djpbessems/Kubernetes.K3s.installLog
djpbessems
/
Kubernetes.K3s.installLog
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Removed Harbor's ingressRoute;Replaced Harbor's fqdn in all deployments

This commit is contained in:
Danny Bessems 2020-12-04 09:41:15 +01:00
parent 051f7fcbad
commit 93683f68d3
25 changed files with 72 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -245,32 +245,26 @@ kubectl exec -i guacamole-<pod-id> --container guacamole -- /opt/guacamole/bin/i
kubectl exec -i guacamole-<pod-id> --container mysql -- mysql -uguacamole -pguacamole guacamole < initdb.sql
kubectl rollout restart deployment guacamole
```
##### 4.7) [Harbor](https://goharbor.io/) <small>(container image registry)</small>
*Running externally; refer to [Ansible.Harbor](https://code.spamasaurus.com/djpbessems/Ansible.Harbor/src/branch/master)-repository for actual setup*
Create `Endpoint`, `service` and `ingressRoute`
```
kubectl apply -f services/Harbor/ingressRoute-Harbor.yml
```
##### 4.8) [Lighttpd](https://www.lighttpd.net/) <small>(webserver)</small>
##### 4.7) [Lighttpd](https://www.lighttpd.net/) <small>(webserver)</small>
*Serves various semi-containerized websites; respective webcontent is stored on fileshare*
```
kubectl apply -f services/Lighttpd/configMap-Lighttpd.yml
kubectl apply -f services/Lighttpd/deploy-Lighttpd.yml
kubectl apply -f services/Lighttpd/cronJob-Spotweb.yml
```
##### 4.9) PVR `namespace` <small>(automated media management)</small>
##### 4.8) PVR `namespace` <small>(automated media management)</small>
*Containers use shared resources to be able to interact with downloaded files*
```
kubectl create secret generic --type=mount/smb smb-secret --from-literal=username=<<omitted>> --from-literal=password=<<omitted>> -n pvr
kubectl apply -f services/PVR/persistentVolumeClaim-PVR.yml
kubectl apply -f services/PVR/storageClass-PVR.yml
```
###### 4.9.1) [NZBHydra](https://github.com/theotherp/nzbhydra2) <small>(index aggregator)</small>
###### 4.8.1) [NZBHydra](https://github.com/theotherp/nzbhydra2) <small>(index aggregator)</small>
```
kubectl apply -f services/PVR/deploy-NZBHydra.yml
```
###### 4.9.2) [Plex](https://www.plex.tv/) <small>(media library)</small>
###### 4.8.2) [Plex](https://www.plex.tv/) <small>(media library)</small>
*Due to usage of symlinks, partially incompatible with SMB-share-backed storage*
```
kubectl apply -f services/PVR/deploy-Plex.yml
@ -280,32 +274,32 @@ After deploying, Plex server needs to be *claimed* (=assigned to Plex-account):
kubectl get endpoints Plex -n PVR
```
Browse to the respective IP address (http://<nodeipaddress>:32400/web) and follow instructions.
###### 4.9.3) [Radarr](https://radarr.video/) <small>(movie management)</small>
###### 4.8.3) [Radarr](https://radarr.video/) <small>(movie management)</small>
```
kubectl apply -f services/PVR/deploy-Radarr.yml
```
###### 4.9.4) [Readarr](https://readarr.com/) <small>(book management)</small>
###### 4.8.4) [Readarr](https://readarr.com/) <small>(book management)</small>
```
kubectl apply -f services/PVR/deploy-Readarr.yml
```
###### 4.9.5) [SABnzbd](https://sabnzbd.org/) <small>(download client)</small>
###### 4.8.5) [SABnzbd](https://sabnzbd.org/) <small>(download client)</small>
```
kubectl apply -f services/PVR/deploy-SABnzbd.yml
```
###### 4.9.6) [Sonarr](https://sonarr.tv/) <small>(tv management)</small>
###### 4.8.6) [Sonarr](https://sonarr.tv/) <small>(tv management)</small>
```
kubectl apply -f services/PVR/deploy-Sonarr.yml
```
##### 4.10) [Shaarli](https://github.com/shaarli/Shaarli) <small>(bookmarks/notes)</small>
##### 4.9) [Shaarli](https://github.com/shaarli/Shaarli) <small>(bookmarks/notes)</small>
```
kubectl apply -f services/Shaarli/deploy-Shaarli.yml
```
##### 4.11) [Theia](https://theia-ide.org/) <small>(web IDE)</small>
##### 4.10) [Theia](https://theia-ide.org/) <small>(web IDE)</small>
```
kubectl apply -f services/Theia/deploy-Theia.yml
```
##### 4.12) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper) <small>(certificate tooling)</small>
##### 4.11) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper) <small>(certificate tooling)</small>
```
kubectl apply -f services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml
```

2
ingress/Traefik2.x/chart-values.yml
View File

@ -1,5 +1,5 @@
image:
name: traefik
name: bv11-cr01.bessems.eu/proxy/library/traefik
# tag: 2.3.2
ports:

2
services/Adminer/deploy-Adminer.yml
View File

@ -37,7 +37,7 @@ spec:
serviceAccountName: adminer
containers:
- name: adminer
image: registry.spamasaurus.com/proxy/library/adminer
image: bv11-cr01.bessems.eu/proxy/library/adminer
ports:
- name: web
containerPort: 8080

2
services/Bitwarden/deploy-Bitwarden.yml
View File

@ -42,7 +42,7 @@ spec:
serviceAccountName: bitwarden
containers:
- name: bitwarden
image: bitwardenrs/server
image: bv11-cr01.bessems.eu/proxy/bitwardenrs/server
args: ["sh", "-c", ". /vault/secrets/bitwarden && /start.sh"]
env:
- name: ENABLE_DB_WAL

2
services/DDclient/deploy-DDclient.yml
View File

@ -16,7 +16,7 @@ spec:
spec:
containers:
- name: ddclient
image: registry.spamasaurus.com/proxy/linuxserver/ddclient
image: bv11-cr01.bessems.eu/proxy/linuxserver/ddclient
volumeMounts:
- mountPath: /config
name: ddclient-secret

38
services/DroneCI/deploy-DroneCI.yml
View File

@ -39,7 +39,7 @@ spec:
serviceAccountName: drone
containers:
- name: drone
image: drone/drone:latest
image: bv11-cr01.bessems.eu/proxy/drone/drone:latest
command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-server"]
env:
- name: DRONE_SERVER_PROTO
@ -58,6 +58,8 @@ spec:
value: 'false'
- name: DRONE_AGENTS_ENABLED
value: 'true'
- name: DRONE_USER_CREATE
value: 'username:djpbessems,admin:true'
ports:
- name: ui
containerPort: 80
@ -65,7 +67,7 @@ spec:
- mountPath: /data
name: flexvolsmb-drone-data
- name: drone-runner
image: drone/drone-runner-kube:latest
image: bv11-cr01.bessems.eu/proxy/drone/drone-runner-kube:latest
command: ["sh", "-c", ". /vault/secrets/drone && /bin/drone-runner-kube"]
ports:
- containerPort: 3000
@ -135,6 +137,38 @@ spec:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: flexvolsmb-drone-certs
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-certs
flexVolume:
driver: mount/smb
secretRef:
name: smb-secret
options:
opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
server: 192.168.11.225
share: /K3s.Volumes/traefikcertsdumper/export
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flexvolsmb-drone-certs
namespace: default
spec:
accessModes:
- ReadWriteMany
storageClassName: flexvolsmb-drone-certs
resources:
requests:
storage: 1Gi
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:

2
services/Gitea/deploy-Gitea.yml
View File

@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: gitea
image: registry.spamasaurus.com/proxy/gitea/gitea:1
image: bv11-cr01.bessems.eu/proxy/gitea/gitea:1
env:
- name: DB_TYPE
value: 'sqlite3'

2
services/Gotify/deploy-Gotify.yml
View File

@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: gotify
image: registry.spamasaurus.com/proxy/gotify/server
image: bv11-cr01.bessems.eu/proxy/gotify/server
ports:
- name: web
containerPort: 80

6
services/Guacamole/deploy-Guacamole.yml
View File

@ -35,7 +35,7 @@ spec:
hostname: guacamole
containers:
- name: guacamole
image: registry.spamasaurus.com/proxy/guacamole/guacamole
image: bv11-cr01.bessems.eu/proxy/guacamole/guacamole
env:
- name: GUACD_HOSTNAME
value: 'guacamole.default.svc.cluster.local'
@ -53,7 +53,7 @@ spec:
- name: ui
containerPort: 8080
- name: guacd
image: registry.spamasaurus.com/proxy/guacamole/guacd
image: bv11-cr01.bessems.eu/proxy/guacamole/guacd
env:
- name: GUACD_LOG_LEVEL
value: 'debug'
@ -61,7 +61,7 @@ spec:
- name: proxy
containerPort: 4822
- name: mysql
image: registry.spamasaurus.com/proxy/library/mysql:latest
image: bv11-cr01.bessems.eu/proxy/library/mysql:latest
securityContext:
runAsUser: 999
runAsGroup: 999

50
services/Harbor/ingressRoute-Harbor.yml
View File

@ -1,50 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: harbor
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
name: harbor
subsets:
- addresses:
- ip: 192.168.11.249
ports:
- port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: harbor
spec:
entryPoints:
- websecure
routes:
- match: Host(`registry.spamasaurus.com`)
kind: Rule
services:
- name: harbor
port: 80
middlewares:
- name: security-headers@file
- name: compression@file
# - match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`)
# kind: Rule
# services:
# - name: harbor-harbor-core
# port: 80
# middlewares:
# - name: security-headers@file
# - match: Host(`notary.spamasaurus.com`)
# kind: Rule
# services:
# - name: harbor-harbor-notary-server
# port: 4443
# middlewares:
# - name: security-headers@file

2
services/Lighttpd/deploy-Lighttpd.yml
View File

@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: lighttpd-php-pwsh
image: registry.spamasaurus.com/library/lighttpd-php-powershell
image: bv11-cr01.bessems.eu/library/lighttpd-php-powershell
ports:
- name: web
containerPort: 8080

2
services/PVR/deploy-NZBHydra.yml
View File

@ -30,7 +30,7 @@ spec:
spec:
containers:
- name: nzbhydra
image: registry.spamasaurus.com/proxy/linuxserver/nzbhydra2
image: bv11-cr01.bessems.eu/proxy/linuxserver/nzbhydra2
ports:
- name: web
containerPort: 5076

2
services/PVR/deploy-Plex.yml
View File

@ -31,7 +31,7 @@ spec:
hostNetwork: true
containers:
- name: plex
image: registry.spamasaurus.com/proxy/linuxserver/plex
image: bv11-cr01.bessems.eu/proxy/linuxserver/plex
ports:
- name: web
containerPort: 32400

2
services/PVR/deploy-Radarr.yml
View File

@ -30,7 +30,7 @@ spec:
spec:
containers:
- name: radarr
image: registry.spamasaurus.com/proxy/linuxserver/radarr:nightly
image: bv11-cr01.bessems.eu/proxy/linuxserver/radarr:nightly
ports:
- name: web
containerPort: 7878

2
services/PVR/deploy-Readarr.yml
View File

@ -30,7 +30,7 @@ spec:
spec:
containers:
- name: readarr
image: registry.spamasaurus.com/proxy/hotio/readarr:nightly
image: bv11-cr01.bessems.eu/proxy/hotio/readarr:nightly
env:
- name: DEBUG
value: 'yes'

2
services/PVR/deploy-SABnzbd.yml
View File

@ -30,7 +30,7 @@ spec:
spec:
containers:
- name: sabnzbd
image: registry.spamasaurus.com/proxy/linuxserver/sabnzbd
image: bv11-cr01.bessems.eu/proxy/linuxserver/sabnzbd
ports:
- name: web
containerPort: 8080

2
services/PVR/deploy-Sonarr.yml
View File

@ -30,7 +30,7 @@ spec:
spec:
containers:
- name: sonarr
image: registry.spamasaurus.com/proxy/linuxserver/sonarr:preview
image: bv11-cr01.bessems.eu/proxy/linuxserver/sonarr:preview
ports:
- name: web
containerPort: 8989

2
services/Shaarli/deploy-Shaarli.yml
View File

@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: shaarli
image: registry.spamasaurus.com/proxy/shaarli/shaarli
image: bv11-cr01.bessems.eu/proxy/shaarli/shaarli
ports:
- name: web
containerPort: 80

2
services/Theia/deploy-Theia.yml
View File

@ -28,7 +28,7 @@ spec:
spec:
containers:
- name: theia
image: registry.spamasaurus.com/proxy/theiaide/theia-full
image: bv11-cr01.bessems.eu/proxy/theiaide/theia-full
ports:
- name: web
containerPort: 3000

2
services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml
View File

@ -16,7 +16,7 @@ spec:
spec:
containers:
- name: traefik-certs-dumper
image: registry.spamasaurus.com/proxy/ldez/traefik-certs-dumper:latest-amd64
image: bv11-cr01.bessems.eu/proxy/ldez/traefik-certs-dumper:latest-amd64
command: ['traefik-certs-dumper', 'file']
args:
- --watch

2
services/Unifi/deploy-Unifi.yml
View File

@ -67,7 +67,7 @@ spec:
spec:
containers:
- name: unifi
image: linuxserver/unifi-controller
image: bv11-cr01.bessems.eu/proxy/linuxserver/unifi-controller
ports:
- name: web
containerPort: 8443

2
system/InotifyMaxWatchers/daemonSet-InotifyMaxWatchers.yml
View File

@ -15,7 +15,7 @@ spec:
spec:
containers:
- name: inotify-max-watchers
image: alpine
image: bv11-cr01.bessems.eu/proxy/library/alpine
imagePullPolicy: Always
securityContext:
privileged: true

2
system/RolloutRestart/cronjob-RolloutRestart.yml
View File

@ -49,7 +49,7 @@ spec:
restartPolicy: Never
containers:
- name: kubectl
image: registry.spamasaurus.com/proxy/bitnami/kubectl
image: bv11-cr01.bessems.eu/proxy/bitnami/kubectl
command:
- 'bash'
- '-c'

4
system/UpgradeController/plan-Agent.yml
View File

@ -14,8 +14,8 @@ spec:
args:
- prepare
- server-plan
image: rancher/k3s-upgrade:v1.19.3-k3s2
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade:v1.19.3-k3s2
serviceAccountName: system-upgrade
upgrade:
image: rancher/k3s-upgrade
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade
channel: https://update.k3s.io/v1-release/channels/stable

2
system/UpgradeController/plan-Server.yml
View File

@ -14,5 +14,5 @@ spec:
- "true"
serviceAccountName: system-upgrade
upgrade:
image: rancher/k3s-upgrade
image: bv11-cr01.bessems.eu/proxy/rancher/k3s-upgrade
channel: https://update.k3s.io/v1-release/channels/stable