diff --git a/README.md b/README.md index b027b80..58ccf8e 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,34 @@
-Kubernetes logo +# 🪨 Homelab 🏡 -# 🪨 Kubernetes Homelab 🏡 +Repository for home infrastructure and [Kubernetes](https://kubernetes.io/) cluster +using [GitOps](https://en.wikipedia.org/wiki/DevOps) practices. +Held together using [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment), +[OpenTofu](https://opentofu.org/), [Talos](https://talos.dev), [Kubernetes](https://kubernetes.io/), +[Argo CD](https://argoproj.github.io/cd/) and copious amounts of [YAML](https://yaml.org/).
--- -## 📝 Overview +## 📖 Overview -This is the [IaC](https://en.wikipedia.org/wiki/Infrastructure_as_code) configuration for my homelab. -It's mainly powered by [Kubernetes](https://kubernetes.io/) and I do my best to adhere to GitOps practices. +This repository hosts the IaC ([Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_code)) +configuration for my homelab. -To organise all the configuration I've opted for an approach using Kustomized Helm with Argo CD which I've explained in -more detail [here](https://blog.stonegarden.dev/articles/2023/09/argocd-kustomize-with-helm/). +The Homelab is backed by [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment) hypervisor nodes with VMs +bootstrapped using [OpenTofu](https://opentofu.org/)/[Terraform](https://www.terraform.io/). -I try to journal my adventures and exploits on my [blog](https://blog.stonegarden.dev) which is hosted by this repo. +Most of the services run on [Talos](https://www.talos.dev/) flavoured [Kubernetes](https://kubernetes.io/), +though I'm also running a [TrueNAS](https://www.truenas.com/) VM for storage +and [Home Assistant](https://www.home-assistant.io/) VM for home automation. + +To organise all the configuration I've opted for an approach using Kustomized Helm +with [Argo CD](https://argoproj.github.io/cd/) which I've explained in more +detail [in this article](https://blog.stonegarden.dev/articles/2023/09/argocd-kustomize-with-helm/). + +I journal my homelab journey over at my self-hosted [blog](https://blog.stonegarden.dev). ## 🧑‍💻 Getting Started @@ -30,53 +42,68 @@ I've also written an article on how to get started with [Kubernetes on Proxmox](https://blog.stonegarden.dev/articles/2024/03/proxmox-k8s-with-cilium/) if virtualisation is more your thing. -A third option is the [Quickstart](docs/QUICKSTART.md) in the docs-folder. - -I also have a ["mini-cluster" repo](https://gitlab.com/vehagn/mini-homelab) which might be easier to start understanding -over at GitLab. +I'm currently working on an article on how to bootstrap your own Talos-cluster using this repo. ## ⚙️ Core Components +* [Proxmox VE](https://www.proxmox.com/en/proxmox-virtual-environment): Server management and KVM hypervisor. +* [OpenTofu](https://opentofu.org/): Open source infrastructure as code tool. +* [Cilium](https://cilium.io/): eBPF-based Networking, Observability, Security. * [Argo CD](https://argo-cd.readthedocs.io/en/stable/): Declarative, GitOps continuous delivery tool for Kubernetes. * [Cert-manager](https://cert-manager.io/): Cloud native certificate management. -* [Cilium](https://cilium.io/): eBPF-based Networking, Observability, Security. -* [OpenTofu](https://opentofu.org/): The open source infrastructure as code tool. * [Sealed-secrets](https://github.com/bitnami-labs/sealed-secrets): Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository. -## 📂 Folder Structure +## 🗃️ Folder Structure -* `apps`: Different applications that I run in the cluster. -* `charts`: Tailor made Helm charts for this cluster. -* `docs`: Supplementary documentation. -* `infra`: Configuration for core infrastructure components -* `machines`: OpenTofu/Terraform configuration. Each sub folder is a physical machine. -* `sets`: Holds Argo CD Applications that points to the `apps` and `infra` folders for automatic Git-syncing. +```shell +. +├── 📂 docs # Documentation +├── 📂 k8s # Kubernetes manifests +│ ├── 📂 apps # Applications on +│ ├── 📂 infra # Infrastructure components +│ └── 📂 sets # Bootstrapping ApplicationSets +└── 📂 tofu # Tofu configuration + ├── 📂 home-assistant # Home Assistant VM + └── 📂 kubernetes # Kubernetes VM configuration + ├── 📂 bootstrap # Kubernetes bootstrap config + └── 📂 talos # Talos configuration +``` ## 🖥️ Hardware -| Name | Device | CPU | RAM | Storage | Purpose | -|--------|---------------------------|-----------------|----------------|------------|---------| -| Gauss | Dell Precision Tower 5810 | Xeon E5-1650 v3 | 64 GB DDR4 ECC | 14 TiB HDD | - | -| Euclid | ASUS ExpertCenter PN42 | Intel N100 | 32 GB DDR4 | - | - | +| Name | Device | CPU | RAM | Storage | Purpose | +|--------|---------------------------|-----------------|----------------|------------------|-------------------| +| Abel | CWWK 6 LAN Port | Intel i3-N305 | 32 GB DDR5 | - | Control-plane | +| Euclid | ASUS ExpertCenter PN42 | Intel N100 | 32 GB DDR4 | - | Control-plane | +| Cantor | ASUS PRIME N100I-D D4 | Intel N100 | 32 GB DDR4 | 5x8TB HDD RaidZ2 | NAS/Control-plane | +| Gauss | Dell Precision Tower 5810 | Xeon E5-1650 v3 | 64 GB DDR4 ECC | 14 TB HDD | Compute | ## 🏗️ Work in Progress +- [ ] Set up AdGuard Home - [ ] Clean up DNS config - [ ] Renovate for automatic updates -- [x] Build a NAS for storage -- [ ] Template Gauss -- [ ] Replace Pi Hole with AdGuard Home -- [x] Use iGPU on Euclid for video transcoding -- [x] Replace Traefik with Cilium Ingress Controller -- [ ] Cilium mTLS & SPIFFE/SPIRE ## 👷‍ Future Projects -- [x] Use Talos instead of Debian for Kubernetes +- [ ] External DNS - [ ] Keycloak for auth +- [ ] Implement NetBird +- [ ] OPNSense/pfSense +- [ ] Use BGP instead of ARP - [ ] Dynamic Resource Allocation for GPU - [ ] Local LLM -- [ ] pfSense -- [ ] Use NetBird or Tailscale -- [ ] Use BGP instead of ARP +- [ ] Cilium mTLS & SPIFFE/SPIRE + +## + +Proxmox logo +Proxmox logo +      +OpenTofu logo +OpenTofu logo +      +Kubernetes logo +      +Kubernetes logo \ No newline at end of file diff --git a/apps/application-set.yaml b/apps/application-set.yaml deleted file mode 100644 index 6d6c565..0000000 --- a/apps/application-set.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: applications - namespace: argocd - labels: - dev.stonegarden: application -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: apps/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: application - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: applications - source: - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: argocd - syncPolicy: - automated: - selfHeal: true - prune: true \ No newline at end of file diff --git a/apps/delta/app-deltahouse.yaml b/apps/delta/app-deltahouse.yaml deleted file mode 100644 index c377f69..0000000 --- a/apps/delta/app-deltahouse.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: deltahouse - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - labels: - dev.stonegarden: delta -spec: - project: delta - source: - repoURL: https://github.com/vehagn/deltahouse-deployment - path: '.' - targetRevision: HEAD - destination: - namespace: delta - name: in-cluster - syncPolicy: - automated: - selfHeal: true - prune: true ---- -apiVersion: v1 -kind: Namespace -metadata: - name: delta ---- -apiVersion: v1 -kind: Namespace -metadata: - name: delta-test diff --git a/apps/delta/kustomization.yaml b/apps/delta/kustomization.yaml deleted file mode 100644 index 58838fc..0000000 --- a/apps/delta/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - dev.stonegarden: app-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - app-deltahouse.yaml \ No newline at end of file diff --git a/apps/delta/project.yaml b/apps/delta/project.yaml deleted file mode 100644 index 3235dba..0000000 --- a/apps/delta/project.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: delta - namespace: argocd -spec: - sourceNamespaces: - - '*' - sourceRepos: - - 'https://github.com/vehagn/*' - destinations: - - namespace: 'argocd' - server: '*' - - namespace: 'delta' - server: '*' - - namespace: 'delta-test' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/apps/media/application-set.yaml b/apps/media/application-set.yaml deleted file mode 100644 index fd9460b..0000000 --- a/apps/media/application-set.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: media - namespace: argocd - labels: - dev.stonegarden: media -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: apps/media/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: application - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: media - source: - plugin: - name: kustomize-build-with-helm - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: '{{ path.basename }}' - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/apps/media/arr/auth-secret.yaml b/apps/media/arr/auth-secret.yaml deleted file mode 100644 index 1f1e538..0000000 --- a/apps/media/arr/auth-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: arr -spec: - encryptedData: - google-client-id: AgBTsGnax+ubxU061n6dIPuChyKUIbjal3N3gF0DdJRvU1THqIS7SUsjofxea6PXL7TbrH6QkToowEAawASI1//zsvawWo6QTf1SzRdo2CCPbpWgMCnL0jn+dn3cTcbI1vt8lOQMUq3CEV/b8GWOFVWCbXXQ6nuD1Vo+MIZo2TMlBblYu34dlCei/XYf/eIpTmVctw5G6gu494KO/a/FUx4ex+5a5oTLI0Y82U1f6wyJ61yPUeddJHztI5gWlrgGI46f8i4wff1DaAvwGwO/fInxZdx1zPL9Udx+8IKHfh94zbQnBpk806cgIhh0BpFeEMb7W7IgoWHndMeDqQQqeg9i8wxh8ED5qvjNtjBI6D4H3bGa4FM2l7DXOc13r68h7kpjj33ZRRmvnabmL7S2/Bifx+x0A5iSVUgWXp72j34u8Bm/1BbBUEbWUYcAOxm37tLVgKX1phsP1epolMO93MKuNv4AY34uPHiwsCz/vUCzp03b2N9Mb+mjnclCrVLDEMoBkF/AJtB574i3pKgDZGCfGnFfD1g6T3p3c2yz8yXhRhV0hlsKaeqoENiy2jW84jLYrK+hjJdU1qW6xFGfAdTt3HFlwqb3HFSPD7q+L9axmnd59v1/jlQKA7eynDp8Mgp+xdmyNaZJ6nxD+Qh9XWtH+2vRzJh6zzxbnN/Sfqyq/GVXU5Ouf+bDIgztodY+L32HxCxdHyTePjDatBFqR8hU3StNHnaShFdWR43CYlvW9ncpmpntuEd7gQIv4zQGggoxBxcy6NE67q9Ybl+SAygj0Op9ZPlCiYw= - google-client-secret: AgA8aFNep5CkFzh6new1bg7qI3R4HYpgBAre0iS1J+w63fspi4Rd2AOkoiXrEz8P2kuzMDneIAQb2YdrOGOFU8EzguS6dkd+/pex+2RU0gOw7/58rTDvqKjaK/m/WxdQoWA0BreOerSXZefL0PkJtF5g2q7hHcSG8bIyHnizba6u2719JYuUzO7VnT1SBJdkkEoGpb7NaxfpmMnRGBlrxcKrMBLCjhhweVjFgw9nhaUVmbGupikabq3mCKNDeYePRnv6YMTQ9pDhStoT/1CEEQJ+9rPQRHOa+sTsIPeb0MxdQ5X5argspCLvnT8fkN1KHtwQI+stgT2ePgm/eKotEAYngWRMu3AbkgqCtNlkRfhbMpvq50IpuixYkwfHkGTz06RmOLQUkLJdQGzDRnSoyzKChvwLm1HriNDbvfVey8YlbQdrXeAL5muUXAodced1FQWHZFJLR3kvRY3owsBpO4BXkRJ5ZjLJMILakcE3EBV+O/PQqJmuMNvVCo5UNelqFHlloecf9r87bUVO/MffZhJ53S92FLGSIKHtQLVf0+7skbA4U6SyQV+GeH5wM1ozQ8K9P1Aw37aPgQjowmsa4DVdS9YWuSLaJectYrYOCdoCoMkCUbYHoJ3J3dne+EcxUEFSAMSChBrHHuaIjKFdnHMmCvBMIl5hhX6Y2Xy5dBG+omXW3ii6RoIWCEsSQZk9Q3KVULoBOZOoeT+/Czm+KoN9uvohOkNytegz0Lc+9+y4XbRqrw== - secret: AgBJZpCeCkfsD3B+3tUmcr8SOuDE2WdaOM7CJxCauXne5+0Hif31d0/0BJ53r28KE+RSTEZ6PuzAKFsmPKPzGQhBV9zEFUxbnPFh9NoevzYed1l2aT1ciWvUWt5AhukLVA5c7VqoqQ6LyPhGVeEHurG1txrdQiYviX06tGjO8RxNM5/mZHubZ5ovdnaGNN3FW6QkJFbg6eNKDPthKT9QDrkBSVtGjRWUBpS92ET15/D3XTTb4Di+3rlCHJr2wSw6w07Kbe5haGbnBdjxBbhGcwKL2FLNeLBqj8N455t+5UmDrO6HDyJupoyaFXYKpdFkD9dp+lhOgz2FDz9leL21JQVizSsp6hIOXJgKgoiJNeH+vTurW5sos2Xz+kVf6e0fSp9yAW0MNls4ARmavNkqx7kGytWH16jclm39ftyyZDfMcQN77Lkz++C3eLxP+3PLA1/iulqmRABU5SDQH90VWiNfxlkhn97sKqdVvGDcZfuccBghJvuEnixy1ewVYksPARF5Fot5SrUKSJaXvnIRIRQW7/nDqXM37STxsqyyECZkVtBQXQ+kMGepy1VNqwYU66pCtKl/GSF+zkwVDWmXjACZTcbAEW3/j5VkjnNmIEeHstd0wTLwrI2iHA74Wk5jm5AY/oAlFv5p7Pq1YLQdgwU1iLvJsC2gEoO3ZPizfy/f2AarNvxnSwAalg+hMwclYndN8EdPrmSpqAGV2qc= - template: - metadata: - annotations: - sealedsecrets.bitnami.com/managed: "true" - name: traefik-forward-auth-secrets - namespace: arr - type: Opaque - diff --git a/apps/media/arr/common-values.yaml b/apps/media/arr/common-values.yaml deleted file mode 100644 index 5614708..0000000 --- a/apps/media/arr/common-values.yaml +++ /dev/null @@ -1,33 +0,0 @@ -namespace: arr -env: - - name: PUID - valueFrom: - configMapKeyRef: - name: common-env - key: PUID - - name: PGID - valueFrom: - configMapKeyRef: - name: common-env - key: PGID - - name: UMASK - valueFrom: - configMapKeyRef: - name: common-env - key: UMASK - - name: TZ - valueFrom: - configMapKeyRef: - name: common-env - key: TZ -additionalVolumes: - - name: data - mountPath: /app/data - value: - hostPath: - path: /disk/data -additionalLabels: - app.kubernetes.io/part-of: arr -auth: - enabled: true - create: false diff --git a/apps/media/arr/kustomization.yaml b/apps/media/arr/kustomization.yaml deleted file mode 100644 index 15febd0..0000000 --- a/apps/media/arr/kustomization.yaml +++ /dev/null @@ -1,108 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: arr -commonLabels: - app.kubernetes.io/part-of: arr - app.kubernetes.io/managed-by: argocd - -#resources: -# - auth-secret.yaml -# -#configMapGenerator: -# - name: common-env -# literals: -# - PUID="1000" -# - PGID="1000" -# - UMASK="002" -# - TZ="Europe/Oslo" -# -#helmGlobals: -# chartHome: ../../../charts -# -#helmCharts: -# - name: application -# releaseName: auth -# valuesFile: common-values.yaml -# valuesInline: -# name: auth -# namespace: arr -# authOnly: true -# auth: -# cookieDomain: stonegarden.dev -# whitelist: -# - veghag@gmail.com -# - name: application -# releaseName: lidarr -# valuesFile: common-values.yaml -# valuesInline: -# name: lidarr -# image: -# name: lscr.io/linuxserver/lidarr -# hostVolumes: -# - name: lidarr-config -# hostPath: /disk/etc/lidarr -# mountPath: /config -# service: -# containerPort: 8686 -# - name: application -# releaseName: prowlarr -# valuesFile: common-values.yaml -# valuesInline: -# name: prowlarr -# image: -# name: lscr.io/linuxserver/prowlarr -# hostVolumes: -# - name: prowlarr-config -# hostPath: /disk/etc/prowlarr -# mountPath: /config -# additionalVolumes: [] -# service: -# containerPort: 9696 -# - name: application -# releaseName: radarr -# valuesFile: common-values.yaml -# valuesInline: -# name: radarr -# image: -# name: lscr.io/linuxserver/radarr -# hostVolumes: -# - name: radarr-config -# hostPath: /disk/etc/radarr -# mountPath: /config -# service: -# containerPort: 7878 -# - name: application -# releaseName: sonarr -# valuesFile: common-values.yaml -# valuesInline: -# name: sonarr -# image: -# name: lscr.io/linuxserver/sonarr -# hostVolumes: -# - name: sonarr-config -# hostPath: /disk/etc/sonarr -# mountPath: /config -# service: -# containerPort: 8989 -# - name: application -# releaseName: torrent -# valuesFile: common-values.yaml -# valuesInline: -# name: torrent -# image: -# name: ghcr.io/hotio/qbittorrent -# tag: release-4.6.2 -# hostVolumes: -# - name: torrent-config -# hostPath: /disk/etc/qbittorrent -# mountPath: /config -# service: -# type: LoadBalancer -# containerPort: 8080 -# additionalPorts: -# - name: tcp -# protocol: TCP -# containerPort: 11011 -# - name: udp -# protocol: UDP -# containerPort: 11011 diff --git a/apps/media/jellyfin/deployment.yaml b/apps/media/jellyfin/deployment.yaml deleted file mode 100644 index e0d3ce0..0000000 --- a/apps/media/jellyfin/deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: jellyfin - name: jellyfin - namespace: jellyfin -spec: - replicas: 1 - selector: - matchLabels: - app: jellyfin - template: - metadata: - labels: - app: jellyfin - spec: - containers: - - name: jellyfin - image: lscr.io/linuxserver/jellyfin:latest - imagePullPolicy: Always - envFrom: - - configMapRef: - name: jellyfin-env - ports: - - name: http - containerPort: 8096 - resources: - requests: - cpu: 2000m - memory: 6Gi - limits: - cpu: 10000m - memory: 12Gi -# nvidia.com/gpu: "1" - volumeMounts: - - name: config - mountPath: /config - - name: media - mountPath: /media - volumes: - - name: config - persistentVolumeClaim: - claimName: jellyfin-config-pvc - - name: media - persistentVolumeClaim: - claimName: jellyfin-media-pvc diff --git a/apps/media/jellyfin/euclid-jellyfin.yaml b/apps/media/jellyfin/euclid-jellyfin.yaml deleted file mode 100644 index eb749c1..0000000 --- a/apps/media/jellyfin/euclid-jellyfin.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: discovery.k8s.io/v1 -kind: EndpointSlice -metadata: - name: euclid-jellyfin - namespace: jellyfin - labels: - kubernetes.io/service-name: euclid-jellyfin - endpointslice.kubernetes.io/managed-by: cluster-admins -addressType: IPv4 -ports: - - name: http - protocol: TCP - port: 8096 -endpoints: - - addresses: - - 192.168.1.228 - conditions: # https://github.com/argoproj/argo-cd/issues/15554 - ready: true ---- -apiVersion: v1 -kind: Service -metadata: - name: euclid-jellyfin - namespace: jellyfin -spec: - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 8096 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: euclid-jellyfin - namespace: jellyfin -spec: - entryPoints: - - websecure - routes: - - match: Host(`jf-euclid.stonegarden.dev`) - kind: Rule - services: - - name: euclid-jellyfin - port: 80 diff --git a/apps/media/jellyfin/http-route.yaml b/apps/media/jellyfin/http-route.yaml deleted file mode 100644 index 9f7d71b..0000000 --- a/apps/media/jellyfin/http-route.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: jellyfin -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "jellyfin.stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: jellyfin - port: 8096 \ No newline at end of file diff --git a/apps/media/jellyfin/ingress-route.yaml b/apps/media/jellyfin/ingress-route.yaml deleted file mode 100644 index d81d639..0000000 --- a/apps/media/jellyfin/ingress-route.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: jellyfin - namespace: jellyfin -spec: - entryPoints: - - websecure - routes: - - match: Host(`jellyfin.stonegarden.dev`) - kind: Rule - services: - - name: jellyfin - port: 8096 \ No newline at end of file diff --git a/apps/media/jellyfin/kustomization.yaml b/apps/media/jellyfin/kustomization.yaml deleted file mode 100644 index 51e1799..0000000 --- a/apps/media/jellyfin/kustomization.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: jellyfin -commonLabels: - app: jellyfin - -configMapGenerator: - - name: jellyfin-env - literals: - - PUID="1000" - - PGID="1000" - - UMASK="002" - - TZ="Europe/Oslo" - -resources: - - pv-jellyfin-config.yaml - - pvc-jellyfin-config.yaml - - pv-jellyfin-media.yaml - - pvc-jellyfin-media.yaml - - service.yaml - - deployment.yaml - - http-route.yaml - - euclid-jellyfin.yaml -# - ingress-route.yaml diff --git a/apps/media/jellyfin/pv-jellyfin-config.yaml b/apps/media/jellyfin/pv-jellyfin-config.yaml deleted file mode 100644 index 2ce6596..0000000 --- a/apps/media/jellyfin/pv-jellyfin-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: jellyfin-config-pv -spec: - capacity: - storage: 64Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: jellyfin-config-sc - local: - path: /disk/etc/jellyfin - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/apps/media/jellyfin/pv-jellyfin-media.yaml b/apps/media/jellyfin/pv-jellyfin-media.yaml deleted file mode 100644 index 2ce9c82..0000000 --- a/apps/media/jellyfin/pv-jellyfin-media.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: jellyfin-media-pv -spec: - capacity: - storage: 12Ti - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: jellyfin-media-sc - local: - path: /disk/data/media - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/apps/media/jellyfin/pvc-jellyfin-config.yaml b/apps/media/jellyfin/pvc-jellyfin-config.yaml deleted file mode 100644 index 03335bc..0000000 --- a/apps/media/jellyfin/pvc-jellyfin-config.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: jellyfin-config-pvc - namespace: jellyfin -spec: - storageClassName: jellyfin-config-sc - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 64Gi diff --git a/apps/media/jellyfin/pvc-jellyfin-media.yaml b/apps/media/jellyfin/pvc-jellyfin-media.yaml deleted file mode 100644 index a934eaf..0000000 --- a/apps/media/jellyfin/pvc-jellyfin-media.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: jellyfin-media-pvc - namespace: jellyfin -spec: - storageClassName: jellyfin-media-sc - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 12Ti diff --git a/apps/media/jellyfin/service.yaml b/apps/media/jellyfin/service.yaml deleted file mode 100644 index 52c0aa5..0000000 --- a/apps/media/jellyfin/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: jellyfin - namespace: jellyfin -spec: - selector: - app: jellyfin - ports: - - name: web - port: 8096 \ No newline at end of file diff --git a/apps/media/plex/deployment.yaml b/apps/media/plex/deployment.yaml deleted file mode 100644 index a546f34..0000000 --- a/apps/media/plex/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: plex -spec: - replicas: 1 - selector: - matchLabels: - app: plex - template: - spec: - containers: - - name: plex - image: lscr.io/linuxserver/plex - imagePullPolicy: Always - resources: - requests: - cpu: 2000m - memory: 6Gi - limits: - cpu: 10000m - memory: 12Gi -# nvidia.com/gpu: "1" - envFrom: - - configMapRef: - name: plex-env - ports: - - name: http - containerPort: 32400 - volumeMounts: - - name: config - mountPath: /config - - name: media - mountPath: /app/data - volumes: - - name: config - persistentVolumeClaim: - claimName: plex-config-pvc - - name: media - persistentVolumeClaim: - claimName: plex-media-pvc diff --git a/apps/media/plex/http-route.yaml b/apps/media/plex/http-route.yaml deleted file mode 100644 index b760020..0000000 --- a/apps/media/plex/http-route.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: plex-http-route -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "plex.stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: plex - port: 80 diff --git a/apps/media/plex/ingress.yaml b/apps/media/plex/ingress.yaml deleted file mode 100644 index ce5d689..0000000 --- a/apps/media/plex/ingress.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: ingressroute-plex -spec: - entryPoints: - - websecure - routes: - - match: Host(`plex.stonegarden.dev`) - kind: Rule - services: - - name: plex - port: 80 \ No newline at end of file diff --git a/apps/media/plex/kustomization.yaml b/apps/media/plex/kustomization.yaml deleted file mode 100644 index 7bbe9e0..0000000 --- a/apps/media/plex/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: plex -commonLabels: - app: plex - -configMapGenerator: - - name: plex-env - literals: - - PUID="1000" - - PGID="1000" - - UMASK="002" - - TZ="Europe/Oslo" - -resources: - - pv-plex-config.yaml - - pvc-plex-config.yaml - - pv-plex-media.yaml - - pvc-plex-media.yaml - - service.yaml - - deployment.yaml - - ingress.yaml -# - http-route.yaml diff --git a/apps/media/plex/pv-plex-config.yaml b/apps/media/plex/pv-plex-config.yaml deleted file mode 100644 index 0b354fd..0000000 --- a/apps/media/plex/pv-plex-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: plex-config-pv -spec: - capacity: - storage: 64Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: plex-config-sc - local: - path: /disk/etc/plex - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/apps/media/plex/pv-plex-media.yaml b/apps/media/plex/pv-plex-media.yaml deleted file mode 100644 index 5c099ad..0000000 --- a/apps/media/plex/pv-plex-media.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: plex-media-pv -spec: - capacity: - storage: 12Ti - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: plex-media-sc - local: - path: /disk/data - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/apps/media/plex/pvc-plex-config.yaml b/apps/media/plex/pvc-plex-config.yaml deleted file mode 100644 index a1444a6..0000000 --- a/apps/media/plex/pvc-plex-config.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: plex-config-pvc - namespace: plex -spec: - storageClassName: plex-config-sc - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 64Gi diff --git a/apps/media/plex/pvc-plex-media.yaml b/apps/media/plex/pvc-plex-media.yaml deleted file mode 100644 index 5c1e8c0..0000000 --- a/apps/media/plex/pvc-plex-media.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: plex-media-pvc - namespace: plex -spec: - storageClassName: plex-media-sc - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 12Ti diff --git a/apps/media/plex/service.yaml b/apps/media/plex/service.yaml deleted file mode 100644 index 4544a94..0000000 --- a/apps/media/plex/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: plex - annotations: - io.cilium/lb-ipam-ips: 192.168.1.132 -spec: - selector: - app: plex - type: LoadBalancer - ports: - - name: http - port: 80 - targetPort: 32400 - - name: direct - port: 32400 - targetPort: 32400 diff --git a/apps/media/project.yaml b/apps/media/project.yaml deleted file mode 100644 index 0609bd6..0000000 --- a/apps/media/project.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: media - namespace: argocd -spec: - sourceNamespaces: - - '*' - sourceRepos: - - 'https://github.com/vehagn/*' - destinations: - - namespace: 'argocd' - server: '*' - - namespace: 'arr' - server: '*' - - namespace: 'jellyfin' - server: '*' - - namespace: 'plex' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/apps/project.yaml b/apps/project.yaml deleted file mode 100644 index 1472465..0000000 --- a/apps/project.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: applications - namespace: argocd -spec: - sourceNamespaces: - - '*' - sourceRepos: - - 'https://github.com/vehagn/*' - destinations: - - namespace: 'argocd' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/apps/public/application-set.yaml b/apps/public/application-set.yaml deleted file mode 100644 index 90010e9..0000000 --- a/apps/public/application-set.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: public - namespace: argocd - labels: - dev.stonegarden: application -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: apps/public/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: public - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: public - source: - plugin: - name: kustomize-build-with-helm - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: '{{ path.basename }}' - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/apps/public/blog/http-route.yaml b/apps/public/blog/http-route.yaml deleted file mode 100644 index 004e7c8..0000000 --- a/apps/public/blog/http-route.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: blog - namespace: blog -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "blog.stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: blog - port: 80 \ No newline at end of file diff --git a/apps/public/blog/kustomization.yaml b/apps/public/blog/kustomization.yaml deleted file mode 100644 index 354d2f8..0000000 --- a/apps/public/blog/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: blog -commonLabels: - app.kubernetes.io/managed-by: argocd - -resources: - - remark42 - - http-route.yaml - -helmGlobals: - chartHome: ../../../charts - -helmCharts: - - name: application - releaseName: blog - valuesFile: values.yaml \ No newline at end of file diff --git a/apps/public/blog/remark42/config/env-remark42 b/apps/public/blog/remark42/config/env-remark42 deleted file mode 100644 index 701e1ee..0000000 --- a/apps/public/blog/remark42/config/env-remark42 +++ /dev/null @@ -1,3 +0,0 @@ -TIME_ZONE=Europe/Oslo -REMARK_URL=https://remark42.stonegarden.dev -SITE=stonegarden.dev \ No newline at end of file diff --git a/apps/public/blog/remark42/deployment.yaml b/apps/public/blog/remark42/deployment.yaml deleted file mode 100644 index a78b3c6..0000000 --- a/apps/public/blog/remark42/deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: remark42 - namespace: blog - labels: - app: remark42 -spec: - replicas: 1 - selector: - matchLabels: - app: remark42 - strategy: - type: Recreate - template: - metadata: - namespace: remark42 - labels: - app: remark42 - spec: - containers: - - name: remark42 - image: umputun/remark42:v1.12.1 - ports: - - name: http - containerPort: 8080 - envFrom: - - secretRef: - name: remark42-secret - - secretRef: - name: remark42-github - - secretRef: - name: remark42-google - - configMapRef: - name: remark42-env - volumeMounts: - - name: remark42 - mountPath: /srv/var - securityContext: - readOnlyRootFilesystem: false - resources: - requests: - cpu: 100m - memory: 25Mi - limits: - cpu: 500m - memory: 256Mi - securityContext: {} - volumes: - - name: remark42 - persistentVolumeClaim: - claimName: remark42 - \ No newline at end of file diff --git a/apps/public/blog/remark42/ingress-route.yaml b/apps/public/blog/remark42/ingress-route.yaml deleted file mode 100644 index 960da53..0000000 --- a/apps/public/blog/remark42/ingress-route.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: remark42 - namespace: blog -spec: - entryPoints: - - websecure - routes: - - match: Host(`remark42.stonegarden.dev`) - kind: Rule - services: - - name: remark42 - port: 80 \ No newline at end of file diff --git a/apps/public/blog/remark42/kustomization.yaml b/apps/public/blog/remark42/kustomization.yaml deleted file mode 100644 index 161aa93..0000000 --- a/apps/public/blog/remark42/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -commonLabels: - app.kubernetes.io/managed-by: argocd - -configMapGenerator: - - name: remark42-env - envs: - - config/env-remark42 - -resources: - - deployment.yaml - - http-route.yaml - - pv.yaml - - pvc.yaml - - secret-github.yaml - - secret-google.yaml - - secret-remark42.yaml - - service.yaml - - ingress-route.yaml \ No newline at end of file diff --git a/apps/public/blog/remark42/pv.yaml b/apps/public/blog/remark42/pv.yaml deleted file mode 100644 index 9876aad..0000000 --- a/apps/public/blog/remark42/pv.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: remark42 - labels: - app: remark42 -spec: - capacity: - storage: 512Mi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: remark42-storage - local: - path: /disk/etc/blog/remark42 - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss diff --git a/apps/public/blog/remark42/pvc.yaml b/apps/public/blog/remark42/pvc.yaml deleted file mode 100644 index 55e1cd0..0000000 --- a/apps/public/blog/remark42/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: remark42 - namespace: blog - labels: - app: remark42 -spec: - storageClassName: remark42-storage - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 512Mi diff --git a/apps/public/blog/remark42/secret-github.yaml b/apps/public/blog/remark42/secret-github.yaml deleted file mode 100644 index 48143ff..0000000 --- a/apps/public/blog/remark42/secret-github.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: remark42-github - namespace: blog -spec: - template: - metadata: - name: remark42-github - namespace: blog - type: Opaque - encryptedData: - AUTH_GITHUB_CID: AgBGyofz/RnFBApbUgPWwjFVqMp8MDrawEcxn2JUkNx625Tc4TPyVDE178SXs8fAHJ86R8RRuugRZnhDmN9h3Hr58mZe6oLuNQNJ0akh0fh16cAVzDLtsIL9bvD17kiAk6JUC7nkiQWWjAse/7VdpX8lD8yGfDT8Oub8rV5VBKs2mapAbNbom5X3m6bGnL+sT1ABC+W5d7IjdnNTAp6UlVxOjzXgIcgOI7SVcgJaf+8fe6YgM7NUeb90bi7HHYCSrXODOjFM+kXTdAxLYn0PlqqDgQQy3m1V3H8X0baw4RIfwBNkTbmu8jxizKofbKymqRqeQ3ag5X+RlBxRs4uBoUFgV8qDtBeHQI2sGNRSqR1F5cj2YltrcNsNdjlInaSlYm3MVjSYK/sMElO6dRny7cJzZIxzb+dmrCgL+B4sXC54Cs409YLFmSM1kMzQfs/Xi6TFZBUvjVQYDcOQt5vsjvJARtEN5EY8Z084PQXfLtHIj/Mj4vTZIC4JpqtPlpwY4+bKFXIIgqEqsR+8n0GT497GM4I6m522ghIDt+u6aZrlRqfATep+Nt257oopF9dN9gHLf1pvJtpTk9U5hvOIjPrPr97U/P8XDAs87dM7UYCwmsV9Dhxec09CdnTa6G7c2Z38D5OrEO+qRn+dLRqLgiQRvqWUsWvl2FndlUAL7TYhDgh8N1uvHzffkSzpU3RHY2Xcb//VMlY1WVhq7Yw0W/qNiZVoyA== - AUTH_GITHUB_CSEC: AgCnADuhmn+omIFEQKbUWjrFqNBvjKqN/VaApcPriq6Q2jP0ZlYTSKc1kZhkdq2ru0WjwU3D9R4vgeLaA4JaxVICBefOLtAFsTVkr/U1rBuWBtlrzOL+KKk4JAuw0tRWwff/Y5fXhZ19LBGgrRLAJkaoijQ036ihLy6etTyxAoPm7ibZoEHr78TA/UicVZGtDBMhUg61UTRIYYdwbN9Mjqsg76gZFLQP9R/k2OgEIjwroStE+ERtt5tUloy3VkGcAglQ6+oGO2hrNEuuF+w8+oGRAAYyx9TkfXBn9sOso0gAikXFzr7q5nKK7698TvGk2+ytZUgysUNlRQl8Zyx23naWrbyfamgYnzAji3njUuGGYIA48bh7SeGMU8vxofb2ZLMbccwJ9Lp7p/t1L1Bf2YzNMEp7lVp66F/uU0j5Qh95WKgSp/0NF0b2iIXF5trZplSanMg1BJ4gU06zRsschDdhhrtt/e0V7MuKv8H5NnS2j6dcuQTr/ojJaVkHdNa/h8ev5SqZFoZBSB0eLgipsy9MJ48j0iLoCz0n54MQHR7wdaxPcaDkZJW3ZQYPojsunZI+3AgfZ5NZ+VEauxl1X7kjB1bHYntnb0s8+MWoqxVY/yd8X2BSazW6zIvLEn+rt5pvQDFnFnUG8YKg8Pf6lPMrhMkLNEe1Xatubm7UySo4eNA3FlIjjAsJqYKYdpLmUD8TFaodMbgp1hi5oiRk8Aqh61TZqp5FD/WVLacKOgvImMzxAbElCK2t - diff --git a/apps/public/blog/remark42/secret-google.yaml b/apps/public/blog/remark42/secret-google.yaml deleted file mode 100644 index f8433aa..0000000 --- a/apps/public/blog/remark42/secret-google.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: remark42-google - namespace: blog -spec: - template: - metadata: - name: remark42-google - namespace: blog - type: Opaque - encryptedData: - AUTH_GOOGLE_CID: AgBfum5+D9fP0g3dcoytnKRQf9eXMT9uUV997opD7QfxH68juE52Z5D1Q9oFWAm9/avQ8I6tql14gJwILeRJNW476gv4G4f0irBvL9RRq5Wwr/Val0SKZSJ+Bkx/QeRPNywVuIAFUL3syL+rsEAo1qVHi7Bb9Fp0hmnY52OIr68geg/m2Vx1nZ5IF03LSKc5Xlu0LDzBCa7ePFm1pkPIBTwX9bJQuu6ccJuV3ZdMjlhVbV6zcfYAWJOQkLB6TFTaEScCr7PQbqx3YqqcbXI6FNnKfjvd2FCMufONJFN6Oy2+vvordvXO5Pqu7Gped5otTmvJKc2Q7ZitNgw9t+qkVV7JpTT8PtJyg3uss9PgdoksSIEYs0xyb2YChm23tID1E+qvmSitMCJx6TAR/6Bgj7Jhc7ZBJEp9mpLr7o5PGuCqrBToTGNgO8gcz0bmZlv4CNymEXSCgd+nFma/INaKwUkD+LQo5gbXrz6zzn8vUfjlzSIzCuEN7YKBbBFjguVKZmTa/+TuTwc5qWOOFvKoFQOPTn7XedJykkmfzDdQf+f/pytN4KAhOS8mtvA9Ufh52QPluF2gAPFXVe6jmaJ/uywQ5b9RHcHcXl74gn09Bi2Z4sArUB4cW84a0Pvn5q6bgCKyHDNMNp2SNWmzQ66oNWbz+L5UemMfNfagFn6JdBXBE7FDox5kfGzM4xPmbuaDsmALaVpBbwy46qa3vVNTSNOkJ7MpavJvTKgLPWk6AWkUvDOTVgJItQqXK5gdPcJnivVHVr8CF4b5BNqs72KWelpPnwLBgcztMhY= - AUTH_GOOGLE_CSEC: AgADfQNXSwFNW06QIIeMIcmn0lbTVM4hekWKae9AxeJtcNI4lCcvyibCYLh+Wzv5jCOJexSFI32w9y5rgzKdEBpGiz2u4XZP+Kq7bWsVA5rYYZYX4lhJYPoUVSvOMWWWmD/8ww09ZuOhbyPtUJoTIWkKbsxEvVBfgqw3qEyDYR6mb3ITLs5AaOFTtrRP0A7tDDv6C794fljmtL0B8nwcztPJY74wMWg763Q+AB1t27N1wiWZWOwWhfTvLbm0jrJg3JqMI6Dp+0sINVtmdmTFoQI7gRe2Zar4/2Z+yQJTn8X/Yuq+3aKVOs5FoGbQRNsDnakftLmRUVGjIFXsVnjbZ0CTy2L2+YhfwVp7SVQk/PlOLIfaC7newMCpKLc5dpRbnY4WAVFWmYLdgzn3XsUgDFR8IQNhDTEcZsGzOaqR1X/L4vRuR7SLF0N2TBwHt8kTBvFATlLP2LYgcZ5MjBX3ol/sywQRp4pdkKSyGxt/YYOfqIOuIxNakLcDwLSM0e+PgYKrwQJw19nwBANfxyXcy5+FvkYilT0tnUMXPNgr5UasBqTyU2SdLvewJQud7vA5raaPfpGQi8E+voRJwQwuu+B06u0yg9nnkbGNFQwTB+4ZWgNWTL+xejWK/zkJ2pBLXlHO8iJxx9hYZcY7s/wsZeazbqeN3Xct86uISYEfHYzjs3Ye0nSEsEMyll7llbFkINUpDO+5hKsELpzo3AKZNs/rkK7t8Y8qlBI8GgPsynlpKGjfjA== \ No newline at end of file diff --git a/apps/public/blog/remark42/secret-remark42.yaml b/apps/public/blog/remark42/secret-remark42.yaml deleted file mode 100644 index f365286..0000000 --- a/apps/public/blog/remark42/secret-remark42.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: remark42-secret - namespace: blog -spec: - template: - metadata: - name: remark42-secret - namespace: blog - type: Opaque - encryptedData: - ADMIN_SHARED_ID: AgAyuD99CFgz3xy04N1g6GU5W3eJA051OaIQarjHwL553l9xrf2o3JG7hBbP6BAvZ9qqKwtfCUawvvSA2Ey/YGLn8KODsjYvvDS/r0tmulObxK9nYKI5KWdOHIGr8LCm3PROJWdvECBnkr+uzYJWpdVo4oqGvkz8gPsX8fJJ3i/GpQEgqMR8wzEH1kGyM/JjDqS9du6ysU/sVVVJxp69Dx2sA5gHMziDarEp3v5bFFgLCRQ++1FAxVEnn7CCPnAYwHz2yiTZ0CnOb2dB0KM4wzq6WgCijG/Le0BudH5pwe7jNctuIIjgX03Yq6xlitxYCIn5khMCBXQQiD1z3ZwPWdVbdrKbZ6ZgKVITYZup3O/g7vP7jB9VaLGUL/L4KCV65Z4aMDL58w65YMETU31MJSw1CJQwwZ9Naaad/hbedjQzkO7wRNHf/gCa1x2D8z1VjeCzVstmCmC2+EqZl7j6jYRQ5c/gE778ZMBJJQ/RxyEBVv26wzdnkQJeULQw0Tr7bzGF8rPrqUoe3vWXFlLggp9zXqIzv53DrJgpQqWFwni4UGpoBn/zcyic4ryvFCNATQSsi0LXN//3ce3EU6RF1ozp7l3mBmJUBCCcNIGpyEI/HqIUv9fZpGauXW3hYggzaP3p7XQyyWxe/aNbC8sTFG8JfdbzsSbmgqJT/d3No8r7jmRKxXVL45xlQU0PXDiwOZhVObO2fXxbnzZsJxPrjq3vPsFJH8uDwj7J/KedwrOHTvRBMUqcIxXjhsn/0rHmUj9xR4aEkqDpk80TV/2Bj2IwcfPsg0Ih1mhfdF2gFF3VF5/YbNk5mxboe4BUUXYilw== - SECRET: AgBzdv+yZb3CKbRCfG/Ju3E/VoAGMxQ+IPCjEDjENhxp2OOPm2H6Ua02M9KWFALbtT+py5gIat6oxVb3EcbdbEDWxx2XNolpA25Ab4mZzvmM92FXd1tSNAw1pj00Kq0ftF5Rwd91Cynlqi4nAc5kA4WlhgtSNEcoZpCpye5lc4JW7+SMg3NzrQFgzjGdwTQlw2zdQgKNROTloLb/xaJi/m0PahLtpDgejwMAi0zoBU4ydE8zbOXcC0lvb3N2cFYjk7pCIiVES5SJnWKaYSxUcaZhT5L4ulv8HyjHhhmI5Zgb0sweGjuANwuI1kDPlUhu60mZL6j7upr+TPiayDH4tZ7eXjnqJ3AF4HeBJJruN9NGB6Tmg18qgYp26rwYwfgnVUXFMZuJWrQHDoNJIRno1Jkq1n/843BigMIFU92afQEvLxvCREqjQ2k388MYimQQj/x+M1BUQXOk6fhTSf+QYDm5eRiSCiUw93X4QVHEutNcRSfmTFq5XqEvmd8+VWhmuU4Ua7bPUiM+19ELrBWeW8pWo4DhG2O+zWmx1vKmNRCwA8/F3JHya8KdL9QlrgpSkwK5v6tNT+wz6ZjRX+8dZuE73b7YOqA8SAw2UfLGyCc0IXT/3KhFlriqFrtbTknC0EH0yPOd+YBj17y8MydkSRCUIDJJDmItRa0md4wRErlsV1oL+lFdhgoFsjTU7QpZBC7lT/iPlgJjUdABmTQ1ezEY01ldgKiA7yi33ebnVgnpbxsLfGs5GAdj - diff --git a/apps/public/blog/remark42/service.yaml b/apps/public/blog/remark42/service.yaml deleted file mode 100644 index 3774d89..0000000 --- a/apps/public/blog/remark42/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: remark42 - namespace: blog -spec: - selector: - app: remark42 - ports: - - name: http - protocol: TCP - port: 80 - targetPort: http \ No newline at end of file diff --git a/apps/public/blog/values.yaml b/apps/public/blog/values.yaml deleted file mode 100644 index da2f435..0000000 --- a/apps/public/blog/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -name: blog -image: - name: registry.gitlab.com/vehagn/blog -env: - - name: SERVER_LOG_LEVEL - value: warn - - name: TZ - value: Europe/Oslo -service: - containerPort: 80 -ingressRoute: - create: false -auth: - enabled: false \ No newline at end of file diff --git a/apps/public/project.yaml b/apps/public/project.yaml deleted file mode 100644 index 056e657..0000000 --- a/apps/public/project.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: public - namespace: argocd -spec: - sourceNamespaces: - - '*' - sourceRepos: - - 'https://github.com/vehagn/*' - destinations: - - namespace: 'argocd' - server: '*' - - namespace: 'blog' - server: '*' - - namespace: 'stonegarden' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/apps/public/stonegarden/deployment.yaml b/apps/public/stonegarden/deployment.yaml deleted file mode 100644 index 62bd603..0000000 --- a/apps/public/stonegarden/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: stonegarden - namespace: stonegarden -spec: - replicas: 1 - selector: - matchLabels: - app: stonegarden - template: - spec: - containers: - - name: stonegarden - image: registry.gitlab.com/vehagn/stonegarden:latest - imagePullPolicy: Always - ports: - - name: web - containerPort: 3000 \ No newline at end of file diff --git a/apps/public/stonegarden/ingress-route.yaml b/apps/public/stonegarden/ingress-route.yaml deleted file mode 100644 index b6aa687..0000000 --- a/apps/public/stonegarden/ingress-route.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: stonegarden - namespace: stonegarden -spec: - entryPoints: - - websecure - routes: - - match: Host(`stonegarden.dev`) - kind: Rule - services: - - name: stonegarden - port: 3000 \ No newline at end of file diff --git a/apps/public/stonegarden/kustomization.yaml b/apps/public/stonegarden/kustomization.yaml deleted file mode 100644 index 3c10f15..0000000 --- a/apps/public/stonegarden/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -commonLabels: - app: stonegarden - -resources: - - ns.yaml - - service.yaml - - deployment.yaml - - http-route.yaml -# - ingress-route.yaml diff --git a/apps/public/stonegarden/service.yaml b/apps/public/stonegarden/service.yaml deleted file mode 100644 index 037aa84..0000000 --- a/apps/public/stonegarden/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: stonegarden - namespace: stonegarden -spec: - type: ClusterIP - ports: - - name: web - port: 3000 - selector: - app: stonegarden diff --git a/apps/test/application-set.yaml b/apps/test/application-set.yaml deleted file mode 100644 index 4464271..0000000 --- a/apps/test/application-set.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: test - namespace: argocd - labels: - dev.stonegarden: test -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: apps/test/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: test - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: test - source: - plugin: - name: kustomize-build-with-helm - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: '{{ path.basename }}' - syncPolicy: - automated: - selfHeal: false - prune: true - syncOptions: - - CreateNamespace=true diff --git a/apps/test/cuda-test/kustomization.yaml b/apps/test/cuda-test/kustomization.yaml deleted file mode 100644 index 54402cc..0000000 --- a/apps/test/cuda-test/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - app.kubernetes.io/managed-by: argocd - -resources: - - pod.yaml diff --git a/apps/test/cuda-test/pod.yaml b/apps/test/cuda-test/pod.yaml deleted file mode 100644 index a7b6909..0000000 --- a/apps/test/cuda-test/pod.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: cuda-vectoradd - namespace: cuda-test -spec: - restartPolicy: Never #OnFailure - containers: - - name: cuda-vectoradd - image: "nvcr.io/nvidia/k8s/cuda-sample:vectoradd-cuda11.7.1-ubuntu20.04" -# resources: -# limits: -# nvidia.com/gpu: "1" \ No newline at end of file diff --git a/apps/test/kustomization.yaml b/apps/test/kustomization.yaml deleted file mode 100644 index bf7dfe2..0000000 --- a/apps/test/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -commonLabels: - dev.stonegarden: app-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml diff --git a/apps/test/project.yaml b/apps/test/project.yaml deleted file mode 100644 index 830ca7a..0000000 --- a/apps/test/project.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: test - namespace: argocd -spec: - sourceNamespaces: - - '*' - sourceRepos: - - 'https://github.com/vehagn/*' - destinations: - - namespace: 'argocd' - server: '*' - - namespace: 'cuda-test' - server: '*' - - namespace: 'whoami' - server: '*' - - namespace: 'test-apps' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/apps/test/test-apps/app1.yaml b/apps/test/test-apps/app1.yaml deleted file mode 100644 index f5f1d6d..0000000 --- a/apps/test/test-apps/app1.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: app1 - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: test - source: - repoURL: https://github.com/vehagn/homelab - path: charts/application - helm: - values: |- - name: app1 - replicas: 3 - valueFiles: - - ../../apps/test/test-apps/common-values.yaml - destination: - namespace: test-apps - name: in-cluster - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/apps/test/test-apps/app2.yaml b/apps/test/test-apps/app2.yaml deleted file mode 100644 index fafaba6..0000000 --- a/apps/test/test-apps/app2.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: app2 - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: test - sources: - - repoURL: https://github.com/vehagn/homelab - path: charts/application - helm: - parameters: - - name: name - value: app2 - valueFiles: - - $values/apps/test/test-apps/common-values.yaml - - repoURL: https://github.com/vehagn/homelab - ref: values - destination: - namespace: test-apps - name: in-cluster - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/apps/test/test-apps/app3.yaml b/apps/test/test-apps/app3.yaml deleted file mode 100644 index 5dbfaf2..0000000 --- a/apps/test/test-apps/app3.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: app3 - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: test - sources: - - repoURL: https://github.com/vehagn/homelab - path: charts/application - helm: - parameters: - - name: name - value: app3 - valueFiles: - - $values/apps/test/test-apps/common-values.yaml - - repoURL: https://github.com/vehagn/homelab - ref: values - destination: - namespace: test-apps - name: in-cluster - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/apps/test/test-apps/auth-secret.yaml b/apps/test/test-apps/auth-secret.yaml deleted file mode 100644 index ef0c032..0000000 --- a/apps/test/test-apps/auth-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: test-apps -spec: - template: - metadata: - name: traefik-forward-auth-secrets - namespace: test-apps - type: Opaque - encryptedData: - google-client-id: AgCLNh+hqwvz7fXIJkhRRU1xAWcctnYH4NNTSEiFe4P1waIp8/rp06XUw3dBzazX37bkBuObJHf3RfgIg4J0NQjjuh0kZ35LOxdu3iJteXsHmZKFZBsFpr8nQp2nve4qFpA9I+0/ZlgYRroIBktoL3v76TjdbdyI9pu37wBHRX2vBNoDxT1uMrygGN0ZmIfK9d63Cba6CM0mnWyPWye1+0n4P9tqNTFE3sE8gaAZYouff0qOCJDCBNLOC1Ji7gRRAsITqRs5xbp3zmcLj8xjqp1Llc0Mq+yBchromDF5SCTpnncO2O4K5rVTuFSZM6Bpp9Se1n21dd0L5wT/ghj4uqX4brb6XvxcT5+ssanC4bBww9wK/eTSfYrRfbjBWzildMmaghIrMnAHIcQc3FXTgE+cT841Z2fC9ZsijkV8yvVoj5PRZixu0Z5JwREyegJAJGFyMEFUyjyR6U1gKVlhDoFPGQmJ14HxiIZ00XqHkEHj7OojZjga4ZlzAZ2ds+tqPy2Va3Kd7y8nGO0R7O4leK+m1vik7iWddVQNSENRswTdESds/SdsJ0+z9dtseiaQTxWcVF2JcBFDOYbFZm9W1soSTlw6wpJF+mjMaV1k62SxV/0rF+WVaDxhKXcTnVJg1TlFiuOiHdEc/gHrdzo9yDOjTtda+to5YofqS6LWOxZXTZVIAcWXcF/mRNzSZxlJwnASjQ7HJFLpU4S/592dgI2W+PKG1MuaLANrxRmJVgGQF6X35K6t9PzMlmWlwB7kur5/PkKhCLSWIQcpS+9JqYGS21Cmd92yacw= - google-client-secret: AgB7LWzyNdo9dQ+k1d3clj5JNZ1HCU9czRAbnNiGrHgRXwqnDqVgkVoZE3nb+0n7ZQpVr2LRkYJ82kLQ5qNV5Da2bk+0u8nPOYQPjujqZSwumcmXAPZIs7WvVAEoOlufppIgFfuIumrvX1H12Xg9et3r1ayypodqDIVVUu6KgyNtuwzEKm2Yrl6UFoxYbv3as1KijOtAY9THyGRn3pXN53Vos94wzqa5v2gPZIh9ZVYX4bNIJK4j7BLnbETihqpSz2MYmgASf9QfeHMuaxJHq3+nmhS/Oa2huR7Y1CmPVCoPh6WEdiTcE8HPxl5Fp32HGVRaRs4Co/Z/o3QVEXIbmbOoMPnNDbMGtwRUUw0woyMGKpXCr5cLrkKbU1ZVXYGiz2JJwXXedAFmL/lUUUAGkI4sj2sbuHdbXtO+hNtE8K0h+H0HeXApN0m+ts7aKQfIVs9CdK2Ez5wq6k8M3z7APRTYhCXHyjxiHU3LveHahaifFoIetLSUf7WpoTw4qhtdlgnQXEKOot+xV4WdiHWq1PjmS91Wo9al1RPMK+r8eHjSz076S+sRbP3/fzJTFppF/4s5e+6AybobDo08KLRZfO7+q5eaym1I/AmoNl/7EkS7S4LDljHemx1s3bsvW2ropZiGMVfdAGhIz5bSHxHjMZmXYwZmZqWhYWykrFvnm5VJYuOV3410IPAToDx4hgflDqsMRkL+Qm96ZA2lt4Hy74Bj1LKQ6CF+rahTEMmzED3R4mKcaw== - secret: AgCWqoG6xWgWxGmHJPgCAkJoXL27EHyU22giP9lrqXLy/FSdQMJpxY2g/o9Eb/c8rhAHU3tT6vQ3PSP9EzHqLdp6v085XricKQmqZfa9yLYgV65jJJLelIZKbkCE6YAWKlGmsIPd7jskexSdufKboAMjih8y0cF7w0ubnxZVvLAVQT1zU4c/7yQObDFFJ0Le++lPc8eTZphopPjellsx9i19tDQa/5PvexiAbOw740Mq6GKQxZtTJVwpkW6jZ+cc5vGRQp39FP/RiisCyK7wcUGuLW6c8vt8EWiHnsPfImcNaC/DkQFJhsM5w6mHXeZ99uniVauh77jwPm5bR3eT4Qj6NfBOrE4uMaIiwIakt/W+X/AdW4trvajo31uGIr3jdi/csEJmsOGX02/YKyZvDWKkgJMyW2+YwAJwQdzQhXQe0yhSxHfIIbAYIiTSUCTlOS+EgGF80uUWXQzl6WqXW+99CtjgR6fm26si+ZgLpuR5h+75SwmkASgdPb4MnEwCE72of79Ow25weVX68Mbe8HR7GJzQvtMFriRA+TvkHrHHpi2gqVxR68olMyrBdsj774IFV6Vtc5K3sMsWZcdpOIXkaNf7w2ns26PCe7QuZuFnav3i2gW5v3rKCQ+jhazTN3v4mojB5/+smTzrjPZrwU+7e+AsWreIUo/k+4Jk8lsk2WEWlHVtMAu7iojLnfF0ep+Zh5at diff --git a/apps/test/test-apps/auth-values.yaml b/apps/test/test-apps/auth-values.yaml deleted file mode 100644 index d649213..0000000 --- a/apps/test/test-apps/auth-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -name: auth -namespace: test-apps -authOnly: true -auth: - cookieDomain: stonegarden.dev - whitelist: - - veghag@gmail.com - - wiredmatrices@gmail.com diff --git a/apps/test/test-apps/auth.yaml b/apps/test/test-apps/auth.yaml deleted file mode 100644 index 55e0276..0000000 --- a/apps/test/test-apps/auth.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: auth - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: test - sources: - - repoURL: https://github.com/vehagn/homelab - path: charts/application - helm: - valueFiles: - - $values/apps/test/test-apps/auth-values.yaml - - repoURL: https://github.com/vehagn/homelab - ref: values - destination: - namespace: test-apps - name: in-cluster - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/apps/test/test-apps/common-values.yaml b/apps/test/test-apps/common-values.yaml deleted file mode 100644 index b24f241..0000000 --- a/apps/test/test-apps/common-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -name: app -namespace: test-apps -image: - name: containous/whoami -service: - containerPort: 80 -auth: - enabled: true - create: false \ No newline at end of file diff --git a/apps/test/test-apps/kustomization.yaml b/apps/test/test-apps/kustomization.yaml deleted file mode 100644 index 21af25a..0000000 --- a/apps/test/test-apps/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - app.kubernetes.io/managed-by: argocd - app.kubernetes.io/part-of: test - -resources: - - auth-secret.yaml - - app1.yaml - - app2.yaml - - app3.yaml - - auth.yaml \ No newline at end of file diff --git a/apps/test/whoami/http-route.yaml b/apps/test/whoami/http-route.yaml deleted file mode 100644 index 9acf3ec..0000000 --- a/apps/test/whoami/http-route.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: whoami-http-route -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "gateway.stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: whoami - port: 80 \ No newline at end of file diff --git a/apps/test/whoami/ingress-route.yaml b/apps/test/whoami/ingress-route.yaml deleted file mode 100644 index 3538dc2..0000000 --- a/apps/test/whoami/ingress-route.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: whoami-ingress-route - labels: - app: traefik -spec: - entryPoints: - - websecure - routes: - - match: Host(`auth-whoami.stonegarden.dev`) - kind: Rule - services: - - name: traefik-forward-auth - port: 4181 - middlewares: - - name: traefik-forward-auth - - match: Host(`whoami.stonegarden.dev`) - kind: Rule - services: - - name: whoami - port: 80 - middlewares: - - name: traefik-forward-auth - - match: Host(`whoami-ingress-route.stonegarden.dev`) - kind: Rule - services: - - name: whoami - port: 80 \ No newline at end of file diff --git a/apps/test/whoami/ingress.yaml b/apps/test/whoami/ingress.yaml deleted file mode 100644 index 7baec63..0000000 --- a/apps/test/whoami/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: whoami-ingress - namespace: whoami -spec: - rules: - - host: whoami-ingress.stonegarden.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: whoami - port: - number: 80 \ No newline at end of file diff --git a/apps/test/whoami/kustomization.yaml b/apps/test/whoami/kustomization.yaml deleted file mode 100644 index 7352646..0000000 --- a/apps/test/whoami/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: whoami - -resources: -# - ingress.yaml -# - ingress-route.yaml - - http-route.yaml - - traefik-forward-auth - - whoami \ No newline at end of file diff --git a/apps/test/whoami/traefik-forward-auth/auth-secret.yaml b/apps/test/whoami/traefik-forward-auth/auth-secret.yaml deleted file mode 100644 index 607e474..0000000 --- a/apps/test/whoami/traefik-forward-auth/auth-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: whoami -spec: - encryptedData: - google-client-id: AgChcwoghJUslRQrRJTm6hJoiecNl2zlFmJOl49h4gYUoWukyt83ATU30Hw/kyyJ7Chw/Yg9I8Q8/YkI2GbuUjhrndb+7227+X9nerU4cA2lhnPQo27qU61silOoYCfmkDzUfCrLN00zNOHiM3VXOKZms+QOcsWZ7c/nF1Dc5E+eC7DRGgvKwhIrqViSJcms/EFTtzDJKh5WX9knJpg1Wq5FS0b0SMxXW4SjvMGaaeWAJAhZX80NKJUuwHA8STZJ2L3rAwEX3AsVk1+I7VWWvr1MNoPZY8OO76ovuLb++044VU/57uQXw4XG8R7aJF0PaXsrllVx7Qn2MWIBSgDfKJbYKh9J0RFZazZtfLWiVL2rYVtR6ANmOyGKfewdmDonQOTFOIJAn63c1KBICPm4v+xbEI5ic79bG6fG1WwloAY8IBwIPBNzGd7BJ4h1RtjUbty62agr+prX2Gl3ASPFzVnCer1v/e3VqUuQ04yRNYGt0syw1502oAQo+5aCTRG6IRTalNoDgnRFHr8W2cOpMIUL/naWlj6+50yPX+IwAAJ3CFKqPQKMTe/CotodD8oU3dT8ifO0SnNeTYlwo1QHsWhlNUS5kUqGiynEjZzm+Z9hnA7mnImKJRQrA74GNyxl08lUxBU6iySHjqgU/e3w6vWKeQRZCBYs3YTiLWOqes5IPl2Z+xc/dqR2+DRnMw1X7isyIxYXXuWNfkDxJVJcYCN/1oKmk70NBHM3Ux5Uhh3inFLB6uEMOenmr/keB814ReYFozuSVkMo6Rxm1830/Cy5IAA6MeaS8LM= - google-client-secret: AgAsPVQjP7z7p/6pRCY5dGRtPbLzl0T9PkVt3bYaT1DLx0717nvAiiG9cL3YkKEJJgUWXDIsl17d62ZJ61T0RPpnkab9WUAYzvuxajqpA9aeqwUGNFQe3p2YxLJGs14IFpj4bahzbceFr/w0zhu9KU45o4k7vc/xClQtvAPb1WVCYKEonDnKMOBzeQ/vCF0RRFkCXdhvOeNCOs3XKquFy0i4E1StitgN03WiNq/kZuBNnpwp0n/Cmlm+C5GiXypAvt/BW+/+QPLet9ws023uK1ouoTgartpdhtYP0ZHkOnfQDzkds1OP3AyNU+wD1S3jWBRWdc7vnyaJPBP1R8sMoVgW2tBn1XpRpQlu2KEVKP/Xt/ok1vr7hhqbNPh3sESSZxEo6GST8+qf/5w1ot5jIxq1AIiSCmqtzaI4oERc1CWD3XDMkll0G7K649hSneiJHV9riwBwhh3kTcRMMrPBd+VOXfxpXSrE4l8uczgQKhbDRHb9mE9nAO8I6TKxm1apTtzJ/EeaOYBlBtb9Pcct/nla57tdrRF5J+R4tmfZ+wiX0pQceHWOge4Hs36ci8gbAp6zUawdbTRSrMd2IS7xhUn/CsNhDuX74CHb/XwNFXa24ztDWkbZwnZxq7XtCa9Lj70WwyQ/UATvhvYtaL+gFFw11tKSWtUpM7k8LJmtsGtkb8Zz6IDAgk6OgWrRXcm/E+ohMXDsdwYTm3AkcD1+H9qJ7nH1SIXDuktAF59U84xYOOa5Zg== - secret: AgBRVl6Ye+pIZt1X8bca2+8KxSAgTBa4usXynuTRJLymYA1PzSBcNvKjxgcp/ywzZOAX30u4KclxNcYEKzJIDqjcJMc0+RkntPj8z7gqpWizmHAN/tQQtW1n/4HrheOteo7dI3GRHi3B1aQAjxt0zexFdtwUN5aLXeTwyq5pJNSqrKksJz4nzlU8Yfxf8C2bDlZIJHzCFwtR89sVWm5F0U6E2s6+24tI/LJWVBIWLLR5/fmB0gm99N+ByW8uFf4c44bCDhRHwRXJBiZ59/DrqlPJqP1aboN6yxL3M7FBylJs+QP6qrdM2N/8gx6yVQAxYN/gIFKlIuVCwZ+mjjicgvQFRk1Nu7GGVkfN9zOgMyArlC4/MySJBTOWLhF2RZvpaFEx48ga4sIsfDqFC8/55cVNvvwF4mMpu+CvrRHH/+fzdTug9B/Fkn0Y+2f7WGNL8o/1S8DiduWMUU6JBf/C8gAp8bZntrCs74rBI0gdPqmGcG1bnwj/fovyz+AmEpVmL3BTGiuP7XSID3oVxnP0X5iqoNwZ13CRmwScZMUEQurX7AQ40shVHAMpGoMt4LCHXRlZFWSKLfRWpMyP7uVLLnDQnu+oy94SG1abOCZEBCM8esxtOjRPuyEEjftDkPlWp8zhtjGORK1yxALhgeCVg30WVOKfMjJCjc4lpDOxIYLcO2Y6MaQZPYgO0ebYusXDkgd5wQVFcQMo+uN3ExKbTA== - template: - metadata: - annotations: - sealedsecrets.bitnami.com/managed: "true" - name: traefik-forward-auth-secrets - namespace: whoami - type: Opaque - diff --git a/apps/test/whoami/traefik-forward-auth/configs/traefik-forward-auth.ini b/apps/test/whoami/traefik-forward-auth/configs/traefik-forward-auth.ini deleted file mode 100644 index afcb153..0000000 --- a/apps/test/whoami/traefik-forward-auth/configs/traefik-forward-auth.ini +++ /dev/null @@ -1,5 +0,0 @@ -cookie-name = "_whoami_auth" -log-level = "error" -cookie-domain = "stonegarden.dev" -auth-host = "auth-whoami.stonegarden.dev" -domain = "gmail.com" \ No newline at end of file diff --git a/apps/test/whoami/traefik-forward-auth/deployment.yaml b/apps/test/whoami/traefik-forward-auth/deployment.yaml deleted file mode 100644 index 217f012..0000000 --- a/apps/test/whoami/traefik-forward-auth/deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-forward-auth -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-forward-auth - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik-forward-auth - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: thomseddon/traefik-forward-auth:2 - imagePullPolicy: Always - name: traefik-forward-auth - ports: - - containerPort: 4181 - protocol: TCP - env: - - name: CONFIG - value: "/config" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: secret - volumeMounts: - - name: configs - mountPath: /config - subPath: traefik-forward-auth.ini - - volumes: - - name: configs - configMap: - name: configs - - name: traefik-forward-auth-secrets - secret: - secretName: traefik-forward-auth-secrets \ No newline at end of file diff --git a/apps/test/whoami/traefik-forward-auth/kustomization.yaml b/apps/test/whoami/traefik-forward-auth/kustomization.yaml deleted file mode 100644 index 515e0f7..0000000 --- a/apps/test/whoami/traefik-forward-auth/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - app: traefik-forward-auth - -resources: - - auth-secret.yaml - - service.yaml - - deployment.yaml - - middleware.yaml - -configMapGenerator: - - name: configs - files: - - configs/traefik-forward-auth.ini \ No newline at end of file diff --git a/apps/test/whoami/traefik-forward-auth/middleware.yaml b/apps/test/whoami/traefik-forward-auth/middleware.yaml deleted file mode 100644 index d420e9f..0000000 --- a/apps/test/whoami/traefik-forward-auth/middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: traefik-forward-auth -spec: - forwardAuth: - address: http://traefik-forward-auth.whoami.svc.cluster.local:4181 - authResponseHeaders: - - X-Forwarded-User - trustForwardHeader: true \ No newline at end of file diff --git a/apps/test/whoami/traefik-forward-auth/service.yaml b/apps/test/whoami/traefik-forward-auth/service.yaml deleted file mode 100644 index 569ceff..0000000 --- a/apps/test/whoami/traefik-forward-auth/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth -spec: - type: ClusterIP - selector: - app: traefik-forward-auth - ports: - - name: auth-http - port: 4181 diff --git a/apps/test/whoami/whoami/deployment.yaml b/apps/test/whoami/whoami/deployment.yaml deleted file mode 100644 index 8543aee..0000000 --- a/apps/test/whoami/whoami/deployment.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: whoami -spec: - replicas: 1 - selector: - matchLabels: - app: whoami - template: - metadata: - labels: - app: whoami - spec: - containers: - - image: containous/whoami - imagePullPolicy: Always - name: whoami diff --git a/apps/test/whoami/whoami/kustomization.yaml b/apps/test/whoami/whoami/kustomization.yaml deleted file mode 100644 index 9f38d2a..0000000 --- a/apps/test/whoami/whoami/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - app: whoami - -resources: - - service.yaml - - deployment.yaml \ No newline at end of file diff --git a/apps/test/whoami/whoami/service.yaml b/apps/test/whoami/whoami/service.yaml deleted file mode 100644 index b0f816f..0000000 --- a/apps/test/whoami/whoami/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: whoami -spec: - type: ClusterIP - ports: - - name: http - port: 80 - selector: - app: whoami diff --git a/apps/utility/application-set.yaml b/apps/utility/application-set.yaml deleted file mode 100644 index 0301fde..0000000 --- a/apps/utility/application-set.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: utility - namespace: argocd - labels: - dev.stonegarden: utility -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: apps/utility/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: utility - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: utility - source: - plugin: - name: kustomize-build-with-helm - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: '{{ path.basename }}' - syncPolicy: - automated: - selfHeal: true - prune: true diff --git a/apps/utility/haos/endpoint-slice.yaml b/apps/utility/haos/endpoint-slice.yaml deleted file mode 100644 index 224b859..0000000 --- a/apps/utility/haos/endpoint-slice.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: discovery.k8s.io/v1 -kind: EndpointSlice -metadata: - name: home-assistant - namespace: haos - labels: - kubernetes.io/service-name: home-assistant - endpointslice.kubernetes.io/managed-by: cluster-admins -addressType: IPv4 -ports: - - name: http - protocol: TCP - port: 8123 -endpoints: - - addresses: - - 192.168.1.27 - conditions: # https://github.com/argoproj/argo-cd/issues/15554 - ready: true diff --git a/apps/utility/haos/ingress-route.yaml b/apps/utility/haos/ingress-route.yaml deleted file mode 100644 index 432b7bd..0000000 --- a/apps/utility/haos/ingress-route.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: home-assistant - namespace: haos -spec: - entryPoints: - - websecure - routes: - - match: Host(`haos.stonegarden.dev`) - kind: Rule - services: - - name: home-assistant - port: 8123 \ No newline at end of file diff --git a/apps/utility/haos/kustomization.yaml b/apps/utility/haos/kustomization.yaml deleted file mode 100644 index f903da8..0000000 --- a/apps/utility/haos/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ns.yaml - - svc.yaml - - endpoint-slice.yaml - - http-route.yaml -# - ingress-route.yaml \ No newline at end of file diff --git a/apps/utility/home-assistant.yaml b/apps/utility/home-assistant.yaml deleted file mode 100644 index 9d198ae..0000000 --- a/apps/utility/home-assistant.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: home-assistant - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - labels: - dev.stonegarden: home-assistant -spec: - project: utility - source: - repoURL: https://github.com/vehagn/home-assistant - path: deployment - targetRevision: HEAD - destination: - namespace: home-assistant - name: in-cluster - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true - diff --git a/apps/utility/kustomization.yaml b/apps/utility/kustomization.yaml deleted file mode 100644 index ecd32ce..0000000 --- a/apps/utility/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -commonLabels: - dev.stonegarden: app-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml -# - home-assistant.yaml diff --git a/apps/utility/project.yaml b/apps/utility/project.yaml deleted file mode 100644 index 31dfaa2..0000000 --- a/apps/utility/project.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: utility - namespace: argocd -spec: - sourceNamespaces: - - '*' - sourceRepos: - - 'https://github.com/vehagn/*' - destinations: - - namespace: 'argocd' - server: '*' - - namespace: 'haos' - server: '*' - - namespace: 'proxmox' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/apps/utility/proxmox/endpoint-slice.yaml b/apps/utility/proxmox/endpoint-slice.yaml deleted file mode 100644 index 37650b2..0000000 --- a/apps/utility/proxmox/endpoint-slice.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: discovery.k8s.io/v1 -kind: EndpointSlice -metadata: - name: proxmox-euclid - namespace: proxmox - labels: - kubernetes.io/service-name: proxmox-euclid - endpointslice.kubernetes.io/managed-by: cluster-admins -addressType: IPv4 -ports: - - name: https - protocol: TCP - port: 8006 -endpoints: - - addresses: - - 192.168.1.42 - conditions: # https://github.com/argoproj/argo-cd/issues/15554 - ready: true \ No newline at end of file diff --git a/apps/utility/proxmox/kustomization.yaml b/apps/utility/proxmox/kustomization.yaml deleted file mode 100644 index a1e4326..0000000 --- a/apps/utility/proxmox/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ns.yaml - - svc.yaml - - endpoint-slice.yaml - - tls-route.yaml \ No newline at end of file diff --git a/apps/utility/proxmox/ns.yaml b/apps/utility/proxmox/ns.yaml deleted file mode 100644 index b087c9a..0000000 --- a/apps/utility/proxmox/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: proxmox \ No newline at end of file diff --git a/apps/utility/proxmox/svc.yaml b/apps/utility/proxmox/svc.yaml deleted file mode 100644 index 9a09555..0000000 --- a/apps/utility/proxmox/svc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: proxmox-euclid - namespace: proxmox -spec: - ports: - - name: https - protocol: TCP - port: 443 - targetPort: 8006 \ No newline at end of file diff --git a/apps/utility/proxmox/tls-route.yaml b/apps/utility/proxmox/tls-route.yaml deleted file mode 100644 index c74d5c9..0000000 --- a/apps/utility/proxmox/tls-route.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1alpha2 -kind: TLSRoute -metadata: - name: euclid - namespace: proxmox -spec: - parentRefs: - - name: proxmox-euclid - namespace: gateway - hostnames: - - "proxmox.euclid.stonegarden.dev" - rules: - - backendRefs: - - name: proxmox-euclid - port: 443 \ No newline at end of file diff --git a/charts/application/.helmignore b/charts/application/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/application/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/application/Chart.yaml b/charts/application/Chart.yaml deleted file mode 100644 index bc28d9e..0000000 --- a/charts/application/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: application -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/charts/application/templates/_helpers.tpl b/charts/application/templates/_helpers.tpl deleted file mode 100644 index 70fc39c..0000000 --- a/charts/application/templates/_helpers.tpl +++ /dev/null @@ -1,61 +0,0 @@ -{{/* -Common labels -*/}} -{{- define "common.labels" -}} -app.kubernetes.io/name: {{ .Values.name }} -{{- with .Values.additionalLabels }} -{{ toYaml . }} -{{- end }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "common.annotations" -}} -{{- with .Values.annotations }} -{{ toYaml . }} -{{- end }} -{{- end }} - -{{/* -Returns string "true" or empty which will be evaluated to boolean false -*/}} -{{- define "deployment.create" -}} -{{- if not .Values.authOnly }} -{{- true }} -{{- end }} -{{- end }} - -{{/* -Returns string "true" or empty which will be evaluated to boolean false -*/}} -{{- define "service.create" -}} -{{- if and .Values.service.create (include "deployment.create" .) }} -{{- true }} -{{- end }} -{{- end }} - -{{/* -Returns string "true" or empty which will be evaluated to boolean false -*/}} -{{- define "ingressRoute.create" -}} -{{- if and .Values.ingressRoute.create (or .Values.authOnly (include "service.create" .)) }} -{{- true }} -{{- end }} -{{- end }} - -{{/* -Returns string "true" or empty which will be evaluated to boolean false -*/}} -{{- define "auth.create" -}} -{{- if or .Values.authOnly (and .Values.auth.enabled .Values.auth.create (include "ingressRoute.create" .)) }} -{{- true }} -{{- end }} -{{- end }} - -{{/* -Return default auth host or custom value if set -*/}} -{{- define "auth.host" -}} -{{ .Values.auth.host | default (print "auth-" .Values.namespace "." .Values.auth.cookieDomain ) }} -{{- end }} \ No newline at end of file diff --git a/charts/application/templates/application/deployment.yaml b/charts/application/templates/application/deployment.yaml deleted file mode 100644 index 4ac9e3b..0000000 --- a/charts/application/templates/application/deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if include "deployment.create" . }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.name }} - namespace: {{ .Values.namespace }} - labels: - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- include "common.annotations" . | nindent 4 }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: {{ .Values.name }} - template: - metadata: - labels: - app: {{ .Values.name }} - spec: - volumes: - {{- range .Values.hostVolumes }} - - name: {{ .name }} - hostPath: - path: {{ .hostPath }} - {{- end }} - {{- range .Values.additionalVolumes }} - - name: {{ .name }} - {{- toYaml .value | nindent 10 }} - {{- end }} - containers: - - name: {{ .Values.name }} - image: {{ .Values.image.name }}:{{ .Values.image.tag | default "latest" }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - {{- range .Values.hostVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - {{- end }} - {{- range .Values.additionalVolumes }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - {{- end }} - env: - {{- toYaml .Values.env | nindent 12 }} - {{- with .Values.additionalEnv }} - {{ . | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.containerPort }} - protocol: TCP - {{- range .Values.service.additionalPorts }} - - name: {{ .name }} - containerPort: {{ .containerPort }} - protocol: {{ .protocol | default "TCP" }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} -{{- end }} \ No newline at end of file diff --git a/charts/application/templates/application/service.yaml b/charts/application/templates/application/service.yaml deleted file mode 100644 index ef57e34..0000000 --- a/charts/application/templates/application/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if include "service.create" .}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.name }} - namespace: {{ .Values.namespace }} - labels: - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- include "common.annotations" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - {{- range .Values.service.additionalPorts }} - - name: {{ .name }} - port: {{ .port | default .containerPort }} - targetPort: {{ .name }} - protocol: {{ .protocol | default "TCP" }} - {{- end }} - selector: - app: {{ .Values.name }} -{{- end }} \ No newline at end of file diff --git a/charts/application/templates/ingress-route.yaml b/charts/application/templates/ingress-route.yaml deleted file mode 100644 index 7270dcd..0000000 --- a/charts/application/templates/ingress-route.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if include "ingressRoute.create" . }} -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: {{ .Values.name }} - namespace: {{ .Values.namespace }} - labels: - {{- include "common.labels" . | nindent 4 }} -spec: - entryPoints: - - websecure - routes: - {{- if include "service.create" . }} - - match: Host(`{{ .Values.name }}.stonegarden.dev`) - kind: Rule - services: - - name: {{ .Values.name }} - port: 80 - {{- if .Values.auth.enabled }} - middlewares: - - name: traefik-forward-auth - {{- end }} - {{- end }} - {{- if include "auth.create" . }} - - match: Host(`{{ include "auth.host" . }}`) - kind: Rule - services: - - name: traefik-forward-auth - port: {{ .Values.auth.port }} - middlewares: - - name: traefik-forward-auth - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/application/templates/traefik-forward-auth/config-map.yaml b/charts/application/templates/traefik-forward-auth/config-map.yaml deleted file mode 100644 index 4f9b40d..0000000 --- a/charts/application/templates/traefik-forward-auth/config-map.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if include "auth.create" . }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: traefik-forward-auth - namespace: {{ .Values.namespace }} - labels: - app: traefik-forward-auth - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- include "common.annotations" . | nindent 4 }} -data: - traefik-forward-auth.ini: |- - cookie-name = {{ .Values.auth.cookieName | default (print "_" .Values.namespace "_auth") | quote }} - cookie-domain = {{ .Values.auth.cookieDomain | quote }} - auth-host = {{ include "auth.host" . | quote }} - log-level = {{ .Values.auth.logLevel | quote }} - {{- range .Values.auth.domains }} - domain = {{ . | quote }} - {{- end }} - {{- range .Values.auth.whitelist }} - whitelist = {{ . | quote }} - {{- end }} - {{- range $key, $val := .Values.auth.extraConfig -}} - {{ $key | nindent 4 }} = {{ $val | quote }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/application/templates/traefik-forward-auth/deployment.yaml b/charts/application/templates/traefik-forward-auth/deployment.yaml deleted file mode 100644 index 8ec2931..0000000 --- a/charts/application/templates/traefik-forward-auth/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if include "auth.create" . }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-forward-auth - namespace: {{ .Values.namespace }} - labels: - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- include "common.annotations" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-forward-auth - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik-forward-auth - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: thomseddon/traefik-forward-auth:2 - imagePullPolicy: Always - name: traefik-forward-auth - ports: - - name: auth - containerPort: 4181 - protocol: TCP - env: - - name: CONFIG - value: "/config" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: secret - volumeMounts: - - name: config - mountPath: /config - subPath: traefik-forward-auth.ini - volumes: - - name: config - configMap: - name: traefik-forward-auth - - name: traefik-forward-auth-secrets - secret: - secretName: traefik-forward-auth-secrets -{{- end }} \ No newline at end of file diff --git a/charts/application/templates/traefik-forward-auth/middleware.yaml b/charts/application/templates/traefik-forward-auth/middleware.yaml deleted file mode 100644 index bd23af2..0000000 --- a/charts/application/templates/traefik-forward-auth/middleware.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if include "auth.create" . }} -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: traefik-forward-auth - namespace: {{ .Values.namespace }} - labels: - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- include "common.annotations" . | nindent 4 }} -spec: - forwardAuth: - address: "http://traefik-forward-auth.{{ .Values.namespace }}.svc.cluster.local:{{ .Values.auth.port }}" - authResponseHeaders: - - X-Forwarded-User - trustForwardHeader: true - {{- end }} \ No newline at end of file diff --git a/charts/application/templates/traefik-forward-auth/service.yaml b/charts/application/templates/traefik-forward-auth/service.yaml deleted file mode 100644 index 3724acf..0000000 --- a/charts/application/templates/traefik-forward-auth/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if include "auth.create" . }} -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth - namespace: {{ .Values.namespace }} - labels: - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- include "common.annotations" . | nindent 4 }} -spec: - type: ClusterIP - selector: - app: traefik-forward-auth - ports: - - name: auth - port: {{ .Values.auth.port }} - targetPort: auth - {{- end }} \ No newline at end of file diff --git a/charts/application/values.yaml b/charts/application/values.yaml deleted file mode 100644 index 3cad4bf..0000000 --- a/charts/application/values.yaml +++ /dev/null @@ -1,66 +0,0 @@ -name: name -namespace: namespace - -# Skip deployment and only do auth -authOnly: false - -image: - name: image - tag: latest - pullPolicy: Always - -replicas: 1 - -service: - create: true - type: ClusterIP - port: 80 - containerPort: 8080 - additionalPorts: [] -# - name: "" -# protocol: TCP -# containerPort: "" -# port: "" - -ingressRoute: - create: true - -env: [] -additionalEnv: [] - -hostVolumes: [] - #- name: volume-name - # hostPath: /host/path - # mountPath: /container/path - -additionalVolumes: - #- name: volume-name - # mountPath: /container/path - # value: {} - -additionalLabels: {} - -annotations: {} - -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -auth: - # Enable authentication with traefik-forward-auth - enabled: true - # Create traefik-forward-auth deployment - # Set to "false" to reuse a different deployment in the same namespace - create: true - port: 4181 - cookieName: "" - cookieDomain: "" - host: "" - domains: {} - whitelist: {} - logLevel: error - extraConfig: {} \ No newline at end of file diff --git a/docs/QUICKSTART.md b/docs/QUICKSTART.md deleted file mode 100644 index 689a27c..0000000 --- a/docs/QUICKSTART.md +++ /dev/null @@ -1,338 +0,0 @@ -# Quickstart using kubeadm - -## Debian 12 – Bookworm - -Enable `sudo` for the user - -```shell -~$ su - -~# usermod -aG sudo -~# apt install sudo -~# exit -~$ exit -``` - -Enable `ssh` on server - -```shell -sudo apt install openssh-server -``` - -On client - -```shell -ssh-copy-id @ -``` - -Harden `ssh` server - -```shell -echo "PermitRootLogin no" | sudo tee /etc/ssh/sshd_config.d/01-disable-root-login.conf -echo "PasswordAuthentication no" | sudo tee /etc/ssh/sshd_config.d/02-disable-password-auth.conf -echo "ChallengeResponseAuthentication no" | sudo tee /etc/ssh/sshd_config.d/03-disable-challenge-response-auth.conf -echo "UsePAM no" | sudo tee /etc/ssh/sshd_config.d/04-disable-pam.conf -sudo systemctl reload ssh -``` - -## Install prerequisites - -https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ - -Install cert tools - -```shell -sudo apt update -sudo apt install -y apt-transport-https ca-certificates curl gpg -``` - -Add key and kubernetes repo - -```shell -curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg -echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list -``` - -Install kubelet, kubeadm and kubectl - -```shell -sudo apt update -sudo apt install -y kubelet kubeadm kubectl -sudo apt-mark hold kubelet kubeadm kubectl -``` - -Kubelet ≥ 1.26 requires containerd ≥ 1.6.0. - -```shell -sudo apt install -y runc containerd -``` - -## Config - -### Disable swap - -Disable swap for kubelet to work properly - -```shell -sudo swapoff -a -``` - -Comment out swap in `/etc/fstab` to disable swap on boot - -```shell -sudo sed -e '/swap/ s/^#*/#/' -i /etc/fstab -``` - -### Forwarding IPv4 and letting iptables see bridged traffic - -https://kubernetes.io/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites - -```shell -cat <@:/home/veh/.kube/config ~/.kube/config -``` - -## (Optional) Remove taint for single node use - -Get taints on nodes - -```shell -kubectl get nodes -o json | jq '.items[].spec.taints' -``` - -Remove taint on master node to allow scheduling of all deployments - -```shell -kubectl taint nodes --all node-role.kubernetes.io/control-plane- -``` - -## Install Cilium as CNI (Container Network Interface) - -To bootstrap the cluster we can install Cilium using its namesake CLI. - -For Linux this can be done by running - -```shell -CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt) -CLI_ARCH=amd64 -if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi -curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} -sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum -sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin -rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} -``` - -See the [Cilium official docs](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/) for more options. - -Next we install Cilium in Kube proxy replacement mode and enable L2 announcements to reply to ARP requests. -To not run into rate limiting while doing L2 announcements we also increase the k8s rate limits. - -```shell -cilium install \ - --set kubeProxyReplacement=true \ - --set l2announcements.enabled=true \ - --set externalIPs.enabled=true \ - --set k8sClientRateLimit.qps=50 \ - --set k8sClientRateLimit.burst=100 -``` - -See [this blog post](https://blog.stonegarden.dev/articles/2023/12/migrating-from-metallb-to-cilium/#l2-announcements) -for more details. - -Validate install - -```shell -cilium status -``` - -## Cilium LB IPAM - -For [Cilium to act as a load balancer](https://docs.cilium.io/en/stable/network/lb-ipam/) and start assigning IPs -to `LoadBalancer` `Service` resources we need to create a `CiliumLoadBalancerIPPool` with a valid pool. - -Edit the cidr range to fit your network before applying it - -```shell -kubectl apply -f infra/cilium/ip-pool.yaml -``` - -Next create a `CiliumL2AnnouncementPolicy` to announce the assigned IPs. -Leaving the `interfaces` field empty announces on all interfaces. - -```shell -kubectl apply -f infra/cilium/announce.yaml -``` - -## Sealed Secrets - -Used to create encrypted secrets - -```shell -kubectl apply -k infra/sealed-secrets -``` - -Be sure to store the generated sealed secret key in a safe place! - -```shell -kubectl -n kube-system get secrets -``` - -*NB!*: There will be errors if you use my sealed secrets as you (hopefully) don't have the decryption key - -## Gateway API - -```shell -kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml -``` - -## Cert-manager - -```shell -kubectl kustomize --enable-helm infra/cert-manager | kubectl apply -f - -``` - -## Traefik - -Change the `io.cilium/lb-ipam-ips` annotation in `infra/traefik/values.yaml` to a valid IP address for your network. - -Install Traefik - -```shell -kubectl kustomize --enable-helm infra/traefik | kubectl apply -f - -``` - -## Port forward Traefik - -Port forward Traefik ports in router from 8000 to 80 for http and 4443 to 443 for https. -IP can be found with `kubectl get svc` (it should be the same as the one you gave in the annotation). - -# Test-application (Optional) - -Deploy a test-application by editing the manifests in `apps/test/whoami` and apply them - -```shell -kubectl apply -k apps/test/whoami -``` - -An unsecured test-application `whoami` should be available at [https://test.${DOMAIN}](https://test.${DOMAIN}). -If you configured `apps/test/whoami/traefik-forward-auth` correctly a secured version should be available -at [https://whoami.${DOMAIN}](https://whoami.${DOMAIN}). - -## Argo CD - -[ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/) is used to bootstrap the rest of the cluster. -The cluster uses a combination of Helm and Kustomize to configure infrastructure and applications. -For more details read [this blog post](https://blog.stonegarden.dev/articles/2023/09/argocd-kustomize-with-helm/) - -```shell -kubectl kustomize --enable-helm infra/argocd | kubectl apply -f - -``` - -Get ArgoCD initial secret by running - -```shell -kubectl -n argocd get secrets argocd-initial-admin-secret -o json | jq -r .data.password | base64 -d -``` - -## Kubernetes Dashboard - -An OIDC (traefik-forward-auth) -protected [Kubernetes Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) can be -deployed using - -```shell -kubectl apply -k infra/dashboard -``` - -Create a token - -```shell -kubectl -n kubernetes-dashboard create token admin-user -``` - -## ApplicationSets - -*NB!*: This will not work before you've changed all the domain names and IP addresses. - -Once you've tested everything get the ball rolling with - -```shell -kubectl apply -k sets -``` - -## Cleanup - -```shell -kubectl drain gauss --delete-emptydir-data --force --ignore-daemonsets -sudo kubeadm reset -sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X -``` diff --git a/docs/assets/kubernetes.svg b/docs/assets/kubernetes-logo.svg similarity index 100% rename from docs/assets/kubernetes.svg rename to docs/assets/kubernetes-logo.svg diff --git a/docs/assets/proxmox-logo-stacked-color.svg b/docs/assets/proxmox-logo-stacked-color.svg new file mode 100755 index 0000000..a271f3c --- /dev/null +++ b/docs/assets/proxmox-logo-stacked-color.svg @@ -0,0 +1,141 @@ + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/assets/proxmox-logo-stacked-inverted-color.svg b/docs/assets/proxmox-logo-stacked-inverted-color.svg new file mode 100755 index 0000000..c18256e --- /dev/null +++ b/docs/assets/proxmox-logo-stacked-inverted-color.svg @@ -0,0 +1,137 @@ + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/assets/talos-logo.svg b/docs/assets/talos-logo.svg new file mode 100644 index 0000000..74fc065 --- /dev/null +++ b/docs/assets/talos-logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/docs/assets/tofu-on-dark.svg b/docs/assets/tofu-on-dark.svg new file mode 100644 index 0000000..ac42d2d --- /dev/null +++ b/docs/assets/tofu-on-dark.svg @@ -0,0 +1,21 @@ + + + + + + + + + \ No newline at end of file diff --git a/docs/assets/tofu-on-light.svg b/docs/assets/tofu-on-light.svg new file mode 100644 index 0000000..f63b518 --- /dev/null +++ b/docs/assets/tofu-on-light.svg @@ -0,0 +1,32 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/infra/application-set.yaml b/infra/application-set.yaml deleted file mode 100644 index 2af3d62..0000000 --- a/infra/application-set.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: infrastructure - namespace: argocd - labels: - dev.stonegarden: infrastructure -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: infra/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: infrastructure - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: infrastructure - source: - plugin: - name: kustomize-build-with-helm - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: argocd - syncPolicy: - automated: - selfHeal: true - prune: true \ No newline at end of file diff --git a/infra/apps/application-set.yaml b/infra/apps/application-set.yaml deleted file mode 100644 index 25379ff..0000000 --- a/infra/apps/application-set.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: infra-apps - namespace: argocd - labels: - dev.stonegarden: infra-apps -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: infra/apps/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: infrastructure - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: infra-apps - source: - plugin: - name: kustomize-build-with-helm - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: argocd - syncPolicy: - automated: - selfHeal: true - prune: true \ No newline at end of file diff --git a/infra/apps/keycloak/http-route.yaml b/infra/apps/keycloak/http-route.yaml deleted file mode 100644 index 5151356..0000000 --- a/infra/apps/keycloak/http-route.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: keycloak - namespace: keycloak -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "keycloak.stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: keycloak - port: 80 \ No newline at end of file diff --git a/infra/apps/keycloak/kustomization.yaml b/infra/apps/keycloak/kustomization.yaml deleted file mode 100644 index 8787b8f..0000000 --- a/infra/apps/keycloak/kustomization.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - pv.yaml - - ns.yaml - - http-route.yaml - - secret-keycloak-postgresql.yaml - - secret-keycloak-admin.yaml - -helmCharts: - - name: keycloak - repo: oci://registry-1.docker.io/bitnamicharts - version: 21.1.1 - releaseName: keycloak - includeCRDs: true - namespace: keycloak - valuesFile: values.yaml - - diff --git a/infra/apps/keycloak/ns.yaml b/infra/apps/keycloak/ns.yaml deleted file mode 100644 index 5e8adbf..0000000 --- a/infra/apps/keycloak/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: keycloak \ No newline at end of file diff --git a/infra/apps/keycloak/pv.yaml b/infra/apps/keycloak/pv.yaml deleted file mode 100644 index d80c959..0000000 --- a/infra/apps/keycloak/pv.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: keycloak-db - labels: - app: keycloak -spec: - capacity: - storage: 8Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - local: - path: /disk/etc/keycloak - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/infra/apps/keycloak/secret-keycloak-admin.yaml b/infra/apps/keycloak/secret-keycloak-admin.yaml deleted file mode 100644 index b29336d..0000000 --- a/infra/apps/keycloak/secret-keycloak-admin.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: keycloak-admin - namespace: keycloak -spec: - encryptedData: - password: AgCUvceBKvb5ULjP0KlLy+8Uj7G5hq0MrvNtbStV4f/tjs4tFah0ZmHaP4OrT5o5xhmaDga7Ozu8BstvW210eiYBMYJ59+u1n5Sh8H8XpJJNQ38MOxeRl2Wftdx4uAOLMyj68qv58LYmwXic/WIgP3pn4X/YR3wHJ3EgwUnU7c8XeifzVrYwNwNibu0WUJpXABE3JU2szbd8bvQscAwJpYFdf1iJoYjvvVMaRTe9SmNN8ybIZxT3z56+CxXx2gA6+Qn0Uiq4ToGo5DHYP1uivlk2I9GrRj/SFhISSV0JywEznNf2iZUBlM+9qZkbQo99Fe0VeFsDu/uzEjS5yHnDfPVSrAm4uCaE+4DbbPAN3HOm0/agf0wf/QNOgifI/uiuJatuSkP6WuzaO+lz5nyJEiGpBkuGcawMZ8YNdnaTpfDFZPL1HoNApYkqO1+4YvvTzYZcpuQM8ljiqTxeUpSjA7rBjCKExJhGupt9FjQb7ed8PDtxZD+fYKAzvI+gAQaI7Bn0sNVVqOG6QaPsL4sa3ZBT0dcQtItHj487iVkvyVS9iZn1tbsIu5K4JE4rH4h+opvmWiFxGOhnxf5bWJa+6rouWR3R3PAcKji8RGIKCR4CnQwbhFWXA7P0301rsJ3VLwhBxl9kHxtkwMpsUwGO8v0gbhNPTVoN0tvLj8E4QTuwyPSfraOsBPyicq4dOLDZ0ZUGVPSDdJQuRApPCGp/Ssreq5YbfFbFIuxzwm6BF1TBRA== - template: - metadata: - name: keycloak-admin - namespace: keycloak - type: Opaque diff --git a/infra/apps/keycloak/secret-keycloak-postgresql.yaml b/infra/apps/keycloak/secret-keycloak-postgresql.yaml deleted file mode 100644 index 8387d51..0000000 --- a/infra/apps/keycloak/secret-keycloak-postgresql.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: keycloak-postgresql - namespace: keycloak -spec: - encryptedData: - username: AgBU9BBpv9UfBm/q6nhfYucDBSh0PGP5paA1M8GOD+f0IMCC53SHMIUpu74hv7aRiJ4BG35SfxfnkMbuQWApxcARFnD3GaALN2lOgerSUlVFnj77BDnf1Ej6TTT0pYNXbRIRQOKA2Uz/7rkvhlOz7Cc8jqc6oYCB8FWdbcZwnbDQ0ZbWVgtxo4G2PPSDdI87WrasZCnrK533aWFGoof5M9cfDnyRjhgzrbbMivIQ6SmDE9MMg6AmlavTPOAQJjWKmWPBcnvCmIST9QS4LFnJh2Dw8R88Ak6eN7luKvTaRtX39zB47NernQy9itbFh1uq06qcmxfjpVGbLX17IOWClACZIUgsUJjWqL1gX4KN4NxXxAj31LUp0qc4BHX6ufpSVlea7sO2icwnBKEyNY3mPDHOL8CEqNQ+6m8h0tdS5URPEtbubvtrfijZL2BTrvDJ45fEMODu61J0J3+FHhR+6tLPtH3NC4gymcWg0dAPh3SPC/FRrQ1jS8neS1rwKgwxPnHumkBaWcOCvSeAW0MVtsbeYKz4yNahy8b0QRk0WRvloXldBHPvwide5aWow4mMM8c5hZ4F6aqyE6ZgfLIyXS9qO+WQ5hZKEBH+3rzhoi5BbIDyKLQ2Pa3NlXVV7PLSGuL4Tvqej7cZewikGvJR871qBIrVCRfHueQcE3laNooZRG3DoaeNhtIJCY+bbCZ+mLdpAJBbMmXdLA== - password: AgDBjAKqYO1nySBpsKmYAverXWA9WwKX7JneraCl95z8rVj3STQ+6KmM29K/G83P7d5qW38oJCFh6QDn38NbFQrt9QT9+dvcJ7SjTznHVLZqd8KZdhQk5E1ay0DRNG7QGbxljSSikmmEuTdf31MyFHWaQww2eyhBzf3Fce4rqWbkcbYqxsKimxoRYahjRdKO5j8+oOpjwvaVdPnkRh+5eYWPo+hPbLYL39J/lTVsYfl4WQHtmpFeog5dSk14s3YkT8M6qrERG3WCcaC2S6rcWab4azk21IFdoAqTTE4EFTNHmO5qPLrcm8g2LP18KTzBCWbHZduPMCQdgKONqx+GnJGKojPeK5I+lhycEtrNDotxMYS2KBlnT7+5DBytTrbSWCtaW47SAHQtYEwbsuVlRKfKUHhFCmI0AkxdYCflzv7PqGyX69UVwZlcyMlGZI4NGmJ5sTsibFUl92CTMO2SVSSCyUAW4Kq64gDPcugmcJuSQxNUgHD5UzQZqZlo+m8inORuJzmcILtHTFmYObIYW3IV6qp12ws+EH1xWvdJBA7Mi28Kw1DbcKGS2FVV1bwbcYpY8f4/POCgER/dC+vg9BrzjstcTlldXAw92ZGcqQ1DE4+95jgylhKmxyU7jUHwmzq78H4qkEBHsBpkudi8gzT0v2QBpmC5aOwRLP8BrvM6AjWkNtD6Weo6fbTKqjdYkogb4MQHkVXrA0FMje12lA4yt1mU6MNA1tmi6ljxixeNcw== - postgres-password: AgA0MpVuP9zFPQQ3GzQdLMur7LjMcETbad4lZq1U9PULjvMmujymyoKoBND+p1GCJWfW3S3sD0yMoM3QXzGN6642/7DLSKDV/xa7eEId2gqZNALR3wr2CD5hXcwbYg3BRTsOf92qWjRAyuECQiY8rXMgcEvaFjtM4tN4R6iIo4dKTbGRVNi+diUkL7eeEBW1CBZuiGCUxUfyeyEKtaUWXlsyswjmWfSyKNPJDzseOX7okGYT5Vtdx4lmlIH9Zaza3I7ea6dz/2AE8Q4z4yb0qrFO8PTRnMnnGBIvPrYXS58C09eozFwZqI8SXUHOTY7oDCTVVVTwJn4PCSBoNl19BAVsUG3GEYtl99MvicDIj08M96IrK5NczXmez5giYqgsp73nw0LsVHDKAf9C43Ch0EfC/d8N4b8UxxedmjqPlxJJqn3twj70yT1vJG+R7gaF/maxQdeDm5iEuvz/wExJqfTJByDOU3QhYC8gKPA6siGjzrI2DvgLo5LmrqFeOVma1TuIzGs4W9q1aOMEXPRBr/1rG7ZvaW+34ZB+NQ4Nc+h2mGUMKVWJ7vvAW+tf3mihwkSoWKjfjot/zS67rThZe37w/lJ++c96WQ77OMLNgXN9Uq7pjmhenkin7dTX5iKykRc07ifSyz+K7cPnKCSO2Otac33XVrL9etdjJ9+3dv28gRjdFxu5phm2OF71s42WSGeVz023kEXKk5NYqWDd3133lfwaDkwJ5SgFTbHONqw3Ww== - template: - metadata: - name: keycloak-postgresql - namespace: keycloak - type: Opaque diff --git a/infra/apps/keycloak/values.yaml b/infra/apps/keycloak/values.yaml deleted file mode 100644 index 7e465cf..0000000 --- a/infra/apps/keycloak/values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# https://github.com/bitnami/charts/blob/main/bitnami/keycloak/values.yaml -auth: - adminUser: admin - existingSecret: keycloak-admin - passwordSecretKey: password - -#production: true - -proxy: edge - -ingress: - enabled: true - hostname: keycloak.stonegarden.dev - path: / - tls: true - -postgresql: - enabled: true - auth: - existingSecret: keycloak-postgresql - # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml - primary: - persistence: - enabled: true - volumeName: keycloak-db \ No newline at end of file diff --git a/infra/apps/kustomization.yaml b/infra/apps/kustomization.yaml deleted file mode 100644 index 3ef2e53..0000000 --- a/infra/apps/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -commonLabels: - dev.stonegarden: infra-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml \ No newline at end of file diff --git a/infra/apps/project.yaml b/infra/apps/project.yaml deleted file mode 100644 index d91b255..0000000 --- a/infra/apps/project.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: infra-apps - namespace: argocd -spec: - sourceRepos: - - 'https://github.com/vehagn/homelab' - - 'oci://registry-1.docker.io/bitnamicharts/keycloak' - destinations: - - namespace: 'argocd' - server: '*' - - namespace: 'keycloak' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' diff --git a/infra/argocd/auth/auth-values.yaml b/infra/argocd/auth/auth-values.yaml deleted file mode 100644 index ab9a28d..0000000 --- a/infra/argocd/auth/auth-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -name: auth -namespace: argocd -authOnly: true -auth: - cookieDomain: stonegarden.dev - whitelist: - - veghag@gmail.com - - nina.m.smorsgard@gmail.com \ No newline at end of file diff --git a/infra/argocd/auth/kustomization.yaml b/infra/argocd/auth/kustomization.yaml deleted file mode 100644 index ff6c2e7..0000000 --- a/infra/argocd/auth/kustomization.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: argocd - -helmGlobals: - chartHome: ../../../charts - -helmCharts: - - name: application - releaseName: auth - valuesFile: auth-values.yaml - -resources: - - traefik-forward-auth-secrets.yaml diff --git a/infra/argocd/auth/traefik-forward-auth-secrets.yaml b/infra/argocd/auth/traefik-forward-auth-secrets.yaml deleted file mode 100644 index 1b74659..0000000 --- a/infra/argocd/auth/traefik-forward-auth-secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: argocd -spec: - template: - metadata: - name: traefik-forward-auth-secrets - namespace: argocd - type: Opaque - encryptedData: - google-client-id: AgBFA+N1acn6eDPPEe25xCM1rWcpPGCFxs2shiOFks/tiBcwmO7B+rvUK8soVcTpPVFs4f58ImezPKZ3QUdeJHM2+ee8GYj5d7t1HoFyGbsWSLCG0oczkCB6W+m6W7aGJ/0HnPwGhBK5B2jktfqbMWPfk5wAF/jCzkkUpkENDTQWwfUOXSemdLh5j7J/KWpFQMHWCYwhM4jMzLbRp0emzxEUjmnajbbueURr/N3DUIE3wuXfmqz5XfLbAoY+f0H3ZMHoMSoHOvTZW7vCJo1pOuBLwsRERK2IVcYEENEHSvDVsr4wfSN2evhAxrSOdBJOJjHGUlnIXkex48sejCCYZo0x+qNkN6X/dtHscB/Uz2zNv7b/Jw6j9HoEWsYpeeDaeQP6rhbVddIlc55Bia/ocC5inMVKb1VdCszPhn6bMU+BAxJiwakRaW5i/rN3K5L0TE2t+gWET01FEDPzXu1SQdjmXU0vGQnKiS1hHi2vd/LlpPi3Ergz1AppS/TFwZkbM+djyxvwsLGx/kPgOLbR/lLpcAMTf2wj1ZZlgTouoX6WxIAGBsvFCLu6GHvNlFC7zaE93E7L4umUvPd+yWqwhi/MXIgtK48bzZF4wsRW3sSwiED3ZsboHMpMjGGZEIOqMJ1ULMNp89BqbIcWCJXDTiOvGT/BMfZ5m7t+iMVJWvYyv7/34KQW92/bxNxhaHe1FjbcClyrqJu8dUv3YGNOT01/vodPfFUO4PnzFwNy7qMTuQzc9HPaKxeERJNOpJHR2dixJJo8fRX7a1lX7AG2Wmogwv1HnvqHxL0= - google-client-secret: AgAgXtmAlvKJjxhE+AnSz3VCmUP3BPkDPFaxzBga5taunyjnFeRj1XZU88WXpeOAVlMbCg2V5V2XpHNU1YBbBnOZcr67yPiNL3HUAF9/UPnHR3PLqlDim/rvvCWLdrXhzCzFGoHzsLCVSgf4ms9LM9ALNe1GbXxEUjY3Ku4CIJtN07Ijs3ZdjkbPw13qV/oEHmmVGXeIWsxJN8JCH8PvIDkQTIk+Zh7AVy95qRiou1Fp7js/pgVUgWkQMUrg7osP6HkWo1BVbassGeVgmGTBqzS7lxdmqqos1HRhG7+SuHoTIDD88IGoxwKfm5kIPDfZolpcQqkYsRkdSAjJnrfobazUqwK5irf+x8UapqNQzu+d1zbqUALRBLEO+jD61ojzE7yHdECTiPDdJuAwUb7sZBRh7xus/rJ5jiRiwrwal6z/tC5NzQaLsd7gb4OKh3rqXBiYcXar77d5zN8VFW/k/Qk+NmO8uS/M2vDur8m5dTiRYb8XhOXNHsi3Km0sM9rdoV0rccRI3waytNgdetgTW8tye6arldHy97agqyUx+zS1S58kobRLcNfkZh+gclvqC7viuf4xPuoL7gHCgfGNKHRfo+aI+pkubkoUP8qm5KmHqkGU2yWtGhWfHBcOspNOWbrqf/tEdk2poUgyFFq8Pl0NSs0b5xFm3TgmZi8Oqq/p8nvHPXuvoQdmblNLVMhzIfTUFv1H9FIo6ItagJq9cuvcMaCGKGycJ7RVS06E3mwMsnCJKw== - secret: AgA/G8IiXdqwe4a0Ls7JEMS9xqxgMu+KkJV8dTxoUKCDZGNSfYbBEudjWZym1onfj2dcOTR9fK2BBjJFI/dwwqLZlSxKG3xLBCpfbJUza7Iw9vScbSdJkLTKTHlw4VbDDmoD1D7cbG34Hb+JE0q1dVO6GXbwzwv05bX9Wc9cVRPG6Ol2R/IRV1k+wuDzLhmYSP/4EjqMCTRzWC4+371P4ALDhqO0m3TWAPqRQ1Jhclh9HDSuDgHSDFo2Ty06cHukjkX65wYPkonyJzi9xygfZ1aLoZ7PQImEJhd6CtkWsrmK3h/MYf+O71ng4KmPHnQZAFD1uTMYnfJ5A2lH9Uc9/tZiUtWQX1Zjim6Jfhac1gwh38Vrd7m72ro8VG+HzDYV2OJ36vxy1Q45yQQQNemQZUN0QX8gFJ1IoqRaH1kDdQBkrWoGO3IEL4dMvwxQ3a4QfW9i0yQbM1cllCp7KV3IQWAmH0dTFnrc6FVo8Fdv4O8aL+bE71aG4bwwLdff2rvqRKAsmgomOyyE2koAtSaewBCTob+QZ2mxoZEE2hnXEMjJgf8sQu4IYtn+XuOzhvzV81DDBk4zuLhiw1PkXyUU0A8VpiPMzaq9FQWWscgzgcyLK2Qu4DTIsntZ/qCN9A7Tn8Trw1HBR8dQAw5y3OEEh8uaE03MFQ0DuRABLB+JiFqQXNj604Uprk2eIZyfURlYUjVNQCta/Gkez+UDqStIfxB8i1OgIfbz - diff --git a/infra/argocd/ingress-route.yaml b/infra/argocd/ingress-route.yaml deleted file mode 100644 index 3ee0864..0000000 --- a/infra/argocd/ingress-route.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: argocd-server - namespace: argocd -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`argocd.stonegarden.dev`) - priority: 10 - middlewares: - - name: traefik-forward-auth - services: - - name: argocd-server - port: 80 - - kind: Rule - match: Host(`argocd.stonegarden.dev`) && Headers(`Content-Type`, `application/grpc`) - priority: 11 - services: - - name: argocd-server - port: 80 - scheme: h2c \ No newline at end of file diff --git a/infra/argocd/kustomization.yaml b/infra/argocd/kustomization.yaml deleted file mode 100644 index 4d854fd..0000000 --- a/infra/argocd/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ns.yaml - - ingress-route.yaml - - auth - -helmCharts: - - name: argo-cd - repo: https://argoproj.github.io/argo-helm - version: 6.7.10 - releaseName: "argocd" - namespace: argocd - valuesFile: values.yaml \ No newline at end of file diff --git a/infra/argocd/values.yaml b/infra/argocd/values.yaml deleted file mode 100644 index 931d6a4..0000000 --- a/infra/argocd/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -configs: - cm: - create: true - application.resourceTrackingMethod: "annotation+label" - cmp: - create: true - plugins: - kustomize-build-with-helm: - generate: - command: [ "sh", "-c" ] - args: [ "kustomize build --enable-helm" ] - params: - server.insecure: true - -crds: - install: true - # -- Keep CRDs on chart uninstall - keep: false - -repoServer: - extraContainers: - - name: kustomize-build-with-helm - command: - - argocd-cmp-server - image: '{{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}' - securityContext: - runAsNonRoot: true - runAsUser: 999 - volumeMounts: - - name: plugins - mountPath: /home/argocd/cmp-server/plugins - - name: cmp-kustomize-build-with-helm - mountPath: /home/argocd/cmp-server/config/plugin.yaml - subPath: kustomize-build-with-helm.yaml - - mountPath: /tmp - name: cmp-tmp - volumes: - - name: cmp-kustomize-build-with-helm - configMap: - name: argocd-cmp-cm - - name: cmp-tmp - emptyDir: { } - diff --git a/infra/cert-manager/kustomization.yaml b/infra/cert-manager/kustomization.yaml deleted file mode 100644 index becdf9c..0000000 --- a/infra/cert-manager/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ns.yaml - -helmCharts: - - name: cert-manager - repo: https://charts.jetstack.io - version: 1.15.0 - releaseName: cert-manager - namespace: cert-manager - valuesInline: - installCRDs: true - extraArgs: - - "--enable-gateway-api" diff --git a/infra/cilium/ip-pool.yaml b/infra/cilium/ip-pool.yaml deleted file mode 100644 index 8dcdfc5..0000000 --- a/infra/cilium/ip-pool.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: cilium.io/v2alpha1 -kind: CiliumLoadBalancerIPPool -metadata: - name: default-pool - namespace: kube-system -spec: - blocks: - - start: 192.168.1.128 - stop: 192.168.1.199 \ No newline at end of file diff --git a/infra/cilium/kustomization.yaml b/infra/cilium/kustomization.yaml deleted file mode 100644 index b83e2d5..0000000 --- a/infra/cilium/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ip-pool.yaml - - announce.yaml - - pv-cilium-spire-config.yaml - -helmCharts: - - name: cilium - repo: https://helm.cilium.io - version: 1.15.3 - releaseName: "cilium" - includeCRDs: true - namespace: kube-system - valuesFile: values.yaml \ No newline at end of file diff --git a/infra/cilium/pv-cilium-spire-config.yaml b/infra/cilium/pv-cilium-spire-config.yaml deleted file mode 100644 index 43c8ca9..0000000 --- a/infra/cilium/pv-cilium-spire-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: cilium-spire-pv -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: cilium-spire-sc - local: - path: /disk/etc/cilium-spire - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/infra/cilium/values.yaml b/infra/cilium/values.yaml deleted file mode 100644 index 015b804..0000000 --- a/infra/cilium/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -cluster: - name: gauss - id: 0 - -k8sServiceHost: "192.168.1.50" -k8sServicePort: "6443" - -kubeProxyReplacement: true - -operator: - # Can't have more replicas than nodes - replicas: 1 - rollOutPods: true - -# Roll out cilium agent pods automatically when ConfigMap is updated. -rollOutCiliumPods: true - -#debug: -# enabled: true - -# Increase rate limit when doing L2 announcements -k8sClientRateLimit: - qps: 50 - burst: 200 - -l2announcements: - enabled: true - -externalIPs: - enabled: true - -enableCiliumEndpointSlice: true - -gatewayAPI: - enabled: true - -hubble: - enabled: true - relay: - enabled: true - rollOutPods: true - ui: - enabled: true - rollOutPods: true - -# mTLS -authentication: - enabled: false - mutual: - spire: - enabled: false - install: - server: - dataStorage: - storageClass: cilium-spire-sc diff --git a/infra/dashboard/clusterRoleBinding.yaml b/infra/dashboard/clusterRoleBinding.yaml deleted file mode 100644 index 74d9c61..0000000 --- a/infra/dashboard/clusterRoleBinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: admin-user -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: admin-user - namespace: kubernetes-dashboard \ No newline at end of file diff --git a/infra/dashboard/ingress.yaml b/infra/dashboard/ingress.yaml deleted file mode 100644 index 303ca56..0000000 --- a/infra/dashboard/ingress.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: traefik-forward-auth - labels: - app: traefik -spec: - entryPoints: - - websecure - routes: - - match: Host(`auth-dash.stonegarden.dev`) - kind: Rule - services: - - name: traefik-forward-auth - port: 4181 - middlewares: - - name: traefik-forward-auth - - match: Host(`k8s-dashboard.stonegarden.dev`) - kind: Rule - services: - - name: kubernetes-dashboard - port: 80 - middlewares: - - name: traefik-forward-auth \ No newline at end of file diff --git a/infra/dashboard/kustomization.yaml b/infra/dashboard/kustomization.yaml deleted file mode 100644 index 64120b7..0000000 --- a/infra/dashboard/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubernetes-dashboard - -resources: - - https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/alternative.yaml - - traefik-forward-auth - - ingress.yaml - - serviceAccount.yaml - - clusterRoleBinding.yaml \ No newline at end of file diff --git a/infra/dashboard/serviceAccount.yaml b/infra/dashboard/serviceAccount.yaml deleted file mode 100644 index 219059b..0000000 --- a/infra/dashboard/serviceAccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: admin-user - namespace: kubernetes-dashboard \ No newline at end of file diff --git a/infra/dashboard/traefik-forward-auth/auth-secret.yaml b/infra/dashboard/traefik-forward-auth/auth-secret.yaml deleted file mode 100644 index 5d368e9..0000000 --- a/infra/dashboard/traefik-forward-auth/auth-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: kubernetes-dashboard -spec: - encryptedData: - google-client-id: AgCuFXxYyDKZCkCA/bD1jFmOakUUeTVgAtbDKI7xF7322wJM7t0wOJrXZPqOn682gmtzFqpaIRpcdUY9SMl59P3ASlAx1OCghKSiJWi2uL8ECcIGdEXz+FSiLQhpAtzCiicikXzj2vqjEayCmtTJZAO+ebBlWu298sgD1OZLJkjxI6j12xf9wKM/gIqeQtTrnCM7q2G6nnRXMryu9cg3QMW1x5e6/0r5P2p2EvQO+Cie/HftYD8bkEllfCzzaz+iHbXdYm4624UXn8eYUyJpPKFMSRfyHtGbDX9rhzliCjJFxXXTXTt2unnW0btPY9+s4kXghSS5/Ne6uA+Q7dI8aA+rtzsYNo/xAOGaS0YsGzuFsUiE2H2e+qGl5k5ylB1ntBSxXuOOFWkXMqcxTPA738aP4trwkaZfD85I01NeeCvt8mQNYz/hZIPVgplIHgr5DLmmAQLmsJnrv7kOIAFfTd2EnNDZetZzrdyufpf/O2nkbIpeUqW4ks5GIOcibZGt/dHlYppMnocYF362RndOa1Ie2UjYlp95zyKKCu0sc2gLI8SR5HTClEAdrrvV/wDamzO+bK88riySAHr173dqFpW1aLMFQeC+QKKEpEeG+7lZaqgLz9r/94StKUm3X8LKLmq0UXtJ5VzSpnx8Z9WUceiq3OSxtLkCoYvL8rTitwtrRsYz0zdoiRXIE8VzqHWLPS+t+omdvOA4C8i8bwRBjIpzuTjkZeUgyqraj8SLJJN8/4z2s5ttm1iIZPJRfhvISrlsgKGtejRooWWslYlkEci8TxNEm/boesI= - google-client-secret: AgCBK3EH/Rxf5OoaPTKlCjxB2na1aFzrG0444IKSQR3NBtdq4BFpC3yWmgQbZvjrDlMvXDnLpKIsTL8pdBFW3LXfZLcGcvgJF05KrFiUYM8I/th7OzG+Sqr0TWbwg0yV1gRgR7FzLS68ipsdPDCPASzysr5iHIMow/MmUmYFbnqR7WYzG1Ow1M0EG3oPz3ivIG/BBDRLhnh+2cacAEDDK2ghDvnn0UNcnqlBptUZLnqGRJyvxwHv/kn3yWx/MRAs5XtbTS8hLumfgz/Kwu1EvcpITjm7QyFvu5M0VAcLy1OzGhLRxhN6c5vc8O0ujHxu8w7VIYfLsE7U6h52TfI7pU2o1YjgAyyLM3RHYhXll7FhxkRrUnLK1M51HIo99dC05V3C8Az6hba8EeZExhlRM6ifLrrdmEsKWvxMp4JO6ouMnjiO5NJefQ6F7uYdJO3mqs0Y987F8uXPCh2PS7uSF3IDObsZll61hnITOYxvU75cbqN7s93WLqyKFYNlE7+imSjXm87mM3AS19Ntwh3HClnMd48MEhMbmug0MS3GHFkG09OOcusQXUPV1J8fO/5cWre4iaY8bvLby0ZDMgGrUFIo45Gz3JuxV8970FO3fM+Df9tgcqDmAJMbL5dLXnmjb/s5znxa5XuKds5vPUtN44U6r/BJK1Wg0Ck0idM8jQz1aEbBCwAz4g8z/jmVh3uw00UE+rKzDYuCRCXNdLhYxKpwhusLsgkahzTJjGG7A25qtxSNYQ== - secret: AgA7btKSD2AfMTYRfQmCjy32U/NZFAO4wQ3dJkcbXD4oiu+YSsiG3H/o+g45HC9Ss2dFv6VJDhypa+2CdUInqQKY8WlfQChTXrA24r5gP5iVmISgKZdFQo/eZBNNuuAkRW6QfnAuW8VI95rqSd6DhvzYdOsJg/Dk/OvlP7wd1Z06XD/paQmR6pADWUJ5NGZfkCa36npMgkmd0iRXcSFKju4rtoa0aa94biDyrwTliw7jV+T/hwurC0Lmf3qjZQbL6blGN8jPV2Jr9RSFwMCA+qA8AVNREJJzwlmyP1npCRn+3bCZkQAzAfoliFxATAjexwkqlI8VkmhW+I6XJjopo1gSMLcV36VykcllzJBRbQOYFfRADE1/yD93PjMWjQSBuba2mWYkeqlaiSZIFngKuHqVCeODttrXN7QxQvY4fAiC+QH2SuermgTRItvy0yntsQYKfeRwKOanrfPADqv1fGGsvBFlKTxGJQNgEypVcHrPkp5G06zN3ScisFfzdZdMaTt2QE80JkQ5cawoD5McYEdrgoszyxzeSq4kUAAhpNEPPRZiYbqnojBY0ONyByei3Irl/90kuU0+dCIaH7y82sqpQ95sSCz091/KT9m0wR0b+NakikAvHgmDclHNEo8QCpjOfpwFedTFoUScr4vnyQ8rOoTAmBV6cnB7vnODeHlL7gjbEQgaBOindn5WaTZo5JvbxM1Dy4xLZzMK3SKiFel+ - template: - metadata: - annotations: - sealedsecrets.bitnami.com/managed: "true" - name: traefik-forward-auth-secrets - namespace: kubernetes-dashboard - type: Opaque - diff --git a/infra/dashboard/traefik-forward-auth/configs/traefik-forward-auth.ini b/infra/dashboard/traefik-forward-auth/configs/traefik-forward-auth.ini deleted file mode 100644 index bdb11fb..0000000 --- a/infra/dashboard/traefik-forward-auth/configs/traefik-forward-auth.ini +++ /dev/null @@ -1,5 +0,0 @@ -cookie-name = "_dash_auth" -log-level = "error" -cookie-domain = "stonegarden.dev" -auth-host = "auth-dash.stonegarden.dev" -whitelist = "veghag@gmail.com" diff --git a/infra/dashboard/traefik-forward-auth/deployment.yaml b/infra/dashboard/traefik-forward-auth/deployment.yaml deleted file mode 100644 index 217f012..0000000 --- a/infra/dashboard/traefik-forward-auth/deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-forward-auth -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-forward-auth - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik-forward-auth - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: thomseddon/traefik-forward-auth:2 - imagePullPolicy: Always - name: traefik-forward-auth - ports: - - containerPort: 4181 - protocol: TCP - env: - - name: CONFIG - value: "/config" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: secret - volumeMounts: - - name: configs - mountPath: /config - subPath: traefik-forward-auth.ini - - volumes: - - name: configs - configMap: - name: configs - - name: traefik-forward-auth-secrets - secret: - secretName: traefik-forward-auth-secrets \ No newline at end of file diff --git a/infra/dashboard/traefik-forward-auth/kustomization.yaml b/infra/dashboard/traefik-forward-auth/kustomization.yaml deleted file mode 100644 index 515e0f7..0000000 --- a/infra/dashboard/traefik-forward-auth/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - app: traefik-forward-auth - -resources: - - auth-secret.yaml - - service.yaml - - deployment.yaml - - middleware.yaml - -configMapGenerator: - - name: configs - files: - - configs/traefik-forward-auth.ini \ No newline at end of file diff --git a/infra/dashboard/traefik-forward-auth/middleware.yaml b/infra/dashboard/traefik-forward-auth/middleware.yaml deleted file mode 100644 index 8039d66..0000000 --- a/infra/dashboard/traefik-forward-auth/middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: traefik-forward-auth -spec: - forwardAuth: - address: http://traefik-forward-auth.kubernetes-dashboard.svc.cluster.local:4181 - authResponseHeaders: - - X-Forwarded-User - trustForwardHeader: true \ No newline at end of file diff --git a/infra/dashboard/traefik-forward-auth/service.yaml b/infra/dashboard/traefik-forward-auth/service.yaml deleted file mode 100644 index 569ceff..0000000 --- a/infra/dashboard/traefik-forward-auth/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth -spec: - type: ClusterIP - selector: - app: traefik-forward-auth - ports: - - name: auth-http - port: 4181 diff --git a/infra/database/database.yaml b/infra/database/database.yaml deleted file mode 100644 index 0a5a020..0000000 --- a/infra/database/database.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: "acid.zalan.do/v1" -kind: postgresql -metadata: - name: test-db - namespace: postgres - annotations: - argocd.argoproj.io/tracking-id: test-db:acid.zalan.do/postgresql/postgresql:database/test-db -spec: - teamId: "acid" - volume: - size: 1Gi - storageClass: db-test-sc - postgresql: - version: "15" - numberOfInstances: 1 - enableMasterLoadBalancer: true - allowedSourceRanges: - - 192.168.0.0/16 - - 10.0.0.0/8 - users: - veh: - - superuser - - createdb - foo_user: [ ] - # databases: - # test: test - preparedDatabases: - bar: { } - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 500m - memory: 500Mi \ No newline at end of file diff --git a/infra/database/http-route.yaml b/infra/database/http-route.yaml deleted file mode 100644 index 159104d..0000000 --- a/infra/database/http-route.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: postgres-ui-http-route - namespace: postgres -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "postgres.stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: postgres-operator-ui - port: 80 \ No newline at end of file diff --git a/infra/database/kustomization.yaml b/infra/database/kustomization.yaml deleted file mode 100644 index c92dbfe..0000000 --- a/infra/database/kustomization.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ns.yaml - - http-route.yaml - - pv-db-test.yaml - - database.yaml - #- test-db-svc.yaml - -helmCharts: - - name: postgres-operator - repo: https://opensource.zalando.com/postgres-operator/charts/postgres-operator - #version: 1.15.0-rc.0 - releaseName: "postgres-operator" - includeCRDs: true - namespace: postgres - valuesFile: postgres-operator-values.yaml - - name: postgres-operator-ui - repo: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui - #version: 1.15.0-rc.0 - releaseName: "postgres-operator-ui" - #includeCRDs: true - namespace: postgres - valuesFile: postgres-operator-ui-values.yaml diff --git a/infra/database/ns.yaml b/infra/database/ns.yaml deleted file mode 100644 index dadda99..0000000 --- a/infra/database/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: postgres \ No newline at end of file diff --git a/infra/database/postgres-operator-ui-values.yaml b/infra/database/postgres-operator-ui-values.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/infra/database/postgres-operator-values.yaml b/infra/database/postgres-operator-values.yaml deleted file mode 100644 index 005fa39..0000000 --- a/infra/database/postgres-operator-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ - -# https://github.com/zalando/postgres-operator/issues/1766#issuecomment-1551612097 -configKubernetes: - custom_pod_annotations: - argocd.argoproj.io/compare-options: IgnoreExtraneous - downscaler_annotations: - - argocd.argoproj.io/compare-options - inherited_annotations: - - argocd.argoproj.io/tracking-id - - argocd.argoproj.io/compare-options - -configLoadBalancer: - custom_service_annotations: - argocd.argoproj.io/compare-options: IgnoreExtraneous diff --git a/infra/database/pv-db-test.yaml b/infra/database/pv-db-test.yaml deleted file mode 100644 index c92bf1a..0000000 --- a/infra/database/pv-db-test.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: db-test -spec: - capacity: - storage: 6Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: db-test-sc - local: - path: /disk/etc/db/db-test - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/infra/database/test-db-route.yaml b/infra/database/test-db-route.yaml deleted file mode 100644 index a1995a8..0000000 --- a/infra/database/test-db-route.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: test-db -spec: - entryPoints: - - websecure - routes: - - match: Host(`test-db.stonegarden.dev`) - kind: Rule - services: - - name: test - port: 5432 \ No newline at end of file diff --git a/infra/database/test-db-svc.yaml b/infra/database/test-db-svc.yaml deleted file mode 100644 index 14cbb7f..0000000 --- a/infra/database/test-db-svc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: test-db - namespace: postgres - annotations: - io.cilium/lb-ipam-ips: 192.168.1.160 -spec: - type: LoadBalancer - ports: - - name: postgresql - port: 5432 - protocol: TCP - targetPort: 5432 diff --git a/infra/gateway/cloudflare-api-token.yaml b/infra/gateway/cloudflare-api-token.yaml deleted file mode 100644 index 94c1b9e..0000000 --- a/infra/gateway/cloudflare-api-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: cloudflare-api-token - namespace: gateway -spec: - encryptedData: - api-token: AgB5clzsduCRhJYbeHhAc9azBeucWvZUAwFmZTgLayqwQ2iJKWtj4aBwbS/uhkKRLnT2Gb8+Tp43Za3B2wjq7beFzdg/o3icrtzOe0YFnS4ph1OZQgW5v9c+0FtdtbRMYuB3QDz8EuPpv13QkGw9JvaHtDMHWSDzIyV81cyYu8LRKvnU9oZBG7DJxsoRDaKMEpUdHKb5cBid7a+keTW8CAr50noN8pZd9qIXYIrnvCpap+vz7hasJz4VMajvZx7G4z2N+b/TS0+6jLW3MaDr13Etf9h2gUEwdrWiGghwNJ3T+lcYBdn0kgkWYK5X2Cvia/ca2bSCfOFrPW2hTaIa2WiiWm49ji4Q3QZdLAZCXeVAvErATPwui1Gqx0O7EEl6oAt/e9obf7DH7P5DgWjMCb6YE+5X0JT2C8fW2BNd7PgMkYrzgbthFwT4Tnmo1aApafr0YzUGdNnseVQtBWXcjeBRqcKZuEWmK15qIirFs9wUTWD2HwIt+KcVcF5ZUh0Lmw7a3ueXU88Ufebg/HJS3Qgrv390cHzhGFxl4/5mCHUjPHDt6Ox7mDNtwG9vQqUJsIpKb7huepiVjL59p2NF0dqxH77NAm5sN5vVqQhL1dFakCr3uJi0SFWESXrOTEpy+SvU+HCHSl7cXAWmCdNikvH/NS3icOMv4zl8gZ6UKP7V1SgpWGS9xBhVxtBbbDaoJwmPQAENP2VKZk955LVL5ajNyza7F6eFUpaXgOoaambuc0PTmRnFjZnz - template: - metadata: - name: cloudflare-api-token - namespace: gateway - type: Opaque diff --git a/infra/gateway/cloudflare-issuer.yaml b/infra/gateway/cloudflare-issuer.yaml deleted file mode 100644 index a173780..0000000 --- a/infra/gateway/cloudflare-issuer.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: cloudflare-issuer - namespace: gateway -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: veghag@gmail.com - privateKeySecretRef: - name: cloudflare-key - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cloudflare-api-token - key: api-token \ No newline at end of file diff --git a/infra/gateway/gw-class.yaml b/infra/gateway/gw-class.yaml deleted file mode 100644 index fdae768..0000000 --- a/infra/gateway/gw-class.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - name: cilium -spec: - controllerName: io.cilium/gateway-controller \ No newline at end of file diff --git a/infra/gateway/gw-proxmox-euclid.yaml b/infra/gateway/gw-proxmox-euclid.yaml deleted file mode 100644 index f900ff3..0000000 --- a/infra/gateway/gw-proxmox-euclid.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - name: proxmox-euclid - namespace: gateway -spec: - gatewayClassName: cilium - infrastructure: - annotations: - io.cilium/lb-ipam-ips: 192.168.1.173 - listeners: - - protocol: TLS - port: 443 - name: proxmox-tls-passthrough - hostname: proxmox.euclid.stonegarden.dev - tls: - mode: Passthrough - allowedRoutes: - namespaces: - from: All \ No newline at end of file diff --git a/infra/gateway/gw-stonegarden.yaml b/infra/gateway/gw-stonegarden.yaml deleted file mode 100644 index 9f82543..0000000 --- a/infra/gateway/gw-stonegarden.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - name: stonegarden - namespace: gateway - annotations: - cert-manager.io/issuer: cloudflare-issuer -spec: - gatewayClassName: cilium - infrastructure: - annotations: - io.cilium/lb-ipam-ips: 192.168.1.172 - listeners: - - protocol: HTTPS - port: 443 - name: https-blog - hostname: blog.stonegarden.dev - tls: - certificateRefs: - - kind: Secret - name: cloudflare-cert - allowedRoutes: - namespaces: - from: All - - protocol: HTTPS - port: 443 - name: https-remark42 - hostname: remark42.stonegarden.dev - tls: - certificateRefs: - - kind: Secret - name: cloudflare-cert - allowedRoutes: - namespaces: - from: All - - protocol: HTTPS - port: 443 - name: https-haos - hostname: haos.stonegarden.dev - tls: - certificateRefs: - - kind: Secret - name: cloudflare-cert - allowedRoutes: - namespaces: - from: All - - protocol: HTTPS - port: 443 - name: https-jellyfin - hostname: jellyfin.stonegarden.dev - tls: - certificateRefs: - - kind: Secret - name: cloudflare-cert - allowedRoutes: - namespaces: - from: All - - protocol: HTTPS - port: 443 - name: https-postgres - hostname: postgres.stonegarden.dev - tls: - certificateRefs: - - kind: Secret - name: cloudflare-cert - allowedRoutes: - namespaces: - from: All - - protocol: HTTPS - port: 443 - name: https-gateway - hostname: gateway.stonegarden.dev - tls: - certificateRefs: - - kind: Secret - name: cloudflare-cert - allowedRoutes: - namespaces: - from: All - - protocol: HTTPS - port: 443 - name: https-domain-gateway - hostname: stonegarden.dev - tls: - certificateRefs: - - kind: Secret - name: cloudflare-cert - allowedRoutes: - namespaces: - from: All -# - protocol: HTTPS -# port: 443 -# name: https-wildcard -# hostname: "*.stonegarden.dev" -# tls: -# certificateRefs: -# - kind: Secret -# name: cloudflare-cert -# allowedRoutes: -# namespaces: -# from: All diff --git a/infra/gateway/kustomization.yaml b/infra/gateway/kustomization.yaml deleted file mode 100644 index f2dd53c..0000000 --- a/infra/gateway/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml - - gw-class.yaml - - ns.yaml - - cloudflare-api-token.yaml - - cloudflare-issuer.yaml - - gw-stonegarden.yaml - - gw-proxmox-euclid.yaml \ No newline at end of file diff --git a/infra/hubble/ingress-route.yaml b/infra/hubble/ingress-route.yaml deleted file mode 100644 index 8d89256..0000000 --- a/infra/hubble/ingress-route.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: hubble - namespace: kube-system -spec: - entryPoints: - - websecure - routes: - - match: Host(`auth-hubble.stonegarden.dev`) - kind: Rule - services: - - name: traefik-forward-auth - port: 4181 - middlewares: - - name: traefik-forward-auth - - match: Host(`hubble.stonegarden.dev`) - kind: Rule - services: - - name: hubble-ui - port: 80 - middlewares: - - name: traefik-forward-auth \ No newline at end of file diff --git a/infra/hubble/kustomization.yaml b/infra/hubble/kustomization.yaml deleted file mode 100644 index 00d0ac8..0000000 --- a/infra/hubble/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - traefik-forward-auth - - ingress-route.yaml diff --git a/infra/hubble/traefik-forward-auth/auth-secret.yaml b/infra/hubble/traefik-forward-auth/auth-secret.yaml deleted file mode 100644 index ec89439..0000000 --- a/infra/hubble/traefik-forward-auth/auth-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: kube-system -spec: - encryptedData: - google-client-id: AgCfaMB6FepaVcIHFnwcHmOGHCh/uJDQlZEgGNY44roR1y5Kyg501Taiagcqp+Xpk2UvoScDJHlr0uHWmBdYfmpY2HcgNXuZ+wyT02VSlvk+k4fsYpr8t4TolyvHrDHckYyLM4r2cbY+JpS/6Ek2vQzWFEVgLXZV/8ZJTvfkQhFo98K+VEZ5+l4SHVB1qmcnPkDnodieWJD/K85HbgZoiEqlyvJ3ulQ70KowyyLDGyMa5iKyy63ogur5i+QvLaYbl/ptKsNEPjqzA4il0j1UDMbtczgkqAe7qfnXjeSRQQYnsAhTFlKNETFzEaW64ME4+vuEOwGDv8GtCcOR/D1z90WRC7AB0Hd35eQKm/MVrQlBxHz352GBjEfgHbc6aYZTaH2Ur+vZuYtOAryf0b014H1m8ylmEqv8tgKnZjG9XXwuNMjnwqWoKC74STvVtP1n1Bi5SFuqrVVkyyupniJvO2XDmUmf1OvUREifA4JQHi6g7LwL0MfyNgyZVehtzXxw/JTE4iL/jY4tRI+MMdDUbJcwVemMJ2X6Hk+2XWVA4Yj6QZuFDxwCDv6gX4N6R0u8eyE9iL3DLuL+q1AiaeOrmnxiQiurncYBAZdfSHqo8QmWFHayFSCWtKyF32bI1OntgjodnFjwcRnPSHZWj5+3oKsjVGIcK8VPm7jF6J6u2hCazoivNzz+JUsmmh7hFSMgbbmhlZ7uQU5XJppblPGDhvcPVgyJY3zuomm3R1bIGPT8t8KmYAuvCyjzX4FB5Sa0NOaznfY5+kWfE/vlJ7KC8SHGwzfhpi2UqWY= - google-client-secret: AgBsUzbiPRKrkOl7IvqfjpotpyrR1QOWVxc7+LWjMS4Zm+sOaDXoUvJAt/d6y/yj9Gvg6pY4vz/zckZSo1ZSm7qmgWrLBOuME6/HNaqobAX48S9JVWAuvVZFGswBsTZfUMFrsCPxBZAbXJP9hFGj194we3FrImJrufwnxO8cfA1GdqutyS991ToiXDI3qjHYN7yVf7zAv97RPZx+v/zykZTNJTTgmX0sBKK/S8Q/rzWGYTUsMouHwv0sDIeB4xOG/uxDO9WwqtthCwetJG2xkhX52GUk4x8GoZ6SAwSLeyz9c1JL6GX74mXgEWCwXV0pAwlcfIpTRuKYOcsmYskenvbpuxYG5VBxhLsV5TYJh5BEGMsvM9RoxsWzGApPLvzF/h3N4WlHKXOx62lN2RDs8UPu2mSi6XqGCnOJkmS9HXQF2ef9stPOo7DQatnUajlfCFBRqWUh3cnq2Ns0PfXlVGtt3E6DC8RddQ54vY0TL5q9gD79uBabCJQ+x5XZb4GhRm/NKcnty9qcXo9021rG98HNqKaHF4f9kuDWqQ9ltIzRPiaAbThhBVLUl88APOrWLx4Y4PwnenzwRRHxconTcGnnNEKpPkORLjGX6OOOLkT9UOF6CZugarWgrivwn9FSNF5dGWsgZyotm7DHI5uKhIvT7VKLfpRrrrta2EDbu1IDTnjWhk5sL2CqIjgG/FiSsx0pqc/fe+bZFdrxSErv37CgI7Pe/A7dxpV0v9Hr7iDv/fysCg== - secret: AgCExEhRj++LYsarLWFAT8jV6MypvgcKL/cy0BDaDqyyorXPf7HccNA/+5rAAoQp5vJWZdcimAGDt4TZ4b7As0g7Uga71BX9gT5zLEZe/QZGQlZwP38K0EIsZdaNNcdbLOd+0kmyhLnkeDmclRG5dfusKlRpNN4WTNTzyxy3LtC7anE1YsCBk9Hzw9JSI+TB5FIV9MpX/HJ0TZCDyDZM78yAsW1wqdRcnWmCQWqVKZXtI7HOwLC0KedL4hXmnPVpUcmDYdfRJxRbYlI7rBTty8tCAdft2PuPL9Brb6Gzc3uNuRZjTLTPYjJkSB3/yJSzIIWtD162Bfhcq/FJAuLI4/mL5OQtlYMkSSyyY0vD3tI3/qMCLOXvGXVxQrj3sVCqZiESLSxzMtOzBVp21JIc/FfNUySfMMiA7WqMRRQa0EiHA5/+rX5t2zNhCvSOI7ZqQGD2VC6rnBqN2H269/9YLegYFDdMsAxK65a3QTuePRo3IRwIZ8BFqJeq42gw/BPTyQWjjpluIyy9juuZ8h66z2s29FPCP9cidUOM/AaTfTo1NiJ76N5MGGDgwQlqRv/0JyFfWsLdzIjhPnPectFykl1jPy0VlXEj1zOq4HGVEpTFPKh5UTS72zuI6VY/yPwB94f/HGmoo8Uy4Q8ODjf9np5fpWGxWm0OgVUAztG10KrQVXgK/NwaR6ikwF/EJtQXjNC3gBIQKQkNKu8sZuk= - template: - metadata: - annotations: - sealedsecrets.bitnami.com/managed: "true" - name: traefik-forward-auth-secrets - namespace: kube-system - type: Opaque - diff --git a/infra/hubble/traefik-forward-auth/configs/traefik-forward-auth.ini b/infra/hubble/traefik-forward-auth/configs/traefik-forward-auth.ini deleted file mode 100644 index 463fbb5..0000000 --- a/infra/hubble/traefik-forward-auth/configs/traefik-forward-auth.ini +++ /dev/null @@ -1,5 +0,0 @@ -cookie-name = "_hubble_auth" -log-level = "error" -cookie-domain = "stonegarden.dev" -auth-host = "auth-hubble.stonegarden.dev" -whitelist = "veghag@gmail.com" diff --git a/infra/hubble/traefik-forward-auth/deployment.yaml b/infra/hubble/traefik-forward-auth/deployment.yaml deleted file mode 100644 index 217f012..0000000 --- a/infra/hubble/traefik-forward-auth/deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-forward-auth -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-forward-auth - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik-forward-auth - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: thomseddon/traefik-forward-auth:2 - imagePullPolicy: Always - name: traefik-forward-auth - ports: - - containerPort: 4181 - protocol: TCP - env: - - name: CONFIG - value: "/config" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: secret - volumeMounts: - - name: configs - mountPath: /config - subPath: traefik-forward-auth.ini - - volumes: - - name: configs - configMap: - name: configs - - name: traefik-forward-auth-secrets - secret: - secretName: traefik-forward-auth-secrets \ No newline at end of file diff --git a/infra/hubble/traefik-forward-auth/kustomization.yaml b/infra/hubble/traefik-forward-auth/kustomization.yaml deleted file mode 100644 index b10dbaf..0000000 --- a/infra/hubble/traefik-forward-auth/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kube-system -commonLabels: - app: traefik-forward-auth - -resources: - - auth-secret.yaml - - service.yaml - - deployment.yaml - - middleware.yaml - -configMapGenerator: - - name: configs - files: - - configs/traefik-forward-auth.ini \ No newline at end of file diff --git a/infra/hubble/traefik-forward-auth/middleware.yaml b/infra/hubble/traefik-forward-auth/middleware.yaml deleted file mode 100644 index 8aa503d..0000000 --- a/infra/hubble/traefik-forward-auth/middleware.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: traefik-forward-auth -spec: - forwardAuth: - address: http://traefik-forward-auth.kube-system.svc.cluster.local:4181 - authResponseHeaders: - - X-Forwarded-User - trustForwardHeader: true \ No newline at end of file diff --git a/infra/hubble/traefik-forward-auth/service.yaml b/infra/hubble/traefik-forward-auth/service.yaml deleted file mode 100644 index 569ceff..0000000 --- a/infra/hubble/traefik-forward-auth/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth -spec: - type: ClusterIP - selector: - app: traefik-forward-auth - ports: - - name: auth-http - port: 4181 diff --git a/infra/kustomization.yaml b/infra/kustomization.yaml deleted file mode 100644 index f846fb6..0000000 --- a/infra/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: argocd -commonLabels: - dev.stonegarden: infra-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml \ No newline at end of file diff --git a/infra/lgtm/ingress-route.yaml b/infra/lgtm/ingress-route.yaml deleted file mode 100644 index 23ea7c2..0000000 --- a/infra/lgtm/ingress-route.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: grafana - namespace: lgtm - labels: - app: traefik -spec: - entryPoints: - - websecure - routes: - - match: Host(`lgtm.stonegarden.dev`) - kind: Rule - services: - - name: lgtm-grafana - port: 80 -# middlewares: -# - name: traefik-forward-auth \ No newline at end of file diff --git a/infra/lgtm/kustomization.yaml b/infra/lgtm/kustomization.yaml deleted file mode 100644 index 17575ec..0000000 --- a/infra/lgtm/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: lgtm - -resources: - - ns.yaml - - pv.yaml - - ingress-route.yaml - -helmCharts: - - name: lgtm-distributed - repo: https://grafana.github.io/helm-charts - version: 1.0.1 - releaseName: lgtm - includeCRDs: true - namespace: lgtm - valuesFile: values.yaml \ No newline at end of file diff --git a/infra/lgtm/ns.yaml b/infra/lgtm/ns.yaml deleted file mode 100644 index 3e48744..0000000 --- a/infra/lgtm/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: lgtm \ No newline at end of file diff --git a/infra/lgtm/pv.yaml b/infra/lgtm/pv.yaml deleted file mode 100644 index 2c2e71a..0000000 --- a/infra/lgtm/pv.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: minio - labels: - app: minio -spec: - capacity: - storage: 10Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: minio - local: - path: /disk/etc/minio - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/infra/lgtm/values.yaml b/infra/lgtm/values.yaml deleted file mode 100644 index ace625a..0000000 --- a/infra/lgtm/values.yaml +++ /dev/null @@ -1,51 +0,0 @@ -grafana: - dashboardProviders: - dashboardproviders.yaml: - apiVersion: 1 - providers: - - name: 'default' - orgId: 1 - folder: '' - type: file - disableDeletion: false - editable: true - options: - path: /var/lib/grafana/dashboards/default - dashboards: - default: - node-exporter-full: - gnetId: 1860 - revision: 33 - datasource: Mimir - allowUpdates: true - postgresql: - gnetId: 9628 - revision: 7 - datasource: Mimir - allowUpdates: true - blackbox: - gnetId: 14928 - revision: 6 - datasource: Mimir - allowUpdates: true - -mimir: - alertmanager: - persistentVolume: - enabled: false - ingester: - persistentVolume: - enabled: false - store_gateway: - persistentVolume: - enabled: false - compactor: - persistentVolume: - enabled: false - chunks-cache: - persistentVolume: - enabled: false - minio: - persistence: - storageClass: minio - size: 10Gi diff --git a/infra/monitoring/auth/auth-secret.yaml b/infra/monitoring/auth/auth-secret.yaml deleted file mode 100644 index c56c5c1..0000000 --- a/infra/monitoring/auth/auth-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: monitoring -spec: - encryptedData: - google-client-id: AgAmXTXqLwC9SAltH4Q+q/sdsNgu3CV4RqvmEs/7vAnuun3yBBlbfMbMUc+IEi7qS2EGWQ9QBy897y7nSfiA/ev3IYGC/y3c4DUr1ZObJLjii5I3D0lbHgUKXV9n9md4GKvb/HBkHhEZCmP5RyUaiK7uTwLU0lZIkU2XkzaozZqZRoDUQWUopRLnW+nvPleisNjRvMOTFzI1uwlT9c9u/AU6Ncv8k1jKeLxD5wmAmjRtlYVygZeFIXJrPojDFHWSm5IgdTE4AdR+Qle8z9gyLj25YYoW/MpXGN+w6px/CvIt/eiI1QLCe0JMVOUq/FG4NIciX5d7KU75BuTWcM/UFBh94kH6a9Xn4OIrrj3yIIgNT8SVkhwuSp8fLlP4bdwDNCmtBynuor9hBg3E/04N4/y0ZN3gCB8nvFrwBxuDH6yJH4M6PjXCs32DNI9GZyeFZN4u2SWneeBS3YbrRhXVIhXfG1r2CNgIoViFarxIq9b/tPvE0+1dxrwSKNkzFX3WCBcXAezyyh4df23rdde7QcDwfvm92KyYTDZYmWWrbBmCQjFWjaRFxpVlEMh63V7iBmw9HaOb2GU6wC351HONPXQAxWiEQIkrDti+8lWU4L+XUqoq1N99UM46Qq+mbfhiFPuIMmbdce/YagDEo3aJRdoHo1ZSzHZGNdo2xLw0HIbK+qJWN2CFT0HCUKNJVBHqD1xslJdzfdv/v9YnHwPnB73t149rrqHbgBMwjiFDBy4QOGA5mdzv+DnjE+fLdZ7K6sUHB7WuVIcVu1WSN2IEewuG8Xpclmd299c= - google-client-secret: AgCSv9VvIAo28vIYLVoMqzsdS6bo/m9WfVc1GDuuTLscjs05vug+OaD3l9gYSWdpDIr579w6gVZ3DO6grvLjFumdmW0v0lTxIfiEt3LmJWsR+iKx0O6YO5aXxe2rf9v7XOBAYIYqfxhJBueOxaUXeLQ2v/WEVwmBkR12peY4AahGr/hCJF6Vsvak32LvX8VJSL7CKbknKwAGq1I03juHo/Gs5g+syZIgdm97x46blixW9AGRYerVc8x+VCGtMIe4mDEzd8BuUvwQQ83cVnYX+o5R3M9QyZuWuSsvIAB7h5y4Gc2W/w/TUKiSD0EsIzS6kPVP4b7XMGhTBLtlt3fEBNpzGHHJdHqmFH6pFr43ctTaYYum5Ni80Ve60vdEVfsKQjPOqQhoitiOYMXl57aJ4EX5kZLgn4oWn4rBFi76oKijlchlYWi1moaVPRsTl23Shs2mOWJD6dci9PkuOldpejs558KN0obQxRgv/6L2cgRG5HYihZN9eF65sg/MFTIbvhZeuVnyAkRodUyGeh9R5XnvgVpp+0lqGnTTtuHaKJui6A+nQVKysx67ONiogaGiS/VpZV3uxMbT/OEL8+Yn5lgUWRRkDGV9WGNP7x0H5sroAxM1d+zsxiqdQB/jjXdIQ6J428EIrKIvLPBAiAHHXWU3nLhaEAfgFIKzu1M2bxpYU0Nt7BhyoB2FEWmX+HH76WtG2wxrI5rozjz/q7n3qvej8zxWscO08BLLqTpper0cv0yy1A== - secret: AgA0eeTRpfmti4KV27iYpmTnDrrWE6a+va0WZEhSzJDWNDYvQNSj6FzNrcLquR2lTSPdWAqEWmWIdDOkj9N1Vgh4FYSvN+EFb07PJ5eO1QNd4P6MRWqxWi6qmthylKCl22LW+55D8lKevxxKgk5foEfLH63m7o7GfWGYH2ZcSkRWVkMNBR2QO2fR2dTP+R1AXKtDdsQBeXWNwv82Pgqh3S6j4CxCqtXYDFaPU330tojeVgaEBvHcY8vKIvK4S3c4T1C6f+3c8PnzHHbaPFZgBuBuaIjN9ZBOC7cIH2Cwz0rX+17ZOGLx8yJNauYJA59b1kNTP/+jC5wO7WNIHhOD0ZIpfWq2NtjPsGXjs7X4M8xdc8ZImYzS8JuFXOwJgXOBVliN3HoGZPUnfY+v6qtoSYJo7tc3dE92gBvM4oie02hzNTrCJ8CmPlMhAFGwhoCizxcnIAHoOX0DCAyjEghDAdsm+U7GVsqOe7jOBmzMHzUdokB6pYmxitGOQf4Y3QsMKfTF3onM6uq45HUgd9Yh7UwUWj2zGDtT6UXs766SxgYPfWL8s72w6KIOF4p9hDuJ7NQlfkUtmwSGAySbC+CEMdD9dU0eDJkfDYWl7XgrstQ14wqHiCWxfRxJSXMEPkIvLYDot/rtnBUOY8qBZNBjI1so2++tfGokpN4twrQV76BPIzXfvZ8NttIvO5D+U10djd0wVMqLTbi9qB7d083IDrUQtVl2hrZWm0QegsYPrCD2oolfag== - template: - metadata: - name: traefik-forward-auth-secrets - namespace: monitoring - type: Opaque diff --git a/infra/monitoring/auth/auth-values.yaml b/infra/monitoring/auth/auth-values.yaml deleted file mode 100644 index 6e9c227..0000000 --- a/infra/monitoring/auth/auth-values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: auth -namespace: monitoring -authOnly: true -auth: - cookieDomain: stonegarden.dev - whitelist: - - veghag@gmail.com diff --git a/infra/monitoring/auth/kustomization.yaml b/infra/monitoring/auth/kustomization.yaml deleted file mode 100644 index 9719f23..0000000 --- a/infra/monitoring/auth/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - auth-secret.yaml - -helmGlobals: - chartHome: ../../../charts - -helmCharts: - - name: application - releaseName: auth - valuesFile: auth-values.yaml diff --git a/infra/monitoring/kube-prometheus-stack.yaml b/infra/monitoring/kube-prometheus-stack.yaml deleted file mode 100644 index c9f47da..0000000 --- a/infra/monitoring/kube-prometheus-stack.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Need an extra Argo CD Application here to do server side apply -# https://github.com/prometheus-community/helm-charts/issues/3345 -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kube-prometheus-stack - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: infrastructure - sources: - - repoURL: https://prometheus-community.github.io/helm-charts - chart: kube-prometheus-stack - targetRevision: 57.2.1 - helm: - valueFiles: - - $values/infra/monitoring/values.yaml - - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - ref: values - destination: - name: in-cluster - namespace: monitoring - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - ApplyOutOfSyncOnly=true - - ServerSideApply=true \ No newline at end of file diff --git a/infra/monitoring/kustomization.yaml b/infra/monitoring/kustomization.yaml deleted file mode 100644 index 7c6181e..0000000 --- a/infra/monitoring/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ns.yaml - - pv.yaml - - kube-prometheus-stack.yaml - - ingress-route.yaml - - auth \ No newline at end of file diff --git a/infra/monitoring/ns.yaml b/infra/monitoring/ns.yaml deleted file mode 100644 index 3335b6a..0000000 --- a/infra/monitoring/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring \ No newline at end of file diff --git a/infra/monitoring/pv.yaml b/infra/monitoring/pv.yaml deleted file mode 100644 index 41e0bd8..0000000 --- a/infra/monitoring/pv.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: prometheus - labels: - app: prometheus -spec: - capacity: - storage: 10Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: prometheus - local: - path: /disk/etc/prometheus - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - gauss \ No newline at end of file diff --git a/infra/monitoring/values.yaml b/infra/monitoring/values.yaml deleted file mode 100644 index 78cba57..0000000 --- a/infra/monitoring/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -prometheus: - prometheusSpec: - storageSpec: - volumeClaimTemplate: - spec: - storageClassName: prometheus - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - selector: - matchLabels: - app: prometheus diff --git a/infra/networking/application-set.yaml b/infra/networking/application-set.yaml deleted file mode 100644 index d383abe..0000000 --- a/infra/networking/application-set.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - name: networking - namespace: argocd - labels: - dev.stonegarden: networking -spec: - generators: - - git: - repoURL: https://github.com/vehagn/homelab - revision: HEAD - directories: - - path: infra/networking/* - template: - metadata: - name: '{{ path.basename }}' - labels: - dev.stonegarden: infrastructure - finalizers: - - resources-finalizer.argocd.argoproj.io - spec: - project: networking - source: - plugin: - name: kustomize-build-with-helm - repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD - path: '{{ path }}' - destination: - name: in-cluster - namespace: argocd - syncPolicy: - automated: - selfHeal: true - prune: true \ No newline at end of file diff --git a/infra/networking/cloudflared/config/local.yaml b/infra/networking/cloudflared/config/local.yaml deleted file mode 100644 index 904bec0..0000000 --- a/infra/networking/cloudflared/config/local.yaml +++ /dev/null @@ -1,42 +0,0 @@ -tunnel: gauss-k8s -credentials-file: /etc/cloudflared/config/credentials.json -metrics: 0.0.0.0:2000 -no-autoupdate: true - -warp-routing: - enabled: true - -ingress: - - hostname: hello.stonegarden.dev - service: hello_world - - hostname: ssh.stonegarden.dev - service: ssh://192.168.1.50:22 - - hostname: proxmox.euclid.stonegarden.dev - service: https://cilium-gateway-proxmox-euclid.gateway.svc.cluster.local:443 - originRequest: - originServerName: proxmox.euclid.stonegarden.dev - - hostname: haos.stonegarden.dev - service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 - originRequest: - originServerName: haos.stonegarden.dev - - hostname: blog.stonegarden.dev - service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 - originRequest: - originServerName: blog.stonegarden.dev - - hostname: remark42.stonegarden.dev - service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 - originRequest: - originServerName: remark42.stonegarden.dev - - hostname: gateway.stonegarden.dev - service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 - originRequest: - originServerName: gateway.stonegarden.dev - - hostname: stonegarden.dev - service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 - originRequest: - originServerName: stonegarden.dev - - hostname: "*.stonegarden.dev" - service: https://traefik.traefik.svc.cluster.local:443 - originRequest: - originServerName: "*.stonegarden.dev" - - service: http_status:404 diff --git a/infra/networking/cloudflared/kustomization.yaml b/infra/networking/cloudflared/kustomization.yaml deleted file mode 100644 index 1565536..0000000 --- a/infra/networking/cloudflared/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -configMapGenerator: - - name: cloudflared-local-config - namespace: cloudflared - files: - - config/local.yaml - -resources: - - ns.yaml - - local.yaml - - local-token.yaml - - remote.yaml - - remote-token.yaml diff --git a/infra/networking/cloudflared/local-token.yaml b/infra/networking/cloudflared/local-token.yaml deleted file mode 100644 index d940feb..0000000 --- a/infra/networking/cloudflared/local-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: local-token - namespace: cloudflared -spec: - encryptedData: - credentials.json: AgBhoFY9GdEZ3pO1X0Drcxfn7N2VWSTzyj+/rWl8tXtaPX2MAct63iAE3EO6PbldvH0+Goj001aub4gflqvdVFzNeZj2Jc3ubYMvd/2I4r9jSX4OZeeBdVoYaIn5s4tDozi67PsJC1xAkFrgtAjve+OUe4MmmK6+U8d+H2bOD7W1Au929ExZFBDU1nM8VEZ5JLP6gql15v0Dk1m/Ytixe325MoScrxjn/wQE7l35OBzFGVLflIzmkAvZKRUU/S3NI4y86QfV6DvwHpwSCbgZLHXJOsYRTf0H+iU1sIiAhCgkdkDqS56ZIiZvJM2WkKkYGlzFl/X9LBmyt4NCWrDD8T+PLDGQR7QYLfOvdZtAELne4HE+kXVlS4RE2jTa2VvU1+EVqiYyZk1BSJYHWbPjS8zC4vFFVfLzzEVhtARYne0jDhF3M081oHLq1E4UMnhLQ6HO9CcYOsOVQj09nguISW4lRn7W/KBiXcUYgIv34Ummr0Vh5ypnNBkCzPXcaaAGdHLFC/m/PkNmzbGM2SAADT8CjXRl4wZQrfkdcHG1iuK9uMXDs0zEsehUYB/foAKQ63LQ9YlTkgZS6CFIr6MPR/sFfuo+F8m7DXdxWM4Ha+6m41Sv725q6eURKGEfqX8suoZx/T213CAtjp3SEJ9b5/qOJ7/glilpwWTXNTAKkmPgvN3WHTqrxCummjFL09gdFVxvc1mdn36+6eEZdVi25S9Mas/tM6oY0DC+R1okISnDC7e+CkeX/JbqQL4B4k0Ftnv8wIr0F6cnKW4t/8StDp5MuLpxTw0hYAma0h04xgYiWs+ODS3jCRSwi3Q7NpDl4iemz4mcZMxJlAE9c1qaT35ryef/DsSg8HN5sId06DtQED1YDUB536wTjSW+qc4yLdIkBjnPoz+Z6MIvJyBZ6Rv9pQ== - template: - metadata: - name: local-token - namespace: cloudflared - type: Opaque diff --git a/infra/networking/cloudflared/local.yaml b/infra/networking/cloudflared/local.yaml deleted file mode 100644 index 339842c..0000000 --- a/infra/networking/cloudflared/local.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: local - namespace: cloudflared -spec: - selector: - matchLabels: - app: local - template: - metadata: - labels: - app: local - spec: - containers: - - name: cloudflared - image: cloudflare/cloudflared:2024.4.1 - imagePullPolicy: IfNotPresent - args: [ tunnel, --config, /etc/cloudflared/config/config.yaml, run ] - livenessProbe: - httpGet: - path: /ready - port: 2000 - initialDelaySeconds: 10 - failureThreshold: 5 - periodSeconds: 10 - resources: - requests: - cpu: 20m - memory: 50Mi - limits: - cpu: 500m - memory: 100Mi - volumeMounts: - - name: config - mountPath: /etc/cloudflared/config/config.yaml - subPath: config.yaml - - name: credentials - mountPath: /etc/cloudflared/config/credentials.json - subPath: credentials.json - volumes: - - name: config - configMap: - name: cloudflared-local-config - items: - - key: local.yaml - path: config.yaml - - name: credentials - secret: - secretName: local-token \ No newline at end of file diff --git a/infra/networking/cloudflared/ns.yaml b/infra/networking/cloudflared/ns.yaml deleted file mode 100644 index d64dc44..0000000 --- a/infra/networking/cloudflared/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cloudflared \ No newline at end of file diff --git a/infra/networking/cloudflared/remote-token.yaml b/infra/networking/cloudflared/remote-token.yaml deleted file mode 100644 index 67e612b..0000000 --- a/infra/networking/cloudflared/remote-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: remote-token - namespace: cloudflared -spec: - encryptedData: - tunnel-token: AgBW9ziivgXn5ZfGUo10vQbltuydI/MJRkxs34zlD2eJeWFFa+vG4wpnfMK7RdOYasiVzFaCPvSwbBVH+GYdC+gSgacC1P8phGHO5do7ZuCpSAOlMPhIkC4fJ88x9oznee/q4ZRWgWpjqgaz9FVejGY5QkVr924k9ciivfKbRwViUM8/AII6bIpNsylQBFVm6OWlOwVpRP+Jdaz9fNx4X9Fn5JX7m62dRX6t7PImjIv3xKpyOMmkiWmZfOjjiFVSY0zTDN7K1bN6cbhcTTqgQoGh2omgsQY9uY8MAQqyf/6WmZjWTDErX0N4R3J6I2sAaASTnMkNJcHDXiYu6iqwQXqKJnR4cllvNMyVU2mJ2GEqEXmPYzQgxwvs4KYhFpOU7qd9Pjd8d/ox0iVi2o1fwAtPbdTp2Igv+aFrQyhpd/TeTBhaCfMx6R4QX18c4ZHEhabfTAaB82Oq9QZZ4kpAV8aPlOuOzd5HLGfI50LkLmbqSLL4lfqQ5P2Lf1ce6yCgBol87O6weU7A+AZJOqFsEkkSTcY9suCFSvfHsaAExKGwZCdmrxl+hZW1PS6j6056r1mlVY+sOAATcTtWU7FNyeXDB5K1gDyMY055X0jFMVvrcZQec8zwitKVQwUnRFAuRnrXcMTRYKM35dZqEoKmOIdnZrTzM5XJOmhF47TlolsIYxVBetRmsmpVLY892/hk5lpQrFv1yY+0oqkVSIlw1r4KJCrz3J8FfQAEwWs6EE1rTaqP+kTOHRDBspQSLdQTimS4lXHRhbyA/r7T8i6fxy7TrrlyTCMJfHt0j73fVUdkVs2wihJUvdQNG6jzo/yYsgIMuUSkZTjhGPNdYUjmVvw5krHkjUcXOk/t97r5p2w8bEee+9+u/HBL9bFoG2NGoGDFerB7bkzjdhbVZJh9qal5fCtisghV8Nh2uVqauvhMbYVJ8zYlRwwH - template: - metadata: - name: remote-token - namespace: cloudflared - type: Opaque diff --git a/infra/networking/cloudflared/remote.yaml b/infra/networking/cloudflared/remote.yaml deleted file mode 100644 index d0efa85..0000000 --- a/infra/networking/cloudflared/remote.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: remote - namespace: cloudflared -spec: - selector: - matchLabels: - app: remote - template: - metadata: - labels: - app: remote - spec: - containers: - - name: cloudflared - image: cloudflare/cloudflared:2024.4.1 - imagePullPolicy: IfNotPresent - args: [ tunnel, --no-autoupdate, --metrics, 0.0.0.0:2000, run ] - livenessProbe: - httpGet: - path: /ready - port: 2000 - initialDelaySeconds: 10 - failureThreshold: 5 - periodSeconds: 10 - resources: - requests: - cpu: 20m - memory: 100Mi - limits: - cpu: 200m - memory: 200Mi - env: - - name: TUNNEL_TOKEN - valueFrom: - secretKeyRef: - key: tunnel-token - name: remote-token diff --git a/infra/networking/kustomization.yaml b/infra/networking/kustomization.yaml deleted file mode 100644 index 3ef2e53..0000000 --- a/infra/networking/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -commonLabels: - dev.stonegarden: infra-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml \ No newline at end of file diff --git a/infra/nvidia-device-plugin/cm-time-slicing.yaml b/infra/nvidia-device-plugin/cm-time-slicing.yaml deleted file mode 100644 index 7261ffa..0000000 --- a/infra/nvidia-device-plugin/cm-time-slicing.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: cm-time-slicing - namespace: nvidia-device-plugin -data: - time-slicing: |- - version: v1 - sharing: - timeSlicing: - failRequestsGreaterThanOne: true - resources: - - name: nvidia.com/gpu - replicas: 10 diff --git a/infra/nvidia-device-plugin/kustomization.yaml b/infra/nvidia-device-plugin/kustomization.yaml deleted file mode 100644 index ab4ef89..0000000 --- a/infra/nvidia-device-plugin/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonAnnotations: - argocd.argoproj.io/sync-wave: "-1" - -resources: - - namespace.yaml -# - cm-time-slicing.yaml - -#helmCharts: -# - name: nvidia-device-plugin -# repo: https://nvidia.github.io/k8s-device-plugin -# version: 0.14.3 -# releaseName: "nvidia-device-plugin" -# namespace: nvidia-device-plugin -# includeCRDs: true -# valuesFile: values.yaml diff --git a/infra/nvidia-device-plugin/namespace.yaml b/infra/nvidia-device-plugin/namespace.yaml deleted file mode 100644 index 4a6b3ab..0000000 --- a/infra/nvidia-device-plugin/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: nvidia-device-plugin diff --git a/infra/nvidia-device-plugin/values.yaml b/infra/nvidia-device-plugin/values.yaml deleted file mode 100644 index d22c66f..0000000 --- a/infra/nvidia-device-plugin/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -config: - name: cm-time-slicing - default: time-slicing \ No newline at end of file diff --git a/infra/project.yaml b/infra/project.yaml deleted file mode 100644 index 43ff828..0000000 --- a/infra/project.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: infrastructure - namespace: argocd -spec: - sourceRepos: - - 'https://github.com/vehagn/homelab' - - 'https://prometheus-community.github.io/helm-charts' - - 'https://helm.traefik.io/*' - - 'https://helm.cilium.io/*' - destinations: - - namespace: 'argocd' - server: '*' - - namespace: 'cert-manager' - server: '*' - - namespace: 'cilium-secrets' - server: '*' - - namespace: 'cilium-spire' - server: '*' - - namespace: 'gateway' - server: '*' - - namespace: 'gpu-operator' - server: '*' - - namespace: 'kubernetes-dashboard' - server: '*' - - namespace: 'lgtm' - server: '*' - - namespace: 'monitoring' - server: '*' - - namespace: 'nvidia-device-plugin' - server: '*' - - namespace: 'postgres' - server: '*' - - namespace: 'traefik-system' - server: '*' - - namespace: 'traefik' - server: '*' - - namespace: 'kube-system' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' diff --git a/infra/sealed-secrets/kustomization.yaml b/infra/sealed-secrets/kustomization.yaml deleted file mode 100644 index 888af54..0000000 --- a/infra/sealed-secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.4/controller.yaml \ No newline at end of file diff --git a/infra/traefik/cloudflare-cert.yaml b/infra/traefik/cloudflare-cert.yaml deleted file mode 100644 index 273dfeb..0000000 --- a/infra/traefik/cloudflare-cert.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: wildcard-stonegarden-dev - namespace: traefik -spec: - secretName: wildcard-stonegarden-dev-tls - dnsNames: - - "stonegarden.dev" - - "*.stonegarden.dev" - issuerRef: - name: cloudflare-issuer - kind: Issuer \ No newline at end of file diff --git a/infra/traefik/cloudflare-issuer.yaml b/infra/traefik/cloudflare-issuer.yaml deleted file mode 100644 index 15b83ce..0000000 --- a/infra/traefik/cloudflare-issuer.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: cloudflare-issuer - namespace: traefik -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: veghag@gmail.com - privateKeySecretRef: - name: cloudflare-key - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cloudflare-token-cert-manager - key: api-token \ No newline at end of file diff --git a/infra/traefik/cloudflare-token-cert-manager.yaml b/infra/traefik/cloudflare-token-cert-manager.yaml deleted file mode 100644 index 93e94b8..0000000 --- a/infra/traefik/cloudflare-token-cert-manager.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: cloudflare-token-cert-manager - namespace: traefik -spec: - encryptedData: - api-token: AgBii9JCoYnfveWrLHr6vmQGDh1OH4ySh9KLCR+o/fJyexaboHk0Zbq5n8OhPMrCwCBftWalj0hNBgtzjq0AD9AWYGAtO354cbnoXFqJ3AaDkNoEDRiLhxuefky0o2tqw1jUvyc8SSzmVMT4SyXXX+okcr+a9i+gTIft9SCgPSR4wLew1XJJBvmxRn8+VLcsES5ArfKF3R+EFakbHm0H6swnuYZ8upSOTQatbJD3PrCd7aFSJzYbyrKYkRniXlTrbYvokS9Z9YYBBGWGQgHFZZqJxSdkIqpayIBzDomRdWdKazn9y4GhtKsotXQfzK/xXZ/QHTxR6HeUf87qLJPpj5c5+TYlpFfW3QoVV6roKWtkm/qToTkGHOqtKj7YddwohqEfAKsCIGWpiDoEnZaPG7btC62JxdQeP/mlPixwdkqF6wyJ3UCTb7DrWqcu7x2YTTM+8scM5Z9YQ1Xpn4lZzjZeWwXhbSXiP54K0jO3cFGoDsyqHr0kLPBYkCsfETigdFrY2hF0r1NGyW4aqeMRG6OGWWGEC3+lOocT9Q4zJ6WeqZuaMytsQVcTEhy82i6CHiVFhuC9v9nLg794ClkmXiK1bR8sH16QONpSus8Xb51aeUpZ4Lp/Lp4t1+ZVuXYUkObvhSFK6nIZ9VNPrFailniLSMOJZK8Cr99ejyKwMbTcJzMZZ83fU5bRAvBpSL/YMk3Bqf3Tvwi0j4G+a38F3eK3cJI9dIdob6ORdjJSSrXghimLXojkIJqB - template: - metadata: - name: cloudflare-token-cert-manager - namespace: traefik - type: Opaque diff --git a/infra/traefik/kustomization.yaml b/infra/traefik/kustomization.yaml deleted file mode 100644 index cea2195..0000000 --- a/infra/traefik/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ns.yaml - - cloudflare-token-cert-manager.yaml - - cloudflare-issuer.yaml - - cloudflare-cert.yaml - - traefik-forward-auth - -helmCharts: - - name: traefik - repo: https://traefik.github.io/charts - version: 27.0.0 - releaseName: traefik - namespace: traefik - includeCRDs: true - valuesFile: values.yaml diff --git a/infra/traefik/ns.yaml b/infra/traefik/ns.yaml deleted file mode 100644 index 9be8390..0000000 --- a/infra/traefik/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: traefik \ No newline at end of file diff --git a/infra/traefik/traefik-forward-auth/auth-secret.yaml b/infra/traefik/traefik-forward-auth/auth-secret.yaml deleted file mode 100644 index 0ed313e..0000000 --- a/infra/traefik/traefik-forward-auth/auth-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: traefik-forward-auth-secrets - namespace: traefik -spec: - encryptedData: - google-client-id: AgAZUbcBNMC2gTzr4jZUcFRJfP+qQoRaxtXLvt22EQBvCkiAYYJoIO0h5WcWeOUFWOpPRuJzyMuUIvLEoDQutOB+yGOGmDAvowjqJ48FRHj+fY2qyoku4sazUN0jaRcK+e2qT9DrnNlkykb1VHQ4tPK90kZirir6Ci1S+hDRSlJH/Bpg4vlr0/2gF3LnNceTngLeOKNyKR6/T8Jk6Ay/2qU4LVv6l1v3orFFNk17wrnYHtBi/Zw5gbzS5quawITRn1XK0/rGqCNUr6eAmn4Hv3ciHV6aZp+oqjWlo6zag6TyoOzjJRQY2UrYeMDnpUPfXBfdilAg6o0OFavJrMjAgEz/KjhFN7I2jlwah680AC01PWb+44VIAGB5vlFCgfX7c5TI+5U87nT+WZaH+oynFp0UELWN411YtxzEMAz9R6YEbb3c0V86vEfj7i0Zgd9/6iIgqfJR/d+2mLEX5bhLbwT3rNaVVELXyLJfbfB5GzVRGiG8BIzzp2PdxeG7+Mjiu8h/YEoW04da6qhXnaPZ23HbeWjQSMjL7I/uPmLOeOtP85sb7BIgAfJFpAAd8GhcG6olOyHL8QzCKGwav+w85viNlAk2vhp5m3Mpaph6ZH7Pj+ylA4fOjER0oZZxtJksz6qoQPxEWzjkR99xQ4hgnUQR51GWCremqgRF+ZEEZ1jqdfb30oID7+GKaqJx74Qz3bwhEvfrEUXOCJwAN+HYyA1di+/NfprZZqhWf/QfBYiB/wl+I7vjzBqOLcPRhhJ4PcosqkydiLtMAjpVVdTf7gHeA9pX7roWAyU= - google-client-secret: AgCPjnJAJl3fRQ+y6fqr++H1MHml32Pd9I+Uo5TLuQyvsljvUYdcSbBrgNn5+xKEvYBnW+0s2qnbcVLVCoULmRcLoKfM7I+1p6c1/XU+BRP7cWtecO4Oh9f9TXlRJtEDE9GGAsS/wJIamYU45rZGiNHvAYy1QZclEwohIXESs4zWE7scClhkjM9On2magpAbZ49I5Hm0brgxg3oFq64MlOgavXvj9tataqil4L0w6nmzuCW4DBlzCKnUumhxVL2b2Xhw+w6zxtdTdBgIRWoH3sOLS15Sp63Y9j5DD5NRX3ARGIvpmipFI5Im6CBVLxE2oCIiSUMfALWhHGYSnq6Tqclid0TdxbeHrHX914ivxu66JnXrMiy3RaOdPTh71uk6xGkeEaPy/cCk9Xfs0jxzsitC2QOBAxTltMvBmakBa9Vk5tkBFiXRTL2TkE/13NfA/rhCol0BrQd7eB5KrifKfJRSGQlNYsvY2pgtelykoMHQ2CN8FXHAsWRnVBRFGhiQZicJvgZuOLYvkONPobdwtKOz5bXaOjGdNThL5s+tL2clH/E4xZeqFV3hHMCOW3JRjhzNB45eEib+h2+g75vyxXXf1AAjo3vgv29MM5gd79g+VqEeVKorZ1k77IPWookGVYZapYCriM9foPMK502GB8RktNygztWpYzGcBx65K6/vSzIw+tmEWE99z1dX+IVt+ylk9nbuSn6cm3adw0MHL1+Wm+C1KtWUMX/DusTkywkbulWgXA== - secret: AgBBkzZj6wTV3ijo6tZEMIXatheaNxWQrM8zdpr4tvKvRrm1F2Za9qas5Td+RFtynmEeIUn7dlPk/DXldW6iFnqfCkliNGkJlKov7BqOVCS/LozQPDjMaz70I4lniSiSH5r2Z+zBBvxhy6CGIN6bZoIT2mT18B4V18IZPT7L/o5kFBD6/u0TeE1VWZneXNB/T3XQgaZZ1eLoPrxheRo08sQS417P1CvNS9s+BJn7GKQTeidHSc/WlahsHPoIwR1b3f/YuUo9juld+CZ1E8+4d5pKpmsiv4irGWHVqCWhTA1BpbH+zb4DJZ3IYPp0UCCJjhdLttvKaZjRkHVzftft0SCZCvmmtcLkgXU5WUeKEHOjGW6D1KftblqvASq01i9WCytQABS1kpEIgEnjANz3nyraLVqKxLOfU+XSRdFrwhLBLeIKOb1x0xb7L9cHRqMKYlhCDDL1MbjjSFC+eNZnB/DLHF+cAYH2CHhfaSZxRbUIOKg9wMcogsUAowE8R6vrZkaUWMp8XrnIP+JdgYvwTci9UpVlWSRt/4XvvUczkAJ6nES1/Xp0ASVG8yN3X2Ddb3E8APeBgpSa2MRCHOHH0XE5+5GvbWFgOE2eZpfnNvmbVLCRnDIPVyY72IMdP9iz5dE5bQZnpz6b9Z4nj0kJPzl2+YQ5vuyT4HC25V1yRWSLKFVzMhAexv6oTix0ERomunbhxN6OS+cJBefY/sfguYA4CR/k - template: - metadata: - name: traefik-forward-auth-secrets - namespace: traefik - type: Opaque diff --git a/infra/traefik/traefik-forward-auth/configs/traefik-forward-auth.ini b/infra/traefik/traefik-forward-auth/configs/traefik-forward-auth.ini deleted file mode 100644 index 3ee48ba..0000000 --- a/infra/traefik/traefik-forward-auth/configs/traefik-forward-auth.ini +++ /dev/null @@ -1,5 +0,0 @@ -cookie-name = "_traefik_auth" -log-level = "error" -cookie-domain = "stonegarden.dev" -auth-host = "auth-traefik.stonegarden.dev" -whitelist = "veghag@gmail.com" diff --git a/infra/traefik/traefik-forward-auth/deployment.yaml b/infra/traefik/traefik-forward-auth/deployment.yaml deleted file mode 100644 index 093bc7d..0000000 --- a/infra/traefik/traefik-forward-auth/deployment.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-forward-auth - namespace: traefik -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-forward-auth - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik-forward-auth - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: thomseddon/traefik-forward-auth:2 - imagePullPolicy: Always - name: traefik-forward-auth - ports: - - containerPort: 4181 - protocol: TCP - env: - - name: CONFIG - value: "/config" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: secret - volumeMounts: - - name: configs - mountPath: /config - subPath: traefik-forward-auth.ini - - volumes: - - name: configs - configMap: - name: configs - - name: traefik-forward-auth-secrets - secret: - secretName: traefik-forward-auth-secrets \ No newline at end of file diff --git a/infra/traefik/traefik-forward-auth/ingress.yaml b/infra/traefik/traefik-forward-auth/ingress.yaml deleted file mode 100644 index 16b592b..0000000 --- a/infra/traefik/traefik-forward-auth/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: traefik-dashboard-auth - namespace: traefik -spec: - entryPoints: - - websecure - routes: - - match: Host(`auth-traefik.stonegarden.dev`) - kind: Rule - services: - - name: traefik-forward-auth - port: 4181 - middlewares: - - name: traefik-forward-auth \ No newline at end of file diff --git a/infra/traefik/traefik-forward-auth/kustomization.yaml b/infra/traefik/traefik-forward-auth/kustomization.yaml deleted file mode 100644 index 8382cce..0000000 --- a/infra/traefik/traefik-forward-auth/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: traefik -commonLabels: - app: traefik-forward-auth - -resources: - - auth-secret.yaml - - service.yaml - - deployment.yaml - - middleware.yaml - - ingress.yaml - -configMapGenerator: - - name: configs - files: - - configs/traefik-forward-auth.ini \ No newline at end of file diff --git a/infra/traefik/traefik-forward-auth/middleware.yaml b/infra/traefik/traefik-forward-auth/middleware.yaml deleted file mode 100644 index 51b80c0..0000000 --- a/infra/traefik/traefik-forward-auth/middleware.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: traefik-forward-auth - namespace: traefik -spec: - forwardAuth: - address: http://traefik-forward-auth.traefik.svc.cluster.local:4181 - authResponseHeaders: - - X-Forwarded-User - trustForwardHeader: true \ No newline at end of file diff --git a/infra/traefik/traefik-forward-auth/service.yaml b/infra/traefik/traefik-forward-auth/service.yaml deleted file mode 100644 index 17912d6..0000000 --- a/infra/traefik/traefik-forward-auth/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth - namespace: traefik -spec: - type: ClusterIP - selector: - app: traefik-forward-auth - ports: - - name: auth-http - port: 4181 diff --git a/infra/traefik/values.yaml b/infra/traefik/values.yaml deleted file mode 100644 index bbd2b25..0000000 --- a/infra/traefik/values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -service: - annotations: - io.cilium/lb-ipam-ips: 192.168.1.142 - -ingressRoute: - dashboard: - entryPoints: - - websecure - matchRule: Host(`traefik.stonegarden.dev`) - middlewares: - - name: traefik-forward-auth - -tlsStore: - default: - defaultCertificate: - secretName: wildcard-stonegarden-dev-tls \ No newline at end of file diff --git a/infra/users/clusterRoleBinding.yaml b/infra/users/clusterRoleBinding.yaml deleted file mode 100644 index 214fea4..0000000 --- a/infra/users/clusterRoleBinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: extra-cluster-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: extra:masters \ No newline at end of file diff --git a/infra/users/kustomization.yaml b/infra/users/kustomization.yaml deleted file mode 100644 index 4c4b3fa..0000000 --- a/infra/users/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - clusterRoleBinding.yaml \ No newline at end of file diff --git a/remodel/k8s/README.md b/k8s/README.md similarity index 84% rename from remodel/k8s/README.md rename to k8s/README.md index c563c9a..146dcde 100644 --- a/remodel/k8s/README.md +++ b/k8s/README.md @@ -59,4 +59,17 @@ kubectl kustomize infra | kubectl apply -f - * [] Gateway * [] Argo CD -* [] Sealed-secrets \ No newline at end of file +* [] Sealed-secrets + +# TODO + +* [] Remotely managed cloudflared tunnel +* [] Keycloak +* [] Argo CD sync-wave + +```shell +commonAnnotations: + argocd.argoproj.io/sync-wave: "-1" +``` + +CNPG - Cloud Native PostGresSQL \ No newline at end of file diff --git a/remodel/k8s/apps/application-set.yaml b/k8s/apps/application-set.yaml similarity index 92% rename from remodel/k8s/apps/application-set.yaml rename to k8s/apps/application-set.yaml index 19c186e..3df218b 100644 --- a/remodel/k8s/apps/application-set.yaml +++ b/k8s/apps/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/apps/* + - path: k8s/apps/* template: metadata: name: '{{ path.basename }}' @@ -31,4 +31,4 @@ spec: syncPolicy: automated: selfHeal: true - prune: true \ No newline at end of file + prune: true diff --git a/remodel/k8s/apps/external/application-set.yaml b/k8s/apps/external/application-set.yaml similarity index 94% rename from remodel/k8s/apps/external/application-set.yaml rename to k8s/apps/external/application-set.yaml index 03ccbb0..65e6f8f 100644 --- a/remodel/k8s/apps/external/application-set.yaml +++ b/k8s/apps/external/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/apps/external/* + - path: k8s/apps/external/* template: metadata: name: '{{ path.basename }}' diff --git a/remodel/k8s/apps/external/haos/endpoint-slice.yaml b/k8s/apps/external/haos/endpoint-slice.yaml similarity index 100% rename from remodel/k8s/apps/external/haos/endpoint-slice.yaml rename to k8s/apps/external/haos/endpoint-slice.yaml diff --git a/apps/utility/haos/http-route.yaml b/k8s/apps/external/haos/http-route.yaml similarity index 100% rename from apps/utility/haos/http-route.yaml rename to k8s/apps/external/haos/http-route.yaml diff --git a/remodel/k8s/apps/external/haos/kustomization.yaml b/k8s/apps/external/haos/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/external/haos/kustomization.yaml rename to k8s/apps/external/haos/kustomization.yaml diff --git a/apps/utility/haos/ns.yaml b/k8s/apps/external/haos/ns.yaml similarity index 100% rename from apps/utility/haos/ns.yaml rename to k8s/apps/external/haos/ns.yaml diff --git a/apps/utility/haos/svc.yaml b/k8s/apps/external/haos/svc.yaml similarity index 100% rename from apps/utility/haos/svc.yaml rename to k8s/apps/external/haos/svc.yaml diff --git a/apps/kustomization.yaml b/k8s/apps/external/kustomization.yaml similarity index 100% rename from apps/kustomization.yaml rename to k8s/apps/external/kustomization.yaml diff --git a/remodel/k8s/apps/external/project.yaml b/k8s/apps/external/project.yaml similarity index 100% rename from remodel/k8s/apps/external/project.yaml rename to k8s/apps/external/project.yaml diff --git a/remodel/k8s/apps/external/proxmox/endpoint-slice.yaml b/k8s/apps/external/proxmox/endpoint-slice.yaml similarity index 100% rename from remodel/k8s/apps/external/proxmox/endpoint-slice.yaml rename to k8s/apps/external/proxmox/endpoint-slice.yaml diff --git a/remodel/k8s/apps/external/proxmox/kustomization.yaml b/k8s/apps/external/proxmox/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/external/proxmox/kustomization.yaml rename to k8s/apps/external/proxmox/kustomization.yaml diff --git a/remodel/k8s/apps/external/proxmox/ns.yaml b/k8s/apps/external/proxmox/ns.yaml similarity index 100% rename from remodel/k8s/apps/external/proxmox/ns.yaml rename to k8s/apps/external/proxmox/ns.yaml diff --git a/remodel/k8s/apps/external/proxmox/svc.yaml b/k8s/apps/external/proxmox/svc.yaml similarity index 100% rename from remodel/k8s/apps/external/proxmox/svc.yaml rename to k8s/apps/external/proxmox/svc.yaml diff --git a/remodel/k8s/apps/external/proxmox/tls-route.yaml b/k8s/apps/external/proxmox/tls-route.yaml similarity index 100% rename from remodel/k8s/apps/external/proxmox/tls-route.yaml rename to k8s/apps/external/proxmox/tls-route.yaml diff --git a/remodel/k8s/apps/external/truenas/endpoint-slice.yaml b/k8s/apps/external/truenas/endpoint-slice.yaml similarity index 100% rename from remodel/k8s/apps/external/truenas/endpoint-slice.yaml rename to k8s/apps/external/truenas/endpoint-slice.yaml diff --git a/remodel/k8s/apps/external/truenas/kustomization.yaml b/k8s/apps/external/truenas/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/external/truenas/kustomization.yaml rename to k8s/apps/external/truenas/kustomization.yaml diff --git a/remodel/k8s/apps/external/truenas/ns.yaml b/k8s/apps/external/truenas/ns.yaml similarity index 100% rename from remodel/k8s/apps/external/truenas/ns.yaml rename to k8s/apps/external/truenas/ns.yaml diff --git a/remodel/k8s/apps/external/truenas/svc.yaml b/k8s/apps/external/truenas/svc.yaml similarity index 100% rename from remodel/k8s/apps/external/truenas/svc.yaml rename to k8s/apps/external/truenas/svc.yaml diff --git a/remodel/k8s/apps/external/truenas/tls-route.yaml b/k8s/apps/external/truenas/tls-route.yaml similarity index 100% rename from remodel/k8s/apps/external/truenas/tls-route.yaml rename to k8s/apps/external/truenas/tls-route.yaml diff --git a/remodel/k8s/apps/homepage/application-set.yaml b/k8s/apps/homepage/application-set.yaml similarity index 94% rename from remodel/k8s/apps/homepage/application-set.yaml rename to k8s/apps/homepage/application-set.yaml index e02d565..1c618e1 100644 --- a/remodel/k8s/apps/homepage/application-set.yaml +++ b/k8s/apps/homepage/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/apps/homepage/* + - path: k8s/apps/homepage/* template: metadata: name: '{{ path.basename }}' diff --git a/remodel/k8s/apps/homepage/blog/hugo/deployment.yaml b/k8s/apps/homepage/blog/hugo/deployment.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/hugo/deployment.yaml rename to k8s/apps/homepage/blog/hugo/deployment.yaml diff --git a/remodel/k8s/apps/homepage/blog/hugo/http-route.yaml b/k8s/apps/homepage/blog/hugo/http-route.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/hugo/http-route.yaml rename to k8s/apps/homepage/blog/hugo/http-route.yaml diff --git a/remodel/k8s/apps/homepage/blog/hugo/kustomization.yaml b/k8s/apps/homepage/blog/hugo/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/hugo/kustomization.yaml rename to k8s/apps/homepage/blog/hugo/kustomization.yaml diff --git a/remodel/k8s/apps/homepage/blog/hugo/svc.yaml b/k8s/apps/homepage/blog/hugo/svc.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/hugo/svc.yaml rename to k8s/apps/homepage/blog/hugo/svc.yaml diff --git a/remodel/k8s/apps/homepage/blog/kustomization.yaml b/k8s/apps/homepage/blog/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/kustomization.yaml rename to k8s/apps/homepage/blog/kustomization.yaml diff --git a/remodel/k8s/apps/homepage/blog/ns.yaml b/k8s/apps/homepage/blog/ns.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/ns.yaml rename to k8s/apps/homepage/blog/ns.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/deployment.yaml b/k8s/apps/homepage/blog/remark42/deployment.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/remark42/deployment.yaml rename to k8s/apps/homepage/blog/remark42/deployment.yaml diff --git a/apps/public/blog/remark42/http-route.yaml b/k8s/apps/homepage/blog/remark42/http-route.yaml similarity index 100% rename from apps/public/blog/remark42/http-route.yaml rename to k8s/apps/homepage/blog/remark42/http-route.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/kustomization.yaml b/k8s/apps/homepage/blog/remark42/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/remark42/kustomization.yaml rename to k8s/apps/homepage/blog/remark42/kustomization.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/pvc.yaml b/k8s/apps/homepage/blog/remark42/pvc.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/remark42/pvc.yaml rename to k8s/apps/homepage/blog/remark42/pvc.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/secret-github.yaml b/k8s/apps/homepage/blog/remark42/secret-github.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/remark42/secret-github.yaml rename to k8s/apps/homepage/blog/remark42/secret-github.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/secret-google.yaml b/k8s/apps/homepage/blog/remark42/secret-google.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/remark42/secret-google.yaml rename to k8s/apps/homepage/blog/remark42/secret-google.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/secret-remark42.yaml b/k8s/apps/homepage/blog/remark42/secret-remark42.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/remark42/secret-remark42.yaml rename to k8s/apps/homepage/blog/remark42/secret-remark42.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/svc.yaml b/k8s/apps/homepage/blog/remark42/svc.yaml similarity index 100% rename from remodel/k8s/apps/homepage/blog/remark42/svc.yaml rename to k8s/apps/homepage/blog/remark42/svc.yaml diff --git a/apps/media/kustomization.yaml b/k8s/apps/homepage/kustomization.yaml similarity index 100% rename from apps/media/kustomization.yaml rename to k8s/apps/homepage/kustomization.yaml diff --git a/remodel/k8s/apps/homepage/project.yaml b/k8s/apps/homepage/project.yaml similarity index 100% rename from remodel/k8s/apps/homepage/project.yaml rename to k8s/apps/homepage/project.yaml diff --git a/remodel/k8s/apps/homepage/stonegarden/deployment.yaml b/k8s/apps/homepage/stonegarden/deployment.yaml similarity index 100% rename from remodel/k8s/apps/homepage/stonegarden/deployment.yaml rename to k8s/apps/homepage/stonegarden/deployment.yaml diff --git a/apps/public/stonegarden/http-route.yaml b/k8s/apps/homepage/stonegarden/http-route.yaml similarity index 100% rename from apps/public/stonegarden/http-route.yaml rename to k8s/apps/homepage/stonegarden/http-route.yaml diff --git a/remodel/k8s/apps/homepage/stonegarden/kustomization.yaml b/k8s/apps/homepage/stonegarden/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/homepage/stonegarden/kustomization.yaml rename to k8s/apps/homepage/stonegarden/kustomization.yaml diff --git a/apps/public/stonegarden/ns.yaml b/k8s/apps/homepage/stonegarden/ns.yaml similarity index 100% rename from apps/public/stonegarden/ns.yaml rename to k8s/apps/homepage/stonegarden/ns.yaml diff --git a/remodel/k8s/apps/homepage/stonegarden/svc.yaml b/k8s/apps/homepage/stonegarden/svc.yaml similarity index 100% rename from remodel/k8s/apps/homepage/stonegarden/svc.yaml rename to k8s/apps/homepage/stonegarden/svc.yaml diff --git a/apps/public/kustomization.yaml b/k8s/apps/kustomization.yaml similarity index 100% rename from apps/public/kustomization.yaml rename to k8s/apps/kustomization.yaml diff --git a/remodel/k8s/apps/media/application-set.yaml b/k8s/apps/media/application-set.yaml similarity index 94% rename from remodel/k8s/apps/media/application-set.yaml rename to k8s/apps/media/application-set.yaml index 314b385..ee3f899 100644 --- a/remodel/k8s/apps/media/application-set.yaml +++ b/k8s/apps/media/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/apps/media/* + - path: k8s/apps/media/* template: metadata: name: '{{ path.basename }}' diff --git a/remodel/k8s/apps/media/arr/kustomization.yaml b/k8s/apps/media/arr/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/kustomization.yaml rename to k8s/apps/media/arr/kustomization.yaml diff --git a/remodel/k8s/apps/media/arr/lidarr/deployment.yaml b/k8s/apps/media/arr/lidarr/deployment.yaml similarity index 95% rename from remodel/k8s/apps/media/arr/lidarr/deployment.yaml rename to k8s/apps/media/arr/lidarr/deployment.yaml index 2856117..d35ed80 100644 --- a/remodel/k8s/apps/media/arr/lidarr/deployment.yaml +++ b/k8s/apps/media/arr/lidarr/deployment.yaml @@ -22,9 +22,9 @@ spec: topology.kubernetes.io/zone: cantor securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 + runAsUser: 2501 + runAsGroup: 2501 + fsGroup: 2501 fsGroupChangePolicy: OnRootMismatch seccompProfile: type: RuntimeDefault diff --git a/remodel/k8s/apps/media/arr/lidarr/http-route.yaml b/k8s/apps/media/arr/lidarr/http-route.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/lidarr/http-route.yaml rename to k8s/apps/media/arr/lidarr/http-route.yaml diff --git a/remodel/k8s/apps/media/arr/lidarr/kustomization.yaml b/k8s/apps/media/arr/lidarr/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/lidarr/kustomization.yaml rename to k8s/apps/media/arr/lidarr/kustomization.yaml diff --git a/remodel/k8s/apps/media/arr/lidarr/pvc.yaml b/k8s/apps/media/arr/lidarr/pvc.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/lidarr/pvc.yaml rename to k8s/apps/media/arr/lidarr/pvc.yaml diff --git a/remodel/k8s/apps/media/arr/lidarr/svc-web.yaml b/k8s/apps/media/arr/lidarr/svc-web.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/lidarr/svc-web.yaml rename to k8s/apps/media/arr/lidarr/svc-web.yaml diff --git a/remodel/k8s/apps/media/arr/ns.yaml b/k8s/apps/media/arr/ns.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/ns.yaml rename to k8s/apps/media/arr/ns.yaml diff --git a/remodel/k8s/apps/media/arr/prowlarr/deployment.yaml b/k8s/apps/media/arr/prowlarr/deployment.yaml similarity index 95% rename from remodel/k8s/apps/media/arr/prowlarr/deployment.yaml rename to k8s/apps/media/arr/prowlarr/deployment.yaml index 61458e1..831d24e 100644 --- a/remodel/k8s/apps/media/arr/prowlarr/deployment.yaml +++ b/k8s/apps/media/arr/prowlarr/deployment.yaml @@ -22,9 +22,9 @@ spec: topology.kubernetes.io/zone: euclid securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 + runAsUser: 2501 + runAsGroup: 2501 + fsGroup: 2501 fsGroupChangePolicy: OnRootMismatch seccompProfile: type: RuntimeDefault diff --git a/remodel/k8s/apps/media/arr/prowlarr/http-route.yaml b/k8s/apps/media/arr/prowlarr/http-route.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/prowlarr/http-route.yaml rename to k8s/apps/media/arr/prowlarr/http-route.yaml diff --git a/remodel/k8s/apps/media/arr/prowlarr/kustomization.yaml b/k8s/apps/media/arr/prowlarr/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/prowlarr/kustomization.yaml rename to k8s/apps/media/arr/prowlarr/kustomization.yaml diff --git a/remodel/k8s/apps/media/arr/prowlarr/pvc.yaml b/k8s/apps/media/arr/prowlarr/pvc.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/prowlarr/pvc.yaml rename to k8s/apps/media/arr/prowlarr/pvc.yaml diff --git a/remodel/k8s/apps/media/arr/prowlarr/svc-web.yaml b/k8s/apps/media/arr/prowlarr/svc-web.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/prowlarr/svc-web.yaml rename to k8s/apps/media/arr/prowlarr/svc-web.yaml diff --git a/remodel/k8s/apps/media/arr/radarr/deployment.yaml b/k8s/apps/media/arr/radarr/deployment.yaml similarity index 95% rename from remodel/k8s/apps/media/arr/radarr/deployment.yaml rename to k8s/apps/media/arr/radarr/deployment.yaml index 409e02d..bfbb55d 100644 --- a/remodel/k8s/apps/media/arr/radarr/deployment.yaml +++ b/k8s/apps/media/arr/radarr/deployment.yaml @@ -22,9 +22,9 @@ spec: topology.kubernetes.io/zone: cantor securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 + runAsUser: 2501 + runAsGroup: 2501 + fsGroup: 2501 fsGroupChangePolicy: OnRootMismatch seccompProfile: type: RuntimeDefault diff --git a/remodel/k8s/apps/media/arr/radarr/http-route.yaml b/k8s/apps/media/arr/radarr/http-route.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/radarr/http-route.yaml rename to k8s/apps/media/arr/radarr/http-route.yaml diff --git a/remodel/k8s/apps/media/arr/radarr/kustomization.yaml b/k8s/apps/media/arr/radarr/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/radarr/kustomization.yaml rename to k8s/apps/media/arr/radarr/kustomization.yaml diff --git a/remodel/k8s/apps/media/arr/radarr/pvc.yaml b/k8s/apps/media/arr/radarr/pvc.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/radarr/pvc.yaml rename to k8s/apps/media/arr/radarr/pvc.yaml diff --git a/remodel/k8s/apps/media/arr/radarr/svc-web.yaml b/k8s/apps/media/arr/radarr/svc-web.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/radarr/svc-web.yaml rename to k8s/apps/media/arr/radarr/svc-web.yaml diff --git a/remodel/k8s/apps/media/arr/sonarr/deployment.yaml b/k8s/apps/media/arr/sonarr/deployment.yaml similarity index 95% rename from remodel/k8s/apps/media/arr/sonarr/deployment.yaml rename to k8s/apps/media/arr/sonarr/deployment.yaml index 07b957d..9c363bd 100644 --- a/remodel/k8s/apps/media/arr/sonarr/deployment.yaml +++ b/k8s/apps/media/arr/sonarr/deployment.yaml @@ -22,9 +22,9 @@ spec: topology.kubernetes.io/zone: cantor securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 + runAsUser: 2501 + runAsGroup: 2501 + fsGroup: 2501 fsGroupChangePolicy: OnRootMismatch seccompProfile: type: RuntimeDefault diff --git a/remodel/k8s/apps/media/arr/sonarr/http-route.yaml b/k8s/apps/media/arr/sonarr/http-route.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/sonarr/http-route.yaml rename to k8s/apps/media/arr/sonarr/http-route.yaml diff --git a/remodel/k8s/apps/media/arr/sonarr/kustomization.yaml b/k8s/apps/media/arr/sonarr/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/sonarr/kustomization.yaml rename to k8s/apps/media/arr/sonarr/kustomization.yaml diff --git a/remodel/k8s/apps/media/arr/sonarr/pvc.yaml b/k8s/apps/media/arr/sonarr/pvc.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/sonarr/pvc.yaml rename to k8s/apps/media/arr/sonarr/pvc.yaml diff --git a/remodel/k8s/apps/media/arr/sonarr/svc-web.yaml b/k8s/apps/media/arr/sonarr/svc-web.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/sonarr/svc-web.yaml rename to k8s/apps/media/arr/sonarr/svc-web.yaml diff --git a/remodel/k8s/apps/media/arr/torrent/deployment.yaml b/k8s/apps/media/arr/torrent/deployment.yaml similarity index 97% rename from remodel/k8s/apps/media/arr/torrent/deployment.yaml rename to k8s/apps/media/arr/torrent/deployment.yaml index f315ec3..eb5dcb1 100644 --- a/remodel/k8s/apps/media/arr/torrent/deployment.yaml +++ b/k8s/apps/media/arr/torrent/deployment.yaml @@ -22,9 +22,9 @@ spec: topology.kubernetes.io/zone: euclid securityContext: runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 + runAsUser: 2501 + runAsGroup: 2501 + fsGroup: 2501 fsGroupChangePolicy: Always seccompProfile: type: RuntimeDefault diff --git a/remodel/k8s/apps/media/arr/torrent/http-route.yaml b/k8s/apps/media/arr/torrent/http-route.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/torrent/http-route.yaml rename to k8s/apps/media/arr/torrent/http-route.yaml diff --git a/remodel/k8s/apps/media/arr/torrent/kustomization.yaml b/k8s/apps/media/arr/torrent/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/torrent/kustomization.yaml rename to k8s/apps/media/arr/torrent/kustomization.yaml diff --git a/remodel/k8s/apps/media/arr/torrent/pvc.yaml b/k8s/apps/media/arr/torrent/pvc.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/torrent/pvc.yaml rename to k8s/apps/media/arr/torrent/pvc.yaml diff --git a/remodel/k8s/apps/media/arr/torrent/svc-torrent.yaml b/k8s/apps/media/arr/torrent/svc-torrent.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/torrent/svc-torrent.yaml rename to k8s/apps/media/arr/torrent/svc-torrent.yaml diff --git a/remodel/k8s/apps/media/arr/torrent/svc-web.yaml b/k8s/apps/media/arr/torrent/svc-web.yaml similarity index 100% rename from remodel/k8s/apps/media/arr/torrent/svc-web.yaml rename to k8s/apps/media/arr/torrent/svc-web.yaml diff --git a/remodel/k8s/apps/media/jellyfin/deployment.yaml b/k8s/apps/media/jellyfin/deployment.yaml similarity index 95% rename from remodel/k8s/apps/media/jellyfin/deployment.yaml rename to k8s/apps/media/jellyfin/deployment.yaml index fc56e93..8275e91 100644 --- a/remodel/k8s/apps/media/jellyfin/deployment.yaml +++ b/k8s/apps/media/jellyfin/deployment.yaml @@ -16,9 +16,9 @@ spec: topology.kubernetes.io/zone: euclid securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 + runAsUser: 2501 + runAsGroup: 2501 + fsGroup: 2501 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [ 44, 104 ] seccompProfile: diff --git a/remodel/k8s/apps/media/jellyfin/ingress.yaml b/k8s/apps/media/jellyfin/ingress.yaml similarity index 100% rename from remodel/k8s/apps/media/jellyfin/ingress.yaml rename to k8s/apps/media/jellyfin/ingress.yaml diff --git a/remodel/k8s/apps/media/jellyfin/kustomization.yaml b/k8s/apps/media/jellyfin/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/jellyfin/kustomization.yaml rename to k8s/apps/media/jellyfin/kustomization.yaml diff --git a/remodel/k8s/apps/media/jellyfin/ns.yaml b/k8s/apps/media/jellyfin/ns.yaml similarity index 100% rename from remodel/k8s/apps/media/jellyfin/ns.yaml rename to k8s/apps/media/jellyfin/ns.yaml diff --git a/remodel/k8s/apps/media/jellyfin/pvc.yaml b/k8s/apps/media/jellyfin/pvc.yaml similarity index 100% rename from remodel/k8s/apps/media/jellyfin/pvc.yaml rename to k8s/apps/media/jellyfin/pvc.yaml diff --git a/remodel/k8s/apps/media/jellyfin/svc.yaml b/k8s/apps/media/jellyfin/svc.yaml similarity index 100% rename from remodel/k8s/apps/media/jellyfin/svc.yaml rename to k8s/apps/media/jellyfin/svc.yaml diff --git a/remodel/k8s/apps/external/kustomization.yaml b/k8s/apps/media/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/external/kustomization.yaml rename to k8s/apps/media/kustomization.yaml diff --git a/remodel/k8s/apps/media/plex/deployment.yaml b/k8s/apps/media/plex/deployment.yaml similarity index 95% rename from remodel/k8s/apps/media/plex/deployment.yaml rename to k8s/apps/media/plex/deployment.yaml index 97ff213..0d0089e 100644 --- a/remodel/k8s/apps/media/plex/deployment.yaml +++ b/k8s/apps/media/plex/deployment.yaml @@ -19,9 +19,9 @@ spec: topology.kubernetes.io/zone: abel securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 + runAsUser: 2501 + runAsGroup: 2501 + fsGroup: 2501 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [ 44, 104 ] seccompProfile: diff --git a/remodel/k8s/apps/media/plex/ingress.yaml b/k8s/apps/media/plex/ingress.yaml similarity index 100% rename from remodel/k8s/apps/media/plex/ingress.yaml rename to k8s/apps/media/plex/ingress.yaml diff --git a/remodel/k8s/apps/media/plex/kustomization.yaml b/k8s/apps/media/plex/kustomization.yaml similarity index 100% rename from remodel/k8s/apps/media/plex/kustomization.yaml rename to k8s/apps/media/plex/kustomization.yaml diff --git a/remodel/k8s/apps/media/plex/ns.yaml b/k8s/apps/media/plex/ns.yaml similarity index 100% rename from remodel/k8s/apps/media/plex/ns.yaml rename to k8s/apps/media/plex/ns.yaml diff --git a/remodel/k8s/apps/media/plex/pvc.yaml b/k8s/apps/media/plex/pvc.yaml similarity index 100% rename from remodel/k8s/apps/media/plex/pvc.yaml rename to k8s/apps/media/plex/pvc.yaml diff --git a/remodel/k8s/apps/media/plex/svc.yaml b/k8s/apps/media/plex/svc.yaml similarity index 100% rename from remodel/k8s/apps/media/plex/svc.yaml rename to k8s/apps/media/plex/svc.yaml diff --git a/remodel/k8s/apps/media/project.yaml b/k8s/apps/media/project.yaml similarity index 100% rename from remodel/k8s/apps/media/project.yaml rename to k8s/apps/media/project.yaml diff --git a/infra/networking/project.yaml b/k8s/apps/project.yaml similarity index 79% rename from infra/networking/project.yaml rename to k8s/apps/project.yaml index c16ca10..61877a0 100644 --- a/infra/networking/project.yaml +++ b/k8s/apps/project.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: - name: networking + name: applications namespace: argocd spec: sourceRepos: @@ -9,8 +9,6 @@ spec: destinations: - namespace: 'argocd' server: '*' - - namespace: 'cloudflared' - server: '*' clusterResourceWhitelist: - group: '*' kind: '*' diff --git a/remodel/k8s/infra/application-set.yaml b/k8s/infra/application-set.yaml similarity index 92% rename from remodel/k8s/infra/application-set.yaml rename to k8s/infra/application-set.yaml index 86c56d1..65485a7 100644 --- a/remodel/k8s/infra/application-set.yaml +++ b/k8s/infra/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/infra/* + - path: k8s/infra/* template: metadata: name: '{{ path.basename }}' @@ -29,4 +29,4 @@ spec: syncPolicy: automated: selfHeal: true - prune: true \ No newline at end of file + prune: true diff --git a/remodel/k8s/infra/controllers/application-set.yaml b/k8s/infra/controllers/application-set.yaml similarity index 91% rename from remodel/k8s/infra/controllers/application-set.yaml rename to k8s/infra/controllers/application-set.yaml index f3c2b2f..f82f763 100644 --- a/remodel/k8s/infra/controllers/application-set.yaml +++ b/k8s/infra/controllers/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/infra/controllers/* + - path: k8s/infra/controllers/* template: metadata: name: '{{ path.basename }}' @@ -31,4 +31,4 @@ spec: syncPolicy: automated: selfHeal: true - prune: true \ No newline at end of file + prune: true diff --git a/remodel/k8s/infra/controllers/argocd/http-route.yaml b/k8s/infra/controllers/argocd/http-route.yaml similarity index 100% rename from remodel/k8s/infra/controllers/argocd/http-route.yaml rename to k8s/infra/controllers/argocd/http-route.yaml diff --git a/remodel/k8s/infra/controllers/argocd/kustomization.yaml b/k8s/infra/controllers/argocd/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/controllers/argocd/kustomization.yaml rename to k8s/infra/controllers/argocd/kustomization.yaml diff --git a/infra/argocd/ns.yaml b/k8s/infra/controllers/argocd/ns.yaml similarity index 100% rename from infra/argocd/ns.yaml rename to k8s/infra/controllers/argocd/ns.yaml diff --git a/remodel/k8s/infra/controllers/argocd/values.yaml b/k8s/infra/controllers/argocd/values.yaml similarity index 100% rename from remodel/k8s/infra/controllers/argocd/values.yaml rename to k8s/infra/controllers/argocd/values.yaml diff --git a/remodel/k8s/infra/controllers/cert-manager/cloudflare-api-token.yaml b/k8s/infra/controllers/cert-manager/cloudflare-api-token.yaml similarity index 100% rename from remodel/k8s/infra/controllers/cert-manager/cloudflare-api-token.yaml rename to k8s/infra/controllers/cert-manager/cloudflare-api-token.yaml diff --git a/remodel/k8s/infra/controllers/cert-manager/cluster-issuer.yaml b/k8s/infra/controllers/cert-manager/cluster-issuer.yaml similarity index 100% rename from remodel/k8s/infra/controllers/cert-manager/cluster-issuer.yaml rename to k8s/infra/controllers/cert-manager/cluster-issuer.yaml diff --git a/remodel/k8s/infra/controllers/cert-manager/kustomization.yaml b/k8s/infra/controllers/cert-manager/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/controllers/cert-manager/kustomization.yaml rename to k8s/infra/controllers/cert-manager/kustomization.yaml diff --git a/infra/cert-manager/ns.yaml b/k8s/infra/controllers/cert-manager/ns.yaml similarity index 100% rename from infra/cert-manager/ns.yaml rename to k8s/infra/controllers/cert-manager/ns.yaml diff --git a/remodel/k8s/infra/controllers/cert-manager/values.yaml b/k8s/infra/controllers/cert-manager/values.yaml similarity index 100% rename from remodel/k8s/infra/controllers/cert-manager/values.yaml rename to k8s/infra/controllers/cert-manager/values.yaml diff --git a/remodel/k8s/infra/controllers/intel-device-plugins/gpu/kustomization.yaml b/k8s/infra/controllers/intel-device-plugins/gpu/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/controllers/intel-device-plugins/gpu/kustomization.yaml rename to k8s/infra/controllers/intel-device-plugins/gpu/kustomization.yaml diff --git a/remodel/k8s/infra/controllers/intel-device-plugins/gpu/values.yaml b/k8s/infra/controllers/intel-device-plugins/gpu/values.yaml similarity index 100% rename from remodel/k8s/infra/controllers/intel-device-plugins/gpu/values.yaml rename to k8s/infra/controllers/intel-device-plugins/gpu/values.yaml diff --git a/remodel/k8s/infra/controllers/intel-device-plugins/kustomization.yaml b/k8s/infra/controllers/intel-device-plugins/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/controllers/intel-device-plugins/kustomization.yaml rename to k8s/infra/controllers/intel-device-plugins/kustomization.yaml diff --git a/remodel/k8s/infra/controllers/intel-device-plugins/ns.yaml b/k8s/infra/controllers/intel-device-plugins/ns.yaml similarity index 100% rename from remodel/k8s/infra/controllers/intel-device-plugins/ns.yaml rename to k8s/infra/controllers/intel-device-plugins/ns.yaml diff --git a/remodel/k8s/infra/controllers/intel-device-plugins/operator/kustomization.yaml b/k8s/infra/controllers/intel-device-plugins/operator/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/controllers/intel-device-plugins/operator/kustomization.yaml rename to k8s/infra/controllers/intel-device-plugins/operator/kustomization.yaml diff --git a/remodel/k8s/infra/controllers/kustomization.yaml b/k8s/infra/controllers/kustomization.yaml similarity index 87% rename from remodel/k8s/infra/controllers/kustomization.yaml rename to k8s/infra/controllers/kustomization.yaml index bb49b96..b08b0a0 100644 --- a/remodel/k8s/infra/controllers/kustomization.yaml +++ b/k8s/infra/controllers/kustomization.yaml @@ -6,4 +6,4 @@ commonLabels: resources: - project.yaml - - application-set.yaml \ No newline at end of file + - application-set.yaml diff --git a/remodel/k8s/infra/controllers/node-feature-discovery/kustomization.yaml b/k8s/infra/controllers/node-feature-discovery/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/controllers/node-feature-discovery/kustomization.yaml rename to k8s/infra/controllers/node-feature-discovery/kustomization.yaml diff --git a/remodel/k8s/infra/controllers/node-feature-discovery/nfd-worker.conf b/k8s/infra/controllers/node-feature-discovery/nfd-worker.conf similarity index 100% rename from remodel/k8s/infra/controllers/node-feature-discovery/nfd-worker.conf rename to k8s/infra/controllers/node-feature-discovery/nfd-worker.conf diff --git a/remodel/k8s/infra/controllers/node-feature-discovery/ns.yaml b/k8s/infra/controllers/node-feature-discovery/ns.yaml similarity index 100% rename from remodel/k8s/infra/controllers/node-feature-discovery/ns.yaml rename to k8s/infra/controllers/node-feature-discovery/ns.yaml diff --git a/remodel/k8s/infra/controllers/project.yaml b/k8s/infra/controllers/project.yaml similarity index 100% rename from remodel/k8s/infra/controllers/project.yaml rename to k8s/infra/controllers/project.yaml diff --git a/remodel/k8s/infra/controllers/sealed-secrets/kustomization.yaml b/k8s/infra/controllers/sealed-secrets/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/controllers/sealed-secrets/kustomization.yaml rename to k8s/infra/controllers/sealed-secrets/kustomization.yaml diff --git a/remodel/k8s/infra/controllers/sealed-secrets/values.yaml b/k8s/infra/controllers/sealed-secrets/values.yaml similarity index 100% rename from remodel/k8s/infra/controllers/sealed-secrets/values.yaml rename to k8s/infra/controllers/sealed-secrets/values.yaml diff --git a/remodel/k8s/infra/crds/kustomization.yaml b/k8s/infra/crds/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/crds/kustomization.yaml rename to k8s/infra/crds/kustomization.yaml diff --git a/remodel/k8s/infra/kustomization.yaml b/k8s/infra/kustomization.yaml similarity index 87% rename from remodel/k8s/infra/kustomization.yaml rename to k8s/infra/kustomization.yaml index b1fa224..7d6f9ed 100644 --- a/remodel/k8s/infra/kustomization.yaml +++ b/k8s/infra/kustomization.yaml @@ -6,4 +6,4 @@ commonLabels: resources: - project.yaml - - application-set.yaml \ No newline at end of file + - application-set.yaml diff --git a/remodel/k8s/infra/monitoring/application-set.yaml b/k8s/infra/monitoring/application-set.yaml similarity index 91% rename from remodel/k8s/infra/monitoring/application-set.yaml rename to k8s/infra/monitoring/application-set.yaml index 6030657..8a00dea 100644 --- a/remodel/k8s/infra/monitoring/application-set.yaml +++ b/k8s/infra/monitoring/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/infra/monitoring/* + - path: k8s/infra/monitoring/* template: metadata: name: '{{ path.basename }}' @@ -31,4 +31,4 @@ spec: syncPolicy: automated: selfHeal: true - prune: true \ No newline at end of file + prune: true diff --git a/remodel/k8s/infra/monitoring/hubble/http-route.yaml b/k8s/infra/monitoring/hubble/http-route.yaml similarity index 100% rename from remodel/k8s/infra/monitoring/hubble/http-route.yaml rename to k8s/infra/monitoring/hubble/http-route.yaml diff --git a/remodel/k8s/infra/monitoring/hubble/kustomization.yaml b/k8s/infra/monitoring/hubble/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/monitoring/hubble/kustomization.yaml rename to k8s/infra/monitoring/hubble/kustomization.yaml diff --git a/remodel/k8s/infra/monitoring/kustomization.yaml b/k8s/infra/monitoring/kustomization.yaml similarity index 87% rename from remodel/k8s/infra/monitoring/kustomization.yaml rename to k8s/infra/monitoring/kustomization.yaml index 00fbcbd..33fb17e 100644 --- a/remodel/k8s/infra/monitoring/kustomization.yaml +++ b/k8s/infra/monitoring/kustomization.yaml @@ -6,4 +6,4 @@ commonLabels: resources: - project.yaml - - application-set.yaml \ No newline at end of file + - application-set.yaml diff --git a/remodel/k8s/infra/monitoring/project.yaml b/k8s/infra/monitoring/project.yaml similarity index 100% rename from remodel/k8s/infra/monitoring/project.yaml rename to k8s/infra/monitoring/project.yaml diff --git a/remodel/k8s/infra/monitoring/prometheus-stack/http-route.yaml b/k8s/infra/monitoring/prometheus-stack/http-route.yaml similarity index 100% rename from remodel/k8s/infra/monitoring/prometheus-stack/http-route.yaml rename to k8s/infra/monitoring/prometheus-stack/http-route.yaml diff --git a/infra/monitoring/ingress-route.yaml b/k8s/infra/monitoring/prometheus-stack/ingress-route.yaml similarity index 100% rename from infra/monitoring/ingress-route.yaml rename to k8s/infra/monitoring/prometheus-stack/ingress-route.yaml diff --git a/remodel/k8s/infra/monitoring/prometheus-stack/kube-prometheus-stack.yaml b/k8s/infra/monitoring/prometheus-stack/kube-prometheus-stack.yaml similarity index 90% rename from remodel/k8s/infra/monitoring/prometheus-stack/kube-prometheus-stack.yaml rename to k8s/infra/monitoring/prometheus-stack/kube-prometheus-stack.yaml index c58ba6d..2bd8452 100644 --- a/remodel/k8s/infra/monitoring/prometheus-stack/kube-prometheus-stack.yaml +++ b/k8s/infra/monitoring/prometheus-stack/kube-prometheus-stack.yaml @@ -13,7 +13,7 @@ spec: targetRevision: 61.3.2 helm: valueFiles: - - $values/remodel/k8s/infra/monitoring/prometheus-stack/values.yaml + - $values/k8s/infra/monitoring/prometheus-stack/values.yaml - repoURL: https://github.com/vehagn/homelab targetRevision: remodel ref: values diff --git a/remodel/k8s/infra/monitoring/prometheus-stack/kustomization.yaml b/k8s/infra/monitoring/prometheus-stack/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/monitoring/prometheus-stack/kustomization.yaml rename to k8s/infra/monitoring/prometheus-stack/kustomization.yaml diff --git a/remodel/k8s/infra/monitoring/prometheus-stack/ns.yaml b/k8s/infra/monitoring/prometheus-stack/ns.yaml similarity index 100% rename from remodel/k8s/infra/monitoring/prometheus-stack/ns.yaml rename to k8s/infra/monitoring/prometheus-stack/ns.yaml diff --git a/remodel/k8s/infra/monitoring/prometheus-stack/values.yaml b/k8s/infra/monitoring/prometheus-stack/values.yaml similarity index 100% rename from remodel/k8s/infra/monitoring/prometheus-stack/values.yaml rename to k8s/infra/monitoring/prometheus-stack/values.yaml diff --git a/remodel/k8s/infra/network/application-set.yaml b/k8s/infra/network/application-set.yaml similarity index 91% rename from remodel/k8s/infra/network/application-set.yaml rename to k8s/infra/network/application-set.yaml index 59a2a2c..d60d035 100644 --- a/remodel/k8s/infra/network/application-set.yaml +++ b/k8s/infra/network/application-set.yaml @@ -11,7 +11,7 @@ spec: repoURL: https://github.com/vehagn/homelab revision: remodel directories: - - path: remodel/k8s/infra/network/* + - path: k8s/infra/network/* template: metadata: name: '{{ path.basename }}' @@ -31,4 +31,4 @@ spec: syncPolicy: automated: selfHeal: true - prune: true \ No newline at end of file + prune: true diff --git a/infra/cilium/announce.yaml b/k8s/infra/network/cilium/announce.yaml similarity index 100% rename from infra/cilium/announce.yaml rename to k8s/infra/network/cilium/announce.yaml diff --git a/remodel/k8s/infra/network/cilium/ip-pool.yaml b/k8s/infra/network/cilium/ip-pool.yaml similarity index 100% rename from remodel/k8s/infra/network/cilium/ip-pool.yaml rename to k8s/infra/network/cilium/ip-pool.yaml diff --git a/remodel/k8s/infra/network/cilium/kustomization.yaml b/k8s/infra/network/cilium/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/network/cilium/kustomization.yaml rename to k8s/infra/network/cilium/kustomization.yaml diff --git a/remodel/k8s/infra/network/cilium/values.yaml b/k8s/infra/network/cilium/values.yaml similarity index 89% rename from remodel/k8s/infra/network/cilium/values.yaml rename to k8s/infra/network/cilium/values.yaml index ebc90e9..cb1dfd4 100644 --- a/remodel/k8s/infra/network/cilium/values.yaml +++ b/k8s/infra/network/cilium/values.yaml @@ -79,3 +79,14 @@ ingressController: # Random values so Argo CD doesn't complain about the service being out of sync insecureNodePort: 32434 secureNodePort: 31247 + +# mTLS +authentication: + enabled: false + mutual: + spire: + enabled: false + install: + server: + dataStorage: + storageClass: cilium-spire-sc diff --git a/remodel/k8s/infra/network/cloudflared/cloudflared-config.yaml b/k8s/infra/network/cloudflared/cloudflared-config.yaml similarity index 100% rename from remodel/k8s/infra/network/cloudflared/cloudflared-config.yaml rename to k8s/infra/network/cloudflared/cloudflared-config.yaml diff --git a/remodel/k8s/infra/network/cloudflared/daemon-set.yaml b/k8s/infra/network/cloudflared/daemon-set.yaml similarity index 100% rename from remodel/k8s/infra/network/cloudflared/daemon-set.yaml rename to k8s/infra/network/cloudflared/daemon-set.yaml diff --git a/remodel/k8s/infra/network/cloudflared/kustomization.yaml b/k8s/infra/network/cloudflared/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/network/cloudflared/kustomization.yaml rename to k8s/infra/network/cloudflared/kustomization.yaml diff --git a/remodel/k8s/infra/network/cloudflared/ns.yaml b/k8s/infra/network/cloudflared/ns.yaml similarity index 100% rename from remodel/k8s/infra/network/cloudflared/ns.yaml rename to k8s/infra/network/cloudflared/ns.yaml diff --git a/remodel/k8s/infra/network/cloudflared/tunnel-credentials.yaml b/k8s/infra/network/cloudflared/tunnel-credentials.yaml similarity index 100% rename from remodel/k8s/infra/network/cloudflared/tunnel-credentials.yaml rename to k8s/infra/network/cloudflared/tunnel-credentials.yaml diff --git a/remodel/k8s/infra/network/gateway/cloudflare-api-token.yaml b/k8s/infra/network/gateway/cloudflare-api-token.yaml similarity index 100% rename from remodel/k8s/infra/network/gateway/cloudflare-api-token.yaml rename to k8s/infra/network/gateway/cloudflare-api-token.yaml diff --git a/remodel/k8s/infra/network/gateway/cloudflare-issuer.yaml b/k8s/infra/network/gateway/cloudflare-issuer.yaml similarity index 100% rename from remodel/k8s/infra/network/gateway/cloudflare-issuer.yaml rename to k8s/infra/network/gateway/cloudflare-issuer.yaml diff --git a/remodel/k8s/infra/network/gateway/gateway-class.yaml b/k8s/infra/network/gateway/gateway-class.yaml similarity index 100% rename from remodel/k8s/infra/network/gateway/gateway-class.yaml rename to k8s/infra/network/gateway/gateway-class.yaml diff --git a/remodel/k8s/infra/network/gateway/gw-euclid.yaml b/k8s/infra/network/gateway/gw-euclid.yaml similarity index 100% rename from remodel/k8s/infra/network/gateway/gw-euclid.yaml rename to k8s/infra/network/gateway/gw-euclid.yaml diff --git a/remodel/k8s/infra/network/gateway/gw-stonegarden.yaml b/k8s/infra/network/gateway/gw-stonegarden.yaml similarity index 100% rename from remodel/k8s/infra/network/gateway/gw-stonegarden.yaml rename to k8s/infra/network/gateway/gw-stonegarden.yaml diff --git a/remodel/k8s/infra/network/gateway/gw-tls-passthrough.yaml b/k8s/infra/network/gateway/gw-tls-passthrough.yaml similarity index 100% rename from remodel/k8s/infra/network/gateway/gw-tls-passthrough.yaml rename to k8s/infra/network/gateway/gw-tls-passthrough.yaml diff --git a/remodel/k8s/infra/network/gateway/kustomization.yaml b/k8s/infra/network/gateway/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/network/gateway/kustomization.yaml rename to k8s/infra/network/gateway/kustomization.yaml diff --git a/infra/gateway/ns.yaml b/k8s/infra/network/gateway/ns.yaml similarity index 100% rename from infra/gateway/ns.yaml rename to k8s/infra/network/gateway/ns.yaml diff --git a/remodel/k8s/infra/network/kustomization.yaml b/k8s/infra/network/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/network/kustomization.yaml rename to k8s/infra/network/kustomization.yaml diff --git a/remodel/k8s/infra/network/project.yaml b/k8s/infra/network/project.yaml similarity index 100% rename from remodel/k8s/infra/network/project.yaml rename to k8s/infra/network/project.yaml diff --git a/remodel/k8s/infra/project.yaml b/k8s/infra/project.yaml similarity index 100% rename from remodel/k8s/infra/project.yaml rename to k8s/infra/project.yaml diff --git a/remodel/k8s/infra/storage/application-set.yaml b/k8s/infra/storage/application-set.yaml similarity index 92% rename from remodel/k8s/infra/storage/application-set.yaml rename to k8s/infra/storage/application-set.yaml index 25d10ef..707fd01 100644 --- a/remodel/k8s/infra/storage/application-set.yaml +++ b/k8s/infra/storage/application-set.yaml @@ -12,7 +12,7 @@ spec: #revision: HEAD revision: remodel directories: - - path: remodel/k8s/infra/storage/* + - path: k8s/infra/storage/* template: metadata: name: '{{ path.basename }}' @@ -33,4 +33,4 @@ spec: syncPolicy: automated: selfHeal: true - prune: true \ No newline at end of file + prune: true diff --git a/remodel/k8s/infra/storage/kustomization.yaml b/k8s/infra/storage/kustomization.yaml similarity index 87% rename from remodel/k8s/infra/storage/kustomization.yaml rename to k8s/infra/storage/kustomization.yaml index 24e3929..7f51567 100644 --- a/remodel/k8s/infra/storage/kustomization.yaml +++ b/k8s/infra/storage/kustomization.yaml @@ -6,4 +6,4 @@ commonLabels: resources: - project.yaml - - application-set.yaml \ No newline at end of file + - application-set.yaml diff --git a/remodel/k8s/infra/storage/project.yaml b/k8s/infra/storage/project.yaml similarity index 100% rename from remodel/k8s/infra/storage/project.yaml rename to k8s/infra/storage/project.yaml diff --git a/remodel/k8s/infra/storage/proxmox-csi/kustomization.yaml b/k8s/infra/storage/proxmox-csi/kustomization.yaml similarity index 100% rename from remodel/k8s/infra/storage/proxmox-csi/kustomization.yaml rename to k8s/infra/storage/proxmox-csi/kustomization.yaml diff --git a/remodel/k8s/infra/storage/proxmox-csi/values.yaml b/k8s/infra/storage/proxmox-csi/values.yaml similarity index 100% rename from remodel/k8s/infra/storage/proxmox-csi/values.yaml rename to k8s/infra/storage/proxmox-csi/values.yaml diff --git a/sets/applications.yaml b/k8s/sets/applications.yaml similarity index 81% rename from sets/applications.yaml rename to k8s/sets/applications.yaml index 31d2336..c3ec52b 100644 --- a/sets/applications.yaml +++ b/k8s/sets/applications.yaml @@ -8,9 +8,9 @@ metadata: spec: project: app-of-apps source: - path: apps + path: k8s/apps repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD + targetRevision: remodel destination: namespace: argocd name: in-cluster @@ -18,5 +18,3 @@ spec: automated: selfHeal: true prune: true - syncOptions: - - CreateNamespace=true diff --git a/sets/infrastructure.yaml b/k8s/sets/infrastructure.yaml similarity index 81% rename from sets/infrastructure.yaml rename to k8s/sets/infrastructure.yaml index 2694461..bd91b29 100644 --- a/sets/infrastructure.yaml +++ b/k8s/sets/infrastructure.yaml @@ -8,9 +8,9 @@ metadata: spec: project: app-of-apps source: - path: infra + path: k8s/infra repoURL: https://github.com/vehagn/homelab - targetRevision: HEAD + targetRevision: remodel destination: namespace: argocd name: in-cluster @@ -18,5 +18,3 @@ spec: automated: selfHeal: true prune: true - syncOptions: - - CreateNamespace=true diff --git a/sets/kustomization.yaml b/k8s/sets/kustomization.yaml similarity index 100% rename from sets/kustomization.yaml rename to k8s/sets/kustomization.yaml diff --git a/sets/project.yaml b/k8s/sets/project.yaml similarity index 85% rename from sets/project.yaml rename to k8s/sets/project.yaml index 3d8d73d..2586d73 100644 --- a/sets/project.yaml +++ b/k8s/sets/project.yaml @@ -5,7 +5,7 @@ metadata: namespace: argocd spec: sourceRepos: - - 'https://github.com/vehagn/*' + - 'https://github.com/vehagn/homelab' destinations: - namespace: 'argocd' server: '*' diff --git a/machines/cantor/main.tf b/machines/cantor/main.tf deleted file mode 100644 index 3cc76e5..0000000 --- a/machines/cantor/main.tf +++ /dev/null @@ -1,22 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "bpg/proxmox" - version = "0.50.0" - } - } -} - -provider "proxmox" { - alias = "cantor" - endpoint = var.cantor.endpoint - insecure = var.cantor.insecure - - api_token = var.cantor_auth.api_token - ssh { - agent = true - username = var.cantor_auth.username - } - - tmp_dir = "/var/tmp" -} \ No newline at end of file diff --git a/machines/cantor/truenas-scale-vm.tf b/machines/cantor/truenas-scale-vm.tf deleted file mode 100644 index 142330d..0000000 --- a/machines/cantor/truenas-scale-vm.tf +++ /dev/null @@ -1,141 +0,0 @@ -resource "proxmox_virtual_environment_download_file" "truenas-scale-23" { - provider = proxmox.cantor - node_name = var.cantor.node_name - content_type = "iso" - datastore_id = "local" - - file_name = "TrueNAS-SCALE-23.10.2.iso" - url = "https://download.sys.truenas.net/TrueNAS-SCALE-Cobia/23.10.2/TrueNAS-SCALE-23.10.2.iso" - checksum = "c2b0d6ef6ca6a9bf53a0ee9c50f8d0461fd5f12b962a8800e95d0bc3ef629edb" - checksum_algorithm = "sha256" -} - -resource "proxmox_virtual_environment_vm" "truenas-scale" { - provider = proxmox.cantor - node_name = var.cantor.node_name - - name = "truenas-scale" - description = "True NAS scale" - tags = ["nas"] - on_boot = true - vm_id = 1000 - - machine = "q35" - scsi_hardware = "virtio-scsi-single" - bios = "ovmf" - - cpu { - cores = 4 - type = "host" - } - - memory { - dedicated = 24576 - } - - network_device { - bridge = "vmbr0" - } - - efi_disk { - datastore_id = "local-zfs" - file_format = "raw" // To support qcow2 format - type = "4m" - } - - disk { - datastore_id = "local-zfs" - file_id = proxmox_virtual_environment_download_file.truenas-scale-23.id - iothread = true - interface = "scsi0" - cache = "writethrough" - discard = "on" - ssd = true - size = 16 - } - - disk { - datastore_id = "local-zfs" - iothread = true - file_format = "raw" - interface = "scsi1" - cache = "writethrough" - discard = "on" - ssd = true - size = 128 - } - - boot_order = ["scsi1", "scsi0"] - - agent { - enabled = true - } - - operating_system { - type = "l26" # Linux Kernel 2.6 - 6.X. - } - - initialization { - dns { - domain = var.vm_dns.domain - servers = var.vm_dns.servers - } - ip_config { - ipv4 { - address = "192.168.1.55/24" - gateway = "192.168.1.1" - } - } - - datastore_id = "local-zfs" - # user_data_file_id = proxmox_virtual_environment_file.cloud-init-work-01.id - } - - hostpci { - device = "hostpci0" - mapping = "ASM1166-0" - pcie = true - rombar = true - xvga = false - } - - // hostpci { - // device = "hostpci1" - // mapping = "ASM1182e-0" - // pcie = true - // rombar = true - // xvga = false - // } - // - // hostpci { - // device = "hostpci2" - // mapping = "ASM1182e-1" - // pcie = true - // rombar = true - // xvga = false - // } - // - // hostpci { - // device = "hostpci3" - // mapping = "ASM1182e-2" - // pcie = true - // rombar = true - // xvga = false - // } - // - // hostpci { - // device = "hostpci4" - // mapping = "I226-V-0" - // pcie = true - // rombar = true - // xvga = false - // } - // - // hostpci { - // device = "hostpci5" - // mapping = "I226-V-1" - // pcie = true - // rombar = true - // xvga = false - // } -} diff --git a/machines/cantor/variables.tf b/machines/cantor/variables.tf deleted file mode 100644 index 5004e8c..0000000 --- a/machines/cantor/variables.tf +++ /dev/null @@ -1,51 +0,0 @@ -variable "cantor" { - description = "Proxmox server configuration for Cantor" - type = object({ - node_name = string - endpoint = string - insecure = bool - }) -} - -variable "cantor_auth" { - description = "Cantor Proxmox server auth" - type = object({ - username = string - api_token = string - }) - sensitive = true -} - -variable "vm_dns" { - description = "DNS config for VMs" - type = object({ - domain = string - servers = list(string) - }) -} - -variable "vm_user" { - description = "VM username" - type = string -} - -variable "vm_password" { - description = "VM password" - type = string - sensitive = true -} - -variable "host_pub-key" { - description = "Host public key" - type = string -} - -variable "k8s-version" { - description = "Kubernetes version" - type = string -} - -variable "cilium-cli-version" { - description = "Cilium CLI version" - type = string -} diff --git a/machines/euclid/cloud-init/k8s-common.yaml.tftpl b/machines/euclid/cloud-init/k8s-common.yaml.tftpl deleted file mode 100644 index 464ca82..0000000 --- a/machines/euclid/cloud-init/k8s-common.yaml.tftpl +++ /dev/null @@ -1,67 +0,0 @@ -users: - - name: ${username} - passwd: ${password} - lock_passwd: false - groups: [ adm, cdrom, dip, plugdev, lxd, sudo ] - shell: /bin/bash - ssh_authorized_keys: - - ${pub-key} - #sudo: ALL=(ALL) NOPASSWD:ALL - -hostname: ${hostname} -package_update: true -package_upgrade: true -timezone: Europe/Oslo - -write_files: - - path: /etc/ssh/sshd_config.d/01-harden-ssh.conf - content: | - PermitRootLogin no - PasswordAuthentication no - ChallengeResponseAuthentication no - UsePAM no - - - path: /etc/modules-load.d/k8s.conf - content: | - overlay - br_netfilter - - - path: /etc/sysctl.d/k8s.conf - content: | - net.bridge.bridge-nf-call-ip6tables = 1 - net.bridge.bridge-nf-call-iptables = 1 - net.ipv4.ip_forward = 1 - -packages: - - qemu-guest-agent - - net-tools - - vim - - apt-transport-https - - ca-certificates - - curl - - gpg - - open-iscsi - - jq - -power_state: - delay: now - mode: reboot - message: Rebooting after cloud-init completion - condition: true - -runcmd: - - systemctl enable qemu-guest-agent - - localectl set-locale LANG=en_US.UTF-8 - - curl -fsSL https://pkgs.k8s.io/core:/stable:/v${k8s-version}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg - - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v${k8s-version}/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list - - apt update - - apt install -y kubelet kubeadm kubectl - - apt-mark hold kubelet kubeadm kubectl - - apt install -y runc containerd - - containerd config default | tee /etc/containerd/config.toml - - sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml - - modprobe overlay - - modprobe br_netfilter - - sysctl --system - - systemctl restart containerd - - ${kubeadm-cmd} \ No newline at end of file diff --git a/machines/euclid/cloud-init/k8s-control-plane.yaml.tftpl b/machines/euclid/cloud-init/k8s-control-plane.yaml.tftpl deleted file mode 100644 index 0f0817d..0000000 --- a/machines/euclid/cloud-init/k8s-control-plane.yaml.tftpl +++ /dev/null @@ -1,9 +0,0 @@ -#cloud-config -${common-config} - - mkdir -p /home/${username}/.kube - - cp /etc/kubernetes/admin.conf /home/${username}/.kube/config - - chown -R ${username}:${username} /home/${username}/.kube - - curl -sfLO https://github.com/cilium/cilium-cli/releases/download/v${cilium-cli-version}/cilium-linux-amd64.tar.gz - - tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin - - rm cilium-linux-amd64.tar.gz - - ${cilium-cli-cmd} diff --git a/machines/euclid/cloud-init/k8s-worker.yaml.tftpl b/machines/euclid/cloud-init/k8s-worker.yaml.tftpl deleted file mode 100644 index 23bcdb2..0000000 --- a/machines/euclid/cloud-init/k8s-worker.yaml.tftpl +++ /dev/null @@ -1,2 +0,0 @@ -#cloud-config -${common-config} \ No newline at end of file diff --git a/machines/euclid/images/download.sh b/machines/euclid/images/download.sh deleted file mode 100755 index d6db208..0000000 --- a/machines/euclid/images/download.sh +++ /dev/null @@ -1,4 +0,0 @@ -wget https://github.com/home-assistant/operating-system/releases/download/12.1/haos_ova-12.1.qcow2.xz -xz -d haos_ova-12.1.qcow2.xz - -wget https://cloud.debian.org/images/cloud/bookworm-backports/20240429-1732/debian-12-backports-generic-amd64-20240429-1732.qcow2 \ No newline at end of file diff --git a/machines/euclid/k8s-config.tf b/machines/euclid/k8s-config.tf deleted file mode 100644 index ded7c3e..0000000 --- a/machines/euclid/k8s-config.tf +++ /dev/null @@ -1,118 +0,0 @@ -resource "proxmox_virtual_environment_download_file" "debian_12_bookworm" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "iso" - datastore_id = "local" - - file_name = "debian-12-generic-amd64-20240201-1644.img" - url = "https://cloud.debian.org/images/cloud/bookworm/20240211-1654/debian-12-generic-amd64-20240211-1654.qcow2" - checksum = "b679398972ba45a60574d9202c4f97ea647dd3577e857407138b73b71a3c3c039804e40aac2f877f3969676b6c8a1ebdb4f2d67a4efa6301c21e349e37d43ef5" - checksum_algorithm = "sha512" -} - -resource "proxmox_virtual_environment_download_file" "debian_12_bpo" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "iso" - datastore_id = "local" - - file_name = "debian-12-backports-generic-amd64-20240429-1732.img" - url = "https://cloud.debian.org/images/cloud/bookworm-backports/20240429-1732/debian-12-backports-generic-amd64-20240429-1732.qcow2" -# checksum = "b679398972ba45a60574d9202c4f97ea647dd3577e857407138b73b71a3c3c039804e40aac2f877f3969676b6c8a1ebdb4f2d67a4efa6301c21e349e37d43ef5" -# checksum_algorithm = "sha512" -} - -resource "proxmox_virtual_environment_download_file" "ubuntu_jammy_cloud_amd64" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "iso" - datastore_id = "local" - - file_name = "jammy-server-cloudimg-amd64.img" - url = "https://cloud-images.ubuntu.com/jammy/20240514/jammy-server-cloudimg-amd64.img" - checksum = "1718f177dde4c461148ab7dcbdcf2f410c1f5daa694567f6a8bbb239d864b525" - checksum_algorithm = "sha256" -} - -resource "proxmox_virtual_environment_download_file" "ubuntu_mantic-cloud-amd64" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "iso" - datastore_id = "local" - - file_name = "mantic-server-cloudimg-amd64.img" - url = "https://cloud-images.ubuntu.com/mantic/20240514/mantic-server-cloudimg-amd64.img" -# checksum = "1718f177dde4c461148ab7dcbdcf2f410c1f5daa694567f6a8bbb239d864b525" -# checksum_algorithm = "sha256" -} - -resource "proxmox_virtual_environment_download_file" "ubuntu_noble-cloud-amd64" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "iso" - datastore_id = "local" - - file_name = "noble-server-cloudimg-amd64.img" - url = "https://cloud-images.ubuntu.com/noble/20240505/noble-server-cloudimg-amd64.img" - # checksum = "1718f177dde4c461148ab7dcbdcf2f410c1f5daa694567f6a8bbb239d864b525" - # checksum_algorithm = "sha256" -} - -#resource "proxmox_virtual_environment_file" "debian_12_backports_image" { -# provider = proxmox.euclid -# node_name = var.euclid.node_name -# content_type = "iso" -# datastore_id = "local" -# -# source_file { -# path = "images/debian-12-backports-generic-amd64-20240429-1732.qcow2" -# file_name = "debian-12-backports-generic-amd64-20240429-1732.img" -# } -#} - -# Make sure the "Snippets" content type is enabled on the target datastore in Proxmox before applying the configuration below. -# https://github.com/bpg/terraform-provider-proxmox/blob/main/docs/guides/cloud-init.md -resource "proxmox_virtual_environment_file" "cloud-init-ctrl-01" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "snippets" - datastore_id = "local" - - source_raw { - data = templatefile("./cloud-init/k8s-control-plane.yaml.tftpl", { - common-config = templatefile("./cloud-init/k8s-common.yaml.tftpl", { - hostname = "k8s-ctrl-01" - username = var.vm_user - password = var.vm_password - pub-key = var.host_pub-key - k8s-version = var.k8s-version - kubeadm-cmd = "kubeadm init --skip-phases=addon/kube-proxy" - }) - username = var.vm_user - cilium-cli-version = var.cilium-cli-version - cilium-cli-cmd = "HOME=/home/${var.vm_user} KUBECONFIG=/etc/kubernetes/admin.conf cilium install --set kubeProxyReplacement=true" - }) - file_name = "cloud-init-k8s-ctrl-01.yaml" - } -} - -resource "proxmox_virtual_environment_file" "cloud-init-work-01" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "snippets" - datastore_id = "local" - - source_raw { - data = templatefile("./cloud-init/k8s-worker.yaml.tftpl", { - common-config = templatefile("./cloud-init/k8s-common.yaml.tftpl", { - hostname = "k8s-work-01" - username = var.vm_user - password = var.vm_password - pub-key = var.host_pub-key - k8s-version = var.k8s-version - kubeadm-cmd = module.kubeadm-join.stdout - }) - }) - file_name = "cloud-init-k8s-work-01.yaml" - } -} diff --git a/machines/euclid/k8s-vm-control-plane.tf b/machines/euclid/k8s-vm-control-plane.tf deleted file mode 100644 index bdc6d64..0000000 --- a/machines/euclid/k8s-vm-control-plane.tf +++ /dev/null @@ -1,101 +0,0 @@ -resource "proxmox_virtual_environment_vm" "k8s-ctrl-01" { - provider = proxmox.euclid - node_name = var.euclid.node_name - - name = "k8s-ctrl-01" - description = "Kubernetes Control Plane 01" - tags = ["k8s", "control-plane"] - on_boot = true - vm_id = 8001 - - machine = "q35" - scsi_hardware = "virtio-scsi-single" - bios = "ovmf" - - cpu { - cores = 4 - type = "host" - } - - memory { - dedicated = 4096 - } - - network_device { - bridge = "vmbr0" - mac_address = "BC:24:11:2E:C0:01" - } - - efi_disk { - datastore_id = "local-zfs" - file_format = "raw" // To support qcow2 format - type = "4m" - } - - disk { - datastore_id = "local-zfs" - file_id = proxmox_virtual_environment_download_file.debian_12_bpo.id - interface = "scsi0" - cache = "writethrough" - discard = "on" - ssd = true - size = 32 - } - - boot_order = ["scsi0"] - - agent { - enabled = true - } - - operating_system { - type = "l26" # Linux Kernel 2.6 - 6.X. - } - - initialization { - dns { - domain = var.vm_dns.domain - servers = var.vm_dns.servers - } - ip_config { - ipv4 { - address = "192.168.1.100/24" - gateway = "192.168.1.1" - } - } - - datastore_id = "local-zfs" - user_data_file_id = proxmox_virtual_environment_file.cloud-init-ctrl-01.id - } -} - -output "ctrl_01_ipv4_address" { - depends_on = [proxmox_virtual_environment_vm.k8s-ctrl-01] - value = proxmox_virtual_environment_vm.k8s-ctrl-01.ipv4_addresses[1][0] -} - -resource "local_file" "ctrl-01-ip" { - content = proxmox_virtual_environment_vm.k8s-ctrl-01.ipv4_addresses[1][0] - filename = "output/ctrl-01-ip.txt" - file_permission = "0644" -} - -module "kube-config" { - depends_on = [local_file.ctrl-01-ip] - source = "Invicton-Labs/shell-resource/external" - version = "0.4.1" - command_unix = "ssh -o StrictHostKeyChecking=no ${var.vm_user}@${local_file.ctrl-01-ip.content} cat /home/${var.vm_user}/.kube/config" -} - -resource "local_file" "kube-config" { - content = module.kube-config.stdout - filename = "output/config" - file_permission = "0600" -} - -module "kubeadm-join" { - depends_on = [local_file.kube-config] - source = "Invicton-Labs/shell-resource/external" - version = "0.4.1" - command_unix = "ssh -o StrictHostKeyChecking=no ${var.vm_user}@${local_file.ctrl-01-ip.content} /usr/bin/kubeadm token create --print-join-command" -} diff --git a/machines/euclid/k8s-vm-worker.tf b/machines/euclid/k8s-vm-worker.tf deleted file mode 100644 index dc5961a..0000000 --- a/machines/euclid/k8s-vm-worker.tf +++ /dev/null @@ -1,114 +0,0 @@ -resource "proxmox_virtual_environment_vm" "k8s-work-01" { - provider = proxmox.euclid - node_name = var.euclid.node_name - - name = "k8s-work-01" - description = "Kubernetes Worker 01" - tags = ["k8s", "worker"] - on_boot = true - vm_id = 8101 - - machine = "q35" - scsi_hardware = "virtio-scsi-single" - bios = "ovmf" - - cpu { - cores = 4 - type = "host" - } - - memory { - dedicated = 16384 - } - - network_device { - bridge = "vmbr0" - mac_address = "BC:24:11:2E:AE:01" - } - - efi_disk { - datastore_id = "local-zfs" - file_format = "raw" // To support qcow2 format - type = "4m" - } - - disk { - datastore_id = "local-zfs" - file_id = proxmox_virtual_environment_download_file.debian_12_bpo.id - iothread = true - interface = "scsi0" - cache = "writethrough" - discard = "on" - ssd = true - size = 32 - } - - disk { - datastore_id = "local-zfs" - iothread = true - file_format = "raw" - interface = "scsi1" - cache = "writethrough" - discard = "on" - ssd = true - size = 64 - } - -# disk { -# datastore_id = "local-zfs" -# iothread = true -# file_format = "raw" -# interface = "scsi2" -# cache = "writethrough" -# discard = "on" -# ssd = true -# size = 512 -# } - - boot_order = ["scsi0"] - - agent { - enabled = true - } - - operating_system { - type = "l26" # Linux Kernel 2.6 - 6.X. - } - - initialization { - dns { - domain = var.vm_dns.domain - servers = var.vm_dns.servers - } - ip_config { - ipv4 { - address = "192.168.1.110/24" - gateway = "192.168.1.1" - } - } - - datastore_id = "local-zfs" - user_data_file_id = proxmox_virtual_environment_file.cloud-init-work-01.id - } - - hostpci { - # Passthrough iGPU - device = "hostpci0" - #id = "0000:00:02" - mapping = "iGPU" - pcie = true - rombar = true - xvga = false - } -} - -output "work_01_ipv4_address" { - depends_on = [proxmox_virtual_environment_vm.k8s-work-01] - value = proxmox_virtual_environment_vm.k8s-work-01.ipv4_addresses[1][0] -} - -resource "local_file" "work-01-ip" { - content = proxmox_virtual_environment_vm.k8s-work-01.ipv4_addresses[1][0] - filename = "output/work-01-ip.txt" - file_permission = "0644" -} diff --git a/machines/euclid/main.tf b/machines/euclid/main.tf deleted file mode 100644 index 38f0725..0000000 --- a/machines/euclid/main.tf +++ /dev/null @@ -1,22 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "bpg/proxmox" - version = "0.57.0" - } - } -} - -provider "proxmox" { - alias = "euclid" - endpoint = var.euclid.endpoint - insecure = var.euclid.insecure - - api_token = var.euclid_auth.api_token - ssh { - agent = true - username = var.euclid_auth.username - } - - tmp_dir = "/var/tmp" -} \ No newline at end of file diff --git a/machines/euclid/variables.tf b/machines/euclid/variables.tf deleted file mode 100644 index 82c75d0..0000000 --- a/machines/euclid/variables.tf +++ /dev/null @@ -1,51 +0,0 @@ -variable "euclid" { - description = "Proxmox server configuration for Euclid" - type = object({ - node_name = string - endpoint = string - insecure = bool - }) -} - -variable "euclid_auth" { - description = "Euclid Proxmox server auth" - type = object({ - username = string - api_token = string - }) - sensitive = true -} - -variable "vm_dns" { - description = "DNS config for VMs" - type = object({ - domain = string - servers = list(string) - }) -} - -variable "vm_user" { - description = "VM username" - type = string -} - -variable "vm_password" { - description = "VM password" - type = string - sensitive = true -} - -variable "host_pub-key" { - description = "Host public key" - type = string -} - -variable "k8s-version" { - description = "Kubernetes version" - type = string -} - -variable "cilium-cli-version" { - description = "Cilium CLI version" - type = string -} diff --git a/machines/euclid/vm-home-assistant.tf b/machines/euclid/vm-home-assistant.tf deleted file mode 100644 index f8d20ba..0000000 --- a/machines/euclid/vm-home-assistant.tf +++ /dev/null @@ -1,68 +0,0 @@ -resource "proxmox_virtual_environment_file" "haos_generic_image" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "iso" - datastore_id = "local" - - source_file { - path = "images/haos_ova-12.1.qcow2" - file_name = "haos_ova-12.1.img" - } -} - -resource "proxmox_virtual_environment_vm" "home_assistant" { - provider = proxmox.euclid - node_name = var.euclid.node_name - - name = "Home-Assistant" - description = "Managed by OpenTofu" - tags = ["tofu", "home-assistant"] - on_boot = true - bios = "ovmf" - - vm_id = 1001 - - tablet_device = false - - cpu { - cores = 2 - type = "host" - } - - memory { - dedicated = 4096 - } - - network_device { - bridge = "vmbr0" - mac_address = "BC:24:11:50:A6:33" - } - - agent { - enabled = true - } - - efi_disk { - datastore_id = "local-zfs" - file_format = "raw" // To support qcow2 format - type = "4m" - } - - disk { - datastore_id = "local-zfs" - file_id = proxmox_virtual_environment_file.haos_generic_image.id - interface = "scsi0" - cache = "writethrough" - discard = "on" - ssd = true - size = 64 - } - - operating_system { - type = "l26" # Linux Kernel 2.6 - 5.X. - } - - lifecycle { - prevent_destroy = true - } -} \ No newline at end of file diff --git a/remodel/k8s/apps/external/haos/http-route.yaml b/remodel/k8s/apps/external/haos/http-route.yaml deleted file mode 100644 index 30ba833..0000000 --- a/remodel/k8s/apps/external/haos/http-route.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: home-assistant - namespace: haos -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "haos.stonegarden.dev" - rules: - - backendRefs: - - name: home-assistant - port: 8123 \ No newline at end of file diff --git a/remodel/k8s/apps/external/haos/ns.yaml b/remodel/k8s/apps/external/haos/ns.yaml deleted file mode 100644 index 5e74a7e..0000000 --- a/remodel/k8s/apps/external/haos/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: haos \ No newline at end of file diff --git a/remodel/k8s/apps/external/haos/svc.yaml b/remodel/k8s/apps/external/haos/svc.yaml deleted file mode 100644 index b36eaf0..0000000 --- a/remodel/k8s/apps/external/haos/svc.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: home-assistant - namespace: haos -spec: - ports: - - name: http - protocol: TCP - port: 8123 \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/blog/remark42/http-route.yaml b/remodel/k8s/apps/homepage/blog/remark42/http-route.yaml deleted file mode 100644 index d30a4b9..0000000 --- a/remodel/k8s/apps/homepage/blog/remark42/http-route.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: remark42-http-route - namespace: blog -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "remark42.stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: remark42 - port: 80 \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/kustomization.yaml b/remodel/k8s/apps/homepage/kustomization.yaml deleted file mode 100644 index 7d5929f..0000000 --- a/remodel/k8s/apps/homepage/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: argocd -commonLabels: - dev.stonegarden: app-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml diff --git a/remodel/k8s/apps/homepage/stonegarden/http-route.yaml b/remodel/k8s/apps/homepage/stonegarden/http-route.yaml deleted file mode 100644 index e3b4295..0000000 --- a/remodel/k8s/apps/homepage/stonegarden/http-route.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: stonegarden - namespace: stonegarden -spec: - parentRefs: - - name: stonegarden - namespace: gateway - hostnames: - - "stonegarden.dev" - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - name: stonegarden - port: 3000 \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/stonegarden/ns.yaml b/remodel/k8s/apps/homepage/stonegarden/ns.yaml deleted file mode 100644 index e1079e3..0000000 --- a/remodel/k8s/apps/homepage/stonegarden/ns.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: stonegarden - labels: - dev.stonegarden.app: homepage \ No newline at end of file diff --git a/remodel/k8s/apps/kustomization.yaml b/remodel/k8s/apps/kustomization.yaml deleted file mode 100644 index 7d5929f..0000000 --- a/remodel/k8s/apps/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: argocd -commonLabels: - dev.stonegarden: app-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml diff --git a/remodel/k8s/apps/media/kustomization.yaml b/remodel/k8s/apps/media/kustomization.yaml deleted file mode 100644 index 7d5929f..0000000 --- a/remodel/k8s/apps/media/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: argocd -commonLabels: - dev.stonegarden: app-management - app.kubernetes.io/managed-by: argocd - -resources: - - project.yaml - - application-set.yaml diff --git a/remodel/k8s/apps/project.yaml b/remodel/k8s/apps/project.yaml deleted file mode 100644 index 1472465..0000000 --- a/remodel/k8s/apps/project.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: applications - namespace: argocd -spec: - sourceNamespaces: - - '*' - sourceRepos: - - 'https://github.com/vehagn/*' - destinations: - - namespace: 'argocd' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/remodel/k8s/infra/controllers/argocd/ns.yaml b/remodel/k8s/infra/controllers/argocd/ns.yaml deleted file mode 100644 index 96e84ab..0000000 --- a/remodel/k8s/infra/controllers/argocd/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: argocd \ No newline at end of file diff --git a/remodel/k8s/infra/controllers/cert-manager/ns.yaml b/remodel/k8s/infra/controllers/cert-manager/ns.yaml deleted file mode 100644 index 661039b..0000000 --- a/remodel/k8s/infra/controllers/cert-manager/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager \ No newline at end of file diff --git a/remodel/k8s/infra/monitoring/prometheus-stack/ingress-route.yaml b/remodel/k8s/infra/monitoring/prometheus-stack/ingress-route.yaml deleted file mode 100644 index 562d5f3..0000000 --- a/remodel/k8s/infra/monitoring/prometheus-stack/ingress-route.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: monitoring - namespace: monitoring - labels: - app: traefik -spec: - entryPoints: - - websecure - routes: - - match: Host(`prometheus.stonegarden.dev`) - kind: Rule - services: - - name: kube-prometheus-stack-prometheus - port: http-web # 9090 - middlewares: - - name: traefik-forward-auth - - match: Host(`grafana.stonegarden.dev`) - kind: Rule - services: - - name: kube-prometheus-stack-grafana - port: http-web # 80 - middlewares: - - name: traefik-forward-auth - - match: Host(`alertmanager.stonegarden.dev`) - kind: Rule - services: - - name: kube-prometheus-stack-alertmanager - port: http-web # 9093 - middlewares: - - name: traefik-forward-auth \ No newline at end of file diff --git a/remodel/k8s/infra/network/cilium/announce.yaml b/remodel/k8s/infra/network/cilium/announce.yaml deleted file mode 100644 index 14f52b2..0000000 --- a/remodel/k8s/infra/network/cilium/announce.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: cilium.io/v2alpha1 -kind: CiliumL2AnnouncementPolicy -metadata: - name: default-l2-announcement-policy - namespace: kube-system -spec: - externalIPs: true - loadBalancerIPs: true diff --git a/remodel/k8s/infra/network/gateway/ns.yaml b/remodel/k8s/infra/network/gateway/ns.yaml deleted file mode 100644 index 6b6903e..0000000 --- a/remodel/k8s/infra/network/gateway/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: gateway \ No newline at end of file diff --git a/remodel/tofu/home-assistant/main.tf b/remodel/tofu/home-assistant/main.tf deleted file mode 100644 index 2f25968..0000000 --- a/remodel/tofu/home-assistant/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "bpg/proxmox" - version = "0.60.0" - } - } -} - -provider "proxmox" { - endpoint = var.proxmox_node.endpoint - insecure = var.proxmox_node.insecure - - api_token = var.proxmox_node.api_token - ssh { - agent = true - username = var.proxmox_node.username - } -} \ No newline at end of file diff --git a/remodel/tofu/home-assistant/image.tf b/tofu/home-assistant/image.tf similarity index 100% rename from remodel/tofu/home-assistant/image.tf rename to tofu/home-assistant/image.tf diff --git a/tofu/home-assistant/images.tf b/tofu/home-assistant/images.tf deleted file mode 100644 index 05141e8..0000000 --- a/tofu/home-assistant/images.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "proxmox_virtual_environment_file" "haos_generic_image" { - provider = proxmox.euclid - node_name = var.euclid.node_name - content_type = "iso" - datastore_id = "local" - - source_file { - path = "images/haos_ova-12.3.qcow2" - file_name = "haos_ova-12.3.img" - } -} diff --git a/tofu/home-assistant/images/download.sh b/tofu/home-assistant/images/download.sh deleted file mode 100755 index 3a0aaec..0000000 --- a/tofu/home-assistant/images/download.sh +++ /dev/null @@ -1,2 +0,0 @@ -wget https://github.com/home-assistant/operating-system/releases/download/12.3/haos_ova-12.3.qcow2.xz -xz -d haos_ova-12.3.qcow2.xz diff --git a/tofu/home-assistant/main.tf b/tofu/home-assistant/main.tf index 3146601..2f25968 100644 --- a/tofu/home-assistant/main.tf +++ b/tofu/home-assistant/main.tf @@ -2,8 +2,18 @@ terraform { required_providers { proxmox = { source = "bpg/proxmox" - version = ">= 0.57.0" + version = "0.60.0" } } } +provider "proxmox" { + endpoint = var.proxmox_node.endpoint + insecure = var.proxmox_node.insecure + + api_token = var.proxmox_node.api_token + ssh { + agent = true + username = var.proxmox_node.username + } +} \ No newline at end of file diff --git a/tofu/home-assistant/pve_euclid.tf b/tofu/home-assistant/pve_euclid.tf deleted file mode 120000 index fcf4531..0000000 --- a/tofu/home-assistant/pve_euclid.tf +++ /dev/null @@ -1 +0,0 @@ -../machines/euclid.tf \ No newline at end of file diff --git a/remodel/tofu/home-assistant/variables.tf b/tofu/home-assistant/variables.tf similarity index 100% rename from remodel/tofu/home-assistant/variables.tf rename to tofu/home-assistant/variables.tf diff --git a/tofu/home-assistant/vm-haos.tf b/tofu/home-assistant/vm-haos.tf deleted file mode 100644 index 246da0b..0000000 --- a/tofu/home-assistant/vm-haos.tf +++ /dev/null @@ -1,57 +0,0 @@ -resource "proxmox_virtual_environment_vm" "home_assistant" { - provider = proxmox.euclid - node_name = var.euclid.node_name - - name = "Home-Assistant" - description = "Managed by OpenTofu" - tags = ["home-assistant"] - on_boot = true - bios = "ovmf" - scsi_hardware = "virtio-scsi-single" - - vm_id = 1000 - - tablet_device = false - - cpu { - cores = 2 - type = "host" - } - - memory { - dedicated = 4096 - } - - network_device { - bridge = "vmbr0" - mac_address = "BC:24:11:50:A6:33" - } - - agent { - enabled = true - } - - efi_disk { - datastore_id = "local-zfs" - file_format = "raw" // To support qcow2 format - type = "4m" - } - - disk { - datastore_id = "local-zfs" - file_id = proxmox_virtual_environment_file.haos_generic_image.id - interface = "scsi0" - cache = "writethrough" - discard = "on" - ssd = true - size = 64 - } - - operating_system { - type = "l26" # Linux Kernel 2.6 - 5.X. - } - - lifecycle { - prevent_destroy = true - } -} diff --git a/remodel/tofu/home-assistant/vm.tf b/tofu/home-assistant/vm.tf similarity index 100% rename from remodel/tofu/home-assistant/vm.tf rename to tofu/home-assistant/vm.tf diff --git a/tofu/k8s/bootstrap/cilium-install.yaml b/tofu/k8s/bootstrap/cilium-install.yaml deleted file mode 100644 index 29618a3..0000000 --- a/tofu/k8s/bootstrap/cilium-install.yaml +++ /dev/null @@ -1,83 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cilium-install -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: cilium-install - namespace: kube-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cilium-install - namespace: kube-system ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: cilium-install - namespace: kube-system -spec: - backoffLimit: 10 - template: - metadata: - labels: - app: cilium-install - spec: - restartPolicy: OnFailure - tolerations: - - operator: Exists - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - effect: PreferNoSchedule - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoExecute - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: PreferNoSchedule - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - serviceAccountName: cilium-install - hostNetwork: true - containers: - - name: cilium-install - image: quay.io/cilium/cilium-cli-ci:latest - env: - - name: KUBERNETES_SERVICE_HOST - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: KUBERNETES_SERVICE_PORT - value: "6443" - command: - - cilium - - install - - --version=v1.15.5 # renovate: github-releases=cilium/cilium - - --helm-set=ipam.mode=kubernetes - - --set - - kubeProxyReplacement=true - - --helm-set=securityContext.capabilities.ciliumAgent={CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID} - - --helm-set=securityContext.capabilities.cleanCiliumState={NET_ADMIN,SYS_ADMIN,SYS_RESOURCE} - - --helm-set=cgroup.autoMount.enabled=false - - --helm-set=cgroup.hostRoot=/sys/fs/cgroup - - --helm-set=k8sServiceHost=localhost - - --helm-set=k8sServicePort=7445 diff --git a/tofu/k8s/cloud-init/k8s-common.yaml.tftpl b/tofu/k8s/cloud-init/k8s-common.yaml.tftpl deleted file mode 100644 index aaf3477..0000000 --- a/tofu/k8s/cloud-init/k8s-common.yaml.tftpl +++ /dev/null @@ -1,70 +0,0 @@ -users: - - name: ${username} - passwd: ${password} - lock_passwd: false - groups: [ adm, cdrom, dip, plugdev, lxd, sudo ] - shell: /bin/bash - ssh_authorized_keys: - - ${pub-key} - #sudo: ALL=(ALL) NOPASSWD:ALL - -hostname: ${hostname} -package_update: true -package_upgrade: true -timezone: Europe/Oslo - -write_files: - - path: /etc/ssh/sshd_config.d/01-harden-ssh.conf - content: | - PermitRootLogin no - PasswordAuthentication no - ChallengeResponseAuthentication no - UsePAM no - - - path: /etc/modules-load.d/k8s.conf - content: | - overlay - br_netfilter - - - path: /etc/sysctl.d/k8s.conf - content: | - net.bridge.bridge-nf-call-ip6tables = 1 - net.bridge.bridge-nf-call-iptables = 1 - net.ipv4.ip_forward = 1 - -packages: - - qemu-guest-agent - - net-tools - - vim - - apt-transport-https - - ca-certificates - - curl - - gpg - - open-iscsi - - jq - -power_state: - delay: now - mode: reboot - message: Rebooting after cloud-init completion - condition: true - -runcmd: - - systemctl enable qemu-guest-agent - - localectl set-locale LANG=en_US.UTF-8 - - sed -i '/Components/s/$/ non-free non-free-firmware/' /etc/apt/sources.list.d/debian.sources - - curl -fsSL https://pkgs.k8s.io/core:/stable:/v${k8s-version}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg - - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v${k8s-version}/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list - - apt update - - apt install -y nfs-common - - apt install -y firmware-misc-nonfree intel-media-va-driver-non-free intel-gpu-tools - - apt install -y kubelet kubeadm kubectl - - apt-mark hold kubelet kubeadm kubectl - - apt install -y runc containerd - - containerd config default | tee /etc/containerd/config.toml - - sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml - - modprobe overlay - - modprobe br_netfilter - - sysctl --system - - systemctl restart containerd - - ${kubeadm-cmd} \ No newline at end of file diff --git a/tofu/k8s/cloud-init/k8s-control-plane.yaml.tftpl b/tofu/k8s/cloud-init/k8s-control-plane.yaml.tftpl deleted file mode 100644 index 0f0817d..0000000 --- a/tofu/k8s/cloud-init/k8s-control-plane.yaml.tftpl +++ /dev/null @@ -1,9 +0,0 @@ -#cloud-config -${common-config} - - mkdir -p /home/${username}/.kube - - cp /etc/kubernetes/admin.conf /home/${username}/.kube/config - - chown -R ${username}:${username} /home/${username}/.kube - - curl -sfLO https://github.com/cilium/cilium-cli/releases/download/v${cilium-cli-version}/cilium-linux-amd64.tar.gz - - tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin - - rm cilium-linux-amd64.tar.gz - - ${cilium-cli-cmd} diff --git a/tofu/k8s/cloud-init/k8s-worker.yaml.tftpl b/tofu/k8s/cloud-init/k8s-worker.yaml.tftpl deleted file mode 100644 index 23bcdb2..0000000 --- a/tofu/k8s/cloud-init/k8s-worker.yaml.tftpl +++ /dev/null @@ -1,2 +0,0 @@ -#cloud-config -${common-config} \ No newline at end of file diff --git a/tofu/k8s/config.tf b/tofu/k8s/config.tf deleted file mode 100644 index c59504d..0000000 --- a/tofu/k8s/config.tf +++ /dev/null @@ -1,132 +0,0 @@ -resource "talos_machine_secrets" "machine_secrets" { - talos_version = "v1.7" -} - -data "talos_client_configuration" "talosconfig" { - cluster_name = var.cluster.name - client_configuration = talos_machine_secrets.machine_secrets.client_configuration - endpoints = [for k, v in var.node_data.controlplanes : v.ip] -} - -data "talos_machine_configuration" "control-plane" { - for_each = var.node_data.controlplanes - cluster_name = var.cluster.name - cluster_endpoint = var.cluster.endpoint - machine_type = "controlplane" - machine_secrets = talos_machine_secrets.machine_secrets.machine_secrets - talos_version = "v1.7" - config_patches = [ - templatefile("talos/control-plane.yaml.tftpl", { - hostname = each.key - }) - ] -} - - -resource "proxmox_virtual_environment_file" "controlplane-config" { - provider = proxmox.abel - for_each = var.node_data.controlplanes - - node_name = each.value.host_node - content_type = "snippets" - datastore_id = "local" - - source_raw { - data = data.talos_machine_configuration.control-plane[each.key].machine_configuration - file_name = "talos-${each.key}.cloud-config.yaml" - } -} - -resource "talos_machine_configuration_apply" "ctrl_config_apply" { - depends_on = [proxmox_virtual_environment_vm.controlplane] - for_each = var.node_data.controlplanes - node = each.value.ip - client_configuration = talos_machine_secrets.machine_secrets.client_configuration - machine_configuration_input = data.talos_machine_configuration.control-plane[each.key].machine_configuration -} - -data "talos_machine_configuration" "worker" { - for_each = var.node_data.workers - cluster_name = var.cluster.name - cluster_endpoint = var.cluster.endpoint - machine_type = "worker" - machine_secrets = talos_machine_secrets.machine_secrets.machine_secrets - talos_version = "v1.7" - config_patches = [ - templatefile("talos/worker.yaml.tftpl", { - hostname = each.key - }) - ] -} - -resource "proxmox_virtual_environment_file" "worker-config" { - provider = proxmox.abel - for_each = var.node_data.workers - - node_name = each.value.host_node - content_type = "snippets" - datastore_id = "local" - - source_raw { - data = data.talos_machine_configuration.worker[each.key].machine_configuration - file_name = "talos-${each.key}.cloud-config.yaml" - } -} - -resource "talos_machine_configuration_apply" "worker_config_apply" { - depends_on = [proxmox_virtual_environment_vm.workers] - for_each = var.node_data.workers - node = each.value.ip - client_configuration = talos_machine_secrets.machine_secrets.client_configuration - machine_configuration_input = data.talos_machine_configuration.worker[each.key].machine_configuration - config_patches = [ - templatefile("talos/worker.yaml.tftpl", { - hostname = each.key - }) - ] -} - -resource "talos_machine_bootstrap" "bootstrap" { - depends_on = [talos_machine_configuration_apply.ctrl_config_apply] - client_configuration = talos_machine_secrets.machine_secrets.client_configuration - node = [for k, v in var.node_data.controlplanes : v.ip][0] -} - -data "talos_cluster_health" "health" { - depends_on = [talos_machine_configuration_apply.ctrl_config_apply] - client_configuration = data.talos_client_configuration.talosconfig.client_configuration - control_plane_nodes = [for k, v in var.node_data.controlplanes : v.ip] - worker_nodes = [for k, v in var.node_data.workers : v.ip] - endpoints = data.talos_client_configuration.talosconfig.endpoints - timeouts = { - read = "10m" - } -} - -data "talos_cluster_kubeconfig" "kubeconfig" { - depends_on = [talos_machine_bootstrap.bootstrap, data.talos_cluster_health.health] - client_configuration = talos_machine_secrets.machine_secrets.client_configuration - node = [for k, v in var.node_data.controlplanes : v.ip][0] -} - -output "talosconfig" { - value = data.talos_client_configuration.talosconfig.talos_config - sensitive = true -} - -output "kubeconfig" { - value = data.talos_cluster_kubeconfig.kubeconfig.kubeconfig_raw - sensitive = true -} - -resource "local_file" "taloc-client-config" { - content = data.talos_client_configuration.talosconfig.talos_config - filename = "output/talos-config.yaml" - file_permission = "0600" -} - -resource "local_file" "kube-config" { - content = data.talos_cluster_kubeconfig.kubeconfig.kubeconfig_raw - filename = "output/kube-config.yaml" - file_permission = "0600" -} diff --git a/tofu/k8s/images.tf b/tofu/k8s/images.tf deleted file mode 100644 index 9dffa2e..0000000 --- a/tofu/k8s/images.tf +++ /dev/null @@ -1,20 +0,0 @@ -locals { - talos = { - version = "v1.7.4" # renovate: github-releases=siderolabs/talos - checksum = "26e23f1bf44eecb0232d0aa221223b44f4e40806b7d12cf1a72626927da9a8a4" - } -} - -resource "proxmox_virtual_environment_file" "talos_nocloud_image" { - provider = proxmox.abel - for_each = toset(var.host_machines) - - node_name = each.key - content_type = "iso" - datastore_id = "local" - - source_file { - path = "images/talos-${local.talos.version}-nocloud-amd64.raw" - file_name = "talos-${local.talos.version}-nocloud-amd64.img" - } -} \ No newline at end of file diff --git a/tofu/k8s/images/download.sh b/tofu/k8s/images/download.sh deleted file mode 100755 index 795ed85..0000000 --- a/tofu/k8s/images/download.sh +++ /dev/null @@ -1,4 +0,0 @@ -#wget https://github.com/siderolabs/talos/releases/download/v1.7.4/nocloud-amd64.raw.xz -wget https://factory.talos.dev/image/dcac6b92c17d1d8947a0cee5e0e6b6904089aa878c70d66196bb1138dbd05d1a/v1.7.4/nocloud-amd64.raw.xz -xz -d nocloud-amd64.raw.xz -mv nocloud-amd64.raw talos-v1.7.4-nocloud-amd64.raw diff --git a/tofu/k8s/main.tf b/tofu/k8s/main.tf deleted file mode 100644 index 87129a4..0000000 --- a/tofu/k8s/main.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "bpg/proxmox" - version = ">= 0.57.0" - } - talos = { - source = "siderolabs/talos" - version = "0.5.0" - } - } -} - diff --git a/tofu/k8s/pve_abel.tf b/tofu/k8s/pve_abel.tf deleted file mode 120000 index cae63c0..0000000 --- a/tofu/k8s/pve_abel.tf +++ /dev/null @@ -1 +0,0 @@ -../machines/abel.tf \ No newline at end of file diff --git a/tofu/k8s/pve_cantor.tf b/tofu/k8s/pve_cantor.tf deleted file mode 120000 index 483d946..0000000 --- a/tofu/k8s/pve_cantor.tf +++ /dev/null @@ -1 +0,0 @@ -../machines/cantor.tf \ No newline at end of file diff --git a/tofu/k8s/pve_euclid.tf b/tofu/k8s/pve_euclid.tf deleted file mode 120000 index fcf4531..0000000 --- a/tofu/k8s/pve_euclid.tf +++ /dev/null @@ -1 +0,0 @@ -../machines/euclid.tf \ No newline at end of file diff --git a/tofu/k8s/rbac.tf b/tofu/k8s/rbac.tf deleted file mode 100644 index 72e1c38..0000000 --- a/tofu/k8s/rbac.tf +++ /dev/null @@ -1,21 +0,0 @@ -resource "proxmox_virtual_environment_role" "csi" { - provider = proxmox.abel - role_id = "csi" - privileges = [ - "VM.Audit", - "VM.Config.Disk", - "Datastore.Allocate", - "Datastore.AllocateSpace", - "Datastore.Audit" - ] -} - -resource "proxmox_virtual_environment_user" "kubernetes-csi" { - provider = proxmox.abel - user_id = "kubernetes-csi@pve" - acl { - path = "/" - propagate = true - role_id = proxmox_virtual_environment_role.csi.role_id - } -} \ No newline at end of file diff --git a/tofu/k8s/talos/control-plane.yaml.tftpl b/tofu/k8s/talos/control-plane.yaml.tftpl deleted file mode 100644 index 9b029df..0000000 --- a/tofu/k8s/talos/control-plane.yaml.tftpl +++ /dev/null @@ -1,14 +0,0 @@ -machine: - network: - hostname: ${hostname} -cluster: - allowSchedulingOnControlPlanes: true - network: - cni: - name: none - proxy: - disabled: true - inlineManifests: - - name: cilium-install - contents: | - ${indent(8, file("bootstrap/cilium-install.yaml"))} diff --git a/tofu/k8s/talos/machine-config.yaml b/tofu/k8s/talos/machine-config.yaml deleted file mode 100644 index 9095e46..0000000 --- a/tofu/k8s/talos/machine-config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -machine: - customization: - systemExtensions: - officialExtensions: - - siderolabs/i915-ucode - - siderolabs/intel-ucode - - siderolabs/qemu-guest-agent \ No newline at end of file diff --git a/tofu/k8s/talos/worker.yaml.tftpl b/tofu/k8s/talos/worker.yaml.tftpl deleted file mode 100644 index faebaf1..0000000 --- a/tofu/k8s/talos/worker.yaml.tftpl +++ /dev/null @@ -1,3 +0,0 @@ -machine: - network: - hostname: ${hostname} diff --git a/tofu/k8s/variables.tf b/tofu/k8s/variables.tf deleted file mode 100644 index 60bd93a..0000000 --- a/tofu/k8s/variables.tf +++ /dev/null @@ -1,34 +0,0 @@ -variable "cluster" { - type = object({ - name = string - endpoint = string - talos_version = string - }) -} - -variable "host_machines" { - type = list(string) -} - -variable "node_data" { - description = "A map of node data" - type = object({ - controlplanes = map(object({ - ip = string - mac_address = string - host_node = string - vm_id = number - cpu = number - ram_dedicated = number - igpu = optional(bool, false) - })) - workers = map(object({ - ip = string - mac_address = string - host_node = string - vm_id = number - cpu = number - ram_dedicated = number - })) - }) -} diff --git a/tofu/k8s/vm-controlplane.tf b/tofu/k8s/vm-controlplane.tf deleted file mode 100644 index 0d5f25b..0000000 --- a/tofu/k8s/vm-controlplane.tf +++ /dev/null @@ -1,80 +0,0 @@ -resource "proxmox_virtual_environment_vm" "controlplane" { - provider = proxmox.abel - - for_each = var.node_data.controlplanes - - node_name = each.value.host_node - - name = each.key - description = "Talos Kubernetes Control Plane" - tags = ["k8s", "control-plane"] - on_boot = true - vm_id = each.value.vm_id - - machine = "q35" - scsi_hardware = "virtio-scsi-single" - bios = "seabios" - - agent { - enabled = true - } - - cpu { - cores = each.value.cpu - type = "host" - } - - memory { - dedicated = each.value.ram_dedicated - } - - network_device { - bridge = "vmbr0" - mac_address = each.value.mac_address - } - - disk { - datastore_id = "local-zfs" - interface = "scsi0" - iothread = true - cache = "writethrough" - discard = "on" - ssd = true - # file_id = proxmox_virtual_environment_download_file.talos_nocloud_image.id - file_id = proxmox_virtual_environment_file.talos_nocloud_image[each.value.host_node].id - file_format = "raw" - size = 20 - } - - boot_order = ["scsi0"] - - operating_system { - type = "l26" # Linux Kernel 2.6 - 6.X. - } - - initialization { - datastore_id = "local-zfs" -# meta_data_file_id = proxmox_virtual_environment_file.controlplane-config[each.key].id - ip_config { - ipv4 { - address = "${each.value.ip}/24" - gateway = "192.168.1.1" - } - ipv6 { - address = "dhcp" - } - } - } - - dynamic "hostpci" { - for_each = each.value.igpu ? [1] : [] - content { - # Passthrough iGPU - device = "hostpci0" - mapping = "iGPU" - pcie = true - rombar = true - xvga = false - } - } -} diff --git a/tofu/k8s/vm-workers.tf b/tofu/k8s/vm-workers.tf deleted file mode 100644 index b57b601..0000000 --- a/tofu/k8s/vm-workers.tf +++ /dev/null @@ -1,78 +0,0 @@ -resource "proxmox_virtual_environment_vm" "workers" { - provider = proxmox.abel - - for_each = var.node_data.workers - - node_name = each.value.host_node - - name = each.key - description = "Talos Kubernetes Worker" - tags = ["k8s", "worker"] - on_boot = true - vm_id = each.value.vm_id - - machine = "q35" - scsi_hardware = "virtio-scsi-single" - bios = "seabios" - - agent { - enabled = true - } - - cpu { - cores = each.value.cpu - type = "host" - } - - memory { - dedicated = each.value.ram_dedicated - } - - network_device { - bridge = "vmbr0" - mac_address = each.value.mac_address - } - - disk { - datastore_id = "local-zfs" - interface = "scsi0" - iothread = true - cache = "writethrough" - discard = "on" - ssd = true - # file_id = proxmox_virtual_environment_download_file.talos_nocloud_image.id - file_id = proxmox_virtual_environment_file.talos_nocloud_image[each.value.host_node].id - file_format = "raw" - size = 20 - } - - boot_order = ["scsi0"] - - operating_system { - type = "l26" # Linux Kernel 2.6 - 6.X. - } - - initialization { - datastore_id = "local-zfs" -# meta_data_file_id = proxmox_virtual_environment_file.worker-config[each.key].id - ip_config { - ipv4 { - address = "${each.value.ip}/24" - gateway = "192.168.1.1" - } - ipv6 { - address = "dhcp" - } - } - } - -# hostpci { -# # Passthrough iGPU -# device = "hostpci0" -# #id = "0000:00:02" -# mapping = "iGPU" -# pcie = true -# rombar = true -# xvga = false -# } -} diff --git a/remodel/tofu/kubernetes/README.md b/tofu/kubernetes/README.md similarity index 100% rename from remodel/tofu/kubernetes/README.md rename to tofu/kubernetes/README.md diff --git a/remodel/tofu/kubernetes/bootstrap/cilium/install.yaml b/tofu/kubernetes/bootstrap/cilium/install.yaml similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/cilium/install.yaml rename to tofu/kubernetes/bootstrap/cilium/install.yaml diff --git a/remodel/tofu/kubernetes/bootstrap/proxmox-csi-plugin/config.tf b/tofu/kubernetes/bootstrap/proxmox-csi-plugin/config.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/proxmox-csi-plugin/config.tf rename to tofu/kubernetes/bootstrap/proxmox-csi-plugin/config.tf diff --git a/remodel/tofu/kubernetes/bootstrap/proxmox-csi-plugin/providers.tf b/tofu/kubernetes/bootstrap/proxmox-csi-plugin/providers.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/proxmox-csi-plugin/providers.tf rename to tofu/kubernetes/bootstrap/proxmox-csi-plugin/providers.tf diff --git a/remodel/tofu/kubernetes/bootstrap/proxmox-csi-plugin/variables.tf b/tofu/kubernetes/bootstrap/proxmox-csi-plugin/variables.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/proxmox-csi-plugin/variables.tf rename to tofu/kubernetes/bootstrap/proxmox-csi-plugin/variables.tf diff --git a/remodel/tofu/kubernetes/bootstrap/sealed-secrets/config.tf b/tofu/kubernetes/bootstrap/sealed-secrets/config.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/sealed-secrets/config.tf rename to tofu/kubernetes/bootstrap/sealed-secrets/config.tf diff --git a/remodel/tofu/kubernetes/bootstrap/sealed-secrets/providers.tf b/tofu/kubernetes/bootstrap/sealed-secrets/providers.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/sealed-secrets/providers.tf rename to tofu/kubernetes/bootstrap/sealed-secrets/providers.tf diff --git a/remodel/tofu/kubernetes/bootstrap/sealed-secrets/variables.tf b/tofu/kubernetes/bootstrap/sealed-secrets/variables.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/sealed-secrets/variables.tf rename to tofu/kubernetes/bootstrap/sealed-secrets/variables.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/main.tf b/tofu/kubernetes/bootstrap/volumes/main.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/main.tf rename to tofu/kubernetes/bootstrap/volumes/main.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/persistent-volume.tf b/tofu/kubernetes/bootstrap/volumes/persistent-volume/persistent-volume.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/persistent-volume.tf rename to tofu/kubernetes/bootstrap/volumes/persistent-volume/persistent-volume.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/providers.tf b/tofu/kubernetes/bootstrap/volumes/persistent-volume/providers.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/providers.tf rename to tofu/kubernetes/bootstrap/volumes/persistent-volume/providers.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/pv-plex-config.yaml b/tofu/kubernetes/bootstrap/volumes/persistent-volume/pv-plex-config.yaml similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/pv-plex-config.yaml rename to tofu/kubernetes/bootstrap/volumes/persistent-volume/pv-plex-config.yaml diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/variables.tf b/tofu/kubernetes/bootstrap/volumes/persistent-volume/variables.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/persistent-volume/variables.tf rename to tofu/kubernetes/bootstrap/volumes/persistent-volume/variables.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/providers.tf b/tofu/kubernetes/bootstrap/volumes/providers.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/providers.tf rename to tofu/kubernetes/bootstrap/volumes/providers.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/README.md b/tofu/kubernetes/bootstrap/volumes/proxmox-volume/README.md similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/README.md rename to tofu/kubernetes/bootstrap/volumes/proxmox-volume/README.md diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/providers.tf b/tofu/kubernetes/bootstrap/volumes/proxmox-volume/providers.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/providers.tf rename to tofu/kubernetes/bootstrap/volumes/proxmox-volume/providers.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/proxmox-volume.tf b/tofu/kubernetes/bootstrap/volumes/proxmox-volume/proxmox-volume.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/proxmox-volume.tf rename to tofu/kubernetes/bootstrap/volumes/proxmox-volume/proxmox-volume.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/variables.tf b/tofu/kubernetes/bootstrap/volumes/proxmox-volume/variables.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/variables.tf rename to tofu/kubernetes/bootstrap/volumes/proxmox-volume/variables.tf diff --git a/remodel/tofu/kubernetes/bootstrap/volumes/variables.tf b/tofu/kubernetes/bootstrap/volumes/variables.tf similarity index 100% rename from remodel/tofu/kubernetes/bootstrap/volumes/variables.tf rename to tofu/kubernetes/bootstrap/volumes/variables.tf diff --git a/remodel/tofu/kubernetes/config/talos-image-schematic.yaml b/tofu/kubernetes/config/talos-image-schematic.yaml similarity index 100% rename from remodel/tofu/kubernetes/config/talos-image-schematic.yaml rename to tofu/kubernetes/config/talos-image-schematic.yaml diff --git a/remodel/tofu/kubernetes/main.tf b/tofu/kubernetes/main.tf similarity index 100% rename from remodel/tofu/kubernetes/main.tf rename to tofu/kubernetes/main.tf diff --git a/remodel/tofu/kubernetes/output.tf b/tofu/kubernetes/output.tf similarity index 100% rename from remodel/tofu/kubernetes/output.tf rename to tofu/kubernetes/output.tf diff --git a/remodel/tofu/kubernetes/providers.tf b/tofu/kubernetes/providers.tf similarity index 100% rename from remodel/tofu/kubernetes/providers.tf rename to tofu/kubernetes/providers.tf diff --git a/remodel/tofu/kubernetes/talos/image.tf b/tofu/kubernetes/talos/image.tf similarity index 100% rename from remodel/tofu/kubernetes/talos/image.tf rename to tofu/kubernetes/talos/image.tf diff --git a/remodel/tofu/kubernetes/talos/machine-config/control-plane.yaml.tftpl b/tofu/kubernetes/talos/machine-config/control-plane.yaml.tftpl similarity index 100% rename from remodel/tofu/kubernetes/talos/machine-config/control-plane.yaml.tftpl rename to tofu/kubernetes/talos/machine-config/control-plane.yaml.tftpl diff --git a/remodel/tofu/kubernetes/talos/machine-config/worker.yaml.tftpl b/tofu/kubernetes/talos/machine-config/worker.yaml.tftpl similarity index 100% rename from remodel/tofu/kubernetes/talos/machine-config/worker.yaml.tftpl rename to tofu/kubernetes/talos/machine-config/worker.yaml.tftpl diff --git a/remodel/tofu/kubernetes/talos/output.tf b/tofu/kubernetes/talos/output.tf similarity index 100% rename from remodel/tofu/kubernetes/talos/output.tf rename to tofu/kubernetes/talos/output.tf diff --git a/remodel/tofu/kubernetes/talos/providers.tf b/tofu/kubernetes/talos/providers.tf similarity index 100% rename from remodel/tofu/kubernetes/talos/providers.tf rename to tofu/kubernetes/talos/providers.tf diff --git a/remodel/tofu/kubernetes/talos/talos-config.tf b/tofu/kubernetes/talos/talos-config.tf similarity index 100% rename from remodel/tofu/kubernetes/talos/talos-config.tf rename to tofu/kubernetes/talos/talos-config.tf diff --git a/remodel/tofu/kubernetes/talos/variables.tf b/tofu/kubernetes/talos/variables.tf similarity index 100% rename from remodel/tofu/kubernetes/talos/variables.tf rename to tofu/kubernetes/talos/variables.tf diff --git a/remodel/tofu/kubernetes/talos/virtual-machines.tf b/tofu/kubernetes/talos/virtual-machines.tf similarity index 100% rename from remodel/tofu/kubernetes/talos/virtual-machines.tf rename to tofu/kubernetes/talos/virtual-machines.tf diff --git a/remodel/tofu/kubernetes/variables.tf b/tofu/kubernetes/variables.tf similarity index 100% rename from remodel/tofu/kubernetes/variables.tf rename to tofu/kubernetes/variables.tf diff --git a/tofu/machines/abel.tf b/tofu/machines/abel.tf deleted file mode 100644 index 6f52058..0000000 --- a/tofu/machines/abel.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "abel" { - description = "Abel Proxmox server auth" - type = object({ - node_name = string - username = string - api_token = string - }) - sensitive = true -} - -provider "proxmox" { - alias = "abel" - #endpoint = "https://proxmox.abel.stonegarden.dev" - endpoint = "https://192.168.1.62:8006" - insecure = true - - api_token = var.abel.api_token - ssh { - agent = true - username = var.abel.username - } - - tmp_dir = "/var/tmp" -} diff --git a/tofu/machines/cantor.tf b/tofu/machines/cantor.tf deleted file mode 100644 index 57b2931..0000000 --- a/tofu/machines/cantor.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "cantor" { - description = "Cantor Proxmox server auth" - type = object({ - node_name = string - username = string - api_token = string - }) - sensitive = true -} - -provider "proxmox" { - alias = "cantor" - #endpoint = "https://proxmox.cantor.stonegarden.dev" - endpoint = "https://192.168.1.52:8006" - insecure = true - - api_token = var.cantor.api_token - ssh { - agent = true - username = var.cantor.username - } - - tmp_dir = "/var/tmp" -} diff --git a/tofu/machines/euclid.tf b/tofu/machines/euclid.tf deleted file mode 100644 index 76b1e73..0000000 --- a/tofu/machines/euclid.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "euclid" { - description = "Euclid Proxmox server auth" - type = object({ - node_name = string - username = string - api_token = string - }) - sensitive = true -} - -provider "proxmox" { - alias = "euclid" - #endpoint = "https://proxmox.euclid.stonegarden.dev" - endpoint = "https://192.168.1.42:8006" - insecure = true - - api_token = var.euclid.api_token - ssh { - agent = true - username = var.euclid.username - } - - tmp_dir = "/var/tmp" -}