keligrubb/kubernetes
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

latest upgrades to the cluster

Browse Source
This commit is contained in:
Keli Grubb
2024-05-16 22:41:21 -04:00
parent ea43908aae
commit e408c7cf4e
15 changed files with 428 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
namespaces/cert-manager/cert-manager-chart.yml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: cert-manager
namespace: cert-manager
spec:
chart: cert-manager
targetNamespace: cert-manager
repo: https://charts.jetstack.io
# https://artifacthub.io/packages/helm/cert-manager/cert-manager
version: 1.14.5
valuesContent: |-
prometheus:
enabled: true
servicemonitor:
enabled: true
installCRDs: true
extraArgs:
- --dns01-recursive-nameservers-only

14
namespaces/cert-manager/issuer.yml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-cluster-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-cluster-issuer-account-key
solvers:
- http01:
ingress:
ingressClassName: nginx

4
namespaces/cert-manager/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: cert-manager

68
namespaces/git/default-role.yml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: default
namespace: git
rules:
- apiGroups:
- ""
resources:
- pods
- pods/log
- namespaces
- serviceaccounts
- persistentvolumeclaims
- services
- configmaps
verbs:
- watch
- create
- delete
- get
- list
- apiGroups:
- "apps"
resources:
- deployments
- daemonsets
verbs:
- get
- apiGroups:
- "helm.cattle.io"
resources:
- helmcharts
verbs:
- get
- apiGroups:
- "apiextensions.k8s.io"
resources:
- customresourcedefinitions
verbs:
- get
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
- clusterroles
- rolebindings
- clusterrolebindings
verbs:
- get
- apiGroups:
- "apiregistration.k8s.io"
resources:
- apiservices
verbs:
- get
- apiGroups:
- "metallb.io"
resources:
- ipaddresspools
- l2advertisements
verbs:
- get
- apiGroups:
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get

14
namespaces/git/gitea-chart.yml
View File

@@ -9,7 +9,7 @@ spec:
chart: gitea
targetNamespace: git
repo: https://dl.gitea.io/charts/
version: 9.5.1
version: 10.1.4
valuesContent: |-
resources:
limits:
@@ -27,6 +27,12 @@ spec:
persistence:
enabled: true
gitea:
admin:
existingSecret: gitea-admin-secret
email: keligrubb324@gmail.com
additionalConfigFromEnvs:
- name: GITEA__webhook__ALLOWED_HOST_LIST
value: "external,loopback,*.keligrubb.com"
metrics:
enabled: true
serviceMonitor:
@@ -63,6 +69,12 @@ spec:
paths:
- path: /
pathType: Prefix
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
tls:
- secretName: gitea-tls
hosts:
- git.keligrubb.com
persistence:
storageClass: longhorn
size: 64Gi

8
namespaces/git/woodpecker-chart.yml
View File

@@ -7,13 +7,11 @@ spec:
chart: woodpecker
targetNamespace: git
repo: https://woodpecker-ci.org/
version: 0.4.2
version: 1.3.0
valuesContent: |-
server:
image:
tag: v1.0.3
env:
WOODPECKER_ADMIN: kgrubb
WOODPECKER_ADMIN: keli.grubb
WOODPECKER_GITEA: true
WOODPECKER_GITEA_URL: http://git.keligrubb.com
WOODPECKER_GITEA_SKIP_VERIFY: true
@@ -33,7 +31,5 @@ spec:
serviceName: ci.keligrubb.com
servicePort: 80
agent:
image:
tag: v1.0.3
env:
WOODPECKER_GITEA: true

10
namespaces/ingress-nginx/ingress-nginx-chart.yml
View File

@@ -7,7 +7,7 @@ spec:
chart: ingress-nginx
targetNamespace: ingress-nginx
repo: https://kubernetes.github.io/ingress-nginx
version: 4.8.0
version: 4.10.1
valuesContent: |-
controller:
metrics:
@@ -18,10 +18,10 @@ spec:
release: prometheus
resources:
requests:
cpu: 100m
memory: 180Mi
cpu: 200m
memory: 200Mi
limits:
cpu: 100m
memory: 180Mi
cpu: 200m
memory: 200Mi
tcp:
22: git/gitea-ssh:22

60
namespaces/ingress-nginx/media.yml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: v1
kind: Service
metadata:
name: media
namespace: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8096
clusterIP: None
type: ClusterIP
---
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: media
namespace: ingress-nginx
labels:
kubernetes.io/service-name: media
addressType: IPv4
ports:
- name: http
protocol: TCP
port: 8096
endpoints:
- addresses:
- "192.168.1.178"
conditions:
ready: true
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: media
namespace: ingress-nginx
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
spec:
ingressClassName: "nginx"
tls:
- secretName: media-tls
hosts:
- media.keligrubb.com
rules:
- host: media.keligrubb.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: media
port:
number: 80

163
namespaces/kube-system/helm-controller.yaml
View File

@@ -77,6 +77,84 @@ spec:
jobImage:
nullable: true
type: string
podSecurityContext:
nullable: true
properties:
fsGroup:
nullable: true
type: integer
fsGroupChangePolicy:
nullable: true
type: string
runAsGroup:
nullable: true
type: integer
runAsNonRoot:
nullable: true
type: boolean
runAsUser:
nullable: true
type: integer
seLinuxOptions:
nullable: true
properties:
level:
nullable: true
type: string
role:
nullable: true
type: string
type:
nullable: true
type: string
user:
nullable: true
type: string
type: object
seccompProfile:
nullable: true
properties:
localhostProfile:
nullable: true
type: string
type:
nullable: true
type: string
type: object
supplementalGroups:
items:
type: integer
nullable: true
type: array
sysctls:
items:
properties:
name:
nullable: true
type: string
value:
nullable: true
type: string
type: object
nullable: true
type: array
windowsOptions:
nullable: true
properties:
gmsaCredentialSpec:
nullable: true
type: string
gmsaCredentialSpecName:
nullable: true
type: string
hostProcess:
nullable: true
type: boolean
runAsUserName:
nullable: true
type: string
type: object
type: object
repo:
nullable: true
type: string
@@ -90,6 +168,89 @@ spec:
nullable: true
type: string
type: object
securityContext:
nullable: true
properties:
allowPrivilegeEscalation:
nullable: true
type: boolean
capabilities:
nullable: true
properties:
add:
items:
nullable: true
type: string
nullable: true
type: array
drop:
items:
nullable: true
type: string
nullable: true
type: array
type: object
privileged:
nullable: true
type: boolean
procMount:
nullable: true
type: string
readOnlyRootFilesystem:
nullable: true
type: boolean
runAsGroup:
nullable: true
type: integer
runAsNonRoot:
nullable: true
type: boolean
runAsUser:
nullable: true
type: integer
seLinuxOptions:
nullable: true
properties:
level:
nullable: true
type: string
role:
nullable: true
type: string
type:
nullable: true
type: string
user:
nullable: true
type: string
type: object
seccompProfile:
nullable: true
properties:
localhostProfile:
nullable: true
type: string
type:
nullable: true
type: string
type: object
windowsOptions:
nullable: true
properties:
gmsaCredentialSpec:
nullable: true
type: string
gmsaCredentialSpecName:
nullable: true
type: string
hostProcess:
nullable: true
type: boolean
runAsUserName:
nullable: true
type: string
type: object
type: object
set:
additionalProperties:
x-kubernetes-int-or-string: true
@@ -168,6 +329,6 @@ spec:
containers:
- command:
- helm-controller
image: rancher/helm-controller:v0.15.4
image: rancher/helm-controller:v0.16.0
name: helm-controller
---

7
namespaces/kube-system/metrics-server.yml
View File

@@ -138,7 +138,7 @@ spec:
- --kubelet-use-node-status-port
- --kubelet-insecure-tls
- --metric-resolution=15s
image: registry.k8s.io/metrics-server/metrics-server:v0.6.4
image: registry.k8s.io/metrics-server/metrics-server:v0.7.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@@ -169,9 +169,14 @@ spec:
memory: 400Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp
name: tmp-dir

2
namespaces/kube-system/nodelocaldns.yml
View File

@@ -138,7 +138,7 @@ spec:
operator: "Exists"
containers:
- name: node-cache
image: registry.k8s.io/dns/k8s-dns-node-cache:1.22.23
image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0
resources:
requests:
cpu: 25m

17
namespaces/longhorn-system/longhorn-chart.yml
View File

@@ -7,9 +7,24 @@ spec:
chart: longhorn
targetNamespace: longhorn-system
repo: https://charts.longhorn.io
version: 1.5.1
version: 1.6.1
valuesContent: |-
ingress:
enabled: true
ingressClassName: nginx
host: storage.keligrubb.com
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
nginx.ingress.kubernetes.io/auth-type: basic
# prevent the controller from redirecting (308) to HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
nginx.ingress.kubernetes.io/auth-secret: longhorn-basic-auth-secret
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
nginx.ingress.kubernetes.io/proxy-body-size: 10000m
tls:
- secretName: longhorn-tls
hosts:
- storage.keligrubb.com
defaultSettings:
defaultReplicaCount: 1
storageOverProvisioningPercentage: 100

2
namespaces/metallb-system/metallb-chart.yml
View File

@@ -9,7 +9,7 @@ spec:
chart: metallb
targetNamespace: metallb-system
repo: https://metallb.github.io/metallb
version: 0.13.11
version: 0.14.5
valuesContent: |-
prometheus:
serviceMonitor:

16
namespaces/monitoring/kube-prometheus-stack-chart.yml
View File

@@ -7,18 +7,30 @@ spec:
chart: kube-prometheus-stack
targetNamespace: monitoring
repo: https://prometheus-community.github.io/helm-charts
version: 51.5.3
version: 58.5.3
valuesContent: |-
grafana:
defaultDashboardsTimezone: "US/Eastern"
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
paths:
- path: "/"
pathType: Prefix
hosts:
- monitoring.keligrubb.com
tls:
- secretName: monitoring-tls
hosts:
- monitoring.keligrubb.com
additionalDataSources:
- name: Loki
type: loki
access: proxy
basicAuth: false
url: http://loki-gateway.monitoring.svc.cluster.local
kubelet:
serviceMonitor:
metricRelabelings:
@@ -52,7 +64,7 @@ spec:
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: fales
retention: 14d
retention: 30d
retentionSize: "64GB"
enableAdminAPI: true
securityContext:

43
namespaces/monitoring/loki-chart.yml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: loki
namespace: monitoring
spec:
chart: loki
targetNamespace: monitoring
repo: https://grafana.github.io/helm-charts
version: 6.5.2
valuesContent: |-
deploymentMode: SingleBinary
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: s3
schemaConfig:
configs:
- from: 2024-01-01
store: tsdb
index:
prefix: loki_index_
period: 24h
object_store: filesystem
schema: v13
serviceMonitor:
namespaceSelector:
any: true
singleBinary:
replicas: 1
persistence:
storageClass: longhorn
size: 64Gi
read:
replicas: 0
backend:
replicas: 0
write:
replicas: 0
minio:
enabled: true