From 9fb018adbe183e0b816cbfebe7f5de9b6003bd65 Mon Sep 17 00:00:00 2001 From: djpbessems Date: Thu, 4 Apr 2024 09:29:35 +1100 Subject: [PATCH] PiHole++;Upgraded ArgoCD & Argus --- services/Argus/deployment-argus.yml | 2 +- .../deployment-act-runner-dind-rootless.yaml | 5 ++- .../Gitea/deployment-act-runner-dind.yaml | 5 ++- services/PiHole/_namespace-pihole.yaml | 4 ++ services/PiHole/deployment-pihole.yaml | 41 +++++++++++++++++++ services/PiHole/ingressroute-pihole.yaml | 17 ++++++++ ...istentvolume-flexvolsmb-pihole-config.yaml | 18 ++++++++ ...rsistentvolume-flexvolsmb-pihole-data.yaml | 18 ++++++++ ...tvolumeclaim-flexvolsmb-pihole-config.yaml | 12 ++++++ ...entvolumeclaim-flexvolsmb-pihole-data.yaml | 12 ++++++ .../sealedsecret-flexvolsmb-credentials.yaml | 17 ++++++++ services/PiHole/service-pihole-tcp.yaml | 15 +++++++ services/PiHole/service-pihole-udp.yaml | 15 +++++++ services/PiHole/service-pihole.yaml | 12 ++++++ system/ArgoCD/chart-values.yml | 9 ++-- 15 files changed, 193 insertions(+), 9 deletions(-) create mode 100644 services/PiHole/_namespace-pihole.yaml create mode 100644 services/PiHole/deployment-pihole.yaml create mode 100644 services/PiHole/ingressroute-pihole.yaml create mode 100644 services/PiHole/persistentvolume-flexvolsmb-pihole-config.yaml create mode 100644 services/PiHole/persistentvolume-flexvolsmb-pihole-data.yaml create mode 100644 services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-config.yaml create mode 100644 services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-data.yaml create mode 100644 services/PiHole/sealedsecret-flexvolsmb-credentials.yaml create mode 100644 services/PiHole/service-pihole-tcp.yaml create mode 100644 services/PiHole/service-pihole-udp.yaml create mode 100644 services/PiHole/service-pihole.yaml diff --git a/services/Argus/deployment-argus.yml b/services/Argus/deployment-argus.yml index 2681acf..a756fc9 100644 --- a/services/Argus/deployment-argus.yml +++ b/services/Argus/deployment-argus.yml @@ -18,7 +18,7 @@ spec: serviceAccountName: argus containers: - name: argus - image: releaseargus/argus:0.15.2 + image: releaseargus/argus:0.16.0 args: - -config.file=/app/config/config.yml ports: diff --git a/services/Gitea/deployment-act-runner-dind-rootless.yaml b/services/Gitea/deployment-act-runner-dind-rootless.yaml index fd889ec..56211cd 100644 --- a/services/Gitea/deployment-act-runner-dind-rootless.yaml +++ b/services/Gitea/deployment-act-runner-dind-rootless.yaml @@ -10,7 +10,8 @@ spec: selector: matchLabels: app: act-runner-dind-rootless - strategy: {} + strategy: + type: Recreate template: metadata: creationTimestamp: null @@ -49,7 +50,7 @@ spec: - name: GITEA_INSTANCE_URL value: http://gitea.gitea.svc.cluster.local:3000 - name: GITEA_RUNNER_LABELS - value: dind-rootless:docker://node:16-bullseye + value: dind-rootless:docker://node:21-bullseye - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: diff --git a/services/Gitea/deployment-act-runner-dind.yaml b/services/Gitea/deployment-act-runner-dind.yaml index 1e105c7..8f17ded 100644 --- a/services/Gitea/deployment-act-runner-dind.yaml +++ b/services/Gitea/deployment-act-runner-dind.yaml @@ -10,7 +10,8 @@ spec: selector: matchLabels: app: act-runner-dind - strategy: {} + strategy: + type: Recreate template: metadata: creationTimestamp: null @@ -47,7 +48,7 @@ spec: - name: GITEA_INSTANCE_URL value: http://gitea.gitea.svc.cluster.local:3000 - name: GITEA_RUNNER_LABELS - value: dind:docker://node:16-bullseye + value: dind:docker://node:21-bullseye - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: diff --git a/services/PiHole/_namespace-pihole.yaml b/services/PiHole/_namespace-pihole.yaml new file mode 100644 index 0000000..9693809 --- /dev/null +++ b/services/PiHole/_namespace-pihole.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: pihole diff --git a/services/PiHole/deployment-pihole.yaml b/services/PiHole/deployment-pihole.yaml new file mode 100644 index 0000000..20b24a3 --- /dev/null +++ b/services/PiHole/deployment-pihole.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pihole + namespace: pihole + labels: + app: pihole +spec: + replicas: 1 + selector: + matchLabels: + app: pihole + template: + metadata: + labels: + app: pihole + spec: + containers: + - name: pihole + image: pihole/pihole + ports: + - name: web + containerPort: 80 + - name: dns-tcp + containerPort: 53 + protocol: TCP + - name: dns-udp + containerPort: 53 + protocol: UDP + volumeMounts: + - mountPath: /etc/pihole + name: flexvolsmb-pihole-config + - mountPath: /etc/dnsmasq.d + name: flexvolsmb-pihole-data + volumes: + - name: flexvolsmb-pihole-config + persistentVolumeClaim: + claimName: flexvolsmb-pihole-config + - name: flexvolsmb-pihole-data + persistentVolumeClaim: + claimName: flexvolsmb-pihole-data diff --git a/services/PiHole/ingressroute-pihole.yaml b/services/PiHole/ingressroute-pihole.yaml new file mode 100644 index 0000000..ddc7ef2 --- /dev/null +++ b/services/PiHole/ingressroute-pihole.yaml @@ -0,0 +1,17 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: pihole + namespace: pihole +spec: + entryPoints: + - websecure + routes: + - match: Host(`d.itch.fyi`) + kind: Rule + services: + - name: pihole + port: 80 + middlewares: + - name: security-headers@file + - name: compression@file diff --git a/services/PiHole/persistentvolume-flexvolsmb-pihole-config.yaml b/services/PiHole/persistentvolume-flexvolsmb-pihole-config.yaml new file mode 100644 index 0000000..a19d141 --- /dev/null +++ b/services/PiHole/persistentvolume-flexvolsmb-pihole-config.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-pihole-config +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-pihole-config + flexVolume: + driver: mount/smb + secretRef: + name: flexvolsmb-credentials + options: + opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl + server: 192.168.154.225 + share: /K3s.Volumes/pihole/config diff --git a/services/PiHole/persistentvolume-flexvolsmb-pihole-data.yaml b/services/PiHole/persistentvolume-flexvolsmb-pihole-data.yaml new file mode 100644 index 0000000..288d23f --- /dev/null +++ b/services/PiHole/persistentvolume-flexvolsmb-pihole-data.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: flexvolsmb-pihole-data +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-pihole-data + flexVolume: + driver: mount/smb + secretRef: + name: flexvolsmb-credentials + options: + opts: file_mode=0777,dir_mode=0777,iocharset=utf8 + server: 192.168.154.225 + share: /K3s.Volumes/pihole/data diff --git a/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-config.yaml b/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-config.yaml new file mode 100644 index 0000000..c43bd1a --- /dev/null +++ b/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-pihole-config + namespace: pihole +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-pihole-config + resources: + requests: + storage: 1Gi diff --git a/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-data.yaml b/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-data.yaml new file mode 100644 index 0000000..3f4c5c9 --- /dev/null +++ b/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-data.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: flexvolsmb-pihole-data + namespace: pihole +spec: + accessModes: + - ReadWriteMany + storageClassName: flexvolsmb-pihole-data + resources: + requests: + storage: 1Gi diff --git a/services/PiHole/sealedsecret-flexvolsmb-credentials.yaml b/services/PiHole/sealedsecret-flexvolsmb-credentials.yaml new file mode 100644 index 0000000..d6785d7 --- /dev/null +++ b/services/PiHole/sealedsecret-flexvolsmb-credentials.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: pihole +spec: + encryptedData: + password: AgCoyz6o9upiAQ5xyiwZuUTTk/bbYD8DxNN1JtiV2lNsh7UMiuresBzrNIEEQvcqGkncNIudHaUIQZrJT8bSZA3bkH9usHPOXlaB8tptun/4Q4QyBDInHi6RSyh4q6Zch7pBPZ5wJpAFTf6ncqC5PaTpdujtrhjQ4AMcuyjtcCXTVoZJDybe+8cizT9ISVLVwYaq06eiCvTDZj397M+v/cWt0fpPwS1/60K5hNJm5/QfLWloE+SqBKZBRUgWIxEbY/CbUfjJHrELPirYJtGcK22EW62bQ7mA0jEUGQOW50aKQrMyyqGTZRfuoFfZ613XCrmiinb7YWgW+V5cUn6xYONUya24J46WfqvqT/Xuc0EVJP+jdUdRpPj60ZuDTbQ3/QjcXZu2wR/3BSc66ETAVnBUSqI78elCvLYhrV44W1C40MX2jFskBygwjR+CClWh9/lW+qaKbVlvTZ2SoKmHP5+QzIlhnQBELnG7Ymhg9SbJ4kIgAqFPuSpx8KVQfhdKGXSL8HWzx6LaYbF5+E+ulUVBbZcWCn8bTR0X1D1CWTs0Jl89fzrwqG50GFXpZy3LSCvPpXwlBllvG7bd/KTJmAcazPacweopfhQrE4DdfgpZpjXda+0RludztWL0OBnRsDlmDOZdyOU7QHUeIokCdfP6+BrRbXmZ1UyP0ZqUutxtjemC21jIC3NhDfCmQQnUl3oKCOKpUQcUjFIOEJkhyFJb + username: AgAvastUnBdsnCNtUqjVPo/zb/fV+Zac/oRNSx5kjM4XeCZ/o70VCYQUiQKrpnHOG3oo3E/RXjjcDynQJzFxixW+wZ2/aIFeOO6an/9zjNvtzOmoOepWqt6M68XV/4GUDds/2qDzHkvunc2PhpkzMQ1r0jyeIJAM/ZZxtjofnUmPbPtQ9eLILWeLdIEPSr3m2vf4Y0tmjqQUZkAVhvz0Vdo6+uqIyd6bVGU5k8W6jx0iUUYrixCTLbpGdHpsYRSMCpW8A0uqi9hHYhWbURYXql3ADgR6AfnCI0JyFC7RU9lIl7mLb+EvJ+UMH02xdm5URKWO8PokfeKcBlFMCIjHoeb1WB8S3kajBwWuZwWyHkheEqSFUk2yFekmqDgzLtOKBgmt88gq7bbTHBMUQiggL8BPft83MvyRSEFAEDafkluvwcMuwPQJQIAfFr4QliIBlJA+HO617Frf51HNi5RiH5GfPE81QqyXhkd9+VPNcedxuFS3AugXIWFUSwJOhC8fVDpd08lsANj8dIh5/Gcqr1pRLPwr9SPBffuClUwNZdHmJFFI6gngsJoNZhjNCFYILzvq2GsOKySCBrBiCSfmA7RaexQByf4fZWnfIrSrwa51DbsLhF3zmpIMR5n/LUreMNLMxkd+vyr7QuTPfTpPJggRq1G8ts6Bi2gf5AQhyT5G5OT7rknhEyZuUX0kh4pZAvGKO2Ab1HA= + template: + data: null + metadata: + creationTimestamp: null + name: flexvolsmb-credentials + namespace: pihole + type: mount/smb diff --git a/services/PiHole/service-pihole-tcp.yaml b/services/PiHole/service-pihole-tcp.yaml new file mode 100644 index 0000000..e87c3df --- /dev/null +++ b/services/PiHole/service-pihole-tcp.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: pihole-tcp + namespace: pihole +spec: + loadBalancerIP: 192.168.154.240 + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - protocol: TCP + name: dns-tcp + port: 53 + selector: + app: pihole diff --git a/services/PiHole/service-pihole-udp.yaml b/services/PiHole/service-pihole-udp.yaml new file mode 100644 index 0000000..1b6e088 --- /dev/null +++ b/services/PiHole/service-pihole-udp.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: pihole-udp + namespace: pihole +spec: + loadBalancerIP: 192.168.154.240 + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - protocol: UDP + name: dns-udp + port: 53 + selector: + app: pihole diff --git a/services/PiHole/service-pihole.yaml b/services/PiHole/service-pihole.yaml new file mode 100644 index 0000000..83c6332 --- /dev/null +++ b/services/PiHole/service-pihole.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: pihole + namespace: pihole +spec: + ports: + - protocol: TCP + name: web + port: 80 + selector: + app: pihole diff --git a/system/ArgoCD/chart-values.yml b/system/ArgoCD/chart-values.yml index 797fed5..285aa59 100644 --- a/system/ArgoCD/chart-values.yml +++ b/system/ArgoCD/chart-values.yml @@ -1,7 +1,8 @@ +configs: + params: + server.insecure: true +global: + domain: gitops.spamasaurus.com server: - extraArgs: - - --insecure ingress: enabled: true - hosts: - - gitops.spamasaurus.com