AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity

Compare commits

base: AverageMarcus:master
Branches Tags
AverageMarcus:master AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:increase_cluster_max
..
compare: AverageMarcus:dd28c2a87e17a1362329615c475543682caf8838
Branches Tags
AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:master AverageMarcus:increase_cluster_max

1 Commits
master ... dd28c2a87e

Author SHA1 Message Date
Renovate Bot
dd28c2a87e Update rancher/mirrored-library-traefik Docker tag to v3 2025-02-23 03:06:21 +00:00
74 changed files with 1552 additions and 445 deletions
Expand all files Collapse all files

7
manifests/_apps/base64.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: base64
name: cluster-fun (v2)
name: civo
source:
path: manifests/base64
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/blog.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

2
manifests/_apps/cel-tester.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: cel-tester
name: cluster-fun (v2)
name: civo
source:
path: manifests/cel-tester
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

7
manifests/_apps/civo-versions.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: civo-versions
name: cluster-fun (v2)
name: civo
source:
path: manifests/civo-versions
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/cv.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: cv
name: cluster-fun (v2)
name: civo
source:
path: manifests/cv
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/dashboard.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

5
manifests/_apps/devstats-viewer.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

7
manifests/_apps/feed-fetcher.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: feed-fetcher
name: cluster-fun (v2)
name: civo
source:
path: manifests/feed-fetcher
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

2
manifests/_apps/goplayground.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: goplayground
name: cluster-fun (v2)
name: civo
source:
path: manifests/goplayground
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

4
manifests/_apps/grist.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

2
manifests/_apps/link.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: link
name: cluster-fun (v2)
name: civo
source:
path: manifests/link
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"

5
manifests/_apps/marcusnoble.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

4
manifests/_apps/mastodon-digest.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

6
manifests/_apps/yay-or-nay.yaml → manifests/_apps/matrix_chart.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: yay-or-nay
name: cluster-fun-matrix
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: yay-or-nay
namespace: chat
name: cluster-fun (v2)
source:
path: manifests/yay-or-nay
path: manifests/matrix_chart
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:

4
manifests/_apps/mealie.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

7
manifests/_apps/opengraph-image-gen.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: opengraph
name: cluster-fun (v2)
name: civo
source:
path: manifests/opengraph
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/qr.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: qr
name: cluster-fun (v2)
name: civo
source:
path: manifests/qr
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

4
manifests/_apps/rss.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

28
manifests/_apps/social-to-grist.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: social-to-grist
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: social-to-grist
name: civo
source:
path: manifests/social-to-grist
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

6
manifests/_apps/cors-proxy.yaml → manifests/_apps/starling.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cors-proxy
name: cluster-fun-starling
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: cors-proxy
namespace: starling
name: cluster-fun (v2)
source:
path: manifests/cors-proxy
path: manifests/starling
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:

7
manifests/_apps/svg-to-dxf.yaml
View File

@@ -11,7 +11,7 @@ spec:
namespace: svg-to-dxf
name: civo
source:
name: cluster-fun (v2)
path: manifests/svg-to-dxf
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/talks.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: talks
name: cluster-fun (v2)
name: civo
source:
path: manifests/talks
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/tank.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

7
manifests/_apps/text-to-dxf.yaml
View File

@@ -11,7 +11,7 @@ spec:
namespace: text-to-dxf
name: civo
source:
name: cluster-fun (v2)
path: manifests/text-to-dxf
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

7
manifests/_apps/til.yaml
View File

@@ -9,7 +9,7 @@ spec:
project: cluster.fun
destination:
namespace: til
name: cluster-fun (v2)
name: civo
source:
path: manifests/til
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

13
manifests/_apps/social-to-rolodex.yaml → manifests/_apps/tweetsvg.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: social-to-rolodex
name: tweetsvg
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: social-to-rolodex
name: cluster-fun (v2)
namespace: tweetsvg
name: civo
source:
path: manifests/social-to-rolodex
path: manifests/tweetsvg
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
@@ -22,4 +22,7 @@ spec:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

29
manifests/_apps/twitter-profile-pic.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cluster-fun-twitter-profile-pic
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: twitter-profile-pic
name: cluster-fun (v2)
source:
path: manifests/twitter-profile-pic
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
---

9
manifests/_apps/bsky-screenshot.yaml → manifests/_apps/wallabag.yaml
View File

@@ -1,24 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: bsky-screenshot
name: cluster-fun-wallabag
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: bsky-screenshot
namespace: wallabag
name: cluster-fun (v2)
source:
path: manifests/bsky-screenshot
path: manifests/wallabag
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

33
manifests/auth-proxy/auth-ingress.yaml
View File

@@ -23,13 +23,10 @@ spec:
- sonarr.cluster.fun
- lidarr.cluster.fun
- prowlarr.cluster.fun
- mylarr.cluster.fun
- transmission.cluster.fun
- tekton.cluster.fun
- changedetection.cluster.fun
- grafana.cluster.fun
- podgrab.cluster.fun
- stablediffusion.cluster.fun
secretName: auth-proxy-ingress
rules:
- host: downloads.cluster.fun
@@ -202,33 +199,3 @@ spec:
name: tailscale-proxy
port:
name: auth
- host: podgrab.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: mylarr.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: stablediffusion.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth

15
manifests/auth-proxy/non-auth-ingress.yaml
View File

@@ -6,10 +6,6 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-body-size: 25m
nginx.ingress.kubernetes.io/client-body-buffer-size: 25m
spec:
ingressClassName: nginx
tls:
@@ -17,7 +13,6 @@ spec:
- hello-world.cluster.fun
- ombi.cluster.fun
- bsky-feeds.cluster.fun
- ai.cluster.fun
secretName: non-auth-proxy-ingress
rules:
- host: hello-world.cluster.fun
@@ -50,13 +45,3 @@ spec:
name: tailscale-proxy
port:
name: non-auth
- host: ai.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth

2
manifests/auth-proxy/proxy.yaml
View File

@@ -67,7 +67,7 @@ spec:
mountPath: /config/
- name: oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
args:
- --cookie-secure=false
- --provider=oidc

5
manifests/base64/base64.yaml
View File

@@ -49,10 +49,11 @@ metadata:
namespace: base64
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- base64.cluster.fun

69
manifests/bsky-screenshot/bsky-screenshot.yaml
View File

@@ -1,69 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: bsky-screenshot
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
replicas: 1
selector:
matchLabels:
app: bsky-screenshot
template:
metadata:
labels:
app: bsky-screenshot
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/bsky-screenshot:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
annotations:
cert-manager.io/cluster-issuer: letsencrypt
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- bsky-screenshot.cluster.fun
secretName: bsky-screenshot-ingress
rules:
- host: bsky-screenshot.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: bsky-screenshot
port:
number: 80

5
manifests/cel-tester/cel-tester.yaml
View File

@@ -47,10 +47,11 @@ metadata:
namespace: cel-tester
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- cel-tester.cluster.fun

5
manifests/civo-versions/civo-versions.yaml
View File

@@ -66,10 +66,11 @@ metadata:
namespace: civo-versions
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- civo-versions.cluster.fun

76
manifests/cors-proxy/cors-proxy.yaml
View File

@@ -1,76 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8000
name: web
selector:
app: cors-proxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
replicas: 2
selector:
matchLabels:
app: cors-proxy
template:
metadata:
labels:
app: cors-proxy
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/cors-proxy:latest
imagePullPolicy: Always
ports:
- containerPort: 8000
name: web
env:
- name: ALLOWLIST
value: cdn.bsky.app
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cors-proxy
namespace: cors-proxy
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- cors-proxy.cluster.fun
- cors-proxy.marcusnoble.co.uk
secretName: cors-proxy-ingress
rules:
- host: cors-proxy.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80
- host: cors-proxy.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80

5
manifests/cv/cv.yaml
View File

@@ -62,10 +62,11 @@ metadata:
namespace: cv
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- cv.marcusnoble.co.uk

2
manifests/dashboard/dashboard.yaml
View File

@@ -81,7 +81,7 @@ spec:
secretKeyRef:
key: password
name: dashboard-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
name: oauth-proxy
ports:
- containerPort: 8000

5
manifests/feed-fetcher/feed-fetcher.yaml
View File

@@ -42,10 +42,11 @@ metadata:
namespace: feed-fetcher
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- feed-fetcher.cluster.fun

2
manifests/gitea/gitea.yaml
View File

@@ -42,7 +42,7 @@ spec:
spec:
containers:
- name: git
image: gitea/gitea:1.24.5
image: gitea/gitea:1.23.4
env:
- name: APP_NAME
value: "Git"

7
manifests/goplayground/goplayground.yaml
View File

@@ -29,7 +29,7 @@ spec:
spec:
containers:
- name: web
image: x1unix/go-playground:2.5.7
image: x1unix/go-playground:2.5.3
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000
@@ -47,10 +47,11 @@ metadata:
namespace: goplayground
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- go.cluster.fun

2
manifests/grist/grist.yaml
View File

@@ -72,7 +72,7 @@ spec:
serviceAccountName: grist
containers:
- name: grist
image: gristlabs/grist-oss:1.7.3
image: gristlabs/grist-oss:1.4.2
imagePullPolicy: IfNotPresent
ports:
- name: http

11
manifests/link/link.yaml
View File

@@ -29,12 +29,6 @@ data:
kcddk24: https://speaking.marcusnoble.co.uk/FU4W7x/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
cndoslo: https://speaking.marcusnoble.co.uk/j5M53P/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
rejekts25: https://speaking.marcusnoble.co.uk/AXARFf/pod-deep-dive-everything-you-didnt-know-you-needed-to-know
kcdbudapest: https://speaking.marcusnoble.co.uk/43QLpx/the-future-of-kubernetes-admission-logic
kcdczechslovak: https://speaking.marcusnoble.co.uk/Np2xUv/pod-deep-dive-the-interesting-bits
cnsmunich: https://speaking.marcusnoble.co.uk/HqYcp2/pod-deep-dive-the-interesting-bits
cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0
containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic
containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK
---
apiVersion: v1
kind: Service
@@ -91,10 +85,11 @@ metadata:
namespace: link
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- go-get.link

2
manifests/mastodon-digest/mastodon_digest.yaml
View File

@@ -152,7 +152,7 @@ spec:
secretKeyRef:
key: password
name: mastodon-digest-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
name: oauth-proxy
ports:
- containerPort: 8000

536
manifests/matrix_chart/matrix_chart.yaml Normal file
View File

@@ -0,0 +1,536 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix
namespace: chat
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- matrix.cluster.fun
secretName: matrix-ingress
rules:
- host: matrix.cluster.fun
http:
paths:
- path: /.well-known/matrix
pathType: ImplementationSpecific
backend:
service:
name: well-known
port:
number: 80
- path: /
pathType: ImplementationSpecific
backend:
service:
name: matrix-synapse
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: riot
namespace: chat
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- chat.cluster.fun
secretName: riot-ingress
rules:
- host: chat.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: matrix-riot
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: well-known
namespace: chat
annotations:
configmap.reloader.stakater.com/reload: "well-known"
spec:
replicas: 1
selector:
matchLabels:
app: well-known
template:
metadata:
labels:
app: well-known
spec:
containers:
- name: web
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
name: web
volumeMounts:
- name: well-known
mountPath: /usr/share/nginx/html/.well-known/matrix
resources:
limits:
memory: 15Mi
requests:
memory: 15Mi
volumes:
- name: well-known
configMap:
name: well-known
---
apiVersion: v1
kind: Service
metadata:
name: well-known
namespace: chat
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
name: web
selector:
app: well-known
---
apiVersion: v1
kind: ConfigMap
metadata:
name: well-known
namespace: chat
data:
server: |-
{
"m.server": "matrix.cluster.fun:443"
}
client: |-
{
"m.homeserver": {
"base_url": "https://matrix.cluster.fun"
},
"org.matrix.msc3575.proxy": {
"url": "https://syncv3.matrix.cluster.fun"
}
}
---
# Source: matrix/templates/riot/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-riot-config
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
data:
config.json: |
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.cluster.fun"
}
},
"brand": "Element",
"branding": {},
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"showLabsSettings": true,
"features": {
"feature_pinning": true,
"feature_custom_status": "labs",
"feature_state_counters": "labs",
"feature_many_integration_managers": "labs",
"feature_mjolnir": "labs",
"feature_dm_verification": "labs",
"feature_bridge_state": "labs",
"feature_presence_in_room_list": true,
"feature_custom_themes": "labs",
"feature_new_spinner": "labs",
"feature_jump_to_date": "labs",
"feature_location_share_pin_drop": "labs",
"feature_location_share_live": "labs",
"feature_thread": true,
"feature_video_rooms": true,
"feature_favourite_messages": "labs"
},
"roomDirectory": {
"servers": []
},
"permalinkPrefix": "https://chat.cluster.fun",
"enable_presence_by_hs_url": {
"https://matrix.org": false,
"https://matrix-client.matrix.org": false
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=2IerXP2a5g1e7hxxBbzs"
}
nginx.conf: |
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/pid/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
default.conf: |
server {
listen 8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
---
apiVersion: v1
kind: Secret
metadata:
name: matrix-synapse-config
namespace: chat
annotations:
kube-1password: wbj4oozwyx6m2zz5m42pgcmymy
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: homeserver.yaml
labels:
app.kubernetes.io/name: "matrix"
component: synapse
type: Opaque
---
apiVersion: v1
kind: ConfigMap
metadata:
name: matrix-synapse-config
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
data:
matrix.cluster.fun.log.config: |
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: WARNING
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARNING
root:
level: WARNING
handlers: [console]
---
# Source: matrix/templates/riot/service.yaml
apiVersion: v1
kind: Service
metadata:
name: matrix-riot
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: matrix-riot
---
# Source: matrix/templates/synapse/service.yaml
apiVersion: v1
kind: Service
metadata:
name: matrix-synapse
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/_synapse/metrics"
prometheus.io/port: "9000"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
- port: 9000
targetPort: metrics
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: matrix-synapse
---
# Source: matrix/templates/riot/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-riot
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: element
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: matrix-riot
template:
metadata:
labels:
app.kubernetes.io/name: matrix-riot
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: "riot"
image: "vectorim/element-web:v1.11.92"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /app/config.json
name: riot-config
subPath: config.json
readOnly: true
- mountPath: /etc/nginx/nginx.conf
name: riot-config
subPath: nginx.conf
readOnly: true
- mountPath: /etc/nginx/conf.d/default.conf
name: riot-config
subPath: default.conf
readOnly: true
- mountPath: /var/cache/nginx
name: ephemeral
subPath: cache
- mountPath: /var/run/pid
name: ephemeral
subPath: pid
readinessProbe:
httpGet:
path: /
port: http
startupProbe:
httpGet:
path: /
port: http
livenessProbe:
httpGet:
path: /
port: http
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumes:
- name: riot-config
configMap:
name: matrix-riot-config
- name: ephemeral
emptyDir: {}
---
# Source: matrix/templates/synapse/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: matrix-synapse
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: matrix-synapse
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: matrix-synapse
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
initContainers:
- name: generate-signing-key
image: "ghcr.io/element-hq/synapse:v1.124.0"
imagePullPolicy: IfNotPresent
env:
- name: SYNAPSE_SERVER_NAME
value: matrix.cluster.fun
- name: SYNAPSE_REPORT_STATS
value: "no"
command: ["python"]
args:
- "-m"
- "synapse.app.homeserver"
- "--config-path"
- "/data/homeserver.yaml"
- "--keys-directory"
- "/data/keys"
- "--generate-keys"
volumeMounts:
- name: synapse-config-homeserver
mountPath: /data/homeserver.yaml
subPath: homeserver.yaml
- name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config
- name: signing-key
mountPath: /data/keys
containers:
- name: "synapse"
image: "ghcr.io/element-hq/synapse:v1.124.0"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
- name: metrics
containerPort: 9000
protocol: TCP
volumeMounts:
- name: synapse-config-homeserver
mountPath: /data/homeserver.yaml
subPath: homeserver.yaml
- name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config
- name: signing-key
mountPath: /data/keys
- name: user-media
mountPath: /data/media_store
- name: uploads
mountPath: /data/uploads
- name: tmp
mountPath: /tmp
readinessProbe:
httpGet:
path: /_matrix/static/
port: http
periodSeconds: 10
timeoutSeconds: 5
startupProbe:
httpGet:
path: /_matrix/static/
port: http
failureThreshold: 6
periodSeconds: 5
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /_matrix/static/
port: http
periodSeconds: 10
timeoutSeconds: 5
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumes:
- name: synapse-config-logging
configMap:
name: matrix-synapse-config
- name: synapse-config-homeserver
secret:
secretName: matrix-synapse-config
- name: signing-key
persistentVolumeClaim:
claimName: chat-matrix-signing-key
- name: user-media
persistentVolumeClaim:
claimName: chat-matrix-user-media
- name: uploads
emptyDir: {}
- name: tmp
emptyDir: {}
---

32
manifests/matrix_chart/pvs.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chat-matrix-user-media
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 12Gi
storageClassName: sbs-default-retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chat-matrix-signing-key
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: synapse
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: sbs-default-retain
---

119
manifests/matrix_chart/sliding-sync.yaml Normal file
View File

@@ -0,0 +1,119 @@
apiVersion: v1
kind: Secret
metadata:
name: matrix-sliding-sync
namespace: chat
annotations:
kube-1password: 7kvyfcszfaavj2d7uvl4troagm
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: sliding-sync
template:
metadata:
labels:
app.kubernetes.io/name: sliding-sync
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: "sliding-sync"
image: "ghcr.io/matrix-org/sliding-sync:v0.99.19"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8008
protocol: TCP
- name: metrics
containerPort: 9090
protocol: TCP
env:
- name: SYNCV3_SERVER
value: https://matrix.cluster.fun
- name: SYNCV3_BINDADDR
value: ":8008"
- name: SYNCV3_PROM
value: ":9090"
- name: SYNCV3_SECRET
valueFrom:
secretKeyRef:
name: matrix-sliding-sync
key: SYNCV3_SECRET
- name: SYNCV3_DB
valueFrom:
secretKeyRef:
name: matrix-sliding-sync
key: SYNCV3_DB
---
apiVersion: v1
kind: Service
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9090"
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
name: web
- port: 9090
targetPort: metrics
protocol: TCP
name: metrics
selector:
app.kubernetes.io/name: sliding-sync
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sliding-sync
namespace: chat
labels:
app.kubernetes.io/name: "matrix"
component: sliding-sync
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx
tls:
- hosts:
- syncv3.matrix.cluster.fun
secretName: sliding-sync-ingress
rules:
- host: syncv3.matrix.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: sliding-sync
port:
number: 80
---

4
manifests/mealie/mealie.yaml
View File

@@ -30,7 +30,7 @@ spec:
spec:
containers:
- name: frontend
image: ghcr.io/mealie-recipes/mealie:v3.1.2
image: ghcr.io/mealie-recipes/mealie:v2.6.0
imagePullPolicy: Always
envFrom:
- secretRef:
@@ -41,7 +41,7 @@ spec:
- name: PGID
value: "1000"
- name: TOKEN_TIME
value: "720"
value: "168"
- name: DB_ENGINE
value: postgres
- name: POSTGRES_DB

2
manifests/monitoring-civo/kube-state-metrics.yaml
View File

@@ -237,7 +237,7 @@ spec:
- --resources=validatingwebhookconfigurations
#- --resources=volumeattachments
imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0"
ports:
- containerPort: 8080
livenessProbe:

2
manifests/monitoring-civo/promtail.yaml
View File

@@ -236,7 +236,7 @@ spec:
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.9.15"
image: "grafana/promtail:2.9.12"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"

2
manifests/monitoring-civo/vmagent.yaml
View File

@@ -147,7 +147,7 @@ spec:
serviceAccountName: prometheus-server
containers:
- name: vmagent
image: "victoriametrics/vmagent:v1.125.1"
image: "victoriametrics/vmagent:v1.112.0"
imagePullPolicy: "IfNotPresent"
args:
- -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/

2
manifests/monitoring/kube-state-metrics.yaml
View File

@@ -237,7 +237,7 @@ spec:
- --resources=validatingwebhookconfigurations
#- --resources=volumeattachments
imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0"
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0"
ports:
- containerPort: 8080
livenessProbe:

2
manifests/monitoring/node-exporter.yaml
View File

@@ -54,7 +54,7 @@ spec:
serviceAccountName: prometheus-node-exporter
containers:
- name: prometheus-node-exporter
image: "prom/node-exporter:v1.9.1"
image: "prom/node-exporter:v1.9.0"
imagePullPolicy: "IfNotPresent"
args:
- --path.procfs=/host/proc

2
manifests/monitoring/promtail.yaml
View File

@@ -215,7 +215,7 @@ spec:
serviceAccountName: promtail
containers:
- name: promtail
image: "grafana/promtail:2.9.15"
image: "grafana/promtail:2.9.12"
imagePullPolicy: IfNotPresent
args:
- "-config.file=/etc/promtail/promtail.yaml"

2
manifests/monitoring/vmagent.yaml
View File

@@ -153,7 +153,7 @@ spec:
serviceAccountName: prometheus-server
containers:
- name: vmagent
image: "victoriametrics/vmagent:v1.125.1"
image: "victoriametrics/vmagent:v1.112.0"
imagePullPolicy: "IfNotPresent"
args:
- -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

4
manifests/nextcloud_chart/manifest.yaml
View File

@@ -203,7 +203,7 @@ spec:
spec:
containers:
- name: nextcloud
image: "nextcloud:31.0.8-apache"
image: "nextcloud:30.0.6-apache"
imagePullPolicy: IfNotPresent
env:
- name: SQLITE_DATABASE
@@ -374,7 +374,7 @@ spec:
restartPolicy: Never
containers:
- name: nextcloud
image: "nextcloud:31.0.8-apache"
image: "nextcloud:30.0.6-apache"
imagePullPolicy: IfNotPresent
command: [ "curl" ]
args:

34
manifests/nginx-lb/nginx-lb.yaml
View File

@@ -15,6 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
---
@@ -26,6 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
---
@@ -37,6 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
rules:
@@ -141,6 +144,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
@@ -159,6 +163,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
rules:
- apiGroups:
@@ -240,6 +245,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
rules:
- apiGroups:
@@ -258,6 +264,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
roleRef:
@@ -277,6 +284,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
@@ -295,6 +303,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -313,6 +322,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -325,7 +335,6 @@ subjects:
---
apiVersion: v1
data:
annotations-risk-level: Critical
allow-snippet-annotations: "true"
use-proxy-protocol: "true"
log-format-upstream: '{"time": "$time_iso8601", "request_id": "$req_id", "remote_user": "$remote_user", "remote_addr_masked": "$remote_addr_masked", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent", "redirect_location": "$redirect_location" }'
@@ -360,6 +369,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
---
@@ -395,6 +405,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
@@ -427,6 +438,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
@@ -449,6 +461,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
@@ -492,7 +505,7 @@ spec:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.13.2@sha256:1f7eaeb01933e719c8a9f4acd8181e555e582330c7d50f24484fb64d2ba9b2ef
image: registry.k8s.io/ingress-nginx/controller:v1.12.0@sha256:e6b8de175acda6ca913891f0f727bca4527e797d52688cbe9fec9040d6f6b6fa
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -702,20 +715,3 @@ webhooks:
resources:
- ingresses
sideEffects: None
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
minAvailable: 1

4
manifests/nodered/nodered.yaml
View File

@@ -57,7 +57,7 @@ spec:
- name: data
mountPath: /data
- name: update-native-modules
image: nodered/node-red:4.1.0-18
image: nodered/node-red:4.0.9-18
imagePullPolicy: IfNotPresent
command:
- bash
@@ -73,7 +73,7 @@ spec:
mountPath: /data
containers:
- name: web
image: nodered/node-red:4.1.0-18
image: nodered/node-red:4.0.9-18
imagePullPolicy: Always
ports:
- containerPort: 1880

5
manifests/opengraph/opengraph.yaml
View File

@@ -47,10 +47,11 @@ metadata:
namespace: opengraph
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- opengraph.cluster.fun

2
manifests/outline/outline.yaml
View File

@@ -45,7 +45,7 @@ spec:
spec:
containers:
- name: outline
image: outlinewiki/outline:0.87.3
image: outlinewiki/outline:0.82.0
imagePullPolicy: IfNotPresent
env:
- name: ALLOWED_DOMAINS

5
manifests/qr/qr.yaml
View File

@@ -47,10 +47,11 @@ metadata:
namespace: qr
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- qr.cluster.fun

4
manifests/redis/redis.yaml
View File

@@ -329,7 +329,7 @@ spec:
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001
@@ -471,7 +471,7 @@ spec:
terminationGracePeriodSeconds: 30
containers:
- name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11
image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent"
securityContext:
runAsUser: 1001

2
manifests/rss/miniflux.yaml
View File

@@ -66,7 +66,7 @@ spec:
spec:
containers:
- name: web
image: ghcr.io/miniflux/miniflux:2.2.12
image: ghcr.io/miniflux/miniflux:2.2.5
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:

53
manifests/social-to-rolodex/social-to-rolodex.yaml → manifests/social-to-grist/social-to-grist.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: social-to-rolodex
namespace: social-to-grist
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
@@ -14,8 +14,8 @@ data:
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex-auth
namespace: social-to-rolodex
name: social-to-grist-auth
namespace: social-to-grist
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
@@ -24,8 +24,8 @@ type: Opaque
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
annotations:
kube-1password: oa3ycnui3ji4lc665bifaao63q
kube-1password/vault: Kubernetes
@@ -35,8 +35,8 @@ type: Opaque
apiVersion: v1
kind: Service
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
spec:
type: ClusterIP
ports:
@@ -44,22 +44,22 @@ spec:
targetPort: auth
name: web
selector:
app: social-to-rolodex
app: social-to-grist
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
spec:
replicas: 1
selector:
matchLabels:
app: social-to-rolodex
app: social-to-grist
template:
metadata:
labels:
app: social-to-rolodex
app: social-to-grist
spec:
imagePullSecrets:
- name: docker-config
@@ -70,7 +70,7 @@ spec:
- --provider-display-name=Auth0
- --upstream=http://localhost:8080
- --http-address=$(HOST_IP):8000
- --redirect-url=https://social-to-rolodex.cluster.fun/oauth2/callback
- --redirect-url=https://social-to-grist.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
@@ -86,13 +86,13 @@ spec:
valueFrom:
secretKeyRef:
key: username
name: social-to-rolodex-auth
name: social-to-grist-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: social-to-rolodex-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
name: social-to-grist-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
name: oauth-proxy
ports:
- containerPort: 8000
@@ -104,14 +104,14 @@ spec:
requests:
memory: 50Mi
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-rolodex:latest
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-grist:latest
imagePullPolicy: Always
env:
- name: PORT
value: "8080"
envFrom:
- secretRef:
name: "social-to-rolodex"
name: "social-to-grist"
ports:
- containerPort: 8080
name: web
@@ -125,26 +125,27 @@ spec:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
name: social-to-grist
namespace: social-to-grist
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- social-to-rolodex.cluster.fun
secretName: social-to-rolodex-ingress
- social-to-grist.cluster.fun
secretName: social-to-grist-ingress
rules:
- host: social-to-rolodex.cluster.fun
- host: social-to-grist.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: social-to-rolodex
name: social-to-grist
port:
number: 80

106
manifests/starling/starling.yaml Normal file
View File

@@ -0,0 +1,106 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: starling
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: starling
namespace: starling
annotations:
kube-1password: ufxpki65ffgprn2upksirweeie
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: starling
namespace: starling
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: starling
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: starling
namespace: starling
spec:
replicas: 1
selector:
matchLabels:
app: starling
template:
metadata:
labels:
app: starling
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/starling:latest
imagePullPolicy: Always
env:
- name: PORT
value: "3000"
- name: SHARED_SECRET
valueFrom:
secretKeyRef:
name: starling
key: SHARED_SECRET
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: starling
key: ACCESS_TOKEN
ports:
- containerPort: 3000
name: web
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: starling
namespace: starling
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- starling.marcusnoble.co.uk
secretName: starling-ingress
rules:
- host: starling.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: starling
port:
number: 80

9
manifests/svg-to-dxf/svg-to-dxf.yaml
View File

@@ -45,11 +45,14 @@ metadata:
namespace: svg-to-dxf
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/buffering: |
maxrequestbodybytes: 31457280
memrequestbodybytes: 62914560
spec:
ingressClassName: nginx
tls:
- hosts:
- svg-to-dxf.cluster.fun

57
manifests/talks/talks.yaml
View File

@@ -1,3 +1,45 @@
apiVersion: v1
kind: Service
metadata:
name: talks
namespace: talks
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: talks
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: talks
namespace: talks
spec:
replicas: 1
selector:
matchLabels:
app: talks
template:
metadata:
labels:
app: talks
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/talks:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -5,13 +47,24 @@ metadata:
namespace: talks
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/permanent-redirect: https://speaking.marcusnoble.co.uk
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- talks.marcusnoble.co.uk
secretName: talks-ingress
rules:
- host: talks.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: talks
port:
number: 80

5
manifests/text-to-dxf/text-to-dxf.yaml
View File

@@ -45,10 +45,11 @@ metadata:
namespace: text-to-dxf
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- text-to-dxf.cluster.fun

69
manifests/til/til.yaml
View File

@@ -1,3 +1,45 @@
apiVersion: v1
kind: Service
metadata:
name: til
namespace: til
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: til
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: til
namespace: til
spec:
replicas: 1
selector:
matchLabels:
app: til
template:
metadata:
labels:
app: til
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/til:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -5,25 +47,24 @@ metadata:
namespace: til
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/server-snippet: |
rewrite ^/dont-reuse-keys/?$ https://marcusnoble.co.uk/2020-10-03-t-i-l-don-t-reuse-api-keys/ permanent;
rewrite ^/favicons/?$ https://marcusnoble.co.uk/2020-11-10-t-i-l-how-to-get-the-favicon-of-any-site/ permanent;
rewrite ^/getopts/?$ https://marcusnoble.co.uk/2021-08-04-t-i-l-cli-flag-handling-in-bash-using-getopts/ permanent;
rewrite ^/go-named-return-values/?$ https://marcusnoble.co.uk/2020-10-05-t-i-l-named-returns-in-go-functions/ permanent;
rewrite ^/golang-append/?$ https://marcusnoble.co.uk/2020-10-30-t-i-l-golang-s-append-mutates-the-provided-array/ permanent;
rewrite ^/golang-split-by-space/?$ https://marcusnoble.co.uk/2020-09-18-t-i-l-split-on-spaces-in-go/ permanent;
rewrite ^/kubectl-replace/?$ https://marcusnoble.co.uk/2020-09-25-t-i-l-kubectl-replace/ permanent;
rewrite ^/kubernetes-label-length/?$ https://marcusnoble.co.uk/2021-04-20-t-i-l-kubernetes-label-length/ permanent;
rewrite ^/tekton-multi-arch-builds/?$ https://marcusnoble.co.uk/2020-09-13-t-i-l-tekton-multi-arch-image-builds/ permanent;
rewrite ^/yaml-key-spaces/?$ https://marcusnoble.co.uk/2021-05-11-t-i-l-yaml-keys-allow-for-spaces-in-them/ permanent;
rewrite ^/yaml-multiline/?$ https://marcusnoble.co.uk/2020-09-17-t-i-l-yaml-multiline-values/ permanent;
rewrite ^/?$ https://marcusnoble.co.uk/ permanent;
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: nginx
tls:
- hosts:
- til.marcusnoble.co.uk
secretName: til-ingress
rules:
- host: til.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: til
port:
number: 80

2
manifests/traefik/traefik.yaml
View File

@@ -45,7 +45,7 @@ spec:
- --entrypoints.websecure.http.tls=true
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
image: rancher/mirrored-library-traefik:2.11.29
image: rancher/mirrored-library-traefik:3.3.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3

92
manifests/tweetsvg/tweetsvg.yaml Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: v1
kind: Secret
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
kube-1password: dmjtjxrcpqtmeddq5x7zikj37i
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
name: web
selector:
app: tweetsvg
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tweetsvg
namespace: tweetsvg
spec:
replicas: 2
selector:
matchLabels:
app: tweetsvg
template:
metadata:
labels:
app: tweetsvg
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/tweetsvg:latest
imagePullPolicy: Always
# env:
# - name: DOTENV_DIR
# value: /config/
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: tweetsvg
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tweetsvg
namespace: tweetsvg
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- tweet.cluster.fun
secretName: tweetsvg-ingress
rules:
- host: tweet.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tweetsvg
port:
number: 80

86
manifests/twitter-profile-pic/twitter-profile-pic.yaml Normal file
View File

@@ -0,0 +1,86 @@
apiVersion: v1
kind: Secret
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
annotations:
kube-1password: d2rt56v47q2wij47qgj27umrky
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .env
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 9090
name: web
selector:
app: twitter-profile-pic
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: twitter-profile-pic
namespace: twitter-profile-pic
spec:
replicas: 1
selector:
matchLabels:
app: twitter-profile-pic
template:
metadata:
labels:
app: twitter-profile-pic
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/twitter-profile-pic:latest
imagePullPolicy: Always
ports:
- containerPort: 9090
name: web
resources:
limits:
memory: 100Mi
requests:
memory: 100Mi
volumeMounts:
- name: dotenv
mountPath: /app/.env
subPath: .env
volumes:
- name: dotenv
secret:
secretName: twitter-profile-pic
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: twitter-profile-pic-cluster-fun
namespace: twitter-profile-pic
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- twitter-profile-pic.cluster.fun
secretName: twitter-profile-pic-cluster-fun-ingress
rules:
- host: twitter-profile-pic.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: twitter-profile-pic
port:
number: 80

204
manifests/wallabag/wallabag.yaml Normal file
View File

@@ -0,0 +1,204 @@
apiVersion: v1
kind: Secret
metadata:
name: wallabag
namespace: wallabag
annotations:
kube-1password: 4yogl6yx6t4trrkq7o35tiyj6i
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
annotations:
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: wallabag
---
apiVersion: batch/v1
kind: Job
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag-init
spec:
suspend: true
template:
metadata:
labels:
app.kubernetes.io/name: wallabag-init
spec:
restartPolicy: OnFailure
containers:
- name: db-init
image: "wallabag/wallabag:latest"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
command:
- /var/www/wallabag/bin/console
- wallabag:install
- --env=prod
- --no-interaction
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: wallabag
template:
metadata:
labels:
app.kubernetes.io/name: wallabag
spec:
initContainers:
- name: db-migrate
image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent
command:
- /var/www/wallabag/bin/console
- doctrine:migrations:migrate
- --env=prod
- --no-interaction
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
- name: "POPULATE_DATABASE"
value: "false"
containers:
- name: wallabag
image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: wallabag
env:
- name: "SYMFONY__ENV__DATABASE_CHARSET"
value: "utf8"
- name: "SYMFONY__ENV__DATABASE_DRIVER"
value: "pdo_pgsql"
- name: "SYMFONY__ENV__DATABASE_NAME"
value: "wallabag"
- name: "SYMFONY__ENV__DATABASE_TABLE_PREFIX"
value: "wallabag_"
- name: "SYMFONY__ENV__DOMAIN_NAME"
value: "https://wallabag.cluster.fun"
- name: "SYMFONY__ENV__FOSUSER_REGISTRATION"
value: "false"
- name: "SYMFONY__ENV__LOCALE"
value: "en"
- name: "TZ"
value: "UTC"
- name: "POPULATE_DATABASE"
value: "false"
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
startupProbe:
tcpSocket:
port: 80
initialDelaySeconds: 0
failureThreshold: 30
timeoutSeconds: 1
periodSeconds: 5
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wallabag
namespace: wallabag
labels:
app.kubernetes.io/name: wallabag
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- "wallabag.cluster.fun"
secretName: "wallabag-ingress"
rules:
- host: "wallabag.cluster.fun"
http:
paths:
- path: "/"
pathType: ImplementationSpecific
backend:
service:
name: wallabag
port:
number: 80

95
manifests/yay-or-nay/yay-or-nay.yaml
View File

@@ -1,95 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: yay-or-nay
namespace: yay-or-nay
annotations:
kube-1password: vtnx2swze7r6qepxnlepufvcbi
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: yay-or-nay
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
annotations:
reloader.stakater.com/search: "true"
spec:
replicas: 1
selector:
matchLabels:
app: yay-or-nay
template:
metadata:
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
spec:
containers:
- name: yay-or-nay
image: ghcr.io/mocdaniel/yay-or-nay:1.1.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: web
envFrom:
- secretRef:
name: yay-or-nay
livenessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
readinessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: yay-or-nay
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: yay-or-nay
namespace: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- "yay-or-nay.cluster.fun"
secretName: "yay-or-nay-ingress"
rules:
- host: "yay-or-nay.cluster.fun"
http:
paths:
- path: "/"
pathType: ImplementationSpecific
backend:
service:
name: yay-or-nay
port:
name: web