Merge pull request #758 from 3dwardch3ng/misc

remove opensign secrets

apps/homer/base/deployment.yaml

@@ -32,10 +32,10 @@ spec:
               containerPort: 8088
               name: http
           volumeMounts:
-            - name: assets
-              mountPath: /www/assets
+            - name: www
+              mountPath: /www
       volumes:
-        - name: assets
+        - name: www
           hostPath:
-            path: /mnt/nfs/AppData/homer/www/assets
+            path: /mnt/nfs/AppData/homer/www
             type: Directory

apps/jellyfin/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: jellyfin
+    repo: https://beluga-cloud.github.io/charts
+    version: 2.3.0
+    releaseName: jellyfin
+    valuesFile: values.yaml

apps/jellyfin/base/values.yaml

@@ -0,0 +1,155 @@
+podSecurityContext:
+  runAsGroup: 1000
+  runAsUser: 1000
+  fsGroup: 1000
+containerSecurityContext:
+  runAsGroup: 1000
+  runAsUser: 1000
+persistence:
+  config:
+    enabled: true
+    volumeClaimSpec:
+      accessModes:
+        - ReadWriteOnce
+      volumeName: jellyfin-config
+      storageClassName: local-path
+  data:
+    enabled: true
+    volumeClaimSpec:
+      accessModes:
+        - ReadWriteOnce
+      volumeName: jellyfin-data
+      storageClassName: local-path
+jellyfin:
+  mediaVolumes:
+    - name: movies
+      readOnly: false
+      volumeSpec:
+        storageClassName: local-path
+        volumeMode: Filesystem
+        capacity:
+          storage: 256Gi
+        accessModes:
+          - ReadWriteOnce
+        persistentVolumeReclaimPolicy: Retain
+        nodeAffinity:
+          required:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+        claimRef:
+          apiVersion: v1
+          kind: PersistentVolumeClaim
+          name: jellyfin-mediavol-movies
+          namespace: jellyfin
+        hostPath:
+          path: "/mnt/nfs/media/movie"
+          type: "Directory"
+    - name: series
+      readOnly: false
+      volumeSpec:
+        storageClassName: local-path
+        volumeMode: Filesystem
+        capacity:
+          storage: 256Gi
+        accessModes:
+          - ReadWriteOnce
+        persistentVolumeReclaimPolicy: Retain
+        nodeAffinity:
+          required:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+        claimRef:
+          apiVersion: v1
+          kind: PersistentVolumeClaim
+          name: jellyfin-mediavol-series
+          namespace: jellyfin
+        hostPath:
+          path: "/mnt/nfs/media/tv"
+          type: "Directory"
+    - name: music-videos
+      readOnly: false
+      volumeSpec:
+        storageClassName: local-path
+        volumeMode: Filesystem
+        capacity:
+          storage: 128Gi
+        accessModes:
+          - ReadWriteOnce
+        persistentVolumeReclaimPolicy: Retain
+        nodeAffinity:
+          required:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+        claimRef:
+          apiVersion: v1
+          kind: PersistentVolumeClaim
+          name: jellyfin-mediavol-music-videos
+          namespace: jellyfin
+        hostPath:
+          path: "/mnt/nfs/media/music-video"
+          type: "Directory"
+    - name: short-videos
+      readOnly: false
+      volumeSpec:
+        storageClassName: local-path
+        volumeMode: Filesystem
+        capacity:
+          storage: 32Gi
+        accessModes:
+          - ReadWriteOnce
+        persistentVolumeReclaimPolicy: Retain
+        nodeAffinity:
+          required:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+        claimRef:
+          apiVersion: v1
+          kind: PersistentVolumeClaim
+          name: jellyfin-mediavol-short-videos
+          namespace: jellyfin
+        hostPath:
+          path: "/mnt/nfs/media/short-video"
+          type: "Directory"
+    - name: gv
+      readOnly: false
+      volumeSpec:
+        storageClassName: local-path
+        volumeMode: Filesystem
+        capacity:
+          storage: 64Gi
+        accessModes:
+          - ReadWriteOnce
+        persistentVolumeReclaimPolicy: Retain
+        nodeAffinity:
+          required:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+        claimRef:
+          apiVersion: v1
+          kind: PersistentVolumeClaim
+          name: jellyfin-mediavol-gv
+          namespace: jellyfin
+        hostPath:
+          path: "/mnt/nfs/media/gv"
+          type: "Directory"
+  persistentTranscodes: true

apps/jellyfin/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "jellyfin",
+  "userGivenName": "jellyfin",
+  "namespace": "jellyfin",
+  "destNamespace": "jellyfin",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/jellyfin/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

apps/jellyfin/env/k3s-cluster/ingress.yaml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jellyfin-ingress
+  namespace: jellyfin
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "jellyfin.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: jellyfin
+                port:
+                  number: 8096
+    - host: "jellyfin.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: jellyfin
+                port:
+                  number: 8096

apps/jellyfin/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+  - ./ingress.yaml

apps/plane/base/configmap.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: plane
+  name: plane-app-vars
+data:
+  SENTRY_DSN: ""
+  SENTRY_ENVIRONMENT: ""
+  DEBUG: "0"
+  DOCKERIZED: "1"
+  GUNICORN_WORKERS: "1"
+  WEB_URL: "http://plane.cluster.edward.sydney"
+  CORS_ALLOWED_ORIGINS: "http://plane.cluster.edward.sydney,https://plane.cluster.edward.sydney"
+  REDIS_URL: "redis://plane-redis.plane.svc.cluster.local:6379/"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: plane
+  name: plane-doc-store-vars
+data:
+  FILE_SIZE_LIMIT: "5242880"
+  AWS_S3_BUCKET_NAME: "plane"
+  MINIO_ROOT_USER: "admin"
+  AWS_S3_ENDPOINT_URL: "http://minio.minio.svc.cluster.local:19000"
+  USE_MINIO: "1"
+---

apps/plane/base/deployment.yaml

@@ -0,0 +1,274 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: plane
+  name: plane-admin-wl
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.name: plane-admin
+  template:
+    metadata:
+      namespace: plane
+      labels:
+        app.name: plane-admin
+    spec:
+      containers:
+        - name: plane-admin
+          imagePullPolicy: Always
+          image: makeplane/plane-admin:stable
+          stdin: true
+          tty: true
+          resources:
+            requests:
+              memory: "50Mi"
+              cpu: "50m"
+            limits:
+              memory: "1000Mi"
+              cpu: "500m"
+          command:
+            - node
+          args:
+            - admin/server.js
+            - admin
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account
+      nodeSelector:
+        kubernetes.io/arch: arm64
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: plane
+  name: plane-api-wl
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.name: plane-api
+  template:
+    metadata:
+      namespace: plane
+      labels:
+        app.name: plane-api
+    spec:
+      containers:
+        - name: plane-api
+          imagePullPolicy: Always
+          image: makeplane/plane-backend:stable
+          stdin: true
+          tty: true
+          resources:
+            requests:
+              memory: "50Mi"
+              cpu: "50m"
+            limits:
+              memory: "1000Mi"
+              cpu: "500m"
+          command:
+            - ./bin/docker-entrypoint-api.sh
+          envFrom:
+            - configMapRef:
+                name: plane-app-vars
+                optional: false
+            - secretRef:
+                name: plane-app-secrets
+                optional: false
+            - configMapRef:
+                name: plane-doc-store-vars
+                optional: false
+            - secretRef:
+                name: plane-doc-store-secrets
+                optional: false
+          readinessProbe:
+            failureThreshold: 30
+            httpGet:
+              path: /
+              port: 8000
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account
+      nodeSelector:
+        kubernetes.io/arch: arm64
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: plane
+  name: plane-beat-worker-wl
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.name: plane-beat-worker
+  template:
+    metadata:
+      namespace: plane
+      labels:
+        app.name: plane-beat-worker
+    spec:
+      containers:
+        - name: plane-beat-worker
+          imagePullPolicy: Always
+          image: makeplane/plane-backend:stable
+          stdin: true
+          tty: true
+          resources:
+            requests:
+              memory: "50Mi"
+              cpu: "50m"
+            limits:
+              memory: "1000Mi"
+              cpu: "500m"
+          command:
+            - ./bin/docker-entrypoint-beat.sh
+          envFrom:
+            - configMapRef:
+                name: plane-app-vars
+                optional: false
+            - secretRef:
+                name: plane-app-secrets
+                optional: false
+            - configMapRef:
+                name: plane-doc-store-vars
+                optional: false
+            - secretRef:
+                name: plane-doc-store-secrets
+                optional: false
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account
+      nodeSelector:
+        kubernetes.io/arch: arm64
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: plane
+  name: plane-space-wl
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.name: plane-space
+  template:
+    metadata:
+      namespace: plane
+      labels:
+        app.name: plane-space
+    spec:
+      containers:
+        - name: plane-space
+          imagePullPolicy: Always
+          image: makeplane/plane-space:stable
+          stdin: true
+          tty: true
+          resources:
+            requests:
+              memory: "50Mi"
+              cpu: "50m"
+            limits:
+              memory: "1000Mi"
+              cpu: "500m"
+          command:
+            - node
+          args:
+            - space/server.js
+            - space
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account
+      nodeSelector:
+        kubernetes.io/arch: arm64
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: plane
+  name: plane-web-wl
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.name: plane-web
+  template:
+    metadata:
+      namespace: plane
+      labels:
+        app.name: plane-web
+    spec:
+      containers:
+        - name: plane-web
+          imagePullPolicy: Always
+          image: makeplane/plane-frontend:stable
+          stdin: true
+          tty: true
+          resources:
+            requests:
+              memory: "50Mi"
+              cpu: "50m"
+            limits:
+              memory: "1000Mi"
+              cpu: "500m"
+          command:
+            - node
+          args:
+            - web/server.js
+            - web
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account
+      nodeSelector:
+        kubernetes.io/arch: arm64
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: plane
+  name: plane-worker-wl
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.name: plane-worker
+  template:
+    metadata:
+      namespace: plane
+      labels:
+        app.name: plane-worker
+    spec:
+      containers:
+        - name: plane-worker
+          imagePullPolicy: Always
+          image: makeplane/plane-backend:stable
+          stdin: true
+          tty: true
+          resources:
+            requests:
+              memory: "50Mi"
+              cpu: "50m"
+            limits:
+              memory: "1000Mi"
+              cpu: "500m"
+          command:
+            - ./bin/docker-entrypoint-worker.sh
+          envFrom:
+            - configMapRef:
+                name: plane-app-vars
+                optional: false
+            - secretRef:
+                name: plane-app-secrets
+                optional: false
+            - configMapRef:
+                name: plane-doc-store-vars
+                optional: false
+            - secretRef:
+                name: plane-doc-store-secrets
+                optional: false
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account
+      nodeSelector:
+        kubernetes.io/arch: arm64
+---

apps/plane/base/ingress.yaml

@@ -0,0 +1,46 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: plane
+  name: plane-ingress
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: plane.cluster.edward.sydney
+      http:
+        paths:
+          - backend:
+              service:
+                port:
+                  number: 3000
+                name: plane-web
+            path: /
+            pathType: Prefix
+          - backend:
+              service:
+                port:
+                  number: 8000
+                name: plane-api
+            path: /api
+            pathType: Prefix
+          - backend:
+              service:
+                port:
+                  number: 8000
+                name: plane-api
+            path: /auth
+            pathType: Prefix
+          - backend:
+              service:
+                port:
+                  number: 3000
+                name: plane-space
+            path: /spaces
+            pathType: Prefix
+          - backend:
+              service:
+                port:
+                  number: 3000
+                name: plane-admin
+            path: /god-mode
+            pathType: Prefix

apps/plane/base/job.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: plane
+  name: plane-api-migrate
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      labels:
+        app.name: plane-api-migrate
+    spec:
+      containers:
+        - name: plane-api-migrate
+          image: makeplane/plane-backend:stable
+          command:
+            - ./bin/docker-entrypoint-migrator.sh
+          imagePullPolicy: Always
+          envFrom:
+            - configMapRef:
+                name: plane-app-vars
+                optional: false
+            - secretRef:
+                name: plane-app-secrets
+                optional: false
+            - configMapRef:
+                name: plane-doc-store-vars
+                optional: false
+            - secretRef:
+                name: plane-doc-store-secrets
+                optional: false
+      restartPolicy: OnFailure
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account

apps/plane/base/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./configmap.yaml
+  - ./service-account.yaml
+  - ./job.yaml
+  - ./deployment.yaml
+  - ./stateful-set.yaml
+  - ./service.yaml
+  - ./ingress.yaml

apps/plane/base/service-account.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+automountServiceAccountToken: true
+kind: ServiceAccount
+metadata:
+  namespace: plane
+  name: plane-srv-account

apps/plane/base/service.yaml

@@ -0,0 +1,80 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: plane
+  name: plane-admin
+  labels:
+    app.name: plane-admin
+spec:
+  ports:
+    - name: admin-3000
+      port: 3000
+      protocol: TCP
+      targetPort: 3000
+  selector:
+    app.name: plane-admin
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: plane
+  name: plane-api
+  labels:
+    app.name: plane-api
+spec:
+  ports:
+    - name: api-8000
+      port: 8000
+      protocol: TCP
+      targetPort: 8000
+  selector:
+    app.name: plane-api
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: plane
+  name: plane-space
+  labels:
+    app.name: plane-space
+spec:
+  ports:
+    - name: space-3000
+      port: 3000
+      protocol: TCP
+      targetPort: 3000
+  selector:
+    app.name: plane-space
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: plane
+  name: plane-web
+  labels:
+    app.name: plane-web
+spec:
+  ports:
+    - name: web-3000
+      port: 3000
+      protocol: TCP
+      targetPort: 3000
+  selector:
+    app.name: plane-web
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: plane
+  name: plane-redis
+  labels:
+    app.name: plane-redis
+spec:
+  ports:
+    - name: redis-6379
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app.name: plane-redis

apps/plane/base/stateful-set.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  namespace: plane
+  name: plane-redis-wl
+spec:
+  selector:
+    matchLabels:
+      app.name: plane-redis
+  serviceName:  plane-redis
+  template:
+    metadata:
+      labels:
+        app.name: plane-redis
+    spec:
+      containers:
+        - image: valkey/valkey:7.2.5-alpine
+          imagePullPolicy: Always
+          name: plane-redis
+          stdin: true
+          tty: true
+          volumeMounts:
+            - mountPath: /data
+              name: plane-redis-data
+      volumes:
+        - name: plane-redis-data
+          persistentVolumeClaim:
+            claimName: plane-redis-pvc
+      serviceAccount: plane-srv-account
+      serviceAccountName: plane-srv-account
+---

apps/plane/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "plane",
+  "userGivenName": "plane",
+  "namespace": "plane",
+  "destNamespace": "plane",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/plane/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

apps/plane/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

apps/plex/base/values.yaml

@@ -13,24 +13,36 @@ extraVolumeMounts:
     mountPath: /tv
   - name: plex-movie
     mountPath: /movie
+  - name: plex-short-video
+    mountPath: /short-video
   - name: plex-music
     mountPath: /music
+  - name: plex-music-video
+    mountPath: /music-video
   - name: plex-gv
     mountPath: /gv
 extraVolumes:
   - name: plex-tv
     hostPath:
-      path: /mnt/nfs/AppData/plex/tv
+      path: /mnt/nfs/media/tv
       type: Directory
   - name: plex-movie
     hostPath:
-      path: /mnt/nfs/AppData/plex/movie
+      path: /mnt/nfs/media/movie
+      type: Directory
+  - name: plex-short-video
+    hostPath:
+      path: /mnt/nfs/media/short-video
       type: Directory
   - name: plex-music
     hostPath:
-      path: /mnt/nfs/AppData/plex/music
+      path: /mnt/nfs/media/music
+      type: Directory
+  - name: plex-music-video
+    hostPath:
+      path: /mnt/nfs/media/music-video
       type: Directory
   - name: plex-gv
     hostPath:
-      path: /mnt/nfs/AppData/plex/gv
+      path: /mnt/nfs/media/gv
       type: Directory

apps/sonarqube/env/k3s-cluster/values.yaml

@@ -39,3 +39,5 @@ externalDatabase:
   host: "postgresql-primary.argocd.svc.cluster.local"
   user: "sonarqube_user"
   existingSecret: "sonarqube-secrets"
+nodeSelector:
+  kubernetes.io/hostname: k3s-cluster-node-3

apps/stirling-pdf/base/deployment.yaml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: stirling-pdf
+  namespace: stirling-pdf
+  labels:
+    app.kubernetes.io/name: stirling-pdf
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: stirling-pdf
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: stirling-pdf
+    spec:
+      containers:
+        - name: stirling-pdf
+          image: frooodle/s-pdf:0.26.1
+          securityContext:
+            allowPrivilegeEscalation: false
+          env:
+            - name: DOCKER_ENABLE_SECURITY
+              value: "true"
+          ports:
+            - protocol: TCP
+              containerPort: 8080
+              name: http
+          volumeMounts:
+            - name: s-pdf-tessdata
+              mountPath: /usr/share/tesseract-ocr/5/tessdata
+            - name: s-pdf-configs
+              mountPath: /configs
+            - name: s-pdf-custom-files
+              mountPath: /customFiles
+            - name: s-pdf-logs
+              mountPath: /logs
+      volumes:
+        - name: s-pdf-tessdata
+          hostPath:
+            path: /mnt/nfs/AppData/stirling-pdf/tessdata
+            type: Directory
+        - name: s-pdf-configs
+          hostPath:
+            path: /mnt/nfs/AppData/stirling-pdf/configs
+            type: Directory
+        - name: s-pdf-custom-files
+          hostPath:
+            path: /mnt/nfs/AppData/stirling-pdf/customFiles
+            type: Directory
+        - name: s-pdf-logs
+          hostPath:
+            path: /mnt/nfs/AppData/stirling-pdf/logs
+            type: Directory
+

apps/stirling-pdf/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./deployment.yaml
+  - ./service.yaml

apps/stirling-pdf/base/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: stirling-pdf
+  namespace: stirling-pdf
+  labels:
+    app.kubernetes.io/name: stirling-pdf
+spec:
+  selector:
+    app.kubernetes.io/name: stirling-pdf
+  type: ClusterIP
+  internalTrafficPolicy: Cluster
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+      name: http

apps/stirling-pdf/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "stirling-pdf",
+  "userGivenName": "stirling-pdf",
+  "namespace": "stirling-pdf",
+  "destNamespace": "stirling-pdf",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/stirling-pdf/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

apps/stirling-pdf/env/k3s-cluster/ingress.yaml

@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: stirling-pdf-ingress
+  namespace: stirling-pdf
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "s-pdf.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: stirling-pdf
+                port:
+                  number: 8080

apps/stirling-pdf/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+  - ./ingress.yaml

infrastructures/cert-manager-clusterissuer/base/clusterissuer-cloudflare.yaml

@@ -0,0 +1,23 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: clusterissuer
+  namespace: cert-manager
+spec:
+  acme:
+    email: "edward@cheng.sydney"
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cluster-issuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            email: "edward@cheng.sydney"
+            apiTokenSecretRef:
+              name: clusterissuer-secrets
+              namespace: cert-manager
+              key: cloudflare_api_token
+        selector:
+          dnsNames:
+            - "cluster.edward.sydney"
+            - "*.cluster.edward.sydney"

infrastructures/cert-manager-clusterissuer/base/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - clusterissuer-cloudflare.yaml

infrastructures/cert-manager-clusterissuer/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

infrastructures/cert-manager/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: cert-manager
+    repo: https://charts.jetstack.io
+    version: v1.15.1
+    releaseName: cert-manager
+    valuesFile: values.yaml

infrastructures/cert-manager/base/values.yaml

@@ -0,0 +1,4 @@
+global:
+  priorityClassName: system-cluster-critical
+namespace: cert-manager
+installCRDs: true

infrastructures/cert-manager/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "cert-manager",
+  "userGivenName": "cert-manager",
+  "namespace": "cert-manager",
+  "destNamespace": "cert-manager",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "infrastructures/cert-manager/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

infrastructures/cert-manager/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

infrastructures/gpu-device-plugin/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: intel-device-plugins-gpu
+    repo: https://intel.github.io/helm-charts/
+    version: 0.30.0
+    releaseName: intel-device-plugins-gpu
+    valuesFile: values.yaml

infrastructures/gpu-device-plugin/base/values.yaml

@@ -0,0 +1,14 @@
+name: gpu-device-plugin
+
+image:
+  hub: intel
+
+sharedDevNum: 10
+logLevel: 2
+resourceManager: true
+enableMonitoring: false
+
+nodeSelector:
+  kubernetes.io/arch: amd64
+
+nodeFeatureRule: true

infrastructures/gpu-device-plugin/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

infrastructures/logstash/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: logstash
+    repo: oci://registry-1.docker.io/bitnamicharts
+    version: 6.2.14
+    releaseName: logstash
+    valuesFile: values.yaml

infrastructures/logstash/base/values.yaml

@@ -0,0 +1,61 @@
+namespaceOverride: logstash
+clusterDomain: logstash.logstash.svc.cluster.local
+input: ""
+output: ""
+existingConfiguration: ""
+enableMultiplePipelines: true
+extraVolumes:
+  - name: configurations
+    hostPath:
+      path: /mnt/nfs/AppData/logstash/config
+      type: Directory
+  - name: pipelines
+    hostPath:
+      path: /mnt/nfs/AppData/logstash/pipeline
+      type: Directory
+extraVolumeMounts:
+  - name: configurations
+    mountPath: /bitnami/logstash/config
+  - name: pipelines
+    mountPath: /bitnami/logstash/pipeline
+containerPorts:
+  - name: http
+    containerPort: 8080
+    protocol: TCP
+  - name: monitoring
+    containerPort: 9600
+    protocol: TCP
+  - name: syslog-udp
+    containerPort: 1514
+    protocol: UDP
+  - name: syslog-tcp
+    containerPort: 1514
+    protocol: TCP
+podSecurityContext:
+  fsGroup: 1000
+containerSecurityContext:
+  runAsUser: 1000
+  runAsGroup: 1000
+service:
+  type: LoadBalancer
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http
+      protocol: TCP
+    - name: monitoring
+      port: 9600
+      targetPort: monitoring
+      protocol: TCP
+    - name: syslog-udp
+      port: 1514
+      targetPort: syslog-udp
+      protocol: UDP
+    - name: syslog-tcp
+      port: 1514
+      targetPort: syslog-tcp
+      protocol: TCP
+persistence:
+  enabled: true
+  existingClaim: logstash-data-pvc
+  size: 16Gi

infrastructures/logstash/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

infrastructures/netdata/base/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: netdata
+    repo: https://netdata.github.io/helmchart/
+    version: 3.7.96
+    releaseName: netdata
+    valuesFile: values.yaml

infrastructures/netdata/base/values.yaml

@@ -0,0 +1,17 @@
+image:
+  tag: stable
+
+restarter:
+  enabled: true
+
+parent:
+  claiming:
+    enabled: true
+    token: HOJS7JMbEzKuDjbkJJv_Qp5369dyBGc0-qQ2DpKfWT22tiNWRZVH63bALjOv6A4bevsAJixzY1rIKO-1RvIr-NKGiYGpgfrMt1I5loXpU4CY7BgJp22jpK72kvRLwdM2rhNLcSQ
+    rooms: 20334923-196a-477e-9a12-cfd5d02b24ec
+
+child:
+  claiming:
+    enabled: true
+    token: HOJS7JMbEzKuDjbkJJv_Qp5369dyBGc0-qQ2DpKfWT22tiNWRZVH63bALjOv6A4bevsAJixzY1rIKO-1RvIr-NKGiYGpgfrMt1I5loXpU4CY7BgJp22jpK72kvRLwdM2rhNLcSQ
+    rooms: 20334923-196a-477e-9a12-cfd5d02b24ec

infrastructures/netdata/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "netdata",
+  "userGivenName": "netdata",
+  "namespace": "argocd",
+  "destNamespace": "argocd",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "infrastructures/netdata/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

infrastructures/netdata/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

infrastructures/prometheus-exporters/env/k3s-cluster/node-exporter.yaml

@@ -6,7 +6,7 @@ metadata:
   labels:
     app: prometheus-node-exporter
 spec:
-  replicas: 4
+  replicas: 5
   selector:
     matchLabels:
       app: prometheus-node-exporter
@@ -14,10 +14,15 @@ spec:
     metadata:
       labels:
         app: prometheus-node-exporter
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/path: '/metrics'
+        prometheus.io/port: "9100"
     spec:
       hostNetwork: true
       hostPID: true
       hostIPC: true
+      enableServiceLinks: false
       topologySpreadConstraints:
         - maxSkew: 1
           topologyKey: kubernetes.io/hostname
@@ -29,16 +34,27 @@ spec:
         - name: prometheus-node-exporter
           image: prom/node-exporter
           args:
-            - "--path.rootfs=/host"
+            - "--path.rootfs=/root"
+            - "--path.sysfs=/host/sys"
+            - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
+            - --collector.netclass.ignored-devices=^(veth.*)$
+          ports:
+            - containerPort: 9100
+              protocol: TCP
           volumeMounts:
-            - name: node-volume
-              mountPath: /host
+            - name: sys
+              mountPath: /host/sys
+              mountPropagation: HostToContainer
+            - name: root
+              mountPath: /root
               readOnly: true
               mountPropagation: HostToContainer
           securityContext:
             privileged: true
       volumes:
-        - name: node-volume
+        - name: sys
+          hostPath:
+            path: /sys
+        - name: root
           hostPath:
             path: /
-            type: Directory

infrastructures/prometheus/env/k3s-cluster/cluster-role-binding.yaml

@@ -8,5 +8,5 @@ roleRef:
   name: prometheus
 subjects:
   - kind: ServiceAccount
-    name: prometheus
+    name: default
     namespace: prometheus

infrastructures/renovate/base/values.yaml

@@ -20,8 +20,8 @@ cachePersistence:
   size: 1Gi
   existingClaim: "renovate-pvc"
 service:
-  type: ClusterIP
-  port: 8899
+  type: LoadBalancer
+  port: 18899
 ingress:
   enabled: true
   ingressClassName: nginx

resources/app-secrets/env/k3s-cluster/templates/clusterissuer.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: clusterissuer-secrets
+spec:
+  encryptedData:
+    cloudflare_api_token: AgAl6fSMDkAPPLJBXiCvmmT8MdpmpXMy1rsUhkwkuHIyubLN3k6Dfd9COk18qtas73ueWMs4f/Rrd6MT1HrO4QoA4ral0PgEEyznqB+Q6YgWpJQ5l2v5z5CZ+m1PGVItUEcpFuB6G42crQtjuJEOlAoPQhjT7H+y9EFG92+PdoWXwAW4aJw0olhZaeCQvoDDjVfrD0H9ncToqA+NlFtZoRscgeYjpxAgX8dgTcb9hyKoSsChIfxgBJM3inOqk4r3yzQDKM8hs8aJUCYLkPteDu+XHPe8Nh7swasoN2ss8fiUVyazhjML7WHWRWUjsOObhTc0lBrm3yc18jz3CJ7Ct6NZ9lK/PQ8sMDeeTjUTmnWY7Va0PD6eISx8zOXbqzmlqLeKUTkqw3pbXXowfFILcJXhImkm5xCetRmZyTFxHVW1pcw70mkhrTRxFznY/u736y9Kg2I8Wsx2t1ZHgtE5ZnXZKtGqEtjnD/M65SVUIOhyHGQvqRiYxLJJfC7wiNUuh1KJcQGW8NDuew/eBFlAKW92tFzs2WX/AN8bEkooYsUOFKEZTO2hyCAACD2HzI7qRX+hiGxSwfPRHJUUdCb8B+IrATuvda8LBnnXDAK+c+XP9pFFFCQBB8Rsy2QfZ9nJ7Rl7cfV+V2/t466jzREEP4Jpkyiw7k5qF8+XUJsNKPlxZc1Qmr22UnM4ab4523Vg0mIvTzp+XPNq05vi+Tjxq5UFBmYR/hpsVEX6OJX0hMxg9mHUaoHI+Wqv
+  template:
+    metadata:
+      annotations:
+        argocd.argoproj.io/sync-options: Prune=false
+        sealedsecrets.bitnami.com/cluster-wide: "true"
+        sealedsecrets.bitnami.com/managed: "true"
+      creationTimestamp: null
+      name: clusterissuer-secrets
+    type: Opaque

resources/app-secrets/env/k3s-cluster/templates/mongodb.yaml

@@ -1,5 +1,17 @@
-apiVersion: v1
-kind: Secret
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: mongodb-secrets
+  namespace: mongodb
+spec:
+  encryptedData:
+    mongodb-passwords: AgBxZ1MLyQ5Pj1CT7XBU3jHpo4isuqIgvFs/ixGe++popOJMqRmhHKDHcJrdfPGM07f89BCwUPjDvHksEOo1bxb6pVAwVSd6KZvVk+u3l3M0ypJZ3hULeL65s76PU0WIpRwVBVE5X2kE4kTKG7efy/WhkNSGFdzH/IeYUXm49/O8VI4p/KtJUYGETdDjG5k61cGDFOmNS0LKHgWav3G2t3NYmPQbE2VjC8z1LzfIGEprPUU3gfjpQVv6MXdJEBJ77X8/3A9YTyKr40xQdX1RKG5q1ro/9GMYI8XoSDfpC6OhQC/3S2HR7+yLrWKtKQW+jYRbgdCYokhJ57a2qgZSDXgIHXmLXP2Jz+WMkElrJamz+yGXwW9ikx9L3IuGjaPnk181odjKWONz6B00S9cKk+PCE2E+y0QGklm80JLw4NYhmI8DQ1LWhcY/oKxj+tKsIQ5ltWOh7MgTdmn8HkmiHvCmzXyGGsHOoUt0XdcCWf7JlHdqc9mc7QeW/2xrUvlsO4WkoSKkrWJXRhmVCXMHjzRy6eNFWJqfIxfPSL5FwsvTeq7WykZN5euXAuFJJpxSf8eewTIML04S4als4Awey5WCP+MLZunp9j62lV6r2UJcn3j+o3RRVXevGsWQpVHpyTJrlvZyclQFwIg8r5rVSq2/Lj0eYUCLhf+gIbedVfFqdxJ/HIcsufYjxYlFVt9MHarOXZ+WRvFODBrkxoJh/9RjsljYDVitZ4JqiXj4i7ZtjfCN5dZmfJlnX8LNwe4s/oL3
+    mongodb-root-password: AgApxPqNJ68V04TYPyDBkEaYq1Gg5ECE7z5+tqQjGzpmhfJDWIvgbATJ/ROBF8VMWJB8ijBDgXeI2a5FsS9YbYXghmdNv8tYJVj7gd5vYPZbSK5BprQpxb0npINWr+5x3kObG3rXX1PvpvBmiBiWVz92KSjTuINTECYTQwgoNXmx/iz+KGLgpC2sZ1EAoWZxYejhoJMpVGrdT9srsUORYssReBtOEqgClHk8nWXLG5+xeCfApFwkQenPMD94/zOe5MvUMhAo0Nnvyryp0aXPMv0RPpgh98WJBI+jVKVu0A3O5LPQEFqdnhQIaNAiCcq+Idmoo8jzt2MVzoTnmYil4uX86FlzPLnD14m3RiCD0cHpShA49tbotrfDyo4Od8rhjpxZH5afs3EmgEVEaskhwEMdtevKsLWTV8TfWghgZ6HPCRTZp/mo4bw73e17fgm8dbcxceubdtxveEZKw2hrOpUXXGVr4Ozwh5i+6CXPmdTi98x+7Eh3JTdYJJGg6SfCEwDxByWHIAYNjnRO/pVWfJuTGUxAxuc76AFsOyRrqe+rZs2K5AJ/Igp6xxuzLjtfiQ7KmQzDnsPi6+ozTVZ/NIa0Ear/mlqZOXFAJ15e4zUe+AQ1WWsRP2FW+ftUDswCsBl/0JALaT9hGo6/FLT/5iLR1WIp8pc2pcDMP5HfKk22NtIykOWcq7RJPHmdgRV/UgMcUKJznB79ACaQSDqYP48xXU6DhiJPl+Q=
+  template:
     metadata:
       annotations:
         argocd.argoproj.io/sync-options: Prune=false
@@ -9,6 +21,3 @@ metadata:
       name: mongodb-secrets
       namespace: mongodb
     type: Opaque
-stringData:
-  mongodb-root-password: "ic.e6oeHefy983ZC8YpQDfg8"
-  mongodb-passwords: "VeQ@NGX*W3qrDBQmbVihHTXh,auDJjPpV_y_9-Dt*!dsMovFb"

resources/app-secrets/env/k3s-cluster/templates/plane-app.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: plane-app-secrets
+  namespace: plane
+spec:
+  encryptedData:
+    DATABASE_URL: AgCIECtMBtAW3EqPgFq8c9lPQOBw9dMSZfgvZKxIln49lPCmUK+pcE9PZAlSnr4lyukccegIZiEi1qXm+eWAVB7ImDN+euXlm5pS4A1DthXMHTBgDvC+LnknmNbl5JCQGirSGUxHxJFsPmb/acH4zrudh8jyajMxCtNdANDVJIGM/2TC9icBb8Dd34cR1uprRvnidAdmwc3vc1q8LGE/fDatJ7LUNPoA3yNCz5Te6MSrBjZceBuPmSj8jOgQ7CzHqhnmkW+2vr0eCR8efkLO11Sb6Ok+fRVJ1E6YZXsaj38AsY5fMG/cnPLGr6AvpVxFKIvznJlYMiok2wN8KqkbkSAk9FZneH85Yijn/EyBntzWDjYTTqmp9kjU5wNgBn24ggtLZiLBOhIGEIXAEQ0aLv0Eij8toYhYromStLuIkJ2j4s46nSvTKVGhccsTqcEkZveWlNBMJfQD4tBWH1dpuG6NtTSkq7vN/hu2nT8mr1ZNWmzcvDsBRX15joKCiY14RGad6Ronu3WG1x+DSykJ4Fz55l7/u16IoNbbXRt5OO4mbD6xgqcOIj1grB6wTT2XhYYwagFAOMfF/hJuGql3DNlCGElJaQ3ZiPNTYNWf7YqB94aYdT4ipF+cWhUEhhxEqEXqmlynvFgE5LlGdysOxpTDGWCr+rXHd4FT9wkyBzMIabnMVks5ewWxe6MEi8Trq2Wfp9/6bfhYIbYEzY6AasvljnleyU/lp/7v8Ltc7SqkNa84W0qbx9ZtSZ2TQfzs11EktljZeQMBpffEsw9hl+Ytd2vrVDcXjAxJ+0NQcxe87RmUJRp/gqThha10xluVFvLiwg==
+    SECRET_KEY: AgBNNOJwtdorKUwFe2UwqgxdDzqjgcCDeKDr/O+XgamM5v15YpJLeXXahqDhkGRi/G0DQbVK8T1NAIlWWVQNZxxr9MFlJYPnV7C6Mc1P9Cwfabd/XrXcYFI7+E8UhFOHoUHnwOcuAeyrcqb/8H1d+vLJ3w0yGz1aMWWXa8pECB/LXdWLl89N1NLUQAhhW8SVPinBfZFJuIrtoaMi1nEj2QnsCznt0FYbquXJLGFDk1dVa9khC8AFHxAuHB50rM748TrT+McLlvP/WU7ljn8vJeOcZSxcyYa7Ex1SRaxCZUk/+DDiMG1zahc62d2pxqV4Va3++RXRKNLhxepFD1zqSJO6h+JfMS0BbAKIt+eIUXPE+1v3Vni0z0mFK0AS4L2l9h/urYm0B14Cy7SXMztcWEDZMDvoZR+jcpVbPKceQXy7oalIrP51JNZhr260NTDLquf5WURfS1LdIehumoY8QILCQFC6/GqWtc55sFrQ8mlgfPya/rqca1fmV12XtuG+CcXiVo/+9upHD5+lPtq2BnfxN1qw7DlUC+NfiDkZ+YtYag3rr7m/ZXNoGTusVZ6L64a2Ze2KkUyblGRACH2WBXI6S2nRIVhQuPAjeLX8mDGNwvAmbOXi8EFDibj5hFtI8K4J6X4X0k8abLeAY6QoBK4ShO1prvWKXKSadktdanwyhlXBX8a5XtnIWLCg5Jxr1a/abvQd35psr+tUSxPJqrMtzYarbF7S2JEcPqBvp1bCF8SpiT51nZ1QvYRKrwzYN+CPDQ==
+  template:
+    metadata:
+      annotations:
+        argocd.argoproj.io/sync-options: Prune=false
+        sealedsecrets.bitnami.com/cluster-wide: "true"
+        sealedsecrets.bitnami.com/managed: "true"
+      creationTimestamp: null
+      name: plane-app-secrets
+      namespace: plane
+    type: Opaque

resources/app-secrets/env/k3s-cluster/templates/plane-doc-store.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: plane-doc-store-secrets
+  namespace: plane
+spec:
+  encryptedData:
+    AWS_ACCESS_KEY_ID: AgDmSHH2mGd3Eb0K5EpYXEOVF+FGcTNSssJOd5hg4Sh2F52F3clPo05lZ2MnrHRgU5v331jv5BMv/oIKY9dlpeIlFJ67/l8jlgbTQxZLJ5zDhuOBkHFfKcWVRHJy5fwUaJEgNrbCEAKD+bMdhTd02HWflXTy+PQuIFXFv4ocz79CCaep2a/xFgEH4fM0OeE/nrJbxQlwYHBk/LYuQv/v1sjGUZz+MCbnf07svGJnYVVMXHXsWIkToDIRKBQtD01FLTJ8zXhArE5tKnO6tzi02P9QBNJzDvswS9PftLlDai4nupNIh18tcU6zE8lgynb/KEAyqBQk0tC9D4cCSkS/rz1IKFukySLOt89zgReAjMcVTYBAo2eidgRr8cZhHCOzOWxZi7y12MbLo7MjJQQx9f+Oeu0YiMjXCgpFDklvtterE7KOz0bLc2KjR9DQT866VbXmXKRht4yzeQGMxu9AmxzPhx7iuOvovzy7o8dh4VjN4cUoNkC3jTVw7cWZycEAVrhZ7s+f+LlyxZ+4VMlfTcp21J2R9fbJiV6bSaZTrJNU/2fEuqvPsvCE9xSHQeTUeYrx3f15VDjwlqL3tN2rXi+FUWOEH9un+4zKtNumb2J/ByaFo1PIPpYUS7IGpyJZVbFsClh+weMKF1oX0qdQ3fEsYIOGzUvjy595TgmxS7qv/S/MGYmahIgyyPiZAxbfMXdLMBN3IvnY7DlyMe+jHZkeOIIjnQ==
+    AWS_SECRET_ACCESS_KEY: AgAtgUS2sQVgk1sWmOmaXWOw0muiZf6Ikf4IEWf7X/PIwPZHElUKX6pR/nfBXIf9aM5gl1CXiBA/Fw4gw7RCAYY6vLLqppR/eJFJmxu7MpJ8NIxTJCgd2sWLn4KGVfuiRXZ3DAzt/LulpnCvE3G0pUHWlIUIMrj1X61OIpz1jL88R4FWS8AaPS8qKOnmiPjRNjJKeZBPf7Z4Z9XApAeCrRTIUyYa63/3JuTKiNCG7BgOidPNkfZQPh+J7D6AsflvWA3SW0+pF1yhNXBORKDynpp4gr0FRF52KKQyZ0fKi9z2jXrcHPef+Gk4Dq/mo+srzV0/A3yxjAfRwAGzjo0V/jk2unnXtF/PsAUvbA4uxR9IrQXwbtL+8H6HsOhfYD4HqN8KoL+QpWjaGm5LYtyZi6HejJaDtLjUkYJ/jEAB9nTnJfsh5NNn6qw5JueexsmcYE3O45q7gdszQSCR9pvoi1OrxHi1hS0sF+DJ/rhiwqxMk5uQEBmBs2puLw7580UPf4k4kbe76bG5bPGjw3sYQLL+iPXRM2P0WfOaXDezHbt0iRccLIS05WgfqQiErnkQCjzyTYDYmKsNDN8UQqpXz2HE4b686I9958JVxIlK1BeoosdEKU8+i6ngeV0XLNgzBR78FVrJ8pcGTRDzoEMsHM5x+800afNcJlR5dfUYT9mHfDjbQQJpGSZr4LcPtA8IvLRFmsmY+aW5UMKIp7O+/UcFwP04mi+tD9Fn82bUhl0dQE2LWseSqpjS
+    MINIO_ROOT_PASSWORD: AgA95R5e42DoKA7E0CPDDzqxdKT82XZs9oTIa+I6i991m4z11x90QkfmXgQ31TsESXPQUKekx8Cph6RJI807IqC3vsLrAXiVD0PSx4EQePF5A/a8M9dBjhGpLIEBo0o1sMO3ZsBrqtEgk0EHc1UfOTQoRzCDO//TAqqdvVf/WoHPUGpZ5wfgAjpD19HZr2Ls3pkc/4Bx7f4/PkL2BLJivdsT4c6LeZTu80KTPVH9Fu1Rk6NSFYBrigOcVDDRAvVDSD5C90WGwDUNNpu/hwsZ3pmmv9Saf0YgD8wSgKCcNVbKWiYd0NKnZIgFzY2p1NwexcBTXzL9dszNkJAzXIiSae/e87fCszJSCBef7WlBh5eGH1AV4VEhc+4oooq0gIfJ2DvR1XIVinJRp7tNIUuQTXDrHMwacOzEoKYCwGZZ7rXGexS2n0oYOQLV/JnD1R+OyLvI7Eu7CoYwbrKsYCVilRiMZO63IawDA07n5iRmg8JR03eK2m/LLaA9kSbKqMtyZ+nroqD1PlJl6asAeYjf+qrzSRPqyUhJjYOA4RJPxGUvmXBIaVW2IqwSuokdgnNTmiNtC+lcYP2VNeas5xXZ+mDoeM02HSuW4MaMWiwZewZFH8bZqhxeshu0NzkciR60UZK5XRBsievXT9ycPaLlXNcZtlfQYXL6OD6y0KKS31AgICDAVcehbHAagYkMOo7voNkipEpdYYzM79ruC6M/bSwPcwIwGw==
+  template:
+    metadata:
+      annotations:
+        argocd.argoproj.io/sync-options: Prune=false
+        sealedsecrets.bitnami.com/cluster-wide: "true"
+        sealedsecrets.bitnami.com/managed: "true"
+      creationTimestamp: null
+      name: plane-doc-store-secrets
+      namespace: plane
+    type: Opaque

resources/app-secrets/env/k3s-cluster/templates/sonarqube.yaml

@@ -1,5 +1,18 @@
-apiVersion: v1
-kind: Secret
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: sonarqube-secrets
+  namespace: sonarqube
+spec:
+  encryptedData:
+    password: AgCcaCPWG9uMaavrq1qu37M3y5zL0bHbarSWX1sf7uTTYjDVXgYcv6qB+OpMFn6tSGlgiiCvMZs9k/rXxrPSVSWZn3nvACF01s0V45LJu7aH4sgCSXdILN9kYMzoRNRE8BZFcvdELf07UfcIl3w/Lg2zNwkNpJqN0BFmcI+sxm1p7bjNdHuKQSqPgmUy5eJANU5gOVx6cGo3/W12LpVy/HeLbdq/BcYyB9cnJjG4JLwxOLuf1qWLqc336zk1KjuphCdhhnES8jaCpVlMdSHm+FNLuF259DbISP+Q8ReEAjb4Oo02kAldfQXvvSqoHPdFdGttdBn5kVMFEY2YNKkZh0xlMaW3sciZgtmazsMC71xwym4tfzRa2/R14hcLuQA5cs7dm/sXA/g616FPJuWpQvJ9IwSKzAKeZ7j9JTxvo530kz7EMs5HV9ebFNORhcrOOpEciBcpZ+4b+EvOmZ8LWZhetzJsmydssr9brgNJp08dSRuxsLr1jJRUzj0DHlu1vguQJz66S4XrdPgboWPXbCtQTb0Y4nb1EBxNkdLgNireTmpSNS7BXfk0pyW4PiQ++I4VF+26eib8rlIFVCnFCQgRsNAkBcAw8P1pNrj1DNLFkMi+iYiJqWK/PyFfTzQXry1W9yFxpMR8Y6w3xNTIfqWFSqGts5T0ua5JymbETKPpsJFYNmPI14LTAvgGLyxzg8zfZncHjcMCAGD+WRyRkNOpIlsRaw==
+    smtp-password: AgAWupYV/0gwgwnPyUQODkTfnf7nYRP9/GiNLF8ilUeOaHHGZRh7Jw5aZ0Tm93HZ+GKENOZxS+LTpo7ML1hMwia9rzqzgQobmHaPolqLSPa3EcdPaN5jSID7xsAZvylseAWayr6M+M7lOoC+YXqTXxx+i09Xg0OIDwHhzX2TpGPXc+S4CcSEnmQZR5pEhnfETKktRB2WhK2IXg5TyJlCrAUSrOoeAjQ9z1CwiLzwQvsLlIw1MHRk/xRy0pgpDZk0o2iKuWIjxlnPLPWqpia2cMcCfBW4xskONVxpVvIfdQqqpI7/fQ1vNKIQuoc5lSzrS757z+4VHRSYWlS6xlMOkShlEnPlP9b+RU0WioMR/AL8Zldt7tKTrNmZCl0zQSpiIQMFE2aRg1owI89ytoJFv738tVpMzscenI2llLXimiO2UA4kfg+VazFEe/vGFcnBnh1Bmb6sAIUpLvXl+gecqpq7uQqDUC4ZbbykJXUKt3waa+e022Q8qeQ3h/YfLdx4WKePzEBkyZJiu4bOcHLXsz5HWcsEWaJV8LB7z5uztOOmiYvlMisoK8G7HqI8bUTG9M7JL3thDIDkTT+OFwuUuukHIeyKu4wQPjP7/na9Ti/hw46t02C5C5ZqZoErpukMr7vHpF5vKr7ozpLDCMhjGDBlLPjnDWSX00QFsc7ft+AC3+Ap5Njy8kLh1fvodOLz3OlRLtd2955Hie7m/35E0Ru6Pyvb
+    sonarqube-password: AgDNzH+Syw1PBh8wmZtibfuSeCFHsWmNWF0VTHe/zHxUjhqxTxivGahkg9oqUagTBfWdhBPuFVZtbkAXmt4RYu7Qg0EcOeH+UBfurNSNKDKqeJ4nl+Jq6OJS9i1ELAkk0xos9QLxA9ADG/v8p9F9Nsy38z+M8gEi/nTVPqYWTjuuSDqGC09LzSdVo9YVKP1CRCYn4RKOts4q0oN9eQ5WigT8uHUbFOMryAxQY9qQkX8ouHX2VULxiIYALnhMQRMAPolUz52ekTgwQKq+QV/biG5X6ZErEcpLRbsIKT9rCNunKs3JP6VDZfqatKoyUqe6GLHnmZ0RaV8ed6PHMCKd4wSK4TsVVljOraUlIL6FYii/mKnCZsKvR4o8rHkKVmgtJn8lclGCOxxRrw7slZ/tqHnAJt8q9ux19WZAj1VnMKsa76MvasLCMTsMRpLVMbCgtU+NFytl2kTorR8de6iWoM5vc0aOnX3uL66y5K52cMc9aYGmHT1m0wNeWMfKSTYb8I60Bd1LS57GNXJxEuDFDzmkg7OUS6nA81mrZTRZHDXcCihD6BP3w4GhQFk68LW8dyNmhtARQROASx6jnEln2RoI2ob7BtvHW3KqDfemm8YezqZIRf00VyjpbxNIhoiXeTipp8e4Ib/UqWW+6PdTxVTndESBY3NtEE0XRfodrCcnliH85ETRngjBW7xEkFgPep5IXPQhreuKXzJFEDqky5IZ/cil2Q==
+  template:
     metadata:
       annotations:
         argocd.argoproj.io/sync-options: Prune=false
@@ -9,7 +22,3 @@ metadata:
       name: sonarqube-secrets
       namespace: sonarqube
     type: Opaque
-stringData:
-  sonarqube-password: "UCGhDRhvdmVtFB7DNsG2"
-  smtp-password: "mqy2fmb8adu3nby.PDR"
-  password: "cAdF2VZVguE6bKK3Kmko"

resources/app-volumes/env/k3s-cluster/templates/jellyfin-config-pv.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: jellyfin-config
+  namespace: jellyfin
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 250Mi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/jellyfin/config"
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux

resources/app-volumes/env/k3s-cluster/templates/jellyfin-data-pv.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: jellyfin-data
+  namespace: jellyfin
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 2Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/jellyfin/data"
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux

resources/app-volumes/env/k3s-cluster/templates/logstash-data-pv.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: logstash-data-pv
+  namespace: logstash
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 16Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/logstash/data"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: logstash-data-pvc
+    namespace: logstash
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux

resources/app-volumes/env/k3s-cluster/templates/logstash-data-pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: logstash-data-pvc
+  namespace: logstash
+  labels:
+    name: logstash-data-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 16Gi

resources/app-volumes/env/k3s-cluster/templates/netdata-k8s-state-varlib-pv.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: netdata-k8s-state-varlib-pv
+  namespace: argocd
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/netdata/k8s/state/varlib"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: netdata-k8s-state-varlib
+    namespace: argocd
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux

resources/app-volumes/env/k3s-cluster/templates/netdata-parent-alarms-pv.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: netdata-parent-alarms-pv
+  namespace: argocd
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/netdata/parent/alarms"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: netdata-parent-alarms
+    namespace: argocd
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux

resources/app-volumes/env/k3s-cluster/templates/netdata-parent-database-pv.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: netdata-parent-database-pv
+  namespace: argocd
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/netdata/parent/database"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: netdata-parent-database
+    namespace: argocd
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux

resources/app-volumes/env/k3s-cluster/templates/plane-redis-pv.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: plane-redis-pv
+  namespace: plane
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/plane/redis"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: plane-redis-pvc
+    namespace: plane
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/arch
+              operator: In
+              values:
+                - arm64
+            - key: kubernetes.io/os
+              operator: In
+              values:
+                - linux

resources/app-volumes/env/k3s-cluster/templates/plane-redis-pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: plane-redis-pvc
+  namespace: plane
+  labels:
+    name: plane-redis-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi

resources/app-volumes/env/k3s-cluster/templates/sonarqube-pv.yaml

@@ -32,3 +32,7 @@ spec:
               operator: In
               values:
                 - linux
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - k3s-cluster-node-3

resources/ingress-nginx-configmap/base/configmap.yaml

@@ -9,7 +9,6 @@ data:
   "1888": "rlpa/rlpa-server:1888"
   "5443": "adguard-home/adguard-home:5443"
   "6060": "adguard-home/adguard-home:6060"
-  "8899": "renovate/renovate:8899"
   "32400": "plex/plex-media-server:32400"
 ---
 apiVersion: v1

resources/intel-device-plugins-operator/base/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+helmCharts:
+  - name: intel-device-plugins-operator
+    repo: https://intel.github.io/helm-charts/
+    version: 0.30.0
+    releaseName: intel-device-plugins-operator

resources/intel-device-plugins-operator/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "intel-device-plugins-operator",
+  "userGivenName": "intel-device-plugins-operator",
+  "namespace": "intel-device-plugins-operator",
+  "destNamespace": "intel-device-plugins-operator",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "resources/intel-device-plugins-operator/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

resources/intel-device-plugins-operator/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

resources/namespaces/env/k3s-cluster/templates/gpu-device-plugin.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+  creationTimestamp: null
+  name: gpu-device-plugin
+spec: {}
+status: {}

resources/namespaces/env/k3s-cluster/templates/intel-device-plugins-operator.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+  creationTimestamp: null
+  name: intel-device-plugins-operator
+spec: {}
+status: {}

resources/namespaces/env/k3s-cluster/templates/jellyfin.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+  creationTimestamp: null
+  name: jellyfin
+spec: {}
+status: {}

resources/namespaces/env/k3s-cluster/templates/netdata.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+  creationTimestamp: null
+  name: netdata
+spec: {}
+status: {}

resources/namespaces/env/k3s-cluster/templates/plane.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+  creationTimestamp: null
+  name: plane
+spec: {}
+status: {}

resources/namespaces/env/k3s-cluster/templates/stirling-pdf.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: Prune=false
+  creationTimestamp: null
+  name: stirling-pdf
+spec: {}
+status: {}

scripts/5.install-crds.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+# CRDs for the kubernetes-sigs' Application CRD
+echo "Installing CRDs for the kubernetes-sigs' Application CRD..."
+#kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/application/master/config/crd/bases/app.k8s.io_applications.yaml
+#kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/application/master/config/crd/patches/cainjection_in_applications.yaml
+#kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/application/master/config/crd/patches/webhook_in_applications.yaml
+
+# CRDs for the Intel GPU Device Plugin
+echo "Installing CRDs for the Intel Helm Charts..."
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/deviceplugin.intel.com_dlbdeviceplugins.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/deviceplugin.intel.com_dsadeviceplugins.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/deviceplugin.intel.com_fpgadeviceplugins.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/deviceplugin.intel.com_gpudeviceplugins.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/deviceplugin.intel.com_iaadeviceplugins.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/deviceplugin.intel.com_sgxdeviceplugins.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/fpga.intel.com_acceleratorfunctions.yaml
+kubectl apply -f https://raw.githubusercontent.com/intel/helm-charts/main/charts/device-plugin-operator/crds/fpga.intel.com_fpgaregions.yaml
+
+echo "The CRDs installed."

scripts/ingress-nginx/adguard-home-tcp.yaml

@@ -0,0 +1,18 @@
+spec:
+  ports:
+    - name: dns-tcp
+      port: 53
+      targetPort: 53
+      protocol: TCP
+    - name: dns-tls-tcp
+      port: 853
+      targetPort: 853
+      protocol: TCP
+    - name: dnscrypt-tcp
+      port: 5443
+      targetPort: 5443
+      protocol: TCP
+    - name: https-pprof
+      port: 6060
+      targetPort: 6060
+      protocol: TCP

scripts/ingress-nginx/adguard-home-udp.yaml

@@ -0,0 +1,22 @@
+spec:
+  ports:
+    - name: dns-udp
+      port: 53
+      targetPort: 53
+      protocol: UDP
+    - name: dhcps-udp
+      port: 67
+      targetPort: 67
+      protocol: UDP
+    - name: dhcpc-udp
+      port: 68
+      targetPort: 68
+      protocol: UDP
+    - name: dns-tls-udp
+      port: 853
+      targetPort: 853
+      protocol: UDP
+    - name: dnscrypt-udp
+      port: 5443
+      targetPort: 5443
+      protocol: UDP

scripts/ingress-nginx/ports.yaml

@@ -1,48 +0,0 @@
-spec:
-  ports:
-    - appProtocol: http
-      name: http
-      port: 80
-      protocol: TCP
-      targetPort: http
-    - appProtocol: https
-      name: https
-      port: 443
-      protocol: TCP
-      targetPort: https
-    - name: dns-tcp
-      port: 53
-      targetPort: 53
-      protocol: TCP
-    - name: dns-udp
-      port: 53
-      targetPort: 53
-      protocol: UDP
-    - name: dhcps-udp
-      port: 67
-      targetPort: 67
-      protocol: UDP
-    - name: dhcpc-udp
-      port: 68
-      targetPort: 68
-      protocol: UDP
-    - name: dns-tls-tcp
-      port: 853
-      targetPort: 853
-      protocol: TCP
-    - name: dns-tls-udp
-      port: 853
-      targetPort: 853
-      protocol: UDP
-    - name: dnscrypt-tcp
-      port: 5443
-      targetPort: 5443
-      protocol: TCP
-    - name: dnscrypt-udp
-      port: 5443
-      targetPort: 5443
-      protocol: UDP
-    - name: https-pprof
-      port: 6060
-      targetPort: 6060
-      protocol: TCP

scripts/ingress-nginx/renovate.yaml

@@ -1,6 +0,0 @@
-spec:
-  ports:
-    - name: 8899-tcp
-      port: 8899
-      targetPort: 8899
-      protocol: TCP