AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity

Compare commits

base: AverageMarcus:master
Branches Tags
AverageMarcus:master AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:increase_cluster_max
..
compare: AverageMarcus:dd28c2a87e17a1362329615c475543682caf8838
Branches Tags
AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:master AverageMarcus:increase_cluster_max

1 Commits
master ... dd28c2a87e

Author SHA1 Message Date
Renovate Bot
dd28c2a87e Update rancher/mirrored-library-traefik Docker tag to v3 2025-02-23 03:06:21 +00:00
88 changed files with 2600 additions and 828 deletions
Expand all files Collapse all files

7
manifests/_apps/base64.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: base64
name: cluster-fun (v2)
name: civo
source:
path: manifests/base64
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/blog.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

2
manifests/_apps/cel-tester.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: cel-tester
name: cluster-fun (v2)
name: civo
source:
path: manifests/cel-tester
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

24
manifests/_apps/certmanager_chart.yaml
View File

@@ -1,3 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: cert-manager
name: civo
source:
path: manifests/certmanager-civo
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:

7
manifests/_apps/civo-versions.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: civo-versions
name: cluster-fun (v2)
name: civo
source:
path: manifests/civo-versions
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/cv.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: cv
name: cluster-fun (v2)
name: civo
source:
path: manifests/cv
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/dashboard.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

5
manifests/_apps/devstats-viewer.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

7
manifests/_apps/feed-fetcher.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: feed-fetcher
name: cluster-fun (v2)
name: civo
source:
path: manifests/feed-fetcher
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

35
manifests/_apps/goldilocks.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-goldilocks
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: goldilocks
name: cluster-fun (v2)
source:
repoURL: 'https://charts.fairwinds.com/stable'
targetRevision: 10.1.0
chart: goldilocks
helm:
version: v3
values: |-
vpa:
enabled: true
controller:
flags:
on-by-default: true
dashboard:
flags:
on-by-default: true
replicaCount: 1
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
---

2
manifests/_apps/goplayground.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: goplayground
name: cluster-fun (v2)
name: civo
source:
path: manifests/goplayground
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

4
manifests/_apps/grist.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

2
manifests/_apps/link.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: link
name: cluster-fun (v2)
name: civo
source:
path: manifests/link
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

5
manifests/_apps/marcusnoble.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

4
manifests/_apps/mastodon-digest.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

6
manifests/_apps/yay-or-nay.yaml → manifests/_apps/matrix_chart.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: yay-or-nay
name: cluster-fun-matrix
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: yay-or-nay
namespace: chat
name: cluster-fun (v2)
source:
path: manifests/yay-or-nay
path: manifests/matrix_chart
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:

4
manifests/_apps/mealie.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

9
manifests/_apps/social-to-rolodex.yaml → manifests/_apps/monitoring-civo.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: social-to-rolodex
name: monitoring-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: social-to-rolodex
name: cluster-fun (v2)
namespace: monitoring
name: civo
source:
path: manifests/social-to-rolodex
path: manifests/monitoring-civo
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
@@ -22,4 +22,3 @@ spec:
- kind: Secret
jsonPointers:
- /data

7
manifests/_apps/opengraph-image-gen.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: opengraph
name: cluster-fun (v2)
name: civo
source:
path: manifests/opengraph
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

24
manifests/_apps/proxy-civo.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: proxy-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: proxy-civo
name: civo
source:
path: manifests/proxy-civo
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

7
manifests/_apps/qr.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: qr
name: cluster-fun (v2)
name: civo
source:
path: manifests/qr
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

23
manifests/_apps/reloader.yaml
View File

@@ -21,3 +21,26 @@ spec:
jsonPointers:
- /data
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-reloader-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: kube-system
name: civo
source:
repoURL: 'https://stakater.github.io/stakater-charts'
targetRevision: v0.0.89
chart: reloader
syncPolicy:
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

4
manifests/_apps/rss.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

28
manifests/_apps/social-to-grist.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: social-to-grist
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: social-to-grist
name: civo
source:
path: manifests/social-to-grist
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

6
manifests/_apps/cors-proxy.yaml → manifests/_apps/starling.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cors-proxy
name: cluster-fun-starling
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: cors-proxy
namespace: starling
name: cluster-fun (v2)
source:
path: manifests/cors-proxy
path: manifests/starling
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:

7
manifests/_apps/svg-to-dxf.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: svg-to-dxf
name: cluster-fun (v2)
name: civo
source:
path: manifests/svg-to-dxf
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/talks.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: talks
name: cluster-fun (v2)
name: civo
source:
path: manifests/talks
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/tank.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

7
manifests/_apps/text-to-dxf.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: text-to-dxf
name: cluster-fun (v2)
name: civo
source:
path: manifests/text-to-dxf
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/til.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: til
name: cluster-fun (v2)
name: civo
source:
path: manifests/til
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/priority-classes.yaml → manifests/_apps/traefik.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-priority-classes
name: traefik-civo
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
@@ -9,9 +9,9 @@ spec:
project: cluster.fun
destination:
namespace: kube-system
name: cluster-fun (v2)
name: civo
source:
path: manifests/priority-classes
path: manifests/traefik
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
@@ -22,4 +22,3 @@ spec:
- kind: Secret
jsonPointers:
- /data
---

28
manifests/_apps/tweetsvg.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: tweetsvg
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: tweetsvg
name: civo
source:
path: manifests/tweetsvg
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

29
manifests/_apps/twitter-profile-pic.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-twitter-profile-pic
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: twitter-profile-pic
name: cluster-fun (v2)
source:
path: manifests/twitter-profile-pic
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

9
manifests/_apps/bsky-screenshot.yaml → manifests/_apps/wallabag.yaml
View File

@@ -1,24 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: bsky-screenshot
name: cluster-fun-wallabag
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: bsky-screenshot
namespace: wallabag
name: cluster-fun (v2)
source:
path: manifests/bsky-screenshot
path: manifests/wallabag
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

33
manifests/auth-proxy/auth-ingress.yaml
View File

@@ -23,13 +23,10 @@ spec:
- sonarr.cluster.fun
- lidarr.cluster.fun
- prowlarr.cluster.fun
- mylarr.cluster.fun
- transmission.cluster.fun
- tekton.cluster.fun
- changedetection.cluster.fun
- grafana.cluster.fun
- podgrab.cluster.fun
- stablediffusion.cluster.fun
secretName: auth-proxy-ingress
rules:
- host: downloads.cluster.fun
@@ -202,33 +199,3 @@ spec:
name: tailscale-proxy
port:
name: auth
- host: podgrab.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: mylarr.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: stablediffusion.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth

15
manifests/auth-proxy/non-auth-ingress.yaml
View File

@@ -6,10 +6,6 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-body-size: 25m
nginx.ingress.kubernetes.io/client-body-buffer-size: 25m
spec:
ingressClassName: nginx
tls:
@@ -17,7 +13,6 @@ spec:
- hello-world.cluster.fun
- ombi.cluster.fun
- bsky-feeds.cluster.fun
- ai.cluster.fun
secretName: non-auth-proxy-ingress
rules:
- host: hello-world.cluster.fun
@@ -50,13 +45,3 @@ spec:
name: tailscale-proxy
port:
name: non-auth
- host: ai.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth

7
manifests/auth-proxy/proxy.yaml
View File

@@ -38,7 +38,6 @@ spec:
labels:
app: internal-proxy
spec:
priorityClassName: critical
serviceAccountName: default
dnsPolicy: ClusterFirst
dnsConfig:
@@ -68,7 +67,7 @@ spec:
mountPath: /config/
- name: oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
args:
- --cookie-secure=false
- --provider=oidc
@@ -102,9 +101,9 @@ spec:
protocol: TCP
resources:
limits:
memory: 80Mi
memory: 50Mi
requests:
memory: 80Mi
memory: 50Mi
volumes:
- name: host-mappings
configMap:

6
manifests/base64/base64.yaml
View File

@@ -29,7 +29,6 @@ spec:
spec:
imagePullSecrets:
- name: docker-config
priorityClassName: low
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/base64:latest
@@ -50,10 +49,11 @@ metadata:
namespace: base64
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- base64.cluster.fun

69
manifests/bsky-screenshot/bsky-screenshot.yaml
View File

@@ -1,69 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: bsky-screenshot
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
replicas: 1
selector:
matchLabels:
app: bsky-screenshot
template:
metadata:
labels:
app: bsky-screenshot
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/bsky-screenshot:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
annotations:
cert-manager.io/cluster-issuer: letsencrypt
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- bsky-screenshot.cluster.fun
secretName: bsky-screenshot-ingress
rules:
- host: bsky-screenshot.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: bsky-screenshot
port:
number: 80

5
manifests/cel-tester/cel-tester.yaml
View File

@@ -47,10 +47,11 @@ metadata:
namespace: cel-tester
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- cel-tester.cluster.fun

23
manifests/certmanager-civo/certmanager_chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
certmanager.k8s.io/disable-validation: "true"
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: letsencrypt@marcusnoble.co.uk
privateKeySecretRef:
name: letsencrypt
solvers:
- http01:
ingress:
class: traefik

6
manifests/civo-versions/civo-versions.yaml
View File

@@ -38,7 +38,6 @@ spec:
labels:
app: civo-versions
spec:
priorityClassName: low
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/civo-versions:latest
@@ -67,10 +66,11 @@ metadata:
namespace: civo-versions
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- civo-versions.cluster.fun

76
manifests/cors-proxy/cors-proxy.yaml
View File

@@ -1,76 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8000
name: web
selector:
app: cors-proxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
replicas: 2
selector:
matchLabels:
app: cors-proxy
template:
metadata:
labels:
app: cors-proxy
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/cors-proxy:latest
imagePullPolicy: Always
ports:
- containerPort: 8000
name: web
env:
- name: ALLOWLIST
value: cdn.bsky.app
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cors-proxy
namespace: cors-proxy
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- cors-proxy.cluster.fun
- cors-proxy.marcusnoble.co.uk
secretName: cors-proxy-ingress
rules:
- host: cors-proxy.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80
- host: cors-proxy.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80

5
manifests/cv/cv.yaml
View File

@@ -62,10 +62,11 @@ metadata:
namespace: cv
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- cv.marcusnoble.co.uk

2
manifests/dashboard/dashboard.yaml
View File

@@ -81,7 +81,7 @@ spec:
secretKeyRef:
key: password
name: dashboard-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
name: oauth-proxy
ports:
- containerPort: 8000

5
manifests/feed-fetcher/feed-fetcher.yaml
View File

@@ -42,10 +42,11 @@ metadata:
namespace: feed-fetcher
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- feed-fetcher.cluster.fun

3
manifests/gitea/gitea.yaml
View File

@@ -40,10 +40,9 @@ spec:
labels:
app: git
spec:
priorityClassName: critical
containers:
- name: git
image: gitea/gitea:1.24.6
image: gitea/gitea:1.23.4
env:
- name: APP_NAME
value: "Git"

7
manifests/goplayground/goplayground.yaml
View File

@@ -29,7 +29,7 @@ spec:
spec:
containers:
- name: web
image: x1unix/go-playground:2.5.7
image: x1unix/go-playground:2.5.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
@@ -47,10 +47,11 @@ metadata:
namespace: goplayground
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- go.cluster.fun

3
manifests/grist/grist.yaml
View File

@@ -70,10 +70,9 @@ spec:
app.kubernetes.io/name: grist
spec:
serviceAccountName: grist
priorityClassName: critical
containers:
- name: grist
image: gristlabs/grist-oss:1.7.3
image: gristlabs/grist-oss:1.4.2
imagePullPolicy: IfNotPresent
ports:
- name: http

12
manifests/link/link.yaml
View File

@@ -29,12 +29,6 @@ data:
kcddk24: https://speaking.marcusnoble.co.uk/FU4W7x/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
cndoslo: https://speaking.marcusnoble.co.uk/j5M53P/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
rejekts25: https://speaking.marcusnoble.co.uk/AXARFf/pod-deep-dive-everything-you-didnt-know-you-needed-to-know
kcdbudapest: https://speaking.marcusnoble.co.uk/43QLpx/the-future-of-kubernetes-admission-logic
kcdczechslovak: https://speaking.marcusnoble.co.uk/Np2xUv/pod-deep-dive-the-interesting-bits
cnsmunich: https://speaking.marcusnoble.co.uk/HqYcp2/pod-deep-dive-the-interesting-bits
cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0
containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic
containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK
---
apiVersion: v1
kind: Service
@@ -69,7 +63,6 @@ spec:
labels:
app: link
spec:
priorityClassName: critical
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/link:latest
@@ -92,10 +85,11 @@ metadata:
namespace: link
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- go-get.link

3
manifests/mastodon-digest/mastodon_digest.yaml
View File

@@ -123,7 +123,6 @@ spec:
spec:
imagePullSecrets:
- name: docker-config
priorityClassName: low
containers:
- args:
- --cookie-secure=false
@@ -153,7 +152,7 @@ spec:
secretKeyRef:
key: password
name: mastodon-digest-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
name: oauth-proxy
ports:
- containerPort: 8000

536
manifests/matrix_chart/matrix_chart.yaml Normal file
View File

@@ -0,0 +1,536 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix
namespace: chat
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- matrix.cluster.fun
secretName: matrix-ingress
rules:
- host: matrix.cluster.fun
http:
paths:
- path: /.well-known/matrix
pathType: ImplementationSpecific
backend:
service:
name: well-known
port:
number: 80
- path: /
pathType: ImplementationSpecific
backend:
service:
name: matrix-synapse
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: riot
namespace: chat
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- chat.cluster.fun
secretName: riot-ingress
rules:
- host: chat.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: matrix-riot
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: well-known
namespace: chat
annotations:
configmap.reloader.stakater.com/reload: "well-known"
spec:
replicas: 1
selector:
matchLabels:
app: well-known
template:
metadata:
labels:
app: well-known
spec:
containers:
- name: web
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: web
volumeMounts:
- name: well-known
mountPath: /usr/share/nginx/html/.well-known/matrix
resources:
limits:
memory: 15Mi
requests:
memory: 15Mi
volumes:
- name: well-known
configMap:
name: well-known
---
apiVersion: v1
kind: Service
metadata:
name: well-known
namespace: chat
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
name: web
selector:
app: well-known
---
apiVersion: v1
kind: ConfigMap
metadata:
name: well-known
namespace: chat
data:
server: |-
{
"m.server": "matrix.cluster.fun:443"
}
client: |-
{
"m.homeserver": {
"base_url": "https://matrix.cluster.fun"
},
"org.matrix.msc3575.proxy": {
"url": "https://syncv3.matrix.cluster.fun"
}
}
---
# Source: matrix/templates/riot/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-riot-config
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
data:
config.json: |
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.cluster.fun"
}
},
"brand": "Element",
"branding": {},
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"showLabsSettings": true,
"features": {
"feature_pinning": true,
"feature_custom_status": "labs",
"feature_state_counters": "labs",
"feature_many_integration_managers": "labs",
"feature_mjolnir": "labs",
"feature_dm_verification": "labs",
"feature_bridge_state": "labs",
"feature_presence_in_room_list": true,
"feature_custom_themes": "labs",
"feature_new_spinner": "labs",
"feature_jump_to_date": "labs",
"feature_location_share_pin_drop": "labs",
"feature_location_share_live": "labs",
"feature_thread": true,
"feature_video_rooms": true,
"feature_favourite_messages": "labs"
},
"roomDirectory": {
"servers": []
},
"permalinkPrefix": "https://chat.cluster.fun",
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=2IerXP2a5g1e7hxxBbzs"
}
nginx.conf: |
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/pid/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
default.conf: |
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
---
apiVersion: v1
kind: Secret
metadata:
name: matrix-synapse-config
namespace: chat
annotations:
kube-1password: wbj4oozwyx6m2zz5m42pgcmymy
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: homeserver.yaml
labels:
app.kubernetes.io/name: "matrix"
component: synapse
type: Opaque
---
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-synapse-config
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
data:
matrix.cluster.fun.log.config: |
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: WARNING
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARNING
root:
level: WARNING
handlers: [console]
---
# Source: matrix/templates/riot/service.yaml
apiVersion: v1
kind: Service
metadata:
name: matrix-riot
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: matrix-riot
---
# Source: matrix/templates/synapse/service.yaml
apiVersion: v1
kind: Service
metadata:
name: matrix-synapse
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/_synapse/metrics"
prometheus.io/port: "9000"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
- port: 9000
targetPort: metrics
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: matrix-synapse
---
# Source: matrix/templates/riot/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-riot
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: matrix-riot
template:
metadata:
labels:
app.kubernetes.io/name: matrix-riot
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: "riot"
image: "vectorim/element-web:v1.11.92"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /app/config.json
name: riot-config
subPath: config.json
readOnly: true
- mountPath: /etc/nginx/nginx.conf
name: riot-config
subPath: nginx.conf
readOnly: true
- mountPath: /etc/nginx/conf.d/default.conf
name: riot-config
subPath: default.conf
readOnly: true
- mountPath: /var/cache/nginx
name: ephemeral
subPath: cache
- mountPath: /var/run/pid
name: ephemeral
subPath: pid
readinessProbe:
httpGet:
path: /
port: http
startupProbe:
httpGet:
path: /
port: http
livenessProbe:
httpGet:
path: /
port: http
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumes:
- name: riot-config
configMap:
name: matrix-riot-config
- name: ephemeral
emptyDir: {}
---
# Source: matrix/templates/synapse/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-synapse
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: matrix-synapse
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: matrix-synapse
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
initContainers:
- name: generate-signing-key
image: "ghcr.io/element-hq/synapse:v1.124.0"
imagePullPolicy: IfNotPresent
env:
- name: SYNAPSE_SERVER_NAME
value: matrix.cluster.fun
- name: SYNAPSE_REPORT_STATS
value: "no"
command: ["python"]
args:
- "-m"
- "synapse.app.homeserver"
- "--config-path"
- "/data/homeserver.yaml"
- "--keys-directory"
- "/data/keys"
- "--generate-keys"
volumeMounts:
- name: synapse-config-homeserver
mountPath: /data/homeserver.yaml
subPath: homeserver.yaml
- name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config
- name: signing-key
mountPath: /data/keys
containers:
- name: "synapse"
image: "ghcr.io/element-hq/synapse:v1.124.0"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
- name: metrics
containerPort: 9000
protocol: TCP
volumeMounts:
- name: synapse-config-homeserver
mountPath: /data/homeserver.yaml
subPath: homeserver.yaml
- name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config
- name: signing-key
mountPath: /data/keys
- name: user-media
mountPath: /data/media_store
- name: uploads
mountPath: /data/uploads
- name: tmp
mountPath: /tmp
readinessProbe:
httpGet:
path: /_matrix/static/
port: http
periodSeconds: 10
timeoutSeconds: 5
startupProbe:
httpGet:
path: /_matrix/static/
port: http
failureThreshold: 6
periodSeconds: 5
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /_matrix/static/
port: http
periodSeconds: 10
timeoutSeconds: 5
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumes:
- name: synapse-config-logging
configMap:
name: matrix-synapse-config
- name: synapse-config-homeserver
secret:
secretName: matrix-synapse-config
- name: signing-key
persistentVolumeClaim:
claimName: chat-matrix-signing-key
- name: user-media
persistentVolumeClaim:
claimName: chat-matrix-user-media
- name: uploads
emptyDir: {}
- name: tmp
emptyDir: {}
---

32
manifests/matrix_chart/pvs.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chat-matrix-user-media
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 12Gi
storageClassName: sbs-default-retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chat-matrix-signing-key
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: sbs-default-retain
---

119
manifests/matrix_chart/sliding-sync.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: v1
kind: Secret
metadata:
name: matrix-sliding-sync
namespace: chat
annotations:
kube-1password: 7kvyfcszfaavj2d7uvl4troagm
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: sliding-sync
template:
metadata:
labels:
app.kubernetes.io/name: sliding-sync
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: "sliding-sync"
image: "ghcr.io/matrix-org/sliding-sync:v0.99.19"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
env:
- name: SYNCV3_SERVER
value: https://matrix.cluster.fun
- name: SYNCV3_BINDADDR
value: ":8008"
- name: SYNCV3_PROM
value: ":9090"
- name: SYNCV3_SECRET
valueFrom:
secretKeyRef:
name: matrix-sliding-sync
key: SYNCV3_SECRET
- name: SYNCV3_DB
valueFrom:
secretKeyRef:
name: matrix-sliding-sync
key: SYNCV3_DB
---
apiVersion: v1
kind: Service
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
name: web
- port: 9090
targetPort: metrics
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: sliding-sync
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- syncv3.matrix.cluster.fun
secretName: sliding-sync-ingress
rules:
- host: syncv3.matrix.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: sliding-sync
port:
number: 80
---

14
manifests/mealie/mealie.yaml
View File

@@ -28,10 +28,9 @@ spec:
labels:
app: mealie
spec:
priorityClassName: critical
containers:
- name: frontend
image: ghcr.io/mealie-recipes/mealie:v3.2.1
image: ghcr.io/mealie-recipes/mealie:v2.6.0
imagePullPolicy: Always
envFrom:
- secretRef:
@@ -42,7 +41,7 @@ spec:
- name: PGID
value: "1000"
- name: TOKEN_TIME
value: "720"
value: "168"
- name: DB_ENGINE
value: postgres
- name: POSTGRES_DB
@@ -69,18 +68,12 @@ spec:
volumeMounts:
- mountPath: /app/data
name: data
resources:
requests:
cpu: 200m
memory: 650M
limits:
cpu: 1000m
memory: 650M
volumes:
- name: data
persistentVolumeClaim:
claimName: mealie
---
apiVersion: v1
@@ -98,6 +91,7 @@ spec:
app: mealie
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:

255
manifests/monitoring-civo/kube-state-metrics.yaml Normal file
View File

@@ -0,0 +1,255 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-state-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: kube-state-metrics
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: kube-state-metrics
name: kube-state-metrics
rules:
- apiGroups: ["certificates.k8s.io"]
resources:
- certificatesigningrequests
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- configmaps
verbs: ["list", "watch"]
- apiGroups: ["batch"]
resources:
- cronjobs
verbs: ["list", "watch"]
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
verbs: ["list", "watch"]
- apiGroups: ["extensions", "apps"]
resources:
- deployments
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- endpoints
verbs: ["list", "watch"]
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs: ["list", "watch"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources:
- ingresses
verbs: ["list", "watch"]
- apiGroups: ["batch"]
resources:
- jobs
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- limitranges
verbs: ["list", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources:
- mutatingwebhookconfigurations
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- namespaces
verbs: ["list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- persistentvolumeclaims
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- persistentvolumes
verbs: ["list", "watch"]
- apiGroups: ["policy"]
resources:
- poddisruptionbudgets
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- pods
verbs: ["list", "watch"]
- apiGroups: ["extensions", "apps"]
resources:
- replicasets
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- replicationcontrollers
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- resourcequotas
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- secrets
verbs: ["list", "watch"]
- apiGroups: [""]
resources:
- services
verbs: ["list", "watch"]
- apiGroups: ["apps"]
resources:
- statefulsets
verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources:
- storageclasses
verbs: ["list", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources:
- validatingwebhookconfigurations
verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources:
- volumeattachments
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: kube-state-metrics
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: monitoring
---
apiVersion: v1
kind: Service
metadata:
name: kube-state-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: kube-state-metrics
annotations:
prometheus.io/scrape: 'true'
spec:
type: "ClusterIP"
ports:
- name: "http"
protocol: TCP
port: 8080
targetPort: 8080
selector:
app.kubernetes.io/name: kube-state-metrics
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-state-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: kube-state-metrics
spec:
selector:
matchLabels:
app.kubernetes.io/name: kube-state-metrics
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: kube-state-metrics
spec:
serviceAccountName: kube-state-metrics
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsUser: 65534
containers:
- name: kube-state-metrics
args:
#- --resources=certificatesigningrequests
- --resources=configmaps
- --resources=cronjobs
- --resources=daemonsets
- --resources=deployments
#- --resources=endpoints
#- --resources=horizontalpodautoscalers
- --resources=ingresses
- --resources=jobs
#- --resources=limitranges
- --resources=mutatingwebhookconfigurations
- --resources=namespaces
#- --resources=networkpolicies
- --resources=nodes
- --resources=persistentvolumeclaims
- --resources=persistentvolumes
- --resources=poddisruptionbudgets
- --resources=pods
- --resources=replicasets
#- --resources=replicationcontrollers
#- --resources=resourcequotas
- --resources=secrets
- --resources=services
- --resources=statefulsets
- --resources=storageclasses
- --resources=validatingwebhookconfigurations
#- --resources=volumeattachments
imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
---

64
manifests/monitoring-civo/prometheus-server.yaml Normal file
View File

@@ -0,0 +1,64 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus-server
namespace: monitoring
labels:
app.kubernetes.io/name: prometheus
app.kubernetes.io/component: server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: prometheus
app.kubernetes.io/component: server
name: prometheus-server
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- nodes/metrics
- services
- endpoints
- pods
- ingresses
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- "/metrics"
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: prometheus
app.kubernetes.io/component: server
name: prometheus-server
subjects:
- kind: ServiceAccount
name: prometheus-server
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-server
---

292
manifests/monitoring-civo/promtail.yaml Normal file
View File

@@ -0,0 +1,292 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
---
apiVersion: v1
kind: ConfigMap
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
data:
promtail.yaml: |
client:
backoff_config:
max_period: 5m
max_retries: 10
min_period: 500ms
batchsize: 1048576
batchwait: 1s
external_labels: {}
timeout: 10s
positions:
filename: /run/promtail/positions.yaml
server:
http_listen_port: 3101
clients:
- url: http://loki-distributed.proxy-civo.svc:80/loki/api/v1/push
external_labels:
kubernetes_cluster: civo
target_config:
sync_period: 10s
scrape_configs:
- job_name: kubernetes-pods
pipeline_stages:
- docker: {}
- cri: {}
- match:
selector: '{app="weave-net"}'
action: drop
- match:
selector: '{filename=~".*konnectivity.*"}'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/healthz.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*/api/health.*"'
action: drop
- match:
selector: '{name=~".*"} |~ ".*kube-probe/.*"'
action: drop
- match:
selector: '{app="internal-proxy"}'
action: drop
- match:
selector: '{app="non-auth-proxy"}'
action: drop
- match:
selector: '{app="vpa"}'
action: drop
- match:
selector: '{app="promtail"}'
action: drop
- match:
selector: '{app="csi-node"}'
action: drop
- match:
selector: '{app="victoria-metrics"}'
action: drop
- match:
selector: '{app="git-sync"}'
action: drop
- match:
selector: '{app="ingress-nginx"}'
stages:
- json:
expressions:
request_host: host
request_path: path
request_method: method
response_status: status
- drop:
source: "request_path"
value: "/healthz"
- drop:
source: "request_path"
value: "/health"
- labels:
request_host:
request_method:
response_status:
- match:
selector: '{app="traefik"}'
stages:
- json:
expressions:
request_host: RequestHost
request_path: RequestPath
request_method: RequestMethod
response_status: OriginStatus
- drop:
source: "request_path"
value: "/healthz"
- drop:
source: "request_path"
value: "/health"
- drop:
source: "request_path"
value: "/ping"
- labels:
request_host:
request_method:
response_status:
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels:
- __meta_kubernetes_pod_controller_name
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
action: replace
target_label: __tmp_controller_name
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_name
- __meta_kubernetes_pod_label_app
- __tmp_controller_name
- __meta_kubernetes_pod_name
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: app
- source_labels:
- __meta_kubernetes_pod_label_app_kubernetes_io_component
- __meta_kubernetes_pod_label_component
regex: ^;*([^;]+)(;.*)?$
action: replace
target_label: component
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: node_name
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
replacement: $1
separator: /
source_labels:
- namespace
- app
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- action: replace
replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
- action: replace
replacement: /var/log/pods/*$1/*.log
regex: true/(.*)
separator: /
source_labels:
- __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
- __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
- __meta_kubernetes_pod_container_name
target_label: __path__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrole
labels:
app.kubernetes.io/name: promtail
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "watch", "list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: promtail-clusterrolebinding
labels:
app.kubernetes.io/name: promtail
subjects:
- kind: ServiceAccount
name: promtail
namespace: monitoring
roleRef:
kind: ClusterRole
name: promtail-clusterrole
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: promtail
namespace: monitoring
labels:
app.kubernetes.io/name: promtail
annotations:
configmap.reloader.stakater.com/reload: "promtail"
spec:
selector:
matchLabels:
app.kubernetes.io/name: promtail
template:
metadata:
labels:
app.kubernetes.io/name: promtail
annotations:
prometheus.io/port: http-metrics
prometheus.io/scrape: "true"
spec:
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.9.12"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"
volumeMounts:
- name: config
mountPath: /etc/promtail
- name: run
mountPath: /run/promtail
- mountPath: /var/lib/docker/containers
name: docker
readOnly: true
- mountPath: /var/log/pods
name: pods
readOnly: true
env:
- name: HOSTNAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
ports:
- containerPort: 3101
name: http-metrics
securityContext:
readOnlyRootFilesystem: true
runAsGroup: 0
runAsUser: 0
readinessProbe:
failureThreshold: 5
httpGet:
path: /ready
port: http-metrics
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
volumes:
- name: config
configMap:
name: promtail
- name: run
hostPath:
path: /run/promtail
- hostPath:
path: /var/lib/docker/containers
name: docker
- hostPath:
path: /var/log/pods
name: pods
---

163
manifests/monitoring-civo/vmagent.yaml Normal file
View File

@@ -0,0 +1,163 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: vmagent
namespace: monitoring
labels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
data:
prometheus.yml: |
global:
scrape_interval: 1m
external_labels:
source: civo
agent: vmagent
scrape_configs:
- job_name: 'vmagent'
static_configs:
- targets: ['localhost:8429']
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
job_name: kubernetes-nodes
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- replacement: kubernetes.default.svc:443
target_label: __address__
- regex: (.+)
replacement: /api/v1/nodes/$1/proxy/metrics
source_labels:
- __meta_kubernetes_node_name
target_label: __metrics_path__
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
- job_name: kubernetes-service-endpoints
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_service_annotation_prometheus_io_scrape
- action: replace
regex: (https?)
source_labels:
- __meta_kubernetes_service_annotation_prometheus_io_scheme
target_label: __scheme__
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_service_annotation_prometheus_io_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_service_annotation_prometheus_io_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- action: replace
source_labels:
- __meta_kubernetes_service_name
target_label: kubernetes_name
- action: replace
source_labels:
- __meta_kubernetes_endpoint_port_name
target_label: kubernetes_endpoint_port_name
- action: replace
source_labels:
- __meta_kubernetes_pod_node_name
target_label: kubernetes_node
- job_name: kubernetes-pods
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: keep
regex: true
source_labels:
- __meta_kubernetes_pod_annotation_prometheus_io_scrape
- action: replace
regex: (.+)
source_labels:
- __meta_kubernetes_pod_annotation_prometheus_io_path
target_label: __metrics_path__
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels:
- __address__
- __meta_kubernetes_pod_annotation_prometheus_io_port
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: kubernetes_namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: kubernetes_pod_name
- action: replace
source_labels:
- __meta_kubernetes_pod_container_port_name
target_label: kubernetes_port_name
- action: drop
regex: Pending|Succeeded|Failed
source_labels:
- __meta_kubernetes_pod_phase
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vmagent
namespace: monitoring
labels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
annotations:
configmap.reloader.stakater.com/reload: "vmagent"
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
spec:
serviceAccountName: prometheus-server
containers:
- name: vmagent
image: "victoriametrics/vmagent:v1.112.0"
imagePullPolicy: "IfNotPresent"
args:
- -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/
- -remoteWrite.showURL
- -promscrape.config=/config/prometheus.yml
volumeMounts:
- name: config-volume
mountPath: /config
volumes:
- name: config-volume
configMap:
name: vmagent
---

87
manifests/monitoring/cadvisor.yaml
View File

@@ -1,87 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
namespace: monitoring
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/pod: docker/default
labels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
namespace: monitoring
spec:
selector:
matchLabels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
template:
metadata:
labels:
app: cadvisor
app.kubernetes.io/name: cadvisor
name: cadvisor
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
priorityClassName: system-node-critical
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
automountServiceAccountToken: false
containers:
- image: ghcr.io/google/cadvisor:v0.53.0
name: cadvisor
ports:
- containerPort: 8080
name: http
protocol: TCP
resources:
limits:
cpu: 800m
memory: 2000Mi
requests:
cpu: 400m
memory: 400Mi
volumeMounts:
- mountPath: /rootfs
name: rootfs
readOnly: true
- mountPath: /var/run
name: var-run
readOnly: true
- mountPath: /sys
name: sys
readOnly: true
- mountPath: /var/lib/docker
name: docker
readOnly: true
- mountPath: /dev/disk
name: disk
readOnly: true
serviceAccountName: cadvisor
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /
name: rootfs
- hostPath:
path: /var/run
name: var-run
- hostPath:
path: /sys
name: sys
- hostPath:
path: /var/lib/docker
name: docker
- hostPath:
path: /dev/disk
name: disk

142
manifests/monitoring/ephemeral-storage-exporter.yaml
View File

@@ -1,142 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
name: k8s-ephemeral-storage-metrics
namespace: monitoring
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: k8s-ephemeral-storage-metrics
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
rules:
- apiGroups: [""]
resources: ["nodes","nodes/proxy", "nodes/stats", "pods"]
verbs: ["get","list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: k8s-ephemeral-storage-metrics
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
subjects:
- kind: ServiceAccount
name: k8s-ephemeral-storage-metrics
namespace: monitoring
roleRef:
kind: ClusterRole
name: k8s-ephemeral-storage-metrics
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
name: k8s-ephemeral-storage-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9100"
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
ports:
- name: metrics
port: 9100
protocol: TCP
targetPort: metrics
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-ephemeral-storage-metrics
namespace: monitoring
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
template:
metadata:
labels:
app.kubernetes.io/name: k8s-ephemeral-storage-metrics
spec:
serviceAccountName: k8s-ephemeral-storage-metrics
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: metrics
image: ghcr.io/jmcgrath207/k8s-ephemeral-storage-metrics:1.18.2
imagePullPolicy: IfNotPresent
ports:
- name: metrics
containerPort: 9100
protocol: TCP
livenessProbe:
failureThreshold: 10
httpGet:
path: /metrics
port: 9100
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
readinessProbe:
failureThreshold: 10
httpGet:
path: /metrics
port: 9100
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
env:
- name: DEPLOY_TYPE
value: "Deployment"
- name: SCRAPE_INTERVAL
value: "15"
- name: MAX_NODE_CONCURRENCY
value: "10"
- name: CLIENT_GO_QPS
value: "5"
- name: CLIENT_GO_BURST
value: "10"
- name: LOG_LEVEL
value: "info"
- name: EPHEMERAL_STORAGE_POD_USAGE
value: "true"
- name: EPHEMERAL_STORAGE_NODE_AVAILABLE
value: "true"
- name: EPHEMERAL_STORAGE_NODE_CAPACITY
value: "true"
- name: EPHEMERAL_STORAGE_NODE_PERCENTAGE
value: "true"
- name: EPHEMERAL_STORAGE_CONTAINER_LIMIT_PERCENTAGE
value: "true"
- name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_USAGE
value: "true"
- name: EPHEMERAL_STORAGE_CONTAINER_VOLUME_LIMITS_PERCENTAGE
value: "true"
- name: EPHEMERAL_STORAGE_INODES
value: "true"

3
manifests/monitoring/kube-state-metrics.yaml
View File

@@ -201,7 +201,6 @@ spec:
labels:
app.kubernetes.io/name: kube-state-metrics
spec:
priorityClassName: system-cluster-critical
serviceAccountName: kube-state-metrics
securityContext:
fsGroup: 65534
@@ -238,7 +237,7 @@ spec:
- --resources=validatingwebhookconfigurations
#- --resources=volumeattachments
imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0"
ports:
- containerPort: 8080
livenessProbe:

3
manifests/monitoring/node-exporter.yaml
View File

@@ -51,11 +51,10 @@ spec:
app.kubernetes.io/name: prometheus
app.kubernetes.io/component: node-exporter
spec:
priorityClassName: system-node-critical
serviceAccountName: prometheus-node-exporter
containers:
- name: prometheus-node-exporter
image: "prom/node-exporter:v1.9.1"
image: "prom/node-exporter:v1.9.0"
imagePullPolicy: "IfNotPresent"
args:
- --path.procfs=/host/proc

3
manifests/monitoring/promtail.yaml
View File

@@ -212,11 +212,10 @@ spec:
prometheus.io/port: http-metrics
prometheus.io/scrape: "true"
spec:
priorityClassName: system-node-critical
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.9.15"
image: "grafana/promtail:2.9.12"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"

66
manifests/monitoring/vmagent.yaml
View File

@@ -17,11 +17,6 @@ data:
- job_name: 'vmagent'
static_configs:
- targets: ['localhost:8429']
relabel_configs:
- action: drop
source_labels: [__name__]
regex: "flag"
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
job_name: kubernetes-nodes
kubernetes_sd_configs:
@@ -41,38 +36,6 @@ data:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
- job_name: cadvisor
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- replacement: kubernetes.default.svc:443
target_label: __address__
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
# Drop high cardinality labels
- action: labeldrop
regex: id
# Drop unneeded labels
- action: labeldrop
regex: beta_kubernetes_io_os
- action: labeldrop
regex: beta_kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_os
- action: labeldrop
regex: topology_jiva_openebs_io_nodeName
- job_name: kubernetes-service-endpoints
kubernetes_sd_configs:
- role: endpoints
@@ -115,21 +78,6 @@ data:
source_labels:
- __meta_kubernetes_pod_node_name
target_label: kubernetes_node
# We don't care about the flag metrics from VM
- action: drop
source_labels: [__name__]
regex: "flag"
# Drop unneeded labels
- action: labeldrop
regex: beta_kubernetes_io_os
- action: labeldrop
regex: beta_kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_os
- action: labeldrop
regex: topology_jiva_openebs_io_nodeName
- job_name: kubernetes-pods
kubernetes_sd_configs:
@@ -168,17 +116,6 @@ data:
regex: Pending|Succeeded|Failed
source_labels:
- __meta_kubernetes_pod_phase
# Drop unneeded labels
- action: labeldrop
regex: beta_kubernetes_io_os
- action: labeldrop
regex: beta_kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_arch
- action: labeldrop
regex: kubernetes_io_os
- action: labeldrop
regex: topology_jiva_openebs_io_nodeName
- job_name: 'node-exporter'
kubernetes_sd_configs:
@@ -213,11 +150,10 @@ spec:
app.kubernetes.io/name: victoria-metrics
app.kubernetes.io/component: agent
spec:
priorityClassName: system-cluster-critical
serviceAccountName: prometheus-server
containers:
- name: vmagent
image: "victoriametrics/vmagent:v1.126.0"
image: "victoriametrics/vmagent:v1.112.0"
imagePullPolicy: "IfNotPresent"
args:
- -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

10
manifests/nextcloud_chart/manifest.yaml
View File

@@ -201,10 +201,9 @@ spec:
app.kubernetes.io/component: app
nextcloud-nextcloud-redis-client: "true"
spec:
priorityClassName: critical
containers:
- name: nextcloud
image: "nextcloud:31.0.9-apache"
image: "nextcloud:30.0.6-apache"
imagePullPolicy: IfNotPresent
env:
- name: SQLITE_DATABASE
@@ -283,10 +282,7 @@ spec:
periodSeconds: 10
resources:
requests:
cpu: 1038m
memory: 512M
limits:
cpu: 1200m
memory: 450Mi
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/
@@ -378,7 +374,7 @@ spec:
restartPolicy: Never
containers:
- name: nextcloud
image: "nextcloud:31.0.9-apache"
image: "nextcloud:30.0.6-apache"
imagePullPolicy: IfNotPresent
command: [ "curl" ]
args:

36
manifests/nginx-lb/nginx-lb.yaml
View File

@@ -15,6 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
---
@@ -26,6 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
---
@@ -37,6 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
rules:
@@ -141,6 +144,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
@@ -159,6 +163,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
rules:
- apiGroups:
@@ -240,6 +245,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
rules:
- apiGroups:
@@ -258,6 +264,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
roleRef:
@@ -277,6 +284,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
@@ -295,6 +303,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -313,6 +322,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -325,7 +335,6 @@ subjects:
---
apiVersion: v1
data:
annotations-risk-level: Critical
allow-snippet-annotations: "true"
use-proxy-protocol: "true"
log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "remote_addr_masked": "$remote_addr_masked", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }'
@@ -360,6 +369,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
---
@@ -395,6 +405,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
@@ -427,6 +438,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
@@ -449,6 +461,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
@@ -492,7 +505,7 @@ spec:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.13.2@sha256:1f7eaeb01933e719c8a9f4acd8181e555e582330c7d50f24484fb64d2ba9b2ef
image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -533,7 +546,7 @@ spec:
resources:
requests:
cpu: 100m
memory: 150Mi
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
@@ -702,20 +715,3 @@ webhooks:
resources:
- ingresses
sideEffects: None
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
minAvailable: 1

4
manifests/nodered/nodered.yaml
View File

@@ -57,7 +57,7 @@ spec:
- name: data
mountPath: /data
- name: update-native-modules
image: nodered/node-red:4.1.0-18
image: nodered/node-red:4.0.9-18
imagePullPolicy: IfNotPresent
command:
- bash
@@ -73,7 +73,7 @@ spec:
mountPath: /data
containers:
- name: web
image: nodered/node-red:4.1.0-18
image: nodered/node-red:4.0.9-18
imagePullPolicy: Always
ports:
- containerPort: 1880

5
manifests/opengraph/opengraph.yaml
View File

@@ -47,10 +47,11 @@ metadata:
namespace: opengraph
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- opengraph.cluster.fun

5
manifests/outline/outline.yaml
View File

@@ -43,10 +43,9 @@ spec:
labels:
app.kubernetes.io/name: outline
spec:
priorityClassName: critical
containers:
- name: outline
image: outlinewiki/outline:0.87.4
image: outlinewiki/outline:0.82.0
imagePullPolicy: IfNotPresent
env:
- name: ALLOWED_DOMAINS
@@ -73,7 +72,7 @@ spec:
resources:
requests:
cpu: 8m
memory: 1024Mi
memory: 800Mi
volumeMounts:
- mountPath: /opt/outline/.env
subPath: .env

7
manifests/priority-classes/critical.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: critical
value: 1000
globalDefault: false
preemptionPolicy: PreemptLowerPriority

7
manifests/priority-classes/low.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: low
value: 10
globalDefault: false
preemptionPolicy: Never

7
manifests/priority-classes/normal.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: normal
value: 100
globalDefault: true
preemptionPolicy: PreemptLowerPriority

149
manifests/proxy-civo/non-auth-proxy.yaml Normal file
View File

@@ -0,0 +1,149 @@
apiVersion: v1
kind: Secret
metadata:
name: tailscale-auth
namespace: proxy-civo
annotations:
kube-1password: 2cqycmsgv5r7vcyvjpblcl2l4y
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: ConfigMap
metadata:
name: host-mappings
namespace: proxy-civo
labels:
app: proxy
data:
mapping.json: |
{
"vmcluster.proxy-civo.svc": "vmcluster.cluster.local",
"loki.proxy-civo.svc": "loki-write.cluster.local",
"loki.proxy-civo.svc:80": "loki-write.cluster.local",
"loki-distributed.proxy-civo.svc": "loki-loki.cluster.local",
"loki-distributed.proxy-civo.svc:80": "loki-loki.cluster.local"
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal-proxy
namespace: proxy-civo
labels:
app: internal-proxy
annotations:
configmap.reloader.stakater.com/reload: "host-mappings"
secret.reloader.stakater.com/reload: "tailscale-auth"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: internal-proxy
template:
metadata:
labels:
app: internal-proxy
spec:
serviceAccountName: default
dnsPolicy: ClusterFirst
dnsConfig:
nameservers:
- 100.100.100.100
containers:
- name: proxy
image: rg.fr-par.scw.cloud/averagemarcus/proxy:latest
imagePullPolicy: Always
env:
- name: PROXY_DESTINATION
value: talos.tail4dfb.ts.net
- name: PORT
value: "8080"
- name: TS_AUTH_KEY
valueFrom:
secretKeyRef:
name: tailscale-auth
key: password
- name: TS_HOSTNAME
value: proxy-civo-internal-proxy
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: host-mappings
mountPath: /config/
volumes:
- name: host-mappings
configMap:
name: host-mappings
---
apiVersion: v1
kind: Service
metadata:
name: loki
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: loki-distributed
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: vmcluster
namespace: proxy-civo
labels:
app: internal-proxy
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: internal-proxy
type: ClusterIP
---

5
manifests/qr/qr.yaml
View File

@@ -47,10 +47,11 @@ metadata:
namespace: qr
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- qr.cluster.fun

5
manifests/redis/redis.yaml
View File

@@ -327,10 +327,9 @@ spec:
weight: 1
nodeAffinity:
terminationGracePeriodSeconds: 30
priorityClassName: critical
containers:
- name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
@@ -472,7 +471,7 @@ spec:
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001

4
manifests/rss/miniflux.yaml
View File

@@ -25,8 +25,6 @@ data:
POLLING_FREQUENCY: "15"
BASE_URL: "https://miniflux.cluster.fun/"
METRICS_COLLECTOR: "1"
CLEANUP_ARCHIVE_READ_DAYS: "365"
CLEANUP_ARCHIVE_UNREAD_DAYS: "365"
---
apiVersion: v1
kind: Service
@@ -68,7 +66,7 @@ spec:
spec:
containers:
- name: web
image: ghcr.io/miniflux/miniflux:2.2.13
image: ghcr.io/miniflux/miniflux:2.2.5
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:

53
manifests/social-to-rolodex/social-to-rolodex.yaml → manifests/social-to-grist/social-to-grist.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: social-to-rolodex
namespace: social-to-grist
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
@@ -14,8 +14,8 @@ data:
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex-auth
namespace: social-to-rolodex
name: social-to-grist-auth
namespace: social-to-grist
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
@@ -24,8 +24,8 @@ type: Opaque
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
annotations:
kube-1password: oa3ycnui3ji4lc665bifaao63q
kube-1password/vault: Kubernetes
@@ -35,8 +35,8 @@ type: Opaque
apiVersion: v1
kind: Service
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
spec:
type: ClusterIP
ports:
@@ -44,22 +44,22 @@ spec:
targetPort: auth
name: web
selector:
app: social-to-rolodex
app: social-to-grist
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
spec:
replicas: 1
selector:
matchLabels:
app: social-to-rolodex
app: social-to-grist
template:
metadata:
labels:
app: social-to-rolodex
app: social-to-grist
spec:
imagePullSecrets:
- name: docker-config
@@ -70,7 +70,7 @@ spec:
- --provider-display-name=Auth0
- --upstream=http://localhost:8080
- --http-address=$(HOST_IP):8000
- --redirect-url=https://social-to-rolodex.cluster.fun/oauth2/callback
- --redirect-url=https://social-to-grist.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
@@ -86,13 +86,13 @@ spec:
valueFrom:
secretKeyRef:
key: username
name: social-to-rolodex-auth
name: social-to-grist-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: social-to-rolodex-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
name: social-to-grist-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
name: oauth-proxy
ports:
- containerPort: 8000
@@ -104,14 +104,14 @@ spec:
requests:
memory: 50Mi
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-rolodex:latest
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-grist:latest
imagePullPolicy: Always
env:
- name: PORT
value: "8080"
envFrom:
- secretRef:
name: "social-to-rolodex"
name: "social-to-grist"
ports:
- containerPort: 8080
name: web
@@ -125,26 +125,27 @@ spec:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- social-to-rolodex.cluster.fun
secretName: social-to-rolodex-ingress
- social-to-grist.cluster.fun
secretName: social-to-grist-ingress
rules:
- host: social-to-rolodex.cluster.fun
- host: social-to-grist.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: social-to-rolodex
name: social-to-grist
port:
number: 80

106
manifests/starling/starling.yaml Normal file
View File

@@ -0,0 +1,106 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: starling
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: starling
namespace: starling
annotations:
kube-1password: ufxpki65ffgprn2upksirweeie
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: starling
namespace: starling
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: starling
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: starling
namespace: starling
spec:
replicas: 1
selector:
matchLabels:
app: starling
template:
metadata:
labels:
app: starling
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/starling:latest
imagePullPolicy: Always
env:
- name: PORT
value: "3000"
- name: SHARED_SECRET
valueFrom:
secretKeyRef:
name: starling
key: SHARED_SECRET
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: starling
key: ACCESS_TOKEN
ports:
- containerPort: 3000
name: web
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: starling
namespace: starling
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- starling.marcusnoble.co.uk
secretName: starling-ingress
rules:
- host: starling.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: starling
port:
number: 80

10
manifests/svg-to-dxf/svg-to-dxf.yaml
View File

@@ -27,7 +27,6 @@ spec:
labels:
app: svg-to-dxf
spec:
priorityClassName: low
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/svg-to-dxf:latest
@@ -46,11 +45,14 @@ metadata:
namespace: svg-to-dxf
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/buffering: |
maxrequestbodybytes: 31457280
memrequestbodybytes: 62914560
spec:
ingressClassName: nginx
tls:
- hosts:
- svg-to-dxf.cluster.fun

57
manifests/talks/talks.yaml
View File

@@ -1,3 +1,45 @@
apiVersion: v1
kind: Service
metadata:
name: talks
namespace: talks
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: talks
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talks
namespace: talks
spec:
replicas: 1
selector:
matchLabels:
app: talks
template:
metadata:
labels:
app: talks
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/talks:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -5,13 +47,24 @@ metadata:
namespace: talks
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/permanent-redirect: https://speaking.marcusnoble.co.uk
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- talks.marcusnoble.co.uk
secretName: talks-ingress
rules:
- host: talks.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: talks
port:
number: 80

6
manifests/text-to-dxf/text-to-dxf.yaml
View File

@@ -27,7 +27,6 @@ spec:
labels:
app: text-to-dxf
spec:
priorityClassName: low
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/text-to-dxf:latest
@@ -46,10 +45,11 @@ metadata:
namespace: text-to-dxf
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- text-to-dxf.cluster.fun

69
manifests/til/til.yaml
View File

@@ -1,3 +1,45 @@
apiVersion: v1
kind: Service
metadata:
name: til
namespace: til
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: til
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: til
namespace: til
spec:
replicas: 1
selector:
matchLabels:
app: til
template:
metadata:
labels:
app: til
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/til:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -5,25 +47,24 @@ metadata:
namespace: til
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/server-snippet: |
rewrite ^/dont-reuse-keys/?$ https://marcusnoble.co.uk/2020-10-03-t-i-l-don-t-reuse-api-keys/ permanent;
rewrite ^/favicons/?$ https://marcusnoble.co.uk/2020-11-10-t-i-l-how-to-get-the-favicon-of-any-site/ permanent;
rewrite ^/getopts/?$ https://marcusnoble.co.uk/2021-08-04-t-i-l-cli-flag-handling-in-bash-using-getopts/ permanent;
rewrite ^/go-named-return-values/?$ https://marcusnoble.co.uk/2020-10-05-t-i-l-named-returns-in-go-functions/ permanent;
rewrite ^/golang-append/?$ https://marcusnoble.co.uk/2020-10-30-t-i-l-golang-s-append-mutates-the-provided-array/ permanent;
rewrite ^/golang-split-by-space/?$ https://marcusnoble.co.uk/2020-09-18-t-i-l-split-on-spaces-in-go/ permanent;
rewrite ^/kubectl-replace/?$ https://marcusnoble.co.uk/2020-09-25-t-i-l-kubectl-replace/ permanent;
rewrite ^/kubernetes-label-length/?$ https://marcusnoble.co.uk/2021-04-20-t-i-l-kubernetes-label-length/ permanent;
rewrite ^/tekton-multi-arch-builds/?$ https://marcusnoble.co.uk/2020-09-13-t-i-l-tekton-multi-arch-image-builds/ permanent;
rewrite ^/yaml-key-spaces/?$ https://marcusnoble.co.uk/2021-05-11-t-i-l-yaml-keys-allow-for-spaces-in-them/ permanent;
rewrite ^/yaml-multiline/?$ https://marcusnoble.co.uk/2020-09-17-t-i-l-yaml-multiline-values/ permanent;
rewrite ^/?$ https://marcusnoble.co.uk/ permanent;
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- til.marcusnoble.co.uk
secretName: til-ingress
rules:
- host: til.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: til
port:
number: 80

2
manifests/traefik/traefik.yaml
View File

@@ -45,7 +45,7 @@ spec:
- --entrypoints.websecure.http.tls=true
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
image: rancher/mirrored-library-traefik:2.11.29
image: rancher/mirrored-library-traefik:3.3.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3

92
manifests/tweetsvg/tweetsvg.yaml Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: v1
kind: Secret
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
kube-1password: dmjtjxrcpqtmeddq5x7zikj37i
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
name: web
selector:
app: tweetsvg
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
replicas: 2
selector:
matchLabels:
app: tweetsvg
template:
metadata:
labels:
app: tweetsvg
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/tweetsvg:latest
imagePullPolicy: Always
# env:
# - name: DOTENV_DIR
# value: /config/
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: tweetsvg
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- tweet.cluster.fun
secretName: tweetsvg-ingress
rules:
- host: tweet.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tweetsvg
port:
number: 80

86
manifests/twitter-profile-pic/twitter-profile-pic.yaml Normal file
View File

@@ -0,0 +1,86 @@
apiVersion: v1
kind: Secret
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
annotations:
kube-1password: d2rt56v47q2wij47qgj27umrky
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 9090
name: web
selector:
app: twitter-profile-pic
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
spec:
replicas: 1
selector:
matchLabels:
app: twitter-profile-pic
template:
metadata:
labels:
app: twitter-profile-pic
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/twitter-profile-pic:latest
imagePullPolicy: Always
ports:
- containerPort: 9090
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: twitter-profile-pic
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: twitter-profile-pic-cluster-fun
namespace: twitter-profile-pic
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- twitter-profile-pic.cluster.fun
secretName: twitter-profile-pic-cluster-fun-ingress
rules:
- host: twitter-profile-pic.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: twitter-profile-pic
port:
number: 80

204
manifests/wallabag/wallabag.yaml Normal file
View File

@@ -0,0 +1,204 @@
apiVersion: v1
kind: Secret
metadata:
name: wallabag
namespace: wallabag
annotations:
kube-1password: 4yogl6yx6t4trrkq7o35tiyj6i
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
annotations:
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: wallabag
---
apiVersion: batch/v1
kind: Job
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag-init
spec:
suspend: true
template:
metadata:
labels:
app.kubernetes.io/name: wallabag-init
spec:
restartPolicy: OnFailure
containers:
- name: db-init
image: "wallabag/wallabag:latest"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
command:
- /var/www/wallabag/bin/console
- wallabag:install
- --env=prod
- --no-interaction
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: wallabag
template:
metadata:
labels:
app.kubernetes.io/name: wallabag
spec:
initContainers:
- name: db-migrate
image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent
command:
- /var/www/wallabag/bin/console
- doctrine:migrations:migrate
- --env=prod
- --no-interaction
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
- name: "POPULATE_DATABASE"
value: "false"
containers:
- name: wallabag
image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
- name: "POPULATE_DATABASE"
value: "false"
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
startupProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 30
timeoutSeconds: 1
periodSeconds: 5
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- "wallabag.cluster.fun"
secretName: "wallabag-ingress"
rules:
- host: "wallabag.cluster.fun"
http:
paths:
- path: "/"
pathType: ImplementationSpecific
backend:
service:
name: wallabag
port:
number: 80

95
manifests/yay-or-nay/yay-or-nay.yaml
View File

@@ -1,95 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: yay-or-nay
namespace: yay-or-nay
annotations:
kube-1password: vtnx2swze7r6qepxnlepufvcbi
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: yay-or-nay
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
annotations:
reloader.stakater.com/search: "true"
spec:
replicas: 1
selector:
matchLabels:
app: yay-or-nay
template:
metadata:
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
spec:
containers:
- name: yay-or-nay
image: ghcr.io/mocdaniel/yay-or-nay:1.1.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: web
envFrom:
- secretRef:
name: yay-or-nay
livenessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
readinessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: yay-or-nay
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: yay-or-nay
namespace: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- "yay-or-nay.cluster.fun"
secretName: "yay-or-nay-ingress"
rules:
- host: "yay-or-nay.cluster.fun"
http:
paths:
- path: "/"
pathType: ImplementationSpecific
backend:
service:
name: yay-or-nay
port:
name: web