whole bunch of fixes

apps/adguard/configmap.yaml

@@ -2,7 +2,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: adguard-home-config
-  namespace: adguard
 data:
   AdGuardHome.yaml: |-
     bind_host: 0.0.0.0

apps/adguard/deployment.yaml

@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: adguard-home
-  namespace: adguard
 spec:
   replicas: 1
   revisionHistoryLimit: 3

apps/adguard/ingress.yaml

@@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRouteTCP
 metadata:
   name: adguard-tls-ingress
-  namespace: adguard
 spec:
   entryPoints:
     - dnsovertls

apps/adguard/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - namespace.yaml
+  - configmap.yaml
+  - ingress.yaml
+  - service.yaml
+  - deployment.yaml
+
+namespace: adguard
+

apps/adguard/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/adguard/service.yaml

@@ -1,8 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: adguard-home
+  name: adguard-home-web
-  namespace: adguard
 spec:
   ports:
   - name: http
@@ -22,7 +21,6 @@ metadata:
     metallb.universe.tf/allow-shared-ip: adguard-svc
 
   name: adguard-home-dns-tcp
-  namespace: adguard
 spec:
   allocateLoadBalancerNodePorts: true
   loadBalancerIP: 192.168.3.2
@@ -45,7 +43,6 @@ metadata:
     metallb.universe.tf/allow-shared-ip: adguard-svc
 
   name: adguard-home-dns-udp
-  namespace: adguard
 spec:
   allocateLoadBalancerNodePorts: true
   loadBalancerIP: 192.168.3.2
@@ -58,4 +55,4 @@ spec:
   selector:
     app.kubernetes.io/instance: adguard
     app.kubernetes.io/name: adguard-home
-  type: LoadBalancer
+  type: LoadBalancer

apps/media/ingress.yaml

@@ -12,8 +12,8 @@ spec:
         - name: jellyfin-websocket
       kind: Rule
       services:
-        - name: jellyfin
+        - name: jellyfin-web
-          port: 8096
+          port: 8080
   tls:
     certResolver: default-tls
 

apps/media/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - namespace.yaml
+  - pvc.yaml
+  - server.deployment.yaml
+  - server.service.yaml
+  - web.deployment.yaml
+  - web.service.yaml
+  - ingress.yaml
+
+namespace: media

apps/media/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/media/pvc.yaml

@@ -4,12 +4,9 @@ kind: PersistentVolume
 metadata:
   namespace: media
   name: jellyfin-config-nfs
-
 spec:
-  # storageClassName: slow
   capacity:
     storage: "1Gi"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
@@ -29,6 +26,7 @@ spec:
     requests:
       storage: "1Gi"
   volumeName: jellyfin-config-nfs
+
 ---
 
 apiVersion: v1
@@ -37,10 +35,8 @@ metadata:
   namespace: media
   name: jellyfin-data-nfs
 spec:
-  # storageClassName: slow
   capacity:
     storage: "1Ti"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
@@ -53,7 +49,7 @@ metadata:
   namespace: media
   name: jellyfin-data-nfs
 spec:
-  storageClassName: nfs-client
+  storageClassName: ""
   accessModes:
     - ReadWriteOnce
   resources:

apps/media/server.deployment.yaml

@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin-server
+spec:
+  selector:
+    matchLabels:
+      app: jellyfin-server
+  template:
+    metadata:
+      labels:
+        app: jellyfin-server
+    spec:
+      containers:
+      - name: jellyfin-server
+        image: jellyfin/jellyfin:10.8.9
+        resources:
+          limits:
+            memory: "500Mi"
+            cpu: "2"
+        ports:
+        - containerPort: 8096
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        volumeMounts:
+        - name: jellyfin-config
+          mountPath: /config
+        - name: jellyfin-data
+          mountPath: /media
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 8096
+          initialDelaySeconds: 100
+          periodSeconds: 15
+      volumes:
+      - name: jellyfin-config
+        persistentVolumeClaim:
+          claimName: jellyfin-config-nfs
+      - name: jellyfin-data
+        persistentVolumeClaim:
+          claimName: jellyfin-data-nfs
+

apps/media/server.service.yaml

@@ -0,0 +1,12 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-server
+spec:
+  selector:
+    app: jellyfin-server
+  ports:
+    - protocol: TCP
+      port: 8096
+      targetPort: 8096

apps/media/web.deployment.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin-web
+spec:
+  selector:
+    matchLabels:
+      app: jellyfin-web
+  template:
+    metadata:
+      labels:
+        app: jellyfin-web
+    spec:
+      containers:
+      - name: jellyfin-web
+        image: ghcr.io/jellyfin/jellyfin-vue
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "30m"
+        ports:
+        - containerPort: 8080
+        env:
+        - name: TZ
+          value: Europe/Berlin
+        - name: DEFAULT_SERVERS
+          value: "jellyfin-server:8096"

apps/media/web.service.yaml

@@ -0,0 +1,12 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin-web
+spec:
+  selector:
+    app: jellyfin-web
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080

infrastructure/gitea/drone-server.deployment.yaml

@@ -92,13 +92,9 @@ apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: drone-data-nfs
-  labels:
-    directory: drone
 spec:
-  # storageClassName: fast
   capacity:
     storage: "1Gi"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
@@ -110,15 +106,10 @@ kind: PersistentVolumeClaim
 metadata:
   name: drone-data-nfs
 spec:
-  # storageClassName: fast
+  storageClassName: ""
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: "1Gi"
-  selector:
+  volumeName: drone-data-nfs
-    matchLabels:
-      directory: drone
-
-
-

infrastructure/gitea/gitea.pvc.yaml

@@ -39,13 +39,12 @@ spec:
     server: 192.168.1.157
 
 ---
-
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: gitea-postgresql-data-nfs
 spec:
-  storageClassName: nfs-client
+  storageClassName: ""
   accessModes:
     - ReadWriteOnce
   resources:

infrastructure/gitea/gitea.values.yaml

@@ -68,26 +68,12 @@ resources:
 
 
 ## @section Persistence
-#
-## @param persistence.enabled Enable persistent storage
-## @param persistence.existingClaim Use an existing claim to store repository information
-## @param persistence.size Size for persistence to store repo information
-## @param persistence.accessModes AccessMode for persistence
-## @param persistence.labels Labels for the persistence volume claim to be created
-## @param persistence.annotations Annotations for the persistence volume claim to be created
-## @param persistence.storageClass Name of the storage class to use
-## @param persistence.subPath Subdirectory of the volume to mount at
 persistence:
   enabled: true
-  existingClaim: gitea-data-nfs
+  create: false
+  mount: true
+  claimName: gitea-data-nfs
 
-  size: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  labels: {}
-  annotations: {}
-  storageClass:
-  subPath:
 
 
 # Configure commit/action signing prerequisites
@@ -99,13 +85,6 @@ persistence:
 ## @param signing.existingSecret Use an existing secret to store the value of `signing.privateKey`
 signing:
   enabled: false
-  gpgHome: /data/git/.gnupg
-  privateKey: ""
-  # privateKey: |-
-  #   -----BEGIN PGP PRIVATE KEY BLOCK-----
-  #   ...
-  #   -----END PGP PRIVATE KEY BLOCK-----
-  existingSecret: ""
 
 ## @section Gitea
 #
@@ -135,6 +114,7 @@ gitea:
       DOMAIN: git.kluster.moll.re
       ROOT_URL: https://git.kluster.moll.re
       SSH_LISTEN_PORT: 2222
+      SSH_PORT: 2222
     actions:
       ENABLED: true
 
@@ -177,8 +157,8 @@ postgresql:
     tag: 11
   # diagnosticMode:
   #   enabled: true
-  # containerSecurityContext:
+  containerSecurityContext:
-  #   runAsUser: 0
+    runAsUser: 0
   global:
     postgresql:
       auth:
@@ -192,7 +172,16 @@ postgresql:
     persistence:
       size: 10Gi
       existingClaim: gitea-postgresql-data-nfs
-      mountPath: /bitnami/postgresql/data
+      # mountPath: /bitnami/postgresql/data
+
+
+
+redis-cluster:
+  enabled: true
+  usePassword: false
+  cluster:
+    nodes: 3 # default: 6
+    replicas: 0 # default: 1
 
 
 postgresql-ha:
@@ -206,12 +195,3 @@ postgresql-ha:
 ## @param test.image.name Image name for the wget container used in the test-connection Pod.
 ## @param test.image.tag Image tag for the wget container used in the test-connection Pod.
 checkDeprecation: true
-test:
-  enabled: true
-  image:
-    name: busybox
-    tag: latest
-
-## @param extraDeploy Array of extra objects to deploy with the release
-##
-extraDeploy: []

infrastructure/gitea/kustomization.yaml

@@ -1,18 +1,19 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources: 
-- namespace.yaml
+  - namespace.yaml
-- gitea.pvc.yaml
+  - gitea.pvc.yaml
-- gitea.ingress.yaml
+  - gitea.ingress.yaml
-- drone-kube-runner.deployment.yaml
+  - drone-kube-runner.deployment.yaml
-- drone-server.deployment.yaml
+  - drone-server.deployment.yaml
-- drone-server.sealedsecret.yaml
+  - drone-server.sealedsecret.yaml
 
 namespace: gitea
 
 
 helmCharts:
   - name: gitea
+    namespace: gitea # needs to be set explicitly for svc to be referenced correctly
     releaseName: gitea
     version: 9.6.1
     valuesFile: gitea.values.yaml

kluster-deployments/adguard/application.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: adguard-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/adguard
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: adguard
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

kluster-deployments/adguard/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - application.yaml

kluster-deployments/kustomization.yaml

@@ -24,3 +24,5 @@ resources:
   - homeassistant/
   - ntfy/
   - rss/
+  - adguard/
+  - media/

kluster-deployments/media/application.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: media-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/media/
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: media
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

kluster-deployments/media/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml