keligrubb/kubernetes
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

latest upgrades to the cluster

Browse Source
This commit is contained in:
Keli Grubb
2024-05-16 22:41:21 -04:00
parent ea43908aae
commit e408c7cf4e
15 changed files with 428 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
namespaces/cert-manager/cert-manager-chart.yml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: cert-manager
namespace: cert-manager
spec:
chart: cert-manager
targetNamespace: cert-manager
repo: https://charts.jetstack.io
# https://artifacthub.io/packages/helm/cert-manager/cert-manager
version: 1.14.5
valuesContent: |-
prometheus:
enabled: true
servicemonitor:
enabled: true
installCRDs: true
extraArgs:
- --dns01-recursive-nameservers-only

14
namespaces/cert-manager/issuer.yml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-cluster-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-cluster-issuer-account-key
solvers:
- http01:
ingress:
ingressClassName: nginx

4
namespaces/cert-manager/namespace.yml Normal file
View File

@@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: cert-manager

68
namespaces/git/default-role.yml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: default
namespace: git
rules:
- apiGroups:
- ""
resources:
- pods
- pods/log
- namespaces
- serviceaccounts
- persistentvolumeclaims
- services
- configmaps
verbs:
- watch
- create
- delete
- get
- list
- apiGroups:
- "apps"
resources:
- deployments
- daemonsets
verbs:
- get
- apiGroups:
- "helm.cattle.io"
resources:
- helmcharts
verbs:
- get
- apiGroups:
- "apiextensions.k8s.io"
resources:
- customresourcedefinitions
verbs:
- get
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
- clusterroles
- rolebindings
- clusterrolebindings
verbs:
- get
- apiGroups:
- "apiregistration.k8s.io"
resources:
- apiservices
verbs:
- get
- apiGroups:
- "metallb.io"
resources:
- ipaddresspools
- l2advertisements
verbs:
- get
- apiGroups:
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get

14
namespaces/git/gitea-chart.yml
View File

@@ -9,7 +9,7 @@ spec:
chart: gitea chart: gitea
targetNamespace: git targetNamespace: git
repo: https://dl.gitea.io/charts/ repo: https://dl.gitea.io/charts/
version: 9.5.1 version: 10.1.4
valuesContent: |- valuesContent: |-
resources: resources:
limits: limits:
@@ -27,6 +27,12 @@ spec:
persistence: persistence:
enabled: true enabled: true
gitea: gitea:
admin:
existingSecret: gitea-admin-secret
email: keligrubb324@gmail.com
additionalConfigFromEnvs:
- name: GITEA__webhook__ALLOWED_HOST_LIST
value: "external,loopback,*.keligrubb.com"
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -63,6 +69,12 @@ spec:
paths: paths:
- path: / - path: /
pathType: Prefix pathType: Prefix
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
tls:
- secretName: gitea-tls
hosts:
- git.keligrubb.com
persistence: persistence:
storageClass: longhorn storageClass: longhorn
size: 64Gi size: 64Gi

8
namespaces/git/woodpecker-chart.yml
View File

@@ -7,13 +7,11 @@ spec:
chart: woodpecker chart: woodpecker
targetNamespace: git targetNamespace: git
repo: https://woodpecker-ci.org/ repo: https://woodpecker-ci.org/
version: 0.4.2 version: 1.3.0
valuesContent: |- valuesContent: |-
server: server:
image:
tag: v1.0.3
env: env:
WOODPECKER_ADMIN: kgrubb WOODPECKER_ADMIN: keli.grubb
WOODPECKER_GITEA: true WOODPECKER_GITEA: true
WOODPECKER_GITEA_URL: http://git.keligrubb.com WOODPECKER_GITEA_URL: http://git.keligrubb.com
WOODPECKER_GITEA_SKIP_VERIFY: true WOODPECKER_GITEA_SKIP_VERIFY: true
@@ -33,7 +31,5 @@ spec:
serviceName: ci.keligrubb.com serviceName: ci.keligrubb.com
servicePort: 80 servicePort: 80
agent: agent:
image:
tag: v1.0.3
env: env:
WOODPECKER_GITEA: true WOODPECKER_GITEA: true

10
namespaces/ingress-nginx/ingress-nginx-chart.yml
View File

@@ -7,7 +7,7 @@ spec:
chart: ingress-nginx chart: ingress-nginx
targetNamespace: ingress-nginx targetNamespace: ingress-nginx
repo: https://kubernetes.github.io/ingress-nginx repo: https://kubernetes.github.io/ingress-nginx
version: 4.8.0 version: 4.10.1
valuesContent: |- valuesContent: |-
controller: controller:
metrics: metrics:
@@ -18,10 +18,10 @@ spec:
release: prometheus release: prometheus
resources: resources:
requests: requests:
cpu: 100m cpu: 200m
memory: 180Mi memory: 200Mi
limits: limits:
cpu: 100m cpu: 200m
memory: 180Mi memory: 200Mi
tcp: tcp:
22: git/gitea-ssh:22 22: git/gitea-ssh:22

60
namespaces/ingress-nginx/media.yml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: v1
kind: Service
metadata:
name: media
namespace: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8096
clusterIP: None
type: ClusterIP
---
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: media
namespace: ingress-nginx
labels:
kubernetes.io/service-name: media
addressType: IPv4
ports:
- name: http
protocol: TCP
port: 8096
endpoints:
- addresses:
- "192.168.1.178"
conditions:
ready: true
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: media
namespace: ingress-nginx
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
spec:
ingressClassName: "nginx"
tls:
- secretName: media-tls
hosts:
- media.keligrubb.com
rules:
- host: media.keligrubb.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: media
port:
number: 80

163
namespaces/kube-system/helm-controller.yaml
View File

@@ -77,6 +77,84 @@ spec:
jobImage: jobImage:
nullable: true nullable: true
type: string type: string
podSecurityContext:
nullable: true
properties:
fsGroup:
nullable: true
type: integer
fsGroupChangePolicy:
nullable: true
type: string
runAsGroup:
nullable: true
type: integer
runAsNonRoot:
nullable: true
type: boolean
runAsUser:
nullable: true
type: integer
seLinuxOptions:
nullable: true
properties:
level:
nullable: true
type: string
role:
nullable: true
type: string
type:
nullable: true
type: string
user:
nullable: true
type: string
type: object
seccompProfile:
nullable: true
properties:
localhostProfile:
nullable: true
type: string
type:
nullable: true
type: string
type: object
supplementalGroups:
items:
type: integer
nullable: true
type: array
sysctls:
items:
properties:
name:
nullable: true
type: string
value:
nullable: true
type: string
type: object
nullable: true
type: array
windowsOptions:
nullable: true
properties:
gmsaCredentialSpec:
nullable: true
type: string
gmsaCredentialSpecName:
nullable: true
type: string
hostProcess:
nullable: true
type: boolean
runAsUserName:
nullable: true
type: string
type: object
type: object
repo: repo:
nullable: true nullable: true
type: string type: string
@@ -90,6 +168,89 @@ spec:
nullable: true nullable: true
type: string type: string
type: object type: object
securityContext:
nullable: true
properties:
allowPrivilegeEscalation:
nullable: true
type: boolean
capabilities:
nullable: true
properties:
add:
items:
nullable: true
type: string
nullable: true
type: array
drop:
items:
nullable: true
type: string
nullable: true
type: array
type: object
privileged:
nullable: true
type: boolean
procMount:
nullable: true
type: string
readOnlyRootFilesystem:
nullable: true
type: boolean
runAsGroup:
nullable: true
type: integer
runAsNonRoot:
nullable: true
type: boolean
runAsUser:
nullable: true
type: integer
seLinuxOptions:
nullable: true
properties:
level:
nullable: true
type: string
role:
nullable: true
type: string
type:
nullable: true
type: string
user:
nullable: true
type: string
type: object
seccompProfile:
nullable: true
properties:
localhostProfile:
nullable: true
type: string
type:
nullable: true
type: string
type: object
windowsOptions:
nullable: true
properties:
gmsaCredentialSpec:
nullable: true
type: string
gmsaCredentialSpecName:
nullable: true
type: string
hostProcess:
nullable: true
type: boolean
runAsUserName:
nullable: true
type: string
type: object
type: object
set: set:
additionalProperties: additionalProperties:
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
@@ -168,6 +329,6 @@ spec:
containers: containers:
- command: - command:
- helm-controller - helm-controller
image: rancher/helm-controller:v0.15.4 image: rancher/helm-controller:v0.16.0
name: helm-controller name: helm-controller
--- ---

7
namespaces/kube-system/metrics-server.yml
View File

@@ -138,7 +138,7 @@ spec:
- --kubelet-use-node-status-port - --kubelet-use-node-status-port
- --kubelet-insecure-tls - --kubelet-insecure-tls
- --metric-resolution=15s - --metric-resolution=15s
image: registry.k8s.io/metrics-server/metrics-server:v0.6.4 image: registry.k8s.io/metrics-server/metrics-server:v0.7.1
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -169,9 +169,14 @@ spec:
memory: 400Mi memory: 400Mi
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumeMounts: volumeMounts:
- mountPath: /tmp - mountPath: /tmp
name: tmp-dir name: tmp-dir

2
namespaces/kube-system/nodelocaldns.yml
View File

@@ -138,7 +138,7 @@ spec:
operator: "Exists" operator: "Exists"
containers: containers:
- name: node-cache - name: node-cache
image: registry.k8s.io/dns/k8s-dns-node-cache:1.22.23 image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0
resources: resources:
requests: requests:
cpu: 25m cpu: 25m

17
namespaces/longhorn-system/longhorn-chart.yml
View File

@@ -7,9 +7,24 @@ spec:
chart: longhorn chart: longhorn
targetNamespace: longhorn-system targetNamespace: longhorn-system
repo: https://charts.longhorn.io repo: https://charts.longhorn.io
version: 1.5.1 version: 1.6.1
valuesContent: |- valuesContent: |-
ingress: ingress:
enabled: true enabled: true
ingressClassName: nginx ingressClassName: nginx
host: storage.keligrubb.com host: storage.keligrubb.com
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
nginx.ingress.kubernetes.io/auth-type: basic
# prevent the controller from redirecting (308) to HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
nginx.ingress.kubernetes.io/auth-secret: longhorn-basic-auth-secret
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
nginx.ingress.kubernetes.io/proxy-body-size: 10000m
tls:
- secretName: longhorn-tls
hosts:
- storage.keligrubb.com
defaultSettings:
defaultReplicaCount: 1
storageOverProvisioningPercentage: 100

2
namespaces/metallb-system/metallb-chart.yml
View File

@@ -9,7 +9,7 @@ spec:
chart: metallb chart: metallb
targetNamespace: metallb-system targetNamespace: metallb-system
repo: https://metallb.github.io/metallb repo: https://metallb.github.io/metallb
version: 0.13.11 version: 0.14.5
valuesContent: |- valuesContent: |-
prometheus: prometheus:
serviceMonitor: serviceMonitor:

16
namespaces/monitoring/kube-prometheus-stack-chart.yml
View File

@@ -7,18 +7,30 @@ spec:
chart: kube-prometheus-stack chart: kube-prometheus-stack
targetNamespace: monitoring targetNamespace: monitoring
repo: https://prometheus-community.github.io/helm-charts repo: https://prometheus-community.github.io/helm-charts
version: 51.5.3 version: 58.5.3
valuesContent: |- valuesContent: |-
grafana: grafana:
defaultDashboardsTimezone: "US/Eastern" defaultDashboardsTimezone: "US/Eastern"
ingress: ingress:
enabled: true enabled: true
ingressClassName: nginx ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
paths: paths:
- path: "/" - path: "/"
pathType: Prefix pathType: Prefix
hosts: hosts:
- monitoring.keligrubb.com - monitoring.keligrubb.com
tls:
- secretName: monitoring-tls
hosts:
- monitoring.keligrubb.com
additionalDataSources:
- name: Loki
type: loki
access: proxy
basicAuth: false
url: http://loki-gateway.monitoring.svc.cluster.local
kubelet: kubelet:
serviceMonitor: serviceMonitor:
metricRelabelings: metricRelabelings:
@@ -52,7 +64,7 @@ spec:
serviceMonitorSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: fales probeSelectorNilUsesHelmValues: fales
retention: 14d retention: 30d
retentionSize: "64GB" retentionSize: "64GB"
enableAdminAPI: true enableAdminAPI: true
securityContext: securityContext:

43
namespaces/monitoring/loki-chart.yml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: loki
namespace: monitoring
spec:
chart: loki
targetNamespace: monitoring
repo: https://grafana.github.io/helm-charts
version: 6.5.2
valuesContent: |-
deploymentMode: SingleBinary
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
storage:
type: s3
schemaConfig:
configs:
- from: 2024-01-01
store: tsdb
index:
prefix: loki_index_
period: 24h
object_store: filesystem
schema: v13
serviceMonitor:
namespaceSelector:
any: true
singleBinary:
replicas: 1
persistence:
storageClass: longhorn
size: 64Gi
read:
replicas: 0
backend:
replicas: 0
write:
replicas: 0
minio:
enabled: true