|   labels: | ||||
|     app.kubernetes.io/name: nextcloud | ||||
|     helm.sh/chart: nextcloud-2.6.3 | ||||
|     app.kubernetes.io/instance: nextcloud-nextcloud | ||||
|     app.kubernetes.io/managed-by: Helm | ||||
|     app.kubernetes.io/component: app | ||||
| spec: | ||||
|   accessModes: | ||||
|     - "ReadWriteOnce" | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: "5Gi" | ||||
|   storageClassName: sbs-default-retain | ||||
| --- | ||||
							
								
								
									
										696
									
								
								manifests/nginx-lb/nginx-lb.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										696
									
								
								manifests/nginx-lb/nginx-lb.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,696 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|   name: ingress-nginx | ||||
| --- | ||||
| apiVersion: v1 | ||||
| automountServiceAccountToken: true | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: Role | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| rules: | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - namespaces | ||||
|   verbs: | ||||
|   - get | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - configmaps | ||||
|   - pods | ||||
|   - secrets | ||||
|   - endpoints | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - services | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - networking.k8s.io | ||||
|   resources: | ||||
|   - ingresses | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - networking.k8s.io | ||||
|   resources: | ||||
|   - ingresses/status | ||||
|   verbs: | ||||
|   - update | ||||
| - apiGroups: | ||||
|   - networking.k8s.io | ||||
|   resources: | ||||
|   - ingressclasses | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resourceNames: | ||||
|   - ingress-nginx-leader | ||||
|   resources: | ||||
|   - configmaps | ||||
|   verbs: | ||||
|   - get | ||||
|   - update | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - configmaps | ||||
|   verbs: | ||||
|   - create | ||||
| - apiGroups: | ||||
|   - coordination.k8s.io | ||||
|   resourceNames: | ||||
|   - ingress-nginx-leader | ||||
|   resources: | ||||
|   - leases | ||||
|   verbs: | ||||
|   - get | ||||
|   - update | ||||
| - apiGroups: | ||||
|   - coordination.k8s.io | ||||
|   resources: | ||||
|   - leases | ||||
|   verbs: | ||||
|   - create | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - events | ||||
|   verbs: | ||||
|   - create | ||||
|   - patch | ||||
| - apiGroups: | ||||
|   - discovery.k8s.io | ||||
|   resources: | ||||
|   - endpointslices | ||||
|   verbs: | ||||
|   - list | ||||
|   - watch | ||||
|   - get | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: Role | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| rules: | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - secrets | ||||
|   verbs: | ||||
|   - get | ||||
|   - create | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
| rules: | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - configmaps | ||||
|   - endpoints | ||||
|   - nodes | ||||
|   - pods | ||||
|   - secrets | ||||
|   - namespaces | ||||
|   verbs: | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - coordination.k8s.io | ||||
|   resources: | ||||
|   - leases | ||||
|   verbs: | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - nodes | ||||
|   verbs: | ||||
|   - get | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - services | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - networking.k8s.io | ||||
|   resources: | ||||
|   - ingresses | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - events | ||||
|   verbs: | ||||
|   - create | ||||
|   - patch | ||||
| - apiGroups: | ||||
|   - networking.k8s.io | ||||
|   resources: | ||||
|   - ingresses/status | ||||
|   verbs: | ||||
|   - update | ||||
| - apiGroups: | ||||
|   - networking.k8s.io | ||||
|   resources: | ||||
|   - ingressclasses | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| - apiGroups: | ||||
|   - discovery.k8s.io | ||||
|   resources: | ||||
|   - endpointslices | ||||
|   verbs: | ||||
|   - list | ||||
|   - watch | ||||
|   - get | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRole | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
| rules: | ||||
| - apiGroups: | ||||
|   - admissionregistration.k8s.io | ||||
|   resources: | ||||
|   - validatingwebhookconfigurations | ||||
|   verbs: | ||||
|   - get | ||||
|   - update | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: RoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: Role | ||||
|   name: ingress-nginx | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: RoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: Role | ||||
|   name: ingress-nginx-admission | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: ingress-nginx | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: ingress-nginx | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: ClusterRoleBinding | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
| roleRef: | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
|   kind: ClusterRole | ||||
|   name: ingress-nginx-admission | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: ingress-nginx-admission | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| apiVersion: v1 | ||||
| data: | ||||
|   allow-snippet-annotations: "true" | ||||
|   use-proxy-protocol: "true" | ||||
|   log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }' | ||||
|   plugins: "redirect_location" | ||||
|   location-snippet: | | ||||
|     set $redirect_location ''; | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller | ||||
|   namespace: ingress-nginx | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/managed-by: Helm | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     k8s.scw.cloud/ingress: nginx | ||||
|     k8s.scw.cloud/object: ConfigMap | ||||
|     k8s.scw.cloud/system: ingress | ||||
|   name: ingress-nginx-plugin-redirect-location | ||||
|   namespace: ingress-nginx | ||||
| data: | ||||
|   main.lua: | | ||||
|     local ngx = ngx | ||||
|     local _M = {} | ||||
|     function _M.header_filter() | ||||
|       ngx.var.redirect_location = ngx.resp.get_headers()["Location"] | ||||
|     end | ||||
|     return _M | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   annotations: | ||||
|     service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "true" | ||||
|     service.beta.kubernetes.io/scw-loadbalancer-use-hostname: "true" | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
|   externalTrafficPolicy: Local | ||||
|   ipFamilies: | ||||
|   - IPv4 | ||||
|   ipFamilyPolicy: SingleStack | ||||
|   ports: | ||||
|   - appProtocol: http | ||||
|     name: http | ||||
|     port: 80 | ||||
|     protocol: TCP | ||||
|     targetPort: http | ||||
|   - appProtocol: https | ||||
|     name: https | ||||
|     port: 443 | ||||
|     protocol: TCP | ||||
|     targetPort: https | ||||
|   selector: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|   type: LoadBalancer | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller-admission | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
|   ports: | ||||
|   - appProtocol: https | ||||
|     name: https-webhook | ||||
|     port: 443 | ||||
|     targetPort: webhook | ||||
|   selector: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|   type: ClusterIP | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-controller | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
|   minReadySeconds: 0 | ||||
|   revisionHistoryLimit: 10 | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app.kubernetes.io/component: controller | ||||
|       app.kubernetes.io/instance: ingress-nginx | ||||
|       app.kubernetes.io/name: ingress-nginx | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/component: controller | ||||
|         app.kubernetes.io/instance: ingress-nginx | ||||
|         app.kubernetes.io/name: ingress-nginx | ||||
|     spec: | ||||
|       containers: | ||||
|       - args: | ||||
|         - /nginx-ingress-controller | ||||
|         - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller | ||||
|         - --election-id=ingress-nginx-leader | ||||
|         - --controller-class=k8s.io/ingress-nginx | ||||
|         - --ingress-class=nginx | ||||
|         - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller | ||||
|         - --validating-webhook=:8443 | ||||
|         - --validating-webhook-certificate=/usr/local/certificates/cert | ||||
|         - --validating-webhook-key=/usr/local/certificates/key | ||||
|         - --annotations-prefix=nginx.ingress.kubernetes.io | ||||
|         - --watch-ingress-without-class | ||||
|         - --enable-metrics | ||||
|         env: | ||||
|         - name: POD_NAME | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               fieldPath: metadata.name | ||||
|         - name: POD_NAMESPACE | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               fieldPath: metadata.namespace | ||||
|         - name: LD_PRELOAD | ||||
|           value: /usr/local/lib/libmimalloc.so | ||||
|         image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         lifecycle: | ||||
|           preStop: | ||||
|             exec: | ||||
|               command: | ||||
|               - /wait-shutdown | ||||
|         livenessProbe: | ||||
|           failureThreshold: 5 | ||||
|           httpGet: | ||||
|             path: /healthz | ||||
|             port: 10254 | ||||
|             scheme: HTTP | ||||
|           initialDelaySeconds: 10 | ||||
|           periodSeconds: 10 | ||||
|           successThreshold: 1 | ||||
|           timeoutSeconds: 1 | ||||
|         name: controller | ||||
|         ports: | ||||
|         - containerPort: 80 | ||||
|           name: http | ||||
|           protocol: TCP | ||||
|         - containerPort: 443 | ||||
|           name: https | ||||
|           protocol: TCP | ||||
|         - containerPort: 8443 | ||||
|           name: webhook | ||||
|           protocol: TCP | ||||
|         readinessProbe: | ||||
|           failureThreshold: 3 | ||||
|           httpGet: | ||||
|             path: /healthz | ||||
|             port: 10254 | ||||
|             scheme: HTTP | ||||
|           initialDelaySeconds: 10 | ||||
|           periodSeconds: 10 | ||||
|           successThreshold: 1 | ||||
|           timeoutSeconds: 1 | ||||
|         resources: | ||||
|           requests: | ||||
|             cpu: 100m | ||||
|             memory: 90Mi | ||||
|         securityContext: | ||||
|           allowPrivilegeEscalation: true | ||||
|           capabilities: | ||||
|             add: | ||||
|             - NET_BIND_SERVICE | ||||
|             drop: | ||||
|             - ALL | ||||
|           runAsUser: 101 | ||||
|         volumeMounts: | ||||
|         - mountPath: /usr/local/certificates/ | ||||
|           name: webhook-cert | ||||
|           readOnly: true | ||||
|         - name: plugins | ||||
|           mountPath: /etc/nginx/lua/plugins/redirect_location | ||||
|       dnsPolicy: ClusterFirst | ||||
|       nodeSelector: | ||||
|         kubernetes.io/os: linux | ||||
|       serviceAccountName: ingress-nginx | ||||
|       terminationGracePeriodSeconds: 300 | ||||
|       volumes: | ||||
|       - name: webhook-cert | ||||
|         secret: | ||||
|           secretName: ingress-nginx-admission | ||||
|       - name: plugins | ||||
|         configMap: | ||||
|           name: ingress-nginx-plugin-redirect-location | ||||
| --- | ||||
| apiVersion: batch/v1 | ||||
| kind: Job | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission-create | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/component: admission-webhook | ||||
|         app.kubernetes.io/instance: ingress-nginx | ||||
|         app.kubernetes.io/name: ingress-nginx | ||||
|         app.kubernetes.io/part-of: ingress-nginx | ||||
|         app.kubernetes.io/version: 1.5.1 | ||||
|       name: ingress-nginx-admission-create | ||||
|     spec: | ||||
|       containers: | ||||
|       - args: | ||||
|         - create | ||||
|         - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc | ||||
|         - --namespace=$(POD_NAMESPACE) | ||||
|         - --secret-name=ingress-nginx-admission | ||||
|         env: | ||||
|         - name: POD_NAMESPACE | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               fieldPath: metadata.namespace | ||||
|         image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         name: create | ||||
|         securityContext: | ||||
|           allowPrivilegeEscalation: false | ||||
|       nodeSelector: | ||||
|         kubernetes.io/os: linux | ||||
|       restartPolicy: OnFailure | ||||
|       securityContext: | ||||
|         fsGroup: 2000 | ||||
|         runAsNonRoot: true | ||||
|         runAsUser: 2000 | ||||
|       serviceAccountName: ingress-nginx-admission | ||||
| --- | ||||
| apiVersion: batch/v1 | ||||
| kind: Job | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission-patch | ||||
|   namespace: ingress-nginx | ||||
| spec: | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app.kubernetes.io/component: admission-webhook | ||||
|         app.kubernetes.io/instance: ingress-nginx | ||||
|         app.kubernetes.io/name: ingress-nginx | ||||
|         app.kubernetes.io/part-of: ingress-nginx | ||||
|         app.kubernetes.io/version: 1.5.1 | ||||
|       name: ingress-nginx-admission-patch | ||||
|     spec: | ||||
|       containers: | ||||
|       - args: | ||||
|         - patch | ||||
|         - --webhook-name=ingress-nginx-admission | ||||
|         - --namespace=$(POD_NAMESPACE) | ||||
|         - --patch-mutating=false | ||||
|         - --secret-name=ingress-nginx-admission | ||||
|         - --patch-failure-policy=Fail | ||||
|         env: | ||||
|         - name: POD_NAMESPACE | ||||
|           valueFrom: | ||||
|             fieldRef: | ||||
|               fieldPath: metadata.namespace | ||||
|         image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         name: patch | ||||
|         securityContext: | ||||
|           allowPrivilegeEscalation: false | ||||
|       nodeSelector: | ||||
|         kubernetes.io/os: linux | ||||
|       restartPolicy: OnFailure | ||||
|       securityContext: | ||||
|         fsGroup: 2000 | ||||
|         runAsNonRoot: true | ||||
|         runAsUser: 2000 | ||||
|       serviceAccountName: ingress-nginx-admission | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: IngressClass | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: controller | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: nginx | ||||
| spec: | ||||
|   controller: k8s.io/ingress-nginx | ||||
| --- | ||||
| apiVersion: admissionregistration.k8s.io/v1 | ||||
| kind: ValidatingWebhookConfiguration | ||||
| metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/component: admission-webhook | ||||
|     app.kubernetes.io/instance: ingress-nginx | ||||
|     app.kubernetes.io/name: ingress-nginx | ||||
|     app.kubernetes.io/part-of: ingress-nginx | ||||
|     app.kubernetes.io/version: 1.5.1 | ||||
|   name: ingress-nginx-admission | ||||
| webhooks: | ||||
| - admissionReviewVersions: | ||||
|   - v1 | ||||
|   clientConfig: | ||||
|     service: | ||||
|       name: ingress-nginx-controller-admission | ||||
|       namespace: ingress-nginx | ||||
|       path: /networking/v1/ingresses | ||||
|   failurePolicy: Fail | ||||
|   matchPolicy: Equivalent | ||||
|   name: validate.nginx.ingress.kubernetes.io | ||||
|   rules: | ||||
|   - apiGroups: | ||||
|     - networking.k8s.io | ||||
|     apiVersions: | ||||
|     - v1 | ||||
|     operations: | ||||
|     - CREATE | ||||
|     - UPDATE | ||||
|     resources: | ||||
|     - ingresses | ||||
|   sideEffects: None | ||||
| @@ -1,9 +1,4 @@ | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: node-red | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: node-red | ||||
| @@ -14,18 +9,6 @@ metadata: | ||||
|     kube-1password/secret-text-key: settings.js | ||||
| type: Opaque | ||||
| --- | ||||
| kind: PersistentVolumeClaim | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: node-red | ||||
|   namespace: node-red | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 5Gi | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
| @@ -47,6 +30,8 @@ metadata: | ||||
|   namespace: node-red | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: Recreate | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: node-red | ||||
| @@ -71,9 +56,21 @@ spec: | ||||
|             subPath: settings.js | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|       - name: update-native-modules | ||||
|         image: nodered/node-red:3.1.8-18 | ||||
|         imagePullPolicy: IfNotPresent | ||||
|         command: | ||||
|           - bash | ||||
|           - -c | ||||
|           - | | ||||
|             cd /data | ||||
|             npm rebuild | ||||
|         volumeMounts: | ||||
|           - name: data | ||||
|             mountPath: /data | ||||
|       containers: | ||||
|       - name: web | ||||
|         image: nodered/node-red:latest-12 | ||||
|         image: nodered/node-red:3.1.8-18 | ||||
|         imagePullPolicy: Always | ||||
|         ports: | ||||
|         - containerPort: 1880 | ||||
| @@ -89,16 +86,14 @@ spec: | ||||
|           persistentVolumeClaim: | ||||
|             claimName: node-red | ||||
| --- | ||||
| apiVersion: extensions/v1beta1 | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: node-red | ||||
|   namespace: node-red | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt | ||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||
|     nginx.ingress.kubernetes.io/force-ssl-redirect: "true" | ||||
| spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
| @@ -109,6 +104,9 @@ spec: | ||||
|     http: | ||||
|       paths: | ||||
|       - path: / | ||||
|         pathType: ImplementationSpecific | ||||
|         backend: | ||||
|           serviceName: node-red | ||||
|           servicePort: 80 | ||||
|           service: | ||||
|             name: node-red | ||||
|             port: | ||||
|               number: 80 | ||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user