Merge branch 'refs/heads/main' into infra/postgresql
This commit is contained in:
1
apps/homer/env/k3s-cluster/config.json
vendored
1
apps/homer/env/k3s-cluster/config.json
vendored
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"appName": "homer",
|
||||
"userGivenName": "homer",
|
||||
"namespace": "homer",
|
||||
"destNamespace": "homer",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "apps/homer/env/k3s-cluster",
|
||||
|
||||
38
apps/nexus/base/deployment.yaml
Normal file
38
apps/nexus/base/deployment.yaml
Normal file
@@ -0,0 +1,38 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nexus
|
||||
namespace: nexus
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nexus
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nexus
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
containers:
|
||||
- name: nexus
|
||||
image: klo2k/nexus3:3.68.1-02
|
||||
resources:
|
||||
limits:
|
||||
memory: "3Gi"
|
||||
cpu: "1"
|
||||
requests:
|
||||
memory: "2Gi"
|
||||
cpu: "500m"
|
||||
ports:
|
||||
- containerPort: 8081
|
||||
volumeMounts:
|
||||
- name: nexus-data
|
||||
mountPath: /nexus-data
|
||||
volumes:
|
||||
- name: nexus-data
|
||||
hostPath:
|
||||
path: /mnt/nfs/AppData/nexus
|
||||
type: Directory
|
||||
5
apps/nexus/base/kustomization.yaml
Normal file
5
apps/nexus/base/kustomization.yaml
Normal file
@@ -0,0 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./deployment.yaml
|
||||
- ./service.yaml
|
||||
17
apps/nexus/base/service.yaml
Normal file
17
apps/nexus/base/service.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nexus
|
||||
namespace: nexus
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
prometheus.io/path: /
|
||||
prometheus.io/port: '8081'
|
||||
spec:
|
||||
selector:
|
||||
app: nexus
|
||||
type: NodePort
|
||||
ports:
|
||||
- port: 8081
|
||||
targetPort: 8081
|
||||
nodePort: 32000
|
||||
@@ -1,9 +1,9 @@
|
||||
{
|
||||
"appName": "sealed-secrets",
|
||||
"userGivenName": "sealed-secrets",
|
||||
"destNamespace": "argocd",
|
||||
"appName": "nexus",
|
||||
"userGivenName": "nexus",
|
||||
"destNamespace": "nexus",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "resources/sealed-secrets/env/k3s-cluster",
|
||||
"srcPath": "apps/nexus/env/k3s-cluster",
|
||||
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
|
||||
"srcTargetRevision": "",
|
||||
"labels": null,
|
||||
34
apps/snippet-box/base/deployment.yaml
Normal file
34
apps/snippet-box/base/deployment.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: snippet-box
|
||||
namespace: snippet-box
|
||||
labels:
|
||||
app.kubernetes.io/name: snippet-box
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: snippet-box
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: snippet-box
|
||||
spec:
|
||||
containers:
|
||||
- name: snippet-box
|
||||
image: pawelmalak/snippet-box:arm
|
||||
ports:
|
||||
- protocol: TCP
|
||||
containerPort: 5000
|
||||
name: snippet-box
|
||||
env:
|
||||
- name: TZ
|
||||
value: Australia/Sydney
|
||||
volumeMounts:
|
||||
- name: snippet-box-data
|
||||
mountPath: /app/data
|
||||
volumes:
|
||||
- name: snippet-box-data
|
||||
hostPath:
|
||||
path: /mnt/nfs/AppData/snippet-box
|
||||
type: Directory
|
||||
21
apps/snippet-box/base/ingress.yaml
Normal file
21
apps/snippet-box/base/ingress.yaml
Normal file
@@ -0,0 +1,21 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: snippet-box-ingress
|
||||
namespace: snippet-box
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: "snippet-box.cluster.edward.sydney"
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: snippet-box
|
||||
port:
|
||||
number: 5000
|
||||
6
apps/snippet-box/base/kustomization.yaml
Normal file
6
apps/snippet-box/base/kustomization.yaml
Normal file
@@ -0,0 +1,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./deployment.yaml
|
||||
- ./service.yaml
|
||||
- ./ingress.yaml
|
||||
17
apps/snippet-box/base/service.yaml
Normal file
17
apps/snippet-box/base/service.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: snippet-box
|
||||
namespace: snippet-box
|
||||
labels:
|
||||
app.kubernetes.io/name: snippet-box
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: snippet-box
|
||||
type: ClusterIP
|
||||
internalTrafficPolicy: Cluster
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5000
|
||||
targetPort: 5000
|
||||
name: snippet-box
|
||||
11
apps/snippet-box/env/k3s-cluster/config.json
vendored
Normal file
11
apps/snippet-box/env/k3s-cluster/config.json
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"appName": "snippet-box",
|
||||
"userGivenName": "snippet-box",
|
||||
"destNamespace": "snippet-box",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "apps/snippet-box/env/k3s-cluster",
|
||||
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
|
||||
"srcTargetRevision": "",
|
||||
"labels": null,
|
||||
"annotations": null
|
||||
}
|
||||
4
apps/snippet-box/env/k3s-cluster/kustomization.yaml
vendored
Normal file
4
apps/snippet-box/env/k3s-cluster/kustomization.yaml
vendored
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../base
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"appName": "ingress-nginx",
|
||||
"userGivenName": "ingress-nginx",
|
||||
"namespace": "ingress-nginx",
|
||||
"destNamespace": "ingress-nginx",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "infrastructures/ingress-nginx/env/k3s-cluster",
|
||||
|
||||
@@ -46,7 +46,7 @@ spec:
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
app.kubernetes.io/name: '{{ appName }}'
|
||||
name: '{{ userGivenName }}'
|
||||
namespace: argocd
|
||||
namespace: '{{ namespace }}'
|
||||
spec:
|
||||
destination:
|
||||
namespace: '{{ destNamespace }}'
|
||||
|
||||
@@ -46,7 +46,7 @@ spec:
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
app.kubernetes.io/name: '{{ appName }}'
|
||||
name: '{{ userGivenName }}'
|
||||
namespace: argocd
|
||||
namespace: '{{ namespace }}'
|
||||
spec:
|
||||
destination:
|
||||
namespace: '{{ destNamespace }}'
|
||||
|
||||
@@ -46,7 +46,7 @@ spec:
|
||||
app.kubernetes.io/managed-by: argocd
|
||||
app.kubernetes.io/name: '{{ appName }}'
|
||||
name: '{{ userGivenName }}'
|
||||
namespace: argocd
|
||||
namespace: '{{ namespace }}'
|
||||
spec:
|
||||
destination:
|
||||
namespace: '{{ destNamespace }}'
|
||||
|
||||
9
resources/app-secrets/env/k3s-cluster/Chart.yaml
vendored
Normal file
9
resources/app-secrets/env/k3s-cluster/Chart.yaml
vendored
Normal file
@@ -0,0 +1,9 @@
|
||||
apiVersion: v2
|
||||
version: "0.0.1"
|
||||
appVersion: "0.0.1"
|
||||
name: app-secrets
|
||||
|
||||
dependencies:
|
||||
- name: nginx
|
||||
version: 0.0.1
|
||||
repository: "https://raw.githubusercontent.com/timtsoitt/argocd-base-charts/main/releases"
|
||||
12
resources/app-secrets/env/k3s-cluster/config.json
vendored
Normal file
12
resources/app-secrets/env/k3s-cluster/config.json
vendored
Normal file
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"appName": "app-secrets",
|
||||
"userGivenName": "app-secrets",
|
||||
"namespace": "app-secrets",
|
||||
"destNamespace": "app-secrets",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "resources/app-secrets/env/k3s-cluster",
|
||||
"srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
|
||||
"srcTargetRevision": "",
|
||||
"labels": null,
|
||||
"annotations": null
|
||||
}
|
||||
26
resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml
vendored
Normal file
26
resources/app-secrets/env/k3s-cluster/templates/postgresql.yaml
vendored
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
annotations:
|
||||
sealedsecrets.bitnami.com/cluster-wide: "true"
|
||||
creationTimestamp: null
|
||||
name: postgresql-secrets
|
||||
namespace: postgresql
|
||||
spec:
|
||||
encryptedData:
|
||||
database: AgBJ/TwGeaHpcCg6oSUywLp1q84Gr3rm3w3J4v5A0NoRPucO029RVtYCr3Lz3VJ06c6qyWFAZCEo3jRvYer67vZenN9uSfZS+qtQafyeISogUejpmHzulOvgvQXTBU09X6lKzCC6l+HFKB1qJ0bMzabY127KHIvgv7Dq+v4Mv7l2L6fdE1PElqozTciWsynAZbSNRQrDZB5g0SYnuLURPpnYe3OXQbUWzZsKnuP6oCiGAJsO0OlVQq5QwxvosfpmQeth6GBKUoymPqI1AOYl3qKDtATrlC4jEFOLTttQmXgU+aJMhx82TEkLrtIv4uniNTSFFJlIe3IOlstcPKypx67J8aPSes9Yw30a0Loe4PFAwe6jkYhpvdgfKJjs8Iw4N3GfAtWkyAcOCQ6tGUKlcAAoErvUo0QLe/QeB4GWWklSd3yo4tH3XD2rwFzgBbFlFmCLgwvS5AZw/KL/TDzyMu9MHYjUUMjtgP46/pApYKBRLXmGRwO+4Bec7IKqJfS+hsK8Ax2hdvJlsmiwkm3WmdMVDXznQzjZ2APRdKtgUSD5onHHKODOPq2MwV2a+qHuCvpbaU6FaM86Brb7zgYxBhatLJdDFCqEPxudO/Z04D/tPqq1q9iuBO8i2afQr00Yqync1SC8Ua3iAxks27PX5XZcy6/wCbWGzgxVldktmUiKLzeyCrDVX+yMj1xQ9e5WpIBKrSWlztUWBQ==
|
||||
password: AgAu0129Ov9tkdHLsEQOXJFppXj/DtLpUEOFjwV29IVGYIgNEVGJ04vEbXL3y46gih6h3NuUZU0DrT0kyNTwIRWm1AKAzAMZ6jGYsGvxYOOnLzZKO/mLrWb3Wh9srh9I7S2OCY63XsBZjemfqyDlgS/s1146fnLzndpJAribTf060nhhNhGODWDEZcd0zn53eL3V8Mu8Sh0qen6oCrbtHUBN21IJLmqvNWr6XsINGrlI9emNRvsVc7KTLd74KcHfhGTGELogBNxECZQIT7BVC3PGHRvAD+XD2pnJgQrYi7QcCZj9C64Ivcui645JL++BDFtdegyJZN478Fn2YRqt+p/eW6pd3QhC+Xl66o9KuktbkbhtEPUhDM+jBJluFFECEdDuqAi9FiDiZSRrLaMPmudwuhpSUFeo4zFjkPcs38yuqS0ruIvzo0F0xf5XtENXFj38vCwVzPDY/3Ip1RLB9M4xV1LBV82eANM+FEsn7FALvXRC/anL/lqq0CNzM479h5KfwfALIqF4pFYLSPguDzuiYFoDMBpHBakFvi8aAryOnOjURI9rWvWEvXzdLyYEgfFGlETbyh3az8PJlixv1owzjGC8JdIv266pqAJJIh+hyZqZ44M6XaL9qEwfWktoYueJIFTPElkY89f3Hf1to3vrPO17hUHRG9IVuU/f9CBpq2VG/DDduPfc1HQZMhtjalJbxT/Etvd3t/8vmI+4vvVPkWBWMQ==
|
||||
postgres_password: AgC+PhYh1JmEpaO3S3dR0sMpMKBMg7rcECaiuPvczFEPUR9RepSofQEoQ31NuWMr8H5uSTAof5t57xNoLfFDLA7a2MWqE+0o94Z8hN7u05/wjhAuHPN43/EWGMQ5fI95r3kwpIoen3qjYWDIiYhCOHoAuj70OqYj0UZWxPyG/Hlqklo8DZ/wEzLBA2qyQ7iPOqjpD6niFOafv35/594dAQlwmKgViZNz8cruFxNn1pDwo1aCTtFqw+4xrCTRIyoyfPanyo6DlqxZtLMqKzEKaSeU8U+iF3dKpjOWN27RNtxB4YjfjR9oyqu6nGGv7uPEZLcmk/LjZZB6760Ok4VCb4f2WhziNSnN9mlKdUi8BREBuZBx4wTCxHAryKnX2bUrPhsQZEVaUa9cceplHTRglHN4bB5BTl8SekFaCP6sHyIDL8n88wjqTaHaRnjlbmUu82ehu87EZMCYZu2jIWQoDS3VeyUMhs+pf8iqrg2yal1dX/SlpDThvyElKSnXYE0mLXsmME6skWm7e0iEZljSM9ZGiAZLJEqBPFqpvqbVOkZ12Nh0qj/8N9R+jow/x2SgV/afBOqLHtmLRrJdXy6EOvvIXnswwLZHIq0Ak8tewpFHlEdnWNaV7RJrPfM2ArkodxMPjvy/IXUUOs1HQZc56OPyb9GwgCYIvBWFiPFrpEruW9h9Dk+ahgJvMLT4oQNrje5R/jpdHEY7Rf8dXL2DV+bVDBcBQw==
|
||||
replication_password: AgBkc4gk1ZyvJPChepr45Qs2xSQIFVLWjaV5VIfHOYIQF+SFSjxlHqEWsPwZFa9nU6soK/kOukTS6nlW+MTzPXHZZRu3fPdyY8ETa4Iq5588v3xWKVrUyLpKIVIkRnwguTlh+54MUylOBugyHSKAOowWyaiu1VvjS7L75b5NTXYeXIDVegBzss1OVEW/GoTaRgx23GJbGSfB0t1eqhdeF8bQRmkpI7rdBIO99bw4TEF7x3+PfEK9k5dctLbWKl1raSJeVLXClm+tQiN3eU2SvSBRxhyHIg2w7mshMreX7JQd9AJL0AcPzLKaSDhP/Dr2lFXIVtA1QbG8baEM2sMH2cVVFj9yHVZZ2zY1NruElSju0jQXfKXc6ZYR9P5FGBI33ZZnfqXefdchepRccv4VLv9M79e5toVt5KciUv3d50RVMIDv46OvYO1qmLuXpyIxnh6bHHUtFLrJSODfjxDU/OVWHSgTRJh7M7OZqgzCpNUQWG48fT546aAiBpX3qqh/C2T/dw2esHXhaS0V7q5FL+NiW1wWMmyPbkzAMyMXw4j04Zy3RFhIQ3ga+Hq7aKC7hwBBx1obwabz0q9mbvk1yk1Fgllfxtp5FxKFb3LtGOQOnWZlo3u0sgYG5F6Wr9psPMdBqtBHETQzBIzhTt+8QxLp2yOZ7HaY06WYL5NViEcRKBRQWbhf2C4gXyAwOOXlRPyBlZ+9nJbTAH3D/3cEOHP4DPqpig==
|
||||
username: AgAsbp2tj4P/IS6gM9yMov1dxs6MyR8r3WkDhVQhR4zn8aFByml4GfPhTFQHHNawVUDrnEUiBzV2fTFG7+45HlOtPOJ2w/0Uc1vC0PiX6qdjhRASiTIj0qtndnPvatW7Q1eKycwB7WdKHEO4CRLKYaLGc2sqQ0i3Us+IGPV/8xmvyk/fmG/EnFBwny1fclKxkkT5me9RPmqnO2btxIx7Pe2Flo2Bo82YZwCTP1dvBmG/XbgE5oqDoX1ZDnP0WelIBB0d6uqF+g+ZhWZEuxAZJAv7FUoTmR+4x8JLMTZ6ByP3J8ZaAnEg3g20r18QNCZV7wz8qWM1LLoU9G2rHEWssF2IKYxgf5JpB/ESdtZVKgBkvTAbSc+9Css/NFT3cSeVflxbnRczUTRwP8/4zqSX0U0qTwChCOx4LvrznWYF7v2gennziIIxc2rdT9en2o0OKKF7db5rIhCi1m/C5peu9CEhqm9mzxfDfNj6gCED8a2z75IHHpqj7BGNBqjKtmSb+0+gmwfZG0i5UOczSSxNBayXsCkUPZZNYb1lnPLNnxASBRAcFikqHHpp0gsb54DmgL/LzfZGEEbzco59/DA1F9O+Ypy11FlLJw89bM+4bHoLXnzqI48tlThslFT6pIYT7nizJR+zjn+3pC6bxX31MqQPVu6whfHIR6OBh94T1fyoISdc3SeODTlsNAd9/pPnS7v+LaPaQno=
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-options: Prune=false
|
||||
sealedsecrets.bitnami.com/cluster-wide: "true"
|
||||
sealedsecrets.bitnami.com/managed: "true"
|
||||
creationTimestamp: null
|
||||
name: postgresql-secrets
|
||||
namespace: postgresql
|
||||
type: Opaque
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"appName": "ingress-nginx-configmap",
|
||||
"userGivenName": "ingress-nginx-configmap",
|
||||
"namespace": "ingress-nginx",
|
||||
"destNamespace": "ingress-nginx",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "resources/ingress-nginx-configmap/env/k3s-cluster",
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"appName": "local-path-provisioner",
|
||||
"userGivenName": "local-path-provisioner",
|
||||
"namespace": "local-path-provisioner",
|
||||
"destNamespace": "local-path-provisioner",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "resources/local-path-provisioner/env/k3s-cluster",
|
||||
|
||||
9
resources/namespaces/base/app-secrets.yaml
Normal file
9
resources/namespaces/base/app-secrets.yaml
Normal file
@@ -0,0 +1,9 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-options: Prune=false
|
||||
creationTimestamp: null
|
||||
name: app-secrets
|
||||
spec: {}
|
||||
status: {}
|
||||
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./adguard-home.yaml
|
||||
- ./app-secrets.yaml
|
||||
- ./cert-manager.yaml
|
||||
- ./code-server.yaml
|
||||
- ./consul.yaml
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"appName": "namespaces",
|
||||
"userGivenName": "namespaces",
|
||||
"namespace": "argocd",
|
||||
"destNamespace": "argocd",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "resources/namespaces/env/k3s-cluster",
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
helmCharts:
|
||||
- name: sealed-secrets
|
||||
repo: https://bitnami-labs.github.io/sealed-secrets
|
||||
version: 2.16.0
|
||||
releaseName: sealed-secrets
|
||||
valuesFile: values.yaml
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"appName": "sync-job",
|
||||
"userGivenName": "sync-job",
|
||||
"namespace": "argocd",
|
||||
"destNamespace": "argocd",
|
||||
"destServer": "https://kubernetes.default.svc",
|
||||
"srcPath": "resources/sync-job/env/k3s-cluster",
|
||||
|
||||
6
scripts/5.install-sealed-secrets.sh
Normal file
6
scripts/5.install-sealed-secrets.sh
Normal file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
|
||||
helm repo update
|
||||
helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-secrets-controller sealed-secrets/sealed-secrets -f sealed-secrets-values.yaml
|
||||
7
scripts/encrypt-file-by-sealed-secrets.sh
Normal file
7
scripts/encrypt-file-by-sealed-secrets.sh
Normal file
@@ -0,0 +1,7 @@
|
||||
#!/usr/bin/bash
|
||||
set -e
|
||||
|
||||
secretName=$1
|
||||
filePath=$2
|
||||
|
||||
cat $filePath | kubeseal --format yaml --scope cluster-wide | tee $filePath
|
||||
Reference in New Issue
Block a user