feat: cleanup of remodelling

move remodel folder down to root and delete old unused manifests

README.md

@@ -1,22 +1,34 @@
 <div align="center">
 
-<img src="https://raw.githubusercontent.com/vehagn/homelab/main/docs/assets/kubernetes.svg" width="144px" alt="Kubernetes logo"/>
+# 🪨 Homelab 🏡
 
-# 🪨 Kubernetes Homelab 🏡
+Repository for home infrastructure and [Kubernetes](https://kubernetes.io/) cluster
+using [GitOps](https://en.wikipedia.org/wiki/DevOps) practices.
+Held together using [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment),
+[OpenTofu](https://opentofu.org/), [Talos](https://talos.dev), [Kubernetes](https://kubernetes.io/),
+[Argo CD](https://argoproj.github.io/cd/) and copious amounts of [YAML](https://yaml.org/).
 
 </div>
 
 ---
 
-## 📝 Overview
+## 📖 Overview
 
-This is the [IaC](https://en.wikipedia.org/wiki/Infrastructure_as_code) configuration for my homelab.
-It's mainly powered by [Kubernetes](https://kubernetes.io/) and I do my best to adhere to GitOps practices.
+This repository hosts the IaC ([Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code))
+configuration for my homelab.
 
-To organise all the configuration I've opted for an approach using Kustomized Helm with Argo CD which I've explained in
-more detail [here](https://blog.stonegarden.dev/articles/2023/09/argocd-kustomize-with-helm/).
+The Homelab is backed by [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment) hypervisor nodes with VMs
+bootstrapped using [OpenTofu](https://opentofu.org/)/[Terraform](https://www.terraform.io/).
 
-I try to journal my adventures and exploits on my [blog](https://blog.stonegarden.dev) which is hosted by this repo.
+Most of the services run on [Talos](https://www.talos.dev/) flavoured [Kubernetes](https://kubernetes.io/),
+though I'm also running a [TrueNAS](https://www.truenas.com/) VM for storage
+and [Home Assistant](https://www.home-assistant.io/) VM for home automation.
+
+To organise all the configuration I've opted for an approach using Kustomized Helm
+with [Argo CD](https://argoproj.github.io/cd/) which I've explained in more
+detail [in this article](https://blog.stonegarden.dev/articles/2023/09/argocd-kustomize-with-helm/).
+
+I journal my homelab journey over at my self-hosted [blog](https://blog.stonegarden.dev).
 
 ## 🧑‍💻 Getting Started
 
@@ -30,53 +42,68 @@ I've also written an article on how to get started
 with [Kubernetes on Proxmox](https://blog.stonegarden.dev/articles/2024/03/proxmox-k8s-with-cilium/) if virtualisation
 is more your thing.
 
-A third option is the [Quickstart](docs/QUICKSTART.md) in the docs-folder.
-
-I also have a ["mini-cluster" repo](https://gitlab.com/vehagn/mini-homelab) which might be easier to start understanding
-over at GitLab.
+I'm currently working on an article on how to bootstrap your own Talos-cluster using this repo.
 
 ## ⚙️ Core Components
 
+* [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment): Server management and KVM hypervisor.
+* [OpenTofu](https://opentofu.org/): Open source infrastructure as code tool.
+* [Cilium](https://cilium.io/): eBPF-based Networking, Observability, Security.
 * [Argo CD](https://argo-cd.readthedocs.io/en/stable/): Declarative, GitOps continuous delivery tool for Kubernetes.
 * [Cert-manager](https://cert-manager.io/): Cloud native certificate management.
-* [Cilium](https://cilium.io/): eBPF-based Networking, Observability, Security.
-* [OpenTofu](https://opentofu.org/): The open source infrastructure as code tool.
 * [Sealed-secrets](https://github.com/bitnami-labs/sealed-secrets): Encrypt your Secret into a SealedSecret, which is
   safe to store - even inside a public repository.
 
-## 📂 Folder Structure
+## 🗃️ Folder Structure
 
-* `apps`: Different applications that I run in the cluster.
-* `charts`: Tailor made Helm charts for this cluster.
-* `docs`: Supplementary documentation.
-* `infra`: Configuration for core infrastructure components
-* `machines`: OpenTofu/Terraform configuration. Each sub folder is a physical machine.
-* `sets`: Holds Argo CD Applications that points to the `apps` and `infra` folders for automatic Git-syncing.
+```shell
+.
+├── 📂 docs                # Documentation
+├── 📂 k8s                 # Kubernetes manifests
+│   ├── 📂 apps            # Applications on
+│   ├── 📂 infra           # Infrastructure components
+│   └── 📂 sets            # Bootstrapping ApplicationSets
+└── 📂 tofu                # Tofu configuration
+    ├── 📂 home-assistant  # Home Assistant VM
+    └── 📂 kubernetes      # Kubernetes VM configuration
+        ├── 📂 bootstrap   # Kubernetes bootstrap config
+        └── 📂 talos       # Talos configuration 
+```
 
 ## 🖥️ Hardware
 
-| Name   | Device                    | CPU             | RAM            | Storage    | Purpose |
-|--------|---------------------------|-----------------|----------------|------------|---------|
-| Gauss  | Dell Precision Tower 5810 | Xeon E5-1650 v3 | 64 GB DDR4 ECC | 14 TiB HDD | -       |
-| Euclid | ASUS ExpertCenter PN42    | Intel N100      | 32 GB DDR4     | -          | -       |
+| Name   | Device                    | CPU             | RAM            | Storage          | Purpose           |
+|--------|---------------------------|-----------------|----------------|------------------|-------------------|
+| Abel   | CWWK 6 LAN Port           | Intel i3-N305   | 32 GB DDR5     | -                | Control-plane     |
+| Euclid | ASUS ExpertCenter PN42    | Intel N100      | 32 GB DDR4     | -                | Control-plane     |
+| Cantor | ASUS PRIME N100I-D D4     | Intel N100      | 32 GB DDR4     | 5x8TB HDD RaidZ2 | NAS/Control-plane |
+| Gauss  | Dell Precision Tower 5810 | Xeon E5-1650 v3 | 64 GB DDR4 ECC | 14 TB HDD        | Compute           |
 
 ## 🏗️ Work in Progress
 
+- [ ] Set up AdGuard Home
 - [ ] Clean up DNS config
 - [ ] Renovate for automatic updates
-- [x] Build a NAS for storage
-- [ ] Template Gauss
-- [ ] Replace Pi Hole with AdGuard Home
-- [x] Use iGPU on Euclid for video transcoding
-- [x] Replace Traefik with Cilium Ingress Controller
-- [ ] Cilium mTLS & SPIFFE/SPIRE
 
 ## 👷‍ Future Projects
 
-- [x] Use Talos instead of Debian for Kubernetes
+- [ ] External DNS
 - [ ] Keycloak for auth
+- [ ] Implement NetBird
+- [ ] OPNSense/pfSense
+- [ ] Use BGP instead of ARP
 - [ ] Dynamic Resource Allocation for GPU
 - [ ] Local LLM
-- [ ] pfSense
-- [ ] Use NetBird or Tailscale
-- [ ] Use BGP instead of ARP
+- [ ] Cilium mTLS & SPIFFE/SPIRE
+
+##
+
+<img src="https://raw.githubusercontent.com/vehagn/homelab/remodel/docs/assets/proxmox-logo-stacked-inverted-color.svg#gh-dark-mode-only" width="80px" alt="Proxmox logo"/>
+<img src="https://raw.githubusercontent.com/vehagn/homelab/remodel/docs/assets/proxmox-logo-stacked-color.svg#gh-light-mode-only" width="80px" alt="Proxmox logo"/>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<img src="https://raw.githubusercontent.com/vehagn/homelab/remodel/docs/assets/tofu-on-dark.svg#gh-dark-mode-only" width="68px" alt="OpenTofu logo"/>
+<img src="https://raw.githubusercontent.com/vehagn/homelab/remodel/docs/assets/tofu-on-light.svg#gh-light-mode-only" width="68px" alt="OpenTofu logo"/>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<img src="https://raw.githubusercontent.com/vehagn/homelab/remodel/docs/assets/talos-logo.svg" width="64px" alt="Kubernetes logo"/>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+<img src="https://raw.githubusercontent.com/vehagn/homelab/remodel/docs/assets/kubernetes-logo.svg" width="68px" alt="Kubernetes logo"/>

apps/application-set.yaml

@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: applications
-  namespace: argocd
-  labels:
-    dev.stonegarden: application
-spec:
-  generators:
-    - git:
-        repoURL: https://github.com/vehagn/homelab
-        revision: HEAD
-        directories:
-          - path: apps/*
-  template:
-    metadata:
-      name: '{{ path.basename }}'
-      labels:
-        dev.stonegarden: application
-      finalizers:
-        - resources-finalizer.argocd.argoproj.io
-    spec:
-      project: applications
-      source:
-        repoURL: https://github.com/vehagn/homelab
-        targetRevision: HEAD
-        path: '{{ path }}'
-      destination:
-        name: in-cluster
-        namespace: argocd
-      syncPolicy:
-        automated:
-          selfHeal: true
-          prune: true

apps/delta/app-deltahouse.yaml

@@ -1,32 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: deltahouse
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-  labels:
-    dev.stonegarden: delta
-spec:
-  project: delta
-  source:
-    repoURL: https://github.com/vehagn/deltahouse-deployment
-    path: '.'
-    targetRevision: HEAD
-  destination:
-    namespace: delta
-    name: in-cluster
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: delta
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: delta-test

apps/delta/kustomization.yaml

@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-commonLabels:
-  dev.stonegarden: app-management
-  app.kubernetes.io/managed-by: argocd
-
-resources:
-  - project.yaml
-  - app-deltahouse.yaml

apps/delta/project.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: delta
-  namespace: argocd
-spec:
-  sourceNamespaces:
-    - '*'
-  sourceRepos:
-    - 'https://github.com/vehagn/*'
-  destinations:
-    - namespace: 'argocd'
-      server: '*'
-    - namespace: 'delta'
-      server: '*'
-    - namespace: 'delta-test'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

apps/media/application-set.yaml

@@ -1,38 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: media
-  namespace: argocd
-  labels:
-    dev.stonegarden: media
-spec:
-  generators:
-    - git:
-        repoURL: https://github.com/vehagn/homelab
-        revision: HEAD
-        directories:
-          - path: apps/media/*
-  template:
-    metadata:
-      name: '{{ path.basename }}'
-      labels:
-        dev.stonegarden: application
-      finalizers:
-        - resources-finalizer.argocd.argoproj.io
-    spec:
-      project: media
-      source:
-        plugin:
-          name: kustomize-build-with-helm
-        repoURL: https://github.com/vehagn/homelab
-        targetRevision: HEAD
-        path: '{{ path }}'
-      destination:
-        name: in-cluster
-        namespace: '{{ path.basename }}'
-      syncPolicy:
-        automated:
-          selfHeal: true
-          prune: true
-        syncOptions:
-          - CreateNamespace=true

apps/media/arr/auth-secret.yaml

@@ -1,18 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: traefik-forward-auth-secrets
-  namespace: arr
-spec:
-  encryptedData:
-    google-client-id: AgBTsGnax+ubxU061n6dIPuChyKUIbjal3N3gF0DdJRvU1THqIS7SUsjofxea6PXL7TbrH6QkToowEAawASI1//zsvawWo6QTf1SzRdo2CCPbpWgMCnL0jn+dn3cTcbI1vt8lOQMUq3CEV/b8GWOFVWCbXXQ6nuD1Vo+MIZo2TMlBblYu34dlCei/XYf/eIpTmVctw5G6gu494KO/a/FUx4ex+5a5oTLI0Y82U1f6wyJ61yPUeddJHztI5gWlrgGI46f8i4wff1DaAvwGwO/fInxZdx1zPL9Udx+8IKHfh94zbQnBpk806cgIhh0BpFeEMb7W7IgoWHndMeDqQQqeg9i8wxh8ED5qvjNtjBI6D4H3bGa4FM2l7DXOc13r68h7kpjj33ZRRmvnabmL7S2/Bifx+x0A5iSVUgWXp72j34u8Bm/1BbBUEbWUYcAOxm37tLVgKX1phsP1epolMO93MKuNv4AY34uPHiwsCz/vUCzp03b2N9Mb+mjnclCrVLDEMoBkF/AJtB574i3pKgDZGCfGnFfD1g6T3p3c2yz8yXhRhV0hlsKaeqoENiy2jW84jLYrK+hjJdU1qW6xFGfAdTt3HFlwqb3HFSPD7q+L9axmnd59v1/jlQKA7eynDp8Mgp+xdmyNaZJ6nxD+Qh9XWtH+2vRzJh6zzxbnN/Sfqyq/GVXU5Ouf+bDIgztodY+L32HxCxdHyTePjDatBFqR8hU3StNHnaShFdWR43CYlvW9ncpmpntuEd7gQIv4zQGggoxBxcy6NE67q9Ybl+SAygj0Op9ZPlCiYw=
-    google-client-secret: AgA8aFNep5CkFzh6new1bg7qI3R4HYpgBAre0iS1J+w63fspi4Rd2AOkoiXrEz8P2kuzMDneIAQb2YdrOGOFU8EzguS6dkd+/pex+2RU0gOw7/58rTDvqKjaK/m/WxdQoWA0BreOerSXZefL0PkJtF5g2q7hHcSG8bIyHnizba6u2719JYuUzO7VnT1SBJdkkEoGpb7NaxfpmMnRGBlrxcKrMBLCjhhweVjFgw9nhaUVmbGupikabq3mCKNDeYePRnv6YMTQ9pDhStoT/1CEEQJ+9rPQRHOa+sTsIPeb0MxdQ5X5argspCLvnT8fkN1KHtwQI+stgT2ePgm/eKotEAYngWRMu3AbkgqCtNlkRfhbMpvq50IpuixYkwfHkGTz06RmOLQUkLJdQGzDRnSoyzKChvwLm1HriNDbvfVey8YlbQdrXeAL5muUXAodced1FQWHZFJLR3kvRY3owsBpO4BXkRJ5ZjLJMILakcE3EBV+O/PQqJmuMNvVCo5UNelqFHlloecf9r87bUVO/MffZhJ53S92FLGSIKHtQLVf0+7skbA4U6SyQV+GeH5wM1ozQ8K9P1Aw37aPgQjowmsa4DVdS9YWuSLaJectYrYOCdoCoMkCUbYHoJ3J3dne+EcxUEFSAMSChBrHHuaIjKFdnHMmCvBMIl5hhX6Y2Xy5dBG+omXW3ii6RoIWCEsSQZk9Q3KVULoBOZOoeT+/Czm+KoN9uvohOkNytegz0Lc+9+y4XbRqrw==
-    secret: AgBJZpCeCkfsD3B+3tUmcr8SOuDE2WdaOM7CJxCauXne5+0Hif31d0/0BJ53r28KE+RSTEZ6PuzAKFsmPKPzGQhBV9zEFUxbnPFh9NoevzYed1l2aT1ciWvUWt5AhukLVA5c7VqoqQ6LyPhGVeEHurG1txrdQiYviX06tGjO8RxNM5/mZHubZ5ovdnaGNN3FW6QkJFbg6eNKDPthKT9QDrkBSVtGjRWUBpS92ET15/D3XTTb4Di+3rlCHJr2wSw6w07Kbe5haGbnBdjxBbhGcwKL2FLNeLBqj8N455t+5UmDrO6HDyJupoyaFXYKpdFkD9dp+lhOgz2FDz9leL21JQVizSsp6hIOXJgKgoiJNeH+vTurW5sos2Xz+kVf6e0fSp9yAW0MNls4ARmavNkqx7kGytWH16jclm39ftyyZDfMcQN77Lkz++C3eLxP+3PLA1/iulqmRABU5SDQH90VWiNfxlkhn97sKqdVvGDcZfuccBghJvuEnixy1ewVYksPARF5Fot5SrUKSJaXvnIRIRQW7/nDqXM37STxsqyyECZkVtBQXQ+kMGepy1VNqwYU66pCtKl/GSF+zkwVDWmXjACZTcbAEW3/j5VkjnNmIEeHstd0wTLwrI2iHA74Wk5jm5AY/oAlFv5p7Pq1YLQdgwU1iLvJsC2gEoO3ZPizfy/f2AarNvxnSwAalg+hMwclYndN8EdPrmSpqAGV2qc=
-  template:
-    metadata:
-      annotations:
-        sealedsecrets.bitnami.com/managed: "true"
-      name: traefik-forward-auth-secrets
-      namespace: arr
-    type: Opaque
-

apps/media/arr/common-values.yaml

@@ -1,33 +0,0 @@
-namespace: arr
-env:
-  - name: PUID
-    valueFrom:
-      configMapKeyRef:
-        name: common-env
-        key: PUID
-  - name: PGID
-    valueFrom:
-      configMapKeyRef:
-        name: common-env
-        key: PGID
-  - name: UMASK
-    valueFrom:
-      configMapKeyRef:
-        name: common-env
-        key: UMASK
-  - name: TZ
-    valueFrom:
-      configMapKeyRef:
-        name: common-env
-        key: TZ
-additionalVolumes:
-  - name: data
-    mountPath: /app/data
-    value:
-      hostPath:
-        path: /disk/data
-additionalLabels:
-  app.kubernetes.io/part-of: arr
-auth:
-  enabled: true
-  create: false

apps/media/arr/kustomization.yaml

@@ -1,108 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: arr
-commonLabels:
-  app.kubernetes.io/part-of: arr
-  app.kubernetes.io/managed-by: argocd
-
-#resources:
-#  - auth-secret.yaml
-#
-#configMapGenerator:
-#  - name: common-env
-#    literals:
-#      - PUID="1000"
-#      - PGID="1000"
-#      - UMASK="002"
-#      - TZ="Europe/Oslo"
-#
-#helmGlobals:
-#  chartHome: ../../../charts
-#
-#helmCharts:
-#  - name: application
-#    releaseName: auth
-#    valuesFile: common-values.yaml
-#    valuesInline:
-#      name: auth
-#      namespace: arr
-#      authOnly: true
-#      auth:
-#        cookieDomain: stonegarden.dev
-#        whitelist:
-#          - veghag@gmail.com
-#  - name: application
-#    releaseName: lidarr
-#    valuesFile: common-values.yaml
-#    valuesInline:
-#      name: lidarr
-#      image:
-#        name: lscr.io/linuxserver/lidarr
-#      hostVolumes:
-#        - name: lidarr-config
-#          hostPath: /disk/etc/lidarr
-#          mountPath: /config
-#      service:
-#        containerPort: 8686
-#  - name: application
-#    releaseName: prowlarr
-#    valuesFile: common-values.yaml
-#    valuesInline:
-#      name: prowlarr
-#      image:
-#        name: lscr.io/linuxserver/prowlarr
-#      hostVolumes:
-#        - name: prowlarr-config
-#          hostPath: /disk/etc/prowlarr
-#          mountPath: /config
-#      additionalVolumes: []
-#      service:
-#        containerPort: 9696
-#  - name: application
-#    releaseName: radarr
-#    valuesFile: common-values.yaml
-#    valuesInline:
-#      name: radarr
-#      image:
-#        name: lscr.io/linuxserver/radarr
-#      hostVolumes:
-#        - name: radarr-config
-#          hostPath: /disk/etc/radarr
-#          mountPath: /config
-#      service:
-#        containerPort: 7878
-#  - name: application
-#    releaseName: sonarr
-#    valuesFile: common-values.yaml
-#    valuesInline:
-#      name: sonarr
-#      image:
-#        name: lscr.io/linuxserver/sonarr
-#      hostVolumes:
-#        - name: sonarr-config
-#          hostPath: /disk/etc/sonarr
-#          mountPath: /config
-#      service:
-#        containerPort: 8989
-#  - name: application
-#    releaseName: torrent
-#    valuesFile: common-values.yaml
-#    valuesInline:
-#      name: torrent
-#      image:
-#        name: ghcr.io/hotio/qbittorrent
-#        tag: release-4.6.2
-#      hostVolumes:
-#        - name: torrent-config
-#          hostPath: /disk/etc/qbittorrent
-#          mountPath: /config
-#      service:
-#        type: LoadBalancer
-#        containerPort: 8080
-#        additionalPorts:
-#          - name: tcp
-#            protocol: TCP
-#            containerPort: 11011
-#          - name: udp
-#            protocol: UDP
-#            containerPort: 11011

apps/media/jellyfin/deployment.yaml

@@ -1,47 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: jellyfin
-  name: jellyfin
-  namespace: jellyfin
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: jellyfin
-  template:
-    metadata:
-      labels:
-        app: jellyfin
-    spec:
-      containers:
-        - name: jellyfin
-          image: lscr.io/linuxserver/jellyfin:latest
-          imagePullPolicy: Always
-          envFrom:
-            - configMapRef:
-                name: jellyfin-env
-          ports:
-            - name: http
-              containerPort: 8096
-          resources:
-            requests:
-              cpu: 2000m
-              memory: 6Gi
-            limits:
-              cpu: 10000m
-              memory: 12Gi
-#              nvidia.com/gpu: "1"
-          volumeMounts:
-            - name: config
-              mountPath: /config
-            - name: media
-              mountPath: /media
-      volumes:
-        - name: config
-          persistentVolumeClaim:
-            claimName: jellyfin-config-pvc
-        - name: media
-          persistentVolumeClaim:
-            claimName: jellyfin-media-pvc

apps/media/jellyfin/euclid-jellyfin.yaml

@@ -1,45 +0,0 @@
-apiVersion: discovery.k8s.io/v1
-kind: EndpointSlice
-metadata:
-  name: euclid-jellyfin
-  namespace: jellyfin
-  labels:
-    kubernetes.io/service-name: euclid-jellyfin
-    endpointslice.kubernetes.io/managed-by: cluster-admins
-addressType: IPv4
-ports:
-  - name: http
-    protocol: TCP
-    port: 8096
-endpoints:
-  - addresses:
-      - 192.168.1.228
-    conditions:  # https://github.com/argoproj/argo-cd/issues/15554
-      ready: true
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: euclid-jellyfin
-  namespace: jellyfin
-spec:
-  ports:
-    - name: http
-      protocol: TCP
-      port: 80
-      targetPort: 8096
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: euclid-jellyfin
-  namespace: jellyfin
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`jf-euclid.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: euclid-jellyfin
-          port: 80

apps/media/jellyfin/http-route.yaml

@@ -1,18 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: jellyfin
-spec:
-  parentRefs:
-    - name: stonegarden
-      namespace: gateway
-  hostnames:
-    - "jellyfin.stonegarden.dev"
-  rules:
-    - matches:
-        - path:
-            type: PathPrefix
-            value: /
-      backendRefs:
-        - name: jellyfin
-          port: 8096

apps/media/jellyfin/ingress-route.yaml

@@ -1,14 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: jellyfin
-  namespace: jellyfin
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`jellyfin.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: jellyfin
-          port: 8096

apps/media/jellyfin/kustomization.yaml

@@ -1,24 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: jellyfin
-commonLabels:
-  app: jellyfin
-
-configMapGenerator:
-  - name: jellyfin-env
-    literals:
-      - PUID="1000"
-      - PGID="1000"
-      - UMASK="002"
-      - TZ="Europe/Oslo"
-
-resources:
-  - pv-jellyfin-config.yaml
-  - pvc-jellyfin-config.yaml
-  - pv-jellyfin-media.yaml
-  - pvc-jellyfin-media.yaml
-  - service.yaml
-  - deployment.yaml
-  - http-route.yaml
-  - euclid-jellyfin.yaml
-#  - ingress-route.yaml

apps/media/jellyfin/pv-jellyfin-config.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: jellyfin-config-pv
-spec:
-  capacity:
-    storage: 64Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: jellyfin-config-sc
-  local:
-    path: /disk/etc/jellyfin
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: kubernetes.io/hostname
-              operator: In
-              values:
-                - gauss

apps/media/jellyfin/pv-jellyfin-media.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: jellyfin-media-pv
-spec:
-  capacity:
-    storage: 12Ti
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: jellyfin-media-sc
-  local:
-    path: /disk/data/media
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: kubernetes.io/hostname
-              operator: In
-              values:
-                - gauss

apps/media/jellyfin/pvc-jellyfin-config.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellyfin-config-pvc
-  namespace: jellyfin
-spec:
-  storageClassName: jellyfin-config-sc
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 64Gi

apps/media/jellyfin/pvc-jellyfin-media.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellyfin-media-pvc
-  namespace: jellyfin
-spec:
-  storageClassName: jellyfin-media-sc
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 12Ti

apps/media/jellyfin/service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: jellyfin
-  namespace: jellyfin
-spec:
-  selector:
-    app: jellyfin
-  ports:
-    - name: web
-      port: 8096

apps/media/plex/deployment.yaml

@@ -1,41 +0,0 @@
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: plex
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: plex
-  template:
-    spec:
-      containers:
-        - name: plex
-          image: lscr.io/linuxserver/plex
-          imagePullPolicy: Always
-          resources:
-            requests:
-              cpu: 2000m
-              memory: 6Gi
-            limits:
-              cpu: 10000m
-              memory: 12Gi
-#              nvidia.com/gpu: "1"
-          envFrom:
-            - configMapRef:
-                name: plex-env
-          ports:
-            - name: http
-              containerPort: 32400
-          volumeMounts:
-            - name: config
-              mountPath: /config
-            - name: media
-              mountPath: /app/data
-      volumes:
-        - name: config
-          persistentVolumeClaim:
-            claimName: plex-config-pvc
-        - name: media
-          persistentVolumeClaim:
-            claimName: plex-media-pvc

apps/media/plex/http-route.yaml

@@ -1,18 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: plex-http-route
-spec:
-  parentRefs:
-    - name: stonegarden
-      namespace: gateway
-  hostnames:
-    - "plex.stonegarden.dev"
-  rules:
-    - matches:
-        - path:
-            type: PathPrefix
-            value: /
-      backendRefs:
-        - name: plex
-          port: 80

apps/media/plex/ingress.yaml

@@ -1,13 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: ingressroute-plex
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`plex.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: plex
-          port: 80

apps/media/plex/kustomization.yaml

@@ -1,23 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: plex
-commonLabels:
-  app: plex
-
-configMapGenerator:
-  - name: plex-env
-    literals:
-      - PUID="1000"
-      - PGID="1000"
-      - UMASK="002"
-      - TZ="Europe/Oslo"
-
-resources:
-  - pv-plex-config.yaml
-  - pvc-plex-config.yaml
-  - pv-plex-media.yaml
-  - pvc-plex-media.yaml
-  - service.yaml
-  - deployment.yaml
-  - ingress.yaml
-#  - http-route.yaml

apps/media/plex/pv-plex-config.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: plex-config-pv
-spec:
-  capacity:
-    storage: 64Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: plex-config-sc
-  local:
-    path: /disk/etc/plex
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: kubernetes.io/hostname
-              operator: In
-              values:
-                - gauss

apps/media/plex/pv-plex-media.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: plex-media-pv
-spec:
-  capacity:
-    storage: 12Ti
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: plex-media-sc
-  local:
-    path: /disk/data
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: kubernetes.io/hostname
-              operator: In
-              values:
-                - gauss

apps/media/plex/pvc-plex-config.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: plex-config-pvc
-  namespace: plex
-spec:
-  storageClassName: plex-config-sc
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 64Gi

apps/media/plex/pvc-plex-media.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: plex-media-pvc
-  namespace: plex
-spec:
-  storageClassName: plex-media-sc
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 12Ti

apps/media/plex/service.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: plex
-  annotations:
-    io.cilium/lb-ipam-ips: 192.168.1.132
-spec:
-  selector:
-    app: plex
-  type: LoadBalancer
-  ports:
-    - name: http
-      port: 80
-      targetPort: 32400
-    - name: direct
-      port: 32400
-      targetPort: 32400

apps/media/project.yaml

@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: media
-  namespace: argocd
-spec:
-  sourceNamespaces:
-    - '*'
-  sourceRepos:
-    - 'https://github.com/vehagn/*'
-  destinations:
-    - namespace: 'argocd'
-      server: '*'
-    - namespace: 'arr'
-      server: '*'
-    - namespace: 'jellyfin'
-      server: '*'
-    - namespace: 'plex'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

apps/project.yaml

@@ -1,16 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: applications
-  namespace: argocd
-spec:
-  sourceNamespaces:
-    - '*'
-  sourceRepos:
-    - 'https://github.com/vehagn/*'
-  destinations:
-    - namespace: 'argocd'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

apps/public/application-set.yaml

@@ -1,38 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: public
-  namespace: argocd
-  labels:
-    dev.stonegarden: application
-spec:
-  generators:
-    - git:
-        repoURL: https://github.com/vehagn/homelab
-        revision: HEAD
-        directories:
-          - path: apps/public/*
-  template:
-    metadata:
-      name: '{{ path.basename }}'
-      labels:
-        dev.stonegarden: public
-      finalizers:
-        - resources-finalizer.argocd.argoproj.io
-    spec:
-      project: public
-      source:
-        plugin:
-          name: kustomize-build-with-helm
-        repoURL: https://github.com/vehagn/homelab
-        targetRevision: HEAD
-        path: '{{ path }}'
-      destination:
-        name: in-cluster
-        namespace: '{{ path.basename }}'
-      syncPolicy:
-        automated:
-          selfHeal: true
-          prune: true
-        syncOptions:
-          - CreateNamespace=true

apps/public/blog/http-route.yaml

@@ -1,19 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: blog
-  namespace: blog
-spec:
-  parentRefs:
-    - name: stonegarden
-      namespace: gateway
-  hostnames:
-    - "blog.stonegarden.dev"
-  rules:
-    - matches:
-        - path:
-            type: PathPrefix
-            value: /
-      backendRefs:
-        - name: blog
-          port: 80

apps/public/blog/kustomization.yaml

@@ -1,17 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: blog
-commonLabels:
-  app.kubernetes.io/managed-by: argocd
-
-resources:
-  - remark42
-  - http-route.yaml
-
-helmGlobals:
-  chartHome: ../../../charts
-
-helmCharts:
-  - name: application
-    releaseName: blog
-    valuesFile: values.yaml

apps/public/blog/remark42/config/env-remark42

@@ -1,3 +0,0 @@
-TIME_ZONE=Europe/Oslo
-REMARK_URL=https://remark42.stonegarden.dev
-SITE=stonegarden.dev

apps/public/blog/remark42/deployment.yaml

@@ -1,53 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: remark42
-  namespace: blog
-  labels:
-    app: remark42
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: remark42
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      namespace: remark42
-      labels:
-        app: remark42
-    spec:
-      containers:
-        - name: remark42
-          image: umputun/remark42:v1.12.1
-          ports:
-            - name: http
-              containerPort: 8080
-          envFrom:
-            - secretRef:
-                name: remark42-secret
-            - secretRef:
-                name: remark42-github
-            - secretRef:
-                name: remark42-google
-            - configMapRef:
-                name: remark42-env
-          volumeMounts:
-            - name: remark42
-              mountPath: /srv/var
-          securityContext:
-            readOnlyRootFilesystem: false
-          resources:
-            requests:
-              cpu: 100m
-              memory: 25Mi
-            limits:
-              cpu: 500m
-              memory: 256Mi
-      securityContext: {}
-      volumes:
-        - name: remark42
-          persistentVolumeClaim:
-            claimName: remark42
-      

apps/public/blog/remark42/ingress-route.yaml

@@ -1,14 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: remark42
-  namespace: blog
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`remark42.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: remark42
-          port: 80

apps/public/blog/remark42/kustomization.yaml

@@ -1,21 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-commonLabels:
-  app.kubernetes.io/managed-by: argocd
-
-configMapGenerator:
-  - name: remark42-env
-    envs:
-      - config/env-remark42
-
-resources:
-  - deployment.yaml
-  - http-route.yaml
-  - pv.yaml
-  - pvc.yaml
-  - secret-github.yaml
-  - secret-google.yaml
-  - secret-remark42.yaml
-  - service.yaml
-  - ingress-route.yaml

apps/public/blog/remark42/pv.yaml

@@ -1,24 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: remark42
-  labels:
-    app: remark42
-spec:
-  capacity:
-    storage: 512Mi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: remark42-storage
-  local:
-    path: /disk/etc/blog/remark42
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-        - matchExpressions:
-            - key: kubernetes.io/hostname
-              operator: In
-              values:
-                - gauss

apps/public/blog/remark42/pvc.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: remark42
-  namespace: blog
-  labels:
-    app: remark42
-spec:
-  storageClassName: remark42-storage
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 512Mi

apps/public/blog/remark42/secret-github.yaml

@@ -1,15 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: remark42-github
-  namespace: blog
-spec:
-  template:
-    metadata:
-      name: remark42-github
-      namespace: blog
-    type: Opaque
-  encryptedData:
-    AUTH_GITHUB_CID: AgBGyofz/RnFBApbUgPWwjFVqMp8MDrawEcxn2JUkNx625Tc4TPyVDE178SXs8fAHJ86R8RRuugRZnhDmN9h3Hr58mZe6oLuNQNJ0akh0fh16cAVzDLtsIL9bvD17kiAk6JUC7nkiQWWjAse/7VdpX8lD8yGfDT8Oub8rV5VBKs2mapAbNbom5X3m6bGnL+sT1ABC+W5d7IjdnNTAp6UlVxOjzXgIcgOI7SVcgJaf+8fe6YgM7NUeb90bi7HHYCSrXODOjFM+kXTdAxLYn0PlqqDgQQy3m1V3H8X0baw4RIfwBNkTbmu8jxizKofbKymqRqeQ3ag5X+RlBxRs4uBoUFgV8qDtBeHQI2sGNRSqR1F5cj2YltrcNsNdjlInaSlYm3MVjSYK/sMElO6dRny7cJzZIxzb+dmrCgL+B4sXC54Cs409YLFmSM1kMzQfs/Xi6TFZBUvjVQYDcOQt5vsjvJARtEN5EY8Z084PQXfLtHIj/Mj4vTZIC4JpqtPlpwY4+bKFXIIgqEqsR+8n0GT497GM4I6m522ghIDt+u6aZrlRqfATep+Nt257oopF9dN9gHLf1pvJtpTk9U5hvOIjPrPr97U/P8XDAs87dM7UYCwmsV9Dhxec09CdnTa6G7c2Z38D5OrEO+qRn+dLRqLgiQRvqWUsWvl2FndlUAL7TYhDgh8N1uvHzffkSzpU3RHY2Xcb//VMlY1WVhq7Yw0W/qNiZVoyA==
-    AUTH_GITHUB_CSEC: AgCnADuhmn+omIFEQKbUWjrFqNBvjKqN/VaApcPriq6Q2jP0ZlYTSKc1kZhkdq2ru0WjwU3D9R4vgeLaA4JaxVICBefOLtAFsTVkr/U1rBuWBtlrzOL+KKk4JAuw0tRWwff/Y5fXhZ19LBGgrRLAJkaoijQ036ihLy6etTyxAoPm7ibZoEHr78TA/UicVZGtDBMhUg61UTRIYYdwbN9Mjqsg76gZFLQP9R/k2OgEIjwroStE+ERtt5tUloy3VkGcAglQ6+oGO2hrNEuuF+w8+oGRAAYyx9TkfXBn9sOso0gAikXFzr7q5nKK7698TvGk2+ytZUgysUNlRQl8Zyx23naWrbyfamgYnzAji3njUuGGYIA48bh7SeGMU8vxofb2ZLMbccwJ9Lp7p/t1L1Bf2YzNMEp7lVp66F/uU0j5Qh95WKgSp/0NF0b2iIXF5trZplSanMg1BJ4gU06zRsschDdhhrtt/e0V7MuKv8H5NnS2j6dcuQTr/ojJaVkHdNa/h8ev5SqZFoZBSB0eLgipsy9MJ48j0iLoCz0n54MQHR7wdaxPcaDkZJW3ZQYPojsunZI+3AgfZ5NZ+VEauxl1X7kjB1bHYntnb0s8+MWoqxVY/yd8X2BSazW6zIvLEn+rt5pvQDFnFnUG8YKg8Pf6lPMrhMkLNEe1Xatubm7UySo4eNA3FlIjjAsJqYKYdpLmUD8TFaodMbgp1hi5oiRk8Aqh61TZqp5FD/WVLacKOgvImMzxAbElCK2t
-

apps/public/blog/remark42/secret-google.yaml

@@ -1,14 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: remark42-google
-  namespace: blog
-spec:
-  template:
-    metadata:
-      name: remark42-google
-      namespace: blog
-    type: Opaque
-  encryptedData:
-    AUTH_GOOGLE_CID: AgBfum5+D9fP0g3dcoytnKRQf9eXMT9uUV997opD7QfxH68juE52Z5D1Q9oFWAm9/avQ8I6tql14gJwILeRJNW476gv4G4f0irBvL9RRq5Wwr/Val0SKZSJ+Bkx/QeRPNywVuIAFUL3syL+rsEAo1qVHi7Bb9Fp0hmnY52OIr68geg/m2Vx1nZ5IF03LSKc5Xlu0LDzBCa7ePFm1pkPIBTwX9bJQuu6ccJuV3ZdMjlhVbV6zcfYAWJOQkLB6TFTaEScCr7PQbqx3YqqcbXI6FNnKfjvd2FCMufONJFN6Oy2+vvordvXO5Pqu7Gped5otTmvJKc2Q7ZitNgw9t+qkVV7JpTT8PtJyg3uss9PgdoksSIEYs0xyb2YChm23tID1E+qvmSitMCJx6TAR/6Bgj7Jhc7ZBJEp9mpLr7o5PGuCqrBToTGNgO8gcz0bmZlv4CNymEXSCgd+nFma/INaKwUkD+LQo5gbXrz6zzn8vUfjlzSIzCuEN7YKBbBFjguVKZmTa/+TuTwc5qWOOFvKoFQOPTn7XedJykkmfzDdQf+f/pytN4KAhOS8mtvA9Ufh52QPluF2gAPFXVe6jmaJ/uywQ5b9RHcHcXl74gn09Bi2Z4sArUB4cW84a0Pvn5q6bgCKyHDNMNp2SNWmzQ66oNWbz+L5UemMfNfagFn6JdBXBE7FDox5kfGzM4xPmbuaDsmALaVpBbwy46qa3vVNTSNOkJ7MpavJvTKgLPWk6AWkUvDOTVgJItQqXK5gdPcJnivVHVr8CF4b5BNqs72KWelpPnwLBgcztMhY=
-    AUTH_GOOGLE_CSEC: AgADfQNXSwFNW06QIIeMIcmn0lbTVM4hekWKae9AxeJtcNI4lCcvyibCYLh+Wzv5jCOJexSFI32w9y5rgzKdEBpGiz2u4XZP+Kq7bWsVA5rYYZYX4lhJYPoUVSvOMWWWmD/8ww09ZuOhbyPtUJoTIWkKbsxEvVBfgqw3qEyDYR6mb3ITLs5AaOFTtrRP0A7tDDv6C794fljmtL0B8nwcztPJY74wMWg763Q+AB1t27N1wiWZWOwWhfTvLbm0jrJg3JqMI6Dp+0sINVtmdmTFoQI7gRe2Zar4/2Z+yQJTn8X/Yuq+3aKVOs5FoGbQRNsDnakftLmRUVGjIFXsVnjbZ0CTy2L2+YhfwVp7SVQk/PlOLIfaC7newMCpKLc5dpRbnY4WAVFWmYLdgzn3XsUgDFR8IQNhDTEcZsGzOaqR1X/L4vRuR7SLF0N2TBwHt8kTBvFATlLP2LYgcZ5MjBX3ol/sywQRp4pdkKSyGxt/YYOfqIOuIxNakLcDwLSM0e+PgYKrwQJw19nwBANfxyXcy5+FvkYilT0tnUMXPNgr5UasBqTyU2SdLvewJQud7vA5raaPfpGQi8E+voRJwQwuu+B06u0yg9nnkbGNFQwTB+4ZWgNWTL+xejWK/zkJ2pBLXlHO8iJxx9hYZcY7s/wsZeazbqeN3Xct86uISYEfHYzjs3Ye0nSEsEMyll7llbFkINUpDO+5hKsELpzo3AKZNs/rkK7t8Y8qlBI8GgPsynlpKGjfjA==

apps/public/blog/remark42/secret-remark42.yaml

@@ -1,15 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: remark42-secret
-  namespace: blog
-spec:
-  template:
-    metadata:
-      name: remark42-secret
-      namespace: blog
-    type: Opaque
-  encryptedData:
-    ADMIN_SHARED_ID: AgAyuD99CFgz3xy04N1g6GU5W3eJA051OaIQarjHwL553l9xrf2o3JG7hBbP6BAvZ9qqKwtfCUawvvSA2Ey/YGLn8KODsjYvvDS/r0tmulObxK9nYKI5KWdOHIGr8LCm3PROJWdvECBnkr+uzYJWpdVo4oqGvkz8gPsX8fJJ3i/GpQEgqMR8wzEH1kGyM/JjDqS9du6ysU/sVVVJxp69Dx2sA5gHMziDarEp3v5bFFgLCRQ++1FAxVEnn7CCPnAYwHz2yiTZ0CnOb2dB0KM4wzq6WgCijG/Le0BudH5pwe7jNctuIIjgX03Yq6xlitxYCIn5khMCBXQQiD1z3ZwPWdVbdrKbZ6ZgKVITYZup3O/g7vP7jB9VaLGUL/L4KCV65Z4aMDL58w65YMETU31MJSw1CJQwwZ9Naaad/hbedjQzkO7wRNHf/gCa1x2D8z1VjeCzVstmCmC2+EqZl7j6jYRQ5c/gE778ZMBJJQ/RxyEBVv26wzdnkQJeULQw0Tr7bzGF8rPrqUoe3vWXFlLggp9zXqIzv53DrJgpQqWFwni4UGpoBn/zcyic4ryvFCNATQSsi0LXN//3ce3EU6RF1ozp7l3mBmJUBCCcNIGpyEI/HqIUv9fZpGauXW3hYggzaP3p7XQyyWxe/aNbC8sTFG8JfdbzsSbmgqJT/d3No8r7jmRKxXVL45xlQU0PXDiwOZhVObO2fXxbnzZsJxPrjq3vPsFJH8uDwj7J/KedwrOHTvRBMUqcIxXjhsn/0rHmUj9xR4aEkqDpk80TV/2Bj2IwcfPsg0Ih1mhfdF2gFF3VF5/YbNk5mxboe4BUUXYilw==
-    SECRET: AgBzdv+yZb3CKbRCfG/Ju3E/VoAGMxQ+IPCjEDjENhxp2OOPm2H6Ua02M9KWFALbtT+py5gIat6oxVb3EcbdbEDWxx2XNolpA25Ab4mZzvmM92FXd1tSNAw1pj00Kq0ftF5Rwd91Cynlqi4nAc5kA4WlhgtSNEcoZpCpye5lc4JW7+SMg3NzrQFgzjGdwTQlw2zdQgKNROTloLb/xaJi/m0PahLtpDgejwMAi0zoBU4ydE8zbOXcC0lvb3N2cFYjk7pCIiVES5SJnWKaYSxUcaZhT5L4ulv8HyjHhhmI5Zgb0sweGjuANwuI1kDPlUhu60mZL6j7upr+TPiayDH4tZ7eXjnqJ3AF4HeBJJruN9NGB6Tmg18qgYp26rwYwfgnVUXFMZuJWrQHDoNJIRno1Jkq1n/843BigMIFU92afQEvLxvCREqjQ2k388MYimQQj/x+M1BUQXOk6fhTSf+QYDm5eRiSCiUw93X4QVHEutNcRSfmTFq5XqEvmd8+VWhmuU4Ua7bPUiM+19ELrBWeW8pWo4DhG2O+zWmx1vKmNRCwA8/F3JHya8KdL9QlrgpSkwK5v6tNT+wz6ZjRX+8dZuE73b7YOqA8SAw2UfLGyCc0IXT/3KhFlriqFrtbTknC0EH0yPOd+YBj17y8MydkSRCUIDJJDmItRa0md4wRErlsV1oL+lFdhgoFsjTU7QpZBC7lT/iPlgJjUdABmTQ1ezEY01ldgKiA7yi33ebnVgnpbxsLfGs5GAdj
-

apps/public/blog/remark42/service.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: remark42
-  namespace: blog
-spec:
-  selector:
-    app: remark42
-  ports:
-    - name: http
-      protocol: TCP
-      port: 80
-      targetPort: http

apps/public/blog/values.yaml

@@ -1,14 +0,0 @@
-name: blog
-image:
-  name: registry.gitlab.com/vehagn/blog
-env:
-  - name: SERVER_LOG_LEVEL
-    value: warn
-  - name: TZ
-    value: Europe/Oslo
-service:
-  containerPort: 80
-ingressRoute:
-  create: false
-auth:
-  enabled: false

apps/public/project.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: public
-  namespace: argocd
-spec:
-  sourceNamespaces:
-    - '*'
-  sourceRepos:
-    - 'https://github.com/vehagn/*'
-  destinations:
-    - namespace: 'argocd'
-      server: '*'
-    - namespace: 'blog'
-      server: '*'
-    - namespace: 'stonegarden'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

apps/public/stonegarden/deployment.yaml

@@ -1,19 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: stonegarden
-  namespace: stonegarden
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: stonegarden
-  template:
-    spec:
-      containers:
-        - name: stonegarden
-          image: registry.gitlab.com/vehagn/stonegarden:latest
-          imagePullPolicy: Always
-          ports:
-            - name: web
-              containerPort: 3000

apps/public/stonegarden/ingress-route.yaml

@@ -1,14 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: stonegarden
-  namespace: stonegarden
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: stonegarden
-          port: 3000

apps/public/stonegarden/kustomization.yaml

@@ -1,12 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-commonLabels:
-  app: stonegarden
-
-resources:
-  - ns.yaml
-  - service.yaml
-  - deployment.yaml
-  - http-route.yaml
-#  - ingress-route.yaml

apps/public/stonegarden/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: stonegarden
-  namespace: stonegarden
-spec:
-  type: ClusterIP
-  ports:
-    - name: web
-      port: 3000
-  selector:
-    app: stonegarden

apps/test/application-set.yaml

@@ -1,38 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: test
-  namespace: argocd
-  labels:
-    dev.stonegarden: test
-spec:
-  generators:
-    - git:
-        repoURL: https://github.com/vehagn/homelab
-        revision: HEAD
-        directories:
-          - path: apps/test/*
-  template:
-    metadata:
-      name: '{{ path.basename }}'
-      labels:
-        dev.stonegarden: test
-      finalizers:
-        - resources-finalizer.argocd.argoproj.io
-    spec:
-      project: test
-      source:
-        plugin:
-          name: kustomize-build-with-helm
-        repoURL: https://github.com/vehagn/homelab
-        targetRevision: HEAD
-        path: '{{ path }}'
-      destination:
-        name: in-cluster
-        namespace: '{{ path.basename }}'
-      syncPolicy:
-        automated:
-          selfHeal: false
-          prune: true
-        syncOptions:
-          - CreateNamespace=true

apps/test/cuda-test/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-commonLabels:
-  app.kubernetes.io/managed-by: argocd
-
-resources:
-  - pod.yaml

apps/test/cuda-test/pod.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: cuda-vectoradd
-  namespace: cuda-test
-spec:
-  restartPolicy: Never #OnFailure
-  containers:
-    - name: cuda-vectoradd
-      image: "nvcr.io/nvidia/k8s/cuda-sample:vectoradd-cuda11.7.1-ubuntu20.04"
-#      resources:
-#        limits:
-#          nvidia.com/gpu: "1"

apps/test/kustomization.yaml

@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-commonLabels:
-  dev.stonegarden: app-management
-  app.kubernetes.io/managed-by: argocd
-
-resources:
-  - project.yaml
-  - application-set.yaml

apps/test/project.yaml

@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: test
-  namespace: argocd
-spec:
-  sourceNamespaces:
-    - '*'
-  sourceRepos:
-    - 'https://github.com/vehagn/*'
-  destinations:
-    - namespace: 'argocd'
-      server: '*'
-    - namespace: 'cuda-test'
-      server: '*'
-    - namespace: 'whoami'
-      server: '*'
-    - namespace: 'test-apps'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

apps/test/test-apps/app1.yaml

@@ -1,27 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: app1
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: test
-  source:
-    repoURL: https://github.com/vehagn/homelab
-    path: charts/application
-    helm:
-      values: |-
-        name: app1
-        replicas: 3
-      valueFiles:
-        - ../../apps/test/test-apps/common-values.yaml
-  destination:
-    namespace: test-apps
-    name: in-cluster
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-    syncOptions:
-      - CreateNamespace=true

apps/test/test-apps/app2.yaml

@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: app2
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: test
-  sources:
-    - repoURL: https://github.com/vehagn/homelab
-      path: charts/application
-      helm:
-        parameters:
-          - name: name
-            value: app2
-        valueFiles:
-          - $values/apps/test/test-apps/common-values.yaml
-    - repoURL: https://github.com/vehagn/homelab
-      ref: values
-  destination:
-    namespace: test-apps
-    name: in-cluster
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-    syncOptions:
-      - CreateNamespace=true

apps/test/test-apps/app3.yaml

@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: app3
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: test
-  sources:
-    - repoURL: https://github.com/vehagn/homelab
-      path: charts/application
-      helm:
-        parameters:
-          - name: name
-            value: app3
-        valueFiles:
-          - $values/apps/test/test-apps/common-values.yaml
-    - repoURL: https://github.com/vehagn/homelab
-      ref: values
-  destination:
-    namespace: test-apps
-    name: in-cluster
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-    syncOptions:
-      - CreateNamespace=true

apps/test/test-apps/auth-secret.yaml

@@ -1,15 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: traefik-forward-auth-secrets
-  namespace: test-apps
-spec:
-  template:
-    metadata:
-      name: traefik-forward-auth-secrets
-      namespace: test-apps
-    type: Opaque
-  encryptedData:
-    google-client-id: AgCLNh+hqwvz7fXIJkhRRU1xAWcctnYH4NNTSEiFe4P1waIp8/rp06XUw3dBzazX37bkBuObJHf3RfgIg4J0NQjjuh0kZ35LOxdu3iJteXsHmZKFZBsFpr8nQp2nve4qFpA9I+0/ZlgYRroIBktoL3v76TjdbdyI9pu37wBHRX2vBNoDxT1uMrygGN0ZmIfK9d63Cba6CM0mnWyPWye1+0n4P9tqNTFE3sE8gaAZYouff0qOCJDCBNLOC1Ji7gRRAsITqRs5xbp3zmcLj8xjqp1Llc0Mq+yBchromDF5SCTpnncO2O4K5rVTuFSZM6Bpp9Se1n21dd0L5wT/ghj4uqX4brb6XvxcT5+ssanC4bBww9wK/eTSfYrRfbjBWzildMmaghIrMnAHIcQc3FXTgE+cT841Z2fC9ZsijkV8yvVoj5PRZixu0Z5JwREyegJAJGFyMEFUyjyR6U1gKVlhDoFPGQmJ14HxiIZ00XqHkEHj7OojZjga4ZlzAZ2ds+tqPy2Va3Kd7y8nGO0R7O4leK+m1vik7iWddVQNSENRswTdESds/SdsJ0+z9dtseiaQTxWcVF2JcBFDOYbFZm9W1soSTlw6wpJF+mjMaV1k62SxV/0rF+WVaDxhKXcTnVJg1TlFiuOiHdEc/gHrdzo9yDOjTtda+to5YofqS6LWOxZXTZVIAcWXcF/mRNzSZxlJwnASjQ7HJFLpU4S/592dgI2W+PKG1MuaLANrxRmJVgGQF6X35K6t9PzMlmWlwB7kur5/PkKhCLSWIQcpS+9JqYGS21Cmd92yacw=
-    google-client-secret: AgB7LWzyNdo9dQ+k1d3clj5JNZ1HCU9czRAbnNiGrHgRXwqnDqVgkVoZE3nb+0n7ZQpVr2LRkYJ82kLQ5qNV5Da2bk+0u8nPOYQPjujqZSwumcmXAPZIs7WvVAEoOlufppIgFfuIumrvX1H12Xg9et3r1ayypodqDIVVUu6KgyNtuwzEKm2Yrl6UFoxYbv3as1KijOtAY9THyGRn3pXN53Vos94wzqa5v2gPZIh9ZVYX4bNIJK4j7BLnbETihqpSz2MYmgASf9QfeHMuaxJHq3+nmhS/Oa2huR7Y1CmPVCoPh6WEdiTcE8HPxl5Fp32HGVRaRs4Co/Z/o3QVEXIbmbOoMPnNDbMGtwRUUw0woyMGKpXCr5cLrkKbU1ZVXYGiz2JJwXXedAFmL/lUUUAGkI4sj2sbuHdbXtO+hNtE8K0h+H0HeXApN0m+ts7aKQfIVs9CdK2Ez5wq6k8M3z7APRTYhCXHyjxiHU3LveHahaifFoIetLSUf7WpoTw4qhtdlgnQXEKOot+xV4WdiHWq1PjmS91Wo9al1RPMK+r8eHjSz076S+sRbP3/fzJTFppF/4s5e+6AybobDo08KLRZfO7+q5eaym1I/AmoNl/7EkS7S4LDljHemx1s3bsvW2ropZiGMVfdAGhIz5bSHxHjMZmXYwZmZqWhYWykrFvnm5VJYuOV3410IPAToDx4hgflDqsMRkL+Qm96ZA2lt4Hy74Bj1LKQ6CF+rahTEMmzED3R4mKcaw==
-    secret: AgCWqoG6xWgWxGmHJPgCAkJoXL27EHyU22giP9lrqXLy/FSdQMJpxY2g/o9Eb/c8rhAHU3tT6vQ3PSP9EzHqLdp6v085XricKQmqZfa9yLYgV65jJJLelIZKbkCE6YAWKlGmsIPd7jskexSdufKboAMjih8y0cF7w0ubnxZVvLAVQT1zU4c/7yQObDFFJ0Le++lPc8eTZphopPjellsx9i19tDQa/5PvexiAbOw740Mq6GKQxZtTJVwpkW6jZ+cc5vGRQp39FP/RiisCyK7wcUGuLW6c8vt8EWiHnsPfImcNaC/DkQFJhsM5w6mHXeZ99uniVauh77jwPm5bR3eT4Qj6NfBOrE4uMaIiwIakt/W+X/AdW4trvajo31uGIr3jdi/csEJmsOGX02/YKyZvDWKkgJMyW2+YwAJwQdzQhXQe0yhSxHfIIbAYIiTSUCTlOS+EgGF80uUWXQzl6WqXW+99CtjgR6fm26si+ZgLpuR5h+75SwmkASgdPb4MnEwCE72of79Ow25weVX68Mbe8HR7GJzQvtMFriRA+TvkHrHHpi2gqVxR68olMyrBdsj774IFV6Vtc5K3sMsWZcdpOIXkaNf7w2ns26PCe7QuZuFnav3i2gW5v3rKCQ+jhazTN3v4mojB5/+smTzrjPZrwU+7e+AsWreIUo/k+4Jk8lsk2WEWlHVtMAu7iojLnfF0ep+Zh5at

apps/test/test-apps/auth-values.yaml

@@ -1,8 +0,0 @@
-name: auth
-namespace: test-apps
-authOnly: true
-auth:
-  cookieDomain: stonegarden.dev
-  whitelist:
-    - veghag@gmail.com
-    - wiredmatrices@gmail.com

apps/test/test-apps/auth.yaml

@@ -1,26 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: auth
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: test
-  sources:
-    - repoURL: https://github.com/vehagn/homelab
-      path: charts/application
-      helm:
-        valueFiles:
-          - $values/apps/test/test-apps/auth-values.yaml
-    - repoURL: https://github.com/vehagn/homelab
-      ref: values
-  destination:
-    namespace: test-apps
-    name: in-cluster
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-    syncOptions:
-      - CreateNamespace=true

apps/test/test-apps/common-values.yaml

@@ -1,9 +0,0 @@
-name: app
-namespace: test-apps
-image:
-  name: containous/whoami
-service:
-  containerPort: 80
-auth:
-  enabled: true
-  create: false

apps/test/test-apps/kustomization.yaml

@@ -1,12 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-commonLabels:
-  app.kubernetes.io/managed-by: argocd
-  app.kubernetes.io/part-of: test
-
-resources:
-  - auth-secret.yaml
-  - app1.yaml
-  - app2.yaml
-  - app3.yaml
-  - auth.yaml

apps/test/whoami/http-route.yaml

@@ -1,18 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: whoami-http-route
-spec:
-  parentRefs:
-    - name: stonegarden
-      namespace: gateway
-  hostnames:
-    - "gateway.stonegarden.dev"
-  rules:
-    - matches:
-        - path:
-            type: PathPrefix
-            value: /
-      backendRefs:
-        - name: whoami
-          port: 80

apps/test/whoami/ingress-route.yaml

@@ -1,29 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: whoami-ingress-route
-  labels:
-    app: traefik
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`auth-whoami.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: traefik-forward-auth
-          port: 4181
-      middlewares:
-        - name: traefik-forward-auth
-    - match: Host(`whoami.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: whoami
-          port: 80
-      middlewares:
-        - name: traefik-forward-auth
-    - match: Host(`whoami-ingress-route.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: whoami
-          port: 80

apps/test/whoami/ingress.yaml

@@ -1,17 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: whoami-ingress
-  namespace: whoami
-spec:
-  rules:
-    - host: whoami-ingress.stonegarden.dev
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: whoami
-                port:
-                  number: 80

apps/test/whoami/kustomization.yaml

@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: whoami
-
-resources:
-#  - ingress.yaml
-#  - ingress-route.yaml
-  - http-route.yaml
-  - traefik-forward-auth
-  - whoami

apps/test/whoami/traefik-forward-auth/auth-secret.yaml

@@ -1,18 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: traefik-forward-auth-secrets
-  namespace: whoami
-spec:
-  encryptedData:
-    google-client-id: AgChcwoghJUslRQrRJTm6hJoiecNl2zlFmJOl49h4gYUoWukyt83ATU30Hw/kyyJ7Chw/Yg9I8Q8/YkI2GbuUjhrndb+7227+X9nerU4cA2lhnPQo27qU61silOoYCfmkDzUfCrLN00zNOHiM3VXOKZms+QOcsWZ7c/nF1Dc5E+eC7DRGgvKwhIrqViSJcms/EFTtzDJKh5WX9knJpg1Wq5FS0b0SMxXW4SjvMGaaeWAJAhZX80NKJUuwHA8STZJ2L3rAwEX3AsVk1+I7VWWvr1MNoPZY8OO76ovuLb++044VU/57uQXw4XG8R7aJF0PaXsrllVx7Qn2MWIBSgDfKJbYKh9J0RFZazZtfLWiVL2rYVtR6ANmOyGKfewdmDonQOTFOIJAn63c1KBICPm4v+xbEI5ic79bG6fG1WwloAY8IBwIPBNzGd7BJ4h1RtjUbty62agr+prX2Gl3ASPFzVnCer1v/e3VqUuQ04yRNYGt0syw1502oAQo+5aCTRG6IRTalNoDgnRFHr8W2cOpMIUL/naWlj6+50yPX+IwAAJ3CFKqPQKMTe/CotodD8oU3dT8ifO0SnNeTYlwo1QHsWhlNUS5kUqGiynEjZzm+Z9hnA7mnImKJRQrA74GNyxl08lUxBU6iySHjqgU/e3w6vWKeQRZCBYs3YTiLWOqes5IPl2Z+xc/dqR2+DRnMw1X7isyIxYXXuWNfkDxJVJcYCN/1oKmk70NBHM3Ux5Uhh3inFLB6uEMOenmr/keB814ReYFozuSVkMo6Rxm1830/Cy5IAA6MeaS8LM=
-    google-client-secret: AgAsPVQjP7z7p/6pRCY5dGRtPbLzl0T9PkVt3bYaT1DLx0717nvAiiG9cL3YkKEJJgUWXDIsl17d62ZJ61T0RPpnkab9WUAYzvuxajqpA9aeqwUGNFQe3p2YxLJGs14IFpj4bahzbceFr/w0zhu9KU45o4k7vc/xClQtvAPb1WVCYKEonDnKMOBzeQ/vCF0RRFkCXdhvOeNCOs3XKquFy0i4E1StitgN03WiNq/kZuBNnpwp0n/Cmlm+C5GiXypAvt/BW+/+QPLet9ws023uK1ouoTgartpdhtYP0ZHkOnfQDzkds1OP3AyNU+wD1S3jWBRWdc7vnyaJPBP1R8sMoVgW2tBn1XpRpQlu2KEVKP/Xt/ok1vr7hhqbNPh3sESSZxEo6GST8+qf/5w1ot5jIxq1AIiSCmqtzaI4oERc1CWD3XDMkll0G7K649hSneiJHV9riwBwhh3kTcRMMrPBd+VOXfxpXSrE4l8uczgQKhbDRHb9mE9nAO8I6TKxm1apTtzJ/EeaOYBlBtb9Pcct/nla57tdrRF5J+R4tmfZ+wiX0pQceHWOge4Hs36ci8gbAp6zUawdbTRSrMd2IS7xhUn/CsNhDuX74CHb/XwNFXa24ztDWkbZwnZxq7XtCa9Lj70WwyQ/UATvhvYtaL+gFFw11tKSWtUpM7k8LJmtsGtkb8Zz6IDAgk6OgWrRXcm/E+ohMXDsdwYTm3AkcD1+H9qJ7nH1SIXDuktAF59U84xYOOa5Zg==
-    secret: AgBRVl6Ye+pIZt1X8bca2+8KxSAgTBa4usXynuTRJLymYA1PzSBcNvKjxgcp/ywzZOAX30u4KclxNcYEKzJIDqjcJMc0+RkntPj8z7gqpWizmHAN/tQQtW1n/4HrheOteo7dI3GRHi3B1aQAjxt0zexFdtwUN5aLXeTwyq5pJNSqrKksJz4nzlU8Yfxf8C2bDlZIJHzCFwtR89sVWm5F0U6E2s6+24tI/LJWVBIWLLR5/fmB0gm99N+ByW8uFf4c44bCDhRHwRXJBiZ59/DrqlPJqP1aboN6yxL3M7FBylJs+QP6qrdM2N/8gx6yVQAxYN/gIFKlIuVCwZ+mjjicgvQFRk1Nu7GGVkfN9zOgMyArlC4/MySJBTOWLhF2RZvpaFEx48ga4sIsfDqFC8/55cVNvvwF4mMpu+CvrRHH/+fzdTug9B/Fkn0Y+2f7WGNL8o/1S8DiduWMUU6JBf/C8gAp8bZntrCs74rBI0gdPqmGcG1bnwj/fovyz+AmEpVmL3BTGiuP7XSID3oVxnP0X5iqoNwZ13CRmwScZMUEQurX7AQ40shVHAMpGoMt4LCHXRlZFWSKLfRWpMyP7uVLLnDQnu+oy94SG1abOCZEBCM8esxtOjRPuyEEjftDkPlWp8zhtjGORK1yxALhgeCVg30WVOKfMjJCjc4lpDOxIYLcO2Y6MaQZPYgO0ebYusXDkgd5wQVFcQMo+uN3ExKbTA==
-  template:
-    metadata:
-      annotations:
-        sealedsecrets.bitnami.com/managed: "true"
-      name: traefik-forward-auth-secrets
-      namespace: whoami
-    type: Opaque
-

apps/test/whoami/traefik-forward-auth/configs/traefik-forward-auth.ini

@@ -1,5 +0,0 @@
-cookie-name = "_whoami_auth"
-log-level = "error"
-cookie-domain = "stonegarden.dev"
-auth-host = "auth-whoami.stonegarden.dev"
-domain = "gmail.com"

apps/test/whoami/traefik-forward-auth/deployment.yaml

@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: traefik-forward-auth
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: traefik-forward-auth
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: traefik-forward-auth
-    spec:
-      terminationGracePeriodSeconds: 60
-      containers:
-        - image: thomseddon/traefik-forward-auth:2
-          imagePullPolicy: Always
-          name: traefik-forward-auth
-          ports:
-            - containerPort: 4181
-              protocol: TCP
-          env:
-            - name: CONFIG
-              value: "/config"
-            - name: PROVIDERS_GOOGLE_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: google-client-id
-            - name: PROVIDERS_GOOGLE_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: google-client-secret
-            - name: SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: secret
-          volumeMounts:
-            - name: configs
-              mountPath: /config
-              subPath: traefik-forward-auth.ini
-
-      volumes:
-        - name: configs
-          configMap:
-            name: configs
-        - name: traefik-forward-auth-secrets
-          secret:
-            secretName: traefik-forward-auth-secrets

apps/test/whoami/traefik-forward-auth/kustomization.yaml

@@ -1,15 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-commonLabels:
-  app: traefik-forward-auth
-
-resources:
-  - auth-secret.yaml
-  - service.yaml
-  - deployment.yaml
-  - middleware.yaml
-
-configMapGenerator:
-  - name: configs
-    files:
-      - configs/traefik-forward-auth.ini

apps/test/whoami/traefik-forward-auth/middleware.yaml

@@ -1,10 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: traefik-forward-auth
-spec:
-  forwardAuth:
-    address: http://traefik-forward-auth.whoami.svc.cluster.local:4181
-    authResponseHeaders:
-      - X-Forwarded-User
-    trustForwardHeader: true

apps/test/whoami/traefik-forward-auth/service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik-forward-auth
-spec:
-  type: ClusterIP
-  selector:
-    app: traefik-forward-auth
-  ports:
-    - name: auth-http
-      port: 4181

apps/test/whoami/whoami/deployment.yaml

@@ -1,18 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: whoami
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: whoami
-  template:
-    metadata:
-      labels:
-        app: whoami
-    spec:
-      containers:
-        - image: containous/whoami
-          imagePullPolicy: Always
-          name: whoami

apps/test/whoami/whoami/kustomization.yaml

@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-commonLabels:
-  app: whoami
-
-resources:
-  - service.yaml
-  - deployment.yaml

apps/test/whoami/whoami/service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: whoami
-spec:
-  type: ClusterIP
-  ports:
-    - name: http
-      port: 80
-  selector:
-    app: whoami

apps/utility/application-set.yaml

@@ -1,36 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: utility
-  namespace: argocd
-  labels:
-    dev.stonegarden: utility
-spec:
-  generators:
-    - git:
-        repoURL: https://github.com/vehagn/homelab
-        revision: HEAD
-        directories:
-          - path: apps/utility/*
-  template:
-    metadata:
-      name: '{{ path.basename }}'
-      labels:
-        dev.stonegarden: utility
-      finalizers:
-        - resources-finalizer.argocd.argoproj.io
-    spec:
-      project: utility
-      source:
-        plugin:
-          name: kustomize-build-with-helm
-        repoURL: https://github.com/vehagn/homelab
-        targetRevision: HEAD
-        path: '{{ path }}'
-      destination:
-        name: in-cluster
-        namespace: '{{ path.basename }}'
-      syncPolicy:
-        automated:
-          selfHeal: true
-          prune: true

apps/utility/haos/endpoint-slice.yaml

@@ -1,18 +0,0 @@
-apiVersion: discovery.k8s.io/v1
-kind: EndpointSlice
-metadata:
-  name: home-assistant
-  namespace: haos
-  labels:
-    kubernetes.io/service-name: home-assistant
-    endpointslice.kubernetes.io/managed-by: cluster-admins
-addressType: IPv4
-ports:
-  - name: http
-    protocol: TCP
-    port: 8123
-endpoints:
-  - addresses:
-      - 192.168.1.27
-    conditions:  # https://github.com/argoproj/argo-cd/issues/15554
-      ready: true

apps/utility/haos/ingress-route.yaml

@@ -1,14 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: home-assistant
-  namespace: haos
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`haos.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: home-assistant
-          port: 8123

apps/utility/haos/kustomization.yaml

@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - ns.yaml
-  - svc.yaml
-  - endpoint-slice.yaml
-  - http-route.yaml
-#  - ingress-route.yaml

apps/utility/home-assistant.yaml

@@ -1,25 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: home-assistant
-  namespace: argocd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-  labels:
-    dev.stonegarden: home-assistant
-spec:
-  project: utility
-  source:
-    repoURL: https://github.com/vehagn/home-assistant
-    path: deployment
-    targetRevision: HEAD
-  destination:
-    namespace: home-assistant
-    name: in-cluster
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-    syncOptions:
-      - CreateNamespace=true
-

apps/utility/kustomization.yaml

@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-commonLabels:
-  dev.stonegarden: app-management
-  app.kubernetes.io/managed-by: argocd
-
-resources:
-  - project.yaml
-  - application-set.yaml
-#  - home-assistant.yaml

apps/utility/project.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  name: utility
-  namespace: argocd
-spec:
-  sourceNamespaces:
-    - '*'
-  sourceRepos:
-    - 'https://github.com/vehagn/*'
-  destinations:
-    - namespace: 'argocd'
-      server: '*'
-    - namespace: 'haos'
-      server: '*'
-    - namespace: 'proxmox'
-      server: '*'
-  clusterResourceWhitelist:
-    - group: '*'
-      kind: '*'

apps/utility/proxmox/endpoint-slice.yaml

@@ -1,18 +0,0 @@
-apiVersion: discovery.k8s.io/v1
-kind: EndpointSlice
-metadata:
-  name: proxmox-euclid
-  namespace: proxmox
-  labels:
-    kubernetes.io/service-name: proxmox-euclid
-    endpointslice.kubernetes.io/managed-by: cluster-admins
-addressType: IPv4
-ports:
-  - name: https
-    protocol: TCP
-    port: 8006
-endpoints:
-  - addresses:
-      - 192.168.1.42
-    conditions:  # https://github.com/argoproj/argo-cd/issues/15554
-      ready: true

apps/utility/proxmox/kustomization.yaml

@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - ns.yaml
-  - svc.yaml
-  - endpoint-slice.yaml
-  - tls-route.yaml

apps/utility/proxmox/ns.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: proxmox

apps/utility/proxmox/svc.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: proxmox-euclid
-  namespace: proxmox
-spec:
-  ports:
-    - name: https
-      protocol: TCP
-      port: 443
-      targetPort: 8006

apps/utility/proxmox/tls-route.yaml

@@ -1,15 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1alpha2
-kind: TLSRoute
-metadata:
-  name: euclid
-  namespace: proxmox
-spec:
-  parentRefs:
-    - name: proxmox-euclid
-      namespace: gateway
-  hostnames:
-    - "proxmox.euclid.stonegarden.dev"
-  rules:
-    - backendRefs:
-        - name: proxmox-euclid
-          port: 443

charts/application/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

charts/application/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: application
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

charts/application/templates/_helpers.tpl

@@ -1,61 +0,0 @@
-{{/*
-Common labels
-*/}}
-{{- define "common.labels" -}}
-app.kubernetes.io/name: {{ .Values.name }}
-{{- with .Values.additionalLabels }}
-{{ toYaml . }}
-{{- end }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "common.annotations" -}}
-{{- with .Values.annotations }}
-{{ toYaml . }}
-{{- end }}
-{{- end }}
-
-{{/*
-Returns string "true" or empty which will be evaluated to boolean false
-*/}}
-{{- define "deployment.create" -}}
-{{- if not .Values.authOnly }}
-{{- true }}
-{{- end }}
-{{- end }}
-
-{{/*
-Returns string "true" or empty which will be evaluated to boolean false
-*/}}
-{{- define "service.create" -}}
-{{- if and .Values.service.create (include "deployment.create" .) }}
-{{- true }}
-{{- end }}
-{{- end }}
-
-{{/*
-Returns string "true" or empty which will be evaluated to boolean false
-*/}}
-{{- define "ingressRoute.create" -}}
-{{- if and .Values.ingressRoute.create (or .Values.authOnly (include "service.create" .)) }}
-{{- true }}
-{{- end }}
-{{- end }}
-
-{{/*
-Returns string "true" or empty which will be evaluated to boolean false
-*/}}
-{{- define "auth.create" -}}
-{{- if or .Values.authOnly (and .Values.auth.enabled .Values.auth.create (include "ingressRoute.create" .)) }}
-{{- true }}
-{{- end }}
-{{- end }}
-
-{{/*
-Return default auth host or custom value if set
-*/}}
-{{- define "auth.host" -}}
-{{ .Values.auth.host | default (print "auth-" .Values.namespace "." .Values.auth.cookieDomain ) }}
-{{- end }}

charts/application/templates/application/deployment.yaml

@@ -1,60 +0,0 @@
-{{- if include "deployment.create" . }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Values.name }}
-  namespace: {{ .Values.namespace }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    {{- include "common.annotations" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicas }}
-  selector:
-    matchLabels:
-      app: {{ .Values.name }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Values.name }}
-    spec:
-      volumes:
-      {{- range .Values.hostVolumes }}
-        - name: {{ .name }}
-          hostPath:
-            path: {{ .hostPath }}
-      {{- end }}
-      {{- range .Values.additionalVolumes }}
-        - name: {{ .name }}
-          {{- toYaml .value | nindent 10 }}
-      {{- end }}
-      containers:
-        - name: {{ .Values.name }}
-          image: {{ .Values.image.name }}:{{ .Values.image.tag | default "latest" }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          volumeMounts:
-            {{- range .Values.hostVolumes }}
-            - name: {{ .name }}
-              mountPath: {{ .mountPath }}
-            {{- end }}
-            {{- range .Values.additionalVolumes }}
-            - name: {{ .name }}
-              mountPath: {{ .mountPath }}
-            {{- end }}
-          env:
-            {{- toYaml .Values.env | nindent 12 }}
-            {{- with .Values.additionalEnv }}
-            {{ . | nindent 12 }}
-            {{- end }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.containerPort }}
-              protocol: TCP
-            {{- range .Values.service.additionalPorts }}
-            - name: {{ .name }}
-              containerPort: {{ .containerPort }}
-              protocol: {{ .protocol | default "TCP" }}
-            {{- end }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-{{- end }}

charts/application/templates/application/service.yaml

@@ -1,26 +0,0 @@
-{{- if include "service.create" .}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.name }}
-  namespace: {{ .Values.namespace }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    {{- include "common.annotations" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - name: http
-      port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-    {{- range .Values.service.additionalPorts }}
-    - name: {{ .name }}
-      port: {{ .port | default .containerPort }}
-      targetPort: {{ .name }}
-      protocol: {{ .protocol | default "TCP" }}
-    {{- end }}
-  selector:
-    app: {{ .Values.name }}
-{{- end }}

charts/application/templates/ingress-route.yaml

@@ -1,33 +0,0 @@
-{{- if include "ingressRoute.create" . }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: {{ .Values.name }}
-  namespace: {{ .Values.namespace }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    {{- if include "service.create" . }}
-    - match: Host(`{{ .Values.name }}.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: {{ .Values.name }}
-          port: 80
-    {{- if .Values.auth.enabled }}
-      middlewares:
-        - name: traefik-forward-auth
-    {{- end }}
-    {{- end }}
-    {{- if include "auth.create" . }}
-    - match: Host(`{{ include "auth.host" . }}`)
-      kind: Rule
-      services:
-        - name: traefik-forward-auth
-          port: {{ .Values.auth.port }}
-      middlewares:
-        - name: traefik-forward-auth
-    {{- end }}
-{{- end }}

charts/application/templates/traefik-forward-auth/config-map.yaml

@@ -1,27 +0,0 @@
-{{- if include "auth.create" . }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: traefik-forward-auth
-  namespace: {{ .Values.namespace }}
-  labels:
-    app: traefik-forward-auth
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    {{- include "common.annotations" . | nindent 4 }}
-data:
-  traefik-forward-auth.ini: |-
-    cookie-name = {{ .Values.auth.cookieName | default (print "_" .Values.namespace "_auth") | quote }}
-    cookie-domain = {{ .Values.auth.cookieDomain | quote }}
-    auth-host = {{ include "auth.host" . | quote }}
-    log-level = {{ .Values.auth.logLevel | quote }}
-    {{- range .Values.auth.domains }}
-    domain = {{ . | quote }}
-    {{- end }}
-    {{- range .Values.auth.whitelist }}
-    whitelist = {{ . | quote }}
-    {{- end }}
-    {{- range $key, $val := .Values.auth.extraConfig -}}
-    {{ $key | nindent 4 }} = {{ $val | quote }}
-    {{- end }}
-{{- end }}

charts/application/templates/traefik-forward-auth/deployment.yaml

@@ -1,61 +0,0 @@
-{{- if include "auth.create" . }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: traefik-forward-auth
-  namespace: {{ .Values.namespace }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    {{- include "common.annotations" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: traefik-forward-auth
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: traefik-forward-auth
-    spec:
-      terminationGracePeriodSeconds: 60
-      containers:
-        - image: thomseddon/traefik-forward-auth:2
-          imagePullPolicy: Always
-          name: traefik-forward-auth
-          ports:
-            - name: auth
-              containerPort: 4181
-              protocol: TCP
-          env:
-            - name: CONFIG
-              value: "/config"
-            - name: PROVIDERS_GOOGLE_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: google-client-id
-            - name: PROVIDERS_GOOGLE_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: google-client-secret
-            - name: SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: secret
-          volumeMounts:
-            - name: config
-              mountPath: /config
-              subPath: traefik-forward-auth.ini
-      volumes:
-        - name: config
-          configMap:
-            name: traefik-forward-auth
-        - name: traefik-forward-auth-secrets
-          secret:
-            secretName: traefik-forward-auth-secrets
-{{- end }}

charts/application/templates/traefik-forward-auth/middleware.yaml

@@ -1,17 +0,0 @@
-{{- if include "auth.create" . }}
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: traefik-forward-auth
-  namespace: {{ .Values.namespace }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    {{- include "common.annotations" . | nindent 4 }}
-spec:
-  forwardAuth:
-    address: "http://traefik-forward-auth.{{ .Values.namespace }}.svc.cluster.local:{{ .Values.auth.port }}"
-    authResponseHeaders:
-      - X-Forwarded-User
-    trustForwardHeader: true
-  {{- end }}

charts/application/templates/traefik-forward-auth/service.yaml

@@ -1,19 +0,0 @@
-{{- if include "auth.create" . }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik-forward-auth
-  namespace: {{ .Values.namespace }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    {{- include "common.annotations" . | nindent 4 }}
-spec:
-  type: ClusterIP
-  selector:
-    app: traefik-forward-auth
-  ports:
-    - name: auth
-      port: {{ .Values.auth.port }}
-      targetPort: auth
-  {{- end }}

charts/application/values.yaml

@@ -1,66 +0,0 @@
-name: name
-namespace: namespace
-
-# Skip deployment and only do auth
-authOnly: false
-
-image:
-  name: image
-  tag: latest
-  pullPolicy: Always
-
-replicas: 1
-
-service:
-  create: true
-  type: ClusterIP
-  port: 80
-  containerPort: 8080
-  additionalPorts: []
-#    - name: ""
-#      protocol: TCP
-#      containerPort: ""
-#      port: ""
-
-ingressRoute:
-  create: true
-
-env: []
-additionalEnv: []
-
-hostVolumes: []
-  #- name: volume-name
-  #  hostPath: /host/path
-  #  mountPath: /container/path
-
-additionalVolumes:
-  #- name: volume-name
-  #  mountPath: /container/path
-  #  value: {}
-
-additionalLabels: {}
-
-annotations: {}
-
-resources: {}
-#  limits:
-#    cpu: 100m
-#    memory: 128Mi
-#  requests:
-#    cpu: 100m
-#    memory: 128Mi
-
-auth:
-  # Enable authentication with traefik-forward-auth
-  enabled: true
-  # Create traefik-forward-auth deployment
-  # Set to "false" to reuse a different deployment in the same namespace
-  create: true
-  port: 4181
-  cookieName: ""
-  cookieDomain: ""
-  host: ""
-  domains: {}
-  whitelist: {}
-  logLevel: error
-  extraConfig: {}

docs/QUICKSTART.md

@@ -1,338 +0,0 @@
-# Quickstart using kubeadm
-
-## Debian 12 – Bookworm
-
-Enable `sudo` for the user
-
-```shell
-~$ su -
-~# usermod -aG sudo <user>
-~# apt install sudo
-~# exit
-~$ exit
-```
-
-Enable `ssh` on server
-
-```shell
-sudo apt install openssh-server
-```
-
-On client
-
-```shell
-ssh-copy-id <user>@<ip>
-```
-
-Harden `ssh` server
-
-```shell
-echo "PermitRootLogin no" | sudo tee /etc/ssh/sshd_config.d/01-disable-root-login.conf
-echo "PasswordAuthentication no" | sudo tee /etc/ssh/sshd_config.d/02-disable-password-auth.conf
-echo "ChallengeResponseAuthentication no" | sudo tee /etc/ssh/sshd_config.d/03-disable-challenge-response-auth.conf
-echo "UsePAM no" | sudo tee /etc/ssh/sshd_config.d/04-disable-pam.conf
-sudo systemctl reload ssh
-```
-
-## Install prerequisites
-
-https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
-
-Install cert tools
-
-```shell
-sudo apt update
-sudo apt install -y apt-transport-https ca-certificates curl gpg
-```
-
-Add key and kubernetes repo
-
-```shell
-curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
-echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
-```
-
-Install kubelet, kubeadm and kubectl
-
-```shell
-sudo apt update
-sudo apt install -y kubelet kubeadm kubectl
-sudo apt-mark hold kubelet kubeadm kubectl
-```
-
-Kubelet ≥ 1.26 requires containerd ≥ 1.6.0.
-
-```shell
-sudo apt install -y runc containerd
-```
-
-## Config
-
-### Disable swap
-
-Disable swap for kubelet to work properly
-
-```shell
-sudo swapoff -a
-```
-
-Comment out swap in `/etc/fstab` to disable swap on boot
-
-```shell
-sudo sed -e '/swap/ s/^#*/#/' -i /etc/fstab
-```
-
-### Forwarding IPv4 and letting iptables see bridged traffic
-
-https://kubernetes.io/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites
-
-```shell
-cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
-overlay
-br_netfilter
-EOF
-```
-
-```shell
-sudo modprobe overlay
-sudo modprobe br_netfilter
-```
-
-Persist `sysctl` params across reboot
-
-```shell
-cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
-net.bridge.bridge-nf-call-iptables  = 1
-net.bridge.bridge-nf-call-ip6tables = 1
-net.ipv4.ip_forward                 = 1
-EOF
-```
-
-Apply `sysctl` params without reboot
-
-```shell
-sudo sysctl --system
-```
-
-### Containerd CGroups
-
-Generate default config
-
-```shell
-containerd config default | sudo tee /etc/containerd/config.toml
-```
-
-https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd-systemd
-
-Configure the `systemd` cgroup driver for containerd
-
-```shell
-sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
-```
-
-Restart containerd
-
-```shell
-sudo systemctl restart containerd
-```
-
-## Initialise cluster
-
-We are going to use cilium in place of kube-proxy
-https://docs.cilium.io/en/v1.12/gettingstarted/kubeproxy-free/
-
-```shell
-sudo kubeadm init --skip-phases=addon/kube-proxy
-```
-
-## Set up kubectl
-
-https://kubernetes.io/docs/tasks/tools/
-
-```shell
-mkdir -p $HOME/.kube
-sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
-sudo chown $(id -u):$(id -g) $HOME/.kube/config
-```
-
-For remote kubectl copy the config file to local machine
-
-```shell
-scp <USER>@<IP>:/home/veh/.kube/config ~/.kube/config
-```
-
-## (Optional) Remove taint for single node use
-
-Get taints on nodes
-
-```shell
-kubectl get nodes -o json | jq '.items[].spec.taints'
-```
-
-Remove taint on master node to allow scheduling of all deployments
-
-```shell
-kubectl taint nodes --all node-role.kubernetes.io/control-plane-
-```
-
-## Install Cilium as CNI (Container Network Interface)
-
-To bootstrap the cluster we can install Cilium using its namesake CLI.
-
-For Linux this can be done by running
-
-```shell
-CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
-CLI_ARCH=amd64
-if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
-curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
-sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
-sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
-rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
-```
-
-See the [Cilium official docs](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) for more options.
-
-Next we install Cilium in Kube proxy replacement mode and enable L2 announcements to reply to ARP requests.
-To not run into rate limiting while doing L2 announcements we also increase the k8s rate limits.
-
-```shell
-cilium install \
-  --set kubeProxyReplacement=true \
-  --set l2announcements.enabled=true \
-  --set externalIPs.enabled=true \
-  --set k8sClientRateLimit.qps=50 \
-  --set k8sClientRateLimit.burst=100
-```
-
-See [this blog post](https://blog.stonegarden.dev/articles/2023/12/migrating-from-metallb-to-cilium/#l2-announcements)
-for more details.
-
-Validate install
-
-```shell
-cilium status
-```
-
-## Cilium LB IPAM
-
-For [Cilium to act as a load balancer](https://docs.cilium.io/en/stable/network/lb-ipam/) and start assigning IPs
-to `LoadBalancer` `Service` resources we need to create a `CiliumLoadBalancerIPPool` with a valid pool.
-
-Edit the cidr range to fit your network before applying it
-
-```shell
-kubectl apply -f infra/cilium/ip-pool.yaml
-```
-
-Next create a `CiliumL2AnnouncementPolicy` to announce the assigned IPs.
-Leaving the `interfaces` field empty announces on all interfaces.
-
-```shell
-kubectl apply -f infra/cilium/announce.yaml
-```
-
-## Sealed Secrets
-
-Used to create encrypted secrets
-
-```shell
-kubectl apply -k infra/sealed-secrets
-```
-
-Be sure to store the generated sealed secret key in a safe place!
-
-```shell
-kubectl -n kube-system get secrets
-```
-
-*NB!*: There will be errors if you use my sealed secrets as you (hopefully) don't have the decryption key
-
-## Gateway API
-
-```shell
-kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml
-```
-
-## Cert-manager
-
-```shell
-kubectl kustomize --enable-helm infra/cert-manager | kubectl apply -f -
-```
-
-## Traefik
-
-Change the `io.cilium/lb-ipam-ips` annotation in `infra/traefik/values.yaml` to a valid IP address for your network.
-
-Install Traefik
-
-```shell
-kubectl kustomize --enable-helm infra/traefik | kubectl apply -f -
-```
-
-## Port forward Traefik
-
-Port forward Traefik ports in router from 8000 to 80 for http and 4443 to 443 for https.
-IP can be found with `kubectl get svc` (it should be the same as the one you gave in the annotation).
-
-# Test-application (Optional)
-
-Deploy a test-application by editing the manifests in `apps/test/whoami` and apply them
-
-```shell
-kubectl apply -k apps/test/whoami
-```
-
-An unsecured test-application `whoami` should be available at [https://test.${DOMAIN}](https://test.${DOMAIN}).
-If you configured `apps/test/whoami/traefik-forward-auth` correctly a secured version should be available
-at [https://whoami.${DOMAIN}](https://whoami.${DOMAIN}).
-
-## Argo CD
-
-[ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/) is used to bootstrap the rest of the cluster.
-The cluster uses a combination of Helm and Kustomize to configure infrastructure and applications.
-For more details read [this blog post](https://blog.stonegarden.dev/articles/2023/09/argocd-kustomize-with-helm/)
-
-```shell
-kubectl kustomize --enable-helm infra/argocd | kubectl apply -f -
-```
-
-Get ArgoCD initial secret by running
-
-```shell
-kubectl -n argocd get secrets argocd-initial-admin-secret -o json | jq -r .data.password | base64 -d
-```
-
-## Kubernetes Dashboard
-
-An OIDC (traefik-forward-auth)
-protected [Kubernetes Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) can be
-deployed using
-
-```shell
-kubectl apply -k infra/dashboard
-```
-
-Create a token
-
-```shell
-kubectl -n kubernetes-dashboard create token admin-user
-```
-
-## ApplicationSets
-
-*NB!*: This will not work before you've changed all the domain names and IP addresses.
-
-Once you've tested everything get the ball rolling with
-
-```shell
-kubectl apply -k sets
-```
-
-## Cleanup
-
-```shell
-kubectl drain gauss --delete-emptydir-data --force --ignore-daemonsets
-sudo kubeadm reset
-sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X
-```