From 3bafc97cf5f17f7cf917ffb609bed8dd77beff74 Mon Sep 17 00:00:00 2001 From: JJGadgets Date: Mon, 30 Sep 2024 14:57:15 +0800 Subject: [PATCH] chore: cleanup --- .../kube}/deploy/apps/media-edit/app/es.yaml | 0 .../kube}/deploy/apps/media-edit/app/hr.yaml | 0 .../kube}/deploy/apps/media-edit/ks.yaml | 0 .../deploy/apps/media-edit/kustomization.yaml | 0 .../kube}/deploy/apps/media-edit/ns.yaml | 0 .../kube}/deploy/apps/ollama/app/es.yaml | 0 .../kube}/deploy/apps/ollama/app/hr.yaml | 0 .../kube}/deploy/apps/ollama/app/pvc.yaml | 0 .../kube}/deploy/apps/ollama/ks.yaml | 0 .../deploy/apps/ollama/kustomization.yaml | 0 .../kube}/deploy/apps/ollama/ns.yaml | 0 kube/deploy/apps/atuin/app/hr.yaml | 4 ++-- kube/deploy/apps/audiobookshelf/app/hr.yaml | 6 ++--- kube/deploy/apps/code-server/app/hr.yaml | 14 ++++++------ kube/deploy/apps/cyberchef/app/hr.yaml | 6 ++--- kube/deploy/apps/gokapi/app/hr.yaml | 5 ++--- kube/deploy/apps/home-assistant/app/hr.yaml | 6 ++--- kube/deploy/apps/joplin/app/hr.yaml | 6 ++--- kube/deploy/apps/media/kavita/app/hr.yaml | 8 +++---- kube/deploy/apps/media/komga/app/hr.yaml | 8 +++---- kube/deploy/apps/miniflux/app/hr.yaml | 8 +++---- kube/deploy/apps/navidrome/app/hr.yaml | 22 +++++++++++++++---- kube/deploy/apps/ocis/app/hr.yaml | 6 ++--- kube/deploy/apps/paperless-ngx/app/hr.yaml | 10 ++++----- kube/deploy/apps/restic-rest-nfs/app/hr.yaml | 4 ++-- kube/deploy/apps/thelounge/app/hr.yaml | 4 ++-- kube/deploy/apps/vikunja/app/hr.yaml | 8 +++---- kube/deploy/apps/zipline/app/hr.yaml | 8 +++---- .../core/monitoring/alertmanager/app/hr.yaml | 10 +++++---- kube/deploy/core/monitoring/karma/app/hr.yaml | 8 +++---- 30 files changed, 83 insertions(+), 68 deletions(-) rename {kube => .archive/kube}/deploy/apps/media-edit/app/es.yaml (100%) rename {kube => .archive/kube}/deploy/apps/media-edit/app/hr.yaml (100%) rename {kube => .archive/kube}/deploy/apps/media-edit/ks.yaml (100%) rename {kube => .archive/kube}/deploy/apps/media-edit/kustomization.yaml (100%) rename {kube => .archive/kube}/deploy/apps/media-edit/ns.yaml (100%) rename {kube => .archive/kube}/deploy/apps/ollama/app/es.yaml (100%) rename {kube => .archive/kube}/deploy/apps/ollama/app/hr.yaml (100%) rename {kube => .archive/kube}/deploy/apps/ollama/app/pvc.yaml (100%) rename {kube => .archive/kube}/deploy/apps/ollama/ks.yaml (100%) rename {kube => .archive/kube}/deploy/apps/ollama/kustomization.yaml (100%) rename {kube => .archive/kube}/deploy/apps/ollama/ns.yaml (100%) diff --git a/kube/deploy/apps/media-edit/app/es.yaml b/.archive/kube/deploy/apps/media-edit/app/es.yaml similarity index 100% rename from kube/deploy/apps/media-edit/app/es.yaml rename to .archive/kube/deploy/apps/media-edit/app/es.yaml diff --git a/kube/deploy/apps/media-edit/app/hr.yaml b/.archive/kube/deploy/apps/media-edit/app/hr.yaml similarity index 100% rename from kube/deploy/apps/media-edit/app/hr.yaml rename to .archive/kube/deploy/apps/media-edit/app/hr.yaml diff --git a/kube/deploy/apps/media-edit/ks.yaml b/.archive/kube/deploy/apps/media-edit/ks.yaml similarity index 100% rename from kube/deploy/apps/media-edit/ks.yaml rename to .archive/kube/deploy/apps/media-edit/ks.yaml diff --git a/kube/deploy/apps/media-edit/kustomization.yaml b/.archive/kube/deploy/apps/media-edit/kustomization.yaml similarity index 100% rename from kube/deploy/apps/media-edit/kustomization.yaml rename to .archive/kube/deploy/apps/media-edit/kustomization.yaml diff --git a/kube/deploy/apps/media-edit/ns.yaml b/.archive/kube/deploy/apps/media-edit/ns.yaml similarity index 100% rename from kube/deploy/apps/media-edit/ns.yaml rename to .archive/kube/deploy/apps/media-edit/ns.yaml diff --git a/kube/deploy/apps/ollama/app/es.yaml b/.archive/kube/deploy/apps/ollama/app/es.yaml similarity index 100% rename from kube/deploy/apps/ollama/app/es.yaml rename to .archive/kube/deploy/apps/ollama/app/es.yaml diff --git a/kube/deploy/apps/ollama/app/hr.yaml b/.archive/kube/deploy/apps/ollama/app/hr.yaml similarity index 100% rename from kube/deploy/apps/ollama/app/hr.yaml rename to .archive/kube/deploy/apps/ollama/app/hr.yaml diff --git a/kube/deploy/apps/ollama/app/pvc.yaml b/.archive/kube/deploy/apps/ollama/app/pvc.yaml similarity index 100% rename from kube/deploy/apps/ollama/app/pvc.yaml rename to .archive/kube/deploy/apps/ollama/app/pvc.yaml diff --git a/kube/deploy/apps/ollama/ks.yaml b/.archive/kube/deploy/apps/ollama/ks.yaml similarity index 100% rename from kube/deploy/apps/ollama/ks.yaml rename to .archive/kube/deploy/apps/ollama/ks.yaml diff --git a/kube/deploy/apps/ollama/kustomization.yaml b/.archive/kube/deploy/apps/ollama/kustomization.yaml similarity index 100% rename from kube/deploy/apps/ollama/kustomization.yaml rename to .archive/kube/deploy/apps/ollama/kustomization.yaml diff --git a/kube/deploy/apps/ollama/ns.yaml b/.archive/kube/deploy/apps/ollama/ns.yaml similarity index 100% rename from kube/deploy/apps/ollama/ns.yaml rename to .archive/kube/deploy/apps/ollama/ns.yaml diff --git a/kube/deploy/apps/atuin/app/hr.yaml b/kube/deploy/apps/atuin/app/hr.yaml index 66c20c6b8e..80b39ae7 100644 --- a/kube/deploy/apps/atuin/app/hr.yaml +++ b/kube/deploy/apps/atuin/app/hr.yaml @@ -40,13 +40,13 @@ spec: primary: true ingressClassName: "nginx-internal" hosts: - - host: &host "${APP_DNS_ATUIN}" + - host: &host "${APP_DNS_ATUIN:=atuin}" paths: - path: / pathType: Prefix tls: [hosts: [*host]] podSecurityContext: - runAsUser: &uid ${APP_UID_ATUIN} + runAsUser: &uid ${APP_UID_ATUIN:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always diff --git a/kube/deploy/apps/audiobookshelf/app/hr.yaml b/kube/deploy/apps/audiobookshelf/app/hr.yaml index b8358509..8fcc08fa 100644 --- a/kube/deploy/apps/audiobookshelf/app/hr.yaml +++ b/kube/deploy/apps/audiobookshelf/app/hr.yaml @@ -49,7 +49,7 @@ spec: primary: true className: "nginx-internal" hosts: - - host: &host "${APP_DNS_AUDIOBOOKSHELF}" + - host: &host "${APP_DNS_AUDIOBOOKSHELF:=audiobookshelf}" paths: - path: / pathType: Prefix @@ -84,7 +84,7 @@ spec: defaultPodOptions: automountServiceAccountToken: false securityContext: - runAsUser: &uid ${APP_UID_AUDIOBOOKSHELF} + runAsUser: &uid ${APP_UID_AUDIOBOOKSHELF:=1000} runAsGroup: *uid fsGroup: *uid - fsGroupChangePolicy: Always \ No newline at end of file + fsGroupChangePolicy: Always diff --git a/kube/deploy/apps/code-server/app/hr.yaml b/kube/deploy/apps/code-server/app/hr.yaml index 5e0b0a51..59335140 100644 --- a/kube/deploy/apps/code-server/app/hr.yaml +++ b/kube/deploy/apps/code-server/app/hr.yaml @@ -72,8 +72,8 @@ spec: type: LoadBalancer externalTrafficPolicy: Cluster annotations: - coredns.io/hostname: "vs-ssh.${DNS_SHORT}" - io.cilium/lb-ipam-ips: "${APP_IP_CODE_SERVER_SSH}" + coredns.io/hostname: "vs-ssh.${DNS_SHORT:=internal}" + io.cilium/lb-ipam-ips: "${APP_IP_CODE_SERVER_SSH:=127.0.0.1}" tailscale.com/expose: "true" tailscale.com/hostname: "vs-ssh" labels: @@ -95,7 +95,7 @@ spec: nginx.ingress.kubernetes.io/whitelist-source-range: | ${IP_JJ_V4} hosts: - - host: &host "vs.${DNS_SHORT}" + - host: &host "vs.${DNS_SHORT:=internal}" paths: - &path path: / @@ -103,13 +103,13 @@ spec: service: &http name: main port: http - - host: &host "hugo.${DNS_SHORT}" + - host: &host "hugo.${DNS_SHORT:=internal}" paths: - <<: *path service: &hugo name: main port: hugo - - host: &host "vs-test.${DNS_SHORT}" + - host: &host "vs-test.${DNS_SHORT:=internal}" paths: - <<: *path service: &test @@ -124,7 +124,7 @@ spec: annotations: tailscale.com/tags: "tag:jjgadgets-apps" hosts: - - host: &host "vs.${DNS_TS}" + - host: &host "vs.${DNS_TS:=ts.net}" paths: - <<: *path service: *http @@ -203,7 +203,7 @@ spec: defaultPodOptions: automountServiceAccountToken: true enableServiceLinks: true - hostname: "${CLUSTER_NAME}-code-server" + hostname: "${CLUSTER_NAME:=biohazard}-code-server" securityContext: runAsNonRoot: true runAsUser: &uid 1000 # `coder` user diff --git a/kube/deploy/apps/cyberchef/app/hr.yaml b/kube/deploy/apps/cyberchef/app/hr.yaml index 5f5f0829..ffd6f388 100644 --- a/kube/deploy/apps/cyberchef/app/hr.yaml +++ b/kube/deploy/apps/cyberchef/app/hr.yaml @@ -38,7 +38,7 @@ spec: primary: true ingressClassName: "nginx-internal" hosts: - - host: &host "${APP_DNS_CYBERCHEF}" + - host: &host "${APP_DNS_CYBERCHEF:=cyberchef}" paths: - path: / pathType: Prefix @@ -46,7 +46,7 @@ spec: - hosts: - *host podSecurityContext: - runAsUser: &uid ${APP_UID_CYBERCHEF} + runAsUser: &uid ${APP_UID_CYBERCHEF:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always @@ -55,4 +55,4 @@ spec: cpu: 10m memory: 128Mi limits: - memory: 256Mi \ No newline at end of file + memory: 256Mi diff --git a/kube/deploy/apps/gokapi/app/hr.yaml b/kube/deploy/apps/gokapi/app/hr.yaml index 78efdc90..ba890e7c 100644 --- a/kube/deploy/apps/gokapi/app/hr.yaml +++ b/kube/deploy/apps/gokapi/app/hr.yaml @@ -32,13 +32,12 @@ spec: enabled: true ingressClassName: "nginx-external" hosts: - - host: "${APP_DNS_GOKAPI}" + - host: &host "${APP_DNS_GOKAPI:=gokapi}" paths: - path: / pathType: Prefix tls: - - hosts: - - "${APP_DNS_GOKAPI}" + - hosts: [*host] secretName: long-domain-tls persistence: config: diff --git a/kube/deploy/apps/home-assistant/app/hr.yaml b/kube/deploy/apps/home-assistant/app/hr.yaml index 68cc141a..6460d6bd 100644 --- a/kube/deploy/apps/home-assistant/app/hr.yaml +++ b/kube/deploy/apps/home-assistant/app/hr.yaml @@ -107,7 +107,7 @@ spec: primary: true className: "nginx-internal" hosts: - - host: &host "${APP_DNS_HOME_ASSISTANT}" + - host: &host "${APP_DNS_HOME_ASSISTANT:=home-assistant}" paths: &paths - path: / pathType: Prefix @@ -121,7 +121,7 @@ spec: primary: false className: "tailscale" hosts: - - host: &host "hass-edit.${DNS_TS}" + - host: &host "hass-edit.${DNS_TS:=ts.net}" paths: &paths - path: / pathType: Prefix @@ -157,7 +157,7 @@ spec: enableServiceLinks: false securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_HOME_ASSISTANT} + runAsUser: &uid ${APP_UID_HOME_ASSISTANT:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: "Always" diff --git a/kube/deploy/apps/joplin/app/hr.yaml b/kube/deploy/apps/joplin/app/hr.yaml index cc42f6cd..b5ff3c48 100644 --- a/kube/deploy/apps/joplin/app/hr.yaml +++ b/kube/deploy/apps/joplin/app/hr.yaml @@ -83,7 +83,7 @@ spec: # external-dns.alpha.kubernetes.io/target: "${DNS_SHORT_CF}" # external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" hosts: - - host: &host "${APP_DNS_JOPLIN}" + - host: &host "${APP_DNS_JOPLIN:=joplin}" paths: - path: / pathType: Prefix @@ -91,7 +91,7 @@ spec: - hosts: - *host podSecurityContext: - runAsUser: &uid ${APP_UID_JOPLIN} + runAsUser: &uid ${APP_UID_JOPLIN:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always @@ -112,4 +112,4 @@ spec: cpu: 10m memory: 128Mi limits: - memory: 6000Mi \ No newline at end of file + memory: 6000Mi diff --git a/kube/deploy/apps/media/kavita/app/hr.yaml b/kube/deploy/apps/media/kavita/app/hr.yaml index 3a0d126d..9283257d 100644 --- a/kube/deploy/apps/media/kavita/app/hr.yaml +++ b/kube/deploy/apps/media/kavita/app/hr.yaml @@ -71,8 +71,8 @@ spec: nas: enabled: true type: nfs - server: "${IP_TRUENAS}" - path: "${PATH_NAS_MEDIA}" + server: "${IP_TRUENAS:=127.0.0.1}" + path: "${PATH_NAS_MEDIA:=/kavita}" globalMounts: - path: "/nas" readOnly: true @@ -91,8 +91,8 @@ spec: backups: enabled: true type: nfs - server: "${IP_TRUENAS}" - path: "${PATH_NAS_BACKUPS_K8S}" + server: "${IP_TRUENAS:=127.0.0.1}" + path: "${PATH_NAS_BACKUPS_K8S:=/backups}" globalMounts: - subPath: "kavita" path: "/kavita/config/backups" diff --git a/kube/deploy/apps/media/komga/app/hr.yaml b/kube/deploy/apps/media/komga/app/hr.yaml index 5816c6df..beb7aa61 100644 --- a/kube/deploy/apps/media/komga/app/hr.yaml +++ b/kube/deploy/apps/media/komga/app/hr.yaml @@ -91,8 +91,8 @@ spec: path: /ceph nfs: type: nfs - server: "${IP_TRUENAS}" - path: "${PATH_NAS_MEDIA}" + server: "${IP_TRUENAS:=127.0.0.1}" + path: "${PATH_NAS_MEDIA:=/media}" globalMounts: - path: /nas readOnly: true @@ -110,8 +110,8 @@ spec: automountServiceAccountToken: false enableServiceLinks: false hostAliases: - - ip: "${APP_IP_AUTHENTIK}" - hostnames: ["${APP_DNS_AUTHENTIK}"] + - ip: "${APP_IP_AUTHENTIK:=127.0.0.1}" + hostnames: ["${APP_DNS_AUTHENTIK:=authentik}"] securityContext: runAsNonRoot: true runAsUser: &uid ${APP_DNS_KOMGA:=1000} diff --git a/kube/deploy/apps/miniflux/app/hr.yaml b/kube/deploy/apps/miniflux/app/hr.yaml index 754c09d8..59497bd2 100644 --- a/kube/deploy/apps/miniflux/app/hr.yaml +++ b/kube/deploy/apps/miniflux/app/hr.yaml @@ -26,7 +26,7 @@ spec: podLabels: ingress.home.arpa/nginx-internal: "allow" db.home.arpa/pg: "pg-default" - egress.home.arpa/world: "allow" + egress.home.arpa/internet: "allow" egress.home.arpa/nginx-external: "allow" # authentik env: TZ: "${CONFIG_TZ}" @@ -56,7 +56,7 @@ spec: primary: true ingressClassName: "nginx-internal" hosts: - - host: &host "${APP_DNS_MINIFLUX}" + - host: &host "${APP_DNS_MINIFLUX:=miniflux}" paths: - path: / pathType: Prefix @@ -64,7 +64,7 @@ spec: - hosts: - *host podSecurityContext: - runAsUser: &uid ${APP_UID_MINIFLUX} + runAsUser: &uid ${APP_UID_MINIFLUX:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always @@ -74,4 +74,4 @@ spec: memory: 128Mi limits: cpu: 3000m - memory: 512Mi \ No newline at end of file + memory: 512Mi diff --git a/kube/deploy/apps/navidrome/app/hr.yaml b/kube/deploy/apps/navidrome/app/hr.yaml index 2d7639e7..16dbdfae 100644 --- a/kube/deploy/apps/navidrome/app/hr.yaml +++ b/kube/deploy/apps/navidrome/app/hr.yaml @@ -81,7 +81,7 @@ spec: nginx.ingress.kubernetes.io/auth-signin: |- https://${APP_DNS_NAVIDROME}/outpost.goauthentik.io/start?rd=$escaped_request_uri hosts: - - host: &host "${APP_DNS_NAVIDROME}" + - host: &host "${APP_DNS_NAVIDROME:=navidrome}" paths: &paths - path: / pathType: Prefix @@ -90,6 +90,20 @@ spec: port: http tls: - hosts: [*host] + subsonic: # bypass forward auth + enabled: true + primary: false + className: nginx-internal + hosts: + - host: &host "${APP_DNS_NAVIDROME:=navidrome}" + paths: &paths + - path: /rest + pathType: Prefix + service: + name: main + port: http + tls: + - hosts: [*host] persistence: config: enabled: true @@ -100,8 +114,8 @@ spec: nfs: enabled: true type: nfs - server: "${IP_TRUENAS}" - path: "${PATH_NAS_MEDIA}" + server: "${IP_TRUENAS:=127.0.0.1}" + path: "${PATH_NAS_MEDIA:=/media}" globalMounts: - subPath: Music path: /media @@ -118,7 +132,7 @@ spec: enableServiceLinks: false securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_NAVIDROME} + runAsUser: &uid ${APP_UID_NAVIDROME:=1000} runAsGroup: *uid fsGroup: *uid supplementalGroups: [6969] # NAS diff --git a/kube/deploy/apps/ocis/app/hr.yaml b/kube/deploy/apps/ocis/app/hr.yaml index 1bb7aef6..19d1ea80 100644 --- a/kube/deploy/apps/ocis/app/hr.yaml +++ b/kube/deploy/apps/ocis/app/hr.yaml @@ -33,7 +33,7 @@ spec: env: TZ: "${CONFIG_TZ}" OCIS_INSECURE: true - OCIS_URL: "https://${APP_DNS_OCIS}" + OCIS_URL: "https://${APP_DNS_OCIS:=ocis}" PROXY_TLS: false DEMO_USERS: false PROXY_HTTP_ADDR: 0.0.0.0:9200 @@ -101,7 +101,7 @@ spec: annotations: nginx.ingress.kubernetes.io/custom-http-errors: "502" hosts: - - host: &host "${APP_DNS_OCIS}" + - host: &host "${APP_DNS_OCIS:=ocis}" paths: &paths - path: / pathType: Prefix @@ -138,7 +138,7 @@ spec: hostnames: ["${APP_DNS_AUTHENTIK}"] securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_OCIS} + runAsUser: &uid ${APP_UID_OCIS:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: "Always" diff --git a/kube/deploy/apps/paperless-ngx/app/hr.yaml b/kube/deploy/apps/paperless-ngx/app/hr.yaml index b6aaffeb..ee3eef1c 100644 --- a/kube/deploy/apps/paperless-ngx/app/hr.yaml +++ b/kube/deploy/apps/paperless-ngx/app/hr.yaml @@ -166,7 +166,7 @@ spec: primary: true className: "nginx-internal" hosts: - - host: &host "${APP_DNS_PAPERLESS_NGX}" + - host: &host "${APP_DNS_PAPERLESS_NGX:=paperless}" paths: - path: "/" pathType: Prefix @@ -194,8 +194,8 @@ spec: nas: enabled: true type: nfs - server: "${IP_TRUENAS}" - path: "${PATH_NAS_PERSIST_K8S}/paperless-ngx" + server: "${IP_TRUENAS:=127.0.0.1}" + path: "${PATH_NAS_PERSIST_K8S:=/data}/paperless-ngx" advancedMounts: main: main: @@ -239,8 +239,8 @@ spec: automountServiceAccountToken: false enableServiceLinks: false # avoid exposing too much info in env vars in case of lateral movement attempt hostAliases: - - ip: "${APP_IP_AUTHENTIK}" - hostnames: ["${APP_DNS_AUTHENTIK}"] + - ip: "${APP_IP_AUTHENTIK:=127.0.0.1}" + hostnames: ["${APP_DNS_AUTHENTIK:=authentik}"] securityContext: runAsNonRoot: false runAsUser: &uid 1000 # hardcoded `paperless` user diff --git a/kube/deploy/apps/restic-rest-nfs/app/hr.yaml b/kube/deploy/apps/restic-rest-nfs/app/hr.yaml index 29c0ae85..dfb1ad09 100644 --- a/kube/deploy/apps/restic-rest-nfs/app/hr.yaml +++ b/kube/deploy/apps/restic-rest-nfs/app/hr.yaml @@ -92,8 +92,8 @@ spec: data: enabled: true type: nfs - server: "${IP_TRUENAS}" - path: "${PATH_NAS_PERSIST_K8S}" + server: "${IP_TRUENAS:=127.0.0.1}" + path: "${PATH_NAS_PERSIST_K8S:=/restic}" advancedMounts: main: main: diff --git a/kube/deploy/apps/thelounge/app/hr.yaml b/kube/deploy/apps/thelounge/app/hr.yaml index 83fd01b0..13140e00 100644 --- a/kube/deploy/apps/thelounge/app/hr.yaml +++ b/kube/deploy/apps/thelounge/app/hr.yaml @@ -41,7 +41,7 @@ spec: primary: true ingressClassName: "nginx-internal" hosts: - - host: &host "${APP_DNS_THELOUNGE}" + - host: &host "${APP_DNS_THELOUNGE:=thelounge}" paths: - path: / pathType: Prefix @@ -49,7 +49,7 @@ spec: - hosts: - *host podSecurityContext: - runAsUser: &uid ${APP_UID_THELOUNGE} + runAsUser: &uid ${APP_UID_THELOUNGE:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always diff --git a/kube/deploy/apps/vikunja/app/hr.yaml b/kube/deploy/apps/vikunja/app/hr.yaml index 964f92cf..9b6a56c8 100644 --- a/kube/deploy/apps/vikunja/app/hr.yaml +++ b/kube/deploy/apps/vikunja/app/hr.yaml @@ -95,7 +95,7 @@ spec: primary: true className: "nginx-internal" hosts: - - host: &host "${APP_DNS_VIKUNJA}" + - host: &host "${APP_DNS_VIKUNJA:=vikunja}" paths: &paths - path: / pathType: Prefix @@ -130,11 +130,11 @@ spec: automountServiceAccountToken: false enableServiceLinks: false hostAliases: - - ip: "${APP_IP_AUTHENTIK}" - hostnames: ["${APP_DNS_AUTHENTIK}"] + - ip: "${APP_IP_AUTHENTIK:=127.0.0.1}" + hostnames: ["${APP_DNS_AUTHENTIK:=authentik}"] securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_VIKUNJA} + runAsUser: &uid ${APP_UID_VIKUNJA:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: "Always" diff --git a/kube/deploy/apps/zipline/app/hr.yaml b/kube/deploy/apps/zipline/app/hr.yaml index 2ebab863..ee354df8 100644 --- a/kube/deploy/apps/zipline/app/hr.yaml +++ b/kube/deploy/apps/zipline/app/hr.yaml @@ -104,7 +104,7 @@ spec: nginx.ingress.kubernetes.io/custom-http-errors: "400,403,404,405,409,410,411,412,413,414,415,416,417,418,421,425,431,451,500,501,502,503,504,505,506,510" nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8, 100.64.0.0/10" hosts: - - host: &host "${APP_DNS_ZIPLINE}" + - host: &host "${APP_DNS_ZIPLINE:=zipline}" paths: - path: / pathType: Prefix @@ -140,7 +140,7 @@ spec: external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" nginx.ingress.kubernetes.io/custom-http-errors: "400,403,404,405,409,410,411,412,413,414,415,416,417,418,421,425,431,451,500,501,502,503,504,505,506,510" hosts: - - host: &exthost "${DNS_SHORT}" + - host: &exthost "${DNS_SHORT:=localhost}" paths: - path: *shorten pathType: Prefix @@ -166,7 +166,7 @@ spec: - hosts: - *exthost podSecurityContext: - runAsUser: &uid ${APP_UID_ZIPLINE} + runAsUser: &uid ${APP_UID_ZIPLINE:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: Always @@ -175,4 +175,4 @@ spec: cpu: 10m memory: 128Mi limits: - memory: 6000Mi \ No newline at end of file + memory: 6000Mi diff --git a/kube/deploy/core/monitoring/alertmanager/app/hr.yaml b/kube/deploy/core/monitoring/alertmanager/app/hr.yaml index 37fbef90..2c6b07cb 100644 --- a/kube/deploy/core/monitoring/alertmanager/app/hr.yaml +++ b/kube/deploy/core/monitoring/alertmanager/app/hr.yaml @@ -37,12 +37,14 @@ spec: - --web.route-prefix=/ - --web.listen-address=:9093 - --cluster.listen-address=[$(POD_IP)]:9094 + - --cluster.advertise-address=$(POD_IP):9094 - "--cluster.label=${CLUSTER_NAME}" - --cluster.peer=alertmanager.monitoring.svc.cluster.local:9094 - --cluster.peer=alertmanager-local-0.monitoring.svc.cluster.local:9094 - --cluster.peer=alertmanager-local-1.monitoring.svc.cluster.local:9094 - --cluster.peer=alertmanager-local-2.monitoring.svc.cluster.local:9094 - - --cluster.reconnect-timeout=5m + - --cluster.reconnect-timeout=1h + #- --cluster.probe-interval=5s # hopefully lower DNS requests? env: TZ: "${CONFIG_TZ}" POD_IP: @@ -142,10 +144,10 @@ spec: primary: true className: "nginx-external" annotations: - external-dns.alpha.kubernetes.io/target: "${DNS_CF}" + external-dns.alpha.kubernetes.io/target: "${DNS_CF:=127.0.0.1}" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" hosts: - - host: &host "${APP_DNS_ALERTMANAGER}" + - host: &host "${APP_DNS_ALERTMANAGER:=alertmanager}" paths: &paths - path: / pathType: Prefix @@ -159,7 +161,7 @@ spec: primary: false className: "tailscale" hosts: - - host: &host "${APP_DNS_ALERTMANAGER_TS}" + - host: &host "${APP_DNS_ALERTMANAGER_TS:=alertmanager}" paths: *paths tls: - hosts: [*host] diff --git a/kube/deploy/core/monitoring/karma/app/hr.yaml b/kube/deploy/core/monitoring/karma/app/hr.yaml index 54fe0a6c..9489403b 100644 --- a/kube/deploy/core/monitoring/karma/app/hr.yaml +++ b/kube/deploy/core/monitoring/karma/app/hr.yaml @@ -58,11 +58,11 @@ spec: primary: true className: "nginx-external" annotations: - external-dns.alpha.kubernetes.io/target: "${DNS_CF}" + external-dns.alpha.kubernetes.io/target: "${DNS_CF:=127.0.0.1}" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" # external auth managed by Cloudflare Zero Trust, so authentik won't be SPoF if internal access not working hosts: - - host: &host "${APP_DNS_KARMA}" + - host: &host "${APP_DNS_KARMA:=karma}" paths: &paths - path: / pathType: Prefix @@ -76,7 +76,7 @@ spec: primary: true className: "tailscale" hosts: - - host: &host "${APP_DNS_TS_KARMA}" + - host: &host "${APP_DNS_TS_KARMA:=karma}" paths: *paths tls: - hosts: [*host] @@ -85,7 +85,7 @@ spec: enableServiceLinks: false securityContext: runAsNonRoot: true - runAsUser: &uid ${APP_UID_KARMA} + runAsUser: &uid ${APP_UID_KARMA:=1000} runAsGroup: *uid fsGroup: *uid fsGroupChangePolicy: "Always"