v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

rename old cluster

Browse source
This commit is contained in:
Vivian 2022-12-28 20:26:45 +01:00
parent 43edb223d3
commit e3ce6e1fa7
58 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
flux/old_cluster/apps/gitops/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- renovate

21
flux/old_cluster/apps/gitops/renovate/external-secret.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: renovate
namespace: gitops
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: renovate
data:
- secretKey: RENOVATE_TOKEN
remoteRef:
key: gitops/renovate
property: gitea_token
- secretKey: GITHUB_COM_TOKEN
remoteRef:
key: gitops/renovate
property: github_token

5
flux/old_cluster/apps/gitops/renovate/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- external-secret.yaml
- renovate-infrastructure.yaml

113
flux/old_cluster/apps/gitops/renovate/renovate-infrastructure.yaml Normal file
View file

@ -0,0 +1,113 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: renovate-infrastructure
namespace: gitops
spec:
schedule: "@hourly"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
volumes:
- name: config-volume
configMap:
name: renovate-config
- name: work-volume
emptyDir: {}
containers:
- name: renovate
image: renovate/renovate:32.135
volumeMounts:
- name: config-volume
mountPath: /opt/renovate/
- name: work-volume
mountPath: /tmp/renovate/
env:
- name: LOG_LEVEL
value: debug
- name: RENOVATE_ENDPOINT
value: "https://git.0x76.dev/api/v1/"
- name: RENOVATE_PLATFORM
value: gitea
- name: RENOVATE_AUTODISCOVER
value: "false"
- name: RENOVATE_GIT_AUTHOR
value: "Renovate Bot <renovate@xirion.net>"
- name: RENOVATE_CONFIG_FILE
value: "/opt/renovate/config.js"
- name: RENOVATE_BASE_DIR
value: "/tmp/renovate"
envFrom:
- secretRef:
name: renovate
restartPolicy: Never
---
apiVersion: v1
kind: ConfigMap
metadata:
name: renovate-config
namespace: gitops
data:
config.js: |-
module.exports = {
"binarySource": "install",
"repositories": ["v/infrastructure"],
"flux": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"helm-values": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"kubernetes": {
"fileMatch": ["flux/.+\\.ya?ml$"]
},
"hostRules": [
{
"hostType": "docker",
"matchHost": "ghcr.io",
"username": "NULLx76",
"password": process.env.GITHUB_COM_TOKEN
}
],
"packageRules": [
{
"automerge": true,
"automergeType": "branch",
"matchPackageNames": [
"renovate/renovate"
]
}
],
// ignore individual fluxcd images
"ignoreDeps": [
"ghcr.io/fluxcd/helm-controller",
"ghcr.io/fluxcd/image-automation-controller",
"ghcr.io/fluxcd/image-reflector-controller",
"ghcr.io/fluxcd/kustomize-controller",
"ghcr.io/fluxcd/notification-controller",
"ghcr.io/fluxcd/source-controller"
],
"regexManagers": [
{
"fileMatch": [
"flux/cluster/crds/traefik/.+\\.ya?ml$"
],
"matchStrings": [
"registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: v(?<currentValue>.*)\n"
],
"datasourceTemplate": "helm"
},
{
"fileMatch": [
"flux/cluster/crds/external-secrets/.+\\.ya?ml$"
],
"matchStrings": [
"registryUrl=(?<registryUrl>.*?) chart=(?<depName>.*?)\n *tag: helm-chart-(?<currentValue>.*)\n"
],
"datasourceTemplate": "helm"
},
]
};

7
flux/old_cluster/apps/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- networking
- presidential-paradise
- gitops
- olympus

4
flux/old_cluster/apps/networking/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- traefik

74
flux/old_cluster/apps/networking/traefik/helm-release.yaml Normal file
View file

@ -0,0 +1,74 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik
namespace: networking
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://helm.traefik.io/traefik
chart: traefik
version: 10.24.0
sourceRef:
kind: HelmRepository
name: traefik-charts
namespace: flux-system
interval: 5m
values:
image:
name: traefik
deployment:
kind: Deployment
replicas: 2
service:
enabled: true
type: LoadBalancer
spec:
externalIPs:
- 10.42.42.150
externalTrafficPolicy: Local
logs:
general:
level: WARN
ingressClass:
enabled: true
isDefaultClass: true
fallbackApiVersion: v1
globalArguments: []
additionalArguments:
- "--providers.kubernetesingress.ingressclass=traefik"
- "--providers.kubernetesingress.ingressendpoint.ip=10.42.42.150"
- "--entryPoints.web.forwardedHeaders.insecure=true"
- "--entryPoints.websecure.forwardedHeaders.insecure=true"
ports:
traefik:
port: 9000
expose: true
web:
port: 8000
exposedPort: 8000
expose: true
websecure:
port: 8443
exposedPort: 8443
expose: true
pilot:
enabled: false
experimental:
plugins:
enabled: false
affinity: {}
providers:
kubernetesCRD:
enabled: true
namespaces:
- networking
- olympus
resources:
requests:
memory: 100Mi
cpu: 500m
limits:
memory: 500Mi

4
flux/old_cluster/apps/networking/traefik/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml

5
flux/old_cluster/apps/olympus/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- xirion-registry-creds.yaml
- umami

32
flux/old_cluster/apps/olympus/umami/deployment.yaml Normal file
View file

@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: umami
namespace: olympus
labels:
app: umami
spec:
replicas: 1
selector:
matchLabels:
app: umami
template:
metadata:
labels:
app: umami
spec:
containers:
- name: umami
imagePullPolicy: IfNotPresent
image: ghcr.io/mikecao/umami:postgresql-v1.31.0
ports:
- containerPort: 3000
name: web
env:
- name: DATABASE_TYPE
value: postgres
- name: DATABASE_URL
value: "postgresql://umami@10.42.42.26/umami"
envFrom:
- secretRef:
name: umami

17
flux/old_cluster/apps/olympus/umami/external-secret.yaml Normal file
View file

@ -0,0 +1,17 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: umami
namespace: olympus
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: umami
data:
- secretKey: HASH_SALT
remoteRef:
key: olympus/umami
property: hash_salt

19
flux/old_cluster/apps/olympus/umami/ingress.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: umami
namespace: olympus
annotations:
traefik.ingress.kubernetes.io/router.middlewares: olympus-umamijs@kubernetescrd
spec:
rules:
- host: "msg.0x76.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: umami
port:
number: 80

8
flux/old_cluster/apps/olympus/umami/kustomization.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- external-secret.yaml
- ingress.yaml
- svc.yaml
- middleware.yaml

9
flux/old_cluster/apps/olympus/umami/middleware.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: umamijs
namespace: olympus
spec:
replacePathRegex:
regex: ^/script\.js
replacement: /umami.js

12
flux/old_cluster/apps/olympus/umami/svc.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: umami
namespace: olympus
spec:
selector:
app: umami
ports:
- protocol: TCP
port: 80
targetPort: web

19
flux/old_cluster/apps/olympus/xirion-registry-creds.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: xirion-registry-creds
namespace: olympus
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: xirion-registry-creds
template:
type: kubernetes.io/dockerconfigjson
data:
- secretKey: .dockerconfigjson
remoteRef:
key: xirion-registry-creds
property: dockerconfigjson

55
flux/old_cluster/apps/presidential-paradise/0x76dev/0x76.yaml Normal file
View file

@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: x76dev
namespace: presidential-paradise
labels:
app: x76dev
spec:
replicas: 1
selector:
matchLabels:
app: x76dev
template:
metadata:
labels:
app: x76dev
spec:
containers:
- name: x76dev
image: registry.xirion.net/library/0x76.dev
ports:
- containerPort: 8080
imagePullSecrets:
- name: xirion-registry-creds
---
apiVersion: v1
kind: Service
metadata:
name: x76dev-service
namespace: presidential-paradise
spec:
selector:
app: x76dev
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: x76dev-ingress
namespace: presidential-paradise
spec:
ingressClassName: "traefik"
rules:
- host: "0x76.dev"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: x76dev-service
port:
number: 8080

4
flux/old_cluster/apps/presidential-paradise/0x76dev/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- 0x76.yaml

5
flux/old_cluster/apps/presidential-paradise/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- xirion-registry-creds.yaml
- 0x76dev

19
flux/old_cluster/apps/presidential-paradise/xirion-registry-creds.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: xirion-registry-creds
namespace: presidential-paradise
spec:
refreshInterval: "5m"
secretStoreRef:
name: vault
kind: ClusterSecretStore
target:
name: xirion-registry-creds
template:
type: kubernetes.io/dockerconfigjson
data:
- secretKey: .dockerconfigjson
remoteRef:
key: xirion-registry-creds
property: dockerconfigjson