Containers/k8sall
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: Containers:9c5b9070ae7692796444d25560d7c5e52ed4d314
Branches Tags
Containers:master
...
compare: Containers:master
Branches Tags
Containers:master

23 Commits
9c5b9070ae ... master

Author SHA1 Message Date
justine
de80b9d77c Update 'README.md' 2023-06-09 18:31:37 +02:00
Justine Pelletreau
7beb607627 Added cryptpad 2023-05-05 14:04:46 +02:00
Justine Pelletreau
ffd1ec60c7 Modified hostname for flog to blog 2023-01-16 10:31:45 +01:00
Justine Pelletreau
6c835f16de Added flog 2023-01-15 14:05:17 +01:00
Justine Pelletreau
672360d915 linx does not need 3 replicas 2022-08-26 17:09:20 +02:00
Justine Pelletreau
f6166a4319 Added chaosmesh 2022-08-26 17:06:14 +02:00
Justine Pelletreau
49d8ad4ed6 Backup 2022-08-23 14:30:32 +02:00
Justine Pelletreau
2ebc7cec77 Ingress en tls, ajout auth, etc 2022-08-19 14:53:02 +02:00
Justine Pelletreau
a5644f9f13 Dashboard added 2022-08-18 16:21:55 +02:00
Justine Pelletreau
d2564bc6f1 Rangé la section monitoring 2022-07-07 15:48:29 +02:00
Justine Pelletreau
f4bce173c0 Added upgrade plans 2022-07-07 15:41:11 +02:00
Justine Pelletreau
7fea71a4da Switched all to deployments 2022-07-06 01:08:10 +02:00
Justine Pelletreau
0adf6c5733 Prometheus-kube-state-metrics and graf dashboard working 2022-07-02 17:28:17 +02:00
Justine Pelletreau
1730b7f67b Make the prom/graf stack great again 2022-07-01 21:06:47 +02:00
Justine Pelletreau
413a8c1a4d Added linx 2022-06-30 12:51:32 +02:00
Justine Pelletreau
b40aa7b60a archives added 2022-06-25 12:29:03 +02:00
Justine Pelletreau
8380588edc blog added 2022-06-19 13:57:11 +02:00
Justine Pelletreau
9c6bb08620 qjiqzdqijz 2022-06-19 13:12:36 +02:00
Justine Pelletreau
2b9881b41a owntracks wip 2022-06-18 23:54:59 +02:00
Justine Pelletreau
e05698a831 prout 2022-06-18 14:03:12 +02:00
Justine Pelletreau
358c120092 grafana, gitea, etc 2022-06-18 14:01:04 +02:00
Justine Pelletreau
e8ea44a50f Merge branch 'master' of ssh://swarm1.sq.lan:3022/Containers/k8sall 2022-06-18 14:00:04 +02:00
Justine Pelletreau
5195644e1d freshrss & gitea added 2022-06-18 12:25:06 +02:00
72 changed files with 2252 additions and 30 deletions
Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
certmanager

1
README.md
View File

@ -1 +1,2 @@
All my k8s charts.

28
blog/blog-deployment.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: blog
name: blog
spec:
replicas: 1
selector:
matchLabels:
run: blog
template:
metadata:
labels:
run: blog
spec:
containers:
- image: nginx:latest
name: blog
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /usr/share/nginx/html
name: blog
restartPolicy: Always
volumes:
- name: blog
persistentVolumeClaim:
claimName: blog

24
blog/blog-ingress.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blog-ingr
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: blog-tls
hosts:
- cptrthgs.fr
ingressClassName: nginx
rules:
- host: cptrthgs.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: blog
port:
number: 80
path: /

15
blog/blog-persistentvolumes.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: blog
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/blog"
mountOptions:
- nfsvers=4.2

13
blog/blog-pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: blog
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: blog

13
blog/blog-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: blog
name: blog
spec:
ports:
- name: "blog"
port: 80
targetPort: 80
selector:
run: blog

16
chaos-mesh/Experiments/killtest.yaml Normal file
View File

@ -0,0 +1,16 @@
kind: PodChaos
apiVersion: chaos-mesh.org/v1alpha1
metadata:
namespace: default
name: killtest
spec:
selector:
namespaces:
- default
labelSelectors:
run: linx
mode: one
action: pod-failure
duration: 30s
gracePeriod: 0

14
chaos-mesh/README.md Normal file
View File

@ -0,0 +1,14 @@
# Install
helm repo add chaos-mesh https://charts.chaos-mesh.org
helm repo update
helm install chaos-mesh chaos-mesh/chaos-mesh --namespace=chaos-testing --create-namespace --set dashboard.create=true
# Get the token
See the dashboard folder, it is the same method:
```
sudo k3s kubectl -n kubernetes-dashboard create token admin-user
```
...gives a token named admin-user

19
chaos-mesh/chaos-ingress.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: chaos-ingr
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 500m
spec:
ingressClassName: nginx
rules:
- host: chaos.sq.lan
http:
paths:
- pathType: Prefix
backend:
service:
name: chaos-dashboard
port:
number: 2333
path: /

36
chaos-mesh/rbac.yaml Normal file
View File

@ -0,0 +1,36 @@
kind: ServiceAccount
apiVersion: v1
metadata:
namespace: default
name: account-default-manager-goovh
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: role-default-manager-goovh
rules:
- apiGroups: [""]
resources: ["pods", "namespaces"]
verbs: ["get", "watch", "list"]
- apiGroups:
- chaos-mesh.org
resources: [ "*" ]
verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: bind-default-manager-goovh
namespace: default
subjects:
- kind: ServiceAccount
name: account-default-manager-goovh
namespace: default
roleRef:
kind: Role
name: role-default-manager-goovh
apiGroup: rbac.authorization.k8s.io

50
cryptpad/crypt-deploy.yaml Normal file
View File

@ -0,0 +1,50 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: cryptpad
name: cryptpad
spec:
replicas: 1
selector:
matchLabels:
run: cryptpad
template:
metadata:
labels:
run: cryptpad
spec:
containers:
- image: promasu/cryptpad:latest
name: cryptpad
ports:
- containerPort: 3000
resources: {}
volumeMounts:
- mountPath: /cryptpad/blob
name: cryptpad-blob
- mountPath: /cryptpad/block
name: cryptpad-block
- mountPath: /cryptpad/data
name: cryptpad-data
- mountPath: /cryptpad/datastore
name: cryptpad-datastore
- mountPath: /cryptpad/config
name: cryptpad-config
restartPolicy: Always
volumes:
- name: cryptpad-blob
persistentVolumeClaim:
claimName: cryptpad-blob
- name: cryptpad-block
persistentVolumeClaim:
claimName: cryptpad-block
- name: cryptpad-data
persistentVolumeClaim:
claimName: cryptpad-data
- name: cryptpad-datastore
persistentVolumeClaim:
claimName: cryptpad-datastore
- name: cryptpad-config
persistentVolumeClaim:
claimName: cryptpad-config

26
cryptpad/crypt-ingress.yml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cryptpad-ingr
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: 50m
spec:
tls:
- secretName: crypt-tls
hosts:
- pad.squi.fr
ingressClassName: nginx
rules:
- host: pad.squi.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: cryptpad
port:
number: 3000
path: /

68
cryptpad/crypt-pvc.yml Normal file
View File

@ -0,0 +1,68 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cryptpad-blob
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 100Gi
volumeName: cryptpad-blob
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cryptpad-block
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 60Gi
volumeName: cryptpad-block
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cryptpad-data
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 100Gi
volumeName: cryptpad-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cryptpad-datastore
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: cryptpad-datastore
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cryptpad-config
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 3Gi
volumeName: cryptpad-config

13
cryptpad/crypt-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: cryptpad
name: cryptpad
spec:
ports:
- name: "http"
port: 3000
targetPort: 3000
selector:
run: cryptpad

81
cryptpad/crypt-volumeclaims.yaml Normal file
View File

@ -0,0 +1,81 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: cryptpad-blob
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/cryptpad/blob"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: cryptpad-block
spec:
capacity:
storage: 60Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/cryptpad/block"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: cryptpad-data
spec:
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/cryptpad/data"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: cryptpad-datastore
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/cryptpad/datastore"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: cryptpad-config
spec:
capacity:
storage: 3Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/cryptpad/config"
mountOptions:
- nfsvers=4.2

5
dashboard/README.md Normal file
View File

@ -0,0 +1,5 @@
# Obtenir le token
Une fois tout déployé, sur le master:
```
sudo k3s kubectl -n kubernetes-dashboard create token admin-user
```

20
dashboard/account.yaml Normal file
View File

@ -0,0 +1,20 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

21
dashboard/dashboard-ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard-ingr
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
rules:
- host: k8s.sq.lan
http:
paths:
- pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443
path: /

306
dashboard/recommended.yaml Normal file
View File

@ -0,0 +1,306 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.5.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.7
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}

29
flog/flog-deployment.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: flog
name: flog
spec:
replicas: 1
selector:
matchLabels:
app: flog
template:
metadata:
labels:
app: flog
spec:
containers:
- image: squi/flog:0.1.0
name: flog
ports:
- containerPort: 8000
volumeMounts:
- mountPath: /opt/flog
name: flog
restartPolicy: Always
volumes:
- name: flog
persistentVolumeClaim:
claimName: flog-data

25
flog/flog-ingress.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: flog-ingr
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: flog-tls
hosts:
- blog.squi.fr
ingressClassName: nginx
rules:
- host: blog.squi.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: flog
port:
number: 8000
path: /

13
flog/flog-persistentvolumeclaim.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flog-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: flog-data

15
flog/flog-service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: flog
name: flog
spec:
ports:
- name: "8000"
port: 8000
targetPort: 8000
selector:
app: flog
status:
loadBalancer: {}

15
flog/flog-volume.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: flog-data
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
nfs:
server: nas.sq.lan
path: "/swarmdata/flog"
mountOptions:
- nfsvers=4.2

12
freshrss/freshrss-claim0-persistentvolumeclaim.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: freshrss
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: freshrss

35
freshrss/freshrss-deployment.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: freshrss
name: freshrss
spec:
replicas: 1
selector:
matchLabels:
run: freshrss
template:
metadata:
labels:
run: freshrss
spec:
containers:
- env:
- name: PGID
value: "1000"
- name: PUID
value: "1000"
- name: TZ
value: Europe/London
image: ghcr.io/linuxserver/freshrss
name: freshrss
resources: {}
volumeMounts:
- mountPath: /config
name: freshrss
restartPolicy: Always
volumes:
- name: freshrss
persistentVolumeClaim:
claimName: freshrss

25
freshrss/freshrss-ingress.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: freshrss-ingr
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: freshrss-tls
hosts:
- rss.squi.fr
ingressClassName: nginx
rules:
- host: rss.squi.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: freshrss
port:
number: 80
path: /

13
freshrss/freshrss-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: freshrss
name: freshrss
spec:
ports:
- name: "web"
port: 80
targetPort: 80
selector:
run: freshrss

16
freshrss/freshrss-volumeclaim.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: freshrss
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/freshrss/config"
mountOptions:
- nfsvers=4.2

30
gallery/gallery-deployment.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: gallery
labels:
run: gallery
spec:
replicas: 1
selector:
matchLabels:
run: gallery
template:
metadata:
labels:
run: gallery
spec:
containers:
- image: squi/gallery:1.0
name: gallery
ports:
- containerPort: 80
volumeMounts:
- mountPath: /var/www/html/Sources
name: gallery
restartPolicy: Always
volumes:
- name: gallery
persistentVolumeClaim:
claimName: gallery
readOnly: true

28
gallery/gallery-ingress.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gallery-ingr
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - you fool'
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: gallery-tls
hosts:
- gallery.squi.fr
rules:
- host: gallery.squi.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: gallery
port:
number: 80
path: /

13
gallery/gallery-pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gallery
spec:
accessModes:
- ReadOnlyMany
volumeName: gallery
resources:
requests:
storage: 300Gi
storageClassName: ""

13
gallery/gallery-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: gallery
name: gallery
spec:
ports:
- name: "80"
port: 80
targetPort: 80
selector:
run: gallery

15
gallery/gallery-vol.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: gallery
spec:
accessModes:
- ReadOnlyMany
nfs:
server: nas.sq.lan
path: "/data/Gallery"
mountOptions:
- nfsvers=4.2
capacity:
storage: 300Gi

87
gitea/gitea-deployment.yaml Normal file
View File

@ -0,0 +1,87 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: gitea
name: gitea
spec:
selector:
matchLabels:
run: gitea
template:
metadata:
labels:
run: gitea
spec:
containers:
- env:
- name: USER_GID
value: "1000"
- name: USER_UID
value: "1000"
image: gitea/gitea:latest
name: gitea
ports:
- containerPort: 22
volumeMounts:
- mountPath: /etc/timezone
name: timezone
readOnly: true
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /data
name: gitea
readOnly: false
restartPolicy: Always
volumes:
- name: timezone
hostPath:
path: /etc/timezone
type: File
- name: localtime
hostPath:
path: /etc/localtime
type: File
- name: gitea
persistentVolumeClaim:
claimName: gitea
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: giteadb
name: giteadb
spec:
replicas: 1
selector:
matchLabels:
run: giteadb
template:
metadata:
labels:
run: giteadb
spec:
containers:
- env:
- name: MYSQL_DATABASE
value: gitea
- name: MYSQL_PASSWORD
value: ithaibai0C
- name: MYSQL_ROOT_PASSWORD
value: ithaibai0C
- name: MYSQL_USER
value: gitea
image: mariadb:latest
name: mariadb-gitea
volumeMounts:
- mountPath: /var/lib/mysql
name: giteadb
restartPolicy: Always
volumes:
- name: giteadb
persistentVolumeClaim:
claimName: giteadb

25
gitea/gitea-ingress.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea-ingr
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: gitea-tls
hosts:
- gitea.squi.fr
ingressClassName: nginx
rules:
- host: gitea.squi.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: gitea
port:
number: 80
path: /

27
gitea/gitea-pvc.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 50Gi
volumeName: gitea
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: giteadb
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: 60Gi
volumeName: giteadb

61
gitea/gitea-services.yaml Normal file
View File

@ -0,0 +1,61 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: gitea
name: gitea
spec:
ports:
- name: "gitea"
port: 80
targetPort: 3000
selector:
run: gitea
---
apiVersion: v1
kind: Service
metadata:
labels:
run: gitea
name: gitea-lb
spec:
ports:
- name: "gitealb"
port: 8001
targetPort: 3000
selector:
run: gitea
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
labels:
run: giteassh
name: giteassh
spec:
ports:
- name: "giteassh"
port: 3022
targetPort: 22
selector:
run: gitea
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
labels:
run: giteadb
name: giteadb
spec:
ports:
- name: "mysql"
port: 3306
targetPort: 3306
selector:
run: giteadb

31
gitea/gitea-volumeclaims.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitea
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/gitea/gitea"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: giteadb
spec:
capacity:
storage: 60Gi
accessModes:
- ReadWriteOnce
nfs:
server: nas.sq.lan
path: "/swarmdata/gitea/gitea_db"
mountOptions:
- nfsvers=4.2

52
linx-serv/linx-depl.yaml Normal file
View File

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: linx
name: linx
spec:
replicas: 1
selector:
matchLabels:
run: linx
template:
metadata:
labels:
run: linx
spec:
containers:
- image: andreimarcu/linx-server:latest
name: linx
ports:
- containerPort: 8080
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /data/files
name: linx-files
- mountPath: /data/meta
name: linx-meta
- mountPath: /data/linx-server.conf
subPath: linx-server.conf
name: linx-conf
- mountPath: /go/src/github.com/andreimarcu/linx-server/static/css/linx.css
subPath: linx.css
name: linx-css
- mountPath: /go/src/github.com/andreimarcu/linx-server/static/css/github-markdown.css
subPath: github-markdown.css
name: linx-css
restartPolicy: Always
volumes:
- name: linx-files
persistentVolumeClaim:
claimName: linx-files
- name: linx-meta
persistentVolumeClaim:
claimName: linx-meta
- name: linx-conf
persistentVolumeClaim:
claimName: linx-conf
- name: linx-css
persistentVolumeClaim:
claimName: linx-css

10
sqnotes/ingr.yml → linx-serv/linx-ingress.yaml
View File

@ -1,19 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: notes-ingr
name: linx-ingr
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 500m
spec:
ingressClassName: nginx
rules:
#- host: test.squi.fr
- host: notes.squi.fr
- host: linx.sq.lan
http:
paths:
- pathType: Prefix
backend:
service:
name: notes
name: linx
port:
number: 8080
path: /

62
linx-serv/linx-pv.yaml Normal file
View File

@ -0,0 +1,62 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: linx-files
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/linx/files"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: linx-meta
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/linx/metadata"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: linx-conf
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/linx/conf"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: linx-css
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/linx/css"
mountOptions:
- nfsvers=4.2

54
linx-serv/linx-pvc.yaml Normal file
View File

@ -0,0 +1,54 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: linx-files
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 20Gi
volumeName: linx-files
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: linx-meta
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 20Gi
volumeName: linx-meta
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: linx-conf
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 2Gi
volumeName: linx-conf
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: linx-css
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 2Gi
volumeName: linx-css

14
linx-serv/linx-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: linx
name: linx
spec:
ports:
- name: "linx"
port: 8080
targetPort: 8080
selector:
run: linx

3
mediawiki/mediawiki-deployment.yaml
View File

@ -1,10 +1,11 @@
apiVersion: apps/v1
kind: DaemonSet
kind: Deployment
metadata:
labels:
run: mediawiki
name: mediawiki
spec:
replicas: 1
selector:
matchLabels:
run: mediawiki

7
mediawiki/mediawiki-ingress.yaml
View File

@ -2,7 +2,14 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mediawiki-ingr
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: mediawiki-tls
hosts:
- wiki.squi.fr
ingressClassName: nginx
rules:
- host: wiki.squi.fr

8
mediawiki/mediawiki-pvc.yaml
View File

@ -4,7 +4,7 @@ metadata:
name: wiki-ext
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
storageClassName: ""
resources:
requests:
@ -18,7 +18,7 @@ metadata:
name: wiki-img
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
storageClassName: ""
resources:
requests:
@ -32,7 +32,7 @@ metadata:
name: wiki-set
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
storageClassName: ""
resources:
requests:
@ -46,7 +46,7 @@ metadata:
name: wiki-skins
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
storageClassName: ""
resources:
requests:

8
mediawiki/mediawiki-volumeclaims.yaml
View File

@ -6,7 +6,7 @@ spec:
capacity:
storage: 60Gi
accessModes:
- ReadWriteOnce
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/mediawiki/images"
@ -22,7 +22,7 @@ spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/mediawiki/"
@ -38,7 +38,7 @@ spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/mediawiki/skins"
@ -54,7 +54,7 @@ spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/mediawiki/extensions"

129
monitoring/grafpromstack/graf-deployment.yaml Normal file
View File

@ -0,0 +1,129 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: blackbox-exporter
name: blackbox-exporter
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
run: blackbox-exporter
template:
metadata:
labels:
run: blackbox-exporter
spec:
containers:
- image: prom/blackbox-exporter:master
name: blackbox-exporter
volumeMounts:
- mountPath: /etc/blackbox_exporter
name: blackbox-exporter
readOnly: true
restartPolicy: Always
volumes:
- name: blackbox-exporter
persistentVolumeClaim:
claimName: blackbox-exporter
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: grafana
name: grafana
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
run: grafana
template:
metadata:
labels:
run: grafana
spec:
initContainers:
- name: volume-mount-hack
image: busybox:1.28
command: ["sh", "-c", "chown -R 472:472 /etc/grafana && chown -R 472:472 /var/lib/grafana"]
volumeMounts:
- mountPath: /var/lib/grafana
readOnly: false
name: grafana-data
- mountPath: /etc/grafana
readOnly: false
name: grafana-conf
volumes:
- name: grafana-data
persistentVolumeClaim:
claimName: grafana-data
- name: grafana-conf
persistentVolumeClaim:
claimName: grafana-conf
containers:
- image: grafana/grafana
name: grafana
volumeMounts:
- mountPath: /var/lib/grafana
readOnly: false
name: grafana-data
- mountPath: /etc/grafana
readOnly: false
name: grafana-conf
restartPolicy: Always
volumes:
- name: grafana-data
persistentVolumeClaim:
claimName: grafana-data
- name: grafana-conf
persistentVolumeClaim:
claimName: grafana-conf
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: prometheus
name: prometheus
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
run: prometheus
template:
metadata:
labels:
run: prometheus
spec:
containers:
- args:
- --storage.tsdb.retention.time=1y
- --config.file=/etc/prometheus/prometheus.yml
image: prom/prometheus
name: prometheus
ports:
- containerPort: 9090
volumeMounts:
- mountPath: /etc/prometheus
readOnly: true
name: prometheus
- mountPath: /prometheus/data
readOnly: false
name: prometheus-data
restartPolicy: Always
volumes:
- name: prometheus
persistentVolumeClaim:
claimName: prometheus
- name: prometheus-data
persistentVolumeClaim:
claimName: prometheus-data

25
monitoring/grafpromstack/graf-ingress.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingr
namespace: monitoring
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: grafana-tls
hosts:
- graf.squi.fr
ingressClassName: nginx
rules:
- host: graf.squi.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: grafana
port:
number: 80
path: /

49
monitoring/grafpromstack/graf-services.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: grafana
name: grafana
namespace: monitoring
spec:
ports:
- name: "grafweb"
port: 80
targetPort: 3000
selector:
run: grafana
---
apiVersion: v1
kind: Service
metadata:
labels:
run: prometheus
name: prometheus
namespace: monitoring
spec:
ports:
- name: "prom"
port: 9090
targetPort: 9090
selector:
run: prometheus
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
labels:
run: blackbox-exporter
name: blackbox-exporter
namespace: monitoring
spec:
ports:
- name: "bbox"
port: 9115
targetPort: 9115
selector:
run: blackbox-exporter

75
monitoring/grafpromstack/grafana-pvc.yaml Normal file
View File

@ -0,0 +1,75 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: blackbox-exporter
namespace: monitoring
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: blackbox-exporter
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-data
namespace: monitoring
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 50Gi
volumeName: grafana-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-conf
namespace: monitoring
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: grafana-conf
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prometheus
namespace: monitoring
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: prometheus
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: prometheus-data
namespace: monitoring
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: prometheus-data

85
monitoring/grafpromstack/grafana-volumeclaims.yaml Normal file
View File

@ -0,0 +1,85 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: blackbox-exporter
namespace: monitoring
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/grafana/blackbox"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: grafana-data
namespace: monitoring
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/grafana/grafana-data"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: grafana-conf
namespace: monitoring
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/grafana/grafana-conf"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: prometheus
namespace: monitoring
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/grafana/prometheus-conf"
mountOptions:
- nfsvers=4.2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: prometheus-data
namespace: monitoring
spec:
capacity:
storage: 30Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/grafana/prometheus-data"
mountOptions:
- nfsvers=4.2

4
monitoring/monitoring-ns.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring

16
monitoring/prom-state-metrics/kub-state-metrics-rbac.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: monitoring

109
monitoring/prom-state-metrics/promstate-crole.yaml Normal file
View File

@ -0,0 +1,109 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
rules:
- apiGroups:
- ""
resources:
- configmaps
- secrets
- nodes
- pods
- services
- resourcequotas
- replicationcontrollers
- limitranges
- persistentvolumeclaims
- persistentvolumes
- namespaces
- endpoints
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
- daemonsets
- deployments
- replicasets
verbs:
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- volumeattachments
verbs:
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch

50
monitoring/prom-state-metrics/promstate-depl.yaml Normal file
View File

@ -0,0 +1,50 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: kube-state-metrics
template:
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
spec:
automountServiceAccountToken: true
containers:
- image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.3.0
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
name: kube-state-metrics
ports:
- containerPort: 8080
name: http-metrics
- containerPort: 8081
name: telemetry
readinessProbe:
httpGet:
path: /
port: 8081
initialDelaySeconds: 5
timeoutSeconds: 5
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 65534
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics

34
monitoring/prom-state-metrics/promstate-rbac.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
namespace: monitoring
rules:
- apiGroups: [""]
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups:
- extensions
resources:
- ingresses
verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: default
namespace: monitoring

20
monitoring/prom-state-metrics/promstate-svc.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
namespace: monitoring
spec:
type: LoadBalancer
ports:
- name: http-metrics
port: 8080
targetPort: http-metrics
- name: telemetry
port: 8081
targetPort: telemetry
selector:
app.kubernetes.io/name: kube-state-metrics

10
monitoring/prom-state-metrics/promstate-svcaccount.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/version: 2.3.0
name: kube-state-metrics
namespace: monitoring

1
nginx-ingress/auth Normal file
View File

@ -0,0 +1 @@
squip:$apr1$e0QTsUBf$rVuHisO/pKnOKTBAwcYiT0

8
nginx-ingress/secret.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
data:
auth: c3F1aXA6JGFwcjEkZTBRVHNVQmYkclZ1SGlzTy9wS25PS1RCQXdjWWlUMAo=
kind: Secret
metadata:
name: basic-auth
namespace: default
type: Opaque

28
persosite/site-deployment.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: site
name: site
spec:
replicas: 1
selector:
matchLabels:
run: site
template:
metadata:
labels:
run: site
spec:
containers:
- image: nginx:latest
name: site
imagePullPolicy: "Always"
volumeMounts:
- mountPath: /usr/share/nginx/html
name: site
restartPolicy: Always
volumes:
- name: site
persistentVolumeClaim:
claimName: site

24
persosite/site-ingress.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: site-ingr
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
tls:
- secretName: siteperso-tls
hosts:
- justinepelletreau.com
ingressClassName: nginx
rules:
- host: justinepelletreau.com
http:
paths:
- pathType: Prefix
backend:
service:
name: site
port:
number: 80
path: /

15
persosite/site-persistentvolumes.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: site
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
nfs:
server: nas.sq.lan
path: "/swarmdata/personnalsite"
mountOptions:
- nfsvers=4.2

13
persosite/site-pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: site
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 10Gi
volumeName: site

13
persosite/site-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
labels:
run: site
name: site
spec:
ports:
- name: "site"
port: 80
targetPort: 80
selector:
run: site

10
sqnotes/notes-daemonset.yaml → sqnotes/notes-deployment.yaml
View File

@ -1,5 +1,5 @@
apiVersion: apps/v1
kind: DaemonSet
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -f squinotes.yml
@ -8,6 +8,7 @@ metadata:
io.kompose.service: notes
name: notes
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: notes
@ -21,7 +22,6 @@ spec:
name: notes
ports:
- containerPort: 8080
resources: {}
volumeMounts:
- mountPath: /app/data
name: notes
@ -30,9 +30,3 @@ spec:
- name: notes
persistentVolumeClaim:
claimName: sqnotes-data
updateStrategy: {}
status:
currentNumberScheduled: 0
desiredNumberScheduled: 0
numberMisscheduled: 0
numberReady: 0

28
sqnotes/notes-ingress.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: notes-ingr
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - you fool'
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: notes-tls
hosts:
- notes.squi.fr
rules:
- host: notes.squi.fr
http:
paths:
- pathType: Prefix
backend:
service:
name: notes
port:
number: 8080
path: /

10
sqtasks/sqtasks-daemonset.yaml → sqtasks/tasks-deployment.yaml
View File

@ -1,10 +1,11 @@
apiVersion: apps/v1
kind: DaemonSet
kind: Deployment
metadata:
labels:
app: tasks
name: tasks
spec:
replicas: 1
selector:
matchLabels:
app: tasks
@ -18,7 +19,6 @@ spec:
name: tasks
ports:
- containerPort: 8080
resources: {}
volumeMounts:
- mountPath: /app/data
name: tasks
@ -27,9 +27,3 @@ spec:
- name: tasks
persistentVolumeClaim:
claimName: tasks-data
updateStrategy: {}
status:
currentNumberScheduled: 0
desiredNumberScheduled: 0
numberMisscheduled: 0
numberReady: 0

10
sqtasks/tasks-ingress.yaml
View File

@ -2,7 +2,17 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tasks-ingr
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - you fool'
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: todo-tls
hosts:
- todo.squi.fr
ingressClassName: nginx
rules:
- host: todo.squi.fr