Merge pull request #330 from 3dwardch3ng/misc

correct the ns of the secrets as the dependency
2024-06-26 12:45:17 +10:00 · 2024-06-26 12:44:56 +10:00 · 2024-06-26 12:29:56 +10:00 · 2024-06-26 12:21:40 +10:00 · 2024-06-26 12:00:00 +10:00 · 2024-06-26 11:59:40 +10:00
18 changed files with 368 additions and 25 deletions
--- a/kubernetes/apps/cert-manager/cert-manager.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager.yaml
@@ -19,7 +19,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: clusterissuer-secrets
-  namespace: cert-manager
+  namespace: flux-system
 spec:
  interval: 10m
  timeout: 1m30s
@@ -37,7 +37,7 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: cert-manager-sops-age
+      name: sops-age
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -57,7 +57,7 @@ spec:
    name: flux-system
  dependsOn:
    - name: clusterissuer-secrets
-      namespace: cert-manager
+      namespace: flux-system
    - name: cert-manager
      namespace: cert-manager
  postBuild:
@@ -69,7 +69,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: certificate-secrets
-  namespace: cert-manager
+  namespace: flux-system
 spec:
  interval: 10m
  timeout: 1m30s
@@ -87,7 +87,7 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: cert-manager-sops-age
+      name: sops-age
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -107,7 +107,7 @@ spec:
    name: flux-system
  dependsOn:
    - name: certificate-secrets
-      namespace: cert-manager
+      namespace: flux-system
    - name: cert-manager
      namespace: cert-manager
    - name: clusterissuer
--- a/kubernetes/apps/code-server/code-server.yaml
+++ b/kubernetes/apps/code-server/code-server.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: code-server-secrets
-  namespace: code-server
+  namespace: flux-system
 spec:
  interval: 10m
  timeout: 1m30s
@@ -20,7 +20,7 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: code-server-sops-age
+      name: sops-age
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -40,7 +40,7 @@ spec:
    name: flux-system
  dependsOn:
    - name: code-server-secrets
-      namespace: code-server
+      namespace: flux-system
  postBuild:
    substituteFrom:
      - kind: Secret
--- a/kubernetes/apps/dokuwiki/app/ingress.yaml
+++ b/kubernetes/apps/dokuwiki/app/ingress.yaml
@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dokuwiki-ingress
+  namespace: dokuwiki
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "dokuwiki.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: dokuwiki-dokuwiki
+                port:
+                  number: 18000
+    - host: "dokuwiki.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: dokuwiki-dokuwiki
+                port:
+                  number: 18000
--- a/kubernetes/apps/dokuwiki/app/release.yaml
+++ b/kubernetes/apps/dokuwiki/app/release.yaml
@@ -0,0 +1,34 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: dokuwiki
+  namespace: dokuwiki
+spec:
+  targetNamespace: dokuwiki
+  chart:
+    spec:
+      chart: dokuwiki
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    dokuwikiUsername: ${username}
+    dokuwikiPassword: ${password}
+    dokuwikiEmail: ${email}
+    dokuwikiFullName: "Edward Cheng"
+    dokuwikiWikiName: My Doku Wiki
+    containerPorts:
+      http: 18000
+      https: 18443
+    persistence:
+      existingClaim: "dokuwiki-pvc"
+    service:
+      type: ClusterIP
+      ports:
+        http: 18000
+        https: 18443
--- a/kubernetes/apps/dokuwiki/app/volume.yaml
+++ b/kubernetes/apps/dokuwiki/app/volume.yaml
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: dokuwiki-pv
+  namespace: dokuwiki
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 12Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/dokuwiki"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: dokuwiki-pvc
+    namespace: dokuwiki
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dokuwiki-pvc
+  namespace: dokuwiki
+  labels:
+    name: dokuwiki-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 12Gi
--- a/kubernetes/apps/dokuwiki/dokuwiki.yaml
+++ b/kubernetes/apps/dokuwiki/dokuwiki.yaml
@@ -0,0 +1,46 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: dokuwiki-secrets
+  namespace: flux-system
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: dokuwiki
+  path: ./dokuwiki
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: dokuwiki
+  namespace: dokuwiki
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/apps/dokuwiki/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: dokuwiki-secrets
+      namespace: flux-system
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: dokuwiki-secrets
--- a/kubernetes/apps/gitea/gitea.yaml
+++ b/kubernetes/apps/gitea/gitea.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: gitea-secrets
-  namespace: gitea
+  namespace: flux-system
 spec:
  interval: 10m
  timeout: 1m30s
@@ -20,7 +20,7 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: gitea-sops-age
+      name: sops-age
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -39,7 +39,7 @@ spec:
    name: flux-system
  dependsOn:
    - name: gitea-secrets
-      namespace: gitea
+      namespace: flux-system
  postBuild:
    substituteFrom:
      - kind: Secret
--- a/kubernetes/apps/kustomization.yaml
+++ b/kubernetes/apps/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
  - ./capacitor/capacitor.yaml
  - ./cert-manager/cert-manager.yaml
  - ./code-server/code-server.yaml
+  - ./dokuwiki/dokuwiki.yaml
  - ./gitea/gitea.yaml
  - ./homer/homer.yaml
  - ./jellyfin/jellyfin.yaml
--- a/kubernetes/apps/postgresql/postgresql.yaml
+++ b/kubernetes/apps/postgresql/postgresql.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: postgresql-secrets
-  namespace: postgresql
+  namespace: flux-system
 spec:
  interval: 10m
  timeout: 1m30s
@@ -20,7 +20,7 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: postgresql-sops-age
+      name: sops-age
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -39,7 +39,7 @@ spec:
    name: flux-system
  dependsOn:
    - name: postgresql-secrets
-      namespace: postgresql
+      namespace: flux-system
  postBuild:
    substituteFrom:
      - kind: Secret
--- a/kubernetes/apps/redis/redis.yaml
+++ b/kubernetes/apps/redis/redis.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: redis-secrets
-  namespace: redis
+  namespace: flux-system
 spec:
  interval: 10m
  timeout: 1m30s
@@ -20,7 +20,7 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: redis-sops-age
+      name: sops-age
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -39,7 +39,7 @@ spec:
    name: flux-system
  dependsOn:
    - name: redis-secrets
-      namespace: redis
+      namespace: flux-system
  postBuild:
    substituteFrom:
      - kind: Secret
--- a/kubernetes/apps/sonarqube/sonarqube.yaml
+++ b/kubernetes/apps/sonarqube/sonarqube.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: sonarqube-secrets
-  namespace: sonarqube
+  namespace: flux-system
 spec:
  interval: 10m
  timeout: 1m30s
@@ -20,7 +20,7 @@ spec:
  decryption:
    provider: sops
    secretRef:
-      name: sonarqube-sops-age
+      name: sops-age
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -39,7 +39,7 @@ spec:
    name: flux-system
  dependsOn:
    - name: sonarqube-secrets
-      namespace: sonarqube
+      namespace: flux-system
  postBuild:
    substituteFrom:
      - kind: Secret
--- a/kubernetes/infrastructure/kustomization.yaml
+++ b/kubernetes/infrastructure/kustomization.yaml
@@ -1,8 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./namespaces/namespaces.yaml
-  - ./repositories/repositories.yaml
-#  - ./cilium/cilium.yaml
-  - ./ingress-nginx/ingress-nginx-config.yaml
+  #  - ./cilium/cilium.yaml
+  - ./minio/minio.yaml
  - ./ingress-nginx/ingress-nginx.yaml
+  - ./ingress-nginx/ingress-nginx-config.yaml
+  - ./namespaces/namespaces.yaml
+  - ./repositories/repositories.yaml
--- a/kubernetes/infrastructure/minio/app/ingress.yaml
+++ b/kubernetes/infrastructure/minio/app/ingress.yaml
@@ -0,0 +1,51 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minio-ingress
+  namespace: minio
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "minio.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: minio
+                port:
+                  number: 19001
+    - host: "api.minio.cluster.edward.sydney"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: minio
+                port:
+                  number: 19000
+    - host: "minio.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: minio
+                port:
+                  number: 19001
+    - host: "api.minio.cluster.local"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: minio
+                port:
+                  number: 19000
--- a/kubernetes/infrastructure/minio/app/release.yaml
+++ b/kubernetes/infrastructure/minio/app/release.yaml
@@ -0,0 +1,31 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: minio
+  namespace: minio
+spec:
+  releaseName: minio
+  chart:
+    spec:
+      chart: minio
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h
+  install:
+    remediation:
+      retries: 3
+  values:
+    clusterDomain: minio.cluster.edward.sydney
+    auth:
+      rootUser: ${root_user}
+      rootPassword: ${root_password}
+    nodeSelector:
+      kubernetes.io/hostname: rpi5-cluster-node-3
+    service:
+      ports:
+        api: 19000
+        console: 19001
+    persistence:
+      existingClaim: "minio-pvc"
--- a/kubernetes/infrastructure/minio/app/volume.yaml
+++ b/kubernetes/infrastructure/minio/app/volume.yaml
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: minio-pv
+  namespace: minio
+  labels:
+    type: local
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  capacity:
+    storage: 256Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  local:
+    path: "/mnt/nfs/AppData/minio"
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: minio-pvc
+    namespace: minio
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - rpi5-cluster-node-3
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: minio-pvc
+  namespace: minio
+  labels:
+    name: minio-pvc
+spec:
+  storageClassName: local-path
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 256Gi
--- a/kubernetes/infrastructure/minio/minio.yaml
+++ b/kubernetes/infrastructure/minio/minio.yaml
@@ -0,0 +1,48 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: minio-secrets
+  namespace: flux-system
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: minio
+  path: ./minio
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: minio
+  namespace: minio
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  path: ./kubernetes/infrastructure/minio/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: namespaces
+      namespace: flux-system
+    - name: minio-secrets
+      namespace: flux-system
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: minio-secrets
--- a/kubernetes/infrastructure/namespaces/namespaces/dokuwiki.yaml
+++ b/kubernetes/infrastructure/namespaces/namespaces/dokuwiki.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dokuwiki
--- a/kubernetes/infrastructure/namespaces/namespaces/minio.yaml
+++ b/kubernetes/infrastructure/namespaces/namespaces/minio.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: minio
Author	SHA1	Message	Date
Edward Cheng	a8f17a910b	Merge pull request #330 from 3dwardch3ng/misc correct the ns of the secrets as the dependency	2024-06-26 12:45:17 +10:00
Edward Cheng	d06ecd7502	correct the ns of the secrets as the dependency	2024-06-26 12:44:56 +10:00
Edward Cheng	27fabf9b24	Merge pull request #325 from 3dwardch3ng/misc update secret decryption ks to have the ns flux-system and use generi…	2024-06-26 12:29:56 +10:00
Edward Cheng	581240bec5	Merge branch 'refs/heads/main' into misc	2024-06-26 12:21:40 +10:00
Edward Cheng	63f0349879	Merge pull request #329 from 3dwardch3ng/infra/minio Infra/minio	2024-06-26 12:00:00 +10:00
Edward Cheng	8eb500a99b	revert as distributed mode	2024-06-26 11:59:40 +10:00
Edward Cheng	6c53ee8d23	revert as distributed mode	2024-06-26 11:59:26 +10:00
Edward Cheng	c8aa1862c6	Merge pull request #328 from 3dwardch3ng/infra/minio set as distributed mode	2024-06-26 11:51:42 +10:00
Edward Cheng	bd6d2e5825	set as distributed mode	2024-06-26 11:51:26 +10:00
Edward Cheng	b69c377696	Merge pull request #327 from 3dwardch3ng/infra/minio let MinIO access handled by ingress	2024-06-26 11:44:15 +10:00
Edward Cheng	5255c165fc	let MinIO access handled by ingress	2024-06-26 11:43:48 +10:00
Edward Cheng	5fa5ccd197	Merge pull request #326 from 3dwardch3ng/infra/minio update service node ports	2024-06-26 11:19:15 +10:00
Edward Cheng	15ad09a55c	update service node ports	2024-06-26 11:18:57 +10:00
Edward Cheng	15f6f3842f	update secret decryption ks to have the ns flux-system and use generic secret sops-age	2024-06-26 11:15:10 +10:00
Edward Cheng	653828d1a1	Merge pull request #324 from 3dwardch3ng/infra/minio change the service type to be LB	2024-06-26 10:49:19 +10:00
Edward Cheng	9dbd91280d	change the service type to be LB	2024-06-26 10:48:59 +10:00
Edward Cheng	45b4623531	Merge pull request #323 from 3dwardch3ng/infra/minio fixing incorrect namespace	2024-06-26 10:34:10 +10:00
Edward Cheng	f2484fc1fc	fixing incorrect namespace	2024-06-26 10:33:29 +10:00
Edward Cheng	2aa025296f	Merge pull request #322 from 3dwardch3ng/infra/minio fixing incorrect app path	2024-06-26 09:45:53 +10:00
Edward Cheng	c727cbd38b	fixing incorrect app path	2024-06-26 09:45:31 +10:00
Edward Cheng	95e1bc2bce	Merge pull request #321 from 3dwardch3ng/infra/minio add infra app minio	2024-06-26 09:35:38 +10:00
Edward Cheng	cf6071ee4e	add infra app minio	2024-06-26 09:35:08 +10:00
Edward Cheng	89c01c83ea	Merge pull request #320 from 3dwardch3ng/app/dokuwiki Update app name	2024-06-26 01:16:19 +10:00
Edward Cheng	c796aacfec	Update app name	2024-06-26 01:15:57 +10:00
Edward Cheng	26ae14105a	Merge pull request #319 from 3dwardch3ng/app/dokuwiki update container ports	2024-06-26 01:12:01 +10:00
Edward Cheng	17dcd78a31	update container ports	2024-06-26 01:11:41 +10:00
Edward Cheng	3016a8d0f3	Merge pull request #318 from 3dwardch3ng/app/dokuwiki using ClusterIP with ingress instead of NodePort	2024-06-26 01:06:36 +10:00
Edward Cheng	16d9f1df34	using ClusterIP with ingress instead of NodePort	2024-06-26 00:59:06 +10:00
Edward Cheng	3fe182f6ba	Merge pull request #317 from 3dwardch3ng/app/dokuwiki add app dokuwiki	2024-06-26 00:50:36 +10:00
Edward Cheng	91a305117c	add app dokuwiki	2024-06-26 00:50:00 +10:00