samipsolutions
/
k3s-cluster
mirror of https://github.com/samipsolutions/k3s-cluster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Yeet a lot of things from the apps

Browse Source
pull/2/head
Skyler 5 months ago
parent d2eaa00053
commit 7cfae07d04
15 changed files with 1 additions and 382 deletions
Show Stats Download Patch File Download Diff File

13
cluster/apps/default/hajimari/config-pvc.yaml
Unescape View File

@ -1,13 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hajimari-config
namespace: default
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 128Mi

134
cluster/apps/default/hajimari/helm-release.yaml
Unescape View File

@ -1,134 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: hajimari
namespace: default
spec:
interval: 15m
chart:
spec:
chart: hajimari
version: 1.2.0
sourceRef:
kind: HelmRepository
name: hajimari
namespace: flux-system
interval: 15m
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
image:
repository: ghcr.io/toboshii/hajimari
tag: v0.2.0
hajimari:
defaultEnable: false
namespaceSelector:
matchNames:
- default
- networking
name: "you"
customApps:
- name: Some External Cluster Service
url: http://192.168.1.100:5000
icon: test-tube
groups:
- name: Communicate
links:
- name: Discord
url: "https://discord.com"
- name: Gmail
url: "https://gmail.com"
- name: Slack
url: "https://slack.com/signin"
- name: Cloud
links:
- name: Box
url: "https://box.com"
- name: Dropbox
url: "https://dropbox.com"
- name: Drive
url: "https://drive.google.com"
- name: Design
links:
- name: Awwwards
url: "https://awwwards.com"
- name: Dribbble
url: "https://dribbble.com"
- name: Muz.li
url: "https://medium.muz.li/"
- name: Dev
links:
- name: Codepen
url: "https://codepen.io/"
- name: Devdocs
url: "https://devdocs.io"
- name: Devhints
url: "https://devhints.io"
- name: Lifestyle
links:
- name: Design Milk
url: "https://design-milk.com/category/interior-design/"
- name: Dwell
url: "https://www.dwell.com/"
- name: Freshome
url: "https://www.mymove.com/freshome/"
- name: Media
links:
- name: Spotify
url: "http://browse.spotify.com"
- name: Trakt
url: "http://trakt.tv"
- name: YouTube
url: "https://youtube.com/feed/subscriptions"
- name: Reading
links:
- name: Instapaper
url: "https://www.instapaper.com/u"
- name: Medium
url: "http://medium.com"
- name: Reddit
url: "http://reddit.com"
- name: Tech
links:
- name: Hacker News
url: "https://news.ycombinator.com/"
- name: The Verge
url: "https://theverge.com/"
- name: MIT Technology Review
url: "https://www.technologyreview.com/"
ingress:
main:
enabled: true
ingressClassName: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-staging"
hajimari.io/enable: "true"
hajimari.io/icon: "weather-sunset"
nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
hosts:
- host: "hajimari.${SECRET_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- "hajimari.${SECRET_DOMAIN}"
secretName: "hajimari-tls"
persistence:
data:
enabled: true
existingClaim: hajimari-config
podAnnotations:
configmap.reloader.stakater.com/reload: "hajimari-settings"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
memory: 256Mi

6
cluster/apps/default/hajimari/kustomization.yaml
Unescape View File

@ -1,6 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- config-pvc.yaml
- helm-release.yaml

9
cluster/apps/kube-system/kube-vip/kustomization.yaml
Unescape View File

@ -1,9 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- daemon-set.yaml
labels:
- pairs:
kustomize.toolkit.fluxcd.io/prune: disabled

44
cluster/apps/kube-system/kube-vip/rbac.yaml
Unescape View File

@ -1,44 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-vip
namespace: kube-system
secrets:
- name: kube-vip
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: kube-vip
namespace: kube-system
annotations:
kubernetes.io/service-account.name: kube-vip
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
name: system:kube-vip-role
rules:
- apiGroups: [""]
resources: ["services", "services/status", "nodes"]
verbs: ["list", "get", "watch", "update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["list", "get", "watch", "update", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:kube-vip-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-vip-role
subjects:
- kind: ServiceAccount
name: kube-vip
namespace: kube-system

1
cluster/apps/kube-system/kustomization.yaml
Unescape View File

@ -5,5 +5,4 @@ resources:
- namespace.yaml
- cert-manager
# - kured
- metrics-server
- reloader

30
cluster/apps/kube-system/metrics-server/helm-release.yaml
Unescape View File

@ -1,30 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: metrics-server
namespace: kube-system
spec:
interval: 15m
chart:
spec:
chart: metrics-server
version: 3.8.2
sourceRef:
kind: HelmRepository
name: metrics-server
namespace: flux-system
interval: 15m
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
values:
args:
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s

5
cluster/apps/kube-system/metrics-server/kustomization.yaml
Unescape View File

@ -1,5 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

39
cluster/apps/networking/cloudflare-ddns/cloudflare-ddns.sh
Unescape View File

@ -1,39 +0,0 @@
#!/usr/bin/env bash
set -o nounset
set -o errexit
current_ipv4="$(curl -s https://ipv4.icanhazip.com/)"
zone_id=$(curl -s -X GET \
"https://api.cloudflare.com/client/v4/zones?name=${CLOUDFLARE_RECORD_NAME#*.}&status=active" \
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
-H "X-Auth-Key: ${CLOUDFLARE_APIKEY}" \
-H "Content-Type: application/json" \
| jq --raw-output ".result[0] | .id"
)
record_ipv4=$(curl -s -X GET \
"https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records?name=${CLOUDFLARE_RECORD_NAME}&type=A" \
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
-H "X-Auth-Key: ${CLOUDFLARE_APIKEY}" \
-H "Content-Type: application/json" \
)
old_ip4=$(echo "$record_ipv4" | jq --raw-output '.result[0] | .content')
if [[ "${current_ipv4}" == "${old_ip4}" ]]; then
printf "%s - IP Address '%s' has not changed" "$(date -u)" "${current_ipv4}"
exit 0
fi
record_ipv4_identifier="$(echo "$record_ipv4" | jq --raw-output '.result[0] | .id')"
update_ipv4=$(curl -s -X PUT \
"https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_ipv4_identifier}" \
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
-H "X-Auth-Key: ${CLOUDFLARE_APIKEY}" \
-H "Content-Type: application/json" \
--data "{\"id\":\"${zone_id}\",\"type\":\"A\",\"proxied\":true,\"name\":\"${CLOUDFLARE_RECORD_NAME}\",\"content\":\"${current_ipv4}\"}" \
)
if [[ "$(echo "$update_ipv4" | jq --raw-output '.success')" == "true" ]]; then
printf "%s - Success - IP Address '%s' has been updated" "$(date -u)" "${current_ipv4}"
exit 0
else
printf "%s - Yikes - Updating IP Address '%s' has failed" "$(date -u)" "${current_ipv4}"
exit 1
fi

42
cluster/apps/networking/cloudflare-ddns/cron-job.yaml
Unescape View File

@ -1,42 +0,0 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: cloudflare-ddns
namespace: networking
spec:
schedule: "0 * * * *"
concurrencyPolicy: "Forbid"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 5
jobTemplate:
spec:
backoffLimit: 3
ttlSecondsAfterFinished: 300
template:
spec:
restartPolicy: Never
containers:
- name: cloudflare-ddns
image: ghcr.io/onedr0p/kubernetes-kubectl:1.25.0
envFrom:
- secretRef:
name: cloudflare-ddns
command:
- "/bin/bash"
- "/app/cloudflare-ddns.sh"
volumeMounts:
- name: cloudflare-ddns
mountPath: /app/cloudflare-ddns.sh
subPath: cloudflare-ddns.sh
readOnly: true
volumes:
- name: cloudflare-ddns
projected:
defaultMode: 0775
sources:
- configMap:
name: cloudflare-ddns
items:
- key: cloudflare-ddns.sh
path: cloudflare-ddns.sh

15
cluster/apps/networking/cloudflare-ddns/kustomization.yaml
Unescape View File

@ -1,15 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cron-job.yaml
- secret.sops.yaml
namespace: networking
configMapGenerator:
- name: cloudflare-ddns
files:
- cloudflare-ddns.sh
generatorOptions:
disableNameSuffixHash: true
annotations:
kustomize.toolkit.fluxcd.io/substitute: disabled

37
cluster/apps/networking/k8s-gateway/helm-release.yaml
Unescape View File

@ -1,37 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: k8s-gateway
namespace: networking
spec:
interval: 15m
chart:
spec:
chart: k8s-gateway
version: 1.1.12
sourceRef:
kind: HelmRepository
name: k8s-gateway
namespace: flux-system
interval: 15m
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
dependsOn:
- name: metallb
namespace: networking
values:
fullnameOverride: k8s-gateway
domain: ${SECRET_DOMAIN}
ttl: 1
service:
type: LoadBalancer
port: 53
annotations:
metallb.universe.tf/loadBalancerIPs: "${METALLB_K8S_GATEWAY_ADDR}"
externalTrafficPolicy: Local

5
cluster/apps/networking/k8s-gateway/kustomization.yaml
Unescape View File

@ -1,5 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

1
cluster/apps/networking/kustomization.yaml
Unescape View File

@ -7,4 +7,3 @@ resources:
- external-dns
- ingress-nginx
- metallb
- k8s-gateway

2
cluster/flux/flux-system/flux-installation.yaml
Unescape View File

@ -8,7 +8,7 @@ spec:
interval: 10m
ref:
# renovate: datasource=github-releases depName=fluxcd/flux2
tag: "v0.32.0"
tag: "v0.33.0"
url: https://github.com/fluxcd/flux2
ignore: |
# exclude all

Write Preview
Loading…
Cancel
Save