AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity

Compare commits

base: AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x
Branches Tags
AverageMarcus:master AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:increase_cluster_max
..
compare: AverageMarcus:b54f25d1f4f3bc4390898c58b4d8a64c35617c46
Branches Tags
AverageMarcus:master AverageMarcus:renovate/rancher-mirrored-library-traefik-3.x AverageMarcus:renovate/grafana-promtail-3.x AverageMarcus:increase_cluster_max

1 Commits
renovate/r ... b54f25d1f4

Author SHA1 Message Date
Renovate Bot
b54f25d1f4 Update grafana/promtail Docker tag to v3 2024-12-14 03:12:08 +00:00
60 changed files with 702 additions and 596 deletions
Expand all files Collapse all files

5
manifests/_apps/base64.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/blog.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

5
manifests/_apps/civo-versions.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/cv.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/dashboard.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

5
manifests/_apps/devstats-viewer.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

5
manifests/_apps/feed-fetcher.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

4
manifests/_apps/grist.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

5
manifests/_apps/marcusnoble.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

4
manifests/_apps/mastodon-digest.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

4
manifests/_apps/mealie.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

5
manifests/_apps/opengraph-image-gen.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/qr.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

4
manifests/_apps/rss.yaml
View File

@@ -22,4 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

10
manifests/_apps/bsky-screenshot.yaml → manifests/_apps/social-to-grist.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: bsky-screenshot name: social-to-grist
namespace: argocd namespace: argocd
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
spec: spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: bsky-screenshot namespace: social-to-grist
name: civo name: civo
source: source:
path: manifests/bsky-screenshot path: manifests/social-to-grist
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD targetRevision: HEAD
syncPolicy: syncPolicy:
@@ -22,3 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

25
manifests/_apps/social-to-rolodex.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: social-to-rolodex
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: social-to-rolodex
name: civo
source:
path: manifests/social-to-rolodex
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data

6
manifests/_apps/cors-proxy.yaml → manifests/_apps/starling.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: cors-proxy name: cluster-fun-starling
namespace: argocd namespace: argocd
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
spec: spec:
project: cluster.fun project: cluster.fun
destination: destination:
namespace: cors-proxy namespace: starling
name: cluster-fun (v2) name: cluster-fun (v2)
source: source:
path: manifests/cors-proxy path: manifests/starling
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD targetRevision: HEAD
syncPolicy: syncPolicy:

5
manifests/_apps/svg-to-dxf.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/talks.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/tank.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

5
manifests/_apps/text-to-dxf.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/til.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/tweetsvg.yaml
View File

@@ -22,4 +22,7 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image

5
manifests/_apps/twitter-profile-pic.yaml
View File

@@ -22,5 +22,8 @@ spec:
- kind: Secret - kind: Secret
jsonPointers: jsonPointers:
- /data - /data
- group: apps
kind: Deployment
jqPathExpressions:
- .spec.template.spec.containers[]?.image
--- ---

25
manifests/_apps/yay-or-nay.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: yay-or-nay
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: cluster.fun
destination:
namespace: yay-or-nay
name: cluster-fun (v2)
source:
path: manifests/yay-or-nay
repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
targetRevision: HEAD
syncPolicy:
syncOptions:
- CreateNamespace=true
automated: {}
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data
---

33
manifests/auth-proxy/auth-ingress.yaml
View File

@@ -23,13 +23,10 @@ spec:
- sonarr.cluster.fun - sonarr.cluster.fun
- lidarr.cluster.fun - lidarr.cluster.fun
- prowlarr.cluster.fun - prowlarr.cluster.fun
- mylarr.cluster.fun
- transmission.cluster.fun - transmission.cluster.fun
- tekton.cluster.fun - tekton.cluster.fun
- changedetection.cluster.fun - changedetection.cluster.fun
- grafana.cluster.fun - grafana.cluster.fun
- podgrab.cluster.fun
- stablediffusion.cluster.fun
secretName: auth-proxy-ingress secretName: auth-proxy-ingress
rules: rules:
- host: downloads.cluster.fun - host: downloads.cluster.fun
@@ -202,33 +199,3 @@ spec:
name: tailscale-proxy name: tailscale-proxy
port: port:
name: auth name: auth
- host: podgrab.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: mylarr.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth
- host: stablediffusion.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: auth

37
manifests/auth-proxy/non-auth-ingress.yaml
View File

@@ -6,18 +6,11 @@ metadata:
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-body-size: 25m
nginx.ingress.kubernetes.io/client-body-buffer-size: 25m
spec: spec:
ingressClassName: nginx ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- hello-world.cluster.fun - hello-world.cluster.fun
- ombi.cluster.fun
- bsky-feeds.cluster.fun
- ai.cluster.fun
secretName: non-auth-proxy-ingress secretName: non-auth-proxy-ingress
rules: rules:
- host: hello-world.cluster.fun - host: hello-world.cluster.fun
@@ -30,33 +23,3 @@ spec:
name: tailscale-proxy name: tailscale-proxy
port: port:
name: non-auth name: non-auth
- host: ombi.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth
- host: bsky-feeds.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth
- host: ai.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: tailscale-proxy
port:
name: non-auth

2
manifests/auth-proxy/proxy.yaml
View File

@@ -67,7 +67,7 @@ spec:
mountPath: /config/ mountPath: /config/
- name: oauth-proxy - name: oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
args: args:
- --cookie-secure=false - --cookie-secure=false
- --provider=oidc - --provider=oidc

70
manifests/bsky-screenshot/bsky-screenshot.yaml
View File

@@ -1,70 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: bsky-screenshot
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
spec:
replicas: 1
selector:
matchLabels:
app: bsky-screenshot
template:
metadata:
labels:
app: bsky-screenshot
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/bsky-screenshot:latest
imagePullPolicy: Always
ports:
- containerPort: 80
name: web
resources:
limits:
memory: 20Mi
requests:
memory: 20Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bsky-screenshot
namespace: bsky-screenshot
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- bsky-screenshot.cluster.fun
secretName: bsky-screenshot-ingress
rules:
- host: bsky-screenshot.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: bsky-screenshot
port:
number: 80

76
manifests/cors-proxy/cors-proxy.yaml
View File

@@ -1,76 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8000
name: web
selector:
app: cors-proxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cors-proxy
namespace: cors-proxy
spec:
replicas: 2
selector:
matchLabels:
app: cors-proxy
template:
metadata:
labels:
app: cors-proxy
spec:
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus/cors-proxy:latest
imagePullPolicy: Always
ports:
- containerPort: 8000
name: web
env:
- name: ALLOWLIST
value: cdn.bsky.app
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cors-proxy
namespace: cors-proxy
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- cors-proxy.cluster.fun
- cors-proxy.marcusnoble.co.uk
secretName: cors-proxy-ingress
rules:
- host: cors-proxy.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80
- host: cors-proxy.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cors-proxy
port:
number: 80

2
manifests/dashboard/dashboard.yaml
View File

@@ -81,7 +81,7 @@ spec:
secretKeyRef: secretKeyRef:
key: password key: password
name: dashboard-auth name: dashboard-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
name: oauth-proxy name: oauth-proxy
ports: ports:
- containerPort: 8000 - containerPort: 8000

2
manifests/gitea/gitea.yaml
View File

@@ -42,7 +42,7 @@ spec:
spec: spec:
containers: containers:
- name: git - name: git
image: gitea/gitea:1.24.5 image: gitea/gitea:1.22.5
env: env:
- name: APP_NAME - name: APP_NAME
value: "Git" value: "Git"

2
manifests/goplayground/goplayground.yaml
View File

@@ -29,7 +29,7 @@ spec:
spec: spec:
containers: containers:
- name: web - name: web
image: x1unix/go-playground:2.5.7 image: x1unix/go-playground:2.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 8000 - containerPort: 8000

2
manifests/grist/grist.yaml
View File

@@ -72,7 +72,7 @@ spec:
serviceAccountName: grist serviceAccountName: grist
containers: containers:
- name: grist - name: grist
image: gristlabs/grist-oss:1.7.3 image: gristlabs/grist-oss:1.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http

8
manifests/link/link.yaml
View File

@@ -27,14 +27,6 @@ data:
kcduk24: https://speaking.marcusnoble.co.uk/0qcuN9/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes kcduk24: https://speaking.marcusnoble.co.uk/0qcuN9/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
rejektsna24: https://speaking.marcusnoble.co.uk/dALiFY/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes rejektsna24: https://speaking.marcusnoble.co.uk/dALiFY/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
kcddk24: https://speaking.marcusnoble.co.uk/FU4W7x/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes kcddk24: https://speaking.marcusnoble.co.uk/FU4W7x/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
cndoslo: https://speaking.marcusnoble.co.uk/j5M53P/from-fragile-to-resilient-validatingadmissionpolicies-strengthen-kubernetes
rejekts25: https://speaking.marcusnoble.co.uk/AXARFf/pod-deep-dive-everything-you-didnt-know-you-needed-to-know
kcdbudapest: https://speaking.marcusnoble.co.uk/43QLpx/the-future-of-kubernetes-admission-logic
kcdczechslovak: https://speaking.marcusnoble.co.uk/Np2xUv/pod-deep-dive-the-interesting-bits
cnsmunich: https://speaking.marcusnoble.co.uk/HqYcp2/pod-deep-dive-the-interesting-bits
cnsmunich-feedback: https://yay-or-nay.cluster.fun/feedback/20UETBI0
containerdays25: https://speaking.marcusnoble.co.uk/HARSlE/the-future-of-kubernetes-admission-logic
containerdays25-feedback: https://yay-or-nay.cluster.fun/feedback/F8P351QK
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

2
manifests/mastodon-digest/mastodon_digest.yaml
View File

@@ -152,7 +152,7 @@ spec:
secretKeyRef: secretKeyRef:
key: password key: password
name: mastodon-digest-auth name: mastodon-digest-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
name: oauth-proxy name: oauth-proxy
ports: ports:
- containerPort: 8000 - containerPort: 8000

30
manifests/matrix_chart/matrix_chart.yaml
View File

@@ -348,7 +348,7 @@ metadata:
app.kubernetes.io/name: "matrix" app.kubernetes.io/name: "matrix"
component: element component: element
spec: spec:
replicas: 1 replicas: 2
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: matrix-riot app.kubernetes.io/name: matrix-riot
@@ -363,7 +363,7 @@ spec:
fsGroup: 1000 fsGroup: 1000
containers: containers:
- name: "riot" - name: "riot"
image: "vectorim/element-web:v1.11.110" image: "vectorim/element-web:v1.11.87"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http
@@ -388,8 +388,6 @@ spec:
- mountPath: /var/run/pid - mountPath: /var/run/pid
name: ephemeral name: ephemeral
subPath: pid subPath: pid
- mountPath: /tmp
name: tmp
readinessProbe: readinessProbe:
httpGet: httpGet:
path: / path: /
@@ -414,8 +412,6 @@ spec:
name: matrix-riot-config name: matrix-riot-config
- name: ephemeral - name: ephemeral
emptyDir: {} emptyDir: {}
- name: tmp
emptyDir: {}
--- ---
# Source: matrix/templates/synapse/deployment.yaml # Source: matrix/templates/synapse/deployment.yaml
apiVersion: apps/v1 apiVersion: apps/v1
@@ -444,7 +440,7 @@ spec:
fsGroup: 1000 fsGroup: 1000
initContainers: initContainers:
- name: generate-signing-key - name: generate-signing-key
image: "ghcr.io/element-hq/synapse:v1.137.0" image: "ghcr.io/element-hq/synapse:v1.121.1"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: SYNAPSE_SERVER_NAME - name: SYNAPSE_SERVER_NAME
@@ -471,7 +467,7 @@ spec:
mountPath: /data/keys mountPath: /data/keys
containers: containers:
- name: "synapse" - name: "synapse"
image: "ghcr.io/element-hq/synapse:v1.137.0" image: "ghcr.io/element-hq/synapse:v1.121.1"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: http
@@ -484,6 +480,15 @@ spec:
- name: synapse-config-homeserver - name: synapse-config-homeserver
mountPath: /data/homeserver.yaml mountPath: /data/homeserver.yaml
subPath: homeserver.yaml subPath: homeserver.yaml
- name: mautrix-whatsapp-registration
mountPath: /data/mautrix-whatsapp-registration.yaml
subPath: registration.yaml
# - name: mautrix-signal-registration
# mountPath: /data/mautrix-signal-registration.yaml
# subPath: registration.yaml
# - name: mautrix-telegram-registration
# mountPath: /data/mautrix-telegram-registration.yaml
# subPath: registration.yaml
- name: synapse-config-logging - name: synapse-config-logging
mountPath: /data/matrix.cluster.fun.log.config mountPath: /data/matrix.cluster.fun.log.config
subPath: matrix.cluster.fun.log.config subPath: matrix.cluster.fun.log.config
@@ -527,6 +532,15 @@ spec:
- name: synapse-config-homeserver - name: synapse-config-homeserver
secret: secret:
secretName: matrix-synapse-config secretName: matrix-synapse-config
- name: mautrix-whatsapp-registration
secret:
secretName: mautrix-whatsapp-registration
# - name: mautrix-signal-registration
# secret:
# secretName: mautrix-signal-registration
# - name: mautrix-telegram-registration
# secret:
# secretName: mautrix-telegram-registration
- name: signing-key - name: signing-key
persistentVolumeClaim: persistentVolumeClaim:
claimName: chat-matrix-signing-key claimName: chat-matrix-signing-key

153
manifests/matrix_chart/signal_bridge.yaml Normal file
View File

@@ -0,0 +1,153 @@
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-signal-registration
# namespace: chat
# annotations:
# kube-1password: z6tylu2br724gttcpfyi5egaui
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: registration.yaml
# labels:
# app.kubernetes.io/name: "mautrix-signal"
# component: registration
# type: Opaque
# ---
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-signal-config
# namespace: chat
# annotations:
# kube-1password: 5vfaorcudozlq4clkzgmzzszqe
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: config.yaml
# labels:
# app.kubernetes.io/name: "mautrix-signal"
# component: config
# type: Opaque
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: mautrix-signal
# namespace: chat
# labels:
# app.kubernetes.io/name: mautrix-signal
# annotations:
# prometheus.io/scrape: "true"
# prometheus.io/path: "/metrics"
# prometheus.io/port: "9000"
# spec:
# type: ClusterIP
# ports:
# - port: 29328
# targetPort: http
# protocol: TCP
# name: http
# selector:
# app.kubernetes.io/name: mautrix-signal
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: mautrix-signal
# labels:
# app.kubernetes.io/name: mautrix-signal
# spec:
# revisionHistoryLimit: 3
# replicas: 1
# strategy:
# type: Recreate
# selector:
# matchLabels:
# app.kubernetes.io/name: mautrix-signal
# template:
# metadata:
# labels:
# app.kubernetes.io/name: mautrix-signal
# spec:
# serviceAccountName: default
# automountServiceAccountToken: true
# dnsPolicy: ClusterFirst
# enableServiceLinks: true
# initContainers:
# - name: config-copy
# image: bash:latest
# imagePullPolicy: IfNotPresent
# args:
# - -c
# - |
# cp /secrets/* /data/
# volumeMounts:
# - name: mautrix-signal-config
# mountPath: /secrets/config.yaml
# subPath: config.yaml
# - name: mautrix-signal-registration
# mountPath: /secrets/registration.yaml
# subPath: registration.yaml
# - name: data
# mountPath: /data
# containers:
# - name: signald
# image: docker.io/signald/signald:stable
# imagePullPolicy: Always
# volumeMounts:
# - name: signald
# mountPath: /signald
# - name: mautrix-signal
# image: "dock.mau.dev/mautrix/signal:v0.4.3"
# imagePullPolicy: IfNotPresent
# env:
# - name: "TZ"
# value: "UTC"
# ports:
# - name: http
# containerPort: 29328
# protocol: TCP
# - name: metrics
# containerPort: 9000
# protocol: TCP
# volumeMounts:
# - name: signald
# mountPath: /signald
# - name: data
# mountPath: /data
# livenessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# readinessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# startupProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 30
# timeoutSeconds: 1
# periodSeconds: 5
# volumes:
# - name: data
# emptyDir: {}
# - name: signald
# emptyDir: {}
# - name: mautrix-signal-config
# secret:
# secretName: mautrix-signal-config
# - name: mautrix-signal-registration
# secret:
# secretName: mautrix-signal-registration
# ---

143
manifests/matrix_chart/telegram_bridge.yaml Normal file
View File

@@ -0,0 +1,143 @@
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-telegram-registration
# namespace: chat
# annotations:
# kube-1password: dancy7ogc4gjlxhfntqejgudwi
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: registration.yaml
# labels:
# app.kubernetes.io/name: "mautrix-telegram"
# component: registration
# type: Opaque
# ---
# apiVersion: v1
# kind: Secret
# metadata:
# name: mautrix-telegram-config
# namespace: chat
# annotations:
# kube-1password: nilzdpfum35hhwijnwvasbzmcq
# kube-1password/vault: Kubernetes
# kube-1password/secret-text-key: config.yaml
# labels:
# app.kubernetes.io/name: "mautrix-telegram"
# component: config
# type: Opaque
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: mautrix-telegram
# namespace: chat
# labels:
# app.kubernetes.io/name: mautrix-telegram
# annotations:
# prometheus.io/scrape: "true"
# prometheus.io/path: "/metrics"
# prometheus.io/port: "9000"
# spec:
# type: ClusterIP
# ports:
# - port: 29318
# targetPort: http
# protocol: TCP
# name: http
# selector:
# app.kubernetes.io/name: mautrix-telegram
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: mautrix-telegram
# labels:
# app.kubernetes.io/name: mautrix-telegram
# spec:
# revisionHistoryLimit: 3
# replicas: 1
# strategy:
# type: Recreate
# selector:
# matchLabels:
# app.kubernetes.io/name: mautrix-telegram
# template:
# metadata:
# labels:
# app.kubernetes.io/name: mautrix-telegram
# spec:
# serviceAccountName: default
# automountServiceAccountToken: true
# dnsPolicy: ClusterFirst
# enableServiceLinks: true
# initContainers:
# - name: config-copy
# image: bash:latest
# imagePullPolicy: IfNotPresent
# args:
# - -c
# - |
# cp /secrets/* /data/
# volumeMounts:
# - name: mautrix-telegram-config
# mountPath: /secrets/config.yaml
# subPath: config.yaml
# - name: mautrix-telegram-registration
# mountPath: /secrets/registration.yaml
# subPath: registration.yaml
# - name: data
# mountPath: /data
# containers:
# - name: mautrix-telegram
# image: "dock.mau.dev/mautrix/telegram:v0.12.1"
# imagePullPolicy: IfNotPresent
# env:
# - name: "TZ"
# value: "UTC"
# ports:
# - name: http
# containerPort: 29318
# protocol: TCP
# - name: metrics
# containerPort: 9000
# protocol: TCP
# volumeMounts:
# - name: data
# mountPath: /data
# livenessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# readinessProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 3
# timeoutSeconds: 1
# periodSeconds: 10
# startupProbe:
# tcpSocket:
# port: 29318
# initialDelaySeconds: 0
# failureThreshold: 30
# timeoutSeconds: 1
# periodSeconds: 5
# volumes:
# - name: data
# emptyDir: {}
# - name: mautrix-telegram-config
# secret:
# secretName: mautrix-telegram-config
# - name: mautrix-telegram-registration
# secret:
# secretName: mautrix-telegram-registration
# ---

143
manifests/matrix_chart/whatsapp_bridge.yaml Normal file
View File

@@ -0,0 +1,143 @@
apiVersion: v1
kind: Secret
metadata:
name: mautrix-whatsapp-registration
namespace: chat
annotations:
kube-1password: x6lzkpyov4dem5jtk2kimyrnvy
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: registration.yaml
labels:
app.kubernetes.io/name: "mautrix-whatsapp"
component: registration
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: mautrix-whatsapp-config
namespace: chat
annotations:
kube-1password: ji3e2el66bu56bml3kq3ghyojq
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: config.yaml
labels:
app.kubernetes.io/name: "mautrix-whatsapp"
component: config
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: mautrix-whatsapp
namespace: chat
labels:
app.kubernetes.io/name: mautrix-whatsapp
# annotations:
# prometheus.io/scrape: "true"
# prometheus.io/path: "/metrics"
# prometheus.io/port: "9000"
spec:
type: ClusterIP
ports:
- port: 29318
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: mautrix-whatsapp
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mautrix-whatsapp
labels:
app.kubernetes.io/name: mautrix-whatsapp
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: mautrix-whatsapp
template:
metadata:
labels:
app.kubernetes.io/name: mautrix-whatsapp
spec:
serviceAccountName: default
automountServiceAccountToken: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
initContainers:
- name: config-copy
image: bash:latest
imagePullPolicy: IfNotPresent
args:
- -c
- |
cp /secrets/* /data/
volumeMounts:
- name: mautrix-whatsapp-config
mountPath: /secrets/config.yaml
subPath: config.yaml
- name: mautrix-whatsapp-registration
mountPath: /secrets/registration.yaml
subPath: registration.yaml
- name: data
mountPath: /data
containers:
- name: mautrix-whatsapp
image: "dock.mau.dev/mautrix/whatsapp:v0.11.0"
imagePullPolicy: IfNotPresent
env:
- name: "TZ"
value: "UTC"
ports:
- name: http
containerPort: 29318
protocol: TCP
# - name: metrics
# containerPort: 9000
# protocol: TCP
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
tcpSocket:
port: 29318
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 29318
initialDelaySeconds: 0
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
startupProbe:
tcpSocket:
port: 29318
initialDelaySeconds: 0
failureThreshold: 30
timeoutSeconds: 1
periodSeconds: 5
volumes:
- name: data
emptyDir: {}
- name: mautrix-whatsapp-config
secret:
secretName: mautrix-whatsapp-config
- name: mautrix-whatsapp-registration
secret:
secretName: mautrix-whatsapp-registration
---

2
manifests/mealie/mealie.yaml
View File

@@ -30,7 +30,7 @@ spec:
spec: spec:
containers: containers:
- name: frontend - name: frontend
image: ghcr.io/mealie-recipes/mealie:v3.1.2 image: ghcr.io/mealie-recipes/mealie:v2.3.0
imagePullPolicy: Always imagePullPolicy: Always
envFrom: envFrom:
- secretRef: - secretRef:

2
manifests/monitoring-civo/kube-state-metrics.yaml
View File

@@ -237,7 +237,7 @@ spec:
- --resources=validatingwebhookconfigurations - --resources=validatingwebhookconfigurations
#- --resources=volumeattachments #- --resources=volumeattachments
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0" image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0"
ports: ports:
- containerPort: 8080 - containerPort: 8080
livenessProbe: livenessProbe:

2
manifests/monitoring-civo/promtail.yaml
View File

@@ -236,7 +236,7 @@ spec:
serviceAccountName: promtail serviceAccountName: promtail
containers: containers:
- name: promtail - name: promtail
image: "grafana/promtail:2.9.15" image: "grafana/promtail:3.3.1"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- "-config.file=/etc/promtail/promtail.yaml" - "-config.file=/etc/promtail/promtail.yaml"

2
manifests/monitoring-civo/vmagent.yaml
View File

@@ -147,7 +147,7 @@ spec:
serviceAccountName: prometheus-server serviceAccountName: prometheus-server
containers: containers:
- name: vmagent - name: vmagent
image: "victoriametrics/vmagent:v1.125.0" image: "victoriametrics/vmagent:v1.107.0"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
args: args:
- -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/ - -remoteWrite.url=http://vmcluster.proxy-civo.svc/insert/0/prometheus/

2
manifests/monitoring/kube-state-metrics.yaml
View File

@@ -237,7 +237,7 @@ spec:
- --resources=validatingwebhookconfigurations - --resources=validatingwebhookconfigurations
#- --resources=volumeattachments #- --resources=volumeattachments
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.17.0" image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0"
ports: ports:
- containerPort: 8080 - containerPort: 8080
livenessProbe: livenessProbe:

2
manifests/monitoring/node-exporter.yaml
View File

@@ -54,7 +54,7 @@ spec:
serviceAccountName: prometheus-node-exporter serviceAccountName: prometheus-node-exporter
containers: containers:
- name: prometheus-node-exporter - name: prometheus-node-exporter
image: "prom/node-exporter:v1.9.1" image: "prom/node-exporter:v1.8.2"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
args: args:
- --path.procfs=/host/proc - --path.procfs=/host/proc

2
manifests/monitoring/promtail.yaml
View File

@@ -215,7 +215,7 @@ spec:
serviceAccountName: promtail serviceAccountName: promtail
containers: containers:
- name: promtail - name: promtail
image: "grafana/promtail:2.9.15" image: "grafana/promtail:3.3.1"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- "-config.file=/etc/promtail/promtail.yaml" - "-config.file=/etc/promtail/promtail.yaml"

2
manifests/monitoring/vmagent.yaml
View File

@@ -153,7 +153,7 @@ spec:
serviceAccountName: prometheus-server serviceAccountName: prometheus-server
containers: containers:
- name: vmagent - name: vmagent
image: "victoriametrics/vmagent:v1.125.0" image: "victoriametrics/vmagent:v1.107.0"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
args: args:
- -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/ - -remoteWrite.url=http://vmcluster.auth-proxy.svc/insert/0/prometheus/

4
manifests/nextcloud_chart/manifest.yaml
View File

@@ -203,7 +203,7 @@ spec:
spec: spec:
containers: containers:
- name: nextcloud - name: nextcloud
image: "nextcloud:31.0.8-apache" image: "nextcloud:30.0.4-apache"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: SQLITE_DATABASE - name: SQLITE_DATABASE
@@ -374,7 +374,7 @@ spec:
restartPolicy: Never restartPolicy: Never
containers: containers:
- name: nextcloud - name: nextcloud
image: "nextcloud:31.0.8-apache" image: "nextcloud:30.0.4-apache"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: [ "curl" ] command: [ "curl" ]
args: args:

33
manifests/nginx-lb/nginx-lb.yaml
View File

@@ -15,6 +15,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@@ -26,6 +27,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@@ -37,6 +39,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@@ -141,6 +144,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
rules: rules:
@@ -159,6 +163,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx name: ingress-nginx
rules: rules:
- apiGroups: - apiGroups:
@@ -240,6 +245,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission name: ingress-nginx-admission
rules: rules:
- apiGroups: - apiGroups:
@@ -258,6 +264,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx name: ingress-nginx
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@@ -277,6 +284,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission name: ingress-nginx-admission
namespace: ingress-nginx namespace: ingress-nginx
roleRef: roleRef:
@@ -295,6 +303,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx name: ingress-nginx
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -313,6 +322,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission name: ingress-nginx-admission
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@@ -359,6 +369,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
--- ---
@@ -394,6 +405,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@@ -426,6 +438,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller-admission name: ingress-nginx-controller-admission
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@@ -448,6 +461,7 @@ metadata:
app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller name: ingress-nginx-controller
namespace: ingress-nginx namespace: ingress-nginx
spec: spec:
@@ -491,7 +505,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: LD_PRELOAD - name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.13.2@sha256:1f7eaeb01933e719c8a9f4acd8181e555e582330c7d50f24484fb64d2ba9b2ef image: registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -701,20 +715,3 @@ webhooks:
resources: resources:
- ingresses - ingresses
sideEffects: None sideEffects: None
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
name: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
minAvailable: 1

6
manifests/nodered/nodered.yaml
View File

@@ -57,7 +57,7 @@ spec:
- name: data - name: data
mountPath: /data mountPath: /data
- name: update-native-modules - name: update-native-modules
image: nodered/node-red:4.1.0-18 image: nodered/node-red:4.0.5-18
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- bash - bash
@@ -66,14 +66,12 @@ spec:
cd /data cd /data
npm rebuild npm rebuild
npm install tldts npm install tldts
npm install @atproto/api
npm install node-fetch
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /data mountPath: /data
containers: containers:
- name: web - name: web
image: nodered/node-red:4.1.0-18 image: nodered/node-red:4.0.5-18
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 1880 - containerPort: 1880

2
manifests/outline/outline.yaml
View File

@@ -45,7 +45,7 @@ spec:
spec: spec:
containers: containers:
- name: outline - name: outline
image: outlinewiki/outline:0.87.3 image: outlinewiki/outline:0.81.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: ALLOWED_DOMAINS - name: ALLOWED_DOMAINS

4
manifests/redis/redis.yaml
View File

@@ -329,7 +329,7 @@ spec:
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
containers: containers:
- name: redis - name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11 image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
securityContext: securityContext:
runAsUser: 1001 runAsUser: 1001
@@ -471,7 +471,7 @@ spec:
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
containers: containers:
- name: redis - name: redis
image: docker.io/bitnamilegacy/redis:7.2.4-debian-11-r11 image: docker.io/bitnami/redis:7.2.4-debian-11-r11
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
securityContext: securityContext:
runAsUser: 1001 runAsUser: 1001

2
manifests/rss/miniflux.yaml
View File

@@ -66,7 +66,7 @@ spec:
spec: spec:
containers: containers:
- name: web - name: web
image: ghcr.io/miniflux/miniflux:2.2.12 image: ghcr.io/miniflux/miniflux:2.2.3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
envFrom: envFrom:
- configMapRef: - configMapRef:

2
manifests/social-to-grist/social-to-grist.yaml
View File

@@ -92,7 +92,7 @@ spec:
secretKeyRef: secretKeyRef:
key: password key: password
name: social-to-grist-auth name: social-to-grist-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0 image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
name: oauth-proxy name: oauth-proxy
ports: ports:
- containerPort: 8000 - containerPort: 8000

151
manifests/social-to-rolodex/social-to-rolodex.yaml
View File

@@ -1,151 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: social-to-rolodex
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex-auth
namespace: social-to-rolodex
annotations:
kube-1password: mr6spkkx7n3memkbute6ojaarm
kube-1password/vault: Kubernetes
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
annotations:
kube-1password: oa3ycnui3ji4lc665bifaao63q
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
spec:
type: ClusterIP
ports:
- port: 80
targetPort: auth
name: web
selector:
app: social-to-rolodex
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
spec:
replicas: 1
selector:
matchLabels:
app: social-to-rolodex
template:
metadata:
labels:
app: social-to-rolodex
spec:
imagePullSecrets:
- name: docker-config
containers:
- args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://localhost:8080
- --http-address=$(HOST_IP):8000
- --redirect-url=https://social-to-rolodex.cluster.fun/oauth2/callback
- --email-domain=marcusnoble.co.uk
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: social-to-rolodex-auth
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: social-to-rolodex-auth
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
name: oauth-proxy
ports:
- containerPort: 8000
protocol: TCP
name: auth
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/social-to-rolodex:latest
imagePullPolicy: Always
env:
- name: PORT
value: "8080"
envFrom:
- secretRef:
name: "social-to-rolodex"
ports:
- containerPort: 8080
name: web
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: social-to-rolodex
namespace: social-to-rolodex
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- social-to-rolodex.cluster.fun
secretName: social-to-rolodex-ingress
rules:
- host: social-to-rolodex.cluster.fun
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: social-to-rolodex
port:
number: 80

106
manifests/starling/starling.yaml Normal file
View File

@@ -0,0 +1,106 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-config
namespace: starling
annotations:
kube-1password: i6ngbk5zf4k52xgwdwnfup5bby
kube-1password/vault: Kubernetes
kube-1password/secret-text-key: .dockerconfigjson
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: e30=
---
apiVersion: v1
kind: Secret
metadata:
name: starling
namespace: starling
annotations:
kube-1password: ufxpki65ffgprn2upksirweeie
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
name: starling
namespace: starling
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: starling
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: starling
namespace: starling
spec:
replicas: 1
selector:
matchLabels:
app: starling
template:
metadata:
labels:
app: starling
spec:
imagePullSecrets:
- name: docker-config
containers:
- name: web
image: rg.fr-par.scw.cloud/averagemarcus-private/starling:latest
imagePullPolicy: Always
env:
- name: PORT
value: "3000"
- name: SHARED_SECRET
valueFrom:
secretKeyRef:
name: starling
key: SHARED_SECRET
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: starling
key: ACCESS_TOKEN
ports:
- containerPort: 3000
name: web
resources:
limits:
memory: 50Mi
requests:
memory: 50Mi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: starling
namespace: starling
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- starling.marcusnoble.co.uk
secretName: starling-ingress
rules:
- host: starling.marcusnoble.co.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: starling
port:
number: 80

2
manifests/traefik/traefik.yaml
View File

@@ -45,7 +45,7 @@ spec:
- --entrypoints.websecure.http.tls=true - --entrypoints.websecure.http.tls=true
- --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.scheme=https
image: rancher/mirrored-library-traefik:3.5.1 image: rancher/mirrored-library-traefik:2.11.11
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3

4
manifests/wallabag/wallabag.yaml
View File

@@ -95,7 +95,7 @@ spec:
spec: spec:
initContainers: initContainers:
- name: db-migrate - name: db-migrate
image: "wallabag/wallabag:2.6.13" image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- /var/www/wallabag/bin/console - /var/www/wallabag/bin/console
@@ -126,7 +126,7 @@ spec:
value: "false" value: "false"
containers: containers:
- name: wallabag - name: wallabag
image: "wallabag/wallabag:2.6.13" image: "wallabag/wallabag:2.6.10"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:

94
manifests/yay-or-nay/yay-or-nay.yaml
View File

@@ -1,94 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: yay-or-nay
namespace: yay-or-nay
annotations:
kube-1password: vtnx2swze7r6qepxnlepufvcbi
kube-1password/vault: Kubernetes
kube-1password/secret-text-parse: "true"
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: yay-or-nay
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
annotations:
reloader.stakater.com/search: "true"
spec:
replicas: 1
selector:
matchLabels:
app: yay-or-nay
template:
metadata:
labels:
app: yay-or-nay
app.kubernetes.io/name: yay-or-nay
spec:
containers:
- name: yay-or-nay
image: ghcr.io/mocdaniel/yay-or-nay:1.1.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3000
name: web
envFrom:
- secretRef:
name: yay-or-nay
livenessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
readinessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
spec:
type: ClusterIP
ports:
- port: 80
targetPort: web
name: web
selector:
app: yay-or-nay
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: yay-or-nay
namespace: yay-or-nay
labels:
app.kubernetes.io/name: yay-or-nay
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- "yay-or-nay.cluster.fun"
secretName: "yay-or-nay-ingress"
rules:
- host: "yay-or-nay.cluster.fun"
http:
paths:
- path: "/"
pathType: ImplementationSpecific
backend:
service:
name: yay-or-nay
port:
name: web