Linkerd++;Overseerr++;TfState++;rebase DroneCI to prevent deadlock

ingress/Traefik2.x/chart-values.yml

@@ -1,6 +1,6 @@
 image:
   name: bv11-cr01.bessems.eu/proxy/library/traefik
-  tag: 2.3.7
+#  tag: '2.4'
 
 ports:
   rtmp:

services/DroneCI/deploy-DroneCI.yml

@@ -39,7 +39,8 @@ spec:
       serviceAccountName: drone
       containers:
       - name: drone
-        image: bv11-cr01.bessems.eu/proxy/drone/drone:latest
+#        image: bv11-cr01.bessems.eu/proxy/drone/drone:latest
+        image: drone/drone:latest
         command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-server"]
         env:
         - name: DRONE_SERVER_PROTO
@@ -67,7 +68,8 @@ spec:
         - mountPath: /data
           name: flexvolsmb-drone-data
       - name: drone-runner
-        image: bv11-cr01.bessems.eu/proxy/drone/drone-runner-kube:latest
+#        image: bv11-cr01.bessems.eu/proxy/drone/drone-runner-kube:latest
+        image: drone/drone-runner-kube:latest
         command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-runner-kube"]
         ports:
         - containerPort: 3000
@@ -76,6 +78,10 @@ spec:
           value: 'ci.spamasaurus.com'
         - name: DRONE_RPC_PROTO
           value: 'https'
+        - name: DRONE_RUNNER_CAPACITY
+          value: '2'
+        - name: DRONE_RUNNER_MAX_PROCS
+          value: '3'
       volumes:
       - name: flexvolsmb-drone-output
         persistentVolumeClaim:
@@ -142,11 +148,43 @@ spec:
 ---
 apiVersion: v1
 kind: PersistentVolume
+metadata:
+  name: flexvolsmb-drone-certs
+spec:
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-certs
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8
+      server: 192.168.11.225
+      share: /K3s.Volumes/traefikcertsdumper/export
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-drone-certs
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-drone-certs
+  resources:
+    requests:
+      storage: 100Gi
+---
+apiVersion: v1
+kind: PersistentVolume
 metadata:
   name: flexvolsmb-drone-output
 spec:
   capacity:
-    storage: 1Gi
+    storage: 100Gi
   accessModes:
     - ReadWriteMany
   storageClassName: flexvolsmb-drone-output
@@ -170,7 +208,7 @@ spec:
   storageClassName: flexvolsmb-drone-output
   resources:
     requests:
-      storage: 1Gi
+      storage: 100Gi
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1

services/Linkerd/ingressRoute-Linkerd.yml

@@ -0,0 +1,19 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: linkerd
+  namespace: linkerd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`mesh.spamasaurus.com`)
+      kind: Rule
+      services:
+        - name: linkerd-web
+          port: 8084
+          namespace: linkerd
+      middlewares:
+        - name: 2fa-authentication@file
+        - name: security-headers@file
+        - name: compression@file

services/PVR/deploy-Overseerr.yml

@@ -0,0 +1,103 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: overseerr
+  namespace: pvr
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 5055
+  selector:
+    app: overseerr
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: overseerr
+  namespace: pvr
+  labels:
+    app: overseerr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: overseerr
+  template:
+    metadata:
+      labels:
+        app: overseerr
+    spec:
+      containers:
+      - name: overseerr
+        image: bv11-cr01.bessems.eu/proxy/sctx/overseerr
+        ports:
+          - name: web
+            containerPort: 5055
+        volumeMounts:
+        - mountPath: /app/config
+          name: flexvolsmb-overseerr-config
+      volumes:
+      - name: flexvolsmb-overseerr-config
+        persistentVolumeClaim:
+          claimName: flexvolsmb-overseerr-config
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: overseerr
+  namespace: pvr
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`requests.pvr.spamasaurus.com`)
+    kind: Rule
+    services:
+    - name: overseerr
+      port: 5055
+    middlewares:
+      - name: 2fa-authentication@file
+      - name: security-headers@file
+      - name: compression@file
+  tls:
+    options:
+      name: defaults@file
+    certResolver: default
+    domains:
+    - main: '*.pvr.spamasaurus.com'
+      sans:
+        - 'pvr.spamasaurus.com'
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-overseerr-config
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-overseerr-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
+      server: 192.168.11.225
+      share: /K3s.Volumes/overseerr/config
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-overseerr-config
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-overseerr-config
+  resources:
+    requests:
+      storage: 1Gi

services/TfState/deploy-TfState.yml

@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tfstate
+spec:
+  ports:
+    - protocol: TCP
+      name: db
+      port: 5432
+  selector:
+    app: tfstate
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tfstate
+  labels:
+    app: tfstate
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tfstate
+  template:
+    metadata:
+      labels:
+        app: tfstate
+    spec:
+      containers:
+      - name: postgres
+        image: bv11-cr01.bessems.eu/proxy/library/postgres:alpine
+        env:
+        - name: POSTGRES_USER
+          value: terraform
+        - name: POSTGRES_PASSWORD
+          value: terraform
+        - name: POSTGRES_DB
+          value: terraform_backend
+        ports:
+          - name: db
+            containerPort: 5432
+        volumeMounts:
+        - mountPath: /var/lib/postgresql/data
+          name: flexvolsmb-tfstate-db
+      volumes:
+      - name: flexvolsmb-tfstate-db
+        persistentVolumeClaim:
+          claimName: flexvolsmb-tfstate-db
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-tfstate-db
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-tfstate-db
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0600,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
+      server: 192.168.11.225
+      share: /K3s.Volumes/tfstate/db
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-tfstate-db
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-tfstate-db
+  resources:
+    requests:
+      storage: 1Gi