keligrubb/kubernetes
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Keli Grubb
2023-10-19 15:53:26 -04:00
commit cd37c1fbb3
24 changed files with 1031 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.woodpecker.yml Normal file
View File

@@ -0,0 +1,22 @@
steps:
dry-run:
when:
- branch:
exclude:
- main
image: bitnami/kubectl
secrets:
- kube_config
commands:
- echo "$KUBE_CONFIG" > ~/.kube/config
- DRU_RUN=true ./deploy.sh
deploy:
when:
- branch:
main
image: bitnami/kubectl
secrets:
- kube_config
commands:
- echo "$KUBE_CONFIG" > ~/.kube/config
- ./deploy.sh

4
README.md Normal file
View File

@@ -0,0 +1,4 @@
Homestead
===
This repo builds and manages the various services to keep a digital homestead up and running.

15
deploy.sh Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/sh
for namespace in namespaces/*; do
if [ "$DRY_RUN" = true ]; then
printf "\033[1;33m*******************************************************\n"
printf "Dry running changes to %s\n" "$(basename "$namespace")"
printf "*******************************************************\033[0m\n"
kubectl apply -f "$namespace" --dry-run=server
else
printf "\033[1;33m*******************************************************\n"
printf "Deploying changes to %s\n" "$(basename "$namespace")"
printf "*******************************************************\033[0m\n"
kubectl apply -f "$namespace"
fi
done

70
namespaces/git/gitea-chart.yml Normal file
View File

@@ -0,0 +1,70 @@
# helm repo add gitea-charts https://dl.gitea.io/charts/
# helm install gitea gitea-charts/gitea
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: gitea
namespace: git
spec:
chart: gitea
targetNamespace: git
repo: https://dl.gitea.io/charts/
version: 9.5.0
valuesContent: |-
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 200m
memory: 256Mi
redis-cluster:
enabled: false
postgresql:
enabled: true
postgresql-ha:
enabled: false
persistence:
enabled: true
gitea:
metrics:
enabled: true
serviceMonitor:
enabled: true
config:
picture:
ENABLE_FEDERATED_AVATAR: false
DISABLE_GRAVATAR: true
ui:
DEFAULT_THEME: arc-green
server:
ENABLE_PPROF: true
database:
DB_TYPE: postgres
session:
PROVIDER: db
cache:
ADAPTER: memory
queue:
TYPE: level
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
webhook:
ALLOWED_HOST_LIST: "external,loopback"
service:
ssh:
port: 22
annotations:
metallb.universe.tf/allow-shared-ip: test
ingress:
enabled: true
className: nginx
hosts:
- host: git.keligrubb.com
paths:
- path: /
pathType: Prefix
persistence:
storageClass: longhorn
size: 64Gi

4
namespaces/git/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: git

39
namespaces/git/woodpecker-chart.yml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: woodpecker
namespace: git
spec:
chart: woodpecker
targetNamespace: git
repo: https://woodpecker-ci.org/
version: 0.4.2
valuesContent: |-
server:
image:
tag: v1.0.3
env:
WOODPECKER_ADMIN: kgrubb
WOODPECKER_GITEA: true
WOODPECKER_GITEA_URL: http://git.keligrubb.com
WOODPECKER_GITEA_SKIP_VERIFY: true
WOODPECKER_HOST: http://ci.keligrubb.com
WOODPECKER_ORGS: homestead
extraSecretNamesForEnvFrom:
- woodpecker-gitea-client
- woodpecker-gitea-secret
ingress:
enabled: true
ingressClassName: nginx
hosts:
- host: ci.keligrubb.com
paths:
- path: /
backend:
serviceName: ci.keligrubb.com
servicePort: 80
agent:
image:
tag: v1.0.3
env:
WOODPECKER_GITEA: true

25
namespaces/ingress-nginx/ingress-nginx-chart.yml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
chart: ingress-nginx
targetNamespace: ingress-nginx
repo: https://kubernetes.github.io/ingress-nginx
version: 4.8.0
valuesContent: |-
controller:
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: prometheus
resources:
requests:
cpu: 100m
memory: 180Mi
limits:
cpu: 100m
memory: 180Mi

4
namespaces/ingress-nginx/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: ingress-nginx

173
namespaces/kube-system/helm-controller.yaml Normal file
View File

@@ -0,0 +1,173 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: helmcharts.helm.cattle.io
spec:
group: helm.cattle.io
names:
kind: HelmChart
plural: helmcharts
singular: helmchart
preserveUnknownFields: false
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.jobName
name: Job
type: string
- jsonPath: .spec.chart
name: Chart
type: string
- jsonPath: .spec.targetNamespace
name: TargetNamespace
type: string
- jsonPath: .spec.version
name: Version
type: string
- jsonPath: .spec.repo
name: Repo
type: string
- jsonPath: .spec.helmVersion
name: HelmVersion
type: string
- jsonPath: .spec.bootstrap
name: Bootstrap
type: string
name: v1
schema:
openAPIV3Schema:
properties:
spec:
properties:
authPassCredentials:
type: boolean
authSecret:
nullable: true
properties:
name:
nullable: true
type: string
type: object
backOffLimit:
nullable: true
type: integer
bootstrap:
type: boolean
chart:
nullable: true
type: string
chartContent:
nullable: true
type: string
createNamespace:
type: boolean
dockerRegistrySecret:
nullable: true
properties:
name:
nullable: true
type: string
type: object
failurePolicy:
nullable: true
type: string
helmVersion:
nullable: true
type: string
jobImage:
nullable: true
type: string
repo:
nullable: true
type: string
repoCA:
nullable: true
type: string
repoCAConfigMap:
nullable: true
properties:
name:
nullable: true
type: string
type: object
set:
additionalProperties:
x-kubernetes-int-or-string: true
nullable: true
type: object
targetNamespace:
nullable: true
type: string
timeout:
nullable: true
type: string
valuesContent:
nullable: true
type: string
version:
nullable: true
type: string
type: object
status:
properties:
jobName:
nullable: true
type: string
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: helmchartconfigs.helm.cattle.io
spec:
group: helm.cattle.io
names:
kind: HelmChartConfig
plural: helmchartconfigs
singular: helmchartconfig
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
spec:
properties:
failurePolicy:
nullable: true
type: string
valuesContent:
nullable: true
type: string
type: object
type: object
served: true
storage: true
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: helm-controller
name: helm-controller
spec:
replicas: 1
selector:
matchLabels:
app: helm-controller
template:
metadata:
labels:
app: helm-controller
spec:
containers:
- command:
- helm-controller
image: rancher/helm-controller:v0.15.4
name: helm-controller
---

200
namespaces/kube-system/metrics-server.yml Normal file
View File

@@ -0,0 +1,200 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --kubelet-insecure-tls
- --metric-resolution=15s
image: registry.k8s.io/metrics-server/metrics-server:v0.6.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 200m
memory: 400Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100

211
namespaces/kube-system/nodelocaldns.yml Normal file
View File

@@ -0,0 +1,211 @@
# Copyright 2018 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
apiVersion: v1
kind: ServiceAccount
metadata:
name: node-local-dns
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: v1
kind: Service
metadata:
name: kube-dns-upstream
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "KubeDNSUpstream"
spec:
ports:
- name: dns
port: 53
protocol: UDP
targetPort: 53
- name: dns-tcp
port: 53
protocol: TCP
targetPort: 53
selector:
k8s-app: kube-dns
---
apiVersion: v1
kind: ConfigMap
metadata:
name: node-local-dns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
data:
Corefile: |
cluster.local:53 {
errors
cache {
success 9984 30
denial 9984 5
}
reload
loop
bind 169.254.20.10 10.43.0.10
forward . __PILLAR__CLUSTER__DNS__ {
force_tcp
}
prometheus :9253
health 169.254.20.10:8080
}
in-addr.arpa:53 {
errors
cache 30
reload
loop
bind 169.254.20.10 10.43.0.10
forward . __PILLAR__CLUSTER__DNS__ {
force_tcp
}
prometheus :9253
}
ip6.arpa:53 {
errors
cache 30
reload
loop
bind 169.254.20.10 10.43.0.10
forward . __PILLAR__CLUSTER__DNS__ {
force_tcp
}
prometheus :9253
}
.:53 {
errors
cache 30
reload
loop
bind 169.254.20.10 10.43.0.10
forward . __PILLAR__UPSTREAM__SERVERS__
prometheus :9253
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: node-local-dns
namespace: kube-system
labels:
k8s-app: node-local-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 10%
selector:
matchLabels:
k8s-app: node-local-dns
template:
metadata:
labels:
k8s-app: node-local-dns
annotations:
prometheus.io/port: "9253"
prometheus.io/scrape: "true"
spec:
priorityClassName: system-node-critical
serviceAccountName: node-local-dns
hostNetwork: true
dnsPolicy: Default # Don't use cluster DNS.
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- effect: "NoExecute"
operator: "Exists"
- effect: "NoSchedule"
operator: "Exists"
containers:
- name: node-cache
image: registry.k8s.io/dns/k8s-dns-node-cache:1.22.23
resources:
requests:
cpu: 25m
memory: 5Mi
args: [ "-localip", "169.254.20.10,10.43.0.10", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ]
securityContext:
capabilities:
add:
- NET_ADMIN
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9253
name: metrics
protocol: TCP
livenessProbe:
httpGet:
host: 169.254.20.10
path: /health
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
volumeMounts:
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- name: config-volume
mountPath: /etc/coredns
- name: kube-dns-config
mountPath: /etc/kube-dns
volumes:
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- name: kube-dns-config
configMap:
name: kube-dns
optional: true
- name: config-volume
configMap:
name: node-local-dns
items:
- key: Corefile
path: Corefile.base
---
# A headless service is a service with a service IP but instead of load-balancing it will return the IPs of our associated Pods.
# We use this to expose metrics to Prometheus.
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "9253"
prometheus.io/scrape: "true"
labels:
k8s-app: node-local-dns
name: node-local-dns
namespace: kube-system
spec:
clusterIP: None
ports:
- name: metrics
port: 9253
targetPort: 9253
selector:
k8s-app: node-local-dns

15
namespaces/longhorn-system/longhorn-chart.yml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: longhorn
namespace: longhorn-system
spec:
chart: longhorn
targetNamespace: longhorn-system
repo: https://charts.longhorn.io
version: 1.5.1
valuesContent: |-
ingress:
enabled: true
ingressClassName: nginx
host: storage.keligrubb.com

4
namespaces/longhorn-system/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: longhorn-system

36
namespaces/metallb-system/metallb-chart.yml Normal file
View File

@@ -0,0 +1,36 @@
# helm repo add metallb https://metallb.github.io/metallb
# helm install metallb metallb/metallb
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: metallb
namespace: metallb-system
spec:
chart: metallb
targetNamespace: metallb-system
repo: https://metallb.github.io/metallb
version: 0.13.11
valuesContent: |-
prometheus:
serviceMonitor:
enabled: true
additionalLabels:
release: prometheus
serviceAccount: prometheus-kube-prometheus-prometheus
namespace: monitoring
controller:
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
speaker:
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi

18
namespaces/metallb-system/metallb-l2-addresspool.yml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default
namespace: metallb-system
spec:
addresses:
- 192.168.1.3-192.168.1.4
autoAssign: true
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system
spec:
ipAddressPools:
- default

4
namespaces/metallb-system/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: metallb-system

27
namespaces/minecraft/ingress.yml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minecraft-ingress
namespace: minecraft
labels:
name: minecraft-ingress
spec:
ingressClassName: nginx
rules:
- host: mc.keligrubb.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: minecraft
port:
number: 25565
- pathType: Prefix
path: "/"
backend:
service:
name: minecraft-voice
port:
number: 24454

39
namespaces/minecraft/minecraft-deployment.yml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minecraft
labels:
app: minecraft
namespace: minecraft
spec:
replicas: 1
selector:
matchLabels:
app: minecraft
template:
metadata:
labels:
app: minecraft
spec:
containers:
- name: minecraft-forge
image: kgrubb/forge:1.19
imagePullPolicy: Always
resources:
requests:
memory: "6144Mi"
cpu: "2"
limits:
memory: "8192Mi"
cpu: "4"
ports:
- containerPort: 25565
securityContext:
readOnlyRootFilesystem: false
volumeMounts:
- name: minecraft-world-saves
mountPath: /forge/world
volumes:
- name: minecraft-world-saves
persistentVolumeClaim:
claimName: minecraft-world-saves

15
namespaces/minecraft/minecraft-service.yml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: minecraft
annotations:
metallb.universe.tf/allow-shared-ip: minecraft
spec:
selector:
app: minecraft
ports:
- protocol: TCP
port: 25565
targetPort: 25565
type: LoadBalancer
loadBalancerIP: 192.168.1.4

15
namespaces/minecraft/minecraft-voice-service.yml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: minecraft-voice
annotations:
metallb.universe.tf/allow-shared-ip: minecraft
spec:
selector:
app: minecraft
ports:
- protocol: UDP
port: 24454
targetPort: 24454
type: LoadBalancer
loadBalancerIP: 192.168.1.4

4
namespaces/minecraft/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: minecraft

12
namespaces/minecraft/pvc.yml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minecraft-world-saves
namespace: minecraft
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 20Gi

71
namespaces/monitoring/kube-prometheus-stack-chart.yml Normal file
View File

@@ -0,0 +1,71 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: prometheus
namespace: monitoring
spec:
chart: kube-prometheus-stack
targetNamespace: monitoring
repo: https://prometheus-community.github.io/helm-charts
version: 51.5.3
valuesContent: |-
grafana:
defaultDashboardsTimezone: "US/Eastern"
ingress:
enabled: true
ingressClassName: nginx
paths:
- path: "/"
pathType: Prefix
hosts:
- monitoring.keligrubb.com
kubelet:
serviceMonitor:
metricRelabelings:
- action: replace
sourceLabels:
- node
targetLabel: instance
kube-state-metrics:
selfMonitor:
enabled: true
prometheus:
selfMonitor:
metricRelabelings:
- action: replace
regex: (.*)
replacement: $1
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: kubernetes_node
prometheus:
ingress:
enabled: true
ingressClassName: nginx
paths:
- /
hosts:
- prometheus.keligrubb.com
prometheusSpec:
replicaExternalLabelName: "replica"
ruleSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: fales
retention: 14d
retentionSize: "64GB"
enableAdminAPI: true
securityContext:
runAsUser: 0
runAsNonRoot: false
runAsGroup: 0
fsGroup: 65534
storageSpec:
volumeClaimTemplate:
spec:
storageclassname: longhorn
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi

4
namespaces/monitoring/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: monitoring