Compare commits
111 Commits
93b8328936
...
master
Author | SHA1 | Date | |
---|---|---|---|
a09b612b87 | |||
aeba919dbf | |||
11b95c4020 | |||
a543709c97 | |||
ac026251ca | |||
602e636e4d | |||
4122bd0603 | |||
0d6fc4f4a1 | |||
06cb457456 | |||
65b35b1e78 | |||
abbc07a1a2 | |||
151af491c5 | |||
420a1da277 | |||
54f4b27717 | |||
0d695d673b | |||
39894c043b | |||
cb6387265f | |||
3246f2f5e5 | |||
1c8c55f3f1 | |||
672ab00687 | |||
b6d3848365 | |||
77cf4c9729 | |||
dd0737d5a7 | |||
fd55bd98d0 | |||
0608ec8936 | |||
31a1b2b403 | |||
bea3d3822f | |||
f46a77a31c | |||
062f80fe03 | |||
b49a3bf570 | |||
9dc2f06ed8 | |||
e79e1d9b2f | |||
2a72ae033f | |||
aea22d8170 | |||
f68023b22c | |||
85615694b1 | |||
dd92793d98 | |||
d27dd9dbed | |||
17f228560e | |||
aeaa0da2f0 | |||
09d4209513 | |||
1ca9b325ab | |||
17144dd8f7 | |||
8d645e1089 | |||
30ada6e0f2 | |||
a09a513977 | |||
d0fe364416 | |||
d1174c4ca7 | |||
cf6bc7bcce | |||
32a58b7a17 | |||
ffcc42f525 | |||
510504a3e9 | |||
19763bee7d | |||
c3107be5d0 | |||
e158fb6a7d | |||
64e626efdf | |||
e814402f23 | |||
8c5fc26f27 | |||
c8744d2ecc | |||
4ea33540bd | |||
bb790668dc | |||
92e0a08565 | |||
bb2d591898 | |||
be01b17266 | |||
17a557432f | |||
489033cf14 | |||
b43b848692 | |||
e5f5e27133 | |||
f18350d890 | |||
4a48c0469b | |||
0b252584f4 | |||
093252609e | |||
b123f1b824 | |||
146b032d61 | |||
97bb460333 | |||
f8abcb4129 | |||
5fa2bda698 | |||
ec4008740e | |||
0ffc5b13a2 | |||
9508ac4185 | |||
6d144ffa39 | |||
a7e9dcaeb0 | |||
8f874b09d7 | |||
818825f13c | |||
4d680ef046 | |||
fed1b92628 | |||
43bb1cae89 | |||
1819e45341 | |||
797089e868 | |||
21dafc8d59 | |||
1313409e85 | |||
c98ecd0d7a | |||
24431e3ce4 | |||
ef3d1bac57 | |||
36e4aa4ff1 | |||
73038ac019 | |||
e1c449c0c4 | |||
dc280c06ea | |||
0cf244959d | |||
94ec6be3ac | |||
6432c07eb3 | |||
b0b7e5d102 | |||
ad81a889ff | |||
9c0199bfa2 | |||
9ea7472ddb | |||
b44768c042 | |||
cc53be7f7c | |||
3000d8152f | |||
82ed32b874 | |||
ee40f4a350 | |||
8aed060596 |
35
README.md
35
README.md
@ -118,26 +118,6 @@ helm install longhorn longhorn/longhorn --namespace longhorn-system --create-nam
|
||||
|
||||
Log on to the web interface and delete the default disks on each node (mounted at `/var/lib/longhorn`) and replace them with new disks mounted at `/mnt/blockstorage`.
|
||||
|
||||
Add additional `storageClass` with backup schedule:
|
||||
***After** specifying a NFS backup target (syntax: `nfs://servername:/path/to/share`) through Longhorn's dashboard*
|
||||
```yaml
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
name: longhorn-dailybackup
|
||||
provisioner: driver.longhorn.io
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
numberOfReplicas: "3"
|
||||
staleReplicaTimeout: "2880"
|
||||
fromBackup: ""
|
||||
recurringJobs: '[{"name":"backup", "task":"backup", "cron":"0 0 * * *", "retain":14}]'
|
||||
```
|
||||
Then make this the new default `storageClass`:
|
||||
```shell
|
||||
kubectl patch storageclass longhorn-dailybackup -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
|
||||
#kubectl delete storageclass longhorn
|
||||
```
|
||||
|
||||
### 3) Ingress Controller
|
||||
Reconfigure default Traefik configuration:
|
||||
@ -161,10 +141,6 @@ kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.pas
|
||||
```
|
||||
Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
|
||||
|
||||
Create ArgoCD applicationset
|
||||
```shell
|
||||
kubectl apply -f system/ArgoCD/applicationset-homelab.yml
|
||||
```
|
||||
### 5) Services
|
||||
##### 5.1) [Argus]() <small>(release management)</small>
|
||||
```shell
|
||||
@ -261,15 +237,4 @@ kubectl apply -f services/PVR/deploy-Sonarr.yml
|
||||
or
|
||||
|
||||
kubectl run -it --rm busybox --restart=Never --image=busybox:1.28 -- nslookup api.github.com [-debug] [fqdn]
|
||||
* Delete namespaces stuck in `Terminating` state:
|
||||
*First* check whether there are any resources still present; preventing the namespace from being deleted:
|
||||
|
||||
kubectl api-resources --verbs=list --namespaced -o name \
|
||||
| xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace>
|
||||
|
||||
Any resources returned should be deleted first (worth mentioning: if you get an error `error: unable to retrieve the complete list of server APIs`, you should check `kubectl get apiservice` for any apiservice with a status of `False`)
|
||||
If there are no resources left in the namespace, and it is still stuck *terminating*, the following commands remove the blocking finalizer (this is a last resort, you are bypassing protections put in place to prevent zombie processes):
|
||||
|
||||
kubectl get namespace <namespace> -o json | jq -j '.spec.finalizers=null' > tmp.json
|
||||
kubectl replace --raw "/api/v1/namespaces/<namespace>/finalize" -f ./tmp.json
|
||||
rm ./tmp.json
|
||||
|
@ -5,19 +5,22 @@ metadata:
|
||||
namespace: kube-system
|
||||
spec:
|
||||
valuesContent: |-
|
||||
core:
|
||||
defaultRuleSyntax: v2
|
||||
additionalArguments:
|
||||
- "--providers.file.directory=/etc/traefik/dynamic"
|
||||
- "--providers.file.watch=true"
|
||||
certResolvers:
|
||||
certificatesResolvers:
|
||||
default:
|
||||
email: letsencrypt.org.danny@spamasaurus.com
|
||||
storage: /data/acme.json
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
delayBeforeCheck: 5m0s
|
||||
resolvers:
|
||||
- 1.1.1.1:53
|
||||
- 1.0.0.1:53
|
||||
acme:
|
||||
email: letsencrypt.org.danny@spamasaurus.com
|
||||
storage: /data/acme.json
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
delayBeforeCheck: 5m0s
|
||||
resolvers:
|
||||
- 1.1.1.1:53
|
||||
- 1.0.0.1:53
|
||||
deployment:
|
||||
initContainers:
|
||||
- name: volume-permissions
|
||||
@ -66,8 +69,8 @@ spec:
|
||||
stsSeconds: 315360000
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
compression:
|
||||
compress: {}
|
||||
# compression:
|
||||
# compress: {}
|
||||
tls:
|
||||
options:
|
||||
defaults:
|
||||
@ -76,6 +79,7 @@ spec:
|
||||
curvePreferences:
|
||||
- secp521r1
|
||||
- secp384r1
|
||||
- secp256r1
|
||||
cipherSuites:
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
@ -123,8 +127,11 @@ spec:
|
||||
storageClass: longhorn
|
||||
ports:
|
||||
web:
|
||||
redirectTo:
|
||||
port: websecure
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
scheme: https
|
||||
permanent: true
|
||||
websecure:
|
||||
forwardedHeaders:
|
||||
insecure: true
|
||||
|
18
services/Argus/application-argus.yaml
Normal file
18
services/Argus/application-argus.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: argus
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
namespace: argus
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/Argus
|
||||
targetRevision: HEAD
|
@ -18,21 +18,21 @@ spec:
|
||||
serviceAccountName: argus
|
||||
containers:
|
||||
- name: argus
|
||||
image: releaseargus/argus:0.18.0
|
||||
image: releaseargus/argus:0.21.0
|
||||
args:
|
||||
- -config.file=/app/config/config.yml
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 8080
|
||||
volumeMounts:
|
||||
- name: flexvolsmb-argus-config
|
||||
- name: csismb-argus-config
|
||||
mountPath: /app/config
|
||||
- name: flexvolsmb-argus-data
|
||||
- name: csismb-argus-data
|
||||
mountPath: /app/data
|
||||
volumes:
|
||||
- name: flexvolsmb-argus-config
|
||||
- name: csismb-argus-config
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-argus-config
|
||||
- name: flexvolsmb-argus-data
|
||||
claimName: csismb-argus-config
|
||||
- name: csismb-argus-data
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-argus-data
|
||||
claimName: csismb-argus-data
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: argus
|
||||
@ -15,4 +15,4 @@ spec:
|
||||
middlewares:
|
||||
- name: 2fa-authentication@file
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: compression@file
|
||||
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-argus-config
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-argus-config
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/argus/config
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-argus-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-argus-data
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/argus/data
|
31
services/Argus/persistentvolume-csismb-argus-config.yaml
Normal file
31
services/Argus/persistentvolume-csismb-argus-config.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-argus-config
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-argus-config
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#argus#config
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: argus/config
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: argus
|
31
services/Argus/persistentvolume-csismb-argus-data.yaml
Normal file
31
services/Argus/persistentvolume-csismb-argus-data.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-argus-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-argus-data
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#argus#data
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: argus/data
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: argus
|
@ -1,13 +1,12 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-argus-data
|
||||
name: csismb-argus-config
|
||||
namespace: argus
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-argus-data
|
||||
storageClassName: csismb-argus-config
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,13 +1,12 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-argus-config
|
||||
name: csismb-argus-data
|
||||
namespace: argus
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-argus-config
|
||||
storageClassName: csismb-argus-data
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,16 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: argus
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAs9RV1K8QyPLGXXc0+RBOqY3VKNMa4No51KIOv9keZJavJFSzQPcuaWXqpl0fVI9zYXLyIHdyRbXL0GrvYlWboR1VPskFNcp7MnCkzRpawgo4QfE9Q+WDI4yZg4eK/8XGejAjCQU/KsFU8dVWHuHG1/W8kV2dOvKIhX6FTirKMDedVDmdgojAPMGM8+smPfC8+yBs5O4+IZtGKOe8mEH2c/3dYu6GK5q9N6czBYMuj1E0b+8fHjlWjh6fe5DDCUGUXqY2BZCxMSKOZReUbWEdPNU6MtdTHNglVhRMo//6mlA2VVkAlB9uaCdGmCMs/VJ3pS8NEeTd86zukyoY+j3JHvRrHuxGVEoKqnFE9pEgO/UB4SyuVVWbNQ4+QXdyDTHgmArvd+MfRvtdj9Kkc18CWKXyRTj41lKG+C/vBM0ATt+hk4QvacEt65kZ+fY6TZHYJq6JluuDrwQmDKcuv44uL6t9/aGpzfGTx4OnZqxC/qvX0V4GhkRzwLLxMhqZa1ZbqgRXLHero10f4JvD/usmJcHZP1hgohUXbSlOqNSWIQk0weaZjTabT1xBxXjVzDBywnzcmixmJsOuuZuvYrbrsKaHNC6gcvZArj/no9Rv5V4mVihRfGuxJs++GCAfq3FdseuMCCvLe306henvSftvSjNNodc+JFJaTf3m4PknSYH9uEkV2CXGm2obRUpUNBUiJd9Icr/ug4jOzNmZNOlOC
|
||||
username: AgCHpKikNpk3UAHuBA62jZSTdiVatTI8Qnmiu6LGhZYraks2h9gOtgjg6mukxXcy6IO6LKVr68DaxOfvYE4LdFQdrq0SI2syzofc4n+FCXn6f2HlBVhqOFGrVE9qUE36lKHJEFccvkirzhgpy2M8OX6KtwywTBvsVujzla5OXR19vgNao9jTzsOL98wQfU1TYyaBw9y45kyCB7x8PQNw78GmeWJ5KLVNXN/yHowE8Qmlvh86QV58NuTKC1rVbSqh3VnjnZuz/BSUUDV4GitZLqWKSZ5hZyPWC9DZXzUI85d8+BfHJ7hrPhBd7ehUpbpFQfIQQA1VNAZvOEXU5EClmd6iQ3fWrYo6hOxYZkiE/qcNkSLXmbWYBixq6s7RLJwHlxVNQt9J11XM5DY9OlA7XhPa9zo8FRrYDwkjQGahgA/AzwvIKpOBbVfCMSl+crm3jjQthEL3DN/6ZowYq5NXG9n6rhvOxTjvmqx9FP3RT5OyPFkXGCrTJ8JqPgxyp/Vy6si9bjiqzwJtXY6ZeyCFLW9mOdQmn2vgFxviDM8pxaBmOJFdbJNuiHV5Tc6iM9YBi3n3hTV/tbiMmKeVQSKydm5ZGsgD4/CJT4oDFynjhWObvYPLphb/hccM6m6c7Hf/i9FI1LOCk1cBRbyXRV9Cds92OljAx3YnaumyZ5eRgdROdAbcqqhjR48k/UCsY5tUv+LktyuzVqA=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: argus
|
||||
type: mount/smb
|
16
services/Argus/sealedsecret-smb-credentials.yaml
Normal file
16
services/Argus/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: argus
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgB8gU7Lj+Pn5B/oC8HtyKnKUzSvB7NRvxJOC2UmKjt3hj3pcRmfKrEh2khkcfSksb6x3f4ttIxYV2uFsXJfL4Wvi6zhsgvfgUHT12oD1/fuxD0LvHCm9otlGp8yyiQu5mPrFBdsGJswreBY53sD0UUdgu2riAlX0ESm+xKhzDJ6eSM8/Iz9Dq4GIhivLZ3OcZJw9hbgbelICIgvuxJZ3bWLfakPdeNDQUoayZuG3Z4GW0KPiqOMyaWz1/rljMHFaZHnFaszgKobwzPihsWWAnXEWmn54fwVBqfe/jNIo8CBvjlZGnMzinaS5lKTHObEVIG+F0XRI5VNFPa89NbsGKN71HJMFYU729lzdl58yy6B/5K789JRtxWUi/8I/7H8kLZWzUhUOqAcmLpVHKWnkH0Ub4MLtDyAaTJam5HqTtsvPDMW3+njiC+8vxC3n0X7q7pzAQQzM5JPZ7G/On6irFKe4LryfrphHiCB/gyJlLpBMXUqKJ4MvzUQU8G8e8W3OLMbtPl0O6oFuFxD8bUA4gdkoPO04bxlLvRmxlmavkbA0vFi60L6eyIOq5yzxvuEd7tzyD7SEO49hb8zW/LS/+H/PE/fCVT6crn+UbNOhgyaHR8pxlNpy6Z4PAti3mG8ZOtKVD0mx6fm8BCPHfWVFyC5YO6kNI285o4uuqsQI+SSZ+zkxwlFwvLcp1RdfJZFLUNyrQm3mlvMUY9xjZANlCHZ
|
||||
username: AgB67La0V5HRLzZ1RqR0Y0nufYKq3z0SK/go4AQ0aaZwQEE/mIy0c6xhdkwup7ava4PzTyOavEEQoluhojOcrVTz9qKUHoMQHcnhS3NagBc/QCeA+2rL15qw9ZUn5+sSU4OhM3UNCTy2jF1kMoXr2cdCi9pALRdAXPLhrccPoaItmWkA4bMRIe3on78BQUOlhF+zJjcMciPlDo+9ywY8ArShMHj5YlRgWQ6uOJmIH5FFp2BcXKP5d0gALoVQ4/Ek4zIkk4YubtO1C0sqfbvkTW+oxeymUSLd2PddGyF18iohfrgje6PQAvvtkDBX2hUuVcp8h2oFj2JkeZld4neOYpDFbdKwe1aGep24GxbYIt24j+iFfs8txqXhQQsHJWJmwHNB2798gPvjIxPC+G90V4/drsjr7KiAgdWKUaqU5JMDVo2HTSplyWpS1LZIGQmloafWiAXvTWQVIEg2044TXQIq2X7k3npbHU/KcWmlMqR1546QawsZAnohWaOIskqEBkG7nXx/eeYk7LVppP2TqdRtt+VfuvptXgfFhkOB2wUSOwqWH7OkQu/k3jtPR0FVJni+Hc1/+fKfuStwvEX+/1bdjZuS8DUGelOb1d/pXrHw+KypfzXcOoDaO31hJMQOEalXZc2GNJleAvLAxv34s8fFWKWvnEXqwYIaNwRPvX64GtencJwyFo/rdO/HH7gVIhA2DCDQwB0=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: argus
|
||||
type: Opaque
|
18
services/Authelia/application-authelia.yaml
Normal file
18
services/Authelia/application-authelia.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: authelia
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: authelia
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/Authelia
|
||||
targetRevision: HEAD
|
@ -29,7 +29,7 @@ spec:
|
||||
- name: web
|
||||
containerPort: 9091
|
||||
volumeMounts:
|
||||
- name: flexvolsmb-authelia-conf
|
||||
- name: csismb-authelia-conf
|
||||
mountPath: /config
|
||||
- name: redis
|
||||
image: redis:7-alpine
|
||||
@ -43,12 +43,12 @@ spec:
|
||||
- name: redis
|
||||
containerPort: 6379
|
||||
volumeMounts:
|
||||
- name: flexvolsmb-authelia-redis
|
||||
- name: csismb-authelia-redis
|
||||
mountPath: /data
|
||||
volumes:
|
||||
- name: flexvolsmb-authelia-conf
|
||||
- name: csismb-authelia-conf
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-authelia-conf
|
||||
- name: flexvolsmb-authelia-redis
|
||||
claimName: csismb-authelia-conf
|
||||
- name: csismb-authelia-redis
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-authelia-redis
|
||||
claimName: csismb-authelia-redis
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: authelia
|
||||
@ -14,4 +14,4 @@ spec:
|
||||
port: 9091
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: compression@file
|
||||
|
31
services/Authelia/persistentvolume-csismb-authelia-conf.yaml
Normal file
31
services/Authelia/persistentvolume-csismb-authelia-conf.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-authelia-conf
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-authelia-conf
|
||||
mountOptions:
|
||||
- dir_mode=0600
|
||||
- file_mode=0600
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#authelia#conf
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: authelia/conf
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: authelia
|
@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-authelia-redis
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-authelia-redis
|
||||
mountOptions:
|
||||
- dir_mode=0700
|
||||
- file_mode=0700
|
||||
- uid=999
|
||||
- gid=1000
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#authelia#redis
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: authelia/redis
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: authelia
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-authelia-conf
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-authelia-conf
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/authelia/conf
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-authelia-redis
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-authelia-redis
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/authelia/redis
|
@ -1,12 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-authelia-conf
|
||||
name: csismb-authelia-conf
|
||||
namespace: authelia
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-authelia-conf
|
||||
storageClassName: csismb-authelia-conf
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,12 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-authelia-redis
|
||||
name: csismb-authelia-redis
|
||||
namespace: authelia
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-authelia-redis
|
||||
storageClassName: csismb-authelia-redis
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,16 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: authelia
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgC/GDJHhqeyFSWsJ8Ie3tt9ppAe3Ns6tt29rieMKcJrQ71sn47MFEow9SOJJVNSjzUWukDg8tRrkq3CdB63jz7NO6CWKNy++nlSU0adDtuwioNUov3a9bnhzgdjjM/ZzpO/pz7j/utGFO1bkPWn4bU/tGoRYM1TsjP1t9m2qL/Me9LigLtafG8LTd/JKNHdyvii1CNcWkZoxKTocy+YdB3hA+0KZClxaQ2O5KPZMl6AoxJGWcuOVpvqQ831Epkl4f+uJp+YtMZbu+poB+hxhuhFZZH9Sx1sn20mZd8M2Kc863oJjzpZPAR5I9faMmDyEqBvJmdS9C9dZrpIdeDZFm25QYIGgu3ZNk+LItuWSoW8kZGsEefsINV6rqAOQmysfvq5aPkYe90RHvaf6Nf0F4wYq1fEiEoSnLPH+J0ToUSIPxMftBcXimTm/HtkUJCg2+rDb+EHp9ahjGaJBp45vd8hOKSF50GA2X8e4UlvbR6QBib6G//F7Pf6OBgsVxSvKQmlSsrBJRo3hxm7G7iLWd5lCmk0jbgRFWJvEnQMk/FqYoc/fcodpGtzEM0I6jL4Kpi1DnRnIgHQTWtU3LVF9aym2H1ExhZfhu0I2F56VQsQcg3vUVOBOwF+XjlrBaAEAEMcbBuigUbvqiSfpUHMQJSsIjtnkAEUs0/19iNCNNSvmjENr5Ml+88iqYQmg9hY11s4LbrsXa5t8q2TgTBrfPVw
|
||||
username: AgCORI9b0L6FSdB+yDY6VEq77p9CFcwnpZ7nb0M1bz7tVNluYQSB69Y6dLTDCCVx2KdOXyU/QOdb0z8mzEywtC9R4Kzm4+SkTRHgrKOTmxXF3qW5VZDe0UlbSbJUUb3YdC9k2HPPoUvg45woGv1LGXFHgYTxbG+U1lxU8LDoMKfBQ3+GaeUUjI2bx33kyHKztyQizd+b2eSkoSHwRCHiBWZMNYa3zEvY6+07ytKJtaOhGhVsdt04blw4jUMym2sHOBCf95pAzI9gJH2RcuQBQI+ZXci0VeMPvmY3B6T+MruH+1Goy+/HoZOjI2Keu1Jk/Ppg/1FyB9VGX6A2YMyismk8LKWKG0/RNBfWn8RcDVlpgAcjDeX2PdYY17E/gZz2NLnIctBJ/dc93QjrAp/ZfLXBakCA3d0LKLFjUbpKwgaST5wnKif+UjqasDyjVkEG7jK5lGk3fmRCDyPgyxzqkUOSeCHQjDUa07AqKm56qfz/Wr9gm94VC1GiQ39F5/LAnAa2+qAQyJ+RVCBkXmt33sDSvelmXKmh9rIBCvsIxwUSkprpf76HcReRjaRv/9CyuPaskjYAkwOX6/NQPDQVHgKYtvoUhm4OnJ4amrsK2tPco1HC9xPGFIhrqoWeyfiUc1ui8IjxO5geV4hAWSUi5J/H3XBXsFpQt6ZqbemTnQyorTGd0asNP/6OTBtMcIgaPMmZi7F1Olo=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: authelia
|
||||
type: mount/smb
|
16
services/Authelia/sealedsecret-smb-credentials.yaml
Normal file
16
services/Authelia/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: authelia
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgBFKV//U1Pd9HlRAIk1Mv4iQBs5A3Z2ixe5RqglCAmpeG5AgS1h4pIuZSN6tEPAj7lKkkFt0LkSQIlSIBiU+Rqw2ziRwQuntIOy2IRmGMRyHA6f7AdFM21HHI0eS7ND0yamlYV0RPidyn7TzYhAmAoECsFzU64COBYZcZygVquOklw5zTH6MlXzTC6L7l4FtbQa1mvuIgGT5p0jXarSAAODOPm7O1c+g1aRvqWDSz1LI5wq4c5kSXdNlgH6+ZNLiYNKUx5HfqujCsd5wHW/hou0JpliiLFsADW0YXssLgb1zkCG++FdO+Pt/kDVStj4yFcSg7h2Ym0U3kmKx0H0mH7Qz91N5hV61Cc3Yh1ngyVS1bmW4xvlEy+yefYwvqWjWcoQHtBWqXJvNOcBkigo6+fd16YhHwRVp4REipjd7E5EXqVdKFkwFznLK4lm9LmCFT++WT5v4zJNia/AkXsAZwld7T6oR0uZ5aaXjnGh6ah5QRstAs3fDaJBObPPUOdBgxQ5mutp3AZkrWJnX534YRLtWkTrVftCo8hxbsVqA+h5deGKuBPPCGtkBbdk3ytrMmZ3sSw4ZZO76Y9aEK8eG/N+i7NOi1DM5KwMknURR2c5WMlbAABkUswLlB/ChnUcWhsJ2ooS64kcGGAAoqr81fxy7EKK9KzBEqzQq7dXZg0U8786xD4yQQyy2FercGY5g2HAsqripRbvCCNkMihTjA7d
|
||||
username: AgACSLitw/XzwlDjsVTrwSEUigBO9NGtYTxK6oSpkuervaZW3K5t1O9CUNm3BfOUTaz/yZDnu+LtgXbVMIKp/SM6ivmCzxPO/4Ph+UD5m3mogGl0fV1agfN80VOsxbpZHwXmTGwws9jY4jFjFHRroNgfYtpwp0f7NYiuYCg0c0+9xrm3WURKcMoUwfm01Ut7aSld24xLgePYtiS0YzbhYg0bDo6sSGUWOgyxJxRiMaqCu5JNyQl5byJGUuOgJB1J/ccsZwu47WdercWiEcSQgd1SZpBJzvzIaTpyaafAd/L/uX7cXJW3RBAyzwO4mq5hdiYXzRG12FKJB+HSaYOEJatM5WFZTNLtLR+S+6vrOIA8KnPeOF7HQUupVolYGH/Aq/Kc0o33iHi58GyFIJUnY70HwJpTgF1e35Hbhip83vjQEXcB1Ly7sSbGT7UbMUYjyVSHRXoNg5QY4YXIkWm3qTiWr+ws1JYX3jpkRswYsk5mIvTneF2grGgdcNJG4XBKJVVn8BLTsW0wC/BAA1thIn0cLgCN3tgT9bgu/r518TMxa8hOdLsNuCJqVr6CLEWuoFqB9QswS/4gYwUZgLlbD2FW1mynLq7USi+hDt8sPjrZKQYmGhLDdlTNEF6YBOX4xDmXYvc26cE33QYyAU3+8lpRTIHX1l0OfjQ6tHprvgZbMi4hkDtdZgW4PgvE8wLdr2NpBO8CEv4=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: authelia
|
||||
type: Opaque
|
@ -4,6 +4,7 @@ metadata:
|
||||
name: authelia
|
||||
namespace: authelia
|
||||
spec:
|
||||
#externalTrafficPolicy: Local
|
||||
ports:
|
||||
- protocol: TCP
|
||||
name: web
|
||||
|
18
services/DDclient/application-ddclient.yaml
Normal file
18
services/DDclient/application-ddclient.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: ddclient
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
namespace: ddclient
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/DDclient
|
||||
targetRevision: HEAD
|
@ -20,8 +20,8 @@ spec:
|
||||
image: linuxserver/ddclient
|
||||
volumeMounts:
|
||||
- mountPath: /config
|
||||
name: flexvolsmb-ddclient-config
|
||||
name: csismb-ddclient-config
|
||||
volumes:
|
||||
- name: flexvolsmb-ddclient-config
|
||||
- name: csismb-ddclient-config
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-ddclient-config
|
||||
claimName: csismb-ddclient-config
|
||||
|
@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-ddclient-config
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-ddclient-config
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/ddclient/config
|
@ -0,0 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-ddclient-config
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-ddclient-config
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#ddclient#config
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: ddclient/config
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: argus
|
@ -1,13 +1,12 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-ddclient-config
|
||||
name: csismb-ddclient-config
|
||||
namespace: ddclient
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-ddclient-config
|
||||
storageClassName: csismb-ddclient-config
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,16 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: ddclient
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgC8YpHe7iZjSbAit7fxn2+JSSoZWZEyktda/agtNTubuwm2n2ZUAQ2QLBPkotkBNJMwAJMJ+LM27EbRGplDkEFfYvIRu3vJk+tj4eSPSlsJ/5csosSafU93cDe1y1Ifj2DCm2ad1CkSy3dc7L+xggIxY301LgIZMMZK5nZi4j4cyP3/Z5H7NSQ4NvkNT/UDiQ0HtLyFfwOArWgRtfS3+BEfKKzlNuRIbK2GgNb0O95VkLVXhNv5mqd6SDsaOfVZ4/ZMGWjp4PNdS4NIuPQ6wvuOnY+6+FVNr0wpWWdbvDk1SvKMc/GRVwxtW6xNFuL294jrUgJgo5QAcC/kQ9+6AVN49obx75XsoztB4zglvFhMxgD3UDoDmBKzMD/35VLtxYwvL/KC3lgwgFZv8gCIh35yWSLOsEN0R8WSeUlKKqiKaYT57cbg1tZAaug3ButQkacJfxu3ebCXU7xkNEdYAsYLI9Hay33gVMHmiGzF8KVgfl2yO7Qfm+vswZVmLPQxOxHdvKciO3v/+bgLoBc7OHbIME2IRjWNu8zM3fUW+2k34duC0KVUxdDgCXOFyLV8WvaBUld6IXViBx5CU9OpAlJvka0pz/9ehlzRCx6qZ55vhPjeEUA1Y6zPCMYQY8ZikB6Xti7md4a+qWYgAmvekMSB7fSrd1JyWzKgSp0LB0ihflIQDTVS2sE6RwerFf0Qs8vJOzaOs0i4mS1V19Yz10Gj
|
||||
username: AgBwnjfl03RuFpBuCMP5E5a+UfVow+tJ7kLVgoZlFC2qrOHZ4R0C4nwLZyKmSjKXVCJ202jqmkWo5Y1uSJIKohIS04U+PS9f1zaLXJthJUnEFlszyF+/UHamuePpT7rn3+woDPYqrHhEmKYAScWNUeX/LRvFekbRWROY0ZFiXq9Oi5Yr5wDOJC0iRGKOs6zMn0xvkdOEtiBLH0Usn6yT3VWov5e+XJO7uWbhozMvx3Cypqrf/zBOYBAZw9nxpA8ccNko0mTlTgWTQfvQScP6zVQQWeXGR/w6kSraLU0EqGI7v1f99s9k77AOcUFYEBLwjYHUEQsUqjWgD5fXa+6zVuNtWxAgYmJIdIztWx/3jKtWGy35nlovVIiF+RZFF+CbGZzlBEYhcW/ngZnK4B5MCvwAUz1YCrIiF+nQPGrHLPQ6H4xYiwMGaQa0CkJfWAgi2agljTFQUJW1JF19MNYFUxChz0IrUb/SKZ7mr1LGuTP/9b5PqdaqGSVIaiwDVfWDJoClM6kMg06E5hOcYvTnrbxBkl5966q81Qhj6OqKaXXtd4GG5FDTVLiw+TwPjqC1YREFE8/DDJIe0r2GbZOVQit3VCH4gZfx2FSSseoR8WZNvHw9r8mRZ1C/0Ruxr7Ed/3uhPlwNYqBYNuLKDlSu3m0trvq/Eo163X1aBSN64VMoiXUn53zgOClcs9/PgfjTXwZXe/2w1rs=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: ddclient
|
||||
type: mount/smb
|
16
services/DDclient/sealedsecret-smb-credentials.yaml
Normal file
16
services/DDclient/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: ddclient
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgB2+te1+XyMsfrWSl7iEmz0O9dV0h/CrzroddfZ8cvFpP0ObGx2Lkn3nvBu2U0/aMpXtl7CV6dARmHtAV4HjoeNTtNFVtnipa6aoQYtzxLSOP/oMJQdPnXNUKxd2LyK+vKpSQy8AXR/zh3dcMJxoxfS7H/Uc/f66ogRP4gSK0JohArjnYZexlIxF3jHEZf2iHp+gGXA5ju8lO1vLl4CknnnH7Z6f1/PDrN95tePv4lXnZe2D7Yb+4Aw7Fo2QtdpsmToEoIdS96X2cBHG5iSsDdeZ7JSL1LzcWWGtt0fbhQQAamPMcNvKv0R1MZgg3A3du6Yk64Fj6s5ngo8XbTk1rgRa2Tv3ODuNvrJrtTN3QGQjI5hgqrivQB5hR7hOt4IXyc2EX0stMlZSvoelrTJsK+Xuh9fyvr6K4nA/QzgiYCAAJQT6XdxN8p1VzSENwjo0EwNQ8OyDY/nUMy7assx0vGYiJj1KbzW0dG/RERBLoC2RlxQcTFSvvwjZG/itV8ffoKdrbsz9p6nJVhh15WvrfV5csBcDAr8r0h2XjoJLUpJF+p9u56UKcS9qAgtSHYbCah9jOFbjFlcPWCrvnUqMV7nU3iwSMYM6q8OW48LnEmHHSwKSMp2auo6o36lt6hge73DGMGxTrHQHn/RLXVdGFsGBviMD54clusBmeOhFU1mQfXWDpgIb3+cwESyMrkpeSqwWqW8ztGj3ovmdbo1NlJa
|
||||
username: AgCIqggFRQB1jLa1I/W8Q5fZNMQyLKSLmx3UjMwr6MNsWgmIcs9xGs14tA3GkhiMpa5QScYWIGLKjX4Z00m+oZjc0WXHDUHmgFA/Bda9Bim5HpTlMYvPGFNMn222zArVD2s/Yhc3Sgcllx/1aGvhHNhlvHVxPXXuLzxwomAL9XyARQ2k9haqC9OUxssSbj5c2l0FDLmEw9+GGuomYJ0FtQkCdv7vp3AXwNUHrfJhXDJAGPuVH554q9y66E27d4DJlnuWEKBP9v3fj/rNAMBANyZStJ4XXQykSpJzzWFM0vYSpiYf9aQJIv4SuNVS58hEVMv8roPBpbcMFL0WCZ8RwMyaNrOWPHROC83BXoLBt9N2k+a2E3B+K9btm1QsqIXaNwPrQBG+adB1OWBIuYU4KStETb5LyZDhdah3KrUL5BLYFmsdYll5KOMPGZJiduK6A443ekQD1mEB2XW/PMjsd1CEqzohu9dip4FjXoW3IOlzVgArMOXBboU6SX7TY9jQ1Xr/GwwXP8esHp8+ct13f6Xqq0nnscDvsiMaw6SiX3N1dJ7ouNTQ64AjND81X5QaRU3+BuniKUAJtwdHFXdrtjpIbZtHDipVXVRJDwLs05O0hTsuLa1vTb7FTAdc+4ezNZHbfbq59W3gvcomue4zCT7NkvBW9agN4Z/+JV1glRjKo2D8uPK1gXbi3JAJeU18WsaZ5CVc5y8=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: ddclient
|
||||
type: Opaque
|
@ -8,16 +8,27 @@ spec:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: gitea
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
# - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
# path: services/Gitea/manifests
|
||||
# targetRevision: HEAD
|
||||
- repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/Gitea/manifests
|
||||
targetRevision: master
|
||||
- repoURL: https://dl.gitea.com/charts/
|
||||
chart: gitea
|
||||
targetRevision: 10.6.0
|
||||
# targetRevision: 11.0.0
|
||||
targetRevision: 12.1.1
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/services/Gitea/values.yaml
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
targetRevision: master
|
||||
ref: values
|
||||
# - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
|
||||
# - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
# targetRevision: master
|
||||
# ref: values
|
||||
- repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
|
||||
targetRevision: master
|
||||
ref: values
|
||||
|
@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-gitea-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 5Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-gitea-data
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- uid=1000
|
||||
- gid=1000
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#gitea#data
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: gitea/data
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: gitea
|
@ -1,12 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: longhorn-syncthing-data
|
||||
namespace: syncthing
|
||||
name: csismb-gitea-data
|
||||
namespace: gitea
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
- ReadWriteMany
|
||||
storageClassName: csismb-gitea-data
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
16
services/Gitea/manifests/sealedsecret-smb-credentials.yaml
Normal file
16
services/Gitea/manifests/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: gitea
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgA2STKBdZL5heP7usLfB0fcgR8VzAljmt0VbBkRtF6Kw0rOMJ9o64CDDXgjm8ZGdjIbAkBGklf/EUs7YD+RtCM+vSyPP+UB8ZQe9EtgsnPvL2wIHe0zgMYzrxd6n1LYiKzgBnq1lbXUaMcBZM3V2C7REZqeIEEXAs3g408k64JBtGdqGhlxfNq/Mj4M1HNvGSK1extVnqw170oK76e1COcTiTj6fNPRgTq+s41zHwATdgBbqR89mnVxbuguQui/ymqsBLE5+pZX3pR6eABwdzyhJ+RRjINKY8QM+ku0im5oHhqlfZyOJlXh/dcXeGcx8QKm5KbDdto9pOfQz/D3P7oIAJF0mhD04DXRDdGoZQnYrnz24zy+xq8bldXZ6tnpoSdJd9VqWozNJJZFFQJb2IlGU/izp42H72vFNcVeMp22esc8NzUHsUtTyFr38Y4SnPdJ3Tblwd7/3O9SvI1DaFDBTKm7nNekGCycBm9pJvC06eq5SU5DggW6ChZmhSfgDRqIHGoP9Sp57QRIrd6/IJwUwSjQaueyVpEod0ClgTo8uhSkJmMvExQnnBYT96y/NkqTnK5z2nVZfRPw4+ZcM3oOB2xyi2eMU1YLivy5DAML0E7NZ0V37/LvxIH4ppV8iRq+BcVOjggyLDNpV9veYTza5p8zLdufNrrcDRIrNx3orWiIs8r0swjnjzncmpQfYvosW/YTb19wxgE9zUPZZ60d
|
||||
username: AgCVJ8IrRrZ4R98Yjs/K9Zj5SWE9kpQWYB2DBGTMulhEKA+KuFjGJL/P1/3Nkq8HXzfGehTXhIovwPeNbZh39SPrPFAk68IMpJff9PYbQEh2OVPlihDE875Fr7YLZzpRU4uUG8ZlbSIGSFji6MaD2oGSKd0JVm4+ojuHan3DUlbpAAg/++hLofhAucpQZITdLEQ2qLuHZ4Efob94lHWImfp+NmarIUZLxSq/NBHbBFvPRm/vRPKRVmJslA6YQzVpChtMNQqGpHuDV6soQsfNHqLaifpwKxuGHljuMXkBmeZ0Sim8A5Vlf+rYwQLAnPW1K6tUiH8Umz3049vtRIHIy8EYcPm6pSXNFRjQhP2Gy8FKafV7jPBk/IOKnSvEO0N7jj4guomYPkiAvLAE/m9dPg5d06nZ4PQKkma2dPcifXMdaXPS4txYF/neWkEyujtOHAPWixxvGKB6SoGQEep81nbiK1MmQxk14NgsICHqB0H8+KowajZ8t3ao5ZtGQG3PWDSCvYaaZjZ48ATq0/8GsnAZABqlw5JKRZHfBjLEfFyFGZup3EG4W5Z5xDQD/YGUeuSwg+/7vLIQ94A4lwhDnfkWk2XUTJ94y3xVUEEyXMlxV75b+5uCMUNP+Cdbb5QTWXyg/ca3DTViv1rfvjhXeu9TPmu9GESvNLfSech0Rg+HNlIhYjtDUIpbJqdeja0aNXNuiJrJ9Dc=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: gitea
|
||||
type: Opaque
|
@ -1,10 +1,10 @@
|
||||
actions:
|
||||
enabled: true
|
||||
provisioning:
|
||||
enabled: true
|
||||
annotations:
|
||||
argocd.argoproj.io/hook: PostSync
|
||||
argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
||||
#actions:
|
||||
# enabled: true
|
||||
# provisioning:
|
||||
# enabled: true
|
||||
# annotations:
|
||||
# argocd.argoproj.io/hook: PostSync
|
||||
# argocd.argoproj.io/hook-delete-policy: HookSucceeded
|
||||
gitea:
|
||||
admin:
|
||||
existingSecret: gitea-admin-secret
|
||||
@ -35,12 +35,16 @@ ingress:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
persistence:
|
||||
storageClass: smb-csi
|
||||
create: false
|
||||
claimName: csismb-gitea-data
|
||||
storageClass: csismb-gitea-data
|
||||
postgresql:
|
||||
enabled: false
|
||||
postgresql-ha:
|
||||
enabled: false
|
||||
redis-cluster:
|
||||
valkey:
|
||||
enabled: false
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
strategy:
|
||||
type: Recreate
|
||||
|
18
services/Gotify/application-gotify.yaml
Normal file
18
services/Gotify/application-gotify.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: gotify
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
namespace: gotify
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/Gotify
|
||||
targetRevision: HEAD
|
@ -23,8 +23,8 @@ spec:
|
||||
containerPort: 80
|
||||
volumeMounts:
|
||||
- mountPath: /app/data
|
||||
name: flexvolsmb-gotify-data
|
||||
name: csismb-gotify-data
|
||||
volumes:
|
||||
- name: flexvolsmb-gotify-data
|
||||
- name: csismb-gotify-data
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-gotify-data
|
||||
claimName: csismb-gotify-data
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: gotify
|
||||
@ -14,4 +14,4 @@ spec:
|
||||
port: 80
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: compression@file
|
||||
|
31
services/Gotify/persistentvolume-csismb-gotify-data.yaml
Normal file
31
services/Gotify/persistentvolume-csismb-gotify-data.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-gotify-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-gotify-data
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#gotify#data
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: gotify/data
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: gotify
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-gotify-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-gotify-data
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/gotify/data
|
@ -1,12 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-gotify-data
|
||||
name: csismb-gotify-data
|
||||
namespace: gotify
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-gotify-data
|
||||
storageClassName: csismb-gotify-data
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,16 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: gotify
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgCbVh6VlH65jVBXiCQ0Ak3+XI1AyCaTykxDzi6F/4FFnXl5jRmJAGank50t5kt9GLpIqNPdx0ZKxlDgOVEiFjDf6J14jkYMrOP39oYcqDfg6ZHmLAvM1/LzjAnd0pR3C7rDc8TCOUGSjw+j1PjOoqkS0oYPsB7xTBkappF/e8JcmVO6DZwdZDyHMEAd/DgGE+BZNbPC1JPUv4D9l/lSAri7WIMhh9dhcvvvV+KJ/YuAksxLY4ruomtwDmYXNHh3X6BZMbOXwgxmzGU6wtOqxCWC2IcMEMPG5/AaH2A3oXLqMwIcVD+WOb2zHI7dCtDdRVTblh4gqylmm0iCLsFfhztj+1/EPGL4fpiqXgjPs0EjKY1bFndNiKw3d3zK58Id8aHnJWXcdrIuNm0sJlXIt8k6vSZTKcT5WiDeKBgqubCh90MZbixThRTGhZ99CuznvukbCGm0ukL+/s7y+8zN7hRwIQFnUrGFFha951t8SU8JTc56vKhJ+cf036ka3y2fz6zVMFfxp4K5S8RiQ3RS5jWdzmby5KGZvh70WGrbXrWWuEeVlCF1TU3nrzLW2g+eKCn5cRVU8oN2CvWPRIDJQsNNGf5rCc4Zhy7ikjwBWIFg13YjdXL5dXyCHRBwllyZqqlYAvpxxSKexClMip2cvLQ4gTP9saO77+gAYbBKz/x7/xW6ZWH1WqspYTi6K+5zBsgQ+rVuz04sfLp2iRObs+Zp
|
||||
username: AgAoVIGIHXhuW3vITMT24TGVNBKhxHvVqCqNLJwShqA0xqWLfd7DE7YXOe6/RV7bcBIeQOYxNCPDmMhild4tAx9Rd4PLV1c6NQdOUYqiRbIuWS32R74g4njL+7eBkfi8aGZUXm0dLBy1jFNHEUd+XssWIbQDsbu8fbRD1ENgmocc0dAmfDTuiqvZ9hIAZFEOjmjw3PIEgJw1FXFTWOUIc287MEk5kJ+7oYzdA52qBt6nrfGapFCvy1cSmiKhhY1WYEEn6Rd0/XWlMd09YH8rDkt9gkvP3omfVMzJ4WUuFaDlfz4WnWdOSy+XGc39xOsC6zFC9FA0t3FGzyvyucmroabnUI51LGLRQ5LUgmAhTfSliZFZ+nXWa7sSs2N2CtCSJExG3mgZ7js2s53mHM8XkcCYJfsaNuGkVDCzJI/536/3mB7xe292h4DJmOu3JO4cRIivu8Uxva4j+KvByfhnHdhiZUERgJKtljc+32Yg1f6Z37GYbUBjnzmgm/+b5JMpAgEeu+KaTU9QK2WgwlY5pTLle/Q6oyrqB9EsodhosuQvi/mbq0ZwrxCkcrp+IZKJdauFyEuLhO4WEi7zdxFlAAA1bGfepkJC2kV540o7Yy6CfOM22E5XPBlGhCraGVjYvdUfyFxI9bR8HyUv7DjT/oaJmkm13KNsJNn+K72I7YjZDgiqCXsChzdVv7BkySw3glvwXMTCIrs=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: gotify
|
||||
type: mount/smb
|
16
services/Gotify/sealedsecret-smb-credentials.yaml
Normal file
16
services/Gotify/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: gotify
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgBn2ViZ3H1mko/y2yOi0MvU1GKwx7F0+QB0QBDuCxg9MuF/EZGDZN6kRxBjuLk5vDBEpinKiBCKpWU/xPonW34m7Vr9tqCinjZOtnEupy6rvnouWg5J/Wee0Xztn5cPf++8adIvv6cOO2boEIbMyUNyaZ7B0tQZ3Z/sG+LOHGp3emew7mFa4r7m1UvjLzeCcCvFVe2qIfJdwjYZH5zJ8pZ9ARJLNR4T/TgBZz6hOeMn2PzkUs+3fX8B6dRn/cMerBLJumy5Rj3QpfIOpsWMraVZdz0qC9DvfijjphmKAeKPqM/Yz/rLIvESy+JpdWfZM214U/Dm80oJRioWytgTgYPEi+KOJy/N/dZlKch1ocMQg/QCYPAcaTJ+aY1hvqA8O9Te6BpPZrCIRtI9jmWXUhsBsZnTFGx7YVznk6lC3j2Ry3Z7IO31ZmhGfMoMwyK8m4zR9342eMdkBfBcDpxyU2YiZzkHnj9S+CxaYLSf8X9KL4yOeHvZWXXxYoM13eI+qiUY6QXf1ucCtRwtL0RyIiGMR+UB9Xi5tPmRqrH1IqRhAiCDJ5f7GCWsJ6xuqbNpB+hyhNZceCEzQ8JdT0WFb3GZxv6PAvtG7YhVDR5MQL9uXxGSzxxgGOupnYh4TXUzjD7plLmh1W0UafZ6tEASiPhAgfFbEzjdwEGMHD6UjT8J9rwGUpTMWdmmsIEsZLAnXGPCBGkDI/F7ctdTyTRivrmA
|
||||
username: AgBPbShedVwwz+BUdMGGdXiOMEEYhGw56MlQSXQnR/PyCIn2L+lvyxXgzPoryovJiFcdc91Fs0R6z3bgTpPfx0MdQLgHp6DBwwzcfw0Y3ZLTDPlbLAYjpS+bozqDEuWJJp95xGVBgFW8zyploHUqfY8/+D4KVnoK9eNvTjpIzwWsmYV+vxzhuZAV302SjnSCwsb/S3NkQ8FneHocY76ynQegtcgiI5x0qBOUL3lbf3mtuGrh7EPQxJAL5+w07YKRKNj5bY7fuJTG7yiw55NFFYvUaihrQOpVia4OUDoPjyE/nMG/SlCIoiPlHiket/6TU/7jV9zDGwxclaj3iQdzpwIq3chw070KGvx7eO6U/VwlUAPElcpdJKVNh02aOsS1TM80EVHXIhMA7UXqOj1HS7e4RtZ7M2zKIhcIJjDBgJMQ6+EjQ4JbPD/dxogB6nFCthddastyHm4wl2faxPa3NBKSIEFljuZgayoHzeFHlt9SueLIB55pHq8Cplc4pshLkEgobpVl+9pt35EzTEA53JQhz9SCie2IuTHwRRFt8kfZOZtKhIAo2auli/YVvapyP9MO31+pivmWcHFFCbOzTBc1sCuznV9LDNYPHd169LJEbhaX4zqt8lfQyiQBEHwp8d2323rY3+byp7437fBCtEXgJOsOx5RVQ/G0SoD8pNMFE+wmXAeV9gV+G8HGeYWQyFTFA5rb6RU=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: gotify
|
||||
type: Opaque
|
17
services/Guacamole/application-guacamole.yaml
Normal file
17
services/Guacamole/application-guacamole.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: guacamole
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
namespace: guacamole
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
source:
|
||||
path: services/Guacamole
|
||||
repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
|
||||
targetRevision: HEAD
|
||||
syncPolicy:
|
||||
automated:
|
||||
selfHeal: true
|
@ -35,6 +35,10 @@ spec:
|
||||
ports:
|
||||
- name: ui
|
||||
containerPort: 8080
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
port: ui
|
||||
path: /guacamole
|
||||
- name: guacd
|
||||
image: guacamole/guacd:1.5.5
|
||||
env:
|
||||
@ -43,6 +47,9 @@ spec:
|
||||
ports:
|
||||
- name: proxy
|
||||
containerPort: 4822
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 4822
|
||||
- name: db
|
||||
image: postgres:16-alpine
|
||||
securityContext:
|
||||
@ -60,6 +67,9 @@ spec:
|
||||
ports:
|
||||
- name: db
|
||||
containerPort: 5432
|
||||
livenessProbe:
|
||||
exec:
|
||||
command: ["pg_isready" ,"-U" ,"$POSTGRES_USER", "-d" ,"$POSTGRES_DATABASE"]
|
||||
volumes:
|
||||
- name: flexvolsmb-guacamole-db
|
||||
persistentVolumeClaim:
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: guacamole
|
||||
@ -15,4 +15,4 @@ spec:
|
||||
middlewares:
|
||||
- name: prepend-path-guacamole
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: compression@file
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: prepend-path-guacamole
|
||||
|
@ -14,7 +14,7 @@ spec:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0755,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
server: 192.168.154.195
|
||||
share: /K3s.Volumes/guacamole/db
|
||||
---
|
||||
apiVersion: v1
|
||||
@ -33,5 +33,5 @@ spec:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0755,dir_mode=0755,iocharset=utf8
|
||||
server: 192.168.154.225
|
||||
server: 192.168.154.195
|
||||
share: /K3s.Volumes/guacamole/home
|
||||
|
@ -1,15 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: headlamp-kubeconfig
|
||||
namespace: headlamp
|
||||
spec:
|
||||
encryptedData:
|
||||
kubeconfig: AgBeAP7vtPNm+FBdLPRDkV/k7Uy3mR/eC3Repuvyw5uEKZdBGqzLwInaBcySSiLFUTRfc/csDFxHgviFh9jyGJPCBlEZpHBStz3BrTc33ehwTYTDPf7P1bvPZlWLomnFdEkh16Wn6In4YZnMcpMDxswY/LHQheHeEIAp2YnkZRvd9aJJbQbLYK1Dl90xRjHq0gqTl4QZX9BMzGZE3iUr08suTOY84b8V8Y+mrzy9DvbU7S7SusPpiX7HZ0Ty1IQEDHXPDAyIX6VnPqPCxx2p+/Dce1Io8Ql1CB5So/g/3+VcMlQEKUKt2bReFKslrv9veuvg5N4ZGlTlOu7uU/Q44AgbjB9jYvJrmHclt9dnYSIICP3x3MuNVsQ4CxOtIRG2KDJdzCnYFv16tBHc4zL3WABonmLzzuQoBFYqx/JxWfIr2U+nvbqKMm3yfFi4fvsp7Wcgu76Vak0ndBo+HwkzDWHxYNQOZO/LwEfQcoetHzlzpzzoS1Qw9JKjIlTt4Yc/7OOE6luKv18ZI/MXx4bfZ31HwkJ1P/4hnmsBwNVWLFtfGi1bmpc7Ahv0EnZuLjmxH2APnDKVvpZOMWxQ0M4zHAQLonh5/pyhEWpqJzdpfroOa+yACKr8PiBKXDlaFYD35NgHNt0LDyQTlDXRCxUnGed9pTVx4pTMDYRlzZoc5j/Q8QmhshJGePcoO0m2WXb+1O0p/k/gkU9mTz64swexDD/40gyl+YZwD4K2LOAIMHvEitv2J+3ou2QQMHcxNILJVGT1mor4bqw9W1stwzv68c05eJC0LP0f545f06AmlaFxfKLHSeds78Yxbg75lgTpknuBcnyMGtqAyhDA5h3acXhZdRFqpuxBswfmQ9S5BU8svtC79FOd86m/oOyKM5fqf1kKoG7eqgB0AYyEe9vAwZTPKuIE7dL6q9UZP0fUhu9a9g5vp7JPJStNdAqLeIDNFJpGiupb1W6pk4k1KQi6XUS8xfNVBQtFLvdty85fkDP2pnY89tznGGbimcblNsFFUx58wuu2gY9zIFk4N1gk2j5ZAym6PdeBToqQB9R/IyPwUP5o3IEn8afqZL9wTkZZjuwo5l1PsvPm5U6d2CQ9IFgnvc4v6NMWGOsri0TSnw23PAJJw6bhaU5ClK908HZDEUT2vQ86tFoNbU28451XKTgDa027PELRirlL+NpVYPwoRNDhTn+/kMMYNkYLlhUVIl2AGhoJYakvDClstmZuuMpDNeTwgqK5POlEltC9/enWvD77YdvnNZXQqkvDHcZcCRVur4cZNhtrvsdimfLj9I3DS6UdMvwxx9rCP4IoykwtTw2kMlvMwalESegtJQ2Vw6E6GqJDszUGNbLxFIwB27BTqOv4msxzJeVTNQgzdgcidg0pvipW88YYTScTD9G2Uec1Qe2FCKYLUlLVjEYCveQxx40RS2fOEwASKs0btFLb83TKBqw5GOImLHTDpLBnaetyHTI6Qa88+c0eRd2Z5Lqjr0ZVCMUtX5/0v4+zr5V5BRSRJNPpIM3gm8w/FcAV1QDRL4wlBtlKBuUyGnOI24nJbs9WlnE1HscrvzsWklOnhEtlzfWHlWLF7pgM3WmEy0lIFrQf+Ef7yubYOfg6w8eoD+NAEcM3dQUafe8Yo8V0j+GWzr9+utCxVDPzuOY1yGuA513x0+bc5yk39XSqLwetqkYxUyBmMWFuZYs8Llw+qIPRA34+m6ZzqPHD93rYpPOBRyo33djB7PV7QkxZz3DPYi1a/+Xu+ZNocFRtxw5YvNh/b4BW07A1mDzjqvH2QKjetGRjTj+8Kzb7GLKo7ZPz2oESJwAiV6ftDldt3a9R4zUh/RE05nKUgpOwanrkUyNUary3nAFXUjU7AtDKMRPU8I9y1UZiiYNod+Lvkj/ihYjgGDbhRHqSugrbKZ0jOALSx6YiZ7isKSSwFRJzZD821AB/3hWa1QlWuCpNkyc5bq/6IxeKOLFJnHhq706HwEChzpGc3swOa4clkS05OFgNvQjhnL5Rbny9oAEeXBvtLJtO0VBt5pN5zC3ZHs+w9cKLSsE4/OBTsDhaxJ2LDRmg2EGs4sPjNnJ2RABUnseELAR6tL2X5OkltzkvnJSEvansTkzi5WqWvkRf5orUATik9NR86e8k+O196ajv7GJvdueLQ9V/tMRbCEST7ry4OXssLQhZQEBU6OJsceGPd0ICtY4Bc9f2P2JFhov7ybLgMI/8aULYlyOseoGUn7ySidT9zosjEPo6ioBZYZomJSW9FPgSSZ6W+j/gCZLWxLW5mzywbl1vb4Q5dt9cDfxG3S+2TfVrUJWDOGc7cxYFdGaeHYLkGndUVLyNnlH7dQ/U3A/6iikX9TbhV+cY6qq16in5jZNDyprm13k85L+5ScyD4U3y1kniHFPKQDJt56pOaLz5cfQseeCV9qau4zbjZT1QGLWSYs58tp7ViABMqufbyv4civOm4pRRPu5RVjdY/rY7iM8ZypXnnPcSDrPZH7UcnniRPqGS7G83WyAquiyVJVahueUScmtxMQy62vkDUoisj1aOxC97WTUcBiJQKqWoTRT7HFcVl9XxZc8O8WtIIcS7/KzIaGzM25s3+vM7fRiguv0cEMV0ikE18/Zt+UT9J86AoGhnlcD8R92d3wuisM5pkNd6fv9jwQnNaULRwjhQCbRo4JGc2CxluWoKhkwpfyCxBzm8bNq2e1XhWl9WfiWsmKZyWCH3JIE7G2MnO8C6gqRJfd4idXLe9vv9F/duzm2uy6xvivP61NR7dCyn988lwtFrdOKx2dvX3PlOV852/XO1hv32W2FIh6Z32sIN8JjDqJvy/9Wu5JHng2Le79P2Zcf6db5I2hQejOtZkx1914bHO6Aro9Csj6s2VJ1YuhI4GalZYTjo5l9r6Da5J7uDpWl9uKBToFW/e3x6nMFpzARsEQc3jYixtX6gPSh4Q8VueUJAaZmpW3i8DdkkvBOHtzVAHzN+8xXTYMK8RTo6qGDiUkA6XE4apY8POp3F35mbiCKdHGZakVnHYJAyK4LUl+2oRW9JzcJNzWkggNi+DLwEjzdg1dpKGMtDSVaXl4IfPgU4QAhja7FVNyKfdXsXGV3uqxuWfju07hol5I2DFHgFHRQEPIlnlyWabYAMBUca6VVZDEDhR8aeVSLbeFw2ERXhlq2QMOpgOrPPDsT0x9YP3X6YuBzgl+dvgbO8GGLJhLEBPq9BKshTP1sKaykS4cxlO+uC59+pO/fhXe6+SKMYbAlvGMBILLv/l82gQ4P6YwAsPEEnh+pEEJ09sRwDyl8/evcORvqdYYKO/ROCtdCBxp8u9TzdhY4uUUdKbscWhnTjwSUD4sEC8H+BKpJstWwSdeYGCdCNF79F/2VgPzq+L39INqS5TUSo6d4ZH8oPxX3kfU/HUYAtPp7ign0hIvVXkqaqYJRHeEEEk+SqUHaYY5wZLBwbAcxk+AvsrDThCEYlFVQhONJ1Miodhi3bHeSK6lehlLsMgxj+j3MaM9iohhxk45GuwsqRzu+EfyaemiEEFVxI2q5IEnfjR1xfc5Lg4SmYQQpeuUaxZ463xBxNhiBKlNA2JFQwTbaCa2HLsp060ysVZGiOq6yKFBrVRMAuRNxp1/A/Ies5nvGhD7lCA0mSDpy8j+TTCFUn2T0U1ChkYn/y+X1t4pPPtKIcy2aGkFdY/reOSBU0yfaM0iFrj0D1Rf1JDIBtCnYM12uOi2h+7GAJQLWbAbnTz6aHCF9vGlXB6krC0BF8fp/Snn1BQqKjChjqW3IXBazMK8zT5ouds+mxxIidN8smDoOqytT941TgGV9RGPQuCNePTX86fhh981PS2gKUBSGBPfaKMFpVSGDxypAdQi/irsjEbQn0ugKWvzxNVopS/ImcXGYVu5w3PZocs/mpv2k2h/vka2N/SF39E9DS6fMTX0SwATBuAdwsQpWeQd2Hd1eZeVSDNUn5Jqud4jmJH/Mp21sfEEzoGgmZl5+T1JaK4EsG+yldVIPpEcsde/ecc6xPvluVfxd5cKWKg1vTxuTRVzX8I3f6dTq0c+/VRnQn+QEhEpLXutR+4XT/wh1obdBHJ0/h+9Fo2QlUz6Hni6iI3DrAqJjCsz8xBfZXCF2LSekQTO/ZiIrHe4CAnGOueWV8Vg2ASiqhEUs0g7UP/aInxkvmY4byfwSgF3OhBzt69xIzyY1NjQxPRo3Gn+Ma5NiZEawjdtCNLw9oHTHIFil9d2K9CiZ/pBMfZslJ+86xLDIOKikMRb84ANwcOSbgEu+Bpgf2MfMS2Fqt8K37uhFJQ0eTQeCLY6u6J6AKhX+9oKg7uMsnDudZsd5mKe7+JcaXyuz77NiJDtWcA1VHfb3h33vlZiUCb9cO7+8Bmtgm4eXbsafaINWFgUVEXpy9gqpopBUOO32mG07trMG8SwNZItCtqSD8J6tp4zNHZHo8IDq4dqGBlSHafnlCA3MLZrXtfOW18zwEnmC+uncQhByIOW260sLkSL1AsA/vz9083P1LVyZVt1v/SWHKDkWHOir9cAVsGBpYu+u4EUmg+DAdv+gnb25yf2f4a+OaDHWV42N/oqn4tmNhF3SlrocKawLd1qnMSCUCXgbTC1A7A/2ifZUTUF3Cxg2RCOULmp5fScNjfPoTqHsf0Y9IMltn9gDOAlofXY8=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: headlamp-kubeconfig
|
||||
namespace: headlamp
|
||||
type: Opaque
|
@ -1,18 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oidc
|
||||
namespace: headlamp
|
||||
spec:
|
||||
encryptedData:
|
||||
OIDC_CLIENT_ID: AgBXJgPrEI44ACJJ3S0+/Atic7ckP0tfVAfPtl5iNcgj+6PL8h1Xh/hzjZbYEiebG1FzSH50K977ijMdEHDFmagYSR5Ju1VpAHJyjtRZbysm8IbFV2g/8aBV88HwdXD8fZhY+PmXKNkSNFGqb6+E31NgetEjsZNjMgS0cM/YfCXwrVPMaR8QawjszyfOLUh4Z+D0QqH2Mb6d6vBaBgNgikUUgixFn+f1S4A66qUxGGzZKVIIa+f6Eo3gQDuo+4bi6/criaMoB8foSkXgWqRIiiVGzp7NcXT1mmWTwjosVexhKGSBiNDJFiWMgtc3Sti7Jp44fvYGdDHddiBsIBFB1uv19rGYLhq/4qpGQiT06Dq28n0+ehBfxsZZQ2nLDRjXciTgG354enMJO58ol6Dqk6zKjTWx6YwHAIdh0kuQ9atT4TsdAL8BR4qkdYuIRUmlhCUj9Ywh76GIdbnPWQfWHap4bjP7KVxFRw0Ke467TFoU4iO9TmVhF0LvS4g45fTXKV/j1R8yU7cA+TFEDGvQLixOdeJrICmn+WRJTHuCtvI5E1W5yJAstSEdkZTt7PSUAq76o6uUT18OJYZdGzaG3j118xVcFAM/GsEgQ0M4CyExTraJcl2NegrhcjXokJHyz7Nm8Fm9+x/++jDMYq0rWaPYRaPcYKYDsvF0t9vzY3JyigtoiPIR9KIjNSiLWQKKGyGgLOwCI2gTXA==
|
||||
OIDC_CLIENT_SECRET: AgBrX+mUYkAAyyP1T4iLYDZkx0aIyWUSf5781/ZYQsh0gOtoTuZZ/l6q61wDxxYY5xJqtzYTSa0QOmIORyhusODDokVkCGlx06GyTP6As46m6GqmwGp57vanF6YiSL9he97E8Sarr+v4EOrhGtUejLH2TCFJsXV3CzQvQiAWXxHMZxRIOBkzpbqFJ9dez2n22N49j6qd5sTNskv13HNJruKEsYJM/m/vWuVVe1Rf3cIFdChUNt0Wv9Xir1waXe4QTAYKkzYrPjeDB+xIe8xGms7tqEQxKVP/SmYaQG3rPSIAu55zLdLMcbIFSVBensVr1Fcx9Jb00OB5JPZuKEftQMRR3NTIBcJNAIvlxFbv6uM7xbXOOrRZ3YG68I4/e8mxRx6o56z/IeNd83FH8aiEIfMdKhZAAmKlrMnv0F2wSQk4JxAL31uzcNtZR9HhfDpZRxzFNe6P8Msjv4kEri9jOE6qAwyXsigT5D9dI/7Kzni3NfGf411z4hkqedE9EF2RTRS4LtUFCPHqJ+HcuLYDeU91a2XhAjWUYXML0okjFu/W1ZR3xvyngZJLbdRuturCyLvql9cfQwwvabYc6miV7LBAgIJASqNx4GpN2aFH5s9sAor3Jh7Gva3DVZxklhORl0Ajt+5/Kk2LmofvmiTWL9Jx1gEgV4ND/VXg73uDX2boqwZ1dpf4pJhVitkoh1AOGoRtzznfPF3JAfzCPvp1tmJNBx77MAOs1taBfbR6OGk58w==
|
||||
OIDC_ISSUER_URL: AgAuwDryEOuf4o/Pj88FaRyCeX1MW3sJK7V9U0Tpm6K1k1y88n6jurzwU0oXP/l+6Wt5e/Us8vjc8FpKiUa5RHo+EeZUsXDFBdmLoiJ9PdUiemj7CTJbs/Vd6a0f5yTTa7+dBbB3/h17f8QhFyMoVxZkU9VsDea3rvouf8dK9vbv7JcvSCnMdqeo5ShN+ZJz9S2JN1ATB3Rlp9FPjwwg9lPHjXN/OBVO16KE1Mws0ecxICfgOUwueis2qqWA3qJRUjjUMFV4Gg3y2JaLVcNWh3HvxZgKDd1YpoDklx3e3V/Ja+XODM9mPKrYypRKLrR8zF2bYJvPGaH0+oavQzFBsYKso0cQ1xbnnQX4xtJRKaw99IxWh4gjT0e7cJWIxcpF1W6inW88igRzHluJVWnpmrtmLKrFtFtJ8ALs1XX762OoPFN+SnylGjScHYUEL9P40zpAYrH0r2/b7K2P2LbAtvMBDU8EJwQkzbkUBuO470I9b2KEgY+gIL+hKbDtPZuxC4nQMx7eHMMWZVvxjzPmpIX7knBPLrDZG9bWZzJBNyA9We4pwJDh6qxHR/15OpcCQRoPM2ZPSOgaDTFZ08ISvNLdQGy1gCDAEXq3Cu9rK4Lo8Ixmor+cYQJM5yplrSHX8S70FmSwGvTSizabJM4suX8s0Q/gfS6IkQpCxOy0EHpTysCYrIGnHKJXuiFo5PZKz4fJ+AryNfPQeQgT+iUTSA9aDKE9RY2QRAcYRLFF
|
||||
OIDC_SCOPES: AgCKdxns6u+wOUE1uwbSc9JzvYZBc2H+Rljeu83xVMuNN2XaaFlkc6GxKnOs9S+ikm7TFRo0DtPMdHOCEQjgOHrAUzsR+quC6KJ9LeCVEiEjsZec8hYAZLoeL/k8dZu+9W2K/cmsinqi8wspIb0mj/zZ+3AsYhoxYOkTFUtFvYC6cgkqwDfNZK7xzJBmUor5DVDVer3VoHdvqCph9RvFT4tHbNSm0B90rz1OBU62aFI3IGcTgMpEwpqu9KQ3M6Ie2zIZyIeBeWuJTcFzvLl4KWxK7XtEGQfuIKbJqHKArtA90W2vvwuJlDoa4lB1uASUHqe9cIfWxzSPApjwZ5a1PoSmJDpbzblt8W7akrz9WJzXXDnKG3R2OZGM/eDkwCa8LWa8xGSpe7JVHfcZS3bWE4noDXneBb0wAdHgs2vGy5b6L8IeKcI79sohWcz53pJBlIZ/uaK8T2QXeG/Woe0SO7Q+2C7Rnc62Cq5H/I+Rij5s61qbfb4r1vU8mtXtimoku5PYGUPJC+3DwHAOda/BssTqT/C68o4Rsj0RmdMiEy4kvPknTAJck+RwsJkNE/47mn+RYLpbK5mp2+wqMeNDD/STxmgf9yLOcvLkKQTEgaW0TnpbAEed1tC8dUHtTtIimKJ51Z53f/+FcxIFYYvweDXLOe3/n+cRCmVO0LU44//flA9d/iQ4dzMj40awEIqBJhhGOtoU1n6RNZITJb127Pqx68LXLg==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oidc
|
||||
namespace: headlamp
|
||||
type: Opaque
|
@ -1,35 +0,0 @@
|
||||
config:
|
||||
# baseURL: dashboard.spamasaurus.com
|
||||
extraArgs:
|
||||
- -enable-dynamic-clusters
|
||||
- -kubeconfig=/home/headlamp/kubeconfig
|
||||
oidc:
|
||||
secret:
|
||||
create: false
|
||||
externalSecret:
|
||||
enabled: true
|
||||
name: oidc
|
||||
|
||||
volumeMounts:
|
||||
- mountPath: /home/headlamp
|
||||
name: headlamp-kubeconfig
|
||||
|
||||
volumes:
|
||||
- name: headlamp-kubeconfig
|
||||
secret:
|
||||
secretName: headlamp-kubeconfig
|
||||
|
||||
#persistentVolumeClaim:
|
||||
# enabled: true
|
||||
# size: 1Gi
|
||||
# storageClass: smb-csi
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file
|
||||
hosts:
|
||||
- host: dashboard.spamasaurus.com
|
||||
paths:
|
||||
- path: /
|
||||
type: Prefix
|
18
services/LdapWrapper/application-ldapwrapper.yaml
Normal file
18
services/LdapWrapper/application-ldapwrapper.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: ldapwrapper
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: ldapwrapper
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/LdapWrapper
|
||||
targetRevision: HEAD
|
@ -31,8 +31,8 @@ spec:
|
||||
name: ldap
|
||||
volumeMounts:
|
||||
- mountPath: /app/.cache
|
||||
name: longhorn-ldapwrapper-cache
|
||||
name: csismb-ldapwrapper-cache
|
||||
volumes:
|
||||
- name: longhorn-ldapwrapper-cache
|
||||
- name: csismb-ldapwrapper-cache
|
||||
persistentVolumeClaim:
|
||||
claimName: longhorn-ldapwrapper-cache
|
||||
claimName: csismb-ldapwrapper-cache
|
@ -0,0 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-ldapwrapper-cache
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-ldapwrapper-cache
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#ldapwrapper#cache
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: ldapwrapper/cache
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: ldapwrapper
|
@ -1,13 +1,12 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: longhorn-ldapwrapper-cache
|
||||
name: csismb-ldapwrapper-cache
|
||||
namespace: ldapwrapper
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
- ReadWriteMany
|
||||
storageClassName: csismb-ldapwrapper-cache
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,17 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: ldapwrapper
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAd6z2kg+6+B2dgmywZ3iJ/jqM36I4utd7CUE3w5QSJ19DrbkruppftsYczGycOT9TQju9dM1knWAxA/3Axu9WvX9RjcfdJgWJFtP07PuEKcuhh23QhE7hD+SruixrLWTKeDGa+w4XmDvmjXlUA5rVUwyvx8zIWWn2SC2sbK43Gm0lCgGaFzCINNK3Z3OfKeOiehIKtWdIAfaNgeLMK2HWkwNhQ3DVtgtLqz1O/Y/rJRNase9o3yObVGN1HhzxwdC7fp/B2HLYujCQy9b0JuZhWLXczJJEw/oX8kPvtxLAKUi4TaOp1TefE92X28lBCAqXGYfA0dEWeF9qRmyPH/yOdBN3MFI82G8Ac5rRcmG/RkwEY9aUDlSYiyU+fiiSzKAzhufZSk/disH71sO2l4DohqWa1IvFKmh4qa1caQ/GuthU3eP0pPmru9sqFdUagECd6Uh+18pv5FVFSWyaXQjXAXG/rBvygcEjA1pniIIvmAZGQwgpRZcuFVjQkx6bHbU2112ExfgbCTYKbDD1ocJ6ukQuObeSBv1Q5h9ARiRRjWJSNzQKWrtOBk5wzErZnHrY7u7/R0Bdg1zvT6luTW4goJGFvXkSQT8JUcp14cBfLu6PmaFYON3+Uw9vT99Tal7bco3aqgLEB03VVN0uXpT8vua9vbU9W302nwKTl+f4v7S5ZMqA3PmrKSnIaLmn1cwOaFUuax/KyGFLuB4o5WkAV
|
||||
username: AgAet+Fs6g0L/TC46Rz7L8vh0LuYWug+nz4McOQXlEDn/F+1PdwYDXLwd/9j+G2xBTybQde6ENPNS1Gpav7AoqY8CFIpb0sCkCeQD/gPzZmSWotUl+d8KJkfgqvKATbFVgH/CVHCgsWn8nU9A7q6vpoLioX1Pg/4p4s39Dja7fwHij0l1//cSumfnu2dIkBaIr0uOVTAZoMZhwYjnYnVXSlA9INDtaw/B0jkr80F2/d/VY9lheQKV6EpypCvevKp+ZJHp/XliFXlas8o4KVA4pQcDr9iQVQAt5ywrdJcTDVVFOSZkFuZDHSorEWzPQYgnqqrAqYVmQQUyAme3fwLZ/u5dDpPSY7YDrO80fzwnr2KF5XU3V2JMnR4Gka7hc08Psq5ayveqQpH1CbHg8peS/d27Ks21N4AXPIDsH11ejpJdvIUifYX0WoytUnukyT4ChOqfGOOEw2e/oF3LzIC4jco2df3uipuYXxEFgj9j8zpfyGkCbqmLIqh1imVNLmAIzhZX9rnf9jaU+wi8DpANPzrcWMtrpLuWKoCSNRMW2yViMfoVpLzPQcHyn36U4GmYToq1NHRl4tkcPMsPARErmtdTTqrSHyViyoPKY7/1MW8/fA5pJuMeXAic9MZiM1r7LbsNpJwGfaXDBhurXEgMna23C8fVjbTUL16y2R1FQEjQ+/qaFNhwcyPxDoPL/ir7EVJXo3ezF0=
|
||||
template:
|
||||
data: null
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: ldapwrapper
|
||||
type: mount/smb
|
16
services/LdapWrapper/sealedsecret-smb-credentials.yaml
Normal file
16
services/LdapWrapper/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: ldapwrapper
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgBc2k0pHG/YT8gHBugDzpAreGsVlDLQJeQnGEn6lzk97Gv1F2RSBy5pASx6WgMX1P/OU4+MPD1QkAIHRQowUTXH2/YDsEKUO/8n93kXnWRr3LOc0hjKGeHCUWdyzre8fU07g4+6dcKopNRGY53nCBNTSQG0DOQOiyCzkEgGDQYLFLk6cnN0B2n2sYRgkNJQCRXUbjKIWaNc8xbmzMrWb+qCBarP75J0c42249K0cpVS/u8txpmWOOtPfngIRh6wV+r5/3W7CwXuNBSUHa+Sm18j/guvIIloN2m5nHY/jXFopekIr02lHv4ANO24EZ1N4V4Uo9TvVV/agNGAU9nK0a0ebZ8W4wjvhiKwMiBOHWp55E3+oA8mP4C9ZC1hkhgbyBi9rK/9ZhVvoB+Q1rl+FD8bdbMcuTYDU9lt799MOThpbR1ti9gj3hO4Yz/GACN7rCJhpb+MIQywrdpRlO2eME1ssVKSmedEAVp/efLfNgfNhlLDl0rZ/I4vwwiQ5JBNsrNwKIoIhneC98ouRJdrZUWFWU0p95dbActr3qmAZQNJbfJ+UktPWSWxd+HW7LqvmYB1A0BT628GLBM5SvXWx0+ye7MLS/t8hJM/cqtOtdwdzoTZZfZv2dCnDQ0WtsZfXAdnigitA7UES3TzapIgdim3d6ujvnOY0OfJcKKSsKh7GQw451dKWUzTWafkciWoaWRBZnTmEgt6zz0Be0hQCfJm
|
||||
username: AgAMIlu1M5O+fL3DJvdgSHkLpp8QDYXada4cFGTOGREY/1VonKhnmCDvgchsDzZY4DFiXn/nRxljlc8PalZsDmZ+6CZCmnJpMVSehrDw0gUigLgf0fFccJ8Sqk/kb3RTfZUYu906xUVHCQg7XeVaNyOaVZVfxB/SpPV33Y41nt4rjlwwIs+haQA1HoJLekANsR8YTDJABa/PFj/+oX2WS3OHXJvRtCeSSmPR3WJWJXQYQQewakMNqOuGTRjXSvHw95XJPnyYJiwHL8b+fdZRKxPpJwhRvKNmj+reosJkKeaq/M6cERLixJo8RpFATNAnv8BcKMbslMRQB+cn5HlfX5afMS8E1k/nPHa/3uSjNCuFoc1w4t9FjNMjfQrvDMxTIaJ78py0eZHznBO9uGdr1gDwZHzgcLJSFKL2aH8AdGTivRk7qKegCcWvFxtujGUWyXNnCV/6S1n9V4gvk62tnxNMbC5alCo8cAehJfJMyQrozyWH3mtnn7a61brPh+LVMeSne6dl6RRctQY7ZG0ypH7r1UxQczvkwuafVFvY+EfuKRM95SV41wo8Nyunb1MpXte77QLFpBnDxs/td14/i8QDJMjHIw0dItmtEbvPOaLMiyIk6kIGYRksyVwAQOHdEJISUJPnF8wcCeC3gpbXukSpgmQFQeyGsMgiRPlKYGFRq1nk8gIDMtUn5k1cZsMPX9G43vBGU4M=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: ldapwrapper
|
||||
type: Opaque
|
18
services/Lighttpd/application-lighttpd.yaml
Normal file
18
services/Lighttpd/application-lighttpd.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: lighttpd
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
namespace: lighttpd
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/Lighttpd
|
||||
targetRevision: HEAD
|
@ -30,9 +30,7 @@ spec:
|
||||
subPath: .htpasswd
|
||||
- name: configmap-lighttpd-vhosts
|
||||
mountPath: /etc/lighttpd/vhosts.d
|
||||
- name: flexvolsmb-lighttpd-data
|
||||
mountPath: /data/scripts
|
||||
- name: flexvolsmb-lighttpd-websites
|
||||
- name: csismb-lighttpd-websites
|
||||
mountPath: /var/www/
|
||||
volumes:
|
||||
- name: configmap-lighttpd-conf
|
||||
@ -41,9 +39,6 @@ spec:
|
||||
- name: configmap-lighttpd-vhosts
|
||||
configMap:
|
||||
name: configmap-lighttpd-vhosts
|
||||
- name: flexvolsmb-lighttpd-data
|
||||
- name: csismb-lighttpd-websites
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-lighttpd-data
|
||||
- name: flexvolsmb-lighttpd-websites
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-lighttpd-websites
|
||||
claimName: csismb-lighttpd-websites
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: lighttpd
|
||||
@ -14,4 +14,4 @@ spec:
|
||||
port: 8080
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: compression@file
|
||||
|
@ -0,0 +1,31 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-lighttpd-websites
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-lighttpd-websites
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#lighttpd#websites
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: lighttpd/websites
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: lighttpd
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-lighttpd-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-lighttpd-data
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/lighttpd/data
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-lighttpd-websites
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-lighttpd-websites
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/lighttpd/websites
|
@ -1,12 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-lighttpd-data
|
||||
name: csismb-lighttpd-websites
|
||||
namespace: lighttpd
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-lighttpd-data
|
||||
storageClassName: csismb-lighttpd-websites
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-lighttpd-websites
|
||||
namespace: lighttpd
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-lighttpd-websites
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,16 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: lighttpd
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAc9UFx4rs5SmuntY7dUxf80geDlDc/zn9SaGWu4Z5n9aWJZZWlrAAq081fTeb4jjiR3bjdlKqgwLkKiIgkYlp1nBgfLsLo5rE49c8eo+s0x+0L2gVj9ArqHWD5hw76evnD73AU3zuQGNoHg7x7iUmyCtBk9kLDQTXWsLkSnb0HLB7knOqQjK8C1uC4eTdjQRLmhevQAl/oxiDZ8lf/xkj7GH3o0Gp6DKiGetnKYsaJJGPeImdAQzHMlH7F0ypQGMeyWU9zh4ro8a8G+Sxorjz45ws/ORpN6jWifnDX0xshVjsVM/hD98xui7thsf++B8JxZK0i+sls0zpgtJvKyzJJytOXknPNMyqG+S5QN94iFfoCnP1ZgBGdEJVI7c+RXFekenXSNgrCqjCEHy+L09AjTXOwrtPfQovhw7ai7lAsE6f4N5uU8XbYdbqh6jG442ZowWyl0vpVa1Ea93Fy205vxoncasAiO0UT0UcMxekZ5jzeJU8crxieCtck7Z65GsHWuoWLSH2PX43k1JSKMG5zbZNvOszjR58fXHdj/HjXug9K5hHJekNk0A4+iAY/SwdzxaTCKbQgly4HTHX2JqBHMXRDYGm15qns/R5O48XcEs7aEWWVDvYyeiDrSM0il/29kMNb+vwzaPOdSwfb5GShZcirRWQgAdPdEM36Z6O1h+EoeazO6/Hj+JYf+DcX8/5DuC1nTkhQj9NFmoLzrHtc
|
||||
username: AgDW9pYxGa/I0NBjXWcqcHZY2ZSY9IUd/sOyg40e6T5wPSioUgWqn3tf3EzNqUVJsSJndKWZnagXZGMafkYS3WYOsrIiSR4jyAtHc7t7D9TGw8dEzXeP8UF+ICCpd3YzD7856+Xov9pmXziHS1gT5hqywdFEruoiR9gtbrdEqG0PHFt96Bcve5JillbFWh2VsRBe4gMKoRfjGHd69voGsqkn3H4VwHITRWixNploRXOyq1+hO49Ka+Rs4TbQvXWTVAyqYZEWWKC9W0S8CN3mhzBDg+JNHSzsd1BqQNQ+lJ9S12gaTphWH5v+IUSlCWsIGDjwC5oKTzy5IYcw5V/DcfMl8/vYexb2dB4nQo0vJb1Ip+HPrBSl3HvV/Vz7Tq2fXN0h7QvyUjeEsTQaMrYe47AuMBCiNcmUY5z1KwNMfNjXSYbJEqLZ25ABj2xNq2GefZhWcBOl3zkQExgGfrmfh8eSzThMkfY8NpWho9DfitD44a9B9J2hGn5H/eUKbEJXLYs8JKXXBfSYZQJS7ac/ub/iPDfefSPPXeJFPBZIwnSP/khp9D/6/4tVQyT1XijJBrD2FkcX6nE5fcrnVmJtGEv6YBkOSyszJqtTBjXbHQuNnyCc2R//ybPev+CIyGvD2uZwN5b/8nKbABweLPRKpRJlM2v4e1N/Y70hxSOIN5iFd7FSG/8QV0U8Jm6ZI7xkoHAAitu8A2U=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: lighttpd
|
||||
type: mount/smb
|
16
services/Lighttpd/sealedsecret-smb-credentials.yaml
Normal file
16
services/Lighttpd/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: lighttpd
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgCVf7upjlA1IEYq6QwaF3UTbqgd+Hw7910Zy1GKI99ii+StJmv/8U5AdN17ceEQVfkGpTgdgZ+crL72HKjkAWaEXKJDatHvvE2nbE1WjDcLke87Fff4aZAXrQQFi3Vxj6lcGlUlWnDME+Rer7XlGLZGuP5N4z9C+uXurWaEHa8NO/zC92H/UGuNbIZUeQaMIYe9yVuAQ7/S8GSjdWORepbK3k35b4nH9uuDqIt03eoPz9H1ngYH/vqT9L094srGeNTuuAgHpPua+8+QR62ZjBPxIU71bWu3FKZjqzKYuv5pPCm41No0kWU/+odsEDzzdOr2WKnEIxpbedli4FzoSXcTkCIEgUtOjqsxHuulP8hroy3C8h2Pi30OtxMGAocF06y51A1SXcawmP5toqHYqq0r1hj0VIqJBisOxrDJiad577au6lB7BIJ9go8pU+Sk7XLpNenUhOZ0nyjVv6ziZLZYAcETPVPZIypP8EoNNfFUUy3OCx/cX8Bcxg0U5owOMsnf/U0Bh5Bn2oR0Hnf7ry/EFIlYzYVxNGOYZlOIc2RJSW4SO06ly4cJfyG/nkmvtvvY54caivygh+nCKiX/nEoNnNH/HoGBU+OsGmnAc/4QEC/S1mHKYedSuTmz3SllkM4VOgBi0W/sZPLquO4JNMtxyUu93lRLjsDVTBEAeaAjI3axb19z+HGuiBzH/ydg81YMd3fv24xgi+FX8OiZoZaJ
|
||||
username: AgBQKX7gfhaqhYGrOTZVKVEv3BcQlYHQ9hPUW38iaKCPQL5DBbye3oMkXgt6EE4rJAXF2XkZyPp/mbJY8hkqSoLxyCTakf3FJjLfcPx3q3VbS8k1kgkCeolm9iJHMhrGKhwXhi6di0ETY4olESDLeCkO91pQCTfKaoN8M7dYFW6AOuWkPy90fo6ehgo4V0ylTazTOnPdQi0+topJRPrpGvDlkE09Gc4CYivEb6G1nFSZq/fVCG8QqmUbo/y6jjURzy3DeYR7abmasWYwig/GoOAY7WkPJYCw9uCBJrgkcKlbjuUTCjFXb4fIF6Q6PLjHWo2sRTjwGgBSt3LwNNzFTC2uoX7sO1LhJPognkXS/WRAXg4TWmZ+8hOIE+LM7sHrEramanrxMzTMx7HHRFT+pD++/BrYBGr0J1Po/IDb0cyaREkDukGGKFH9cABxVUTHKw583YNSMEY1FcDuslcohafVVN12uCykKo7ls/xOGjxwNnBtei64vbG77WcsCuRbPIMpLbneB8TShQAGJjDNuX6qRaT88hRN+kTwdy1wdGT5y6x/KcfY9BGl65dnR74TlonuIvWRaPnqwScHTJnMrBZubaKEoNnb8WL7Pd+f4M/W/s8DgAqpmSuILisg7wQZJ91CoZVAWvCX9cNHQ8eDmtVIaMZeZlkNCwIdJiJLC9iAB54ANDVeMjkLJ/4p44fOGWATbxoZgek=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: lighttpd
|
||||
type: Opaque
|
18
services/Memos/application-memos.yaml
Normal file
18
services/Memos/application-memos.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: memos
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
namespace: memos
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/Memos
|
||||
targetRevision: HEAD
|
@ -17,7 +17,8 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: app
|
||||
image: neosmemo/memos:stable
|
||||
image: neosmemo/memos:0.24
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MEMOS_PORT
|
||||
value: '5230'
|
||||
@ -26,8 +27,8 @@ spec:
|
||||
containerPort: 5230
|
||||
volumeMounts:
|
||||
- mountPath: /var/opt/memos
|
||||
name: flexvolsmb-memos-data
|
||||
name: csismb-memos-data
|
||||
volumes:
|
||||
- name: flexvolsmb-memos-data
|
||||
- name: csismb-memos-data
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-memos-data
|
||||
claimName: csismb-memos-data
|
||||
|
@ -1,4 +1,4 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: memos
|
||||
@ -14,4 +14,4 @@ spec:
|
||||
port: 5230
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: compression@file
|
||||
|
33
services/Memos/persistentvolume-csismb-memos-data.yaml
Normal file
33
services/Memos/persistentvolume-csismb-memos-data.yaml
Normal file
@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-memos-data
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-memos-data
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- uid=1001
|
||||
- gid=1001
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#memos#data
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: memos/data
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: memos
|
@ -1,19 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: flexvolsmb-memos-data
|
||||
namespace: memos
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-memos-data
|
||||
flexVolume:
|
||||
driver: mount/smb
|
||||
secretRef:
|
||||
name: flexvolsmb-credentials
|
||||
options:
|
||||
opts: file_mode=0600,dir_mode=0700,uid=1001,gid=1001,iocharset=utf8,nobrl
|
||||
server: 192.168.154.225
|
||||
share: /K3s.Volumes/memos/data
|
@ -1,12 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: flexvolsmb-memos-data
|
||||
name: csismb-memos-data
|
||||
namespace: memos
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: flexvolsmb-memos-data
|
||||
storageClassName: csismb-memos-data
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,16 +0,0 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: memos
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgBeEaCDaKwgafALNYq/ykvhoYtC9N+1D+DN37HrwpGEEbw8cXKBdmO7cV3hRL/uT9FvvCh3g0fq7a0xozjZiFDxzUM5V+pY37ENvoDBepbdAktwCXFhXmarSHVuLH0q8j8eS3OFYUR2Xdh6eivhpeYEqs0kC8G9VaplHWFGLJQBDKDKg3pfhlPu9E9FX7uspYHKazMfS6L0x9bxJl/hktl33Mh+kEprMcppYocdI3SNoR3OGvbwiZIpLG/ihavviybmzsRofUT8/s27ACX6URym7KCy/+Sq0hx4e5qCN30rYl2HkdKZmY91YPunnT+UmHuH30Vj52uFNV/ySd3P+G9hRE2BVNFvaZ5Mu4BA5Ei+F2l8xJar9NJ0mi2VYbIjWarQmvcaywfHR1TsQ5lmhSxHuJhx4tllTKcDHBl1wTWkRRWIjWWvRdjcCwNpAKGiKvbExxI715JgmFn/4wOvlX7UkRBUr3QAhVzNHVbd8mexlotqTIaPVXEjJ79Oc61yAU5Q1ZFLzpeDbI/Rz1egjBXsAW0V4ojA6TDKiyBEs9g3WoTjI3Ziwn31Rmg1r0/Vc2uJERcMU0i+Chh49duyurL3K6AKBfm7NHh6bwABUnYtb2BQj+CBK8Bkm3XWfLo8ul4hZarYwg2nE/tY2ZVIS1Jc7XpiZAhpBqF4Drz46lKY5Pi45atMmZt6rGAdx3LbZdk87DMqMnEdzX+PXLWSBQQJ
|
||||
username: AgAJdgjk+DU8EhLKSHE/H3i4D/lwrzzmi5SqCc5XT6aMFnZ7hAtdubd6qH2QfpvS0EpjHn0C4WeT6JdUAvB4w5Ee3MPRmxrUlt4zfOjXtv7mrnrOaEunlczKxOJDZp+J8NsBb3fgzCfoZilAi9uewffDJ6YXxSwNTgBpx1JGB7c7QDxvYh3L0whqQN87hrw9ZObFVSTUztTQQH7QgDIBRUTH+1YkMHftkzKLdvwRdcKrQ3NYIqbcQFsFlelTVWQYfQ8WteR7k1H4QABe3oeCnm7OD3dwQbbuksd+sA5i4lsYHIPVQW46hcxhRk46ONTyB5HeSfSITE//p2XU3PLYoKWjvUC71vJkFtT4eFE50hoSdGZW7CsNJnnFGMXobhhtvPWJ4TdzM8bRNGHpmxxigTIKM/GNuhckuUNcHlFTYdqEglJpBAWpaDcgIiqaDV9S/AajSk8jwBNG7OQYNmJUiLe1ZyZR2JSVyFszCzJe9/I8k1RK5HEbBYpRd46oZS+qgD4/4t3P/9fF7I7IlMNjBdBDb4HGs9lMdnNQyXYaelMmPWrbw8FOSfV1QggKkcE4j2D2j60AmljLxVadnr0r1oB+NPsCDmo24BYhjMgSZY79vDcRK+sy9475A+UE7ACJYKdYHkh0tyriSn/Dnp/XXfr7dIi78dAd4q6DfTuLOgfKTe6MORktxgTvWKe+dcOXZGGKik9DLk8=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: flexvolsmb-credentials
|
||||
namespace: memos
|
||||
type: mount/smb
|
16
services/Memos/sealedsecret-smb-credentials.yaml
Normal file
16
services/Memos/sealedsecret-smb-credentials.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: memos
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgBp0xmRNTIUJ8c50lsNFa4SsT3HjJ5tMTR5QdCZBVlGDiYl7ZlL7nX7VMyR2aZf5awEh4fnSd145kj2NxIhrPVi0rdviH4BsmybNLf6WJzEKG6wQnJvD8d74RHsKV9NDkuOixld8qBwMBEo3WkfOPn2VYMYZrBM7H+7DGBiXcXOUG5vZ8W+au5FePluWGNsaJYEvOiyESla/jLYraKYFDq2mIl8kZdvVY9U5vc+ITa7ktgp0irtjm8wzv8M2/AY/FKk7PNZjE2vYQXYzhTSPZDzizDLRvvun/83yCvVLrHCLG7mcTyHB+6bDITSF5XSymxkAbU9MN455PLDzBcZJyH1QRO3Yi6dFY1vXA9q1vaboanxkInFaMQW/IZsR+GExVAGc+MZ9Q8kIT6tKVu6vw3PSCVUOlkbIJGdH8WPsdASTYpdusnt2NW9idjqc1bLXdCBqh3aMzwKTiD6wpA1kAWdCVpxkDdMZFg/E9sQJTqjD5XCRh0SvHOlrd2ZteHqyYLPYx1tkCDpN33b0K24XatftReKHlYnXum+RympNLYWs6cUyeegAAfauvrI4wqEhkB1oXvri1wRqAVKxo21hqf9Z0vPd0azkJ5+BA34QG0nfUskgNkvyJwNL7iwKgFasU+YziVHh21ZP8RxNRwzmNNcvcR/WiLrz7rfA05Pok/+q/7YLr5+QsxFbgemwXKbOUvARjHxi6tpqEoDp4r4jHG8
|
||||
username: AgB3UU+q37U0s3SPnnb1YtIgxPIPGaogzc7L199wtqUHY1QJ0Z+yHegbtE0TU+c+RhpjGO41ntVnQiW5+V777G2Zs43ehJQmChSf6AXRtLTVeSRTzztlB3tACZfzglrU07LaGWkigAszLtTwJLkt9yFADewGlPEzY9EGSe3xFReA4TRIpqlNLlDwPBx/eI5TqehXtYkPQN4/+xsA2iWjJrVj8MxPvvQaj9Alhxfs51QYXmg/i2sC15+CG5ndSWhouvmzdqAYyb/L2JvqTcJludrMT4r3UhEAbfG1YLvPoigpkF1pVY3+hz1c1kb6YgmxBwGe/w/Ys6wjJIa1aESkf0xTTpfr6bys96T0VvI1GlC3WhU0jJJ42VjuSqfdwqFrLwCyoZNMB5MLmQLe5XrBz3bQ7DOA2MBdTSU0Pbd21hMxTnNtGsOa0rycm4u0o3mV3mwYQCzhIiMHZHfIQe1ULNwA3/c6yTRtWIClYFgVcPEgfwKBdVBM+hWEHCuol2XjHPXHdWeqCYr5fjjF8ain3LcDYJoiwXXtC6+G8s1u+LGX6pXlWNpWrUQMK8Ps1lC+5QxaJZFafHCTxcYbFRaQ5Zp92wfkfbfkqXc9W0KzkxeCIdkWRZgCcSac32oobcarjIlgF6tvnQ67NsGT9xV9vZkBs+eI7uCT/ohtwm7gNdmq5t0RPE0ScgWxqf+NgiCqlc5gpOTmsic=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: memos
|
||||
type: Opaque
|
@ -1,22 +0,0 @@
|
||||
minecraftServer:
|
||||
eula: "true"
|
||||
serverName: Clydebank Rd Survival
|
||||
|
||||
serviceType: LoadBalancer
|
||||
loadBalancerIP: 192.168.154.240
|
||||
|
||||
cheats: true
|
||||
|
||||
ops: "2533274801327950"
|
||||
|
||||
persistence:
|
||||
storageClass: "smb-csi"
|
||||
dataDir:
|
||||
enabled: true
|
||||
Size: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
|
||||
extraEnv:
|
||||
ENABLE_ROLLING_LOGS: true
|
||||
OVERRIDE_SERVER_PROPERTIES: true
|
30
services/PVR/Jellyfin/application-jellyfin.yaml
Normal file
30
services/PVR/Jellyfin/application-jellyfin.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: jellyfin
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: jellyfin
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/PVR/Jellyfin/manifests
|
||||
targetRevision: HEAD
|
||||
- repoURL: https://jellyfin.github.io/jellyfin-helm
|
||||
chart: jellyfin
|
||||
targetRevision: 2.3.0
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/services/PVR/Jellyfin/values.yaml
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
# - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
|
||||
# targetRevision: master
|
||||
# ref: values
|
@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-jellyfin-config
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-jellyfin-config
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- uid=911
|
||||
- gid=911
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#jellyfin#config
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: jellyfin/config
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: jellyfin
|
@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-jellyfin-movies
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-jellyfin-movies
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- uid=911
|
||||
- gid=911
|
||||
# - nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#jellyfin#movies
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/Public
|
||||
subDir: Video's/Films
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: jellyfin
|
@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-jellyfin-series
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-jellyfin-series
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- uid=911
|
||||
- gid=911
|
||||
# - nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#jellyfin#series
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/Public
|
||||
subDir: Video's/Series
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: jellyfin
|
@ -0,0 +1,12 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: csismb-jellyfin-config
|
||||
namespace: jellyfin
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: csismb-jellyfin-config
|
@ -0,0 +1,12 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: csismb-jellyfin-movies
|
||||
namespace: jellyfin
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: csismb-jellyfin-movies
|
@ -0,0 +1,12 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: csismb-jellyfin-series
|
||||
namespace: jellyfin
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: csismb-jellyfin-series
|
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: jellyfin
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAKjCGM2YuuGiRc2ix7Hh3f71QfBH16jrU6i3WFH1ypVWwpkIsiiV1SGYfxUMuweW0xByl+54DvtWEpI9dJglvZpDgfdP4Br4jrzeF0if5eAnQA1nC2CXYAps49Do2YKR8umudp7J+Januugh8lRNz2RQUcDV0vtPWZJGOLTUK8ha4pL87IhQeGojW9eBc+iAL5pypWIyCsKJ0y8eq4JP6ZpO12XtNggcqa/QVdJrKAVJZnEjIHMO+g5mblNmrM+xjLQhsynHZE+88tPjpAFSpsymhT+841dd7yQqWN4WlSuVkPiDEKJHrSV/q+BQliVHXzWupdYJ2NXQn1R0Xzaw7IROEvk1Dhob4sQaYhI4m1hX0uD2ldYnY2KHY0FFMXJz+rIN/yNSokk+P8/Uh6qtslHfCHfanGtIZrAN2HZz83Q0CJu6YIzSgn1K05NDvXSJ2oRRs3RgootVXYiwm7snrDyAm1nLZ07fxP0omq5ZN1G5HzCZhYV6JCeF1MSejI89oK9cbmqJJFOcOVjs8PBFlFhFJrcsWJjx9z1e9GhNJKBj4xp7rX+nU+kXBqxlp2ZbliUJd8jlFKsihWj4T02ppekFwZee7ryLVhOllvd1QKwFKotwuhQVSJCiHFflKvwvcmqJ0nUv+L7COxPhFJHrmsCNmRH06hYIWoLYu61R+1U/ZY5BRXeWeClYKdAZOjahH5e+4f68kEUiGpb7tOWgNC
|
||||
username: AgA/L2pauimeaL9iM9ng0HK9biOqQojt07f1eFLu2P6s/KrCFIAp7ItfMIPRjb9W/QLcAPmaEnHTweMejw9c2cybewlDrr+UlqRUZbCsKoIjh9AkrRthJAIv01u+KLGNrCpzsNeGdGc3QaBS1wE/DiYEN3tvgfcc6o/9wen9bGSaN/jJ1bfHfDIdO1Ccuo+92oIYxQbfl7M1Cm+9K8/LCOdNdT6vZr9+3LfnE1h7Qd8cSRg1Oo82X49Qo7b6HLofz7Y9YN3syxLjnVKZu4LHpmVWPsA1OXDaK70g90gnfLdk5qT264Snp+74NTszKTa+Eyceuw4Ztqf0KoraFrWMG+dpTnQ2NAsFfIw5rp7Wh45xMpOU7GWlaWu9PtD4mYGFBOsNlJllfBzabPE8SL/nB0AAq8PPrt2qIpshMBi+DA53bVZ0+pG+bL6bBGboWDnebrzXYjX8x3iQcg433BcvxIS/AAYBRIlrReaoYuvh1+qETDv3gcQzH5S4g4s4cXAQuvLaEHGHHZbh9Y37cr6SN/RsTv8L8ZEYprDf37sFJPx+JPDAXwhxvjl8i1a7ehAr3uSTrqg0AfPqdhC4ZrPN5QMGXGdhxzInsEzG3IRW1Xpey3ioD4coreywm2xZ4iMTtAL9RXAYbFAhRCPPpe+5hnsNZbNTIlFwyPldaLwZC8CGkqA4AJx+4FUFes5pbg0jgQoPNGDlgLo=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: jellyfin
|
||||
type: Opaque
|
47
services/PVR/Jellyfin/values.yaml
Normal file
47
services/PVR/Jellyfin/values.yaml
Normal file
@ -0,0 +1,47 @@
|
||||
ingress:
|
||||
enabled: true
|
||||
className: traefik
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.middlewares: security-headers@file
|
||||
hosts:
|
||||
- host: player.pvr.spamasaurus.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- "SYS_ADMIN"
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: true
|
||||
|
||||
volumes:
|
||||
- name: csismb-jellyfin-movies
|
||||
persistentVolumeClaim:
|
||||
claimName: csismb-jellyfin-movies
|
||||
- name: csismb-jellyfin-series
|
||||
persistentVolumeClaim:
|
||||
claimName: csismb-jellyfin-series
|
||||
- name: igpu
|
||||
hostPath:
|
||||
path: /dev/dri
|
||||
|
||||
volumeMounts:
|
||||
- name: csismb-jellyfin-movies
|
||||
mountPath: "/movies"
|
||||
- name: csismb-jellyfin-series
|
||||
mountPath: "/series"
|
||||
- name: igpu
|
||||
mountPath: /dev/dri
|
||||
|
||||
# jellyfin: {}
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
size: 5Gi
|
||||
existingClaim: csismb-jellyfin-config
|
||||
media:
|
||||
enabled: false
|
27
services/PVR/Jellyseerr/application-jellyseerr.yaml
Normal file
27
services/PVR/Jellyseerr/application-jellyseerr.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: jellyseerr
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: jellyseerr
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/PVR/Jellyseerr/manifests
|
||||
targetRevision: HEAD
|
||||
- repoURL: ghcr.io/fallenbagel/jellyseerr
|
||||
chart: jellyseerr-chart
|
||||
targetRevision: 2.4.0
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/services/PVR/Jellyseerr/values.yaml
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
targetRevision: HEAD
|
||||
ref: values
|
@ -0,0 +1,33 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
annotations:
|
||||
pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
|
||||
name: csismb-jellyseerr-config
|
||||
spec:
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: csismb-jellyseerr-config
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- uid=911
|
||||
- gid=911
|
||||
- nobrl
|
||||
- cache=none
|
||||
- mfsymlinks
|
||||
- noserverino # required to prevent data corruption
|
||||
csi:
|
||||
driver: smb.csi.k8s.io
|
||||
# volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
|
||||
# make sure this value is unique for every share in the cluster
|
||||
volumeHandle: 192.168.154.195#jellyseerr#config
|
||||
volumeAttributes:
|
||||
source: //192.168.154.195/K3s.Volumes
|
||||
subDir: jellyseerr/config
|
||||
nodeStageSecretRef:
|
||||
name: smb-credentials
|
||||
namespace: jellyseerr
|
@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: csismb-jellyseerr-config
|
||||
namespace: jellyseerr
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: csismb-jellyseerr-config
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: jellyseerr
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAXVD3WsMzueRvwCYyh5mrkZsWr6vtR2WegrW3lMa3etjOAAy7ARhrx25pmfX3vzo0PaEbZBLyusMQ04hU0n96TG4+Q5k3H61t9KO6JIjJl3/4myMWfok6H+UuR6qpJl+H3H+A6lYm3M/rwpzvWrq7r3TiepYARHm+MLhI2zSwXn322Pht7Gu8yrshx0mq7ADf/rko9iBBixSGUOuol3eMG+5JNfVCdgb4EQWl5qUwZmXQjWN1Kp3lqRAKXpS5bxqwAmKFP0WRAlMsI63ZBdJeFg+hYcV3PTssDbL6I4hDa+8cVqOMN/JDYnZnNkPxIFy1X7hlOONfNVAda0PYgQO+C2fGuLBFyK2YVcL2uAn84FlEMshdaDpJ0AYlDndattbXSjUVXN04E3/wTsDo5bKzivamyphjeeLlrK0O82yJJvhBPvrQvy0LMtpoIIk39rlctckJKInZbFrl7wCVPUj3d1oCTV4z+quBNIFNCUZmK0aWvjmctW5h6zCFhSnyoWSsc8u+u2Zu/H3vCE3aPSfqg+DLKjv9Dz+itPFMU57kS6SfgcREVeNiqH97Y5wA/wOFcDutb7HHS7dw/l4QCwkBqJiVHDWe45tEsi1ZYmdBlNjKTjCtYzEpxcaO1d6HfRhA2JryrUpqH+WNM1kNA00yTIvfDDC+yKAaEN6y64sUEDhI33ygipo2LLuvB9Moy7DVyBCjYHVtnU0yQiEBoonFn
|
||||
username: AgAGdnx+CIi0PFgSUx+X2LFChH9IlcMAXjlkB0rqM3XM0ht4ghl9HKk4nLa0R2cho6ISSNfpKeBQItMOTxmb5wWbkav0uTLone0nF4Eq0eKysQ4L0yApvKfipl0ZiVb4Z9hsve7MyVcNuE/H5NqLMkgqNPkLaK4yixlxb3KTwDi7/K8NvZjf0a073c1rpfgvbiV7Aodbda+2dmnAcI7k398RuEqTeY7xeBIgg4nR5grsDV448RIeouRX1t4NFvVwdF/6xaVTc085iTxoH9HWf5bpVbP8IxHUtbS+zjMxPz3rwZy1/0nXw8HOs+QFgtFIxNxgsQ1wIH5V46aufPzSc4JUCi0IpV3FsPlHMtv+6aFk4RNv/Z06aa+kT/WY2GHUU+3GdGoFVe2cV2Ty463K4SPluZ/R4UtVtRsCMp1SPkgMOZeUs0g9tK9CBu8l6+comSSny+ub2rAzGpRW0x/i5rEqXBsQqY28Gm36Cv175kB2UOXUTNAY868yaOzgo1LEgMyhFgKzYchju3nWFxyhY+AoG06XRSKzU1ClqlkCwnQBu77Yxu+FjZqXbv6ywUa9TvSVcs8RLGXX/+svM/xXztuots26VMrHLUfcnE23NIHSVkDy5JfDbzn6i2nUnOOJzrm+DUTeRQziu7LIlCFLVjVjygegupMMSC2+F8FbOyKuu5GDBXkZqycfM+n0CA+6Sh+Rrh2LqT4=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: smb-credentials
|
||||
namespace: jellyseerr
|
||||
type: Opaque
|
15
services/PVR/Jellyseerr/values.yaml
Normal file
15
services/PVR/Jellyseerr/values.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
hosts:
|
||||
- host: requests.pvr.spamasaurus.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
|
||||
config:
|
||||
persistence:
|
||||
name: csismb-jellyseerr-config
|
||||
storageClass: csismb-jellyseerr-config
|
||||
accessModes: ["ReadWriteMany"]
|
||||
size: 1Gi
|
@ -1,34 +0,0 @@
|
||||
image:
|
||||
pullPolicy: Always
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
|
||||
url: media.pvr.spamasaurus.com
|
||||
|
||||
pms:
|
||||
configStorage: 20Gi
|
||||
|
||||
resources:
|
||||
limits:
|
||||
gpu.intel.com/i915: "1"
|
||||
requests:
|
||||
gpu.intel.com/i915: "1"
|
||||
|
||||
extraVolumeMounts:
|
||||
- name: flexvolsmb-pvr-movies
|
||||
mountPath: /movies
|
||||
- name: flexvolsmb-pvr-series
|
||||
mountPath: /series
|
||||
|
||||
extraVolumes:
|
||||
- name: flexvolsmb-pvr-movies
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-pvr-movies
|
||||
- name: flexvolsmb-pvr-series
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-pvr-series
|
||||
|
||||
# extraEnv:
|
||||
# PLEX_CLAIM: "claim-EzKU3rNVbWtc3qY_y7wq"
|
@ -1,4 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: syncthing
|
||||
name: prowlarr
|
18
services/PVR/Prowlarr/application-prowlarr.yaml
Normal file
18
services/PVR/Prowlarr/application-prowlarr.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: prowlarr
|
||||
namespace: argo-cd
|
||||
spec:
|
||||
destination:
|
||||
namespace: prowlarr
|
||||
server: https://kubernetes.default.svc
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated: {}
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
sources:
|
||||
- repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
|
||||
path: services/PVR/Prowlarr
|
||||
targetRevision: HEAD
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: prowlarr
|
||||
namespace: pvr
|
||||
namespace: prowlarr
|
||||
labels:
|
||||
app: prowlarr
|
||||
spec:
|
||||
@ -17,7 +17,6 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: prowlarr
|
||||
# image: bv11-cr01.bessems.eu/proxy/linuxserver/prowlarr:develop
|
||||
image: linuxserver/prowlarr:develop
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
@ -25,8 +24,8 @@ spec:
|
||||
containerPort: 9696
|
||||
volumeMounts:
|
||||
- mountPath: /config
|
||||
name: flexvolsmb-prowlarr-config
|
||||
name: csismb-prowlarr-config
|
||||
volumes:
|
||||
- name: flexvolsmb-prowlarr-config
|
||||
- name: csismb-prowlarr-config
|
||||
persistentVolumeClaim:
|
||||
claimName: flexvolsmb-prowlarr-config
|
||||
claimName: csismb-prowlarr-config
|
||||
|
@ -1,8 +1,8 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: prowlarr
|
||||
namespace: pvr
|
||||
namespace: prowlarr
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
@ -15,4 +15,4 @@ spec:
|
||||
middlewares:
|
||||
- name: 2fa-authentication@file
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - name: compression@file
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user