remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: remoll:206f8e4c50ae439133aaa78aa49eb8599235927b
Branches Tags
remoll:main remoll:renovate/ghcr.io-coder-code-server-4.x remoll:feature/music remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync
..
compare: remoll:feature/affine
Branches Tags
remoll:main remoll:renovate/ghcr.io-coder-code-server-4.x remoll:feature/music remoll:feature/headscale remoll:feature/media-downloads remoll:feature/crowdsec remoll:feature/matrix remoll:feature/llm remoll:feature/gaming remoll:feature/affine remoll:feature/unified-file-sync

2 Commits
206f8e4c50 ... feature/af

Author SHA1 Message Date
Remy Moll
ab96719964 small fixes 2024-05-15 17:57:15 +02:00
Remy Moll
0215ecaf87 add (broken) deployment 2024-05-13 14:27:34 +02:00
20 changed files with 169 additions and 151 deletions
Expand all files Collapse all files

58
apps/affine/deployment.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: affine
spec:
selector:
matchLabels:
app: affine
template:
metadata:
labels:
app: affine
spec:
containers:
- name: affine
image: affine
resources:
limits:
memory: "512Mi"
cpu: "1"
env:
- name: AFFINE_SERVER_HOST
value: "affine.kluster.moll.re"
- name: AFFINE_SERVER_PORT
value: "443"
- name: AFFINE_SERVER_HTTPS
value: "true"
- name: AFFINE_CONFIG_PATH
value: "/root/.affine/config"
- name: AFFINE_ADMIN_EMAIL
value: "me@moll.re"
- name: AFFINE_ADMIN_PASSWORD
value: "password"
- name: TELEMETRY_ENABLE
value: "false"
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: postgres-credentials
key: url
- name: NODE_OPTIONS
value: "--import=./scripts/register.js"
- name: NODE_ENV
value: "production"
ports:
- containerPort: 3010
volumeMounts:
- name: affine-data
mountPath: /root/.affine/storage
- name: affine-config
mountPath: /root/.affine/config
volumes:
- name: affine-data
persistentVolumeClaim:
claimName: affine-data
- name: affine-config
persistentVolumeClaim:
claimName: affine-config

15
apps/affine/ingress.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: affine-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`affine.kluster.moll.re`)
kind: Rule
services:
- name: affine-web
port: 3010
tls:
certResolver: default-tls

20
apps/affine/kustomization.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: affine
resources:
- namespace.yaml
- deployment.yaml
- service.yaml
- ingress.yaml
- postgres.yaml
- pvc.yaml
- postgres-credentials.secret.yaml
images:
- name: affine
newName: ghcr.io/toeverything/affine-graphql
newTag: stable

4
apps/affine/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

20
apps/affine/postgres.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: affine-postgres
spec:
instances: 1
bootstrap:
initdb:
owner: affine
database: affine
secret:
name: postgres-credentials
storage:
size: 1Gi
pvcTemplate:
storageClassName: "nfs-client"
resources:
requests:
storage: "1Gi"

23
apps/affine/pvc.yaml Normal file
View File

@@ -0,0 +1,23 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: affine-data
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 15Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: affine-config
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

10
apps/affine/service.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: affine-web
spec:
selector:
app: affine
ports:
- port: 3010
targetPort: 3010

2
apps/files/kustomization.yaml
View File

@@ -13,4 +13,4 @@ namespace: files
images: images:
- name: ocis - name: ocis
newName: owncloud/ocis newName: owncloud/ocis
newTag: "5.0.4" newTag: "5.0.3"

4
apps/immich/kustomization.yaml
View File

@@ -19,6 +19,6 @@ helmCharts:
images: images:
- name: ghcr.io/immich-app/immich-machine-learning - name: ghcr.io/immich-app/immich-machine-learning
newTag: v1.105.1 newTag: v1.103.1
- name: ghcr.io/immich-app/immich-server - name: ghcr.io/immich-app/immich-server
newTag: v1.105.1 newTag: v1.103.1

2
apps/media/kustomization.yaml
View File

@@ -14,7 +14,7 @@ resources:
images: images:
- name: jellyfin/jellyfin - name: jellyfin/jellyfin
newName: jellyfin/jellyfin newName: jellyfin/jellyfin
newTag: 10.9.2 newTag: 10.9.0
- name: ghcr.io/jellyfin/jellyfin-vue - name: ghcr.io/jellyfin/jellyfin-vue
newName: ghcr.io/jellyfin/jellyfin-vue newName: ghcr.io/jellyfin/jellyfin-vue
newTag: stable-rc.0.3.1 newTag: stable-rc.0.3.1

16
apps/minecraft/curseforge.sealedsecret.yaml
View File

@@ -1,16 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: curseforge-api
namespace: minecraft
spec:
encryptedData:
key: AgBYeAiejdmxDBorvgnxQX5YvUhR3NId2vfWybMKlc27e6D/bKglLNyZMk70xSnFAPjcDmZ20mYjFPYvDOr9T6IU/REJ8QlzoKAn0xW779R4SkIxRToT+dJv+OM2avgQ9uqp7vja29xeXMjYAnQML+QGZKcrT8mE04G/Ty8rdUiv3yUXK5HFAR3SUF35aVLdlthLjpRkv1s0R7GAP4L2pNzBJNV3i37viceUSSjU0zpOa23fsQOkPAs67AIukAJBqh/hyF/hR9H1GeYZNTI3OcHcvC2iNk/XGstvv0Zy6ApzoebsfWGdsbVn+QUI0EBw+mSTPqpl71cbkz0v4S4XAVndosxWpe6AIgm5MBTU0FXIyGyoFDe1aMPq8BXiQikYVwB48oVNh9KF0xXX5AOG0whB/FEsL3OJsiNQvQ3R/Hru43JBn64oxjVtLfM3E7u8v/xr1VQahX8dylDmb4s5EV01U6O4y19Ou4td1eEMlhpJb0fBPDRUYuWxZAEDGmp+U4tAakyPed11VkcZPPn9fKAAcv8sGs3TYAbbF18hqsBnv2Wd+i7ZEvKwmdmfR/T0r1TJGsvKI7jaW0QtH256XrSxQp7a52qMKMVQWOSKw2k27t/IkRhxT2Prw4GfJvaVr4RozUaBf3LV/hfDWlDfmM2zg3X9W8HkzjotGg021OLxsa0Wzmhffvb8h4bvZwxeq3U1xaJocqXui7z0rT2pF4z3wYHR/lPtexHcOA2M8gfBGKb1rBKh+kW+N+/ZfVLNI0mokg5vrTO2nR2rb4c=
template:
metadata:
creationTimestamp: null
name: curseforge-api
namespace: minecraft
type: Opaque

23
apps/minecraft/deployment.yaml
View File

@@ -16,31 +16,28 @@ spec:
image: minecraft image: minecraft
resources: resources:
limits: limits:
memory: "6000Mi" memory: "4000Mi"
cpu: "3" cpu: "2500m"
requests: requests:
memory: "1500Mi" memory: "1000Mi"
cpu: "500m" cpu: "500m"
ports: ports:
- containerPort: 25565 - containerPort: 25565
env: env:
- name: EULA - name: EULA
value: "TRUE" value: "TRUE"
- name: TYPE - name: MODPACK
value: "AUTO_CURSEFORGE" value: "https://www.curseforge.com/api/v1/mods/711537/files/5076228/download"
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: curseforge-api
key: key
- name: CF_SLUG
value: "vault-hunters-1-18-2"
- name: VERSION - name: VERSION
value: "1.18.2" value: "1.18.2"
# - name: VERSION
# value: "1.16.5"
# - name: MODPACK
# value: "https://mediafilez.forgecdn.net/files/3602/5/VaultHunters-OfficialModpack-1.12.1-Server.zip"
- name: INIT_MEMORY - name: INIT_MEMORY
value: "1G" value: "1G"
- name: MAX_MEMORY - name: MAX_MEMORY
value: "5G" value: "3G"
- name: MOTD - name: MOTD
value: "VaultHunters baby!" value: "VaultHunters baby!"
- name: ENABLE_RCON - name: ENABLE_RCON

2
apps/minecraft/kustomization.yaml
View File

@@ -8,8 +8,6 @@ resources:
- pvc.yaml - pvc.yaml
- deployment.yaml - deployment.yaml
- service.yaml - service.yaml
- curseforge.sealedsecret.yaml
images: images:
- name: minecraft - name: minecraft

2
apps/ntfy/kustomization.yaml
View File

@@ -13,4 +13,4 @@ resources:
images: images:
- name: binwiederhier/ntfy - name: binwiederhier/ntfy
newName: binwiederhier/ntfy newName: binwiederhier/ntfy
newTag: v2.11.0 newTag: v2.10.0

1
infrastructure/external/kustomization.yaml vendored
View File

@@ -9,4 +9,3 @@ resources:
- omv-s3.ingress.yaml - omv-s3.ingress.yaml
- openmediavault.ingress.yaml - openmediavault.ingress.yaml
- proxmox.ingress.yaml - proxmox.ingress.yaml
- wireguard.ingress.yaml

38
infrastructure/external/wireguard.ingress.yaml vendored
View File

@@ -1,38 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wireguard-ingressroute
namespace: external
spec:
entryPoints:
- websecure
routes:
- match: Host(`wireguard.kluster.moll.re`)
kind: Rule
services:
- name: wireguard
port: 443
scheme: https
tls:
certResolver: default-tls
---
apiVersion: v1
kind: Endpoints
metadata:
name: wireguard
namespace: external
subsets:
- addresses:
- ip: 192.168.2.1
ports:
- port: 443
---
apiVersion: v1
kind: Service
metadata:
name: wireguard
namespace: external
spec:
ports:
- port: 443
targetPort: 443

57
infrastructure/gitea/actions.deployment.yaml
View File

@@ -20,16 +20,7 @@ spec:
requests: requests:
memory: "128Mi" memory: "128Mi"
cpu: "500m" cpu: "500m"
limits:
memory: "2Gi"
cpu: "2"
env: env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: "1"
- name: GITEA_INSTANCE_URL - name: GITEA_INSTANCE_URL
value: "https://git.kluster.moll.re" value: "https://git.kluster.moll.re"
- name: GITEA_RUNNER_REGISTRATION_TOKEN - name: GITEA_RUNNER_REGISTRATION_TOKEN
@@ -37,56 +28,12 @@ spec:
secretKeyRef: secretKeyRef:
name: actions-runner-secret name: actions-runner-secret
key: runner-token key: runner-token
# - name: GITEA_RUNNER_LABELS
# value: ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye
- name: ACTIONS_RUNNER_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
value: "true"
- name: ACTIONS_RUNNER_CONTAINER_HOOKS
value: /home/runner/k8s/index.js
- name: ACTIONS_RUNNER_CLAIM_NAME
value: runner-workdir
- name: GITEA_RUNNER_LABELS - name: GITEA_RUNNER_LABELS
value: k8s value: k8s
volumeMounts: volumeMounts:
- name: runner-workdir
mountPath: /home/runner/_work
- name: runner-data - name: runner-data
mountPath: /data mountPath: /data
volumes: volumes:
- name: runner-workdir
persistentVolumeClaim:
claimName: runner-workdir
- name: runner-data - name: runner-data
persistentVolumeClaim: emptyDir: {}
claimName: runner-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: runner-data
spec:
resources:
requests:
storage: 5Gi
storageClassName: "nfs-client"
volumeMode: Filesystem
accessModes:
- ReadWriteMany
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: runner-workdir
spec:
resources:
requests:
storage: 5Gi
storageClassName: "nfs-client"
volumeMode: Filesystem
accessModes:
- ReadWriteMany

2
infrastructure/gitea/kustomization.yaml
View File

@@ -18,7 +18,7 @@ namespace: gitea
images: images:
- name: actions-runner - name: actions-runner
newName: ghcr.io/christopherhx/gitea-actions-runner newName: ghcr.io/christopherhx/gitea-actions-runner
newTag: nightly newTag: v0.0.11
helmCharts: helmCharts:

1
kluster-deployments/kustomization.yaml
View File

@@ -32,7 +32,6 @@ resources:
- immich/ - immich/
- journal/ - journal/
- media/ - media/
- minecraft/application.yaml
- monitoring/ - monitoring/
- ntfy/ - ntfy/
- recipes/ - recipes/

18
kluster-deployments/minecraft/application.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: minecraft-application
namespace: argocd
spec:
project: apps
source:
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/minecraft
destination:
server: https://kubernetes.default.svc
namespace: minecraft
syncPolicy:
automated:
prune: true
selfHeal: false