diff --git a/services/DroneCI/deploy-DroneCI.yml b/services/DroneCI/deploy-DroneCI.yml index 0207dc4..5b15d10 100644 --- a/services/DroneCI/deploy-DroneCI.yml +++ b/services/DroneCI/deploy-DroneCI.yml @@ -39,7 +39,6 @@ spec: serviceAccountName: drone containers: - name: drone -# image: bv11-cr01.bessems.eu/proxy/drone/drone:latest image: drone/drone:latest command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-server"] env: @@ -61,6 +60,8 @@ spec: value: 'true' - name: DRONE_USER_CREATE value: 'username:djpbessems,admin:true' + - name: DRONE_TMATE_ENABLED + value: 'false' ports: - name: ui containerPort: 80 @@ -68,7 +69,6 @@ spec: - mountPath: /data name: flexvolsmb-drone-data - name: drone-runner -# image: bv11-cr01.bessems.eu/proxy/drone/drone-runner-kube:latest image: drone/drone-runner-kube:latest command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-runner-kube"] ports: @@ -83,9 +83,6 @@ spec: - name: DRONE_RUNNER_MAX_PROCS value: '3' volumes: - - name: flexvolsmb-drone-output - persistentVolumeClaim: - claimName: flexvolsmb-drone-output - name: flexvolsmb-drone-data persistentVolumeClaim: claimName: flexvolsmb-drone-data @@ -152,7 +149,7 @@ metadata: name: flexvolsmb-drone-certs spec: capacity: - storage: 100Gi + storage: 10Gi accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-certs @@ -176,7 +173,7 @@ spec: storageClassName: flexvolsmb-drone-certs resources: requests: - storage: 100Gi + storage: 10Gi --- apiVersion: v1 kind: PersistentVolume @@ -184,7 +181,7 @@ metadata: name: flexvolsmb-drone-output spec: capacity: - storage: 100Gi + storage: 10Gi accessModes: - ReadWriteMany storageClassName: flexvolsmb-drone-output @@ -208,7 +205,39 @@ spec: storageClassName: flexvolsmb-drone-output resources: requests: - storage: 100Gi + storage: 10Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-drone-scratch +spec: + capacity: + storage: 25Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-drone-scratch + flexVolume: + driver: mount/smb + secretRef: + name: smb-secret + options: + opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 + server: 192.168.11.225 + share: /K3s.Volumes/drone/scratch +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-drone-scratch + namespace: default +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-drone-scratch + resources: + requests: + storage: 25Gi --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/services/Matrix/configMap-Matrix.yml b/services/Matrix.WIP/configMap-Matrix.yml similarity index 98% rename from services/Matrix/configMap-Matrix.yml rename to services/Matrix.WIP/configMap-Matrix.yml index e57003c..00e45f8 100644 --- a/services/Matrix/configMap-Matrix.yml +++ b/services/Matrix.WIP/configMap-Matrix.yml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: configmap-matrix-config + namespace: matrix data: config.json: | { diff --git a/services/Matrix.WIP/deploy-Matrix.yml b/services/Matrix.WIP/deploy-Matrix.yml new file mode 100644 index 0000000..d860256 --- /dev/null +++ b/services/Matrix.WIP/deploy-Matrix.yml @@ -0,0 +1,370 @@ +apiVersion: v1 +kind: Service +metadata: + name: matrix + namespace: matrix +spec: + ports: + - protocol: TCP + name: synapse + port: 8008 + - protocol: TCP + name: db + port: 5432 + - protocol: TCP + name: element + port: 80 + selector: + app: matrix +--- +apiVersion: v1 +kind: Service +metadata: + name: identity + namespace: matrix +spec: + ports: + - protocol: TCP + name: identity + port: 8090 + - protocol: TCP + name: db + port: 5432 + selector: + app: identity +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: matrix + namespace: matrix + labels: + app: matrix +spec: + replicas: 1 + selector: + matchLabels: + app: matrix + template: + metadata: + labels: + app: matrix + spec: + containers: + - name: synapse + image: bv11-cr01.bessems.eu/proxy/matrixdotorg/synapse:latest +# args: +# - generate + env: +# - name: SYNAPSE_SERVER_NAME +# value: spamasaurus.com +# - name: SYNAPSE_REPORT_STATS +# value: 'no' + - name: SYNAPSE_CONFIG_PATH + value: /data/homeserver.yaml + ports: + - name: synapse + containerPort: 8008 + volumeMounts: + - mountPath: /data + name: flexvolsmb-matrix-data + - name: postgres + image: bv11-cr01.bessems.eu/proxy/library/postgres:alpine + env: + - name: POSTGRES_USER + value: synapse + - name: POSTGRES_PASSWORD + value: synapse + - name: POSTGRES_INITDB_ARGS + value: --encoding=UTF-8 --lc-collate=C --lc-ctype=C + ports: + - name: db + containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: flexvolsmb-matrix-db + - name: element + image: bv11-cr01.bessems.eu/proxy/vectorim/element-web + ports: + - name: element + containerPort: 80 + volumeMounts: + - name: configmap-matrix-config + mountPath: /usr/share/nginx/html/config.json + subPath: config.json + volumes: + - name: flexvolsmb-matrix-data + persistentVolumeClaim: + claimName: flexvolsmb-matrix-data + - name: flexvolsmb-matrix-db + persistentVolumeClaim: + claimName: flexvolsmb-matrix-db + - name: configmap-matrix-config + configMap: + name: configmap-matrix-config +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: identity + namespace: matrix + labels: + app: identity +spec: + replicas: 1 + selector: + matchLabels: + app: identity + template: + metadata: + labels: + app: identity + spec: + containers: + - name: identity + image: bv11-cr01.bessems.eu/library/matrix-identity + env: + - name: MATRIX_DOMAIN + value: chat.spamasaurus.com + ports: + - name: identity + containerPort: 8090 + volumeMounts: + - name: flexvolsmb-identity-etc + mountPath: /etc/ma1sd + - name: flexvolsmb-identity-var + mountPath: /var/ma1sd + - name: postgres + image: bv11-cr01.bessems.eu/proxy/library/postgres:alpine + env: + - name: POSTGRES_USER + value: identity + - name: POSTGRES_PASSWORD + value: identity + - name: POSTGRES_DATABASE + value: identity + ports: + - name: db + containerPort: 5432 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: flexvolsmb-identity-db + volumes: + - name: flexvolsmb-identity-etc + persistentVolumeClaim: + claimName: flexvolsmb-identity-etc + - name: flexvolsmb-identity-var + persistentVolumeClaim: + claimName: flexvolsmb-identity-var + - name: flexvolsmb-identity-db + persistentVolumeClaim: + claimName: flexvolsmb-identity-db +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: matrix + namespace: matrix +spec: + entryPoints: + - websecure + routes: + - match: Host(`synapse.chat.spamasaurus.com`) + kind: Rule + services: + - name: matrix + namespace: matrix + port: 8008 + middlewares: + - name: security-headers@file + - name: compression@file + - name: matrix-cors-headers + - match: Host(`chat.spamasaurus.com`) + kind: Rule + services: + - name: matrix + namespace: matrix + port: 80 + middlewares: + - name: security-headers@file + - name: compression@file + - name: matrix-cors-headers +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: identity + namespace: matrix +spec: + entryPoints: + - websecure + routes: + - match: Host(`synapse.chat.spamasaurus.com`) && Path(`/_matrix/identity`) + kind: Rule + services: + - name: identity + namespace: matrix + port: 8090 + middlewares: + - name: security-headers@file + - name: compression@file +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-matrix-data +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-matrix-data + flexVolume: + driver: mount/smb + secretRef: + name: smb-secret + options: + opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 + server: 192.168.11.225 + share: /K3s.Volumes/matrix/synapse.data +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-matrix-data + namespace: matrix +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-matrix-data + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-matrix-db +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-matrix-db + flexVolume: + driver: mount/smb + secretRef: + name: smb-secret + options: + opts: domain=bessems.eu,file_mode=0600,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl + server: 192.168.11.225 + share: /K3s.Volumes/matrix/synapse.db +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-matrix-db + namespace: matrix +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-matrix-db + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-identity-etc +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-identity-etc + flexVolume: + driver: mount/smb + secretRef: + name: smb-secret + options: + opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 + server: 192.168.11.225 + share: /K3s.Volumes/matrix/identity.etc +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-identity-etc + namespace: matrix +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-identity-etc + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-identity-var +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-identity-var + flexVolume: + driver: mount/smb + secretRef: + name: smb-secret + options: + opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 + server: 192.168.11.225 + share: /K3s.Volumes/matrix/identity.var +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-identity-var + namespace: matrix +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-identity-var + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-identity-db +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-identity-db + flexVolume: + driver: mount/smb + secretRef: + name: smb-secret + options: + opts: domain=bessems.eu,file_mode=0600,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl + server: 192.168.11.225 + share: /K3s.Volumes/matrix/identity.db +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-identity-db + namespace: matrix +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-identity-db + resources: + requests: + storage: 1Gi diff --git a/services/Matrix/middleware-Matrix.yml b/services/Matrix.WIP/middleware-Matrix.yml similarity index 95% rename from services/Matrix/middleware-Matrix.yml rename to services/Matrix.WIP/middleware-Matrix.yml index c4f3e25..9a50dda 100644 --- a/services/Matrix/middleware-Matrix.yml +++ b/services/Matrix.WIP/middleware-Matrix.yml @@ -2,6 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: matrix-cors-headers + namespace: matrix spec: headers: accessControlAllowHeaders: diff --git a/services/Matrix/deploy-Matrix.yml b/services/Matrix/deploy-Matrix.yml deleted file mode 100644 index 85ec180..0000000 --- a/services/Matrix/deploy-Matrix.yml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: matrix -spec: - ports: - - protocol: TCP - name: synapse - port: 8008 - - protocol: TCP - name: db - port: 5432 - - protocol: TCP - name: element - port: 80 - selector: - app: matrix ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: matrix - labels: - app: matrix -spec: - replicas: 1 - selector: - matchLabels: - app: matrix - template: - metadata: - labels: - app: matrix - spec: - containers: - - name: synapse - image: bv11-cr01.bessems.eu/proxy/matrixdotorg/synapse:latest -# args: -# - generate - env: -# - name: SYNAPSE_SERVER_NAME -# value: spamasaurus.com -# - name: SYNAPSE_REPORT_STATS -# value: 'no' - - name: SYNAPSE_CONFIG_PATH - value: /data/homeserver.yaml - ports: - - name: synapse - containerPort: 8008 - volumeMounts: - - mountPath: /data - name: flexvolsmb-matrix-data - - name: postgres - image: bv11-cr01.bessems.eu/proxy/library/postgres:alpine - env: - - name: POSTGRES_USER - value: synapse - - name: POSTGRES_PASSWORD - value: synapse - - name: POSTGRES_INITDB_ARGS - value: --encoding=UTF-8 --lc-collate=C --lc-ctype=C - ports: - - name: db - containerPort: 5432 - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: flexvolsmb-matrix-db - - name: element - image: bv11-cr01.bessems.eu/proxy/vectorim/element-web - ports: - - name: element - containerPort: 80 - volumeMounts: - - name: configmap-matrix-config - mountPath: /usr/share/nginx/html/config.json - subPath: config.json - volumes: - - name: flexvolsmb-matrix-data - persistentVolumeClaim: - claimName: flexvolsmb-matrix-data - - name: flexvolsmb-matrix-db - persistentVolumeClaim: - claimName: flexvolsmb-matrix-db - - name: configmap-matrix-config - configMap: - name: configmap-matrix-config ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: matrix -spec: - entryPoints: - - websecure - routes: - - match: Host(`synapse.chat.spamasaurus.com`) - kind: Rule - services: - - name: matrix - port: 8008 - middlewares: - - name: security-headers@file - - name: compression@file - - name: matrix-cors-headers - - match: Host(`chat.spamasaurus.com`) - kind: Rule - services: - - name: matrix - port: 80 - middlewares: - - name: security-headers@file - - name: compression@file - - name: matrix-cors-headers ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: flexvolsmb-matrix-data -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-matrix-data - flexVolume: - driver: mount/smb - secretRef: - name: smb-secret - options: - opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8 - server: 192.168.11.225 - share: /K3s.Volumes/matrix/data ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: flexvolsmb-matrix-data - namespace: default -spec: - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-matrix-data - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: flexvolsmb-matrix-db -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-matrix-db - flexVolume: - driver: mount/smb - secretRef: - name: smb-secret - options: - opts: domain=bessems.eu,file_mode=0600,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl - server: 192.168.11.225 - share: /K3s.Volumes/matrix/db ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: flexvolsmb-matrix-db - namespace: default -spec: - accessModes: - - ReadWriteMany - storageClassName: flexvolsmb-matrix-db - resources: - requests: - storage: 1Gi diff --git a/services/PVR/deploy-Radarr.yml b/services/PVR/deploy-Radarr.yml index 09d1bec..8443e3f 100644 --- a/services/PVR/deploy-Radarr.yml +++ b/services/PVR/deploy-Radarr.yml @@ -31,6 +31,7 @@ spec: containers: - name: radarr image: bv11-cr01.bessems.eu/proxy/linuxserver/radarr:nightly + imagePullPolicy: Always ports: - name: web containerPort: 7878 diff --git a/services/PVR/deploy-Sonarr.yml b/services/PVR/deploy-Sonarr.yml index 250dda9..70bb17c 100644 --- a/services/PVR/deploy-Sonarr.yml +++ b/services/PVR/deploy-Sonarr.yml @@ -31,6 +31,7 @@ spec: containers: - name: sonarr image: bv11-cr01.bessems.eu/proxy/linuxserver/sonarr:preview + imagePullPolicy: Always ports: - name: web containerPort: 8989 diff --git a/services/PVR/namespace-PVR.yml b/services/PVR/namespace-PVR.yml new file mode 100644 index 0000000..bc7f9cc --- /dev/null +++ b/services/PVR/namespace-PVR.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + linkerd.io/inject: enabled + name: pvr diff --git a/services/Shaarli/deploy-Shaarli.yml b/services/Shaarli/deploy-Shaarli.yml index b932411..a6b9ac7 100644 --- a/services/Shaarli/deploy-Shaarli.yml +++ b/services/Shaarli/deploy-Shaarli.yml @@ -13,9 +13,9 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: shaarli labels: app: shaarli + name: shaarli spec: replicas: 1 selector: @@ -23,15 +23,17 @@ spec: app: shaarli template: metadata: + annotations: + linkerd.io/inject: enabled labels: app: shaarli spec: containers: - - name: shaarli - image: bv11-cr01.bessems.eu/proxy/shaarli/shaarli + - image: bv11-cr01.bessems.eu/proxy/shaarli/shaarli + name: shaarli ports: - - name: web - containerPort: 80 + - containerPort: 80 + name: web volumeMounts: - mountPath: /var/www/shaarli/cache name: flexvolsmb-shaarli-cache @@ -125,3 +127,4 @@ spec: resources: requests: storage: 1Gi +---